Changeset 988 for vendor/current/source3/libnet
- Timestamp:
- Nov 24, 2016, 1:14:11 PM (9 years ago)
- Location:
- vendor/current/source3/libnet
- Files:
-
- 1 added
- 12 edited
-
libnet_dssync.c (modified) (8 diffs)
-
libnet_dssync_keytab.c (modified) (4 diffs)
-
libnet_dssync_passdb.c (modified) (38 diffs)
-
libnet_join.c (modified) (60 diffs)
-
libnet_join.h (modified) (1 diff)
-
libnet_keytab.c (modified) (1 diff)
-
libnet_keytab.h (modified) (1 diff)
-
libnet_samsync.c (modified) (8 diffs)
-
libnet_samsync.h (modified) (1 diff)
-
libnet_samsync_display.c (modified) (1 diff)
-
libnet_samsync_ldif.c (modified) (21 diffs)
-
libnet_samsync_passdb.c (modified) (14 diffs)
-
netapi.pc.in (added)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/libnet/libnet_dssync.c
r740 r988 55 55 struct dssync_context *ctx; 56 56 57 ctx = TALLOC_ZERO_P(mem_ctx, struct dssync_context);57 ctx = talloc_zero(mem_ctx, struct dssync_context); 58 58 NT_STATUS_HAVE_NO_MEMORY(ctx); 59 59 … … 114 114 session_key, 115 115 rid, 116 0, 116 117 attr); 117 118 } … … 196 197 break; 197 198 } 198 case 28: 199 case 28: { 199 200 ctx->remote_info28 = bind_info.info.info28; 200 201 break; 202 } 203 case 32: { 204 struct drsuapi_DsBindInfo32 *info32; 205 info32 = &bind_info.info.info32; 206 ctx->remote_info28.site_guid = info32->site_guid; 207 ctx->remote_info28.supported_extensions = info32->supported_extensions; 208 ctx->remote_info28.pid = info32->pid; 209 ctx->remote_info28.repl_epoch = info32->repl_epoch; 210 break; 211 } 201 212 case 48: { 202 213 struct drsuapi_DsBindInfo48 *info48; … … 206 217 ctx->remote_info28.pid = info48->pid; 207 218 ctx->remote_info28.repl_epoch = info48->repl_epoch; 219 break; 220 } 221 case 52: { 222 struct drsuapi_DsBindInfo52 *info52; 223 info52 = &bind_info.info.info52; 224 ctx->remote_info28.site_guid = info52->site_guid; 225 ctx->remote_info28.supported_extensions = info52->supported_extensions; 226 ctx->remote_info28.pid = info52->pid; 227 ctx->remote_info28.repl_epoch = info52->repl_epoch; 208 228 break; 209 229 } … … 340 360 } 341 361 342 nc = TALLOC_ZERO_P(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);362 nc = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier); 343 363 if (!nc) { 344 364 status = NT_STATUS_NO_MEMORY; … … 352 372 !ctx->force_full_replication && utdv) 353 373 { 354 cursors = TALLOC_ZERO_P(mem_ctx,374 cursors = talloc_zero(mem_ctx, 355 375 struct drsuapi_DsReplicaCursorCtrEx); 356 376 if (!cursors) { … … 443 463 444 464 if (!ctx->single_object_replication) { 445 new_utdv = TALLOC_ZERO_P(mem_ctx, struct replUpToDateVectorBlob);465 new_utdv = talloc_zero(mem_ctx, struct replUpToDateVectorBlob); 446 466 if (!new_utdv) { 447 467 status = NT_STATUS_NO_MEMORY; … … 653 673 &pnew_utdv); 654 674 if (!NT_STATUS_IS_OK(status)) { 655 ctx->error_message = talloc_asprintf(ctx, 656 "Failed to call DsGetNCCHanges: %s", 657 nt_errstr(status)); 675 if (!ctx->error_message) { 676 ctx->error_message = talloc_asprintf(ctx, 677 "Failed to call DsGetNCCHanges: %s", 678 nt_errstr(status)); 679 } 658 680 goto out; 659 681 } -
vendor/current/source3/libnet/libnet_dssync_keytab.c
r740 r988 21 21 #include "includes.h" 22 22 #include "smb_krb5.h" 23 #include "ads.h"24 23 #include "libnet/libnet_dssync.h" 25 24 #include "libnet/libnet_keytab.h" … … 201 200 } 202 201 203 pkb = TALLOC_ZERO_P(mem_ctx, struct package_PrimaryKerberosBlob);202 pkb = talloc_zero(mem_ctx, struct package_PrimaryKerberosBlob); 204 203 if (!pkb) { 205 204 status = NT_STATUS_NO_MEMORY; … … 277 276 uint32_t count; 278 277 num_spns = attr->value_ctr.num_values; 279 spn = TALLOC_ARRAY(mem_ctx, char *, num_spns);278 spn = talloc_array(mem_ctx, char *, num_spns); 280 279 for (count = 0; count < num_spns; count++) { 281 280 blob = attr->value_ctr.values[count].blob; … … 388 387 mem_ctx); 389 388 if (entry) { 390 name = (char *) TALLOC_MEMDUP(mem_ctx,389 name = (char *)talloc_memdup(mem_ctx, 391 390 entry->password.data, 392 391 entry->password.length); -
vendor/current/source3/libnet/libnet_dssync_passdb.c
r740 r988 25 25 #include "../librpc/gen_ndr/ndr_drsuapi.h" 26 26 #include "util_tdb.h" 27 #include "dbwrap.h" 27 #include "dbwrap/dbwrap.h" 28 #include "dbwrap/dbwrap_rbt.h" 28 29 #include "../libds/common/flag_mapping.h" 29 30 #include "passdb.h" … … 63 64 NTSTATUS status; 64 65 struct db_record *rec; 65 66 rec = db->fetch_locked(db, talloc_tos(), obj->key); 66 TDB_DATA value; 67 68 rec = dbwrap_fetch_locked(db, talloc_tos(), obj->key); 67 69 if (rec == NULL) { 68 70 return NT_STATUS_NO_MEMORY; 69 71 } 70 if (rec->value.dsize != 0) { 72 73 value = dbwrap_record_get_value(rec); 74 if (value.dsize != 0) { 71 75 abort(); 72 76 } 73 77 74 status = rec->store(rec, obj->data, TDB_INSERT);78 status = dbwrap_record_store(rec, obj->data, TDB_INSERT); 75 79 if (!NT_STATUS_IS_OK(status)) { 76 80 TALLOC_FREE(rec); … … 103 107 { 104 108 struct dssync_passdb_obj *obj; 105 int ret;106 109 TDB_DATA key; 107 110 TDB_DATA data; 108 109 key = make_tdb_data((const uint8_t *)(void *)guid, 111 NTSTATUS status; 112 113 key = make_tdb_data((const uint8_t *)(const void *)guid, 110 114 sizeof(*guid)); 111 115 112 ret = db->fetch(db, talloc_tos(), key, &data);113 if ( ret != 0) {116 status = dbwrap_fetch(db, talloc_tos(), key, &data); 117 if (!NT_STATUS_IS_OK(status)) { 114 118 return NULL; 115 119 } … … 160 164 NTSTATUS status; 161 165 struct db_record *rec; 162 163 rec = obj->members->fetch_locked(obj->members, talloc_tos(), mem->key); 166 TDB_DATA value; 167 168 rec = dbwrap_fetch_locked(obj->members, talloc_tos(), mem->key); 164 169 if (rec == NULL) { 165 170 return NT_STATUS_NO_MEMORY; 166 171 } 167 if (rec->value.dsize != 0) { 172 173 value = dbwrap_record_get_value(rec); 174 if (value.dsize != 0) { 168 175 abort(); 169 176 } 170 177 171 status = rec->store(rec, mem->data, TDB_INSERT);178 status = dbwrap_record_store(rec, mem->data, TDB_INSERT); 172 179 if (!NT_STATUS_IS_OK(status)) { 173 180 TALLOC_FREE(rec); … … 299 306 bool is_member = false; 300 307 const char *action; 308 TDB_DATA value; 301 309 302 310 state->idx++; … … 304 312 alias_sid = state->obj->cur->object.identifier->sid; 305 313 306 mem = dssync_parse_mem(rec->value); 314 value = dbwrap_record_get_value(rec); 315 mem = dssync_parse_mem(value); 307 316 if (mem == NULL) { 308 317 return -1; … … 387 396 struct dssync_passdb_traverse_amembers mstate; 388 397 struct dssync_passdb_obj *obj; 389 int ret; 398 TDB_DATA value; 399 NTSTATUS status; 390 400 391 401 state->idx++; … … 394 404 } 395 405 396 obj = dssync_parse_obj(rec->value); 406 value = dbwrap_record_get_value(rec); 407 obj = dssync_parse_obj(value); 397 408 if (obj == NULL) { 398 409 return -1; … … 403 414 mstate.name = "members"; 404 415 mstate.obj = obj; 405 ret = obj->members->traverse_read(obj->members,406 407 &mstate);408 if ( ret < 0) {416 status = dbwrap_traverse_read(obj->members, 417 dssync_passdb_traverse_amembers, 418 &mstate, NULL); 419 if (!NT_STATUS_IS_OK(status)) { 409 420 return -1; 410 421 } … … 442 453 struct samu *member = NULL; 443 454 const char *member_dn = NULL; 444 GROUP_MAP map;455 GROUP_MAP *map; 445 456 struct group *grp; 446 457 uint32_t rid; 447 458 bool is_unix_member = false; 459 TDB_DATA value; 448 460 449 461 state->idx++; … … 456 468 } 457 469 458 mem = dssync_parse_mem(rec->value); 470 value = dbwrap_record_get_value(rec); 471 472 mem = dssync_parse_mem(value); 459 473 if (mem == NULL) { 460 474 return -1; … … 495 509 } 496 510 497 if (!get_domain_group_from_sid(group_sid, &map)) { 511 map = talloc_zero(NULL, GROUP_MAP); 512 if (!map) { 513 return -1; 514 } 515 516 if (!get_domain_group_from_sid(group_sid, map)) { 498 517 DEBUG(0, ("Could not find global group %s\n", 499 518 sid_string_dbg(&group_sid))); 500 519 //return NT_STATUS_NO_SUCH_GROUP; 520 TALLOC_FREE(map); 501 521 return -1; 502 522 } 503 523 504 if (!(grp = getgrgid(map.gid))) { 505 DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); 524 if (!(grp = getgrgid(map->gid))) { 525 DEBUG(0, ("Could not find unix group %lu\n", 526 (unsigned long)map->gid)); 506 527 //return NT_STATUS_NO_SUCH_GROUP; 528 TALLOC_FREE(map); 507 529 return -1; 508 530 } 531 532 TALLOC_FREE(map); 509 533 510 534 DEBUG(0,("Group members of %s: ", grp->gr_name)); … … 563 587 struct dssync_passdb_traverse_gmembers mstate; 564 588 struct dssync_passdb_obj *obj; 565 int ret; 589 TDB_DATA value; 590 NTSTATUS status; 566 591 567 592 state->idx++; … … 570 595 } 571 596 572 obj = dssync_parse_obj(rec->value); 597 value = dbwrap_record_get_value(rec); 598 599 obj = dssync_parse_obj(value); 573 600 if (obj == NULL) { 574 601 return -1; … … 579 606 mstate.name = "members"; 580 607 mstate.obj = obj; 581 ret = obj->members->traverse_read(obj->members,582 583 &mstate);584 if ( ret < 0) {608 status = dbwrap_traverse_read(obj->members, 609 dssync_passdb_traverse_gmembers, 610 &mstate, NULL); 611 if (!NT_STATUS_IS_OK(status)) { 585 612 return -1; 586 613 } … … 597 624 struct dssync_passdb_traverse_aliases astate; 598 625 struct dssync_passdb_traverse_groups gstate; 599 int ret;626 NTSTATUS status; 600 627 601 628 ZERO_STRUCT(astate); 602 629 astate.ctx = ctx; 603 630 astate.name = "aliases"; 604 ret = pctx->aliases->traverse_read(pctx->aliases,605 606 &astate);607 if ( ret < 0) {631 status = dbwrap_traverse_read(pctx->aliases, 632 dssync_passdb_traverse_aliases, 633 &astate, NULL); 634 if (!NT_STATUS_IS_OK(status)) { 608 635 return NT_STATUS_INTERNAL_ERROR; 609 636 } … … 612 639 gstate.ctx = ctx; 613 640 gstate.name = "groups"; 614 ret = pctx->groups->traverse_read(pctx->groups,615 616 &gstate);617 if ( ret < 0) {641 status = dbwrap_traverse_read(pctx->groups, 642 dssync_passdb_traverse_groups, 643 &gstate, NULL); 644 if (!NT_STATUS_IS_OK(status)) { 618 645 return NT_STATUS_INTERNAL_ERROR; 619 646 } … … 644 671 /* Create appropriate user */ 645 672 if (acct_flags & ACB_NORMAL) { 646 add_script = talloc_strdup(mem_ctx, lp_adduser_script());673 add_script = lp_add_user_script(mem_ctx); 647 674 } else if ( (acct_flags & ACB_WSTRUST) || 648 675 (acct_flags & ACB_SVRTRUST) || 649 676 (acct_flags & ACB_DOMTRUST) ) { 650 add_script = talloc_strdup(mem_ctx, lp_addmachine_script());677 add_script = lp_add_machine_script(mem_ctx); 651 678 } else { 652 679 DEBUG(1, ("Unknown user type: %s\n", … … 1093 1120 const char *description; 1094 1121 const char *userWorkstations; 1095 const char *comment;1096 1122 DATA_BLOB userParameters; 1097 1123 struct dom_sid objectSid; … … 1125 1151 GET_STRING(description); 1126 1152 GET_STRING(userWorkstations); 1127 GET_STRING(comment);1128 1153 GET_BLOB(userParameters); 1129 1154 GET_UINT32(primaryGroupID); … … 1332 1357 fstring account; 1333 1358 struct samu *sam_account=NULL; 1334 GROUP_MAP map;1359 GROUP_MAP *map; 1335 1360 struct group *grp; 1336 1361 struct dom_sid user_sid; … … 1341 1366 1342 1367 const char *sAMAccountName; 1343 uint32_t sAMAccountType;1344 1368 uint32_t userAccountControl; 1345 1369 1346 1370 user_sid = cur->object.identifier->sid; 1347 1371 GET_STRING_EX(sAMAccountName, true); 1348 GET_UINT32_EX(sAMAccountType, true);1349 1372 GET_UINT32_EX(userAccountControl, true); 1350 1373 … … 1414 1437 group_sid = *pdb_get_group_sid(sam_account); 1415 1438 1416 if (!pdb_getgrsid(&map, group_sid)) { 1439 map = talloc_zero(NULL, GROUP_MAP); 1440 if (!map) { 1441 return NT_STATUS_NO_MEMORY; 1442 } 1443 1444 if (!pdb_getgrsid(map, group_sid)) { 1417 1445 DEBUG(0, ("Primary group of %s has no mapping!\n", 1418 1446 pdb_get_username(sam_account))); 1419 1447 } else { 1420 if (map .gid != passwd->pw_gid) {1421 if (!(grp = getgrgid(map .gid))) {1448 if (map->gid != passwd->pw_gid) { 1449 if (!(grp = getgrgid(map->gid))) { 1422 1450 DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", 1423 (unsigned long)map .gid, pdb_get_username(sam_account),1451 (unsigned long)map->gid, pdb_get_username(sam_account), 1424 1452 sid_string_dbg(&group_sid))); 1425 1453 } else { … … 1429 1457 } 1430 1458 1459 TALLOC_FREE(map); 1460 1431 1461 if ( !passwd ) { 1432 1462 DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", … … 1447 1477 struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur; 1448 1478 NTSTATUS status; 1449 fstring name;1450 fstring comment;1451 1479 struct group *grp = NULL; 1452 1480 struct dom_sid group_sid; … … 1454 1482 struct dom_sid *dom_sid = NULL; 1455 1483 fstring sid_string; 1456 GROUP_MAP map;1484 GROUP_MAP *map; 1457 1485 bool insert = true; 1458 1486 1459 1487 const char *sAMAccountName; 1460 uint32_t sAMAccountType;1461 uint32_t groupType;1462 1488 const char *description; 1463 1489 uint32_t i; … … 1467 1493 group_sid = cur->object.identifier->sid; 1468 1494 GET_STRING_EX(sAMAccountName, true); 1469 GET_UINT32_EX(sAMAccountType, true);1470 GET_UINT32_EX(groupType, true);1471 1495 GET_STRING(description); 1472 1496 … … 1480 1504 } 1481 1505 1482 fstrcpy(name, sAMAccountName);1483 fstrcpy(comment, description);1484 1485 1506 dom_sid_split_rid(mem_ctx, &group_sid, &dom_sid, &rid); 1507 1508 map = talloc_zero(mem_ctx, GROUP_MAP); 1509 if (map == NULL) { 1510 status = NT_STATUS_NO_MEMORY; 1511 goto done; 1512 } 1513 1514 map->nt_name = talloc_strdup(map, sAMAccountName); 1515 if (map->nt_name == NULL) { 1516 status = NT_STATUS_NO_MEMORY; 1517 goto done; 1518 } 1519 1520 if (description) { 1521 map->comment = talloc_strdup(map, description); 1522 } else { 1523 map->comment = talloc_strdup(map, ""); 1524 } 1525 if (map->comment == NULL) { 1526 status = NT_STATUS_NO_MEMORY; 1527 goto done; 1528 } 1486 1529 1487 1530 sid_to_fstring(sid_string, &group_sid); 1488 1531 DEBUG(0,("Creating alias[%s] - %s members[%u]\n", 1489 name, sid_string, num_members));1532 map->nt_name, sid_string, num_members)); 1490 1533 1491 1534 status = dssync_insert_obj(pctx, pctx->aliases, obj); 1492 1535 if (!NT_STATUS_IS_OK(status)) { 1493 return status; 1494 } 1495 1496 if (pdb_getgrsid(&map, group_sid)) { 1497 if ( map.gid != -1 ) 1498 grp = getgrgid(map.gid); 1536 goto done; 1537 } 1538 1539 if (pdb_getgrsid(map, group_sid)) { 1540 if (map->gid != -1) { 1541 grp = getgrgid(map->gid); 1542 } 1499 1543 insert = false; 1500 1544 } … … 1504 1548 1505 1549 /* No group found from mapping, find it from its name. */ 1506 if ((grp = getgrnam( name)) == NULL) {1550 if ((grp = getgrnam(map->nt_name)) == NULL) { 1507 1551 1508 1552 /* No appropriate group found, create one */ 1509 1553 1510 DEBUG(0,("Creating unix group: '%s'\n", name)); 1511 1512 if (smb_create_group(name, &gid) != 0) 1513 return NT_STATUS_ACCESS_DENIED; 1514 1515 if ((grp = getgrgid(gid)) == NULL) 1516 return NT_STATUS_ACCESS_DENIED; 1517 } 1518 } 1519 1520 map.gid = grp->gr_gid; 1521 map.sid = group_sid; 1554 DEBUG(0, ("Creating unix group: '%s'\n", 1555 map->nt_name)); 1556 1557 if (smb_create_group(map->nt_name, &gid) != 0) { 1558 status = NT_STATUS_ACCESS_DENIED; 1559 goto done; 1560 } 1561 1562 if ((grp = getgrgid(gid)) == NULL) { 1563 status = NT_STATUS_ACCESS_DENIED; 1564 goto done; 1565 } 1566 } 1567 } 1568 1569 map->gid = grp->gr_gid; 1570 map->sid = group_sid; 1522 1571 1523 1572 if (dom_sid_equal(dom_sid, &global_sid_Builtin)) { … … 1527 1576 * map.sid_name_use = SID_NAME_WKN_GRP; 1528 1577 */ 1529 map .sid_name_use = SID_NAME_ALIAS;1578 map->sid_name_use = SID_NAME_ALIAS; 1530 1579 } else { 1531 map.sid_name_use = SID_NAME_ALIAS; 1532 } 1533 1534 fstrcpy(map.nt_name, name); 1535 if (description) { 1536 fstrcpy(map.comment, comment); 1580 map->sid_name_use = SID_NAME_ALIAS; 1581 } 1582 1583 if (insert) { 1584 pdb_add_group_mapping_entry(map); 1537 1585 } else { 1538 fstrcpy(map.comment, ""); 1539 } 1540 1541 if (insert) 1542 pdb_add_group_mapping_entry(&map); 1543 else 1544 pdb_update_group_mapping_entry(&map); 1586 pdb_update_group_mapping_entry(map); 1587 } 1545 1588 1546 1589 for (i=0; i < num_members; i++) { … … 1551 1594 &members[i], &mem); 1552 1595 if (!NT_STATUS_IS_OK(status)) { 1553 return status; 1554 } 1555 } 1556 1557 return NT_STATUS_OK; 1596 goto done; 1597 } 1598 } 1599 1600 status = NT_STATUS_OK; 1601 1602 done: 1603 TALLOC_FREE(map); 1604 return status; 1558 1605 } 1559 1606 … … 1567 1614 struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur; 1568 1615 NTSTATUS status; 1569 fstring name;1570 fstring comment;1571 1616 struct group *grp = NULL; 1572 1617 struct dom_sid group_sid; 1573 1618 fstring sid_string; 1574 GROUP_MAP map;1619 GROUP_MAP *map; 1575 1620 bool insert = true; 1576 1621 1577 1622 const char *sAMAccountName; 1578 uint32_t sAMAccountType;1579 uint32_t groupType;1580 1623 const char *description; 1581 1624 uint32_t i; … … 1585 1628 group_sid = cur->object.identifier->sid; 1586 1629 GET_STRING_EX(sAMAccountName, true); 1587 GET_UINT32_EX(sAMAccountType, true);1588 GET_UINT32_EX(groupType, true);1589 1630 GET_STRING(description); 1590 1631 … … 1598 1639 } 1599 1640 1600 fstrcpy(name, sAMAccountName); 1601 fstrcpy(comment, description); 1641 map = talloc_zero(NULL, GROUP_MAP); 1642 if (!map) { 1643 return NT_STATUS_NO_MEMORY; 1644 } 1645 1646 map->nt_name = talloc_strdup(map, sAMAccountName); 1647 if (!map->nt_name) { 1648 status = NT_STATUS_NO_MEMORY; 1649 goto done; 1650 } 1651 if (description) { 1652 map->comment = talloc_strdup(map, description); 1653 } else { 1654 map->comment = talloc_strdup(map, ""); 1655 } 1656 if (!map->comment) { 1657 status = NT_STATUS_NO_MEMORY; 1658 goto done; 1659 } 1602 1660 1603 1661 sid_to_fstring(sid_string, &group_sid); 1604 1662 DEBUG(0,("Creating group[%s] - %s members [%u]\n", 1605 name, sid_string, num_members));1663 map->nt_name, sid_string, num_members)); 1606 1664 1607 1665 status = dssync_insert_obj(pctx, pctx->groups, obj); 1608 1666 if (!NT_STATUS_IS_OK(status)) { 1609 return status; 1610 } 1611 1612 if (pdb_getgrsid(&map, group_sid)) { 1613 if ( map.gid != -1 ) 1614 grp = getgrgid(map.gid); 1667 goto done; 1668 } 1669 1670 if (pdb_getgrsid(map, group_sid)) { 1671 if (map->gid != -1) { 1672 grp = getgrgid(map->gid); 1673 } 1615 1674 insert = false; 1616 1675 } … … 1620 1679 1621 1680 /* No group found from mapping, find it from its name. */ 1622 if ((grp = getgrnam( name)) == NULL) {1681 if ((grp = getgrnam(map->nt_name)) == NULL) { 1623 1682 1624 1683 /* No appropriate group found, create one */ 1625 1684 1626 DEBUG(0,("Creating unix group: '%s'\n", name)); 1627 1628 if (smb_create_group(name, &gid) != 0) 1629 return NT_STATUS_ACCESS_DENIED; 1630 1631 if ((grp = getgrnam(name)) == NULL) 1632 return NT_STATUS_ACCESS_DENIED; 1633 } 1634 } 1635 1636 map.gid = grp->gr_gid; 1637 map.sid = group_sid; 1638 map.sid_name_use = SID_NAME_DOM_GRP; 1639 fstrcpy(map.nt_name, name); 1640 if (description) { 1641 fstrcpy(map.comment, comment); 1685 DEBUG(0, ("Creating unix group: '%s'\n", 1686 map->nt_name)); 1687 1688 if (smb_create_group(map->nt_name, &gid) != 0) { 1689 status = NT_STATUS_ACCESS_DENIED; 1690 goto done; 1691 } 1692 1693 if ((grp = getgrnam(map->nt_name)) == NULL) { 1694 status = NT_STATUS_ACCESS_DENIED; 1695 goto done; 1696 } 1697 } 1698 } 1699 1700 map->gid = grp->gr_gid; 1701 map->sid = group_sid; 1702 map->sid_name_use = SID_NAME_DOM_GRP; 1703 1704 if (insert) { 1705 pdb_add_group_mapping_entry(map); 1642 1706 } else { 1643 fstrcpy(map.comment, ""); 1644 } 1645 1646 if (insert) 1647 pdb_add_group_mapping_entry(&map); 1648 else 1649 pdb_update_group_mapping_entry(&map); 1707 pdb_update_group_mapping_entry(map); 1708 } 1650 1709 1651 1710 for (i=0; i < num_members; i++) { … … 1656 1715 &members[i], &mem); 1657 1716 if (!NT_STATUS_IS_OK(status)) { 1658 return status; 1659 } 1660 } 1661 1662 return NT_STATUS_OK; 1717 goto done; 1718 } 1719 } 1720 1721 status = NT_STATUS_OK; 1722 1723 done: 1724 TALLOC_FREE(map); 1725 return status; 1663 1726 } 1664 1727 … … 1707 1770 1708 1771 char *name = NULL; 1709 uint32_t uacc = 0;1710 1772 uint32_t sam_type = 0; 1711 1773 … … 1734 1796 case DRSUAPI_ATTID_sAMAccountType: 1735 1797 sam_type = IVAL(blob->data, 0); 1736 break;1737 case DRSUAPI_ATTID_userAccountControl:1738 uacc = IVAL(blob->data, 0);1739 1798 break; 1740 1799 default: -
vendor/current/source3/libnet/libnet_join.c
r860 r988 39 39 #include "passdb.h" 40 40 #include "libsmb/libsmb.h" 41 #include "../libcli/smb/smbXcli_base.h" 42 #include "lib/param/loadparm.h" 43 #include "libcli/auth/netlogon_creds_cli.h" 44 #include "auth/credentials/credentials.h" 45 #include "krb5_env.h" 41 46 42 47 /**************************************************************** … … 115 120 const char *user_name, 116 121 const char *password, 122 const char *ccname, 117 123 ADS_STRUCT **ads) 118 124 { … … 135 141 SAFE_FREE(my_ads->auth.realm); 136 142 my_ads->auth.realm = smb_xstrdup(cp); 137 strupper_m(my_ads->auth.realm); 143 if (!strupper_m(my_ads->auth.realm)) { 144 ads_destroy(&my_ads); 145 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 146 } 138 147 } 139 148 } … … 144 153 } 145 154 155 if (ccname != NULL) { 156 SAFE_FREE(my_ads->auth.ccache_name); 157 my_ads->auth.ccache_name = SMB_STRDUP(ccname); 158 setenv(KRB5_ENV_CCNAME, my_ads->auth.ccache_name, 1); 159 } 160 146 161 status = ads_connect_user_creds(my_ads); 147 162 if (!ADS_ERR_OK(status)) { … … 158 173 159 174 static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, 160 struct libnet_JoinCtx *r) 175 struct libnet_JoinCtx *r, 176 bool use_machine_creds) 161 177 { 162 178 ADS_STATUS status; 179 const char *username; 180 const char *password; 181 const char *ccname = NULL; 182 183 if (use_machine_creds) { 184 if (r->in.machine_name == NULL || 185 r->in.machine_password == NULL) { 186 return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); 187 } 188 username = talloc_strdup(mem_ctx, r->in.machine_name); 189 if (username == NULL) { 190 return ADS_ERROR(LDAP_NO_MEMORY); 191 } 192 if (username[strlen(username)] != '$') { 193 username = talloc_asprintf(username, "%s$", username); 194 if (username == NULL) { 195 return ADS_ERROR(LDAP_NO_MEMORY); 196 } 197 } 198 password = r->in.machine_password; 199 ccname = "MEMORY:libnet_join_machine_creds"; 200 } else { 201 username = r->in.admin_account; 202 password = r->in.admin_password; 203 204 /* 205 * when r->in.use_kerberos is set to allow "net ads join -k" we 206 * may not override the provided credential cache - gd 207 */ 208 209 if (!r->in.use_kerberos) { 210 ccname = "MEMORY:libnet_join_user_creds"; 211 } 212 } 163 213 164 214 status = libnet_connect_ads(r->out.dns_domain_name, 165 215 r->out.netbios_domain_name, 166 216 r->in.dc_name, 167 r->in.admin_account, 168 r->in.admin_password, 217 username, 218 password, 219 ccname, 169 220 &r->in.ads); 170 221 if (!ADS_ERR_OK(status)) { … … 195 246 ****************************************************************/ 196 247 248 static ADS_STATUS libnet_join_connect_ads_user(TALLOC_CTX *mem_ctx, 249 struct libnet_JoinCtx *r) 250 { 251 return libnet_join_connect_ads(mem_ctx, r, false); 252 } 253 254 /**************************************************************** 255 ****************************************************************/ 256 257 static ADS_STATUS libnet_join_connect_ads_machine(TALLOC_CTX *mem_ctx, 258 struct libnet_JoinCtx *r) 259 { 260 return libnet_join_connect_ads(mem_ctx, r, true); 261 } 262 263 /**************************************************************** 264 ****************************************************************/ 265 197 266 static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, 198 267 struct libnet_UnjoinCtx *r) … … 205 274 r->in.admin_account, 206 275 r->in.admin_password, 276 NULL, 207 277 &r->in.ads); 208 278 if (!ADS_ERR_OK(status)) { … … 249 319 status = ads_create_machine_acct(r->in.ads, 250 320 r->in.machine_name, 251 r->in.account_ou); 321 r->in.account_ou, 322 r->in.desired_encryption_types); 252 323 253 324 if (ADS_ERR_OK(status)) { … … 347 418 } 348 419 420 if (!ads_pull_uint32(r->in.ads, res, "msDS-SupportedEncryptionTypes", 421 &r->out.set_encryption_types)) { 422 r->out.set_encryption_types = 0; 423 } 424 349 425 done: 350 426 ads_msgfree(r->in.ads, res); … … 354 430 } 355 431 432 static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx, 433 struct libnet_JoinCtx *r, 434 char ***spn_array, 435 size_t *num_spns) 436 { 437 ADS_STATUS status; 438 439 if (r->in.machine_name == NULL) { 440 return ADS_ERROR_SYSTEM(EINVAL); 441 } 442 443 status = ads_get_service_principal_names(mem_ctx, 444 r->in.ads, 445 r->in.machine_name, 446 spn_array, 447 num_spns); 448 449 return status; 450 } 451 356 452 /**************************************************************** 357 453 Set a machines dNSHostName and servicePrincipalName attributes … … 364 460 ADS_MODLIST mods; 365 461 fstring my_fqdn; 366 const char *spn_array[3] = {NULL, NULL, NULL}; 462 const char **spn_array = NULL; 463 size_t num_spns = 0; 367 464 char *spn = NULL; 465 bool ok; 368 466 369 467 /* Find our DN */ … … 372 470 if (!ADS_ERR_OK(status)) { 373 471 return status; 472 } 473 474 status = libnet_join_get_machine_spns(mem_ctx, 475 r, 476 discard_const_p(char **, &spn_array), 477 &num_spns); 478 if (!ADS_ERR_OK(status)) { 479 DEBUG(5, ("Retrieving the servicePrincipalNames failed.\n")); 374 480 } 375 481 … … 380 486 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 381 487 } 382 strupper_m(spn); 383 spn_array[0] = spn; 488 if (!strupper_m(spn)) { 489 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 490 } 491 492 ok = ads_element_in_array(spn_array, num_spns, spn); 493 if (!ok) { 494 ok = add_string_to_array(spn_array, spn, 495 &spn_array, &num_spns); 496 if (!ok) { 497 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 498 } 499 } 384 500 385 501 if (!name_to_fqdn(my_fqdn, r->in.machine_name) … … 389 505 } 390 506 391 strlower_m(my_fqdn); 507 if (!strlower_m(my_fqdn)) { 508 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 509 } 392 510 393 511 if (!strequal(my_fqdn, r->in.machine_name)) { … … 396 514 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 397 515 } 398 spn_array[1] = spn; 399 } 516 517 ok = ads_element_in_array(spn_array, num_spns, spn); 518 if (!ok) { 519 ok = add_string_to_array(spn_array, spn, 520 &spn_array, &num_spns); 521 if (!ok) { 522 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 523 } 524 } 525 } 526 527 /* make sure to NULL terminate the array */ 528 spn_array = talloc_realloc(mem_ctx, spn_array, const char *, num_spns + 1); 529 if (spn_array == NULL) { 530 return ADS_ERROR_LDAP(LDAP_NO_MEMORY); 531 } 532 spn_array[num_spns] = NULL; 400 533 401 534 mods = ads_init_mods(mem_ctx); … … 441 574 442 575 if (!r->in.upn) { 576 const char *realm = r->out.dns_domain_name; 577 578 /* in case we are about to generate a keytab during the join 579 * make sure the default upn we create is usable with kinit -k. 580 * gd */ 581 582 if (USE_KERBEROS_KEYTAB) { 583 realm = talloc_strdup_upper(mem_ctx, 584 r->out.dns_domain_name); 585 } 586 587 if (!realm) { 588 return ADS_ERROR(LDAP_NO_MEMORY); 589 } 590 443 591 r->in.upn = talloc_asprintf(mem_ctx, 444 592 "host/%s@%s", 445 593 r->in.machine_name, 446 r ->out.dns_domain_name);594 realm); 447 595 if (!r->in.upn) { 448 596 return ADS_ERROR(LDAP_NO_MEMORY); … … 496 644 } 497 645 498 os_sp = talloc_asprintf(mem_ctx, "Samba %s", samba_version_string()); 499 if (!os_sp) { 646 if (r->in.os_servicepack) { 647 /* 648 * if blank string then leave os_sp equal to NULL to force 649 * attribute delete (LDAP_MOD_DELETE) 650 */ 651 if (!strequal(r->in.os_servicepack,"")) { 652 os_sp = talloc_strdup(mem_ctx, r->in.os_servicepack); 653 } 654 } else { 655 os_sp = talloc_asprintf(mem_ctx, "Samba %s", 656 samba_version_string()); 657 } 658 if (!os_sp && !strequal(r->in.os_servicepack,"")) { 500 659 return ADS_ERROR(LDAP_NO_MEMORY); 501 660 } … … 522 681 523 682 return ads_gen_mod(r->in.ads, r->out.dn, mods); 683 } 684 685 /**************************************************************** 686 ****************************************************************/ 687 688 static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx, 689 struct libnet_JoinCtx *r) 690 { 691 ADS_STATUS status; 692 ADS_MODLIST mods; 693 const char *etype_list_str; 694 695 etype_list_str = talloc_asprintf(mem_ctx, "%d", 696 r->in.desired_encryption_types); 697 if (!etype_list_str) { 698 return ADS_ERROR(LDAP_NO_MEMORY); 699 } 700 701 /* Find our DN */ 702 703 status = libnet_join_find_machine_acct(mem_ctx, r); 704 if (!ADS_ERR_OK(status)) { 705 return status; 706 } 707 708 if (r->in.desired_encryption_types == r->out.set_encryption_types) { 709 return ADS_SUCCESS; 710 } 711 712 /* now do the mods */ 713 714 mods = ads_init_mods(mem_ctx); 715 if (!mods) { 716 return ADS_ERROR(LDAP_NO_MEMORY); 717 } 718 719 status = ads_mod_str(mem_ctx, &mods, "msDS-SupportedEncryptionTypes", 720 etype_list_str); 721 if (!ADS_ERR_OK(status)) { 722 return status; 723 } 724 725 status = ads_gen_mod(r->in.ads, r->out.dn, mods); 726 if (!ADS_ERR_OK(status)) { 727 return status; 728 } 729 730 r->out.set_encryption_types = r->in.desired_encryption_types; 731 732 return ADS_SUCCESS; 524 733 } 525 734 … … 601 810 { 602 811 ADS_STATUS status; 812 bool need_etype_update = false; 603 813 604 814 if (!r->in.ads) { 605 status = libnet_join_connect_ads (mem_ctx, r);815 status = libnet_join_connect_ads_user(mem_ctx, r); 606 816 if (!ADS_ERR_OK(status)) { 607 817 return status; … … 612 822 if (!ADS_ERR_OK(status)) { 613 823 libnet_join_set_error_string(mem_ctx, r, 614 "failed to set machine spn: %s", 824 "Failed to set machine spn: %s\n" 825 "Do you have sufficient permissions to create machine " 826 "accounts?", 615 827 ads_errstr(status)); 616 828 return status; … … 631 843 ads_errstr(status)); 632 844 return status; 845 } 846 847 status = libnet_join_find_machine_acct(mem_ctx, r); 848 if (!ADS_ERR_OK(status)) { 849 return status; 850 } 851 852 if (r->in.desired_encryption_types != r->out.set_encryption_types) { 853 uint32_t func_level = 0; 854 855 status = ads_domain_func_level(r->in.ads, &func_level); 856 if (!ADS_ERR_OK(status)) { 857 libnet_join_set_error_string(mem_ctx, r, 858 "failed to query domain controller functional level: %s", 859 ads_errstr(status)); 860 return status; 861 } 862 863 if (func_level >= DS_DOMAIN_FUNCTION_2008) { 864 need_etype_update = true; 865 } 866 } 867 868 if (need_etype_update) { 869 /* 870 * We need to reconnect as machine account in order 871 * to update msDS-SupportedEncryptionTypes reliable 872 */ 873 874 if (r->in.ads->auth.ccache_name != NULL) { 875 ads_kdestroy(r->in.ads->auth.ccache_name); 876 } 877 878 ads_destroy(&r->in.ads); 879 880 status = libnet_join_connect_ads_machine(mem_ctx, r); 881 if (!ADS_ERR_OK(status)) { 882 libnet_join_set_error_string(mem_ctx, r, 883 "Failed to connect as machine account: %s", 884 ads_errstr(status)); 885 return status; 886 } 887 888 status = libnet_join_set_etypes(mem_ctx, r); 889 if (!ADS_ERR_OK(status)) { 890 libnet_join_set_error_string(mem_ctx, r, 891 "failed to set machine kerberos encryption types: %s", 892 ads_errstr(status)); 893 return status; 894 } 633 895 } 634 896 … … 678 940 static NTSTATUS libnet_join_connect_dc_ipc(const char *dc, 679 941 const char *user, 942 const char *domain, 680 943 const char *pass, 681 944 bool use_kerberos, … … 697 960 "IPC$", "IPC", 698 961 user, 699 NULL,962 domain, 700 963 pass, 701 964 flags, 702 Undefined);965 SMB_SIGNING_IPC_DEFAULT); 703 966 } 704 967 … … 719 982 status = libnet_join_connect_dc_ipc(r->in.dc_name, 720 983 r->in.admin_account, 984 r->in.admin_domain, 721 985 r->in.admin_password, 722 986 r->in.use_kerberos, … … 726 990 } 727 991 728 status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc .syntax_id,992 status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc, 729 993 &pipe_hnd); 730 994 if (!NT_STATUS_IS_OK(status)) { … … 790 1054 struct cli_state *cli) 791 1055 { 792 struct rpc_pipe_client *pipe_hnd = NULL; 793 unsigned char orig_trust_passwd_hash[16]; 794 unsigned char new_trust_passwd_hash[16]; 795 fstring trust_passwd; 1056 TALLOC_CTX *frame = talloc_stackframe(); 1057 struct rpc_pipe_client *netlogon_pipe = NULL; 1058 struct netlogon_creds_cli_context *netlogon_creds = NULL; 1059 struct samr_Password current_nt_hash; 1060 const char *account_name = NULL; 796 1061 NTSTATUS status; 797 1062 798 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon.syntax_id, 799 &pipe_hnd); 800 if (!NT_STATUS_IS_OK(status)) { 1063 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon, 1064 &netlogon_pipe); 1065 if (!NT_STATUS_IS_OK(status)) { 1066 TALLOC_FREE(frame); 801 1067 return status; 802 1068 } 803 1069 804 1070 if (!r->in.machine_password) { 805 r->in.machine_password = generate_random_str(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); 806 NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); 807 } 808 809 E_md4hash(r->in.machine_password, new_trust_passwd_hash); 1071 r->in.machine_password = generate_random_password(mem_ctx, 1072 DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH, 1073 DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); 1074 if (r->in.machine_password == NULL) { 1075 TALLOC_FREE(frame); 1076 return NT_STATUS_NO_MEMORY; 1077 } 1078 } 810 1079 811 1080 /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */ 812 fstrcpy(trust_passwd, r->in.admin_password); 813 strlower_m(trust_passwd); 814 815 /* 816 * Machine names can be 15 characters, but the max length on 817 * a password is 14. --jerry 818 */ 819 820 trust_passwd[14] = '\0'; 821 822 E_md4hash(trust_passwd, orig_trust_passwd_hash); 823 824 status = rpccli_netlogon_set_trust_password(pipe_hnd, mem_ctx, 825 r->in.machine_name, 826 orig_trust_passwd_hash, 827 r->in.machine_password, 828 new_trust_passwd_hash, 829 r->in.secure_channel_type); 830 831 return status; 1081 E_md4hash(r->in.admin_password, current_nt_hash.hash); 1082 1083 account_name = talloc_asprintf(frame, "%s$", 1084 r->in.machine_name); 1085 if (account_name == NULL) { 1086 TALLOC_FREE(frame); 1087 return NT_STATUS_NO_MEMORY; 1088 } 1089 1090 status = rpccli_create_netlogon_creds(netlogon_pipe->desthost, 1091 r->in.domain_name, 1092 account_name, 1093 r->in.secure_channel_type, 1094 r->in.msg_ctx, 1095 frame, 1096 &netlogon_creds); 1097 if (!NT_STATUS_IS_OK(status)) { 1098 TALLOC_FREE(frame); 1099 return status; 1100 } 1101 1102 status = rpccli_setup_netlogon_creds(cli, NCACN_NP, 1103 netlogon_creds, 1104 true, /* force_reauth */ 1105 current_nt_hash, 1106 NULL); /* previous_nt_hash */ 1107 if (!NT_STATUS_IS_OK(status)) { 1108 TALLOC_FREE(frame); 1109 return status; 1110 } 1111 1112 status = netlogon_creds_cli_ServerPasswordSet(netlogon_creds, 1113 netlogon_pipe->binding_handle, 1114 r->in.machine_password, 1115 NULL); /* new_version */ 1116 if (!NT_STATUS_IS_OK(status)) { 1117 TALLOC_FREE(frame); 1118 return status; 1119 } 1120 1121 TALLOC_FREE(frame); 1122 return NT_STATUS_OK; 832 1123 } 833 1124 … … 853 1144 unsigned int old_timeout = 0; 854 1145 1146 DATA_BLOB session_key = data_blob_null; 855 1147 struct samr_CryptPassword crypt_pwd; 856 1148 struct samr_CryptPasswordEx crypt_pwd_ex; … … 872 1164 873 1165 if (!r->in.machine_password) { 874 r->in.machine_password = generate_random_str(mem_ctx, DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); 1166 r->in.machine_password = generate_random_password(mem_ctx, 1167 DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH, 1168 DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); 875 1169 NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); 876 1170 } … … 878 1172 /* Open the domain */ 879 1173 880 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr .syntax_id,1174 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, 881 1175 &pipe_hnd); 882 1176 if (!NT_STATUS_IS_OK(status)) { … … 887 1181 888 1182 b = pipe_hnd->binding_handle; 1183 1184 status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key); 1185 if (!NT_STATUS_IS_OK(status)) { 1186 DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n", 1187 nt_errstr(status))); 1188 goto done; 1189 } 889 1190 890 1191 status = dcerpc_samr_Connect2(b, mem_ctx, … … 921 1222 922 1223 acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); 923 strlower_m(acct_name); 1224 if (!strlower_m(acct_name)) { 1225 status = NT_STATUS_INVALID_PARAMETER; 1226 goto done; 1227 } 924 1228 925 1229 init_lsa_String(&lsa_acct_name, acct_name); … … 1078 1382 1079 1383 init_samr_CryptPasswordEx(r->in.machine_password, 1080 & cli->user_session_key,1384 &session_key, 1081 1385 &crypt_pwd_ex); 1082 1386 … … 1095 1399 1096 1400 init_samr_CryptPassword(r->in.machine_password, 1097 & cli->user_session_key,1401 &session_key, 1098 1402 &crypt_pwd); 1099 1403 … … 1141 1445 } 1142 1446 1447 data_blob_clear_free(&session_key); 1448 1143 1449 if (is_valid_policy_hnd(&sam_pol)) { 1144 1450 dcerpc_samr_Close(b, mem_ctx, &sam_pol, &result); … … 1158 1464 ****************************************************************/ 1159 1465 1160 NTSTATUS libnet_join_ok(const char *netbios_domain_name, 1161 const char *machine_name, 1162 const char *dc_name) 1163 { 1164 uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; 1466 NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, 1467 const char *netbios_domain_name, 1468 const char *dc_name, 1469 const bool use_kerberos) 1470 { 1471 TALLOC_CTX *frame = talloc_stackframe(); 1165 1472 struct cli_state *cli = NULL; 1166 struct rpc_pipe_client *pipe_hnd = NULL;1167 1473 struct rpc_pipe_client *netlogon_pipe = NULL; 1474 struct cli_credentials *cli_creds = NULL; 1475 struct netlogon_creds_cli_context *netlogon_creds = NULL; 1476 struct netlogon_creds_CredentialState *creds = NULL; 1477 uint32_t netlogon_flags = 0; 1168 1478 NTSTATUS status; 1169 char *machine_password = NULL; 1170 char *machine_account = NULL; 1479 const char *machine_account = NULL; 1480 const char *machine_domain = NULL; 1481 const char *machine_password = NULL; 1482 int flags = 0; 1171 1483 1172 1484 if (!dc_name) { 1485 TALLOC_FREE(frame); 1173 1486 return NT_STATUS_INVALID_PARAMETER; 1174 1487 } 1175 1488 1176 1489 if (!secrets_init()) { 1490 TALLOC_FREE(frame); 1177 1491 return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; 1178 1492 } 1179 1493 1180 machine_password = secrets_fetch_machine_password(netbios_domain_name, 1181 NULL, NULL); 1182 if (!machine_password) { 1183 return NT_STATUS_NO_TRUST_LSA_SECRET; 1184 } 1185 1186 if (asprintf(&machine_account, "%s$", machine_name) == -1) { 1187 SAFE_FREE(machine_password); 1188 return NT_STATUS_NO_MEMORY; 1189 } 1494 status = pdb_get_trust_credentials(netbios_domain_name, NULL, 1495 frame, &cli_creds); 1496 if (!NT_STATUS_IS_OK(status)) { 1497 TALLOC_FREE(frame); 1498 return status; 1499 } 1500 1501 /* we don't want any old password */ 1502 cli_credentials_set_old_password(cli_creds, NULL, CRED_SPECIFIED); 1503 1504 if (use_kerberos) { 1505 flags |= CLI_FULL_CONNECTION_USE_KERBEROS; 1506 } 1507 1508 machine_account = cli_credentials_get_username(cli_creds); 1509 machine_domain = cli_credentials_get_domain(cli_creds); 1510 machine_password = cli_credentials_get_password(cli_creds); 1190 1511 1191 1512 status = cli_full_connection(&cli, NULL, … … 1194 1515 "IPC$", "IPC", 1195 1516 machine_account, 1196 NULL,1517 machine_domain, 1197 1518 machine_password, 1198 0, 1199 Undefined); 1200 free(machine_account); 1201 free(machine_password); 1519 flags, 1520 SMB_SIGNING_IPC_DEFAULT); 1202 1521 1203 1522 if (!NT_STATUS_IS_OK(status)) { … … 1210 1529 "", 1211 1530 0, 1212 Undefined); 1213 } 1214 1215 if (!NT_STATUS_IS_OK(status)) { 1216 return status; 1217 } 1218 1219 status = get_schannel_session_key(cli, netbios_domain_name, 1220 &neg_flags, &netlogon_pipe); 1221 if (!NT_STATUS_IS_OK(status)) { 1222 if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_NETWORK_RESPONSE)) { 1223 cli_shutdown(cli); 1224 return NT_STATUS_OK; 1225 } 1226 1227 DEBUG(0,("libnet_join_ok: failed to get schannel session " 1228 "key from server %s for domain %s. Error was %s\n", 1229 cli->desthost, netbios_domain_name, nt_errstr(status))); 1531 SMB_SIGNING_IPC_DEFAULT); 1532 } 1533 1534 if (!NT_STATUS_IS_OK(status)) { 1535 TALLOC_FREE(frame); 1536 return status; 1537 } 1538 1539 status = rpccli_create_netlogon_creds_with_creds(cli_creds, 1540 dc_name, 1541 msg_ctx, 1542 frame, 1543 &netlogon_creds); 1544 if (!NT_STATUS_IS_OK(status)) { 1230 1545 cli_shutdown(cli); 1231 return status; 1232 } 1233 1234 if (!lp_client_schannel()) { 1546 TALLOC_FREE(frame); 1547 return status; 1548 } 1549 1550 status = rpccli_setup_netlogon_creds_with_creds(cli, NCACN_NP, 1551 netlogon_creds, 1552 true, /* force_reauth */ 1553 cli_creds); 1554 if (!NT_STATUS_IS_OK(status)) { 1555 DEBUG(0,("connect_to_domain_password_server: " 1556 "unable to open the domain client session to " 1557 "machine %s. Flags[0x%08X] Error was : %s.\n", 1558 dc_name, (unsigned)netlogon_flags, 1559 nt_errstr(status))); 1235 1560 cli_shutdown(cli); 1561 TALLOC_FREE(frame); 1562 return status; 1563 } 1564 1565 status = netlogon_creds_cli_get(netlogon_creds, 1566 talloc_tos(), 1567 &creds); 1568 if (!NT_STATUS_IS_OK(status)) { 1569 cli_shutdown(cli); 1570 TALLOC_FREE(frame); 1571 return status; 1572 } 1573 netlogon_flags = creds->negotiate_flags; 1574 TALLOC_FREE(creds); 1575 1576 if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) { 1577 cli_shutdown(cli); 1578 TALLOC_FREE(frame); 1236 1579 return NT_STATUS_OK; 1237 1580 } 1238 1581 1239 status = cli_rpc_pipe_open_schannel_with_ key(1240 cli, &ndr_table_netlogon .syntax_id, NCACN_NP,1241 DCERPC_AUTH_LEVEL_PRIVACY,1242 net bios_domain_name, &netlogon_pipe->dc, &pipe_hnd);1243 1244 cli_shutdown(cli);1582 status = cli_rpc_pipe_open_schannel_with_creds( 1583 cli, &ndr_table_netlogon, NCACN_NP, 1584 cli_creds, 1585 netlogon_creds, &netlogon_pipe); 1586 1587 TALLOC_FREE(netlogon_pipe); 1245 1588 1246 1589 if (!NT_STATUS_IS_OK(status)) { … … 1248 1591 "on netlogon pipe to server %s for domain %s. " 1249 1592 "Error was %s\n", 1250 cli->desthost, netbios_domain_name, nt_errstr(status))); 1251 return status; 1252 } 1253 1593 smbXcli_conn_remote_name(cli->conn), 1594 netbios_domain_name, nt_errstr(status))); 1595 cli_shutdown(cli); 1596 TALLOC_FREE(frame); 1597 return status; 1598 } 1599 1600 cli_shutdown(cli); 1601 TALLOC_FREE(frame); 1254 1602 return NT_STATUS_OK; 1255 1603 } … … 1263 1611 NTSTATUS status; 1264 1612 1265 status = libnet_join_ok(r->out.netbios_domain_name, 1266 r->in.machine_name, 1267 r->in.dc_name); 1613 status = libnet_join_ok(r->in.msg_ctx, 1614 r->out.netbios_domain_name, 1615 r->in.dc_name, 1616 r->in.use_kerberos); 1268 1617 if (!NT_STATUS_IS_OK(status)) { 1269 1618 libnet_join_set_error_string(mem_ctx, r, … … 1317 1666 status = libnet_join_connect_dc_ipc(r->in.dc_name, 1318 1667 r->in.admin_account, 1668 r->in.admin_domain, 1319 1669 r->in.admin_password, 1320 1670 r->in.use_kerberos, … … 1326 1676 /* Open the domain */ 1327 1677 1328 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr .syntax_id,1678 status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr, 1329 1679 &pipe_hnd); 1330 1680 if (!NT_STATUS_IS_OK(status)) { … … 1366 1716 1367 1717 acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); 1368 strlower_m(acct_name); 1718 if (!strlower_m(acct_name)) { 1719 status = NT_STATUS_INVALID_PARAMETER; 1720 goto done; 1721 } 1369 1722 1370 1723 init_lsa_String(&lsa_acct_name, acct_name); … … 1599 1952 } 1600 1953 1601 lp_load (get_dyn_CONFIGFILE(),true,false,false,true);1954 lp_load_global(get_dyn_CONFIGFILE()); 1602 1955 1603 1956 r->out.modified_config = true; … … 1627 1980 } 1628 1981 1629 lp_load (get_dyn_CONFIGFILE(),true,false,false,true);1982 lp_load_global(get_dyn_CONFIGFILE()); 1630 1983 1631 1984 r->out.modified_config = true; … … 1689 2042 } 1690 2043 2044 if (strlen(r->in.machine_name) > 15) { 2045 libnet_join_set_error_string(mem_ctx, r, 2046 "Our netbios name can be at most 15 chars long, " 2047 "\"%s\" is %u chars long\n", 2048 r->in.machine_name, 2049 (unsigned int)strlen(r->in.machine_name)); 2050 return WERR_INVALID_PARAM; 2051 } 2052 1691 2053 if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name, 1692 2054 &r->in.domain_name, … … 1697 2059 } 1698 2060 1699 if (IS_DC) { 1700 return WERR_SETUP_DOMAIN_CONTROLLER; 2061 if (!r->in.admin_domain) { 2062 char *admin_domain = NULL; 2063 char *admin_account = NULL; 2064 split_domain_user(mem_ctx, 2065 r->in.admin_account, 2066 &admin_domain, 2067 &admin_account); 2068 r->in.admin_domain = admin_domain; 2069 r->in.admin_account = admin_account; 1701 2070 } 1702 2071 … … 1722 2091 DEBUG(10,("Unable to auto-add domain administrators to " 1723 2092 "BUILTIN\\Administrators during join because " 1724 "winbindd must be running. "));2093 "winbindd must be running.\n")); 1725 2094 } else if (!NT_STATUS_IS_OK(status)) { 1726 2095 DEBUG(5, ("Failed to auto-add domain administrators to " … … 1733 2102 if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) { 1734 2103 DEBUG(10,("Unable to auto-add domain users to BUILTIN\\users " 1735 "during join because winbindd must be running. "));2104 "during join because winbindd must be running.\n")); 1736 2105 } else if (!NT_STATUS_IS_OK(status)) { 1737 2106 DEBUG(5, ("Failed to auto-add domain administrators to " … … 1823 2192 talloc_set_destructor(ctx, libnet_destroy_JoinCtx); 1824 2193 1825 ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname());2194 ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name()); 1826 2195 W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); 1827 2196 1828 2197 ctx->in.secure_channel_type = SEC_CHAN_WKSTA; 2198 2199 ctx->in.desired_encryption_types = ENC_CRC32 | 2200 ENC_RSA_MD5 | 2201 ENC_RC4_HMAC_MD5; 2202 #ifdef HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96 2203 ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES128; 2204 #endif 2205 #ifdef HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96 2206 ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES256; 2207 #endif 1829 2208 1830 2209 *r = ctx; … … 1848 2227 talloc_set_destructor(ctx, libnet_destroy_UnjoinCtx); 1849 2228 1850 ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname());2229 ctx->in.machine_name = talloc_strdup(mem_ctx, lp_netbios_name()); 1851 2230 W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); 1852 2231 … … 1872 2251 switch (r->out.domain_is_ad) { 1873 2252 case false: 1874 valid_security = (lp_security() == SEC_DOMAIN); 2253 valid_security = (lp_security() == SEC_DOMAIN) 2254 || (lp_server_role() == ROLE_DOMAIN_PDC) 2255 || (lp_server_role() == ROLE_DOMAIN_BDC); 1875 2256 if (valid_workgroup && valid_security) { 1876 2257 /* nothing to be done */ … … 1916 2297 const char *sec = NULL; 1917 2298 switch (lp_security()) { 1918 case SEC_SHARE: sec = "share"; break;1919 2299 case SEC_USER: sec = "user"; break; 1920 2300 case SEC_DOMAIN: sec = "domain"; break; … … 1958 2338 ADS_STATUS ads_status; 1959 2339 #endif /* HAVE_ADS */ 2340 const char *pre_connect_realm = NULL; 2341 const char *numeric_dcip = NULL; 2342 const char *sitename = NULL; 2343 2344 /* Before contacting a DC, we can securely know 2345 * the realm only if the user specifies it. 2346 */ 2347 if (r->in.use_kerberos && 2348 r->in.domain_name_type == JoinDomNameTypeDNS) { 2349 pre_connect_realm = r->in.domain_name; 2350 } 1960 2351 1961 2352 if (!r->in.dc_name) { 1962 2353 struct netr_DsRGetDCNameInfo *info; 1963 2354 const char *dc; 2355 uint32_t name_type_flags = 0; 2356 if (r->in.domain_name_type == JoinDomNameTypeDNS) { 2357 name_type_flags = DS_IS_DNS_NAME; 2358 } else if (r->in.domain_name_type == JoinDomNameTypeNBT) { 2359 name_type_flags = DS_IS_FLAT_NAME; 2360 } 1964 2361 status = dsgetdcname(mem_ctx, 1965 2362 r->in.msg_ctx, … … 1970 2367 DS_DIRECTORY_SERVICE_REQUIRED | 1971 2368 DS_WRITABLE_REQUIRED | 1972 DS_RETURN_DNS_NAME, 2369 DS_RETURN_DNS_NAME | 2370 name_type_flags, 1973 2371 &info); 1974 2372 if (!NT_STATUS_IS_OK(status)) { … … 1983 2381 r->in.dc_name = talloc_strdup(mem_ctx, dc); 1984 2382 W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); 2383 2384 if (info->dc_address == NULL || info->dc_address[0] != '\\' || 2385 info->dc_address[1] != '\\') { 2386 DBG_ERR("ill-formed DC address '%s'\n", 2387 info->dc_address); 2388 return WERR_DCNOTFOUND; 2389 } 2390 2391 numeric_dcip = info->dc_address + 2; 2392 sitename = info->dc_site_name; 2393 /* info goes out of scope but the memory stays 2394 allocated on the talloc context */ 2395 } 2396 2397 if (pre_connect_realm != NULL) { 2398 struct sockaddr_storage ss = {0}; 2399 2400 if (numeric_dcip != NULL) { 2401 if (!interpret_string_addr(&ss, numeric_dcip, 2402 AI_NUMERICHOST)) { 2403 DBG_ERR( 2404 "cannot parse IP address '%s' of DC '%s'\n", 2405 numeric_dcip, r->in.dc_name); 2406 return WERR_DCNOTFOUND; 2407 } 2408 } else { 2409 if (!interpret_string_addr(&ss, r->in.dc_name, 0)) { 2410 DBG_WARNING( 2411 "cannot resolve IP address of DC '%s'\n", 2412 r->in.dc_name); 2413 return WERR_DCNOTFOUND; 2414 } 2415 } 2416 2417 /* The domain parameter is only used as modifier 2418 * to krb5.conf file name. .JOIN is is not a valid 2419 * NetBIOS name so it cannot clash with another domain 2420 * -- Uri. 2421 */ 2422 create_local_private_krb5_conf_for_domain( 2423 pre_connect_realm, ".JOIN", sitename, &ss); 1985 2424 } 1986 2425 … … 2002 2441 create_local_private_krb5_conf_for_domain( 2003 2442 r->out.dns_domain_name, r->out.netbios_domain_name, 2004 NULL, &cli->dest_ss, cli->desthost);2005 2006 if (r->out.domain_is_ad && r->in.account_ou &&2443 NULL, smbXcli_conn_remote_sockaddr(cli->conn)); 2444 2445 if (r->out.domain_is_ad && 2007 2446 !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) { 2008 2447 2009 ads_status = libnet_join_connect_ads(mem_ctx, r); 2448 const char *initial_account_ou = r->in.account_ou; 2449 2450 /* 2451 * we want to create the msDS-SupportedEncryptionTypes attribute 2452 * as early as possible so always try an LDAP create as the user 2453 * first. We copy r->in.account_ou because it may be changed 2454 * during the machine pre-creation. 2455 */ 2456 2457 ads_status = libnet_join_connect_ads_user(mem_ctx, r); 2010 2458 if (!ADS_ERR_OK(ads_status)) { 2011 2459 return WERR_DEFAULT_JOIN_REQUIRED; … … 2013 2461 2014 2462 ads_status = libnet_join_precreate_machine_acct(mem_ctx, r); 2015 if (!ADS_ERR_OK(ads_status)) { 2463 if (ADS_ERR_OK(ads_status)) { 2464 2465 /* 2466 * LDAP object create succeeded, now go to the rpc 2467 * password set routines 2468 */ 2469 2470 r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; 2471 goto rpc_join; 2472 } 2473 2474 if (initial_account_ou != NULL) { 2016 2475 libnet_join_set_error_string(mem_ctx, r, 2017 2476 "failed to precreate account in ou %s: %s", … … 2021 2480 } 2022 2481 2023 r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; 2482 DEBUG(5, ("failed to precreate account in ou %s: %s", 2483 r->in.account_ou, ads_errstr(ads_status))); 2024 2484 } 2025 2485 #endif /* HAVE_ADS */ 2026 2486 2487 rpc_join: 2027 2488 if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE) && 2028 2489 (r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED)) { … … 2077 2538 u->in.admin_password = r->in.admin_password; 2078 2539 u->in.modify_config = r->in.modify_config; 2540 u->in.use_kerberos = r->in.use_kerberos; 2079 2541 u->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | 2080 2542 WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; … … 2261 2723 } 2262 2724 2725 if (!r->in.admin_domain) { 2726 char *admin_domain = NULL; 2727 char *admin_account = NULL; 2728 split_domain_user(mem_ctx, 2729 r->in.admin_account, 2730 &admin_domain, 2731 &admin_account); 2732 r->in.admin_domain = admin_domain; 2733 r->in.admin_account = admin_account; 2734 } 2735 2263 2736 if (!secrets_init()) { 2264 2737 libnet_unjoin_set_error_string(mem_ctx, r, -
vendor/current/source3/libnet/libnet_join.h
r740 r988 24 24 /* The following definitions come from libnet/libnet_join.c */ 25 25 26 NTSTATUS libnet_join_ok(const char *netbios_domain_name, 27 const char *machine_name, 28 const char *dc_name); 26 struct messaging_context; 27 NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx, 28 const char *netbios_domain_name, 29 const char *dc_name, 30 const bool use_kerberos); 29 31 WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, 30 32 struct libnet_JoinCtx **r); -
vendor/current/source3/libnet/libnet_keytab.c
r740 r988 67 67 struct libnet_keytab_context *r; 68 68 69 r = TALLOC_ZERO_P(mem_ctx, struct libnet_keytab_context);69 r = talloc_zero(mem_ctx, struct libnet_keytab_context); 70 70 if (!r) { 71 71 return ENOMEM; -
vendor/current/source3/libnet/libnet_keytab.h
r740 r988 28 28 }; 29 29 30 struct ads_struct; 31 30 32 struct libnet_keytab_context { 31 33 krb5_context context; 32 34 krb5_keytab keytab; 33 35 const char *keytab_name; 34 ADS_STRUCT*ads;36 struct ads_struct *ads; 35 37 const char *dns_domain_name; 36 38 uint8_t zero_buf[16]; -
vendor/current/source3/libnet/libnet_samsync.c
r740 r988 31 31 #include "../libcli/security/security.h" 32 32 #include "messages.h" 33 #include "../libcli/auth/netlogon_creds_cli.h" 33 34 34 35 /** … … 71 72 *ctx_p = NULL; 72 73 73 ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context);74 ctx = talloc_zero(mem_ctx, struct samsync_context); 74 75 NT_STATUS_HAVE_NO_MEMORY(ctx); 75 76 … … 82 83 } 83 84 84 ctx->msg_ctx = messaging_init(ctx, procid_self(), 85 event_context_init(ctx)); 85 ctx->msg_ctx = messaging_init(ctx, samba_tevent_context_init(ctx)); 86 86 NT_STATUS_HAVE_NO_MEMORY(ctx->msg_ctx); 87 87 … … 204 204 NTSTATUS callback_status; 205 205 const char *logon_server = ctx->cli->desthost; 206 const char *computername = global_myname();206 const char *computername = lp_netbios_name(); 207 207 struct netr_Authenticator credential; 208 208 struct netr_Authenticator return_authenticator; … … 215 215 do { 216 216 struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; 217 218 netlogon_creds_client_authenticator(ctx->cli->dc, &credential); 217 struct netlogon_creds_CredentialState *creds = NULL; 218 219 status = netlogon_creds_cli_lock(ctx->netlogon_creds, 220 mem_ctx, &creds); 221 if (!NT_STATUS_IS_OK(status)) { 222 return status; 223 } 224 225 netlogon_creds_client_authenticator(creds, &credential); 219 226 220 227 if (ctx->single_object_replication && … … 256 263 257 264 if (!NT_STATUS_IS_OK(status)) { 265 TALLOC_FREE(creds); 258 266 return status; 259 267 } 260 268 261 269 /* Check returned credentials. */ 262 if (!netlogon_creds_client_check(c tx->cli->dc,270 if (!netlogon_creds_client_check(creds, 263 271 &return_authenticator.cred)) { 272 TALLOC_FREE(creds); 264 273 DEBUG(0,("credentials chain check failed\n")); 265 274 return NT_STATUS_ACCESS_DENIED; … … 267 276 268 277 if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { 278 TALLOC_FREE(creds); 269 279 return result; 270 280 } 271 281 272 282 if (NT_STATUS_IS_ERR(result)) { 283 TALLOC_FREE(creds); 273 284 break; 274 285 } 275 286 276 287 samsync_fix_delta_array(mem_ctx, 277 c tx->cli->dc,288 creds, 278 289 database_id, 279 290 delta_enum_array); 291 TALLOC_FREE(creds); 280 292 281 293 /* Process results */ … … 405 417 *str_p = NULL; 406 418 407 str = TALLOC_ZERO_P(mem_ctx, struct netr_AcctLockStr);419 str = talloc_zero(mem_ctx, struct netr_AcctLockStr); 408 420 if (!str) { 409 421 return NT_STATUS_NO_MEMORY; -
vendor/current/source3/libnet/libnet_samsync.h
r740 r988 76 76 77 77 struct rpc_pipe_client *cli; 78 struct netlogon_creds_cli_context *netlogon_creds; 78 79 struct messaging_context *msg_ctx; 79 80 -
vendor/current/source3/libnet/libnet_samsync_display.c
r740 r988 99 99 } 100 100 101 u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time);101 u_logout = uint64s_nt_time_to_unix_abs((const uint64_t *)&r->force_logoff_time); 102 102 103 103 d_printf("Domain name: %s\n", r->domain_name.string); -
vendor/current/source3/libnet/libnet_samsync_ldif.c
r740 r988 25 25 26 26 #include "includes.h" 27 #include "system/filesys.h" 27 28 #include "libnet/libnet_samsync.h" 28 #include "smbldap.h"29 29 #include "transfer_file.h" 30 30 #include "passdb.h" 31 #include "passdb/pdb_ldap_schema.h" 31 32 32 33 #ifdef HAVE_LDAP 33 34 34 35 /* uid's and gid's for writing deltas to ldif */ 35 static uint32 ldif_gid = 999;36 static uint32 ldif_uid = 999;36 static uint32_t ldif_gid = 999; 37 static uint32_t ldif_uid = 999; 37 38 38 39 /* global counters */ … … 69 70 }; 70 71 72 /* 73 Returns the substring from src between the first occurrence of 74 the char "front" and the first occurence of the char "back". 75 Mallocs the return string which must be freed. Not for use 76 with wide character strings. 77 */ 78 static char *sstring_sub(const char *src, char front, char back) 79 { 80 char *temp1, *temp2, *temp3; 81 ptrdiff_t len; 82 83 temp1 = strchr(src, front); 84 if (temp1 == NULL) return NULL; 85 temp2 = strchr(src, back); 86 if (temp2 == NULL) return NULL; 87 len = temp2 - temp1; 88 if (len <= 0) return NULL; 89 temp3 = (char*)SMB_MALLOC(len); 90 if (temp3 == NULL) { 91 DEBUG(1,("Malloc failure in sstring_sub\n")); 92 return NULL; 93 } 94 memcpy(temp3, temp1+1, len-1); 95 temp3[len-1] = '\0'; 96 return temp3; 97 } 98 71 99 /**************************************************************** 72 100 ****************************************************************/ … … 104 132 fflush(add_fd); 105 133 106 user_suffix = lp_ldap_user_suffix( );134 user_suffix = lp_ldap_user_suffix(talloc_tos()); 107 135 if (user_suffix == NULL) { 108 136 SAFE_FREE(suffix_attr); … … 112 140 Write the Users entity */ 113 141 if (*user_suffix && strcmp(user_suffix, suffix)) { 114 user_attr = sstring_sub(lp_ldap_user_suffix( ), '=', ',');142 user_attr = sstring_sub(lp_ldap_user_suffix(talloc_tos()), '=', ','); 115 143 fprintf(add_fd, "# %s\n", user_suffix); 116 144 fprintf(add_fd, "dn: %s\n", user_suffix); … … 122 150 123 151 124 group_suffix = lp_ldap_group_suffix( );152 group_suffix = lp_ldap_group_suffix(talloc_tos()); 125 153 if (group_suffix == NULL) { 126 154 SAFE_FREE(suffix_attr); … … 131 159 Write the Groups entity */ 132 160 if (*group_suffix && strcmp(group_suffix, suffix)) { 133 group_attr = sstring_sub(lp_ldap_group_suffix( ), '=', ',');161 group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ','); 134 162 fprintf(add_fd, "# %s\n", group_suffix); 135 163 fprintf(add_fd, "dn: %s\n", group_suffix); … … 142 170 /* If it exists and is distinct from other containers, 143 171 Write the Computers entity */ 144 machine_suffix = lp_ldap_machine_suffix( );172 machine_suffix = lp_ldap_machine_suffix(talloc_tos()); 145 173 if (machine_suffix == NULL) { 146 174 SAFE_FREE(suffix_attr); … … 157 185 /* this isn't totally correct as it assumes that 158 186 there _must_ be an ou. just fixing memleak now. jmcd */ 159 machine_ou = sstring_sub(lp_ldap_machine_suffix( ), '=', ',');187 machine_ou = sstring_sub(lp_ldap_machine_suffix(talloc_tos()), '=', ','); 160 188 fprintf(add_fd, "ou: %s\n", machine_ou); 161 189 SAFE_FREE(machine_ou); … … 166 194 /* If it exists and is distinct from other containers, 167 195 Write the IdMap entity */ 168 idmap_suffix = lp_ldap_idmap_suffix( );196 idmap_suffix = lp_ldap_idmap_suffix(talloc_tos()); 169 197 if (idmap_suffix == NULL) { 170 198 SAFE_FREE(suffix_attr); … … 180 208 fprintf(add_fd, "dn: %s\n", idmap_suffix); 181 209 fprintf(add_fd, "ObjectClass: organizationalUnit\n"); 182 s = sstring_sub(lp_ldap_idmap_suffix( ), '=', ',');210 s = sstring_sub(lp_ldap_idmap_suffix(talloc_tos()), '=', ','); 183 211 fprintf(add_fd, "ou: %s\n", s); 184 212 SAFE_FREE(s); … … 344 372 const char *builtin_sid) 345 373 { 346 char *group_attr = sstring_sub(lp_ldap_group_suffix( ), '=', ',');374 char *group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ','); 347 375 348 376 /* Map the groups created by populate_ldap_for_ldif */ … … 549 577 { 550 578 const char *groupname = r->group_name.string; 551 uint32 grouptype = 0, g_rid = 0;552 char *group_attr = sstring_sub(lp_ldap_group_suffix( ), '=', ',');579 uint32_t grouptype = 0, g_rid = 0; 580 char *group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ','); 553 581 554 582 /* Set up the group type (always 2 for group info) */ … … 622 650 const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; 623 651 uchar zero_buf[16]; 624 uint32 rid = 0, group_rid = 0, gidNumber = 0;652 uint32_t rid = 0, group_rid = 0, gidNumber = 0; 625 653 time_t unix_time; 626 654 int i, ret; … … 647 675 snprintf(homedir, sizeof(homedir), "/nobodyshomedir"); 648 676 } 649 ou = lp_ldap_user_suffix( );677 ou = lp_ldap_user_suffix(talloc_tos()); 650 678 } else { 651 ou = lp_ldap_machine_suffix( );679 ou = lp_ldap_machine_suffix(talloc_tos()); 652 680 snprintf(homedir, sizeof(homedir), "/machinehomedir"); 653 681 } … … 768 796 { 769 797 fstring aliasname, description; 770 uint32 grouptype = 0, g_rid = 0;771 char *group_attr = sstring_sub(lp_ldap_group_suffix( ), '=', ',');798 uint32_t grouptype = 0, g_rid = 0; 799 char *group_attr = sstring_sub(lp_ldap_group_suffix(talloc_tos()), '=', ','); 772 800 773 801 /* Get the alias name */ … … 851 879 { 852 880 fstring group_dn; 853 uint32 group_rid = 0, rid = 0;881 uint32_t group_rid = 0, rid = 0; 854 882 int i, j, k; 855 883 … … 903 931 const char *mod_template = "/tmp/mod.ldif.XXXXXX"; 904 932 const char *builtin_sid = "S-1-5-32"; 933 mode_t mask; 934 int fd; 935 936 r = talloc_zero(mem_ctx, struct samsync_ldif_context); 937 NT_STATUS_HAVE_NO_MEMORY(r); 938 939 /* Get the ldap suffix */ 940 r->suffix = lp_ldap_suffix(talloc_tos()); 905 941 906 942 /* Get other smb.conf data */ … … 911 947 912 948 /* Get the ldap suffix */ 913 if (! (lp_ldap_suffix()) || !*(lp_ldap_suffix())) {949 if (!r->suffix || !*r->suffix) { 914 950 DEBUG(0,("ldap suffix missing from smb.conf--exiting\n")); 915 951 exit(1); … … 919 955 return NT_STATUS_OK; 920 956 } 921 922 r = TALLOC_ZERO_P(mem_ctx, struct samsync_ldif_context);923 NT_STATUS_HAVE_NO_MEMORY(r);924 925 /* Get the ldap suffix */926 r->suffix = lp_ldap_suffix();927 957 928 958 /* Ensure we have an output file */ … … 954 984 } 955 985 956 /* Open the add and mod ldif files */ 957 if (!(r->add_file = fdopen(mkstemp(r->add_name),"w"))) { 958 DEBUG(1, ("Could not open %s\n", r->add_name)); 986 mask = umask(S_IRWXO | S_IRWXG); 987 fd = mkstemp(r->add_name); 988 umask(mask); 989 if (fd < 0) { 990 DEBUG(1, ("Could not create %s\n", r->add_name)); 959 991 status = NT_STATUS_UNSUCCESSFUL; 960 992 goto done; 961 993 } 962 if (!(r->mod_file = fdopen(mkstemp(r->module_name),"w"))) { 963 DEBUG(1, ("Could not open %s\n", r->module_name)); 994 995 /* Open the add and mod ldif files */ 996 r->add_file = fdopen(fd, "w"); 997 if (r->add_file == NULL) { 998 DEBUG(1, ("Could not open %s\n", r->add_name)); 999 close(fd); 964 1000 status = NT_STATUS_UNSUCCESSFUL; 965 1001 goto done; 966 1002 } 967 1003 1004 mask = umask(S_IRWXO | S_IRWXG); 1005 fd = mkstemp(r->module_name); 1006 umask(mask); 1007 if (fd < 0) { 1008 DEBUG(1, ("Could not create %s\n", r->module_name)); 1009 status = NT_STATUS_UNSUCCESSFUL; 1010 goto done; 1011 } 1012 1013 r->mod_file = fdopen(fd, "w"); 1014 if (r->mod_file == NULL) { 1015 DEBUG(1, ("Could not open %s\n", r->module_name)); 1016 close(fd); 1017 status = NT_STATUS_UNSUCCESSFUL; 1018 goto done; 1019 } 1020 968 1021 /* Allocate initial memory for groupmap and accountmap arrays */ 969 r->groupmap = TALLOC_ZERO_ARRAY(mem_ctx, GROUPMAP, 8);970 r->accountmap = TALLOC_ZERO_ARRAY(mem_ctx, ACCOUNTMAP, 8);1022 r->groupmap = talloc_zero_array(mem_ctx, GROUPMAP, 8); 1023 r->accountmap = talloc_zero_array(mem_ctx, ACCOUNTMAP, 8); 971 1024 if (r->groupmap == NULL || r->accountmap == NULL) { 972 1025 DEBUG(1,("GROUPMAP talloc failed\n")); … … 1174 1227 { 1175 1228 /* Re-allocate memory for groupmap and accountmap arrays */ 1176 l->groupmap = TALLOC_REALLOC_ARRAY(mem_ctx,1229 l->groupmap = talloc_realloc(mem_ctx, 1177 1230 l->groupmap, 1178 1231 GROUPMAP, 1179 1232 num_entries + l->num_alloced); 1180 1233 1181 l->accountmap = TALLOC_REALLOC_ARRAY(mem_ctx,1234 l->accountmap = talloc_realloc(mem_ctx, 1182 1235 l->accountmap, 1183 1236 ACCOUNTMAP, -
vendor/current/source3/libnet/libnet_samsync_passdb.c
r740 r988 251 251 /* Create appropriate user */ 252 252 if (acct_flags & ACB_NORMAL) { 253 add_script = talloc_strdup(mem_ctx, lp_adduser_script());253 add_script = lp_add_user_script(mem_ctx); 254 254 } else if ( (acct_flags & ACB_WSTRUST) || 255 255 (acct_flags & ACB_SVRTRUST) || 256 256 (acct_flags & ACB_DOMTRUST) ) { 257 add_script = talloc_strdup(mem_ctx, lp_addmachine_script());257 add_script = lp_add_machine_script(mem_ctx); 258 258 } else { 259 259 DEBUG(1, ("Unknown user type: %s\n", … … 302 302 fstring account; 303 303 struct samu *sam_account=NULL; 304 GROUP_MAP map;304 GROUP_MAP *map = NULL; 305 305 struct group *grp; 306 306 struct dom_sid user_sid; … … 356 356 group_sid = *pdb_get_group_sid(sam_account); 357 357 358 if (!pdb_getgrsid(&map, group_sid)) { 358 map = talloc_zero(mem_ctx, GROUP_MAP); 359 if (!map) { 360 return NT_STATUS_NO_MEMORY; 361 } 362 363 if (!pdb_getgrsid(map, group_sid)) { 359 364 DEBUG(0, ("Primary group of %s has no mapping!\n", 360 365 pdb_get_username(sam_account))); 361 366 } else { 362 if (map .gid != passwd->pw_gid) {363 if (!(grp = getgrgid(map .gid))) {367 if (map->gid != passwd->pw_gid) { 368 if (!(grp = getgrgid(map->gid))) { 364 369 DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", 365 (unsigned long)map .gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));370 (unsigned long)map->gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); 366 371 } else { 367 372 smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); … … 377 382 done: 378 383 TALLOC_FREE(sam_account); 384 TALLOC_FREE(map); 379 385 return nt_ret; 380 386 } … … 387 393 struct netr_DELTA_GROUP *r) 388 394 { 389 fstring name;390 fstring comment;391 395 struct group *grp = NULL; 392 396 struct dom_sid group_sid; 393 397 fstring sid_string; 394 GROUP_MAP map;398 GROUP_MAP *map; 395 399 bool insert = true; 396 400 397 fstrcpy(name, r->group_name.string); 398 fstrcpy(comment, r->description.string); 399 401 map = talloc_zero(mem_ctx, GROUP_MAP); 402 if (!map) { 403 return NT_STATUS_NO_MEMORY; 404 } 400 405 /* add the group to the mapping table */ 401 406 sid_compose(&group_sid, get_global_sam_sid(), rid); 402 407 sid_to_fstring(sid_string, &group_sid); 403 408 404 if (pdb_getgrsid(&map, group_sid)) { 405 if ( map.gid != -1 ) 406 grp = getgrgid(map.gid); 409 if (pdb_getgrsid(map, group_sid)) { 410 if (map->gid != -1) { 411 grp = getgrgid(map->gid); 412 } 407 413 insert = false; 414 } 415 416 map->nt_name = talloc_strdup(map, r->group_name.string); 417 if (!map->nt_name) { 418 return NT_STATUS_NO_MEMORY; 419 } 420 map->comment = talloc_strdup(map, r->description.string); 421 if (!map->comment) { 422 return NT_STATUS_NO_MEMORY; 408 423 } 409 424 … … 412 427 413 428 /* No group found from mapping, find it from its name. */ 414 if ((grp = getgrnam( name)) == NULL) {429 if ((grp = getgrnam(map->nt_name)) == NULL) { 415 430 416 431 /* No appropriate group found, create one */ 417 432 418 d_printf("Creating unix group: '%s'\n", name);419 420 if (smb_create_group( name, &gid) != 0)433 d_printf("Creating unix group: '%s'\n", map->nt_name); 434 435 if (smb_create_group(map->nt_name, &gid) != 0) 421 436 return NT_STATUS_ACCESS_DENIED; 422 437 423 if ((grp = getgrnam( name)) == NULL)438 if ((grp = getgrnam(map->nt_name)) == NULL) 424 439 return NT_STATUS_ACCESS_DENIED; 425 440 } 426 441 } 427 442 428 map .gid = grp->gr_gid;429 map .sid = group_sid;430 map .sid_name_use = SID_NAME_DOM_GRP;431 fstrcpy(map.nt_name, name); 432 if ( r->description.string) {433 fstrcpy(map.comment, comment);443 map->gid = grp->gr_gid; 444 map->sid = group_sid; 445 map->sid_name_use = SID_NAME_DOM_GRP; 446 447 if (insert) { 448 pdb_add_group_mapping_entry(map); 434 449 } else { 435 fstrcpy(map.comment, ""); 436 } 437 438 if (insert) 439 pdb_add_group_mapping_entry(&map); 440 else 441 pdb_update_group_mapping_entry(&map); 442 450 pdb_update_group_mapping_entry(map); 451 } 452 453 TALLOC_FREE(map); 443 454 return NT_STATUS_OK; 444 455 } … … 455 466 char **unix_members; 456 467 struct dom_sid group_sid; 457 GROUP_MAP map;468 GROUP_MAP *map; 458 469 struct group *grp; 459 470 … … 464 475 sid_compose(&group_sid, get_global_sam_sid(), rid); 465 476 466 if (!get_domain_group_from_sid(group_sid, &map)) { 477 map = talloc_zero(mem_ctx, GROUP_MAP); 478 if (!map) { 479 return NT_STATUS_NO_MEMORY; 480 } 481 482 if (!get_domain_group_from_sid(group_sid, map)) { 467 483 DEBUG(0, ("Could not find global group %d\n", rid)); 484 TALLOC_FREE(map); 468 485 return NT_STATUS_NO_SUCH_GROUP; 469 486 } 470 487 471 if (!(grp = getgrgid(map.gid))) { 472 DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); 488 if (!(grp = getgrgid(map->gid))) { 489 DEBUG(0, ("Could not find unix group %lu\n", 490 (unsigned long)map->gid)); 491 TALLOC_FREE(map); 473 492 return NT_STATUS_NO_SUCH_GROUP; 474 493 } 475 494 495 TALLOC_FREE(map); 496 476 497 d_printf("Group members of %s: ", grp->gr_name); 477 498 478 499 if (r->num_rids) { 479 if ((nt_members = TALLOC_ZERO_ARRAY(mem_ctx, char *, r->num_rids)) == NULL) {500 if ((nt_members = talloc_zero_array(mem_ctx, char *, r->num_rids)) == NULL) { 480 501 DEBUG(0, ("talloc failed\n")); 481 502 return NT_STATUS_NO_MEMORY; … … 576 597 const struct dom_sid *dom_sid) 577 598 { 578 fstring name;579 fstring comment;580 599 struct group *grp = NULL; 581 600 struct dom_sid alias_sid; 582 601 fstring sid_string; 583 GROUP_MAP map;602 GROUP_MAP *map; 584 603 bool insert = true; 585 604 586 fstrcpy(name, r->alias_name.string); 587 fstrcpy(comment, r->description.string); 605 map = talloc_zero(mem_ctx, GROUP_MAP); 606 if (!map) { 607 return NT_STATUS_NO_MEMORY; 608 } 588 609 589 610 /* Find out whether the group is already mapped */ … … 591 612 sid_to_fstring(sid_string, &alias_sid); 592 613 593 if (pdb_getgrsid( &map, alias_sid)) {594 grp = getgrgid(map .gid);614 if (pdb_getgrsid(map, alias_sid)) { 615 grp = getgrgid(map->gid); 595 616 insert = false; 617 } 618 619 map->nt_name = talloc_strdup(map, r->alias_name.string); 620 if (!map->nt_name) { 621 return NT_STATUS_NO_MEMORY; 622 } 623 map->comment = talloc_strdup(map, r->description.string); 624 if (!map->comment) { 625 return NT_STATUS_NO_MEMORY; 596 626 } 597 627 … … 600 630 601 631 /* No group found from mapping, find it from its name. */ 602 if ((grp = getgrnam( name)) == NULL) {632 if ((grp = getgrnam(map->nt_name)) == NULL) { 603 633 /* No appropriate group found, create one */ 604 d_printf("Creating unix group: '%s'\n", name);605 if (smb_create_group( name, &gid) != 0)634 d_printf("Creating unix group: '%s'\n", map->nt_name); 635 if (smb_create_group(map->nt_name, &gid) != 0) 606 636 return NT_STATUS_ACCESS_DENIED; 607 637 if ((grp = getgrgid(gid)) == NULL) … … 610 640 } 611 641 612 map .gid = grp->gr_gid;613 map .sid = alias_sid;614 615 if (dom_sid_equal(dom_sid, &global_sid_Builtin)) 616 map .sid_name_use = SID_NAME_WKN_GRP;617 else618 map .sid_name_use = SID_NAME_ALIAS;619 620 fstrcpy(map.nt_name, name); 621 fstrcpy(map.comment, comment);622 623 if (insert)624 pdb_ add_group_mapping_entry(&map);625 else626 pdb_update_group_mapping_entry(&map); 627 642 map->gid = grp->gr_gid; 643 map->sid = alias_sid; 644 645 if (dom_sid_equal(dom_sid, &global_sid_Builtin)) { 646 map->sid_name_use = SID_NAME_WKN_GRP; 647 } else { 648 map->sid_name_use = SID_NAME_ALIAS; 649 } 650 651 if (insert) { 652 pdb_add_group_mapping_entry(map); 653 } else { 654 pdb_update_group_mapping_entry(map); 655 } 656 657 TALLOC_FREE(map); 628 658 return NT_STATUS_OK; 629 659 } … … 660 690 } 661 691 662 u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age);663 u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age);664 u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time);692 u_max_age = uint64s_nt_time_to_unix_abs((uint64_t *)&r->max_password_age); 693 u_min_age = uint64s_nt_time_to_unix_abs((uint64_t *)&r->min_password_age); 694 u_logout = uint64s_nt_time_to_unix_abs((uint64_t *)&r->force_logoff_time); 665 695 666 696 domname = r->domain_name.string; … … 685 715 686 716 if (!pdb_set_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, 687 (uint32 )u_max_age))717 (uint32_t)u_max_age)) 688 718 return nt_status; 689 719 690 720 if (!pdb_set_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, 691 (uint32 )u_min_age))721 (uint32_t)u_min_age)) 692 722 return nt_status; 693 723 694 724 if (!pdb_set_account_policy(PDB_POLICY_TIME_TO_LOGOUT, 695 (uint32 )u_logout))725 (uint32_t)u_logout)) 696 726 return nt_status; 697 727
Note:
See TracChangeset
for help on using the changeset viewer.
