Changeset 988 for vendor/current/source3/passdb
- Timestamp:
- Nov 24, 2016, 1:14:11 PM (9 years ago)
- Location:
- vendor/current/source3/passdb
- Files:
-
- 25 added
- 2 deleted
- 20 edited
-
ABI (added)
-
ABI/pdb-0.1.0.sigs (added)
-
ABI/pdb-0.1.1.sigs (added)
-
ABI/pdb-0.1.2.sigs (added)
-
ABI/pdb-0.sigs (added)
-
ABI/samba-passdb-0.2.0.sigs (added)
-
ABI/samba-passdb-0.24.1.sigs (added)
-
ABI/samba-passdb-0.24.2.sigs (added)
-
ABI/samba-passdb-0.25.0.sigs (added)
-
account_pol.c (modified) (18 diffs)
-
login_cache.c (modified) (2 diffs)
-
lookup_sid.c (modified) (40 diffs)
-
lookup_sid.h (modified) (3 diffs)
-
machine_account_secrets.c (modified) (14 diffs)
-
machine_sid.c (modified) (13 diffs)
-
machine_sid.h (modified) (1 diff)
-
passdb.c (modified) (22 diffs)
-
pdb_ads.c (deleted)
-
pdb_compat.c (modified) (4 diffs)
-
pdb_get_set.c (modified) (14 diffs)
-
pdb_interface.c (modified) (57 diffs)
-
pdb_ipa.c (modified) (19 diffs)
-
pdb_ipa.h (added)
-
pdb_ldap.c (modified) (137 diffs)
-
pdb_ldap.h (added)
-
pdb_ldap_schema.c (added)
-
pdb_ldap_schema.h (added)
-
pdb_ldap_util.c (added)
-
pdb_ldap_util.h (added)
-
pdb_nds.c (modified) (6 diffs)
-
pdb_nds.h (added)
-
pdb_samba_dsdb.c (added)
-
pdb_secrets.c (added)
-
pdb_secrets.h (added)
-
pdb_smbpasswd.c (modified) (25 diffs)
-
pdb_smbpasswd.h (added)
-
pdb_tdb.c (modified) (64 diffs)
-
pdb_tdb.h (added)
-
pdb_unixid.c (added)
-
pdb_util.c (modified) (5 diffs)
-
pdb_wbc_sam.c (modified) (15 diffs)
-
pdb_wbc_sam.h (added)
-
proto.h (deleted)
-
py_passdb.c (added)
-
secrets.c (modified) (10 diffs)
-
secrets_lsa.c (added)
-
wscript_build (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/passdb/account_pol.c
r740 r988 23 23 #include "system/filesys.h" 24 24 #include "passdb.h" 25 #include "dbwrap.h" 25 #include "dbwrap/dbwrap.h" 26 #include "dbwrap/dbwrap_open.h" 26 27 #include "../libcli/security/security.h" 27 28 #include "lib/privileges.h" … … 40 41 enum pdb_policy_type type; 41 42 const char *string; 42 uint32 default_val;43 uint32_t default_val; 43 44 const char *description; 44 45 const char *ldap_attr; … … 58 59 "sambaLogonToChgPwd" }, 59 60 60 {PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32 ) -1,61 {PDB_POLICY_MAX_PASSWORD_AGE, "maximum password age", (uint32_t) -1, 61 62 "Maximum password age, in seconds (default: -1 => never expire passwords)", 62 63 "sambaMaxPwdAge" }, … … 78 79 "sambaLockoutThreshold" }, 79 80 80 {PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32 ) -1,81 {PDB_POLICY_TIME_TO_LOGOUT, "disconnect time", (uint32_t) -1, 81 82 "Disconnect Users outside logon hours (default: -1 => off, 0 => on)", 82 83 "sambaForceLogoff" }, … … 89 90 }; 90 91 91 void account_policy_names_list( const char ***names, int *num_names)92 void account_policy_names_list(TALLOC_CTX *mem_ctx, const char ***names, int *num_names) 92 93 { 93 94 const char **nl; 94 int i, count; 95 96 for (count=0; account_policy_names[count].string; count++) { 97 } 98 nl = SMB_MALLOC_ARRAY(const char *, count); 95 int i, count = ARRAY_SIZE(account_policy_names); 96 97 nl = talloc_array(mem_ctx, const char *, count); 99 98 if (!nl) { 100 99 *num_names = 0; 101 100 return; 102 101 } 103 for (i=0; account_policy_names[i].string; i++) {102 for (i=0; i<count; i++) { 104 103 nl[i] = account_policy_names[i].string; 105 104 } 106 *num_names = count; 105 /* Do not return the last null entry */ 106 *num_names = count-1; 107 107 *names = nl; 108 108 return; … … 194 194 { 195 195 196 uint32 value;196 uint32_t value; 197 197 198 198 if (!account_policy_get(type, &value) && … … 212 212 213 213 const char *vstring = "INFO/version"; 214 uint32 version; 215 int i; 214 uint32_t version = 0; 215 int i; 216 NTSTATUS status; 217 char *db_path; 216 218 217 219 if (db != NULL) { … … 219 221 } 220 222 221 db = db_open(NULL, state_path("account_policy.tdb"), 0, TDB_DEFAULT, 222 O_RDWR, 0600); 223 db_path = state_path("account_policy.tdb"); 224 if (db_path == NULL) { 225 return false; 226 } 227 228 db = db_open(NULL, db_path, 0, TDB_DEFAULT, 229 O_RDWR, 0600, DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); 223 230 224 231 if (db == NULL) { /* the account policies files does not exist or open 225 232 * failed, try to create a new one */ 226 db = db_open(NULL, state_path("account_policy.tdb"), 0, 227 TDB_DEFAULT, O_RDWR|O_CREAT, 0600); 233 db = db_open(NULL, db_path, 0, 234 TDB_DEFAULT, O_RDWR|O_CREAT, 0600, 235 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); 228 236 if (db == NULL) { 229 237 DEBUG(0,("Failed to open account policy database\n")); 238 TALLOC_FREE(db_path); 230 239 return False; 231 240 } 232 241 } 233 234 version = dbwrap_fetch_int32(db, vstring); 242 TALLOC_FREE(db_path); 243 244 status = dbwrap_fetch_uint32_bystring(db, vstring, &version); 245 if (!NT_STATUS_IS_OK(status)) { 246 version = 0; 247 } 248 235 249 if (version == DATABASE_VERSION) { 236 250 return true; … … 239 253 /* handle a Samba upgrade */ 240 254 241 if (db ->transaction_start(db) != 0) {255 if (dbwrap_transaction_start(db) != 0) { 242 256 DEBUG(0, ("transaction_start failed\n")); 243 257 TALLOC_FREE(db); … … 245 259 } 246 260 247 version = dbwrap_fetch_int32(db, vstring); 261 status = dbwrap_fetch_uint32_bystring(db, vstring, &version); 262 if (!NT_STATUS_IS_OK(status)) { 263 version = 0; 264 } 265 248 266 if (version == DATABASE_VERSION) { 249 267 /* 250 268 * Race condition 251 269 */ 252 if (db ->transaction_cancel(db)) {270 if (dbwrap_transaction_cancel(db)) { 253 271 smb_panic("transaction_cancel failed"); 254 272 } … … 257 275 258 276 if (version != DATABASE_VERSION) { 259 if (dbwrap_store_uint32(db, vstring, DATABASE_VERSION) != 0) { 260 DEBUG(0, ("dbwrap_store_uint32 failed\n")); 277 status = dbwrap_store_uint32_bystring(db, vstring, 278 DATABASE_VERSION); 279 if (!NT_STATUS_IS_OK(status)) { 280 DEBUG(0, ("dbwrap_store_uint32_t failed: %s\n", 281 nt_errstr(status))); 261 282 goto cancel; 262 283 } … … 288 309 } 289 310 290 if (db ->transaction_commit(db) != 0) {311 if (dbwrap_transaction_commit(db) != 0) { 291 312 DEBUG(0, ("transaction_commit failed\n")); 292 313 TALLOC_FREE(db); … … 297 318 298 319 cancel: 299 if (db ->transaction_cancel(db)) {320 if (dbwrap_transaction_cancel(db)) { 300 321 smb_panic("transaction_cancel failed"); 301 322 } … … 312 333 { 313 334 const char *name; 314 uint32 regval; 335 uint32_t regval; 336 NTSTATUS status; 315 337 316 338 if (!init_account_policy()) { … … 328 350 } 329 351 330 if (!dbwrap_fetch_uint32(db, name, ®val)) { 331 DEBUG(1, ("account_policy_get: tdb_fetch_uint32 failed for type %d (%s), returning 0\n", type, name)); 352 status = dbwrap_fetch_uint32_bystring(db, name, ®val); 353 if (!NT_STATUS_IS_OK(status)) { 354 DEBUG(2, ("account_policy_get: tdb_fetch_uint32_t failed for type %d (%s), returning 0\n", type, name)); 332 355 return False; 333 356 } … … 361 384 } 362 385 363 status = dbwrap_trans_store_uint32 (db, name, value);386 status = dbwrap_trans_store_uint32_bystring(db, name, value); 364 387 if (!NT_STATUS_IS_OK(status)) { 365 DEBUG(1, ("store_uint32 failed for type %d (%s) on value "388 DEBUG(1, ("store_uint32_t failed for type %d (%s) on value " 366 389 "%u: %s\n", type, name, value, nt_errstr(status))); 367 390 return False; … … 432 455 } 433 456 434 if (gencache_get(cache_key, &cache_value, NULL)) {435 uint32 tmp = strtoul(cache_value, NULL, 10);457 if (gencache_get(cache_key, talloc_tos(), &cache_value, NULL)) { 458 uint32_t tmp = strtoul(cache_value, NULL, 10); 436 459 *value = tmp; 437 460 ret = True; … … 440 463 done: 441 464 SAFE_FREE(cache_key); 442 SAFE_FREE(cache_value);465 TALLOC_FREE(cache_value); 443 466 return ret; 444 467 } -
vendor/current/source3/passdb/login_cache.c
r740 r988 60 60 bool login_cache_shutdown(void) 61 61 { 62 /* tdb_close routine returns -1on error */62 /* tdb_close routine returns non-zero on error */ 63 63 if (!cache) return False; 64 64 DEBUG(5, ("Closing cache file\n")); 65 return tdb_close(cache) != -1;65 return tdb_close(cache) == 0; 66 66 } 67 67 … … 153 153 entry->bad_password_count, 154 154 bad_password_time); 155 databuf.dptr = SMB_MALLOC_ARRAY(uint8 , databuf.dsize);155 databuf.dptr = SMB_MALLOC_ARRAY(uint8_t, databuf.dsize); 156 156 if (!databuf.dptr) { 157 157 SAFE_FREE(keystr); -
vendor/current/source3/passdb/lookup_sid.c
r746 r988 24 24 #include "../librpc/gen_ndr/ndr_security.h" 25 25 #include "secrets.h" 26 #include " memcache.h"26 #include "../lib/util/memcache.h" 27 27 #include "idmap_cache.h" 28 28 #include "../libcli/security/security.h" 29 29 #include "lib/winbind_util.h" 30 #include "../librpc/gen_ndr/idmap.h" 30 31 31 32 /***************************************************************** … … 46 47 const char *domain = NULL; 47 48 const char *name = NULL; 48 uint32 rid;49 uint32_t rid; 49 50 struct dom_sid sid; 50 51 enum lsa_SidType type; … … 120 121 } 121 122 122 if (((flags & LOOKUP_NAME_NO_NSS) == 0)123 if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) 123 124 && strequal(domain, unix_users_domain_name())) { 124 125 if (lookup_unix_user_name(name, &sid)) { … … 140 141 } 141 142 142 if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) { 143 /* 144 * Finally check for a well known domain name ("NT Authority"), 145 * this is taken care if in lookup_wellknown_name(). 146 */ 147 if ((domain[0] != '\0') && 148 (flags & LOOKUP_NAME_WKN) && 149 lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) 150 { 151 type = SID_NAME_WKN_GRP; 152 goto ok; 153 } 154 155 /* 156 * If we're told not to look up 'isolated' names then we're 157 * done. 158 */ 159 if (!(flags & LOOKUP_NAME_ISOLATED)) { 160 TALLOC_FREE(tmp_ctx); 161 return false; 162 } 163 164 /* 165 * No domain names beyond this point 166 */ 167 if (domain[0] != '\0') { 143 168 TALLOC_FREE(tmp_ctx); 144 169 return false; … … 151 176 152 177 /* 1. well-known names */ 178 179 /* 180 * Check for well known names without a domain name. 181 * e.g. \Creator Owner. 182 */ 153 183 154 184 if ((flags & LOOKUP_NAME_WKN) && … … 293 323 Unmapped users and unmapped groups */ 294 324 295 if (((flags & LOOKUP_NAME_NO_NSS) == 0)325 if (((flags & (LOOKUP_NAME_NO_NSS|LOOKUP_NAME_GROUP)) == 0) 296 326 && lookup_unix_user_name(name, &sid)) { 297 327 domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); … … 339 369 return false; 340 370 } 341 strupper_m(tmp_dom); 371 if (!strupper_m(tmp_dom)) { 372 TALLOC_FREE(tmp_ctx); 373 return false; 374 } 342 375 *ret_domain = tmp_dom; 343 376 } … … 390 423 ret_domain, ret_name, 391 424 ret_sid, ret_type); 425 } 426 427 /* Try with winbind default domain name. */ 428 if (lp_winbind_use_default_domain()) { 429 bool ok; 430 431 qualified_name = talloc_asprintf(mem_ctx, 432 "%s\\%s", 433 lp_workgroup(), 434 full_name); 435 if (qualified_name == NULL) { 436 return false; 437 } 438 439 ok = lookup_name(mem_ctx, 440 qualified_name, 441 flags, 442 ret_domain, 443 ret_name, 444 ret_sid, 445 ret_type); 446 if (ok) { 447 return true; 448 } 392 449 } 393 450 … … 423 480 static bool wb_lookup_rids(TALLOC_CTX *mem_ctx, 424 481 const struct dom_sid *domain_sid, 425 int num_rids, uint32 *rids,482 int num_rids, uint32_t *rids, 426 483 const char **domain_name, 427 484 const char **names, enum lsa_SidType *types) … … 483 540 484 541 if (num_rids) { 485 *names = TALLOC_ZERO_ARRAY(mem_ctx, const char *, num_rids);486 *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);542 *names = talloc_zero_array(mem_ctx, const char *, num_rids); 543 *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids); 487 544 488 545 if ((*names == NULL) || (*types == NULL)) { … … 497 554 } 498 555 499 if (sid_check_is_ domain(domain_sid)) {556 if (sid_check_is_our_sam(domain_sid)) { 500 557 NTSTATUS result; 501 558 … … 613 670 enum lsa_SidType type; 614 671 615 if (sid_check_is_ domain(sid)) {672 if (sid_check_is_our_sam(sid)) { 616 673 *name = talloc_strdup(mem_ctx, get_global_sam_name()); 617 674 return true; … … 644 701 645 702 if (IS_DC) { 646 uint32 i, num_domains;703 uint32_t i, num_domains; 647 704 struct trustdom_info **domains; 648 705 … … 710 767 case 4: 711 768 case 6: 712 ret = sid_check_is_ domain(sid);769 ret = sid_check_is_our_sam(sid); 713 770 break; 714 771 case 5: … … 751 808 752 809 if (num_sids) { 753 name_infos = TALLOC_ARRAY(mem_ctx, struct lsa_name_info, num_sids);810 name_infos = talloc_array(mem_ctx, struct lsa_name_info, num_sids); 754 811 if (name_infos == NULL) { 755 812 result = NT_STATUS_NO_MEMORY; … … 760 817 } 761 818 762 dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,819 dom_infos = talloc_zero_array(mem_ctx, struct lsa_dom_info, 763 820 LSA_REF_DOMAIN_LIST_MULTIPLIER); 764 821 if (dom_infos == NULL) { … … 896 953 } 897 954 898 if (dom->num_idxs) { 899 if (!(rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs))) { 900 result = NT_STATUS_NO_MEMORY; 901 goto fail; 902 } 903 } else { 904 rids = NULL; 955 if (dom->num_idxs == 0) { 956 /* 957 * This happens only if the only sid related to 958 * this domain is the domain sid itself, which 959 * is mapped to SID_NAME_DOMAIN above. 960 */ 961 continue; 962 } 963 964 if (!(rids = talloc_array(tmp_ctx, uint32_t, dom->num_idxs))) { 965 result = NT_STATUS_NO_MEMORY; 966 goto fail; 905 967 } 906 968 … … 1013 1075 *****************************************************************/ 1014 1076 1015 /*****************************************************************1016 Find a SID given a uid.1017 *****************************************************************/1018 1019 static bool fetch_sid_from_uid_cache(struct dom_sid *psid, uid_t uid)1020 {1021 DATA_BLOB cache_value;1022 1023 if (!memcache_lookup(NULL, UID_SID_CACHE,1024 data_blob_const(&uid, sizeof(uid)),1025 &cache_value)) {1026 return false;1027 }1028 1029 memcpy(psid, cache_value.data, MIN(sizeof(*psid), cache_value.length));1030 SMB_ASSERT(cache_value.length >= offsetof(struct dom_sid, id_auth));1031 SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, 0));1032 1033 return true;1034 }1035 1036 /*****************************************************************1037 Find a uid given a SID.1038 *****************************************************************/1039 1040 static bool fetch_uid_from_cache( uid_t *puid, const struct dom_sid *psid )1041 {1042 DATA_BLOB cache_value;1043 1044 if (!memcache_lookup(NULL, SID_UID_CACHE,1045 data_blob_const(psid, ndr_size_dom_sid(psid, 0)),1046 &cache_value)) {1047 return false;1048 }1049 1050 SMB_ASSERT(cache_value.length == sizeof(*puid));1051 memcpy(puid, cache_value.data, sizeof(*puid));1052 1053 return true;1054 }1055 1056 /*****************************************************************1057 Store uid to SID mapping in cache.1058 *****************************************************************/1059 1060 void store_uid_sid_cache(const struct dom_sid *psid, uid_t uid)1061 {1062 memcache_add(NULL, SID_UID_CACHE,1063 data_blob_const(psid, ndr_size_dom_sid(psid, 0)),1064 data_blob_const(&uid, sizeof(uid)));1065 memcache_add(NULL, UID_SID_CACHE,1066 data_blob_const(&uid, sizeof(uid)),1067 data_blob_const(psid, ndr_size_dom_sid(psid, 0)));1068 }1069 1070 /*****************************************************************1071 Find a SID given a gid.1072 *****************************************************************/1073 1074 static bool fetch_sid_from_gid_cache(struct dom_sid *psid, gid_t gid)1075 {1076 DATA_BLOB cache_value;1077 1078 if (!memcache_lookup(NULL, GID_SID_CACHE,1079 data_blob_const(&gid, sizeof(gid)),1080 &cache_value)) {1081 return false;1082 }1083 1084 memcpy(psid, cache_value.data, MIN(sizeof(*psid), cache_value.length));1085 SMB_ASSERT(cache_value.length >= offsetof(struct dom_sid, id_auth));1086 SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, 0));1087 1088 return true;1089 }1090 1091 /*****************************************************************1092 Find a gid given a SID.1093 *****************************************************************/1094 1095 static bool fetch_gid_from_cache(gid_t *pgid, const struct dom_sid *psid)1096 {1097 DATA_BLOB cache_value;1098 1099 if (!memcache_lookup(NULL, SID_GID_CACHE,1100 data_blob_const(psid, ndr_size_dom_sid(psid, 0)),1101 &cache_value)) {1102 return false;1103 }1104 1105 SMB_ASSERT(cache_value.length == sizeof(*pgid));1106 memcpy(pgid, cache_value.data, sizeof(*pgid));1107 1108 return true;1109 }1110 1111 /*****************************************************************1112 Store gid to SID mapping in cache.1113 *****************************************************************/1114 1115 void store_gid_sid_cache(const struct dom_sid *psid, gid_t gid)1116 {1117 memcache_add(NULL, SID_GID_CACHE,1118 data_blob_const(psid, ndr_size_dom_sid(psid, 0)),1119 data_blob_const(&gid, sizeof(gid)));1120 memcache_add(NULL, GID_SID_CACHE,1121 data_blob_const(&gid, sizeof(gid)),1122 data_blob_const(psid, ndr_size_dom_sid(psid, 0)));1123 }1124 1077 1125 1078 /***************************************************************** … … 1130 1083 { 1131 1084 bool ret; 1085 struct unixid id; 1132 1086 1133 1087 ZERO_STRUCTP(psid); 1134 1088 1089 id.id = uid; 1090 id.type = ID_TYPE_UID; 1091 1135 1092 become_root(); 1136 ret = pdb_ uid_to_sid(uid, psid);1093 ret = pdb_id_to_sid(&id, psid); 1137 1094 unbecome_root(); 1138 1095 … … 1146 1103 uid_to_unix_users_sid(uid, psid); 1147 1104 1105 { 1106 struct unixid xid = { 1107 .id = uid, .type = ID_TYPE_UID 1108 }; 1109 idmap_cache_set_sid2unixid(psid, &xid); 1110 } 1111 1148 1112 done: 1149 1113 DEBUG(10,("LEGACY: uid %u -> sid %s\n", (unsigned int)uid, 1150 1114 sid_string_dbg(psid))); 1151 1115 1152 store_uid_sid_cache(psid, uid);1153 1116 return; 1154 1117 } … … 1161 1124 { 1162 1125 bool ret; 1126 struct unixid id; 1163 1127 1164 1128 ZERO_STRUCTP(psid); 1165 1129 1130 id.id = gid; 1131 id.type = ID_TYPE_GID; 1132 1166 1133 become_root(); 1167 ret = pdb_ gid_to_sid(gid, psid);1134 ret = pdb_id_to_sid(&id, psid); 1168 1135 unbecome_root(); 1169 1136 … … 1177 1144 gid_to_unix_groups_sid(gid, psid); 1178 1145 1146 { 1147 struct unixid xid = { 1148 .id = gid, .type = ID_TYPE_GID 1149 }; 1150 idmap_cache_set_sid2unixid(psid, &xid); 1151 } 1152 1179 1153 done: 1180 1154 DEBUG(10,("LEGACY: gid %u -> sid %s\n", (unsigned int)gid, 1181 1155 sid_string_dbg(psid))); 1182 1156 1183 store_gid_sid_cache(psid, gid);1184 1157 return; 1185 1158 } 1186 1159 1187 1160 /***************************************************************** 1188 *THE LEGACY* convert SID to uid function.1161 *THE LEGACY* convert SID to id function. 1189 1162 *****************************************************************/ 1190 1163 1191 static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) 1192 { 1193 enum lsa_SidType type; 1194 1195 if (sid_check_is_in_our_domain(psid)) { 1196 union unid_t id; 1197 bool ret; 1198 1199 become_root(); 1200 ret = pdb_sid_to_id(psid, &id, &type); 1201 unbecome_root(); 1202 1203 if (ret) { 1204 if (type != SID_NAME_USER) { 1205 DEBUG(5, ("sid %s is a %s, expected a user\n", 1206 sid_string_dbg(psid), 1207 sid_type_lookup(type))); 1208 return false; 1209 } 1210 *puid = id.uid; 1211 goto done; 1212 } 1213 1214 /* This was ours, but it was not mapped. Fail */ 1215 } 1216 1217 DEBUG(10,("LEGACY: mapping failed for sid %s\n", 1218 sid_string_dbg(psid))); 1219 return false; 1220 1221 done: 1222 DEBUG(10,("LEGACY: sid %s -> uid %u\n", sid_string_dbg(psid), 1223 (unsigned int)*puid )); 1224 1225 store_uid_sid_cache(psid, *puid); 1226 return true; 1227 } 1228 1229 /***************************************************************** 1230 *THE LEGACY* convert SID to gid function. 1231 Group mapping is used for gids that maps to Wellknown SIDs 1232 *****************************************************************/ 1233 1234 static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) 1235 { 1236 GROUP_MAP map; 1237 union unid_t id; 1238 enum lsa_SidType type; 1239 1240 if ((sid_check_is_in_builtin(psid) || 1241 sid_check_is_in_wellknown_domain(psid))) { 1242 bool ret; 1243 1244 become_root(); 1245 ret = pdb_getgrsid(&map, *psid); 1246 unbecome_root(); 1247 1248 if (ret) { 1249 *pgid = map.gid; 1250 goto done; 1251 } 1164 static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id) 1165 { 1166 bool ret; 1167 1168 become_root(); 1169 ret = pdb_sid_to_id(psid, id); 1170 unbecome_root(); 1171 1172 if (!ret) { 1252 1173 DEBUG(10,("LEGACY: mapping failed for sid %s\n", 1253 1174 sid_string_dbg(psid))); … … 1255 1176 } 1256 1177 1257 if (sid_check_is_in_our_domain(psid)) { 1258 bool ret; 1259 1260 become_root(); 1261 ret = pdb_sid_to_id(psid, &id, &type); 1262 unbecome_root(); 1263 1264 if (ret) { 1265 if ((type != SID_NAME_DOM_GRP) && 1266 (type != SID_NAME_ALIAS)) { 1267 DEBUG(5, ("LEGACY: sid %s is a %s, expected " 1268 "a group\n", sid_string_dbg(psid), 1269 sid_type_lookup(type))); 1270 return false; 1271 } 1272 *pgid = id.gid; 1273 goto done; 1274 } 1275 1276 /* This was ours, but it was not mapped. Fail */ 1277 } 1278 1279 DEBUG(10,("LEGACY: mapping failed for sid %s\n", 1280 sid_string_dbg(psid))); 1178 return true; 1179 } 1180 1181 static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) 1182 { 1183 struct unixid id; 1184 if (!legacy_sid_to_unixid(psid, &id)) { 1185 return false; 1186 } 1187 if (id.type == ID_TYPE_GID || id.type == ID_TYPE_BOTH) { 1188 *pgid = id.id; 1189 return true; 1190 } 1281 1191 return false; 1282 1283 done: 1284 DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_dbg(psid), 1285 (unsigned int)*pgid )); 1286 1287 store_gid_sid_cache(psid, *pgid); 1288 1289 return true; 1192 } 1193 1194 static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) 1195 { 1196 struct unixid id; 1197 if (!legacy_sid_to_unixid(psid, &id)) { 1198 return false; 1199 } 1200 if (id.type == ID_TYPE_UID || id.type == ID_TYPE_BOTH) { 1201 *puid = id.id; 1202 return true; 1203 } 1204 return false; 1290 1205 } 1291 1206 … … 1299 1214 bool ret; 1300 1215 ZERO_STRUCTP(psid); 1301 1302 if (fetch_sid_from_uid_cache(psid, uid))1303 return;1304 1216 1305 1217 /* Check the winbindd cache directly. */ … … 1339 1251 sid_string_dbg(psid))); 1340 1252 1341 store_uid_sid_cache(psid, uid);1342 1253 return; 1343 1254 } … … 1352 1263 bool ret; 1353 1264 ZERO_STRUCTP(psid); 1354 1355 if (fetch_sid_from_gid_cache(psid, gid))1356 return;1357 1265 1358 1266 /* Check the winbindd cache directly. */ … … 1392 1300 sid_string_dbg(psid))); 1393 1301 1394 store_gid_sid_cache(psid, gid);1395 1302 return; 1396 1303 } 1397 1304 1398 bool sids_to_unix _ids(const struct dom_sid *sids, uint32_t num_sids,1399 struct wbcUnixId *ids)1305 bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, 1306 struct unixid *ids) 1400 1307 { 1401 1308 struct wbcDomainSid *wbc_sids = NULL; … … 1405 1312 bool ret = false; 1406 1313 1407 wbc_sids = TALLOC_ARRAY(talloc_tos(), struct wbcDomainSid, num_sids);1314 wbc_sids = talloc_array(talloc_tos(), struct wbcDomainSid, num_sids); 1408 1315 if (wbc_sids == NULL) { 1409 1316 return false; … … 1416 1323 uint32_t rid; 1417 1324 1418 if (fetch_uid_from_cache(&ids[i].id.uid, &sids[i])) {1419 ids[i].type = WBC_ID_TYPE_UID;1420 continue;1421 }1422 if (fetch_gid_from_cache(&ids[i].id.gid, &sids[i])) {1423 ids[i].type = WBC_ID_TYPE_GID;1424 continue;1425 }1426 1325 if (sid_peek_check_rid(&global_sid_Unix_Users, 1427 1326 &sids[i], &rid)) { 1428 ids[i].type = WBC_ID_TYPE_UID;1429 ids[i].id .uid= rid;1327 ids[i].type = ID_TYPE_UID; 1328 ids[i].id = rid; 1430 1329 continue; 1431 1330 } 1432 1331 if (sid_peek_check_rid(&global_sid_Unix_Groups, 1433 1332 &sids[i], &rid)) { 1434 ids[i].type = WBC_ID_TYPE_GID;1435 ids[i].id .gid= rid;1333 ids[i].type = ID_TYPE_GID; 1334 ids[i].id = rid; 1436 1335 continue; 1437 1336 } 1438 if (idmap_cache_find_sid2uid(&sids[i], &ids[i].id.uid, 1439 &expired) 1440 && !expired && ids[i].id.uid != (uid_t)-1) { 1441 ids[i].type = WBC_ID_TYPE_UID; 1337 if (idmap_cache_find_sid2unixid(&sids[i], &ids[i], &expired) 1338 && !expired) 1339 { 1442 1340 continue; 1443 1341 } 1444 if (idmap_cache_find_sid2gid(&sids[i], &ids[i].id.gid, 1445 &expired) 1446 && !expired && ids[i].id.gid != (gid_t)-1) { 1447 ids[i].type = WBC_ID_TYPE_GID; 1448 continue; 1449 } 1450 ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED; 1342 ids[i].type = ID_TYPE_NOT_SPECIFIED; 1451 1343 memcpy(&wbc_sids[num_not_cached], &sids[i], 1452 1344 ndr_size_dom_sid(&sids[i], 0)); … … 1456 1348 goto done; 1457 1349 } 1458 wbc_ids = TALLOC_ARRAY(talloc_tos(), struct wbcUnixId, num_not_cached);1350 wbc_ids = talloc_array(talloc_tos(), struct wbcUnixId, num_not_cached); 1459 1351 if (wbc_ids == NULL) { 1460 1352 goto fail; … … 1472 1364 1473 1365 for (i=0; i<num_sids; i++) { 1474 if (ids[i].type == WBC_ID_TYPE_NOT_SPECIFIED) { 1475 ids[i] = wbc_ids[num_not_cached]; 1366 if (ids[i].type == ID_TYPE_NOT_SPECIFIED) { 1367 switch (wbc_ids[num_not_cached].type) { 1368 case WBC_ID_TYPE_UID: 1369 ids[i].type = ID_TYPE_UID; 1370 ids[i].id = wbc_ids[num_not_cached].id.uid; 1371 break; 1372 case WBC_ID_TYPE_GID: 1373 ids[i].type = ID_TYPE_GID; 1374 ids[i].id = wbc_ids[num_not_cached].id.gid; 1375 break; 1376 default: 1377 /* The types match, and wbcUnixId -> id is a union anyway */ 1378 ids[i].type = (enum id_type)wbc_ids[num_not_cached].type; 1379 ids[i].id = wbc_ids[num_not_cached].id.gid; 1380 break; 1381 } 1476 1382 num_not_cached += 1; 1477 1383 } … … 1479 1385 1480 1386 for (i=0; i<num_sids; i++) { 1481 if (ids[i].type != WBC_ID_TYPE_NOT_SPECIFIED) {1387 if (ids[i].type != ID_TYPE_NOT_SPECIFIED) { 1482 1388 continue; 1483 1389 } 1484 if (legacy_sid_to_gid(&sids[i], &ids[i].id .gid)) {1485 ids[i].type = WBC_ID_TYPE_GID;1390 if (legacy_sid_to_gid(&sids[i], &ids[i].id)) { 1391 ids[i].type = ID_TYPE_GID; 1486 1392 continue; 1487 1393 } 1488 if (legacy_sid_to_uid(&sids[i], &ids[i].id .uid)) {1489 ids[i].type = WBC_ID_TYPE_UID;1394 if (legacy_sid_to_uid(&sids[i], &ids[i].id)) { 1395 ids[i].type = ID_TYPE_UID; 1490 1396 continue; 1491 1397 } 1492 1398 } 1493 1494 1399 done: 1495 1400 for (i=0; i<num_sids; i++) { 1496 1401 switch(ids[i].type) { 1497 1402 case WBC_ID_TYPE_GID: 1498 if (ids[i].id.gid == (gid_t)-1) {1499 ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED;1500 }1501 break;1502 1403 case WBC_ID_TYPE_UID: 1503 if (ids[i].id.uid == (uid_t)-1) { 1504 ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED; 1404 case WBC_ID_TYPE_BOTH: 1405 if (ids[i].id == -1) { 1406 ids[i].type = ID_TYPE_NOT_SPECIFIED; 1505 1407 } 1506 1408 break; … … 1509 1411 } 1510 1412 } 1413 1511 1414 ret = true; 1512 1415 fail: … … 1524 1427 bool expired = true; 1525 1428 bool ret; 1526 uint32 rid; 1527 gid_t gid; 1528 1529 if (fetch_uid_from_cache(puid, psid)) 1530 return true; 1531 1532 if (fetch_gid_from_cache(&gid, psid)) { 1533 return false; 1534 } 1429 uint32_t rid; 1535 1430 1536 1431 /* Optimize for the Unix Users Domain … … 1573 1468 (unsigned int)*puid )); 1574 1469 1575 store_uid_sid_cache(psid, *puid);1576 1470 return true; 1577 1471 } … … 1586 1480 bool expired = true; 1587 1481 bool ret; 1588 uint32 rid; 1589 uid_t uid; 1590 1591 if (fetch_gid_from_cache(pgid, psid)) 1592 return true; 1593 1594 if (fetch_uid_from_cache(&uid, psid)) 1595 return false; 1482 uint32_t rid; 1596 1483 1597 1484 /* Optimize for the Unix Groups Domain … … 1635 1522 (unsigned int)*pgid )); 1636 1523 1637 store_gid_sid_cache(psid, *pgid);1638 1524 return true; 1639 1525 } … … 1681 1567 pwd = Get_Pwnam_alloc(mem_ctx, username); 1682 1568 if (!pwd) { 1683 DEBUG(0, ("Failed to find a Unix account for %s ",1569 DEBUG(0, ("Failed to find a Unix account for %s\n", 1684 1570 username)); 1685 1571 TALLOC_FREE(tmp_ctx); … … 1717 1603 } else { 1718 1604 /* Try group mapping */ 1605 struct unixid id; 1606 1607 id.id = pwd->pw_gid; 1608 id.type = ID_TYPE_GID; 1609 1719 1610 ZERO_STRUCTP(group_sid); 1720 if (pdb_ gid_to_sid(pwd->pw_gid, group_sid)) {1611 if (pdb_id_to_sid(&id, group_sid)) { 1721 1612 need_lookup_sid = true; 1722 1613 } … … 1763 1654 } 1764 1655 1765 bool delete_uid_cache(uid_t puid)1766 {1767 DATA_BLOB uid = data_blob_const(&puid, sizeof(puid));1768 DATA_BLOB sid;1769 1770 if (!memcache_lookup(NULL, UID_SID_CACHE, uid, &sid)) {1771 DEBUG(3, ("UID %d is not memcached!\n", (int)puid));1772 return false;1773 }1774 DEBUG(3, ("Delete mapping UID %d <-> %s from memcache\n", (int)puid,1775 sid_string_dbg((struct dom_sid*)sid.data)));1776 memcache_delete(NULL, SID_UID_CACHE, sid);1777 memcache_delete(NULL, UID_SID_CACHE, uid);1778 return true;1779 }1780 1781 bool delete_gid_cache(gid_t pgid)1782 {1783 DATA_BLOB gid = data_blob_const(&pgid, sizeof(pgid));1784 DATA_BLOB sid;1785 if (!memcache_lookup(NULL, GID_SID_CACHE, gid, &sid)) {1786 DEBUG(3, ("GID %d is not memcached!\n", (int)pgid));1787 return false;1788 }1789 DEBUG(3, ("Delete mapping GID %d <-> %s from memcache\n", (int)pgid,1790 sid_string_dbg((struct dom_sid*)sid.data)));1791 memcache_delete(NULL, SID_GID_CACHE, sid);1792 memcache_delete(NULL, GID_SID_CACHE, gid);1793 return true;1794 }1795 1796 bool delete_sid_cache(const struct dom_sid* psid)1797 {1798 DATA_BLOB sid = data_blob_const(psid, ndr_size_dom_sid(psid, 0));1799 DATA_BLOB id;1800 if (memcache_lookup(NULL, SID_GID_CACHE, sid, &id)) {1801 DEBUG(3, ("Delete mapping %s <-> GID %d from memcache\n",1802 sid_string_dbg(psid), *(int*)id.data));1803 memcache_delete(NULL, SID_GID_CACHE, sid);1804 memcache_delete(NULL, GID_SID_CACHE, id);1805 } else if (memcache_lookup(NULL, SID_UID_CACHE, sid, &id)) {1806 DEBUG(3, ("Delete mapping %s <-> UID %d from memcache\n",1807 sid_string_dbg(psid), *(int*)id.data));1808 memcache_delete(NULL, SID_UID_CACHE, sid);1809 memcache_delete(NULL, UID_SID_CACHE, id);1810 } else {1811 DEBUG(3, ("SID %s is not memcached!\n", sid_string_dbg(psid)));1812 return false;1813 }1814 return true;1815 }1816 1817 void flush_gid_cache(void)1818 {1819 DEBUG(3, ("Flush GID <-> SID memcache\n"));1820 memcache_flush(NULL, SID_GID_CACHE);1821 memcache_flush(NULL, GID_SID_CACHE);1822 }1823 1824 void flush_uid_cache(void)1825 {1826 DEBUG(3, ("Flush UID <-> SID memcache\n"));1827 memcache_flush(NULL, SID_UID_CACHE);1828 memcache_flush(NULL, UID_SID_CACHE);1829 } -
vendor/current/source3/passdb/lookup_sid.h
r740 r988 25 25 26 26 #include "../librpc/gen_ndr/lsa.h" 27 #include "nsswitch/libwbclient/wbclient.h" 27 28 struct passwd; 29 struct unixid; 28 30 29 31 #define LOOKUP_NAME_NONE 0x00000000 30 32 #define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */ 31 33 #define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */ 32 #define LOOKUP_NAME_GROUP 0x00000004 /* (unused)This is a NASTY hack for34 #define LOOKUP_NAME_GROUP 0x00000004 /* This is a NASTY hack for 33 35 valid users = @foo where foo also 34 36 exists in as user. */ … … 57 59 58 60 struct lsa_name_info { 59 uint32 rid;61 uint32_t rid; 60 62 enum lsa_SidType type; 61 63 const char *name; … … 80 82 const char **ret_domain, const char **ret_name, 81 83 enum lsa_SidType *ret_type); 82 void store_uid_sid_cache(const struct dom_sid *psid, uid_t uid);83 void store_gid_sid_cache(const struct dom_sid *psid, gid_t gid);84 84 void uid_to_sid(struct dom_sid *psid, uid_t uid); 85 85 void gid_to_sid(struct dom_sid *psid, gid_t gid); 86 bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids,87 struct wbcUnixId *ids);88 86 bool sid_to_uid(const struct dom_sid *psid, uid_t *puid); 89 87 bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid); 88 bool sids_to_unixids(const struct dom_sid *sids, uint32_t num_sids, 89 struct unixid *ids); 90 90 NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx, 91 91 const char *username, 92 92 struct passwd **_pwd, 93 93 struct dom_sid **_group_sid); 94 bool delete_uid_cache(uid_t uid);95 bool delete_gid_cache(gid_t gid);96 bool delete_sid_cache(const struct dom_sid* psid);97 void flush_uid_cache(void);98 void flush_gid_cache(void);99 94 100 95 #endif /* _PASSDB_LOOKUP_SID_H_ */ -
vendor/current/source3/passdb/machine_account_secrets.c
r740 r988 27 27 #include "../libcli/auth/libcli_auth.h" 28 28 #include "secrets.h" 29 #include "dbwrap .h"29 #include "dbwrap/dbwrap.h" 30 30 #include "../librpc/ndr/libndr.h" 31 31 #include "util_tdb.h" 32 #include "libcli/security/security.h" 32 33 33 34 #undef DBGC_CLASS 34 35 #define DBGC_CLASS DBGC_PASSDB 35 36 /* Urrrg. global.... */37 bool global_machine_password_needs_changing;38 36 39 37 /** … … 54 52 } 55 53 54 static const char *protect_ids_keystr(const char *domain) 55 { 56 char *keystr; 57 58 keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/%s", 59 SECRETS_PROTECT_IDS, domain); 60 SMB_ASSERT(keystr != NULL); 61 return keystr; 62 } 63 64 /* N O T E: never use this outside of passdb modules that store the SID on their own */ 65 bool secrets_mark_domain_protected(const char *domain) 66 { 67 bool ret; 68 69 ret = secrets_store(protect_ids_keystr(domain), "TRUE", 5); 70 if (!ret) { 71 DEBUG(0, ("Failed to protect the Domain IDs\n")); 72 } 73 return ret; 74 } 75 76 bool secrets_clear_domain_protection(const char *domain) 77 { 78 bool ret; 79 void *protection = secrets_fetch(protect_ids_keystr(domain), NULL); 80 81 if (protection) { 82 SAFE_FREE(protection); 83 ret = secrets_delete(protect_ids_keystr(domain)); 84 if (!ret) { 85 DEBUG(0, ("Failed to remove Domain IDs protection\n")); 86 } 87 return ret; 88 } 89 return true; 90 } 91 56 92 bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid) 57 93 { 94 char *protect_ids; 58 95 bool ret; 59 96 97 protect_ids = secrets_fetch(protect_ids_keystr(domain), NULL); 98 if (protect_ids) { 99 if (strncmp(protect_ids, "TRUE", 4)) { 100 DEBUG(0, ("Refusing to store a Domain SID, " 101 "it has been marked as protected!\n")); 102 SAFE_FREE(protect_ids); 103 return false; 104 } 105 } 106 SAFE_FREE(protect_ids); 107 60 108 ret = secrets_store(domain_sid_keystr(domain), sid, sizeof(struct dom_sid )); 61 109 62 /* Force a re-query, in case we modified our domain */ 63 if (ret) 64 reset_global_sam_sid(); 110 /* Force a re-query, in the case where we modified our domain */ 111 if (ret) { 112 if (dom_sid_equal(get_global_sam_sid(), sid) == false) { 113 reset_global_sam_sid(); 114 } 115 } 65 116 return ret; 66 117 } … … 88 139 bool secrets_store_domain_guid(const char *domain, struct GUID *guid) 89 140 { 141 char *protect_ids; 90 142 fstring key; 91 143 144 protect_ids = secrets_fetch(protect_ids_keystr(domain), NULL); 145 if (protect_ids) { 146 if (strncmp(protect_ids, "TRUE", 4)) { 147 DEBUG(0, ("Refusing to store a Domain SID, " 148 "it has been marked as protected!\n")); 149 SAFE_FREE(protect_ids); 150 return false; 151 } 152 } 153 SAFE_FREE(protect_ids); 154 92 155 slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); 93 strupper_m(key); 156 if (!strupper_m(key)) { 157 return false; 158 } 94 159 return secrets_store(key, guid, sizeof(struct GUID)); 95 160 } … … 103 168 104 169 slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); 105 strupper_m(key); 170 if (!strupper_m(key)) { 171 return false; 172 } 106 173 dyn_guid = (struct GUID *)secrets_fetch(key, &size); 107 174 … … 218 285 219 286 /************************************************************************ 220 Lock the trust password entry.221 ************************************************************************/222 223 void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain)224 {225 struct db_context *db_ctx;226 if (!secrets_init()) {227 return NULL;228 }229 230 db_ctx = secrets_db_ctx();231 232 return db_ctx->fetch_locked(233 db_ctx, mem_ctx, string_term_tdb_data(trust_keystr(domain)));234 }235 236 /************************************************************************237 287 Routine to get the default secure channel type for trust accounts 238 288 ************************************************************************/ … … 241 291 { 242 292 if (lp_server_role() == ROLE_DOMAIN_BDC || 243 lp_server_role() == ROLE_DOMAIN_PDC) { 293 lp_server_role() == ROLE_DOMAIN_PDC || 294 lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) { 244 295 return SEC_CHAN_BDC; 245 296 } else { … … 256 307 257 308 bool secrets_fetch_trust_account_password_legacy(const char *domain, 258 uint8 ret_pwd[16],309 uint8_t ret_pwd[16], 259 310 time_t *pass_last_set_time, 260 311 enum netr_SchannelType *channel) … … 284 335 } 285 336 286 /* Test if machine password has expired and needs to be changed */287 if (lp_machine_password_timeout()) {288 if (pass->mod_time > 0 && time(NULL) > (pass->mod_time +289 (time_t)lp_machine_password_timeout())) {290 global_machine_password_needs_changing = True;291 }292 }293 294 337 SAFE_FREE(pass); 295 338 return True; … … 302 345 ************************************************************************/ 303 346 304 bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],347 bool secrets_fetch_trust_account_password(const char *domain, uint8_t ret_pwd[16], 305 348 time_t *pass_last_set_time, 306 349 enum netr_SchannelType *channel) … … 337 380 338 381 /************************************************************************ 339 Routine to delete the plaintext machine account password and old340 password if any341 ************************************************************************/342 343 bool secrets_delete_machine_password(const char *domain)344 {345 if (!secrets_delete_prev_machine_password(domain)) {346 return false;347 }348 return secrets_delete(machine_password_keystr(domain));349 }350 351 /************************************************************************352 382 Routine to delete the plaintext machine account password, old password, 353 383 sec channel type and last change time from secrets database … … 406 436 { 407 437 bool ret; 408 uint32 last_change_time;409 uint32 sec_channel_type;438 uint32_t last_change_time; 439 uint32_t sec_channel_type; 410 440 411 441 if (!secrets_store_prev_machine_password(domain)) { … … 426 456 } 427 457 458 /************************************************************************ 459 Set the machine trust account password, the old pw and last change 460 time, domain SID and salting principals based on values passed in 461 (added to supprt the secrets_tdb_sync module on secrets.ldb) 462 ************************************************************************/ 463 464 bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const char *domain, 465 const char *realm, 466 const char *salting_principal, uint32_t supported_enc_types, 467 const struct dom_sid *domain_sid, uint32_t last_change_time, 468 uint32_t secure_channel_type, 469 bool delete_join) 470 { 471 bool ret; 472 uint8_t last_change_time_store[4]; 473 TALLOC_CTX *frame = talloc_stackframe(); 474 uint8_t sec_channel_bytes[4]; 475 void *value; 476 477 if (delete_join) { 478 secrets_delete_machine_password_ex(domain); 479 secrets_delete_domain_sid(domain); 480 TALLOC_FREE(frame); 481 return true; 482 } 483 484 ret = secrets_store(machine_password_keystr(domain), pass, strlen(pass)+1); 485 if (!ret) { 486 TALLOC_FREE(frame); 487 return ret; 488 } 489 490 if (oldpass) { 491 ret = secrets_store(machine_prev_password_keystr(domain), oldpass, strlen(oldpass)+1); 492 } else { 493 value = secrets_fetch_prev_machine_password(domain); 494 if (value) { 495 SAFE_FREE(value); 496 ret = secrets_delete_prev_machine_password(domain); 497 } 498 } 499 if (!ret) { 500 TALLOC_FREE(frame); 501 return ret; 502 } 503 504 if (secure_channel_type == 0) { 505 /* We delete this and instead have the read code fall back to 506 * a default based on server role, as our caller can't specify 507 * this with any more certainty */ 508 value = secrets_fetch(machine_sec_channel_type_keystr(domain), NULL); 509 if (value) { 510 SAFE_FREE(value); 511 ret = secrets_delete(machine_sec_channel_type_keystr(domain)); 512 if (!ret) { 513 TALLOC_FREE(frame); 514 return ret; 515 } 516 } 517 } else { 518 SIVAL(&sec_channel_bytes, 0, secure_channel_type); 519 ret = secrets_store(machine_sec_channel_type_keystr(domain), 520 &sec_channel_bytes, sizeof(sec_channel_bytes)); 521 if (!ret) { 522 TALLOC_FREE(frame); 523 return ret; 524 } 525 } 526 527 SIVAL(&last_change_time_store, 0, last_change_time); 528 ret = secrets_store(machine_last_change_time_keystr(domain), 529 &last_change_time_store, sizeof(last_change_time)); 530 531 if (!ret) { 532 TALLOC_FREE(frame); 533 return ret; 534 } 535 536 ret = secrets_store_domain_sid(domain, domain_sid); 537 538 if (!ret) { 539 TALLOC_FREE(frame); 540 return ret; 541 } 542 543 if (realm && salting_principal) { 544 char *key = talloc_asprintf(frame, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL, realm); 545 if (!key) { 546 TALLOC_FREE(frame); 547 return false; 548 } 549 ret = secrets_store(key, salting_principal, strlen(salting_principal)+1 ); 550 } 551 552 TALLOC_FREE(frame); 553 return ret; 554 } 555 428 556 429 557 /************************************************************************ … … 435 563 { 436 564 return (char *)secrets_fetch(machine_prev_password_keystr(domain), NULL); 565 } 566 567 /************************************************************************ 568 Routine to fetch the last change time of the machine account password 569 for a realm 570 ************************************************************************/ 571 572 time_t secrets_fetch_pass_last_set_time(const char *domain) 573 { 574 uint32_t *last_set_time; 575 time_t pass_last_set_time; 576 577 last_set_time = secrets_fetch(machine_last_change_time_keystr(domain), 578 NULL); 579 if (last_set_time) { 580 pass_last_set_time = IVAL(last_set_time,0); 581 SAFE_FREE(last_set_time); 582 } else { 583 pass_last_set_time = 0; 584 } 585 586 return pass_last_set_time; 437 587 } 438 588 … … 450 600 451 601 if (pass_last_set_time) { 452 size_t size; 453 uint32 *last_set_time; 454 last_set_time = (unsigned int *)secrets_fetch(machine_last_change_time_keystr(domain), &size); 455 if (last_set_time) { 456 *pass_last_set_time = IVAL(last_set_time,0); 457 SAFE_FREE(last_set_time); 458 } else { 459 *pass_last_set_time = 0; 460 } 602 *pass_last_set_time = secrets_fetch_pass_last_set_time(domain); 461 603 } 462 604 463 605 if (channel) { 464 606 size_t size; 465 uint32 *channel_type;607 uint32_t *channel_type; 466 608 channel_type = (unsigned int *)secrets_fetch(machine_sec_channel_type_keystr(domain), &size); 467 609 if (channel_type) { -
vendor/current/source3/passdb/machine_sid.c
r740 r988 1 /* 1 /* 2 2 Unix SMB/CIFS implementation. 3 3 Password and authentication handling … … 22 22 23 23 #include "includes.h" 24 #include "passdb .h"24 #include "passdb/machine_sid.h" 25 25 #include "secrets.h" 26 #include "dbwrap .h"26 #include "dbwrap/dbwrap.h" 27 27 #include "../libcli/security/security.h" 28 28 … … 98 98 } 99 99 100 if (secrets_fetch_domain_sid( global_myname(), sam_sid)) {100 if (secrets_fetch_domain_sid(lp_netbios_name(), sam_sid)) { 101 101 102 102 /* We got our sid. If not a pdc/bdc, we're done. */ … … 121 121 122 122 DEBUG(0,("pdb_generate_sam_sid: Mismatched SIDs as a pdc/bdc.\n")); 123 if (!secrets_store_domain_sid( global_myname(), &domain_sid)) {123 if (!secrets_store_domain_sid(lp_netbios_name(), &domain_sid)) { 124 124 DEBUG(0,("pdb_generate_sam_sid: Can't re-store domain SID for local sid as PDC/BDC.\n")); 125 125 SAFE_FREE(sam_sid); … … 140 140 if (read_sid_from_file(fname, sam_sid)) { 141 141 /* remember it for future reference and unlink the old MACHINE.SID */ 142 if (!secrets_store_domain_sid( global_myname(), sam_sid)) {142 if (!secrets_store_domain_sid(lp_netbios_name(), sam_sid)) { 143 143 DEBUG(0,("pdb_generate_sam_sid: Failed to store SID from file.\n")); 144 144 SAFE_FREE(fname); … … 167 167 generate_random_sid(sam_sid); 168 168 169 if (!secrets_store_domain_sid( global_myname(), sam_sid)) {169 if (!secrets_store_domain_sid(lp_netbios_name(), sam_sid)) { 170 170 DEBUG(0,("pdb_generate_sam_sid: Failed to store generated machine SID.\n")); 171 171 SAFE_FREE(sam_sid); … … 181 181 182 182 return sam_sid; 183 } 183 } 184 184 185 185 /* return our global_sam_sid */ … … 195 195 * pdb_generate_sam_sid() as needed 196 196 * 197 * Note: this is g arded by a transaction197 * Note: this is guarded by a transaction 198 198 * to prevent races on startup which 199 199 * can happen with some dbwrap backends … … 205 205 } 206 206 207 if (db ->transaction_start(db) != 0) {207 if (dbwrap_transaction_start(db) != 0) { 208 208 smb_panic("could not start transaction on secrets db"); 209 209 } 210 210 211 211 if (!(global_sam_sid = pdb_generate_sam_sid())) { 212 db ->transaction_cancel(db);212 dbwrap_transaction_cancel(db); 213 213 smb_panic("could not generate a machine SID"); 214 214 } 215 215 216 if (db ->transaction_commit(db) != 0) {216 if (dbwrap_transaction_commit(db) != 0) { 217 217 smb_panic("could not start commit secrets db"); 218 218 } … … 221 221 } 222 222 223 /** 224 * Force get_global_sam_sid to requery the backends 223 /** 224 * Force get_global_sam_sid to requery the backends 225 225 */ 226 226 void reset_global_sam_sid(void) … … 230 230 231 231 /***************************************************************** 232 Check if the SID is our domainSID (S-1-5-21-x-y-z).233 *****************************************************************/ 234 235 bool sid_check_is_ domain(const struct dom_sid *sid)232 Check if the SID is our sam SID (S-1-5-21-x-y-z). 233 *****************************************************************/ 234 235 bool sid_check_is_our_sam(const struct dom_sid *sid) 236 236 { 237 237 return dom_sid_equal(sid, get_global_sam_sid()); … … 240 240 /***************************************************************** 241 241 Check if the SID is our domain SID (S-1-5-21-x-y-z). 242 *****************************************************************/ 243 244 bool sid_check_is_in_our_ domain(const struct dom_sid *sid)242 *****************************************************************/ 243 244 bool sid_check_is_in_our_sam(const struct dom_sid *sid) 245 245 { 246 246 struct dom_sid dom_sid; … … 248 248 sid_copy(&dom_sid, sid); 249 249 sid_split_rid(&dom_sid, NULL); 250 return sid_check_is_ domain(&dom_sid);251 } 250 return sid_check_is_our_sam(&dom_sid); 251 } -
vendor/current/source3/passdb/machine_sid.h
r740 r988 23 23 /* The following definitions come from passdb/machine_sid.c */ 24 24 25 #ifndef _PASSDB_MACHINE_SID_H_ 26 #define _PASSDB_MACHINE_SID_H_ 27 25 28 struct dom_sid *get_global_sam_sid(void); 26 29 void reset_global_sam_sid(void) ; 27 bool sid_check_is_domain(const struct dom_sid *sid); 28 bool sid_check_is_in_our_domain(const struct dom_sid *sid); 30 bool sid_check_is_our_sam(const struct dom_sid *sid); 31 bool sid_check_is_in_our_sam(const struct dom_sid *sid); 32 33 #endif /* _PASSDB_MACHINE_SID_H_ */ -
vendor/current/source3/passdb/passdb.c
r740 r988 31 31 #include "../lib/util/util_pw.h" 32 32 #include "util_tdb.h" 33 #include "auth/credentials/credentials.h" 34 #include "lib/param/param.h" 33 35 34 36 #undef DBGC_CLASS 35 37 #define DBGC_CLASS DBGC_PASSDB 36 37 /******************************************************************38 Get the default domain/netbios name to be used when39 testing authentication.40 41 LEGACY: this function provides the legacy domain mapping used with42 the lp_map_untrusted_to_domain() parameter43 ******************************************************************/44 45 const char *my_sam_name(void)46 {47 /* Standalone servers can only use the local netbios name */48 if ( lp_server_role() == ROLE_STANDALONE )49 return global_myname();50 51 /* Default to the DOMAIN name when not specified */52 return lp_workgroup();53 }54 38 55 39 /********************************************************************** … … 75 59 struct samu *user; 76 60 77 if ( !(user = TALLOC_ZERO_P( ctx, struct samu )) ) {61 if ( !(user = talloc_zero( ctx, struct samu )) ) { 78 62 DEBUG(0,("samuser_new: Talloc failed!\n")); 79 63 return NULL; … … 94 78 user->logoff_time = get_time_t_max(); 95 79 user->kickoff_time = get_time_t_max(); 96 user->pass_must_change_time = get_time_t_max();97 80 user->fields_present = 0x00ffffff; 98 81 user->logon_divs = 168; /* hours per week */ … … 147 130 *********************************************************************/ 148 131 149 static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *pwd, bool create) 150 { 151 const char *guest_account = lp_guestaccount(); 152 const char *domain = global_myname(); 132 static NTSTATUS samu_set_unix_internal(struct pdb_methods *methods, 133 struct samu *user, const struct passwd *pwd, bool create) 134 { 135 const char *guest_account = lp_guest_account(); 136 const char *domain = lp_netbios_name(); 153 137 char *fullname; 154 138 uint32_t urid; … … 229 213 230 214 pdb_set_profile_path(user, talloc_sub_specified(user, 231 lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),215 lp_logon_path(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), 232 216 PDB_DEFAULT); 233 217 pdb_set_homedir(user, talloc_sub_specified(user, 234 lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),218 lp_logon_home(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), 235 219 PDB_DEFAULT); 236 220 pdb_set_dir_drive(user, talloc_sub_specified(user, 237 lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),221 lp_logon_drive(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), 238 222 PDB_DEFAULT); 239 223 pdb_set_logon_script(user, talloc_sub_specified(user, 240 lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),224 lp_logon_script(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid), 241 225 PDB_DEFAULT); 242 226 } … … 247 231 netr_SamInfo3 structure) */ 248 232 249 if ( create && ( pdb_capabilities() & PDB_CAP_STORE_RIDS)) {233 if ( create && (methods->capabilities(methods) & PDB_CAP_STORE_RIDS)) { 250 234 uint32_t user_rid; 251 235 struct dom_sid user_sid; 252 236 253 if ( ! pdb_new_rid( &user_rid) ) {237 if ( !methods->new_rid(methods, &user_rid) ) { 254 238 DEBUG(3, ("Could not allocate a new RID\n")); 255 239 return NT_STATUS_ACCESS_DENIED; … … 283 267 NTSTATUS samu_set_unix(struct samu *user, const struct passwd *pwd) 284 268 { 285 return samu_set_unix_internal( user, pwd, False ); 286 } 287 288 NTSTATUS samu_alloc_rid_unix(struct samu *user, const struct passwd *pwd) 289 { 290 return samu_set_unix_internal( user, pwd, True ); 269 return samu_set_unix_internal( NULL, user, pwd, False ); 270 } 271 272 NTSTATUS samu_alloc_rid_unix(struct pdb_methods *methods, 273 struct samu *user, const struct passwd *pwd) 274 { 275 return samu_set_unix_internal( methods, user, pwd, True ); 291 276 } 292 277 … … 381 366 { 382 367 if (pwd != NULL) { 383 int i; 384 for (i = 0; i < 16; i++) 385 slprintf(&p[i*2], 3, "%02X", pwd[i]); 368 hex_encode_buf(p, pwd, 16); 386 369 } else { 387 370 if (acct_ctrl & ACB_PWNOTREQ) 388 s afe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 32);371 strlcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); 389 372 else 390 s afe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 32);373 strlcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); 391 374 } 392 375 } … … 432 415 { 433 416 if (hours != NULL) { 434 int i; 435 for (i = 0; i < 21; i++) { 436 slprintf(&p[i*2], 3, "%02X", hours[i]); 437 } 417 hex_encode_buf(p, hours, 21); 438 418 } else { 439 s afe_strcpy(p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 43);419 strlcpy(p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 44); 440 420 } 441 421 } … … 590 570 enum lsa_SidType *type) 591 571 { 592 GROUP_MAP map;572 GROUP_MAP *map; 593 573 bool ret; 594 574 … … 628 608 629 609 if (ret) { 630 if (!sid_check_is_in_our_ domain(&user_sid)) {610 if (!sid_check_is_in_our_sam(&user_sid)) { 631 611 DEBUG(0, ("User %s with invalid SID %s in passdb\n", 632 612 name, sid_string_dbg(&user_sid))); … … 644 624 */ 645 625 626 map = talloc_zero(NULL, GROUP_MAP); 627 if (!map) { 628 return false; 629 } 630 646 631 become_root(); 647 ret = pdb_getgrnam( &map, name);632 ret = pdb_getgrnam(map, name); 648 633 unbecome_root(); 649 634 650 635 if (!ret) { 636 TALLOC_FREE(map); 651 637 return False; 652 638 } 653 639 654 640 /* BUILTIN groups are looked up elsewhere */ 655 if (!sid_check_is_in_our_ domain(&map.sid)) {641 if (!sid_check_is_in_our_sam(&map->sid)) { 656 642 DEBUG(10, ("Found group %s (%s) not in our domain -- " 657 "ignoring.", name, sid_string_dbg(&map.sid))); 643 "ignoring.\n", 644 name, sid_string_dbg(&map->sid))); 645 TALLOC_FREE(map); 658 646 return False; 659 647 } 660 648 661 649 /* yes it's a mapped group */ 662 sid_peek_rid(&map.sid, rid); 663 *type = map.sid_name_use; 650 sid_peek_rid(&map->sid, rid); 651 *type = map->sid_name_use; 652 TALLOC_FREE(map); 664 653 return True; 665 654 } … … 1019 1008 pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET); 1020 1009 pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); 1021 pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);1022 1010 pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); 1023 1011 … … 1210 1198 pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET); 1211 1199 pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); 1212 pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);1213 1200 pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); 1214 1201 … … 1401 1388 pdb_set_bad_password_time(sampass, bad_password_time, PDB_SET); 1402 1389 pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET); 1403 pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);1404 1390 pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET); 1405 1391 … … 1637 1623 pdb_set_bad_password_time(sampass, convert_uint32_t_to_time_t(bad_password_time), PDB_SET); 1638 1624 pdb_set_pass_can_change_time(sampass, convert_uint32_t_to_time_t(pass_can_change_time), PDB_SET); 1639 pdb_set_pass_must_change_time(sampass, convert_uint32_t_to_time_t(pass_must_change_time), PDB_SET);1640 1625 pdb_set_pass_last_set_time(sampass, convert_uint32_t_to_time_t(pass_last_set_time), PDB_SET); 1641 1626 … … 2299 2284 *******************************************************************/ 2300 2285 2301 bool get_trust_pw_clear(const char *domain, char **ret_pwd, 2302 const char **account_name, 2303 enum netr_SchannelType *channel) 2286 static bool get_trust_pw_clear2(const char *domain, 2287 const char **account_name, 2288 enum netr_SchannelType *channel, 2289 char **cur_pw, 2290 time_t *_last_set_time, 2291 char **prev_pw) 2304 2292 { 2305 2293 char *pwd; 2306 2294 time_t last_set_time; 2295 2296 if (cur_pw != NULL) { 2297 *cur_pw = NULL; 2298 } 2299 if (_last_set_time != NULL) { 2300 *_last_set_time = 0; 2301 } 2302 if (prev_pw != NULL) { 2303 *prev_pw = NULL; 2304 } 2307 2305 2308 2306 /* if we are a DC and this is not our domain, then lookup an account … … 2314 2312 } 2315 2313 2316 if (!pdb_get_trusteddom_pw(domain, ret_pwd, NULL,2314 if (!pdb_get_trusteddom_pw(domain, cur_pw, NULL, 2317 2315 &last_set_time)) 2318 2316 { … … 2329 2327 if (account_name != NULL) { 2330 2328 *account_name = lp_workgroup(); 2329 } 2330 2331 if (_last_set_time != NULL) { 2332 *_last_set_time = last_set_time; 2331 2333 } 2332 2334 … … 2354 2356 2355 2357 if (pwd != NULL) { 2356 *ret_pwd = pwd; 2358 struct timeval expire; 2359 2360 *cur_pw = pwd; 2361 2357 2362 if (account_name != NULL) { 2358 *account_name = global_myname(); 2363 *account_name = lp_netbios_name(); 2364 } 2365 2366 if (_last_set_time != NULL) { 2367 *_last_set_time = last_set_time; 2368 } 2369 2370 if (prev_pw == NULL) { 2371 return true; 2372 } 2373 2374 ZERO_STRUCT(expire); 2375 expire.tv_sec = lp_machine_password_timeout(); 2376 expire.tv_sec /= 2; 2377 expire.tv_sec += last_set_time; 2378 if (timeval_expired(&expire)) { 2379 return true; 2380 } 2381 2382 pwd = secrets_fetch_prev_machine_password(lp_workgroup()); 2383 if (pwd != NULL) { 2384 *prev_pw = pwd; 2359 2385 } 2360 2386 … … 2362 2388 } 2363 2389 2364 DEBUG(5, ("get_trust_pw_clear : could not fetch clear text trust "2390 DEBUG(5, ("get_trust_pw_clear2: could not fetch clear text trust " 2365 2391 "account password for domain %s\n", domain)); 2366 2392 return false; 2393 } 2394 2395 bool get_trust_pw_clear(const char *domain, char **ret_pwd, 2396 const char **account_name, 2397 enum netr_SchannelType *channel) 2398 { 2399 return get_trust_pw_clear2(domain, 2400 account_name, 2401 channel, 2402 ret_pwd, 2403 NULL, 2404 NULL); 2367 2405 } 2368 2406 … … 2372 2410 *******************************************************************/ 2373 2411 2412 static bool get_trust_pw_hash2(const char *domain, 2413 const char **account_name, 2414 enum netr_SchannelType *channel, 2415 struct samr_Password *current_nt_hash, 2416 time_t *last_set_time, 2417 struct samr_Password **_previous_nt_hash) 2418 { 2419 char *cur_pw = NULL; 2420 char *prev_pw = NULL; 2421 char **_prev_pw = NULL; 2422 bool ok; 2423 2424 if (_previous_nt_hash != NULL) { 2425 *_previous_nt_hash = NULL; 2426 _prev_pw = &prev_pw; 2427 } 2428 2429 ok = get_trust_pw_clear2(domain, account_name, channel, 2430 &cur_pw, last_set_time, _prev_pw); 2431 if (ok) { 2432 struct samr_Password *previous_nt_hash = NULL; 2433 2434 E_md4hash(cur_pw, current_nt_hash->hash); 2435 SAFE_FREE(cur_pw); 2436 2437 if (prev_pw == NULL) { 2438 return true; 2439 } 2440 2441 previous_nt_hash = SMB_MALLOC_P(struct samr_Password); 2442 if (previous_nt_hash == NULL) { 2443 return false; 2444 } 2445 2446 E_md4hash(prev_pw, previous_nt_hash->hash); 2447 SAFE_FREE(prev_pw); 2448 2449 *_previous_nt_hash = previous_nt_hash; 2450 return true; 2451 } else if (is_dc_trusted_domain_situation(domain)) { 2452 return false; 2453 } 2454 2455 /* as a fallback, try to get the hashed pwd directly from the tdb... */ 2456 2457 if (secrets_fetch_trust_account_password_legacy(domain, 2458 current_nt_hash->hash, 2459 last_set_time, 2460 channel)) 2461 { 2462 if (account_name != NULL) { 2463 *account_name = lp_netbios_name(); 2464 } 2465 2466 return true; 2467 } 2468 2469 DEBUG(5, ("get_trust_pw_hash: could not fetch trust account " 2470 "password for domain %s\n", domain)); 2471 return False; 2472 } 2473 2374 2474 bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16], 2375 2475 const char **account_name, 2376 2476 enum netr_SchannelType *channel) 2377 2477 { 2378 char *pwd = NULL; 2478 struct samr_Password current_nt_hash; 2479 bool ok; 2480 2481 ok = get_trust_pw_hash2(domain, account_name, channel, 2482 ¤t_nt_hash, NULL, NULL); 2483 if (!ok) { 2484 return false; 2485 } 2486 2487 memcpy(ret_pwd, current_nt_hash.hash, sizeof(current_nt_hash.hash)); 2488 return true; 2489 } 2490 2491 NTSTATUS pdb_get_trust_credentials(const char *netbios_domain, 2492 const char *dns_domain, /* optional */ 2493 TALLOC_CTX *mem_ctx, 2494 struct cli_credentials **_creds) 2495 { 2496 TALLOC_CTX *frame = talloc_stackframe(); 2497 NTSTATUS status = NT_STATUS_INTERNAL_ERROR; 2498 struct loadparm_context *lp_ctx; 2499 enum netr_SchannelType channel; 2379 2500 time_t last_set_time; 2380 2381 if (get_trust_pw_clear(domain, &pwd, account_name, channel)) { 2382 E_md4hash(pwd, ret_pwd); 2383 SAFE_FREE(pwd); 2384 return true; 2385 } else if (is_dc_trusted_domain_situation(domain)) { 2386 return false; 2387 } 2388 2389 /* as a fallback, try to get the hashed pwd directly from the tdb... */ 2390 2391 if (secrets_fetch_trust_account_password_legacy(domain, ret_pwd, 2392 &last_set_time, 2393 channel)) 2394 { 2395 if (account_name != NULL) { 2396 *account_name = global_myname(); 2397 } 2398 2399 return true; 2400 } 2401 2402 DEBUG(5, ("get_trust_pw_hash: could not fetch trust account " 2403 "password for domain %s\n", domain)); 2404 return False; 2405 } 2501 const char *_account_name; 2502 const char *account_name; 2503 char *cur_pw = NULL; 2504 char *prev_pw = NULL; 2505 struct samr_Password cur_nt_hash; 2506 struct cli_credentials *creds = NULL; 2507 bool ok; 2508 2509 /* 2510 * If this is our primary trust relationship, use the common 2511 * code to read the secrets.ldb or secrets.tdb file. 2512 */ 2513 if (strequal(netbios_domain, lp_workgroup())) { 2514 struct db_context *db_ctx = secrets_db_ctx(); 2515 if (db_ctx == NULL) { 2516 DEBUG(1, ("failed to open secrets.tdb to obtain our trust credentials for %s\n", 2517 netbios_domain)); 2518 status = NT_STATUS_INTERNAL_ERROR; 2519 goto fail; 2520 } 2521 2522 lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); 2523 if (lp_ctx == NULL) { 2524 DEBUG(1, ("loadparm_init_s3 failed\n")); 2525 status = NT_STATUS_INTERNAL_ERROR; 2526 goto fail; 2527 } 2528 2529 creds = cli_credentials_init(mem_ctx); 2530 if (creds == NULL) { 2531 status = NT_STATUS_NO_MEMORY; 2532 goto fail; 2533 } 2534 2535 cli_credentials_set_conf(creds, lp_ctx); 2536 2537 ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED); 2538 if (!ok) { 2539 status = NT_STATUS_NO_MEMORY; 2540 goto fail; 2541 } 2542 2543 status = cli_credentials_set_machine_account_db_ctx(creds, 2544 lp_ctx, 2545 db_ctx); 2546 if (!NT_STATUS_IS_OK(status)) { 2547 goto fail; 2548 } 2549 goto done; 2550 } else if (!IS_DC) { 2551 DEBUG(1, ("Refusing to get trust account info for %s, " 2552 "which is not our primary domain %s, " 2553 "as we are not a DC\n", 2554 netbios_domain, lp_workgroup())); 2555 status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; 2556 goto fail; 2557 } 2558 2559 status = pdb_get_trusteddom_creds(netbios_domain, mem_ctx, &creds); 2560 if (NT_STATUS_IS_OK(status)) { 2561 goto done; 2562 } 2563 if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { 2564 goto fail; 2565 } 2566 2567 ok = get_trust_pw_clear2(netbios_domain, 2568 &_account_name, 2569 &channel, 2570 &cur_pw, 2571 &last_set_time, 2572 &prev_pw); 2573 if (!ok) { 2574 ok = get_trust_pw_hash2(netbios_domain, 2575 &_account_name, 2576 &channel, 2577 &cur_nt_hash, 2578 &last_set_time, 2579 NULL); 2580 if (!ok) { 2581 DEBUG(1, ("get_trust_pw_*2 failed for domain[%s]\n", 2582 netbios_domain)); 2583 status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; 2584 goto fail; 2585 } 2586 } 2587 2588 account_name = talloc_asprintf(frame, "%s$", _account_name); 2589 if (account_name == NULL) { 2590 status = NT_STATUS_NO_MEMORY; 2591 goto fail; 2592 } 2593 2594 lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers()); 2595 if (lp_ctx == NULL) { 2596 DEBUG(1, ("loadparm_init_s3 failed\n")); 2597 status = NT_STATUS_INTERNAL_ERROR; 2598 goto fail; 2599 } 2600 2601 creds = cli_credentials_init(mem_ctx); 2602 if (creds == NULL) { 2603 status = NT_STATUS_NO_MEMORY; 2604 goto fail; 2605 } 2606 2607 cli_credentials_set_conf(creds, lp_ctx); 2608 2609 cli_credentials_set_secure_channel_type(creds, channel); 2610 cli_credentials_set_password_last_changed_time(creds, last_set_time); 2611 2612 ok = cli_credentials_set_domain(creds, netbios_domain, CRED_SPECIFIED); 2613 if (!ok) { 2614 status = NT_STATUS_NO_MEMORY; 2615 goto fail; 2616 } 2617 2618 if (dns_domain != NULL) { 2619 ok = cli_credentials_set_realm(creds, dns_domain, CRED_SPECIFIED); 2620 if (!ok) { 2621 status = NT_STATUS_NO_MEMORY; 2622 goto fail; 2623 } 2624 } 2625 2626 ok = cli_credentials_set_username(creds, account_name, CRED_SPECIFIED); 2627 if (!ok) { 2628 status = NT_STATUS_NO_MEMORY; 2629 goto fail; 2630 } 2631 2632 if (cur_pw == NULL) { 2633 ok = cli_credentials_set_nt_hash(creds, &cur_nt_hash, CRED_SPECIFIED); 2634 if (!ok) { 2635 status = NT_STATUS_NO_MEMORY; 2636 goto fail; 2637 } 2638 goto done; 2639 } 2640 2641 ok = cli_credentials_set_password(creds, cur_pw, CRED_SPECIFIED); 2642 if (!ok) { 2643 status = NT_STATUS_NO_MEMORY; 2644 goto fail; 2645 } 2646 2647 if (prev_pw != NULL) { 2648 ok = cli_credentials_set_old_password(creds, prev_pw, CRED_SPECIFIED); 2649 if (!ok) { 2650 status = NT_STATUS_NO_MEMORY; 2651 goto fail; 2652 } 2653 } 2654 2655 done: 2656 *_creds = creds; 2657 creds = NULL; 2658 status = NT_STATUS_OK; 2659 fail: 2660 TALLOC_FREE(creds); 2661 SAFE_FREE(cur_pw); 2662 SAFE_FREE(prev_pw); 2663 TALLOC_FREE(frame); 2664 return status; 2665 } -
vendor/current/source3/passdb/pdb_compat.c
r740 r988 29 29 #define DBGC_CLASS DBGC_PASSDB 30 30 31 uint32 pdb_get_user_rid (const struct samu *sampass)31 uint32_t pdb_get_user_rid (const struct samu *sampass) 32 32 { 33 uint32 u_rid;33 uint32_t u_rid; 34 34 35 35 if (sampass) … … 40 40 } 41 41 42 uint32 pdb_get_group_rid (struct samu *sampass)42 uint32_t pdb_get_group_rid (struct samu *sampass) 43 43 { 44 uint32 g_rid;44 uint32_t g_rid; 45 45 46 46 if (sampass) … … 50 50 } 51 51 52 bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32 rid, enum pdb_value_state flag)52 bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32_t rid, enum pdb_value_state flag) 53 53 { 54 54 struct dom_sid u_sid; … … 76 76 } 77 77 78 bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32 grid, enum pdb_value_state flag)78 bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32_t grid, enum pdb_value_state flag) 79 79 { 80 80 struct dom_sid g_sid; -
vendor/current/source3/passdb/pdb_get_set.c
r919 r988 65 65 ********************************************************************/ 66 66 67 time_t pdb_password_change_time_max(void)67 static time_t pdb_password_change_time_max(void) 68 68 { 69 69 return 0x7FFFFFFF; … … 170 170 } 171 171 172 const uint8 *pdb_get_hours(const struct samu *sampass)172 const uint8_t *pdb_get_hours(const struct samu *sampass) 173 173 { 174 174 return (sampass->hours); 175 175 } 176 176 177 const uint8 *pdb_get_nt_passwd(const struct samu *sampass)177 const uint8_t *pdb_get_nt_passwd(const struct samu *sampass) 178 178 { 179 179 SMB_ASSERT((!sampass->nt_pw.data) 180 180 || sampass->nt_pw.length == NT_HASH_LEN); 181 return (uint8 *)sampass->nt_pw.data;182 } 183 184 const uint8 *pdb_get_lanman_passwd(const struct samu *sampass)181 return (uint8_t *)sampass->nt_pw.data; 182 } 183 184 const uint8_t *pdb_get_lanman_passwd(const struct samu *sampass) 185 185 { 186 186 SMB_ASSERT((!sampass->lm_pw.data) 187 187 || sampass->lm_pw.length == LM_HASH_LEN); 188 return (uint8 *)sampass->lm_pw.data;189 } 190 191 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32_t *current_hist_len)188 return (uint8_t *)sampass->lm_pw.data; 189 } 190 191 const uint8_t *pdb_get_pw_history(const struct samu *sampass, uint32_t *current_hist_len) 192 192 { 193 193 SMB_ASSERT((!sampass->nt_pw_his.data) 194 194 || ((sampass->nt_pw_his.length % PW_HISTORY_ENTRY_LEN) == 0)); 195 195 *current_hist_len = sampass->nt_pw_his.length / PW_HISTORY_ENTRY_LEN; 196 return (uint8 *)sampass->nt_pw_his.data;196 return (uint8_t *)sampass->nt_pw_his.data; 197 197 } 198 198 … … 399 399 sampass->pass_can_change_time = mytime; 400 400 return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag); 401 }402 403 bool pdb_set_pass_must_change_time(struct samu *sampass, time_t mytime, enum pdb_value_state flag)404 {405 sampass->pass_must_change_time = mytime;406 return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);407 401 } 408 402 … … 504 498 } 505 499 506 bool pdb_set_user_sid_from_string(struct samu *sampass, fstringu_sid, enum pdb_value_state flag)500 bool pdb_set_user_sid_from_string(struct samu *sampass, const char *u_sid, enum pdb_value_state flag) 507 501 { 508 502 struct dom_sid new_sid; … … 543 537 return False; 544 538 545 if ( !(sampass->group_sid = TALLOC_P( sampass, struct dom_sid )) ) {539 if ( !(sampass->group_sid = talloc( sampass, struct dom_sid )) ) { 546 540 return False; 547 541 } … … 837 831 ********************************************************************/ 838 832 839 bool pdb_set_nt_passwd(struct samu *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)833 bool pdb_set_nt_passwd(struct samu *sampass, const uint8_t pwd[NT_HASH_LEN], enum pdb_value_state flag) 840 834 { 841 835 data_blob_clear_free(&sampass->nt_pw); … … 855 849 ********************************************************************/ 856 850 857 bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)851 bool pdb_set_lanman_passwd(struct samu *sampass, const uint8_t pwd[LM_HASH_LEN], enum pdb_value_state flag) 858 852 { 859 853 data_blob_clear_free(&sampass->lm_pw); … … 873 867 Set the user's password history hash. historyLen is the number of 874 868 PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN length 875 entries to store in the history - this must match the size of the uint8 array869 entries to store in the history - this must match the size of the uint8_t array 876 870 in pwd. 877 871 ********************************************************************/ 878 872 879 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32_t historyLen, enum pdb_value_state flag) 880 { 873 bool pdb_set_pw_history(struct samu *sampass, const uint8_t *pwd, uint32_t historyLen, enum pdb_value_state flag) 874 { 875 DATA_BLOB new_nt_pw_his = {}; 876 881 877 if (historyLen && pwd){ 882 data_blob_free(&(sampass->nt_pw_his)); 883 sampass->nt_pw_his = data_blob_talloc(sampass, 884 pwd, historyLen*PW_HISTORY_ENTRY_LEN); 885 if (!sampass->nt_pw_his.length) { 878 new_nt_pw_his = data_blob_talloc(sampass, 879 pwd, historyLen*PW_HISTORY_ENTRY_LEN); 880 if (new_nt_pw_his.length == 0) { 886 881 DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n")); 887 882 return False; 888 883 } 889 } else { 890 sampass->nt_pw_his = data_blob_talloc(sampass, NULL, 0); 891 } 884 } 885 886 data_blob_free(&sampass->nt_pw_his); 887 sampass->nt_pw_his = new_nt_pw_his; 892 888 893 889 return pdb_set_init_flags(sampass, PDB_PWHISTORY, flag); … … 950 946 } 951 947 952 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, int hours_len,948 bool pdb_set_hours(struct samu *sampass, const uint8_t *hours, int hours_len, 953 949 enum pdb_value_state flag) 954 950 { … … 1004 1000 uchar new_lanman_p16[LM_HASH_LEN]; 1005 1001 uchar new_nt_p16[NT_HASH_LEN]; 1006 uchar *pwhistory;1007 uint32_t pwHistLen;1008 uint32_t current_history_len;1009 1002 1010 1003 if (!plaintext) … … 1035 1028 if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED)) 1036 1029 return False; 1030 1031 1032 return pdb_update_history(sampass, new_nt_p16); 1033 } 1034 1035 /********************************************************************* 1036 Update password history after change 1037 ********************************************************************/ 1038 1039 bool pdb_update_history(struct samu *sampass, const uint8_t new_nt[NT_HASH_LEN]) 1040 { 1041 uchar *pwhistory; 1042 uint32_t pwHistLen; 1043 uint32_t current_history_len; 1044 const uint8_t *current_history; 1037 1045 1038 1046 if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) { … … 1057 1065 * and now.... JRA. 1058 1066 */ 1059 pwhistory = (uchar *)pdb_get_pw_history(sampass, ¤t_history_len); 1060 1061 if ((current_history_len != 0) && (pwhistory == NULL)) { 1062 DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n")); 1067 current_history = pdb_get_pw_history(sampass, ¤t_history_len); 1068 if ((current_history_len != 0) && (current_history == NULL)) { 1069 DEBUG(1, ("pdb_update_history: pwhistory == NULL!\n")); 1063 1070 return false; 1064 1071 } 1065 1072 1066 if (current_history_len < pwHistLen) { 1067 /* 1068 * Ensure we have space for the needed history. This 1069 * also takes care of an account which did not have 1070 * any history at all so far, i.e. pwhistory==NULL 1071 */ 1072 uchar *new_history = talloc_zero_array( 1073 /* 1074 * Ensure we have space for the needed history. This 1075 * also takes care of an account which did not have 1076 * any history at all so far, i.e. pwhistory==NULL 1077 */ 1078 pwhistory = talloc_zero_array( 1073 1079 sampass, uchar, 1074 1080 pwHistLen*PW_HISTORY_ENTRY_LEN); 1075 1076 if (!new_history) { 1077 return False; 1078 } 1079 1080 memcpy(new_history, pwhistory, 1081 current_history_len*PW_HISTORY_ENTRY_LEN); 1082 1083 pwhistory = new_history; 1084 } 1081 if (!pwhistory) { 1082 return false; 1083 } 1084 1085 memcpy(pwhistory, current_history, 1086 current_history_len*PW_HISTORY_ENTRY_LEN); 1085 1087 1086 1088 /* … … 1106 1108 * the salt+newpw. 1107 1109 */ 1108 memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt _p16, SALTED_MD5_HASH_LEN);1110 memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt, SALTED_MD5_HASH_LEN); 1109 1111 1110 1112 pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED); 1111 1113 1112 1114 return True; 1115 1113 1116 } 1114 1117 … … 1119 1122 return 0x00ffffff; 1120 1123 } 1124 1125 /********************************************************************** 1126 Helper function to determine for update_sam_account whether 1127 we need LDAP modification. 1128 *********************************************************************/ 1129 1130 bool pdb_element_is_changed(const struct samu *sampass, 1131 enum pdb_elements element) 1132 { 1133 return IS_SAM_CHANGED(sampass, element); 1134 } 1135 1136 /********************************************************************** 1137 Helper function to determine for update_sam_account whether 1138 we need LDAP modification. 1139 *********************************************************************/ 1140 1141 bool pdb_element_is_set_or_changed(const struct samu *sampass, 1142 enum pdb_elements element) 1143 { 1144 return (IS_SAM_SET(sampass, element) || 1145 IS_SAM_CHANGED(sampass, element)); 1146 } -
vendor/current/source3/passdb/pdb_interface.c
r746 r988 25 25 #include "passdb.h" 26 26 #include "secrets.h" 27 #include "messages.h" 27 28 #include "../librpc/gen_ndr/samr.h" 28 #include "memcache.h" 29 #include "../librpc/gen_ndr/drsblobs.h" 30 #include "../librpc/gen_ndr/ndr_drsblobs.h" 31 #include "../librpc/gen_ndr/idmap.h" 32 #include "../lib/util/memcache.h" 29 33 #include "nsswitch/winbind_client.h" 30 34 #include "../libcli/security/security.h" 31 35 #include "../lib/util/util_pw.h" 36 #include "passdb/pdb_secrets.h" 37 #include "lib/util_sid_passdb.h" 38 #include "idmap_cache.h" 32 39 33 40 #undef DBGC_CLASS … … 48 55 } 49 56 50 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,57 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid, 51 58 const char **name, 52 59 enum lsa_SidType *psid_name_use, 53 u nion unid_t *unix_id);60 uid_t *uid, gid_t *gid); 54 61 55 62 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init) … … 97 104 return NULL; 98 105 } 106 107 const struct pdb_init_function_entry *pdb_get_backends(void) 108 { 109 return backends; 110 } 111 99 112 100 113 /* … … 108 121 */ 109 122 110 static struct event_context *pdb_event_ctx;111 112 struct event_context *pdb_get_event_context(void)113 { 114 return pdb_ event_ctx;123 static struct tevent_context *pdb_tevent_ctx; 124 125 struct tevent_context *pdb_get_tevent_context(void) 126 { 127 return pdb_tevent_ctx; 115 128 } 116 129 … … 189 202 } 190 203 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) { 191 char *msg = NULL; 192 if (asprintf(&msg, "pdb_get_methods_reload: " 193 "failed to get pdb methods for backend %s\n", 194 lp_passdb_backend()) > 0) { 195 smb_panic(msg); 196 } else { 197 smb_panic("pdb_get_methods_reload"); 198 } 204 return NULL; 199 205 } 200 206 } … … 202 208 if ( !pdb ) { 203 209 if ( !NT_STATUS_IS_OK( make_pdb_method_name( &pdb, lp_passdb_backend() ) ) ) { 204 char *msg = NULL; 205 if (asprintf(&msg, "pdb_get_methods_reload: " 206 "failed to get pdb methods for backend %s\n", 207 lp_passdb_backend()) > 0) { 208 smb_panic(msg); 209 } else { 210 smb_panic("pdb_get_methods_reload"); 211 } 210 return NULL; 212 211 } 213 212 } … … 218 217 static struct pdb_methods *pdb_get_methods(void) 219 218 { 220 return pdb_get_methods_reload(False); 219 struct pdb_methods *pdb; 220 221 pdb = pdb_get_methods_reload(false); 222 if (!pdb) { 223 char *msg = NULL; 224 if (asprintf(&msg, "pdb_get_methods: " 225 "failed to get pdb methods for backend %s\n", 226 lp_passdb_backend()) > 0) { 227 smb_panic(msg); 228 } else { 229 smb_panic("pdb_get_methods"); 230 } 231 } 232 233 return pdb; 221 234 } 222 235 … … 356 369 struct passwd *pwd; 357 370 NTSTATUS result; 358 const char *guestname = lp_guest account();371 const char *guestname = lp_guest_account(); 359 372 360 373 pwd = Get_Pwnam_alloc(talloc_tos(), guestname); … … 448 461 449 462 if ((acb_info & ACB_NORMAL) && name[strlen(name)-1] != '$') { 450 add_script = talloc_strdup(tmp_ctx, 451 lp_adduser_script()); 463 add_script = lp_add_user_script(tmp_ctx); 452 464 } else { 453 add_script = talloc_strdup(tmp_ctx, 454 lp_addmachine_script()); 465 add_script = lp_add_machine_script(tmp_ctx); 455 466 } 456 467 … … 464 475 compatibility with previous Samba releases */ 465 476 fstrcpy( name2, name ); 466 strlower_m( name2 ); 477 if (!strlower_m( name2 )) { 478 return NT_STATUS_INVALID_PARAMETER; 479 } 467 480 add_script = talloc_all_string_sub(tmp_ctx, 468 481 add_script, … … 491 504 /* we have a valid SID coming out of this call */ 492 505 493 status = samu_alloc_rid_unix( sam_pass, pwd);506 status = samu_alloc_rid_unix(methods, sam_pass, pwd); 494 507 495 508 TALLOC_FREE( pwd ); … … 516 529 pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); 517 530 518 status = pdb_add_sam_account(sam_pass);531 status = methods->add_sam_account(methods, sam_pass); 519 532 520 533 TALLOC_FREE(sam_pass); … … 546 559 } 547 560 548 del_script = talloc_strdup(talloc_tos(), lp_deluser_script());561 del_script = lp_delete_user_script(talloc_tos()); 549 562 if (!del_script || !*del_script) { 550 563 return -1; … … 574 587 fstring username; 575 588 576 status = pdb_delete_sam_account(sam_acct);589 status = methods->delete_sam_account(methods, sam_acct); 577 590 if (!NT_STATUS_IS_OK(status)) { 578 591 return status; … … 590 603 591 604 fstrcpy( username, pdb_get_username(sam_acct) ); 592 strlower_m( username ); 605 if (!strlower_m( username )) { 606 return status; 607 } 593 608 594 609 smb_delete_user( username ); … … 601 616 struct pdb_methods *pdb = pdb_get_methods(); 602 617 uid_t uid = -1; 618 NTSTATUS status; 619 const struct dom_sid *user_sid; 620 char *msg_data; 621 622 user_sid = pdb_get_user_sid(sam_acct); 603 623 604 624 /* sanity check to make sure we don't delete root */ 605 625 606 if ( !sid_to_uid( pdb_get_user_sid(sam_acct), &uid ) ) {626 if ( !sid_to_uid(user_sid, &uid ) ) { 607 627 return NT_STATUS_NO_SUCH_USER; 608 628 } … … 612 632 } 613 633 614 return pdb->delete_user(pdb, mem_ctx, sam_acct); 634 memcache_delete(NULL, 635 PDB_GETPWSID_CACHE, 636 data_blob_const(user_sid, sizeof(*user_sid))); 637 638 status = pdb->delete_user(pdb, mem_ctx, sam_acct); 639 if (!NT_STATUS_IS_OK(status)) { 640 return status; 641 } 642 643 msg_data = talloc_asprintf(mem_ctx, "USER %s", 644 pdb_get_username(sam_acct)); 645 if (!msg_data) { 646 /* not fatal, and too late to rollback, 647 * just return */ 648 return status; 649 } 650 message_send_all(server_messaging_context(), 651 ID_CACHE_DELETE, 652 msg_data, 653 strlen(msg_data) + 1, 654 NULL); 655 656 TALLOC_FREE(msg_data); 657 return status; 615 658 } 616 659 … … 633 676 { 634 677 struct pdb_methods *pdb = pdb_get_methods(); 635 636 memcache_flush(NULL, PDB_GETPWSID_CACHE); 678 const struct dom_sid *user_sid = pdb_get_user_sid(sam_acct); 679 680 memcache_delete(NULL, 681 PDB_GETPWSID_CACHE, 682 data_blob_const(user_sid, sizeof(*user_sid))); 637 683 638 684 return pdb->delete_sam_account(pdb, sam_acct); … … 740 786 { 741 787 struct dom_sid group_sid; 742 GROUP_MAP map;788 GROUP_MAP *map; 743 789 NTSTATUS status; 744 790 struct group *grp; 745 791 const char *grp_name; 746 792 793 map = talloc_zero(mem_ctx, GROUP_MAP); 794 if (!map) { 795 return NT_STATUS_NO_MEMORY; 796 } 797 747 798 /* coverity */ 748 map .gid = (gid_t) -1;799 map->gid = (gid_t) -1; 749 800 750 801 sid_compose(&group_sid, get_global_sam_sid(), rid); 751 802 752 if (!get_domain_group_from_sid(group_sid, &map)) {803 if (!get_domain_group_from_sid(group_sid, map)) { 753 804 DEBUG(10, ("Could not find group for rid %d\n", rid)); 754 805 return NT_STATUS_NO_SUCH_GROUP; … … 757 808 /* We need the group name for the smb_delete_group later on */ 758 809 759 if (map .gid == (gid_t)-1) {810 if (map->gid == (gid_t)-1) { 760 811 return NT_STATUS_NO_SUCH_GROUP; 761 812 } 762 813 763 grp = getgrgid(map .gid);814 grp = getgrgid(map->gid); 764 815 if (grp == NULL) { 765 816 return NT_STATUS_NO_SUCH_GROUP; 766 817 } 818 819 TALLOC_FREE(map); 767 820 768 821 /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */ … … 810 863 } 811 864 812 bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, 813 size_t *p_num_entries, bool unix_only) 865 bool pdb_enum_group_mapping(const struct dom_sid *sid, 866 enum lsa_SidType sid_name_use, 867 GROUP_MAP ***pp_rmap, 868 size_t *p_num_entries, 869 bool unix_only) 814 870 { 815 871 struct pdb_methods *pdb = pdb_get_methods(); … … 917 973 struct dom_sid group_sid, member_sid; 918 974 struct samu *account = NULL; 919 GROUP_MAP map;975 GROUP_MAP *map; 920 976 struct group *grp; 921 977 struct passwd *pwd; … … 923 979 uid_t uid; 924 980 981 map = talloc_zero(mem_ctx, GROUP_MAP); 982 if (!map) { 983 return NT_STATUS_NO_MEMORY; 984 } 985 925 986 /* coverity */ 926 map .gid = (gid_t) -1;987 map->gid = (gid_t) -1; 927 988 928 989 sid_compose(&group_sid, get_global_sam_sid(), group_rid); 929 990 sid_compose(&member_sid, get_global_sam_sid(), member_rid); 930 991 931 if (!get_domain_group_from_sid(group_sid, &map) ||932 (map .gid == (gid_t)-1) ||933 ((grp = getgrgid(map .gid)) == NULL)) {992 if (!get_domain_group_from_sid(group_sid, map) || 993 (map->gid == (gid_t)-1) || 994 ((grp = getgrgid(map->gid)) == NULL)) { 934 995 return NT_STATUS_NO_SUCH_GROUP; 935 996 } 997 998 TALLOC_FREE(map); 936 999 937 1000 group_name = talloc_strdup(mem_ctx, grp->gr_name); … … 982 1045 struct dom_sid group_sid, member_sid; 983 1046 struct samu *account = NULL; 984 GROUP_MAP map;1047 GROUP_MAP *map; 985 1048 struct group *grp; 986 1049 struct passwd *pwd; … … 988 1051 uid_t uid; 989 1052 1053 map = talloc_zero(mem_ctx, GROUP_MAP); 1054 if (!map) { 1055 return NT_STATUS_NO_MEMORY; 1056 } 1057 990 1058 sid_compose(&group_sid, get_global_sam_sid(), group_rid); 991 1059 sid_compose(&member_sid, get_global_sam_sid(), member_rid); 992 1060 993 if (!get_domain_group_from_sid(group_sid, &map) ||994 (map .gid == (gid_t)-1) ||995 ((grp = getgrgid(map .gid)) == NULL)) {1061 if (!get_domain_group_from_sid(group_sid, map) || 1062 (map->gid == (gid_t)-1) || 1063 ((grp = getgrgid(map->gid)) == NULL)) { 996 1064 return NT_STATUS_NO_SUCH_GROUP; 997 1065 } 1066 1067 TALLOC_FREE(map); 998 1068 999 1069 group_name = talloc_strdup(mem_ctx, grp->gr_name); … … 1105 1175 } 1106 1176 1107 /*1108 * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere1109 * in the samba code.1110 * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually1111 * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time,1112 * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come1113 * down to are pdb_getsampwnam and pdb_getgrnam instead of1114 * pdb_lookup_names.1115 * But in principle, it the call belongs to the API and might get1116 * used in this context some day.1117 */1118 #if 01119 NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid,1120 int num_names,1121 const char **names,1122 uint32_t *rids,1123 enum lsa_SidType *attrs)1124 {1125 struct pdb_methods *pdb = pdb_get_methods();1126 return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);1127 }1128 #endif1129 1130 1177 bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value) 1131 1178 { … … 1158 1205 } 1159 1206 1160 bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid) 1161 { 1162 struct pdb_methods *pdb = pdb_get_methods(); 1163 return pdb->uid_to_sid(pdb, uid, sid); 1164 } 1165 1166 bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid) 1167 { 1168 struct pdb_methods *pdb = pdb_get_methods(); 1169 return pdb->gid_to_sid(pdb, gid, sid); 1170 } 1171 1172 bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id, 1173 enum lsa_SidType *type) 1174 { 1175 struct pdb_methods *pdb = pdb_get_methods(); 1176 return pdb->sid_to_id(pdb, sid, id, type); 1207 /* 1208 * Instead of passing down a gid or uid, this function sends down a pointer 1209 * to a unixid. 1210 * 1211 * This acts as an in-out variable so that the idmap functions can correctly 1212 * receive ID_TYPE_BOTH, filling in cache details correctly rather than forcing 1213 * the cache to store ID_TYPE_UID or ID_TYPE_GID. 1214 */ 1215 bool pdb_id_to_sid(struct unixid *id, struct dom_sid *sid) 1216 { 1217 struct pdb_methods *pdb = pdb_get_methods(); 1218 bool ret; 1219 1220 ret = pdb->id_to_sid(pdb, id, sid); 1221 1222 if (ret == true) { 1223 idmap_cache_set_sid2unixid(sid, id); 1224 } 1225 1226 return ret; 1227 } 1228 1229 bool pdb_sid_to_id(const struct dom_sid *sid, struct unixid *id) 1230 { 1231 struct pdb_methods *pdb = pdb_get_methods(); 1232 bool ret; 1233 1234 /* only ask the backend if it is responsible */ 1235 if (!sid_check_object_is_for_passdb(sid)) { 1236 return false; 1237 } 1238 1239 ret = pdb->sid_to_id(pdb, sid, id); 1240 1241 if (ret == true) { 1242 idmap_cache_set_sid2unixid(sid, id); 1243 } 1244 1245 return ret; 1177 1246 } 1178 1247 … … 1231 1300 /* validate that the RID is not in use */ 1232 1301 1233 if ( lookup_global_sam_rid( ctx, allocated_rid, &name, &type, NULL )) {1302 if (lookup_global_sam_rid(ctx, allocated_rid, &name, &type, NULL, NULL)) { 1234 1303 allocated_rid = 0; 1235 1304 } … … 1254 1323 ***************************************************************/ 1255 1324 1256 bool initialize_password_db(bool reload, struct event_context *event_ctx) 1257 { 1258 pdb_event_ctx = event_ctx; 1325 bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx) 1326 { 1327 if (tevent_ctx) { 1328 pdb_tevent_ctx = tevent_ctx; 1329 } 1259 1330 return (pdb_get_methods_reload(reload) != NULL); 1260 1331 } 1261 1262 1332 1263 1333 /*************************************************************************** … … 1325 1395 bool ret; 1326 1396 1327 unix_pw = sys_getpwuid( uid );1397 unix_pw = getpwuid( uid ); 1328 1398 1329 1399 if ( !unix_pw ) { … … 1360 1430 struct dom_sid *sid) 1361 1431 { 1362 GROUP_MAP map; 1363 1364 if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) { 1365 return False; 1366 } 1367 1368 sid_copy(sid, &map.sid); 1369 return True; 1432 GROUP_MAP *map; 1433 1434 map = talloc_zero(NULL, GROUP_MAP); 1435 if (!map) { 1436 return false; 1437 } 1438 1439 if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) { 1440 TALLOC_FREE(map); 1441 return false; 1442 } 1443 1444 sid_copy(sid, &map->sid); 1445 TALLOC_FREE(map); 1446 return true; 1447 } 1448 1449 static bool pdb_default_id_to_sid(struct pdb_methods *methods, struct unixid *id, 1450 struct dom_sid *sid) 1451 { 1452 switch (id->type) { 1453 case ID_TYPE_UID: 1454 return pdb_default_uid_to_sid(methods, id->id, sid); 1455 1456 case ID_TYPE_GID: 1457 return pdb_default_gid_to_sid(methods, id->id, sid); 1458 1459 default: 1460 return false; 1461 } 1462 } 1463 /** 1464 * The "Unix User" and "Unix Group" domains have a special 1465 * id mapping that is a rid-algorithm with range starting at 0. 1466 */ 1467 bool pdb_sid_to_id_unix_users_and_groups(const struct dom_sid *sid, 1468 struct unixid *id) 1469 { 1470 uint32_t rid; 1471 1472 id->id = -1; 1473 1474 if (sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid)) { 1475 id->id = rid; 1476 id->type = ID_TYPE_UID; 1477 return true; 1478 } 1479 1480 if (sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid)) { 1481 id->id = rid; 1482 id->type = ID_TYPE_GID; 1483 return true; 1484 } 1485 1486 return false; 1370 1487 } 1371 1488 1372 1489 static bool pdb_default_sid_to_id(struct pdb_methods *methods, 1373 1490 const struct dom_sid *sid, 1374 union unid_t *id, enum lsa_SidType *type)1491 struct unixid *id) 1375 1492 { 1376 1493 TALLOC_CTX *mem_ctx; 1377 1494 bool ret = False; 1378 const char *name;1379 1495 uint32_t rid; 1496 id->id = -1; 1380 1497 1381 1498 mem_ctx = talloc_new(NULL); … … 1387 1504 1388 1505 if (sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) { 1506 const char *name; 1507 enum lsa_SidType type; 1508 uid_t uid = (uid_t)-1; 1509 gid_t gid = (gid_t)-1; 1389 1510 /* Here we might have users as well as groups and aliases */ 1390 ret = lookup_global_sam_rid(mem_ctx, rid, &name, type, id); 1511 ret = lookup_global_sam_rid(mem_ctx, rid, &name, &type, &uid, &gid); 1512 if (ret) { 1513 switch (type) { 1514 case SID_NAME_DOM_GRP: 1515 case SID_NAME_ALIAS: 1516 id->type = ID_TYPE_GID; 1517 id->id = gid; 1518 break; 1519 case SID_NAME_USER: 1520 id->type = ID_TYPE_UID; 1521 id->id = uid; 1522 break; 1523 default: 1524 DEBUG(5, ("SID %s belongs to our domain, and " 1525 "an object exists in the database, " 1526 "but it is neither a user nor a " 1527 "group (got type %d).\n", 1528 sid_string_dbg(sid), type)); 1529 ret = false; 1530 } 1531 } else { 1532 DEBUG(5, ("SID %s belongs to our domain, but there is " 1533 "no corresponding object in the database.\n", 1534 sid_string_dbg(sid))); 1535 } 1391 1536 goto done; 1392 1537 } 1393 1538 1394 /* check for "Unix User" */ 1395 1396 if ( sid_peek_check_rid(&global_sid_Unix_Users, sid, &rid) ) { 1397 id->uid = rid; 1398 *type = SID_NAME_USER; 1399 ret = True; 1400 goto done; 1401 } 1402 1403 /* check for "Unix Group" */ 1404 1405 if ( sid_peek_check_rid(&global_sid_Unix_Groups, sid, &rid) ) { 1406 id->gid = rid; 1407 *type = SID_NAME_ALIAS; 1408 ret = True; 1409 goto done; 1539 /* 1540 * "Unix User" and "Unix Group" 1541 */ 1542 ret = pdb_sid_to_id_unix_users_and_groups(sid, id); 1543 if (ret == true) { 1544 goto done; 1410 1545 } 1411 1546 … … 1415 1550 sid_check_is_in_wellknown_domain(sid)) { 1416 1551 /* Here we only have aliases */ 1417 GROUP_MAP map; 1418 if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) { 1552 GROUP_MAP *map; 1553 1554 map = talloc_zero(mem_ctx, GROUP_MAP); 1555 if (!map) { 1556 ret = false; 1557 goto done; 1558 } 1559 1560 if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) { 1419 1561 DEBUG(10, ("Could not find map for sid %s\n", 1420 1562 sid_string_dbg(sid))); 1421 1563 goto done; 1422 1564 } 1423 if ((map .sid_name_use != SID_NAME_ALIAS) &&1424 (map .sid_name_use != SID_NAME_WKN_GRP)) {1565 if ((map->sid_name_use != SID_NAME_ALIAS) && 1566 (map->sid_name_use != SID_NAME_WKN_GRP)) { 1425 1567 DEBUG(10, ("Map for sid %s is a %s, expected an " 1426 1568 "alias\n", sid_string_dbg(sid), 1427 sid_type_lookup(map .sid_name_use)));1569 sid_type_lookup(map->sid_name_use))); 1428 1570 goto done; 1429 1571 } 1430 1572 1431 id-> gid = map.gid;1432 *type = SID_NAME_ALIAS;1573 id->id = map->gid; 1574 id->type = ID_TYPE_GID; 1433 1575 ret = True; 1434 1576 goto done; … … 1521 1663 return NT_STATUS_OK; 1522 1664 1523 *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32_t, num_uids);1665 *pp_member_rids = talloc_zero_array(mem_ctx, uint32_t, num_uids); 1524 1666 1525 1667 for (i=0; i<num_uids; i++) { … … 1528 1670 uid_to_sid(&sid, uids[i]); 1529 1671 1530 if (!sid_check_is_in_our_ domain(&sid)) {1672 if (!sid_check_is_in_our_sam(&sid)) { 1531 1673 DEBUG(5, ("Inconsistent SAM -- group member uid not " 1532 1674 "in our domain\n")); … … 1573 1715 } 1574 1716 1575 *pp_sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, *p_num_groups);1717 *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups); 1576 1718 1577 1719 if (*pp_sids == NULL) { … … 1594 1736 const char **name, 1595 1737 enum lsa_SidType *psid_name_use, 1596 u nion unid_t *unix_id)1738 uid_t *uid, gid_t *gid) 1597 1739 { 1598 1740 struct samu *sam_account = NULL; 1599 GROUP_MAP map;1741 GROUP_MAP *map = NULL; 1600 1742 bool ret; 1601 1743 struct dom_sid sid; … … 1614 1756 } 1615 1757 1758 map = talloc_zero(mem_ctx, GROUP_MAP); 1759 if (!map) { 1760 return false; 1761 } 1762 1616 1763 /* BEING ROOT BLOCK */ 1617 1764 become_root(); 1618 if (pdb_getsampwsid(sam_account, &sid)) { 1765 ret = pdb_getsampwsid(sam_account, &sid); 1766 if (!ret) { 1767 TALLOC_FREE(sam_account); 1768 ret = pdb_getgrsid(map, sid); 1769 } 1770 unbecome_root(); 1771 /* END BECOME_ROOT BLOCK */ 1772 1773 if (sam_account || !ret) { 1774 TALLOC_FREE(map); 1775 } 1776 1777 if (sam_account) { 1619 1778 struct passwd *pw; 1620 1779 1621 unbecome_root(); /* -----> EXIT BECOME_ROOT() */1622 1780 *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account)); 1623 1781 if (!*name) { … … 1630 1788 TALLOC_FREE(sam_account); 1631 1789 1632 if (u nix_id == NULL) {1790 if (uid == NULL) { 1633 1791 return True; 1634 1792 } … … 1638 1796 return False; 1639 1797 } 1640 unix_id->uid = pw->pw_uid;1798 *uid = pw->pw_uid; 1641 1799 TALLOC_FREE(pw); 1642 1800 return True; 1643 } 1644 TALLOC_FREE(sam_account); 1645 1646 ret = pdb_getgrsid(&map, sid); 1647 unbecome_root(); 1648 /* END BECOME_ROOT BLOCK */ 1649 1650 /* do not resolve SIDs to a name unless there is a valid 1651 gid associated with it */ 1652 1653 if ( ret && (map.gid != (gid_t)-1) ) { 1654 *name = talloc_strdup(mem_ctx, map.nt_name); 1655 *psid_name_use = map.sid_name_use; 1656 1657 if ( unix_id ) { 1658 unix_id->gid = map.gid; 1659 } 1660 1801 1802 } else if (map && (map->gid != (gid_t)-1)) { 1803 1804 /* do not resolve SIDs to a name unless there is a valid 1805 gid associated with it */ 1806 1807 *name = talloc_steal(mem_ctx, map->nt_name); 1808 *psid_name_use = map->sid_name_use; 1809 1810 if (gid) { 1811 *gid = map->gid; 1812 } 1813 1814 TALLOC_FREE(map); 1661 1815 return True; 1662 1816 } 1817 1818 TALLOC_FREE(map); 1663 1819 1664 1820 /* Windows will always map RID 513 to something. On a non-domain 1665 1821 controller, this gets mapped to SERVER\None. */ 1666 1822 1667 if ( unix_id) {1823 if (uid || gid) { 1668 1824 DEBUG(5, ("Can't find a unix id for an unmapped group\n")); 1669 1825 return False; … … 1712 1868 1713 1869 /* Should not happen, but better check once too many */ 1714 if (!sid_check_is_ domain(domain_sid)) {1870 if (!sid_check_is_our_sam(domain_sid)) { 1715 1871 return NT_STATUS_INVALID_HANDLE; 1716 1872 } … … 1720 1876 1721 1877 if (lookup_global_sam_rid(names, rids[i], &name, &attrs[i], 1722 NULL )) {1878 NULL, NULL)) { 1723 1879 if (name == NULL) { 1724 1880 return NT_STATUS_NO_MEMORY; … … 1743 1899 } 1744 1900 1745 #if 01746 static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,1747 const struct dom_sid *domain_sid,1748 int num_names,1749 const char **names,1750 uint32_t *rids,1751 enum lsa_SidType *attrs)1752 {1753 int i;1754 NTSTATUS result;1755 bool have_mapped = False;1756 bool have_unmapped = False;1757 1758 if (sid_check_is_builtin(domain_sid)) {1759 1760 for (i=0; i<num_names; i++) {1761 uint32_t rid;1762 1763 if (lookup_builtin_name(names[i], &rid)) {1764 attrs[i] = SID_NAME_ALIAS;1765 rids[i] = rid;1766 DEBUG(5,("lookup_rids: %s:%d\n",1767 names[i], attrs[i]));1768 have_mapped = True;1769 } else {1770 have_unmapped = True;1771 attrs[i] = SID_NAME_UNKNOWN;1772 }1773 }1774 goto done;1775 }1776 1777 /* Should not happen, but better check once too many */1778 if (!sid_check_is_domain(domain_sid)) {1779 return NT_STATUS_INVALID_HANDLE;1780 }1781 1782 for (i = 0; i < num_names; i++) {1783 if (lookup_global_sam_name(names[i], 0, &rids[i], &attrs[i])) {1784 DEBUG(5,("lookup_names: %s-> %d:%d\n", names[i],1785 rids[i], attrs[i]));1786 have_mapped = True;1787 } else {1788 have_unmapped = True;1789 attrs[i] = SID_NAME_UNKNOWN;1790 }1791 }1792 1793 done:1794 1795 result = NT_STATUS_NONE_MAPPED;1796 1797 if (have_mapped)1798 result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;1799 1800 return result;1801 }1802 #endif1803 1804 1901 static int pdb_search_destructor(struct pdb_search *search) 1805 1902 { … … 1864 1961 1865 1962 struct group_search { 1866 GROUP_MAP * groups;1963 GROUP_MAP **groups; 1867 1964 size_t num_groups, current_group; 1868 1965 }; … … 1873 1970 struct group_search *state = (struct group_search *)s->private_data; 1874 1971 uint32_t rid; 1875 GROUP_MAP *map = &state->groups[state->current_group];1972 GROUP_MAP *map; 1876 1973 1877 1974 if (state->current_group == state->num_groups) 1878 1975 return False; 1879 1976 1977 map = state->groups[state->current_group]; 1978 1880 1979 sid_peek_rid(&map->sid, &rid); 1881 1980 … … 1890 1989 struct group_search *state = 1891 1990 (struct group_search *)search->private_data; 1892 SAFE_FREE(state->groups); 1893 } 1894 1895 static bool pdb_search_grouptype(struct pdb_search *search, 1991 TALLOC_FREE(state->groups); 1992 } 1993 1994 static bool pdb_search_grouptype(struct pdb_methods *methods, 1995 struct pdb_search *search, 1896 1996 const struct dom_sid *sid, enum lsa_SidType type) 1897 1997 { 1898 1998 struct group_search *state; 1899 1999 1900 state = talloc (search, struct group_search);2000 state = talloc_zero(search, struct group_search); 1901 2001 if (state == NULL) { 1902 2002 DEBUG(0, ("talloc failed\n")); … … 1904 2004 } 1905 2005 1906 if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups, 1907 True)) { 2006 if (!NT_STATUS_IS_OK(methods->enum_group_mapping(methods, sid, type, 2007 &state->groups, &state->num_groups, 2008 True))) { 1908 2009 DEBUG(0, ("Could not enum groups\n")); 1909 2010 return False; … … 1920 2021 struct pdb_search *search) 1921 2022 { 1922 return pdb_search_grouptype( search, get_global_sam_sid(), SID_NAME_DOM_GRP);2023 return pdb_search_grouptype(methods, search, get_global_sam_sid(), SID_NAME_DOM_GRP); 1923 2024 } 1924 2025 … … 1928 2029 { 1929 2030 1930 return pdb_search_grouptype( search, sid, SID_NAME_ALIAS);2031 return pdb_search_grouptype(methods, search, sid, SID_NAME_ALIAS); 1931 2032 } 1932 2033 … … 2043 2144 return pdb->get_trusteddom_pw(pdb, domain, pwd, sid, 2044 2145 pass_last_set_time); 2146 } 2147 2148 NTSTATUS pdb_get_trusteddom_creds(const char *domain, TALLOC_CTX *mem_ctx, 2149 struct cli_credentials **creds) 2150 { 2151 struct pdb_methods *pdb = pdb_get_methods(); 2152 return pdb->get_trusteddom_creds(pdb, domain, mem_ctx, creds); 2045 2153 } 2046 2154 … … 2082 2190 } 2083 2191 2192 static NTSTATUS pdb_default_get_trusteddom_creds(struct pdb_methods *methods, 2193 const char *domain, 2194 TALLOC_CTX *mem_ctx, 2195 struct cli_credentials **creds) 2196 { 2197 *creds = NULL; 2198 return NT_STATUS_NOT_IMPLEMENTED; 2199 } 2200 2084 2201 static bool pdb_default_set_trusteddom_pw(struct pdb_methods *methods, 2085 2202 const char* domain, … … 2147 2264 struct pdb_trusted_domain **td) 2148 2265 { 2149 return NT_STATUS_NOT_IMPLEMENTED; 2266 struct trustAuthInOutBlob taiob; 2267 struct AuthenticationInformation aia; 2268 struct pdb_trusted_domain *tdom; 2269 enum ndr_err_code ndr_err; 2270 time_t last_set_time; 2271 char *pwd; 2272 bool ok; 2273 2274 tdom = talloc(mem_ctx, struct pdb_trusted_domain); 2275 if (!tdom) { 2276 return NT_STATUS_NO_MEMORY; 2277 } 2278 2279 tdom->domain_name = talloc_strdup(tdom, domain); 2280 tdom->netbios_name = talloc_strdup(tdom, domain); 2281 if (!tdom->domain_name || !tdom->netbios_name) { 2282 talloc_free(tdom); 2283 return NT_STATUS_NO_MEMORY; 2284 } 2285 2286 tdom->trust_auth_incoming = data_blob_null; 2287 2288 ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier, 2289 &last_set_time); 2290 if (!ok) { 2291 talloc_free(tdom); 2292 return NT_STATUS_UNSUCCESSFUL; 2293 } 2294 2295 ZERO_STRUCT(taiob); 2296 ZERO_STRUCT(aia); 2297 taiob.count = 1; 2298 taiob.current.count = 1; 2299 taiob.current.array = &aia; 2300 unix_to_nt_time(&aia.LastUpdateTime, last_set_time); 2301 2302 aia.AuthType = TRUST_AUTH_TYPE_CLEAR; 2303 aia.AuthInfo.clear.size = strlen(pwd); 2304 aia.AuthInfo.clear.password = (uint8_t *)talloc_memdup(tdom, pwd, 2305 aia.AuthInfo.clear.size); 2306 SAFE_FREE(pwd); 2307 if (aia.AuthInfo.clear.password == NULL) { 2308 talloc_free(tdom); 2309 return NT_STATUS_NO_MEMORY; 2310 } 2311 2312 taiob.previous.count = 0; 2313 taiob.previous.array = NULL; 2314 2315 ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing, 2316 tdom, &taiob, 2317 (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); 2318 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 2319 talloc_free(tdom); 2320 return NT_STATUS_UNSUCCESSFUL; 2321 } 2322 2323 tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND; 2324 tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL; 2325 tdom->trust_attributes = 0; 2326 tdom->trust_forest_trust_info = data_blob_null; 2327 2328 *td = tdom; 2329 return NT_STATUS_OK; 2150 2330 } 2151 2331 … … 2158 2338 } 2159 2339 2340 #define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0) 2341 2160 2342 static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods, 2161 2343 const char* domain, 2162 2344 const struct pdb_trusted_domain *td) 2163 2345 { 2164 return NT_STATUS_NOT_IMPLEMENTED; 2346 struct trustAuthInOutBlob taiob; 2347 struct AuthenticationInformation *aia; 2348 enum ndr_err_code ndr_err; 2349 char *pwd; 2350 bool ok; 2351 2352 if (td->trust_attributes != 0 || 2353 td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL || 2354 td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND || 2355 !IS_NULL_DATA_BLOB(td->trust_auth_incoming) || 2356 !IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) { 2357 return NT_STATUS_NOT_IMPLEMENTED; 2358 } 2359 2360 ZERO_STRUCT(taiob); 2361 ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(), 2362 &taiob, 2363 (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); 2364 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 2365 return NT_STATUS_UNSUCCESSFUL; 2366 } 2367 2368 aia = (struct AuthenticationInformation *) taiob.current.array; 2369 2370 if (taiob.count != 1 || taiob.current.count != 1 || 2371 taiob.previous.count != 0 || 2372 aia->AuthType != TRUST_AUTH_TYPE_CLEAR) { 2373 return NT_STATUS_NOT_IMPLEMENTED; 2374 } 2375 2376 pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password, 2377 aia->AuthInfo.clear.size); 2378 if (!pwd) { 2379 return NT_STATUS_NO_MEMORY; 2380 } 2381 2382 ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier); 2383 if (!ok) { 2384 return NT_STATUS_UNSUCCESSFUL; 2385 } 2386 2387 return NT_STATUS_OK; 2165 2388 } 2166 2389 … … 2183 2406 { 2184 2407 return NULL; 2408 } 2409 2410 /***************************************************************** 2411 UPN suffixes 2412 *****************************************************************/ 2413 static NTSTATUS pdb_default_enum_upn_suffixes(struct pdb_methods *pdb, 2414 TALLOC_CTX *mem_ctx, 2415 uint32_t *num_suffixes, 2416 char ***suffixes) 2417 { 2418 return NT_STATUS_NOT_IMPLEMENTED; 2419 } 2420 2421 static NTSTATUS pdb_default_set_upn_suffixes(struct pdb_methods *pdb, 2422 uint32_t num_suffixes, 2423 const char **suffixes) 2424 { 2425 return NT_STATUS_NOT_IMPLEMENTED; 2426 } 2427 2428 NTSTATUS pdb_enum_upn_suffixes(TALLOC_CTX *mem_ctx, 2429 uint32_t *num_suffixes, 2430 char ***suffixes) 2431 { 2432 struct pdb_methods *pdb = pdb_get_methods(); 2433 return pdb->enum_upn_suffixes(pdb, mem_ctx, num_suffixes, suffixes); 2434 } 2435 2436 NTSTATUS pdb_set_upn_suffixes(uint32_t num_suffixes, 2437 const char **suffixes) 2438 { 2439 struct pdb_methods *pdb = pdb_get_methods(); 2440 return pdb->set_upn_suffixes(pdb, num_suffixes, suffixes); 2441 } 2442 2443 /******************************************************************* 2444 idmap control methods 2445 *******************************************************************/ 2446 static bool pdb_default_is_responsible_for_our_sam( 2447 struct pdb_methods *methods) 2448 { 2449 return true; 2450 } 2451 2452 static bool pdb_default_is_responsible_for_builtin( 2453 struct pdb_methods *methods) 2454 { 2455 return true; 2456 } 2457 2458 static bool pdb_default_is_responsible_for_wellknown( 2459 struct pdb_methods *methods) 2460 { 2461 return false; 2462 } 2463 2464 static bool pdb_default_is_responsible_for_unix_users( 2465 struct pdb_methods *methods) 2466 { 2467 return true; 2468 } 2469 2470 static bool pdb_default_is_responsible_for_unix_groups( 2471 struct pdb_methods *methods) 2472 { 2473 return true; 2474 } 2475 2476 static bool pdb_default_is_responsible_for_everything_else( 2477 struct pdb_methods *methods) 2478 { 2479 return false; 2480 } 2481 2482 bool pdb_is_responsible_for_our_sam(void) 2483 { 2484 struct pdb_methods *pdb = pdb_get_methods(); 2485 return pdb->is_responsible_for_our_sam(pdb); 2486 } 2487 2488 bool pdb_is_responsible_for_builtin(void) 2489 { 2490 struct pdb_methods *pdb = pdb_get_methods(); 2491 return pdb->is_responsible_for_builtin(pdb); 2492 } 2493 2494 bool pdb_is_responsible_for_wellknown(void) 2495 { 2496 struct pdb_methods *pdb = pdb_get_methods(); 2497 return pdb->is_responsible_for_wellknown(pdb); 2498 } 2499 2500 bool pdb_is_responsible_for_unix_users(void) 2501 { 2502 struct pdb_methods *pdb = pdb_get_methods(); 2503 return pdb->is_responsible_for_unix_users(pdb); 2504 } 2505 2506 bool pdb_is_responsible_for_unix_groups(void) 2507 { 2508 struct pdb_methods *pdb = pdb_get_methods(); 2509 return pdb->is_responsible_for_unix_groups(pdb); 2510 } 2511 2512 bool pdb_is_responsible_for_everything_else(void) 2513 { 2514 struct pdb_methods *pdb = pdb_get_methods(); 2515 return pdb->is_responsible_for_everything_else(pdb); 2516 } 2517 2518 /******************************************************************* 2519 secret methods 2520 *******************************************************************/ 2521 2522 NTSTATUS pdb_get_secret(TALLOC_CTX *mem_ctx, 2523 const char *secret_name, 2524 DATA_BLOB *secret_current, 2525 NTTIME *secret_current_lastchange, 2526 DATA_BLOB *secret_old, 2527 NTTIME *secret_old_lastchange, 2528 struct security_descriptor **sd) 2529 { 2530 struct pdb_methods *pdb = pdb_get_methods(); 2531 return pdb->get_secret(pdb, mem_ctx, secret_name, 2532 secret_current, secret_current_lastchange, 2533 secret_old, secret_old_lastchange, 2534 sd); 2535 } 2536 2537 NTSTATUS pdb_set_secret(const char *secret_name, 2538 DATA_BLOB *secret_current, 2539 DATA_BLOB *secret_old, 2540 struct security_descriptor *sd) 2541 { 2542 struct pdb_methods *pdb = pdb_get_methods(); 2543 return pdb->set_secret(pdb, secret_name, 2544 secret_current, 2545 secret_old, 2546 sd); 2547 } 2548 2549 NTSTATUS pdb_delete_secret(const char *secret_name) 2550 { 2551 struct pdb_methods *pdb = pdb_get_methods(); 2552 return pdb->delete_secret(pdb, secret_name); 2553 } 2554 2555 static NTSTATUS pdb_default_get_secret(struct pdb_methods *methods, 2556 TALLOC_CTX *mem_ctx, 2557 const char *secret_name, 2558 DATA_BLOB *secret_current, 2559 NTTIME *secret_current_lastchange, 2560 DATA_BLOB *secret_old, 2561 NTTIME *secret_old_lastchange, 2562 struct security_descriptor **sd) 2563 { 2564 return lsa_secret_get(mem_ctx, secret_name, 2565 secret_current, 2566 secret_current_lastchange, 2567 secret_old, 2568 secret_old_lastchange, 2569 sd); 2570 } 2571 2572 static NTSTATUS pdb_default_set_secret(struct pdb_methods *methods, 2573 const char *secret_name, 2574 DATA_BLOB *secret_current, 2575 DATA_BLOB *secret_old, 2576 struct security_descriptor *sd) 2577 { 2578 return lsa_secret_set(secret_name, 2579 secret_current, 2580 secret_old, 2581 sd); 2582 } 2583 2584 static NTSTATUS pdb_default_delete_secret(struct pdb_methods *methods, 2585 const char *secret_name) 2586 { 2587 return lsa_secret_delete(secret_name); 2185 2588 } 2186 2589 … … 2238 2641 (*methods)->set_account_policy = pdb_default_set_account_policy; 2239 2642 (*methods)->get_seq_num = pdb_default_get_seq_num; 2240 (*methods)->uid_to_sid = pdb_default_uid_to_sid; 2241 (*methods)->gid_to_sid = pdb_default_gid_to_sid; 2643 (*methods)->id_to_sid = pdb_default_id_to_sid; 2242 2644 (*methods)->sid_to_id = pdb_default_sid_to_id; 2243 2645 … … 2246 2648 2247 2649 (*methods)->get_trusteddom_pw = pdb_default_get_trusteddom_pw; 2650 (*methods)->get_trusteddom_creds = pdb_default_get_trusteddom_creds; 2248 2651 (*methods)->set_trusteddom_pw = pdb_default_set_trusteddom_pw; 2249 2652 (*methods)->del_trusteddom_pw = pdb_default_del_trusteddom_pw; … … 2256 2659 (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains; 2257 2660 2661 (*methods)->get_secret = pdb_default_get_secret; 2662 (*methods)->set_secret = pdb_default_set_secret; 2663 (*methods)->delete_secret = pdb_default_delete_secret; 2664 2665 (*methods)->enum_upn_suffixes = pdb_default_enum_upn_suffixes; 2666 (*methods)->set_upn_suffixes = pdb_default_set_upn_suffixes; 2667 2668 (*methods)->is_responsible_for_our_sam = 2669 pdb_default_is_responsible_for_our_sam; 2670 (*methods)->is_responsible_for_builtin = 2671 pdb_default_is_responsible_for_builtin; 2672 (*methods)->is_responsible_for_wellknown = 2673 pdb_default_is_responsible_for_wellknown; 2674 (*methods)->is_responsible_for_unix_users = 2675 pdb_default_is_responsible_for_unix_users; 2676 (*methods)->is_responsible_for_unix_groups = 2677 pdb_default_is_responsible_for_unix_groups; 2678 (*methods)->is_responsible_for_everything_else = 2679 pdb_default_is_responsible_for_everything_else; 2680 2258 2681 return NT_STATUS_OK; 2259 2682 } -
vendor/current/source3/passdb/pdb_ipa.c
r740 r988 24 24 #include "../librpc/ndr/libndr.h" 25 25 #include "librpc/gen_ndr/samr.h" 26 #include "secrets.h" 26 27 27 28 #include "smbldap.h" 29 #include "passdb/pdb_ldap.h" 30 #include "passdb/pdb_ipa.h" 31 #include "passdb/pdb_ldap_schema.h" 28 32 29 33 #define IPA_KEYTAB_SET_OID "2.16.840.1.113730.3.8.3.1" … … 35 39 #define LDAP_ATTRIBUTE_TRUST_ATTRIBUTES "sambaTrustAttributes" 36 40 #define LDAP_ATTRIBUTE_TRUST_DIRECTION "sambaTrustDirection" 41 #define LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET "sambaTrustPosixOffset" 42 #define LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE "sambaSupportedEncryptionTypes" 37 43 #define LDAP_ATTRIBUTE_TRUST_PARTNER "sambaTrustPartner" 38 44 #define LDAP_ATTRIBUTE_FLAT_NAME "sambaFlatName" … … 116 122 if (name[strlen(name)-1] == '$') { 117 123 dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name, 118 lp_ldap_machine_suffix( ));124 lp_ldap_machine_suffix(talloc_tos())); 119 125 } else { 120 126 dn = talloc_asprintf(talloc_tos(), "uid=%s,%s", escape_name, 121 lp_ldap_user_suffix( ));127 lp_ldap_user_suffix(talloc_tos())); 122 128 } 123 129 … … 160 166 161 167 if (result != NULL) { 162 talloc_autofree_ldapmsg(mem_ctx, result);168 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 163 169 } 164 170 … … 364 370 } 365 371 372 td->trust_posix_offset = talloc(td, uint32_t); 373 if (td->trust_posix_offset == NULL) { 374 return false; 375 } 376 res = get_uint32_t_from_ldap_msg(ldap_state, entry, 377 LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET, 378 td->trust_posix_offset); 379 if (!res) { 380 return false; 381 } 382 383 td->supported_enc_type = talloc(td, uint32_t); 384 if (td->supported_enc_type == NULL) { 385 return false; 386 } 387 res = get_uint32_t_from_ldap_msg(ldap_state, entry, 388 LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE, 389 td->supported_enc_type); 390 if (!res) { 391 return false; 392 } 393 394 366 395 get_data_blob_from_ldap_msg(td, ldap_state, entry, 367 396 LDAP_ATTRIBUTE_TRUST_FOREST_TRUST_INFO, … … 520 549 } 521 550 551 if (td->trust_posix_offset != NULL) { 552 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry, 553 &mods, 554 LDAP_ATTRIBUTE_TRUST_POSIX_OFFSET, 555 *td->trust_posix_offset); 556 if (!res) { 557 return NT_STATUS_UNSUCCESSFUL; 558 } 559 } 560 561 if (td->supported_enc_type != NULL) { 562 res = smbldap_make_mod_uint32_t(priv2ld(ldap_state), entry, 563 &mods, 564 LDAP_ATTRIBUTE_SUPPORTED_ENC_TYPE, 565 *td->supported_enc_type); 566 if (!res) { 567 return NT_STATUS_UNSUCCESSFUL; 568 } 569 } 570 522 571 if (td->trust_auth_outgoing.data != NULL) { 523 572 smbldap_make_mod_blob(priv2ld(ldap_state), entry, &mods, … … 538 587 } 539 588 540 talloc_autofree_ldapmod(talloc_tos(), mods);589 smbldap_talloc_autofree_ldapmod(talloc_tos(), mods); 541 590 542 591 trusted_dn = trusted_domain_dn(ldap_state, domain); … … 623 672 624 673 if (result != NULL) { 625 talloc_autofree_ldapmsg(mem_ctx, result);674 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 626 675 } 627 676 … … 637 686 638 687 *num_domains = 0; 639 if (!(*domains = TALLOC_ARRAY(mem_ctx, struct pdb_trusted_domain *, 1))) {688 if (!(*domains = talloc_array(mem_ctx, struct pdb_trusted_domain *, 1))) { 640 689 DEBUG(1, ("talloc failed\n")); 641 690 return NT_STATUS_NO_MEMORY; … … 685 734 } 686 735 687 if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *,736 if (!(*domains = talloc_array(mem_ctx, struct trustdom_info *, 688 737 *num_domains))) { 689 738 DEBUG(1, ("talloc failed\n")); … … 694 743 struct trustdom_info *dom_info; 695 744 696 dom_info = TALLOC_P(*domains, struct trustdom_info);745 dom_info = talloc(*domains, struct trustdom_info); 697 746 if (dom_info == NULL) { 698 747 DEBUG(1, ("talloc failed\n")); … … 718 767 { 719 768 struct pdb_domain_info *info; 720 NTSTATUS status;721 769 struct ldapsam_privates *ldap_state = 722 770 (struct ldapsam_privates *)pdb_methods->private_data; 771 uint8_t sid_buf[24]; 772 DATA_BLOB sid_blob; 773 NTSTATUS status; 723 774 724 775 info = talloc(mem_ctx, struct pdb_domain_info); … … 737 788 goto fail; 738 789 } 739 strlower_m(info->dns_domain); 790 if (!strlower_m(info->dns_domain)) { 791 goto fail; 792 } 740 793 info->dns_forest = talloc_strdup(info, info->dns_domain); 794 795 /* we expect a domain SID to have 4 sub IDs */ 796 if (ldap_state->domain_sid.num_auths != 4) { 797 goto fail; 798 } 799 741 800 sid_copy(&info->sid, &ldap_state->domain_sid); 742 801 743 status = GUID_from_string("testguid", &info->guid); 802 if (!sid_linearize(sid_buf, sizeof(sid_buf), &info->sid)) { 803 goto fail; 804 } 805 806 /* the first 8 bytes of the linearized SID are not random, 807 * so we skip them */ 808 sid_blob.data = (uint8_t *) sid_buf + 8 ; 809 sid_blob.length = 16; 810 811 status = GUID_from_ndr_blob(&sid_blob, &info->guid); 812 if (!NT_STATUS_IS_OK(status)) { 813 goto fail; 814 } 744 815 745 816 return info; … … 1233 1304 NTSTATUS status; 1234 1305 struct ldapsam_privates *ldap_state; 1235 int ldap_op = LDAP_MOD_REPLACE; 1236 char *dn; 1306 char *dn = NULL; 1237 1307 uint32_t has_objectclass = 0; 1238 1308 … … 1244 1314 1245 1315 status = find_group(ldap_state, name, &dn, &has_objectclass); 1246 if (NT_STATUS_IS_OK(status)) { 1247 ldap_op = LDAP_MOD_REPLACE; 1248 } else if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { 1249 ldap_op = LDAP_MOD_ADD; 1250 } else { 1316 if (!NT_STATUS_IS_OK(status) && 1317 !NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { 1251 1318 return status; 1252 1319 } … … 1300 1367 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", 1301 1368 escape_username, 1302 lp_ldap_machine_suffix( ));1369 lp_ldap_machine_suffix(talloc_tos())); 1303 1370 } else { 1304 1371 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", 1305 1372 escape_username, 1306 lp_ldap_user_suffix( ));1373 lp_ldap_user_suffix(talloc_tos())); 1307 1374 } 1308 1375 SAFE_FREE(escape_username); … … 1339 1406 } 1340 1407 1408 static NTSTATUS pdb_ipa_init_secrets(struct pdb_methods *m) 1409 { 1410 struct pdb_domain_info *dom_info; 1411 bool ret; 1412 1413 dom_info = pdb_ipasam_get_domain_info(m, m); 1414 if (!dom_info) { 1415 return NT_STATUS_UNSUCCESSFUL; 1416 } 1417 1418 PDB_secrets_clear_domain_protection(dom_info->name); 1419 ret = PDB_secrets_store_domain_sid(dom_info->name, 1420 &dom_info->sid); 1421 if (!ret) { 1422 goto done; 1423 } 1424 ret = PDB_secrets_store_domain_guid(dom_info->name, 1425 &dom_info->guid); 1426 if (!ret) { 1427 goto done; 1428 } 1429 ret = PDB_secrets_mark_domain_protected(dom_info->name); 1430 if (!ret) { 1431 goto done; 1432 } 1433 1434 done: 1435 TALLOC_FREE(dom_info); 1436 if (!ret) { 1437 return NT_STATUS_UNSUCCESSFUL; 1438 } 1439 return NT_STATUS_OK; 1440 } 1441 1341 1442 static NTSTATUS pdb_init_IPA_ldapsam(struct pdb_methods **pdb_method, const char *location) 1342 1443 { … … 1344 1445 NTSTATUS status; 1345 1446 1346 status = pdb_ init_ldapsam(pdb_method, location);1447 status = pdb_ldapsam_init_common(pdb_method, location); 1347 1448 if (!NT_STATUS_IS_OK(status)) { 1348 1449 return status; … … 1390 1491 (*pdb_method)->enum_trusted_domains = ipasam_enum_trusted_domains; 1391 1492 1493 status = pdb_ipa_init_secrets(*pdb_method); 1494 if (!NT_STATUS_IS_OK(status)) { 1495 DEBUG(10, ("pdb_ipa_init_secrets failed!\n")); 1496 return status; 1497 } 1498 1392 1499 return NT_STATUS_OK; 1393 1500 } -
vendor/current/source3/passdb/pdb_ldap.c
r746 r988 52 52 #include "../lib/util/util_pw.h" 53 53 #include "lib/winbind_util.h" 54 #include "librpc/gen_ndr/idmap.h" 55 #include "lib/param/loadparm.h" 56 #include "lib/util_sid_passdb.h" 54 57 55 58 #undef DBGC_CLASS … … 61 64 62 65 #include "smbldap.h" 66 #include "passdb/pdb_ldap.h" 67 #include "passdb/pdb_nds.h" 68 #include "passdb/pdb_ipa.h" 69 #include "passdb/pdb_ldap_util.h" 70 #include "passdb/pdb_ldap_schema.h" 63 71 64 72 /********************************************************************** … … 78 86 { 79 87 switch ( schema_ver ) { 80 case SCHEMAVER_SAMBAACCOUNT:81 return get_attr_key2string( attrib_map_v22, key );82 83 88 case SCHEMAVER_SAMBASAMACCOUNT: 84 89 return get_attr_key2string( attrib_map_v30, key ); … … 98 103 { 99 104 switch ( schema_ver ) { 100 case SCHEMAVER_SAMBAACCOUNT:101 return get_attr_list( mem_ctx, attrib_map_v22 );102 103 105 case SCHEMAVER_SAMBASAMACCOUNT: 104 106 return get_attr_list( mem_ctx, attrib_map_v30 ); … … 119 121 { 120 122 switch ( schema_ver ) { 121 case SCHEMAVER_SAMBAACCOUNT:122 return get_attr_list( mem_ctx,123 attrib_map_to_delete_v22 );124 125 123 case SCHEMAVER_SAMBASAMACCOUNT: 126 124 return get_attr_list( mem_ctx, … … 146 144 147 145 switch( schema_ver ) { 148 case SCHEMAVER_SAMBAACCOUNT:149 fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBAACCOUNT );150 break;151 146 case SCHEMAVER_SAMBASAMACCOUNT: 152 147 fstr_sprintf( objclass_filter, "(objectclass=%s)", LDAP_OBJ_SAMBASAMACCOUNT ); … … 198 193 } 199 194 200 if (!smbldap_has_naming_context(ldap_state->smbldap_state->ldap_struct, lp_ldap_suffix( ))) {195 if (!smbldap_has_naming_context(ldap_state->smbldap_state->ldap_struct, lp_ldap_suffix(talloc_tos()))) { 201 196 DEBUG(3,("ldapsam_get_seq_num: DIT not configured to hold %s " 202 "as top-level namingContext\n", lp_ldap_suffix( )));197 "as top-level namingContext\n", lp_ldap_suffix(talloc_tos()))); 203 198 return ntstatus; 204 199 } … … 209 204 return NT_STATUS_NO_MEMORY; 210 205 211 if ((attrs = TALLOC_ARRAY(mem_ctx, const char *, 2)) == NULL) {206 if ((attrs = talloc_array(mem_ctx, const char *, 2)) == NULL) { 212 207 ntstatus = NT_STATUS_NO_MEMORY; 213 208 goto done; … … 223 218 attrs[1] = NULL; 224 219 suffix = talloc_asprintf(mem_ctx, 225 "cn=syncrepl%d,%s", rid, lp_ldap_suffix( ));220 "cn=syncrepl%d,%s", rid, lp_ldap_suffix(talloc_tos())); 226 221 if (!suffix) { 227 222 ntstatus = NT_STATUS_NO_MEMORY; … … 235 230 attrs[1] = NULL; 236 231 suffix = talloc_asprintf(mem_ctx, 237 "cn=ldapsync,%s", lp_ldap_suffix( ));232 "cn=ldapsync,%s", lp_ldap_suffix(talloc_tos())); 238 233 239 234 if (!suffix) { … … 354 349 355 350 /******************************************************************* 356 Run the search by rid.357 ******************************************************************/358 359 static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state,360 uint32_t rid, LDAPMessage ** result,361 const char **attr)362 {363 char *filter = NULL;364 int rc;365 366 filter = talloc_asprintf(talloc_tos(), "(&(rid=%i)%s)", rid,367 get_objclass_filter(ldap_state->schema_ver));368 if (!filter) {369 return LDAP_NO_MEMORY;370 }371 372 rc = smbldap_search_suffix(ldap_state->smbldap_state,373 filter, attr, result);374 TALLOC_FREE(filter);375 return rc;376 }377 378 /*******************************************************************379 351 Run the search by SID. 380 352 ******************************************************************/ … … 455 427 456 428 smbldap_set_mod(&mods, LDAP_MOD_DELETE, "objectClass", objectclass); 457 talloc_autofree_ldapmod(mem_ctx, mods);429 smbldap_talloc_autofree_ldapmod(mem_ctx, mods); 458 430 459 431 return smbldap_modify(priv->smbldap_state, dn, mods); … … 497 469 pass_last_set_time, 498 470 pass_can_change_time, 499 pass_must_change_time,500 471 ldap_entry_time, 501 472 bad_password_time; … … 512 483 *munged_dial = NULL; 513 484 uint32_t user_rid; 514 uint8 485 uint8_t smblmpwd[LM_HASH_LEN], 515 486 smbntpwd[NT_HASH_LEN]; 516 487 bool use_samba_attrs = True; … … 520 491 logon_count = 0; 521 492 uint32_t hours_len; 522 uint8 493 uint8_t hours[MAX_HOURS_LEN]; 523 494 char *temp = NULL; 524 495 struct login_cache cache_entry; … … 656 627 pdb_set_pass_can_change_time(sampass, 657 628 pass_can_change_time, PDB_SET); 658 }659 660 temp = smbldap_talloc_single_attribute(661 ldap_state->smbldap_state->ldap_struct,662 entry,663 get_userattr_key2string(ldap_state->schema_ver,664 LDAP_ATTR_PWD_MUST_CHANGE),665 ctx);666 if (temp) {667 pass_must_change_time = (time_t) atol(temp);668 pdb_set_pass_must_change_time(sampass,669 pass_must_change_time, PDB_SET);670 629 } 671 630 … … 886 845 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); 887 846 if (pwHistLen > 0){ 888 uint8 *pwhist = NULL;847 uint8_t *pwhist = NULL; 889 848 int i; 890 char *history_string = TALLOC_ARRAY(ctx, char,849 char *history_string = talloc_array(ctx, char, 891 850 MAX_PW_HISTORY_LEN*64); 892 851 … … 897 856 pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN); 898 857 899 pwhist = TALLOC_ARRAY(ctx, uint8,900 858 pwhist = talloc_zero_array(ctx, uint8_t, 859 pwHistLen * PW_HISTORY_ENTRY_LEN); 901 860 if (pwhist == NULL) { 902 861 DEBUG(0, ("init_sam_from_ldap: talloc failed!\n")); 903 862 goto fn_exit; 904 863 } 905 memset(pwhist, '\0', pwHistLen * PW_HISTORY_ENTRY_LEN);906 864 907 865 if (smbldap_get_single_attribute( … … 1016 974 struct dom_sid mapped_gsid; 1017 975 const struct dom_sid *primary_gsid; 976 struct unixid id; 1018 977 1019 978 ZERO_STRUCT(unix_pw); … … 1079 1038 } 1080 1039 1081 store_uid_sid_cache(pdb_get_user_sid(sampass),1082 sampass->unix_pw->pw_uid);1083 idmap_cache_set_sid2uid(pdb_get_user_sid(sampass), 1084 sampass->unix_pw->pw_uid);1040 id.id = sampass->unix_pw->pw_uid; 1041 id.type = ID_TYPE_UID; 1042 1043 idmap_cache_set_sid2unixid(pdb_get_user_sid(sampass), &id); 1085 1044 1086 1045 gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid); 1087 1046 primary_gsid = pdb_get_group_sid(sampass); 1088 1047 if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) { 1089 store_gid_sid_cache(primary_gsid,1090 sampass->unix_pw->pw_gid);1091 idmap_cache_set_sid2gid(primary_gsid, 1092 sampass->unix_pw->pw_gid);1048 id.id = sampass->unix_pw->pw_gid; 1049 id.type = ID_TYPE_GID; 1050 1051 idmap_cache_set_sid2unixid(primary_gsid, &id); 1093 1052 } 1094 1053 } … … 1154 1113 { 1155 1114 char *temp = NULL; 1156 uint32_t rid;1157 1115 1158 1116 if (mods == NULL || sampass == NULL) { … … 1186 1144 1187 1145 switch ( ldap_state->schema_ver ) { 1188 case SCHEMAVER_SAMBAACCOUNT:1189 if (!sid_peek_check_rid(&ldap_state->domain_sid, user_sid, &rid)) {1190 DEBUG(1, ("init_ldap_from_sam: User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n",1191 sid_string_dbg(user_sid),1192 sid_string_dbg(1193 &ldap_state->domain_sid)));1194 return False;1195 }1196 if (asprintf(&temp, "%i", rid) < 0) {1197 return false;1198 }1199 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,1200 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_RID),1201 temp);1202 SAFE_FREE(temp);1203 break;1204 1205 1146 case SCHEMAVER_SAMBASAMACCOUNT: 1206 1147 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, … … 1223 1164 1224 1165 switch ( ldap_state->schema_ver ) { 1225 case SCHEMAVER_SAMBAACCOUNT:1226 if (!sid_peek_check_rid(&ldap_state->domain_sid, group_sid, &rid)) {1227 DEBUG(1, ("init_ldap_from_sam: User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n",1228 sid_string_dbg(group_sid),1229 sid_string_dbg(1230 &ldap_state->domain_sid)));1231 return False;1232 }1233 1234 if (asprintf(&temp, "%i", rid) < 0) {1235 return false;1236 }1237 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,1238 get_userattr_key2string(ldap_state->schema_ver,1239 LDAP_ATTR_PRIMARY_GROUP_RID), temp);1240 SAFE_FREE(temp);1241 break;1242 1243 1166 case SCHEMAVER_SAMBASAMACCOUNT: 1244 1167 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, … … 1332 1255 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods, 1333 1256 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_CAN_CHANGE), temp); 1334 SAFE_FREE(temp);1335 1336 if (asprintf(&temp, "%li", (long int)pdb_get_pass_must_change_time(sampass)) < 0) {1337 return false;1338 }1339 if (need_update(sampass, PDB_MUSTCHANGETIME))1340 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, existing, mods,1341 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_PWD_MUST_CHANGE), temp);1342 1257 SAFE_FREE(temp); 1343 1258 … … 1392 1307 int i; 1393 1308 uint32_t currHistLen = 0; 1394 const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen);1309 const uint8_t *pwhist = pdb_get_pw_history(sampass, &currHistLen); 1395 1310 if (pwhist != NULL) { 1396 1311 /* We can only store (1024-1/64 password history entries. */ … … 1425 1340 1426 1341 if (need_update(sampass, PDB_HOURS)) { 1427 const uint8 *hours = pdb_get_hours(sampass);1342 const uint8_t *hours = pdb_get_hours(sampass); 1428 1343 if (hours) { 1429 1344 char hourstr[44]; … … 1533 1448 } 1534 1449 1535 (*attr_list) = TALLOC_REALLOC_ARRAY(mem_ctx, (*attr_list),1450 (*attr_list) = talloc_realloc(mem_ctx, (*attr_list), 1536 1451 const char *, i+2); 1537 1452 SMB_ASSERT((*attr_list) != NULL); … … 1597 1512 pdb_set_backend_private_data(user, result, NULL, 1598 1513 my_methods, PDB_CHANGED); 1599 talloc_autofree_ldapmsg(user, result);1514 smbldap_talloc_autofree_ldapmsg(user, result); 1600 1515 ret = NT_STATUS_OK; 1601 1516 } else { … … 1610 1525 int rc = -1; 1611 1526 const char ** attr_list; 1612 uint32_t rid;1613 1527 1614 1528 switch ( ldap_state->schema_ver ) { … … 1635 1549 } 1636 1550 1637 case SCHEMAVER_SAMBAACCOUNT: 1638 if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) { 1639 return rc; 1640 } 1641 1642 attr_list = get_userattr_list(NULL, 1643 ldap_state->schema_ver); 1644 rc = ldapsam_search_suffix_by_rid(ldap_state, rid, result, attr_list ); 1645 TALLOC_FREE( attr_list ); 1646 1647 if ( rc != LDAP_SUCCESS ) 1648 return rc; 1551 default: 1552 DEBUG(0,("Invalid schema version specified\n")); 1649 1553 break; 1650 1554 } … … 1698 1602 pdb_set_backend_private_data(user, result, NULL, 1699 1603 my_methods, PDB_CHANGED); 1700 talloc_autofree_ldapmsg(user, result);1604 smbldap_talloc_autofree_ldapmsg(user, result); 1701 1605 return NT_STATUS_OK; 1702 1606 } … … 1931 1835 priv, mem_ctx, entry, 1932 1836 priv->schema_ver == SCHEMAVER_SAMBASAMACCOUNT ? 1933 LDAP_OBJ_SAMBASAMACCOUNT : LDAP_OBJ_SAMBAACCOUNT,1837 LDAP_OBJ_SAMBASAMACCOUNT : 0, 1934 1838 attr_list); 1935 1839 … … 1940 1844 TALLOC_FREE(mem_ctx); 1941 1845 return result; 1942 }1943 1944 /**********************************************************************1945 Helper function to determine for update_sam_account whether1946 we need LDAP modification.1947 *********************************************************************/1948 1949 static bool element_is_changed(const struct samu *sampass,1950 enum pdb_elements element)1951 {1952 return IS_SAM_CHANGED(sampass, element);1953 1846 } 1954 1847 … … 1981 1874 pdb_set_backend_private_data(newpwd, result, NULL, 1982 1875 my_methods, PDB_CHANGED); 1983 talloc_autofree_ldapmsg(newpwd, result);1876 smbldap_talloc_autofree_ldapmsg(newpwd, result); 1984 1877 } 1985 1878 … … 1998 1891 1999 1892 if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, 2000 element_is_changed)) {1893 pdb_element_is_changed)) { 2001 1894 DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n")); 2002 1895 TALLOC_FREE(dn); … … 2014 1907 } 2015 1908 2016 ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, element_is_changed);1909 ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, pdb_element_is_changed); 2017 1910 2018 1911 if (mods != NULL) { … … 2082 1975 2083 1976 /* rename the posix user */ 2084 rename_script = SMB_STRDUP(lp_renameuser_script());1977 rename_script = lp_rename_user_script(talloc_tos()); 2085 1978 if (rename_script == NULL) { 2086 1979 return NT_STATUS_NO_MEMORY; … … 2088 1981 2089 1982 if (!(*rename_script)) { 2090 SAFE_FREE(rename_script);1983 TALLOC_FREE(rename_script); 2091 1984 return NT_STATUS_ACCESS_DENIED; 2092 1985 } … … 2100 1993 2101 1994 fstrcpy( oldname_lower, oldname ); 2102 strlower_m( oldname_lower ); 1995 if (!strlower_m( oldname_lower )) { 1996 return NT_STATUS_INVALID_PARAMETER; 1997 } 2103 1998 fstrcpy( newname_lower, newname ); 2104 strlower_m( newname_lower ); 1999 if (!strlower_m( newname_lower )) { 2000 return NT_STATUS_INVALID_PARAMETER; 2001 } 2002 2105 2003 rename_script = realloc_string_sub2(rename_script, 2106 2004 "%unew", … … 2121 2019 rename_script, rc)); 2122 2020 2123 SAFE_FREE(rename_script);2021 TALLOC_FREE(rename_script); 2124 2022 2125 2023 if (rc == 0) { … … 2131 2029 2132 2030 return NT_STATUS_OK; 2133 }2134 2135 /**********************************************************************2136 Helper function to determine for update_sam_account whether2137 we need LDAP modification.2138 *********************************************************************/2139 2140 static bool element_is_set_or_changed(const struct samu *sampass,2141 enum pdb_elements element)2142 {2143 return (IS_SAM_SET(sampass, element) ||2144 IS_SAM_CHANGED(sampass, element));2145 2031 } 2146 2032 … … 2195 2081 result = NULL; 2196 2082 2197 if ( element_is_set_or_changed(newpwd, PDB_USERSID)) {2083 if (pdb_element_is_set_or_changed(newpwd, PDB_USERSID)) { 2198 2084 rc = ldapsam_get_ldap_user_by_sid(ldap_state, 2199 2085 sid, &result); … … 2315 2201 "uid=%s,%s", 2316 2202 escape_username, 2317 lp_ldap_machine_suffix( ));2203 lp_ldap_machine_suffix(talloc_tos())); 2318 2204 } else { 2319 2205 dn = talloc_asprintf(ctx, 2320 2206 "uid=%s,%s", 2321 2207 escape_username, 2322 lp_ldap_user_suffix( ));2208 lp_ldap_user_suffix(talloc_tos())); 2323 2209 } 2324 2210 … … 2331 2217 2332 2218 if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, 2333 element_is_set_or_changed)) {2219 pdb_element_is_set_or_changed)) { 2334 2220 DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n")); 2335 2221 if (mods != NULL) { … … 2344 2230 } 2345 2231 switch ( ldap_state->schema_ver ) { 2346 case SCHEMAVER_SAMBAACCOUNT:2347 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBAACCOUNT);2348 break;2349 2232 case SCHEMAVER_SAMBASAMACCOUNT: 2350 2233 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_SAMBASAMACCOUNT); … … 2355 2238 } 2356 2239 2357 ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, element_is_set_or_changed);2240 ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, pdb_element_is_set_or_changed); 2358 2241 if (!NT_STATUS_IS_OK(ret)) { 2359 2242 DEBUG(0,("ldapsam_add_sam_account: failed to modify/add user with uid = %s (dn = %s)\n", … … 2390 2273 attr_list = get_attr_list(NULL, groupmap_attr_list); 2391 2274 rc = smbldap_search(ldap_state->smbldap_state, 2392 lp_ldap_suffix ( ), scope,2275 lp_ldap_suffix (talloc_tos()), scope, 2393 2276 filter, attr_list, 0, result); 2394 2277 TALLOC_FREE(attr_list); … … 2492 2375 } 2493 2376 } 2494 fstrcpy(map->nt_name, temp); 2377 map->nt_name = talloc_strdup(map, temp); 2378 if (!map->nt_name) { 2379 TALLOC_FREE(ctx); 2380 return false; 2381 } 2495 2382 2496 2383 TALLOC_FREE(temp); … … 2508 2395 } 2509 2396 } 2510 fstrcpy(map->comment, temp); 2397 map->comment = talloc_strdup(map, temp); 2398 if (!map->comment) { 2399 TALLOC_FREE(ctx); 2400 return false; 2401 } 2511 2402 2512 2403 if (lp_parm_bool(-1, "ldapsam", "trusted", false)) { 2513 store_gid_sid_cache(&map->sid, map->gid); 2514 idmap_cache_set_sid2gid(&map->sid, map->gid); 2404 struct unixid id; 2405 id.id = map->gid; 2406 id.type = ID_TYPE_GID; 2407 2408 idmap_cache_set_sid2unixid(&map->sid, &id); 2515 2409 } 2516 2410 … … 2711 2605 } 2712 2606 2713 rc = smbldap_search(conn, lp_ldap_suffix( ),2607 rc = smbldap_search(conn, lp_ldap_suffix(talloc_tos()), 2714 2608 LDAP_SCOPE_SUBTREE, filter, id_attrs, 0, 2715 2609 &result); … … 2718 2612 goto done; 2719 2613 2720 talloc_autofree_ldapmsg(mem_ctx, result);2614 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 2721 2615 2722 2616 count = ldap_count_entries(conn->ldap_struct, result); … … 2779 2673 } 2780 2674 2781 rc = smbldap_search(conn, lp_ldap_suffix( ),2675 rc = smbldap_search(conn, lp_ldap_suffix(talloc_tos()), 2782 2676 LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0, 2783 2677 &result); … … 2789 2683 DEBUG(10,("ldapsam_enum_group_members: found %d accounts\n", count)); 2790 2684 2791 talloc_autofree_ldapmsg(mem_ctx, result);2685 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 2792 2686 2793 2687 for (entry = ldap_first_entry(conn->ldap_struct, result); … … 2812 2706 goto done; 2813 2707 2814 if (!sid_check_is_in_our_ domain(&sid)) {2708 if (!sid_check_is_in_our_sam(&sid)) { 2815 2709 DEBUG(0, ("Inconsistent SAM -- group member uid not " 2816 2710 "in our domain\n")); … … 2835 2729 gidstr); 2836 2730 2837 rc = smbldap_search(conn, lp_ldap_suffix( ),2731 rc = smbldap_search(conn, lp_ldap_suffix(talloc_tos()), 2838 2732 LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0, 2839 2733 &result); … … 2842 2736 goto done; 2843 2737 2844 talloc_autofree_ldapmsg(mem_ctx, result);2738 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 2845 2739 2846 2740 for (entry = ldap_first_entry(conn->ldap_struct, result); … … 2922 2816 } 2923 2817 2924 rc = smbldap_search(conn, lp_ldap_suffix( ),2818 rc = smbldap_search(conn, lp_ldap_suffix(talloc_tos()), 2925 2819 LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); 2926 2820 … … 2928 2822 goto done; 2929 2823 2930 talloc_autofree_ldapmsg(mem_ctx, result);2824 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 2931 2825 2932 2826 count = ldap_count_entries(priv2ld(ldap_state), result); … … 2963 2857 } 2964 2858 2965 rc = smbldap_search(conn, lp_ldap_suffix( ),2859 rc = smbldap_search(conn, lp_ldap_suffix(talloc_tos()), 2966 2860 LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); 2967 2861 … … 2969 2863 goto done; 2970 2864 2971 talloc_autofree_ldapmsg(mem_ctx, result);2865 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 2972 2866 2973 2867 num_gids = 0; … … 3075 2969 get_attr_list(mem_ctx, groupmap_attr_list), 3076 2970 &msg); 3077 talloc_autofree_ldapmsg(mem_ctx, msg);2971 smbldap_talloc_autofree_ldapmsg(mem_ctx, msg); 3078 2972 3079 2973 if ((rc != LDAP_SUCCESS) || … … 3099 2993 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "description", 3100 2994 map->comment); 3101 talloc_autofree_ldapmod(mem_ctx, mods);2995 smbldap_talloc_autofree_ldapmod(mem_ctx, mods); 3102 2996 3103 2997 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); … … 3124 3018 3125 3019 struct dom_sid sid; 3020 struct unixid id; 3126 3021 3127 3022 int rc; … … 3140 3035 } 3141 3036 3142 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix( ),3037 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(talloc_tos()), 3143 3038 LDAP_SCOPE_SUBTREE, filter, attrs, True, &msg); 3144 talloc_autofree_ldapmsg(mem_ctx, msg);3039 smbldap_talloc_autofree_ldapmsg(mem_ctx, msg); 3145 3040 3146 3041 if ((rc == LDAP_SUCCESS) && … … 3163 3058 3164 3059 case SID_NAME_ALIAS: 3165 if (!sid_check_is_in_our_ domain(&map->sid)3060 if (!sid_check_is_in_our_sam(&map->sid) 3166 3061 && !sid_check_is_in_builtin(&map->sid) ) 3167 3062 { … … 3189 3084 } 3190 3085 3191 if (pdb_gid_to_sid(map->gid, &sid)) { 3086 id.id = map->gid; 3087 id.type = ID_TYPE_GID; 3088 3089 if (pdb_id_to_sid(&id, &sid)) { 3192 3090 DEBUG(3, ("Gid %u is already mapped to SID %s, refusing to " 3193 3091 "add\n", (unsigned int)map->gid, sid_string_dbg(&sid))); … … 3201 3099 dn = talloc_asprintf(mem_ctx, "sambaSid=%s,%s", 3202 3100 sid_string_talloc(mem_ctx, &map->sid), 3203 lp_ldap_group_suffix( ));3101 lp_ldap_group_suffix(talloc_tos())); 3204 3102 if (dn == NULL) { 3205 3103 result = NT_STATUS_NO_MEMORY; … … 3223 3121 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, NULL, &mods, "gidNumber", 3224 3122 talloc_asprintf(mem_ctx, "%u", (unsigned int)map->gid)); 3225 talloc_autofree_ldapmod(mem_ctx, mods);3123 smbldap_talloc_autofree_ldapmod(mem_ctx, mods); 3226 3124 3227 3125 rc = smbldap_add(ldap_state->smbldap_state, dn, mods); … … 3277 3175 get_attr_list(mem_ctx, groupmap_attr_list), 3278 3176 &msg); 3279 talloc_autofree_ldapmsg(mem_ctx, msg);3177 smbldap_talloc_autofree_ldapmsg(mem_ctx, msg); 3280 3178 3281 3179 if ((rc != LDAP_SUCCESS) || … … 3298 3196 smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "description", 3299 3197 map->comment); 3300 talloc_autofree_ldapmod(mem_ctx, mods);3198 smbldap_talloc_autofree_ldapmod(mem_ctx, mods); 3301 3199 3302 3200 if (mods == NULL) { … … 3354 3252 get_attr_list(mem_ctx, groupmap_attr_list), 3355 3253 &msg); 3356 talloc_autofree_ldapmsg(mem_ctx, msg);3254 smbldap_talloc_autofree_ldapmsg(mem_ctx, msg); 3357 3255 3358 3256 if ((rc != LDAP_SUCCESS) || … … 3422 3320 } 3423 3321 attr_list = get_attr_list( NULL, groupmap_attr_list ); 3424 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix( ),3322 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(talloc_tos()), 3425 3323 LDAP_SCOPE_SUBTREE, filter, 3426 3324 attr_list, 0, &ldap_state->result); … … 3431 3329 ldap_err2string(rc))); 3432 3330 DEBUG(3, ("ldapsam_setsamgrent: Query was: %s, %s\n", 3433 lp_ldap_suffix( ), filter));3331 lp_ldap_suffix(talloc_tos()), filter)); 3434 3332 ldap_msgfree(ldap_state->result); 3435 3333 ldap_state->result = NULL; … … 3492 3390 static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, 3493 3391 const struct dom_sid *domsid, enum lsa_SidType sid_name_use, 3494 GROUP_MAP ** pp_rmap,3392 GROUP_MAP ***pp_rmap, 3495 3393 size_t *p_num_entries, 3496 3394 bool unix_only) 3497 3395 { 3498 GROUP_MAP map = { 0, };3396 GROUP_MAP *map = NULL; 3499 3397 size_t entries = 0; 3500 3398 … … 3508 3406 } 3509 3407 3510 while (NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, &map))) { 3408 while (true) { 3409 3410 map = talloc_zero(NULL, GROUP_MAP); 3411 if (!map) { 3412 return NT_STATUS_NO_MEMORY; 3413 } 3414 3415 if (!NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, map))) { 3416 TALLOC_FREE(map); 3417 break; 3418 } 3419 3511 3420 if (sid_name_use != SID_NAME_UNKNOWN && 3512 sid_name_use != map .sid_name_use) {3421 sid_name_use != map->sid_name_use) { 3513 3422 DEBUG(11,("ldapsam_enum_group_mapping: group %s is " 3514 "not of the requested type\n", map.nt_name)); 3423 "not of the requested type\n", 3424 map->nt_name)); 3515 3425 continue; 3516 3426 } 3517 if (unix_only ==ENUM_ONLY_MAPPED && map.gid==-1) {3427 if (unix_only == ENUM_ONLY_MAPPED && map->gid == -1) { 3518 3428 DEBUG(11,("ldapsam_enum_group_mapping: group %s is " 3519 "non mapped\n", map .nt_name));3429 "non mapped\n", map->nt_name)); 3520 3430 continue; 3521 3431 } 3522 3432 3523 (*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); 3433 *pp_rmap = talloc_realloc(NULL, *pp_rmap, 3434 GROUP_MAP *, entries + 1); 3524 3435 if (!(*pp_rmap)) { 3525 3436 DEBUG(0,("ldapsam_enum_group_mapping: Unable to " … … 3528 3439 } 3529 3440 3530 (*pp_rmap)[entries] = map;3441 (*pp_rmap)[entries] = talloc_move((*pp_rmap), &map); 3531 3442 3532 3443 entries += 1; 3533 3534 } 3444 } 3445 3535 3446 ldapsam_endsamgrent(methods); 3536 3447 … … 3562 3473 } 3563 3474 3564 if (sid_check_is_in_our_ domain(alias)) {3475 if (sid_check_is_in_our_sam(alias)) { 3565 3476 type = SID_NAME_ALIAS; 3566 3477 } … … 3685 3596 } 3686 3597 3687 if (sid_check_is_in_our_ domain(alias)) {3598 if (sid_check_is_in_our_sam(alias)) { 3688 3599 type = SID_NAME_ALIAS; 3689 3600 } … … 3802 3713 } 3803 3714 3804 if (sid_check_is_ domain(domain_sid)) {3715 if (sid_check_is_our_sam(domain_sid)) { 3805 3716 type = SID_NAME_ALIAS; 3806 3717 } … … 3839 3750 ldap_state->search_cache.result = NULL; 3840 3751 } else { 3841 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix( ),3752 rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_suffix(talloc_tos()), 3842 3753 LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); 3843 3754 if (rc != LDAP_SUCCESS) { 3844 3755 return NT_STATUS_UNSUCCESSFUL; 3845 3756 } 3846 talloc_autofree_ldapmsg(filter, result);3757 smbldap_talloc_autofree_ldapmsg(filter, result); 3847 3758 } 3848 3759 … … 3881 3792 /* 3882 3793 * Note: result is a talloc child of filter because of the 3883 * talloc_autofree_ldapmsg() usage3794 * smbldap_talloc_autofree_ldapmsg() usage 3884 3795 */ 3885 3796 ldap_state->search_cache.filter = talloc_move(ldap_state, &filter); … … 4107 4018 4108 4019 if (!sid_check_is_builtin(domain_sid) && 4109 !sid_check_is_ domain(domain_sid)) {4020 !sid_check_is_our_sam(domain_sid)) { 4110 4021 result = NT_STATUS_INVALID_PARAMETER; 4111 4022 goto done; … … 4151 4062 4152 4063 rc = smbldap_search(ldap_state->smbldap_state, 4153 lp_ldap_user_suffix( ),4064 lp_ldap_user_suffix(talloc_tos()), 4154 4065 LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0, 4155 4066 &msg); 4156 talloc_autofree_ldapmsg(mem_ctx, msg);4067 smbldap_talloc_autofree_ldapmsg(mem_ctx, msg); 4157 4068 } 4158 4069 … … 4219 4130 4220 4131 rc = smbldap_search(ldap_state->smbldap_state, 4221 lp_ldap_suffix( ),4132 lp_ldap_suffix(talloc_tos()), 4222 4133 LDAP_SCOPE_SUBTREE, filter, ldap_attrs, 0, 4223 4134 &msg); 4224 talloc_autofree_ldapmsg(mem_ctx, msg);4135 smbldap_talloc_autofree_ldapmsg(mem_ctx, msg); 4225 4136 } 4226 4137 … … 4342 4253 va_end(ap); 4343 4254 4344 if ((result = TALLOC_ARRAY(mem_ctx, const char *, num+1)) == NULL) {4255 if ((result = talloc_array(mem_ctx, const char *, num+1)) == NULL) { 4345 4256 return NULL; 4346 4257 } … … 4545 4456 vals = ldap_get_values(ld, entry, "sambaAcctFlags"); 4546 4457 if ((vals == NULL) || (vals[0] == NULL)) { 4547 DEBUG(5, ("\"sambaAcctFlags\" not found\n"));4548 return False;4549 }4550 acct_flags = pdb_decode_acct_ctrl(vals[0]);4551 ldap_value_free(vals);4458 acct_flags = ACB_NORMAL; 4459 } else { 4460 acct_flags = pdb_decode_acct_ctrl(vals[0]); 4461 ldap_value_free(vals); 4462 } 4552 4463 4553 4464 if ((state->acct_flags != 0) && … … 4566 4477 } 4567 4478 if (!pull_utf8_talloc(mem_ctx, 4568 CONST_DISCARD(char **, &result->account_name),4479 discard_const_p(char *, &result->account_name), 4569 4480 vals[0], &converted_size)) 4570 4481 { … … 4579 4490 DEBUG(8, ("\"displayName\" not found\n")); 4580 4491 else if (!pull_utf8_talloc(mem_ctx, 4581 CONST_DISCARD(char **, &result->fullname),4492 discard_const_p(char *, &result->fullname), 4582 4493 vals[0], &converted_size)) 4583 4494 { … … 4592 4503 DEBUG(8, ("\"description\" not found\n")); 4593 4504 else if (!pull_utf8_talloc(mem_ctx, 4594 CONST_DISCARD(char **, &result->description),4505 discard_const_p(char *, &result->description), 4595 4506 vals[0], &converted_size)) 4596 4507 { … … 4648 4559 4649 4560 if ((acct_flags != 0) && ((acct_flags & ACB_NORMAL) != 0)) 4650 state->base = lp_ldap_user_suffix( );4561 state->base = lp_ldap_user_suffix(talloc_tos()); 4651 4562 else if ((acct_flags != 0) && 4652 4563 ((acct_flags & (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) != 0)) 4653 state->base = lp_ldap_machine_suffix( );4564 state->base = lp_ldap_machine_suffix(talloc_tos()); 4654 4565 else 4655 state->base = lp_ldap_suffix( );4566 state->base = lp_ldap_suffix(talloc_tos()); 4656 4567 4657 4568 state->acct_flags = acct_flags; … … 4726 4637 } 4727 4638 if (!pull_utf8_talloc(mem_ctx, 4728 CONST_DISCARD(char **,4639 discard_const_p(char *, 4729 4640 &result->account_name), 4730 4641 vals[0], &converted_size)) … … 4735 4646 } 4736 4647 else if (!pull_utf8_talloc(mem_ctx, 4737 CONST_DISCARD(char **,4648 discard_const_p(char *, 4738 4649 &result->account_name), 4739 4650 vals[0], &converted_size)) … … 4749 4660 DEBUG(8, ("\"description\" not found\n")); 4750 4661 else if (!pull_utf8_talloc(mem_ctx, 4751 CONST_DISCARD(char **, &result->description),4662 discard_const_p(char *, &result->description), 4752 4663 vals[0], &converted_size)) 4753 4664 { … … 4821 4732 state->connection = ldap_state->smbldap_state; 4822 4733 4823 state->base = talloc_strdup(search, lp_ldap_suffix());4734 state->base = lp_ldap_suffix(search); 4824 4735 state->connection = ldap_state->smbldap_state; 4825 4736 state->scope = LDAP_SCOPE_SUBTREE; … … 4897 4808 } 4898 4809 4899 talloc_autofree_ldapmsg(mem_ctx, result);4810 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 4900 4811 4901 4812 entry = ldap_first_entry(priv2ld(priv), result); … … 4941 4852 smbldap_make_mod(priv2ld(priv), entry, &mods, "sambaNextRid", 4942 4853 talloc_asprintf(mem_ctx, "%d", nextRid)); 4943 talloc_autofree_ldapmod(mem_ctx, mods);4854 smbldap_talloc_autofree_ldapmod(mem_ctx, mods); 4944 4855 4945 4856 if ((dn = smbldap_talloc_dn(mem_ctx, priv2ld(priv), entry)) == NULL) { … … 4994 4905 static bool ldapsam_sid_to_id(struct pdb_methods *methods, 4995 4906 const struct dom_sid *sid, 4996 union unid_t *id, enum lsa_SidType *type)4907 struct unixid *id) 4997 4908 { 4998 4909 struct ldapsam_privates *priv = … … 5009 4920 TALLOC_CTX *mem_ctx; 5010 4921 4922 ret = pdb_sid_to_id_unix_users_and_groups(sid, id); 4923 if (ret == true) { 4924 return true; 4925 } 4926 5011 4927 mem_ctx = talloc_new(NULL); 5012 4928 if (mem_ctx == NULL) { … … 5030 4946 goto done; 5031 4947 } 5032 talloc_autofree_ldapmsg(mem_ctx, result);4948 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 5033 4949 5034 4950 if (ldap_count_entries(priv2ld(priv), result) != 1) { … … 5056 4972 } 5057 4973 5058 id->gid = strtoul(gid_str, NULL, 10); 5059 *type = (enum lsa_SidType)strtoul(value, NULL, 10); 5060 store_gid_sid_cache(sid, id->gid); 5061 idmap_cache_set_sid2gid(sid, id->gid); 4974 id->id = strtoul(gid_str, NULL, 10); 4975 id->type = ID_TYPE_GID; 5062 4976 ret = True; 5063 4977 goto done; … … 5074 4988 } 5075 4989 5076 id->uid = strtoul(value, NULL, 10); 5077 *type = SID_NAME_USER; 5078 store_uid_sid_cache(sid, id->uid); 5079 idmap_cache_set_sid2uid(sid, id->uid); 4990 id->id = strtoul(value, NULL, 10); 4991 id->type = ID_TYPE_UID; 5080 4992 5081 4993 ret = True; … … 5120 5032 goto done; 5121 5033 } 5122 talloc_autofree_ldapmsg(tmp_ctx, result);5034 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5123 5035 5124 5036 if (ldap_count_entries(priv2ld(priv), result) != 1) { … … 5146 5058 5147 5059 sid_copy(sid, &user_sid); 5148 5149 store_uid_sid_cache(sid, uid);5150 idmap_cache_set_sid2uid(sid, uid);5151 5060 5152 5061 ret = true; … … 5190 5099 goto done; 5191 5100 } 5192 talloc_autofree_ldapmsg(tmp_ctx, result);5101 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5193 5102 5194 5103 if (ldap_count_entries(priv2ld(priv), result) != 1) { … … 5217 5126 sid_copy(sid, &group_sid); 5218 5127 5219 store_gid_sid_cache(sid, gid);5220 idmap_cache_set_sid2gid(sid, gid);5221 5222 5128 ret = true; 5223 5129 … … 5225 5131 TALLOC_FREE(tmp_ctx); 5226 5132 return ret; 5133 } 5134 5135 static bool ldapsam_id_to_sid(struct pdb_methods *methods, struct unixid *id, 5136 struct dom_sid *sid) 5137 { 5138 switch (id->type) { 5139 case ID_TYPE_UID: 5140 return ldapsam_uid_to_sid(methods, id->id, sid); 5141 5142 case ID_TYPE_GID: 5143 return ldapsam_gid_to_sid(methods, id->id, sid); 5144 5145 default: 5146 return false; 5147 } 5227 5148 } 5228 5149 … … 5252 5173 bool is_machine = False; 5253 5174 bool add_posix = False; 5175 bool init_okay = False; 5254 5176 LDAPMod **mods = NULL; 5255 5177 struct samu *user; … … 5285 5207 return NT_STATUS_ACCESS_DENIED; 5286 5208 } 5287 talloc_autofree_ldapmsg(tmp_ctx, result);5209 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5288 5210 5289 5211 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 5369 5291 } 5370 5292 5371 if (!init_ldap_from_sam(ldap_state, entry, &mods, user, element_is_set_or_changed)) { 5293 init_okay = init_ldap_from_sam(ldap_state, entry, &mods, user, pdb_element_is_set_or_changed); 5294 smbldap_talloc_autofree_ldapmod(tmp_ctx, mods); 5295 5296 if (!init_okay) { 5372 5297 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 5373 5298 return NT_STATUS_UNSUCCESSFUL; … … 5400 5325 if (is_machine) { 5401 5326 /* TODO: choose a more appropriate default for machines */ 5402 homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid); 5327 homedir = talloc_sub_specified(tmp_ctx, 5328 lp_template_homedir(), 5329 "SMB_workstations_home", 5330 NULL, 5331 ldap_state->domain_name, 5332 uid, 5333 gid); 5403 5334 shell = talloc_strdup(tmp_ctx, "/bin/false"); 5404 5335 } else { 5405 homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid); 5406 shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid); 5336 homedir = talloc_sub_specified(tmp_ctx, 5337 lp_template_homedir(), 5338 name, 5339 NULL, 5340 ldap_state->domain_name, 5341 uid, 5342 gid); 5343 shell = talloc_sub_specified(tmp_ctx, 5344 lp_template_shell(), 5345 name, 5346 NULL, 5347 ldap_state->domain_name, 5348 uid, 5349 gid); 5407 5350 } 5408 5351 uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid); … … 5416 5359 5417 5360 if (is_machine) { 5418 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix ( ));5361 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_machine_suffix (talloc_tos())); 5419 5362 } else { 5420 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix ( ));5363 dn = talloc_asprintf(tmp_ctx, "uid=%s,%s", escape_name, lp_ldap_user_suffix (talloc_tos())); 5421 5364 } 5422 5365 … … 5437 5380 } 5438 5381 5439 talloc_autofree_ldapmod(tmp_ctx, mods); 5440 5441 if (add_posix) { 5382 if (add_posix) { 5442 5383 rc = smbldap_add(ldap_state->smbldap_state, dn, mods); 5443 5384 } else { … … 5485 5426 return NT_STATUS_UNSUCCESSFUL; 5486 5427 } 5487 talloc_autofree_ldapmsg(tmp_ctx, result);5428 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5488 5429 5489 5430 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 5595 5536 return NT_STATUS_UNSUCCESSFUL; 5596 5537 } 5597 talloc_autofree_ldapmsg(tmp_ctx, result);5538 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5598 5539 5599 5540 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 5681 5622 } 5682 5623 5683 dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix( ));5624 dn = talloc_asprintf(tmp_ctx, "cn=%s,%s", escape_name, lp_ldap_group_suffix(talloc_tos())); 5684 5625 5685 5626 SAFE_FREE(escape_name); … … 5695 5636 } 5696 5637 5697 talloc_autofree_ldapmod(tmp_ctx, mods);5638 smbldap_talloc_autofree_ldapmod(tmp_ctx, mods); 5698 5639 5699 5640 if (is_new_entry) { … … 5752 5693 return NT_STATUS_UNSUCCESSFUL; 5753 5694 } 5754 talloc_autofree_ldapmsg(tmp_ctx, result);5695 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5755 5696 5756 5697 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 5798 5739 return NT_STATUS_UNSUCCESSFUL; 5799 5740 } 5800 talloc_autofree_ldapmsg(tmp_ctx, result);5741 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5801 5742 5802 5743 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 5867 5808 return NT_STATUS_UNSUCCESSFUL; 5868 5809 } 5869 talloc_autofree_ldapmsg(tmp_ctx, result);5810 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5870 5811 5871 5812 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 5931 5872 return NT_STATUS_UNSUCCESSFUL; 5932 5873 } 5933 talloc_autofree_ldapmsg(tmp_ctx, result);5874 smbldap_talloc_autofree_ldapmsg(tmp_ctx, result); 5934 5875 5935 5876 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 5959 5900 smbldap_set_mod(&mods, modop, "memberUid", uidstr); 5960 5901 5961 talloc_autofree_ldapmod(tmp_ctx, mods);5902 smbldap_talloc_autofree_ldapmod(tmp_ctx, mods); 5962 5903 5963 5904 rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); … … 6045 5986 return NT_STATUS_UNSUCCESSFUL; 6046 5987 } 6047 talloc_autofree_ldapmsg(mem_ctx, result);5988 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 6048 5989 6049 5990 num_result = ldap_count_entries(priv2ld(ldap_state), result); … … 6128 6069 6129 6070 if (result != NULL) { 6130 talloc_autofree_ldapmsg(mem_ctx, result);6071 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 6131 6072 } 6132 6073 … … 6269 6210 } 6270 6211 6271 talloc_autofree_ldapmod(talloc_tos(), mods);6212 smbldap_talloc_autofree_ldapmod(talloc_tos(), mods); 6272 6213 6273 6214 trusted_dn = trusteddom_dn(ldap_state, domain); … … 6350 6291 6351 6292 if (result != NULL) { 6352 talloc_autofree_ldapmsg(mem_ctx, result);6293 smbldap_talloc_autofree_ldapmsg(mem_ctx, result); 6353 6294 } 6354 6295 … … 6358 6299 6359 6300 *num_domains = 0; 6360 if (!(*domains = TALLOC_ARRAY(mem_ctx, struct trustdom_info *, 1))) {6301 if (!(*domains = talloc_array(mem_ctx, struct trustdom_info *, 1))) { 6361 6302 DEBUG(1, ("talloc failed\n")); 6362 6303 return NT_STATUS_NO_MEMORY; … … 6370 6311 struct trustdom_info *dom_info; 6371 6312 6372 dom_info = TALLOC_P(*domains, struct trustdom_info);6313 dom_info = talloc(*domains, struct trustdom_info); 6373 6314 if (dom_info == NULL) { 6374 6315 DEBUG(1, ("talloc failed\n")); … … 6445 6386 NTSTATUS nt_status; 6446 6387 struct ldapsam_privates *ldap_state; 6388 char *bind_dn = NULL; 6389 char *bind_secret = NULL; 6447 6390 6448 6391 if (!NT_STATUS_IS_OK(nt_status = make_pdb_method( pdb_method ))) { … … 6482 6425 /* TODO: Setup private data and free */ 6483 6426 6484 if ( !(ldap_state = TALLOC_ZERO_P(*pdb_method, struct ldapsam_privates)) ) {6427 if ( !(ldap_state = talloc_zero(*pdb_method, struct ldapsam_privates)) ) { 6485 6428 DEBUG(0, ("pdb_init_ldapsam_common: talloc() failed for ldapsam private_data!\n")); 6486 6429 return NT_STATUS_NO_MEMORY; 6487 6430 } 6488 6431 6489 nt_status = smbldap_init(*pdb_method, pdb_get_event_context(), 6490 location, &ldap_state->smbldap_state); 6491 6432 if (!fetch_ldap_pw(&bind_dn, &bind_secret)) { 6433 DEBUG(0, ("pdb_init_ldapsam_common: Failed to retrieve LDAP password from secrets.tdb\n")); 6434 return NT_STATUS_NO_MEMORY; 6435 } 6436 6437 nt_status = smbldap_init(*pdb_method, pdb_get_tevent_context(), 6438 location, false, bind_dn, bind_secret, 6439 &ldap_state->smbldap_state); 6440 memset(bind_secret, '\0', strlen(bind_secret)); 6441 SAFE_FREE(bind_secret); 6442 SAFE_FREE(bind_dn); 6492 6443 if ( !NT_STATUS_IS_OK(nt_status) ) { 6493 6444 return nt_status; … … 6505 6456 } 6506 6457 6507 /********************************************************************** 6508 Initialise the 'compat' mode for pdb_ldap 6509 *********************************************************************/ 6510 6511 NTSTATUS pdb_init_ldapsam_compat(struct pdb_methods **pdb_method, const char *location) 6512 { 6513 NTSTATUS nt_status; 6514 struct ldapsam_privates *ldap_state; 6515 char *uri = talloc_strdup( NULL, location ); 6516 6517 trim_char( uri, '\"', '\"' ); 6518 nt_status = pdb_init_ldapsam_common( pdb_method, uri ); 6519 if ( uri ) 6520 TALLOC_FREE( uri ); 6521 6522 if ( !NT_STATUS_IS_OK(nt_status) ) { 6523 return nt_status; 6524 } 6525 6526 (*pdb_method)->name = "ldapsam_compat"; 6527 6528 ldap_state = (struct ldapsam_privates *)((*pdb_method)->private_data); 6529 ldap_state->schema_ver = SCHEMAVER_SAMBAACCOUNT; 6530 6531 sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); 6532 6533 return NT_STATUS_OK; 6458 static bool ldapsam_is_responsible_for_wellknown(struct pdb_methods *m) 6459 { 6460 return true; 6534 6461 } 6535 6462 … … 6538 6465 *********************************************************************/ 6539 6466 6540 NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) 6467 NTSTATUS pdb_ldapsam_init_common(struct pdb_methods **pdb_method, 6468 const char *location) 6541 6469 { 6542 6470 NTSTATUS nt_status; … … 6570 6498 (*pdb_method)->search_groups = ldapsam_search_groups; 6571 6499 (*pdb_method)->search_aliases = ldapsam_search_aliases; 6500 (*pdb_method)->is_responsible_for_wellknown = 6501 ldapsam_is_responsible_for_wellknown; 6572 6502 6573 6503 if (lp_parm_bool(-1, "ldapsam", "trusted", False)) { … … 6577 6507 (*pdb_method)->lookup_rids = ldapsam_lookup_rids; 6578 6508 (*pdb_method)->sid_to_id = ldapsam_sid_to_id; 6579 (*pdb_method)->uid_to_sid = ldapsam_uid_to_sid; 6580 (*pdb_method)->gid_to_sid = ldapsam_gid_to_sid; 6509 (*pdb_method)->id_to_sid = ldapsam_id_to_sid; 6581 6510 6582 6511 if (lp_parm_bool(-1, "ldapsam", "editposix", False)) { … … 6601 6530 6602 6531 if ( !NT_STATUS_IS_OK(nt_status) ) { 6603 DEBUG(2, ("pdb_init_ldapsam: WARNING: Could not get domain " 6604 "info, nor add one to the domain\n")); 6605 DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, " 6606 "will be unable to allocate new users/groups, " 6607 "and will risk BDCs having inconsistent SIDs\n")); 6608 sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); 6609 return NT_STATUS_OK; 6532 DEBUG(0, ("pdb_init_ldapsam: WARNING: Could not get domain " 6533 "info, nor add one to the domain. " 6534 "We cannot work reliably without it.\n")); 6535 return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; 6610 6536 } 6611 6537 … … 6647 6573 return NT_STATUS_INVALID_PARAMETER; 6648 6574 } 6649 found_sid = secrets_fetch_domain_sid(ldap_state->domain_name,6575 found_sid = PDB_secrets_fetch_domain_sid(ldap_state->domain_name, 6650 6576 &secrets_domain_sid); 6651 6577 if (!found_sid || !dom_sid_equal(&secrets_domain_sid, … … 6658 6584 6659 6585 /* reset secrets.tdb sid */ 6660 secrets_store_domain_sid(ldap_state->domain_name,6586 PDB_secrets_store_domain_sid(ldap_state->domain_name, 6661 6587 &ldap_domain_sid); 6662 6588 DEBUG(1, ("New global sam SID: %s\n", … … 6690 6616 } 6691 6617 6692 NTSTATUS pdb_ldap _init(void)6618 NTSTATUS pdb_ldapsam_init(void) 6693 6619 { 6694 6620 NTSTATUS nt_status; 6695 if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam))) 6621 6622 nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, 6623 "ldapsam", 6624 pdb_ldapsam_init_common); 6625 if (!NT_STATUS_IS_OK(nt_status)) { 6696 6626 return nt_status; 6697 6698 if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat))) 6699 return nt_status; 6627 } 6700 6628 6701 6629 /* Let pdb_nds register backends */ -
vendor/current/source3/passdb/pdb_nds.c
r740 r988 24 24 #include <lber.h> 25 25 #include <ldap.h> 26 #include <wchar.h>27 26 28 27 #include "smbldap.h" 28 #include "passdb/pdb_ldap.h" 29 #include "passdb/pdb_nds.h" 29 30 30 31 #define NMASLDAP_GET_LOGIN_CONFIG_REQUEST "2.16.840.1.113719.1.39.42.100.3" … … 781 782 pdb_set_backend_private_data(sam_acct, result, NULL, 782 783 methods, PDB_CHANGED); 783 talloc_autofree_ldapmsg(sam_acct, result);784 smbldap_talloc_autofree_ldapmsg(sam_acct, result); 784 785 } 785 786 … … 811 812 if((success != True) || (got_clear_text_pw == True)) { 812 813 813 rc = smb _ldap_setup_full_conn(&ld, ldap_state->location);814 rc = smbldap_setup_full_conn(&ld, ldap_state->location); 814 815 if (rc) { 815 816 TALLOC_FREE(dn); … … 872 873 } 873 874 874 875 /**********************************************************************876 Initialise the 'nds compat' mode for pdb_ldap877 *********************************************************************/878 879 static NTSTATUS pdb_init_NDS_ldapsam_compat(struct pdb_methods **pdb_method, const char *location)880 {881 NTSTATUS nt_status = pdb_init_ldapsam_compat(pdb_method, location);882 883 (*pdb_method)->name = "NDS_ldapsam_compat";884 885 pdb_init_NDS_ldapsam_common(pdb_method, location);886 887 return nt_status;888 }889 890 891 875 /********************************************************************** 892 876 Initialise the 'nds' normal mode for pdb_ldap … … 895 879 static NTSTATUS pdb_init_NDS_ldapsam(struct pdb_methods **pdb_method, const char *location) 896 880 { 897 NTSTATUS nt_status = pdb_ init_ldapsam(pdb_method, location);881 NTSTATUS nt_status = pdb_ldapsam_init_common(pdb_method, location); 898 882 899 883 (*pdb_method)->name = "NDS_ldapsam"; … … 910 894 return nt_status; 911 895 912 if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "NDS_ldapsam_compat", pdb_init_NDS_ldapsam_compat)))913 return nt_status;914 915 896 return NT_STATUS_OK; 916 897 } -
vendor/current/source3/passdb/pdb_smbpasswd.c
r860 r988 27 27 #include "../librpc/gen_ndr/samr.h" 28 28 #include "../libcli/security/security.h" 29 #include "passdb/pdb_smbpasswd.h" 29 30 30 31 #undef DBGC_CLASS … … 39 40 struct smb_passwd 40 41 { 41 uint32 smb_userid;/* this is actually the unix uid_t */42 uint32_t smb_userid; /* this is actually the unix uid_t */ 42 43 const char *smb_name; /* username string */ 43 44 … … 87 88 static bool do_file_lock(int fd, int waitsecs, int type) 88 89 { 89 SMB_STRUCT_FLOCKlock;90 struct flock lock; 90 91 int ret; 91 92 void (*oldsig_handler)(int); … … 102 103 alarm(waitsecs); 103 104 /* Note we must *NOT* use sys_fcntl here ! JRA */ 104 ret = fcntl(fd, SMB_F_SETLKW, &lock);105 ret = fcntl(fd, F_SETLKW, &lock); 105 106 alarm(0); 106 107 CatchSignal(SIGALRM, oldsig_handler); … … 214 215 215 216 for(i = 0; i < 5; i++) { 216 if((fd = sys_open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1) {217 if((fd = open(pfile, O_CREAT|O_TRUNC|O_EXCL|O_RDWR, 0600))!=-1) { 217 218 break; 218 219 } 219 sys_usleep(200); /* Spin, spin... */220 usleep(200); /* Spin, spin... */ 220 221 } 221 222 if(fd == -1) { … … 237 238 DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile)); 238 239 239 if((fp = sys_fopen(pfile, open_mode)) == NULL) {240 if((fp = fopen(pfile, open_mode)) == NULL) { 240 241 241 242 /* … … 244 245 */ 245 246 if (errno == ENOENT) { 246 if ((fp = sys_fopen(pfile, "a+")) != NULL) {247 if ((fp = fopen(pfile, "a+")) != NULL) { 247 248 DEBUG(0, ("startsmbfilepwent_internal: file %s did not \ 248 249 exist. File successfully created.\n", pfile)); … … 550 551 if(*p == ':') { 551 552 p++; 552 if(*p && ( StrnCaseCmp((char *)p, "LCT-", 4)==0)) {553 if(*p && (strncasecmp_m((char *)p, "LCT-", 4)==0)) { 553 554 int i; 554 555 p += 4; … … 642 643 size_t new_entry_length; 643 644 char *new_entry; 644 SMB_OFF_Toffpos;645 off_t offpos; 645 646 646 647 /* Open the smbpassword file - for update. */ … … 678 679 fd = fileno(fp); 679 680 680 if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {681 if((offpos = lseek(fd, 0, SEEK_END)) == -1) { 681 682 NTSTATUS result = map_nt_error_from_unix(errno); 682 DEBUG(0, ("add_smbfilepwd_entry( sys_lseek): Failed to add entry for user %s to file %s. \683 DEBUG(0, ("add_smbfilepwd_entry(lseek): Failed to add entry for user %s to file %s. \ 683 684 Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); 684 685 endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); … … 706 707 707 708 /* Remove the entry we just wrote. */ 708 if( sys_ftruncate(fd, offpos) == -1) {709 if(ftruncate(fd, offpos) == -1) { 709 710 DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ 710 711 Error was %s. Password file may be corrupt ! Please examine by hand !\n", … … 751 752 bool got_pass_last_set_time = False; 752 753 753 SMB_OFF_Tpwd_seekpos = 0;754 off_t pwd_seekpos = 0; 754 755 755 756 int i; … … 763 764 DEBUG(10, ("mod_smbfilepwd_entry: opening file %s\n", pfile)); 764 765 765 fp = sys_fopen(pfile, "r+");766 fp = fopen(pfile, "r+"); 766 767 767 768 if (fp == NULL) { … … 789 790 status = linebuf; 790 791 while (status && !feof(fp)) { 791 pwd_seekpos = sys_ftell(fp);792 pwd_seekpos = ftell(fp); 792 793 793 794 linebuf[0] = '\0'; … … 977 978 978 979 /* We should be pointing at the LCT entry. */ 979 if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && ( StrnCaseCmp((char *)p, "LCT-", 4) == 0)) {980 if((linebuf_len > (PTR_DIFF(p, linebuf) + 13)) && (strncasecmp_m((char *)p, "LCT-", 4) == 0)) { 980 981 p += 4; 981 982 for(i = 0; i < 8; i++) { … … 992 993 got_pass_last_set_time = True; 993 994 } /* i == 8 */ 994 } /* *p && StrnCaseCmp() */995 } /* *p && strncasecmp_m() */ 995 996 } /* p == ':' */ 996 997 } /* p == '[' */ … … 1019 1020 #ifdef DEBUG_PASSWORD 1020 1021 DEBUG(100,("mod_smbfilepwd_entry: ")); 1021 dump_data(100, (uint8 *)ascii_p16, wr_len);1022 dump_data(100, (uint8_t *)ascii_p16, wr_len); 1022 1023 #endif 1023 1024 … … 1040 1041 fd = fileno(fp); 1041 1042 1042 if ( sys_lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) {1043 if (lseek(fd, pwd_seekpos - 1, SEEK_SET) != pwd_seekpos - 1) { 1043 1044 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); 1044 1045 pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth); … … 1062 1063 } 1063 1064 1064 if ( sys_lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) {1065 if (lseek(fd, pwd_seekpos, SEEK_SET) != pwd_seekpos) { 1065 1066 DEBUG(0, ("mod_smbfilepwd_entry: seek fail on file %s.\n", pfile)); 1066 1067 pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth); … … 1096 1097 pfile2 = talloc_asprintf(talloc_tos(), 1097 1098 "%s.%u", 1098 pfile, (unsigned) sys_getpid());1099 pfile, (unsigned)getpid()); 1099 1100 if (!pfile2) { 1100 1101 return false; … … 1206 1207 /* If the user specified a RID, make sure its able to be both stored and retreived */ 1207 1208 if (rid == DOMAIN_RID_GUEST) { 1208 struct passwd *passwd = Get_Pwnam_alloc(NULL, lp_guest account());1209 struct passwd *passwd = Get_Pwnam_alloc(NULL, lp_guest_account()); 1209 1210 if (!passwd) { 1210 DEBUG(0, ("Could not find guest account via Get_Pwnam_alloc()! (%s)\n", lp_guest account()));1211 DEBUG(0, ("Could not find guest account via Get_Pwnam_alloc()! (%s)\n", lp_guest_account())); 1211 1212 return False; 1212 1213 } … … 1343 1344 /* More special case 'guest account' hacks... */ 1344 1345 if (rid == DOMAIN_RID_GUEST) { 1345 const char *guest_account = lp_guest account();1346 const char *guest_account = lp_guest_account(); 1346 1347 if (!(guest_account && *guest_account)) { 1347 1348 DEBUG(1, ("Guest account not specfied!\n")); … … 1449 1450 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 1450 1451 1451 if (!*(lp_rename user_script()))1452 if (!*(lp_rename_user_script(talloc_tos()))) 1452 1453 goto done; 1453 1454 … … 1469 1470 1470 1471 /* rename the posix user */ 1471 rename_script = talloc_strdup(ctx, 1472 lp_renameuser_script()); 1472 rename_script = lp_rename_user_script(ctx); 1473 1473 if (!rename_script) { 1474 1474 ret = NT_STATUS_NO_MEMORY; … … 1696 1696 /* Setup private data and free function */ 1697 1697 1698 if ( !(privates = TALLOC_ZERO_P( *pdb_method, struct smbpasswd_privates )) ) {1698 if ( !(privates = talloc_zero( *pdb_method, struct smbpasswd_privates )) ) { 1699 1699 DEBUG(0, ("talloc() failed for smbpasswd private_data!\n")); 1700 1700 return NT_STATUS_NO_MEMORY; -
vendor/current/source3/passdb/pdb_tdb.c
r740 r988 26 26 #include "system/filesys.h" 27 27 #include "passdb.h" 28 #include "dbwrap.h" 28 #include "dbwrap/dbwrap.h" 29 #include "dbwrap/dbwrap_open.h" 29 30 #include "../libcli/security/security.h" 30 31 #include "util_tdb.h" 32 #include "passdb/pdb_tdb.h" 31 33 32 34 #if 0 /* when made a module use this */ … … 58 60 static struct db_context *db_sam; 59 61 static char *tdbsam_filename; 62 static bool map_builtin; 60 63 61 64 struct tdbsam_convert_state { … … 72 75 NTSTATUS status; 73 76 bool ret; 74 75 if (rec->key.dsize < USERPREFIX_LEN) { 77 TDB_DATA key; 78 TDB_DATA value; 79 80 key = dbwrap_record_get_key(rec); 81 82 if (key.dsize < USERPREFIX_LEN) { 76 83 return 0; 77 84 } 78 if (strncmp((char *) rec->key.dptr, USERPREFIX, USERPREFIX_LEN) != 0) {85 if (strncmp((char *)key.dptr, USERPREFIX, USERPREFIX_LEN) != 0) { 79 86 return 0; 80 87 } … … 88 95 89 96 DEBUG(10,("tdbsam_convert: Try unpacking a record with (key:%s) " 90 "(version:%d)\n", rec->key.dptr, state->from)); 97 "(version:%d)\n", (char *)key.dptr, state->from)); 98 99 value = dbwrap_record_get_value(rec); 91 100 92 101 switch (state->from) { 93 102 case 0: 94 103 ret = init_samu_from_buffer(user, SAMU_BUFFER_V0, 95 (uint8 *)rec->value.dptr,96 rec->value.dsize);104 (uint8_t *)value.dptr, 105 value.dsize); 97 106 break; 98 107 case 1: 99 108 ret = init_samu_from_buffer(user, SAMU_BUFFER_V1, 100 (uint8 *)rec->value.dptr,101 rec->value.dsize);109 (uint8_t *)value.dptr, 110 value.dsize); 102 111 break; 103 112 case 2: 104 113 ret = init_samu_from_buffer(user, SAMU_BUFFER_V2, 105 (uint8 *)rec->value.dptr,106 rec->value.dsize);114 (uint8_t *)value.dptr, 115 value.dsize); 107 116 break; 108 117 case 3: 109 118 ret = init_samu_from_buffer(user, SAMU_BUFFER_V3, 110 (uint8 *)rec->value.dptr,111 rec->value.dsize);119 (uint8_t *)value.dptr, 120 value.dsize); 112 121 break; 113 122 case 4: 114 123 ret = init_samu_from_buffer(user, SAMU_BUFFER_V4, 115 (uint8 *)rec->value.dptr,116 rec->value.dsize);124 (uint8_t *)value.dptr, 125 value.dsize); 117 126 break; 118 127 default: … … 122 131 if (!ret) { 123 132 DEBUG(0,("tdbsam_convert: Bad struct samu entry returned " 124 "from TDB (key:%s) (version:%d)\n", rec->key.dptr,133 "from TDB (key:%s) (version:%d)\n", (char *)key.dptr, 125 134 state->from)); 126 135 TALLOC_FREE(user); … … 139 148 } 140 149 141 status = rec->store(rec, data, TDB_MODIFY);150 status = dbwrap_record_store(rec, data, TDB_MODIFY); 142 151 if (!NT_STATUS_IS_OK(status)) { 143 152 DEBUG(0, ("Could not store the new record: %s\n", … … 164 173 struct db_record *new_rec; 165 174 NTSTATUS status; 166 167 new_rec = bs->new_db->fetch_locked(bs->new_db, talloc_tos(), orig_rec->key); 175 TDB_DATA key; 176 TDB_DATA value; 177 178 key = dbwrap_record_get_key(orig_rec); 179 180 new_rec = dbwrap_fetch_locked(bs->new_db, talloc_tos(), key); 168 181 if (new_rec == NULL) { 169 182 bs->success = false; … … 171 184 } 172 185 173 status = new_rec->store(new_rec, orig_rec->value, TDB_INSERT); 186 value = dbwrap_record_get_value(orig_rec); 187 188 status = dbwrap_record_store(new_rec, value, TDB_INSERT); 174 189 175 190 TALLOC_FREE(new_rec); … … 197 212 struct db_context *orig_db = *pp_db; 198 213 struct tdbsam_backup_state bs; 199 int ret;214 NTSTATUS status; 200 215 201 216 tmp_fname = talloc_asprintf(frame, "%s.tmp", dbname); … … 211 226 212 227 tmp_db = db_open(NULL, tmp_fname, 0, 213 TDB_DEFAULT, O_CREAT|O_RDWR, 0600); 228 TDB_DEFAULT, O_CREAT|O_RDWR, 0600, 229 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); 214 230 if (tmp_db == NULL) { 215 231 DEBUG(0, ("tdbsam_convert_backup: Failed to create backup TDB passwd " … … 219 235 } 220 236 221 if ( orig_db->transaction_start(orig_db) != 0) {237 if (dbwrap_transaction_start(orig_db) != 0) { 222 238 DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (1)\n")); 223 239 unlink(tmp_fname); … … 226 242 return false; 227 243 } 228 if ( tmp_db->transaction_start(tmp_db) != 0) {244 if (dbwrap_transaction_start(tmp_db) != 0) { 229 245 DEBUG(0, ("tdbsam_convert_backup: Could not start transaction (2)\n")); 230 orig_db->transaction_cancel(orig_db);246 dbwrap_transaction_cancel(orig_db); 231 247 unlink(tmp_fname); 232 248 TALLOC_FREE(tmp_db); … … 238 254 bs.success = true; 239 255 240 ret = orig_db->traverse(orig_db, backup_copy_fn, (void *)&bs);241 if ( ret < 0) {256 status = dbwrap_traverse(orig_db, backup_copy_fn, (void *)&bs, NULL); 257 if (!NT_STATUS_IS_OK(status)) { 242 258 DEBUG(0, ("tdbsam_convert_backup: traverse failed\n")); 243 259 goto cancel; … … 249 265 } 250 266 251 if ( orig_db->transaction_commit(orig_db) != 0) {267 if (dbwrap_transaction_commit(orig_db) != 0) { 252 268 smb_panic("tdbsam_convert_backup: orig commit failed\n"); 253 269 } 254 if ( tmp_db->transaction_commit(tmp_db) != 0) {270 if (dbwrap_transaction_commit(tmp_db) != 0) { 255 271 smb_panic("tdbsam_convert_backup: orig commit failed\n"); 256 272 } … … 277 293 278 294 orig_db = db_open(NULL, dbname, 0, 279 TDB_DEFAULT, O_CREAT|O_RDWR, 0600); 295 TDB_DEFAULT, O_CREAT|O_RDWR, 0600, 296 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); 280 297 if (orig_db == NULL) { 281 298 DEBUG(0, ("tdbsam_convert_backup: Failed to re-open " … … 293 310 cancel: 294 311 295 if ( orig_db->transaction_cancel(orig_db) != 0) {312 if (dbwrap_transaction_cancel(orig_db) != 0) { 296 313 smb_panic("tdbsam_convert: transaction_cancel failed"); 297 314 } 298 315 299 if ( tmp_db->transaction_cancel(tmp_db) != 0) {316 if (dbwrap_transaction_cancel(tmp_db) != 0) { 300 317 smb_panic("tdbsam_convert: transaction_cancel failed"); 301 318 } … … 310 327 { 311 328 TDB_CONTEXT *tdb; 312 uint32 rid;329 uint32_t rid; 313 330 bool ok = false; 314 315 ok = dbwrap_fetch_uint32(db, NEXT_RID_STRING, &rid); 316 if (ok) { 331 NTSTATUS status; 332 char *db_path; 333 334 status = dbwrap_fetch_uint32_bystring(db, NEXT_RID_STRING, &rid); 335 if (NT_STATUS_IS_OK(status)) { 317 336 return true; 318 337 } 319 338 320 tdb = tdb_open_log(state_path("winbindd_idmap.tdb"), 0, 339 db_path = state_path("winbindd_idmap.tdb"); 340 if (db_path == NULL) { 341 return false; 342 } 343 344 tdb = tdb_open_log(db_path, 0, 321 345 TDB_DEFAULT, O_RDONLY, 0644); 322 346 TALLOC_FREE(db_path); 323 347 if (tdb) { 324 348 ok = tdb_fetch_uint32(tdb, "RID_COUNTER", &rid); … … 331 355 } 332 356 333 if (dbwrap_store_uint32(db, NEXT_RID_STRING, rid) != 0) { 357 status = dbwrap_store_uint32_bystring(db, NEXT_RID_STRING, rid); 358 if (!NT_STATUS_IS_OK(status)) { 334 359 return false; 335 360 } … … 338 363 } 339 364 340 static bool tdbsam_convert(struct db_context **pp_db, const char *name, int32 from)365 static bool tdbsam_convert(struct db_context **pp_db, const char *name, int32_t from) 341 366 { 342 367 struct tdbsam_convert_state state; 343 368 struct db_context *db = NULL; 344 int ret;369 NTSTATUS status; 345 370 346 371 /* We only need the update backup for local db's. */ … … 354 379 state.success = true; 355 380 356 if (db ->transaction_start(db) != 0) {381 if (dbwrap_transaction_start(db) != 0) { 357 382 DEBUG(0, ("tdbsam_convert: Could not start transaction\n")); 358 383 return false; … … 364 389 } 365 390 366 ret = db->traverse(db, tdbsam_convert_one, &state);367 if ( ret < 0) {391 status = dbwrap_traverse(db, tdbsam_convert_one, &state, NULL); 392 if (!NT_STATUS_IS_OK(status)) { 368 393 DEBUG(0, ("tdbsam_convert: traverse failed\n")); 369 394 goto cancel; … … 375 400 } 376 401 377 if (dbwrap_store_int32(db, TDBSAM_VERSION_STRING, 378 TDBSAM_VERSION) != 0) { 379 DEBUG(0, ("tdbsam_convert: Could not store tdbsam version\n")); 380 goto cancel; 381 } 382 383 if (dbwrap_store_int32(db, TDBSAM_MINOR_VERSION_STRING, 384 TDBSAM_MINOR_VERSION) != 0) { 385 DEBUG(0, ("tdbsam_convert: Could not store tdbsam minor version\n")); 386 goto cancel; 387 } 388 389 if (db->transaction_commit(db) != 0) { 402 status = dbwrap_store_int32_bystring(db, TDBSAM_VERSION_STRING, 403 TDBSAM_VERSION); 404 if (!NT_STATUS_IS_OK(status)) { 405 DEBUG(0, ("tdbsam_convert: Could not store tdbsam version: " 406 "%s\n", nt_errstr(status))); 407 goto cancel; 408 } 409 410 status = dbwrap_store_int32_bystring(db, TDBSAM_MINOR_VERSION_STRING, 411 TDBSAM_MINOR_VERSION); 412 if (!NT_STATUS_IS_OK(status)) { 413 DEBUG(0, ("tdbsam_convert: Could not store tdbsam minor " 414 "version: %s\n", nt_errstr(status))); 415 goto cancel; 416 } 417 418 if (dbwrap_transaction_commit(db) != 0) { 390 419 DEBUG(0, ("tdbsam_convert: Could not commit transaction\n")); 391 420 return false; … … 395 424 396 425 cancel: 397 if (db ->transaction_cancel(db) != 0) {426 if (dbwrap_transaction_cancel(db) != 0) { 398 427 smb_panic("tdbsam_convert: transaction_cancel failed"); 399 428 } … … 409 438 static bool tdbsam_open( const char *name ) 410 439 { 411 int32 version; 412 int32 minor_version; 440 int32_t version; 441 int32_t minor_version; 442 NTSTATUS status; 413 443 414 444 /* check if we are already open */ … … 420 450 /* Try to open tdb passwd. Create a new one if necessary */ 421 451 422 db_sam = db_open(NULL, name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 0600); 452 db_sam = db_open(NULL, name, 0, TDB_DEFAULT, O_CREAT|O_RDWR, 0600, 453 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); 423 454 if (db_sam == NULL) { 424 455 DEBUG(0, ("tdbsam_open: Failed to open/create TDB passwd " … … 428 459 429 460 /* Check the version */ 430 version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING); 431 if (version == -1) { 461 status = dbwrap_fetch_int32_bystring(db_sam, TDBSAM_VERSION_STRING, 462 &version); 463 if (!NT_STATUS_IS_OK(status)) { 432 464 version = 0; /* Version not found, assume version 0 */ 433 465 } 434 466 435 467 /* Get the minor version */ 436 minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING); 437 if (minor_version == -1) { 468 status = dbwrap_fetch_int32_bystring( 469 db_sam, TDBSAM_MINOR_VERSION_STRING, &minor_version); 470 if (!NT_STATUS_IS_OK(status)) { 438 471 minor_version = 0; /* Minor version not found, assume 0 */ 439 472 } … … 469 502 470 503 /* Re-check the version */ 471 version = dbwrap_fetch_int32(db_sam, TDBSAM_VERSION_STRING); 472 if (version == -1) { 504 status = dbwrap_fetch_int32_bystring( 505 db_sam, TDBSAM_VERSION_STRING, &version); 506 if (!NT_STATUS_IS_OK(status)) { 473 507 version = 0; /* Version not found, assume version 0 */ 474 508 } 475 509 476 510 /* Re-check the minor version */ 477 minor_version = dbwrap_fetch_int32(db_sam, TDBSAM_MINOR_VERSION_STRING); 478 if (minor_version == -1) { 511 status = dbwrap_fetch_int32_bystring( 512 db_sam, TDBSAM_MINOR_VERSION_STRING, &minor_version); 513 if (!NT_STATUS_IS_OK(status)) { 479 514 minor_version = 0; /* Minor version not found, assume 0 */ 480 515 } … … 536 571 fstring keystr; 537 572 fstring name; 573 NTSTATUS status; 538 574 539 575 if ( !user ) { … … 544 580 /* Data is stored in all lower-case */ 545 581 fstrcpy(name, sname); 546 strlower_m(name); 582 if (!strlower_m(name)) { 583 return NT_STATUS_INVALID_PARAMETER; 584 } 547 585 548 586 /* set search key */ 549 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);587 fstr_sprintf(keystr, "%s%s", USERPREFIX, name); 550 588 551 589 /* open the database */ … … 558 596 /* get the record */ 559 597 560 data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr);561 if (! data.dptr) {598 status = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr, &data); 599 if (!NT_STATUS_IS_OK(status)) { 562 600 DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n")); 563 601 DEBUGADD(5, (" Key: %s\n", keystr)); … … 565 603 } 566 604 605 if (data.dsize == 0) { 606 DEBUG(5, ("%s: Got 0-sized record for key %s\n", __func__, 607 keystr)); 608 return NT_STATUS_NO_SUCH_USER; 609 } 610 567 611 /* unpack the buffer */ 568 612 569 613 if (!init_samu_from_buffer(user, SAMU_BUFFER_LATEST, data.dptr, data.dsize)) { 570 614 DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n")); 571 SAFE_FREE(data.dptr);615 TALLOC_FREE(data.dptr); 572 616 return NT_STATUS_NO_MEMORY; 573 617 } … … 585 629 586 630 static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, 587 struct samu *user, uint32 rid)631 struct samu *user, uint32_t rid) 588 632 { 589 633 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; … … 599 643 /* set search key */ 600 644 601 slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);645 fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, rid); 602 646 603 647 /* open the database */ … … 610 654 /* get the record */ 611 655 612 data = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr);613 if (! data.dptr) {656 nt_status = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr, &data); 657 if (!NT_STATUS_IS_OK(nt_status)) { 614 658 DEBUG(5,("pdb_getsampwrid (TDB): error looking up RID %d by key %s.\n", rid, keystr)); 615 return NT_STATUS_UNSUCCESSFUL;659 return nt_status; 616 660 } 617 661 … … 625 669 struct samu * user, const struct dom_sid *sid) 626 670 { 627 uint32 rid;671 uint32_t rid; 628 672 629 673 if ( !sid_peek_check_rid(get_global_sam_sid(), sid, &rid) ) … … 640 684 641 685 fstrcpy(name, pdb_get_username(sam_pass)); 642 strlower_m(name); 686 if (!strlower_m(name)) { 687 return false; 688 } 643 689 644 690 /* set the search key */ 645 691 646 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);692 fstr_sprintf(keystr, "%s%s", USERPREFIX, name); 647 693 648 694 /* it's outaa here! 8^) */ … … 672 718 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; 673 719 fstring keystr; 674 uint32 720 uint32_t rid; 675 721 fstring name; 676 722 … … 684 730 685 731 fstrcpy(name, pdb_get_username(sam_pass)); 686 strlower_m(name); 732 if (!strlower_m(name)) { 733 return NT_STATUS_INVALID_PARAMETER; 734 } 687 735 688 736 /* set the search key */ 689 737 690 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);738 fstr_sprintf(keystr, "%s%s", USERPREFIX, name); 691 739 692 740 rid = pdb_get_user_rid(sam_pass); … … 694 742 /* it's outaa here! 8^) */ 695 743 696 if (db _sam->transaction_start(db_sam) != 0) {744 if (dbwrap_transaction_start(db_sam) != 0) { 697 745 DEBUG(0, ("Could not start transaction\n")); 698 746 return NT_STATUS_UNSUCCESSFUL; … … 708 756 /* set the search key */ 709 757 710 slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, rid);758 fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, rid); 711 759 712 760 /* it's outaa here! 8^) */ … … 719 767 } 720 768 721 if (db _sam->transaction_commit(db_sam) != 0) {769 if (dbwrap_transaction_commit(db_sam) != 0) { 722 770 DEBUG(0, ("Could not commit transaction\n")); 723 771 return NT_STATUS_INTERNAL_DB_CORRUPTION; … … 727 775 728 776 cancel: 729 if (db _sam->transaction_cancel(db_sam) != 0) {777 if (dbwrap_transaction_cancel(db_sam) != 0) { 730 778 smb_panic("transaction_cancel failed"); 731 779 } … … 742 790 { 743 791 TDB_DATA data; 744 uint8 *buf = NULL;792 uint8_t *buf = NULL; 745 793 fstring keystr; 746 794 fstring name; … … 757 805 758 806 fstrcpy(name, pdb_get_username(newpwd)); 759 strlower_m(name); 807 if (!strlower_m(name)) { 808 goto done; 809 } 760 810 761 811 DEBUG(5, ("Storing %saccount %s with RID %d\n", … … 764 814 765 815 /* setup the USER index key */ 766 slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);816 fstr_sprintf(keystr, "%s%s", USERPREFIX, name); 767 817 768 818 /* add the account */ … … 795 845 796 846 fstrcpy(name, pdb_get_username(newpwd)); 797 strlower_m(name); 847 if (!strlower_m(name)) { 848 return false; 849 } 798 850 799 851 /* setup RID data */ … … 801 853 802 854 /* setup the RID index key */ 803 slprintf(keystr, sizeof(keystr)-1, "%s%.8x", RIDPREFIX, 804 pdb_get_user_rid(newpwd)); 855 fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, pdb_get_user_rid(newpwd)); 805 856 806 857 /* add the reference */ … … 841 892 } 842 893 843 if (db _sam->transaction_start(db_sam) != 0) {894 if (dbwrap_transaction_start(db_sam) != 0) { 844 895 DEBUG(0, ("Could not start transaction\n")); 845 896 return false; … … 882 933 /* Delete old RID key */ 883 934 DEBUG(10, ("tdb_update_sam: Deleting key for RID %u\n", oldrid)); 884 slprintf(keystr, sizeof(keystr) - 1, "%s%.8x", RIDPREFIX, oldrid);935 fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, oldrid); 885 936 if (!NT_STATUS_IS_OK(dbwrap_delete_bystring(db_sam, keystr))) { 886 937 DEBUG(0, ("tdb_update_sam: Can't delete %s\n", keystr)); … … 900 951 } 901 952 902 if (db _sam->transaction_commit(db_sam) != 0) {953 if (dbwrap_transaction_commit(db_sam) != 0) { 903 954 DEBUG(0, ("Could not commit transaction\n")); 904 955 return false; … … 908 959 909 960 cancel: 910 if (db _sam->transaction_cancel(db_sam) != 0) {961 if (dbwrap_transaction_cancel(db_sam) != 0) { 911 962 smb_panic("transaction_cancel failed"); 912 963 } … … 963 1014 } 964 1015 965 rename_script = talloc_strdup(new_acct, lp_renameuser_script());1016 rename_script = lp_rename_user_script(new_acct); 966 1017 if (!rename_script) { 967 1018 TALLOC_FREE(new_acct); … … 988 1039 } 989 1040 990 if (db _sam->transaction_start(db_sam) != 0) {1041 if (dbwrap_transaction_start(db_sam) != 0) { 991 1042 DEBUG(0, ("Could not start transaction\n")); 992 1043 TALLOC_FREE(new_acct); … … 1004 1055 1005 1056 fstrcpy( oldname_lower, pdb_get_username(old_acct) ); 1006 strlower_m( oldname_lower ); 1057 if (!strlower_m( oldname_lower )) { 1058 goto cancel; 1059 } 1007 1060 1008 1061 fstrcpy( newname_lower, newname ); 1009 strlower_m( newname_lower ); 1062 if (!strlower_m( newname_lower )) { 1063 goto cancel; 1064 } 1010 1065 1011 1066 rename_script = talloc_string_sub2(new_acct, … … 1048 1103 tdb_delete_samacct_only( old_acct ); 1049 1104 1050 if (db _sam->transaction_commit(db_sam) != 0) {1105 if (dbwrap_transaction_commit(db_sam) != 0) { 1051 1106 /* 1052 1107 * Ok, we're screwed. We've changed the posix account, but … … 1063 1118 1064 1119 cancel: 1065 if (db _sam->transaction_cancel(db_sam) != 0) {1120 if (dbwrap_transaction_cancel(db_sam) != 0) { 1066 1121 smb_panic("transaction_cancel failed"); 1067 1122 } … … 1077 1132 } 1078 1133 1079 static bool tdbsam_new_rid(struct pdb_methods *methods, uint32 *prid)1080 { 1081 uint32 rid;1134 static bool tdbsam_new_rid(struct pdb_methods *methods, uint32_t *prid) 1135 { 1136 uint32_t rid; 1082 1137 NTSTATUS status; 1083 1138 … … 1090 1145 } 1091 1146 1092 status = dbwrap_trans_change_uint32_atomic (db_sam, NEXT_RID_STRING,1093 1147 status = dbwrap_trans_change_uint32_atomic_bystring( 1148 db_sam, NEXT_RID_STRING, &rid, 1); 1094 1149 if (!NT_STATUS_IS_OK(status)) { 1095 1150 DEBUG(3, ("tdbsam_new_rid: Failed to increase %s: %s\n", … … 1118 1173 private_data, struct tdbsam_search_state); 1119 1174 size_t prefixlen = strlen(RIDPREFIX); 1120 uint32 rid; 1121 1122 if ((rec->key.dsize < prefixlen) 1123 || (strncmp((char *)rec->key.dptr, RIDPREFIX, prefixlen))) { 1175 uint32_t rid; 1176 TDB_DATA key; 1177 1178 key = dbwrap_record_get_key(rec); 1179 1180 if ((key.dsize < prefixlen) 1181 || (strncmp((char *)key.dptr, RIDPREFIX, prefixlen))) { 1124 1182 return 0; 1125 1183 } 1126 1184 1127 rid = strtoul((char *) rec->key.dptr+prefixlen, NULL, 16);1128 1129 ADD_TO_LARGE_ARRAY(state, uint32 , rid, &state->rids, &state->num_rids,1185 rid = strtoul((char *)key.dptr+prefixlen, NULL, 16); 1186 1187 ADD_TO_LARGE_ARRAY(state, uint32_t, rid, &state->rids, &state->num_rids, 1130 1188 &state->array_size); 1131 1189 … … 1158 1216 1159 1217 if (state->current == state->num_rids) { 1218 TALLOC_FREE(user); 1160 1219 return false; 1161 1220 } … … 1203 1262 static bool tdbsam_search_users(struct pdb_methods *methods, 1204 1263 struct pdb_search *search, 1205 uint32 acct_flags)1264 uint32_t acct_flags) 1206 1265 { 1207 1266 struct tdbsam_search_state *state; … … 1221 1280 state->methods = methods; 1222 1281 1223 db _sam->traverse_read(db_sam, tdbsam_collect_rids, state);1282 dbwrap_traverse_read(db_sam, tdbsam_collect_rids, state, NULL); 1224 1283 1225 1284 search->private_data = state; … … 1228 1287 1229 1288 return true; 1289 } 1290 1291 static bool tdbsam_is_responsible_for_builtin(struct pdb_methods *m) 1292 { 1293 return map_builtin; 1230 1294 } 1231 1295 … … 1258 1322 (*pdb_method)->new_rid = tdbsam_new_rid; 1259 1323 1324 (*pdb_method)->is_responsible_for_builtin = 1325 tdbsam_is_responsible_for_builtin; 1326 map_builtin = lp_parm_bool(-1, "tdbsam", "map builtin", true); 1327 1260 1328 /* save the path for later */ 1261 1329 -
vendor/current/source3/passdb/pdb_util.c
r740 r988 27 27 #include "passdb.h" 28 28 #include "lib/winbind_util.h" 29 #include "../librpc/gen_ndr/idmap.h" 29 30 30 31 /** … … 68 69 * @return Normal NTSTATUS return. 69 70 */ 70 static NTSTATUS create_builtin(uint32rid)71 NTSTATUS pdb_create_builtin(uint32_t rid) 71 72 { 72 73 NTSTATUS status = NT_STATUS_OK; 73 74 struct dom_sid sid; 74 75 gid_t gid; 76 bool mapresult; 75 77 76 78 if (!sid_compose(&sid, &global_sid_Builtin, rid)) { … … 78 80 } 79 81 80 if (!sid_to_gid(&sid, &gid)) { 81 if (!lp_winbind_nested_groups() || !winbind_ping()) { 82 return NT_STATUS_PROTOCOL_UNREACHABLE; 82 if (!pdb_is_responsible_for_builtin()) { 83 /* 84 * if this backend is not responsible for BUILTIN 85 * 86 * Use the gid from the mapping request for entry. 87 * If the mapping fails, bail out 88 */ 89 mapresult = sid_to_gid(&sid, &gid); 90 if (!mapresult) { 91 status = NT_STATUS_NO_SUCH_GROUP; 92 } else { 93 status = pdb_create_builtin_alias(rid, gid); 83 94 } 84 status = pdb_create_builtin_alias(rid); 95 } else { 96 /* 97 * this backend is responsible for BUILTIN 98 * 99 * a failed mapping result means that the entry 100 * does not exist yet, so create it 101 * 102 * we use pdb_sid_to_id intentionally here to 103 * directly query the passdb backend (sid_to_gid 104 * would finally do the same) 105 */ 106 struct unixid id; 107 mapresult = pdb_sid_to_id(&sid, &id); 108 if (!mapresult) { 109 if (!lp_winbind_nested_groups() || !winbind_ping()) { 110 return NT_STATUS_PROTOCOL_UNREACHABLE; 111 } 112 status = pdb_create_builtin_alias(rid, 0); 113 } 85 114 } 86 115 return status; … … 95 124 struct dom_sid dom_users; 96 125 97 status = create_builtin(BUILTIN_RID_USERS);126 status = pdb_create_builtin(BUILTIN_RID_USERS); 98 127 if ( !NT_STATUS_IS_OK(status) ) { 99 128 DEBUG(5,("create_builtin_users: Failed to create Users\n")); … … 124 153 bool ret; 125 154 126 status = create_builtin(BUILTIN_RID_ADMINISTRATORS);155 status = pdb_create_builtin(BUILTIN_RID_ADMINISTRATORS); 127 156 if ( !NT_STATUS_IS_OK(status) ) { 128 157 DEBUG(5,("create_builtin_administrators: Failed to create Administrators\n")); -
vendor/current/source3/passdb/pdb_wbc_sam.c
r740 r988 40 40 #include "passdb.h" 41 41 #include "lib/winbind_util.h" 42 #include "passdb/pdb_wbc_sam.h" 43 #include "idmap.h" 42 44 43 45 /*************************************************************************** … … 72 74 } 73 75 74 static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid, 75 struct dom_sid *sid) 76 { 77 return winbind_uid_to_sid(sid, uid); 78 } 79 80 static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid, 81 struct dom_sid *sid) 82 { 83 return winbind_gid_to_sid(sid, gid); 76 static bool pdb_wbc_sam_id_to_sid(struct pdb_methods *methods, struct unixid *id, 77 struct dom_sid *sid) 78 { 79 switch (id->type) { 80 case ID_TYPE_UID: 81 return winbind_uid_to_sid(sid, id->id); 82 83 case ID_TYPE_GID: 84 return winbind_gid_to_sid(sid, id->id); 85 86 default: 87 return false; 88 } 84 89 } 85 90 … … 87 92 TALLOC_CTX *mem_ctx, 88 93 const struct dom_sid *group, 89 uint32 **pp_member_rids,94 uint32_t **pp_member_rids, 90 95 size_t *p_num_members) 91 96 { … … 113 118 } 114 119 115 *pp_sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, *p_num_groups);120 *pp_sids = talloc_array(mem_ctx, struct dom_sid, *p_num_groups); 116 121 117 122 if (*pp_sids == NULL) { … … 130 135 const struct dom_sid *domain_sid, 131 136 int num_rids, 132 uint32 *rids,137 uint32_t *rids, 133 138 const char **names, 134 139 enum lsa_SidType *attrs) 135 140 { 136 141 NTSTATUS result = NT_STATUS_OK; 142 const char *p = NULL; 143 const char **pp = NULL; 137 144 char *domain = NULL; 138 145 char **account_names = NULL; … … 141 148 142 149 if (!winbind_lookup_rids(talloc_tos(), domain_sid, num_rids, rids, 143 (const char **)&domain, 144 (const char ***)&account_names, &attr_list)) 150 &p, &pp, &attr_list)) 145 151 { 146 152 result = NT_STATUS_NONE_MAPPED; 147 153 goto done; 148 154 } 155 domain = discard_const_p(char, p); 156 account_names = discard_const_p(char *, pp); 149 157 150 158 memcpy(attrs, attr_list, num_rids * sizeof(enum lsa_SidType)); … … 220 228 static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods, 221 229 TALLOC_CTX *mem_ctx, 222 uint32 *num_domains,230 uint32_t *num_domains, 223 231 struct trustdom_info ***domains) 224 232 { … … 228 236 static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map) 229 237 { 230 snprintf(map->nt_name, sizeof(map->nt_name), "%s%c%s",238 map->nt_name = talloc_asprintf(map, "%s%c%s", 231 239 domain, *lp_winbind_separator(), name); 240 if (!map->nt_name) { 241 return false; 242 } 232 243 map->sid_name_use = name_type; 233 244 map->sid = *sid; … … 240 251 { 241 252 NTSTATUS result = NT_STATUS_OK; 253 const char *p1 = NULL, *p2 = NULL; 242 254 char *name = NULL; 243 255 char *domain = NULL; … … 245 257 gid_t gid; 246 258 247 if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, 248 (const char **) &name, &name_type)) { 249 result = NT_STATUS_NO_SUCH_GROUP; 250 goto done; 251 } 259 if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) { 260 result = NT_STATUS_NO_SUCH_GROUP; 261 goto done; 262 } 263 domain = discard_const_p(char, p1); 264 name = discard_const_p(char, p2); 252 265 253 266 if ((name_type != SID_NAME_DOM_GRP) && … … 279 292 { 280 293 NTSTATUS result = NT_STATUS_OK; 294 const char *p1 = NULL, *p2 = NULL; 281 295 char *name = NULL; 282 296 char *domain = NULL; … … 289 303 } 290 304 291 if (!winbind_lookup_sid(talloc_tos(), &sid, (const char **)&domain, 292 (const char **)&name, &name_type)) { 293 result = NT_STATUS_NO_SUCH_GROUP; 294 goto done; 295 } 305 if (!winbind_lookup_sid(talloc_tos(), &sid, &p1, &p2, &name_type)) { 306 result = NT_STATUS_NO_SUCH_GROUP; 307 goto done; 308 } 309 domain = discard_const_p(char, p1); 310 name = discard_const_p(char, p2); 296 311 297 312 if ((name_type != SID_NAME_DOM_GRP) && … … 354 369 static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods, 355 370 const struct dom_sid *sid, enum lsa_SidType sid_name_use, 356 GROUP_MAP ** pp_rmap, size_t *p_num_entries,371 GROUP_MAP ***pp_rmap, size_t *p_num_entries, 357 372 bool unix_only) 358 373 { … … 381 396 const struct dom_sid *members, 382 397 size_t num_members, 383 uint32 **pp_alias_rids,398 uint32_t **pp_alias_rids, 384 399 size_t *p_num_alias_rids) 385 400 { … … 416 431 (*pdb_method)->get_account_policy = pdb_wbc_sam_get_account_policy; 417 432 (*pdb_method)->set_account_policy = pdb_wbc_sam_set_account_policy; 418 (*pdb_method)->uid_to_sid = pdb_wbc_sam_uid_to_sid; 419 (*pdb_method)->gid_to_sid = pdb_wbc_sam_gid_to_sid; 433 (*pdb_method)->id_to_sid = pdb_wbc_sam_id_to_sid; 420 434 421 435 (*pdb_method)->search_groups = pdb_wbc_sam_search_groups; -
vendor/current/source3/passdb/secrets.c
r740 r988 25 25 #include "includes.h" 26 26 #include "system/filesys.h" 27 #include "passdb.h"28 27 #include "../libcli/auth/libcli_auth.h" 29 28 #include "librpc/gen_ndr/ndr_secrets.h" 30 29 #include "secrets.h" 31 #include "dbwrap.h" 30 #include "dbwrap/dbwrap.h" 31 #include "dbwrap/dbwrap_open.h" 32 32 #include "../libcli/security/security.h" 33 33 #include "util_tdb.h" … … 38 38 static struct db_context *db_ctx; 39 39 40 /** 41 * Use a TDB to store an incrementing random seed. 42 * 43 * Initialised to the current pid, the very first time Samba starts, 44 * and incremented by one each time it is needed. 45 * 46 * @note Not called by systems with a working /dev/urandom. 47 */ 48 static void get_rand_seed(void *userdata, int *new_seed) 49 { 50 *new_seed = sys_getpid(); 51 if (db_ctx) { 52 dbwrap_trans_change_int32_atomic(db_ctx, "INFO/random_seed", 53 new_seed, 1); 54 } 40 /* open up the secrets database with specified private_dir path */ 41 bool secrets_init_path(const char *private_dir) 42 { 43 char *fname = NULL; 44 TALLOC_CTX *frame; 45 46 if (db_ctx != NULL) { 47 return True; 48 } 49 50 if (private_dir == NULL) { 51 return False; 52 } 53 54 frame = talloc_stackframe(); 55 fname = talloc_asprintf(frame, "%s/secrets.tdb", private_dir); 56 if (fname == NULL) { 57 TALLOC_FREE(frame); 58 return False; 59 } 60 61 db_ctx = db_open(NULL, fname, 0, 62 TDB_DEFAULT, O_RDWR|O_CREAT, 0600, 63 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE); 64 65 if (db_ctx == NULL) { 66 DEBUG(0,("Failed to open %s\n", fname)); 67 TALLOC_FREE(frame); 68 return False; 69 } 70 71 TALLOC_FREE(frame); 72 return True; 55 73 } 56 74 … … 58 76 bool secrets_init(void) 59 77 { 60 char *fname = NULL; 61 unsigned char dummy; 62 63 if (db_ctx != NULL) 64 return True; 65 66 fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb", 67 lp_private_dir()); 68 if (fname == NULL) { 69 return false; 70 } 71 72 db_ctx = db_open(NULL, fname, 0, 73 TDB_DEFAULT, O_RDWR|O_CREAT, 0600); 74 75 if (db_ctx == NULL) { 76 DEBUG(0,("Failed to open %s\n", fname)); 77 TALLOC_FREE(fname); 78 return False; 79 } 80 81 TALLOC_FREE(fname); 82 83 /** 84 * Set a reseed function for the crypto random generator 85 * 86 * This avoids a problem where systems without /dev/urandom 87 * could send the same challenge to multiple clients 88 */ 89 set_rand_reseed_callback(get_rand_seed, NULL); 90 91 /* Ensure that the reseed is done now, while we are root, etc */ 92 generate_random_buffer(&dummy, sizeof(dummy)); 93 94 return True; 78 return secrets_init_path(lp_private_dir()); 95 79 } 96 80 … … 119 103 TDB_DATA dbuf; 120 104 void *result; 105 NTSTATUS status; 121 106 122 107 if (!secrets_init()) { … … 124 109 } 125 110 126 if (db_ctx->fetch(db_ctx, talloc_tos(), string_tdb_data(key), 127 &dbuf) != 0) { 128 return NULL; 129 } 130 131 result = memdup(dbuf.dptr, dbuf.dsize); 111 status = dbwrap_fetch(db_ctx, talloc_tos(), string_tdb_data(key), 112 &dbuf); 113 if (!NT_STATUS_IS_OK(status)) { 114 return NULL; 115 } 116 117 result = smb_memdup(dbuf.dptr, dbuf.dsize); 132 118 if (result == NULL) { 133 119 return NULL; … … 153 139 154 140 status = dbwrap_trans_store(db_ctx, string_tdb_data(key), 155 make_tdb_data((const uint8 *)data, size),141 make_tdb_data((const uint8_t *)data, size), 156 142 TDB_REPLACE); 157 143 return NT_STATUS_IS_OK(status); … … 320 306 size_t size = 0; 321 307 322 *dn = smb_xstrdup(lp_ldap_admin_dn( ));308 *dn = smb_xstrdup(lp_ldap_admin_dn(talloc_tos())); 323 309 324 310 if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) { … … 379 365 } 380 366 381 /**382 * Get trusted domains info from secrets.tdb.383 **/384 385 struct list_trusted_domains_state {386 uint32 num_domains;387 struct trustdom_info **domains;388 };389 390 static int list_trusted_domain(struct db_record *rec, void *private_data)391 {392 const size_t prefix_len = strlen(SECRETS_DOMTRUST_ACCT_PASS);393 struct TRUSTED_DOM_PASS pass;394 enum ndr_err_code ndr_err;395 DATA_BLOB blob;396 struct trustdom_info *dom_info;397 398 struct list_trusted_domains_state *state =399 (struct list_trusted_domains_state *)private_data;400 401 if ((rec->key.dsize < prefix_len)402 || (strncmp((char *)rec->key.dptr, SECRETS_DOMTRUST_ACCT_PASS,403 prefix_len) != 0)) {404 return 0;405 }406 407 blob = data_blob_const(rec->value.dptr, rec->value.dsize);408 409 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass,410 (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS);411 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {412 return false;413 }414 415 if (pass.domain_sid.num_auths != 4) {416 DEBUG(0, ("SID %s is not a domain sid, has %d "417 "auths instead of 4\n",418 sid_string_dbg(&pass.domain_sid),419 pass.domain_sid.num_auths));420 return 0;421 }422 423 if (!(dom_info = TALLOC_P(state->domains, struct trustdom_info))) {424 DEBUG(0, ("talloc failed\n"));425 return 0;426 }427 428 dom_info->name = talloc_strdup(dom_info, pass.uni_name);429 if (!dom_info->name) {430 TALLOC_FREE(dom_info);431 return 0;432 }433 434 sid_copy(&dom_info->sid, &pass.domain_sid);435 436 ADD_TO_ARRAY(state->domains, struct trustdom_info *, dom_info,437 &state->domains, &state->num_domains);438 439 if (state->domains == NULL) {440 state->num_domains = 0;441 return -1;442 }443 return 0;444 }445 446 NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,447 struct trustdom_info ***domains)448 {449 struct list_trusted_domains_state state;450 451 if (!secrets_init()) {452 return NT_STATUS_ACCESS_DENIED;453 }454 455 state.num_domains = 0;456 457 /*458 * Make sure that a talloc context for the trustdom_info structs459 * exists460 */461 462 if (!(state.domains = TALLOC_ARRAY(463 mem_ctx, struct trustdom_info *, 1))) {464 return NT_STATUS_NO_MEMORY;465 }466 467 db_ctx->traverse_read(db_ctx, list_trusted_domain, (void *)&state);468 469 *num_domains = state.num_domains;470 *domains = state.domains;471 return NT_STATUS_OK;472 }473 474 367 /******************************************************************************* 475 368 Store a complete AFS keyfile into secrets.tdb. … … 498 391 struct afs_keyfile *keyfile; 499 392 size_t size = 0; 500 uint32 i;393 uint32_t i; 501 394 502 395 slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_AFS_KEYFILE, cell); … … 580 473 } 581 474 582 bool secrets_delete_generic(const char *owner, const char *key)583 {584 char *tdbkey = NULL;585 bool ret;586 587 if (asprintf(&tdbkey, "SECRETS/GENERIC/%s/%s", owner, key) < 0) {588 DEBUG(0, ("asprintf failed!\n"));589 return False;590 }591 592 ret = secrets_delete(tdbkey);593 594 SAFE_FREE(tdbkey);595 return ret;596 }597 598 475 /******************************************************************* 599 476 Find the ldap password. -
vendor/current/source3/passdb/wscript_build
r740 r988 1 1 #!/usr/bin/env python 2 3 PDB_TDBSAM_SRC = 'pdb_tdb.c'4 PDB_LDAP_SRC = 'pdb_ldap.c pdb_nds.c pdb_ipa.c'5 PDB_ADS_SRC = 'pdb_ads.c'6 PDB_SMBPASSWD_SRC = 'pdb_smbpasswd.c'7 PDB_WBC_SAM_SRC = 'pdb_wbc_sam.c'8 9 bld.SAMBA3_SUBSYSTEM('pdb',10 source='pdb_interface.c',11 deps='',12 vars=locals())13 2 14 3 bld.SAMBA3_MODULE('pdb_tdbsam', 15 4 subsystem='pdb', 16 source=PDB_TDBSAM_SRC, 5 source='pdb_tdb.c', 6 deps='samba-util dbwrap tdb-wrap3', 17 7 init_function='', 18 8 internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_tdbsam'), 19 9 enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_tdbsam')) 20 10 21 bld.SAMBA3_MODULE('pdb_ldap ',11 bld.SAMBA3_MODULE('pdb_ldapsam', 22 12 subsystem='pdb', 23 source=PDB_LDAP_SRC, 13 deps='smbldap smbldaphelper', 14 source='pdb_ldap.c pdb_nds.c pdb_ipa.c', 24 15 init_function='', 25 internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_ldap'), 26 enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_ldap') and bld.env.HAVE_LDAP) 27 28 bld.SAMBA3_MODULE('pdb_ads', 29 subsystem='pdb', 30 source=PDB_ADS_SRC, 31 deps='LIBCLI_LDAP_NDR TLDAP', 32 init_function='', 33 internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_ads'), 34 enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_ads')) 16 internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_ldapsam'), 17 enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_ldapsam') and bld.CONFIG_SET('HAVE_LDAP')) 35 18 36 19 bld.SAMBA3_MODULE('pdb_smbpasswd', 37 20 subsystem='pdb', 38 source=PDB_SMBPASSWD_SRC, 21 source='pdb_smbpasswd.c', 22 deps='samba-util', 39 23 init_function='', 40 24 internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_smbpasswd'), … … 43 27 bld.SAMBA3_MODULE('pdb_wbc_sam', 44 28 subsystem='pdb', 45 source=PDB_WBC_SAM_SRC, 29 source='pdb_wbc_sam.c', 30 deps='samba-util wbclient', 46 31 init_function='', 47 32 internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_wbc_sam'), 48 33 enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_wbc_sam')) 34 35 bld.SAMBA3_MODULE('pdb_samba_dsdb', 36 subsystem='pdb', 37 source='pdb_samba_dsdb.c', 38 init_function='', 39 deps='IDMAP samdb', 40 internal_module=bld.SAMBA3_IS_STATIC_MODULE('pdb_samba_dsdb') and bld.AD_DC_BUILD_IS_ENABLED(), 41 enabled=bld.SAMBA3_IS_ENABLED_MODULE('pdb_samba_dsdb') and bld.AD_DC_BUILD_IS_ENABLED()) 42 43 bld.SAMBA3_PYTHON('pypassdb', 44 source='py_passdb.c', 45 deps='pdb', 46 public_deps='samba-util tdb talloc pyrpc_util pytalloc-util', 47 realname='samba/samba3/passdb.so' 48 )
Note:
See TracChangeset
for help on using the changeset viewer.
