Changeset 988 for vendor/current/source3/rpc_server
- Timestamp:
- Nov 24, 2016, 1:14:11 PM (9 years ago)
- Location:
- vendor/current/source3/rpc_server
- Files:
-
- 40 added
- 8 deleted
- 29 edited
-
dcesrv_auth_generic.c (added)
-
dcesrv_auth_generic.h (added)
-
dcesrv_gssapi.c (deleted)
-
dcesrv_gssapi.h (deleted)
-
dcesrv_ntlmssp.c (deleted)
-
dcesrv_ntlmssp.h (deleted)
-
dcesrv_spnego.c (deleted)
-
dcesrv_spnego.h (deleted)
-
dfs/srv_dfs_nt.c (modified) (18 diffs)
-
dssetup/srv_dssetup_nt.c (modified) (2 diffs)
-
echo/srv_echo_nt.c (modified) (5 diffs)
-
epmapper/srv_epmapper.c (modified) (34 diffs)
-
epmd.c (modified) (10 diffs)
-
eventlog/srv_eventlog_nt.c (modified) (4 diffs)
-
fss (added)
-
fss/srv_fss_agent.c (added)
-
fss/srv_fss_agent.h (added)
-
fss/srv_fss_private.h (added)
-
fss/srv_fss_state.c (added)
-
fssd.c (added)
-
lsa/srv_lsa_nt.c (modified) (93 diffs)
-
lsasd.c (added)
-
mdssd.c (added)
-
mdssvc (added)
-
mdssvc/Makefile (added)
-
mdssvc/README (added)
-
mdssvc/dalloc.c (added)
-
mdssvc/dalloc.h (added)
-
mdssvc/marshalling.c (added)
-
mdssvc/marshalling.h (added)
-
mdssvc/mdssvc.c (added)
-
mdssvc/mdssvc.h (added)
-
mdssvc/sparql_lexer.c (added)
-
mdssvc/sparql_lexer.l (added)
-
mdssvc/sparql_mapping.c (added)
-
mdssvc/sparql_mapping.h (added)
-
mdssvc/sparql_parser.c (added)
-
mdssvc/sparql_parser.h (added)
-
mdssvc/sparql_parser.y (added)
-
mdssvc/sparql_parser_test.c (added)
-
mdssvc/srv_mdssvc_nt.c (added)
-
mdssvc/srv_mdssvc_nt.h (added)
-
netlogon/srv_netlog_nt.c (modified) (60 diffs)
-
rpc_config.c (added)
-
rpc_config.h (added)
-
rpc_contexts.c (added)
-
rpc_contexts.h (added)
-
rpc_ep_register.c (added)
-
rpc_ep_register.h (added)
-
rpc_ep_setup.c (deleted)
-
rpc_ep_setup.h (deleted)
-
rpc_handles.c (modified) (15 diffs)
-
rpc_ncacn_np.c (modified) (38 diffs)
-
rpc_ncacn_np.h (modified) (3 diffs)
-
rpc_pipes.h (added)
-
rpc_server.c (modified) (46 diffs)
-
rpc_server.h (modified) (1 diff)
-
rpc_service_setup.c (added)
-
rpc_service_setup.h (added)
-
rpc_sock_helper.c (added)
-
rpc_sock_helper.h (added)
-
samr/srv_samr_chgpasswd.c (modified) (15 diffs)
-
samr/srv_samr_nt.c (modified) (129 diffs)
-
spoolss/srv_spoolss_nt.c (modified) (264 diffs)
-
spoolss/srv_spoolss_util.c (modified) (25 diffs)
-
spoolss/srv_spoolss_util.h (modified) (9 diffs)
-
srv_access_check.c (modified) (5 diffs)
-
srv_access_check.h (modified) (1 diff)
-
srv_pipe.c (modified) (60 diffs)
-
srv_pipe_hnd.c (modified) (13 diffs)
-
srv_pipe_hnd.h (modified) (2 diffs)
-
srvsvc/srv_srvsvc_nt.c (modified) (94 diffs)
-
svcctl/srv_svcctl_nt.c (modified) (15 diffs)
-
svcctl/srv_svcctl_reg.c (modified) (3 diffs)
-
winreg/srv_winreg_nt.c (modified) (10 diffs)
-
wkssvc/srv_wkssvc_nt.c (modified) (11 diffs)
-
wscript_build (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
vendor/current/source3/rpc_server/dfs/srv_dfs_nt.c
r919 r988 27 27 #include "msdfs.h" 28 28 #include "smbd/smbd.h" 29 #include "smbd/globals.h" 29 30 #include "auth.h" 30 31 … … 54 55 TALLOC_CTX *ctx = talloc_tos(); 55 56 56 if (p->session_info->u tok.uid != sec_initial_uid()) {57 if (p->session_info->unix_token->uid != sec_initial_uid()) { 57 58 DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); 58 59 return WERR_ACCESS_DENIED; 59 60 } 60 61 61 jn = TALLOC_ZERO_P(ctx, struct junction_map);62 jn = talloc_zero(ctx, struct junction_map); 62 63 if (!jn) { 63 64 return WERR_NOMEM; … … 75 76 76 77 /* The following call can change the cwd. */ 77 status = get_referred_path(ctx, r->in.path, jn, 78 &consumedcnt, &self_ref); 78 status = get_referred_path(ctx, r->in.path, 79 true, /*allow_broken_path */ 80 jn, &consumedcnt, &self_ref); 79 81 if(!NT_STATUS_IS_OK(status)) { 80 82 return ntstatus_to_werror(status); … … 88 90 } 89 91 90 jn->referral_list = TALLOC_ARRAY(ctx, struct referral, jn->referral_count);92 jn->referral_list = talloc_array(ctx, struct referral, jn->referral_count); 91 93 if(jn->referral_list == NULL) { 92 94 DEBUG(0,("init_reply_dfs_add: talloc failed for referral list!\n")); … … 118 120 TALLOC_CTX *ctx = talloc_tos(); 119 121 char *altpath = NULL; 120 121 if (p->session_info->utok.uid != sec_initial_uid()) { 122 NTSTATUS status; 123 124 if (p->session_info->unix_token->uid != sec_initial_uid()) { 122 125 DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); 123 126 return WERR_ACCESS_DENIED; 124 127 } 125 128 126 jn = TALLOC_ZERO_P(ctx, struct junction_map);129 jn = talloc_zero(ctx, struct junction_map); 127 130 if (!jn) { 128 131 return WERR_NOMEM; … … 136 139 return WERR_NOMEM; 137 140 } 138 strlower_m(altpath); 141 if (!strlower_m(altpath)) { 142 return WERR_INVALID_PARAM; 143 } 139 144 DEBUG(5,("init_reply_dfs_remove: Request to remove %s -> %s\\%s.\n", 140 145 r->in.dfs_entry_path, r->in.servername, r->in.sharename)); 141 146 } 142 147 143 if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, jn, 144 &consumedcnt, &self_ref))) { 148 status = get_referred_path(ctx, r->in.dfs_entry_path, 149 true, /*allow_broken_path */ 150 jn, &consumedcnt, &self_ref); 151 if(!NT_STATUS_IS_OK(status)) { 145 152 return WERR_DFS_NO_SUCH_VOL; 146 153 } … … 193 200 { 194 201 dfs1->path = talloc_asprintf(mem_ctx, 195 "\\\\%s\\%s\\%s", global_myname(),202 "\\\\%s\\%s\\%s", lp_netbios_name(), 196 203 j->service_name, j->volume_name); 197 204 if (dfs1->path == NULL) … … 205 212 { 206 213 dfs2->path = talloc_asprintf(mem_ctx, 207 "\\\\%s\\%s\\%s", global_myname(), j->service_name, j->volume_name);214 "\\\\%s\\%s\\%s", lp_netbios_name(), j->service_name, j->volume_name); 208 215 if (dfs2->path == NULL) 209 216 return False; … … 219 226 if (j->volume_name[0] == '\0') 220 227 dfs3->path = talloc_asprintf(mem_ctx, "\\\\%s\\%s", 221 global_myname(), j->service_name);228 lp_netbios_name(), j->service_name); 222 229 else 223 dfs3->path = talloc_asprintf(mem_ctx, "\\\\%s\\%s\\%s", global_myname(),230 dfs3->path = talloc_asprintf(mem_ctx, "\\\\%s\\%s\\%s", lp_netbios_name(), 224 231 j->service_name, j->volume_name); 225 232 … … 233 240 /* also enumerate the stores */ 234 241 if (j->referral_count) { 235 dfs3->stores = TALLOC_ARRAY(mem_ctx, struct dfs_StorageInfo, j->referral_count);242 dfs3->stores = talloc_array(mem_ctx, struct dfs_StorageInfo, j->referral_count); 236 243 if (!dfs3->stores) 237 244 return False; … … 294 301 case 1: 295 302 if (num_jn) { 296 if ((r->out.info->e.info1->s = TALLOC_ARRAY(ctx, struct dfs_Info1, num_jn)) == NULL) {303 if ((r->out.info->e.info1->s = talloc_array(ctx, struct dfs_Info1, num_jn)) == NULL) { 297 304 return WERR_NOMEM; 298 305 } … … 304 311 case 2: 305 312 if (num_jn) { 306 if ((r->out.info->e.info2->s = TALLOC_ARRAY(ctx, struct dfs_Info2, num_jn)) == NULL) {313 if ((r->out.info->e.info2->s = talloc_array(ctx, struct dfs_Info2, num_jn)) == NULL) { 307 314 return WERR_NOMEM; 308 315 } … … 314 321 case 3: 315 322 if (num_jn) { 316 if ((r->out.info->e.info3->s = TALLOC_ARRAY(ctx, struct dfs_Info3, num_jn)) == NULL) {323 if ((r->out.info->e.info3->s = talloc_array(ctx, struct dfs_Info3, num_jn)) == NULL) { 317 324 return WERR_NOMEM; 318 325 } … … 352 359 TALLOC_CTX *ctx = talloc_tos(); 353 360 bool ret; 354 355 jn = TALLOC_ZERO_P(ctx, struct junction_map); 361 NTSTATUS status; 362 363 jn = talloc_zero(ctx, struct junction_map); 356 364 if (!jn) { 357 365 return WERR_NOMEM; 358 366 } 359 367 360 if(!create_junction(ctx, r->in.dfs_entry_path, jn)) { 368 ret = create_junction(ctx, r->in.dfs_entry_path, 369 true, /* allow broken_path */ 370 jn); 371 if (!ret) { 361 372 return WERR_DFS_NO_SUCH_SERVER; 362 373 } 363 374 364 375 /* The following call can change the cwd. */ 365 if(!NT_STATUS_IS_OK(get_referred_path(ctx, r->in.dfs_entry_path, 366 jn, &consumedcnt, &self_ref)) || 376 status = get_referred_path(ctx, r->in.dfs_entry_path, 377 true, /*allow_broken_path */ 378 jn, &consumedcnt, &self_ref); 379 if(!NT_STATUS_IS_OK(status) || 367 380 consumedcnt < strlen(r->in.dfs_entry_path)) { 368 381 return WERR_DFS_NO_SUCH_VOL; … … 371 384 switch (r->in.level) { 372 385 case 1: 373 r->out.info->info1 = TALLOC_ZERO_P(ctx,struct dfs_Info1);386 r->out.info->info1 = talloc_zero(ctx,struct dfs_Info1); 374 387 if (!r->out.info->info1) { 375 388 return WERR_NOMEM; … … 378 391 break; 379 392 case 2: 380 r->out.info->info2 = TALLOC_ZERO_P(ctx,struct dfs_Info2);393 r->out.info->info2 = talloc_zero(ctx,struct dfs_Info2); 381 394 if (!r->out.info->info2) { 382 395 return WERR_NOMEM; … … 385 398 break; 386 399 case 3: 387 r->out.info->info3 = TALLOC_ZERO_P(ctx,struct dfs_Info3);400 r->out.info->info3 = talloc_zero(ctx,struct dfs_Info3); 388 401 if (!r->out.info->info3) { 389 402 return WERR_NOMEM; … … 392 405 break; 393 406 case 100: 394 r->out.info->info100 = TALLOC_ZERO_P(ctx,struct dfs_Info100);407 r->out.info->info100 = talloc_zero(ctx,struct dfs_Info100); 395 408 if (!r->out.info->info100) { 396 409 return WERR_NOMEM; -
vendor/current/source3/rpc_server/dssetup/srv_dssetup_nt.c
r919 r988 43 43 DEBUG(10,("fill_dsrole_dominfo_basic: enter\n")); 44 44 45 basic = TALLOC_ZERO_P(ctx, struct dssetup_DsRolePrimaryDomInfoBasic);45 basic = talloc_zero(ctx, struct dssetup_DsRolePrimaryDomInfoBasic); 46 46 if (!basic) { 47 47 DEBUG(0,("fill_dsrole_dominfo_basic: out of memory\n")); … … 79 79 return WERR_NOMEM; 80 80 } 81 strlower_m(dnsdomain); 81 if (!strlower_m(dnsdomain)) { 82 return WERR_INVALID_PARAM; 83 } 82 84 basic->dns_domain = dnsdomain; 83 85 -
vendor/current/source3/rpc_server/echo/srv_echo_nt.c
r919 r988 49 49 } 50 50 51 r->out.out_data = TALLOC_ARRAY(p->mem_ctx, uint8, r->in.len);51 r->out.out_data = talloc_array(p->mem_ctx, uint8_t, r->in.len); 52 52 memcpy( r->out.out_data, r->in.in_data, r->in.len ); 53 53 return; … … 68 68 void _echo_SourceData(struct pipes_struct *p, struct echo_SourceData *r) 69 69 { 70 uint32 i;70 uint32_t i; 71 71 72 72 DEBUG(10, ("_echo_SourceData\n")); … … 77 77 } 78 78 79 r->out.data = TALLOC_ARRAY(p->mem_ctx, uint8, r->in.len );79 r->out.data = talloc_array(p->mem_ctx, uint8_t, r->in.len ); 80 80 81 81 for (i = 0; i < r->in.len; i++ ) { … … 98 98 } 99 99 100 uint32 _echo_TestSleep(struct pipes_struct *p, struct echo_TestSleep *r)100 uint32_t _echo_TestSleep(struct pipes_struct *p, struct echo_TestSleep *r) 101 101 { 102 102 smb_msleep(r->in.seconds * 1000); … … 116 116 } 117 117 118 uint16 _echo_TestDoublePointer(struct pipes_struct *p, struct echo_TestDoublePointer *r)118 uint16_t _echo_TestDoublePointer(struct pipes_struct *p, struct echo_TestDoublePointer *r) 119 119 { 120 120 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; -
vendor/current/source3/rpc_server/epmapper/srv_epmapper.c
r919 r988 23 23 #include "ntdomain.h" 24 24 #include "../libcli/security/security.h" 25 #include "../lib/tsocket/tsocket.h" 25 26 #include "librpc/gen_ndr/srv_epmapper.h" 26 27 #include "srv_epmapper.h" … … 127 128 * Check if two endpoints match. 128 129 */ 129 static bool endpoints_match(const struct dcerpc_binding *ep1, 130 const struct dcerpc_binding *ep2) 131 { 132 if (ep1->transport != ep2->transport) { 130 static bool endpoints_match(const struct dcerpc_binding *b1, 131 const struct dcerpc_binding *b2) 132 { 133 enum dcerpc_transport_t t1; 134 const char *ep1; 135 const char *h1; 136 enum dcerpc_transport_t t2; 137 const char *ep2; 138 const char *h2; 139 140 t1 = dcerpc_binding_get_transport(b1); 141 ep1 = dcerpc_binding_get_string_option(b1, "endpoint"); 142 h1 = dcerpc_binding_get_string_option(b1, "host"); 143 144 t2 = dcerpc_binding_get_transport(b2); 145 ep2 = dcerpc_binding_get_string_option(b2, "endpoint"); 146 h2 = dcerpc_binding_get_string_option(b2, "host"); 147 148 if (t1 != t2) { 133 149 return false; 134 150 } 135 151 136 if (!ep1->endpoint || !ep2->endpoint) { 137 return ep1->endpoint == ep2->endpoint; 138 } 139 140 if (!strequal(ep1->endpoint, ep2->endpoint)) { 152 if (!ep1 && ep2) { 141 153 return false; 154 } 155 156 if (ep1 && !ep2) { 157 return false; 158 } 159 160 if (ep1 && ep2) { 161 if (!strequal(ep1, ep2)) { 162 return false; 163 } 164 } 165 166 if (!h1 && h2) { 167 return false; 168 } 169 170 if (h1 && !h2) { 171 return false; 172 } 173 174 if (h1 && h2) { 175 if (!strequal(h1, h2)) { 176 return false; 177 } 142 178 } 143 179 … … 179 215 180 216 for (iface = d->iface_list; iface != NULL; iface = iface->next) { 217 enum dcerpc_transport_t transport; 218 const char *host = NULL; 219 const char *host_addr = NULL; 220 181 221 if (uuid && !interface_match_by_uuid(iface->iface, uuid)) { 182 222 continue; … … 192 232 eps[total].name = talloc_strdup(eps, 193 233 iface->iface->name); 234 if (eps[total].name == NULL) { 235 return 0; 236 } 194 237 eps[total].syntax_id = iface->iface->syntax_id; 195 238 … … 198 241 return 0; 199 242 } 200 description->object = iface->iface->syntax_id; 201 if (description->transport == NCACN_IP_TCP && 202 srv_addr != NULL && 203 (strcmp(description->host, "0.0.0.0") == 0 || 204 strcmp(description->host, "::") == 0)) { 205 description->host = srv_addr; 243 244 status = dcerpc_binding_set_abstract_syntax(description, 245 &iface->iface->syntax_id); 246 if (!NT_STATUS_IS_OK(status)) { 247 return 0; 248 } 249 250 transport = dcerpc_binding_get_transport(description); 251 host = dcerpc_binding_get_string_option(description, "host"); 252 253 if (transport == NCACN_IP_TCP) { 254 if (host == NULL) { 255 host_addr = srv_addr; 256 } else if (!is_ipaddress_v4(host)) { 257 host_addr = srv_addr; 258 } else if (strcmp(host, "0.0.0.0") == 0) { 259 host_addr = srv_addr; 260 } 261 } 262 263 if (host_addr != NULL) { 264 status = dcerpc_binding_set_string_option(description, 265 "host", 266 host_addr); 267 if (!NT_STATUS_IS_OK(status)) { 268 return 0; 269 } 206 270 } 207 271 … … 224 288 } 225 289 226 static bool is_privile dged_pipe(struct auth_serversupplied_info *info) {290 static bool is_privileged_pipe(struct auth_session_info *info) { 227 291 /* If the user is not root, or has the system token, fail */ 228 if ((info->u tok.uid != sec_initial_uid()) &&292 if ((info->unix_token->uid != sec_initial_uid()) && 229 293 !security_token_is_system(info->security_token)) { 230 294 return false; … … 295 359 bool add_ep; 296 360 297 /* If this is not a privile dged users, return */361 /* If this is not a privileged users, return */ 298 362 if (p->transport != NCALRPC || 299 !is_privile dged_pipe(p->session_info)) {363 !is_privileged_pipe(p->session_info)) { 300 364 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 301 365 return EPMAPPER_STATUS_CANT_PERFORM_OP; … … 311 375 312 376 for (i = 0; i < r->in.num_ents; i++) { 377 enum dcerpc_transport_t transport; 313 378 add_ep = false; 314 379 b = NULL; … … 326 391 } 327 392 393 transport = dcerpc_binding_get_transport(b); 328 394 DEBUG(3, ("_epm_Insert: Adding transport %s for %s\n", 329 derpc_transport_string_by_transport( b->transport),395 derpc_transport_string_by_transport(transport), 330 396 r->in.entries[i].annotation)); 331 397 … … 358 424 goto done; 359 425 } 360 iface->syntax_id = b->object;426 iface->syntax_id = dcerpc_binding_get_abstract_syntax(b); 361 427 362 428 /* … … 365 431 */ 366 432 if (find_interface(ep, iface) != NULL) { 367 DEBUG( 0, ("dcesrv_interface_register: interface '%s' "433 DEBUG(8, ("dcesrv_interface_register: interface '%s' " 368 434 "already registered on endpoint\n", 369 435 iface->name)); … … 432 498 r->in.num_ents)); 433 499 434 /* If this is not a privile dged users, return */500 /* If this is not a privileged users, return */ 435 501 if (p->transport != NCALRPC || 436 !is_privile dged_pipe(p->session_info)) {502 !is_privileged_pipe(p->session_info)) { 437 503 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 438 504 return EPMAPPER_STATUS_CANT_PERFORM_OP; … … 445 511 446 512 for (i = 0; i < r->in.num_ents; i++) { 513 enum dcerpc_transport_t transport; 514 447 515 b = NULL; 448 516 … … 455 523 } 456 524 525 transport = dcerpc_binding_get_transport(b); 457 526 DEBUG(3, ("_epm_Delete: Deleting transport '%s' for '%s'\n", 458 derpc_transport_string_by_transport( b->transport),527 derpc_transport_string_by_transport(transport), 459 528 r->in.entries[i].annotation)); 460 529 … … 466 535 467 536 iface.name = r->in.entries[i].annotation; 468 iface.syntax_id = b->object;537 iface.syntax_id = dcerpc_binding_get_abstract_syntax(b); 469 538 470 539 iflist = find_interface_list(ep, &iface); … … 525 594 } 526 595 527 DEBUG( 3, ("_epm_Lookup: Trying to lookup max. %u entries.\n",596 DEBUG(5, ("_epm_Lookup: Trying to lookup max. %u entries.\n", 528 597 r->in.max_ents)); 529 598 530 599 if (r->in.entry_handle == NULL || 531 policy_handle_empty(r->in.entry_handle)) {532 struct GUID *obj;533 534 DEBUG( 5, ("_epm_Lookup: No entry_handle found, creating it.\n"));600 ndr_policy_handle_empty(r->in.entry_handle)) { 601 char *srv_addr = NULL; 602 603 DEBUG(7, ("_epm_Lookup: No entry_handle found, creating it.\n")); 535 604 536 605 eps = talloc_zero(tmp_ctx, struct rpc_eps); … … 540 609 } 541 610 542 if (r->in.object == NULL || GUID_all_zero(r->in.object)) { 543 obj = NULL; 544 } else { 545 obj = r->in.object; 611 if (p->local_address != NULL && 612 tsocket_address_is_inet(p->local_address, "ipv4")) 613 { 614 srv_addr = tsocket_address_inet_addr_string(p->local_address, 615 tmp_ctx); 546 616 } 547 617 … … 556 626 endpoint_table, 557 627 NULL, 558 p->server_id == NULL ? NULL : p->server_id->addr,628 srv_addr, 559 629 &eps->e); 560 630 break; … … 579 649 endpoint_table, 580 650 &r->in.interface_id->uuid, 581 p->server_id == NULL ? NULL : p->server_id->addr,651 srv_addr, 582 652 &eps->e); 583 653 break; … … 590 660 endpoint_table, 591 661 r->in.object, 592 p->server_id == NULL ? NULL : p->server_id->addr,662 srv_addr, 593 663 &eps->e); 594 664 break; … … 616 686 entry_handle = r->out.entry_handle; 617 687 } else { 618 DEBUG( 5, ("_epm_Lookup: Trying to find entry_handle.\n"));688 DEBUG(7, ("_epm_Lookup: Trying to find entry_handle.\n")); 619 689 620 690 ok = find_policy_by_hnd(p, r->in.entry_handle, (void **)(void*) &eps); … … 637 707 } 638 708 639 DEBUG( 3, ("_epm_Lookup: Find %u entries\n", count));709 DEBUG(5, ("_epm_Lookup: Find %u entries\n", count)); 640 710 641 711 if (count == 0) { … … 705 775 if (r->in.inquiry_type == RPC_C_EP_MATCH_BY_IF || 706 776 r->in.inquiry_type == RPC_C_EP_MATCH_BY_OBJ) { 707 /* Check inte face version */777 /* Check interface version */ 708 778 709 779 match = false; … … 729 799 (eps->e[i].syntax_id.if_version >> 16) && 730 800 r->in.interface_id->vers_minor <= 731 (eps->e[i].syntax_id.if_version & &0xFFFF)) {801 (eps->e[i].syntax_id.if_version & 0xFFFF)) { 732 802 match = true; 733 803 } … … 742 812 (eps->e[i].syntax_id.if_version >> 16) && 743 813 r->in.interface_id->vers_minor == 744 (eps->e[i].syntax_id.if_version & &0xFFFF)) {814 (eps->e[i].syntax_id.if_version & 0xFFFF)) { 745 815 match = true; 746 816 } … … 775 845 (eps->e[i].syntax_id.if_version >> 16) && 776 846 r->in.interface_id->vers_minor >= 777 (eps->e[i].syntax_id.if_version & &0xFFFF)) {847 (eps->e[i].syntax_id.if_version & 0xFFFF)) { 778 848 match = true; 779 849 } … … 843 913 uint32_t count = 0; 844 914 uint32_t num_towers = 0; 845 uint32_t num_floors = 0;846 915 uint32_t i; 847 916 bool ok; … … 862 931 ZERO_STRUCTP(r->out.entry_handle); 863 932 864 DEBUG( 3, ("_epm_Map: Trying to map max. %u towers.\n",933 DEBUG(5, ("_epm_Map: Trying to map max. %u towers.\n", 865 934 r->in.max_towers)); 866 935 … … 883 952 * +---------+-------------------------------------------------------+ 884 953 */ 885 num_floors = r->in.map_tower->tower.num_floors;886 954 floors = r->in.map_tower->tower.floors; 887 955 … … 890 958 891 959 if (floors[1].lhs.protocol != EPM_PROTOCOL_UUID || 892 !GUID_equal(&ifid.uuid, &ndr_transfer_syntax .uuid) ||893 ifid.if_version != ndr_transfer_syntax .if_version) {960 !GUID_equal(&ifid.uuid, &ndr_transfer_syntax_ndr.uuid) || 961 ifid.if_version != ndr_transfer_syntax_ndr.if_version) { 894 962 rc = EPMAPPER_STATUS_NO_MORE_ENTRIES; 895 963 goto done; … … 910 978 911 979 if (r->in.entry_handle == NULL || 912 policy_handle_empty(r->in.entry_handle)) {980 ndr_policy_handle_empty(r->in.entry_handle)) { 913 981 struct GUID *obj; 914 915 DEBUG(5, ("_epm_Map: No entry_handle found, creating it.\n")); 982 char *srv_addr = NULL; 983 984 DEBUG(7, ("_epm_Map: No entry_handle found, creating it.\n")); 916 985 917 986 eps = talloc_zero(tmp_ctx, struct rpc_eps); … … 939 1008 } 940 1009 1010 if (p->local_address != NULL && 1011 tsocket_address_is_inet(p->local_address, "ipv4")) 1012 { 1013 srv_addr = tsocket_address_inet_addr_string(p->local_address, 1014 tmp_ctx); 1015 } 1016 941 1017 eps->count = build_ep_list(eps, 942 1018 endpoint_table, 943 1019 obj, 944 p->server_id == NULL ? NULL : p->server_id->addr,1020 srv_addr, 945 1021 &eps->e); 946 1022 if (eps->count == 0) { … … 1002 1078 entry_handle = r->out.entry_handle; 1003 1079 } else { 1004 DEBUG( 5, ("_epm_Map: Trying to find entry_handle.\n"));1080 DEBUG(7, ("_epm_Map: Trying to find entry_handle.\n")); 1005 1081 1006 1082 ok = find_policy_by_hnd(p, r->in.entry_handle, (void **)(void*) &eps); … … 1038 1114 1039 1115 for (i = 0; i < count; i++) { 1040 DEBUG( 5, ("_epm_Map: Map tower for '%s'\n",1116 DEBUG(7, ("_epm_Map: Map tower for '%s'\n", 1041 1117 eps->e[i].name)); 1042 1118 -
vendor/current/source3/rpc_server/epmd.c
r740 r988 24 24 #include "serverid.h" 25 25 #include "ntdomain.h" 26 #include "messages.h" 27 28 #include "librpc/rpc/dcerpc_ep.h" 26 29 #include "../librpc/gen_ndr/srv_epmapper.h" 27 30 #include "rpc_server/rpc_server.h" 31 #include "rpc_server/rpc_sock_helper.h" 28 32 #include "rpc_server/epmapper/srv_epmapper.h" 29 #include "messages.h"30 33 31 34 #define DAEMON_NAME "epmd" … … 34 37 struct messaging_context *msg_ctx); 35 38 36 static bool epmd_open_sockets(struct tevent_context *ev_ctx,37 struct messaging_context *msg_ctx)38 {39 uint32_t num_ifs = iface_count();40 uint16_t port;41 uint32_t i;42 43 if (lp_interfaces() && lp_bind_interfaces_only()) {44 /*45 * We have been given an interfaces line, and been told to only46 * bind to those interfaces. Create a socket per interface and47 * bind to only these.48 */49 50 /* Now open a listen socket for each of the interfaces. */51 for(i = 0; i < num_ifs; i++) {52 const struct sockaddr_storage *ifss =53 iface_n_sockaddr_storage(i);54 55 port = setup_dcerpc_ncacn_tcpip_socket(ev_ctx,56 msg_ctx,57 ndr_table_epmapper.syntax_id,58 ifss,59 135);60 if (port == 0) {61 return false;62 }63 }64 } else {65 const char *sock_addr = lp_socket_address();66 const char *sock_ptr;67 char *sock_tok;68 69 if (strequal(sock_addr, "0.0.0.0") ||70 strequal(sock_addr, "::")) {71 #if HAVE_IPV672 sock_addr = "::";73 #else74 sock_addr = "0.0.0.0";75 #endif76 }77 78 for (sock_ptr = sock_addr;79 next_token_talloc(talloc_tos(), &sock_ptr, &sock_tok, " \t,");80 ) {81 struct sockaddr_storage ss;82 83 /* open an incoming socket */84 if (!interpret_string_addr(&ss,85 sock_tok,86 AI_NUMERICHOST|AI_PASSIVE)) {87 continue;88 }89 90 port = setup_dcerpc_ncacn_tcpip_socket(ev_ctx,91 msg_ctx,92 ndr_table_epmapper.syntax_id,93 &ss,94 135);95 if (port == 0) {96 return false;97 }98 }99 }100 101 return true;102 }103 104 39 static void epmd_reopen_logs(void) 105 40 { 106 char *lfile = lp_logfile( );41 char *lfile = lp_logfile(talloc_tos()); 107 42 int rc; 108 43 … … 115 50 } else { 116 51 if (strstr(lfile, DAEMON_NAME) == NULL) { 117 rc = asprintf(&lfile, "%s.%s", lp_logfile(), DAEMON_NAME); 52 rc = asprintf(&lfile, "%s.%s", 53 lp_logfile(talloc_tos()), DAEMON_NAME); 118 54 if (rc > 0) { 119 55 lp_set_logfile(lfile); … … 212 148 DEBUG(1, ("Forking Endpoint Mapper Daemon\n")); 213 149 214 pid = sys_fork();150 pid = fork(); 215 151 216 152 if (pid == -1) { … … 225 161 } 226 162 227 /* child */ 228 close_low_fds(false); 229 230 status = reinit_after_fork(msg_ctx, 231 ev_ctx, 232 procid_self(), 233 true); 163 status = smbd_reinit_after_fork(msg_ctx, ev_ctx, true, "epmd"); 234 164 if (!NT_STATUS_IS_OK(status)) { 235 165 DEBUG(0,("reinit_after_fork() failed\n")); … … 242 172 epmd_setup_sig_hup_handler(ev_ctx, msg_ctx); 243 173 244 ok = serverid_register( procid_self(),245 FLAG_MSG_GENERAL |FLAG_MSG_SMBD246 |FLAG_MSG_PRINT_GENERAL);174 ok = serverid_register(messaging_server_id(msg_ctx), 175 FLAG_MSG_GENERAL | 176 FLAG_MSG_PRINT_GENERAL); 247 177 if (!ok) { 248 178 DEBUG(0, ("Failed to register serverid in epmd!\n")); … … 257 187 status = rpc_epmapper_init(&epmapper_cb); 258 188 if (!NT_STATUS_IS_OK(status)) { 259 DEBUG(0, ("Failed to register epmd rpc inte face! (%s)\n",189 DEBUG(0, ("Failed to register epmd rpc interface! (%s)\n", 260 190 nt_errstr(status))); 191 exit(1); 192 } 193 194 status = rpc_setup_tcpip_sockets(ev_ctx, 195 msg_ctx, 196 &ndr_table_epmapper, 197 NULL, 198 135); 199 if (!NT_STATUS_IS_OK(status)) { 200 DEBUG(0, ("Failed to open epmd tcpip sockets!\n")); 261 201 exit(1); 262 202 } … … 264 204 ok = setup_dcerpc_ncalrpc_socket(ev_ctx, 265 205 msg_ctx, 266 ndr_table_epmapper.syntax_id,267 206 "EPMAPPER", 268 207 srv_epmapper_delete_endpoints); … … 272 211 } 273 212 274 ok = epmd_open_sockets(ev_ctx, msg_ctx); 275 if (!ok) { 276 DEBUG(0, ("Failed to open epmd tcpip sockets!\n")); 277 exit(1); 278 } 279 280 ok = setup_named_pipe_socket("epmapper", ev_ctx); 213 ok = setup_named_pipe_socket("epmapper", ev_ctx, msg_ctx); 281 214 if (!ok) { 282 215 DEBUG(0, ("Failed to open epmd named pipe!\n")); … … 284 217 } 285 218 286 DEBUG(1, ("Endpoint Mapper Daemon Started (% d)\n",getpid()));219 DEBUG(1, ("Endpoint Mapper Daemon Started (%u)\n", (unsigned int)getpid())); 287 220 288 221 /* loop forever */ -
vendor/current/source3/rpc_server/eventlog/srv_eventlog_nt.c
r919 r988 22 22 23 23 #include "includes.h" 24 #include "system/passwd.h" /* uid_wrapper */ 24 25 #include "ntdomain.h" 25 26 #include "../librpc/gen_ndr/srv_eventlog.h" … … 41 42 char *logname; 42 43 ELOG_TDB *etdb; 43 uint32 current_record;44 uint32 num_records;45 uint32 oldest_entry;46 uint32 flags;47 uint32 access_granted;44 uint32_t current_record; 45 uint32_t num_records; 46 uint32_t oldest_entry; 47 uint32_t flags; 48 uint32_t access_granted; 48 49 } EVENTLOG_INFO; 49 50 … … 91 92 /* get the security descriptor for the file */ 92 93 93 sec_desc = get_nt_acl_no_snum( info, tdbname ); 94 status = get_nt_acl_no_snum( info, 95 tdbname, 96 SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, 97 &sec_desc); 94 98 TALLOC_FREE( tdbname ); 95 99 96 if ( !sec_desc) {97 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s \n",98 tdbname ));100 if (!NT_STATUS_IS_OK(status)) { 101 DEBUG(5,("elog_check_access: Unable to get NT ACL for %s: %s\n", 102 tdbname, nt_errstr(status))); 99 103 return False; 100 104 } … … 213 217 return NT_STATUS_OBJECT_PATH_INVALID; 214 218 215 if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) )219 if ( !(elog = talloc_zero( NULL, EVENTLOG_INFO )) ) 216 220 return NT_STATUS_NO_MEMORY; 217 221 talloc_set_destructor(elog, eventlog_info_destructor); -
vendor/current/source3/rpc_server/lsa/srv_lsa_nt.c
r919 r988 47 47 #include "lib/privileges.h" 48 48 #include "rpc_server/srv_access_check.h" 49 #include "../librpc/gen_ndr/ndr_wkssvc.h" 50 #include "../libcli/auth/libcli_auth.h" 51 #include "../libcli/lsarpc/util_lsarpc.h" 52 #include "lsa.h" 49 53 50 54 #undef DBGC_CLASS … … 56 60 LSA_HANDLE_POLICY_TYPE = 1, 57 61 LSA_HANDLE_ACCOUNT_TYPE = 2, 58 LSA_HANDLE_TRUST_TYPE = 3}; 62 LSA_HANDLE_TRUST_TYPE = 3, 63 LSA_HANDLE_SECRET_TYPE = 4}; 59 64 60 65 struct lsa_info { 61 66 struct dom_sid sid; 62 67 const char *name; 63 uint32 access;68 uint32_t access; 64 69 enum lsa_handle_type type; 65 70 struct security_descriptor *sd; … … 93 98 LSA_TRUSTED_DOMAIN_ALL_ACCESS 94 99 }; 95 96 /***************************************************************************97 init_lsa_ref_domain_list - adds a domain if it's not already in, returns the index.98 ***************************************************************************/99 100 static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,101 struct lsa_RefDomainList *ref,102 const char *dom_name,103 struct dom_sid *dom_sid)104 {105 int num = 0;106 107 if (dom_name != NULL) {108 for (num = 0; num < ref->count; num++) {109 if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {110 return num;111 }112 }113 } else {114 num = ref->count;115 }116 117 if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {118 /* index not found, already at maximum domain limit */119 return -1;120 }121 122 ref->count = num + 1;123 ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;124 125 ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,126 struct lsa_DomainInfo, ref->count);127 if (!ref->domains) {128 return -1;129 }130 131 ZERO_STRUCT(ref->domains[num]);132 133 init_lsa_StringLarge(&ref->domains[num].name, dom_name);134 ref->domains[num].sid = dom_sid_dup(mem_ctx, dom_sid);135 if (!ref->domains[num].sid) {136 return -1;137 }138 139 return num;140 }141 142 100 143 101 /*************************************************************************** … … 177 135 uint32_t *pmapped_count) 178 136 { 179 uint32 mapped_count, i;137 uint32_t mapped_count, i; 180 138 181 139 SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); … … 186 144 for (i = 0; i < num_entries; i++) { 187 145 struct dom_sid sid; 188 uint32 rid;146 uint32_t rid; 189 147 int dom_idx; 190 148 const char *full_name; 191 149 const char *domain; 192 enum lsa_SidType type = SID_NAME_UNKNOWN;150 enum lsa_SidType type; 193 151 194 152 /* Split name into domain and user component */ … … 205 163 DEBUG(5, ("lookup_lsa_rids: looking up name %s\n", full_name)); 206 164 207 /* We can ignore the result of lookup_name, it will not touch 208 "type" if it's not successful */ 209 210 lookup_name(mem_ctx, full_name, flags, &domain, NULL, 211 &sid, &type); 165 if (!lookup_name(mem_ctx, full_name, flags, &domain, NULL, 166 &sid, &type)) { 167 type = SID_NAME_UNKNOWN; 168 } 212 169 213 170 switch (type) { … … 259 216 struct lsa_String *name, 260 217 int flags, 261 uint32 *pmapped_count)262 { 263 uint32 mapped_count, i;218 uint32_t *pmapped_count) 219 { 220 uint32_t mapped_count, i; 264 221 265 222 SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); … … 270 227 for (i = 0; i < num_entries; i++) { 271 228 struct dom_sid sid; 272 uint32 rid;229 uint32_t rid; 273 230 int dom_idx; 274 231 const char *full_name; … … 285 242 } 286 243 287 DEBUG(5, (" init_lsa_sids: looking up name %s\n", full_name));244 DEBUG(5, ("lookup_lsa_sids: looking up name %s\n", full_name)); 288 245 289 246 if (!lookup_name(mem_ctx, full_name, flags, &domain, NULL, … … 298 255 case SID_NAME_ALIAS: 299 256 case SID_NAME_WKN_GRP: 300 DEBUG(5, (" init_lsa_sids: %s found\n", full_name));257 DEBUG(5, ("lookup_lsa_sids: %s found\n", full_name)); 301 258 /* Leave these unchanged */ 302 259 break; 303 260 default: 304 261 /* Don't hand out anything but the list above */ 305 DEBUG(5, (" init_lsa_sids: %s not found\n", full_name));262 DEBUG(5, ("lookup_lsa_sids: %s not found\n", full_name)); 306 263 type = SID_NAME_UNKNOWN; 307 264 break; … … 404 361 info->name = talloc_strdup(info, name); 405 362 406 if (sd ) {407 info->sd = dup_sec_desc(info, sd);408 if ( !info->sd) {363 if (sd != NULL) { 364 info->sd = security_descriptor_copy(info, sd); 365 if (info->sd == NULL) { 409 366 talloc_free(info); 410 367 return NT_STATUS_NO_MEMORY; … … 430 387 struct security_descriptor *psd = NULL; 431 388 size_t sd_size; 432 uint32 des_access = r->in.access_mask;433 uint32 acc_granted;389 uint32_t des_access = r->in.access_mask; 390 uint32_t acc_granted; 434 391 NTSTATUS status; 392 393 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 394 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 395 return NT_STATUS_ACCESS_DENIED; 396 } 435 397 436 398 /* Work out max allowed. */ 437 399 map_max_allowed_access(p->session_info->security_token, 438 &p->session_info->utok,400 p->session_info->unix_token, 439 401 &des_access); 440 402 … … 479 441 struct lsa_OpenPolicy2 o; 480 442 443 /* _lsa_OpenPolicy2 will check if this is a NCACN_NP connection */ 444 481 445 o.in.system_name = NULL; /* should be ignored */ 482 446 o.in.attr = r->in.attr; … … 522 486 } 523 487 524 entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo, count);488 entries = talloc_zero_array(p->mem_ctx, struct lsa_DomainInfo, count); 525 489 if (!entries) { 526 490 return NT_STATUS_NO_MEMORY; … … 630 594 } 631 595 632 info = TALLOC_ZERO_P(p->mem_ctx, union lsa_PolicyInformation);596 info = talloc_zero(p->mem_ctx, union lsa_PolicyInformation); 633 597 if (!info) { 634 598 return NT_STATUS_NO_MEMORY; … … 671 635 { 672 636 673 uint32 policy_def = LSA_AUDIT_POLICY_ALL;637 uint32_t policy_def = LSA_AUDIT_POLICY_ALL; 674 638 675 639 /* check if the user has enough rights */ … … 683 647 info->audit_events.auditing_mode = true; 684 648 info->audit_events.count = LSA_AUDIT_NUM_CATEGORIES; 685 info->audit_events.settings = TALLOC_ZERO_ARRAY(p->mem_ctx,649 info->audit_events.settings = talloc_zero_array(p->mem_ctx, 686 650 enum lsa_PolicyAuditPolicy, 687 651 info->audit_events.count); … … 847 811 const struct dom_sid **sids = NULL; 848 812 struct lsa_RefDomainList *ref = NULL; 849 uint32 mapped_count = 0;813 uint32_t mapped_count = 0; 850 814 struct lsa_dom_info *dom_infos = NULL; 851 815 struct lsa_name_info *name_infos = NULL; … … 860 824 } 861 825 862 sids = TALLOC_ARRAY(p->mem_ctx, const struct dom_sid *, num_sids);863 ref = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);826 sids = talloc_array(p->mem_ctx, const struct dom_sid *, num_sids); 827 ref = talloc_zero(p->mem_ctx, struct lsa_RefDomainList); 864 828 865 829 if (sids == NULL || ref == NULL) { … … 878 842 } 879 843 880 names = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName2, num_sids);844 names = talloc_array(p->mem_ctx, struct lsa_TranslatedName2, num_sids); 881 845 if (names == NULL) { 882 846 return NT_STATUS_NO_MEMORY; … … 949 913 struct lsa_info *handle; 950 914 int num_sids = r->in.sids->num_sids; 951 uint32 mapped_count = 0;915 uint32_t mapped_count = 0; 952 916 struct lsa_RefDomainList *domains = NULL; 953 917 struct lsa_TranslatedName *names_out = NULL; 954 918 struct lsa_TranslatedName2 *names = NULL; 955 919 int i; 920 921 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 922 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 923 return NT_STATUS_ACCESS_DENIED; 924 } 956 925 957 926 if ((r->in.level < 1) || (r->in.level > 6)) { … … 1000 969 1001 970 /* Convert from lsa_TranslatedName2 to lsa_TranslatedName */ 1002 names_out = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName,971 names_out = talloc_array(p->mem_ctx, struct lsa_TranslatedName, 1003 972 num_sids); 1004 973 if (!names_out) { … … 1020 989 } 1021 990 1022 /*************************************************************************** 1023 _lsa_LookupSids2 1024 ***************************************************************************/ 1025 1026 NTSTATUS _lsa_LookupSids2(struct pipes_struct *p, 1027 struct lsa_LookupSids2 *r) 991 static NTSTATUS _lsa_LookupSids_common(struct pipes_struct *p, 992 struct lsa_LookupSids2 *r) 1028 993 { 1029 994 NTSTATUS status; 1030 995 struct lsa_info *handle; 1031 996 int num_sids = r->in.sids->num_sids; 1032 uint32 mapped_count = 0;997 uint32_t mapped_count = 0; 1033 998 struct lsa_RefDomainList *domains = NULL; 1034 999 struct lsa_TranslatedName2 *names = NULL; … … 1087 1052 1088 1053 /*************************************************************************** 1054 _lsa_LookupSids2 1055 ***************************************************************************/ 1056 1057 NTSTATUS _lsa_LookupSids2(struct pipes_struct *p, 1058 struct lsa_LookupSids2 *r) 1059 { 1060 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 1061 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1062 return NT_STATUS_ACCESS_DENIED; 1063 } 1064 1065 return _lsa_LookupSids_common(p, r); 1066 } 1067 1068 /*************************************************************************** 1089 1069 _lsa_LookupSids3 1090 1070 ***************************************************************************/ … … 1095 1075 struct lsa_LookupSids2 q; 1096 1076 1077 if (p->transport != NCACN_IP_TCP) { 1078 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1079 return NT_STATUS_ACCESS_DENIED; 1080 } 1081 1097 1082 /* No policy handle on this call. Restrict to crypto connections. */ 1098 if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { 1099 DEBUG(0,("_lsa_LookupSids3: client %s not using schannel for netlogon\n", 1100 get_remote_machine_name() )); 1101 return NT_STATUS_INVALID_PARAMETER; 1083 if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL || 1084 p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { 1085 DEBUG(1, ("_lsa_LookupSids3: The client %s is not using " 1086 "a secure connection over netlogon\n", 1087 get_remote_machine_name() )); 1088 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1089 return NT_STATUS_ACCESS_DENIED; 1102 1090 } 1103 1091 … … 1114 1102 q.out.count = r->out.count; 1115 1103 1116 return _lsa_LookupSids 2(p, &q);1104 return _lsa_LookupSids_common(p, &q); 1117 1105 } 1118 1106 … … 1156 1144 struct lsa_info *handle; 1157 1145 struct lsa_String *names = r->in.names; 1158 uint32 num_entries = r->in.num_names;1146 uint32_t num_entries = r->in.num_names; 1159 1147 struct lsa_RefDomainList *domains = NULL; 1160 1148 struct lsa_TranslatedSid *rids = NULL; 1161 uint32 mapped_count = 0;1149 uint32_t mapped_count = 0; 1162 1150 int flags = 0; 1151 1152 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 1153 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1154 return NT_STATUS_ACCESS_DENIED; 1155 } 1163 1156 1164 1157 if (num_entries > MAX_LOOKUP_SIDS) { … … 1170 1163 flags = lsa_lookup_level_to_flags(r->in.level); 1171 1164 1172 domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);1165 domains = talloc_zero(p->mem_ctx, struct lsa_RefDomainList); 1173 1166 if (!domains) { 1174 1167 return NT_STATUS_NO_MEMORY; … … 1176 1169 1177 1170 if (num_entries) { 1178 rids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid,1171 rids = talloc_zero_array(p->mem_ctx, struct lsa_TranslatedSid, 1179 1172 num_entries); 1180 1173 if (!rids) { … … 1237 1230 uint32_t i; 1238 1231 1239 sid_array = TALLOC_ZERO_P(p->mem_ctx, struct lsa_TransSidArray); 1232 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 1233 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1234 return NT_STATUS_ACCESS_DENIED; 1235 } 1236 1237 sid_array = talloc_zero(p->mem_ctx, struct lsa_TransSidArray); 1240 1238 if (!sid_array) { 1241 1239 return NT_STATUS_NO_MEMORY; … … 1259 1257 1260 1258 sid_array2->count = sid_array->count; 1261 sid_array2->sids = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedSid2, sid_array->count);1259 sid_array2->sids = talloc_array(p->mem_ctx, struct lsa_TranslatedSid2, sid_array->count); 1262 1260 if (!sid_array2->sids) { 1263 1261 return NT_STATUS_NO_MEMORY; … … 1276 1274 } 1277 1275 1278 /*************************************************************************** 1279 _lsa_LookupNames3 1280 ***************************************************************************/ 1281 1282 NTSTATUS _lsa_LookupNames3(struct pipes_struct *p, 1283 struct lsa_LookupNames3 *r) 1276 static NTSTATUS _lsa_LookupNames_common(struct pipes_struct *p, 1277 struct lsa_LookupNames3 *r) 1284 1278 { 1285 1279 NTSTATUS status; 1286 1280 struct lsa_info *handle; 1287 1281 struct lsa_String *names = r->in.names; 1288 uint32 num_entries = r->in.num_names;1282 uint32_t num_entries = r->in.num_names; 1289 1283 struct lsa_RefDomainList *domains = NULL; 1290 1284 struct lsa_TranslatedSid3 *trans_sids = NULL; 1291 uint32 mapped_count = 0;1285 uint32_t mapped_count = 0; 1292 1286 int flags = 0; 1293 1287 bool check_policy = true; … … 1307 1301 } 1308 1302 1309 /* Probably the lookup_level is some sort of bitmask. */ 1310 if (r->in.level == 1) { 1311 flags = LOOKUP_NAME_ALL; 1312 } 1313 1314 domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList); 1303 flags = lsa_lookup_level_to_flags(r->in.level); 1304 1305 domains = talloc_zero(p->mem_ctx, struct lsa_RefDomainList); 1315 1306 if (!domains) { 1316 1307 return NT_STATUS_NO_MEMORY; … … 1318 1309 1319 1310 if (num_entries) { 1320 trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid3,1311 trans_sids = talloc_zero_array(p->mem_ctx, struct lsa_TranslatedSid3, 1321 1312 num_entries); 1322 1313 if (!trans_sids) { … … 1370 1361 1371 1362 /*************************************************************************** 1363 _lsa_LookupNames3 1364 ***************************************************************************/ 1365 1366 NTSTATUS _lsa_LookupNames3(struct pipes_struct *p, 1367 struct lsa_LookupNames3 *r) 1368 { 1369 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 1370 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1371 return NT_STATUS_ACCESS_DENIED; 1372 } 1373 1374 return _lsa_LookupNames_common(p, r); 1375 } 1376 1377 /*************************************************************************** 1372 1378 _lsa_LookupNames4 1373 1379 ***************************************************************************/ … … 1378 1384 struct lsa_LookupNames3 q; 1379 1385 1386 if (p->transport != NCACN_IP_TCP) { 1387 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1388 return NT_STATUS_ACCESS_DENIED; 1389 } 1390 1380 1391 /* No policy handle on this call. Restrict to crypto connections. */ 1381 if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { 1382 DEBUG(0,("_lsa_lookup_names4: client %s not using schannel for netlogon\n", 1383 get_remote_machine_name() )); 1384 return NT_STATUS_INVALID_PARAMETER; 1392 if (p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL || 1393 p->auth.auth_level < DCERPC_AUTH_LEVEL_INTEGRITY) { 1394 DEBUG(1, ("_lsa_LookupNames4: The client %s is not using " 1395 "a secure connection over netlogon\n", 1396 get_remote_machine_name())); 1397 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1398 return NT_STATUS_ACCESS_DENIED; 1385 1399 } 1386 1400 … … 1398 1412 q.out.count = r->out.count; 1399 1413 1400 return _lsa_LookupNames 3(p, &q);1414 return _lsa_LookupNames_common(p, &q); 1401 1415 } 1402 1416 … … 1407 1421 NTSTATUS _lsa_Close(struct pipes_struct *p, struct lsa_Close *r) 1408 1422 { 1423 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 1424 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 1425 return NT_STATUS_ACCESS_DENIED; 1426 } 1427 1409 1428 if (!find_policy_by_hnd(p, r->in.handle, NULL)) { 1410 1429 return NT_STATUS_INVALID_HANDLE; … … 1480 1499 1481 1500 /*************************************************************************** 1482 ***************************************************************************/ 1483 1484 NTSTATUS _lsa_OpenSecret(struct pipes_struct *p, struct lsa_OpenSecret *r) 1485 { 1486 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 1501 _lsa_OpenSecret 1502 ***************************************************************************/ 1503 1504 NTSTATUS _lsa_OpenSecret(struct pipes_struct *p, 1505 struct lsa_OpenSecret *r) 1506 { 1507 struct lsa_info *handle; 1508 struct security_descriptor *psd; 1509 NTSTATUS status; 1510 uint32_t acc_granted; 1511 1512 if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) { 1513 return NT_STATUS_INVALID_HANDLE; 1514 } 1515 1516 if (handle->type != LSA_HANDLE_POLICY_TYPE) { 1517 return NT_STATUS_INVALID_HANDLE; 1518 } 1519 1520 if (!r->in.name.string) { 1521 return NT_STATUS_INVALID_PARAMETER; 1522 } 1523 1524 /* Work out max allowed. */ 1525 map_max_allowed_access(p->session_info->security_token, 1526 p->session_info->unix_token, 1527 &r->in.access_mask); 1528 1529 /* map the generic bits to the lsa policy ones */ 1530 se_map_generic(&r->in.access_mask, &lsa_secret_mapping); 1531 1532 status = pdb_get_secret(p->mem_ctx, r->in.name.string, 1533 NULL, 1534 NULL, 1535 NULL, 1536 NULL, 1537 &psd); 1538 if (!NT_STATUS_IS_OK(status)) { 1539 return status; 1540 } 1541 1542 status = access_check_object(psd, p->session_info->security_token, 1543 SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, 1544 r->in.access_mask, 1545 &acc_granted, "_lsa_OpenSecret"); 1546 if (!NT_STATUS_IS_OK(status)) { 1547 return status; 1548 } 1549 1550 status = create_lsa_policy_handle(p->mem_ctx, p, 1551 LSA_HANDLE_SECRET_TYPE, 1552 acc_granted, 1553 NULL, 1554 r->in.name.string, 1555 psd, 1556 r->out.sec_handle); 1557 if (!NT_STATUS_IS_OK(status)) { 1558 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 1559 } 1560 1561 return NT_STATUS_OK; 1487 1562 } 1488 1563 … … 1506 1581 /* Work out max allowed. */ 1507 1582 map_max_allowed_access(p->session_info->security_token, 1508 &p->session_info->utok,1583 p->session_info->unix_token, 1509 1584 &access_mask); 1510 1585 1511 1586 /* map the generic bits to the lsa account ones */ 1512 se_map_generic(&access_mask, &lsa_ account_mapping);1587 se_map_generic(&access_mask, &lsa_trusted_domain_mapping); 1513 1588 1514 1589 /* get the generic lsa account SD until we store it */ … … 1602 1677 } 1603 1678 1604 static NTSTATUS add_trusted_domain_user(TALLOC_CTX *mem_ctx, 1605 const char *netbios_name, 1606 const char *domain_name, 1607 struct trustDomainPasswords auth_struct) 1608 { 1679 static NTSTATUS get_trustdom_auth_blob(struct pipes_struct *p, 1680 TALLOC_CTX *mem_ctx, DATA_BLOB *auth_blob, 1681 struct trustDomainPasswords *auth_struct) 1682 { 1683 enum ndr_err_code ndr_err; 1684 DATA_BLOB lsession_key; 1609 1685 NTSTATUS status; 1610 struct samu *sam_acct; 1611 char *acct_name; 1612 uint32_t rid; 1613 struct dom_sid user_sid; 1614 int i; 1615 char *dummy; 1616 size_t dummy_size; 1617 1618 sam_acct = samu_new(mem_ctx); 1619 if (sam_acct == NULL) { 1620 return NT_STATUS_NO_MEMORY; 1621 } 1622 1623 acct_name = talloc_asprintf(mem_ctx, "%s$", netbios_name); 1624 if (acct_name == NULL) { 1625 return NT_STATUS_NO_MEMORY; 1626 } 1627 if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) { 1628 return NT_STATUS_UNSUCCESSFUL; 1629 } 1630 1631 if (!pdb_set_domain(sam_acct, domain_name, PDB_SET)) { 1632 return NT_STATUS_UNSUCCESSFUL; 1633 } 1634 1635 if (!pdb_set_acct_ctrl(sam_acct, ACB_DOMTRUST, PDB_SET)) { 1636 return NT_STATUS_UNSUCCESSFUL; 1637 } 1638 1639 if (!pdb_new_rid(&rid)) { 1640 return NT_STATUS_DS_NO_MORE_RIDS; 1641 } 1642 sid_compose(&user_sid, get_global_sam_sid(), rid); 1643 if (!pdb_set_user_sid(sam_acct, &user_sid, PDB_SET)) { 1644 return NT_STATUS_UNSUCCESSFUL; 1645 } 1646 1647 for (i = 0; i < auth_struct.incoming.count; i++) { 1648 switch (auth_struct.incoming.current.array[i].AuthType) { 1649 case TRUST_AUTH_TYPE_CLEAR: 1650 if (!convert_string_talloc(mem_ctx, 1651 CH_UTF16LE, 1652 CH_UNIX, 1653 auth_struct.incoming.current.array[i].AuthInfo.clear.password, 1654 auth_struct.incoming.current.array[i].AuthInfo.clear.size, 1655 &dummy, 1656 &dummy_size, 1657 false)) { 1658 return NT_STATUS_UNSUCCESSFUL; 1659 } 1660 if (!pdb_set_plaintext_passwd(sam_acct, dummy)) { 1661 return NT_STATUS_UNSUCCESSFUL; 1662 } 1663 break; 1664 default: 1665 continue; 1666 } 1667 } 1668 1669 status = pdb_add_sam_account(sam_acct); 1670 if (!NT_STATUS_IS_OK(status)) { 1671 return status; 1686 1687 status = session_extract_session_key(p->session_info, &lsession_key, KEY_USE_16BYTES); 1688 if (!NT_STATUS_IS_OK(status)) { 1689 return NT_STATUS_INVALID_PARAMETER; 1690 } 1691 1692 arcfour_crypt_blob(auth_blob->data, auth_blob->length, &lsession_key); 1693 ndr_err = ndr_pull_struct_blob(auth_blob, mem_ctx, 1694 auth_struct, 1695 (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords); 1696 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 1697 return NT_STATUS_INVALID_PARAMETER; 1698 } 1699 1700 return NT_STATUS_OK; 1701 } 1702 1703 static NTSTATUS get_trustauth_inout_blob(TALLOC_CTX *mem_ctx, 1704 struct trustAuthInOutBlob *iopw, 1705 DATA_BLOB *trustauth_blob) 1706 { 1707 enum ndr_err_code ndr_err; 1708 1709 if (iopw->current.count != iopw->count) { 1710 return NT_STATUS_INVALID_PARAMETER; 1711 } 1712 1713 if (iopw->previous.count > iopw->current.count) { 1714 return NT_STATUS_INVALID_PARAMETER; 1715 } 1716 1717 if (iopw->previous.count == 0) { 1718 /* 1719 * If the previous credentials are not present 1720 * we need to make a copy. 1721 */ 1722 iopw->previous = iopw->current; 1723 } 1724 1725 if (iopw->previous.count < iopw->current.count) { 1726 struct AuthenticationInformationArray *c = &iopw->current; 1727 struct AuthenticationInformationArray *p = &iopw->previous; 1728 1729 /* 1730 * The previous array needs to have the same size 1731 * as the current one. 1732 * 1733 * We may have to fill with TRUST_AUTH_TYPE_NONE 1734 * elements. 1735 */ 1736 p->array = talloc_realloc(mem_ctx, p->array, 1737 struct AuthenticationInformation, 1738 c->count); 1739 if (p->array == NULL) { 1740 return NT_STATUS_NO_MEMORY; 1741 } 1742 1743 while (p->count < c->count) { 1744 struct AuthenticationInformation *a = 1745 &p->array[p->count++]; 1746 1747 *a = (struct AuthenticationInformation) { 1748 .LastUpdateTime = p->array[0].LastUpdateTime, 1749 .AuthType = TRUST_AUTH_TYPE_NONE, 1750 }; 1751 } 1752 } 1753 1754 ndr_err = ndr_push_struct_blob(trustauth_blob, mem_ctx, 1755 iopw, 1756 (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); 1757 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 1758 return NT_STATUS_INVALID_PARAMETER; 1672 1759 } 1673 1760 … … 1689 1776 struct pdb_trusted_domain td; 1690 1777 struct trustDomainPasswords auth_struct; 1691 enum ndr_err_code ndr_err;1692 1778 DATA_BLOB auth_blob; 1693 1779 … … 1704 1790 } 1705 1791 1706 if (p->session_info->u tok.uid != sec_initial_uid() &&1792 if (p->session_info->unix_token->uid != sec_initial_uid() && 1707 1793 !nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS)) { 1708 1794 return NT_STATUS_ACCESS_DENIED; … … 1711 1797 /* Work out max allowed. */ 1712 1798 map_max_allowed_access(p->session_info->security_token, 1713 &p->session_info->utok,1799 p->session_info->unix_token, 1714 1800 &r->in.access_mask); 1715 1801 … … 1749 1835 td.trust_attributes = r->in.info->trust_attributes; 1750 1836 1751 if (r->in.auth_info->auth_blob.size != 0) { 1752 auth_blob.length = r->in.auth_info->auth_blob.size; 1753 auth_blob.data = r->in.auth_info->auth_blob.data; 1754 1755 arcfour_crypt_blob(auth_blob.data, auth_blob.length, 1756 &p->session_info->user_session_key); 1757 1758 ndr_err = ndr_pull_struct_blob(&auth_blob, p->mem_ctx, 1759 &auth_struct, 1760 (ndr_pull_flags_fn_t) ndr_pull_trustDomainPasswords); 1761 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 1837 if (r->in.auth_info_internal->auth_blob.size != 0) { 1838 auth_blob.length = r->in.auth_info_internal->auth_blob.size; 1839 auth_blob.data = r->in.auth_info_internal->auth_blob.data; 1840 1841 status = get_trustdom_auth_blob(p, p->mem_ctx, &auth_blob, &auth_struct); 1842 if (!NT_STATUS_IS_OK(status)) { 1762 1843 return NT_STATUS_UNSUCCESSFUL; 1763 1844 } 1764 1845 1765 ndr_err = ndr_push_struct_blob(&td.trust_auth_incoming, p->mem_ctx, 1766 &auth_struct.incoming, 1767 (ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob); 1768 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 1846 status = get_trustauth_inout_blob(p->mem_ctx, &auth_struct.incoming, &td.trust_auth_incoming); 1847 if (!NT_STATUS_IS_OK(status)) { 1769 1848 return NT_STATUS_UNSUCCESSFUL; 1770 1849 } 1771 1850 1772 ndr_err = ndr_push_struct_blob(&td.trust_auth_outgoing, p->mem_ctx, 1773 &auth_struct.outgoing, 1774 (ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob); 1775 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 1851 status = get_trustauth_inout_blob(p->mem_ctx, &auth_struct.outgoing, &td.trust_auth_outgoing); 1852 if (!NT_STATUS_IS_OK(status)) { 1776 1853 return NT_STATUS_UNSUCCESSFUL; 1777 1854 } … … 1786 1863 if (!NT_STATUS_IS_OK(status)) { 1787 1864 return status; 1788 }1789 1790 if (r->in.info->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {1791 status = add_trusted_domain_user(p->mem_ctx,1792 r->in.info->netbios_name.string,1793 r->in.info->domain_name.string,1794 auth_struct);1795 if (!NT_STATUS_IS_OK(status)) {1796 return status;1797 }1798 1865 } 1799 1866 … … 1806 1873 r->out.trustdom_handle); 1807 1874 if (!NT_STATUS_IS_OK(status)) { 1808 pdb_del_trusted dom_pw(r->in.info->netbios_name.string);1875 pdb_del_trusted_domain(r->in.info->netbios_name.string); 1809 1876 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 1810 1877 } … … 1821 1888 { 1822 1889 struct lsa_CreateTrustedDomainEx2 q; 1890 struct lsa_TrustDomainInfoAuthInfoInternal auth_info; 1891 1892 ZERO_STRUCT(auth_info); 1823 1893 1824 1894 q.in.policy_handle = r->in.policy_handle; 1825 1895 q.in.info = r->in.info; 1826 q.in.auth_info = r->in.auth_info;1896 q.in.auth_info_internal = &auth_info; 1827 1897 q.in.access_mask = r->in.access_mask; 1828 1898 q.out.trustdom_handle = r->out.trustdom_handle; … … 1853 1923 c.in.policy_handle = r->in.policy_handle; 1854 1924 c.in.info = &info; 1855 c.in.auth_info 1925 c.in.auth_info_internal = &auth_info; 1856 1926 c.in.access_mask = r->in.access_mask; 1857 1927 c.out.trustdom_handle = r->out.trustdom_handle; … … 1870 1940 struct lsa_info *handle; 1871 1941 struct pdb_trusted_domain *td; 1872 struct samu *sam_acct;1873 char *acct_name;1874 1942 1875 1943 /* find the connection policy handle. */ … … 1897 1965 } 1898 1966 1899 if (td->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {1900 sam_acct = samu_new(p->mem_ctx);1901 if (sam_acct == NULL) {1902 return NT_STATUS_NO_MEMORY;1903 }1904 1905 acct_name = talloc_asprintf(p->mem_ctx, "%s$", td->netbios_name);1906 if (acct_name == NULL) {1907 return NT_STATUS_NO_MEMORY;1908 }1909 if (!pdb_set_username(sam_acct, acct_name, PDB_SET)) {1910 return NT_STATUS_UNSUCCESSFUL;1911 }1912 status = pdb_delete_sam_account(sam_acct);1913 if (!NT_STATUS_IS_OK(status)) {1914 return status;1915 }1916 }1917 1918 1967 status = pdb_del_trusted_domain(td->netbios_name); 1919 1968 if (!NT_STATUS_IS_OK(status)) { … … 1937 1986 _lsa_QueryTrustedDomainInfo 1938 1987 ***************************************************************************/ 1988 1989 static NTSTATUS pdb_trusted_domain_2_info_ex(TALLOC_CTX *mem_ctx, 1990 struct pdb_trusted_domain *td, 1991 struct lsa_TrustDomainInfoInfoEx *info_ex) 1992 { 1993 if (td->domain_name == NULL || 1994 td->netbios_name == NULL || 1995 is_null_sid(&td->security_identifier)) { 1996 return NT_STATUS_INVALID_PARAMETER; 1997 } 1998 1999 info_ex->domain_name.string = talloc_strdup(mem_ctx, td->domain_name); 2000 info_ex->netbios_name.string = talloc_strdup(mem_ctx, td->netbios_name); 2001 info_ex->sid = dom_sid_dup(mem_ctx, &td->security_identifier); 2002 if (info_ex->domain_name.string == NULL || 2003 info_ex->netbios_name.string == NULL || 2004 info_ex->sid == NULL) { 2005 return NT_STATUS_NO_MEMORY; 2006 } 2007 2008 info_ex->trust_direction = td->trust_direction; 2009 info_ex->trust_type = td->trust_type; 2010 info_ex->trust_attributes = td->trust_attributes; 2011 2012 return NT_STATUS_OK; 2013 } 1939 2014 1940 2015 NTSTATUS _lsa_QueryTrustedDomainInfo(struct pipes_struct *p, … … 2015 2090 } 2016 2091 2017 info = TALLOC_ZERO_P(p->mem_ctx, union lsa_TrustedDomainInfo);2092 info = talloc_zero(p->mem_ctx, union lsa_TrustedDomainInfo); 2018 2093 if (!info) { 2019 2094 return NT_STATUS_NO_MEMORY; … … 2027 2102 return NT_STATUS_INVALID_PARAMETER; 2028 2103 case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET: 2104 info->posix_offset.posix_offset = *td->trust_posix_offset; 2029 2105 break; 2030 2106 case LSA_TRUSTED_DOMAIN_INFO_PASSWORD: … … 2033 2109 return NT_STATUS_INVALID_PARAMETER; 2034 2110 case LSA_TRUSTED_DOMAIN_INFO_INFO_EX: 2035 init_lsa_StringLarge(&info->info_ex.domain_name, td->domain_name); 2036 init_lsa_StringLarge(&info->info_ex.netbios_name, td->netbios_name); 2037 info->info_ex.sid = dom_sid_dup(info, &td->security_identifier); 2038 if (!info->info_ex.sid) { 2039 return NT_STATUS_NO_MEMORY; 2040 } 2041 info->info_ex.trust_direction = td->trust_direction; 2042 info->info_ex.trust_type = td->trust_type; 2043 info->info_ex.trust_attributes = td->trust_attributes; 2111 status = pdb_trusted_domain_2_info_ex(info, td, &info->info_ex); 2112 if (!NT_STATUS_IS_OK(status)) { 2113 return status; 2114 } 2044 2115 break; 2045 2116 case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO: 2046 2117 return NT_STATUS_INVALID_INFO_CLASS; 2047 2118 case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO: 2119 status = pdb_trusted_domain_2_info_ex(info, td, 2120 &info->full_info.info_ex); 2121 if (!NT_STATUS_IS_OK(status)) { 2122 return status; 2123 } 2124 info->full_info.posix_offset.posix_offset = *td->trust_posix_offset; 2125 status = auth_blob_2_auth_info(p->mem_ctx, 2126 td->trust_auth_incoming, 2127 td->trust_auth_outgoing, 2128 &info->full_info.auth_info); 2129 if (!NT_STATUS_IS_OK(status)) { 2130 return status; 2131 } 2048 2132 break; 2049 2133 case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL: … … 2054 2138 return NT_STATUS_INVALID_PARAMETER; 2055 2139 case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL: 2140 info->full_info2_internal.posix_offset.posix_offset = *td->trust_posix_offset; 2141 status = auth_blob_2_auth_info(p->mem_ctx, 2142 td->trust_auth_incoming, 2143 td->trust_auth_outgoing, 2144 &info->full_info2_internal.auth_info); 2145 if (!NT_STATUS_IS_OK(status)) { 2146 return status; 2147 } 2056 2148 break; 2057 2149 case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES: 2150 info->enc_types.enc_types = *td->supported_enc_type; 2058 2151 break; 2059 2152 default: … … 2146 2239 2147 2240 /*************************************************************************** 2148 ***************************************************************************/ 2149 2150 NTSTATUS _lsa_CreateSecret(struct pipes_struct *p, struct lsa_CreateSecret *r) 2151 { 2152 return NT_STATUS_ACCESS_DENIED; 2153 } 2154 2155 /*************************************************************************** 2156 ***************************************************************************/ 2157 2158 NTSTATUS _lsa_SetSecret(struct pipes_struct *p, struct lsa_SetSecret *r) 2159 { 2160 return NT_STATUS_ACCESS_DENIED; 2241 _lsa_CreateSecret 2242 ***************************************************************************/ 2243 2244 NTSTATUS _lsa_CreateSecret(struct pipes_struct *p, 2245 struct lsa_CreateSecret *r) 2246 { 2247 NTSTATUS status; 2248 struct lsa_info *handle; 2249 uint32_t acc_granted; 2250 struct security_descriptor *psd; 2251 size_t sd_size; 2252 2253 /* find the connection policy handle. */ 2254 if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) { 2255 return NT_STATUS_INVALID_HANDLE; 2256 } 2257 2258 if (handle->type != LSA_HANDLE_POLICY_TYPE) { 2259 return NT_STATUS_INVALID_HANDLE; 2260 } 2261 2262 /* check if the user has enough rights */ 2263 2264 if (!(handle->access & LSA_POLICY_CREATE_SECRET)) { 2265 return NT_STATUS_ACCESS_DENIED; 2266 } 2267 2268 /* Work out max allowed. */ 2269 map_max_allowed_access(p->session_info->security_token, 2270 p->session_info->unix_token, 2271 &r->in.access_mask); 2272 2273 /* map the generic bits to the lsa policy ones */ 2274 se_map_generic(&r->in.access_mask, &lsa_secret_mapping); 2275 2276 status = make_lsa_object_sd(p->mem_ctx, &psd, &sd_size, 2277 &lsa_secret_mapping, 2278 NULL, 0); 2279 if (!NT_STATUS_IS_OK(status)) { 2280 return status; 2281 } 2282 2283 status = access_check_object(psd, p->session_info->security_token, 2284 SEC_PRIV_INVALID, SEC_PRIV_INVALID, 0, 2285 r->in.access_mask, 2286 &acc_granted, "_lsa_CreateSecret"); 2287 if (!NT_STATUS_IS_OK(status)) { 2288 return status; 2289 } 2290 2291 if (!r->in.name.string) { 2292 return NT_STATUS_INVALID_PARAMETER; 2293 } 2294 2295 if (strlen(r->in.name.string) > 128) { 2296 return NT_STATUS_NAME_TOO_LONG; 2297 } 2298 2299 status = pdb_get_secret(p->mem_ctx, r->in.name.string, 2300 NULL, NULL, NULL, NULL, NULL); 2301 if (NT_STATUS_IS_OK(status)) { 2302 return NT_STATUS_OBJECT_NAME_COLLISION; 2303 } 2304 2305 status = pdb_set_secret(r->in.name.string, NULL, NULL, psd); 2306 if (!NT_STATUS_IS_OK(status)) { 2307 return status; 2308 } 2309 2310 status = create_lsa_policy_handle(p->mem_ctx, p, 2311 LSA_HANDLE_SECRET_TYPE, 2312 acc_granted, 2313 NULL, 2314 r->in.name.string, 2315 psd, 2316 r->out.sec_handle); 2317 if (!NT_STATUS_IS_OK(status)) { 2318 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 2319 } 2320 2321 return NT_STATUS_OK; 2322 } 2323 2324 /*************************************************************************** 2325 _lsa_SetSecret 2326 ***************************************************************************/ 2327 2328 NTSTATUS _lsa_SetSecret(struct pipes_struct *p, 2329 struct lsa_SetSecret *r) 2330 { 2331 NTSTATUS status; 2332 struct lsa_info *info = NULL; 2333 DATA_BLOB blob_new, blob_old; 2334 DATA_BLOB cleartext_blob_new = data_blob_null; 2335 DATA_BLOB cleartext_blob_old = data_blob_null; 2336 DATA_BLOB *cleartext_blob_new_p = NULL; 2337 DATA_BLOB *cleartext_blob_old_p = NULL; 2338 DATA_BLOB session_key; 2339 2340 if (!find_policy_by_hnd(p, r->in.sec_handle, (void **)(void *)&info)) { 2341 return NT_STATUS_INVALID_HANDLE; 2342 } 2343 2344 if (info->type != LSA_HANDLE_SECRET_TYPE) { 2345 return NT_STATUS_INVALID_HANDLE; 2346 } 2347 2348 if (!(info->access & LSA_SECRET_SET_VALUE)) { 2349 return NT_STATUS_ACCESS_DENIED; 2350 } 2351 2352 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 2353 if(!NT_STATUS_IS_OK(status)) { 2354 return status; 2355 } 2356 2357 if (r->in.new_val) { 2358 blob_new = data_blob_const(r->in.new_val->data, 2359 r->in.new_val->length); 2360 2361 status = sess_decrypt_blob(p->mem_ctx, &blob_new, 2362 &session_key, 2363 &cleartext_blob_new); 2364 if (!NT_STATUS_IS_OK(status)) { 2365 return status; 2366 } 2367 2368 cleartext_blob_new_p = &cleartext_blob_new; 2369 } 2370 2371 if (r->in.old_val) { 2372 blob_old = data_blob_const(r->in.old_val->data, 2373 r->in.old_val->length); 2374 2375 status = sess_decrypt_blob(p->mem_ctx, &blob_old, 2376 &session_key, 2377 &cleartext_blob_old); 2378 if (!NT_STATUS_IS_OK(status)) { 2379 return status; 2380 } 2381 2382 cleartext_blob_old_p = &cleartext_blob_old; 2383 } 2384 2385 status = pdb_set_secret(info->name, cleartext_blob_new_p, cleartext_blob_old_p, NULL); 2386 if (!NT_STATUS_IS_OK(status)) { 2387 return status; 2388 } 2389 2390 #ifdef DEBUG_PASSWORD 2391 DEBUG(10,("_lsa_SetSecret: successfully set new secret\n")); 2392 dump_data(10, cleartext_blob_new.data, cleartext_blob_new.length); 2393 DEBUG(10,("_lsa_SetSecret: successfully set old secret\n")); 2394 dump_data(10, cleartext_blob_old.data, cleartext_blob_old.length); 2395 #endif 2396 2397 return NT_STATUS_OK; 2398 } 2399 2400 /*************************************************************************** 2401 _lsa_QuerySecret 2402 ***************************************************************************/ 2403 2404 NTSTATUS _lsa_QuerySecret(struct pipes_struct *p, 2405 struct lsa_QuerySecret *r) 2406 { 2407 struct lsa_info *info = NULL; 2408 DATA_BLOB blob_new, blob_old; 2409 DATA_BLOB blob_new_crypt, blob_old_crypt; 2410 DATA_BLOB session_key; 2411 NTTIME nttime_new, nttime_old; 2412 NTSTATUS status; 2413 2414 if (!find_policy_by_hnd(p, r->in.sec_handle, (void **)(void *)&info)) { 2415 return NT_STATUS_INVALID_HANDLE; 2416 } 2417 2418 if (info->type != LSA_HANDLE_SECRET_TYPE) { 2419 return NT_STATUS_INVALID_HANDLE; 2420 } 2421 2422 if (!(info->access & LSA_SECRET_QUERY_VALUE)) { 2423 return NT_STATUS_ACCESS_DENIED; 2424 } 2425 2426 status = pdb_get_secret(p->mem_ctx, info->name, 2427 &blob_new, &nttime_new, 2428 &blob_old, &nttime_old, 2429 NULL); 2430 if (!NT_STATUS_IS_OK(status)) { 2431 return status; 2432 } 2433 2434 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 2435 if(!NT_STATUS_IS_OK(status)) { 2436 return status; 2437 } 2438 2439 if (r->in.new_val) { 2440 if (blob_new.length) { 2441 if (!r->out.new_val->buf) { 2442 r->out.new_val->buf = talloc_zero(p->mem_ctx, struct lsa_DATA_BUF); 2443 } 2444 if (!r->out.new_val->buf) { 2445 return NT_STATUS_NO_MEMORY; 2446 } 2447 2448 blob_new_crypt = sess_encrypt_blob(p->mem_ctx, &blob_new, 2449 &session_key); 2450 if (!blob_new_crypt.length) { 2451 return NT_STATUS_NO_MEMORY; 2452 } 2453 2454 r->out.new_val->buf->data = blob_new_crypt.data; 2455 r->out.new_val->buf->length = blob_new_crypt.length; 2456 r->out.new_val->buf->size = blob_new_crypt.length; 2457 } 2458 } 2459 2460 if (r->in.old_val) { 2461 if (blob_old.length) { 2462 if (!r->out.old_val->buf) { 2463 r->out.old_val->buf = talloc_zero(p->mem_ctx, struct lsa_DATA_BUF); 2464 } 2465 if (!r->out.old_val->buf) { 2466 return NT_STATUS_NO_MEMORY; 2467 } 2468 2469 blob_old_crypt = sess_encrypt_blob(p->mem_ctx, &blob_old, 2470 &session_key); 2471 if (!blob_old_crypt.length) { 2472 return NT_STATUS_NO_MEMORY; 2473 } 2474 2475 r->out.old_val->buf->data = blob_old_crypt.data; 2476 r->out.old_val->buf->length = blob_old_crypt.length; 2477 r->out.old_val->buf->size = blob_old_crypt.length; 2478 } 2479 } 2480 2481 if (r->out.new_mtime) { 2482 *r->out.new_mtime = nttime_new; 2483 } 2484 2485 if (r->out.old_mtime) { 2486 *r->out.old_mtime = nttime_old; 2487 } 2488 2489 return NT_STATUS_OK; 2161 2490 } 2162 2491 … … 2188 2517 } 2189 2518 break; 2519 case LSA_HANDLE_TRUST_TYPE: 2520 if (!pdb_del_trusteddom_pw(info->name)) { 2521 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 2522 } 2523 status = NT_STATUS_OK; 2524 break; 2525 case LSA_HANDLE_SECRET_TYPE: 2526 status = pdb_delete_secret(info->name); 2527 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { 2528 return NT_STATUS_INVALID_HANDLE; 2529 } 2530 break; 2190 2531 default: 2191 2532 return NT_STATUS_INVALID_HANDLE; … … 2206 2547 { 2207 2548 struct lsa_info *handle; 2208 uint32 i;2209 uint32 enum_context = *r->in.resume_handle;2549 uint32_t i; 2550 uint32_t enum_context = *r->in.resume_handle; 2210 2551 int num_privs = num_privileges_in_short_list(); 2211 2552 struct lsa_PrivEntry *entries = NULL; … … 2233 2574 2234 2575 if (num_privs) { 2235 entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_PrivEntry, num_privs);2576 entries = talloc_zero_array(p->mem_ctx, struct lsa_PrivEntry, num_privs); 2236 2577 if (!entries) { 2237 2578 return NT_STATUS_NO_MEMORY; … … 2302 2643 DEBUG(10,("_lsa_LookupPrivDisplayName: display name = %s\n", description)); 2303 2644 2304 lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge);2645 lsa_name = talloc_zero(p->mem_ctx, struct lsa_StringLarge); 2305 2646 if (!lsa_name) { 2306 2647 return NT_STATUS_NO_MEMORY; … … 2354 2695 2355 2696 if (num_entries - *r->in.resume_handle) { 2356 sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_SidPtr,2697 sids = talloc_zero_array(p->mem_ctx, struct lsa_SidPtr, 2357 2698 num_entries - *r->in.resume_handle); 2358 2699 if (!sids) { … … 2390 2731 struct lsa_String *authority_name = NULL; 2391 2732 2733 if (p->transport != NCACN_NP && p->transport != NCALRPC) { 2734 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 2735 return NT_STATUS_ACCESS_DENIED; 2736 } 2737 2392 2738 if (r->in.account_name && 2393 2739 *r->in.account_name) { … … 2400 2746 } 2401 2747 2402 if ( p->session_info->guest) {2748 if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) { 2403 2749 /* 2404 2750 * I'm 99% sure this is not the right place to do this, … … 2411 2757 } 2412 2758 } else { 2413 username = p->session_info-> sanitized_username;2414 domname = p->session_info->info 3->base.domain.string;2415 } 2416 2417 account_name = TALLOC_P(p->mem_ctx, struct lsa_String);2759 username = p->session_info->unix_info->sanitized_username; 2760 domname = p->session_info->info->domain_name; 2761 } 2762 2763 account_name = talloc(p->mem_ctx, struct lsa_String); 2418 2764 if (!account_name) { 2419 2765 return NT_STATUS_NO_MEMORY; … … 2422 2768 2423 2769 if (r->out.authority_name) { 2424 authority_name = TALLOC_P(p->mem_ctx, struct lsa_String);2770 authority_name = talloc(p->mem_ctx, struct lsa_String); 2425 2771 if (!authority_name) { 2426 2772 return NT_STATUS_NO_MEMORY; … … 2470 2816 /* Work out max allowed. */ 2471 2817 map_max_allowed_access(p->session_info->security_token, 2472 &p->session_info->utok,2818 p->session_info->unix_token, 2473 2819 &r->in.access_mask); 2474 2820 … … 2538 2884 /* Work out max allowed. */ 2539 2885 map_max_allowed_access(p->session_info->security_token, 2540 &p->session_info->utok,2886 p->session_info->unix_token, 2541 2887 &des_access); 2542 2888 … … 2608 2954 } 2609 2955 2610 *r->out.privs = priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);2956 *r->out.privs = priv_set = talloc_zero(p->mem_ctx, struct lsa_PrivilegeSet); 2611 2957 if (!priv_set) { 2612 2958 return NT_STATUS_NO_MEMORY; … … 2691 3037 { 2692 3038 struct lsa_info *info=NULL; 2693 GROUP_MAP map; 3039 NTSTATUS status; 3040 GROUP_MAP *map; 2694 3041 2695 3042 /* find the connection policy handle. */ … … 2705 3052 } 2706 3053 2707 if (!pdb_getgrsid(&map, info->sid)) 3054 map = talloc_zero(p->mem_ctx, GROUP_MAP); 3055 if (!map) { 3056 return NT_STATUS_NO_MEMORY; 3057 } 3058 3059 if (!pdb_getgrsid(map, info->sid)) { 3060 TALLOC_FREE(map); 2708 3061 return NT_STATUS_NO_SUCH_GROUP; 2709 2710 return pdb_update_group_mapping_entry(&map); 3062 } 3063 3064 status = pdb_update_group_mapping_entry(map); 3065 TALLOC_FREE(map); 3066 return status; 2711 3067 } 2712 3068 … … 2812 3168 } 2813 3169 2814 lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge);3170 lsa_name = talloc_zero(p->mem_ctx, struct lsa_StringLarge); 2815 3171 if (!lsa_name) { 2816 3172 return NT_STATUS_NO_MEMORY; … … 2848 3204 case LSA_HANDLE_ACCOUNT_TYPE: 2849 3205 case LSA_HANDLE_TRUST_TYPE: 3206 case LSA_HANDLE_SECRET_TYPE: 2850 3207 psd = handle->sd; 2851 3208 sd_size = ndr_size_security_descriptor(psd, 0); … … 3021 3378 PRIVILEGE_SET *privileges) 3022 3379 { 3023 uint32 i;3380 uint32_t i; 3024 3381 const char *privname; 3025 3382 const char **privname_array = NULL; 3026 int num_priv = 0;3383 size_t num_priv = 0; 3027 3384 3028 3385 for (i=0; i<privileges->count; i++) { … … 3041 3398 if (num_priv) { 3042 3399 3043 r->names = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_StringLarge,3400 r->names = talloc_zero_array(mem_ctx, struct lsa_StringLarge, 3044 3401 num_priv); 3045 3402 if (!r->names) { … … 3203 3560 } 3204 3561 3562 static NTSTATUS info_ex_2_pdb_trusted_domain( 3563 struct lsa_TrustDomainInfoInfoEx *info_ex, 3564 struct pdb_trusted_domain *td) 3565 { 3566 if (info_ex->domain_name.string == NULL || 3567 info_ex->netbios_name.string == NULL || 3568 info_ex->sid == NULL) { 3569 return NT_STATUS_INVALID_PARAMETER; 3570 } 3571 3572 td->domain_name = talloc_strdup(td, info_ex->domain_name.string); 3573 td->netbios_name = talloc_strdup(td, info_ex->netbios_name.string); 3574 sid_copy(&td->security_identifier, info_ex->sid); 3575 if (td->domain_name == NULL || 3576 td->netbios_name == NULL || 3577 is_null_sid(&td->security_identifier)) { 3578 return NT_STATUS_NO_MEMORY; 3579 } 3580 td->trust_direction = info_ex->trust_direction; 3581 td->trust_type = info_ex->trust_type; 3582 td->trust_attributes = info_ex->trust_attributes; 3583 3584 return NT_STATUS_OK; 3585 } 3586 3587 static NTSTATUS setInfoTrustedDomain_base(struct pipes_struct *p, 3588 TALLOC_CTX *mem_ctx, 3589 struct lsa_info *policy, 3590 enum lsa_TrustDomInfoEnum level, 3591 union lsa_TrustedDomainInfo *info) 3592 { 3593 struct lsa_TrustDomainInfoAuthInfoInternal *auth_info_int = NULL; 3594 DATA_BLOB auth_blob; 3595 struct trustDomainPasswords auth_struct; 3596 NTSTATUS nt_status; 3597 3598 struct pdb_trusted_domain *td; 3599 struct pdb_trusted_domain *orig_td; 3600 3601 td = talloc_zero(mem_ctx, struct pdb_trusted_domain); 3602 if (td == NULL) { 3603 return NT_STATUS_NO_MEMORY; 3604 } 3605 3606 switch (level) { 3607 case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET: 3608 if (!(policy->access & LSA_TRUSTED_SET_POSIX)) { 3609 return NT_STATUS_ACCESS_DENIED; 3610 } 3611 td->trust_posix_offset = &info->posix_offset.posix_offset; 3612 break; 3613 case LSA_TRUSTED_DOMAIN_INFO_INFO_EX: 3614 if (!(policy->access & LSA_TRUSTED_SET_POSIX)) { 3615 return NT_STATUS_ACCESS_DENIED; 3616 } 3617 nt_status = info_ex_2_pdb_trusted_domain(&info->info_ex, td); 3618 if (!NT_STATUS_IS_OK(nt_status)) { 3619 return nt_status; 3620 } 3621 break; 3622 case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO: 3623 if (!(policy->access & LSA_TRUSTED_SET_AUTH)) { 3624 return NT_STATUS_ACCESS_DENIED; 3625 } 3626 nt_status = auth_info_2_auth_blob(td, &info->auth_info, 3627 &td->trust_auth_incoming, 3628 &td->trust_auth_outgoing); 3629 if (!NT_STATUS_IS_OK(nt_status)) { 3630 return nt_status; 3631 } 3632 break; 3633 case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO: 3634 if (!(policy->access & (LSA_TRUSTED_SET_AUTH | LSA_TRUSTED_SET_POSIX))) { 3635 return NT_STATUS_ACCESS_DENIED; 3636 } 3637 td->trust_posix_offset = &info->full_info.posix_offset.posix_offset; 3638 nt_status = info_ex_2_pdb_trusted_domain(&info->full_info.info_ex, 3639 td); 3640 if (!NT_STATUS_IS_OK(nt_status)) { 3641 return nt_status; 3642 } 3643 nt_status = auth_info_2_auth_blob(td, 3644 &info->full_info.auth_info, 3645 &td->trust_auth_incoming, 3646 &td->trust_auth_outgoing); 3647 if (!NT_STATUS_IS_OK(nt_status)) { 3648 return nt_status; 3649 } 3650 break; 3651 case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL: 3652 if (!(policy->access & LSA_TRUSTED_SET_AUTH)) { 3653 return NT_STATUS_ACCESS_DENIED; 3654 } 3655 auth_info_int = &info->auth_info_internal; 3656 break; 3657 case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL: 3658 if (!(policy->access & (LSA_TRUSTED_SET_AUTH | LSA_TRUSTED_SET_POSIX))) { 3659 return NT_STATUS_ACCESS_DENIED; 3660 } 3661 td->trust_posix_offset = &info->full_info_internal.posix_offset.posix_offset; 3662 nt_status = info_ex_2_pdb_trusted_domain(&info->full_info_internal.info_ex, 3663 td); 3664 if (!NT_STATUS_IS_OK(nt_status)) { 3665 return nt_status; 3666 } 3667 auth_info_int = &info->full_info_internal.auth_info; 3668 break; 3669 case LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES: 3670 if (!(policy->access & LSA_TRUSTED_SET_POSIX)) { 3671 return NT_STATUS_ACCESS_DENIED; 3672 } 3673 td->supported_enc_type = &info->enc_types.enc_types; 3674 break; 3675 default: 3676 return NT_STATUS_INVALID_PARAMETER; 3677 } 3678 3679 /* decode auth_info_int if set */ 3680 if (auth_info_int) { 3681 3682 /* now decrypt blob */ 3683 auth_blob = data_blob_const(auth_info_int->auth_blob.data, 3684 auth_info_int->auth_blob.size); 3685 3686 nt_status = get_trustdom_auth_blob(p, mem_ctx, 3687 &auth_blob, &auth_struct); 3688 if (!NT_STATUS_IS_OK(nt_status)) { 3689 return nt_status; 3690 } 3691 } else { 3692 memset(&auth_struct, 0, sizeof(auth_struct)); 3693 } 3694 3695 /* TODO: verify only one object matches the dns/netbios/sid triplet and that 3696 * this is the one we already have */ 3697 3698 /* TODO: check if the trust direction is changed and we need to add or remove 3699 * auth data */ 3700 3701 /* TODO: check if trust type shall be changed and return an error in this case 3702 * */ 3703 nt_status = pdb_get_trusted_domain_by_sid(p->mem_ctx, &policy->sid, 3704 &orig_td); 3705 if (!NT_STATUS_IS_OK(nt_status)) { 3706 return nt_status; 3707 } 3708 3709 3710 /* TODO: should we fetch previous values from the existing entry 3711 * and append them ? */ 3712 if (auth_struct.incoming.count) { 3713 nt_status = get_trustauth_inout_blob(mem_ctx, 3714 &auth_struct.incoming, 3715 &td->trust_auth_incoming); 3716 if (!NT_STATUS_IS_OK(nt_status)) { 3717 return nt_status; 3718 } 3719 } else { 3720 ZERO_STRUCT(td->trust_auth_incoming); 3721 } 3722 3723 if (auth_struct.outgoing.count) { 3724 nt_status = get_trustauth_inout_blob(mem_ctx, 3725 &auth_struct.outgoing, 3726 &td->trust_auth_outgoing); 3727 if (!NT_STATUS_IS_OK(nt_status)) { 3728 return nt_status; 3729 } 3730 } else { 3731 ZERO_STRUCT(td->trust_auth_outgoing); 3732 } 3733 3734 nt_status = pdb_set_trusted_domain(orig_td->domain_name, td); 3735 if (!NT_STATUS_IS_OK(nt_status)) { 3736 return nt_status; 3737 } 3738 3739 return NT_STATUS_OK; 3740 } 3741 3742 NTSTATUS _lsa_SetTrustedDomainInfo(struct pipes_struct *p, 3743 struct lsa_SetTrustedDomainInfo *r) 3744 { 3745 NTSTATUS status; 3746 struct policy_handle trustdom_handle; 3747 struct lsa_OpenTrustedDomain o; 3748 struct lsa_SetInformationTrustedDomain s; 3749 struct lsa_Close c; 3750 3751 o.in.handle = r->in.handle; 3752 o.in.sid = r->in.dom_sid; 3753 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; 3754 o.out.trustdom_handle = &trustdom_handle; 3755 3756 status = _lsa_OpenTrustedDomain(p, &o); 3757 if (!NT_STATUS_IS_OK(status)) { 3758 return status; 3759 } 3760 3761 s.in.trustdom_handle = &trustdom_handle; 3762 s.in.level = r->in.level; 3763 s.in.info = r->in.info; 3764 3765 status = _lsa_SetInformationTrustedDomain(p, &s); 3766 if (!NT_STATUS_IS_OK(status)) { 3767 return status; 3768 } 3769 3770 c.in.handle = &trustdom_handle; 3771 c.out.handle = &trustdom_handle; 3772 3773 return _lsa_Close(p, &c); 3774 } 3775 3776 NTSTATUS _lsa_SetTrustedDomainInfoByName(struct pipes_struct *p, 3777 struct lsa_SetTrustedDomainInfoByName *r) 3778 { 3779 NTSTATUS status; 3780 struct policy_handle trustdom_handle; 3781 struct lsa_OpenTrustedDomainByName o; 3782 struct lsa_SetInformationTrustedDomain s; 3783 struct lsa_Close c; 3784 3785 o.in.handle = r->in.handle; 3786 o.in.name.string = r->in.trusted_domain->string; 3787 o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; 3788 o.out.trustdom_handle = &trustdom_handle; 3789 3790 status = _lsa_OpenTrustedDomainByName(p, &o); 3791 if (!NT_STATUS_IS_OK(status)) { 3792 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_DOMAIN)) { 3793 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 3794 } 3795 return status; 3796 } 3797 3798 s.in.trustdom_handle = &trustdom_handle; 3799 s.in.level = r->in.level; 3800 s.in.info = r->in.info; 3801 3802 status = _lsa_SetInformationTrustedDomain(p, &s); 3803 if (!NT_STATUS_IS_OK(status)) { 3804 return status; 3805 } 3806 3807 c.in.handle = &trustdom_handle; 3808 c.out.handle = &trustdom_handle; 3809 3810 return _lsa_Close(p, &c); 3811 } 3812 3813 NTSTATUS _lsa_SetInformationTrustedDomain(struct pipes_struct *p, 3814 struct lsa_SetInformationTrustedDomain *r) 3815 { 3816 struct lsa_info *policy; 3817 3818 if (!find_policy_by_hnd(p, r->in.trustdom_handle, (void **)(void *)&policy)) { 3819 return NT_STATUS_INVALID_HANDLE; 3820 } 3821 3822 if (policy->type != LSA_HANDLE_TRUST_TYPE) { 3823 return NT_STATUS_INVALID_HANDLE; 3824 } 3825 3826 return setInfoTrustedDomain_base(p, p->mem_ctx, policy, 3827 r->in.level, r->in.info); 3828 } 3829 3830 3205 3831 /* 3206 3832 * From here on the server routines are just dummy ones to make smbd link with … … 3248 3874 } 3249 3875 3250 NTSTATUS _lsa_S etInformationTrustedDomain(struct pipes_struct *p,3251 struct lsa_SetInformationTrustedDomain*r)3876 NTSTATUS _lsa_StorePrivateData(struct pipes_struct *p, 3877 struct lsa_StorePrivateData *r) 3252 3878 { 3253 3879 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; … … 3255 3881 } 3256 3882 3257 NTSTATUS _lsa_QuerySecret(struct pipes_struct *p, struct lsa_QuerySecret *r) 3883 NTSTATUS _lsa_RetrievePrivateData(struct pipes_struct *p, 3884 struct lsa_RetrievePrivateData *r) 3258 3885 { 3259 3886 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; … … 3261 3888 } 3262 3889 3263 NTSTATUS _lsa_SetTrustedDomainInfo(struct pipes_struct *p,3264 struct lsa_SetTrustedDomainInfo *r)3265 {3266 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;3267 return NT_STATUS_NOT_IMPLEMENTED;3268 }3269 3270 NTSTATUS _lsa_StorePrivateData(struct pipes_struct *p,3271 struct lsa_StorePrivateData *r)3272 {3273 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;3274 return NT_STATUS_NOT_IMPLEMENTED;3275 }3276 3277 NTSTATUS _lsa_RetrievePrivateData(struct pipes_struct *p,3278 struct lsa_RetrievePrivateData *r)3279 {3280 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;3281 return NT_STATUS_NOT_IMPLEMENTED;3282 }3283 3284 3890 NTSTATUS _lsa_SetInfoPolicy2(struct pipes_struct *p, 3285 3891 struct lsa_SetInfoPolicy2 *r) 3286 {3287 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;3288 return NT_STATUS_NOT_IMPLEMENTED;3289 }3290 3291 NTSTATUS _lsa_SetTrustedDomainInfoByName(struct pipes_struct *p,3292 struct lsa_SetTrustedDomainInfoByName *r)3293 3892 { 3294 3893 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; … … 3307 3906 3308 3907 /* bail out early if pdb backend is not capable of ex trusted domains, 3309 * if we don t do that, the client might not call3908 * if we don't do that, the client might not call 3310 3909 * _lsa_EnumTrustedDomains() afterwards - gd */ 3311 3910 … … 3334 3933 } 3335 3934 3336 entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TrustDomainInfoInfoEx,3935 entries = talloc_zero_array(p->mem_ctx, struct lsa_TrustDomainInfoInfoEx, 3337 3936 count); 3338 3937 if (!entries) { … … 3341 3940 3342 3941 for (i=0; i<count; i++) { 3942 init_lsa_StringLarge(&entries[i].domain_name, 3943 domains[i]->domain_name); 3343 3944 init_lsa_StringLarge(&entries[i].netbios_name, 3344 3945 domains[i]->netbios_name); 3345 3946 entries[i].sid = &domains[i]->security_identifier; 3947 entries[i].trust_direction = domains[i]->trust_direction; 3948 entries[i].trust_type = domains[i]->trust_type; 3949 entries[i].trust_attributes = domains[i]->trust_attributes; 3346 3950 } 3347 3951 … … 3499 4103 3500 4104 if (l1 == l2) { 3501 if ( StrCaseCmp(s1, s2) == 0) {4105 if (strcasecmp_m(s1, s2) == 0) { 3502 4106 return DNS_CMP_MATCH; 3503 4107 } … … 3523 4127 } 3524 4128 3525 if ( StrCaseCmp(&p1[t1 - t2], p2) == 0) {4129 if (strcasecmp_m(&p1[t1 - t2], p2) == 0) { 3526 4130 return cret; 3527 4131 } … … 3612 4216 const char *tname = NULL; 3613 4217 size_t dns_len = 0; 3614 size_t nb_len;3615 4218 size_t tlen = 0; 3616 NTSTATUS nt_status;3617 4219 uint32_t new_fti_idx; 3618 4220 uint32_t i; … … 3649 4251 dns_len = nrec->data.info.dns_name.size; 3650 4252 nb_name = nrec->data.info.netbios_name.string; 3651 nb_len = nrec->data.info.netbios_name.size;3652 4253 sid = &nrec->data.info.sid; 3653 4254 break; … … 3712 4313 } 3713 4314 if (!(trec->flags & LSA_NB_DISABLED_ADMIN) && 3714 StrCaseCmp(trec->data.info.netbios_name.string,4315 strcasecmp_m(trec->data.info.netbios_name.string, 3715 4316 nb_name) == 0) { 3716 4317 nb_conflict = true; … … 3719 4320 3720 4321 if (tln_conflict) { 3721 nt_status =add_collision(c_info, new_fti_idx,4322 (void)add_collision(c_info, new_fti_idx, 3722 4323 collision_type, 3723 4324 LSA_TLN_DISABLED_CONFLICT, … … 3725 4326 } 3726 4327 if (sid_conflict) { 3727 nt_status =add_collision(c_info, new_fti_idx,4328 (void)add_collision(c_info, new_fti_idx, 3728 4329 collision_type, 3729 4330 LSA_SID_DISABLED_CONFLICT, … … 3731 4332 } 3732 4333 if (nb_conflict) { 3733 nt_status =add_collision(c_info, new_fti_idx,4334 (void)add_collision(c_info, new_fti_idx, 3734 4335 collision_type, 3735 4336 LSA_NB_DISABLED_CONFLICT, … … 3763 4364 es[i]->index = idx; 3764 4365 es[i]->type = collision_type; 3765 es[i]->flags .flags= conflict_type;4366 es[i]->flags = conflict_type; 3766 4367 es[i]->name.string = talloc_strdup(es[i], tdo_name); 3767 4368 if (!es[i]->name.string) { … … 3887 4488 return NT_STATUS_INVALID_DOMAIN_STATE; 3888 4489 } 3889 if ( StrCaseCmp(domains[i]->domain_name,4490 if (strcasecmp_m(domains[i]->domain_name, 3890 4491 r->in.trusted_domain_name->string) == 0) { 3891 4492 break; … … 3967 4568 } 3968 4569 3969 *r->out.collision_info = c_info; 4570 if (c_info->count != 0) { 4571 *r->out.collision_info = c_info; 4572 } 3970 4573 3971 4574 if (r->in.check_only != 0) { -
vendor/current/source3/rpc_server/netlogon/srv_netlog_nt.c
r919 r988 26 26 27 27 #include "includes.h" 28 #include "system/passwd.h" /* uid_wrapper */ 28 29 #include "ntdomain.h" 29 30 #include "../libcli/auth/schannel.h" … … 32 33 #include "../librpc/gen_ndr/ndr_lsa_c.h" 33 34 #include "rpc_client/cli_lsarpc.h" 34 #include "../lib/crypto/md4.h"35 35 #include "rpc_client/init_lsa.h" 36 36 #include "rpc_server/rpc_ncacn_np.h" … … 45 45 #include "auth.h" 46 46 #include "messages.h" 47 #include "../lib/tsocket/tsocket.h" 48 #include "lib/param/param.h" 47 49 48 50 extern userdom_struct current_user_info; … … 72 74 default: 73 75 return WERR_UNKNOWN_LEVEL; 76 } 77 78 switch (r->in.function_code) { 79 case NETLOGON_CONTROL_QUERY: 80 case NETLOGON_CONTROL_REPLICATE: 81 case NETLOGON_CONTROL_SYNCHRONIZE: 82 case NETLOGON_CONTROL_PDC_REPLICATE: 83 case NETLOGON_CONTROL_BREAKPOINT: 84 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG: 85 case NETLOGON_CONTROL_TRUNCATE_LOG: 86 break; 87 default: 88 return WERR_NOT_SUPPORTED; 74 89 } 75 90 … … 81 96 82 97 return _netr_LogonControl2Ex(p, &l); 83 }84 85 /****************************************************************************86 Send a message to smbd to do a sam synchronisation87 **************************************************************************/88 89 static void send_sync_message(struct messaging_context *msg_ctx)90 {91 DEBUG(3, ("sending sam synchronisation message\n"));92 message_send_all(msg_ctx, MSG_SMB_SAM_SYNC, NULL, 0, NULL);93 98 } 94 99 … … 193 198 struct netr_NETLOGON_INFO_4 *info4; 194 199 const char *fn; 195 uint32_t acct_ctrl; 200 NTSTATUS status; 201 struct netr_DsRGetDCNameInfo *dc_info; 196 202 197 203 switch (p->opnum) { … … 209 215 } 210 216 211 acct_ctrl = p->session_info->info3->base.acct_flags; 217 switch (r->in.level) { 218 case 1: 219 case 2: 220 case 3: 221 case 4: 222 break; 223 default: 224 return WERR_INVALID_LEVEL; 225 } 212 226 213 227 switch (r->in.function_code) { 214 case NETLOGON_CONTROL_ TC_VERIFY:215 case NETLOGON_CONTROL_CHANGE_PASSWORD:216 case NETLOGON_CONTROL_REDISCOVER:228 case NETLOGON_CONTROL_QUERY: 229 break; 230 default: 217 231 if ((geteuid() != sec_initial_uid()) && 218 232 !nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS) && 219 !nt_token_check_sid(&global_sid_Builtin_Administrators, p->session_info->security_token) &&220 !(acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST))){233 !nt_token_check_sid(&global_sid_Builtin_Administrators, p->session_info->security_token)) 234 { 221 235 return WERR_ACCESS_DENIED; 222 236 } 223 break;224 default:225 237 break; 226 238 } … … 230 242 switch (r->in.function_code) { 231 243 case NETLOGON_CONTROL_QUERY: 244 switch (r->in.level) { 245 case 1: 246 case 3: 247 break; 248 default: 249 return WERR_INVALID_PARAMETER; 250 } 251 232 252 tc_status = WERR_OK; 233 253 break; … … 237 257 case NETLOGON_CONTROL_BACKUP_CHANGE_LOG: 238 258 case NETLOGON_CONTROL_BREAKPOINT: 239 if (acct_ctrl & ACB_NORMAL) {240 return WERR_NOT_SUPPORTED;241 } else if (acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST)) {242 return WERR_ACCESS_DENIED;243 } else {244 return WERR_ACCESS_DENIED;245 }246 259 case NETLOGON_CONTROL_TRUNCATE_LOG: 247 if (acct_ctrl & ACB_NORMAL) {248 break;249 } else if (acct_ctrl & (ACB_WSTRUST | ACB_SVRTRUST)) {250 return WERR_ACCESS_DENIED;251 } else {252 return WERR_ACCESS_DENIED;253 }254 255 260 case NETLOGON_CONTROL_TRANSPORT_NOTIFY: 256 261 case NETLOGON_CONTROL_FORCE_DNS_REG: 257 262 case NETLOGON_CONTROL_QUERY_DNS_REG: 258 263 return WERR_NOT_SUPPORTED; 264 259 265 case NETLOGON_CONTROL_FIND_USER: 260 266 if (!r->in.data || !r->in.data->user) { … … 312 318 } 313 319 314 if (!get_dc_name(domain, NULL, dc_name2, &dc_ss)) { 320 status = dsgetdcname(p->mem_ctx, p->msg_ctx, domain, NULL, NULL, 321 DS_FORCE_REDISCOVERY | DS_RETURN_FLAT_NAME, 322 &dc_info); 323 if (!NT_STATUS_IS_OK(status)) { 315 324 tc_status = WERR_NO_LOGON_SERVERS; 316 325 break; 317 326 } 318 327 319 dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_ name2);328 dc_name = talloc_asprintf(p->mem_ctx, "\\\\%s", dc_info->dc_unc); 320 329 if (!dc_name) { 321 330 return WERR_NOMEM; … … 340 349 DEBUG(0,("%s: unimplemented function level [%d]\n", 341 350 fn, r->in.function_code)); 342 return WERR_ UNKNOWN_LEVEL;351 return WERR_NOT_SUPPORTED; 343 352 } 344 353 … … 347 356 switch (r->in.level) { 348 357 case 1: 349 info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);358 info1 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_1); 350 359 W_ERROR_HAVE_NO_MEMORY(info1); 351 360 … … 356 365 break; 357 366 case 2: 358 info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);367 info2 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_2); 359 368 W_ERROR_HAVE_NO_MEMORY(info2); 360 369 … … 367 376 break; 368 377 case 3: 369 info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);378 info3 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_3); 370 379 W_ERROR_HAVE_NO_MEMORY(info3); 371 380 … … 376 385 break; 377 386 case 4: 378 info4 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_4);387 info4 = talloc_zero(p->mem_ctx, struct netr_NETLOGON_INFO_4); 379 388 W_ERROR_HAVE_NO_MEMORY(info4); 380 389 … … 386 395 default: 387 396 return WERR_UNKNOWN_LEVEL; 388 }389 390 if (lp_server_role() == ROLE_DOMAIN_BDC) {391 send_sync_message(p->msg_ctx);392 397 } 393 398 … … 405 410 NTSTATUS result = NT_STATUS_OK; 406 411 DATA_BLOB blob; 407 int num_domains = 0;412 size_t num_domains = 0; 408 413 const char **trusted_domains = NULL; 409 414 struct lsa_DomainList domain_list; … … 418 423 status = rpcint_binding_handle(p->mem_ctx, 419 424 &ndr_table_lsarpc, 420 p-> client_id,425 p->remote_address, 421 426 p->session_info, 422 427 p->msg_ctx, … … 494 499 495 500 out: 496 if ( h &&is_valid_policy_hnd(&pol)) {501 if (is_valid_policy_hnd(&pol)) { 497 502 dcerpc_lsa_Close(h, p->mem_ctx, &pol, &result); 498 503 } … … 514 519 NTSTATUS status; 515 520 NTSTATUS result = NT_STATUS_OK; 516 struct policy_handle connect_handle, domain_handle; 521 struct policy_handle connect_handle; 522 struct policy_handle domain_handle = { 0, }; 517 523 struct lsa_String domain_name; 518 524 struct dom_sid2 *domain_sid; … … 523 529 524 530 status = dcerpc_samr_Connect2(b, mem_ctx, 525 global_myname(),531 lp_netbios_name(), 526 532 SAMR_ACCESS_CONNECT_TO_SERVER | 527 533 SAMR_ACCESS_ENUM_DOMAINS | … … 621 627 622 628 out: 623 if ( b &&is_valid_policy_hnd(&domain_handle)) {629 if (is_valid_policy_hnd(&domain_handle)) { 624 630 dcerpc_samr_Close(b, mem_ctx, &domain_handle, &result); 625 631 } 626 if ( b &&is_valid_policy_hnd(&connect_handle)) {632 if (is_valid_policy_hnd(&connect_handle)) { 627 633 dcerpc_samr_Close(b, mem_ctx, &connect_handle, &result); 628 634 } … … 644 650 TALLOC_CTX *mem_ctx; 645 651 struct dcerpc_binding_handle *h = NULL; 646 st atic struct client_address client_id;652 struct tsocket_address *local; 647 653 struct policy_handle user_handle; 648 654 uint32_t user_rid; … … 650 656 uint32_t acct_ctrl; 651 657 union samr_UserInfo *info; 652 struct auth_serversupplied_info *session_info; 658 struct auth_session_info *session_info; 659 int rc; 660 653 661 #if 0 654 662 655 663 /* 656 * Currently this code is redund ent as we already have a filter664 * Currently this code is redundant as we already have a filter 657 665 * by hostname list. What this code really needs to do is to 658 666 * get a hosts allowed/hosts denied list from the SAM database … … 683 691 ZERO_STRUCT(user_handle); 684 692 685 strlcpy(client_id.addr, "127.0.0.1", sizeof(client_id.addr)); 686 client_id.name = "127.0.0.1"; 693 rc = tsocket_address_inet_from_strings(mem_ctx, 694 "ip", 695 "127.0.0.1", 696 0, 697 &local); 698 if (rc < 0) { 699 status = NT_STATUS_NO_MEMORY; 700 goto out; 701 } 687 702 688 703 status = rpcint_binding_handle(mem_ctx, 689 704 &ndr_table_samr, 690 &client_id,705 local, 691 706 session_info, 692 707 msg_ctx, … … 696 711 } 697 712 698 become_root();699 713 status = samr_find_machine_account(mem_ctx, h, mach_acct, 700 714 SEC_FLAG_MAXIMUM_ALLOWED, 701 715 &domain_sid, &user_rid, 702 716 &user_handle); 703 unbecome_root();704 717 if (!NT_STATUS_IS_OK(status)) { 705 718 goto out; … … 874 887 uint32_t in_neg_flags = *r->in.negotiate_flags; 875 888 const char *fn; 889 struct loadparm_context *lp_ctx; 876 890 struct dom_sid sid; 877 891 struct samr_Password mach_pwd; … … 906 920 } 907 921 922 if (in_neg_flags & NETLOGON_NEG_SUPPORTS_AES) { 923 srv_flgs |= NETLOGON_NEG_SUPPORTS_AES; 924 } 925 908 926 if (lp_server_schannel() != false) { 909 927 srv_flgs |= NETLOGON_NEG_SCHANNEL; 928 } 929 930 /* 931 * Support authenticaten of trusted domains. 932 * 933 * These flags are the minimum required set which works with win2k3 934 * and win2k8. 935 */ 936 if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) { 937 srv_flgs |= NETLOGON_NEG_TRANSITIVE_TRUSTS | 938 NETLOGON_NEG_DNS_DOMAIN_TRUSTS | 939 NETLOGON_NEG_CROSS_FOREST_TRUSTS | 940 NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION; 910 941 } 911 942 … … 969 1000 r->in.credentials, 970 1001 r->out.return_credentials, 971 *r->in.negotiate_flags);1002 srv_flgs); 972 1003 if (!creds) { 973 1004 DEBUG(0,("%s: netlogon_creds_server_check failed. Rejecting auth " … … 985 1016 } 986 1017 1018 lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers()); 1019 if (lp_ctx == NULL) { 1020 DEBUG(10, ("loadparm_init_s3 failed\n")); 1021 status = NT_STATUS_INTERNAL_ERROR; 1022 goto out; 1023 } 1024 987 1025 /* Store off the state so we can continue after client disconnect. */ 988 1026 become_root(); 989 status = schannel_save_creds_state(p->mem_ctx, lp_ private_dir(), creds);1027 status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds); 990 1028 unbecome_root(); 991 1029 992 if (!NT_STATUS_IS_OK(status)) { 1030 talloc_unlink(p->mem_ctx, lp_ctx); 1031 1032 if (!NT_STATUS_IS_OK(status)) { 1033 ZERO_STRUCTP(r->out.return_credentials); 993 1034 goto out; 994 1035 } … … 1070 1111 NTSTATUS status; 1071 1112 bool schannel_global_required = (lp_server_schannel() == true) ? true:false; 1113 struct loadparm_context *lp_ctx; 1072 1114 1073 1115 if (creds_out != NULL) { … … 1084 1126 } 1085 1127 1086 status = schannel_check_creds_state(mem_ctx, lp_private_dir(), 1128 lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers()); 1129 if (lp_ctx == NULL) { 1130 DEBUG(0, ("loadparm_init_s3 failed\n")); 1131 return NT_STATUS_INTERNAL_ERROR; 1132 } 1133 1134 status = schannel_check_creds_state(mem_ctx, lp_ctx, 1087 1135 computer_name, received_authenticator, 1088 1136 return_authenticator, creds_out); 1089 1137 talloc_unlink(mem_ctx, lp_ctx); 1090 1138 return status; 1091 1139 } … … 1095 1143 1096 1144 static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx, 1097 struct auth_se rversupplied_info *session_info,1145 struct auth_session_info *session_info, 1098 1146 struct messaging_context *msg_ctx, 1099 1147 const char *account_name, … … 1103 1151 NTSTATUS result = NT_STATUS_OK; 1104 1152 struct dcerpc_binding_handle *h = NULL; 1105 st atic struct client_address client_id;1153 struct tsocket_address *local; 1106 1154 struct policy_handle user_handle; 1107 1155 uint32_t acct_ctrl; … … 1109 1157 struct samr_UserInfo18 info18; 1110 1158 DATA_BLOB in,out; 1159 int rc; 1160 DATA_BLOB session_key; 1111 1161 1112 1162 ZERO_STRUCT(user_handle); 1113 1163 1114 strlcpy(client_id.addr, "127.0.0.1", sizeof(client_id.addr)); 1115 client_id.name = "127.0.0.1"; 1164 status = session_extract_session_key(session_info, 1165 &session_key, 1166 KEY_USE_16BYTES); 1167 if (!NT_STATUS_IS_OK(status)) { 1168 goto out; 1169 } 1170 1171 rc = tsocket_address_inet_from_strings(mem_ctx, 1172 "ip", 1173 "127.0.0.1", 1174 0, 1175 &local); 1176 if (rc < 0) { 1177 status = NT_STATUS_NO_MEMORY; 1178 goto out; 1179 } 1116 1180 1117 1181 status = rpcint_binding_handle(mem_ctx, 1118 1182 &ndr_table_samr, 1119 &client_id,1183 local, 1120 1184 session_info, 1121 1185 msg_ctx, … … 1170 1234 in = data_blob_const(nt_hash->hash, 16); 1171 1235 out = data_blob_talloc_zero(mem_ctx, 16); 1172 sess_crypt_blob(&out, &in, &session_ info->user_session_key, true);1236 sess_crypt_blob(&out, &in, &session_key, true); 1173 1237 memcpy(info18.nt_pwd.hash, out.data, out.length); 1174 1238 … … 1289 1353 memcpy(password_buf.data, r->in.new_password->data, 512); 1290 1354 SIVAL(password_buf.data, 512, r->in.new_password->length); 1291 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516); 1355 1356 if (creds->negotiate_flags & NETLOGON_NEG_SUPPORTS_AES) { 1357 netlogon_creds_aes_decrypt(creds, password_buf.data, 516); 1358 } else { 1359 netlogon_creds_arcfour_crypt(creds, password_buf.data, 516); 1360 } 1292 1361 1293 1362 if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) { … … 1417 1486 struct auth_serversupplied_info *server_info = NULL; 1418 1487 struct auth_context *auth_context = NULL; 1419 uint8_t pipe_session_key[16];1420 bool process_creds = true;1421 1488 const char *fn; 1489 1490 #ifdef DEBUG_PASSWORD 1491 logon = netlogon_creds_shallow_copy_logon(p->mem_ctx, 1492 r->in.logon_level, 1493 r->in.logon); 1494 if (logon == NULL) { 1495 logon = r->in.logon; 1496 } 1497 #endif 1422 1498 1423 1499 switch (p->opnum) { 1424 1500 case NDR_NETR_LOGONSAMLOGON: 1425 process_creds = true;1426 1501 fn = "_netr_LogonSamLogon"; 1427 1502 break; 1428 1503 case NDR_NETR_LOGONSAMLOGONWITHFLAGS: 1429 process_creds = true;1430 1504 fn = "_netr_LogonSamLogonWithFlags"; 1431 1505 break; 1432 1506 case NDR_NETR_LOGONSAMLOGONEX: 1433 process_creds = false;1434 1507 fn = "_netr_LogonSamLogonEx"; 1435 1508 break; … … 1442 1515 switch (r->in.validation_level) { 1443 1516 case 2: 1444 r->out.validation->sam2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo2);1517 r->out.validation->sam2 = talloc_zero(p->mem_ctx, struct netr_SamInfo2); 1445 1518 if (!r->out.validation->sam2) { 1446 1519 return NT_STATUS_NO_MEMORY; … … 1448 1521 break; 1449 1522 case 3: 1450 r->out.validation->sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);1523 r->out.validation->sam3 = talloc_zero(p->mem_ctx, struct netr_SamInfo3); 1451 1524 if (!r->out.validation->sam3) { 1452 1525 return NT_STATUS_NO_MEMORY; … … 1454 1527 break; 1455 1528 case 6: 1456 r->out.validation->sam6 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo6);1529 r->out.validation->sam6 = talloc_zero(p->mem_ctx, struct netr_SamInfo6); 1457 1530 if (!r->out.validation->sam6) { 1458 1531 return NT_STATUS_NO_MEMORY; … … 1504 1577 status = NT_STATUS_OK; 1505 1578 1579 netlogon_creds_decrypt_samlogon_logon(creds, 1580 r->in.logon_level, 1581 logon); 1582 1506 1583 switch (r->in.logon_level) { 1507 1584 case NetlogonNetworkInformation: … … 1524 1601 1525 1602 /* Standard challenge/response authentication */ 1526 if (!make_user_info_netlogon_network(&user_info, 1603 if (!make_user_info_netlogon_network(talloc_tos(), 1604 &user_info, 1527 1605 nt_username, nt_domain, 1528 1606 wksname, 1607 p->remote_address, 1529 1608 logon->network->identity_info.parameter_control, 1530 1609 logon->network->lm.data, … … 1556 1635 uint8_t chal[8]; 1557 1636 1637 #ifdef DEBUG_PASSWORD 1638 if (logon != r->in.logon) { 1639 DEBUG(100,("lm owf password:")); 1640 dump_data(100, 1641 r->in.logon->password->lmpassword.hash, 16); 1642 1643 DEBUG(100,("nt owf password:")); 1644 dump_data(100, 1645 r->in.logon->password->ntpassword.hash, 16); 1646 } 1647 1648 DEBUG(100,("decrypt of lm owf password:")); 1649 dump_data(100, logon->password->lmpassword.hash, 16); 1650 1651 DEBUG(100,("decrypt of nt owf password:")); 1652 dump_data(100, logon->password->ntpassword.hash, 16); 1653 #endif 1558 1654 status = make_auth_context_subsystem(talloc_tos(), 1559 1655 &auth_context); … … 1562 1658 } 1563 1659 1564 auth_context->get_ntlm_challenge(auth_context, chal); 1565 1566 if (!make_user_info_netlogon_interactive(&user_info, 1660 auth_get_ntlm_challenge(auth_context, chal); 1661 1662 if (!make_user_info_netlogon_interactive(talloc_tos(), 1663 &user_info, 1567 1664 nt_username, nt_domain, 1568 1665 nt_workstation, 1666 p->remote_address, 1569 1667 logon->password->identity_info.parameter_control, 1570 1668 chal, 1571 1669 logon->password->lmpassword.hash, 1572 logon->password->ntpassword.hash, 1573 creds->session_key)) { 1670 logon->password->ntpassword.hash)) { 1574 1671 status = NT_STATUS_NO_MEMORY; 1575 1672 } … … 1582 1679 1583 1680 if ( NT_STATUS_IS_OK(status) ) { 1584 status = auth_context->check_ntlm_password(auth_context, 1585 user_info, &server_info); 1681 status = auth_check_ntlm_password(p->mem_ctx, 1682 auth_context, 1683 user_info, 1684 &server_info); 1586 1685 } 1587 1686 1588 1687 TALLOC_FREE(auth_context); 1589 free_user_info(&user_info);1688 TALLOC_FREE(user_info); 1590 1689 1591 1690 DEBUG(5,("%s: check_password returned status %s\n", … … 1620 1719 logged in to the domain. */ 1621 1720 1622 if (process_creds) {1623 /* Get the pipe session key from the creds. */1624 memcpy(pipe_session_key, creds->session_key, 16);1625 } else {1626 struct schannel_state *schannel_auth;1627 /* Get the pipe session key from the schannel. */1628 if ((p->auth.auth_type != DCERPC_AUTH_TYPE_SCHANNEL)1629 || (p->auth.auth_ctx == NULL)) {1630 return NT_STATUS_INVALID_HANDLE;1631 }1632 1633 schannel_auth = talloc_get_type_abort(p->auth.auth_ctx,1634 struct schannel_state);1635 memcpy(pipe_session_key, schannel_auth->creds->session_key, 16);1636 }1637 1638 1721 switch (r->in.validation_level) { 1639 1722 case 2: 1640 status = serverinfo_to_SamInfo2(server_info, pipe_session_key, 16,1723 status = serverinfo_to_SamInfo2(server_info, 1641 1724 r->out.validation->sam2); 1642 1725 break; 1643 1726 case 3: 1644 status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16,1727 status = serverinfo_to_SamInfo3(server_info, 1645 1728 r->out.validation->sam3); 1646 1729 break; … … 1654 1737 } 1655 1738 1656 status = serverinfo_to_SamInfo6(server_info, pipe_session_key, 16,1739 status = serverinfo_to_SamInfo6(server_info, 1657 1740 r->out.validation->sam6); 1658 1741 break; … … 1661 1744 TALLOC_FREE(server_info); 1662 1745 1663 return status; 1746 if (!NT_STATUS_IS_OK(status)) { 1747 return status; 1748 } 1749 1750 netlogon_creds_encrypt_samlogon_validation(creds, 1751 r->in.validation_level, 1752 r->out.validation); 1753 return NT_STATUS_OK; 1664 1754 } 1665 1755 … … 1750 1840 NTSTATUS status; 1751 1841 struct netlogon_creds_CredentialState *creds = NULL; 1842 struct loadparm_context *lp_ctx; 1752 1843 1753 1844 *r->out.authoritative = true; … … 1765 1856 } 1766 1857 1858 lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers()); 1859 if (lp_ctx == NULL) { 1860 DEBUG(0, ("loadparm_init_s3 failed\n")); 1861 return NT_STATUS_INTERNAL_ERROR; 1862 } 1863 1767 1864 become_root(); 1768 status = schannel_get_creds_state(p->mem_ctx, lp_ private_dir(),1865 status = schannel_get_creds_state(p->mem_ctx, lp_ctx, 1769 1866 r->in.computer_name, &creds); 1770 1867 unbecome_root(); 1868 talloc_unlink(p->mem_ctx, lp_ctx); 1869 1771 1870 if (!NT_STATUS_IS_OK(status)) { 1772 1871 return status; … … 2026 2125 struct netr_LogonGetCapabilities *r) 2027 2126 { 2028 return NT_STATUS_NOT_IMPLEMENTED; 2029 } 2030 2031 /**************************************************************** 2032 ****************************************************************/ 2033 2034 WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p, 2035 struct netr_NETRLOGONSETSERVICEBITS *r) 2036 { 2037 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2038 return WERR_NOT_SUPPORTED; 2039 } 2040 2041 /**************************************************************** 2042 ****************************************************************/ 2043 2044 WERROR _netr_LogonGetTrustRid(struct pipes_struct *p, 2045 struct netr_LogonGetTrustRid *r) 2046 { 2047 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2048 return WERR_NOT_SUPPORTED; 2049 } 2050 2051 /**************************************************************** 2052 ****************************************************************/ 2053 2054 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p, 2055 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r) 2056 { 2057 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2058 return WERR_NOT_SUPPORTED; 2059 } 2060 2061 /**************************************************************** 2062 ****************************************************************/ 2063 2064 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p, 2065 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r) 2066 { 2067 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2068 return WERR_NOT_SUPPORTED; 2069 } 2070 2071 /**************************************************************** 2072 ****************************************************************/ 2073 2074 WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p, 2075 struct netr_DsRGetDCNameEx *r) 2076 { 2077 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2078 return WERR_NOT_SUPPORTED; 2079 } 2080 2081 /**************************************************************** 2082 ****************************************************************/ 2083 2084 WERROR _netr_DsRGetSiteName(struct pipes_struct *p, 2085 struct netr_DsRGetSiteName *r) 2086 { 2087 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2088 return WERR_NOT_SUPPORTED; 2089 } 2090 2091 /**************************************************************** 2092 ****************************************************************/ 2093 2094 NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p, 2095 struct netr_LogonGetDomainInfo *r) 2096 { 2097 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2098 return NT_STATUS_NOT_IMPLEMENTED; 2099 } 2100 2101 /**************************************************************** 2102 ****************************************************************/ 2103 2104 WERROR _netr_ServerPasswordGet(struct pipes_struct *p, 2105 struct netr_ServerPasswordGet *r) 2106 { 2107 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2108 return WERR_NOT_SUPPORTED; 2109 } 2110 2111 /**************************************************************** 2112 ****************************************************************/ 2113 2114 WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p, 2115 struct netr_NETRLOGONSENDTOSAM *r) 2116 { 2117 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2118 return WERR_NOT_SUPPORTED; 2119 } 2120 2121 /**************************************************************** 2122 ****************************************************************/ 2123 2124 WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p, 2125 struct netr_DsRAddressToSitenamesW *r) 2126 { 2127 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2128 return WERR_NOT_SUPPORTED; 2129 } 2130 2131 /**************************************************************** 2132 ****************************************************************/ 2133 2134 WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p, 2135 struct netr_DsRGetDCNameEx2 *r) 2136 { 2137 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2138 return WERR_NOT_SUPPORTED; 2139 } 2140 2141 /**************************************************************** 2142 ****************************************************************/ 2143 2144 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p, 2145 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r) 2146 { 2147 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2148 return WERR_NOT_SUPPORTED; 2149 } 2150 2151 /**************************************************************** 2152 ****************************************************************/ 2153 2154 WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p, 2155 struct netr_NetrEnumerateTrustedDomainsEx *r) 2156 { 2157 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2158 return WERR_NOT_SUPPORTED; 2159 } 2160 2161 /**************************************************************** 2162 ****************************************************************/ 2163 2164 WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p, 2165 struct netr_DsRAddressToSitenamesExW *r) 2166 { 2167 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2168 return WERR_NOT_SUPPORTED; 2169 } 2170 2171 /**************************************************************** 2172 ****************************************************************/ 2173 2174 WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p, 2175 struct netr_DsrGetDcSiteCoverageW *r) 2176 { 2177 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2178 return WERR_NOT_SUPPORTED; 2179 } 2180 2181 /**************************************************************** 2182 ****************************************************************/ 2183 2184 WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p, 2185 struct netr_DsrEnumerateDomainTrusts *r) 2186 { 2187 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2188 return WERR_NOT_SUPPORTED; 2189 } 2190 2191 /**************************************************************** 2192 ****************************************************************/ 2193 2194 WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p, 2195 struct netr_DsrDeregisterDNSHostRecords *r) 2196 { 2197 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2198 return WERR_NOT_SUPPORTED; 2199 } 2200 2201 /**************************************************************** 2202 ****************************************************************/ 2203 2204 NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p, 2205 struct netr_ServerTrustPasswordsGet *r) 2206 { 2207 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2208 return NT_STATUS_NOT_IMPLEMENTED; 2209 } 2210 2211 /**************************************************************** 2212 ****************************************************************/ 2213 2214 WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p, 2215 struct netr_DsRGetForestTrustInformation *r) 2216 { 2217 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2218 return WERR_NOT_SUPPORTED; 2219 } 2220 2221 /**************************************************************** 2222 ****************************************************************/ 2223 2224 static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx, 2225 struct lsa_ForestTrustInformation *info) 2226 { 2227 struct lsa_ForestTrustRecord *e; 2228 struct pdb_domain_info *dom_info; 2229 struct lsa_ForestTrustDomainInfo *domain_info; 2230 2231 dom_info = pdb_get_domain_info(mem_ctx); 2232 if (dom_info == NULL) { 2233 return NT_STATUS_NO_MEMORY; 2234 } 2235 2236 info->count = 2; 2237 info->entries = talloc_array(info, struct lsa_ForestTrustRecord *, 2); 2238 if (info->entries == NULL) { 2239 return NT_STATUS_NO_MEMORY; 2240 } 2241 2242 e = talloc(info, struct lsa_ForestTrustRecord); 2243 if (e == NULL) { 2244 return NT_STATUS_NO_MEMORY; 2245 } 2246 2247 e->flags = 0; 2248 e->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME; 2249 e->time = 0; /* so far always 0 in trces. */ 2250 e->forest_trust_data.top_level_name.string = talloc_steal(info, 2251 dom_info->dns_forest); 2252 2253 info->entries[0] = e; 2254 2255 e = talloc(info, struct lsa_ForestTrustRecord); 2256 if (e == NULL) { 2257 return NT_STATUS_NO_MEMORY; 2258 } 2259 2260 /* TODO: check if disabled and set flags accordingly */ 2261 e->flags = 0; 2262 e->type = LSA_FOREST_TRUST_DOMAIN_INFO; 2263 e->time = 0; /* so far always 0 in traces. */ 2264 2265 domain_info = &e->forest_trust_data.domain_info; 2266 domain_info->domain_sid = dom_sid_dup(info, &dom_info->sid); 2267 2268 domain_info->dns_domain_name.string = talloc_steal(info, 2269 dom_info->dns_domain); 2270 domain_info->netbios_domain_name.string = talloc_steal(info, 2271 dom_info->name); 2272 2273 info->entries[1] = e; 2274 2275 return NT_STATUS_OK; 2276 } 2277 2278 /**************************************************************** 2279 _netr_GetForestTrustInformation 2280 ****************************************************************/ 2281 2282 NTSTATUS _netr_GetForestTrustInformation(struct pipes_struct *p, 2283 struct netr_GetForestTrustInformation *r) 2284 { 2127 struct netlogon_creds_CredentialState *creds; 2285 2128 NTSTATUS status; 2286 struct netlogon_creds_CredentialState *creds;2287 struct lsa_ForestTrustInformation *info, **info_ptr;2288 2289 /* TODO: check server name */2290 2129 2291 2130 become_root(); … … 2300 2139 } 2301 2140 2141 if (r->in.query_level != 1) { 2142 return NT_STATUS_NOT_SUPPORTED; 2143 } 2144 2145 r->out.capabilities->server_capabilities = creds->negotiate_flags; 2146 2147 return NT_STATUS_OK; 2148 } 2149 2150 /**************************************************************** 2151 ****************************************************************/ 2152 2153 WERROR _netr_NETRLOGONSETSERVICEBITS(struct pipes_struct *p, 2154 struct netr_NETRLOGONSETSERVICEBITS *r) 2155 { 2156 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2157 return WERR_NOT_SUPPORTED; 2158 } 2159 2160 /**************************************************************** 2161 ****************************************************************/ 2162 2163 WERROR _netr_LogonGetTrustRid(struct pipes_struct *p, 2164 struct netr_LogonGetTrustRid *r) 2165 { 2166 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2167 return WERR_NOT_SUPPORTED; 2168 } 2169 2170 /**************************************************************** 2171 ****************************************************************/ 2172 2173 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(struct pipes_struct *p, 2174 struct netr_NETRLOGONCOMPUTESERVERDIGEST *r) 2175 { 2176 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2177 return WERR_NOT_SUPPORTED; 2178 } 2179 2180 /**************************************************************** 2181 ****************************************************************/ 2182 2183 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(struct pipes_struct *p, 2184 struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r) 2185 { 2186 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2187 return WERR_NOT_SUPPORTED; 2188 } 2189 2190 /**************************************************************** 2191 ****************************************************************/ 2192 2193 WERROR _netr_DsRGetDCNameEx(struct pipes_struct *p, 2194 struct netr_DsRGetDCNameEx *r) 2195 { 2196 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2197 return WERR_NOT_SUPPORTED; 2198 } 2199 2200 /**************************************************************** 2201 ****************************************************************/ 2202 2203 WERROR _netr_DsRGetSiteName(struct pipes_struct *p, 2204 struct netr_DsRGetSiteName *r) 2205 { 2206 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2207 return WERR_NOT_SUPPORTED; 2208 } 2209 2210 /**************************************************************** 2211 ****************************************************************/ 2212 2213 NTSTATUS _netr_LogonGetDomainInfo(struct pipes_struct *p, 2214 struct netr_LogonGetDomainInfo *r) 2215 { 2216 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2217 return NT_STATUS_NOT_IMPLEMENTED; 2218 } 2219 2220 /**************************************************************** 2221 ****************************************************************/ 2222 2223 NTSTATUS _netr_ServerPasswordGet(struct pipes_struct *p, 2224 struct netr_ServerPasswordGet *r) 2225 { 2226 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2227 return NT_STATUS_NOT_SUPPORTED; 2228 } 2229 2230 /**************************************************************** 2231 ****************************************************************/ 2232 2233 WERROR _netr_NETRLOGONSENDTOSAM(struct pipes_struct *p, 2234 struct netr_NETRLOGONSENDTOSAM *r) 2235 { 2236 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2237 return WERR_NOT_SUPPORTED; 2238 } 2239 2240 /**************************************************************** 2241 ****************************************************************/ 2242 2243 WERROR _netr_DsRAddressToSitenamesW(struct pipes_struct *p, 2244 struct netr_DsRAddressToSitenamesW *r) 2245 { 2246 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2247 return WERR_NOT_SUPPORTED; 2248 } 2249 2250 /**************************************************************** 2251 ****************************************************************/ 2252 2253 WERROR _netr_DsRGetDCNameEx2(struct pipes_struct *p, 2254 struct netr_DsRGetDCNameEx2 *r) 2255 { 2256 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2257 return WERR_NOT_SUPPORTED; 2258 } 2259 2260 /**************************************************************** 2261 ****************************************************************/ 2262 2263 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct pipes_struct *p, 2264 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r) 2265 { 2266 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2267 return WERR_NOT_SUPPORTED; 2268 } 2269 2270 /**************************************************************** 2271 ****************************************************************/ 2272 2273 WERROR _netr_NetrEnumerateTrustedDomainsEx(struct pipes_struct *p, 2274 struct netr_NetrEnumerateTrustedDomainsEx *r) 2275 { 2276 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2277 return WERR_NOT_SUPPORTED; 2278 } 2279 2280 /**************************************************************** 2281 ****************************************************************/ 2282 2283 WERROR _netr_DsRAddressToSitenamesExW(struct pipes_struct *p, 2284 struct netr_DsRAddressToSitenamesExW *r) 2285 { 2286 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2287 return WERR_NOT_SUPPORTED; 2288 } 2289 2290 /**************************************************************** 2291 ****************************************************************/ 2292 2293 WERROR _netr_DsrGetDcSiteCoverageW(struct pipes_struct *p, 2294 struct netr_DsrGetDcSiteCoverageW *r) 2295 { 2296 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2297 return WERR_NOT_SUPPORTED; 2298 } 2299 2300 /**************************************************************** 2301 ****************************************************************/ 2302 2303 WERROR _netr_DsrEnumerateDomainTrusts(struct pipes_struct *p, 2304 struct netr_DsrEnumerateDomainTrusts *r) 2305 { 2306 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2307 return WERR_NOT_SUPPORTED; 2308 } 2309 2310 /**************************************************************** 2311 ****************************************************************/ 2312 2313 WERROR _netr_DsrDeregisterDNSHostRecords(struct pipes_struct *p, 2314 struct netr_DsrDeregisterDNSHostRecords *r) 2315 { 2316 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2317 return WERR_NOT_SUPPORTED; 2318 } 2319 2320 /**************************************************************** 2321 ****************************************************************/ 2322 2323 NTSTATUS _netr_ServerTrustPasswordsGet(struct pipes_struct *p, 2324 struct netr_ServerTrustPasswordsGet *r) 2325 { 2326 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2327 return NT_STATUS_NOT_IMPLEMENTED; 2328 } 2329 2330 /**************************************************************** 2331 ****************************************************************/ 2332 2333 static NTSTATUS fill_forest_trust_array(TALLOC_CTX *mem_ctx, 2334 struct lsa_ForestTrustInformation *info) 2335 { 2336 struct lsa_ForestTrustRecord *e; 2337 struct pdb_domain_info *dom_info; 2338 struct lsa_ForestTrustDomainInfo *domain_info; 2339 char **upn_suffixes = NULL; 2340 uint32_t num_suffixes = 0; 2341 uint32_t i = 0; 2342 NTSTATUS status; 2343 2344 dom_info = pdb_get_domain_info(mem_ctx); 2345 if (dom_info == NULL) { 2346 return NT_STATUS_NO_MEMORY; 2347 } 2348 2349 info->count = 2; 2350 2351 become_root(); 2352 status = pdb_enum_upn_suffixes(info, &num_suffixes, &upn_suffixes); 2353 unbecome_root(); 2354 if (NT_STATUS_IS_OK(status) && (num_suffixes > 0)) { 2355 info->count += num_suffixes; 2356 } 2357 2358 info->entries = talloc_array(info, struct lsa_ForestTrustRecord *, info->count); 2359 if (info->entries == NULL) { 2360 return NT_STATUS_NO_MEMORY; 2361 } 2362 2363 e = talloc(info, struct lsa_ForestTrustRecord); 2364 if (e == NULL) { 2365 return NT_STATUS_NO_MEMORY; 2366 } 2367 2368 e->flags = 0; 2369 e->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME; 2370 e->time = 0; /* so far always 0 in trces. */ 2371 e->forest_trust_data.top_level_name.string = talloc_steal(info, 2372 dom_info->dns_forest); 2373 2374 info->entries[0] = e; 2375 2376 if (num_suffixes > 0) { 2377 for (i = 0; i < num_suffixes ; i++) { 2378 e = talloc(info, struct lsa_ForestTrustRecord); 2379 if (e == NULL) { 2380 return NT_STATUS_NO_MEMORY; 2381 } 2382 2383 e->flags = 0; 2384 e->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME; 2385 e->time = 0; /* so far always 0 in traces. */ 2386 e->forest_trust_data.top_level_name.string = upn_suffixes[i]; 2387 info->entries[1 + i] = e; 2388 } 2389 } 2390 2391 e = talloc(info, struct lsa_ForestTrustRecord); 2392 if (e == NULL) { 2393 return NT_STATUS_NO_MEMORY; 2394 } 2395 2396 /* TODO: check if disabled and set flags accordingly */ 2397 e->flags = 0; 2398 e->type = LSA_FOREST_TRUST_DOMAIN_INFO; 2399 e->time = 0; /* so far always 0 in traces. */ 2400 2401 domain_info = &e->forest_trust_data.domain_info; 2402 domain_info->domain_sid = dom_sid_dup(info, &dom_info->sid); 2403 2404 domain_info->dns_domain_name.string = talloc_steal(info, 2405 dom_info->dns_domain); 2406 domain_info->netbios_domain_name.string = talloc_steal(info, 2407 dom_info->name); 2408 2409 info->entries[info->count - 1] = e; 2410 2411 return NT_STATUS_OK; 2412 } 2413 2414 /**************************************************************** 2415 ****************************************************************/ 2416 2417 WERROR _netr_DsRGetForestTrustInformation(struct pipes_struct *p, 2418 struct netr_DsRGetForestTrustInformation *r) 2419 { 2420 NTSTATUS status; 2421 struct lsa_ForestTrustInformation *info, **info_ptr; 2422 2423 if (!(p->pipe_bound && (p->auth.auth_type != DCERPC_AUTH_TYPE_NONE) 2424 && (p->auth.auth_level != DCERPC_AUTH_LEVEL_NONE))) { 2425 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 2426 return WERR_ACCESS_DENIED; 2427 } 2428 2429 if (r->in.flags & (~DS_GFTI_UPDATE_TDO)) { 2430 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2431 return WERR_INVALID_FLAGS; 2432 } 2433 2434 if ((r->in.flags & DS_GFTI_UPDATE_TDO) && (lp_server_role() != ROLE_DOMAIN_PDC)) { 2435 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2436 return WERR_NERR_NOTPRIMARY; 2437 } 2438 2439 if ((r->in.trusted_domain_name == NULL) && (r->in.flags & DS_GFTI_UPDATE_TDO)) { 2440 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2441 return WERR_INVALID_PARAMETER; 2442 } 2443 2444 /* retrieve forest trust information and stop further processing */ 2445 if (r->in.trusted_domain_name == NULL) { 2446 info_ptr = talloc(p->mem_ctx, struct lsa_ForestTrustInformation *); 2447 if (info_ptr == NULL) { 2448 p->fault_state = DCERPC_FAULT_CANT_PERFORM; 2449 return WERR_NOMEM; 2450 } 2451 info = talloc_zero(info_ptr, struct lsa_ForestTrustInformation); 2452 if (info == NULL) { 2453 p->fault_state = DCERPC_FAULT_CANT_PERFORM; 2454 return WERR_NOMEM; 2455 } 2456 2457 /* Fill forest trust information and expand UPN suffixes list */ 2458 status = fill_forest_trust_array(p->mem_ctx, info); 2459 if (!NT_STATUS_IS_OK(status)) { 2460 p->fault_state = DCERPC_FAULT_CANT_PERFORM; 2461 return WERR_NOMEM; 2462 } 2463 2464 *info_ptr = info; 2465 r->out.forest_trust_info = info_ptr; 2466 2467 return WERR_OK; 2468 2469 } 2470 2471 /* TODO: implement remaining parts of DsrGetForestTrustInformation (opnum 43) 2472 * when trusted_domain_name is not NULL */ 2473 2474 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 2475 return WERR_NOT_SUPPORTED; 2476 } 2477 2478 /**************************************************************** 2479 _netr_GetForestTrustInformation 2480 ****************************************************************/ 2481 2482 NTSTATUS _netr_GetForestTrustInformation(struct pipes_struct *p, 2483 struct netr_GetForestTrustInformation *r) 2484 { 2485 NTSTATUS status; 2486 struct netlogon_creds_CredentialState *creds; 2487 struct lsa_ForestTrustInformation *info, **info_ptr; 2488 2489 /* TODO: check server name */ 2490 2491 become_root(); 2492 status = netr_creds_server_step_check(p, p->mem_ctx, 2493 r->in.computer_name, 2494 r->in.credential, 2495 r->out.return_authenticator, 2496 &creds); 2497 unbecome_root(); 2498 if (!NT_STATUS_IS_OK(status)) { 2499 return status; 2500 } 2501 2302 2502 if ((creds->secure_channel_type != SEC_CHAN_DNS_DOMAIN) && 2303 2503 (creds->secure_channel_type != SEC_CHAN_DOMAIN)) { … … 2314 2514 } 2315 2515 2516 /* Fill forest trust information, do expand UPN suffixes list */ 2316 2517 status = fill_forest_trust_array(p->mem_ctx, info); 2317 2518 if (!NT_STATUS_IS_OK(status)) { … … 2330 2531 static NTSTATUS get_password_from_trustAuth(TALLOC_CTX *mem_ctx, 2331 2532 const DATA_BLOB *trustAuth_blob, 2332 const DATA_BLOB *session_key,2533 struct netlogon_creds_CredentialState *creds, 2333 2534 struct samr_Password *current_pw_enc, 2334 2535 struct samr_Password *previous_pw_enc) … … 2343 2544 } 2344 2545 2345 2346 2546 if (trustAuth.count != 0 && trustAuth.current.count != 0 && 2347 2547 trustAuth.current.array[0].AuthType == TRUST_AUTH_TYPE_CLEAR) { 2348 mdfour( previous_pw_enc->hash,2548 mdfour(current_pw_enc->hash, 2349 2549 trustAuth.current.array[0].AuthInfo.clear.password, 2350 2550 trustAuth.current.array[0].AuthInfo.clear.size); 2551 netlogon_creds_des_encrypt(creds, current_pw_enc); 2351 2552 } else { 2352 2553 return NT_STATUS_UNSUCCESSFUL; 2353 2554 } 2354 2555 2355 arcfour_crypt_blob(current_pw_enc->hash, sizeof(current_pw_enc->hash),2356 session_key);2357 2556 2358 2557 if (trustAuth.previous.count != 0 && … … 2361 2560 trustAuth.previous.array[0].AuthInfo.clear.password, 2362 2561 trustAuth.previous.array[0].AuthInfo.clear.size); 2562 netlogon_creds_des_encrypt(creds, previous_pw_enc); 2363 2563 } else { 2364 mdfour(previous_pw_enc->hash, NULL, 0); 2365 } 2366 arcfour_crypt_blob(previous_pw_enc->hash, sizeof(previous_pw_enc->hash), 2367 session_key); 2564 ZERO_STRUCTP(previous_pw_enc); 2565 } 2368 2566 2369 2567 return NT_STATUS_OK; … … 2384 2582 struct netr_TrustInfo *trust_info; 2385 2583 struct pdb_trusted_domain *td; 2386 DATA_BLOB trustAuth_blob;2387 struct samr_Password *new_owf_enc;2388 struct samr_Password *old_owf_enc;2389 DATA_BLOB session_key;2390 2584 2391 2585 /* TODO: check server name */ … … 2455 2649 } 2456 2650 2457 new_owf_enc = talloc_zero(p->mem_ctx, struct samr_Password); 2458 old_owf_enc = talloc_zero(p->mem_ctx, struct samr_Password); 2459 if (new_owf_enc == NULL || old_owf_enc == NULL) { 2460 return NT_STATUS_NO_MEMORY; 2461 } 2462 2463 /* TODO: which trustAuth shall we use if we have in/out trust or do they have to 2464 * be equal ? */ 2465 if (td->trust_direction & NETR_TRUST_FLAG_INBOUND) { 2466 trustAuth_blob = td->trust_auth_incoming; 2467 } else if (td->trust_direction & NETR_TRUST_FLAG_OUTBOUND) { 2468 trustAuth_blob = td->trust_auth_outgoing; 2469 } 2470 2471 session_key.data = creds->session_key; 2472 session_key.length = sizeof(creds->session_key); 2473 status = get_password_from_trustAuth(p->mem_ctx, &trustAuth_blob, 2474 &session_key, 2475 new_owf_enc, old_owf_enc); 2651 if (td->trust_auth_incoming.data == NULL) { 2652 return NT_STATUS_INVALID_PARAMETER; 2653 } 2654 2655 status = get_password_from_trustAuth(p->mem_ctx, 2656 &td->trust_auth_incoming, 2657 creds, 2658 r->out.new_owf_password, 2659 r->out.old_owf_password); 2476 2660 2477 2661 if (!NT_STATUS_IS_OK(status)) { … … 2479 2663 } 2480 2664 2481 r->out.new_owf_password = new_owf_enc;2482 r->out.old_owf_password = old_owf_enc;2483 2665 } else { 2484 2666 /* TODO: look for machine password */ 2485 r->out.new_owf_password = NULL;2486 r->out.old_owf_password = NULL;2667 ZERO_STRUCTP(r->out.new_owf_password); 2668 ZERO_STRUCTP(r->out.old_owf_password); 2487 2669 2488 2670 return NT_STATUS_NOT_IMPLEMENTED; -
vendor/current/source3/rpc_server/rpc_handles.c
r919 r988 21 21 22 22 #include "includes.h" 23 #include "system/passwd.h" /* uid_wrapper */ 23 24 #include "../librpc/gen_ndr/ndr_lsa.h" 24 25 #include "../librpc/gen_ndr/ndr_samr.h" 25 26 #include "auth.h" 26 #include "ntdomain.h" 27 #include "rpc_server/rpc_ncacn_np.h" 27 #include "rpc_server/rpc_pipes.h" 28 #include "../libcli/security/security.h" 29 #include "lib/tsocket/tsocket.h" 30 #include "librpc/ndr/ndr_table.h" 28 31 29 32 #undef DBGC_CLASS 30 33 #define DBGC_CLASS DBGC_RPC_SRV 34 35 static struct pipes_struct *InternalPipes; 36 37 /* TODO 38 * the following prototypes are declared here to avoid 39 * code being moved about too much for a patch to be 40 * disrupted / less obvious. 41 * 42 * these functions, and associated functions that they 43 * call, should be moved behind a .so module-loading 44 * system _anyway_. so that's the next step... 45 */ 46 47 int make_base_pipes_struct(TALLOC_CTX *mem_ctx, 48 struct messaging_context *msg_ctx, 49 const char *pipe_name, 50 enum dcerpc_transport_t transport, 51 bool endian, 52 const struct tsocket_address *remote_address, 53 const struct tsocket_address *local_address, 54 struct pipes_struct **_p) 55 { 56 struct pipes_struct *p; 57 58 p = talloc_zero(mem_ctx, struct pipes_struct); 59 if (!p) { 60 return ENOMEM; 61 } 62 63 p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p); 64 if (!p->mem_ctx) { 65 talloc_free(p); 66 return ENOMEM; 67 } 68 69 p->msg_ctx = msg_ctx; 70 p->transport = transport; 71 p->endian = endian; 72 p->allow_bind = true; 73 74 p->remote_address = tsocket_address_copy(remote_address, p); 75 if (p->remote_address == NULL) { 76 talloc_free(p); 77 return ENOMEM; 78 } 79 80 if (local_address) { 81 p->local_address = tsocket_address_copy(local_address, p); 82 if (p->local_address == NULL) { 83 talloc_free(p); 84 return ENOMEM; 85 } 86 } 87 88 DLIST_ADD(InternalPipes, p); 89 talloc_set_destructor(p, close_internal_rpc_pipe_hnd); 90 91 *_p = p; 92 return 0; 93 } 94 95 96 bool check_open_pipes(void) 97 { 98 struct pipes_struct *p; 99 100 for (p = InternalPipes; p != NULL; p = p->next) { 101 if (num_pipe_handles(p) != 0) { 102 return true; 103 } 104 } 105 return false; 106 } 107 108 /**************************************************************************** 109 Close an rpc pipe. 110 ****************************************************************************/ 111 112 int close_internal_rpc_pipe_hnd(struct pipes_struct *p) 113 { 114 if (!p) { 115 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n")); 116 return False; 117 } 118 119 /* Free the handles database. */ 120 close_policy_by_pipe(p); 121 122 DLIST_REMOVE(InternalPipes, p); 123 124 return 0; 125 } 31 126 32 127 /* … … 82 177 struct handle_list *hl; 83 178 84 for (plist = get_first_internal_pipe(); 85 plist; 86 plist = get_next_internal_pipe(plist)) { 87 if (ndr_syntax_id_equal(syntax, &plist->syntax)) { 88 break; 89 } 90 if (is_samr_lsa_pipe(&plist->syntax) 91 && is_samr_lsa_pipe(syntax)) { 92 /* 93 * samr and lsa share a handle space (same process 94 * under Windows?) 95 */ 179 for (plist = InternalPipes; plist; plist = plist->next) { 180 struct pipe_rpc_fns *p_ctx; 181 bool stop = false; 182 183 for (p_ctx = plist->contexts; 184 p_ctx != NULL; 185 p_ctx = p_ctx->next) { 186 if (ndr_syntax_id_equal(syntax, &p_ctx->syntax)) { 187 stop = true; 188 break; 189 } 190 if (is_samr_lsa_pipe(&p_ctx->syntax) 191 && is_samr_lsa_pipe(syntax)) { 192 /* 193 * samr and lsa share a handle space (same process 194 * under Windows?) 195 */ 196 stop = true; 197 break; 198 } 199 } 200 201 if (stop) { 96 202 break; 97 203 } … … 114 220 DEBUG(10,("init_pipe_handle_list: created handle list for " 115 221 "pipe %s\n", 116 get_pipe_name_from_syntax(talloc_tos(), syntax))); 222 ndr_interface_name(&syntax->uuid, 223 syntax->if_version))); 117 224 } 118 225 … … 131 238 DEBUG(10,("init_pipe_handle_list: pipe_handles ref count = %lu for " 132 239 "pipe %s\n", (unsigned long)p->pipe_handles->pipe_ref_count, 133 get_pipe_name_from_syntax(talloc_tos(), syntax)));240 ndr_interface_name(&syntax->uuid, syntax->if_version))); 134 241 135 242 return True; … … 148 255 { 149 256 struct dcesrv_handle *rpc_hnd; 150 static uint32 pol_hnd_low = 0;151 static uint32 pol_hnd_high = 0;257 static uint32_t pol_hnd_low = 0; 258 static uint32_t pol_hnd_high = 0; 152 259 time_t t = time(NULL); 153 260 … … 188 295 SSVAL(rpc_hnd->wire_handle.uuid.node, 0, t); 189 296 /* something more random */ 190 SIVAL(rpc_hnd->wire_handle.uuid.node, 2, sys_getpid());297 SIVAL(rpc_hnd->wire_handle.uuid.node, 2, getpid()); 191 298 192 299 DLIST_ADD(p->pipe_handles->handles, rpc_hnd); … … 195 302 *hnd = rpc_hnd->wire_handle; 196 303 197 DEBUG( 4, ("Opened policy hnd[%d] ", (int)p->pipe_handles->count));198 dump_data( 4, (uint8_t *)hnd, sizeof(*hnd));304 DEBUG(6, ("Opened policy hnd[%d] ", (int)p->pipe_handles->count)); 305 dump_data(6, (uint8_t *)hnd, sizeof(*hnd)); 199 306 200 307 return rpc_hnd; … … 230 337 for (h = p->pipe_handles->handles; h != NULL; h = h->next) { 231 338 if (memcmp(&h->wire_handle, hnd, sizeof(*hnd)) == 0) { 232 DEBUG( 4,("Found policy hnd[%u] ", count));233 dump_data( 4, (uint8*)hnd, sizeof(*hnd));339 DEBUG(6,("Found policy hnd[%u] ", count)); 340 dump_data(6, (const uint8_t *)hnd, sizeof(*hnd)); 234 341 if (data_p) { 235 342 *data_p = h->data; … … 241 348 242 349 DEBUG(4,("Policy not found: ")); 243 dump_data(4, ( uint8_t *)hnd, sizeof(*hnd));350 dump_data(4, (const uint8_t *)hnd, sizeof(*hnd)); 244 351 245 352 p->fault_state = DCERPC_FAULT_CONTEXT_MISMATCH; … … 279 386 } 280 387 281 DEBUG( 3,("Closed policy\n"));388 DEBUG(6,("Closed policy\n")); 282 389 283 390 p->pipe_handles->count--; … … 295 402 void close_policy_by_pipe(struct pipes_struct *p) 296 403 { 404 if (p->pipe_handles == NULL) { 405 return; 406 } 407 297 408 p->pipe_handles->pipe_ref_count--; 298 409 … … 303 414 TALLOC_FREE(p->pipe_handles); 304 415 305 DEBUG(10,(" close_policy_by_pipe: deleted handle list for "306 "pipe %s\n",307 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));416 DEBUG(10,("Deleted handle list for RPC connection %s\n", 417 ndr_interface_name(&p->contexts->syntax.uuid, 418 p->contexts->syntax.if_version))); 308 419 } 309 420 } … … 330 441 } 331 442 332 if ( p->session_info->guest) {443 if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) { 333 444 return False; 334 445 } … … 346 457 347 458 if (p->pipe_handles->count > MAX_OPEN_POLS) { 348 DEBUG(0, ("policy_handle_create: ERROR: too many handles (%d) " 349 "on pipe %s.\n", (int)p->pipe_handles->count, 350 get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); 459 DEBUG(0, ("ERROR: Too many handles (%d) for RPC connection %s\n", 460 (int) p->pipe_handles->count, 461 ndr_interface_name(&p->contexts->syntax.uuid, 462 p->contexts->syntax.if_version))); 463 351 464 *pstatus = NT_STATUS_INSUFFICIENT_RESOURCES; 352 465 return NULL; … … 393 506 } 394 507 if ((access_required & rpc_hnd->access_granted) != access_required) { 395 if ( geteuid() == sec_initial_uid()) {508 if (root_mode()) { 396 509 DEBUG(4, ("%s: ACCESS should be DENIED (granted: " 397 510 "%#010x; required: %#010x)\n", location, -
vendor/current/source3/rpc_server/rpc_ncacn_np.c
r919 r988 6 6 * Copyright (C) Jeremy Allison 1998 - 2005 7 7 * Copyright (C) Simo Sorce 2010 8 * Copyright (C) Andrew Bartlett 2011 8 9 * 9 10 * This program is free software; you can redistribute it and/or modify … … 31 32 #include "../auth/auth_sam_reply.h" 32 33 #include "auth.h" 33 #include " ntdomain.h"34 #include "rpc_server/rpc_pipes.h" 34 35 #include "../lib/tsocket/tsocket.h" 35 36 #include "../lib/util/tevent_ntstatus.h" 37 #include "rpc_contexts.h" 38 #include "rpc_server/rpc_config.h" 39 #include "librpc/ndr/ndr_table.h" 40 #include "rpc_server/rpc_server.h" 36 41 37 42 #undef DBGC_CLASS 38 43 #define DBGC_CLASS DBGC_RPC_SRV 39 44 40 static int pipes_open; 41 42 static struct pipes_struct *InternalPipes; 43 44 /* TODO 45 * the following prototypes are declared here to avoid 46 * code being moved about too much for a patch to be 47 * disrupted / less obvious. 48 * 49 * these functions, and associated functions that they 50 * call, should be moved behind a .so module-loading 51 * system _anyway_. so that's the next step... 52 */ 53 54 /**************************************************************************** 55 Internal Pipe iterator functions. 56 ****************************************************************************/ 57 58 struct pipes_struct *get_first_internal_pipe(void) 59 { 60 return InternalPipes; 61 } 62 63 struct pipes_struct *get_next_internal_pipe(struct pipes_struct *p) 64 { 65 return p->next; 66 } 67 68 static void free_pipe_rpc_context_internal( PIPE_RPC_FNS *list ) 69 { 70 PIPE_RPC_FNS *tmp = list; 71 PIPE_RPC_FNS *tmp2; 72 73 while (tmp) { 74 tmp2 = tmp->next; 75 SAFE_FREE(tmp); 76 tmp = tmp2; 77 } 78 79 return; 80 } 81 82 bool check_open_pipes(void) 83 { 84 struct pipes_struct *p; 85 86 for (p = InternalPipes; p != NULL; p = p->next) { 87 if (num_pipe_handles(p) != 0) { 88 return true; 89 } 90 } 91 return false; 92 } 93 94 /**************************************************************************** 95 Close an rpc pipe. 96 ****************************************************************************/ 97 98 int close_internal_rpc_pipe_hnd(struct pipes_struct *p) 99 { 100 if (!p) { 101 DEBUG(0,("Invalid pipe in close_internal_rpc_pipe_hnd\n")); 102 return False; 103 } 104 105 TALLOC_FREE(p->auth.auth_ctx); 106 107 free_pipe_rpc_context_internal( p->contexts ); 108 109 /* Free the handles database. */ 110 close_policy_by_pipe(p); 111 112 DLIST_REMOVE(InternalPipes, p); 113 114 ZERO_STRUCTP(p); 115 116 return 0; 45 static struct npa_state *npa_state_init(TALLOC_CTX *mem_ctx) 46 { 47 struct npa_state *npa; 48 49 npa = talloc_zero(mem_ctx, struct npa_state); 50 if (npa == NULL) { 51 return NULL; 52 } 53 54 npa->read_queue = tevent_queue_create(npa, "npa_cli_read"); 55 if (npa->read_queue == NULL) { 56 DEBUG(0, ("tevent_queue_create failed\n")); 57 goto fail; 58 } 59 60 npa->write_queue = tevent_queue_create(npa, "npa_cli_write"); 61 if (npa->write_queue == NULL) { 62 DEBUG(0, ("tevent_queue_create failed\n")); 63 goto fail; 64 } 65 66 return npa; 67 fail: 68 talloc_free(npa); 69 return NULL; 70 } 71 72 NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx, 73 struct tevent_context *ev_ctx, 74 struct messaging_context *msg_ctx, 75 const char *pipe_name, 76 const struct ndr_syntax_id *syntax, 77 const struct tsocket_address *remote_address, 78 const struct auth_session_info *session_info, 79 struct npa_state **pnpa) 80 { 81 TALLOC_CTX *tmp_ctx = talloc_stackframe(); 82 struct named_pipe_client *npc; 83 struct tevent_req *subreq; 84 struct npa_state *npa; 85 NTSTATUS status; 86 int error; 87 int rc; 88 89 DEBUG(4, ("Create of internal pipe %s requested\n", pipe_name)); 90 91 npa = npa_state_init(tmp_ctx); 92 if (npa == NULL) { 93 status = NT_STATUS_NO_MEMORY; 94 goto out; 95 } 96 97 npa->file_type = FILE_TYPE_MESSAGE_MODE_PIPE; 98 npa->device_state = 0xff | 0x0400 | 0x0100; 99 npa->allocation_size = 4096; 100 101 npc = named_pipe_client_init(npa, 102 ev_ctx, 103 msg_ctx, 104 pipe_name, 105 NULL, /* term_fn */ 106 npa->file_type, 107 npa->device_state, 108 npa->allocation_size, 109 NULL); /* private_data */ 110 if (npc == NULL) { 111 status = NT_STATUS_NO_MEMORY; 112 goto out; 113 } 114 npa->private_data = (void*) npc; 115 116 rc = tstream_npa_socketpair(npa->file_type, 117 npa, 118 &npa->stream, 119 npc, 120 &npc->tstream); 121 if (rc == -1) { 122 status = map_nt_error_from_unix(errno); 123 goto out; 124 } 125 126 npc->client = tsocket_address_copy(remote_address, npc); 127 if (npc->client == NULL) { 128 status = NT_STATUS_NO_MEMORY; 129 goto out; 130 } 131 132 npc->client_name = tsocket_address_inet_addr_string(npc->client, npc); 133 if (npc->client_name == NULL) { 134 status = NT_STATUS_NO_MEMORY; 135 goto out; 136 } 137 138 npc->session_info = copy_session_info(npc, session_info); 139 if (npc->session_info == NULL) { 140 status = NT_STATUS_NO_MEMORY; 141 goto out; 142 } 143 144 rc = make_server_pipes_struct(npc, 145 npc->msg_ctx, 146 npc->pipe_name, 147 NCACN_NP, 148 npc->server, 149 npc->client, 150 npc->session_info, 151 &npc->p, 152 &error); 153 if (rc == -1) { 154 status = map_nt_error_from_unix(error); 155 goto out; 156 } 157 158 npc->write_queue = tevent_queue_create(npc, "npa_server_write_queue"); 159 if (npc->write_queue == NULL) { 160 status = NT_STATUS_NO_MEMORY; 161 goto out; 162 } 163 164 subreq = dcerpc_read_ncacn_packet_send(npc, npc->ev, npc->tstream); 165 if (subreq == NULL) { 166 DEBUG(2, ("Failed to start receving packets\n")); 167 status = NT_STATUS_PIPE_BROKEN; 168 goto out; 169 } 170 tevent_req_set_callback(subreq, named_pipe_packet_process, npc); 171 172 *pnpa = talloc_steal(mem_ctx, npa); 173 status = NT_STATUS_OK; 174 out: 175 talloc_free(tmp_ctx); 176 return status; 117 177 } 118 178 … … 123 183 struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, 124 184 const struct ndr_syntax_id *syntax, 125 struct client_address *client_id,126 const struct auth_se rversupplied_info *session_info,185 const struct tsocket_address *remote_address, 186 const struct auth_session_info *session_info, 127 187 struct messaging_context *msg_ctx) 128 188 { 129 189 struct pipes_struct *p; 130 131 DEBUG(4,("Create pipe requested %s\n", 132 get_pipe_name_from_syntax(talloc_tos(), syntax))); 133 134 p = TALLOC_ZERO_P(mem_ctx, struct pipes_struct); 135 136 if (!p) { 190 struct pipe_rpc_fns *context_fns; 191 const char *pipe_name; 192 int ret; 193 const struct ndr_interface_table *table; 194 195 table = ndr_table_by_uuid(&syntax->uuid); 196 if (table == NULL) { 197 DEBUG(0,("unknown interface\n")); 198 return NULL; 199 } 200 201 pipe_name = dcerpc_default_transport_endpoint(mem_ctx, NCACN_NP, table); 202 203 DEBUG(4,("Create pipe requested %s\n", pipe_name)); 204 205 ret = make_base_pipes_struct(mem_ctx, msg_ctx, pipe_name, 206 NCALRPC, RPC_LITTLE_ENDIAN, 207 remote_address, NULL, &p); 208 if (ret) { 137 209 DEBUG(0,("ERROR! no memory for pipes_struct!\n")); 138 return NULL;139 }140 141 p->mem_ctx = talloc_named(p, 0, "pipe %s %p",142 get_pipe_name_from_syntax(talloc_tos(),143 syntax), p);144 if (p->mem_ctx == NULL) {145 DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n"));146 TALLOC_FREE(p);147 210 return NULL; 148 211 } … … 154 217 } 155 218 156 p->session_info = copy_se rverinfo(p, session_info);219 p->session_info = copy_session_info(p, session_info); 157 220 if (p->session_info == NULL) { 158 221 DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n")); … … 162 225 } 163 226 164 p->msg_ctx = msg_ctx; 165 166 DLIST_ADD(InternalPipes, p); 167 168 p->client_id = client_id; 169 170 p->endian = RPC_LITTLE_ENDIAN; 171 172 p->syntax = *syntax; 173 p->transport = NCALRPC; 174 p->allow_bind = true; 175 176 DEBUG(4,("Created internal pipe %s (pipes_open=%d)\n", 177 get_pipe_name_from_syntax(talloc_tos(), syntax), pipes_open)); 178 179 talloc_set_destructor(p, close_internal_rpc_pipe_hnd); 227 context_fns = talloc_zero(p, struct pipe_rpc_fns); 228 if (context_fns == NULL) { 229 DEBUG(0,("talloc() failed!\n")); 230 TALLOC_FREE(p); 231 return NULL; 232 } 233 234 context_fns->next = context_fns->prev = NULL; 235 context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(syntax); 236 context_fns->cmds = rpc_srv_get_pipe_cmds(syntax); 237 context_fns->context_id = 0; 238 context_fns->syntax = *syntax; 239 240 /* add to the list of open contexts */ 241 DLIST_ADD(p->contexts, context_fns); 242 243 DEBUG(4,("Created internal pipe %s\n", pipe_name)); 180 244 181 245 return p; … … 188 252 DATA_BLOB *out_data) 189 253 { 190 uint32_t num_cmds = rpc_srv_get_pipe_num_cmds(&p->syntax); 191 const struct api_struct *cmds = rpc_srv_get_pipe_cmds(&p->syntax); 254 struct pipe_rpc_fns *fns = find_pipe_fns_by_context(p->contexts, 0); 255 uint32_t num_cmds = fns->n_cmds; 256 const struct api_struct *cmds = fns->cmds; 192 257 uint32_t i; 193 258 bool ok; … … 291 356 ok = rpcint_bh_is_connected(h); 292 357 if (!ok) { 293 tevent_req_nterror(req, NT_STATUS_ INVALID_CONNECTION);358 tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED); 294 359 return tevent_req_post(req, ev); 295 360 } … … 353 418 ok = rpcint_bh_is_connected(h); 354 419 if (!ok) { 355 tevent_req_nterror(req, NT_STATUS_ INVALID_CONNECTION);420 tevent_req_nterror(req, NT_STATUS_CONNECTION_DISCONNECTED); 356 421 return tevent_req_post(req, ev); 357 422 } … … 427 492 const struct ndr_syntax_id *abstract_syntax, 428 493 const struct ndr_interface_table *ndr_table, 429 struct client_address *client_id,430 const struct auth_se rversupplied_info *session_info,494 const struct tsocket_address *remote_address, 495 const struct auth_session_info *session_info, 431 496 struct messaging_context *msg_ctx, 432 497 struct dcerpc_binding_handle **binding_handle) … … 451 516 hs->p = make_internal_rpc_pipe_p(hs, 452 517 abstract_syntax, 453 client_id,518 remote_address, 454 519 session_info, 455 520 msg_ctx); … … 469 534 * @param[in] ndr_table Normally the ndr_table_<name>. 470 535 * 471 * @param[in] client_idThe info about the connected client.536 * @param[in] remote_address The info about the connected client. 472 537 * 473 538 * @param[in] serversupplied_info The server supplied authentication function. … … 487 552 * status = rpcint_binding_handle(tmp_ctx, 488 553 * &ndr_table_winreg, 489 * p-> client_id,554 * p->remote_address, 490 555 * p->session_info, 491 556 * p->msg_ctx … … 495 560 NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, 496 561 const struct ndr_interface_table *ndr_table, 497 struct client_address *client_id,498 const struct auth_se rversupplied_info *session_info,562 const struct tsocket_address *remote_address, 563 const struct auth_session_info *session_info, 499 564 struct messaging_context *msg_ctx, 500 565 struct dcerpc_binding_handle **binding_handle) 501 566 { 502 return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, client_id,567 return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, remote_address, 503 568 session_info, msg_ctx, binding_handle); 504 569 } … … 520 585 * @param[in] serversupplied_info The server supplied authentication function. 521 586 * 522 * @param[in] client_idThe client address information.587 * @param[in] remote_address The client address information. 523 588 * 524 589 * @param[in] msg_ctx The messaging context to use. … … 529 594 * error occured. 530 595 */ 531 staticNTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx,596 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, 532 597 const struct ndr_syntax_id *abstract_syntax, 533 const struct auth_se rversupplied_info *serversupplied_info,534 struct client_address *client_id,598 const struct auth_session_info *session_info, 599 const struct tsocket_address *remote_address, 535 600 struct messaging_context *msg_ctx, 536 601 struct rpc_pipe_client **presult) … … 539 604 NTSTATUS status; 540 605 541 result = TALLOC_ZERO_P(mem_ctx, struct rpc_pipe_client);606 result = talloc_zero(mem_ctx, struct rpc_pipe_client); 542 607 if (result == NULL) { 543 608 return NT_STATUS_NO_MEMORY; … … 545 610 546 611 result->abstract_syntax = *abstract_syntax; 547 result->transfer_syntax = ndr_transfer_syntax; 548 549 if (client_id == NULL) { 550 static struct client_address unknown; 551 strlcpy(unknown.addr, "<UNKNOWN>", sizeof(unknown.addr)); 552 unknown.name = "<UNKNOWN>"; 553 client_id = &unknown; 612 result->transfer_syntax = ndr_transfer_syntax_ndr; 613 614 if (remote_address == NULL) { 615 struct tsocket_address *local; 616 int rc; 617 618 rc = tsocket_address_inet_from_strings(mem_ctx, 619 "ip", 620 "127.0.0.1", 621 0, 622 &local); 623 if (rc < 0) { 624 TALLOC_FREE(result); 625 return NT_STATUS_NO_MEMORY; 626 } 627 628 remote_address = local; 554 629 } 555 630 … … 560 635 abstract_syntax, 561 636 NULL, 562 client_id,563 se rversupplied_info,637 remote_address, 638 session_info, 564 639 msg_ctx, 565 640 &result->binding_handle); … … 577 652 ***************************************************************************/ 578 653 654 NTSTATUS make_external_rpc_pipe(TALLOC_CTX *mem_ctx, 655 const char *pipe_name, 656 const struct tsocket_address *local_address, 657 const struct tsocket_address *remote_address, 658 const struct auth_session_info *session_info, 659 struct npa_state **pnpa) 660 { 661 TALLOC_CTX *tmp_ctx = talloc_stackframe(); 662 struct auth_session_info_transport *session_info_t; 663 struct tevent_context *ev_ctx; 664 struct tevent_req *subreq; 665 const char *socket_np_dir; 666 const char *socket_dir; 667 struct npa_state *npa; 668 int sys_errno; 669 NTSTATUS status; 670 int rc = -1; 671 bool ok; 672 673 npa = npa_state_init(tmp_ctx); 674 if (npa == NULL) { 675 status = NT_STATUS_NO_MEMORY; 676 goto out; 677 } 678 679 socket_dir = lp_parm_const_string(GLOBAL_SECTION_SNUM, 680 "external_rpc_pipe", 681 "socket_dir", 682 lp_ncalrpc_dir()); 683 if (socket_dir == NULL) { 684 DEBUG(0, ("external_rpc_pipe: socket_dir not set\n")); 685 status = NT_STATUS_PIPE_NOT_AVAILABLE; 686 goto out; 687 } 688 689 socket_np_dir = talloc_asprintf(tmp_ctx, "%s/np", socket_dir); 690 if (socket_np_dir == NULL) { 691 DEBUG(0, ("talloc_asprintf failed\n")); 692 status = NT_STATUS_NO_MEMORY; 693 goto out; 694 } 695 696 session_info_t = talloc_zero(tmp_ctx, 697 struct auth_session_info_transport); 698 if (session_info_t == NULL) { 699 DEBUG(0, ("talloc failed\n")); 700 status = NT_STATUS_NO_MEMORY; 701 goto out; 702 } 703 704 session_info_t->session_info = copy_session_info(session_info_t, 705 session_info); 706 if (session_info_t->session_info == NULL) { 707 DEBUG(0, ("copy_session_info failed\n")); 708 status = NT_STATUS_NO_MEMORY; 709 goto out; 710 } 711 712 ev_ctx = s3_tevent_context_init(tmp_ctx); 713 if (ev_ctx == NULL) { 714 DEBUG(0, ("s3_tevent_context_init failed\n")); 715 status = NT_STATUS_NO_MEMORY; 716 goto out; 717 } 718 719 become_root(); 720 subreq = tstream_npa_connect_send(tmp_ctx, 721 ev_ctx, 722 socket_np_dir, 723 pipe_name, 724 remote_address, /* client_addr */ 725 NULL, /* client_name */ 726 local_address, /* server_addr */ 727 NULL, /* server_name */ 728 session_info_t); 729 if (subreq == NULL) { 730 unbecome_root(); 731 DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and " 732 "user %s\\%s failed\n", 733 socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name, 734 session_info_t->session_info->info->account_name)); 735 status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 736 goto out; 737 } 738 ok = tevent_req_poll(subreq, ev_ctx); 739 unbecome_root(); 740 if (!ok) { 741 DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s " 742 "failed for tstream_npa_connect: %s\n", 743 socket_np_dir, 744 pipe_name, 745 session_info_t->session_info->info->domain_name, 746 session_info_t->session_info->info->account_name, 747 strerror(errno))); 748 status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 749 goto out; 750 } 751 752 rc = tstream_npa_connect_recv(subreq, 753 &sys_errno, 754 npa, 755 &npa->stream, 756 &npa->file_type, 757 &npa->device_state, 758 &npa->allocation_size); 759 talloc_free(subreq); 760 if (rc != 0) { 761 int l = 1; 762 763 if (errno == ENOENT) { 764 l = 2; 765 } 766 767 DEBUG(l, ("tstream_npa_connect_recv to %s for pipe %s and " 768 "user %s\\%s failed: %s\n", 769 socket_np_dir, 770 pipe_name, 771 session_info_t->session_info->info->domain_name, 772 session_info_t->session_info->info->account_name, 773 strerror(sys_errno))); 774 status = NT_STATUS_OBJECT_NAME_NOT_FOUND; 775 goto out; 776 } 777 778 *pnpa = talloc_steal(mem_ctx, npa); 779 status = NT_STATUS_OK; 780 out: 781 talloc_free(tmp_ctx); 782 783 return status; 784 } 579 785 580 786 struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, … … 582 788 const struct tsocket_address *local_address, 583 789 const struct tsocket_address *remote_address, 584 const struct auth_se rversupplied_info *session_info)790 const struct auth_session_info *session_info) 585 791 { 586 792 struct np_proxy_state *result; … … 590 796 struct tevent_req *subreq; 591 797 struct auth_session_info_transport *session_info_t; 592 struct auth_user_info_dc *user_info_dc;593 union netr_Validation val;594 NTSTATUS status;595 798 bool ok; 596 799 int ret; … … 625 828 lp_ncalrpc_dir()); 626 829 if (socket_dir == NULL) { 627 DEBUG(0, ("externa n_rpc_pipe:socket_dir not set\n"));830 DEBUG(0, ("external_rpc_pipe:socket_dir not set\n")); 628 831 goto fail; 629 832 } … … 640 843 } 641 844 642 /* Send the named_pipe_auth server the user's full token */ 643 session_info_t->security_token = session_info->security_token; 644 session_info_t->session_key = session_info->user_session_key; 645 646 val.sam3 = session_info->info3; 647 648 /* Convert into something we can build a struct 649 * auth_session_info_transport from. Most of the work here 650 * will be to convert the SIDS, which we will then ignore, but 651 * this is the easier way to handle it */ 652 status = make_user_info_dc_netlogon_validation(talloc_tos(), "", 3, &val, &user_info_dc); 653 if (!NT_STATUS_IS_OK(status)) { 654 DEBUG(0, ("conversion of info3 into user_info_dc failed!\n")); 845 session_info_t->session_info = copy_session_info(session_info_t, 846 session_info); 847 if (session_info_t->session_info == NULL) { 848 DEBUG(0, ("copy_session_info failed\n")); 655 849 goto fail; 656 850 } 657 658 session_info_t->info = talloc_move(session_info_t, &user_info_dc->info);659 talloc_free(user_info_dc);660 851 661 852 become_root(); … … 672 863 DEBUG(0, ("tstream_npa_connect_send to %s for pipe %s and " 673 864 "user %s\\%s failed\n", 674 socket_np_dir, pipe_name, session_info_t-> info->domain_name,675 session_info_t-> info->account_name));865 socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name, 866 session_info_t->session_info->info->account_name)); 676 867 goto fail; 677 868 } … … 681 872 DEBUG(0, ("tevent_req_poll to %s for pipe %s and user %s\\%s " 682 873 "failed for tstream_npa_connect: %s\n", 683 socket_np_dir, pipe_name, session_info_t-> info->domain_name,684 session_info_t-> info->account_name,874 socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name, 875 session_info_t->session_info->info->account_name, 685 876 strerror(errno))); 686 877 goto fail; … … 695 886 TALLOC_FREE(subreq); 696 887 if (ret != 0) { 697 DEBUG(0, ("tstream_npa_connect_recv to %s for pipe %s and " 888 int l = 1; 889 if (errno == ENOENT) { 890 l = 2; 891 } 892 DEBUG(l, ("tstream_npa_connect_recv to %s for pipe %s and " 698 893 "user %s\\%s failed: %s\n", 699 socket_np_dir, pipe_name, session_info_t-> info->domain_name,700 session_info_t-> info->account_name,894 socket_np_dir, pipe_name, session_info_t->session_info->info->domain_name, 895 session_info_t->session_info->info->account_name, 701 896 strerror(sys_errno))); 702 897 goto fail; … … 712 907 static NTSTATUS rpc_pipe_open_external(TALLOC_CTX *mem_ctx, 713 908 const char *pipe_name, 714 const struct ndr_ syntax_id *abstract_syntax,715 const struct auth_se rversupplied_info *session_info,909 const struct ndr_interface_table *table, 910 const struct auth_session_info *session_info, 716 911 struct rpc_pipe_client **_result) 717 912 { … … 738 933 local, remote, session_info); 739 934 if (!proxy_state) { 935 DEBUG(1, ("Unable to make proxy_state for connection to %s.\n", pipe_name)); 740 936 return NT_STATUS_UNSUCCESSFUL; 741 937 } … … 747 943 } 748 944 749 result->abstract_syntax = *abstract_syntax;750 result->transfer_syntax = ndr_transfer_syntax ;945 result->abstract_syntax = table->syntax_id; 946 result->transfer_syntax = ndr_transfer_syntax_ndr; 751 947 752 948 result->desthost = get_myname(result); … … 768 964 } 769 965 770 result->binding_handle = rpccli_bh_create(result );966 result->binding_handle = rpccli_bh_create(result, NULL, table); 771 967 if (result->binding_handle == NULL) { 772 968 status = NT_STATUS_NO_MEMORY; … … 817 1013 * @param[in] serversupplied_info The server supplied authentication function. 818 1014 * 819 * @param[in] client_idThe client address information.1015 * @param[in] remote_address The client address information. 820 1016 * 821 1017 * @param[in] msg_ctx The messaging context to use. … … 833 1029 * &ndr_table_winreg.syntax_id, 834 1030 * p->session_info, 835 * client_id,1031 * remote_address, 836 1032 * &winreg_pipe); 837 1033 * @endcode … … 839 1035 840 1036 NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, 841 const struct ndr_ syntax_id *syntax,842 const struct auth_se rversupplied_info *session_info,843 struct client_address *client_id,1037 const struct ndr_interface_table *table, 1038 const struct auth_session_info *session_info, 1039 const struct tsocket_address *remote_address, 844 1040 struct messaging_context *msg_ctx, 845 1041 struct rpc_pipe_client **cli_pipe) 846 1042 { 847 1043 struct rpc_pipe_client *cli = NULL; 848 const char *server_type;1044 enum rpc_service_mode_e pipe_mode; 849 1045 const char *pipe_name; 850 1046 NTSTATUS status; 851 1047 TALLOC_CTX *tmp_ctx; 852 1048 853 if (cli_pipe && rpccli_is_connected(*cli_pipe)) { 854 return NT_STATUS_OK; 855 } else { 856 TALLOC_FREE(*cli_pipe); 1049 if (cli_pipe != NULL) { 1050 if (rpccli_is_connected(*cli_pipe)) { 1051 return NT_STATUS_OK; 1052 } else { 1053 TALLOC_FREE(*cli_pipe); 1054 } 857 1055 } 858 1056 … … 862 1060 } 863 1061 864 pipe_name = get_pipe_name_from_syntax(tmp_ctx, syntax);1062 pipe_name = dcerpc_default_transport_endpoint(mem_ctx, NCACN_NP, table); 865 1063 if (pipe_name == NULL) { 1064 DEBUG(1, ("Unable to find pipe name to forward %s to.\n", table->name)); 866 1065 status = NT_STATUS_INVALID_PARAMETER; 867 1066 goto done; … … 874 1073 DEBUG(5, ("Connecting to %s pipe.\n", pipe_name)); 875 1074 876 server_type = lp_parm_const_string(GLOBAL_SECTION_SNUM, 877 "rpc_server", pipe_name, 878 "embedded"); 879 880 if (StrCaseCmp(server_type, "embedded") == 0) { 1075 pipe_mode = rpc_service_mode(pipe_name); 1076 1077 switch (pipe_mode) { 1078 case RPC_SERVICE_MODE_EMBEDDED: 881 1079 status = rpc_pipe_open_internal(tmp_ctx, 882 syntax, session_info,883 client_id, msg_ctx,1080 &table->syntax_id, session_info, 1081 remote_address, msg_ctx, 884 1082 &cli); 885 1083 if (!NT_STATUS_IS_OK(status)) { 886 1084 goto done; 887 1085 } 888 } else if (StrCaseCmp(server_type, "daemon") == 0 ||889 StrCaseCmp(server_type, "external") == 0) {1086 break; 1087 case RPC_SERVICE_MODE_EXTERNAL: 890 1088 /* It would be nice to just use rpc_pipe_open_ncalrpc() but 891 1089 * for now we need to use the special proxy setup to connect … … 893 1091 894 1092 status = rpc_pipe_open_external(tmp_ctx, 895 pipe_name, syntax,1093 pipe_name, table, 896 1094 session_info, 897 1095 &cli); … … 899 1097 goto done; 900 1098 } 901 } else { 1099 break; 1100 case RPC_SERVICE_MODE_DISABLED: 902 1101 status = NT_STATUS_NOT_IMPLEMENTED; 903 DEBUG(0, (" Wrong servertype specified in config file: %s",904 nt_errstr(status)));1102 DEBUG(0, ("Service pipe %s is disabled in config file: %s", 1103 pipe_name, nt_errstr(status))); 905 1104 goto done; 906 1105 } … … 908 1107 status = NT_STATUS_OK; 909 1108 done: 910 if (NT_STATUS_IS_OK(status) ) {1109 if (NT_STATUS_IS_OK(status) && cli_pipe != NULL) { 911 1110 *cli_pipe = talloc_move(mem_ctx, &cli); 912 1111 } -
vendor/current/source3/rpc_server/rpc_ncacn_np.h
r740 r988 25 25 struct tsocket_address; 26 26 27 struct npa_state { 28 struct tstream_context *stream; 29 30 struct tevent_queue *read_queue; 31 struct tevent_queue *write_queue; 32 33 uint64_t allocation_size; 34 uint16_t device_state; 35 uint16_t file_type; 36 37 void *private_data; 38 }; 39 40 NTSTATUS make_external_rpc_pipe(TALLOC_CTX *mem_ctx, 41 const char *pipe_name, 42 const struct tsocket_address *local_address, 43 const struct tsocket_address *remote_address, 44 const struct auth_session_info *session_info, 45 struct npa_state **pnpa); 46 47 NTSTATUS make_internal_rpc_pipe_socketpair(TALLOC_CTX *mem_ctx, 48 struct tevent_context *ev_ctx, 49 struct messaging_context *msg_ctx, 50 const char *pipe_name, 51 const struct ndr_syntax_id *syntax, 52 const struct tsocket_address *remote_address, 53 const struct auth_session_info *session_info, 54 struct npa_state **pnpa); 55 27 56 struct np_proxy_state { 28 57 uint16_t file_type; … … 36 65 struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, 37 66 const struct ndr_syntax_id *syntax, 38 struct client_address *client_id,39 const struct auth_se rversupplied_info *session_info,67 const struct tsocket_address *remote_address, 68 const struct auth_session_info *session_info, 40 69 struct messaging_context *msg_ctx); 41 70 struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, … … 43 72 const struct tsocket_address *local_address, 44 73 const struct tsocket_address *remote_address, 45 const struct auth_se rversupplied_info *session_info);74 const struct auth_session_info *session_info); 46 75 NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, 47 76 const struct ndr_interface_table *ndr_table, 48 struct client_address *client_id,49 const struct auth_se rversupplied_info *session_info,77 const struct tsocket_address *remote_address, 78 const struct auth_session_info *session_info, 50 79 struct messaging_context *msg_ctx, 51 80 struct dcerpc_binding_handle **binding_handle); 52 81 NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, 53 const struct ndr_ syntax_id *syntax,54 const struct auth_se rversupplied_info *session_info,55 struct client_address *client_id,82 const struct ndr_interface_table *table, 83 const struct auth_session_info *session_info, 84 const struct tsocket_address *remote_address, 56 85 struct messaging_context *msg_ctx, 57 86 struct rpc_pipe_client **cli_pipe); 58 87 59 struct pipes_struct *get_first_internal_pipe(void); 60 struct pipes_struct *get_next_internal_pipe(struct pipes_struct *p); 61 bool check_open_pipes(void); 62 int close_internal_rpc_pipe_hnd(struct pipes_struct *p); 88 NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, 89 const struct ndr_syntax_id *abstract_syntax, 90 const struct auth_session_info *session_info, 91 const struct tsocket_address *remote_address, 92 struct messaging_context *msg_ctx, 93 struct rpc_pipe_client **presult); 63 94 64 95 #endif /* _RPC_NCACN_NP_H_ */ -
vendor/current/source3/rpc_server/rpc_server.c
r919 r988 3 3 Generic infrstructure for RPC Daemons 4 4 Copyright (C) Simo Sorce 2010 5 Copyright (C) Andrew Bartlett 2011 6 Copyright (C) Andreas Schneider 2011 5 7 6 8 This program is free software; you can redistribute it and/or modify … … 19 21 20 22 #include "includes.h" 21 #include " ntdomain.h"23 #include "rpc_server/rpc_pipes.h" 22 24 #include "rpc_server/rpc_server.h" 25 #include "rpc_server/rpc_config.h" 23 26 #include "rpc_dce.h" 24 27 #include "librpc/gen_ndr/netlogon.h" … … 35 38 #define SERVER_TCP_HIGH_PORT 1300 36 39 37 static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx,38 struct auth_session_info_transport **session_info)39 {40 struct auth_session_info_transport *i;41 struct auth_serversupplied_info *s;42 struct auth_user_info_dc *u;43 union netr_Validation val;44 NTSTATUS status;45 46 i = talloc_zero(mem_ctx, struct auth_session_info_transport);47 if (i == NULL) {48 return NT_STATUS_NO_MEMORY;49 }50 51 status = make_server_info_guest(i, &s);52 if (!NT_STATUS_IS_OK(status)) {53 return status;54 }55 56 i->security_token = s->security_token;57 i->session_key = s->user_session_key;58 59 val.sam3 = s->info3;60 61 status = make_user_info_dc_netlogon_validation(mem_ctx,62 "",63 3,64 &val,65 &u);66 if (!NT_STATUS_IS_OK(status)) {67 DEBUG(0, ("conversion of info3 into user_info_dc failed!\n"));68 return status;69 }70 i->info = talloc_move(i, &u->info);71 talloc_free(u);72 73 *session_info = i;74 75 return NT_STATUS_OK;76 }77 78 40 /* Creates a pipes_struct and initializes it with the information 79 41 * sent from the client */ 80 static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, 81 const char *pipe_name, 82 const struct ndr_syntax_id id, 83 enum dcerpc_transport_t transport, 84 bool ncalrpc_as_system, 85 const char *client_address, 86 const char *server_address, 87 struct auth_session_info_transport *session_info, 88 struct pipes_struct **_p, 89 int *perrno) 90 { 91 struct netr_SamInfo3 *info3; 92 struct auth_user_info_dc *auth_user_info_dc; 42 int make_server_pipes_struct(TALLOC_CTX *mem_ctx, 43 struct messaging_context *msg_ctx, 44 const char *pipe_name, 45 enum dcerpc_transport_t transport, 46 const struct tsocket_address *local_address, 47 const struct tsocket_address *remote_address, 48 struct auth_session_info *session_info, 49 struct pipes_struct **_p, 50 int *perrno) 51 { 93 52 struct pipes_struct *p; 94 NTSTATUS status; 95 bool ok; 96 97 p = talloc_zero(mem_ctx, struct pipes_struct); 98 if (!p) { 99 *perrno = ENOMEM; 53 int ret; 54 55 ret = make_base_pipes_struct(mem_ctx, msg_ctx, pipe_name, 56 transport, RPC_LITTLE_ENDIAN, 57 remote_address, local_address, &p); 58 if (ret) { 59 *perrno = ret; 100 60 return -1; 101 61 } 102 p->syntax = id; 103 p->transport = transport; 104 p->ncalrpc_as_system = ncalrpc_as_system; 105 p->allow_bind = true; 106 107 p->mem_ctx = talloc_named(p, 0, "pipe %s %p", pipe_name, p); 108 if (!p->mem_ctx) { 109 TALLOC_FREE(p); 110 *perrno = ENOMEM; 111 return -1; 112 } 113 114 ok = init_pipe_handles(p, &id); 115 if (!ok) { 116 DEBUG(1, ("Failed to init handles\n")); 117 TALLOC_FREE(p); 62 63 if (session_info->unix_token && session_info->unix_info && session_info->security_token) { 64 /* Don't call create_local_token(), we already have the full details here */ 65 p->session_info = talloc_steal(p, session_info); 66 67 } else { 68 DEBUG(0, ("Supplied session_info in make_server_pipes_struct was incomplete!")); 118 69 *perrno = EINVAL; 119 70 return -1; 120 71 } 121 122 123 data_blob_free(&p->in_data.data);124 data_blob_free(&p->in_data.pdu);125 126 p->endian = RPC_LITTLE_ENDIAN;127 128 /* Fake up an auth_user_info_dc for now, to make an info3, to make the session_info structure */129 auth_user_info_dc = talloc_zero(p, struct auth_user_info_dc);130 if (!auth_user_info_dc) {131 TALLOC_FREE(p);132 *perrno = ENOMEM;133 return -1;134 }135 136 auth_user_info_dc->num_sids = session_info->security_token->num_sids;137 auth_user_info_dc->sids = session_info->security_token->sids;138 auth_user_info_dc->info = session_info->info;139 auth_user_info_dc->user_session_key = session_info->session_key;140 141 /* This creates the input structure that make_server_info_info3 is looking for */142 status = auth_convert_user_info_dc_saminfo3(p, auth_user_info_dc,143 &info3);144 145 if (!NT_STATUS_IS_OK(status)) {146 DEBUG(1, ("Failed to convert auth_user_info_dc into netr_SamInfo3\n"));147 TALLOC_FREE(p);148 *perrno = EINVAL;149 return -1;150 }151 152 status = make_server_info_info3(p,153 info3->base.account_name.string,154 info3->base.domain.string,155 &p->session_info, info3);156 if (!NT_STATUS_IS_OK(status)) {157 DEBUG(1, ("Failed to init server info\n"));158 TALLOC_FREE(p);159 *perrno = EINVAL;160 return -1;161 }162 163 /*164 * Some internal functions need a local token to determine access to165 * resoutrces.166 */167 status = create_local_token(p->session_info);168 if (!NT_STATUS_IS_OK(status)) {169 DEBUG(1, ("Failed to init local auth token\n"));170 TALLOC_FREE(p);171 *perrno = EINVAL;172 return -1;173 }174 175 /* Now override the session_info->security_token with the exact176 * security_token we were given from the other side,177 * regardless of what we just calculated */178 p->session_info->security_token = talloc_move(p->session_info, &session_info->security_token);179 180 /* Also set the session key to the correct value */181 p->session_info->user_session_key = session_info->session_key;182 p->session_info->user_session_key.data = talloc_move(p->session_info, &session_info->session_key.data);183 184 p->client_id = talloc_zero(p, struct client_address);185 if (!p->client_id) {186 TALLOC_FREE(p);187 *perrno = ENOMEM;188 return -1;189 }190 strlcpy(p->client_id->addr,191 client_address, sizeof(p->client_id->addr));192 p->client_id->name = talloc_strdup(p->client_id, client_address);193 if (p->client_id->name == NULL) {194 TALLOC_FREE(p);195 *perrno = ENOMEM;196 return -1;197 }198 199 if (server_address != NULL) {200 p->server_id = talloc_zero(p, struct client_address);201 if (p->client_id == NULL) {202 TALLOC_FREE(p);203 *perrno = ENOMEM;204 return -1;205 }206 207 strlcpy(p->server_id->addr,208 server_address,209 sizeof(p->server_id->addr));210 211 p->server_id->name = talloc_strdup(p->server_id,212 server_address);213 if (p->server_id->name == NULL) {214 TALLOC_FREE(p);215 *perrno = ENOMEM;216 return -1;217 }218 }219 220 talloc_set_destructor(p, close_internal_rpc_pipe_hnd);221 72 222 73 *_p = p; … … 246 97 void *private_data); 247 98 248 bool setup_named_pipe_socket(const char *pipe_name, 249 struct tevent_context *ev_ctx) 250 { 251 struct dcerpc_ncacn_listen_state *state; 252 struct tevent_fd *fde; 253 char *np_dir; 254 255 state = talloc(ev_ctx, struct dcerpc_ncacn_listen_state); 256 if (!state) { 257 DEBUG(0, ("Out of memory\n")); 258 return false; 259 } 260 state->ep.name = talloc_strdup(state, pipe_name); 261 if (state->ep.name == NULL) { 262 DEBUG(0, ("Out of memory\n")); 263 goto out; 264 } 265 state->fd = -1; 99 int create_named_pipe_socket(const char *pipe_name) 100 { 101 char *np_dir = NULL; 102 int fd = -1; 266 103 267 104 /* … … 270 107 * create lp_ncalrpc_dir() first. 271 108 */ 272 if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(),0755)) {109 if (!directory_create_or_exist(lp_ncalrpc_dir(), 0755)) { 273 110 DEBUG(0, ("Failed to create pipe directory %s - %s\n", 274 111 lp_ncalrpc_dir(), strerror(errno))); … … 276 113 } 277 114 278 np_dir = talloc_asprintf( state, "%s/np", lp_ncalrpc_dir());115 np_dir = talloc_asprintf(talloc_tos(), "%s/np", lp_ncalrpc_dir()); 279 116 if (!np_dir) { 280 117 DEBUG(0, ("Out of memory\n")); … … 282 119 } 283 120 284 if (!directory_create_or_exist (np_dir, geteuid(), 0700)) {121 if (!directory_create_or_exist_strict(np_dir, geteuid(), 0700)) { 285 122 DEBUG(0, ("Failed to create pipe directory %s - %s\n", 286 123 np_dir, strerror(errno))); … … 288 125 } 289 126 290 state->fd = create_pipe_sock(np_dir, pipe_name, 0700);291 if ( state->fd == -1) {127 fd = create_pipe_sock(np_dir, pipe_name, 0700); 128 if (fd == -1) { 292 129 DEBUG(0, ("Failed to create pipe socket! [%s/%s]\n", 293 130 np_dir, pipe_name)); 294 131 goto out; 295 132 } 133 134 DEBUG(10, ("Openened pipe socket fd %d for %s\n", fd, pipe_name)); 135 136 out: 137 talloc_free(np_dir); 138 return fd; 139 } 140 141 bool setup_named_pipe_socket(const char *pipe_name, 142 struct tevent_context *ev_ctx, 143 struct messaging_context *msg_ctx) 144 { 145 struct dcerpc_ncacn_listen_state *state; 146 struct tevent_fd *fde; 147 int rc; 148 149 state = talloc(ev_ctx, struct dcerpc_ncacn_listen_state); 150 if (!state) { 151 DEBUG(0, ("Out of memory\n")); 152 return false; 153 } 154 state->ep.name = talloc_strdup(state, pipe_name); 155 if (state->ep.name == NULL) { 156 DEBUG(0, ("Out of memory\n")); 157 goto out; 158 } 159 state->fd = create_named_pipe_socket(pipe_name); 160 if (state->fd == -1) { 161 goto out; 162 } 163 164 rc = listen(state->fd, 5); 165 if (rc < 0) { 166 DEBUG(0, ("Failed to listen on pipe socket %s: %s\n", 167 pipe_name, strerror(errno))); 168 goto out; 169 } 170 171 state->ev_ctx = ev_ctx; 172 state->msg_ctx = msg_ctx; 296 173 297 174 DEBUG(10, ("Openened pipe socket fd %d for %s\n", … … 317 194 } 318 195 319 static void named_pipe_accept_function(const char *pipe_name, int fd);320 321 196 static void named_pipe_listener(struct tevent_context *ev, 322 197 struct tevent_fd *fde, … … 348 223 DEBUG(6, ("Accepted socket %d\n", sd)); 349 224 350 named_pipe_accept_function(state->ep.name, sd); 225 named_pipe_accept_function(state->ev_ctx, 226 state->msg_ctx, 227 state->ep.name, 228 sd, NULL, 0); 351 229 } 352 230 … … 356 234 * dispatcher table. */ 357 235 358 struct named_pipe_client { 359 const char *pipe_name; 360 struct ndr_syntax_id pipe_id; 361 362 struct tevent_context *ev; 363 struct messaging_context *msg_ctx; 364 365 uint16_t file_type; 366 uint16_t device_state; 367 uint64_t allocation_size; 368 369 struct tstream_context *tstream; 370 371 struct tsocket_address *client; 372 char *client_name; 373 struct tsocket_address *server; 374 char *server_name; 375 struct auth_session_info_transport *session_info; 376 377 struct pipes_struct *p; 378 379 struct tevent_queue *write_queue; 380 381 struct iovec *iov; 382 size_t count; 383 }; 236 static int named_pipe_destructor(struct named_pipe_client *npc) 237 { 238 if (npc->term_fn) { 239 npc->term_fn(npc->private_data); 240 } 241 return 0; 242 } 243 244 struct named_pipe_client *named_pipe_client_init(TALLOC_CTX *mem_ctx, 245 struct tevent_context *ev_ctx, 246 struct messaging_context *msg_ctx, 247 const char *pipe_name, 248 named_pipe_termination_fn *term_fn, 249 uint16_t file_type, 250 uint16_t device_state, 251 uint64_t allocation_size, 252 void *private_data) 253 { 254 struct named_pipe_client *npc; 255 256 npc = talloc_zero(mem_ctx, struct named_pipe_client); 257 if (npc == NULL) { 258 DEBUG(0, ("Out of memory!\n")); 259 return NULL; 260 } 261 talloc_set_destructor(npc, named_pipe_destructor); 262 263 npc->pipe_name = talloc_strdup(npc, pipe_name); 264 if (npc->pipe_name == NULL) { 265 DEBUG(0, ("Out of memory!\n")); 266 talloc_free(npc); 267 return NULL; 268 } 269 270 npc->ev = ev_ctx; 271 npc->msg_ctx = msg_ctx; 272 npc->term_fn = term_fn; 273 npc->private_data = private_data; 274 275 npc->file_type = file_type; 276 npc->device_state = device_state; 277 npc->allocation_size = allocation_size; 278 279 return npc; 280 } 384 281 385 282 static void named_pipe_accept_done(struct tevent_req *subreq); 386 283 387 static void named_pipe_accept_function(const char *pipe_name, int fd) 388 { 389 struct ndr_syntax_id syntax; 284 void named_pipe_accept_function(struct tevent_context *ev_ctx, 285 struct messaging_context *msg_ctx, 286 const char *pipe_name, int fd, 287 named_pipe_termination_fn *term_fn, 288 void *private_data) 289 { 390 290 struct named_pipe_client *npc; 391 291 struct tstream_context *plain; 392 292 struct tevent_req *subreq; 393 bool ok;394 293 int ret; 395 294 396 ok = is_known_pipename(pipe_name, &syntax); 397 if (!ok) { 398 DEBUG(1, ("Unknown pipe [%s]\n", pipe_name)); 399 close(fd); 400 return; 401 } 402 403 npc = talloc_zero(NULL, struct named_pipe_client); 295 npc = talloc_zero(ev_ctx, struct named_pipe_client); 404 296 if (!npc) { 405 297 DEBUG(0, ("Out of memory!\n")); … … 407 299 return; 408 300 } 409 npc->pipe_name = pipe_name; 410 npc->pipe_id = syntax; 411 npc->ev = server_event_context(); 412 npc->msg_ctx = server_messaging_context(); 301 302 npc->pipe_name = talloc_strdup(npc, pipe_name); 303 if (npc->pipe_name == NULL) { 304 DEBUG(0, ("Out of memory!\n")); 305 TALLOC_FREE(npc); 306 close(fd); 307 return; 308 } 309 npc->ev = ev_ctx; 310 npc->msg_ctx = msg_ctx; 311 npc->term_fn = term_fn; 312 npc->private_data = private_data; 313 314 talloc_set_destructor(npc, named_pipe_destructor); 413 315 414 316 /* make sure socket is in NON blocking state */ … … 446 348 } 447 349 448 static void named_pipe_packet_process(struct tevent_req *subreq);449 350 static void named_pipe_packet_done(struct tevent_req *subreq); 450 351 451 352 static void named_pipe_accept_done(struct tevent_req *subreq) 452 353 { 354 struct auth_session_info_transport *session_info_transport; 453 355 struct named_pipe_client *npc = 454 356 tevent_req_callback_data(subreq, struct named_pipe_client); 455 const char *cli_addr;456 357 int error; 457 358 int ret; … … 463 364 &npc->server, 464 365 &npc->server_name, 465 &npc->session_info); 366 &session_info_transport); 367 368 npc->session_info = talloc_move(npc, &session_info_transport->session_info); 369 466 370 TALLOC_FREE(subreq); 467 371 if (ret != 0) { … … 472 376 } 473 377 474 if (tsocket_address_is_inet(npc->client, "ip")) {475 cli_addr = tsocket_address_inet_addr_string(npc->client,476 subreq);477 if (cli_addr == NULL) {478 TALLOC_FREE(npc);479 return;480 }481 } else {482 cli_addr = "";483 }484 485 378 ret = make_server_pipes_struct(npc, 486 npc->pipe_name, npc->pipe_id, NCACN_NP, 487 false, cli_addr, NULL, npc->session_info, 488 &npc->p, &error); 379 npc->msg_ctx, 380 npc->pipe_name, NCACN_NP, 381 npc->server, 382 npc->client, 383 npc->session_info, 384 &npc->p, &error); 489 385 if (ret != 0) { 490 386 DEBUG(2, ("Failed to create pipes_struct! (%s)\n", … … 492 388 goto fail; 493 389 } 494 npc->p->msg_ctx = npc->msg_ctx;495 390 496 391 npc->write_queue = tevent_queue_create(npc, "np_server_write_queue"); … … 500 395 } 501 396 502 /* And now start rece aving and processing packets */397 /* And now start receiving and processing packets */ 503 398 subreq = dcerpc_read_ncacn_packet_send(npc, npc->ev, npc->tstream); 504 399 if (!subreq) { … … 517 412 } 518 413 519 staticvoid named_pipe_packet_process(struct tevent_req *subreq)414 void named_pipe_packet_process(struct tevent_req *subreq) 520 415 { 521 416 struct named_pipe_client *npc = … … 525 420 struct ncacn_packet *pkt; 526 421 NTSTATUS status; 527 ssize_t data_left;528 ssize_t data_used;529 char *data;530 422 uint32_t to_send; 423 size_t i; 531 424 bool ok; 532 425 … … 537 430 } 538 431 539 data_left = recv_buffer.length; 540 data = (char *)recv_buffer.data; 541 542 while (data_left) { 543 544 data_used = process_incoming_data(npc->p, data, data_left); 545 if (data_used < 0) { 546 DEBUG(3, ("Failed to process dceprc request!\n")); 547 status = NT_STATUS_UNEXPECTED_IO_ERROR; 548 goto fail; 549 } 550 551 data_left -= data_used; 552 data += data_used; 553 } 554 555 /* Do not leak this buffer, npc is a long lived context */ 432 /* dcerpc_read_ncacn_packet_recv() returns a full PDU */ 433 npc->p->in_data.pdu_needed_len = 0; 434 npc->p->in_data.pdu = recv_buffer; 435 if (dcerpc_get_endian_flag(&recv_buffer) & DCERPC_DREP_LE) { 436 npc->p->endian = RPC_LITTLE_ENDIAN; 437 } else { 438 npc->p->endian = RPC_BIG_ENDIAN; 439 } 440 DEBUG(10, ("PDU is in %s Endian format!\n", 441 npc->p->endian ? "Big" : "Little")); 442 process_complete_pdu(npc->p, pkt); 443 444 /* reset pipe state and free PDU */ 445 npc->p->in_data.pdu.length = 0; 556 446 talloc_free(recv_buffer.data); 557 447 talloc_free(pkt); … … 561 451 to_send = out->frag.length - out->current_pdu_sent; 562 452 if (to_send > 0) { 563 564 DEBUG(10, ("Current_pdu_len = %u, "565 "current_pdu_sent = %u "566 "Returning %u bytes\n",567 (unsigned int)out->frag.length,568 (unsigned int)out->current_pdu_sent,569 (unsigned int)to_send));570 453 571 454 npc->iov = talloc_zero(npc, struct iovec); … … 605 488 npc->iov[npc->count].iov_len = out->frag.length; 606 489 607 DEBUG(10, ("PDU number: %d, PDU Length: %u\n",608 (unsigned int)npc->count,609 (unsigned int)npc->iov[npc->count].iov_len));610 dump_data(11, (const uint8_t *)npc->iov[npc->count].iov_base,611 npc->iov[npc->count].iov_len);612 490 npc->count++; 613 491 } … … 627 505 } 628 506 629 DEBUG(10, ("Sending a total of %u bytes\n", 507 DEBUG(10, ("Sending %u fragments in a total of %u bytes\n", 508 (unsigned int)npc->count, 630 509 (unsigned int)npc->p->out_data.data_sent_length)); 631 510 632 subreq = tstream_writev_queue_send(npc, npc->ev, 633 npc->tstream, 634 npc->write_queue, 635 npc->iov, npc->count); 636 if (!subreq) { 637 DEBUG(2, ("Failed to send packet\n")); 638 status = NT_STATUS_NO_MEMORY; 639 goto fail; 640 } 641 tevent_req_set_callback(subreq, named_pipe_packet_done, npc); 511 for (i = 0; i < npc->count; i++) { 512 DEBUG(10, ("Sending PDU number: %d, PDU Length: %u\n", 513 (unsigned int)i, 514 (unsigned int)npc->iov[i].iov_len)); 515 dump_data(11, (const uint8_t *)npc->iov[i].iov_base, 516 npc->iov[i].iov_len); 517 518 subreq = tstream_writev_queue_send(npc, 519 npc->ev, 520 npc->tstream, 521 npc->write_queue, 522 (npc->iov + i), 523 1); 524 if (!subreq) { 525 DEBUG(2, ("Failed to send packet\n")); 526 status = NT_STATUS_NO_MEMORY; 527 goto fail; 528 } 529 tevent_req_set_callback(subreq, named_pipe_packet_done, npc); 530 } 531 642 532 return; 643 533 … … 665 555 } 666 556 557 if (tevent_queue_length(npc->write_queue) > 0) { 558 return; 559 } 560 667 561 if (npc->p->fault_state != 0) { 668 562 DEBUG(2, ("Disconnect after fault\n")); … … 677 571 data_blob_free(&npc->p->out_data.frag); 678 572 data_blob_free(&npc->p->out_data.rdata); 573 574 talloc_free_children(npc->p->mem_ctx); 679 575 680 576 /* Wait for the next packet */ … … 697 593 } 698 594 699 static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx,700 struct messaging_context *msg_ctx,701 struct ndr_syntax_id syntax_id,702 enum dcerpc_transport_t transport,703 const char *name,704 uint16_t port,705 struct tsocket_address *cli_addr,706 struct tsocket_address *srv_addr,707 int s,708 dcerpc_ncacn_disconnect_fn fn);709 710 595 /******************************************************************** 711 596 * Start listening on the tcp/ip socket … … 717 602 void *private_data); 718 603 604 int create_tcpip_socket(const struct sockaddr_storage *ifss, uint16_t *port) 605 { 606 int fd = -1; 607 608 if (*port == 0) { 609 uint16_t i; 610 611 for (i = SERVER_TCP_LOW_PORT; i <= SERVER_TCP_HIGH_PORT; i++) { 612 fd = open_socket_in(SOCK_STREAM, 613 i, 614 0, 615 ifss, 616 false); 617 if (fd >= 0) { 618 *port = i; 619 break; 620 } 621 } 622 } else { 623 fd = open_socket_in(SOCK_STREAM, 624 *port, 625 0, 626 ifss, 627 true); 628 } 629 if (fd == -1) { 630 DEBUG(0, ("Failed to create socket on port %u!\n", *port)); 631 return -1; 632 } 633 634 DEBUG(10, ("Opened tcpip socket fd %d for port %u\n", fd, *port)); 635 636 return fd; 637 } 638 719 639 uint16_t setup_dcerpc_ncacn_tcpip_socket(struct tevent_context *ev_ctx, 720 640 struct messaging_context *msg_ctx, 721 struct ndr_syntax_id syntax_id,722 641 const struct sockaddr_storage *ifss, 723 642 uint16_t port) … … 733 652 } 734 653 735 state->syntax_id = syntax_id;736 654 state->fd = -1; 737 655 state->ep.port = port; 738 656 state->disconnect_fn = NULL; 739 657 740 if (state->ep.port == 0) { 741 uint16_t i; 742 743 for (i = SERVER_TCP_LOW_PORT; i <= SERVER_TCP_HIGH_PORT; i++) { 744 state->fd = open_socket_in(SOCK_STREAM, 745 i, 746 0, 747 ifss, 748 false); 749 if (state->fd > 0) { 750 state->ep.port = i; 751 break; 752 } 753 } 754 } else { 755 state->fd = open_socket_in(SOCK_STREAM, 756 state->ep.port, 757 0, 758 ifss, 759 true); 760 } 658 state->fd = create_tcpip_socket(ifss, &state->ep.port); 761 659 if (state->fd == -1) { 762 DEBUG(0, ("setup_dcerpc_ncacn_tcpip_socket: Failed to create "763 "socket on port %u!\n", state->ep.port));764 660 goto out; 765 661 } … … 859 755 dcerpc_ncacn_accept(state->ev_ctx, 860 756 state->msg_ctx, 861 state->syntax_id,862 757 NCACN_IP_TCP, 863 758 NULL, 864 state->ep.port,865 759 cli_addr, 866 760 srv_addr, … … 878 772 void *private_data); 879 773 774 int create_dcerpc_ncalrpc_socket(const char *name) 775 { 776 int fd = -1; 777 778 if (name == NULL) { 779 name = "DEFAULT"; 780 } 781 782 if (!directory_create_or_exist(lp_ncalrpc_dir(), 0755)) { 783 DEBUG(0, ("Failed to create ncalrpc directory %s - %s\n", 784 lp_ncalrpc_dir(), strerror(errno))); 785 return -1; 786 } 787 788 fd = create_pipe_sock(lp_ncalrpc_dir(), name, 0755); 789 if (fd == -1) { 790 DEBUG(0, ("Failed to create ncalrpc socket! [%s/%s]\n", 791 lp_ncalrpc_dir(), name)); 792 return -1; 793 } 794 795 DEBUG(10, ("Openened ncalrpc socket fd %d for %s\n", fd, name)); 796 797 return fd; 798 } 799 880 800 bool setup_dcerpc_ncalrpc_socket(struct tevent_context *ev_ctx, 881 801 struct messaging_context *msg_ctx, 882 struct ndr_syntax_id syntax_id,883 802 const char *name, 884 803 dcerpc_ncacn_disconnect_fn fn) … … 886 805 struct dcerpc_ncacn_listen_state *state; 887 806 struct tevent_fd *fde; 807 int rc; 888 808 889 809 state = talloc(ev_ctx, struct dcerpc_ncacn_listen_state); … … 893 813 } 894 814 895 state->syntax_id = syntax_id;896 815 state->fd = -1; 897 816 state->disconnect_fn = fn; … … 900 819 name = "DEFAULT"; 901 820 } 821 902 822 state->ep.name = talloc_strdup(state, name); 903 904 823 if (state->ep.name == NULL) { 905 824 DEBUG(0, ("Out of memory\n")); … … 908 827 } 909 828 910 if (!directory_create_or_exist(lp_ncalrpc_dir(), geteuid(), 0755)) { 911 DEBUG(0, ("Failed to create pipe directory %s - %s\n", 912 lp_ncalrpc_dir(), strerror(errno))); 829 state->fd = create_dcerpc_ncalrpc_socket(name); 830 if (state->fd == -1) { 913 831 goto out; 914 832 } 915 833 916 state->fd = create_pipe_sock(lp_ncalrpc_dir(), name, 0755);917 if ( state->fd == -1) {918 DEBUG(0, ("Failed to create pipe socket! [%s/%s]\n",919 lp_ncalrpc_dir(), name));834 rc = listen(state->fd, 5); 835 if (rc < 0) { 836 DEBUG(0, ("Failed to listen on ncalrpc socket %s: %s\n", 837 name, strerror(errno))); 920 838 goto out; 921 839 } 922 923 DEBUG(10, ("Openened pipe socket fd %d for %s\n", state->fd, name));924 840 925 841 state->ev_ctx = ev_ctx; … … 989 905 dcerpc_ncacn_accept(state->ev_ctx, 990 906 state->msg_ctx, 991 state->syntax_id,NCALRPC,992 state->ep.name, 0,907 NCALRPC, 908 state->ep.name, 993 909 cli_addr, NULL, sd, 994 910 state->disconnect_fn); … … 996 912 997 913 struct dcerpc_ncacn_conn { 998 struct ndr_syntax_id syntax_id;999 1000 914 enum dcerpc_transport_t transport; 1001 1002 union {1003 const char *name;1004 uint16_t port;1005 } ep;1006 915 1007 916 int sock; … … 1020 929 struct tsocket_address *server; 1021 930 char *server_name; 1022 struct auth_session_info _transport*session_info;931 struct auth_session_info *session_info; 1023 932 1024 933 struct iovec *iov; … … 1029 938 static void dcerpc_ncacn_packet_done(struct tevent_req *subreq); 1030 939 1031 static void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, 1032 struct messaging_context *msg_ctx, 1033 struct ndr_syntax_id syntax_id, 1034 enum dcerpc_transport_t transport, 1035 const char *name, 1036 uint16_t port, 1037 struct tsocket_address *cli_addr, 1038 struct tsocket_address *srv_addr, 1039 int s, 1040 dcerpc_ncacn_disconnect_fn fn) { 940 void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, 941 struct messaging_context *msg_ctx, 942 enum dcerpc_transport_t transport, 943 const char *name, 944 struct tsocket_address *cli_addr, 945 struct tsocket_address *srv_addr, 946 int s, 947 dcerpc_ncacn_disconnect_fn fn) { 1041 948 struct dcerpc_ncacn_conn *ncacn_conn; 1042 949 struct tevent_req *subreq; 1043 const char *cli_str;1044 const char *srv_str = NULL;1045 bool system_user = false;1046 950 char *pipe_name; 1047 951 NTSTATUS status; 1048 952 int sys_errno; 1049 953 uid_t uid; 954 gid_t gid; 1050 955 int rc; 1051 956 … … 1060 965 1061 966 ncacn_conn->transport = transport; 1062 ncacn_conn->syntax_id = syntax_id;1063 967 ncacn_conn->ev_ctx = ev_ctx; 1064 968 ncacn_conn->msg_ctx = msg_ctx; … … 1099 1003 switch (transport) { 1100 1004 case NCACN_IP_TCP: 1101 ncacn_conn->ep.port = port;1102 1103 1005 pipe_name = tsocket_address_string(ncacn_conn->client, 1104 1006 ncacn_conn); … … 1111 1013 break; 1112 1014 case NCALRPC: 1113 rc = sys_getpeereid(s, &uid);1015 rc = getpeereid(s, &uid, &gid); 1114 1016 if (rc < 0) { 1115 DEBUG(2, ("Failed to get ncalrpc connecting uid!")); 1017 DEBUG(2, ("Failed to get ncalrpc connecting " 1018 "uid - %s!\n", strerror(errno))); 1116 1019 } else { 1117 1020 if (uid == sec_initial_uid()) { 1118 system_user = true; 1021 TALLOC_FREE(ncacn_conn->client); 1022 1023 rc = tsocket_address_unix_from_path(ncacn_conn, 1024 "/root/ncalrpc_as_system", 1025 &ncacn_conn->client); 1026 if (rc < 0) { 1027 DEBUG(0, ("Out of memory!\n")); 1028 talloc_free(ncacn_conn); 1029 close(s); 1030 return; 1031 } 1032 1033 TALLOC_FREE(ncacn_conn->client_name); 1034 ncacn_conn->client_name = tsocket_address_unix_path(ncacn_conn->client, 1035 ncacn_conn); 1036 if (ncacn_conn->client == NULL) { 1037 DEBUG(0, ("Out of memory!\n")); 1038 talloc_free(ncacn_conn); 1039 close(s); 1040 return; 1041 } 1119 1042 } 1120 1043 } 1044 /* FALL TROUGH */ 1121 1045 case NCACN_NP: 1122 ncacn_conn->ep.name = talloc_strdup(ncacn_conn, name);1123 if (ncacn_conn->ep.name == NULL) {1124 close(s);1125 talloc_free(ncacn_conn);1126 return;1127 }1128 1129 1046 pipe_name = talloc_strdup(ncacn_conn, 1130 1047 name); … … 1163 1080 } 1164 1081 1165 if (tsocket_address_is_inet(ncacn_conn->client, "ip")) {1166 cli_str = ncacn_conn->client_name;1167 } else {1168 cli_str = "";1169 }1170 1171 if (ncacn_conn->server != NULL) {1172 if (tsocket_address_is_inet(ncacn_conn->server, "ip")) {1173 srv_str = ncacn_conn->server_name;1174 } else {1175 srv_str = NULL;1176 }1177 }1178 1179 1082 if (ncacn_conn->session_info == NULL) { 1180 status = auth_anonymous_session_info(ncacn_conn, 1181 &ncacn_conn->session_info); 1083 /* 1084 * TODO: use auth_anonymous_session_info() here? 1085 */ 1086 status = make_session_info_guest(ncacn_conn, 1087 &ncacn_conn->session_info); 1182 1088 if (!NT_STATUS_IS_OK(status)) { 1183 1089 DEBUG(2, ("Failed to create " 1184 " auth_anonymous_session_info- %s\n",1090 "make_session_info_guest - %s\n", 1185 1091 nt_errstr(status))); 1186 1092 talloc_free(ncacn_conn); … … 1190 1096 1191 1097 rc = make_server_pipes_struct(ncacn_conn, 1098 ncacn_conn->msg_ctx, 1192 1099 pipe_name, 1193 ncacn_conn->syntax_id,1194 1100 ncacn_conn->transport, 1195 system_user, 1196 cli_str, 1197 srv_str, 1101 ncacn_conn->server, 1102 ncacn_conn->client, 1198 1103 ncacn_conn->session_info, 1199 1104 &ncacn_conn->p, … … 1238 1143 DATA_BLOB recv_buffer = data_blob_null; 1239 1144 struct ncacn_packet *pkt; 1240 ssize_t data_left;1241 ssize_t data_used;1242 1145 uint32_t to_send; 1243 char *data;1244 1146 NTSTATUS status; 1245 1147 bool ok; … … 1257 1159 } 1258 1160 1259 data_left = recv_buffer.length; 1260 data = (char *) recv_buffer.data; 1261 1262 while (data_left) { 1263 data_used = process_incoming_data(ncacn_conn->p, data, data_left); 1264 if (data_used < 0) { 1265 DEBUG(3, ("Failed to process dcerpc request!\n")); 1266 status = NT_STATUS_UNEXPECTED_IO_ERROR; 1267 goto fail; 1268 } 1269 1270 data_left -= data_used; 1271 data += data_used; 1272 } 1273 1274 /* Do not leak this buffer */ 1161 /* dcerpc_read_ncacn_packet_recv() returns a full PDU */ 1162 ncacn_conn->p->in_data.pdu_needed_len = 0; 1163 ncacn_conn->p->in_data.pdu = recv_buffer; 1164 if (dcerpc_get_endian_flag(&recv_buffer) & DCERPC_DREP_LE) { 1165 ncacn_conn->p->endian = RPC_LITTLE_ENDIAN; 1166 } else { 1167 ncacn_conn->p->endian = RPC_BIG_ENDIAN; 1168 } 1169 DEBUG(10, ("PDU is in %s Endian format!\n", 1170 ncacn_conn->p->endian ? "Big" : "Little")); 1171 process_complete_pdu(ncacn_conn->p, pkt); 1172 1173 /* reset pipe state and free PDU */ 1174 ncacn_conn->p->in_data.pdu.length = 0; 1275 1175 talloc_free(recv_buffer.data); 1276 1176 talloc_free(pkt); … … 1412 1312 data_blob_free(&ncacn_conn->p->out_data.rdata); 1413 1313 1314 talloc_free_children(ncacn_conn->p->mem_ctx); 1315 1414 1316 /* Wait for the next packet */ 1415 1317 subreq = dcerpc_read_ncacn_packet_send(ncacn_conn, -
vendor/current/source3/rpc_server/rpc_server.h
r740 r988 24 24 25 25 typedef bool (*dcerpc_ncacn_disconnect_fn)(struct pipes_struct *p); 26 typedef void (named_pipe_termination_fn)(void *private_data); 27 28 struct named_pipe_client { 29 const char *pipe_name; 30 31 struct tevent_context *ev; 32 struct messaging_context *msg_ctx; 33 34 uint16_t file_type; 35 uint16_t device_state; 36 uint64_t allocation_size; 37 38 struct tstream_context *tstream; 39 40 struct tsocket_address *client; 41 char *client_name; 42 struct tsocket_address *server; 43 char *server_name; 44 45 struct auth_session_info *session_info; 46 47 struct pipes_struct *p; 48 49 struct tevent_queue *write_queue; 50 51 struct iovec *iov; 52 size_t count; 53 54 named_pipe_termination_fn *term_fn; 55 void *private_data; 56 }; 57 58 struct named_pipe_client *named_pipe_client_init(TALLOC_CTX *mem_ctx, 59 struct tevent_context *ev_ctx, 60 struct messaging_context *msg_ctx, 61 const char *pipe_name, 62 named_pipe_termination_fn *term_fn, 63 uint16_t file_type, 64 uint16_t device_state, 65 uint64_t allocation_size, 66 void *private_data); 67 68 int make_server_pipes_struct(TALLOC_CTX *mem_ctx, 69 struct messaging_context *msg_ctx, 70 const char *pipe_name, 71 enum dcerpc_transport_t transport, 72 const struct tsocket_address *local_address, 73 const struct tsocket_address *remote_address, 74 struct auth_session_info *session_info, 75 struct pipes_struct **_p, 76 int *perrno); 26 77 27 78 void set_incoming_fault(struct pipes_struct *p); 28 void process_complete_pdu(struct pipes_struct *p); 79 void process_complete_pdu(struct pipes_struct *p, struct ncacn_packet *pkt); 80 int create_named_pipe_socket(const char *pipe_name); 29 81 bool setup_named_pipe_socket(const char *pipe_name, 30 struct tevent_context *ev_ctx); 82 struct tevent_context *ev_ctx, 83 struct messaging_context *msg_ctx); 84 void named_pipe_accept_function(struct tevent_context *ev_ctx, 85 struct messaging_context *msg_ctx, 86 const char *pipe_name, int fd, 87 named_pipe_termination_fn *term_fn, 88 void *private_data); 89 void named_pipe_packet_process(struct tevent_req *subreq); 31 90 32 91 uint16_t setup_dcerpc_ncacn_tcpip_socket(struct tevent_context *ev_ctx, 33 92 struct messaging_context *msg_ctx, 34 struct ndr_syntax_id syntax_id,35 93 const struct sockaddr_storage *ifss, 36 94 uint16_t port); 37 95 96 int create_dcerpc_ncalrpc_socket(const char *name); 38 97 bool setup_dcerpc_ncalrpc_socket(struct tevent_context *ev_ctx, 39 98 struct messaging_context *msg_ctx, 40 struct ndr_syntax_id syntax_id,41 99 const char *name, 42 100 dcerpc_ncacn_disconnect_fn fn); 43 101 102 void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, 103 struct messaging_context *msg_ctx, 104 enum dcerpc_transport_t transport, 105 const char *name, 106 struct tsocket_address *cli_addr, 107 struct tsocket_address *srv_addr, 108 int s, 109 dcerpc_ncacn_disconnect_fn fn); 110 44 111 #endif /* _PRC_SERVER_H_ */ -
vendor/current/source3/rpc_server/samr/srv_samr_chgpasswd.c
r860 r988 55 55 #include "passdb.h" 56 56 #include "auth.h" 57 #include "lib/util/sys_rw.h" 57 58 58 59 #ifndef ALLOW_CHANGE_PASSWORD … … 68 69 int master = -1; 69 70 char *line = NULL; 70 SMB_STRUCT_DIR *dirp = NULL;71 DIR *dirp = NULL; 71 72 const char *dpname; 72 73 … … 78 79 #else 79 80 /* Try to open /dev/ptmx. If that fails, fall through to old method. */ 80 master = sys_open("/dev/ptmx", O_RDWR, 0);81 master = open("/dev/ptmx", O_RDWR, 0); 81 82 #endif 82 83 if (master >= 0) { … … 107 108 } 108 109 109 dirp = sys_opendir("/dev");110 dirp = opendir("/dev"); 110 111 if (!dirp) { 111 112 SAFE_FREE(line); … … 120 121 line[8] = dpname[3]; 121 122 line[9] = dpname[4]; 122 if ((master = sys_open(line, O_RDWR, 0)) >= 0) {123 if ((master = open(line, O_RDWR, 0)) >= 0) { 123 124 DEBUG(3, ("pty: opened %s\n", line)); 124 125 line[5] = 't'; 125 126 *slave = line; 126 sys_closedir(dirp);127 closedir(dirp); 127 128 return (master); 128 129 } 129 130 } 130 131 } 131 sys_closedir(dirp);132 closedir(dirp); 132 133 SAFE_FREE(line); 133 134 return (-1); … … 164 165 165 166 /* Open slave pty and acquire as new controlling terminal. */ 166 if ((slave = sys_open(slavedev, O_RDWR, 0)) < 0)167 if ((slave = open(slavedev, O_RDWR, 0)) < 0) 167 168 { 168 169 DEBUG(3, ("More weirdness, could not open %s\n", slavedev)); … … 392 393 int wstat; 393 394 bool chstat = False; 395 void (*saved_handler)(int); 394 396 395 397 if (pass == NULL) { … … 409 411 */ 410 412 411 CatchChildLeaveStatus();412 413 if ((pid = sys_fork()) < 0) {413 saved_handler = CatchChildLeaveStatus(); 414 415 if ((pid = fork()) < 0) { 414 416 DEBUG(3, ("chat_with_program: Cannot fork() child for password change: %s\n", pass->pw_name)); 415 417 SAFE_FREE(slavedev); 416 418 close(master); 417 CatchChild();419 (void)CatchSignal(SIGCLD, saved_handler); 418 420 return (False); 419 421 } … … 440 442 DEBUG(3, ("chat_with_program: The process is no longer waiting!\n\n")); 441 443 close(master); 442 CatchChild();444 (void)CatchSignal(SIGCLD, saved_handler); 443 445 return (False); 444 446 } … … 447 449 * Go back to ignoring children. 448 450 */ 449 CatchChild();451 (void)CatchSignal(SIGCLD, saved_handler); 450 452 451 453 close(master); … … 588 590 } 589 591 590 passwordprogram = talloc_strdup(ctx, lp_passwd_program());592 passwordprogram = lp_passwd_program(ctx); 591 593 if (!passwordprogram || !*passwordprogram) { 592 594 DEBUG(2, ("chgpasswd: Null password program - no password changing\n")); 593 595 return false; 594 596 } 595 chatsequence = talloc_strdup(ctx, lp_passwd_chat());597 chatsequence = lp_passwd_chat(ctx); 596 598 if (!chatsequence || !*chatsequence) { 597 599 DEBUG(2, ("chgpasswd: Null chat sequence - no password changing\n")); … … 670 672 uchar null_pw[16]; 671 673 uchar null_ntpw[16]; 672 uint8 *password_encrypted;673 const uint8 *encryption_key;674 const uint8 *lanman_pw, *nt_pw;675 uint32 acct_ctrl;674 uint8_t *password_encrypted; 675 const uint8_t *encryption_key; 676 const uint8_t *lanman_pw, *nt_pw; 677 uint32_t acct_ctrl; 676 678 size_t new_pw_len; 677 679 uchar new_nt_hash[16]; … … 895 897 { 896 898 uchar new_nt_p16[NT_HASH_LEN]; 897 const uint8 *nt_pw;898 const uint8 *pwhistory;899 uint32 pwHisLen, curr_pwHisLen;899 const uint8_t *nt_pw; 900 const uint8_t *pwhistory; 901 uint32_t pwHisLen, curr_pwHisLen; 900 902 901 903 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen); … … 944 946 945 947 /* Use external script to check password complexity */ 946 if ((lp_check_password_script( ) == NULL)947 || (*(lp_check_password_script( )) == '\0')) {948 if ((lp_check_password_script(tosctx) == NULL) 949 || (*(lp_check_password_script(tosctx)) == '\0')) { 948 950 return NT_STATUS_OK; 949 951 } 950 952 951 cmd = talloc_string_sub(tosctx, lp_check_password_script( ), "%u",953 cmd = talloc_string_sub(tosctx, lp_check_password_script(tosctx), "%u", 952 954 username); 953 955 if (!cmd) { … … 985 987 enum samPwdChangeReason *samr_reject_reason) 986 988 { 987 uint32 min_len;988 uint32 refuse;989 uint32_t min_len; 990 uint32_t refuse; 989 991 TALLOC_CTX *tosctx = talloc_tos(); 990 992 struct passwd *pass = NULL; -
vendor/current/source3/rpc_server/samr/srv_samr_nt.c
r919 r988 45 45 #include "auth.h" 46 46 #include "rpc_server/srv_access_check.h" 47 #include "../lib/tsocket/tsocket.h" 47 48 48 49 #undef DBGC_CLASS … … 92 93 struct pdb_search *enum_users; /* enumusers with a mask */ 93 94 94 struct t imed_event*cache_timeout_event; /* cache idle timeout95 struct tevent_timer *cache_timeout_event; /* cache idle timeout 95 96 * handler. */ 96 97 } DISP_INFO; … … 132 133 static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, struct security_descriptor **psd, size_t *sd_size, 133 134 const struct generic_mapping *map, 134 struct dom_sid *sid, uint32 sid_access )135 struct dom_sid *sid, uint32_t sid_access ) 135 136 { 136 137 struct dom_sid domadmin_sid; … … 233 234 } 234 235 235 if (sid_check_is_ domain(psid) || sid_check_is_in_our_domain(psid)) {236 if (sid_check_is_our_sam(psid) || sid_check_is_in_our_sam(psid)) { 236 237 /* 237 238 * Necessary only once, but it does not really hurt. … … 278 279 ********************************************************************/ 279 280 280 static void disp_info_cache_idle_timeout_handler(struct event_context *ev_ctx,281 struct t imed_event*te,281 static void disp_info_cache_idle_timeout_handler(struct tevent_context *ev_ctx, 282 struct tevent_timer *te, 282 283 struct timeval now, 283 284 void *private_data) … … 306 307 (unsigned int)secs_fromnow )); 307 308 308 disp_info->cache_timeout_event = event_add_timed(309 disp_info->cache_timeout_event = tevent_add_timer( 309 310 server_event_context(), NULL, 310 311 timeval_current_ofs(secs_fromnow, 0), … … 346 347 } 347 348 348 static uint32 count_sam_users(struct disp_info *info, uint32acct_flags)349 static uint32_t count_sam_users(struct disp_info *info, uint32_t acct_flags) 349 350 { 350 351 struct samr_displayentry *entry; … … 370 371 } 371 372 372 static uint32 count_sam_groups(struct disp_info *info)373 static uint32_t count_sam_groups(struct disp_info *info) 373 374 { 374 375 struct samr_displayentry *entry; … … 394 395 } 395 396 396 static uint32 count_sam_aliases(struct disp_info *info)397 static uint32_t count_sam_aliases(struct disp_info *info) 397 398 { 398 399 struct samr_displayentry *entry; … … 435 436 struct samr_OpenDomain *r) 436 437 { 437 struct samr_connect_info *cinfo;438 438 struct samr_domain_info *dinfo; 439 439 struct security_descriptor *psd = NULL; 440 uint32 acc_granted;441 uint32 des_access = r->in.access_mask;440 uint32_t acc_granted; 441 uint32_t des_access = r->in.access_mask; 442 442 NTSTATUS status; 443 443 size_t sd_size; … … 446 446 /* find the connection policy handle. */ 447 447 448 cinfo =policy_handle_find(p, r->in.connect_handle, 0, NULL,448 (void)policy_handle_find(p, r->in.connect_handle, 0, NULL, 449 449 struct samr_connect_info, &status); 450 450 if (!NT_STATUS_IS_OK(status)) { … … 454 454 /*check if access can be granted as requested by client. */ 455 455 map_max_allowed_access(p->session_info->security_token, 456 &p->session_info->utok,456 p->session_info->unix_token, 457 457 &des_access); 458 458 … … 485 485 return status; 486 486 487 if (!sid_check_is_ domain(r->in.sid) &&487 if (!sid_check_is_our_sam(r->in.sid) && 488 488 !sid_check_is_builtin(r->in.sid)) { 489 489 return NT_STATUS_NO_SUCH_DOMAIN; … … 526 526 } 527 527 528 if (!sid_check_is_in_our_ domain(&uinfo->sid)) {528 if (!sid_check_is_in_our_sam(&uinfo->sid)) { 529 529 return NT_STATUS_OBJECT_TYPE_MISMATCH; 530 530 } … … 546 546 unbecome_root(); 547 547 548 if (lp_check_password_script() && *lp_check_password_script()) { 548 if (lp_check_password_script(talloc_tos()) 549 && *lp_check_password_script(talloc_tos())) { 549 550 password_properties |= DOMAIN_PASSWORD_COMPLEX; 550 551 } … … 571 572 { 572 573 struct samr_user_info *uinfo; 573 uint32 i;574 uint32_t i; 574 575 struct security_acl *dacl; 575 576 bool ret; … … 667 668 struct samr_QuerySecurity *r) 668 669 { 669 struct samr_connect_info *cinfo;670 670 struct samr_domain_info *dinfo; 671 671 struct samr_user_info *uinfo; … … 676 676 size_t sd_size = 0; 677 677 678 cinfo =policy_handle_find(p, r->in.handle,678 (void)policy_handle_find(p, r->in.handle, 679 679 SEC_STD_READ_CONTROL, NULL, 680 680 struct samr_connect_info, &status); … … 785 785 } 786 786 787 sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_entries);787 sam = talloc_zero_array(ctx, struct samr_SamEntry, num_entries); 788 788 if (sam == NULL) { 789 789 DEBUG(0, ("make_user_sam_entry_list: TALLOC_ZERO failed!\n")); … … 826 826 struct samr_domain_info *dinfo; 827 827 int num_account; 828 uint32 enum_context = *r->in.resume_handle;828 uint32_t enum_context = *r->in.resume_handle; 829 829 enum remote_arch_types ra_type = get_remote_arch(); 830 830 int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; 831 uint32 max_entries = max_sam_entries;831 uint32_t max_entries = max_sam_entries; 832 832 struct samr_displayentry *entries = NULL; 833 833 struct samr_SamArray *samr_array = NULL; … … 843 843 } 844 844 845 samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);845 samr_array = talloc_zero(p->mem_ctx, struct samr_SamArray); 846 846 if (!samr_array) { 847 847 return NT_STATUS_NO_MEMORY; … … 939 939 } 940 940 941 sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_sam_entries);941 sam = talloc_zero_array(ctx, struct samr_SamEntry, num_sam_entries); 942 942 if (sam == NULL) { 943 943 return; … … 965 965 struct samr_domain_info *dinfo; 966 966 struct samr_displayentry *groups; 967 uint32 num_groups;967 uint32_t num_groups; 968 968 struct samr_SamArray *samr_array = NULL; 969 969 struct samr_SamEntry *samr_entries = NULL; … … 978 978 DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__)); 979 979 980 samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);980 samr_array = talloc_zero(p->mem_ctx, struct samr_SamArray); 981 981 if (!samr_array) { 982 982 return NT_STATUS_NO_MEMORY; … … 1042 1042 struct samr_domain_info *dinfo; 1043 1043 struct samr_displayentry *aliases; 1044 uint32 num_aliases = 0;1044 uint32_t num_aliases = 0; 1045 1045 struct samr_SamArray *samr_array = NULL; 1046 1046 struct samr_SamEntry *samr_entries = NULL; … … 1056 1056 sid_string_dbg(&dinfo->sid))); 1057 1057 1058 samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);1058 samr_array = talloc_zero(p->mem_ctx, struct samr_SamArray); 1059 1059 if (!samr_array) { 1060 1060 return NT_STATUS_NO_MEMORY; … … 1111 1111 struct samr_displayentry *entries) 1112 1112 { 1113 uint32 i;1113 uint32_t i; 1114 1114 1115 1115 DEBUG(10, ("init_samr_dispinfo_1: num_entries: %d\n", num_entries)); … … 1121 1121 r->count = num_entries; 1122 1122 1123 r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryGeneral, num_entries);1123 r->entries = talloc_zero_array(ctx, struct samr_DispEntryGeneral, num_entries); 1124 1124 if (!r->entries) { 1125 1125 return NT_STATUS_NO_MEMORY; … … 1165 1165 r->count = num_entries; 1166 1166 1167 r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFull, num_entries);1167 r->entries = talloc_zero_array(ctx, struct samr_DispEntryFull, num_entries); 1168 1168 if (!r->entries) { 1169 1169 return NT_STATUS_NO_MEMORY; … … 1206 1206 r->count = num_entries; 1207 1207 1208 r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFullGroup, num_entries);1208 r->entries = talloc_zero_array(ctx, struct samr_DispEntryFullGroup, num_entries); 1209 1209 if (!r->entries) { 1210 1210 return NT_STATUS_NO_MEMORY; … … 1247 1247 r->count = num_entries; 1248 1248 1249 r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);1249 r->entries = talloc_zero_array(ctx, struct samr_DispEntryAscii, num_entries); 1250 1250 if (!r->entries) { 1251 1251 return NT_STATUS_NO_MEMORY; … … 1283 1283 r->count = num_entries; 1284 1284 1285 r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);1285 r->entries = talloc_zero_array(ctx, struct samr_DispEntryAscii, num_entries); 1286 1286 if (!r->entries) { 1287 1287 return NT_STATUS_NO_MEMORY; … … 1308 1308 NTSTATUS status; 1309 1309 struct samr_domain_info *dinfo; 1310 uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */1311 1312 uint32 max_entries = r->in.max_entries;1310 uint32_t struct_size=0x20; /* W2K always reply that, client doesn't care */ 1311 1312 uint32_t max_entries = r->in.max_entries; 1313 1313 1314 1314 union samr_DispInfo *disp_info = r->out.info; 1315 1315 1316 uint32 temp_size=0;1316 uint32_t temp_size=0; 1317 1317 NTSTATUS disp_ret = NT_STATUS_UNSUCCESSFUL; 1318 uint32 num_account = 0;1318 uint32_t num_account = 0; 1319 1319 enum remote_arch_types ra_type = get_remote_arch(); 1320 1320 int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K; … … 1564 1564 { 1565 1565 struct samr_alias_info *ainfo; 1566 struct acct_info info;1566 struct acct_info *info; 1567 1567 NTSTATUS status; 1568 1568 union samr_AliasInfo *alias_info = NULL; … … 1579 1579 } 1580 1580 1581 alias_info = TALLOC_ZERO_P(p->mem_ctx, union samr_AliasInfo);1581 alias_info = talloc_zero(p->mem_ctx, union samr_AliasInfo); 1582 1582 if (!alias_info) { 1583 1583 return NT_STATUS_NO_MEMORY; 1584 1584 } 1585 1585 1586 info = talloc_zero(p->mem_ctx, struct acct_info); 1587 if (!info) { 1588 return NT_STATUS_NO_MEMORY; 1589 } 1590 1586 1591 become_root(); 1587 status = pdb_get_aliasinfo(&ainfo->sid, &info);1592 status = pdb_get_aliasinfo(&ainfo->sid, info); 1588 1593 unbecome_root(); 1589 1594 1590 if ( !NT_STATUS_IS_OK(status)) 1595 if (!NT_STATUS_IS_OK(status)) { 1596 TALLOC_FREE(info); 1591 1597 return status; 1592 1593 /* FIXME: info contains fstrings */ 1594 alias_name = talloc_strdup(r, info.acct_name); 1595 alias_description = talloc_strdup(r, info.acct_desc); 1598 } 1599 1600 alias_name = talloc_steal(r, info->acct_name); 1601 alias_description = talloc_steal(r, info->acct_desc); 1602 TALLOC_FREE(info); 1596 1603 1597 1604 switch (r->in.level) { … … 1627 1634 struct samr_domain_info *dinfo; 1628 1635 NTSTATUS status; 1629 uint32 *rid;1636 uint32_t *rid; 1630 1637 enum lsa_SidType *type; 1631 1638 int i; … … 1648 1655 } 1649 1656 1650 rid = talloc_array(p->mem_ctx, uint32 , num_rids);1657 rid = talloc_array(p->mem_ctx, uint32_t, num_rids); 1651 1658 NT_STATUS_HAVE_NO_MEMORY(rid); 1652 1659 … … 1731 1738 NTSTATUS status; 1732 1739 char *user_name = NULL; 1733 fstring wks; 1740 char *rhost; 1741 const char *wks = NULL; 1734 1742 1735 1743 DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__)); … … 1738 1746 return NT_STATUS_INVALID_PARAMETER; 1739 1747 } 1740 fstrcpy(wks, r->in.server->string); 1748 if (r->in.server && r->in.server->string) { 1749 wks = r->in.server->string; 1750 } 1741 1751 1742 1752 DEBUG(5,("_samr_ChangePasswordUser2: user: %s wks: %s\n", user_name, wks)); … … 1752 1762 } 1753 1763 1764 rhost = tsocket_address_inet_addr_string(p->remote_address, 1765 talloc_tos()); 1766 if (rhost == NULL) { 1767 return NT_STATUS_NO_MEMORY; 1768 } 1769 1754 1770 /* 1755 1771 * UNIX username case mangling not required, pass_oem_change … … 1758 1774 1759 1775 status = pass_oem_change(user_name, 1760 p->client_id->name,1776 rhost, 1761 1777 r->in.lm_password->data, 1762 1778 r->in.lm_verifier->hash, … … 1784 1800 char *user_name = NULL; 1785 1801 const char *wks = NULL; 1802 char *rhost; 1786 1803 1787 1804 DEBUG(5,("_samr_OemChangePasswordUser2: %d\n", __LINE__)); … … 1815 1832 } 1816 1833 1834 rhost = tsocket_address_inet_addr_string(p->remote_address, 1835 talloc_tos()); 1836 if (rhost == NULL) { 1837 return NT_STATUS_NO_MEMORY; 1838 } 1839 1817 1840 status = pass_oem_change(user_name, 1818 p->client_id->name,1841 rhost, 1819 1842 r->in.password->data, 1820 1843 r->in.hash->hash, … … 1846 1869 struct userPwdChangeFailureInformation *reject = NULL; 1847 1870 uint32_t tmp; 1871 char *rhost; 1848 1872 1849 1873 DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__)); … … 1868 1892 } 1869 1893 1894 rhost = tsocket_address_inet_addr_string(p->remote_address, 1895 talloc_tos()); 1896 if (rhost == NULL) { 1897 return NT_STATUS_NO_MEMORY; 1898 } 1899 1870 1900 /* 1871 1901 * UNIX username case mangling not required, pass_oem_change … … 1874 1904 1875 1905 status = pass_oem_change(user_name, 1876 p->client_id->name,1906 rhost, 1877 1907 r->in.lm_password->data, 1878 1908 r->in.lm_verifier->hash, … … 1888 1918 1889 1919 time_t u_expire, u_min_age; 1890 uint32 account_policy_temp;1891 1892 dominfo = TALLOC_ZERO_P(p->mem_ctx, struct samr_DomInfo1);1920 uint32_t account_policy_temp; 1921 1922 dominfo = talloc_zero(p->mem_ctx, struct samr_DomInfo1); 1893 1923 if (!dominfo) { 1894 1924 return NT_STATUS_NO_MEMORY; 1895 1925 } 1896 1926 1897 reject = TALLOC_ZERO_P(p->mem_ctx,1927 reject = talloc_zero(p->mem_ctx, 1898 1928 struct userPwdChangeFailureInformation); 1899 1929 if (!reject) { … … 1927 1957 unix_to_nt_time_abs((NTTIME *)&dominfo->min_password_age, u_min_age); 1928 1958 1929 if (lp_check_password_script() && *lp_check_password_script()) { 1959 if (lp_check_password_script(talloc_tos()) 1960 && *lp_check_password_script(talloc_tos())) { 1930 1961 dominfo->password_properties |= DOMAIN_PASSWORD_COMPLEX; 1931 1962 } … … 1946 1977 ********************************************************************/ 1947 1978 1948 static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,1979 static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32_t num_names, 1949 1980 const char **names, 1950 1981 struct lsa_String **lsa_name_array_p) … … 1956 1987 1957 1988 if (num_names != 0) { 1958 lsa_name_array = TALLOC_ZERO_ARRAY(ctx, struct lsa_String, num_names);1989 lsa_name_array = talloc_zero_array(ctx, struct lsa_String, num_names); 1959 1990 if (!lsa_name_array) { 1960 1991 return false; … … 1983 2014 const char **names; 1984 2015 enum lsa_SidType *attrs = NULL; 1985 uint32 *wire_attrs = NULL;2016 uint32_t *wire_attrs = NULL; 1986 2017 int num_rids = (int)r->in.num_rids; 1987 2018 int i; … … 2006 2037 2007 2038 if (num_rids) { 2008 names = TALLOC_ZERO_ARRAY(p->mem_ctx, const char *, num_rids);2009 attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, enum lsa_SidType, num_rids);2010 wire_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids);2039 names = talloc_zero_array(p->mem_ctx, const char *, num_rids); 2040 attrs = talloc_zero_array(p->mem_ctx, enum lsa_SidType, num_rids); 2041 wire_attrs = talloc_zero_array(p->mem_ctx, uint32_t, num_rids); 2011 2042 2012 2043 if ((names == NULL) || (attrs == NULL) || (wire_attrs==NULL)) … … 2032 2063 } 2033 2064 2034 /* Convert from enum lsa_SidType to uint32 for wire format. */2065 /* Convert from enum lsa_SidType to uint32_t for wire format. */ 2035 2066 for (i = 0; i < num_rids; i++) { 2036 wire_attrs[i] = (uint32 )attrs[i];2067 wire_attrs[i] = (uint32_t)attrs[i]; 2037 2068 } 2038 2069 … … 2063 2094 struct samr_user_info *uinfo; 2064 2095 struct security_descriptor *psd = NULL; 2065 uint32 acc_granted;2066 uint32 des_access = r->in.access_mask;2096 uint32_t acc_granted; 2097 uint32_t des_access = r->in.access_mask; 2067 2098 uint32_t extra_access = 0; 2068 2099 size_t sd_size; … … 2094 2125 /* check if access can be granted as requested by client. */ 2095 2126 map_max_allowed_access(p->session_info->security_token, 2096 &p->session_info->utok,2127 p->session_info->unix_token, 2097 2128 &des_access); 2098 2129 … … 2194 2225 } 2195 2226 2196 r = TALLOC_ZERO_P(mem_ctx, struct lsa_BinaryString);2227 r = talloc_zero(mem_ctx, struct lsa_BinaryString); 2197 2228 if (!r) { 2198 2229 return NT_STATUS_NO_MEMORY; 2199 2230 } 2200 2231 2201 r->array = TALLOC_ZERO_ARRAY(mem_ctx, uint16_t, blob->length/2);2232 r->array = talloc_zero_array(mem_ctx, uint16_t, blob->length/2); 2202 2233 if (!r->array) { 2203 2234 return NT_STATUS_NO_MEMORY; … … 2586 2617 ZERO_STRUCTP(r); 2587 2618 2588 if ( p->session_info->system) {2619 if (security_token_is_system(p->session_info->security_token)) { 2589 2620 goto query; 2590 2621 } … … 2614 2645 DEBUG(4, ("User %s not found\n", sid_string_dbg(user_sid))); 2615 2646 TALLOC_FREE(smbpass); 2616 return (geteuid() == sec_initial_uid()) ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED;2647 return root_mode() ? NT_STATUS_NO_SUCH_USER : NT_STATUS_ACCESS_DENIED; 2617 2648 } 2618 2649 … … 2805 2836 struct samr_user_info *uinfo; 2806 2837 struct dom_sid domain_sid; 2807 uint32 rid;2838 uint32_t rid; 2808 2839 bool ret = false; 2809 2840 struct samu *pwd = NULL; … … 2887 2918 sid_split_rid(&domain_sid, &rid); 2888 2919 2889 if (!sid_check_is_in_our_ domain(&uinfo->sid))2920 if (!sid_check_is_in_our_sam(&uinfo->sid)) 2890 2921 return NT_STATUS_OBJECT_TYPE_MISMATCH; 2891 2922 … … 2893 2924 sid_string_dbg(&uinfo->sid))); 2894 2925 2895 user_info = TALLOC_ZERO_P(p->mem_ctx, union samr_UserInfo);2926 user_info = talloc_zero(p->mem_ctx, union samr_UserInfo); 2896 2927 if (!user_info) { 2897 2928 return NT_STATUS_NO_MEMORY; … … 3024 3055 struct samr_RidWithAttribute dom_gid; 3025 3056 struct samr_RidWithAttribute *gids = NULL; 3026 uint32 primary_group_rid;3057 uint32_t primary_group_rid; 3027 3058 uint32_t num_groups = 0; 3028 3059 gid_t *unix_gids; … … 3055 3086 } 3056 3087 3057 rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidWithAttributeArray);3088 rids = talloc_zero(p->mem_ctx, struct samr_RidWithAttributeArray); 3058 3089 if (!rids) { 3059 3090 return NT_STATUS_NO_MEMORY; 3060 3091 } 3061 3092 3062 if (!sid_check_is_in_our_ domain(&uinfo->sid))3093 if (!sid_check_is_in_our_sam(&uinfo->sid)) 3063 3094 return NT_STATUS_OBJECT_TYPE_MISMATCH; 3064 3095 … … 3190 3221 unix_to_nt_time_abs((NTTIME *)&r->min_password_age, u_min_age); 3191 3222 3192 if (lp_check_password_script( ) && *lp_check_password_script()) {3223 if (lp_check_password_script(talloc_tos()) && *lp_check_password_script(talloc_tos())) { 3193 3224 r->password_properties |= DOMAIN_PASSWORD_COMPLEX; 3194 3225 } … … 3227 3258 unbecome_root(); 3228 3259 3229 r->oem_information.string = lp_server string();3260 r->oem_information.string = lp_server_string(r); 3230 3261 r->domain_name.string = lp_workgroup(); 3231 r->primary.string = global_myname();3262 r->primary.string = lp_netbios_name(); 3232 3263 r->sequence_num = seq_num; 3233 3264 r->domain_server_state = DOMAIN_SERVER_ENABLED; … … 3271 3302 struct samr_DomOEMInformation *r) 3272 3303 { 3273 r->oem_information.string = lp_server string();3304 r->oem_information.string = lp_server_string(r); 3274 3305 3275 3306 return NT_STATUS_OK; … … 3296 3327 * only the name of the PDC if itself is a BDC (samba4 3297 3328 * idl) */ 3298 r->primary.string = global_myname();3329 r->primary.string = lp_netbios_name(); 3299 3330 3300 3331 return NT_STATUS_OK; … … 3504 3535 } 3505 3536 3506 dom_info = TALLOC_ZERO_P(p->mem_ctx, union samr_DomainInfo);3537 dom_info = talloc_zero(p->mem_ctx, union samr_DomainInfo); 3507 3538 if (!dom_info) { 3508 3539 return NT_STATUS_NO_MEMORY; … … 3612 3643 struct samr_user_info *uinfo; 3613 3644 NTSTATUS nt_status; 3614 uint32 acc_granted;3645 uint32_t acc_granted; 3615 3646 struct security_descriptor *psd; 3616 3647 size_t sd_size; 3617 3648 /* check this, when giving away 'add computer to domain' privs */ 3618 uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS;3649 uint32_t des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; 3619 3650 bool can_add_account = False; 3620 3651 … … 3653 3684 /* determine which user right we need to check based on the acb_info */ 3654 3685 3655 if ( geteuid() == sec_initial_uid()) {3686 if (root_mode()) { 3656 3687 can_add_account = true; 3657 3688 } else if (acb_info & ACB_WSTRUST) { … … 3674 3705 3675 3706 DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n", 3676 uidtoname(p->session_info->u tok.uid),3707 uidtoname(p->session_info->unix_token->uid), 3677 3708 can_add_account ? "True":"False" )); 3678 3709 … … 3700 3731 3701 3732 map_max_allowed_access(p->session_info->security_token, 3702 &p->session_info->utok,3733 p->session_info->unix_token, 3703 3734 &des_access); 3704 3735 … … 3765 3796 struct samr_Connect *r) 3766 3797 { 3767 struct samr_connect_info *info;3768 3798 uint32_t acc_granted; 3769 3799 struct policy_handle hnd; 3770 uint32 des_access = r->in.access_mask;3800 uint32_t des_access = r->in.access_mask; 3771 3801 NTSTATUS status; 3772 3802 … … 3783 3813 3784 3814 map_max_allowed_access(p->session_info->security_token, 3785 &p->session_info->utok,3815 p->session_info->unix_token, 3786 3816 &des_access); 3787 3817 … … 3793 3823 /* set up the SAMR connect_anon response */ 3794 3824 3795 info =policy_handle_create(p, &hnd, acc_granted,3825 (void)policy_handle_create(p, &hnd, acc_granted, 3796 3826 struct samr_connect_info, 3797 3827 &status); … … 3811 3841 struct samr_Connect2 *r) 3812 3842 { 3813 struct samr_connect_info *info = NULL;3814 3843 struct policy_handle hnd; 3815 3844 struct security_descriptor *psd = NULL; 3816 uint32 acc_granted;3817 uint32 des_access = r->in.access_mask;3845 uint32_t acc_granted; 3846 uint32_t des_access = r->in.access_mask; 3818 3847 NTSTATUS nt_status; 3819 3848 size_t sd_size; … … 3845 3874 3846 3875 map_max_allowed_access(p->session_info->security_token, 3847 &p->session_info->utok,3876 p->session_info->unix_token, 3848 3877 &des_access); 3849 3878 … … 3858 3887 return nt_status; 3859 3888 3860 info =policy_handle_create(p, &hnd, acc_granted,3889 (void)policy_handle_create(p, &hnd, acc_granted, 3861 3890 struct samr_connect_info, &nt_status); 3862 3891 if (!NT_STATUS_IS_OK(nt_status)) { … … 3940 3969 { 3941 3970 NTSTATUS status; 3942 struct samr_connect_info *info;3943 3971 const char *domain_name; 3944 3972 struct dom_sid *sid = NULL; … … 3947 3975 Reverted that change so we will work with RAS servers again */ 3948 3976 3949 info =policy_handle_find(p, r->in.connect_handle,3977 (void)policy_handle_find(p, r->in.connect_handle, 3950 3978 SAMR_ACCESS_LOOKUP_DOMAIN, NULL, 3951 3979 struct samr_connect_info, … … 3960 3988 } 3961 3989 3962 sid = TALLOC_ZERO_P(p->mem_ctx, struct dom_sid2);3990 sid = talloc_zero(p->mem_ctx, struct dom_sid2); 3963 3991 if (!sid) { 3964 3992 return NT_STATUS_NO_MEMORY; … … 3989 4017 { 3990 4018 NTSTATUS status; 3991 struct samr_connect_info *info;3992 4019 uint32_t num_entries = 2; 3993 4020 struct samr_SamEntry *entry_array = NULL; 3994 4021 struct samr_SamArray *sam; 3995 4022 3996 info =policy_handle_find(p, r->in.connect_handle,4023 (void)policy_handle_find(p, r->in.connect_handle, 3997 4024 SAMR_ACCESS_ENUM_DOMAINS, NULL, 3998 4025 struct samr_connect_info, &status); … … 4001 4028 } 4002 4029 4003 sam = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);4030 sam = talloc_zero(p->mem_ctx, struct samr_SamArray); 4004 4031 if (!sam) { 4005 4032 return NT_STATUS_NO_MEMORY; 4006 4033 } 4007 4034 4008 entry_array = TALLOC_ZERO_ARRAY(p->mem_ctx,4035 entry_array = talloc_zero_array(p->mem_ctx, 4009 4036 struct samr_SamEntry, 4010 4037 num_entries); … … 4036 4063 { 4037 4064 struct dom_sid sid; 4038 uint32 alias_rid = r->in.rid;4065 uint32_t alias_rid = r->in.rid; 4039 4066 struct samr_alias_info *ainfo; 4040 4067 struct samr_domain_info *dinfo; 4041 4068 struct security_descriptor *psd = NULL; 4042 uint32 acc_granted;4043 uint32 des_access = r->in.access_mask;4069 uint32_t acc_granted; 4070 uint32_t des_access = r->in.access_mask; 4044 4071 size_t sd_size; 4045 4072 NTSTATUS status; … … 4060 4087 4061 4088 map_max_allowed_access(p->session_info->security_token, 4062 &p->session_info->utok,4089 p->session_info->unix_token, 4063 4090 &des_access); 4064 4091 … … 4653 4680 ********************************************************************/ 4654 4681 4655 static bool set_user_info_pw(uint8 *pass, const char *rhost, struct samu *pwd)4682 static bool set_user_info_pw(uint8_t *pass, const char *rhost, struct samu *pwd) 4656 4683 { 4657 4684 size_t len = 0; 4658 4685 char *plaintext_buf = NULL; 4659 uint32 acct_ctrl;4686 uint32_t acct_ctrl; 4660 4687 4661 4688 DEBUG(5, ("Attempting administrator password change for user %s\n", … … 4910 4937 uint32_t fields = 0; 4911 4938 bool ret; 4939 char *rhost; 4940 DATA_BLOB session_key; 4912 4941 4913 4942 DEBUG(5,("_samr_SetUserInfo: %d\n", __LINE__)); … … 4992 5021 } 4993 5022 5023 rhost = tsocket_address_inet_addr_string(p->remote_address, 5024 talloc_tos()); 5025 if (rhost == NULL) { 5026 return NT_STATUS_NO_MEMORY; 5027 } 5028 4994 5029 /* ================ BEGIN Privilege BLOCK ================ */ 4995 5030 … … 5061 5096 5062 5097 case 18: 5098 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 5099 if(!NT_STATUS_IS_OK(status)) { 5100 break; 5101 } 5063 5102 /* Used by AS/U JRA. */ 5064 5103 status = set_user_info_18(&info->info18, 5065 5104 p->mem_ctx, 5066 & p->session_info->user_session_key,5105 &session_key, 5067 5106 pwd); 5068 5107 break; … … 5074 5113 5075 5114 case 21: 5115 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 5116 if(!NT_STATUS_IS_OK(status)) { 5117 break; 5118 } 5076 5119 status = set_user_info_21(&info->info21, 5077 5120 p->mem_ctx, 5078 & p->session_info->user_session_key,5121 &session_key, 5079 5122 pwd); 5080 5123 break; 5081 5124 5082 5125 case 23: 5083 if (!p->session_info->user_session_key.length) { 5084 status = NT_STATUS_NO_USER_SESSION_KEY; 5126 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 5127 if(!NT_STATUS_IS_OK(status)) { 5128 break; 5085 5129 } 5086 5130 arcfour_crypt_blob(info->info23.password.data, 516, 5087 & p->session_info->user_session_key);5131 &session_key); 5088 5132 5089 5133 dump_data(100, info->info23.password.data, 516); … … 5091 5135 status = set_user_info_23(p->mem_ctx, 5092 5136 &info->info23, 5093 p->client_id->name,5137 rhost, 5094 5138 pwd); 5095 5139 break; 5096 5140 5097 5141 case 24: 5098 if (!p->session_info->user_session_key.length) { 5099 status = NT_STATUS_NO_USER_SESSION_KEY; 5142 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 5143 if(!NT_STATUS_IS_OK(status)) { 5144 break; 5100 5145 } 5101 5146 arcfour_crypt_blob(info->info24.password.data, 5102 5147 516, 5103 & p->session_info->user_session_key);5148 &session_key); 5104 5149 5105 5150 dump_data(100, info->info24.password.data, 516); 5106 5151 5107 5152 status = set_user_info_24(p->mem_ctx, 5108 p->client_id->name,5153 rhost, 5109 5154 &info->info24, pwd); 5110 5155 break; 5111 5156 5112 5157 case 25: 5113 if (!p->session_info->user_session_key.length) { 5114 status = NT_STATUS_NO_USER_SESSION_KEY; 5158 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 5159 if(!NT_STATUS_IS_OK(status)) { 5160 break; 5115 5161 } 5116 5162 encode_or_decode_arc4_passwd_buffer( 5117 5163 info->info25.password.data, 5118 & p->session_info->user_session_key);5164 &session_key); 5119 5165 5120 5166 dump_data(100, info->info25.password.data, 532); 5121 5167 5122 5168 status = set_user_info_25(p->mem_ctx, 5123 p->client_id->name,5169 rhost, 5124 5170 &info->info25, pwd); 5125 5171 break; 5126 5172 5127 5173 case 26: 5128 if (!p->session_info->user_session_key.length) { 5129 status = NT_STATUS_NO_USER_SESSION_KEY; 5174 status = session_extract_session_key(p->session_info, &session_key, KEY_USE_16BYTES); 5175 if(!NT_STATUS_IS_OK(status)) { 5176 break; 5130 5177 } 5131 5178 encode_or_decode_arc4_passwd_buffer( 5132 5179 info->info26.password.data, 5133 & p->session_info->user_session_key);5180 &session_key); 5134 5181 5135 5182 dump_data(100, info->info26.password.data, 516); 5136 5183 5137 5184 status = set_user_info_26(p->mem_ctx, 5138 p->client_id->name,5185 rhost, 5139 5186 &info->info26, pwd); 5140 5187 break; … … 5181 5228 { 5182 5229 size_t num_alias_rids; 5183 uint32 *alias_rids;5230 uint32_t *alias_rids; 5184 5231 struct samr_domain_info *dinfo; 5185 5232 size_t i; … … 5199 5246 } 5200 5247 5201 if (!sid_check_is_ domain(&dinfo->sid) &&5248 if (!sid_check_is_our_sam(&dinfo->sid) && 5202 5249 !sid_check_is_builtin(&dinfo->sid)) 5203 5250 return NT_STATUS_OBJECT_TYPE_MISMATCH; 5204 5251 5205 5252 if (r->in.sids->num_sids) { 5206 members = TALLOC_ARRAY(p->mem_ctx, struct dom_sid, r->in.sids->num_sids);5253 members = talloc_array(p->mem_ctx, struct dom_sid, r->in.sids->num_sids); 5207 5254 5208 5255 if (members == NULL) … … 5275 5322 5276 5323 if (num_sids) { 5277 sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_SidPtr, num_sids);5324 sids = talloc_zero_array(p->mem_ctx, struct lsa_SidPtr, num_sids); 5278 5325 if (sids == NULL) { 5279 5326 TALLOC_FREE(pdb_sids); … … 5308 5355 size_t i, num_members; 5309 5356 5310 uint32 *rid=NULL;5311 uint32 *attr=NULL;5357 uint32_t *rid=NULL; 5358 uint32_t *attr=NULL; 5312 5359 5313 5360 NTSTATUS status; … … 5321 5368 } 5322 5369 5323 rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidAttrArray);5370 rids = talloc_zero(p->mem_ctx, struct samr_RidAttrArray); 5324 5371 if (!rids) { 5325 5372 return NT_STATUS_NO_MEMORY; … … 5328 5375 DEBUG(10, ("sid is %s\n", sid_string_dbg(&ginfo->sid))); 5329 5376 5330 if (!sid_check_is_in_our_ domain(&ginfo->sid)) {5377 if (!sid_check_is_in_our_sam(&ginfo->sid)) { 5331 5378 DEBUG(3, ("sid %s is not in our domain\n", 5332 5379 sid_string_dbg(&ginfo->sid))); … … 5345 5392 5346 5393 if (num_members) { 5347 attr= TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members);5394 attr=talloc_zero_array(p->mem_ctx, uint32_t, num_members); 5348 5395 if (attr == NULL) { 5349 5396 return NT_STATUS_NO_MEMORY; … … 5446 5493 struct samr_group_info *ginfo; 5447 5494 NTSTATUS status; 5448 uint32 group_rid;5495 uint32_t group_rid; 5449 5496 5450 5497 ginfo = policy_handle_find(p, r->in.group_handle, … … 5485 5532 struct samr_group_info *ginfo; 5486 5533 NTSTATUS status; 5487 uint32 group_rid;5534 uint32_t group_rid; 5488 5535 5489 5536 /* … … 5539 5586 } 5540 5587 5541 if (!sid_check_is_in_our_ domain(&uinfo->sid))5588 if (!sid_check_is_in_our_sam(&uinfo->sid)) 5542 5589 return NT_STATUS_CANNOT_DELETE; 5543 5590 … … 5596 5643 struct samr_group_info *ginfo; 5597 5644 NTSTATUS status; 5598 uint32 group_rid;5645 uint32_t group_rid; 5599 5646 5600 5647 DEBUG(5, ("samr_DeleteDomainGroup: %d\n", __LINE__)); … … 5665 5712 } 5666 5713 5667 if (!sid_check_is_in_our_ domain(&ainfo->sid))5714 if (!sid_check_is_in_our_sam(&ainfo->sid)) 5668 5715 return NT_STATUS_NO_SUCH_ALIAS; 5669 5716 … … 5710 5757 } 5711 5758 5712 if (!sid_check_is_ domain(&dinfo->sid)) {5759 if (!sid_check_is_our_sam(&dinfo->sid)) { 5713 5760 return NT_STATUS_ACCESS_DENIED; 5714 5761 } … … 5772 5819 } 5773 5820 5774 if (!sid_check_is_ domain(&dinfo->sid)) {5821 if (!sid_check_is_our_sam(&dinfo->sid)) { 5775 5822 return NT_STATUS_ACCESS_DENIED; 5776 5823 } … … 5834 5881 struct samr_group_info *ginfo; 5835 5882 NTSTATUS status; 5836 GROUP_MAP map;5883 GROUP_MAP *map; 5837 5884 union samr_GroupInfo *info = NULL; 5838 5885 bool ret; … … 5850 5897 } 5851 5898 5899 map = talloc_zero(p->mem_ctx, GROUP_MAP); 5900 if (!map) { 5901 return NT_STATUS_NO_MEMORY; 5902 } 5903 5852 5904 become_root(); 5853 ret = get_domain_group_from_sid(ginfo->sid, &map);5905 ret = get_domain_group_from_sid(ginfo->sid, map); 5854 5906 unbecome_root(); 5855 5907 if (!ret) 5856 5908 return NT_STATUS_INVALID_HANDLE; 5857 5909 5858 /* FIXME: map contains fstrings */ 5859 group_name = talloc_strdup(r, map.nt_name); 5860 group_description = talloc_strdup(r, map.comment); 5861 5862 info = TALLOC_ZERO_P(p->mem_ctx, union samr_GroupInfo); 5910 group_name = talloc_move(r, &map->nt_name); 5911 group_description = talloc_move(r, &map->comment); 5912 5913 TALLOC_FREE(map); 5914 5915 info = talloc_zero(p->mem_ctx, union samr_GroupInfo); 5863 5916 if (!info) { 5864 5917 return NT_STATUS_NO_MEMORY; … … 5867 5920 switch (r->in.level) { 5868 5921 case 1: { 5869 uint32 *members;5922 uint32_t *members; 5870 5923 size_t num_members; 5871 5924 … … 5897 5950 case 5: { 5898 5951 /* 5899 uint32 *members;5952 uint32_t *members; 5900 5953 size_t num_members; 5901 5954 */ … … 5936 5989 { 5937 5990 struct samr_group_info *ginfo; 5938 GROUP_MAP map;5991 GROUP_MAP *map; 5939 5992 NTSTATUS status; 5940 5993 bool ret; … … 5947 6000 } 5948 6001 6002 map = talloc_zero(p->mem_ctx, GROUP_MAP); 6003 if (!map) { 6004 return NT_STATUS_NO_MEMORY; 6005 } 6006 5949 6007 become_root(); 5950 ret = get_domain_group_from_sid(ginfo->sid, &map);6008 ret = get_domain_group_from_sid(ginfo->sid, map); 5951 6009 unbecome_root(); 5952 6010 if (!ret) … … 5955 6013 switch (r->in.level) { 5956 6014 case 2: 5957 fstrcpy(map.nt_name, r->in.info->name.string); 6015 map->nt_name = talloc_strdup(map, 6016 r->in.info->name.string); 6017 if (!map->nt_name) { 6018 return NT_STATUS_NO_MEMORY; 6019 } 5958 6020 break; 5959 6021 case 3: 5960 6022 break; 5961 6023 case 4: 5962 fstrcpy(map.comment, r->in.info->description.string); 6024 map->comment = talloc_strdup(map, 6025 r->in.info->description.string); 6026 if (!map->comment) { 6027 return NT_STATUS_NO_MEMORY; 6028 } 5963 6029 break; 5964 6030 default: … … 5969 6035 5970 6036 become_root(); 5971 status = pdb_update_group_mapping_entry( &map);6037 status = pdb_update_group_mapping_entry(map); 5972 6038 unbecome_root(); 5973 6039 5974 6040 /******** End SeAddUsers BLOCK *********/ 6041 6042 TALLOC_FREE(map); 5975 6043 5976 6044 if (NT_STATUS_IS_OK(status)) { … … 5989 6057 { 5990 6058 struct samr_alias_info *ainfo; 5991 struct acct_info info;6059 struct acct_info *info; 5992 6060 NTSTATUS status; 5993 6061 … … 5999 6067 } 6000 6068 6069 info = talloc_zero(p->mem_ctx, struct acct_info); 6070 if (!info) { 6071 return NT_STATUS_NO_MEMORY; 6072 } 6073 6001 6074 /* get the current group information */ 6002 6075 6003 6076 become_root(); 6004 status = pdb_get_aliasinfo( &ainfo->sid, &info);6077 status = pdb_get_aliasinfo(&ainfo->sid, info); 6005 6078 unbecome_root(); 6006 6079 … … 6011 6084 case ALIASINFONAME: 6012 6085 { 6013 fstringgroup_name;6086 char *group_name; 6014 6087 6015 6088 /* We currently do not support renaming groups in the … … 6030 6103 doesn't allow you to change the case of a group name. */ 6031 6104 6032 if ( strequal( r->in.info->name.string, info.acct_name ) )6105 if (strequal(r->in.info->name.string, info->acct_name)) { 6033 6106 return NT_STATUS_OK; 6034 6035 fstrcpy( info.acct_name, r->in.info->name.string); 6107 } 6108 6109 talloc_free(info->acct_name); 6110 info->acct_name = talloc_strdup(info, r->in.info->name.string); 6111 if (!info->acct_name) { 6112 return NT_STATUS_NO_MEMORY; 6113 } 6036 6114 6037 6115 /* make sure the name doesn't already exist as a user 6038 6116 or local group */ 6039 6117 6040 fstr_sprintf( group_name, "%s\\%s", global_myname(), info.acct_name ); 6118 group_name = talloc_asprintf(p->mem_ctx, 6119 "%s\\%s", 6120 lp_netbios_name(), 6121 info->acct_name); 6122 if (group_name == NULL) { 6123 return NT_STATUS_NO_MEMORY; 6124 } 6125 6041 6126 status = can_create( p->mem_ctx, group_name ); 6127 talloc_free(group_name); 6042 6128 if ( !NT_STATUS_IS_OK( status ) ) 6043 6129 return status; … … 6045 6131 } 6046 6132 case ALIASINFODESCRIPTION: 6133 TALLOC_FREE(info->acct_desc); 6047 6134 if (r->in.info->description.string) { 6048 fstrcpy(info.acct_desc,6049 r->in.info->description.string);6135 info->acct_desc = talloc_strdup(info, 6136 r->in.info->description.string); 6050 6137 } else { 6051 fstrcpy( info.acct_desc, "" ); 6138 info->acct_desc = talloc_strdup(info, ""); 6139 } 6140 if (!info->acct_desc) { 6141 return NT_STATUS_NO_MEMORY; 6052 6142 } 6053 6143 break; … … 6059 6149 6060 6150 become_root(); 6061 status = pdb_set_aliasinfo( &ainfo->sid, &info);6151 status = pdb_set_aliasinfo(&ainfo->sid, info); 6062 6152 unbecome_root(); 6063 6153 … … 6096 6186 unbecome_root(); 6097 6187 6098 if (lp_check_password_script( ) && *lp_check_password_script()) {6188 if (lp_check_password_script(talloc_tos()) && *lp_check_password_script(talloc_tos())) { 6099 6189 password_properties |= DOMAIN_PASSWORD_COMPLEX; 6100 6190 } … … 6115 6205 { 6116 6206 struct dom_sid info_sid; 6117 GROUP_MAP map;6207 GROUP_MAP *map; 6118 6208 struct samr_domain_info *dinfo; 6119 6209 struct samr_group_info *ginfo; 6120 6210 struct security_descriptor *psd = NULL; 6121 uint32 acc_granted;6122 uint32 des_access = r->in.access_mask;6211 uint32_t acc_granted; 6212 uint32_t des_access = r->in.access_mask; 6123 6213 size_t sd_size; 6124 6214 NTSTATUS status; … … 6134 6224 /*check if access can be granted as requested by client. */ 6135 6225 map_max_allowed_access(p->session_info->security_token, 6136 &p->session_info->utok,6226 p->session_info->unix_token, 6137 6227 &des_access); 6138 6228 … … 6149 6239 /* this should not be hard-coded like this */ 6150 6240 6151 if (!sid_check_is_ domain(&dinfo->sid)) {6241 if (!sid_check_is_our_sam(&dinfo->sid)) { 6152 6242 return NT_STATUS_ACCESS_DENIED; 6153 6243 } … … 6158 6248 sid_string_dbg(&info_sid))); 6159 6249 6250 map = talloc_zero(p->mem_ctx, GROUP_MAP); 6251 if (!map) { 6252 return NT_STATUS_NO_MEMORY; 6253 } 6254 6160 6255 /* check if that group really exists */ 6161 6256 become_root(); 6162 ret = get_domain_group_from_sid(info_sid, &map);6257 ret = get_domain_group_from_sid(info_sid, map); 6163 6258 unbecome_root(); 6164 6259 if (!ret) 6165 6260 return NT_STATUS_NO_SUCH_GROUP; 6261 6262 TALLOC_FREE(map); 6166 6263 6167 6264 ginfo = policy_handle_create(p, r->out.group_handle, … … 6220 6317 sid_string_dbg(&dinfo->sid), 6221 6318 sid_string_dbg(get_global_sam_sid()))); 6222 DEBUGADD(1,("please report to samba-technical@ samba.org!\n"));6319 DEBUGADD(1,("please report to samba-technical@lists.samba.org!\n")); 6223 6320 return NT_STATUS_OK; 6224 6321 } … … 6294 6391 time_t u_lock_duration, u_reset_time; 6295 6392 6393 /* 6394 * It is not possible to set lockout_duration < lockout_window. 6395 * (The test is the other way around since the negative numbers 6396 * are stored...) 6397 * 6398 * This constraint is documented here for the samr rpc service: 6399 * MS-SAMR 3.1.1.6 Attribute Constraints for Originating Updates 6400 * http://msdn.microsoft.com/en-us/library/cc245667%28PROT.10%29.aspx 6401 * 6402 * And here for the ldap backend: 6403 * MS-ADTS 3.1.1.5.3.2 Constraints 6404 * http://msdn.microsoft.com/en-us/library/cc223462(PROT.10).aspx 6405 */ 6406 if (r->lockout_duration > r->lockout_window) { 6407 return NT_STATUS_INVALID_PARAMETER; 6408 } 6409 6296 6410 u_lock_duration = nt_time_to_unix_abs((NTTIME *)&r->lockout_duration); 6297 6411 if (u_lock_duration != -1) { … … 6316 6430 struct samr_SetDomainInfo *r) 6317 6431 { 6318 struct samr_domain_info *dinfo;6319 6432 NTSTATUS status; 6320 6433 uint32_t acc_required = 0; … … 6343 6456 } 6344 6457 6345 dinfo =policy_handle_find(p, r->in.domain_handle,6458 (void)policy_handle_find(p, r->in.domain_handle, 6346 6459 acc_required, NULL, 6347 6460 struct samr_domain_info, &status); … … 6629 6742 struct samr_PwInfo dom_pw_info; 6630 6743 6744 if (p->transport != NCACN_IP_TCP && p->transport != NCALRPC) { 6745 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; 6746 return NT_STATUS_ACCESS_DENIED; 6747 } 6748 6631 6749 if (p->auth.auth_level != DCERPC_AUTH_LEVEL_PRIVACY) { 6632 6750 p->fault_state = DCERPC_FAULT_ACCESS_DENIED; -
vendor/current/source3/rpc_server/spoolss/srv_spoolss_nt.c
r919 r988 39 39 #include "librpc/gen_ndr/ndr_security.h" 40 40 #include "registry.h" 41 #include "registry/reg_objects.h"42 41 #include "include/printing.h" 43 42 #include "secrets.h" … … 48 47 #include "../libcli/registry/util_reg.h" 49 48 #include "smbd/smbd.h" 49 #include "smbd/globals.h" 50 50 #include "auth.h" 51 51 #include "messages.h" … … 54 54 #include "libsmb/libsmb.h" 55 55 #include "printing/printer_list.h" 56 #include "../lib/tsocket/tsocket.h" 56 57 #include "rpc_client/cli_winreg_spoolss.h" 58 #include "../libcli/smb/smbXcli_base.h" 57 59 58 60 /* macros stolen from s4 spoolss server */ … … 85 87 bool document_started; 86 88 bool page_started; 87 uint32 jobid; /* jobid in printing backend */89 uint32_t jobid; /* jobid in printing backend */ 88 90 int printer_type; 89 91 const char *servername; 90 92 fstring sharename; 91 uint32 type;92 uint32 access_granted;93 uint32_t type; 94 uint32_t access_granted; 93 95 struct { 94 uint32 flags;95 uint32 options;96 uint32_t flags; 97 uint32_t options; 96 98 fstring localmachine; 97 uint32 printerlocal;99 uint32_t printerlocal; 98 100 struct spoolss_NotifyOption *option; 99 101 struct policy_handle cli_hnd; 100 102 struct notify_back_channel *cli_chan; 101 uint32 change;103 uint32_t change; 102 104 /* are we in a FindNextPrinterChangeNotify() call? */ 103 105 bool fnpcn; … … 137 139 /* print notify back-channel pipe handle*/ 138 140 struct rpc_pipe_client *cli_pipe; 139 struct dcerpc_binding_handle *binding_handle;141 struct cli_state *cli; 140 142 uint32_t active_connections; 141 143 }; … … 250 252 /* weird if the test succeeds !!! */ 251 253 if (prn_hnd->notify.cli_chan == NULL || 254 prn_hnd->notify.cli_chan->cli_pipe == NULL || 255 prn_hnd->notify.cli_chan->cli_pipe->binding_handle == NULL || 252 256 prn_hnd->notify.cli_chan->active_connections == 0) { 253 257 DEBUG(0, ("Trying to close unexisting backchannel!\n")); … … 258 262 259 263 status = dcerpc_spoolss_ReplyClosePrinter( 260 prn_hnd->notify.cli_chan-> binding_handle,264 prn_hnd->notify.cli_chan->cli_pipe->binding_handle, 261 265 talloc_tos(), 262 266 &prn_hnd->notify.cli_hnd, … … 274 278 if (prn_hnd->notify.cli_chan->active_connections == 1) { 275 279 276 prn_hnd->notify.cli_chan->binding_handle = NULL; 277 cli_shutdown(rpc_pipe_np_smb_conn(prn_hnd->notify.cli_chan->cli_pipe)); 280 cli_shutdown(prn_hnd->notify.cli_chan->cli); 278 281 DLIST_REMOVE(back_channels, prn_hnd->notify.cli_chan); 279 282 TALLOC_FREE(prn_hnd->notify.cli_chan); … … 282 285 messaging_deregister(prn_hnd->notify.msg_ctx, 283 286 MSG_PRINTER_NOTIFY2, NULL); 284 285 /*286 * Tell the serverid.tdb we're no longer287 * interested in printer notify messages.288 */289 290 serverid_register_msg_flags(291 messaging_server_id(prn_hnd->notify.msg_ctx),292 false, FLAG_MSG_PRINT_NOTIFY);293 287 } 294 288 } … … 382 376 struct messaging_context *msg_ctx) 383 377 { 384 char *cmd = lp_deleteprinter_c md();378 char *cmd = lp_deleteprinter_command(talloc_tos()); 385 379 char *command = NULL; 386 380 int ret; … … 424 418 if (ret != 0) 425 419 return WERR_BADFID; /* What to return here? */ 426 427 /* go ahead and re-read the services immediately */428 become_root();429 reload_services(msg_ctx, -1, false);430 unbecome_root();431 432 if ( lp_servicenumber( sharename ) >= 0 )433 return WERR_ACCESS_DENIED;434 420 435 421 return WERR_OK; … … 554 540 555 541 static WERROR set_printer_hnd_name(TALLOC_CTX *mem_ctx, 556 const struct auth_se rversupplied_info *session_info,542 const struct auth_session_info *session_info, 557 543 struct messaging_context *msg_ctx, 558 544 struct printer_handle *Printer, … … 581 567 (unsigned long)strlen(handlename))); 582 568 583 aprinter = CONST_DISCARD(char *, handlename);569 aprinter = discard_const_p(char, handlename); 584 570 if ( *handlename == '\\' ) { 585 571 servername = canon_servername(handlename); … … 637 623 } 638 624 625 cache_key = talloc_asprintf(talloc_tos(), "PRINTERNAME/%s", aprinter); 626 if (cache_key == NULL) { 627 return WERR_NOMEM; 628 } 629 639 630 /* 640 631 * With hundreds of printers, the "for" loop iterating all … … 643 634 * result of which we cache in gencache. 644 635 */ 645 646 cache_key = talloc_asprintf(talloc_tos(), "PRINTERNAME/%s", 647 aprinter); 648 if ((cache_key != NULL) && gencache_get(cache_key, &tmp, NULL)) { 649 636 if (gencache_get(cache_key, talloc_tos(), &tmp, NULL)) { 650 637 found = (strcmp(tmp, printer_not_found) != 0); 651 638 if (!found) { 652 639 DEBUG(4, ("Printer %s not found\n", aprinter)); 653 SAFE_FREE(tmp);640 TALLOC_FREE(tmp); 654 641 return WERR_INVALID_PRINTER_NAME; 655 642 } 656 643 fstrcpy(sname, tmp); 657 SAFE_FREE(tmp);644 TALLOC_FREE(tmp); 658 645 } 659 646 … … 667 654 668 655 /* no point going on if this is not a printer */ 669 if (!(lp_snum_ok(snum) && lp_print _ok(snum))) {656 if (!(lp_snum_ok(snum) && lp_printable(snum))) { 670 657 continue; 671 658 } … … 716 703 } 717 704 718 if ( !found ) { 719 if (cache_key != NULL) { 720 gencache_set(cache_key, printer_not_found, 721 time(NULL)+300); 722 TALLOC_FREE(cache_key); 723 } 705 if (!found) { 706 gencache_set(cache_key, printer_not_found, 707 time_mono(NULL) + 300); 708 TALLOC_FREE(cache_key); 724 709 DEBUGADD(4,("Printer not found\n")); 725 710 return WERR_INVALID_PRINTER_NAME; 726 711 } 727 712 728 if (cache_key != NULL) { 729 gencache_set(cache_key, sname, time(NULL)+300); 730 TALLOC_FREE(cache_key); 731 } 713 gencache_set(cache_key, sname, time_mono(NULL) + 300); 714 TALLOC_FREE(cache_key); 732 715 733 716 DEBUGADD(4,("set_printer_hnd_name: Printer found: %s -> %s\n", aprinter, sname)); 734 717 735 fstrcpy(Printer->sharename, sname);718 strlcpy(Printer->sharename, sname, sizeof(Printer->sharename)); 736 719 737 720 return WERR_OK; … … 859 842 #define SETUP_SPOOLSS_NOTIFY_DATA_DEVMODE(_data, _devmode) \ 860 843 _data->data.devmode.devmode = _devmode; 861 862 #define SETUP_SPOOLSS_NOTIFY_DATA_SECDESC(_data, _sd) \863 _data->data.sd.sd = dup_sec_desc(mem_ctx, _sd); \864 if (!_data->data.sd.sd) { \865 _data->data.sd.sd_size = 0; \866 } \867 _data->data.sd.sd_size = \868 ndr_size_security_descriptor(_data->data.sd.sd, 0);869 844 870 845 static void init_systemtime_buffer(TALLOC_CTX *mem_ctx, … … 1096 1071 ctr->num_groups++; 1097 1072 1098 if ( !(groups = TALLOC_REALLOC_ARRAY( ctr->ctx, ctr->msg_groups, SPOOLSS_NOTIFY_MSG_GROUP, ctr->num_groups)) ) {1073 if ( !(groups = talloc_realloc( ctr->ctx, ctr->msg_groups, SPOOLSS_NOTIFY_MSG_GROUP, ctr->num_groups)) ) { 1099 1074 DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed!\n")); 1100 1075 return 0; … … 1114 1089 msg_grp->num_msgs++; 1115 1090 1116 if ( !(msg_list = TALLOC_REALLOC_ARRAY( ctr->ctx, msg_grp->msgs, SPOOLSS_NOTIFY_MSG, msg_grp->num_msgs )) ) {1091 if ( !(msg_list = talloc_realloc( ctr->ctx, msg_grp->msgs, SPOOLSS_NOTIFY_MSG, msg_grp->num_msgs )) ) { 1117 1092 DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed for new message [%d]!\n", msg_grp->num_msgs)); 1118 1093 return 0; … … 1127 1102 if ( msg->len != 0 ) 1128 1103 msg_grp->msgs[new_slot].notify.data = (char *) 1129 TALLOC_MEMDUP( ctr->ctx, msg->notify.data, msg->len );1104 talloc_memdup( ctr->ctx, msg->notify.data, msg->len ); 1130 1105 1131 1106 return ctr->num_groups; … … 1255 1230 /* Is there notification on this handle? */ 1256 1231 if (prn_hnd->notify.cli_chan == NULL || 1232 prn_hnd->notify.cli_chan->cli_pipe == NULL || 1233 prn_hnd->notify.cli_chan->cli_pipe->binding_handle == NULL || 1257 1234 prn_hnd->notify.cli_chan->active_connections == 0) { 1258 1235 return 0; … … 1287 1264 1288 1265 status = dcerpc_spoolss_RouterReplyPrinterEx( 1289 prn_hnd->notify.cli_chan-> binding_handle,1266 prn_hnd->notify.cli_chan->cli_pipe->binding_handle, 1290 1267 mem_ctx, 1291 1268 &prn_hnd->notify.cli_hnd, … … 1507 1484 messaging_send_buf(msg_ctx, messaging_server_id(msg_ctx), 1508 1485 MSG_PRINTER_DRVUPGRADE, 1509 ( uint8_t *)drivername, len+1);1486 (const uint8_t *)drivername, len+1); 1510 1487 1511 1488 return true; … … 1527 1504 callback to receive a MSG_PRINTER_DRVUPGRADE message and interate 1528 1505 over all printers, upgrading ones as necessary 1506 This is now *ONLY* called inside the background lpq updater. JRA. 1529 1507 **********************************************************************/ 1530 1508 … … 1536 1514 { 1537 1515 TALLOC_CTX *tmp_ctx; 1538 struct auth_serversupplied_info *session_info = NULL;1516 const struct auth_session_info *session_info = get_session_info_system(); 1539 1517 struct spoolss_PrinterInfo2 *pinfo2; 1540 NTSTATUS status;1541 1518 WERROR result; 1542 1519 const char *drivername; … … 1548 1525 if (!tmp_ctx) return; 1549 1526 1550 status = make_session_info_system(tmp_ctx, &session_info);1551 if (!NT_STATUS_IS_OK(status)) {1552 DEBUG(0, ("do_drv_upgrade_printer: "1553 "Could not create system session_info\n"));1554 goto done;1555 }1556 1557 1527 drivername = talloc_strndup(tmp_ctx, (const char *)data->data, data->length); 1558 1528 if (!drivername) { … … 1567 1537 1568 1538 for (snum = 0; snum < n_services; snum++) { 1569 if (!lp_snum_ok(snum) || !lp_print _ok(snum)) {1539 if (!lp_snum_ok(snum) || !lp_printable(snum)) { 1570 1540 continue; 1571 1541 } … … 1654 1624 { 1655 1625 struct spoolss_OpenPrinterEx e; 1626 struct spoolss_UserLevel1 level1; 1656 1627 WERROR werr; 1657 1628 1658 ZERO_STRUCT( e.in.userlevel);1629 ZERO_STRUCT(level1); 1659 1630 1660 1631 e.in.printername = r->in.printername; … … 1662 1633 e.in.devmode_ctr = r->in.devmode_ctr; 1663 1634 e.in.access_mask = r->in.access_mask; 1664 e.in.level = 0; 1635 e.in.userlevel_ctr.level = 1; 1636 e.in.userlevel_ctr.user_info.level1 = &level1; 1665 1637 1666 1638 e.out.handle = r->out.handle; … … 1722 1694 { 1723 1695 int snum; 1696 char *raddr; 1697 char *rhost; 1724 1698 struct printer_handle *Printer=NULL; 1725 1699 WERROR result; 1700 int rc; 1726 1701 1727 1702 if (!r->in.printername) { … … 1729 1704 } 1730 1705 1731 if ( r->in.level > 3) {1706 if (!*r->in.printername) { 1732 1707 return WERR_INVALID_PARAM; 1733 1708 } 1734 if ((r->in.level == 1 && !r->in.userlevel.level1) || 1735 (r->in.level == 2 && !r->in.userlevel.level2) || 1736 (r->in.level == 3 && !r->in.userlevel.level3)) { 1709 1710 if (r->in.userlevel_ctr.level > 3) { 1737 1711 return WERR_INVALID_PARAM; 1738 1712 } 1713 if ((r->in.userlevel_ctr.level == 1 && !r->in.userlevel_ctr.user_info.level1) || 1714 (r->in.userlevel_ctr.level == 2 && !r->in.userlevel_ctr.user_info.level2) || 1715 (r->in.userlevel_ctr.level == 3 && !r->in.userlevel_ctr.user_info.level3)) { 1716 return WERR_INVALID_PARAM; 1717 } 1718 1719 /* 1720 * The printcap printer share inventory is updated on client 1721 * enumeration. For clients that do not perform enumeration prior to 1722 * access, such as cupssmbadd, we reinitialise the printer share 1723 * inventory on open as well. 1724 */ 1725 become_root(); 1726 delete_and_reload_printers(server_event_context(), p->msg_ctx); 1727 unbecome_root(); 1739 1728 1740 1729 /* some sanity check because you can open a printer or a print server */ … … 1815 1804 if ( r->in.access_mask & SERVER_ACCESS_ADMINISTER ) 1816 1805 { 1817 if (!lp_ ms_add_printer_wizard()) {1806 if (!lp_show_add_printer_wizard()) { 1818 1807 close_printer_handle(p, r->out.handle); 1819 1808 ZERO_STRUCTP(r->out.handle); … … 1824 1813 and not a printer admin, then fail */ 1825 1814 1826 if ((p->session_info->u tok.uid != sec_initial_uid()) &&1815 if ((p->session_info->unix_token->uid != sec_initial_uid()) && 1827 1816 !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && 1828 !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) && 1829 !token_contains_name_in_list( 1830 uidtoname(p->session_info->utok.uid), 1831 p->session_info->info3->base.domain.string, 1832 NULL, 1833 p->session_info->security_token, 1834 lp_printer_admin(snum))) { 1817 !nt_token_check_sid(&global_sid_Builtin_Print_Operators, 1818 p->session_info->security_token)) { 1835 1819 close_printer_handle(p, r->out.handle); 1836 1820 ZERO_STRUCTP(r->out.handle); … … 1888 1872 1889 1873 /* check smb.conf parameters and the the sec_desc */ 1890 1891 if (!allow_access(lp_hostsdeny(snum), lp_hostsallow(snum), 1892 p->client_id->name, p->client_id->addr)) { 1874 raddr = tsocket_address_inet_addr_string(p->remote_address, 1875 p->mem_ctx); 1876 if (raddr == NULL) { 1877 return WERR_NOMEM; 1878 } 1879 1880 rc = get_remote_hostname(p->remote_address, 1881 &rhost, 1882 p->mem_ctx); 1883 if (rc < 0) { 1884 return WERR_NOMEM; 1885 } 1886 if (strequal(rhost, "UNKNOWN")) { 1887 rhost = raddr; 1888 } 1889 1890 if (!allow_access(lp_hosts_deny(snum), lp_hosts_allow(snum), 1891 rhost, raddr)) { 1893 1892 DEBUG(3, ("access DENIED (hosts allow/deny) for printer open\n")); 1894 1893 ZERO_STRUCTP(r->out.handle); … … 1896 1895 } 1897 1896 1898 if (!user_ok_token(uidtoname(p->session_info->u tok.uid), NULL,1897 if (!user_ok_token(uidtoname(p->session_info->unix_token->uid), NULL, 1899 1898 p->session_info->security_token, snum) || 1900 ! print_access_check(p->session_info,1901 p->msg_ctx,1902 snum,1903 r->in.access_mask)) {1899 !W_ERROR_IS_OK(print_access_check(p->session_info, 1900 p->msg_ctx, 1901 snum, 1902 r->in.access_mask))) { 1904 1903 DEBUG(3, ("access DENIED for printer open\n")); 1905 1904 close_printer_handle(p, r->out.handle); … … 2069 2068 and not a printer admin, then fail */ 2070 2069 2071 if ( (p->session_info->utok.uid != sec_initial_uid()) 2072 && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) 2073 && !token_contains_name_in_list( 2074 uidtoname(p->session_info->utok.uid), 2075 p->session_info->info3->base.domain.string, 2076 NULL, 2077 p->session_info->security_token, 2078 lp_printer_admin(-1)) ) 2079 { 2070 if ((p->session_info->unix_token->uid != sec_initial_uid()) && 2071 !security_token_has_privilege(p->session_info->security_token, 2072 SEC_PRIV_PRINT_OPERATOR)) { 2080 2073 return WERR_ACCESS_DENIED; 2081 2074 } … … 2083 2076 /* check that we have a valid driver name first */ 2084 2077 2085 if ((version = get_version_id(r->in.architecture)) == -1) 2078 if ((version = get_version_id(r->in.architecture)) == -1) { 2086 2079 return WERR_INVALID_ENVIRONMENT; 2080 } 2087 2081 2088 2082 tmp_ctx = talloc_new(p->mem_ctx); … … 2110 2104 found = true; 2111 2105 2112 if (printer_driver_in_use(tmp_ctx, get_session_info_system(), 2113 p->msg_ctx, info)) { 2106 if (printer_driver_in_use(tmp_ctx, b, info)) { 2114 2107 status = WERR_PRINTER_DRIVER_IN_USE; 2115 2108 goto done; … … 2132 2125 done: 2133 2126 talloc_free(tmp_ctx); 2127 2134 2128 return status; 2135 2129 } … … 2144 2138 bool delete_files; 2145 2139 2146 if (printer_driver_in_use(mem_ctx, get_session_info_system(), 2147 p->msg_ctx, info)) { 2140 if (printer_driver_in_use(mem_ctx, b, info)) { 2148 2141 status = WERR_PRINTER_DRIVER_IN_USE; 2149 2142 goto done; … … 2158 2151 * non-overlapping files 2159 2152 * (3) If neither DPD_DELETE_ALL_FILES nor DPD_DELETE_UNUSED_FILES 2160 * isset, then do not delete any files2153 * are set, then do not delete any files 2161 2154 * Refer to MSDN docs on DeletePrinterDriverEx() for details. 2162 2155 */ … … 2165 2158 & (DPD_DELETE_ALL_FILES | DPD_DELETE_UNUSED_FILES); 2166 2159 2160 2167 2161 if (delete_files) { 2168 bool in_use = printer_driver_files_in_use(mem_ctx, 2169 get_session_info_system(), 2170 p->msg_ctx, 2171 info); 2162 bool in_use = printer_driver_files_in_use(mem_ctx, b, info); 2172 2163 if (in_use && (r->in.delete_flags & DPD_DELETE_ALL_FILES)) { 2173 2164 status = WERR_PRINTER_DRIVER_IN_USE; … … 2179 2170 */ 2180 2171 } 2172 2181 2173 2182 2174 status = winreg_del_driver(mem_ctx, b, info, info->version); … … 2191 2183 */ 2192 2184 if (delete_files) { 2193 delete_driver_files( get_session_info_system(), info);2185 delete_driver_files(p->session_info, info); 2194 2186 } 2195 2187 … … 2215 2207 and not a printer admin, then fail */ 2216 2208 2217 if ( (p->session_info->utok.uid != sec_initial_uid()) 2218 && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) 2219 && !token_contains_name_in_list( 2220 uidtoname(p->session_info->utok.uid), 2221 p->session_info->info3->base.domain.string, 2222 NULL, 2223 p->session_info->security_token, lp_printer_admin(-1)) ) 2224 { 2209 if ((p->session_info->unix_token->uid != sec_initial_uid()) && 2210 !security_token_has_privilege(p->session_info->security_token, 2211 SEC_PRIV_PRINT_OPERATOR)) { 2225 2212 return WERR_ACCESS_DENIED; 2226 2213 } … … 2293 2280 DEBUG(8,("getprinterdata_printer_server:%s\n", value)); 2294 2281 2295 if (! StrCaseCmp(value, "W3SvcInstalled")) {2282 if (!strcasecmp_m(value, "W3SvcInstalled")) { 2296 2283 *type = REG_DWORD; 2297 data->value = 0x00;2284 SIVAL(&data->value, 0, 0x00); 2298 2285 return WERR_OK; 2299 2286 } 2300 2287 2301 if (! StrCaseCmp(value, "BeepEnabled")) {2288 if (!strcasecmp_m(value, "BeepEnabled")) { 2302 2289 *type = REG_DWORD; 2303 data->value = 0x00;2290 SIVAL(&data->value, 0, 0x00); 2304 2291 return WERR_OK; 2305 2292 } 2306 2293 2307 if (! StrCaseCmp(value, "EventLog")) {2294 if (!strcasecmp_m(value, "EventLog")) { 2308 2295 *type = REG_DWORD; 2309 2296 /* formally was 0x1b */ 2310 data->value = 0x00;2297 SIVAL(&data->value, 0, 0x00); 2311 2298 return WERR_OK; 2312 2299 } 2313 2300 2314 if (! StrCaseCmp(value, "NetPopup")) {2301 if (!strcasecmp_m(value, "NetPopup")) { 2315 2302 *type = REG_DWORD; 2316 data->value = 0x00;2303 SIVAL(&data->value, 0, 0x00); 2317 2304 return WERR_OK; 2318 2305 } 2319 2306 2320 if (! StrCaseCmp(value, "MajorVersion")) {2307 if (!strcasecmp_m(value, "MajorVersion")) { 2321 2308 *type = REG_DWORD; 2322 2309 … … 2327 2314 2328 2315 if (RA_WINNT == get_remote_arch()) { 2329 data->value = 0x02;2316 SIVAL(&data->value, 0, 0x02); 2330 2317 } else { 2331 data->value = 0x03;2318 SIVAL(&data->value, 0, 0x03); 2332 2319 } 2333 2320 … … 2335 2322 } 2336 2323 2337 if (! StrCaseCmp(value, "MinorVersion")) {2324 if (!strcasecmp_m(value, "MinorVersion")) { 2338 2325 *type = REG_DWORD; 2339 data->value = 0x00;2326 SIVAL(&data->value, 0, 0x00); 2340 2327 return WERR_OK; 2341 2328 } … … 2348 2335 * extra unicode string = e.g. "Service Pack 3" 2349 2336 */ 2350 if (! StrCaseCmp(value, "OSVersion")) {2337 if (!strcasecmp_m(value, "OSVersion")) { 2351 2338 DATA_BLOB blob; 2352 2339 enum ndr_err_code ndr_err; 2353 2340 struct spoolss_OSVersion os; 2354 2341 2355 os.major = 5; /* Windows 2000 == 5.0 */ 2356 os.minor = 0; 2357 os.build = 2195; /* build */ 2342 os.major = lp_parm_int(GLOBAL_SECTION_SNUM, 2343 "spoolss", "os_major", 5); 2344 /* Windows 2000 == 5.0 */ 2345 os.minor = lp_parm_int(GLOBAL_SECTION_SNUM, 2346 "spoolss", "os_minor", 0); 2347 os.build = lp_parm_int(GLOBAL_SECTION_SNUM, 2348 "spoolss", "os_build", 2195); 2358 2349 os.extra_string = ""; /* leave extra string empty */ 2359 2350 … … 2364 2355 } 2365 2356 2357 if (DEBUGLEVEL >= 10) { 2358 NDR_PRINT_DEBUG(spoolss_OSVersion, &os); 2359 } 2360 2366 2361 *type = REG_BINARY; 2367 2362 data->binary = blob; … … 2371 2366 2372 2367 2373 if (! StrCaseCmp(value, "DefaultSpoolDirectory")) {2368 if (!strcasecmp_m(value, "DefaultSpoolDirectory")) { 2374 2369 *type = REG_SZ; 2375 2370 … … 2380 2375 } 2381 2376 2382 if (! StrCaseCmp(value, "Architecture")) {2377 if (!strcasecmp_m(value, "Architecture")) { 2383 2378 *type = REG_SZ; 2384 2379 data->string = talloc_strdup(mem_ctx, … … 2389 2384 } 2390 2385 2391 if (! StrCaseCmp(value, "DsPresent")) {2386 if (!strcasecmp_m(value, "DsPresent")) { 2392 2387 *type = REG_DWORD; 2393 2388 … … 2396 2391 2397 2392 if (lp_security() == SEC_ADS) { 2398 data->value = 0x01;2393 SIVAL(&data->value, 0, 0x01); 2399 2394 } else { 2400 data->value = 0x00;2395 SIVAL(&data->value, 0, 0x00); 2401 2396 } 2402 2397 return WERR_OK; 2403 2398 } 2404 2399 2405 if (! StrCaseCmp(value, "DNSMachineName")) {2400 if (!strcasecmp_m(value, "DNSMachineName")) { 2406 2401 const char *hostname = get_mydnsfullname(); 2407 2402 … … 2446 2441 **********************************************************/ 2447 2442 2448 static bool spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe, 2449 struct sockaddr_storage *client_ss, const char *remote_machine)2443 static bool spoolss_connect_to_client(struct rpc_pipe_client **pp_pipe, struct cli_state **pp_cli, 2444 struct sockaddr_storage *client_ss, const char *remote_machine) 2450 2445 { 2451 2446 NTSTATUS ret; 2452 struct cli_state *the_cli;2453 2447 struct sockaddr_storage rm_addr; 2454 2448 char addr[INET6_ADDRSTRLEN]; … … 2476 2470 2477 2471 /* setup the connection */ 2478 ret = cli_full_connection( &the_cli, global_myname(), remote_machine,2472 ret = cli_full_connection( pp_cli, lp_netbios_name(), remote_machine, 2479 2473 &rm_addr, 0, "IPC$", "IPC", 2480 2474 "", /* username */ 2481 2475 "", /* domain */ 2482 2476 "", /* password */ 2483 0, False);2477 0, lp_client_signing()); 2484 2478 2485 2479 if ( !NT_STATUS_IS_OK( ret ) ) { … … 2489 2483 } 2490 2484 2491 if ( the_cli->protocol!= PROTOCOL_NT1 ) {2485 if ( smbXcli_conn_protocol((*pp_cli)->conn) != PROTOCOL_NT1 ) { 2492 2486 DEBUG(0,("spoolss_connect_to_client: machine %s didn't negotiate NT protocol.\n", remote_machine)); 2493 cli_shutdown( the_cli);2487 cli_shutdown(*pp_cli); 2494 2488 return false; 2495 2489 } … … 2500 2494 */ 2501 2495 2502 ret = cli_rpc_pipe_open_noauth( the_cli, &ndr_table_spoolss.syntax_id, pp_pipe);2496 ret = cli_rpc_pipe_open_noauth(*pp_cli, &ndr_table_spoolss, pp_pipe); 2503 2497 if (!NT_STATUS_IS_OK(ret)) { 2504 2498 DEBUG(2,("spoolss_connect_to_client: unable to open the spoolss pipe on machine %s. Error was : %s.\n", 2505 2499 remote_machine, nt_errstr(ret))); 2506 cli_shutdown( the_cli);2500 cli_shutdown(*pp_cli); 2507 2501 return false; 2508 2502 } … … 2544 2538 fstrcpy(unix_printer, printer + 2); 2545 2539 2546 chan = talloc_zero( back_channels, struct notify_back_channel);2540 chan = talloc_zero(NULL, struct notify_back_channel); 2547 2541 if (!chan) { 2548 2542 return false; … … 2550 2544 chan->client_address = *client_ss; 2551 2545 2552 if (!spoolss_connect_to_client(&chan->cli_pipe, client_ss, unix_printer)) {2546 if (!spoolss_connect_to_client(&chan->cli_pipe, &chan->cli, client_ss, unix_printer)) { 2553 2547 TALLOC_FREE(chan); 2554 2548 return false; 2555 2549 } 2556 chan->binding_handle = chan->cli_pipe->binding_handle;2557 2550 2558 2551 DLIST_ADD(back_channels, chan); … … 2560 2553 messaging_register(msg_ctx, NULL, MSG_PRINTER_NOTIFY2, 2561 2554 receive_notify2_message_list); 2562 /* Tell the connections db we're now interested in printer 2563 * notify messages. */ 2564 serverid_register_msg_flags(messaging_server_id(msg_ctx), 2565 true, FLAG_MSG_PRINT_NOTIFY); 2555 } 2556 2557 if (chan->cli_pipe == NULL || 2558 chan->cli_pipe->binding_handle == NULL) { 2559 DEBUG(0, ("srv_spoolss_replyopenprinter: error - " 2560 "NULL %s for printer %s\n", 2561 chan->cli_pipe == NULL ? 2562 "chan->cli_pipe" : "chan->cli_pipe->binding_handle", 2563 printer)); 2564 return false; 2566 2565 } 2567 2566 … … 2576 2575 } 2577 2576 2578 status = dcerpc_spoolss_ReplyOpenPrinter(chan-> binding_handle,2577 status = dcerpc_spoolss_ReplyOpenPrinter(chan->cli_pipe->binding_handle, 2579 2578 talloc_tos(), 2580 2579 printer, … … 2665 2664 struct spoolss_NotifyOption *option = r->in.notify_options; 2666 2665 struct sockaddr_storage client_ss; 2666 ssize_t client_len; 2667 2667 2668 2668 /* store the notify value in the printer struct */ … … 2696 2696 2697 2697 DEBUG(10,("_spoolss_RemoteFindFirstPrinterChangeNotifyEx: " 2698 "client_address is %s\n", p->client_id->addr)); 2698 "remote_address is %s\n", 2699 tsocket_address_string(p->remote_address, p->mem_ctx))); 2699 2700 2700 2701 if (!lp_print_notify_backchannel(snum)) { … … 2704 2705 } 2705 2706 2706 if (!interpret_string_addr(&client_ss, p->client_id->addr, 2707 AI_NUMERICHOST)) { 2708 return WERR_SERVER_UNAVAILABLE; 2707 client_len = tsocket_address_bsd_sockaddr(p->remote_address, 2708 (struct sockaddr *) &client_ss, 2709 sizeof(struct sockaddr_storage)); 2710 if (client_len < 0) { 2711 return WERR_NOMEM; 2709 2712 } 2710 2713 … … 2768 2771 TALLOC_CTX *mem_ctx) 2769 2772 { 2770 SETUP_SPOOLSS_NOTIFY_DATA_STRING(data, lp_servicename( snum));2773 SETUP_SPOOLSS_NOTIFY_DATA_STRING(data, lp_servicename(talloc_tos(), snum)); 2771 2774 } 2772 2775 … … 2814 2817 2815 2818 if (*pinfo2->comment == '\0') { 2816 p = lp_comment( snum);2819 p = lp_comment(talloc_tos(), snum); 2817 2820 } else { 2818 2821 p = pinfo2->comment; … … 2939 2942 TALLOC_CTX *mem_ctx) 2940 2943 { 2941 SETUP_SPOOLSS_NOTIFY_DATA_SECDESC(data, pinfo2->secdesc); 2944 if (pinfo2->secdesc == NULL) { 2945 data->data.sd.sd = NULL; 2946 } else { 2947 data->data.sd.sd = security_descriptor_copy(mem_ctx, 2948 pinfo2->secdesc); 2949 } 2950 data->data.sd.sd_size = ndr_size_security_descriptor(data->data.sd.sd, 2951 0); 2942 2952 } 2943 2953 … … 3381 3391 DEBUG(4,("construct_notify_printer_info: Notify type: [%s], number of notify info: [%d] on printer: [%s]\n", 3382 3392 (type == PRINTER_NOTIFY_TYPE ? "PRINTER_NOTIFY_TYPE" : "JOB_NOTIFY_TYPE"), 3383 option_type->count, lp_servicename( snum)));3393 option_type->count, lp_servicename(talloc_tos(), snum))); 3384 3394 3385 3395 for(field_num=0; field_num < option_type->count; field_num++) { … … 3391 3401 continue; 3392 3402 3393 info->notifies = TALLOC_REALLOC_ARRAY(info, info->notifies,3403 info->notifies = talloc_realloc(info, info->notifies, 3394 3404 struct spoolss_Notify, 3395 3405 info->count + 1); … … 3451 3461 continue; 3452 3462 3453 info->notifies = TALLOC_REALLOC_ARRAY(info, info->notifies,3463 info->notifies = talloc_realloc(info, info->notifies, 3454 3464 struct spoolss_Notify, 3455 3465 info->count + 1); … … 3540 3550 if (!lp_browseable(snum) || 3541 3551 !lp_snum_ok(snum) || 3542 !lp_print _ok(snum)) {3552 !lp_printable(snum)) { 3543 3553 continue; /* skip */ 3544 3554 } … … 3548 3558 get_session_info_system(), 3549 3559 p->msg_ctx, 3550 lp_servicename( snum),3560 lp_servicename(talloc_tos(), snum), 3551 3561 &pinfo2); 3552 3562 if (!W_ERROR_IS_OK(result)) { 3553 3563 DEBUG(4, ("printserver_notify_info: " 3554 3564 "Failed to get printer [%s]\n", 3555 lp_servicename( snum)));3565 lp_servicename(talloc_tos(), snum))); 3556 3566 continue; 3557 3567 } … … 3609 3619 struct spoolss_PrinterInfo2 *pinfo2 = NULL; 3610 3620 WERROR result; 3621 struct tdb_print_db *pdb; 3611 3622 3612 3623 DEBUG(4,("printer_notify_info\n")); … … 3629 3640 3630 3641 if (!get_printer_snum(p, hnd, &snum, NULL)) { 3642 return WERR_BADFID; 3643 } 3644 3645 pdb = get_print_db_byname(Printer->sharename); 3646 if (pdb == NULL) { 3631 3647 return WERR_BADFID; 3632 3648 } … … 3636 3652 get_session_info_system(), 3637 3653 p->msg_ctx, 3638 lp_servicename( snum), &pinfo2);3654 lp_servicename(talloc_tos(), snum), &pinfo2); 3639 3655 if (!W_ERROR_IS_OK(result)) { 3640 return WERR_BADFID; 3656 result = WERR_BADFID; 3657 goto err_pdb_drop; 3641 3658 } 3642 3659 … … 3647 3664 pinfo2->servername = talloc_strdup(pinfo2, Printer->servername); 3648 3665 if (pinfo2->servername == NULL) { 3649 return WERR_NOMEM; 3650 } 3651 3652 for (i=0; i<option->count; i++) { 3666 result = WERR_NOMEM; 3667 goto err_pdb_drop; 3668 } 3669 3670 for (i = 0; i < option->count; i++) { 3653 3671 option_type = option->types[i]; 3654 3672 … … 3669 3687 &status); 3670 3688 3671 for (j=0; j<count; j++) { 3689 for (j = 0; j < count; j++) { 3690 uint32_t jobid; 3691 jobid = sysjob_to_jobid_pdb(pdb, 3692 queue[j].sysjob); 3693 if (jobid == (uint32_t)-1) { 3694 DEBUG(2, ("ignoring untracked job %d\n", 3695 queue[j].sysjob)); 3696 continue; 3697 } 3698 /* FIXME check return value */ 3672 3699 construct_notify_jobs_info(p->msg_ctx, 3673 3700 &queue[j], info, 3674 3701 pinfo2, snum, 3675 3702 &option_type, 3676 queue[j].sysjob,3703 jobid, 3677 3704 mem_ctx); 3678 3705 } … … 3699 3726 3700 3727 talloc_free(pinfo2); 3701 return WERR_OK; 3728 result = WERR_OK; 3729 err_pdb_drop: 3730 release_print_db(pdb); 3731 return result; 3702 3732 } 3703 3733 … … 3818 3848 3819 3849 static WERROR construct_printer_info0(TALLOC_CTX *mem_ctx, 3820 const struct auth_se rversupplied_info *session_info,3850 const struct auth_session_info *session_info, 3821 3851 struct messaging_context *msg_ctx, 3822 3852 struct spoolss_PrinterInfo2 *info2, … … 3925 3955 3926 3956 if (info2->comment == NULL || info2->comment[0] == '\0') { 3927 r->comment = talloc_strdup(mem_ctx, lp_comment(snum));3957 r->comment = lp_comment(mem_ctx, snum); 3928 3958 } else { 3929 3959 r->comment = talloc_strdup(mem_ctx, info2->comment); /* saved comment */ … … 3975 4005 } 3976 4006 3977 r->sharename = talloc_strdup(mem_ctx, lp_servicename(snum));4007 r->sharename = lp_servicename(mem_ctx, snum); 3978 4008 W_ERROR_HAVE_NO_MEMORY(r->sharename); 3979 4009 r->portname = talloc_strdup(mem_ctx, info2->portname); … … 3983 4013 3984 4014 if (info2->comment[0] == '\0') { 3985 r->comment = talloc_strdup(mem_ctx, lp_comment(snum));4015 r->comment = lp_comment(mem_ctx, snum); 3986 4016 } else { 3987 4017 r->comment = talloc_strdup(mem_ctx, info2->comment); … … 4053 4083 the SEC_DESC members */ 4054 4084 4055 r->secdesc = dup_sec_desc(mem_ctx, info2->secdesc); 4085 r->secdesc = security_descriptor_copy(mem_ctx, info2->secdesc); 4086 if (r->secdesc == NULL) { 4087 return WERR_NOMEM; 4088 } 4056 4089 } 4057 4090 … … 4076 4109 the SEC_DESC members */ 4077 4110 4078 r->secdesc = dup_sec_desc(mem_ctx, info2->secdesc); 4079 W_ERROR_HAVE_NO_MEMORY(r->secdesc); 4111 r->secdesc = security_descriptor_copy(mem_ctx, info2->secdesc); 4112 if (r->secdesc == NULL) { 4113 return WERR_NOMEM; 4114 } 4080 4115 } 4081 4116 … … 4155 4190 int snum) 4156 4191 { 4157 int count;4158 4192 print_status_struct status; 4159 4193 4160 count =print_queue_length(msg_ctx, snum, &status);4194 print_queue_length(msg_ctx, snum, &status); 4161 4195 4162 4196 r->status = nt_printq_status(status.status); … … 4176 4210 int snum) 4177 4211 { 4178 struct auth_serversupplied_info *session_info;4212 const struct auth_session_info *session_info; 4179 4213 char *printer; 4180 NTSTATUS status;4181 4214 WERROR werr; 4182 4215 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); … … 4185 4218 } 4186 4219 4187 status = make_session_info_system(tmp_ctx, &session_info); 4188 if (!NT_STATUS_IS_OK(status)) { 4189 DEBUG(0, ("construct_printer_info7: " 4190 "Could not create system session_info\n")); 4191 werr = WERR_NOMEM; 4192 goto out_tmp_free; 4193 } 4194 4195 printer = lp_servicename(snum); 4220 session_info = get_session_info_system(); 4221 SMB_ASSERT(session_info != NULL); 4222 4223 printer = lp_servicename(tmp_ctx, snum); 4196 4224 if (printer == NULL) { 4197 4225 DEBUG(0, ("invalid printer snum %d\n", snum)); … … 4203 4231 servername, printer, NULL)) { 4204 4232 struct GUID guid; 4233 struct GUID_txt_buf guid_txt; 4205 4234 werr = nt_printer_guid_get(tmp_ctx, session_info, msg_ctx, 4206 4235 printer, &guid); 4207 4236 if (!W_ERROR_IS_OK(werr)) { 4208 goto out_tmp_free; 4209 } 4210 r->guid = talloc_strdup_upper(mem_ctx, GUID_string2(mem_ctx, &guid)); 4237 /* 4238 * If we do not have a GUID entry in the registry, then 4239 * try to retrieve it from AD and store it now. 4240 */ 4241 werr = nt_printer_guid_retrieve(tmp_ctx, printer, 4242 &guid); 4243 if (!W_ERROR_IS_OK(werr)) { 4244 DEBUG(1, ("Failed to retrieve GUID for " 4245 "printer [%s] from AD - " 4246 "Is the the printer still " 4247 "published ?\n", printer)); 4248 goto out_tmp_free; 4249 } 4250 4251 werr = nt_printer_guid_store(msg_ctx, printer, guid); 4252 if (!W_ERROR_IS_OK(werr)) { 4253 DEBUG(3, ("failed to store printer %s guid\n", 4254 printer)); 4255 } 4256 } 4257 r->guid = talloc_strdup_upper(mem_ctx, 4258 GUID_buf_string(&guid, &guid_txt)); 4211 4259 r->action = DSPRINT_PUBLISH; 4212 4260 } else { … … 4268 4316 } 4269 4317 4270 4271 /********************************************************************4272 ********************************************************************/4273 4274 static bool snum_is_shared_printer(int snum)4275 {4276 return (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum));4277 }4278 4279 4318 /******************************************************************** 4280 4319 Spoolss_enumprinters. … … 4282 4321 4283 4322 static WERROR enum_all_printers_info_level(TALLOC_CTX *mem_ctx, 4284 const struct auth_se rversupplied_info *session_info,4323 const struct auth_session_info *session_info, 4285 4324 struct messaging_context *msg_ctx, 4286 4325 const char *servername, … … 4291 4330 { 4292 4331 int snum; 4293 int n_services = lp_numservices();4332 int n_services; 4294 4333 union spoolss_PrinterInfo *info = NULL; 4295 4334 uint32_t count = 0; 4296 4335 WERROR result = WERR_OK; 4297 4336 struct dcerpc_binding_handle *b = NULL; 4298 4337 TALLOC_CTX *tmp_ctx = NULL; 4338 4339 tmp_ctx = talloc_new(mem_ctx); 4340 if (!tmp_ctx) { 4341 return WERR_NOMEM; 4342 } 4343 4344 /* 4345 * printer shares are updated on client enumeration. The background 4346 * printer process updates printer_list.tdb at regular intervals. 4347 */ 4348 become_root(); 4349 delete_and_reload_printers(server_event_context(), msg_ctx); 4350 unbecome_root(); 4351 4352 n_services = lp_numservices(); 4299 4353 *count_p = 0; 4300 4354 *info_p = NULL; … … 4315 4369 4316 4370 if (b == NULL) { 4317 result = winreg_printer_binding_handle( mem_ctx,4371 result = winreg_printer_binding_handle(tmp_ctx, 4318 4372 session_info, 4319 4373 msg_ctx, … … 4324 4378 } 4325 4379 4326 result = winreg_create_printer( mem_ctx, b,4380 result = winreg_create_printer(tmp_ctx, b, 4327 4381 printer); 4328 4382 if (!W_ERROR_IS_OK(result)) { … … 4330 4384 } 4331 4385 4332 info = TALLOC_REALLOC_ARRAY(mem_ctx, info,4386 info = talloc_realloc(tmp_ctx, info, 4333 4387 union spoolss_PrinterInfo, 4334 4388 count + 1); … … 4338 4392 } 4339 4393 4340 result = winreg_get_printer( mem_ctx, b,4394 result = winreg_get_printer(tmp_ctx, b, 4341 4395 printer, &info2); 4342 4396 if (!W_ERROR_IS_OK(result)) { … … 4384 4438 } 4385 4439 4386 *count_p = count; 4387 *info_p = info; 4388 4389 out: 4390 if (!W_ERROR_IS_OK(result)) { 4391 TALLOC_FREE(info); 4392 return result; 4393 } 4394 4395 *info_p = info; 4396 4397 return WERR_OK; 4440 out: 4441 if (W_ERROR_IS_OK(result)) { 4442 *info_p = talloc_move(mem_ctx, &info); 4443 *count_p = count; 4444 } 4445 4446 talloc_free(tmp_ctx); 4447 4448 return result; 4398 4449 } 4399 4450 … … 4403 4454 4404 4455 static WERROR enumprinters_level0(TALLOC_CTX *mem_ctx, 4405 const struct auth_se rversupplied_info *session_info,4456 const struct auth_session_info *session_info, 4406 4457 struct messaging_context *msg_ctx, 4407 4458 uint32_t flags, … … 4421 4472 4422 4473 static WERROR enum_all_printers_info_1(TALLOC_CTX *mem_ctx, 4423 const struct auth_se rversupplied_info *session_info,4474 const struct auth_session_info *session_info, 4424 4475 struct messaging_context *msg_ctx, 4425 4476 const char *servername, … … 4439 4490 4440 4491 static WERROR enum_all_printers_info_1_local(TALLOC_CTX *mem_ctx, 4441 const struct auth_se rversupplied_info *session_info,4492 const struct auth_session_info *session_info, 4442 4493 struct messaging_context *msg_ctx, 4443 4494 const char *servername, … … 4456 4507 4457 4508 static WERROR enum_all_printers_info_1_name(TALLOC_CTX *mem_ctx, 4458 const struct auth_se rversupplied_info *session_info,4509 const struct auth_session_info *session_info, 4459 4510 struct messaging_context *msg_ctx, 4460 4511 const char *servername, … … 4484 4535 4485 4536 static WERROR enum_all_printers_info_1_network(TALLOC_CTX *mem_ctx, 4486 const struct auth_se rversupplied_info *session_info,4537 const struct auth_session_info *session_info, 4487 4538 struct messaging_context *msg_ctx, 4488 4539 const char *servername, … … 4522 4573 4523 4574 static WERROR enum_all_printers_info_2(TALLOC_CTX *mem_ctx, 4524 const struct auth_se rversupplied_info *session_info,4575 const struct auth_session_info *session_info, 4525 4576 struct messaging_context *msg_ctx, 4526 4577 const char *servername, … … 4539 4590 4540 4591 static WERROR enumprinters_level1(TALLOC_CTX *mem_ctx, 4541 const struct auth_se rversupplied_info *session_info,4592 const struct auth_session_info *session_info, 4542 4593 struct messaging_context *msg_ctx, 4543 4594 uint32_t flags, … … 4573 4624 4574 4625 static WERROR enumprinters_level2(TALLOC_CTX *mem_ctx, 4575 const struct auth_se rversupplied_info *session_info,4626 const struct auth_session_info *session_info, 4576 4627 struct messaging_context *msg_ctx, 4577 4628 uint32_t flags, … … 4609 4660 4610 4661 static WERROR enumprinters_level4(TALLOC_CTX *mem_ctx, 4611 const struct auth_se rversupplied_info *session_info,4662 const struct auth_session_info *session_info, 4612 4663 struct messaging_context *msg_ctx, 4613 4664 uint32_t flags, … … 4628 4679 4629 4680 static WERROR enumprinters_level5(TALLOC_CTX *mem_ctx, 4630 const struct auth_se rversupplied_info *session_info,4681 const struct auth_session_info *session_info, 4631 4682 struct messaging_context *msg_ctx, 4632 4683 uint32_t flags, … … 4648 4699 struct spoolss_EnumPrinters *r) 4649 4700 { 4650 const struct auth_se rversupplied_info *session_info = get_session_info_system();4701 const struct auth_session_info *session_info = get_session_info_system(); 4651 4702 WERROR result; 4652 4703 … … 4744 4795 4745 4796 if (!r->in.buffer && (r->in.offered != 0)) { 4746 return WERR_INVALID_PARAM; 4797 result = WERR_INVALID_PARAM; 4798 goto err_info_free; 4747 4799 } 4748 4800 … … 4750 4802 4751 4803 if (Printer == NULL) { 4752 return WERR_BADFID; 4804 result = WERR_BADFID; 4805 goto err_info_free; 4753 4806 } 4754 4807 4755 4808 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 4756 return WERR_BADFID; 4809 result = WERR_BADFID; 4810 goto err_info_free; 4757 4811 } 4758 4812 … … 4763 4817 &info2); 4764 4818 if (!W_ERROR_IS_OK(result)) { 4765 goto out;4819 goto err_info_free; 4766 4820 } 4767 4821 … … 4821 4875 break; 4822 4876 } 4823 4824 out: 4877 TALLOC_FREE(info2); 4878 4825 4879 if (!W_ERROR_IS_OK(result)) { 4826 4880 DEBUG(0, ("_spoolss_GetPrinter: failed to construct printer info level %d - %s\n", 4827 4881 r->in.level, win_errstr(result))); 4828 TALLOC_FREE(r->out.info); 4829 return result; 4882 goto err_info_free; 4830 4883 } 4831 4884 … … 4835 4888 4836 4889 return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER); 4890 4891 err_info_free: 4892 TALLOC_FREE(r->out.info); 4893 return result; 4837 4894 } 4838 4895 … … 4867 4924 int version) 4868 4925 { 4869 int i, num_strings = 0; 4926 int i; 4927 size_t num_strings = 0; 4870 4928 const char **array = NULL; 4871 4929 … … 4894 4952 } 4895 4953 4896 if (presult ) {4954 if (presult != NULL) { 4897 4955 *presult = array; 4956 } else { 4957 talloc_free(array); 4898 4958 } 4899 4959 … … 5372 5432 5373 5433 if (strlen(driver->driver_path)) { 5374 info = TALLOC_REALLOC_ARRAY(mem_ctx, info,5434 info = talloc_realloc(mem_ctx, info, 5375 5435 struct spoolss_DriverFileInfo, 5376 5436 count + 1); … … 5387 5447 5388 5448 if (strlen(driver->config_file)) { 5389 info = TALLOC_REALLOC_ARRAY(mem_ctx, info,5449 info = talloc_realloc(mem_ctx, info, 5390 5450 struct spoolss_DriverFileInfo, 5391 5451 count + 1); … … 5402 5462 5403 5463 if (strlen(driver->data_file)) { 5404 info = TALLOC_REALLOC_ARRAY(mem_ctx, info,5464 info = talloc_realloc(mem_ctx, info, 5405 5465 struct spoolss_DriverFileInfo, 5406 5466 count + 1); … … 5417 5477 5418 5478 if (strlen(driver->help_file)) { 5419 info = TALLOC_REALLOC_ARRAY(mem_ctx, info,5479 info = talloc_realloc(mem_ctx, info, 5420 5480 struct spoolss_DriverFileInfo, 5421 5481 count + 1); … … 5432 5492 5433 5493 for (i=0; driver->dependent_files[i] && driver->dependent_files[i][0] != '\0'; i++) { 5434 info = TALLOC_REALLOC_ARRAY(mem_ctx, info,5494 info = talloc_realloc(mem_ctx, info, 5435 5495 struct spoolss_DriverFileInfo, 5436 5496 count + 1); … … 5518 5578 5519 5579 static WERROR construct_printer_driver_info_level(TALLOC_CTX *mem_ctx, 5520 const struct auth_se rversupplied_info *session_info,5580 const struct auth_session_info *session_info, 5521 5581 struct messaging_context *msg_ctx, 5522 5582 uint32_t level, … … 5531 5591 WERROR result; 5532 5592 struct dcerpc_binding_handle *b; 5593 TALLOC_CTX *tmp_ctx = NULL; 5533 5594 5534 5595 if (level == 101) { … … 5536 5597 } 5537 5598 5538 result = winreg_printer_binding_handle(mem_ctx, 5599 tmp_ctx = talloc_new(mem_ctx); 5600 if (!tmp_ctx) { 5601 return WERR_NOMEM; 5602 } 5603 5604 result = winreg_printer_binding_handle(tmp_ctx, 5539 5605 session_info, 5540 5606 msg_ctx, 5541 5607 &b); 5542 5608 if (!W_ERROR_IS_OK(result)) { 5543 return result;5544 } 5545 5546 result = winreg_get_printer( mem_ctx, b,5609 goto done; 5610 } 5611 5612 result = winreg_get_printer(tmp_ctx, b, 5547 5613 lp_const_servicename(snum), 5548 5614 &pinfo2); … … 5552 5618 5553 5619 if (!W_ERROR_IS_OK(result)) { 5554 return WERR_INVALID_PRINTER_NAME; 5555 } 5556 5557 result = winreg_get_driver(mem_ctx, b, 5620 result = WERR_INVALID_PRINTER_NAME; 5621 goto done; 5622 } 5623 5624 result = winreg_get_driver(tmp_ctx, b, 5558 5625 architecture, 5559 5626 pinfo2->drivername, version, &driver); … … 5568 5635 5569 5636 if (version < 3) { 5570 talloc_free(pinfo2);5571 return WERR_UNKNOWN_PRINTER_DRIVER;5637 result = WERR_UNKNOWN_PRINTER_DRIVER; 5638 goto done; 5572 5639 } 5573 5640 5574 5641 /* Yes - try again with a WinNT driver. */ 5575 5642 version = 2; 5576 result = winreg_get_driver( mem_ctx, b,5643 result = winreg_get_driver(tmp_ctx, b, 5577 5644 architecture, 5578 5645 pinfo2->drivername, … … 5581 5648 win_errstr(result))); 5582 5649 if (!W_ERROR_IS_OK(result)) { 5583 talloc_free(pinfo2); 5584 return WERR_UNKNOWN_PRINTER_DRIVER; 5585 } 5586 } 5587 5650 result = WERR_UNKNOWN_PRINTER_DRIVER; 5651 goto done; 5652 } 5653 } 5654 5655 /* these are allocated on mem_ctx and not tmp_ctx because they are 5656 * the 'return value' and need to utlive this call */ 5588 5657 switch (level) { 5589 5658 case 1: … … 5618 5687 } 5619 5688 5620 talloc_free(pinfo2); 5621 talloc_free(driver); 5622 5689 done: 5690 talloc_free(tmp_ctx); 5623 5691 return result; 5624 5692 } … … 5640 5708 5641 5709 if (!r->in.buffer && (r->in.offered != 0)) { 5642 return WERR_INVALID_PARAM; 5710 result = WERR_INVALID_PARAM; 5711 goto err_info_free; 5643 5712 } 5644 5713 … … 5647 5716 if (!(printer = find_printer_index_by_hnd(p, r->in.handle))) { 5648 5717 DEBUG(0,("_spoolss_GetPrinterDriver2: invalid printer handle!\n")); 5649 return WERR_INVALID_PRINTER_NAME; 5718 result = WERR_INVALID_PRINTER_NAME; 5719 goto err_info_free; 5650 5720 } 5651 5721 … … 5655 5725 5656 5726 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 5657 return WERR_BADFID; 5727 result = WERR_BADFID; 5728 goto err_info_free; 5658 5729 } 5659 5730 … … 5672 5743 version); 5673 5744 if (!W_ERROR_IS_OK(result)) { 5674 TALLOC_FREE(r->out.info); 5675 return result; 5745 goto err_info_free; 5676 5746 } 5677 5747 … … 5681 5751 5682 5752 return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER); 5753 5754 err_info_free: 5755 TALLOC_FREE(r->out.info); 5756 return result; 5683 5757 } 5684 5758 … … 5740 5814 struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle); 5741 5815 WERROR werr; 5816 char *rhost; 5817 int rc; 5742 5818 5743 5819 if (!Printer) { … … 5755 5831 } 5756 5832 5757 if (r->in. level != 1) {5833 if (r->in.info_ctr->level != 1) { 5758 5834 return WERR_UNKNOWN_LEVEL; 5759 5835 } 5760 5836 5761 info_1 = r->in.info .info1;5837 info_1 = r->in.info_ctr->info.info1; 5762 5838 5763 5839 /* … … 5787 5863 } 5788 5864 5865 rc = get_remote_hostname(p->remote_address, 5866 &rhost, 5867 p->mem_ctx); 5868 if (rc < 0) { 5869 return WERR_NOMEM; 5870 } 5871 if (strequal(rhost,"UNKNOWN")) { 5872 rhost = tsocket_address_inet_addr_string(p->remote_address, 5873 p->mem_ctx); 5874 if (rhost == NULL) { 5875 return WERR_NOMEM; 5876 } 5877 } 5878 5789 5879 werr = print_job_start(p->session_info, 5790 5880 p->msg_ctx, 5791 p->client_id->name,5881 rhost, 5792 5882 snum, 5793 5883 info_1->document_name, … … 5890 5980 struct pipes_struct *p) 5891 5981 { 5892 const struct auth_se rversupplied_info *session_info = p->session_info;5982 const struct auth_session_info *session_info = p->session_info; 5893 5983 int snum; 5894 5984 WERROR errcode = WERR_BADFUNC; … … 5973 6063 struct printer_handle *Printer = find_printer_index_by_hnd(p, handle); 5974 6064 struct dcerpc_binding_handle *b; 6065 TALLOC_CTX *tmp_ctx = NULL; 5975 6066 5976 6067 if (!Printer || !get_printer_snum(p, handle, &snum, NULL)) { … … 6000 6091 } 6001 6092 6002 result = winreg_printer_binding_handle(p->mem_ctx, 6093 tmp_ctx = talloc_new(p->mem_ctx); 6094 if (!tmp_ctx) { 6095 return WERR_NOMEM; 6096 } 6097 6098 result = winreg_printer_binding_handle(tmp_ctx, 6003 6099 get_session_info_system(), 6004 6100 p->msg_ctx, … … 6010 6106 /* NT seems to like setting the security descriptor even though 6011 6107 nothing may have actually changed. */ 6012 result = winreg_get_printer_secdesc( p->mem_ctx, b,6108 result = winreg_get_printer_secdesc(tmp_ctx, b, 6013 6109 printer, 6014 6110 &old_secdesc); … … 6049 6145 } 6050 6146 6051 new_secdesc = sec_desc_merge( p->mem_ctx, secdesc_ctr->sd, old_secdesc);6147 new_secdesc = sec_desc_merge(tmp_ctx, secdesc_ctr->sd, old_secdesc); 6052 6148 if (new_secdesc == NULL) { 6053 6149 result = WERR_NOMEM; … … 6060 6156 } 6061 6157 6062 result = winreg_set_printer_secdesc( p->mem_ctx, b,6158 result = winreg_set_printer_secdesc(tmp_ctx, b, 6063 6159 printer, 6064 6160 new_secdesc); 6065 6161 6066 done: 6162 done: 6163 talloc_free(tmp_ctx); 6067 6164 return result; 6068 6165 } … … 6086 6183 6087 6184 /* we force some elements to "correct" values */ 6088 info2->servername = talloc_asprintf(mem_ctx, "\\\\%s", global_myname());6185 info2->servername = talloc_asprintf(mem_ctx, "\\\\%s", lp_netbios_name()); 6089 6186 if (info2->servername == NULL) { 6090 6187 return false; … … 6098 6195 if (lp_force_printername(snum)) { 6099 6196 info2->printername = talloc_asprintf(mem_ctx, "\\\\%s\\%s", 6100 global_myname(), info2->sharename);6197 lp_netbios_name(), info2->sharename); 6101 6198 } else { 6102 6199 /* make sure printername is in \\server\printername format */ … … 6109 6206 6110 6207 info2->printername = talloc_asprintf(mem_ctx, "\\\\%s\\%s", 6111 global_myname(), p);6208 lp_netbios_name(), p); 6112 6209 } 6113 6210 if (info2->printername == NULL) { … … 6126 6223 static WERROR add_port_hook(TALLOC_CTX *ctx, struct security_token *token, const char *portname, const char *uri) 6127 6224 { 6128 char *cmd = lp_addport_c md();6225 char *cmd = lp_addport_command(talloc_tos()); 6129 6226 char *command = NULL; 6130 6227 int ret; … … 6172 6269 ****************************************************************************/ 6173 6270 6271 static bool spoolss_conn_snum_used(struct smbd_server_connection *sconn, 6272 int snum) 6273 { 6274 /* 6275 * As we do not know if we are embedded in the file server process 6276 * or not, we have to pretend that all shares are in use. 6277 */ 6278 return true; 6279 } 6280 6174 6281 static bool add_printer_hook(TALLOC_CTX *ctx, struct security_token *token, 6175 6282 struct spoolss_SetPrinterInfo2 *info2, … … 6177 6284 struct messaging_context *msg_ctx) 6178 6285 { 6179 char *cmd = lp_addprinter_c md();6286 char *cmd = lp_addprinter_command(talloc_tos()); 6180 6287 char **qlines; 6181 6288 char *command = NULL; … … 6230 6337 /* reload our services immediately */ 6231 6338 become_root(); 6232 reload_services( msg_ctx, -1, false);6339 reload_services(NULL, spoolss_conn_snum_used, false); 6233 6340 unbecome_root(); 6234 6341 … … 6253 6360 6254 6361 static WERROR update_dsspooler(TALLOC_CTX *mem_ctx, 6255 const struct auth_se rversupplied_info *session_info,6362 const struct auth_session_info *session_info, 6256 6363 struct messaging_context *msg_ctx, 6257 6364 int snum, … … 6267 6374 WERROR result = WERR_OK; 6268 6375 struct dcerpc_binding_handle *b; 6269 6270 result = winreg_printer_binding_handle(mem_ctx, 6376 TALLOC_CTX *tmp_ctx; 6377 bool ok; 6378 6379 tmp_ctx = talloc_new(mem_ctx); 6380 if (!tmp_ctx) { 6381 return WERR_NOMEM; 6382 } 6383 6384 result = winreg_printer_binding_handle(tmp_ctx, 6271 6385 session_info, 6272 6386 msg_ctx, 6273 6387 &b); 6274 6388 if (!W_ERROR_IS_OK(result)) { 6275 return result; 6276 } 6277 6278 if (force_update || !strequal(printer->drivername, old_printer->drivername)) { 6279 push_reg_sz(mem_ctx, &buffer, printer->drivername); 6280 winreg_set_printer_dataex(mem_ctx, b, 6389 goto done; 6390 } 6391 6392 if (printer->drivername != NULL && 6393 (force_update || 6394 !strequal(printer->drivername, old_printer->drivername))) { 6395 ok = push_reg_sz(tmp_ctx, &buffer, printer->drivername); 6396 if (!ok) { 6397 DEBUG(0, ("%s data corrupted\n", SPOOL_REG_DRIVERNAME)); 6398 result = WERR_INVALID_DATA; 6399 goto done; 6400 } 6401 result = winreg_set_printer_dataex(tmp_ctx, b, 6281 6402 printer->sharename, 6282 6403 SPOOL_DSSPOOLER_KEY, … … 6285 6406 buffer.data, 6286 6407 buffer.length); 6408 if (!W_ERROR_IS_OK(result)) { 6409 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_DRIVERNAME)); 6410 goto done; 6411 } 6287 6412 6288 6413 if (!force_update) { … … 6296 6421 } 6297 6422 6298 if (force_update || !strequal(printer->comment, old_printer->comment)) { 6299 push_reg_sz(mem_ctx, &buffer, printer->comment); 6300 winreg_set_printer_dataex(mem_ctx, b, 6423 if (printer->comment != NULL && 6424 (force_update || 6425 !strequal(printer->comment, old_printer->comment))) { 6426 ok = push_reg_sz(tmp_ctx, &buffer, printer->comment); 6427 if (!ok) { 6428 DEBUG(0, ("comment data corrupted\n")); 6429 result = WERR_INVALID_DATA; 6430 goto done; 6431 } 6432 result = winreg_set_printer_dataex(tmp_ctx, b, 6301 6433 printer->sharename, 6302 6434 SPOOL_DSSPOOLER_KEY, … … 6305 6437 buffer.data, 6306 6438 buffer.length); 6439 if (!W_ERROR_IS_OK(result)) { 6440 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_DESCRIPTION)); 6441 goto done; 6442 } 6307 6443 6308 6444 if (!force_update) { … … 6313 6449 } 6314 6450 6315 if (force_update || !strequal(printer->sharename, old_printer->sharename)) { 6316 push_reg_sz(mem_ctx, &buffer, printer->sharename); 6317 winreg_set_printer_dataex(mem_ctx, b, 6451 if (printer->sharename != NULL && 6452 (force_update || 6453 !strequal(printer->sharename, old_printer->sharename))) { 6454 ok = push_reg_sz(tmp_ctx, &buffer, printer->sharename); 6455 if (!ok) { 6456 DEBUG(0, ("sharename data corrupted\n")); 6457 result = WERR_INVALID_DATA; 6458 goto done; 6459 } 6460 result = winreg_set_printer_dataex(tmp_ctx, b, 6318 6461 printer->sharename, 6319 6462 SPOOL_DSSPOOLER_KEY, … … 6322 6465 buffer.data, 6323 6466 buffer.length); 6467 if (!W_ERROR_IS_OK(result)) { 6468 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PRINTSHARENAME)); 6469 goto done; 6470 } 6324 6471 6325 6472 if (!force_update) { … … 6329 6476 printer->sharename : ""); 6330 6477 } 6331 } 6332 6333 if (force_update || !strequal(printer->printername, old_printer->printername)) { 6478 6479 /* name change, purge any cache entries for the old */ 6480 prune_printername_cache(); 6481 } 6482 6483 if (printer->printername != NULL && 6484 (force_update || 6485 !strequal(printer->printername, old_printer->printername))) { 6334 6486 const char *p; 6335 6487 … … 6341 6493 } 6342 6494 6343 push_reg_sz(mem_ctx, &buffer, p); 6344 winreg_set_printer_dataex(mem_ctx, b, 6495 ok = push_reg_sz(tmp_ctx, &buffer, p); 6496 if (!ok) { 6497 DEBUG(0, ("printername data corrupted\n")); 6498 result = WERR_INVALID_DATA; 6499 goto done; 6500 } 6501 result = winreg_set_printer_dataex(tmp_ctx, b, 6345 6502 printer->sharename, 6346 6503 SPOOL_DSSPOOLER_KEY, … … 6349 6506 buffer.data, 6350 6507 buffer.length); 6508 if (!W_ERROR_IS_OK(result)) { 6509 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PRINTSHARENAME)); 6510 goto done; 6511 } 6351 6512 6352 6513 if (!force_update) { … … 6354 6515 msg_ctx, snum, p ? p : ""); 6355 6516 } 6356 } 6357 6358 if (force_update || !strequal(printer->portname, old_printer->portname)) { 6359 push_reg_sz(mem_ctx, &buffer, printer->portname); 6360 winreg_set_printer_dataex(mem_ctx, b, 6517 6518 /* name change, purge any cache entries for the old */ 6519 prune_printername_cache(); 6520 } 6521 6522 if (printer->portname != NULL && 6523 (force_update || 6524 !strequal(printer->portname, old_printer->portname))) { 6525 ok = push_reg_sz(tmp_ctx, &buffer, printer->portname); 6526 if (!ok) { 6527 DEBUG(0, ("portname data corrupted\n")); 6528 result = WERR_INVALID_DATA; 6529 goto done; 6530 } 6531 result = winreg_set_printer_dataex(tmp_ctx, b, 6361 6532 printer->sharename, 6362 6533 SPOOL_DSSPOOLER_KEY, … … 6365 6536 buffer.data, 6366 6537 buffer.length); 6538 if (!W_ERROR_IS_OK(result)) { 6539 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PORTNAME)); 6540 goto done; 6541 } 6367 6542 6368 6543 if (!force_update) { … … 6373 6548 } 6374 6549 6375 if (force_update || !strequal(printer->location, old_printer->location)) { 6376 push_reg_sz(mem_ctx, &buffer, printer->location); 6377 winreg_set_printer_dataex(mem_ctx, b, 6550 if (printer->location != NULL && 6551 (force_update || 6552 !strequal(printer->location, old_printer->location))) { 6553 ok = push_reg_sz(tmp_ctx, &buffer, printer->location); 6554 if (!ok) { 6555 DEBUG(0, ("location data corrupted\n")); 6556 result = WERR_INVALID_DATA; 6557 goto done; 6558 } 6559 result = winreg_set_printer_dataex(tmp_ctx, b, 6378 6560 printer->sharename, 6379 6561 SPOOL_DSSPOOLER_KEY, … … 6382 6564 buffer.data, 6383 6565 buffer.length); 6566 if (!W_ERROR_IS_OK(result)) { 6567 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_LOCATION)); 6568 goto done; 6569 } 6384 6570 6385 6571 if (!force_update) { … … 6391 6577 } 6392 6578 6393 if (force_update || !strequal(printer->sepfile, old_printer->sepfile)) { 6394 push_reg_sz(mem_ctx, &buffer, printer->sepfile); 6395 winreg_set_printer_dataex(mem_ctx, b, 6579 if (printer->sepfile != NULL && 6580 (force_update || 6581 !strequal(printer->sepfile, old_printer->sepfile))) { 6582 ok = push_reg_sz(tmp_ctx, &buffer, printer->sepfile); 6583 if (!ok) { 6584 DEBUG(0, ("sepfile data corrupted\n")); 6585 result = WERR_INVALID_DATA; 6586 goto done; 6587 } 6588 result = winreg_set_printer_dataex(tmp_ctx, b, 6396 6589 printer->sharename, 6397 6590 SPOOL_DSSPOOLER_KEY, … … 6400 6593 buffer.data, 6401 6594 buffer.length); 6595 if (!W_ERROR_IS_OK(result)) { 6596 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PRINTSEPARATORFILE)); 6597 goto done; 6598 } 6402 6599 6403 6600 if (!force_update) { … … 6409 6606 } 6410 6607 6411 if (force_update || printer->starttime != old_printer->starttime) { 6412 buffer = data_blob_talloc(mem_ctx, NULL, 4); 6608 if (printer->starttime != 0 && 6609 (force_update || 6610 printer->starttime != old_printer->starttime)) { 6611 buffer = data_blob_talloc(tmp_ctx, NULL, 4); 6413 6612 SIVAL(buffer.data, 0, printer->starttime); 6414 winreg_set_printer_dataex(mem_ctx, b,6613 result = winreg_set_printer_dataex(tmp_ctx, b, 6415 6614 printer->sharename, 6416 6615 SPOOL_DSSPOOLER_KEY, … … 6419 6618 buffer.data, 6420 6619 buffer.length); 6421 } 6422 6423 if (force_update || printer->untiltime != old_printer->untiltime) { 6424 buffer = data_blob_talloc(mem_ctx, NULL, 4); 6620 if (!W_ERROR_IS_OK(result)) { 6621 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PRINTSTARTTIME)); 6622 goto done; 6623 } 6624 } 6625 6626 if (printer->untiltime != 0 && 6627 (force_update || 6628 printer->untiltime != old_printer->untiltime)) { 6629 buffer = data_blob_talloc(tmp_ctx, NULL, 4); 6425 6630 SIVAL(buffer.data, 0, printer->untiltime); 6426 winreg_set_printer_dataex(mem_ctx, b,6631 result = winreg_set_printer_dataex(tmp_ctx, b, 6427 6632 printer->sharename, 6428 6633 SPOOL_DSSPOOLER_KEY, … … 6431 6636 buffer.data, 6432 6637 buffer.length); 6638 if (!W_ERROR_IS_OK(result)) { 6639 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PRINTENDTIME)); 6640 goto done; 6641 } 6433 6642 } 6434 6643 6435 6644 if (force_update || printer->priority != old_printer->priority) { 6436 buffer = data_blob_talloc( mem_ctx, NULL, 4);6645 buffer = data_blob_talloc(tmp_ctx, NULL, 4); 6437 6646 SIVAL(buffer.data, 0, printer->priority); 6438 winreg_set_printer_dataex(mem_ctx, b,6647 result = winreg_set_printer_dataex(tmp_ctx, b, 6439 6648 printer->sharename, 6440 6649 SPOOL_DSSPOOLER_KEY, … … 6443 6652 buffer.data, 6444 6653 buffer.length); 6654 if (!W_ERROR_IS_OK(result)) { 6655 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PRINTENDTIME)); 6656 goto done; 6657 } 6445 6658 } 6446 6659 6447 6660 if (force_update || printer->attributes != old_printer->attributes) { 6448 buffer = data_blob_talloc( mem_ctx, NULL, 4);6661 buffer = data_blob_talloc(tmp_ctx, NULL, 4); 6449 6662 SIVAL(buffer.data, 0, (printer->attributes & 6450 6663 PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS)); 6451 winreg_set_printer_dataex(mem_ctx, b,6664 result = winreg_set_printer_dataex(tmp_ctx, b, 6452 6665 printer->sharename, 6453 6666 SPOOL_DSSPOOLER_KEY, … … 6456 6669 buffer.data, 6457 6670 buffer.length); 6671 if (!W_ERROR_IS_OK(result)) { 6672 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_PRINTENDTIME)); 6673 goto done; 6674 } 6458 6675 6459 6676 switch (printer->attributes & 0x3) { … … 6470 6687 spooling = "unknown"; 6471 6688 } 6472 push_reg_sz(mem_ctx, &buffer, spooling); 6473 winreg_set_printer_dataex(mem_ctx, b, 6689 ok = push_reg_sz(tmp_ctx, &buffer, spooling); 6690 if (!ok) { 6691 DEBUG(0, ("printSpooling data corrupted\n")); 6692 result = WERR_INVALID_DATA; 6693 goto done; 6694 } 6695 winreg_set_printer_dataex(tmp_ctx, b, 6474 6696 printer->sharename, 6475 6697 SPOOL_DSSPOOLER_KEY, … … 6480 6702 } 6481 6703 6482 push_reg_sz(mem_ctx, &buffer, global_myname()); 6483 winreg_set_printer_dataex(mem_ctx, b, 6704 ok = push_reg_sz(tmp_ctx, &buffer, lp_netbios_name()); 6705 if (!ok) { 6706 DEBUG(0, ("shortServerName data corrupted\n")); 6707 result = WERR_INVALID_DATA; 6708 goto done; 6709 } 6710 result = winreg_set_printer_dataex(tmp_ctx, b, 6484 6711 printer->sharename, 6485 6712 SPOOL_DSSPOOLER_KEY, … … 6488 6715 buffer.data, 6489 6716 buffer.length); 6717 if (!W_ERROR_IS_OK(result)) { 6718 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_SHORTSERVERNAME)); 6719 goto done; 6720 } 6490 6721 6491 6722 dnsdomname = get_mydnsfullname(); 6492 6723 if (dnsdomname != NULL && dnsdomname[0] != '\0') { 6493 longname = talloc_strdup( mem_ctx, dnsdomname);6724 longname = talloc_strdup(tmp_ctx, dnsdomname); 6494 6725 } else { 6495 longname = talloc_strdup( mem_ctx, global_myname());6726 longname = talloc_strdup(tmp_ctx, lp_netbios_name()); 6496 6727 } 6497 6728 if (longname == NULL) { … … 6500 6731 } 6501 6732 6502 push_reg_sz(mem_ctx, &buffer, longname); 6503 winreg_set_printer_dataex(mem_ctx, b, 6504 printer->sharename, 6505 SPOOL_DSSPOOLER_KEY, 6506 SPOOL_REG_SERVERNAME, 6507 REG_SZ, 6508 buffer.data, 6509 buffer.length); 6510 6511 uncname = talloc_asprintf(mem_ctx, "\\\\%s\\%s", 6512 global_myname(), printer->sharename); 6513 push_reg_sz(mem_ctx, &buffer, uncname); 6514 winreg_set_printer_dataex(mem_ctx, b, 6733 ok = push_reg_sz(tmp_ctx, &buffer, longname); 6734 if (!ok) { 6735 DEBUG(0, ("longname data corrupted\n")); 6736 result = WERR_INVALID_DATA; 6737 goto done; 6738 } 6739 result = winreg_set_printer_dataex(tmp_ctx, b, 6740 printer->sharename, 6741 SPOOL_DSSPOOLER_KEY, 6742 SPOOL_REG_SERVERNAME, 6743 REG_SZ, 6744 buffer.data, 6745 buffer.length); 6746 if (!W_ERROR_IS_OK(result)) { 6747 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_SERVERNAME)); 6748 goto done; 6749 } 6750 6751 uncname = talloc_asprintf(tmp_ctx, "\\\\%s\\%s", 6752 lp_netbios_name(), printer->sharename); 6753 ok = push_reg_sz(tmp_ctx, &buffer, uncname); 6754 if (!ok) { 6755 DEBUG(0, ("uncName data corrupted\n")); 6756 result = WERR_INVALID_DATA; 6757 goto done; 6758 } 6759 result = winreg_set_printer_dataex(tmp_ctx, b, 6515 6760 printer->sharename, 6516 6761 SPOOL_DSSPOOLER_KEY, … … 6519 6764 buffer.data, 6520 6765 buffer.length); 6766 if (!W_ERROR_IS_OK(result)) { 6767 DEBUG(0, ("Failed to set %s\n", SPOOL_REG_UNCNAME)); 6768 goto done; 6769 } 6521 6770 6522 6771 done: 6772 talloc_free(tmp_ctx); 6523 6773 return result; 6524 6774 } … … 6595 6845 /* Check changes to see if this is really needed */ 6596 6846 6597 if (*lp_addprinter_c md() &&6847 if (*lp_addprinter_command(talloc_tos()) && 6598 6848 (!strequal(printer->drivername, old_printer->drivername) || 6599 6849 !strequal(printer->comment, old_printer->comment) || … … 6601 6851 !strequal(printer->location, old_printer->location)) ) 6602 6852 { 6853 char *raddr; 6854 6855 raddr = tsocket_address_inet_addr_string(p->remote_address, 6856 p->mem_ctx); 6857 if (raddr == NULL) { 6858 return WERR_NOMEM; 6859 } 6860 6603 6861 /* add_printer_hook() will call reload_services() */ 6604 6862 if (!add_printer_hook(tmp_ctx, p->session_info->security_token, 6605 printer, p->client_id->addr,6863 printer, raddr, 6606 6864 p->msg_ctx)) { 6607 6865 result = WERR_ACCESS_DENIED; … … 6610 6868 } 6611 6869 6612 update_dsspooler(tmp_ctx, 6613 get_session_info_system(), 6614 p->msg_ctx, 6615 snum, 6616 printer, 6617 old_printer); 6870 result = update_dsspooler(tmp_ctx, 6871 get_session_info_system(), 6872 p->msg_ctx, 6873 snum, 6874 printer, 6875 old_printer); 6876 if (!W_ERROR_IS_OK(result)) { 6877 goto done; 6878 } 6618 6879 6619 6880 printer_mask &= ~SPOOLSS_PRINTER_INFO_SECDESC; … … 6664 6925 get_session_info_system(), 6665 6926 p->msg_ctx, 6666 lp_servicename( snum),6927 lp_servicename(talloc_tos(), snum), 6667 6928 &pinfo2); 6668 6929 if (!W_ERROR_IS_OK(result)) { … … 6755 7016 return update_printer_sec(r->in.handle, p, 6756 7017 r->in.secdesc_ctr); 7018 case 4: { 7019 struct spoolss_PrinterInfo2 *old_printer; 7020 struct spoolss_SetPrinterInfo2 *set_old_printer; 7021 struct spoolss_SetPrinterInfoCtr *info_ctr; 7022 struct dcerpc_binding_handle *b; 7023 int snum; 7024 TALLOC_CTX *tmp_ctx; 7025 7026 tmp_ctx = talloc_new(p->mem_ctx); 7027 if (tmp_ctx == NULL) { 7028 return WERR_NOMEM; 7029 } 7030 7031 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 7032 TALLOC_FREE(tmp_ctx); 7033 return WERR_BADFID; 7034 } 7035 7036 result = winreg_printer_binding_handle(tmp_ctx, 7037 get_session_info_system(), 7038 p->msg_ctx, 7039 &b); 7040 if (!W_ERROR_IS_OK(result)) { 7041 TALLOC_FREE(tmp_ctx); 7042 return result; 7043 } 7044 7045 result = winreg_get_printer(tmp_ctx, b, 7046 lp_const_servicename(snum), 7047 &old_printer); 7048 if (!W_ERROR_IS_OK(result)) { 7049 TALLOC_FREE(tmp_ctx); 7050 return WERR_BADFID; 7051 } 7052 7053 old_printer->servername = talloc_strdup(tmp_ctx, r->in.info_ctr->info.info4->servername); 7054 if (old_printer->servername == NULL) { 7055 TALLOC_FREE(tmp_ctx); 7056 return WERR_NOMEM; 7057 } 7058 7059 old_printer->printername = talloc_strdup(tmp_ctx, r->in.info_ctr->info.info4->printername); 7060 if (old_printer->printername == NULL) { 7061 TALLOC_FREE(tmp_ctx); 7062 return WERR_NOMEM; 7063 } 7064 7065 old_printer->attributes = r->in.info_ctr->info.info4->attributes; 7066 7067 set_old_printer = talloc_zero(tmp_ctx, struct spoolss_SetPrinterInfo2); 7068 if (set_old_printer == NULL) { 7069 TALLOC_FREE(tmp_ctx); 7070 return WERR_NOMEM; 7071 } 7072 7073 spoolss_printerinfo2_to_setprinterinfo2(old_printer, set_old_printer); 7074 7075 info_ctr = talloc_zero(tmp_ctx, struct spoolss_SetPrinterInfoCtr); 7076 if (info_ctr == NULL) { 7077 TALLOC_FREE(tmp_ctx); 7078 return WERR_NOMEM; 7079 } 7080 7081 info_ctr->level = 2; 7082 info_ctr->info.info2 = set_old_printer; 7083 7084 result = update_printer(p, r->in.handle, 7085 info_ctr, 7086 r->in.devmode_ctr->devmode); 7087 7088 if (!W_ERROR_IS_OK(result)) { 7089 TALLOC_FREE(tmp_ctx); 7090 return result; 7091 } 7092 7093 if (r->in.secdesc_ctr->sd) { 7094 result = update_printer_sec(r->in.handle, p, 7095 r->in.secdesc_ctr); 7096 } 7097 7098 TALLOC_FREE(tmp_ctx); 7099 return result; 7100 } 6757 7101 case 7: 6758 7102 return publish_or_unpublish_printer(p, r->in.handle, … … 6831 7175 struct spoolss_JobInfo1 *r, 6832 7176 const print_queue_struct *queue, 7177 uint32_t jobid, 6833 7178 int position, int snum, 6834 7179 struct spoolss_PrinterInfo2 *pinfo2) … … 6838 7183 t = gmtime(&queue->time); 6839 7184 6840 r->job_id = queue->sysjob;6841 6842 r->printer_name = talloc_strdup(mem_ctx, lp_servicename(snum));7185 r->job_id = jobid; 7186 7187 r->printer_name = lp_servicename(mem_ctx, snum); 6843 7188 W_ERROR_HAVE_NO_MEMORY(r->printer_name); 6844 7189 r->server_name = talloc_strdup(mem_ctx, pinfo2->servername); … … 6871 7216 struct spoolss_JobInfo2 *r, 6872 7217 const print_queue_struct *queue, 7218 uint32_t jobid, 6873 7219 int position, int snum, 6874 7220 struct spoolss_PrinterInfo2 *pinfo2, … … 6879 7225 t = gmtime(&queue->time); 6880 7226 6881 r->job_id = queue->sysjob;6882 6883 r->printer_name = talloc_strdup(mem_ctx, lp_servicename(snum));7227 r->job_id = jobid; 7228 7229 r->printer_name = lp_servicename(mem_ctx, snum); 6884 7230 W_ERROR_HAVE_NO_MEMORY(r->printer_name); 6885 7231 r->server_name = talloc_strdup(mem_ctx, pinfo2->servername); … … 6922 7268 6923 7269 /**************************************************************************** 6924 fill_job_info36925 ****************************************************************************/6926 6927 static WERROR fill_job_info3(TALLOC_CTX *mem_ctx,6928 struct spoolss_JobInfo3 *r,6929 const print_queue_struct *queue,6930 const print_queue_struct *next_queue,6931 int position, int snum,6932 struct spoolss_PrinterInfo2 *pinfo2)6933 {6934 r->job_id = queue->sysjob;6935 r->next_job_id = 0;6936 if (next_queue) {6937 r->next_job_id = next_queue->sysjob;6938 }6939 r->reserved = 0;6940 6941 return WERR_OK;6942 }6943 6944 /****************************************************************************6945 7270 Enumjobs at level 1. 6946 7271 ****************************************************************************/ … … 6956 7281 int i; 6957 7282 WERROR result = WERR_OK; 6958 6959 info = TALLOC_ARRAY(mem_ctx, union spoolss_JobInfo, num_queues); 6960 W_ERROR_HAVE_NO_MEMORY(info); 6961 6962 *count = num_queues; 6963 6964 for (i=0; i<*count; i++) { 7283 uint32_t num_filled; 7284 struct tdb_print_db *pdb; 7285 7286 info = talloc_array(mem_ctx, union spoolss_JobInfo, num_queues); 7287 if (info == NULL) { 7288 result = WERR_NOMEM; 7289 goto err_out; 7290 } 7291 7292 pdb = get_print_db_byname(pinfo2->sharename); 7293 if (pdb == NULL) { 7294 result = WERR_INVALID_PARAM; 7295 goto err_info_free; 7296 } 7297 7298 num_filled = 0; 7299 for (i = 0; i < num_queues; i++) { 7300 uint32_t jobid = sysjob_to_jobid_pdb(pdb, queue[i].sysjob); 7301 if (jobid == (uint32_t)-1) { 7302 DEBUG(4, ("skipping sysjob %d\n", queue[i].sysjob)); 7303 continue; 7304 } 7305 6965 7306 result = fill_job_info1(info, 6966 &info[ i].info1,7307 &info[num_filled].info1, 6967 7308 &queue[i], 7309 jobid, 6968 7310 i, 6969 7311 snum, 6970 7312 pinfo2); 6971 7313 if (!W_ERROR_IS_OK(result)) { 6972 goto out; 6973 } 6974 } 6975 6976 out: 6977 if (!W_ERROR_IS_OK(result)) { 6978 TALLOC_FREE(info); 6979 *count = 0; 6980 return result; 6981 } 6982 7314 goto err_pdb_drop; 7315 } 7316 7317 num_filled++; 7318 } 7319 7320 release_print_db(pdb); 6983 7321 *info_p = info; 7322 *count = num_filled; 6984 7323 6985 7324 return WERR_OK; 7325 7326 err_pdb_drop: 7327 release_print_db(pdb); 7328 err_info_free: 7329 TALLOC_FREE(info); 7330 err_out: 7331 *count = 0; 7332 return result; 6986 7333 } 6987 7334 … … 7000 7347 int i; 7001 7348 WERROR result = WERR_OK; 7002 7003 info = TALLOC_ARRAY(mem_ctx, union spoolss_JobInfo, num_queues); 7004 W_ERROR_HAVE_NO_MEMORY(info); 7005 7006 *count = num_queues; 7007 7008 for (i=0; i<*count; i++) { 7349 uint32_t num_filled; 7350 struct tdb_print_db *pdb; 7351 7352 info = talloc_array(mem_ctx, union spoolss_JobInfo, num_queues); 7353 if (info == NULL) { 7354 result = WERR_NOMEM; 7355 goto err_out; 7356 } 7357 7358 pdb = get_print_db_byname(pinfo2->sharename); 7359 if (pdb == NULL) { 7360 result = WERR_INVALID_PARAM; 7361 goto err_info_free; 7362 } 7363 7364 num_filled = 0; 7365 for (i = 0; i< num_queues; i++) { 7009 7366 struct spoolss_DeviceMode *devmode; 7367 uint32_t jobid = sysjob_to_jobid_pdb(pdb, queue[i].sysjob); 7368 if (jobid == (uint32_t)-1) { 7369 DEBUG(4, ("skipping sysjob %d\n", queue[i].sysjob)); 7370 continue; 7371 } 7010 7372 7011 7373 result = spoolss_create_default_devmode(info, … … 7014 7376 if (!W_ERROR_IS_OK(result)) { 7015 7377 DEBUG(3, ("Can't proceed w/o a devmode!")); 7016 goto out;7378 goto err_pdb_drop; 7017 7379 } 7018 7380 7019 7381 result = fill_job_info2(info, 7020 &info[ i].info2,7382 &info[num_filled].info2, 7021 7383 &queue[i], 7384 jobid, 7022 7385 i, 7023 7386 snum, … … 7025 7388 devmode); 7026 7389 if (!W_ERROR_IS_OK(result)) { 7027 goto out; 7028 } 7029 } 7030 7031 out: 7032 if (!W_ERROR_IS_OK(result)) { 7033 TALLOC_FREE(info); 7034 *count = 0; 7035 return result; 7036 } 7037 7390 goto err_pdb_drop; 7391 } 7392 num_filled++; 7393 } 7394 7395 release_print_db(pdb); 7038 7396 *info_p = info; 7397 *count = num_filled; 7039 7398 7040 7399 return WERR_OK; 7400 7401 err_pdb_drop: 7402 release_print_db(pdb); 7403 err_info_free: 7404 TALLOC_FREE(info); 7405 err_out: 7406 *count = 0; 7407 return result; 7041 7408 } 7042 7409 … … 7055 7422 int i; 7056 7423 WERROR result = WERR_OK; 7057 7058 info = TALLOC_ARRAY(mem_ctx, union spoolss_JobInfo, num_queues); 7059 W_ERROR_HAVE_NO_MEMORY(info); 7060 7061 *count = num_queues; 7062 7063 for (i=0; i<*count; i++) { 7064 const print_queue_struct *next_queue = NULL; 7065 7066 if (i+1 < *count) { 7067 next_queue = &queue[i+1]; 7068 } 7069 7070 result = fill_job_info3(info, 7071 &info[i].info3, 7072 &queue[i], 7073 next_queue, 7074 i, 7075 snum, 7076 pinfo2); 7077 if (!W_ERROR_IS_OK(result)) { 7078 goto out; 7079 } 7080 } 7081 7082 out: 7083 if (!W_ERROR_IS_OK(result)) { 7084 TALLOC_FREE(info); 7085 *count = 0; 7086 return result; 7087 } 7088 7424 uint32_t num_filled; 7425 struct tdb_print_db *pdb; 7426 7427 info = talloc_array(mem_ctx, union spoolss_JobInfo, num_queues); 7428 if (info == NULL) { 7429 result = WERR_NOMEM; 7430 goto err_out; 7431 } 7432 7433 pdb = get_print_db_byname(pinfo2->sharename); 7434 if (pdb == NULL) { 7435 result = WERR_INVALID_PARAM; 7436 goto err_info_free; 7437 } 7438 7439 num_filled = 0; 7440 for (i = 0; i < num_queues; i++) { 7441 uint32_t jobid = sysjob_to_jobid_pdb(pdb, queue[i].sysjob); 7442 if (jobid == (uint32_t)-1) { 7443 DEBUG(4, ("skipping sysjob %d\n", queue[i].sysjob)); 7444 continue; 7445 } 7446 7447 info[num_filled].info3.job_id = jobid; 7448 /* next_job_id is overwritten on next iteration */ 7449 info[num_filled].info3.next_job_id = 0; 7450 info[num_filled].info3.reserved = 0; 7451 7452 if (num_filled > 0) { 7453 info[num_filled - 1].info3.next_job_id = jobid; 7454 } 7455 num_filled++; 7456 } 7457 7458 release_print_db(pdb); 7089 7459 *info_p = info; 7460 *count = num_filled; 7090 7461 7091 7462 return WERR_OK; 7463 7464 err_info_free: 7465 TALLOC_FREE(info); 7466 err_out: 7467 *count = 0; 7468 return result; 7092 7469 } 7093 7470 … … 7110 7487 if (!r->in.buffer && (r->in.offered != 0)) { 7111 7488 return WERR_INVALID_PARAM; 7489 } 7490 7491 if ((r->in.level != 1) && (r->in.level != 2) && (r->in.level != 3)) { 7492 DEBUG(4, ("EnumJobs level %d not supported\n", r->in.level)); 7493 return WERR_UNKNOWN_LEVEL; 7112 7494 } 7113 7495 … … 7157 7539 break; 7158 7540 default: 7159 result = WERR_UNKNOWN_LEVEL;7541 SMB_ASSERT(false); /* level checked on entry */ 7160 7542 break; 7161 7543 } … … 7222 7604 struct spoolss_SetJob *r) 7223 7605 { 7224 const struct auth_se rversupplied_info *session_info = p->session_info;7606 const struct auth_session_info *session_info = p->session_info; 7225 7607 int snum; 7226 7608 WERROR errcode = WERR_BADFUNC; … … 7252 7634 snum, r->in.job_id); 7253 7635 break; 7254 case 0:7636 case SPOOLSS_JOB_CONTROL_NOOP: 7255 7637 errcode = WERR_OK; 7256 7638 break; … … 7289 7671 7290 7672 static WERROR enumprinterdrivers_level_by_architecture(TALLOC_CTX *mem_ctx, 7291 const struct auth_se rversupplied_info *session_info,7673 const struct auth_session_info *session_info, 7292 7674 struct messaging_context *msg_ctx, 7293 7675 const char *servername, … … 7306 7688 const char **drivers; 7307 7689 struct dcerpc_binding_handle *b; 7690 TALLOC_CTX *tmp_ctx = NULL; 7308 7691 7309 7692 *count_p = 0; 7310 7693 *info_p = NULL; 7311 7694 7312 result = winreg_printer_binding_handle(mem_ctx, 7695 tmp_ctx = talloc_new(mem_ctx); 7696 if (!tmp_ctx) { 7697 return WERR_NOMEM; 7698 } 7699 7700 result = winreg_printer_binding_handle(tmp_ctx, 7313 7701 session_info, 7314 7702 msg_ctx, … … 7319 7707 7320 7708 for (version=0; version<DRIVER_MAX_VERSION; version++) { 7321 result = winreg_get_driver_list( mem_ctx, b,7709 result = winreg_get_driver_list(tmp_ctx, b, 7322 7710 architecture, version, 7323 7711 &num_drivers, &drivers); … … 7330 7718 7331 7719 if (num_drivers != 0) { 7332 info = TALLOC_REALLOC_ARRAY(mem_ctx, info,7720 info = talloc_realloc(tmp_ctx, info, 7333 7721 union spoolss_DriverInfo, 7334 7722 count + num_drivers); … … 7344 7732 DEBUG(5, ("\tdriver: [%s]\n", drivers[i])); 7345 7733 7346 result = winreg_get_driver( mem_ctx, b,7734 result = winreg_get_driver(tmp_ctx, b, 7347 7735 architecture, drivers[i], 7348 7736 version, &driver); … … 7396 7784 } 7397 7785 7398 out: 7399 TALLOC_FREE(drivers); 7400 7401 if (!W_ERROR_IS_OK(result)) { 7402 TALLOC_FREE(info); 7403 return result; 7404 } 7405 7406 *info_p = info; 7407 *count_p = count; 7408 7409 return WERR_OK; 7786 out: 7787 if (W_ERROR_IS_OK(result)) { 7788 *info_p = talloc_move(mem_ctx, &info); 7789 *count_p = count; 7790 } 7791 7792 talloc_free(tmp_ctx); 7793 return result; 7410 7794 } 7411 7795 … … 7415 7799 7416 7800 static WERROR enumprinterdrivers_level(TALLOC_CTX *mem_ctx, 7417 const struct auth_se rversupplied_info *session_info,7801 const struct auth_session_info *session_info, 7418 7802 struct messaging_context *msg_ctx, 7419 7803 const char *servername, … … 7580 7964 7581 7965 if (!r->in.buffer && (r->in.offered != 0)) { 7966 TALLOC_FREE(r->out.info); 7582 7967 return WERR_INVALID_PARAM; 7583 7968 } … … 7656 8041 static WERROR enumports_hook(TALLOC_CTX *ctx, int *count, char ***lines) 7657 8042 { 7658 char *cmd = lp_enumports_c md();8043 char *cmd = lp_enumports_command(talloc_tos()); 7659 8044 char **qlines = NULL; 7660 8045 char *command = NULL; … … 7669 8054 7670 8055 if ( !*cmd ) { 7671 if (!(qlines = TALLOC_ARRAY( NULL, char*, 2 ))) {8056 if (!(qlines = talloc_array( NULL, char*, 2 ))) { 7672 8057 return WERR_NOMEM; 7673 8058 } … … 7730 8115 7731 8116 if (numlines) { 7732 info = TALLOC_ARRAY(mem_ctx, union spoolss_PortInfo, numlines);8117 info = talloc_array(mem_ctx, union spoolss_PortInfo, numlines); 7733 8118 if (!info) { 7734 8119 DEBUG(10,("Returning WERR_NOMEM\n")); … … 7782 8167 7783 8168 if (numlines) { 7784 info = TALLOC_ARRAY(mem_ctx, union spoolss_PortInfo, numlines);8169 info = talloc_array(mem_ctx, union spoolss_PortInfo, numlines); 7785 8170 if (!info) { 7786 8171 DEBUG(10,("Returning WERR_NOMEM\n")); … … 7920 8305 trying to add a printer like this --jerry */ 7921 8306 7922 if (*lp_addprinter_cmd() ) { 8307 if (*lp_addprinter_command(talloc_tos()) ) { 8308 char *raddr; 8309 8310 raddr = tsocket_address_inet_addr_string(p->remote_address, 8311 p->mem_ctx); 8312 if (raddr == NULL) { 8313 return WERR_NOMEM; 8314 } 8315 7923 8316 if ( !add_printer_hook(p->mem_ctx, p->session_info->security_token, 7924 info2, p->client_id->addr,8317 info2, raddr, 7925 8318 p->msg_ctx) ) { 7926 8319 return WERR_ACCESS_DENIED; … … 7938 8331 7939 8332 /* you must be a printer admin to add a new printer */ 7940 if (! print_access_check(p->session_info,7941 p->msg_ctx,7942 snum,7943 PRINTER_ACCESS_ADMINISTER)) {8333 if (!W_ERROR_IS_OK(print_access_check(p->session_info, 8334 p->msg_ctx, 8335 snum, 8336 PRINTER_ACCESS_ADMINISTER))) { 7944 8337 return WERR_ACCESS_DENIED; 7945 8338 } … … 7957 8350 } 7958 8351 7959 update_dsspooler(p->mem_ctx, 7960 get_session_info_system(), 7961 p->msg_ctx, 7962 0, 7963 info2, 7964 NULL); 8352 err = update_dsspooler(p->mem_ctx, 8353 get_session_info_system(), 8354 p->msg_ctx, 8355 0, 8356 info2, 8357 NULL); 8358 if (!W_ERROR_IS_OK(err)) { 8359 return err; 8360 } 7965 8361 7966 8362 err = winreg_update_printer_internal(p->mem_ctx, … … 8166 8562 { 8167 8563 const char *pservername = NULL; 8168 const char *long_archi = SPOOLSS_ARCHITECTURE_NT_X86;8564 const char *long_archi; 8169 8565 const char *short_archi; 8170 8566 … … 8174 8570 if (environment && strlen(environment)) { 8175 8571 long_archi = environment; 8572 } else { 8573 long_archi = lp_parm_const_string(GLOBAL_SECTION_SNUM, 8574 "spoolss", "architecture", 8575 SPOOLSS_ARCHITECTURE_NT_X86); 8176 8576 } 8177 8577 … … 8255 8655 8256 8656 if (!r->in.buffer && (r->in.offered != 0)) { 8657 TALLOC_FREE(r->out.info); 8257 8658 return WERR_INVALID_PARAM; 8258 8659 } … … 8495 8896 struct spoolss_AddForm *r) 8496 8897 { 8497 struct spoolss_AddFormInfo1 *form = r->in.info.info1;8898 struct spoolss_AddFormInfo1 *form; 8498 8899 int snum = -1; 8499 8900 WERROR status = WERR_OK; 8500 8901 struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle); 8501 8902 struct dcerpc_binding_handle *b; 8903 TALLOC_CTX *tmp_ctx = NULL; 8502 8904 8503 8905 DEBUG(5,("_spoolss_AddForm\n")); … … 8512 8914 and not a printer admin, then fail */ 8513 8915 8514 if ((p->session_info->utok.uid != sec_initial_uid()) && 8515 !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && 8516 !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), 8517 p->session_info->info3->base.domain.string, 8518 NULL, 8519 p->session_info->security_token, 8520 lp_printer_admin(snum))) { 8916 if ((p->session_info->unix_token->uid != sec_initial_uid()) && 8917 !security_token_has_privilege(p->session_info->security_token, 8918 SEC_PRIV_PRINT_OPERATOR)) { 8521 8919 DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n")); 8522 8920 return WERR_ACCESS_DENIED; 8921 } 8922 8923 if (r->in.info_ctr->level != 1) { 8924 return WERR_INVALID_LEVEL; 8925 } 8926 8927 form = r->in.info_ctr->info.info1; 8928 if (!form) { 8929 return WERR_INVALID_PARAM; 8523 8930 } 8524 8931 … … 8532 8939 } 8533 8940 8534 status = winreg_printer_binding_handle(p->mem_ctx, 8941 tmp_ctx = talloc_new(p->mem_ctx); 8942 if (!tmp_ctx) { 8943 return WERR_NOMEM; 8944 } 8945 8946 status = winreg_printer_binding_handle(tmp_ctx, 8535 8947 get_session_info_system(), 8536 8948 p->msg_ctx, 8537 8949 &b); 8538 8950 if (!W_ERROR_IS_OK(status)) { 8539 return status; 8540 } 8541 8542 status = winreg_printer_addform1(p->mem_ctx, b, 8543 form); 8951 goto done; 8952 } 8953 8954 status = winreg_printer_addform1(tmp_ctx, b, form); 8544 8955 if (!W_ERROR_IS_OK(status)) { 8545 return status;8956 goto done; 8546 8957 } 8547 8958 … … 8551 8962 if (Printer->printer_type == SPLHND_PRINTER) { 8552 8963 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 8553 return WERR_BADFID; 8554 } 8555 8556 status = winreg_printer_update_changeid(p->mem_ctx, b, 8964 status = WERR_BADFID; 8965 goto done; 8966 } 8967 8968 status = winreg_printer_update_changeid(tmp_ctx, b, 8557 8969 lp_const_servicename(snum)); 8558 if (!W_ERROR_IS_OK(status)) { 8559 return status; 8560 } 8561 } 8562 8970 } 8971 8972 done: 8973 talloc_free(tmp_ctx); 8563 8974 return status; 8564 8975 } … … 8576 8987 WERROR status = WERR_OK; 8577 8988 struct dcerpc_binding_handle *b; 8989 TALLOC_CTX *tmp_ctx = NULL; 8578 8990 8579 8991 DEBUG(5,("_spoolss_DeleteForm\n")); … … 8585 8997 } 8586 8998 8587 if ((p->session_info->utok.uid != sec_initial_uid()) && 8588 !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && 8589 !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), 8590 p->session_info->info3->base.domain.string, 8591 NULL, 8592 p->session_info->security_token, 8593 lp_printer_admin(snum))) { 8999 if ((p->session_info->unix_token->uid != sec_initial_uid()) && 9000 !security_token_has_privilege(p->session_info->security_token, 9001 SEC_PRIV_PRINT_OPERATOR)) { 8594 9002 DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n")); 8595 9003 return WERR_ACCESS_DENIED; 8596 9004 } 8597 9005 8598 status = winreg_printer_binding_handle(p->mem_ctx, 9006 tmp_ctx = talloc_new(p->mem_ctx); 9007 if (!tmp_ctx) { 9008 return WERR_NOMEM; 9009 } 9010 9011 status = winreg_printer_binding_handle(tmp_ctx, 8599 9012 get_session_info_system(), 8600 9013 p->msg_ctx, 8601 9014 &b); 8602 9015 if (!W_ERROR_IS_OK(status)) { 8603 return status; 8604 } 8605 8606 status = winreg_printer_deleteform1(p->mem_ctx, b, 8607 form_name); 9016 goto done; 9017 } 9018 9019 status = winreg_printer_deleteform1(tmp_ctx, b, form_name); 8608 9020 if (!W_ERROR_IS_OK(status)) { 8609 return status;9021 goto done; 8610 9022 } 8611 9023 … … 8615 9027 if (Printer->printer_type == SPLHND_PRINTER) { 8616 9028 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 8617 return WERR_BADFID; 8618 } 8619 8620 status = winreg_printer_update_changeid(p->mem_ctx, b, 9029 status = WERR_BADFID; 9030 goto done; 9031 } 9032 9033 status = winreg_printer_update_changeid(tmp_ctx, b, 8621 9034 lp_const_servicename(snum)); 8622 if (!W_ERROR_IS_OK(status)) { 8623 return status; 8624 } 8625 } 8626 9035 } 9036 9037 done: 9038 talloc_free(tmp_ctx); 8627 9039 return status; 8628 9040 } … … 8635 9047 struct spoolss_SetForm *r) 8636 9048 { 8637 struct spoolss_AddFormInfo1 *form = r->in.info.info1;9049 struct spoolss_AddFormInfo1 *form; 8638 9050 const char *form_name = r->in.form_name; 8639 9051 int snum = -1; 8640 9052 WERROR status = WERR_OK; 8641 9053 struct dcerpc_binding_handle *b; 9054 TALLOC_CTX *tmp_ctx = NULL; 8642 9055 8643 9056 struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle); … … 8654 9067 and not a printer admin, then fail */ 8655 9068 8656 if ((p->session_info->utok.uid != sec_initial_uid()) && 8657 !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && 8658 !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), 8659 p->session_info->info3->base.domain.string, 8660 NULL, 8661 p->session_info->security_token, 8662 lp_printer_admin(snum))) { 9069 if ((p->session_info->unix_token->uid != sec_initial_uid()) && 9070 !security_token_has_privilege(p->session_info->security_token, 9071 SEC_PRIV_PRINT_OPERATOR)) { 8663 9072 DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n")); 8664 9073 return WERR_ACCESS_DENIED; 8665 9074 } 8666 9075 8667 status = winreg_printer_binding_handle(p->mem_ctx, 9076 if (r->in.info_ctr->level != 1) { 9077 return WERR_INVALID_LEVEL; 9078 } 9079 9080 form = r->in.info_ctr->info.info1; 9081 if (!form) { 9082 return WERR_INVALID_PARAM; 9083 } 9084 9085 tmp_ctx = talloc_new(p->mem_ctx); 9086 if (!tmp_ctx) { 9087 return WERR_NOMEM; 9088 } 9089 9090 status = winreg_printer_binding_handle(tmp_ctx, 8668 9091 get_session_info_system(), 8669 9092 p->msg_ctx, 8670 9093 &b); 8671 9094 if (!W_ERROR_IS_OK(status)) { 8672 return status;8673 } 8674 8675 status = winreg_printer_setform1( p->mem_ctx, b,9095 goto done; 9096 } 9097 9098 status = winreg_printer_setform1(tmp_ctx, b, 8676 9099 form_name, 8677 9100 form); 8678 9101 if (!W_ERROR_IS_OK(status)) { 8679 return status;9102 goto done; 8680 9103 } 8681 9104 … … 8685 9108 if (Printer->printer_type == SPLHND_PRINTER) { 8686 9109 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 8687 return WERR_BADFID; 8688 } 8689 8690 status = winreg_printer_update_changeid(p->mem_ctx, b, 9110 status = WERR_BADFID; 9111 goto done; 9112 } 9113 9114 status = winreg_printer_update_changeid(tmp_ctx, b, 8691 9115 lp_const_servicename(snum)); 8692 if (!W_ERROR_IS_OK(status)) { 8693 return status; 8694 } 8695 } 8696 9116 } 9117 9118 done: 9119 talloc_free(tmp_ctx); 8697 9120 return status; 8698 9121 } … … 8723 9146 WERROR result; 8724 9147 8725 info = TALLOC_ARRAY(mem_ctx, union spoolss_PrintProcessorInfo, 1);9148 info = talloc_array(mem_ctx, union spoolss_PrintProcessorInfo, 1); 8726 9149 W_ERROR_HAVE_NO_MEMORY(info); 8727 9150 … … 8825 9248 union spoolss_PrintProcDataTypesInfo *info; 8826 9249 8827 info = TALLOC_ARRAY(mem_ctx, union spoolss_PrintProcDataTypesInfo, 1);9250 info = talloc_array(mem_ctx, union spoolss_PrintProcDataTypesInfo, 1); 8828 9251 W_ERROR_HAVE_NO_MEMORY(info); 8829 9252 … … 8882 9305 } 8883 9306 9307 if (!W_ERROR_IS_OK(result)) { 9308 return result; 9309 } 9310 8884 9311 *r->out.needed = SPOOLSS_BUFFER_UNION_ARRAY(p->mem_ctx, 8885 9312 spoolss_EnumPrintProcDataTypes, … … 8937 9364 WERROR result = WERR_OK; 8938 9365 8939 info = TALLOC_ARRAY(mem_ctx, union spoolss_MonitorInfo, 2);9366 info = talloc_array(mem_ctx, union spoolss_MonitorInfo, 2); 8940 9367 W_ERROR_HAVE_NO_MEMORY(info); 8941 9368 … … 8977 9404 WERROR result = WERR_OK; 8978 9405 8979 info = TALLOC_ARRAY(mem_ctx, union spoolss_MonitorInfo, 2);9406 info = talloc_array(mem_ctx, union spoolss_MonitorInfo, 2); 8980 9407 W_ERROR_HAVE_NO_MEMORY(info); 8981 9408 … … 9073 9500 struct spoolss_PrinterInfo2 *pinfo2, 9074 9501 uint32_t jobid, 9502 int sysjob, 9075 9503 struct spoolss_JobInfo1 *r) 9076 9504 { … … 9079 9507 9080 9508 for (i=0; i<count; i++) { 9081 if (queue[i].sysjob == (int)jobid) {9509 if (queue[i].sysjob == sysjob) { 9082 9510 found = true; 9083 9511 break; … … 9093 9521 r, 9094 9522 &queue[i], 9523 jobid, 9095 9524 i, 9096 9525 snum, … … 9106 9535 struct spoolss_PrinterInfo2 *pinfo2, 9107 9536 uint32_t jobid, 9537 int sysjob, 9108 9538 struct spoolss_JobInfo2 *r) 9109 9539 { … … 9114 9544 9115 9545 for (i=0; i<count; i++) { 9116 if (queue[i].sysjob == (int)jobid) {9546 if (queue[i].sysjob == sysjob) { 9117 9547 found = true; 9118 9548 break; … … 9146 9576 r, 9147 9577 &queue[i], 9578 jobid, 9148 9579 i, 9149 9580 snum, … … 9161 9592 WERROR result = WERR_OK; 9162 9593 struct spoolss_PrinterInfo2 *pinfo2 = NULL; 9594 const char *svc_name; 9595 int sysjob; 9163 9596 int snum; 9164 9597 int count; 9598 struct tdb_print_db *pdb; 9165 9599 print_queue_struct *queue = NULL; 9166 9600 print_status_struct prt_status; … … 9169 9603 9170 9604 if (!r->in.buffer && (r->in.offered != 0)) { 9171 return WERR_INVALID_PARAM; 9605 result = WERR_INVALID_PARAM; 9606 goto err_jinfo_free; 9172 9607 } 9173 9608 … … 9177 9612 9178 9613 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 9179 return WERR_BADFID; 9614 result = WERR_BADFID; 9615 goto err_jinfo_free; 9616 } 9617 9618 svc_name = lp_const_servicename(snum); 9619 if (svc_name == NULL) { 9620 result = WERR_INVALID_PARAM; 9621 goto err_jinfo_free; 9180 9622 } 9181 9623 … … 9183 9625 get_session_info_system(), 9184 9626 p->msg_ctx, 9185 lp_const_servicename(snum),9627 svc_name, 9186 9628 &pinfo2); 9187 9629 if (!W_ERROR_IS_OK(result)) { 9188 return result; 9630 goto err_jinfo_free; 9631 } 9632 9633 pdb = get_print_db_byname(svc_name); 9634 if (pdb == NULL) { 9635 DEBUG(3, ("failed to get print db for svc %s\n", svc_name)); 9636 result = WERR_INVALID_PARAM; 9637 goto err_pinfo_free; 9638 } 9639 9640 sysjob = jobid_to_sysjob_pdb(pdb, r->in.job_id); 9641 release_print_db(pdb); 9642 if (sysjob == -1) { 9643 DEBUG(3, ("no sysjob for spoolss jobid %u\n", r->in.job_id)); 9644 result = WERR_INVALID_PARAM; 9645 goto err_pinfo_free; 9189 9646 } 9190 9647 … … 9198 9655 result = getjob_level_1(p->mem_ctx, 9199 9656 queue, count, snum, pinfo2, 9200 r->in.job_id, &r->out.info->info1); 9657 r->in.job_id, sysjob, 9658 &r->out.info->info1); 9201 9659 break; 9202 9660 case 2: 9203 9661 result = getjob_level_2(p->mem_ctx, 9204 9662 queue, count, snum, pinfo2, 9205 r->in.job_id, &r->out.info->info2); 9663 r->in.job_id, sysjob, 9664 &r->out.info->info2); 9206 9665 break; 9207 9666 default: … … 9214 9673 9215 9674 if (!W_ERROR_IS_OK(result)) { 9216 TALLOC_FREE(r->out.info); 9217 return result; 9675 goto err_jinfo_free; 9218 9676 } 9219 9677 … … 9223 9681 9224 9682 return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER); 9683 9684 err_pinfo_free: 9685 TALLOC_FREE(pinfo2); 9686 err_jinfo_free: 9687 TALLOC_FREE(r->out.info); 9688 return result; 9225 9689 } 9226 9690 … … 9242 9706 uint32_t val_size = 0; 9243 9707 struct dcerpc_binding_handle *b; 9708 TALLOC_CTX *tmp_ctx; 9244 9709 9245 9710 DEBUG(4,("_spoolss_GetPrinterDataEx\n")); … … 9252 9717 *r->out.needed = 0; 9253 9718 *r->out.type = REG_NONE; 9719 9720 tmp_ctx = talloc_new(p->mem_ctx); 9721 if (!tmp_ctx) { 9722 return WERR_NOMEM; 9723 } 9254 9724 9255 9725 if (!Printer) { … … 9260 9730 } 9261 9731 9732 /* check to see if the keyname is valid */ 9733 if (!strlen(r->in.key_name)) { 9734 result = WERR_INVALID_PARAM; 9735 goto done; 9736 } 9737 9262 9738 /* Is the handle to a printer or to the server? */ 9263 9739 … … 9266 9742 union spoolss_PrinterData data; 9267 9743 9268 result = getprinterdata_printer_server( p->mem_ctx,9744 result = getprinterdata_printer_server(tmp_ctx, 9269 9745 r->in.value_name, 9270 9746 r->out.type, 9271 9747 &data); 9272 9748 if (!W_ERROR_IS_OK(result)) { 9273 return result;9274 } 9275 9276 result = push_spoolss_PrinterData( p->mem_ctx, &blob,9749 goto done; 9750 } 9751 9752 result = push_spoolss_PrinterData(tmp_ctx, &blob, 9277 9753 *r->out.type, &data); 9278 9754 if (!W_ERROR_IS_OK(result)) { 9279 return result;9755 goto done; 9280 9756 } 9281 9757 … … 9286 9762 } 9287 9763 9288 return SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA); 9764 result = WERR_OK; 9765 goto done; 9289 9766 } 9290 9767 9291 9768 if (!get_printer_snum(p, r->in.handle, &snum, NULL)) { 9292 return WERR_BADFID; 9769 result = WERR_BADFID; 9770 goto done; 9293 9771 } 9294 9772 printer = lp_const_servicename(snum); 9295 9773 9296 /* check to see if the keyname is valid */ 9297 if (!strlen(r->in.key_name)) { 9298 return WERR_INVALID_PARAM; 9299 } 9300 9301 result = winreg_printer_binding_handle(p->mem_ctx, 9774 result = winreg_printer_binding_handle(tmp_ctx, 9302 9775 get_session_info_system(), 9303 9776 p->msg_ctx, 9304 9777 &b); 9305 9778 if (!W_ERROR_IS_OK(result)) { 9306 return result;9779 goto done; 9307 9780 } 9308 9781 … … 9315 9788 uint32_t changeid = 0; 9316 9789 9317 result = winreg_printer_get_changeid( p->mem_ctx, b,9790 result = winreg_printer_get_changeid(tmp_ctx, b, 9318 9791 printer, 9319 9792 &changeid); 9320 9793 if (!W_ERROR_IS_OK(result)) { 9321 return result;9794 goto done; 9322 9795 } 9323 9796 … … 9328 9801 } 9329 9802 9330 result = winreg_get_printer_dataex( p->mem_ctx, b,9803 result = winreg_get_printer_dataex(tmp_ctx, b, 9331 9804 printer, 9332 9805 r->in.key_name, … … 9336 9809 &val_size); 9337 9810 if (!W_ERROR_IS_OK(result)) { 9338 return result;9811 goto done; 9339 9812 } 9340 9813 … … 9346 9819 } 9347 9820 9348 done: 9349 /* retain type when returning WERR_MORE_DATA */ 9350 r->out.data = SPOOLSS_BUFFER_OK(r->out.data, r->out.data); 9351 9352 return SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA); 9821 done: 9822 /* NOTE: do not replace type when returning WERR_MORE_DATA */ 9823 9824 if (W_ERROR_IS_OK(result)) { 9825 result = SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA); 9826 } 9827 9828 talloc_free(tmp_ctx); 9829 return result; 9353 9830 } 9354 9831 … … 9366 9843 char *oid_string; 9367 9844 struct dcerpc_binding_handle *b; 9845 TALLOC_CTX *tmp_ctx; 9368 9846 9369 9847 DEBUG(4,("_spoolss_SetPrinterDataEx\n")); … … 9402 9880 } 9403 9881 9404 result = winreg_printer_binding_handle(p->mem_ctx, 9882 tmp_ctx = talloc_new(p->mem_ctx); 9883 if (!tmp_ctx) { 9884 return WERR_NOMEM; 9885 } 9886 9887 result = winreg_printer_binding_handle(tmp_ctx, 9405 9888 get_session_info_system(), 9406 9889 p->msg_ctx, 9407 9890 &b); 9408 9891 if (!W_ERROR_IS_OK(result)) { 9409 return result;9410 } 9411 9412 result = winreg_get_printer( Printer, b,9413 lp_servicename( snum),9892 goto done; 9893 } 9894 9895 result = winreg_get_printer(tmp_ctx, b, 9896 lp_servicename(talloc_tos(), snum), 9414 9897 &pinfo2); 9415 9898 if (!W_ERROR_IS_OK(result)) { 9416 return result;9899 goto done; 9417 9900 } 9418 9901 … … 9427 9910 /* save the registry data */ 9428 9911 9429 result = winreg_set_printer_dataex( p->mem_ctx, b,9912 result = winreg_set_printer_dataex(tmp_ctx, b, 9430 9913 pinfo2->sharename, 9431 9914 r->in.key_name, … … 9438 9921 /* save the OID if one was specified */ 9439 9922 if (oid_string) { 9440 char *str = talloc_asprintf( p->mem_ctx, "%s\\%s",9923 char *str = talloc_asprintf(tmp_ctx, "%s\\%s", 9441 9924 r->in.key_name, SPOOL_OID_KEY); 9442 9925 if (!str) { … … 9451 9934 * this is right. --jerry 9452 9935 */ 9453 winreg_set_printer_dataex( p->mem_ctx, b,9936 winreg_set_printer_dataex(tmp_ctx, b, 9454 9937 pinfo2->sharename, 9455 9938 str, … … 9460 9943 } 9461 9944 9462 result = winreg_printer_update_changeid( p->mem_ctx, b,9945 result = winreg_printer_update_changeid(tmp_ctx, b, 9463 9946 lp_const_servicename(snum)); 9464 9947 … … 9466 9949 9467 9950 done: 9468 talloc_free( pinfo2);9951 talloc_free(tmp_ctx); 9469 9952 return result; 9470 9953 } … … 9597 10080 const char *printer; 9598 10081 struct dcerpc_binding_handle *b; 10082 TALLOC_CTX *tmp_ctx; 9599 10083 9600 10084 DEBUG(5,("_spoolss_DeletePrinterKey\n")); … … 9622 10106 printer = lp_const_servicename(snum); 9623 10107 9624 status = winreg_printer_binding_handle(p->mem_ctx, 10108 tmp_ctx = talloc_new(p->mem_ctx); 10109 if (!tmp_ctx) { 10110 return WERR_NOMEM; 10111 } 10112 10113 status = winreg_printer_binding_handle(tmp_ctx, 9625 10114 get_session_info_system(), 9626 10115 p->msg_ctx, 9627 10116 &b); 9628 10117 if (!W_ERROR_IS_OK(status)) { 9629 return status;10118 goto done; 9630 10119 } 9631 10120 9632 10121 /* delete the key and all subkeys */ 9633 status = winreg_delete_printer_key( p->mem_ctx, b,10122 status = winreg_delete_printer_key(tmp_ctx, b, 9634 10123 printer, 9635 10124 r->in.key_name); 9636 10125 if (W_ERROR_IS_OK(status)) { 9637 status = winreg_printer_update_changeid( p->mem_ctx, b,10126 status = winreg_printer_update_changeid(tmp_ctx, b, 9638 10127 printer); 9639 10128 } 9640 10129 10130 done: 10131 talloc_free(tmp_ctx); 9641 10132 return status; 9642 10133 } … … 9767 10258 9768 10259 if (!r->in.buffer && (r->in.offered != 0)) { 9769 return WERR_INVALID_PARAM; 10260 result = WERR_INVALID_PARAM; 10261 goto err_info_free; 9770 10262 } 9771 10263 … … 9783 10275 snum = find_service(talloc_tos(), "prnproc$", &prnproc_share); 9784 10276 if (!prnproc_share) { 9785 return WERR_NOMEM; 10277 result = WERR_NOMEM; 10278 goto err_info_free; 9786 10279 } 9787 10280 if (snum != -1) { … … 9794 10287 &r->out.info->info1); 9795 10288 if (!W_ERROR_IS_OK(result)) { 9796 TALLOC_FREE(r->out.info); 9797 return result; 10289 goto err_info_free; 9798 10290 } 9799 10291 … … 9803 10295 9804 10296 return SPOOLSS_BUFFER_OK(WERR_OK, WERR_INSUFFICIENT_BUFFER); 10297 10298 err_info_free: 10299 TALLOC_FREE(r->out.info); 10300 return result; 9805 10301 } 9806 10302 … … 10624 11120 10625 11121 /**************************************************************** 10626 _spoolss_ 6110627 ****************************************************************/ 10628 10629 WERROR _spoolss_ 61(struct pipes_struct *p,10630 struct spoolss_61*r)11122 _spoolss_RpcSendRecvBidiData 11123 ****************************************************************/ 11124 11125 WERROR _spoolss_RpcSendRecvBidiData(struct pipes_struct *p, 11126 struct spoolss_RpcSendRecvBidiData *r) 10631 11127 { 10632 11128 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; … … 10765 11261 return WERR_NOT_SUPPORTED; 10766 11262 } 11263 11264 /**************************************************************** 11265 _spoolss_RpcGetJobNamedPropertyValue 11266 ****************************************************************/ 11267 11268 WERROR _spoolss_RpcGetJobNamedPropertyValue(struct pipes_struct *p, 11269 struct spoolss_RpcGetJobNamedPropertyValue *r) 11270 { 11271 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 11272 return WERR_NOT_SUPPORTED; 11273 } 11274 11275 /**************************************************************** 11276 _spoolss_RpcSetJobNamedProperty 11277 ****************************************************************/ 11278 11279 WERROR _spoolss_RpcSetJobNamedProperty(struct pipes_struct *p, 11280 struct spoolss_RpcSetJobNamedProperty *r) 11281 { 11282 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 11283 return WERR_NOT_SUPPORTED; 11284 } 11285 11286 /**************************************************************** 11287 _spoolss_RpcDeleteJobNamedProperty 11288 ****************************************************************/ 11289 11290 WERROR _spoolss_RpcDeleteJobNamedProperty(struct pipes_struct *p, 11291 struct spoolss_RpcDeleteJobNamedProperty *r) 11292 { 11293 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 11294 return WERR_NOT_SUPPORTED; 11295 } 11296 11297 /**************************************************************** 11298 _spoolss_RpcEnumJobNamedProperties 11299 ****************************************************************/ 11300 11301 WERROR _spoolss_RpcEnumJobNamedProperties(struct pipes_struct *p, 11302 struct spoolss_RpcEnumJobNamedProperties *r) 11303 { 11304 p->fault_state = DCERPC_FAULT_OP_RNG_ERROR; 11305 return WERR_NOT_SUPPORTED; 11306 } -
vendor/current/source3/rpc_server/spoolss/srv_spoolss_util.c
r740 r988 22 22 #include "includes.h" 23 23 #include "rpc_server/rpc_ncacn_np.h" 24 #include "../lib/tsocket/tsocket.h" 24 25 #include "../librpc/gen_ndr/ndr_spoolss.h" 25 26 #include "../librpc/gen_ndr/ndr_winreg.h" … … 28 29 29 30 WERROR winreg_printer_binding_handle(TALLOC_CTX *mem_ctx, 30 const struct auth_se rversupplied_info *session_info,31 const struct auth_session_info *session_info, 31 32 struct messaging_context *msg_ctx, 32 33 struct dcerpc_binding_handle **winreg_binding_handle) 33 34 { 34 st atic struct client_address client_id;35 struct tsocket_address *local; 35 36 NTSTATUS status; 36 37 strlcpy(client_id.addr, "127.0.0.1", sizeof(client_id.addr)); 38 client_id.name = "127.0.0.1"; 37 int rc; 38 39 rc = tsocket_address_inet_from_strings(mem_ctx, 40 "ip", 41 "127.0.0.1", 42 0, 43 &local); 44 if (rc < 0) { 45 return WERR_NOMEM; 46 } 39 47 40 48 status = rpcint_binding_handle(mem_ctx, 41 49 &ndr_table_winreg, 42 &client_id,50 local, 43 51 session_info, 44 52 msg_ctx, 45 53 winreg_binding_handle); 54 talloc_free(local); 46 55 if (!NT_STATUS_IS_OK(status)) { 47 56 DEBUG(0, ("winreg_printer_binding_handle: Could not connect to winreg pipe: %s\n", … … 54 63 55 64 WERROR winreg_delete_printer_key_internal(TALLOC_CTX *mem_ctx, 56 const struct auth_se rversupplied_info *session_info,65 const struct auth_session_info *session_info, 57 66 struct messaging_context *msg_ctx, 58 67 const char *printer, … … 61 70 WERROR result; 62 71 struct dcerpc_binding_handle *b; 63 64 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 65 W_ERROR_NOT_OK_RETURN(result); 66 67 return winreg_delete_printer_key(mem_ctx, b, 68 printer, 69 key); 72 TALLOC_CTX *tmp_ctx; 73 74 tmp_ctx = talloc_stackframe(); 75 if (tmp_ctx == NULL) { 76 return WERR_NOMEM; 77 } 78 79 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 80 if (!W_ERROR_IS_OK(result)) { 81 talloc_free(tmp_ctx); 82 return result; 83 } 84 85 result = winreg_delete_printer_key(tmp_ctx, 86 b, 87 printer, 88 key); 89 90 talloc_free(tmp_ctx); 91 return result; 70 92 } 71 93 72 94 WERROR winreg_printer_update_changeid_internal(TALLOC_CTX *mem_ctx, 73 const struct auth_se rversupplied_info *session_info,95 const struct auth_session_info *session_info, 74 96 struct messaging_context *msg_ctx, 75 97 const char *printer) … … 77 99 WERROR result; 78 100 struct dcerpc_binding_handle *b; 79 80 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 81 W_ERROR_NOT_OK_RETURN(result); 82 83 return winreg_printer_update_changeid(mem_ctx, b, 84 printer); 101 TALLOC_CTX *tmp_ctx; 102 103 tmp_ctx = talloc_stackframe(); 104 if (tmp_ctx == NULL) { 105 return WERR_NOMEM; 106 } 107 108 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 109 if (!W_ERROR_IS_OK(result)) { 110 talloc_free(tmp_ctx); 111 return result; 112 } 113 114 result = winreg_printer_update_changeid(mem_ctx, 115 b, 116 printer); 117 118 talloc_free(tmp_ctx); 119 return result; 85 120 } 86 121 87 122 WERROR winreg_printer_get_changeid_internal(TALLOC_CTX *mem_ctx, 88 const struct auth_se rversupplied_info *session_info,123 const struct auth_session_info *session_info, 89 124 struct messaging_context *msg_ctx, 90 125 const char *printer, … … 93 128 WERROR result; 94 129 struct dcerpc_binding_handle *b; 95 96 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 97 W_ERROR_NOT_OK_RETURN(result); 98 99 return winreg_printer_get_changeid(mem_ctx, b, 100 printer, 101 pchangeid); 130 TALLOC_CTX *tmp_ctx; 131 132 tmp_ctx = talloc_stackframe(); 133 if (tmp_ctx == NULL) { 134 return WERR_NOMEM; 135 } 136 137 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 138 if (!W_ERROR_IS_OK(result)) { 139 talloc_free(tmp_ctx); 140 return result; 141 } 142 143 result = winreg_printer_get_changeid(mem_ctx, 144 b, 145 printer, 146 pchangeid); 147 148 talloc_free(tmp_ctx); 149 return result; 102 150 } 103 151 104 152 WERROR winreg_get_printer_internal(TALLOC_CTX *mem_ctx, 105 const struct auth_se rversupplied_info *session_info,153 const struct auth_session_info *session_info, 106 154 struct messaging_context *msg_ctx, 107 155 const char *printer, … … 110 158 WERROR result; 111 159 struct dcerpc_binding_handle *b; 112 113 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 114 W_ERROR_NOT_OK_RETURN(result); 115 116 return winreg_get_printer(mem_ctx, b, 117 printer, 118 pinfo2); 119 160 TALLOC_CTX *tmp_ctx; 161 162 tmp_ctx = talloc_stackframe(); 163 if (tmp_ctx == NULL) { 164 return WERR_NOMEM; 165 } 166 167 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 168 if (!W_ERROR_IS_OK(result)) { 169 talloc_free(tmp_ctx); 170 return result; 171 } 172 173 result = winreg_get_printer(mem_ctx, 174 b, 175 printer, 176 pinfo2); 177 178 talloc_free(tmp_ctx); 179 return result; 120 180 } 121 181 122 182 WERROR winreg_create_printer_internal(TALLOC_CTX *mem_ctx, 123 const struct auth_se rversupplied_info *session_info,183 const struct auth_session_info *session_info, 124 184 struct messaging_context *msg_ctx, 125 185 const char *sharename) … … 127 187 WERROR result; 128 188 struct dcerpc_binding_handle *b; 129 130 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 131 W_ERROR_NOT_OK_RETURN(result); 132 133 return winreg_create_printer(mem_ctx, b, 134 sharename); 189 TALLOC_CTX *tmp_ctx; 190 191 tmp_ctx = talloc_stackframe(); 192 if (tmp_ctx == NULL) { 193 return WERR_NOMEM; 194 } 195 196 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 197 if (!W_ERROR_IS_OK(result)) { 198 talloc_free(tmp_ctx); 199 return result; 200 } 201 202 result = winreg_create_printer(mem_ctx, 203 b, 204 sharename); 205 206 talloc_free(tmp_ctx); 207 return result; 135 208 } 136 209 137 210 WERROR winreg_update_printer_internal(TALLOC_CTX *mem_ctx, 138 const struct auth_se rversupplied_info *session_info,211 const struct auth_session_info *session_info, 139 212 struct messaging_context *msg_ctx, 140 213 const char *sharename, … … 146 219 WERROR result; 147 220 struct dcerpc_binding_handle *b; 148 149 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 150 W_ERROR_NOT_OK_RETURN(result); 151 152 return winreg_update_printer(mem_ctx, b, 153 sharename, 154 info2_mask, 155 info2, 156 devmode, 157 secdesc); 221 TALLOC_CTX *tmp_ctx; 222 223 tmp_ctx = talloc_stackframe(); 224 if (tmp_ctx == NULL) { 225 return WERR_NOMEM; 226 } 227 228 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 229 if (!W_ERROR_IS_OK(result)) { 230 talloc_free(tmp_ctx); 231 return result; 232 } 233 234 result = winreg_update_printer(mem_ctx, 235 b, 236 sharename, 237 info2_mask, 238 info2, 239 devmode, 240 secdesc); 241 242 talloc_free(tmp_ctx); 243 return result; 158 244 } 159 245 160 246 WERROR winreg_set_printer_dataex_internal(TALLOC_CTX *mem_ctx, 161 const struct auth_se rversupplied_info *session_info,247 const struct auth_session_info *session_info, 162 248 struct messaging_context *msg_ctx, 163 249 const char *printer, … … 170 256 WERROR result; 171 257 struct dcerpc_binding_handle *b; 172 173 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 174 W_ERROR_NOT_OK_RETURN(result); 175 176 return winreg_set_printer_dataex(mem_ctx, b, 177 printer, 178 key, 179 value, 180 type, 181 data, 182 data_size); 258 TALLOC_CTX *tmp_ctx; 259 260 tmp_ctx = talloc_stackframe(); 261 if (tmp_ctx == NULL) { 262 return WERR_NOMEM; 263 } 264 265 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 266 if (!W_ERROR_IS_OK(result)) { 267 talloc_free(tmp_ctx); 268 return result; 269 } 270 271 result = winreg_set_printer_dataex(mem_ctx, 272 b, 273 printer, 274 key, 275 value, 276 type, 277 data, 278 data_size); 279 280 talloc_free(tmp_ctx); 281 return result; 183 282 } 184 283 185 284 WERROR winreg_enum_printer_dataex_internal(TALLOC_CTX *mem_ctx, 186 const struct auth_se rversupplied_info *session_info,285 const struct auth_session_info *session_info, 187 286 struct messaging_context *msg_ctx, 188 287 const char *printer, … … 193 292 WERROR result; 194 293 struct dcerpc_binding_handle *b; 195 196 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 197 W_ERROR_NOT_OK_RETURN(result); 198 199 return winreg_enum_printer_dataex(mem_ctx, b, 200 printer, 201 key, 202 pnum_values, 203 penum_values); 294 TALLOC_CTX *tmp_ctx; 295 296 tmp_ctx = talloc_stackframe(); 297 if (tmp_ctx == NULL) { 298 return WERR_NOMEM; 299 } 300 301 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 302 if (!W_ERROR_IS_OK(result)) { 303 talloc_free(tmp_ctx); 304 return result; 305 } 306 307 result = winreg_enum_printer_dataex(mem_ctx, 308 b, 309 printer, 310 key, 311 pnum_values, 312 penum_values); 313 314 talloc_free(tmp_ctx); 315 return result; 204 316 } 205 317 206 318 WERROR winreg_get_printer_dataex_internal(TALLOC_CTX *mem_ctx, 207 const struct auth_se rversupplied_info *session_info,319 const struct auth_session_info *session_info, 208 320 struct messaging_context *msg_ctx, 209 321 const char *printer, … … 216 328 WERROR result; 217 329 struct dcerpc_binding_handle *b; 218 219 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 220 W_ERROR_NOT_OK_RETURN(result); 221 222 return winreg_get_printer_dataex(mem_ctx, b, 223 printer, 224 key, 225 value, 226 type, 227 data, 228 data_size); 330 TALLOC_CTX *tmp_ctx; 331 332 tmp_ctx = talloc_stackframe(); 333 if (tmp_ctx == NULL) { 334 return WERR_NOMEM; 335 } 336 337 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 338 if (!W_ERROR_IS_OK(result)) { 339 talloc_free(tmp_ctx); 340 return result; 341 } 342 343 result = winreg_get_printer_dataex(mem_ctx, 344 b, 345 printer, 346 key, 347 value, 348 type, 349 data, 350 data_size); 351 352 talloc_free(tmp_ctx); 353 return result; 229 354 } 230 355 231 356 WERROR winreg_delete_printer_dataex_internal(TALLOC_CTX *mem_ctx, 232 const struct auth_se rversupplied_info *session_info,357 const struct auth_session_info *session_info, 233 358 struct messaging_context *msg_ctx, 234 359 const char *printer, … … 238 363 WERROR result; 239 364 struct dcerpc_binding_handle *b; 240 241 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 242 W_ERROR_NOT_OK_RETURN(result); 243 244 return winreg_delete_printer_dataex(mem_ctx, b, 245 printer, 246 key, 247 value); 365 TALLOC_CTX *tmp_ctx; 366 367 tmp_ctx = talloc_stackframe(); 368 if (tmp_ctx == NULL) { 369 return WERR_NOMEM; 370 } 371 372 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 373 if (!W_ERROR_IS_OK(result)) { 374 talloc_free(tmp_ctx); 375 return result; 376 } 377 378 result = winreg_delete_printer_dataex(mem_ctx, 379 b, 380 printer, 381 key, 382 value); 383 384 talloc_free(tmp_ctx); 385 return result; 248 386 } 249 387 250 388 WERROR winreg_get_driver_internal(TALLOC_CTX *mem_ctx, 251 const struct auth_se rversupplied_info *session_info,389 const struct auth_session_info *session_info, 252 390 struct messaging_context *msg_ctx, 253 391 const char *architecture, … … 258 396 WERROR result; 259 397 struct dcerpc_binding_handle *b; 260 261 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 262 W_ERROR_NOT_OK_RETURN(result); 263 264 return winreg_get_driver(mem_ctx, b, 265 architecture, 266 driver_name, 267 driver_version, 268 _info8); 398 TALLOC_CTX *tmp_ctx; 399 400 tmp_ctx = talloc_stackframe(); 401 if (tmp_ctx == NULL) { 402 return WERR_NOMEM; 403 } 404 405 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 406 if (!W_ERROR_IS_OK(result)) { 407 talloc_free(tmp_ctx); 408 return result; 409 } 410 411 result = winreg_get_driver(mem_ctx, 412 b, 413 architecture, 414 driver_name, 415 driver_version, 416 _info8); 417 418 talloc_free(tmp_ctx); 419 return result; 269 420 } 270 421 271 422 WERROR winreg_get_driver_list_internal(TALLOC_CTX *mem_ctx, 272 const struct auth_se rversupplied_info *session_info,423 const struct auth_session_info *session_info, 273 424 struct messaging_context *msg_ctx, 274 425 const char *architecture, … … 279 430 WERROR result; 280 431 struct dcerpc_binding_handle *b; 281 282 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 283 W_ERROR_NOT_OK_RETURN(result); 284 285 return winreg_get_driver_list(mem_ctx, b, 286 architecture, 287 version, 288 num_drivers, 289 drivers_p); 432 TALLOC_CTX *tmp_ctx; 433 434 tmp_ctx = talloc_stackframe(); 435 if (tmp_ctx == NULL) { 436 return WERR_NOMEM; 437 } 438 439 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 440 if (!W_ERROR_IS_OK(result)) { 441 talloc_free(tmp_ctx); 442 return result; 443 } 444 445 result = winreg_get_driver_list(mem_ctx, 446 b, 447 architecture, 448 version, 449 num_drivers, 450 drivers_p); 451 452 talloc_free(tmp_ctx); 453 return result; 290 454 } 291 455 292 456 WERROR winreg_del_driver_internal(TALLOC_CTX *mem_ctx, 293 const struct auth_se rversupplied_info *session_info,457 const struct auth_session_info *session_info, 294 458 struct messaging_context *msg_ctx, 295 459 struct spoolss_DriverInfo8 *info8, … … 298 462 WERROR result; 299 463 struct dcerpc_binding_handle *b; 300 301 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 302 W_ERROR_NOT_OK_RETURN(result); 303 304 return winreg_del_driver(mem_ctx, b, 305 info8, 306 version); 464 TALLOC_CTX *tmp_ctx; 465 466 tmp_ctx = talloc_stackframe(); 467 if (tmp_ctx == NULL) { 468 return WERR_NOMEM; 469 } 470 471 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 472 if (!W_ERROR_IS_OK(result)) { 473 talloc_free(tmp_ctx); 474 return result; 475 } 476 477 result = winreg_del_driver(mem_ctx, 478 b, 479 info8, 480 version); 481 482 talloc_free(tmp_ctx); 483 return result; 307 484 } 308 485 309 486 WERROR winreg_add_driver_internal(TALLOC_CTX *mem_ctx, 310 const struct auth_se rversupplied_info *session_info,487 const struct auth_session_info *session_info, 311 488 struct messaging_context *msg_ctx, 312 489 struct spoolss_AddDriverInfoCtr *r, … … 316 493 WERROR result; 317 494 struct dcerpc_binding_handle *b; 318 319 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 320 W_ERROR_NOT_OK_RETURN(result); 321 322 return winreg_add_driver(mem_ctx, b, 323 r, 324 driver_name, 325 driver_version); 495 TALLOC_CTX *tmp_ctx; 496 497 tmp_ctx = talloc_stackframe(); 498 if (tmp_ctx == NULL) { 499 return WERR_NOMEM; 500 } 501 502 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 503 if (!W_ERROR_IS_OK(result)) { 504 talloc_free(tmp_ctx); 505 return result; 506 } 507 508 result = winreg_add_driver(mem_ctx, 509 b, 510 r, 511 driver_name, 512 driver_version); 513 514 talloc_free(tmp_ctx); 515 return result; 326 516 } 327 517 328 518 WERROR winreg_get_printer_secdesc_internal(TALLOC_CTX *mem_ctx, 329 const struct auth_se rversupplied_info *session_info,519 const struct auth_session_info *session_info, 330 520 struct messaging_context *msg_ctx, 331 521 const char *sharename, … … 334 524 WERROR result; 335 525 struct dcerpc_binding_handle *b; 336 337 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 338 W_ERROR_NOT_OK_RETURN(result); 339 340 return winreg_get_printer_secdesc(mem_ctx, b, 341 sharename, 342 psecdesc); 526 TALLOC_CTX *tmp_ctx; 527 528 tmp_ctx = talloc_stackframe(); 529 if (tmp_ctx == NULL) { 530 return WERR_NOMEM; 531 } 532 533 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 534 if (!W_ERROR_IS_OK(result)) { 535 talloc_free(tmp_ctx); 536 return result; 537 } 538 539 result = winreg_get_printer_secdesc(mem_ctx, 540 b, 541 sharename, 542 psecdesc); 543 544 talloc_free(tmp_ctx); 545 return result; 343 546 } 344 547 345 548 WERROR winreg_set_printer_secdesc_internal(TALLOC_CTX *mem_ctx, 346 const struct auth_se rversupplied_info *session_info,549 const struct auth_session_info *session_info, 347 550 struct messaging_context *msg_ctx, 348 551 const char *sharename, … … 351 554 WERROR result; 352 555 struct dcerpc_binding_handle *b; 353 354 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 355 W_ERROR_NOT_OK_RETURN(result); 356 357 return winreg_set_printer_secdesc(mem_ctx, b, 358 sharename, 359 secdesc); 556 TALLOC_CTX *tmp_ctx; 557 558 tmp_ctx = talloc_stackframe(); 559 if (tmp_ctx == NULL) { 560 return WERR_NOMEM; 561 } 562 563 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 564 if (!W_ERROR_IS_OK(result)) { 565 talloc_free(tmp_ctx); 566 return result; 567 } 568 569 result = winreg_set_printer_secdesc(mem_ctx, 570 b, 571 sharename, 572 secdesc); 573 574 talloc_free(tmp_ctx); 575 return result; 360 576 } 361 577 362 578 WERROR winreg_printer_enumforms1_internal(TALLOC_CTX *mem_ctx, 363 const struct auth_se rversupplied_info *session_info,579 const struct auth_session_info *session_info, 364 580 struct messaging_context *msg_ctx, 365 581 uint32_t *pnum_info, … … 368 584 WERROR result; 369 585 struct dcerpc_binding_handle *b; 370 371 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 372 W_ERROR_NOT_OK_RETURN(result); 373 374 return winreg_printer_enumforms1(mem_ctx, b, 375 pnum_info, 376 pinfo); 586 TALLOC_CTX *tmp_ctx; 587 588 tmp_ctx = talloc_stackframe(); 589 if (tmp_ctx == NULL) { 590 return WERR_NOMEM; 591 } 592 593 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 594 if (!W_ERROR_IS_OK(result)) { 595 talloc_free(tmp_ctx); 596 return result; 597 } 598 599 result = winreg_printer_enumforms1(mem_ctx, 600 b, 601 pnum_info, 602 pinfo); 603 604 talloc_free(tmp_ctx); 605 return result; 377 606 } 378 607 379 608 WERROR winreg_printer_getform1_internal(TALLOC_CTX *mem_ctx, 380 const struct auth_se rversupplied_info *session_info,609 const struct auth_session_info *session_info, 381 610 struct messaging_context *msg_ctx, 382 611 const char *form_name, … … 385 614 WERROR result; 386 615 struct dcerpc_binding_handle *b; 387 388 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 389 W_ERROR_NOT_OK_RETURN(result); 390 391 return winreg_printer_getform1(mem_ctx, b, 392 form_name, 393 r); 616 TALLOC_CTX *tmp_ctx; 617 618 tmp_ctx = talloc_stackframe(); 619 if (tmp_ctx == NULL) { 620 return WERR_NOMEM; 621 } 622 623 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 624 if (!W_ERROR_IS_OK(result)) { 625 talloc_free(tmp_ctx); 626 return result; 627 } 628 629 result = winreg_printer_getform1(mem_ctx, 630 b, 631 form_name, 632 r); 633 634 talloc_free(tmp_ctx); 635 return result; 394 636 } 395 637 396 638 WERROR winreg_printer_addform1_internal(TALLOC_CTX *mem_ctx, 397 const struct auth_se rversupplied_info *session_info,639 const struct auth_session_info *session_info, 398 640 struct messaging_context *msg_ctx, 399 641 struct spoolss_AddFormInfo1 *form) … … 401 643 WERROR result; 402 644 struct dcerpc_binding_handle *b; 403 404 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 405 W_ERROR_NOT_OK_RETURN(result); 406 407 return winreg_printer_addform1(mem_ctx, b, 408 form); 645 TALLOC_CTX *tmp_ctx; 646 647 tmp_ctx = talloc_stackframe(); 648 if (tmp_ctx == NULL) { 649 return WERR_NOMEM; 650 } 651 652 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 653 if (!W_ERROR_IS_OK(result)) { 654 talloc_free(tmp_ctx); 655 return result; 656 } 657 658 result = winreg_printer_addform1(mem_ctx, 659 b, 660 form); 661 662 talloc_free(tmp_ctx); 663 return result; 409 664 } 410 665 411 666 WERROR winreg_printer_setform1_internal(TALLOC_CTX *mem_ctx, 412 const struct auth_se rversupplied_info *session_info,667 const struct auth_session_info *session_info, 413 668 struct messaging_context *msg_ctx, 414 669 const char *form_name, … … 417 672 WERROR result; 418 673 struct dcerpc_binding_handle *b; 419 420 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 421 W_ERROR_NOT_OK_RETURN(result); 422 423 return winreg_printer_setform1(mem_ctx, b, 424 form_name, 425 form); 674 TALLOC_CTX *tmp_ctx; 675 676 tmp_ctx = talloc_stackframe(); 677 if (tmp_ctx == NULL) { 678 return WERR_NOMEM; 679 } 680 681 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 682 if (!W_ERROR_IS_OK(result)) { 683 talloc_free(tmp_ctx); 684 return result; 685 } 686 687 result = winreg_printer_setform1(mem_ctx, 688 b, 689 form_name, 690 form); 691 692 talloc_free(tmp_ctx); 693 return result; 426 694 } 427 695 428 696 WERROR winreg_printer_deleteform1_internal(TALLOC_CTX *mem_ctx, 429 const struct auth_se rversupplied_info *session_info,697 const struct auth_session_info *session_info, 430 698 struct messaging_context *msg_ctx, 431 699 const char *form_name) … … 433 701 WERROR result; 434 702 struct dcerpc_binding_handle *b; 435 436 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 437 W_ERROR_NOT_OK_RETURN(result); 438 439 return winreg_printer_deleteform1(mem_ctx, b, 440 form_name); 703 TALLOC_CTX *tmp_ctx; 704 705 tmp_ctx = talloc_stackframe(); 706 if (tmp_ctx == NULL) { 707 return WERR_NOMEM; 708 } 709 710 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 711 if (!W_ERROR_IS_OK(result)) { 712 talloc_free(tmp_ctx); 713 return result; 714 } 715 716 result = winreg_printer_deleteform1(mem_ctx, 717 b, 718 form_name); 719 720 talloc_free(tmp_ctx); 721 return result; 441 722 } 442 723 443 724 WERROR winreg_enum_printer_key_internal(TALLOC_CTX *mem_ctx, 444 const struct auth_se rversupplied_info *session_info,725 const struct auth_session_info *session_info, 445 726 struct messaging_context *msg_ctx, 446 727 const char *printer, … … 451 732 WERROR result; 452 733 struct dcerpc_binding_handle *b; 453 454 result = winreg_printer_binding_handle(mem_ctx, session_info, msg_ctx, &b); 455 W_ERROR_NOT_OK_RETURN(result); 456 457 return winreg_enum_printer_key(mem_ctx, b, 458 printer, 459 key, 460 pnum_subkeys, 461 psubkeys); 462 } 734 TALLOC_CTX *tmp_ctx; 735 736 tmp_ctx = talloc_stackframe(); 737 if (tmp_ctx == NULL) { 738 return WERR_NOMEM; 739 } 740 741 result = winreg_printer_binding_handle(tmp_ctx, session_info, msg_ctx, &b); 742 if (!W_ERROR_IS_OK(result)) { 743 talloc_free(tmp_ctx); 744 return result; 745 } 746 747 result = winreg_enum_printer_key(mem_ctx, 748 b, 749 printer, 750 key, 751 pnum_subkeys, 752 psubkeys); 753 754 talloc_free(tmp_ctx); 755 return result; 756 } -
vendor/current/source3/rpc_server/spoolss/srv_spoolss_util.h
r740 r988 23 23 #define _SRV_SPOOLSS_UITL_H 24 24 25 struct auth_se rversupplied_info;25 struct auth_session_info; 26 26 struct dcerpc_binding_handle; 27 27 28 28 WERROR winreg_printer_binding_handle(TALLOC_CTX *mem_ctx, 29 const struct auth_se rversupplied_info *session_info,29 const struct auth_session_info *session_info, 30 30 struct messaging_context *msg_ctx, 31 31 struct dcerpc_binding_handle **winreg_binding_handle); 32 32 33 33 WERROR winreg_delete_printer_key_internal(TALLOC_CTX *mem_ctx, 34 const struct auth_se rversupplied_info *session_info,34 const struct auth_session_info *session_info, 35 35 struct messaging_context *msg_ctx, 36 36 const char *printer, 37 37 const char *key); 38 38 WERROR winreg_printer_update_changeid_internal(TALLOC_CTX *mem_ctx, 39 const struct auth_se rversupplied_info *session_info,39 const struct auth_session_info *session_info, 40 40 struct messaging_context *msg_ctx, 41 41 const char *printer); 42 42 WERROR winreg_printer_get_changeid_internal(TALLOC_CTX *mem_ctx, 43 const struct auth_se rversupplied_info *session_info,43 const struct auth_session_info *session_info, 44 44 struct messaging_context *msg_ctx, 45 45 const char *printer, 46 46 uint32_t *pchangeid); 47 47 WERROR winreg_get_printer_internal(TALLOC_CTX *mem_ctx, 48 const struct auth_se rversupplied_info *session_info,48 const struct auth_session_info *session_info, 49 49 struct messaging_context *msg_ctx, 50 50 const char *printer, 51 51 struct spoolss_PrinterInfo2 **pinfo2); 52 52 WERROR winreg_create_printer_internal(TALLOC_CTX *mem_ctx, 53 const struct auth_se rversupplied_info *session_info,53 const struct auth_session_info *session_info, 54 54 struct messaging_context *msg_ctx, 55 55 const char *sharename); 56 56 WERROR winreg_update_printer_internal(TALLOC_CTX *mem_ctx, 57 const struct auth_se rversupplied_info *session_info,57 const struct auth_session_info *session_info, 58 58 struct messaging_context *msg_ctx, 59 59 const char *sharename, … … 63 63 struct security_descriptor *secdesc); 64 64 WERROR winreg_set_printer_dataex_internal(TALLOC_CTX *mem_ctx, 65 const struct auth_se rversupplied_info *session_info,65 const struct auth_session_info *session_info, 66 66 struct messaging_context *msg_ctx, 67 67 const char *printer, … … 72 72 uint32_t data_size); 73 73 WERROR winreg_enum_printer_dataex_internal(TALLOC_CTX *mem_ctx, 74 const struct auth_se rversupplied_info *session_info,74 const struct auth_session_info *session_info, 75 75 struct messaging_context *msg_ctx, 76 76 const char *printer, … … 79 79 struct spoolss_PrinterEnumValues **penum_values); 80 80 WERROR winreg_get_printer_dataex_internal(TALLOC_CTX *mem_ctx, 81 const struct auth_se rversupplied_info *session_info,81 const struct auth_session_info *session_info, 82 82 struct messaging_context *msg_ctx, 83 83 const char *printer, … … 88 88 uint32_t *data_size); 89 89 WERROR winreg_delete_printer_dataex_internal(TALLOC_CTX *mem_ctx, 90 const struct auth_se rversupplied_info *session_info,90 const struct auth_session_info *session_info, 91 91 struct messaging_context *msg_ctx, 92 92 const char *printer, … … 94 94 const char *value); 95 95 WERROR winreg_get_driver_internal(TALLOC_CTX *mem_ctx, 96 const struct auth_se rversupplied_info *session_info,96 const struct auth_session_info *session_info, 97 97 struct messaging_context *msg_ctx, 98 98 const char *architecture, … … 101 101 struct spoolss_DriverInfo8 **_info8); 102 102 WERROR winreg_get_driver_list_internal(TALLOC_CTX *mem_ctx, 103 const struct auth_se rversupplied_info *session_info,103 const struct auth_session_info *session_info, 104 104 struct messaging_context *msg_ctx, 105 105 const char *architecture, … … 108 108 const char ***drivers_p); 109 109 WERROR winreg_del_driver_internal(TALLOC_CTX *mem_ctx, 110 const struct auth_se rversupplied_info *session_info,110 const struct auth_session_info *session_info, 111 111 struct messaging_context *msg_ctx, 112 112 struct spoolss_DriverInfo8 *info8, 113 113 uint32_t version); 114 114 WERROR winreg_add_driver_internal(TALLOC_CTX *mem_ctx, 115 const struct auth_se rversupplied_info *session_info,115 const struct auth_session_info *session_info, 116 116 struct messaging_context *msg_ctx, 117 117 struct spoolss_AddDriverInfoCtr *r, … … 119 119 uint32_t *driver_version); 120 120 WERROR winreg_get_printer_secdesc_internal(TALLOC_CTX *mem_ctx, 121 const struct auth_se rversupplied_info *session_info,121 const struct auth_session_info *session_info, 122 122 struct messaging_context *msg_ctx, 123 123 const char *sharename, 124 124 struct spoolss_security_descriptor **psecdesc); 125 125 WERROR winreg_set_printer_secdesc_internal(TALLOC_CTX *mem_ctx, 126 const struct auth_se rversupplied_info *session_info,126 const struct auth_session_info *session_info, 127 127 struct messaging_context *msg_ctx, 128 128 const char *sharename, 129 129 const struct spoolss_security_descriptor *secdesc); 130 130 WERROR winreg_printer_enumforms1_internal(TALLOC_CTX *mem_ctx, 131 const struct auth_se rversupplied_info *session_info,131 const struct auth_session_info *session_info, 132 132 struct messaging_context *msg_ctx, 133 133 uint32_t *pnum_info, 134 134 union spoolss_FormInfo **pinfo); 135 135 WERROR winreg_printer_getform1_internal(TALLOC_CTX *mem_ctx, 136 const struct auth_se rversupplied_info *session_info,136 const struct auth_session_info *session_info, 137 137 struct messaging_context *msg_ctx, 138 138 const char *form_name, 139 139 struct spoolss_FormInfo1 *r); 140 140 WERROR winreg_printer_addform1_internal(TALLOC_CTX *mem_ctx, 141 const struct auth_se rversupplied_info *session_info,141 const struct auth_session_info *session_info, 142 142 struct messaging_context *msg_ctx, 143 143 struct spoolss_AddFormInfo1 *form); 144 144 WERROR winreg_printer_setform1_internal(TALLOC_CTX *mem_ctx, 145 const struct auth_se rversupplied_info *session_info,145 const struct auth_session_info *session_info, 146 146 struct messaging_context *msg_ctx, 147 147 const char *form_name, 148 148 struct spoolss_AddFormInfo1 *form); 149 149 WERROR winreg_printer_deleteform1_internal(TALLOC_CTX *mem_ctx, 150 const struct auth_se rversupplied_info *session_info,150 const struct auth_session_info *session_info, 151 151 struct messaging_context *msg_ctx, 152 152 const char *form_name); 153 153 WERROR winreg_enum_printer_key_internal(TALLOC_CTX *mem_ctx, 154 const struct auth_se rversupplied_info *session_info,154 const struct auth_session_info *session_info, 155 155 struct messaging_context *msg_ctx, 156 156 const char *printer, -
vendor/current/source3/rpc_server/srv_access_check.c
r746 r988 29 29 30 30 #include "includes.h" 31 #include "system/passwd.h" /* uid_wrapper */ 31 32 #include "rpc_server/srv_access_check.h" 32 33 #include "../libcli/security/security.h" … … 47 48 NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token, 48 49 enum sec_privilege needed_priv_1, enum sec_privilege needed_priv_2, 49 uint32 rights_mask,50 uint32 des_access, uint32*acc_granted,50 uint32_t rights_mask, 51 uint32_t des_access, uint32_t *acc_granted, 51 52 const char *debug ) 52 53 { 53 54 NTSTATUS status = NT_STATUS_ACCESS_DENIED; 54 uint32 saved_mask = 0;55 uint32_t saved_mask = 0; 55 56 bool priv_granted = false; 57 bool is_system = false; 58 bool is_root = false; 59 60 /* Check if we are are the system token */ 61 if (security_token_is_system(token) && 62 security_token_system_privilege(token)) { 63 is_system = true; 64 } 65 66 /* Check if we are root */ 67 if (root_mode()) { 68 is_root = true; 69 } 70 71 /* Check if we are root */ 56 72 57 73 /* check privileges; certain SAM access bits should be overridden … … 71 87 72 88 /* check the security descriptor first */ 73 74 89 status = se_access_check(psd, token, des_access, acc_granted); 75 90 if (NT_STATUS_IS_OK(status)) { … … 77 92 } 78 93 79 /* give root a free pass */ 80 81 if ( geteuid() == sec_initial_uid() ) { 82 94 if (is_system || is_root) { 83 95 DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access)); 84 DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n")); 96 DEBUGADD(4,("but overritten by %s\n", 97 is_root ? "euid == initial uid" : "system token")); 85 98 86 99 priv_granted = true; … … 122 135 123 136 /* At least try for generic read|execute - Everyone gets that. */ 124 *pacc_requested = GENERIC_READ_ACCESS|GENERIC_EXECUTE_ACCESS;137 *pacc_requested |= GENERIC_READ_ACCESS|GENERIC_EXECUTE_ACCESS; 125 138 126 139 /* root gets anything. */ -
vendor/current/source3/rpc_server/srv_access_check.h
r740 r988 35 35 NTSTATUS access_check_object( struct security_descriptor *psd, struct security_token *token, 36 36 enum sec_privilege needed_priv_1, enum sec_privilege needed_priv_2, 37 uint32 rights_mask,38 uint32 des_access, uint32*acc_granted,37 uint32_t rights_mask, 38 uint32_t des_access, uint32_t *acc_granted, 39 39 const char *debug ); 40 40 void map_max_allowed_access(const struct security_token *nt_token, -
vendor/current/source3/rpc_server/srv_pipe.c
r919 r988 31 31 #include "system/filesys.h" 32 32 #include "srv_pipe_internal.h" 33 #include "../librpc/gen_ndr/ndr_schannel.h" 34 #include "../libcli/auth/schannel.h" 35 #include "../libcli/auth/spnego.h" 36 #include "dcesrv_ntlmssp.h" 37 #include "dcesrv_gssapi.h" 38 #include "dcesrv_spnego.h" 33 #include "../librpc/gen_ndr/ndr_dcerpc.h" 34 #include "../librpc/rpc/rpc_common.h" 35 #include "dcesrv_auth_generic.h" 39 36 #include "rpc_server.h" 40 37 #include "rpc_dce.h" … … 43 40 #include "ntdomain.h" 44 41 #include "rpc_server/srv_pipe.h" 45 #include "../librpc/gen_ndr/ndr_dcerpc.h" 46 #include "../librpc/ndr/ndr_dcerpc.h" 42 #include "rpc_server/rpc_contexts.h" 43 #include "lib/param/param.h" 44 #include "librpc/ndr/ndr_table.h" 45 #include "auth/gensec/gensec.h" 46 #include "librpc/ndr/ndr_dcerpc.h" 47 #include "lib/tsocket/tsocket.h" 47 48 #include "../librpc/gen_ndr/ndr_samr.h" 48 49 #include "../librpc/gen_ndr/ndr_lsa.h" … … 53 54 #undef DBGC_CLASS 54 55 #define DBGC_CLASS DBGC_RPC_SRV 56 57 static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p); 55 58 56 59 /** … … 147 150 data_left, 148 151 RPC_MAX_PDU_FRAG_LEN, 149 SERVER_NDR_PADDING_SIZE,150 152 &data_to_send, &frag_len, 151 153 &auth_len, &pad_len); … … 343 345 struct ndr_syntax_id* abstract, 344 346 struct ndr_syntax_id* transfer, 345 uint32 context_id)347 uint32_t context_id) 346 348 { 347 349 struct pipe_rpc_fns *context_fns; 350 bool ok; 348 351 const char *interface_name = NULL; 349 bool ok; 350 351 DEBUG(3,("check_bind_req for %s\n", 352 get_pipe_name_from_syntax(talloc_tos(), abstract))); 353 354 ok = ndr_syntax_id_equal(transfer, &ndr_transfer_syntax); 352 353 DEBUG(3,("check_bind_req for %s context_id=%u\n", 354 ndr_interface_name(&abstract->uuid, 355 abstract->if_version), 356 (unsigned)context_id)); 357 358 ok = ndr_syntax_id_equal(transfer, &ndr_transfer_syntax_ndr); 355 359 if (!ok) { 356 360 DEBUG(1,("check_bind_req unknown transfer syntax for " 357 361 "%s context_id=%u\n", 358 get_pipe_name_from_syntax(talloc_tos(), abstract), 362 ndr_interface_name(&abstract->uuid, 363 abstract->if_version), 359 364 (unsigned)context_id)); 360 365 return false; … … 377 382 DEBUG(1,("check_bind_req: changing abstract syntax for " 378 383 "%s context_id=%u into %s not supported\n", 379 get_pipe_name_from_syntax(talloc_tos(), &context_fns->syntax), 384 ndr_interface_name(&context_fns->syntax.uuid, 385 context_fns->syntax.if_version), 380 386 (unsigned)context_id, 381 get_pipe_name_from_syntax(talloc_tos(), abstract))); 387 ndr_interface_name(&abstract->uuid, 388 abstract->if_version))); 382 389 return false; 383 390 } … … 392 399 rpc_srv_get_pipe_srv_name(abstract))); 393 400 394 context_fns = SMB_MALLOC_P(struct pipe_rpc_fns); 401 ok = init_pipe_handles(p, abstract); 402 if (!ok) { 403 DEBUG(1, ("Failed to init pipe handles!\n")); 404 return false; 405 } 406 407 context_fns = talloc_zero(p, struct pipe_rpc_fns); 395 408 if (context_fns == NULL) { 396 DEBUG(0,("check_bind_req: malloc() failed!\n")); 397 return False; 398 } 399 400 interface_name = get_pipe_name_from_syntax(talloc_tos(), 401 abstract); 402 409 DEBUG(0,("check_bind_req: talloc() failed!\n")); 410 return false; 411 } 412 413 interface_name = ndr_interface_name(&abstract->uuid, 414 abstract->if_version); 403 415 SMB_ASSERT(interface_name != NULL); 404 416 … … 411 423 context_fns->allow_connect = lp_allow_dcerpc_auth_level_connect(); 412 424 /* 413 * for the samr and the lsarpcinterfaces we don't allow "connect"425 * for the samr, lsarpc and netlogon interfaces we don't allow "connect" 414 426 * auth_level by default. 415 427 */ … … 458 470 /** 459 471 * Is a named pipe known? 460 * @param[in] cli_filename The pipe name requested by the client472 * @param[in] pipename Just the filename 461 473 * @result Do we want to serve this? 462 474 */ 463 bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax) 464 { 465 const char *pipename = cli_filename; 475 bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax) 476 { 466 477 NTSTATUS status; 467 468 if (strnequal(pipename, "\\PIPE\\", 6)) {469 pipename += 5;470 }471 472 if (*pipename == '\\') {473 pipename += 1;474 }475 478 476 479 if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { … … 485 488 status = smb_probe_module("rpc", pipename); 486 489 if (!NT_STATUS_IS_OK(status)) { 487 DEBUG(10, ("is_known_pipename: %s unknown\n", cli_filename));490 DEBUG(10, ("is_known_pipename: %s unknown\n", pipename)); 488 491 return false; 489 492 } … … 501 504 502 505 return false; 503 }504 505 /*******************************************************************506 Handle the first part of a SPNEGO bind auth.507 *******************************************************************/508 509 static bool pipe_spnego_auth_bind(struct pipes_struct *p,510 TALLOC_CTX *mem_ctx,511 struct dcerpc_auth *auth_info,512 DATA_BLOB *response)513 {514 struct spnego_context *spnego_ctx;515 NTSTATUS status;516 517 status = spnego_server_auth_start(p,518 (auth_info->auth_level ==519 DCERPC_AUTH_LEVEL_INTEGRITY),520 (auth_info->auth_level ==521 DCERPC_AUTH_LEVEL_PRIVACY),522 true,523 &auth_info->credentials,524 response,525 &spnego_ctx);526 if (!NT_STATUS_IS_OK(status)) {527 DEBUG(0, ("Failed SPNEGO negotiate (%s)\n",528 nt_errstr(status)));529 return false;530 }531 532 /* Make sure data is bound to the memctx, to be freed the caller */533 talloc_steal(mem_ctx, response->data);534 535 p->auth.auth_ctx = spnego_ctx;536 p->auth.auth_type = DCERPC_AUTH_TYPE_SPNEGO;537 p->auth.auth_context_id = auth_info->auth_context_id;538 539 DEBUG(10, ("SPNEGO auth started\n"));540 541 return true;542 }543 544 /*******************************************************************545 Handle an schannel bind auth.546 *******************************************************************/547 548 static bool pipe_schannel_auth_bind(struct pipes_struct *p,549 TALLOC_CTX *mem_ctx,550 struct dcerpc_auth *auth_info,551 DATA_BLOB *response)552 {553 struct NL_AUTH_MESSAGE neg;554 struct NL_AUTH_MESSAGE reply;555 bool ret;556 NTSTATUS status;557 struct netlogon_creds_CredentialState *creds;558 enum ndr_err_code ndr_err;559 struct schannel_state *schannel_auth;560 561 ndr_err = ndr_pull_struct_blob(562 &auth_info->credentials, mem_ctx, &neg,563 (ndr_pull_flags_fn_t)ndr_pull_NL_AUTH_MESSAGE);564 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {565 DEBUG(0,("pipe_schannel_auth_bind: Could not unmarshal SCHANNEL auth neg\n"));566 return false;567 }568 569 if (DEBUGLEVEL >= 10) {570 NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &neg);571 }572 573 if (!(neg.Flags & NL_FLAG_OEM_NETBIOS_COMPUTER_NAME)) {574 DEBUG(0,("pipe_schannel_auth_bind: Did not receive netbios computer name\n"));575 return false;576 }577 578 /*579 * The neg.oem_netbios_computer.a key here must match the remote computer name580 * given in the DOM_CLNT_SRV.uni_comp_name used on all netlogon pipe581 * operations that use credentials.582 */583 584 become_root();585 status = schannel_get_creds_state(p, lp_private_dir(),586 neg.oem_netbios_computer.a, &creds);587 unbecome_root();588 589 if (!NT_STATUS_IS_OK(status)) {590 DEBUG(0, ("pipe_schannel_auth_bind: Attempt to bind using schannel without successful serverauth2\n"));591 return False;592 }593 594 schannel_auth = talloc(p, struct schannel_state);595 if (!schannel_auth) {596 TALLOC_FREE(creds);597 return False;598 }599 600 schannel_auth->state = SCHANNEL_STATE_START;601 schannel_auth->seq_num = 0;602 schannel_auth->initiator = false;603 schannel_auth->creds = creds;604 605 /*606 * JRA. Should we also copy the schannel session key into the pipe session key p->session_key607 * here ? We do that for NTLMSSP, but the session key is already set up from the vuser608 * struct of the person who opened the pipe. I need to test this further. JRA.609 *610 * VL. As we are mapping this to guest set the generic key611 * "SystemLibraryDTC" key here. It's a bit difficult to test against612 * W2k3, as it does not allow schannel binds against SAMR and LSA613 * anymore.614 */615 616 ret = session_info_set_session_key(p->session_info, generic_session_key());617 618 if (!ret) {619 DEBUG(0, ("session_info_set_session_key failed\n"));620 return false;621 }622 623 /*** SCHANNEL verifier ***/624 625 reply.MessageType = NL_NEGOTIATE_RESPONSE;626 reply.Flags = 0;627 reply.Buffer.dummy = 5; /* ??? actually I don't think628 * this has any meaning629 * here - gd */630 631 ndr_err = ndr_push_struct_blob(response, mem_ctx, &reply,632 (ndr_push_flags_fn_t)ndr_push_NL_AUTH_MESSAGE);633 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {634 DEBUG(0,("Failed to marshall NL_AUTH_MESSAGE.\n"));635 return false;636 }637 638 if (DEBUGLEVEL >= 10) {639 NDR_PRINT_DEBUG(NL_AUTH_MESSAGE, &reply);640 }641 642 DEBUG(10,("pipe_schannel_auth_bind: schannel auth: domain [%s] myname [%s]\n",643 neg.oem_netbios_domain.a, neg.oem_netbios_computer.a));644 645 /* We're finished with this bind - no more packets. */646 p->auth.auth_ctx = schannel_auth;647 p->auth.auth_type = DCERPC_AUTH_TYPE_SCHANNEL;648 p->auth.auth_context_id = auth_info->auth_context_id;649 650 p->pipe_bound = True;651 652 return True;653 506 } 654 507 … … 657 510 *******************************************************************/ 658 511 659 static bool pipe_ ntlmssp_auth_bind(struct pipes_struct *p,660 TALLOC_CTX *mem_ctx,512 static bool pipe_auth_generic_bind(struct pipes_struct *p, 513 struct ncacn_packet *pkt, 661 514 struct dcerpc_auth *auth_info, 662 515 DATA_BLOB *response) 663 516 { 664 struct auth_ntlmssp_state *ntlmssp_state = NULL; 517 TALLOC_CTX *mem_ctx = pkt; 518 struct gensec_security *gensec_security = NULL; 665 519 NTSTATUS status; 666 520 667 if (strncmp((char *)auth_info->credentials.data, "NTLMSSP", 7) != 0) { 668 DEBUG(0, ("Failed to read NTLMSSP in blob\n")); 669 return false; 670 } 671 672 /* We have an NTLMSSP blob. */ 673 status = ntlmssp_server_auth_start(p, 674 (auth_info->auth_level == 675 DCERPC_AUTH_LEVEL_INTEGRITY), 676 (auth_info->auth_level == 677 DCERPC_AUTH_LEVEL_PRIVACY), 678 true, 679 &auth_info->credentials, 680 response, 681 &ntlmssp_state); 682 if (!NT_STATUS_EQUAL(status, NT_STATUS_OK)) { 683 DEBUG(0, (__location__ ": auth_ntlmssp_start failed: %s\n", 684 nt_errstr(status))); 521 status = auth_generic_server_authtype_start(p, 522 auth_info->auth_type, 523 auth_info->auth_level, 524 &auth_info->credentials, 525 response, 526 p->remote_address, 527 &gensec_security); 528 if (!NT_STATUS_IS_OK(status) && 529 !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) 530 { 531 DEBUG(0, (__location__ ": auth_generic_server_authtype_start[%u/%u] failed: %s\n", 532 auth_info->auth_type, auth_info->auth_level, nt_errstr(status))); 685 533 return false; 686 534 } … … 689 537 talloc_steal(mem_ctx, response->data); 690 538 691 p->auth.auth_ctx = ntlmssp_state; 692 p->auth.auth_type = DCERPC_AUTH_TYPE_NTLMSSP; 539 p->auth.auth_ctx = gensec_security; 540 p->auth.auth_type = auth_info->auth_type; 541 p->auth.auth_level = auth_info->auth_level; 693 542 p->auth.auth_context_id = auth_info->auth_context_id; 694 543 695 DEBUG(10, (__location__ ": NTLMSSP auth started\n")); 544 if (pkt->pfc_flags & DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN) { 545 p->auth.client_hdr_signing = true; 546 p->auth.hdr_signing = gensec_have_feature(gensec_security, 547 GENSEC_FEATURE_SIGN_PKT_HEADER); 548 } 549 550 if (p->auth.hdr_signing) { 551 gensec_want_feature(gensec_security, 552 GENSEC_FEATURE_SIGN_PKT_HEADER); 553 } 554 555 if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { 556 return true; 557 } 558 559 status = pipe_auth_verify_final(p); 560 if (!NT_STATUS_IS_OK(status)) { 561 DEBUG(0, ("pipe_auth_verify_final failed: %s\n", 562 nt_errstr(status))); 563 return false; 564 } 696 565 697 566 return true; … … 705 574 *******************************************************************/ 706 575 707 static bool pipe_ ntlmssp_verify_final(TALLOC_CTX *mem_ctx,708 struct auth_ntlmssp_state *ntlmssp_ctx,576 static bool pipe_auth_generic_verify_final(TALLOC_CTX *mem_ctx, 577 struct gensec_security *gensec_security, 709 578 enum dcerpc_AuthLevel auth_level, 710 struct client_address *client_id, 711 struct ndr_syntax_id *syntax, 712 struct auth_serversupplied_info **session_info) 579 struct auth_session_info **session_info) 713 580 { 714 581 NTSTATUS status; 715 582 bool ret; 716 583 717 DEBUG(5, (__location__ ": pipe %s checking user details\n", 718 get_pipe_name_from_syntax(talloc_tos(), syntax))); 584 DEBUG(5, (__location__ ": checking user details\n")); 719 585 720 586 /* Finally - if the pipe negotiated integrity (sign) or privacy (seal) … … 722 588 refuse the bind. */ 723 589 724 status = ntlmssp_server_check_flags(ntlmssp_ctx,590 status = auth_generic_server_check_flags(gensec_security, 725 591 (auth_level == 726 592 DCERPC_AUTH_LEVEL_INTEGRITY), … … 729 595 if (!NT_STATUS_IS_OK(status)) { 730 596 DEBUG(0, (__location__ ": Client failed to negotatie proper " 731 "security for pipe %s\n", 732 get_pipe_name_from_syntax(talloc_tos(), syntax))); 597 "security for rpc connection\n")); 733 598 return false; 734 599 } … … 736 601 TALLOC_FREE(*session_info); 737 602 738 status = ntlmssp_server_get_user_info(ntlmssp_ctx,603 status = auth_generic_server_get_user_info(gensec_security, 739 604 mem_ctx, session_info); 740 605 if (!NT_STATUS_IS_OK(status)) { … … 746 611 if ((*session_info)->security_token == NULL) { 747 612 DEBUG(1, ("Auth module failed to provide nt_user_token\n")); 613 return false; 614 } 615 616 if ((*session_info)->unix_token == NULL) { 617 DEBUG(1, ("Auth module failed to provide unix_token\n")); 748 618 return false; 749 619 } … … 764 634 } 765 635 766 /*******************************************************************767 Handle a GSSAPI bind auth.768 *******************************************************************/769 770 static bool pipe_gssapi_auth_bind(struct pipes_struct *p,771 TALLOC_CTX *mem_ctx,772 struct dcerpc_auth *auth_info,773 DATA_BLOB *response)774 {775 NTSTATUS status;776 struct gse_context *gse_ctx = NULL;777 778 status = gssapi_server_auth_start(p,779 (auth_info->auth_level ==780 DCERPC_AUTH_LEVEL_INTEGRITY),781 (auth_info->auth_level ==782 DCERPC_AUTH_LEVEL_PRIVACY),783 true,784 &auth_info->credentials,785 response,786 &gse_ctx);787 if (!NT_STATUS_IS_OK(status)) {788 DEBUG(0, ("Failed to init dcerpc gssapi server (%s)\n",789 nt_errstr(status)));790 goto err;791 }792 793 /* Make sure data is bound to the memctx, to be freed the caller */794 talloc_steal(mem_ctx, response->data);795 796 p->auth.auth_ctx = gse_ctx;797 p->auth.auth_type = DCERPC_AUTH_TYPE_KRB5;798 799 DEBUG(10, ("KRB5 auth started\n"));800 801 return true;802 803 err:804 TALLOC_FREE(gse_ctx);805 return false;806 }807 808 static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,809 struct gse_context *gse_ctx,810 struct client_address *client_id,811 struct auth_serversupplied_info **session_info)812 {813 NTSTATUS status;814 bool bret;815 816 /* Finally - if the pipe negotiated integrity (sign) or privacy (seal)817 ensure the underlying flags are also set. If not we should818 refuse the bind. */819 820 status = gssapi_server_check_flags(gse_ctx);821 if (!NT_STATUS_IS_OK(status)) {822 DEBUG(0, ("Requested Security Layers not honored!\n"));823 return status;824 }825 826 status = gssapi_server_get_user_info(gse_ctx, mem_ctx,827 client_id, session_info);828 if (!NT_STATUS_IS_OK(status)) {829 DEBUG(0, (__location__ ": failed to obtain the server info "830 "for authenticated user: %s\n", nt_errstr(status)));831 return status;832 }833 834 if ((*session_info)->security_token == NULL) {835 status = create_local_token(*session_info);836 if (!NT_STATUS_IS_OK(status)) {837 DEBUG(1, ("Failed to create local user token (%s)\n",838 nt_errstr(status)));839 status = NT_STATUS_ACCESS_DENIED;840 return status;841 }842 }843 844 /* TODO: this is what the ntlmssp code does with the session_key, check845 * it is ok with gssapi too */846 /*847 * We're an authenticated bind over smb, so the session key needs to848 * be set to "SystemLibraryDTC". Weird, but this is what Windows849 * does. See the RPC-SAMBA3SESSIONKEY.850 */851 852 bret = session_info_set_session_key((*session_info), generic_session_key());853 if (!bret) {854 return NT_STATUS_ACCESS_DENIED;855 }856 857 return NT_STATUS_OK;858 }859 860 636 static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) 861 637 { 862 enum spnego_mech auth_type; 863 struct auth_ntlmssp_state *ntlmssp_ctx; 864 struct spnego_context *spnego_ctx; 865 struct gse_context *gse_ctx; 866 void *mech_ctx; 867 NTSTATUS status; 638 struct gensec_security *gensec_security; 639 bool ok; 868 640 869 641 if (p->auth.auth_type == DCERPC_AUTH_TYPE_NONE) { … … 872 644 } 873 645 874 switch (p->auth.auth_type) { 875 case DCERPC_AUTH_TYPE_NTLMSSP: 876 ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, 877 struct auth_ntlmssp_state); 878 if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx, 879 p->auth.auth_level, 880 p->client_id, &p->syntax, 881 &p->session_info)) { 882 return NT_STATUS_ACCESS_DENIED; 883 } 884 break; 885 case DCERPC_AUTH_TYPE_KRB5: 886 gse_ctx = talloc_get_type_abort(p->auth.auth_ctx, 887 struct gse_context); 888 status = pipe_gssapi_verify_final(p, gse_ctx, 889 p->client_id, 890 &p->session_info); 891 if (!NT_STATUS_IS_OK(status)) { 892 DEBUG(1, ("gssapi bind failed with: %s", 893 nt_errstr(status))); 894 return status; 895 } 896 break; 897 case DCERPC_AUTH_TYPE_SPNEGO: 898 spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx, 899 struct spnego_context); 900 status = spnego_get_negotiated_mech(spnego_ctx, 901 &auth_type, &mech_ctx); 902 if (!NT_STATUS_IS_OK(status)) { 903 DEBUG(0, ("Bad SPNEGO state (%s)\n", 904 nt_errstr(status))); 905 return status; 906 } 907 switch(auth_type) { 908 case SPNEGO_KRB5: 909 gse_ctx = talloc_get_type_abort(mech_ctx, 910 struct gse_context); 911 status = pipe_gssapi_verify_final(p, gse_ctx, 912 p->client_id, 913 &p->session_info); 914 if (!NT_STATUS_IS_OK(status)) { 915 DEBUG(1, ("gssapi bind failed with: %s", 916 nt_errstr(status))); 917 return status; 918 } 919 break; 920 case SPNEGO_NTLMSSP: 921 ntlmssp_ctx = talloc_get_type_abort(mech_ctx, 922 struct auth_ntlmssp_state); 923 if (!pipe_ntlmssp_verify_final(p, ntlmssp_ctx, 924 p->auth.auth_level, 925 p->client_id, 926 &p->syntax, 927 &p->session_info)) { 928 return NT_STATUS_ACCESS_DENIED; 929 } 930 break; 931 default: 932 DEBUG(0, (__location__ ": incorrect spnego type " 933 "(%d).\n", auth_type)); 934 return NT_STATUS_ACCESS_DENIED; 935 } 936 break; 937 default: 938 DEBUG(0, (__location__ ": incorrect auth type (%u).\n", 939 (unsigned int)p->auth.auth_type)); 646 gensec_security = p->auth.auth_ctx; 647 648 ok = pipe_auth_generic_verify_final(p, gensec_security, 649 p->auth.auth_level, 650 &p->session_info); 651 if (!ok) { 940 652 return NT_STATUS_ACCESS_DENIED; 941 653 } … … 953 665 struct ncacn_packet *pkt) 954 666 { 955 struct dcerpc_auth auth_info; 956 uint16 assoc_gid; 957 unsigned int auth_type = DCERPC_AUTH_TYPE_NONE; 667 struct dcerpc_auth auth_info = {0}; 668 uint16_t assoc_gid; 958 669 NTSTATUS status; 959 670 struct ndr_syntax_id id; 671 uint8_t pfc_flags = 0; 960 672 union dcerpc_payload u; 961 673 struct dcerpc_ack_ctx bind_ack_ctx; 962 674 DATA_BLOB auth_resp = data_blob_null; 963 675 DATA_BLOB auth_blob = data_blob_null; 676 const struct ndr_interface_table *table; 964 677 965 678 if (!p->allow_bind) { … … 1003 716 */ 1004 717 id = pkt->u.bind.ctx_list[0].abstract_syntax; 718 719 table = ndr_table_by_uuid(&id.uuid); 720 if (table == NULL) { 721 DEBUG(0,("unknown interface\n")); 722 return false; 723 } 724 1005 725 if (rpc_srv_pipe_exists_by_id(&id)) { 1006 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",1007 rpc_srv_get_pipe_cli_name(&id),1008 rpc_srv_get_pipe_srv_name(&id)));726 DEBUG(3, ("api_pipe_bind_req: %s -> %s rpc service\n", 727 rpc_srv_get_pipe_cli_name(&id), 728 rpc_srv_get_pipe_srv_name(&id))); 1009 729 } else { 1010 730 status = smb_probe_module( 1011 "rpc", get_pipe_name_from_syntax( 1012 talloc_tos(), 1013 &pkt->u.bind.ctx_list[0].abstract_syntax)); 731 "rpc", dcerpc_default_transport_endpoint(pkt, 732 NCACN_NP, table)); 1014 733 1015 734 if (NT_STATUS_IS_ERR(status)) { 1016 DEBUG(3,("api_pipe_bind_req: Unknown pipe name %s in bind request.\n", 1017 get_pipe_name_from_syntax(1018 talloc_tos(),1019 &pkt->u.bind.ctx_list[0].abstract_syntax)));735 DEBUG(3,("api_pipe_bind_req: Unknown rpc service name " 736 "%s in bind request.\n", 737 ndr_interface_name(&id.uuid, 738 id.if_version))); 1020 739 1021 740 return setup_bind_nak(p, pkt); … … 1023 742 1024 743 if (rpc_srv_get_pipe_interface_by_cli_name( 1025 get_pipe_name_from_syntax(talloc_tos(),1026 &p->syntax),744 dcerpc_default_transport_endpoint(pkt, 745 NCACN_NP, table), 1027 746 &id)) { 1028 DEBUG(3, ("api_pipe_bind_req: \\PIPE\\%s -> \\PIPE\\%s\n",1029 rpc_srv_get_pipe_cli_name(&id),1030 rpc_srv_get_pipe_srv_name(&id)));747 DEBUG(3, ("api_pipe_bind_req: %s -> %s rpc service\n", 748 rpc_srv_get_pipe_cli_name(&id), 749 rpc_srv_get_pipe_srv_name(&id))); 1031 750 } else { 1032 751 DEBUG(0, ("module %s doesn't provide functions for " 1033 752 "pipe %s!\n", 1034 get_pipe_name_from_syntax(talloc_tos(),1035 &p->syntax),1036 get_pipe_name_from_syntax(talloc_tos(),1037 &p->syntax)));753 ndr_interface_name(&id.uuid, 754 id.if_version), 755 ndr_interface_name(&id.uuid, 756 id.if_version))); 1038 757 return setup_bind_nak(p, pkt); 1039 758 } … … 1064 783 1065 784 bind_ack_ctx.result = 0; 1066 bind_ack_ctx.reason = 0;785 bind_ack_ctx.reason.value = 0; 1067 786 bind_ack_ctx.syntax = pkt->u.bind.ctx_list[0].transfer_syntaxes[0]; 1068 787 } else { 1069 p->pipe_bound = False;1070 788 /* Rejection reason: abstract syntax not supported */ 1071 789 bind_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; 1072 bind_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX;1073 bind_ack_ctx.syntax = n ull_ndr_syntax_id;790 bind_ack_ctx.reason.value = DCERPC_BIND_REASON_ASYNTAX; 791 bind_ack_ctx.syntax = ndr_syntax_id_null; 1074 792 } 1075 793 … … 1089 807 } 1090 808 1091 auth_type = auth_info.auth_type; 1092 1093 /* Work out if we have to sign or seal etc. */ 1094 switch (auth_info.auth_level) { 1095 case DCERPC_AUTH_LEVEL_INTEGRITY: 1096 p->auth.auth_level = DCERPC_AUTH_LEVEL_INTEGRITY; 1097 break; 1098 case DCERPC_AUTH_LEVEL_PRIVACY: 1099 p->auth.auth_level = DCERPC_AUTH_LEVEL_PRIVACY; 1100 break; 1101 case DCERPC_AUTH_LEVEL_CONNECT: 1102 p->auth.auth_level = DCERPC_AUTH_LEVEL_CONNECT; 1103 break; 1104 default: 1105 DEBUG(0, ("Unexpected auth level (%u).\n", 1106 (unsigned int)auth_info.auth_level )); 809 if (!pipe_auth_generic_bind(p, pkt, 810 &auth_info, &auth_resp)) { 1107 811 goto err_exit; 1108 812 } 1109 1110 switch (auth_type) { 1111 case DCERPC_AUTH_TYPE_NTLMSSP: 1112 if (!pipe_ntlmssp_auth_bind(p, pkt, 1113 &auth_info, &auth_resp)) { 1114 goto err_exit; 1115 } 1116 assoc_gid = 0x7a77; 1117 break; 1118 1119 case DCERPC_AUTH_TYPE_SCHANNEL: 1120 if (!pipe_schannel_auth_bind(p, pkt, 1121 &auth_info, &auth_resp)) { 1122 goto err_exit; 1123 } 1124 break; 1125 1126 case DCERPC_AUTH_TYPE_SPNEGO: 1127 if (!pipe_spnego_auth_bind(p, pkt, 1128 &auth_info, &auth_resp)) { 1129 goto err_exit; 1130 } 1131 break; 1132 1133 case DCERPC_AUTH_TYPE_KRB5: 1134 if (!pipe_gssapi_auth_bind(p, pkt, 1135 &auth_info, &auth_resp)) { 1136 goto err_exit; 1137 } 1138 break; 1139 1140 case DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM: 1141 if (p->transport == NCALRPC && p->ncalrpc_as_system) { 1142 TALLOC_FREE(p->session_info); 1143 1144 status = make_session_info_system(p, 1145 &p->session_info); 1146 if (!NT_STATUS_IS_OK(status)) { 1147 goto err_exit; 1148 } 1149 1150 auth_resp = data_blob_talloc(pkt, 1151 "NCALRPC_AUTH_OK", 1152 15); 1153 1154 p->auth.auth_type = DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM; 1155 p->pipe_bound = true; 1156 } else { 1157 goto err_exit; 1158 } 1159 break; 1160 1161 case DCERPC_AUTH_TYPE_NONE: 1162 break; 1163 1164 default: 1165 DEBUG(0, ("Unknown auth type %x requested.\n", auth_type)); 1166 goto err_exit; 1167 } 1168 } 1169 1170 if (auth_type == DCERPC_AUTH_TYPE_NONE) { 1171 /* Unauthenticated bind request. */ 1172 /* We're finished - no more packets. */ 813 } else { 1173 814 p->auth.auth_type = DCERPC_AUTH_TYPE_NONE; 1174 /* We must set the pipe auth_level here also. */1175 815 p->auth.auth_level = DCERPC_AUTH_LEVEL_NONE; 1176 p->pipe_bound = True;1177 /* The session key was initialized from the SMB1178 * session in make_internal_rpc_pipe_p */1179 816 p->auth.auth_context_id = 0; 1180 817 } … … 1208 845 */ 1209 846 847 pfc_flags = DCERPC_PFC_FLAG_FIRST | DCERPC_PFC_FLAG_LAST; 848 849 if (p->auth.hdr_signing) { 850 pfc_flags |= DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN; 851 } 852 1210 853 status = dcerpc_push_ncacn_packet(p->mem_ctx, 1211 854 DCERPC_PKT_BIND_ACK, 1212 DCERPC_PFC_FLAG_FIRST | 1213 DCERPC_PFC_FLAG_LAST, 855 pfc_flags, 1214 856 auth_resp.length, 1215 857 pkt->call_id, … … 1224 866 if (auth_resp.length) { 1225 867 status = dcerpc_push_dcerpc_auth(pkt, 1226 auth_type,1227 auth_info.auth_level,868 p->auth.auth_type, 869 p->auth.auth_level, 1228 870 0, /* pad_len */ 1229 871 p->auth.auth_context_id, … … 1291 933 struct dcerpc_auth auth_info; 1292 934 DATA_BLOB response = data_blob_null; 1293 struct auth_ntlmssp_state *ntlmssp_ctx; 1294 struct spnego_context *spnego_ctx; 1295 struct gse_context *gse_ctx; 935 struct gensec_security *gensec_security; 1296 936 NTSTATUS status; 1297 937 … … 1342 982 &auth_info, NULL, true); 1343 983 if (!NT_STATUS_IS_OK(status)) { 1344 DEBUG( 0, ("Failed to unmarshall dcerpc_auth.\n"));984 DEBUG(1, ("Failed to unmarshall dcerpc_auth.\n")); 1345 985 goto err; 1346 986 } … … 1352 992 1353 993 if (auth_info.auth_type != p->auth.auth_type) { 1354 DEBUG( 0, ("Auth type mismatch! Client sent %d, "994 DEBUG(1, ("Auth type mismatch! Client sent %d, " 1355 995 "but auth was started as type %d!\n", 1356 996 auth_info.auth_type, p->auth.auth_type)); … … 1373 1013 } 1374 1014 1375 switch (auth_info.auth_type) { 1376 case DCERPC_AUTH_TYPE_NTLMSSP: 1377 ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, 1378 struct auth_ntlmssp_state); 1379 status = ntlmssp_server_step(ntlmssp_ctx, 1380 pkt, &auth_info.credentials, 1381 &response); 1382 break; 1383 case DCERPC_AUTH_TYPE_KRB5: 1384 gse_ctx = talloc_get_type_abort(p->auth.auth_ctx, 1385 struct gse_context); 1386 status = gssapi_server_step(gse_ctx, 1387 pkt, &auth_info.credentials, 1388 &response); 1389 break; 1390 case DCERPC_AUTH_TYPE_SPNEGO: 1391 spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx, 1392 struct spnego_context); 1393 status = spnego_server_step(spnego_ctx, 1394 pkt, &auth_info.credentials, 1395 &response); 1396 break; 1397 default: 1398 DEBUG(0, (__location__ ": incorrect auth type (%u).\n", 1399 (unsigned int)auth_info.auth_type)); 1400 return false; 1401 } 1015 gensec_security = p->auth.auth_ctx; 1016 1017 status = auth_generic_server_step(gensec_security, 1018 pkt, &auth_info.credentials, 1019 &response); 1402 1020 1403 1021 if (NT_STATUS_EQUAL(status, 1404 1022 NT_STATUS_MORE_PROCESSING_REQUIRED) || 1405 1023 response.length) { 1406 DEBUG( 0, (__location__ ": This was supposed to be the final "1024 DEBUG(1, (__location__ ": This was supposed to be the final " 1407 1025 "leg, but crypto machinery claims a response is " 1408 1026 "needed, aborting auth!\n")); … … 1411 1029 } 1412 1030 if (!NT_STATUS_IS_OK(status)) { 1413 DEBUG( 0, ("Auth failed (%s)\n", nt_errstr(status)));1031 DEBUG(2, ("Auth failed (%s)\n", nt_errstr(status))); 1414 1032 goto err; 1415 1033 } … … 1418 1036 status = pipe_auth_verify_final(p); 1419 1037 if (!NT_STATUS_IS_OK(status)) { 1420 DEBUG( 0, ("Auth Verify failed (%s)\n", nt_errstr(status)));1038 DEBUG(2, ("Auth Verify failed (%s)\n", nt_errstr(status))); 1421 1039 goto err; 1422 1040 } … … 1442 1060 struct ncacn_packet *pkt) 1443 1061 { 1444 struct dcerpc_auth auth_info ;1445 uint16 assoc_gid;1062 struct dcerpc_auth auth_info = {0}; 1063 uint16_t assoc_gid; 1446 1064 NTSTATUS status; 1447 1065 union dcerpc_payload u; … … 1449 1067 DATA_BLOB auth_resp = data_blob_null; 1450 1068 DATA_BLOB auth_blob = data_blob_null; 1451 int pad_len = 0; 1452 struct auth_ntlmssp_state *ntlmssp_ctx; 1453 struct spnego_context *spnego_ctx; 1454 struct gse_context *gse_ctx; 1069 struct gensec_security *gensec_security; 1455 1070 1456 1071 DEBUG(5,("api_pipe_alter_context: make response. %d\n", __LINE__)); … … 1512 1127 1513 1128 alter_ack_ctx.result = 0; 1514 alter_ack_ctx.reason = 0;1129 alter_ack_ctx.reason.value = 0; 1515 1130 alter_ack_ctx.syntax = pkt->u.alter.ctx_list[0].transfer_syntaxes[0]; 1516 1131 } else { 1517 1132 /* Rejection reason: abstract syntax not supported */ 1518 1133 alter_ack_ctx.result = DCERPC_BIND_PROVIDER_REJECT; 1519 alter_ack_ctx.reason = DCERPC_BIND_REASON_ASYNTAX;1520 alter_ack_ctx.syntax = n ull_ndr_syntax_id;1134 alter_ack_ctx.reason.value = DCERPC_BIND_REASON_ASYNTAX; 1135 alter_ack_ctx.syntax = ndr_syntax_id_null; 1521 1136 } 1522 1137 … … 1562 1177 } 1563 1178 1564 switch (auth_info.auth_type) { 1565 case DCERPC_AUTH_TYPE_SPNEGO: 1566 spnego_ctx = talloc_get_type_abort(p->auth.auth_ctx, 1567 struct spnego_context); 1568 status = spnego_server_step(spnego_ctx, 1569 pkt, 1570 &auth_info.credentials, 1571 &auth_resp); 1572 break; 1573 1574 case DCERPC_AUTH_TYPE_KRB5: 1575 gse_ctx = talloc_get_type_abort(p->auth.auth_ctx, 1576 struct gse_context); 1577 status = gssapi_server_step(gse_ctx, 1578 pkt, 1579 &auth_info.credentials, 1580 &auth_resp); 1581 break; 1582 case DCERPC_AUTH_TYPE_NTLMSSP: 1583 ntlmssp_ctx = talloc_get_type_abort(p->auth.auth_ctx, 1584 struct auth_ntlmssp_state); 1585 status = ntlmssp_server_step(ntlmssp_ctx, 1586 pkt, 1587 &auth_info.credentials, 1588 &auth_resp); 1589 break; 1590 1591 default: 1592 DEBUG(3, (__location__ ": Usupported auth type (%d) " 1593 "in alter-context call\n", 1594 auth_info.auth_type)); 1595 goto err_exit; 1596 } 1597 1179 gensec_security = p->auth.auth_ctx; 1180 status = auth_generic_server_step(gensec_security, 1181 pkt, 1182 &auth_info.credentials, 1183 &auth_resp); 1598 1184 if (NT_STATUS_IS_OK(status)) { 1599 1185 /* third leg of auth, verify auth info */ … … 1653 1239 1654 1240 if (auth_resp.length) { 1655 1656 /* Work out any padding needed before the auth footer. */1657 pad_len = p->out_data.frag.length % SERVER_NDR_PADDING_SIZE;1658 if (pad_len) {1659 pad_len = SERVER_NDR_PADDING_SIZE - pad_len;1660 DEBUG(10, ("auth pad_len = %u\n",1661 (unsigned int)pad_len));1662 }1663 1664 1241 status = dcerpc_push_dcerpc_auth(pkt, 1665 auth_info.auth_type,1666 auth_info.auth_level,1667 pad_len,1242 p->auth.auth_type, 1243 p->auth.auth_level, 1244 0, /* pad_len */ 1668 1245 p->auth.auth_context_id, 1669 1246 &auth_resp, … … 1679 1256 dcerpc_set_frag_length(&p->out_data.frag, 1680 1257 p->out_data.frag.length + 1681 pad_len +auth_blob.length);1258 auth_blob.length); 1682 1259 1683 1260 if (auth_resp.length) { 1684 if (pad_len) {1685 char pad[SERVER_NDR_PADDING_SIZE];1686 memset(pad, '\0', SERVER_NDR_PADDING_SIZE);1687 if (!data_blob_append(p->mem_ctx,1688 &p->out_data.frag,1689 pad, pad_len)) {1690 DEBUG(0, ("api_pipe_bind_req: failed to add "1691 "%u bytes of pad data.\n",1692 (unsigned int)pad_len));1693 goto err_exit;1694 }1695 }1696 1697 1261 if (!data_blob_append(p->mem_ctx, &p->out_data.frag, 1698 1262 auth_blob.data, auth_blob.length)) { … … 1719 1283 } 1720 1284 1721 /****************************************************************************1722 Find the set of RPC functions associated with this context_id1723 ****************************************************************************/1724 1725 static PIPE_RPC_FNS* find_pipe_fns_by_context( PIPE_RPC_FNS *list, uint32 context_id )1726 {1727 PIPE_RPC_FNS *fns = NULL;1728 1729 if ( !list ) {1730 DEBUG(0,("find_pipe_fns_by_context: ERROR! No context list for pipe!\n"));1731 return NULL;1732 }1733 1734 for (fns=list; fns; fns=fns->next ) {1735 if ( fns->context_id == context_id )1736 return fns;1737 }1738 return NULL;1739 }1740 1741 1285 static bool api_rpcTNP(struct pipes_struct *p, struct ncacn_packet *pkt, 1742 1286 const struct api_struct *api_rpc_cmds, int n_cmds, … … 1749 1293 TALLOC_CTX *frame = talloc_stackframe(); 1750 1294 struct dcerpc_sec_verification_trailer *vt = NULL; 1751 const uint32_t bitmask1 = 0; 1295 const uint32_t bitmask1 = 1296 p->auth.client_hdr_signing ? DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING : 0; 1752 1297 const struct dcerpc_sec_vt_pcontext pcontext = { 1753 1298 .abstract_syntax = pipe_fns->syntax, 1754 .transfer_syntax = ndr_transfer_syntax ,1299 .transfer_syntax = ndr_transfer_syntax_ndr, 1755 1300 }; 1756 1301 const struct dcerpc_sec_vt_header2 header2 = … … 1788 1333 TALLOC_CTX *frame = talloc_stackframe(); 1789 1334 bool ret = False; 1790 PIPE_RPC_FNS*pipe_fns;1335 struct pipe_rpc_fns *pipe_fns; 1791 1336 const char *interface_name = NULL; 1792 1337 … … 1799 1344 1800 1345 /* get the set of RPC functions for this context */ 1801 1802 1346 pipe_fns = find_pipe_fns_by_context(p->contexts, 1803 1347 pkt->u.request.context_id); … … 1811 1355 } 1812 1356 1813 interface_name = get_pipe_name_from_syntax(talloc_tos(), 1814 &pipe_fns->syntax); 1815 1357 interface_name = ndr_interface_name(&pipe_fns->syntax.uuid, 1358 pipe_fns->syntax.if_version); 1816 1359 SMB_ASSERT(interface_name != NULL); 1817 1818 DEBUG(5, ("Requested \\PIPE\\%s\n",1819 interface_name));1820 1360 1821 1361 switch (p->auth.auth_level) { … … 1826 1366 default: 1827 1367 if (!pipe_fns->allow_connect) { 1368 char *addr; 1369 1370 addr = tsocket_address_string(p->remote_address, frame); 1371 1828 1372 DEBUG(1, ("%s: restrict auth_level_connect access " 1829 1373 "to [%s] with auth[type=0x%x,level=0x%x] " … … 1833 1377 p->auth.auth_level, 1834 1378 derpc_transport_string_by_transport(p->transport), 1835 p->client_id->name));1379 addr)); 1836 1380 1837 1381 setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_ACCESS_DENIED)); … … 1858 1402 } 1859 1403 1404 DEBUG(5, ("Requested %s rpc service\n", interface_name)); 1405 1860 1406 ret = api_rpcTNP(p, pkt, pipe_fns->cmds, pipe_fns->n_cmds, 1861 1407 &pipe_fns->syntax); … … 1876 1422 int fn_num; 1877 1423 uint32_t offset1; 1424 const struct ndr_interface_table *table; 1878 1425 1879 1426 /* interpret the command */ 1880 1427 DEBUG(4,("api_rpcTNP: %s op 0x%x - ", 1881 get_pipe_name_from_syntax(talloc_tos(), syntax),1428 ndr_interface_name(&syntax->uuid, syntax->if_version), 1882 1429 pkt->u.request.opnum)); 1430 1431 table = ndr_table_by_uuid(&syntax->uuid); 1432 if (table == NULL) { 1433 DEBUG(0,("unknown interface\n")); 1434 return false; 1435 } 1883 1436 1884 1437 if (DEBUGLEVEL >= 50) { 1885 1438 fstring name; 1886 1439 slprintf(name, sizeof(name)-1, "in_%s", 1887 get_pipe_name_from_syntax(talloc_tos(), syntax));1440 dcerpc_default_transport_endpoint(pkt, NCACN_NP, table)); 1888 1441 dump_pdu_region(name, pkt->u.request.opnum, 1889 1442 &p->in_data.data, 0, … … 1918 1471 if(!api_rpc_cmds[fn_num].fn(p)) { 1919 1472 DEBUG(0,("api_rpcTNP: %s: %s failed.\n", 1920 get_pipe_name_from_syntax(talloc_tos(), syntax),1473 ndr_interface_name(&syntax->uuid, syntax->if_version), 1921 1474 api_rpc_cmds[fn_num].name)); 1922 1475 data_blob_free(&p->out_data.rdata); … … 1934 1487 fstring name; 1935 1488 slprintf(name, sizeof(name)-1, "out_%s", 1936 get_pipe_name_from_syntax(talloc_tos(), syntax));1489 dcerpc_default_transport_endpoint(pkt, NCACN_NP, table)); 1937 1490 dump_pdu_region(name, pkt->u.request.opnum, 1938 1491 &p->out_data.rdata, offset1, … … 1941 1494 1942 1495 DEBUG(5,("api_rpcTNP: called %s successfully\n", 1943 get_pipe_name_from_syntax(talloc_tos(), syntax)));1496 ndr_interface_name(&syntax->uuid, syntax->if_version))); 1944 1497 1945 1498 /* Check for buffer underflow in rpc parsing */ … … 2025 1578 NTSTATUS status; 2026 1579 DATA_BLOB data; 1580 struct dcerpc_sec_vt_header2 hdr2; 2027 1581 2028 1582 if (!p->pipe_bound) { … … 2055 1609 } 2056 1610 1611 hdr2 = dcerpc_sec_vt_header2_from_ncacn_packet(pkt); 1612 if (pkt->pfc_flags & DCERPC_PFC_FLAG_FIRST) { 1613 p->header2 = hdr2; 1614 } else { 1615 if (!dcerpc_sec_vt_header2_equal(&hdr2, &p->header2)) { 1616 set_incoming_fault(p); 1617 return false; 1618 } 1619 } 1620 2057 1621 /* Store the opnum */ 2058 1622 p->opnum = pkt->u.request.opnum; … … 2100 1664 } 2101 1665 2102 if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) { 2103 bool ret = False; 2104 /* 2105 * Ok - we finally have a complete RPC stream. 2106 * Call the rpc command to process it. 2107 */ 2108 2109 /* 2110 * Process the complete data stream here. 2111 */ 2112 if (pipe_init_outgoing_data(p)) { 2113 ret = api_pipe_request(p, pkt); 2114 } 2115 2116 return ret; 2117 } 2118 2119 return True; 2120 } 2121 2122 /**************************************************************************** 2123 Processes a finished PDU stored in p->in_data.pdu. 2124 ****************************************************************************/ 2125 2126 void process_complete_pdu(struct pipes_struct *p) 2127 { 2128 struct ncacn_packet *pkt = NULL; 2129 NTSTATUS status; 2130 bool reply = False; 2131 2132 if(p->fault_state) { 2133 DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", 2134 get_pipe_name_from_syntax(talloc_tos(), &p->syntax))); 2135 goto done; 2136 } 2137 2138 pkt = talloc(p->mem_ctx, struct ncacn_packet); 2139 if (!pkt) { 2140 DEBUG(0, ("Out of memory!\n")); 2141 goto done; 2142 } 2143 2144 /* 2145 * Ensure we're using the corrent endianness for both the 2146 * RPC header flags and the raw data we will be reading from. 2147 */ 2148 if (dcerpc_get_endian_flag(&p->in_data.pdu) & DCERPC_DREP_LE) { 2149 p->endian = RPC_LITTLE_ENDIAN; 2150 } else { 2151 p->endian = RPC_BIG_ENDIAN; 2152 } 2153 DEBUG(10, ("PDU is in %s Endian format!\n", p->endian?"Big":"Little")); 2154 2155 status = dcerpc_pull_ncacn_packet(pkt, &p->in_data.pdu, 2156 pkt, p->endian); 2157 if (!NT_STATUS_IS_OK(status)) { 2158 DEBUG(0, ("Failed to unmarshal rpc packet: %s!\n", 2159 nt_errstr(status))); 2160 goto done; 2161 } 1666 if (!(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) { 1667 return true; 1668 } 1669 1670 /* 1671 * Ok - we finally have a complete RPC stream. 1672 * Call the rpc command to process it. 1673 */ 1674 1675 return api_pipe_request(p, pkt); 1676 } 1677 1678 void process_complete_pdu(struct pipes_struct *p, struct ncacn_packet *pkt) 1679 { 1680 bool reply = false; 2162 1681 2163 1682 /* Store the call_id */ 2164 1683 p->call_id = pkt->call_id; 2165 1684 2166 DEBUG(10, ("Processing packet type %d\n", (int)pkt->ptype)); 1685 DEBUG(10, ("Processing packet type %u\n", (unsigned int)pkt->ptype)); 1686 1687 if (!pipe_init_outgoing_data(p)) { 1688 goto done; 1689 } 2167 1690 2168 1691 switch (pkt->ptype) { … … 2172 1695 2173 1696 case DCERPC_PKT_PING: /* CL request - ignore... */ 2174 DEBUG(0, ("process_complete_pdu: Error. " 2175 "Connectionless packet type %d received on " 2176 "pipe %s.\n", (int)pkt->ptype, 2177 get_pipe_name_from_syntax(talloc_tos(), 2178 &p->syntax))); 1697 DEBUG(0, ("Error - Connectionless packet type %u received\n", 1698 (unsigned int)pkt->ptype)); 2179 1699 break; 2180 1700 2181 1701 case DCERPC_PKT_RESPONSE: /* No responses here. */ 2182 DEBUG(0, ("process_complete_pdu: Error. " 2183 "DCERPC_PKT_RESPONSE received from client " 2184 "on pipe %s.\n", 2185 get_pipe_name_from_syntax(talloc_tos(), 2186 &p->syntax))); 1702 DEBUG(0, ("Error - DCERPC_PKT_RESPONSE received from client")); 2187 1703 break; 2188 1704 … … 2197 1713 case DCERPC_PKT_FACK: 2198 1714 case DCERPC_PKT_CANCEL_ACK: 2199 DEBUG(0, ("process_complete_pdu: Error. " 2200 "Connectionless packet type %u received on " 2201 "pipe %s.\n", (unsigned int)pkt->ptype, 2202 get_pipe_name_from_syntax(talloc_tos(), 2203 &p->syntax))); 1715 DEBUG(0, ("Error - Connectionless packet type %u received\n", 1716 (unsigned int)pkt->ptype)); 2204 1717 break; 2205 1718 … … 2208 1721 * We assume that a pipe bind is only in one pdu. 2209 1722 */ 2210 if (pipe_init_outgoing_data(p)) { 2211 reply = api_pipe_bind_req(p, pkt); 2212 } 1723 reply = api_pipe_bind_req(p, pkt); 2213 1724 break; 2214 1725 2215 1726 case DCERPC_PKT_BIND_ACK: 2216 1727 case DCERPC_PKT_BIND_NAK: 2217 DEBUG(0, ("process_complete_pdu: Error. " 2218 "DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK " 2219 "packet type %u received on pipe %s.\n", 2220 (unsigned int)pkt->ptype, 2221 get_pipe_name_from_syntax(talloc_tos(), 2222 &p->syntax))); 1728 DEBUG(0, ("Error - DCERPC_PKT_BINDACK/DCERPC_PKT_BINDNACK " 1729 "packet type %u received.\n", 1730 (unsigned int)pkt->ptype)); 2223 1731 break; 2224 1732 … … 2228 1736 * We assume that a pipe bind is only in one pdu. 2229 1737 */ 2230 if (pipe_init_outgoing_data(p)) { 2231 reply = api_pipe_alter_context(p, pkt); 2232 } 1738 reply = api_pipe_alter_context(p, pkt); 2233 1739 break; 2234 1740 2235 1741 case DCERPC_PKT_ALTER_RESP: 2236 DEBUG(0, ("process_complete_pdu: Error. " 2237 "DCERPC_PKT_ALTER_RESP on pipe %s: " 2238 "Should only be server -> client.\n", 2239 get_pipe_name_from_syntax(talloc_tos(), 2240 &p->syntax))); 1742 DEBUG(0, ("Error - DCERPC_PKT_ALTER_RESP received: " 1743 "Should only be server -> client.\n")); 2241 1744 break; 2242 1745 … … 2245 1748 * The third packet in an auth exchange. 2246 1749 */ 2247 if (pipe_init_outgoing_data(p)) { 2248 reply = api_pipe_bind_auth3(p, pkt); 2249 } 1750 reply = api_pipe_bind_auth3(p, pkt); 2250 1751 break; 2251 1752 2252 1753 case DCERPC_PKT_SHUTDOWN: 2253 DEBUG(0, ("process_complete_pdu: Error. " 2254 "DCERPC_PKT_SHUTDOWN on pipe %s: " 2255 "Should only be server -> client.\n", 2256 get_pipe_name_from_syntax(talloc_tos(), 2257 &p->syntax))); 1754 DEBUG(0, ("Error - DCERPC_PKT_SHUTDOWN received: " 1755 "Should only be server -> client.\n")); 2258 1756 break; 2259 1757 … … 2300 1798 done: 2301 1799 if (!reply) { 2302 DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on " 2303 "pipe %s\n", get_pipe_name_from_syntax(talloc_tos(), 2304 &p->syntax))); 1800 DEBUG(3,("DCE/RPC fault sent!")); 2305 1801 set_incoming_fault(p); 2306 1802 setup_fault_pdu(p, NT_STATUS(DCERPC_NCA_S_PROTO_ERROR)); 2307 TALLOC_FREE(pkt); 2308 } else { 2309 /* 2310 * Reset the lengths. We're ready for a new pdu. 2311 */ 2312 TALLOC_FREE(p->in_data.pdu.data); 2313 p->in_data.pdu_needed_len = 0; 2314 p->in_data.pdu.length = 0; 2315 } 2316 2317 TALLOC_FREE(pkt); 2318 } 2319 1803 } 1804 /* pkt and p->in_data.pdu.data freed by caller */ 1805 } 1806 -
vendor/current/source3/rpc_server/srv_pipe_hnd.c
r740 r988 21 21 22 22 #include "includes.h" 23 #include "rpc_server.h"24 23 #include "fake_file.h" 25 24 #include "rpc_dce.h" … … 28 27 #include "rpc_server/srv_pipe_hnd.h" 29 28 #include "rpc_server/srv_pipe.h" 29 #include "rpc_server/rpc_server.h" 30 #include "rpc_server/rpc_config.h" 30 31 #include "../lib/tsocket/tsocket.h" 31 32 #include "../lib/util/tevent_ntstatus.h" 33 #include "librpc/ndr/ndr_table.h" 32 34 33 35 #undef DBGC_CLASS 34 36 #define DBGC_CLASS DBGC_RPC_SRV 35 37 36 /****************************************************************************37 Ensures we have at least RPC_HEADER_LEN amount of data in the incoming buffer.38 ****************************************************************************/39 40 static ssize_t fill_rpc_header(struct pipes_struct *p, char *data, size_t data_to_copy)41 {42 size_t len_needed_to_complete_hdr =43 MIN(data_to_copy, RPC_HEADER_LEN - p->in_data.pdu.length);44 45 DEBUG(10, ("fill_rpc_header: data_to_copy = %u, "46 "len_needed_to_complete_hdr = %u, "47 "receive_len = %u\n",48 (unsigned int)data_to_copy,49 (unsigned int)len_needed_to_complete_hdr,50 (unsigned int)p->in_data.pdu.length ));51 52 if (p->in_data.pdu.data == NULL) {53 p->in_data.pdu.data = talloc_array(p, uint8_t, RPC_HEADER_LEN);54 }55 if (p->in_data.pdu.data == NULL) {56 DEBUG(0, ("talloc failed\n"));57 return -1;58 }59 60 memcpy((char *)&p->in_data.pdu.data[p->in_data.pdu.length],61 data, len_needed_to_complete_hdr);62 p->in_data.pdu.length += len_needed_to_complete_hdr;63 64 return (ssize_t)len_needed_to_complete_hdr;65 }66 67 static bool get_pdu_size(struct pipes_struct *p)68 {69 uint16_t frag_len;70 /* the fill_rpc_header() call insures we copy only71 * RPC_HEADER_LEN bytes. If this doesn't match then72 * somethign is very wrong and we can only abort */73 if (p->in_data.pdu.length != RPC_HEADER_LEN) {74 DEBUG(0, ("Unexpected RPC Header size! "75 "got %d, expected %d)\n",76 (int)p->in_data.pdu.length,77 RPC_HEADER_LEN));78 set_incoming_fault(p);79 return false;80 }81 82 frag_len = dcerpc_get_frag_length(&p->in_data.pdu);83 84 /* verify it is a reasonable value */85 if ((frag_len < RPC_HEADER_LEN) ||86 (frag_len > RPC_MAX_PDU_FRAG_LEN)) {87 DEBUG(0, ("Unexpected RPC Fragment size! (%d)\n",88 frag_len));89 set_incoming_fault(p);90 return false;91 }92 93 p->in_data.pdu_needed_len = frag_len - RPC_HEADER_LEN;94 95 /* allocate the space needed to fill the pdu */96 p->in_data.pdu.data = talloc_realloc(p, p->in_data.pdu.data,97 uint8_t, frag_len);98 if (p->in_data.pdu.data == NULL) {99 DEBUG(0, ("talloc_realloc failed\n"));100 set_incoming_fault(p);101 return false;102 }103 104 return true;105 }106 107 /****************************************************************************108 Call this to free any talloc'ed memory. Do this after processing109 a complete incoming and outgoing request (multiple incoming/outgoing110 PDU's).111 ****************************************************************************/112 113 static void free_pipe_context(struct pipes_struct *p)114 {115 data_blob_free(&p->out_data.frag);116 data_blob_free(&p->out_data.rdata);117 data_blob_free(&p->in_data.data);118 119 DEBUG(3, ("free_pipe_context: "120 "destroying talloc pool of size %lu\n",121 (unsigned long)talloc_total_size(p->mem_ctx)));122 talloc_free_children(p->mem_ctx);123 }124 125 /****************************************************************************126 Accepts incoming data on an rpc pipe. Processes the data in pdu sized units.127 ****************************************************************************/128 129 ssize_t process_incoming_data(struct pipes_struct *p, char *data, size_t n)130 {131 size_t data_to_copy = MIN(n, RPC_MAX_PDU_FRAG_LEN132 - p->in_data.pdu.length);133 134 DEBUG(10, ("process_incoming_data: Start: pdu.length = %u, "135 "pdu_needed_len = %u, incoming data = %u\n",136 (unsigned int)p->in_data.pdu.length,137 (unsigned int)p->in_data.pdu_needed_len,138 (unsigned int)n ));139 140 if(data_to_copy == 0) {141 /*142 * This is an error - data is being received and there is no143 * space in the PDU. Free the received data and go into the144 * fault state.145 */146 DEBUG(0, ("process_incoming_data: "147 "No space in incoming pdu buffer. "148 "Current size = %u incoming data size = %u\n",149 (unsigned int)p->in_data.pdu.length,150 (unsigned int)n));151 set_incoming_fault(p);152 return -1;153 }154 155 /*156 * If we have no data already, wait until we get at least157 * a RPC_HEADER_LEN * number of bytes before we can do anything.158 */159 160 if ((p->in_data.pdu_needed_len == 0) &&161 (p->in_data.pdu.length < RPC_HEADER_LEN)) {162 /*163 * Always return here. If we have more data then the RPC_HEADER164 * will be processed the next time around the loop.165 */166 return fill_rpc_header(p, data, data_to_copy);167 }168 169 /*170 * At this point we know we have at least an RPC_HEADER_LEN amount of171 * data stored in p->in_data.pdu.172 */173 174 /*175 * If pdu_needed_len is zero this is a new pdu.176 * Check how much more data we need, then loop again.177 */178 if (p->in_data.pdu_needed_len == 0) {179 180 bool ok = get_pdu_size(p);181 if (!ok) {182 return -1;183 }184 if (p->in_data.pdu_needed_len > 0) {185 return 0;186 }187 188 /* If rret == 0 and pdu_needed_len == 0 here we have a PDU189 * that consists of an RPC_HEADER only. This is a190 * DCERPC_PKT_SHUTDOWN, DCERPC_PKT_CO_CANCEL or191 * DCERPC_PKT_ORPHANED pdu type.192 * Deal with this in process_complete_pdu(). */193 }194 195 /*196 * Ok - at this point we have a valid RPC_HEADER.197 * Keep reading until we have a full pdu.198 */199 200 data_to_copy = MIN(data_to_copy, p->in_data.pdu_needed_len);201 202 /*203 * Copy as much of the data as we need into the p->in_data.pdu buffer.204 * pdu_needed_len becomes zero when we have a complete pdu.205 */206 207 memcpy((char *)&p->in_data.pdu.data[p->in_data.pdu.length],208 data, data_to_copy);209 p->in_data.pdu.length += data_to_copy;210 p->in_data.pdu_needed_len -= data_to_copy;211 212 /*213 * Do we have a complete PDU ?214 * (return the number of bytes handled in the call)215 */216 217 if(p->in_data.pdu_needed_len == 0) {218 process_complete_pdu(p);219 return data_to_copy;220 }221 222 DEBUG(10, ("process_incoming_data: not a complete PDU yet. "223 "pdu.length = %u, pdu_needed_len = %u\n",224 (unsigned int)p->in_data.pdu.length,225 (unsigned int)p->in_data.pdu_needed_len));226 227 return (ssize_t)data_to_copy;228 }229 230 /****************************************************************************231 Accepts incoming data on an internal rpc pipe.232 ****************************************************************************/233 234 static ssize_t write_to_internal_pipe(struct pipes_struct *p, char *data, size_t n)235 {236 size_t data_left = n;237 238 while(data_left) {239 ssize_t data_used;240 241 DEBUG(10, ("write_to_pipe: data_left = %u\n",242 (unsigned int)data_left));243 244 data_used = process_incoming_data(p, data, data_left);245 246 DEBUG(10, ("write_to_pipe: data_used = %d\n",247 (int)data_used));248 249 if(data_used < 0) {250 return -1;251 }252 253 data_left -= data_used;254 data += data_used;255 }256 257 return n;258 }259 260 /****************************************************************************261 Replies to a request to read data from a pipe.262 263 Headers are interspersed with the data at PDU intervals. By the time264 this function is called, the start of the data could possibly have been265 read by an SMBtrans (file_offset != 0).266 267 Calling create_rpc_reply() here is a hack. The data should already268 have been prepared into arrays of headers + data stream sections.269 ****************************************************************************/270 271 static ssize_t read_from_internal_pipe(struct pipes_struct *p, char *data,272 size_t n, bool *is_data_outstanding)273 {274 uint32 pdu_remaining = 0;275 ssize_t data_returned = 0;276 277 if (!p) {278 DEBUG(0,("read_from_pipe: pipe not open\n"));279 return -1;280 }281 282 DEBUG(6,(" name: %s len: %u\n",283 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),284 (unsigned int)n));285 286 /*287 * We cannot return more than one PDU length per288 * read request.289 */290 291 /*292 * This condition should result in the connection being closed.293 * Netapp filers seem to set it to 0xffff which results in domain294 * authentications failing. Just ignore it so things work.295 */296 297 if(n > RPC_MAX_PDU_FRAG_LEN) {298 DEBUG(5,("read_from_pipe: too large read (%u) requested on "299 "pipe %s. We can only service %d sized reads.\n",300 (unsigned int)n,301 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),302 RPC_MAX_PDU_FRAG_LEN ));303 n = RPC_MAX_PDU_FRAG_LEN;304 }305 306 /*307 * Determine if there is still data to send in the308 * pipe PDU buffer. Always send this first. Never309 * send more than is left in the current PDU. The310 * client should send a new read request for a new311 * PDU.312 */313 314 pdu_remaining = p->out_data.frag.length315 - p->out_data.current_pdu_sent;316 317 if (pdu_remaining > 0) {318 data_returned = (ssize_t)MIN(n, pdu_remaining);319 320 DEBUG(10,("read_from_pipe: %s: current_pdu_len = %u, "321 "current_pdu_sent = %u returning %d bytes.\n",322 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),323 (unsigned int)p->out_data.frag.length,324 (unsigned int)p->out_data.current_pdu_sent,325 (int)data_returned));326 327 memcpy(data,328 p->out_data.frag.data329 + p->out_data.current_pdu_sent,330 data_returned);331 332 p->out_data.current_pdu_sent += (uint32)data_returned;333 goto out;334 }335 336 /*337 * At this point p->current_pdu_len == p->current_pdu_sent (which338 * may of course be zero if this is the first return fragment.339 */340 341 DEBUG(10,("read_from_pipe: %s: fault_state = %d : data_sent_length "342 "= %u, p->out_data.rdata.length = %u.\n",343 get_pipe_name_from_syntax(talloc_tos(), &p->syntax),344 (int)p->fault_state,345 (unsigned int)p->out_data.data_sent_length,346 (unsigned int)p->out_data.rdata.length));347 348 if (p->out_data.data_sent_length >= p->out_data.rdata.length) {349 /*350 * We have sent all possible data, return 0.351 */352 data_returned = 0;353 goto out;354 }355 356 /*357 * We need to create a new PDU from the data left in p->rdata.358 * Create the header/data/footers. This also sets up the fields359 * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length360 * and stores the outgoing PDU in p->current_pdu.361 */362 363 if(!create_next_pdu(p)) {364 DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n",365 get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));366 return -1;367 }368 369 data_returned = MIN(n, p->out_data.frag.length);370 371 memcpy(data, p->out_data.frag.data, (size_t)data_returned);372 p->out_data.current_pdu_sent += (uint32)data_returned;373 374 out:375 (*is_data_outstanding) = p->out_data.frag.length > n;376 377 if (p->out_data.current_pdu_sent == p->out_data.frag.length) {378 /* We've returned everything in the out_data.frag379 * so we're done with this pdu. Free it and reset380 * current_pdu_sent. */381 p->out_data.current_pdu_sent = 0;382 data_blob_free(&p->out_data.frag);383 384 if (p->out_data.data_sent_length >= p->out_data.rdata.length) {385 /*386 * We're completely finished with both outgoing and387 * incoming data streams. It's safe to free all388 * temporary data from this request.389 */390 free_pipe_context(p);391 }392 }393 394 return data_returned;395 }396 397 38 bool fsp_is_np(struct files_struct *fsp) 398 39 { … … 405 46 type = fsp->fake_file_handle->type; 406 47 407 return ((type == FAKE_FILE_TYPE_NAMED_PIPE) 408 || (type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY)); 48 return (type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY); 409 49 } 410 50 … … 412 52 const struct tsocket_address *local_address, 413 53 const struct tsocket_address *remote_address, 414 struct client_address *client_id,415 struct auth_serversupplied_info *session_info,54 struct auth_session_info *session_info, 55 struct tevent_context *ev_ctx, 416 56 struct messaging_context *msg_ctx, 417 57 struct fake_file_handle **phandle) 418 58 { 419 const char *rpcsrv_type;59 enum rpc_service_mode_e pipe_mode; 420 60 const char **proxy_list; 421 61 struct fake_file_handle *handle; 422 bool external = false; 62 struct ndr_syntax_id syntax; 63 struct npa_state *npa = NULL; 64 NTSTATUS status; 65 bool ok; 423 66 424 67 proxy_list = lp_parm_string_list(-1, "np", "proxy", NULL); … … 431 74 /* Check what is the server type for this pipe. 432 75 Defaults to "embedded" */ 433 rpcsrv_type = lp_parm_const_string(GLOBAL_SECTION_SNUM, 434 "rpc_server", name, 435 "embedded"); 436 if (StrCaseCmp(rpcsrv_type, "embedded") != 0) { 437 external = true; 438 } 76 pipe_mode = rpc_service_mode(name); 439 77 440 78 /* Still support the old method for defining external servers */ 441 79 if ((proxy_list != NULL) && str_list_check_ci(proxy_list, name)) { 442 external = true; 443 } 444 445 if (external) { 446 struct np_proxy_state *p; 447 448 p = make_external_rpc_pipe_p(handle, name, 449 local_address, 450 remote_address, 451 session_info); 452 80 pipe_mode = RPC_SERVICE_MODE_EXTERNAL; 81 } 82 83 switch (pipe_mode) { 84 case RPC_SERVICE_MODE_EXTERNAL: 85 status = make_external_rpc_pipe(handle, 86 name, 87 local_address, 88 remote_address, 89 session_info, 90 &npa); 91 if (!NT_STATUS_IS_OK(status)) { 92 talloc_free(handle); 93 return status; 94 } 95 96 handle->private_data = (void *)npa; 453 97 handle->type = FAKE_FILE_TYPE_NAMED_PIPE_PROXY; 454 handle->private_data = p; 455 } else { 456 struct pipes_struct *p; 457 struct ndr_syntax_id syntax; 458 459 if (!is_known_pipename(name, &syntax)) { 460 TALLOC_FREE(handle); 98 99 break; 100 case RPC_SERVICE_MODE_EMBEDDED: 101 /* Check if we handle this pipe internally */ 102 ok = is_known_pipename(name, &syntax); 103 if (!ok) { 104 DEBUG(2, ("'%s' is not a registered pipe!\n", name)); 105 talloc_free(handle); 461 106 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 462 107 } 463 108 464 p = make_internal_rpc_pipe_p(handle, &syntax, client_id, 465 session_info, msg_ctx); 466 467 handle->type = FAKE_FILE_TYPE_NAMED_PIPE; 468 handle->private_data = p; 469 } 470 471 if (handle->private_data == NULL) { 472 TALLOC_FREE(handle); 473 return NT_STATUS_PIPE_NOT_AVAILABLE; 109 status = make_internal_rpc_pipe_socketpair(handle, 110 ev_ctx, 111 msg_ctx, 112 name, 113 &syntax, 114 remote_address, 115 session_info, 116 &npa); 117 if (!NT_STATUS_IS_OK(status)) { 118 talloc_free(handle); 119 return status; 120 } 121 122 handle->private_data = (void *)npa; 123 handle->type = FAKE_FILE_TYPE_NAMED_PIPE_PROXY; 124 125 break; 126 case RPC_SERVICE_MODE_DISABLED: 127 talloc_free(handle); 128 return NT_STATUS_OBJECT_NAME_NOT_FOUND; 474 129 } 475 130 … … 481 136 bool np_read_in_progress(struct fake_file_handle *handle) 482 137 { 483 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) {484 return false;485 }486 487 138 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) { 488 struct np_proxy_state *p = talloc_get_type_abort( 489 handle->private_data, struct np_proxy_state); 139 struct npa_state *p = 140 talloc_get_type_abort(handle->private_data, 141 struct npa_state); 490 142 size_t read_count; 491 143 … … 502 154 503 155 struct np_write_state { 504 struct event_context *ev;505 struct np _proxy_state *p;156 struct tevent_context *ev; 157 struct npa_state *p; 506 158 struct iovec iov; 507 159 ssize_t nwritten; … … 510 162 static void np_write_done(struct tevent_req *subreq); 511 163 512 struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev,164 struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, 513 165 struct fake_file_handle *handle, 514 166 const uint8_t *data, size_t len) … … 532 184 } 533 185 534 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) {535 struct pipes_struct *p = talloc_get_type_abort(536 handle->private_data, struct pipes_struct);537 538 state->nwritten = write_to_internal_pipe(p, (char *)data, len);539 540 status = (state->nwritten >= 0)541 ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;542 goto post_status;543 }544 545 186 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) { 546 struct np _proxy_state *p = talloc_get_type_abort(547 handle->private_data, struct np _proxy_state);187 struct npa_state *p = talloc_get_type_abort( 188 handle->private_data, struct npa_state); 548 189 struct tevent_req *subreq; 549 190 550 191 state->ev = ev; 551 192 state->p = p; 552 state->iov.iov_base = CONST_DISCARD(void *, data);193 state->iov.iov_base = discard_const_p(void, data); 553 194 state->iov.iov_len = len; 554 195 555 196 subreq = tstream_writev_queue_send(state, ev, 556 p-> npipe,197 p->stream, 557 198 p->write_queue, 558 199 &state->iov, 1); … … 685 326 686 327 struct np_read_state { 687 struct np _proxy_state *p;328 struct npa_state *p; 688 329 struct np_ipc_readv_next_vector_state next_vector; 689 330 690 s ize_t nread;331 ssize_t nread; 691 332 bool is_data_outstanding; 692 333 }; … … 694 335 static void np_read_done(struct tevent_req *subreq); 695 336 696 struct tevent_req *np_read_send(TALLOC_CTX *mem_ctx, struct event_context *ev,337 struct tevent_req *np_read_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, 697 338 struct fake_file_handle *handle, 698 339 uint8_t *data, size_t len) … … 707 348 } 708 349 709 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE) {710 struct pipes_struct *p = talloc_get_type_abort(711 handle->private_data, struct pipes_struct);712 713 state->nread = read_from_internal_pipe(714 p, (char *)data, len, &state->is_data_outstanding);715 716 status = (state->nread >= 0)717 ? NT_STATUS_OK : NT_STATUS_UNEXPECTED_IO_ERROR;718 goto post_status;719 }720 721 350 if (handle->type == FAKE_FILE_TYPE_NAMED_PIPE_PROXY) { 722 struct np _proxy_state *p = talloc_get_type_abort(723 handle->private_data, struct np _proxy_state);351 struct npa_state *p = talloc_get_type_abort( 352 handle->private_data, struct npa_state); 724 353 struct tevent_req *subreq; 725 354 … … 729 358 subreq = tstream_readv_pdu_queue_send(state, 730 359 ev, 731 p-> npipe,360 p->stream, 732 361 p->read_queue, 733 362 np_ipc_readv_next_vector, -
vendor/current/source3/rpc_server/srv_pipe_hnd.h
r740 r988 32 32 const struct tsocket_address *local_address, 33 33 const struct tsocket_address *remote_address, 34 struct client_address *client_id,35 struct auth_serversupplied_info *session_info,34 struct auth_session_info *session_info, 35 struct tevent_context *ev_ctx, 36 36 struct messaging_context *msg_ctx, 37 37 struct fake_file_handle **phandle); 38 38 bool np_read_in_progress(struct fake_file_handle *handle); 39 struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct event_context *ev,39 struct tevent_req *np_write_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, 40 40 struct fake_file_handle *handle, 41 41 const uint8_t *data, size_t len); 42 42 NTSTATUS np_write_recv(struct tevent_req *req, ssize_t *pnwritten); 43 struct tevent_req *np_read_send(TALLOC_CTX *mem_ctx, struct event_context *ev,43 struct tevent_req *np_read_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, 44 44 struct fake_file_handle *handle, 45 45 uint8_t *data, size_t len); … … 47 47 bool *is_data_outstanding); 48 48 49 ssize_t process_incoming_data(struct pipes_struct *p, char *data, size_t n);50 51 49 #endif /* _RPC_SERVER_SRV_PIPE_HND_H_ */ -
vendor/current/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
r919 r988 30 30 #include "../libcli/security/security.h" 31 31 #include "../librpc/gen_ndr/ndr_security.h" 32 #include "dbwrap.h" 32 #include "../librpc/gen_ndr/open_files.h" 33 #include "dbwrap/dbwrap.h" 33 34 #include "session.h" 34 35 #include "../lib/util/util_pw.h" 35 36 #include "smbd/smbd.h" 37 #include "smbd/globals.h" 36 38 #include "auth.h" 37 39 #include "messages.h" 40 #include "lib/conn_tdb.h" 38 41 39 42 extern const struct generic_mapping file_generic_mapping; … … 52 55 }; 53 56 54 struct sess_file_count { 55 struct server_id pid; 56 uid_t uid; 57 struct sess_file_info { 58 struct srvsvc_NetSessCtr1 *ctr; 59 struct sessionid *session_list; 60 uint32_t resume_handle; 61 uint32_t num_entries; 62 }; 63 64 struct share_file_stat { 65 struct srvsvc_NetConnInfo1 *netconn_arr; 66 struct server_id *svrid_arr; 67 const char *in_sharepath; 68 uint32_t resp_entries; 69 uint32_t total_entries; 70 }; 71 72 struct share_conn_stat { 73 TALLOC_CTX *ctx; 74 const char *sharename; 75 struct server_id *svrid_arr; 57 76 int count; 58 77 }; 59 78 60 /* Used to store pipe open records for NetFileEnum() */61 62 struct pipe_open_rec {63 struct server_id pid;64 uid_t uid;65 int pnum;66 fstring name;67 };68 69 /****************************************************************************70 Count the entries belonging to a service in the connection db.71 ****************************************************************************/72 73 static int pipe_enum_fn( struct db_record *rec, void *p)74 {75 struct pipe_open_rec prec;76 struct file_enum_count *fenum = (struct file_enum_count *)p;77 struct srvsvc_NetFileInfo3 *f;78 int i = fenum->ctr3->count;79 char *fullpath = NULL;80 const char *username;81 82 if (rec->value.dsize != sizeof(struct pipe_open_rec))83 return 0;84 85 memcpy(&prec, rec->value.dptr, sizeof(struct pipe_open_rec));86 87 if ( !process_exists(prec.pid) ) {88 return 0;89 }90 91 username = uidtoname(prec.uid);92 93 if ((fenum->username != NULL)94 && !strequal(username, fenum->username)) {95 return 0;96 }97 98 fullpath = talloc_asprintf(fenum->ctx, "\\PIPE\\%s", prec.name );99 if (!fullpath) {100 return 1;101 }102 103 f = TALLOC_REALLOC_ARRAY(fenum->ctx, fenum->ctr3->array,104 struct srvsvc_NetFileInfo3, i+1);105 if ( !f ) {106 DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1));107 return 1;108 }109 fenum->ctr3->array = f;110 111 fenum->ctr3->array[i].fid =112 (((uint32_t)(procid_to_pid(&prec.pid))<<16) | prec.pnum);113 fenum->ctr3->array[i].permissions =114 (FILE_READ_DATA|FILE_WRITE_DATA);115 fenum->ctr3->array[i].num_locks = 0;116 fenum->ctr3->array[i].path = fullpath;117 fenum->ctr3->array[i].user = username;118 119 fenum->ctr3->count++;120 121 return 0;122 }123 124 79 /******************************************************************* 125 80 ********************************************************************/ 126 81 127 static WERROR net_enum_pipes(TALLOC_CTX *ctx, 128 const char *username, 129 struct srvsvc_NetFileCtr3 **ctr3, 130 uint32_t resume ) 131 { 132 struct file_enum_count fenum; 133 134 fenum.ctx = ctx; 135 fenum.username = username; 136 fenum.ctr3 = *ctr3; 137 138 if (connections_traverse(pipe_enum_fn, &fenum) == -1) { 139 DEBUG(0,("net_enum_pipes: traverse of connections.tdb " 140 "failed\n")); 141 return WERR_NOMEM; 142 } 143 144 *ctr3 = fenum.ctr3; 145 146 return WERR_OK; 147 } 148 149 /******************************************************************* 150 ********************************************************************/ 151 152 static void enum_file_fn( const struct share_mode_entry *e, 153 const char *sharepath, const char *fname, 154 void *private_data ) 82 static int enum_file_fn(const struct share_mode_entry *e, 83 const char *sharepath, 84 const char *fname, 85 const char *sname, 86 void *private_data) 155 87 { 156 88 struct file_enum_count *fenum = … … 163 95 int num_locks = 0; 164 96 char *fullpath = NULL; 165 uint32 permissions;97 uint32_t permissions; 166 98 const char *username; 167 99 … … 169 101 170 102 if ( !process_exists(e->pid) ) { 171 return ;103 return 0; 172 104 } 173 105 … … 176 108 if ((fenum->username != NULL) 177 109 && !strequal(username, fenum->username)) { 178 return ;179 } 180 181 f = TALLOC_REALLOC_ARRAY(fenum->ctx, fenum->ctr3->array,110 return 0; 111 } 112 113 f = talloc_realloc(fenum->ctx, fenum->ctr3->array, 182 114 struct srvsvc_NetFileInfo3, i+1); 183 115 if ( !f ) { 184 116 DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1)); 185 return ;117 return 0; 186 118 } 187 119 fenum->ctr3->array = f; … … 193 125 194 126 if ( (brl = brl_get_locks(talloc_tos(), &fsp)) != NULL ) { 195 num_locks = brl ->num_locks;127 num_locks = brl_num_locks(brl); 196 128 TALLOC_FREE(brl); 197 129 } … … 200 132 fullpath = talloc_asprintf(fenum->ctx, "C:%s", sharepath ); 201 133 } else { 202 fullpath = talloc_asprintf(fenum->ctx, "C:%s/%s", 203 sharepath, fname ); 134 fullpath = talloc_asprintf(fenum->ctx, "C:%s/%s%s", 135 sharepath, fname, 136 sname ? sname : ""); 204 137 } 205 138 if (!fullpath) { 206 return ;139 return 0; 207 140 } 208 141 string_replace( fullpath, '/', '\\' ); … … 221 154 222 155 fenum->ctr3->count++; 156 157 return 0; 223 158 } 224 159 … … 237 172 f_enum_cnt.ctr3 = *ctr3; 238 173 239 share_ mode_forall( enum_file_fn, (void *)&f_enum_cnt );174 share_entry_forall( enum_file_fn, (void *)&f_enum_cnt ); 240 175 241 176 *ctr3 = f_enum_cnt.ctr3; … … 247 182 Utility function to get the 'type' of a share from an snum. 248 183 ********************************************************************/ 249 static uint32get_share_type(int snum)184 static enum srvsvc_ShareType get_share_type(int snum) 250 185 { 251 186 /* work out the share type */ 252 uint32 type = STYPE_DISKTREE; 253 254 if (lp_print_ok(snum)) 255 type = STYPE_PRINTQ; 256 if (strequal(lp_fstype(snum), "IPC")) 257 type = STYPE_IPC; 258 if (lp_administrative_share(snum)) 259 type |= STYPE_HIDDEN; 260 187 enum srvsvc_ShareType type = STYPE_DISKTREE; 188 189 if (lp_printable(snum)) { 190 type = lp_administrative_share(snum) 191 ? STYPE_PRINTQ_HIDDEN : STYPE_PRINTQ; 192 } 193 if (strequal(lp_fstype(snum), "IPC")) { 194 type = lp_administrative_share(snum) 195 ? STYPE_IPC_HIDDEN : STYPE_IPC; 196 } 261 197 return type; 262 198 } … … 269 205 struct srvsvc_NetShareInfo0 *r, int snum) 270 206 { 271 r->name = lp_servicename( snum);207 r->name = lp_servicename(talloc_tos(), snum); 272 208 } 273 209 … … 280 216 int snum) 281 217 { 282 char *net_name = lp_servicename( snum);283 char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));218 char *net_name = lp_servicename(talloc_tos(), snum); 219 char *remark = lp_comment(p->mem_ctx, snum); 284 220 285 221 if (remark) { 286 222 remark = talloc_sub_advanced( 287 p->mem_ctx, lp_servicename( snum),288 get_current_username(), lp_path name(snum),289 p->session_info->u tok.uid, get_current_username(),223 p->mem_ctx, lp_servicename(talloc_tos(), snum), 224 get_current_username(), lp_path(talloc_tos(), snum), 225 p->session_info->unix_token->uid, get_current_username(), 290 226 "", remark); 291 227 } … … 308 244 int max_connections = lp_max_connections(snum); 309 245 uint32_t max_uses = max_connections!=0 ? max_connections : (uint32_t)-1; 310 char *net_name = lp_servicename( snum);311 312 remark = talloc_strdup(p->mem_ctx, lp_comment(snum));246 char *net_name = lp_servicename(talloc_tos(), snum); 247 248 remark = lp_comment(p->mem_ctx, snum); 313 249 if (remark) { 314 250 remark = talloc_sub_advanced( 315 p->mem_ctx, lp_servicename( snum),316 get_current_username(), lp_path name(snum),317 p->session_info->u tok.uid, get_current_username(),251 p->mem_ctx, lp_servicename(talloc_tos(), snum), 252 get_current_username(), lp_path(talloc_tos(), snum), 253 p->session_info->unix_token->uid, get_current_username(), 318 254 "", remark); 319 255 } 320 256 path = talloc_asprintf(p->mem_ctx, 321 "C:%s", lp_path name(snum));257 "C:%s", lp_path(talloc_tos(), snum)); 322 258 323 259 if (path) { … … 336 272 r->permissions = 0; 337 273 r->max_users = max_uses; 338 r->current_users = count_current_connections(net_name, false);274 r->current_users = 0; /* computed later */ 339 275 r->path = path ? path : ""; 340 276 r->password = ""; … … 359 295 for (i = 0; i < ps_dacl->num_aces; i++) { 360 296 struct security_ace *psa = &ps_dacl->aces[i]; 361 uint32 orig_mask = psa->access_mask;297 uint32_t orig_mask = psa->access_mask; 362 298 363 299 se_map_generic(&psa->access_mask, &file_generic_mapping); … … 373 309 struct srvsvc_NetShareInfo501 *r, int snum) 374 310 { 375 const char *net_name = lp_servicename( snum);376 char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));311 const char *net_name = lp_servicename(talloc_tos(), snum); 312 char *remark = lp_comment(p->mem_ctx, snum); 377 313 378 314 if (remark) { 379 315 remark = talloc_sub_advanced( 380 p->mem_ctx, lp_servicename( snum),381 get_current_username(), lp_path name(snum),382 p->session_info->u tok.uid, get_current_username(),316 p->mem_ctx, lp_servicename(talloc_tos(), snum), 317 get_current_username(), lp_path(talloc_tos(), snum), 318 p->session_info->unix_token->uid, get_current_username(), 383 319 "", remark); 384 320 } … … 387 323 r->type = get_share_type(snum); 388 324 r->comment = remark ? remark : ""; 389 r->csc_policy = (lp_csc_policy(snum) << 4); 325 326 /* 327 * According to [MS-SRVS] 2.2.4.25, the flags field is the same as in 328 * level 1005. 329 */ 330 r->csc_policy = (lp_csc_policy(snum) << SHARE_1005_CSC_POLICY_SHIFT); 390 331 } 391 332 … … 397 338 struct srvsvc_NetShareInfo502 *r, int snum) 398 339 { 399 const char *net_name = lp_servicename( snum);340 const char *net_name = lp_servicename(talloc_tos(), snum); 400 341 char *path = NULL; 401 342 struct security_descriptor *sd = NULL; … … 403 344 size_t sd_size = 0; 404 345 TALLOC_CTX *ctx = p->mem_ctx; 405 char *remark = talloc_strdup(ctx, lp_comment(snum));346 char *remark = lp_comment(ctx, snum); 406 347 407 348 if (remark) { 408 349 remark = talloc_sub_advanced( 409 p->mem_ctx, lp_servicename( snum),410 get_current_username(), lp_path name(snum),411 p->session_info->u tok.uid, get_current_username(),350 p->mem_ctx, lp_servicename(talloc_tos(), snum), 351 get_current_username(), lp_path(talloc_tos(), snum), 352 p->session_info->unix_token->uid, get_current_username(), 412 353 "", remark); 413 354 } 414 path = talloc_asprintf(ctx, "C:%s", lp_path name(snum));355 path = talloc_asprintf(ctx, "C:%s", lp_path(talloc_tos(), snum)); 415 356 if (path) { 416 357 /* … … 421 362 } 422 363 423 sd = get_share_security(ctx, lp_servicename( snum), &sd_size);364 sd = get_share_security(ctx, lp_servicename(talloc_tos(), snum), &sd_size); 424 365 425 366 sd_buf = make_sec_desc_buf(p->mem_ctx, sd_size, sd); … … 444 385 int snum) 445 386 { 446 char *remark = talloc_strdup(p->mem_ctx, lp_comment(snum));387 char *remark = lp_comment(p->mem_ctx, snum); 447 388 448 389 if (remark) { 449 390 remark = talloc_sub_advanced( 450 p->mem_ctx, lp_servicename( snum),451 get_current_username(), lp_path name(snum),452 p->session_info->u tok.uid, get_current_username(),391 p->mem_ctx, lp_servicename(talloc_tos(), snum), 392 get_current_username(), lp_path(talloc_tos(), snum), 393 p->session_info->unix_token->uid, get_current_username(), 453 394 "", remark); 454 395 } … … 512 453 TALLOC_CTX *ctx = p->mem_ctx; 513 454 514 sd = get_share_security(ctx, lp_servicename( snum), &sd_size);455 sd = get_share_security(ctx, lp_servicename(talloc_tos(), snum), &sd_size); 515 456 if (sd) { 516 457 sd_buf = make_sec_desc_buf(p->mem_ctx, sd_size, sd); … … 526 467 static bool is_hidden_share(int snum) 527 468 { 528 const char *net_name = lp_servicename( snum);469 const char *net_name = lp_servicename(talloc_tos(), snum); 529 470 530 471 return (net_name[strlen(net_name) - 1] == '$') ? True : False; … … 537 478 int snum) 538 479 { 539 if (!lp_access_based_share_enum(snum)) 540 return true; 541 542 return share_access_check(p->session_info->security_token, 543 lp_servicename(snum), FILE_READ_DATA, NULL); 480 if (!lp_access_based_share_enum(snum)) { 481 return true; 482 } 483 484 if (!user_ok_token(p->session_info->unix_info->unix_name, 485 p->session_info->info->domain_name, 486 p->session_info->security_token, snum)) { 487 return false; 488 } 489 490 return share_access_check(p->session_info->security_token, 491 lp_servicename(talloc_tos(), snum), 492 FILE_READ_DATA, NULL); 493 } 494 495 /**************************************************************************** 496 Count an entry against the respective service. 497 ****************************************************************************/ 498 499 static int count_for_all_fn(struct smbXsrv_tcon_global0 *tcon, void *udp) 500 { 501 union srvsvc_NetShareCtr *ctr = NULL; 502 struct srvsvc_NetShareInfo2 *info2 = NULL; 503 int share_entries = 0; 504 int i = 0; 505 506 ctr = (union srvsvc_NetShareCtr *) udp; 507 508 /* for level 2 */ 509 share_entries = ctr->ctr2->count; 510 info2 = &ctr->ctr2->array[0]; 511 512 for (i = 0; i < share_entries; i++, info2++) { 513 if (strequal(tcon->share_name, info2->name)) { 514 info2->current_users++; 515 break; 516 } 517 } 518 519 return 0; 520 } 521 522 /**************************************************************************** 523 Count the entries belonging to all services in the connection db. 524 ****************************************************************************/ 525 526 static void count_connections_for_all_shares(union srvsvc_NetShareCtr *ctr) 527 { 528 NTSTATUS status; 529 status = smbXsrv_tcon_global_traverse(count_for_all_fn, ctr); 530 531 if (!NT_STATUS_IS_OK(status)) { 532 DEBUG(0,("count_connections_for_all_shares: traverse of " 533 "smbXsrv_tcon_global.tdb failed - %s\n", 534 nt_errstr(status))); 535 } 544 536 } 545 537 … … 569 561 /* Ensure all the usershares are loaded. */ 570 562 become_root(); 571 load_usershare_shares(); 563 delete_and_reload_printers(server_event_context(), p->msg_ctx); 564 load_usershare_shares(NULL, connections_snum_used); 572 565 load_registry_shares(); 573 566 num_services = lp_numservices(); 574 567 unbecome_root(); 575 568 576 allowed = TALLOC_ZERO_ARRAY(ctx, bool, num_services);569 allowed = talloc_zero_array(ctx, bool, num_services); 577 570 W_ERROR_HAVE_NO_MEMORY(allowed); 578 571 … … 583 576 (all_shares || !is_hidden_share(snum)) ) { 584 577 DEBUG(10, ("counting service %s\n", 585 lp_servicename( snum) ? lp_servicename(snum) : "(null)"));578 lp_servicename(talloc_tos(), snum) ? lp_servicename(talloc_tos(), snum) : "(null)")); 586 579 allowed[snum] = true; 587 580 num_entries++; 588 581 } else { 589 582 DEBUG(10, ("NOT counting service %s\n", 590 lp_servicename( snum) ? lp_servicename(snum) : "(null)"));583 lp_servicename(talloc_tos(), snum) ? lp_servicename(talloc_tos(), snum) : "(null)")); 591 584 } 592 585 } … … 600 593 switch (info_ctr->level) { 601 594 case 0: 602 ctr.ctr0 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr0);595 ctr.ctr0 = talloc_zero(ctx, struct srvsvc_NetShareCtr0); 603 596 W_ERROR_HAVE_NO_MEMORY(ctr.ctr0); 604 597 605 598 ctr.ctr0->count = alloc_entries; 606 ctr.ctr0->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo0, alloc_entries);599 ctr.ctr0->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo0, alloc_entries); 607 600 W_ERROR_HAVE_NO_MEMORY(ctr.ctr0->array); 608 601 … … 617 610 618 611 case 1: 619 ctr.ctr1 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr1);612 ctr.ctr1 = talloc_zero(ctx, struct srvsvc_NetShareCtr1); 620 613 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1); 621 614 622 615 ctr.ctr1->count = alloc_entries; 623 ctr.ctr1->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo1, alloc_entries);616 ctr.ctr1->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1, alloc_entries); 624 617 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1->array); 625 618 … … 634 627 635 628 case 2: 636 ctr.ctr2 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr2);629 ctr.ctr2 = talloc_zero(ctx, struct srvsvc_NetShareCtr2); 637 630 W_ERROR_HAVE_NO_MEMORY(ctr.ctr2); 638 631 639 632 ctr.ctr2->count = alloc_entries; 640 ctr.ctr2->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo2, alloc_entries);633 ctr.ctr2->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo2, alloc_entries); 641 634 W_ERROR_HAVE_NO_MEMORY(ctr.ctr2->array); 642 635 … … 648 641 } 649 642 643 count_connections_for_all_shares(&ctr); 650 644 break; 651 645 652 646 case 501: 653 ctr.ctr501 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr501);647 ctr.ctr501 = talloc_zero(ctx, struct srvsvc_NetShareCtr501); 654 648 W_ERROR_HAVE_NO_MEMORY(ctr.ctr501); 655 649 656 650 ctr.ctr501->count = alloc_entries; 657 ctr.ctr501->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo501, alloc_entries);651 ctr.ctr501->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo501, alloc_entries); 658 652 W_ERROR_HAVE_NO_MEMORY(ctr.ctr501->array); 659 653 … … 668 662 669 663 case 502: 670 ctr.ctr502 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr502);664 ctr.ctr502 = talloc_zero(ctx, struct srvsvc_NetShareCtr502); 671 665 W_ERROR_HAVE_NO_MEMORY(ctr.ctr502); 672 666 673 667 ctr.ctr502->count = alloc_entries; 674 ctr.ctr502->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo502, alloc_entries);668 ctr.ctr502->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo502, alloc_entries); 675 669 W_ERROR_HAVE_NO_MEMORY(ctr.ctr502->array); 676 670 … … 685 679 686 680 case 1004: 687 ctr.ctr1004 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr1004);681 ctr.ctr1004 = talloc_zero(ctx, struct srvsvc_NetShareCtr1004); 688 682 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004); 689 683 690 684 ctr.ctr1004->count = alloc_entries; 691 ctr.ctr1004->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo1004, alloc_entries);685 ctr.ctr1004->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1004, alloc_entries); 692 686 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1004->array); 693 687 … … 702 696 703 697 case 1005: 704 ctr.ctr1005 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr1005);698 ctr.ctr1005 = talloc_zero(ctx, struct srvsvc_NetShareCtr1005); 705 699 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005); 706 700 707 701 ctr.ctr1005->count = alloc_entries; 708 ctr.ctr1005->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo1005, alloc_entries);702 ctr.ctr1005->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1005, alloc_entries); 709 703 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1005->array); 710 704 … … 719 713 720 714 case 1006: 721 ctr.ctr1006 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr1006);715 ctr.ctr1006 = talloc_zero(ctx, struct srvsvc_NetShareCtr1006); 722 716 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006); 723 717 724 718 ctr.ctr1006->count = alloc_entries; 725 ctr.ctr1006->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo1006, alloc_entries);719 ctr.ctr1006->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1006, alloc_entries); 726 720 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1006->array); 727 721 … … 736 730 737 731 case 1007: 738 ctr.ctr1007 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr1007);732 ctr.ctr1007 = talloc_zero(ctx, struct srvsvc_NetShareCtr1007); 739 733 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007); 740 734 741 735 ctr.ctr1007->count = alloc_entries; 742 ctr.ctr1007->array = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetShareInfo1007, alloc_entries);736 ctr.ctr1007->array = talloc_zero_array(ctx, struct srvsvc_NetShareInfo1007, alloc_entries); 743 737 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1007->array); 744 738 … … 753 747 754 748 case 1501: 755 ctr.ctr1501 = TALLOC_ZERO_P(ctx, struct srvsvc_NetShareCtr1501);749 ctr.ctr1501 = talloc_zero(ctx, struct srvsvc_NetShareCtr1501); 756 750 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501); 757 751 758 752 ctr.ctr1501->count = alloc_entries; 759 ctr.ctr1501->array = TALLOC_ZERO_ARRAY(ctx, struct sec_desc_buf, alloc_entries);753 ctr.ctr1501->array = talloc_zero_array(ctx, struct sec_desc_buf, alloc_entries); 760 754 W_ERROR_HAVE_NO_MEMORY(ctr.ctr1501->array); 761 755 … … 816 810 for (; resume_handle < *total_entries; resume_handle++) { 817 811 818 ctr0->array = TALLOC_REALLOC_ARRAY(p->mem_ctx,812 ctr0->array = talloc_realloc(p->mem_ctx, 819 813 ctr0->array, 820 814 struct srvsvc_NetSessInfo0, … … 841 835 } 842 836 843 /******************************************************************* 844 ********************************************************************/ 845 846 static void sess_file_fn( const struct share_mode_entry *e, 847 const char *sharepath, const char *fname, 848 void *data ) 849 { 850 struct sess_file_count *sess = (struct sess_file_count *)data; 851 852 if ( procid_equal(&e->pid, &sess->pid) && (sess->uid == e->uid) ) { 853 sess->count++; 854 } 855 856 return; 857 } 858 859 /******************************************************************* 860 ********************************************************************/ 861 862 static int net_count_files( uid_t uid, struct server_id pid ) 863 { 864 struct sess_file_count s_file_cnt; 865 866 s_file_cnt.count = 0; 867 s_file_cnt.uid = uid; 868 s_file_cnt.pid = pid; 869 870 share_mode_forall( sess_file_fn, &s_file_cnt ); 871 872 return s_file_cnt.count; 837 /*********************************************************************** 838 * find out the session on which this file is open and bump up its count 839 **********************************************************************/ 840 841 static int count_sess_files_fn(const struct share_mode_entry *e, 842 const char *sharepath, 843 const char *fname, 844 const char *sname, 845 void *data) 846 { 847 struct sess_file_info *info = data; 848 uint32_t rh = info->resume_handle; 849 int i; 850 851 for (i=0; i < info->num_entries; i++) { 852 /* rh+info->num_entries is safe, as we've 853 ensured that: 854 *total_entries > resume_handle && 855 info->num_entries = *total_entries - resume_handle; 856 inside init_srv_sess_info_1() below. 857 */ 858 struct sessionid *sess = &info->session_list[rh + i]; 859 if ((e->uid == sess->uid) && 860 serverid_equal(&e->pid, &sess->pid)) { 861 862 info->ctr->array[i].num_open++; 863 return 0; 864 } 865 } 866 return 0; 867 } 868 869 /******************************************************************* 870 * count the num of open files on all sessions 871 *******************************************************************/ 872 873 static void net_count_files_for_all_sess(struct srvsvc_NetSessCtr1 *ctr1, 874 struct sessionid *session_list, 875 uint32_t resume_handle, 876 uint32_t num_entries) 877 { 878 struct sess_file_info s_file_info; 879 880 s_file_info.ctr = ctr1; 881 s_file_info.session_list = session_list; 882 s_file_info.resume_handle = resume_handle; 883 s_file_info.num_entries = num_entries; 884 885 share_entry_forall(count_sess_files_fn, &s_file_info); 873 886 } 874 887 … … 898 911 *total_entries = list_sessions(p->mem_ctx, &session_list); 899 912 900 for (; resume_handle < *total_entries; resume_handle++) { 901 uint32 num_files; 902 uint32 connect_time; 903 struct passwd *pw = sys_getpwnam(session_list[resume_handle].username); 913 if (resume_handle >= *total_entries) { 914 if (resume_handle_p) { 915 *resume_handle_p = 0; 916 } 917 return WERR_OK; 918 } 919 920 /* We know num_entries must be positive, due to 921 the check resume_handle >= *total_entries above. */ 922 923 num_entries = *total_entries - resume_handle; 924 925 ctr1->array = talloc_zero_array(p->mem_ctx, 926 struct srvsvc_NetSessInfo1, 927 num_entries); 928 929 W_ERROR_HAVE_NO_MEMORY(ctr1->array); 930 931 for (num_entries = 0; resume_handle < *total_entries; num_entries++, resume_handle++) { 932 uint32_t connect_time; 904 933 bool guest; 905 934 906 if ( !pw ) {907 DEBUG(10,("init_srv_sess_info_1: failed to find owner: %s\n",908 session_list[resume_handle].username));909 continue;910 }911 912 935 connect_time = (uint32_t)(now - session_list[resume_handle].connect_start); 913 num_files = net_count_files(pw->pw_uid, session_list[resume_handle].pid); 914 guest = strequal( session_list[resume_handle].username, lp_guestaccount() ); 915 916 ctr1->array = TALLOC_REALLOC_ARRAY(p->mem_ctx, 917 ctr1->array, 918 struct srvsvc_NetSessInfo1, 919 num_entries+1); 920 W_ERROR_HAVE_NO_MEMORY(ctr1->array); 936 guest = strequal( session_list[resume_handle].username, lp_guest_account() ); 921 937 922 938 ctr1->array[num_entries].client = session_list[resume_handle].remote_machine; 923 939 ctr1->array[num_entries].user = session_list[resume_handle].username; 924 ctr1->array[num_entries].num_open = num_files;940 ctr1->array[num_entries].num_open = 0;/* computed later */ 925 941 ctr1->array[num_entries].time = connect_time; 926 942 ctr1->array[num_entries].idle_time = 0; 927 943 ctr1->array[num_entries].user_flags = guest; 928 929 num_entries++;930 944 } 931 945 932 946 ctr1->count = num_entries; 947 948 /* count open files on all sessions in single tdb traversal */ 949 net_count_files_for_all_sess(ctr1, session_list, 950 resume_handle_p ? *resume_handle_p : 0, 951 num_entries); 933 952 934 953 if (resume_handle_p) { … … 944 963 945 964 /******************************************************************* 965 find the share connection on which this open exists. 966 ********************************************************************/ 967 968 static int share_file_fn(const struct share_mode_entry *e, 969 const char *sharepath, 970 const char *fname, 971 const char *sname, 972 void *data) 973 { 974 struct share_file_stat *sfs = data; 975 uint32_t i; 976 uint32_t offset = sfs->total_entries - sfs->resp_entries; 977 978 if (strequal(sharepath, sfs->in_sharepath)) { 979 for (i=0; i < sfs->resp_entries; i++) { 980 if (serverid_equal(&e->pid, &sfs->svrid_arr[offset + i])) { 981 sfs->netconn_arr[i].num_open ++; 982 return 0; 983 } 984 } 985 } 986 return 0; 987 } 988 989 /******************************************************************* 990 count number of open files on given share connections. 991 ********************************************************************/ 992 993 static void count_share_opens(struct srvsvc_NetConnInfo1 *arr, 994 struct server_id *svrid_arr, char *sharepath, 995 uint32_t resp_entries, uint32_t total_entries) 996 { 997 struct share_file_stat sfs; 998 999 sfs.netconn_arr = arr; 1000 sfs.svrid_arr = svrid_arr; 1001 sfs.in_sharepath = sharepath; 1002 sfs.resp_entries = resp_entries; 1003 sfs.total_entries = total_entries; 1004 1005 share_entry_forall(share_file_fn, &sfs); 1006 } 1007 1008 /**************************************************************************** 1009 process an entry from the connection db. 1010 ****************************************************************************/ 1011 1012 static int share_conn_fn(struct smbXsrv_tcon_global0 *tcon, 1013 void *data) 1014 { 1015 struct share_conn_stat *scs = data; 1016 1017 if (!process_exists(tcon->server_id)) { 1018 return 0; 1019 } 1020 1021 if (strequal(tcon->share_name, scs->sharename)) { 1022 scs->svrid_arr = talloc_realloc(scs->ctx, scs->svrid_arr, 1023 struct server_id, 1024 scs->count + 1); 1025 if (!scs->svrid_arr) { 1026 return 0; 1027 } 1028 1029 scs->svrid_arr[scs->count] = tcon->server_id; 1030 scs->count++; 1031 } 1032 1033 return 0; 1034 } 1035 1036 /**************************************************************************** 1037 Count the connections to a share. Build an array of serverid's owning these 1038 connections. 1039 ****************************************************************************/ 1040 1041 static uint32_t count_share_conns(TALLOC_CTX *ctx, const char *sharename, 1042 struct server_id **arr) 1043 { 1044 struct share_conn_stat scs; 1045 NTSTATUS status; 1046 1047 scs.ctx = ctx; 1048 scs.sharename = sharename; 1049 scs.svrid_arr = NULL; 1050 scs.count = 0; 1051 1052 status = smbXsrv_tcon_global_traverse(share_conn_fn, &scs); 1053 1054 if (!NT_STATUS_IS_OK(status)) { 1055 DEBUG(0,("count_share_conns: traverse of " 1056 "smbXsrv_tcon_global.tdb failed - %s\n", 1057 nt_errstr(status))); 1058 return 0; 1059 } 1060 1061 *arr = scs.svrid_arr; 1062 return scs.count; 1063 } 1064 1065 /******************************************************************* 946 1066 fill in a conn info level 0 structure. 947 1067 ********************************************************************/ … … 969 1089 for (; resume_handle < *total_entries; resume_handle++) { 970 1090 971 ctr0->array = TALLOC_REALLOC_ARRAY(talloc_tos(),1091 ctr0->array = talloc_realloc(talloc_tos(), 972 1092 ctr0->array, 973 1093 struct srvsvc_NetConnInfo0, … … 1001 1121 ********************************************************************/ 1002 1122 1003 static WERROR init_srv_conn_info_1(struct srvsvc_NetConnCtr1 *ctr1, 1123 static WERROR init_srv_conn_info_1(const char *name, 1124 struct srvsvc_NetConnCtr1 *ctr1, 1004 1125 uint32_t *resume_handle_p, 1005 1126 uint32_t *total_entries) 1006 1127 { 1007 uint32_t num_entries = 0 ;1128 uint32_t num_entries = 0, snum = 0; 1008 1129 uint32_t resume_handle = resume_handle_p ? *resume_handle_p : 0; 1130 char *share_name = NULL; 1131 struct server_id *svrid_arr = NULL; 1009 1132 1010 1133 DEBUG(5,("init_srv_conn_info_1\n")); … … 1017 1140 } 1018 1141 1019 *total_entries = 1; 1142 /* check if this is a server name or a share name */ 1143 if (name && (strlen(name) > 2) && (name[0] == '\\') && 1144 (name[1] == '\\')) { 1145 1146 /* 'name' is a server name - this part is unimplemented */ 1147 *total_entries = 1; 1148 } else { 1149 /* 'name' is a share name */ 1150 snum = find_service(talloc_tos(), name, &share_name); 1151 1152 if (!share_name) { 1153 return WERR_NOMEM; 1154 } 1155 1156 if (snum < 0) { 1157 return WERR_INVALID_NAME; 1158 } 1159 1160 /* 1161 * count the num of connections to this share. Also, 1162 * build a list of serverid's that own these 1163 * connections. The serverid list is used later to 1164 * identify the share connection on which an open exists. 1165 */ 1166 1167 *total_entries = count_share_conns(talloc_tos(), 1168 share_name, 1169 &svrid_arr); 1170 } 1171 1172 if (resume_handle >= *total_entries) { 1173 if (resume_handle_p) { 1174 *resume_handle_p = 0; 1175 } 1176 return WERR_OK; 1177 } 1178 1179 /* 1180 * We know num_entries must be positive, due to 1181 * the check resume_handle >= *total_entries above. 1182 */ 1183 1184 num_entries = *total_entries - resume_handle; 1020 1185 1021 1186 ZERO_STRUCTP(ctr1); 1022 1187 1023 for (; resume_handle < *total_entries; resume_handle++) { 1024 1025 ctr1->array = TALLOC_REALLOC_ARRAY(talloc_tos(), 1026 ctr1->array, 1027 struct srvsvc_NetConnInfo1, 1028 num_entries+1); 1029 if (!ctr1->array) { 1030 return WERR_NOMEM; 1031 } 1188 ctr1->array = talloc_zero_array(talloc_tos(), 1189 struct srvsvc_NetConnInfo1, 1190 num_entries); 1191 1192 W_ERROR_HAVE_NO_MEMORY(ctr1->array); 1193 1194 for (num_entries = 0; resume_handle < *total_entries; 1195 num_entries++, resume_handle++) { 1032 1196 1033 1197 ctr1->array[num_entries].conn_id = *total_entries; 1034 1198 ctr1->array[num_entries].conn_type = 0x3; 1035 ctr1->array[num_entries].num_open = 1; 1199 1200 /* 1201 * if these are connections to a share, we are going to 1202 * compute the opens on them later. If it's for the server, 1203 * it's unimplemented. 1204 */ 1205 1206 if (!share_name) { 1207 ctr1->array[num_entries].num_open = 1; 1208 } 1209 1036 1210 ctr1->array[num_entries].num_users = 1; 1037 1211 ctr1->array[num_entries].conn_time = 3; 1038 1212 ctr1->array[num_entries].user = "dummy_user"; 1039 1213 ctr1->array[num_entries].share = "IPC$"; 1040 1041 /* move on to creating next connection */ 1042 num_entries++; 1214 } 1215 1216 /* now compute open files on the share connections */ 1217 1218 if (share_name) { 1219 1220 /* 1221 * the locking tdb, which has the open files information, 1222 * does not store share name or share (service) number, but 1223 * just the share path. So, we can compute open files only 1224 * on the share path. If more than one shares are defined 1225 * on a share path, open files on all of them are included 1226 * in the count. 1227 * 1228 * To have the correct behavior in case multiple shares 1229 * are defined on the same path, changes to tdb records 1230 * would be required. That would be lot more effort, so 1231 * this seems a good stopgap fix. 1232 */ 1233 1234 count_share_opens(ctr1->array, svrid_arr, 1235 lp_path(talloc_tos(), snum), 1236 num_entries, *total_entries); 1237 1043 1238 } 1044 1239 … … 1047 1242 1048 1243 if (resume_handle_p) { 1049 if (*resume_handle_p >= *total_entries) { 1050 *resume_handle_p = 0; 1051 } else { 1052 *resume_handle_p = resume_handle; 1053 } 1244 *resume_handle_p = resume_handle; 1054 1245 } 1055 1246 … … 1099 1290 } 1100 1291 1101 werr = net_enum_pipes(ctx, r->in.user, &ctr3, resume_hnd);1102 if (!W_ERROR_IS_OK(werr)) {1103 goto done;1104 }1105 1106 1292 *r->out.totalentries = ctr3->count; 1107 1293 r->out.info_ctr->ctr.ctr3->array = ctr3->array; … … 1139 1325 struct srvsvc_NetSrvInfo102 *info102; 1140 1326 1141 info102 = TALLOC_P(p->mem_ctx, struct srvsvc_NetSrvInfo102);1327 info102 = talloc(p->mem_ctx, struct srvsvc_NetSrvInfo102); 1142 1328 if (!info102) { 1143 1329 return WERR_NOMEM; … … 1145 1331 1146 1332 info102->platform_id = PLATFORM_ID_NT; 1147 info102->server_name = global_myname();1148 info102->version_major = lp_major_announce_version();1149 info102->version_minor = lp_minor_announce_version();1333 info102->server_name = lp_netbios_name(); 1334 info102->version_major = SAMBA_MAJOR_NBT_ANNOUNCE_VERSION; 1335 info102->version_minor = SAMBA_MINOR_NBT_ANNOUNCE_VERSION; 1150 1336 info102->server_type = lp_default_server_announce(); 1151 info102->comment = string_truncate(lp_server string(),1337 info102->comment = string_truncate(lp_server_string(talloc_tos()), 1152 1338 MAX_SERVER_STRING_LENGTH); 1153 1339 info102->users = 0xffffffff; … … 1165 1351 struct srvsvc_NetSrvInfo101 *info101; 1166 1352 1167 info101 = TALLOC_P(p->mem_ctx, struct srvsvc_NetSrvInfo101);1353 info101 = talloc(p->mem_ctx, struct srvsvc_NetSrvInfo101); 1168 1354 if (!info101) { 1169 1355 return WERR_NOMEM; … … 1171 1357 1172 1358 info101->platform_id = PLATFORM_ID_NT; 1173 info101->server_name = global_myname();1174 info101->version_major = lp_major_announce_version();1175 info101->version_minor = lp_minor_announce_version();1359 info101->server_name = lp_netbios_name(); 1360 info101->version_major = SAMBA_MAJOR_NBT_ANNOUNCE_VERSION; 1361 info101->version_minor = SAMBA_MINOR_NBT_ANNOUNCE_VERSION; 1176 1362 info101->server_type = lp_default_server_announce(); 1177 info101->comment = string_truncate(lp_server string(),1363 info101->comment = string_truncate(lp_server_string(talloc_tos()), 1178 1364 MAX_SERVER_STRING_LENGTH); 1179 1365 … … 1184 1370 struct srvsvc_NetSrvInfo100 *info100; 1185 1371 1186 info100 = TALLOC_P(p->mem_ctx, struct srvsvc_NetSrvInfo100);1372 info100 = talloc(p->mem_ctx, struct srvsvc_NetSrvInfo100); 1187 1373 if (!info100) { 1188 1374 return WERR_NOMEM; … … 1190 1376 1191 1377 info100->platform_id = PLATFORM_ID_NT; 1192 info100->server_name = global_myname();1378 info100->server_name = lp_netbios_name(); 1193 1379 1194 1380 r->out.info->info100 = info100; … … 1249 1435 break; 1250 1436 case 1: 1251 werr = init_srv_conn_info_1(r->in.info_ctr->ctr.ctr1, 1437 werr = init_srv_conn_info_1(r->in.path, 1438 r->in.info_ctr->ctr.ctr1, 1252 1439 r->in.resume_handle, 1253 1440 r->out.totalentries); … … 1316 1503 WERROR werr; 1317 1504 1505 DEBUG(5,("_srvsvc_NetSessDel: %d\n", __LINE__)); 1506 1507 werr = WERR_ACCESS_DENIED; 1508 1509 /* fail out now if you are not root or not a domain admin */ 1510 1511 if ((p->session_info->unix_token->uid != sec_initial_uid()) && 1512 ( ! nt_token_check_domain_rid(p->session_info->security_token, 1513 DOMAIN_RID_ADMINS))) { 1514 1515 goto done; 1516 } 1517 1318 1518 username = r->in.user; 1319 1519 machine = r->in.client; … … 1324 1524 } 1325 1525 1326 num_sessions = list_sessions(p->mem_ctx, &session_list); 1327 1328 DEBUG(5,("_srvsvc_NetSessDel: %d\n", __LINE__)); 1329 1330 werr = WERR_ACCESS_DENIED; 1331 1332 /* fail out now if you are not root or not a domain admin */ 1333 1334 if ((p->session_info->utok.uid != sec_initial_uid()) && 1335 ( ! nt_token_check_domain_rid(p->session_info->security_token, 1336 DOMAIN_RID_ADMINS))) { 1337 1338 goto done; 1339 } 1526 num_sessions = find_sessions(p->mem_ctx, username, machine, 1527 &session_list); 1340 1528 1341 1529 for (snum = 0; snum < num_sessions; snum++) { 1342 1530 1343 if ((strequal(session_list[snum].username, username) || username[0] == '\0' ) && 1344 strequal(session_list[snum].remote_machine, machine)) { 1345 1346 NTSTATUS ntstat; 1347 1348 if (p->session_info->utok.uid != sec_initial_uid()) { 1349 not_root = True; 1350 become_root(); 1351 } 1352 1353 ntstat = messaging_send(p->msg_ctx, 1354 session_list[snum].pid, 1355 MSG_SHUTDOWN, &data_blob_null); 1356 1357 if (NT_STATUS_IS_OK(ntstat)) 1358 werr = WERR_OK; 1359 1360 if (not_root) 1361 unbecome_root(); 1362 } 1531 NTSTATUS ntstat; 1532 1533 if (p->session_info->unix_token->uid != sec_initial_uid()) { 1534 not_root = True; 1535 become_root(); 1536 } 1537 1538 ntstat = messaging_send(p->msg_ctx, 1539 session_list[snum].pid, 1540 MSG_SHUTDOWN, &data_blob_null); 1541 1542 if (NT_STATUS_IS_OK(ntstat)) 1543 werr = WERR_OK; 1544 1545 if (not_root) 1546 unbecome_root(); 1363 1547 } 1364 1548 … … 1454 1638 switch (r->in.level) { 1455 1639 case 0: 1456 info->info0 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo0);1640 info->info0 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo0); 1457 1641 W_ERROR_HAVE_NO_MEMORY(info->info0); 1458 1642 init_srv_share_info_0(p, info->info0, snum); 1459 1643 break; 1460 1644 case 1: 1461 info->info1 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo1);1645 info->info1 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo1); 1462 1646 W_ERROR_HAVE_NO_MEMORY(info->info1); 1463 1647 init_srv_share_info_1(p, info->info1, snum); 1464 1648 break; 1465 1649 case 2: 1466 info->info2 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo2);1650 info->info2 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo2); 1467 1651 W_ERROR_HAVE_NO_MEMORY(info->info2); 1468 1652 init_srv_share_info_2(p, info->info2, snum); 1653 info->info2->current_users = 1654 count_current_connections(info->info2->name, false); 1469 1655 break; 1470 1656 case 501: 1471 info->info501 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo501);1657 info->info501 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo501); 1472 1658 W_ERROR_HAVE_NO_MEMORY(info->info501); 1473 1659 init_srv_share_info_501(p, info->info501, snum); 1474 1660 break; 1475 1661 case 502: 1476 info->info502 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo502);1662 info->info502 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo502); 1477 1663 W_ERROR_HAVE_NO_MEMORY(info->info502); 1478 1664 init_srv_share_info_502(p, info->info502, snum); 1479 1665 break; 1480 1666 case 1004: 1481 info->info1004 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo1004);1667 info->info1004 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo1004); 1482 1668 W_ERROR_HAVE_NO_MEMORY(info->info1004); 1483 1669 init_srv_share_info_1004(p, info->info1004, snum); 1484 1670 break; 1485 1671 case 1005: 1486 info->info1005 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo1005);1672 info->info1005 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo1005); 1487 1673 W_ERROR_HAVE_NO_MEMORY(info->info1005); 1488 1674 init_srv_share_info_1005(p, info->info1005, snum); 1489 1675 break; 1490 1676 case 1006: 1491 info->info1006 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo1006);1677 info->info1006 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo1006); 1492 1678 W_ERROR_HAVE_NO_MEMORY(info->info1006); 1493 1679 init_srv_share_info_1006(p, info->info1006, snum); 1494 1680 break; 1495 1681 case 1007: 1496 info->info1007 = TALLOC_P(p->mem_ctx, struct srvsvc_NetShareInfo1007);1682 info->info1007 = talloc(p->mem_ctx, struct srvsvc_NetShareInfo1007); 1497 1683 W_ERROR_HAVE_NO_MEMORY(info->info1007); 1498 1684 init_srv_share_info_1007(p, info->info1007, snum); … … 1530 1716 struct security_descriptor *psd = NULL; 1531 1717 bool is_disk_op = False; 1718 const char *csc_policy = NULL; 1719 bool csc_policy_changed = false; 1720 const char *csc_policies[] = {"manual", "documents", "programs", 1721 "disable"}; 1722 uint32_t client_csc_policy; 1532 1723 int max_connections = 0; 1533 1724 TALLOC_CTX *ctx = p->mem_ctx; … … 1564 1755 1565 1756 /* No change to printer shares. */ 1566 if (lp_print _ok(snum))1757 if (lp_printable(snum)) 1567 1758 return WERR_ACCESS_DENIED; 1568 1759 … … 1571 1762 /* fail out now if you are not root and not a disk op */ 1572 1763 1573 if ( p->session_info->u tok.uid != sec_initial_uid() && !is_disk_op ) {1764 if ( p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) { 1574 1765 DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the " 1575 1766 "SeDiskOperatorPrivilege privilege needed to modify " 1576 1767 "share %s\n", 1577 (unsigned int)p->session_info->u tok.uid,1768 (unsigned int)p->session_info->unix_token->uid, 1578 1769 share_name )); 1579 1770 return WERR_ACCESS_DENIED; 1580 1771 } 1581 1772 1773 max_connections = lp_max_connections(snum); 1774 csc_policy = csc_policies[lp_csc_policy(snum)]; 1775 1582 1776 switch (r->in.level) { 1583 1777 case 1: 1584 pathname = talloc_strdup(ctx, lp_pathname(snum));1778 pathname = lp_path(ctx, snum); 1585 1779 comment = talloc_strdup(ctx, info->info1->comment); 1586 1780 type = info->info1->type; … … 1611 1805 break; 1612 1806 case 1004: 1613 pathname = talloc_strdup(ctx, lp_pathname(snum));1807 pathname = lp_path(ctx, snum); 1614 1808 comment = talloc_strdup(ctx, info->info1004->comment); 1615 1809 type = STYPE_DISKTREE; … … 1620 1814 smb.conf, so that we can contine other ops like setting 1621 1815 ACLs on a share */ 1622 if (((info->info1005->dfs_flags & 1623 SHARE_1005_CSC_POLICY_MASK) >> 1624 SHARE_1005_CSC_POLICY_SHIFT) == lp_csc_policy(snum)) 1816 client_csc_policy = (info->info1005->dfs_flags & 1817 SHARE_1005_CSC_POLICY_MASK) >> 1818 SHARE_1005_CSC_POLICY_SHIFT; 1819 1820 if (client_csc_policy == lp_csc_policy(snum)) 1625 1821 return WERR_OK; 1626 1822 else { 1627 DEBUG(3, ("_srvsvc_NetShareSetInfo: client is trying to change csc policy from the network; must be done with smb.conf\n")); 1628 return WERR_ACCESS_DENIED; 1629 } 1823 csc_policy = csc_policies[client_csc_policy]; 1824 csc_policy_changed = true; 1825 } 1826 1827 pathname = lp_path(ctx, snum); 1828 comment = lp_comment(ctx, snum); 1829 type = STYPE_DISKTREE; 1830 break; 1630 1831 case 1006: 1631 1832 case 1007: 1632 1833 return WERR_ACCESS_DENIED; 1633 1834 case 1501: 1634 pathname = talloc_strdup(ctx, lp_pathname(snum));1635 comment = talloc_strdup(ctx, lp_comment(snum));1835 pathname = lp_path(ctx, snum); 1836 comment = lp_comment(ctx, snum); 1636 1837 psd = info->info1501->sd; 1637 1838 map_generic_share_sd_bits(psd); … … 1669 1870 1670 1871 DEBUG(10,("_srvsvc_NetShareSetInfo: change share command = %s\n", 1671 lp_change_share_c md() ? lp_change_share_cmd() : "NULL" ));1872 lp_change_share_command(talloc_tos()) ? lp_change_share_command(talloc_tos()) : "NULL" )); 1672 1873 1673 1874 /* Only call modify function if something changed. */ 1674 1875 1675 if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) 1676 || (lp_max_connections(snum) != max_connections)) { 1677 if (!lp_change_share_cmd() || !*lp_change_share_cmd()) { 1876 if (strcmp(path, lp_path(talloc_tos(), snum)) || strcmp(comment, lp_comment(talloc_tos(), snum)) 1877 || (lp_max_connections(snum) != max_connections) 1878 || csc_policy_changed) { 1879 1880 if (!lp_change_share_command(talloc_tos()) || !*lp_change_share_command(talloc_tos())) { 1678 1881 DEBUG(10,("_srvsvc_NetShareSetInfo: No change share command\n")); 1679 1882 return WERR_ACCESS_DENIED; … … 1681 1884 1682 1885 command = talloc_asprintf(p->mem_ctx, 1683 "%s \"%s\" \"%s\" \"%s\" \"%s\" %d ",1684 lp_change_share_c md(),1886 "%s \"%s\" \"%s\" \"%s\" \"%s\" %d \"%s\"", 1887 lp_change_share_command(talloc_tos()), 1685 1888 get_dyn_CONFIGFILE(), 1686 1889 share_name, 1687 1890 path, 1688 comment ? comment : "", 1689 max_connections); 1891 comment, 1892 max_connections, 1893 csc_policy); 1690 1894 if (!command) { 1691 1895 return WERR_NOMEM; … … 1727 1931 size_t sd_size; 1728 1932 1729 old_sd = get_share_security(p->mem_ctx, lp_servicename( snum), &sd_size);1933 old_sd = get_share_security(p->mem_ctx, lp_servicename(talloc_tos(), snum), &sd_size); 1730 1934 1731 1935 if (old_sd && !security_descriptor_equal(old_sd, psd)) { … … 1762 1966 bool is_disk_op; 1763 1967 int max_connections = 0; 1968 SMB_STRUCT_STAT st; 1764 1969 TALLOC_CTX *ctx = p->mem_ctx; 1765 1970 … … 1772 1977 is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); 1773 1978 1774 if (p->session_info->u tok.uid != sec_initial_uid() && !is_disk_op )1979 if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) 1775 1980 return WERR_ACCESS_DENIED; 1776 1981 1777 if (!lp_add_share_c md() || !*lp_add_share_cmd()) {1982 if (!lp_add_share_command(talloc_tos()) || !*lp_add_share_command(talloc_tos())) { 1778 1983 DEBUG(10,("_srvsvc_NetShareAdd: No add share command\n")); 1779 1984 return WERR_ACCESS_DENIED; … … 1861 2066 } 1862 2067 2068 ret = sys_lstat(path, &st, false); 2069 if (ret == -1 && (errno != EACCES)) { 2070 /* 2071 * If path has any other than permission 2072 * problem, return WERR_BADFILE (as Windows 2073 * does. 2074 */ 2075 return WERR_BADFILE; 2076 } 2077 1863 2078 /* Ensure share name, pathname and comment don't contain '"' characters. */ 1864 2079 string_replace(share_name_in, '"', ' '); … … 1871 2086 command = talloc_asprintf(ctx, 1872 2087 "%s \"%s\" \"%s\" \"%s\" \"%s\" %d", 1873 lp_add_share_c md(),2088 lp_add_share_command(talloc_tos()), 1874 2089 get_dyn_CONFIGFILE(), 1875 2090 share_name_in, … … 1943 2158 int snum; 1944 2159 bool is_disk_op; 1945 struct share_params *params;1946 2160 TALLOC_CTX *ctx = p->mem_ctx; 1947 2161 … … 1968 2182 } 1969 2183 1970 if (!(params = get_share_params(p->mem_ctx, share_name))) {1971 return WERR_NO_SUCH_SHARE;1972 }1973 1974 2184 /* No change to printer shares. */ 1975 if (lp_print _ok(snum))2185 if (lp_printable(snum)) 1976 2186 return WERR_ACCESS_DENIED; 1977 2187 1978 2188 is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); 1979 2189 1980 if (p->session_info->u tok.uid != sec_initial_uid() && !is_disk_op )2190 if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) 1981 2191 return WERR_ACCESS_DENIED; 1982 2192 1983 if (!lp_delete_share_c md() || !*lp_delete_share_cmd()) {2193 if (!lp_delete_share_command(talloc_tos()) || !*lp_delete_share_command(talloc_tos())) { 1984 2194 DEBUG(10,("_srvsvc_NetShareDel: No delete share command\n")); 1985 2195 return WERR_ACCESS_DENIED; … … 1988 2198 command = talloc_asprintf(ctx, 1989 2199 "%s \"%s\" \"%s\"", 1990 lp_delete_share_c md(),2200 lp_delete_share_command(talloc_tos()), 1991 2201 get_dyn_CONFIGFILE(), 1992 lp_servicename(snum));2202 share_name); 1993 2203 if (!command) { 1994 2204 return WERR_NOMEM; … … 2019 2229 2020 2230 /* Delete the SD in the database. */ 2021 delete_share_security( lp_servicename(params->service));2022 2023 lp_killservice( params->service);2231 delete_share_security(share_name); 2232 2233 lp_killservice(snum); 2024 2234 2025 2235 return WERR_OK; … … 2058 2268 it overwrites the pointed-to values. JRA */ 2059 2269 2060 uint32 zone = get_time_zone(unixdate)/60;2270 uint32_t zone = get_time_zone(unixdate)/60; 2061 2271 2062 2272 DEBUG(5,("_srvsvc_NetRemoteTOD: %d\n", __LINE__)); 2063 2273 2064 if ( !(tod = TALLOC_ZERO_P(p->mem_ctx, struct srvsvc_NetRemoteTODInfo)) )2274 if ( !(tod = talloc_zero(p->mem_ctx, struct srvsvc_NetRemoteTODInfo)) ) 2065 2275 return WERR_NOMEM; 2066 2276 … … 2099 2309 { 2100 2310 struct smb_filename *smb_fname = NULL; 2101 struct security_descriptor *psd = NULL;2102 2311 size_t sd_size; 2103 2312 char *servicename = NULL; … … 2110 2319 int snum; 2111 2320 char *oldcwd = NULL; 2321 uint32_t ucf_flags = 0; 2112 2322 2113 2323 ZERO_STRUCT(st); … … 2128 2338 } 2129 2339 2130 nt_status = create_conn_struct(talloc_tos(), &conn, snum, 2131 lp_pathname(snum), p->session_info, 2132 &oldcwd); 2340 nt_status = create_conn_struct_cwd(talloc_tos(), 2341 server_event_context(), 2342 server_messaging_context(), 2343 &conn, 2344 snum, lp_path(talloc_tos(), snum), 2345 p->session_info, &oldcwd); 2133 2346 if (!NT_STATUS_IS_OK(nt_status)) { 2134 2347 DEBUG(10, ("create_conn_struct failed: %s\n", … … 2142 2355 false, 2143 2356 r->in.file, 2144 0,2357 ucf_flags, 2145 2358 NULL, 2146 2359 &smb_fname); … … 2161 2374 0, /* file_attributes */ 2162 2375 INTERNAL_OPEN_ONLY, /* oplock_request */ 2376 NULL, /* lease */ 2163 2377 0, /* allocation_size */ 2164 2378 0, /* private_flags */ … … 2166 2380 NULL, /* ea_list */ 2167 2381 &fsp, /* result */ 2168 NULL); /* pinfo */ 2382 NULL, /* pinfo */ 2383 NULL, NULL); /* create context */ 2169 2384 2170 2385 if (!NT_STATUS_IS_OK(nt_status)) { … … 2175 2390 } 2176 2391 2392 sd_buf = talloc_zero(p->mem_ctx, struct sec_desc_buf); 2393 if (!sd_buf) { 2394 werr = WERR_NOMEM; 2395 goto error_exit; 2396 } 2397 2177 2398 nt_status = SMB_VFS_FGET_NT_ACL(fsp, 2178 2399 (SECINFO_OWNER 2179 2400 |SECINFO_GROUP 2180 |SECINFO_DACL), &psd);2401 |SECINFO_DACL), sd_buf, &sd_buf->sd); 2181 2402 2182 2403 if (!NT_STATUS_IS_OK(nt_status)) { … … 2184 2405 "for file %s\n", smb_fname_str_dbg(smb_fname))); 2185 2406 werr = ntstatus_to_werror(nt_status); 2407 TALLOC_FREE(sd_buf); 2186 2408 goto error_exit; 2187 2409 } 2188 2410 2189 sd_size = ndr_size_security_descriptor(psd, 0); 2190 2191 sd_buf = TALLOC_ZERO_P(p->mem_ctx, struct sec_desc_buf); 2192 if (!sd_buf) { 2193 werr = WERR_NOMEM; 2194 goto error_exit; 2195 } 2411 if (sd_buf->sd->dacl) { 2412 sd_buf->sd->dacl->revision = NT4_ACL_REVISION; 2413 } 2414 2415 sd_size = ndr_size_security_descriptor(sd_buf->sd, 0); 2196 2416 2197 2417 sd_buf->sd_size = sd_size; 2198 sd_buf->sd = psd;2199 2418 2200 2419 *r->out.sd_buf = sd_buf; 2201 2202 psd->dacl->revision = NT4_ACL_REVISION;2203 2420 2204 2421 close_file(NULL, fsp, NORMAL_CLOSE); … … 2225 2442 2226 2443 done: 2444 2227 2445 TALLOC_FREE(smb_fname); 2228 2446 … … 2249 2467 struct security_descriptor *psd = NULL; 2250 2468 uint32_t security_info_sent = 0; 2469 uint32_t ucf_flags = 0; 2251 2470 2252 2471 ZERO_STRUCT(st); … … 2269 2488 } 2270 2489 2271 nt_status = create_conn_struct(talloc_tos(), &conn, snum, 2272 lp_pathname(snum), p->session_info, 2273 &oldcwd); 2490 nt_status = create_conn_struct_cwd(talloc_tos(), 2491 server_event_context(), 2492 server_messaging_context(), 2493 &conn, 2494 snum, lp_path(talloc_tos(), snum), 2495 p->session_info, &oldcwd); 2274 2496 if (!NT_STATUS_IS_OK(nt_status)) { 2275 2497 DEBUG(10, ("create_conn_struct failed: %s\n", … … 2283 2505 false, 2284 2506 r->in.file, 2285 0,2507 ucf_flags, 2286 2508 NULL, 2287 2509 &smb_fname); … … 2302 2524 0, /* file_attributes */ 2303 2525 INTERNAL_OPEN_ONLY, /* oplock_request */ 2526 NULL, /* lease */ 2304 2527 0, /* allocation_size */ 2305 2528 0, /* private_flags */ … … 2307 2530 NULL, /* ea_list */ 2308 2531 &fsp, /* result */ 2309 NULL); /* pinfo */ 2532 NULL, /* pinfo */ 2533 NULL, NULL); /* create context */ 2310 2534 2311 2535 if (!NT_STATUS_IS_OK(nt_status)) { … … 2366 2590 static const char *server_disks[] = {"C:"}; 2367 2591 2368 static uint32 get_server_disk_count(void)2592 static uint32_t get_server_disk_count(void) 2369 2593 { 2370 2594 return sizeof(server_disks)/sizeof(server_disks[0]); 2371 2595 } 2372 2596 2373 static uint32 init_server_disk_enum(uint32*resume)2374 { 2375 uint32 server_disk_count = get_server_disk_count();2597 static uint32_t init_server_disk_enum(uint32_t *resume) 2598 { 2599 uint32_t server_disk_count = get_server_disk_count(); 2376 2600 2377 2601 /*resume can be an offset into the list for now*/ … … 2386 2610 } 2387 2611 2388 static const char *next_server_disk_enum(uint32 *resume)2612 static const char *next_server_disk_enum(uint32_t *resume) 2389 2613 { 2390 2614 const char *disk; … … 2409 2633 struct srvsvc_NetDiskEnum *r) 2410 2634 { 2411 uint32 i;2635 uint32_t i; 2412 2636 const char *disk_name; 2413 2637 TALLOC_CTX *ctx = p->mem_ctx; … … 2419 2643 *r->out.totalentries = init_server_disk_enum(&resume); 2420 2644 2421 r->out.info->disks = TALLOC_ZERO_ARRAY(ctx, struct srvsvc_NetDiskInfo0,2645 r->out.info->disks = talloc_zero_array(ctx, struct srvsvc_NetDiskInfo0, 2422 2646 MAX_SERVER_DISK_ENTRIES); 2423 2647 W_ERROR_HAVE_NO_MEMORY(r->out.info->disks); … … 2484 2708 }; 2485 2709 2486 static void enum_file_close_fn( const struct share_mode_entry *e, 2487 const char *sharepath, const char *fname, 2488 void *private_data ) 2710 static int enum_file_close_fn(const struct share_mode_entry *e, 2711 const char *sharepath, 2712 const char *fname, 2713 const char *sname, 2714 void *private_data) 2489 2715 { 2490 2716 char msg[MSG_SMB_SHARE_MODE_ENTRY_SIZE]; … … 2494 2720 2495 2721 if (fid != state->r->in.fid) { 2496 return ; /* Not this file. */2722 return 0; /* Not this file. */ 2497 2723 } 2498 2724 2499 2725 if (!process_exists(e->pid) ) { 2500 return ;2726 return 0; 2501 2727 } 2502 2728 … … 2511 2737 messaging_send_buf(state->msg_ctx, 2512 2738 e->pid, MSG_SMB_CLOSE_FILE, 2513 (uint8 *)msg, 2514 MSG_SMB_SHARE_MODE_ENTRY_SIZE)); 2739 (uint8_t *)msg, sizeof(msg))); 2740 2741 return 0; 2515 2742 } 2516 2743 … … 2529 2756 is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); 2530 2757 2531 if (p->session_info->u tok.uid != sec_initial_uid() && !is_disk_op) {2758 if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) { 2532 2759 return WERR_ACCESS_DENIED; 2533 2760 } 2534 2761 2535 2762 /* enum_file_close_fn sends the close message to 2536 * the relev ent smbd process. */2763 * the relevant smbd process. */ 2537 2764 2538 2765 r->out.result = WERR_BADFILE; 2539 2766 state.r = r; 2540 2767 state.msg_ctx = p->msg_ctx; 2541 share_ mode_forall(enum_file_close_fn, &state);2768 share_entry_forall(enum_file_close_fn, &state); 2542 2769 return r->out.result; 2543 2770 } -
vendor/current/source3/rpc_server/svcctl/srv_svcctl_nt.c
r919 r988 24 24 25 25 #include "includes.h" 26 #include "system/passwd.h" /* uid_wrapper */ 26 27 #include "ntdomain.h" 27 28 #include "../librpc/gen_ndr/srv_svcctl.h" … … 72 73 int i; 73 74 74 if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {75 if ( !(svcctl_ops = talloc_array( NULL, struct service_control_op, num_services+1)) ) { 75 76 DEBUG(0,("init_service_op_table: talloc() failed!\n")); 76 77 return False; … … 135 136 136 137 static NTSTATUS svcctl_access_check( struct security_descriptor *sec_desc, struct security_token *token, 137 uint32 access_desired, uint32*access_granted )138 uint32_t access_desired, uint32_t *access_granted ) 138 139 { 139 140 if ( geteuid() == sec_initial_uid() ) { … … 210 211 struct service_control_op *s_op; 211 212 212 if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )213 if ( !(info = talloc_zero( NULL, SERVICE_INFO )) ) 213 214 return WERR_NOMEM; 214 215 … … 273 274 { 274 275 struct security_descriptor *sec_desc; 275 uint32 access_granted = 0;276 uint32_t access_granted = 0; 276 277 NTSTATUS status; 277 278 … … 298 299 { 299 300 struct security_descriptor *sec_desc; 300 uint32 access_granted = 0;301 uint32_t access_granted = 0; 301 302 NTSTATUS status; 302 303 const char *service = NULL; … … 410 411 static int enumerate_status(TALLOC_CTX *ctx, 411 412 struct messaging_context *msg_ctx, 412 struct auth_se rversupplied_info *session_info,413 struct auth_session_info *session_info, 413 414 struct ENUM_SERVICE_STATUSW **status) 414 415 { … … 422 423 num_services++; 423 424 424 if ( !(st = TALLOC_ARRAY( ctx, struct ENUM_SERVICE_STATUSW, num_services )) ) {425 if ( !(st = talloc_array( ctx, struct ENUM_SERVICE_STATUSW, num_services )) ) { 425 426 DEBUG(0,("enumerate_status: talloc() failed!\n")); 426 427 return -1; … … 507 508 508 509 *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered; 509 *r->out.services_returned = (uint32 )num_services;510 *r->out.services_returned = (uint32_t)num_services; 510 511 if (r->out.resume_handle) { 511 512 *r->out.resume_handle = 0; … … 614 615 { 615 616 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle ); 616 uint32 buffer_size;617 uint32_t buffer_size; 617 618 618 619 /* perform access checks */ … … 637 638 /* Get the status of the service.. */ 638 639 info->ops->service_status( info->name, &svc_stat_proc.status ); 639 svc_stat_proc.process_id = sys_getpid();640 svc_stat_proc.process_id = getpid(); 640 641 svc_stat_proc.service_flags = 0x0; 641 642 … … 671 672 static WERROR fill_svc_config(TALLOC_CTX *mem_ctx, 672 673 struct messaging_context *msg_ctx, 673 struct auth_se rversupplied_info *session_info,674 struct auth_session_info *session_info, 674 675 const char *name, 675 676 struct QUERY_SERVICE_CONFIG *config) … … 717 718 if ( strequal( name, "NETLOGON" ) && ( lp_servicenumber(name) == -1 ) ) 718 719 config->start_type = SVCCTL_DISABLED; 719 else if ( strequal( name, "WINS" ) && ( !lp_w ins_support() ))720 else if ( strequal( name, "WINS" ) && ( !lp_we_are_a_wins_server() )) 720 721 config->start_type = SVCCTL_DISABLED; 721 722 else … … 733 734 { 734 735 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle ); 735 uint32 buffer_size;736 uint32_t buffer_size; 736 737 WERROR wresult; 737 738 … … 951 952 SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle ); 952 953 struct security_descriptor *sec_desc = NULL; 953 uint32 required_access;954 uint32_t required_access; 954 955 NTSTATUS status; 955 956 -
vendor/current/source3/rpc_server/svcctl/srv_svcctl_reg.c
r746 r988 225 225 if (p != NULL) { 226 226 char *desc; 227 228 p += strlen( "Description:" ) + 1; 229 if ( p == NULL) {227 size_t len = strlen(p); 228 229 if (len <= 12) { 230 230 break; 231 231 } 232 232 233 desc = svcctl_cleanup_string(mem_ctx, p );233 desc = svcctl_cleanup_string(mem_ctx, p + 12); 234 234 if (desc != NULL) { 235 235 info->description = talloc_strdup(info, desc); … … 507 507 &result); 508 508 if (!NT_STATUS_IS_OK(status)) { 509 DEBUG(0, (" eventlog_init_winreg_keys: Could not create key %s: %s\n",509 DEBUG(0, ("svcctl_init_winreg_keys: Could not create key %s: %s\n", 510 510 wkey.name, nt_errstr(status))); 511 511 goto done; 512 512 } 513 513 if (!W_ERROR_IS_OK(result)) { 514 DEBUG(0, (" eventlog_init_winreg_keys: Could not create key %s: %s\n",514 DEBUG(0, ("svcctl_init_winreg_keys: Could not create key %s: %s\n", 515 515 wkey.name, win_errstr(result))); 516 516 goto done; … … 699 699 } 700 700 regdb_close(); 701 talloc_free(tmp_ctx); 701 702 return ok; 702 703 } -
vendor/current/source3/rpc_server/winreg/srv_winreg_nt.c
r919 r988 31 31 #include "auth.h" 32 32 #include "lib/privileges.h" 33 #include "libcli/security/secdesc.h" 33 34 34 35 #undef DBGC_CLASS … … 411 412 WERROR err = WERR_OK; 412 413 struct registry_key *key = find_regkey_by_hnd( p, r->in.handle ); 414 char *name; 413 415 414 416 if ( !key ) … … 420 422 DEBUG(8,("_winreg_EnumKey: enumerating key [%s]\n", key->key->name)); 421 423 422 err = reg_enumkey(p->mem_ctx, key, r->in.enum_index, (char **)&r->out.name->name,424 err = reg_enumkey(p->mem_ctx, key, r->in.enum_index, &name, 423 425 r->out.last_changed_time); 424 426 if (!W_ERROR_IS_OK(err)) { 425 427 return err; 426 428 } 429 r->out.name->name = name; 427 430 r->out.keyclass->name = ""; 428 431 return WERR_OK; … … 528 531 bool can_shutdown = false; 529 532 530 shutdown_script = talloc_strdup(p->mem_ctx, lp_shutdown_script());533 shutdown_script = lp_shutdown_script(p->mem_ctx); 531 534 if (!shutdown_script) { 532 535 return WERR_NOMEM; … … 542 545 return WERR_NOMEM; 543 546 } 544 chkmsg = TALLOC_ARRAY(p->mem_ctx, char, strlen(msg)+1);547 chkmsg = talloc_array(p->mem_ctx, char, strlen(msg)+1); 545 548 if (!chkmsg) { 546 549 return WERR_NOMEM; … … 610 613 struct winreg_AbortSystemShutdown *r) 611 614 { 612 const char *abort_shutdown_script = lp_abort_shutdown_script( );615 const char *abort_shutdown_script = lp_abort_shutdown_script(talloc_tos()); 613 616 int ret = -1; 614 617 bool can_shutdown = false; … … 657 660 658 661 for (snum=0; snum<num_services; snum++) { 659 if (!lp_snum_ok(snum) || lp_print _ok(snum)) {662 if (!lp_snum_ok(snum) || lp_printable(snum)) { 660 663 continue; 661 664 } 662 665 663 share_path = lp_path name(snum);666 share_path = lp_path(talloc_tos(), snum); 664 667 665 668 /* make sure we have a path (e.g. [homes] ) */ … … 712 715 713 716 DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n", 714 regkey->key->name, fname, lp_servicename( snum) ));717 regkey->key->name, fname, lp_servicename(talloc_tos(), snum) )); 715 718 716 719 return reg_restorekey(regkey, fname); … … 746 749 747 750 DEBUG(2,("_winreg_SaveKey: Saving [%s] to %s in share %s\n", 748 regkey->key->name, fname, lp_servicename( snum) ));751 regkey->key->name, fname, lp_servicename(talloc_tos(), snum) )); 749 752 750 753 return reg_savekey(regkey, fname); … … 864 867 WERROR err = WERR_OK; 865 868 struct security_descriptor *secdesc = NULL; 866 uint8 *data = NULL;869 uint8_t *data = NULL; 867 870 size_t len = 0; 868 871 -
vendor/current/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
r919 r988 184 184 185 185 for (i=num_users=0; i<num_sessions; i++) { 186 if ( !session_list[i].username187 || !session_list[i].remote_machine) {186 if (session_list[i].username[0] == '\0' || 187 session_list[i].remote_machine[0] == '\0') { 188 188 continue; 189 189 } … … 198 198 continue; 199 199 } 200 if (strcmp(machine_name, global_myname()) == 0) {200 if (strcmp(machine_name, lp_netbios_name()) == 0) { 201 201 p = session_list[i].username; 202 202 nm = strstr(p, sep); … … 262 262 263 263 info100->platform_id = PLATFORM_ID_NT; /* unknown */ 264 info100->version_major = lp_major_announce_version();265 info100->version_minor = lp_minor_announce_version();264 info100->version_major = SAMBA_MAJOR_NBT_ANNOUNCE_VERSION; 265 info100->version_minor = SAMBA_MINOR_NBT_ANNOUNCE_VERSION; 266 266 267 267 info100->server_name = talloc_asprintf_strupper_m( 268 info100, "%s", global_myname());268 info100, "%s", lp_netbios_name()); 269 269 info100->domain_name = talloc_asprintf_strupper_m( 270 270 info100, "%s", lp_workgroup()); … … 291 291 292 292 info101->platform_id = PLATFORM_ID_NT; /* unknown */ 293 info101->version_major = lp_major_announce_version();294 info101->version_minor = lp_minor_announce_version();293 info101->version_major = SAMBA_MAJOR_NBT_ANNOUNCE_VERSION; 294 info101->version_minor = SAMBA_MINOR_NBT_ANNOUNCE_VERSION; 295 295 296 296 info101->server_name = talloc_asprintf_strupper_m( 297 info101, "%s", global_myname());297 info101, "%s", lp_netbios_name()); 298 298 info101->domain_name = talloc_asprintf_strupper_m( 299 299 info101, "%s", lp_workgroup()); … … 322 322 323 323 info102->platform_id = PLATFORM_ID_NT; /* unknown */ 324 info102->version_major = lp_major_announce_version();325 info102->version_minor = lp_minor_announce_version();324 info102->version_major = SAMBA_MAJOR_NBT_ANNOUNCE_VERSION; 325 info102->version_minor = SAMBA_MINOR_NBT_ANNOUNCE_VERSION; 326 326 327 327 info102->server_name = talloc_asprintf_strupper_m( 328 info102, "%s", global_myname());328 info102, "%s", lp_netbios_name()); 329 329 info102->domain_name = talloc_asprintf_strupper_m( 330 330 info102, "%s", lp_workgroup()); … … 507 507 pwd_server = ""; 508 508 509 if ((pwd_tmp = talloc_strdup(ctr1->user1, lp_password server()))) {509 if ((pwd_tmp = talloc_strdup(ctr1->user1, lp_password_server()))) { 510 510 /* The configured password server is a full DNS name but 511 511 * for the logon server we need to return just the first … … 530 530 * both returned as the local machine's NetBIOS name */ 531 531 ctr1->user1[i].logon_domain = ctr1->user1[i].logon_server = 532 talloc_asprintf_strupper_m(ctr1->user1, "%s", global_myname());532 talloc_asprintf_strupper_m(ctr1->user1, "%s", lp_netbios_name()); 533 533 534 534 ctr1->user1[i].other_domains = NULL; /* Maybe in future? */ … … 824 824 WERROR werr; 825 825 struct security_token *token = p->session_info->security_token; 826 NTSTATUS status; 827 DATA_BLOB session_key; 826 828 827 829 if (!r->in.domain_name) { … … 846 848 } 847 849 850 status = session_extract_session_key(p->session_info, 851 &session_key, 852 KEY_USE_16BYTES); 853 if(!NT_STATUS_IS_OK(status)) { 854 DEBUG(5,("_wkssvc_NetrJoinDomain2: no session key %s\n", 855 nt_errstr(status))); 856 return WERR_NO_USER_SESSION_KEY; 857 } 858 848 859 werr = decode_wkssvc_join_password_buffer( 849 860 p->mem_ctx, r->in.encrypted_password, 850 & p->session_info->user_session_key, &cleartext_pwd);861 &session_key, &cleartext_pwd); 851 862 if (!W_ERROR_IS_OK(werr)) { 852 863 return werr; … … 901 912 WERROR werr; 902 913 struct security_token *token = p->session_info->security_token; 914 NTSTATUS status; 915 DATA_BLOB session_key; 903 916 904 917 if (!r->in.account || !r->in.encrypted_password) { … … 914 927 } 915 928 929 status = session_extract_session_key(p->session_info, 930 &session_key, 931 KEY_USE_16BYTES); 932 if (!NT_STATUS_IS_OK(status)) { 933 DEBUG(5,("_wkssvc_NetrUnjoinDomain2: no session key %s\n", 934 nt_errstr(status))); 935 return WERR_NO_USER_SESSION_KEY; 936 } 937 916 938 werr = decode_wkssvc_join_password_buffer( 917 939 p->mem_ctx, r->in.encrypted_password, 918 & p->session_info->user_session_key, &cleartext_pwd);940 &session_key, &cleartext_pwd); 919 941 if (!W_ERROR_IS_OK(werr)) { 920 942 return werr; -
vendor/current/source3/rpc_server/wscript_build
r740 r988 1 1 #!/usr/bin/env python 2 2 3 RPC_LSARPC_SRC = '''lsa/srv_lsa_nt.c ../../librpc/gen_ndr/srv_lsa.c''' 4 RPC_NETLOGON_SRC = '''netlogon/srv_netlog_nt.c ../../librpc/gen_ndr/srv_netlogon.c''' 5 RPC_SAMR_SRC = '''samr/srv_samr_nt.c 6 samr/srv_samr_util.c 7 samr/srv_samr_chgpasswd.c 8 ../../librpc/gen_ndr/srv_samr.c''' 9 RPC_INITSHUTDOWN_SRC = '''initshutdown/srv_initshutdown_nt.c ../../librpc/gen_ndr/srv_initshutdown.c''' 10 RPC_WINREG_SRC = '''winreg/srv_winreg_nt.c ../../librpc/gen_ndr/srv_winreg.c''' 11 RPC_DSSETUP_SRC = '''dssetup/srv_dssetup_nt.c ../../librpc/gen_ndr/srv_dssetup.c''' 12 RPC_SRVSVC_SRC = '''srvsvc/srv_srvsvc_nt.c ../../librpc/gen_ndr/srv_srvsvc.c''' 13 RPC_WKSSVC_SRC = '''wkssvc/srv_wkssvc_nt.c ../../librpc/gen_ndr/srv_wkssvc.c''' 14 RPC_SVCCTL_SRC = '''svcctl/srv_svcctl_nt.c svcctl/srv_svcctl_reg.c ../../librpc/gen_ndr/srv_svcctl.c''' 15 RPC_NTSVCS_SRC = '''ntsvcs/srv_ntsvcs_nt.c ../../librpc/gen_ndr/srv_ntsvcs.c''' 16 RPC_NETDFS_SRC = '''dfs/srv_dfs_nt.c ../../librpc/gen_ndr/srv_dfs.c''' 17 RPC_SPOOLSS_SRC = '''spoolss/srv_spoolss_nt.c ../../librpc/gen_ndr/srv_spoolss.c 18 spoolss/srv_spoolss_util.c''' 19 RPC_EVENTLOG_SRC = '''eventlog/srv_eventlog_nt.c eventlog/srv_eventlog_reg.c ../../librpc/gen_ndr/srv_eventlog.c''' 20 RPC_RPCECHO_SRC = '''echo/srv_echo_nt.c ../../librpc/gen_ndr/srv_echo.c''' 21 RPC_EPMAPPER_SRC = '''epmapper/srv_epmapper.c ../../librpc/gen_ndr/srv_epmapper.c''' 22 3 ### RPC_SERVER 23 4 bld.SAMBA3_SUBSYSTEM('rpc', 24 5 source='', 25 deps='RPC_PIPE_REGISTER', 26 vars=locals()) 6 deps='RPC_PIPE_REGISTER') 7 8 bld.SAMBA3_SUBSYSTEM('RPC_CONFIG', 9 source='rpc_config.c', 10 deps='talloc') 27 11 28 12 bld.SAMBA3_SUBSYSTEM('RPC_NCACN_NP', 29 source='rpc_ncacn_np.c rpc_handles.c ',30 deps=' auth_sam_reply')13 source='rpc_ncacn_np.c rpc_handles.c rpc_contexts.c', 14 deps='RPC_CONFIG auth auth_sam_reply RPC_PIPE_REGISTER npa_tstream') 31 15 32 bld.SAMBA3_SUBSYSTEM('RPC_SERVICE', 33 source='rpc_server.c') 16 bld.SAMBA3_SUBSYSTEM('RPC_SERVER_LOOP', 17 source='rpc_server.c', 18 deps='samba-util') 34 19 35 20 bld.SAMBA3_SUBSYSTEM('RPC_CRYPTO', 36 source='dcesrv_ntlmssp.c dcesrv_gssapi.c dcesrv_spnego.c') 21 source='dcesrv_auth_generic.c', 22 deps = 'KRB5_PAC') 37 23 38 24 bld.SAMBA3_SUBSYSTEM('RPC_PIPE_REGISTER', 39 source='srv_pipe_register.c') 40 41 bld.SAMBA3_SUBSYSTEM('RPC_SERVER_REGISTER', 42 source='rpc_ep_setup.c ../librpc/rpc/dcerpc_ep.c') 43 44 bld.SAMBA3_SUBSYSTEM('EPMD', 45 source='epmd.c') 25 source='srv_pipe_register.c', 26 deps='samba-util') 46 27 47 28 bld.SAMBA3_SUBSYSTEM('SRV_ACCESS_CHECK', 48 source='srv_access_check.c') 49 50 bld.SAMBA3_SUBSYSTEM('RPC_SAMR', 51 source=RPC_SAMR_SRC, 52 deps='PLAINTEXT_AUTH SRV_ACCESS_CHECK', 53 vars=locals()) 54 55 bld.SAMBA3_SUBSYSTEM('RPC_LSARPC', 56 source=RPC_LSARPC_SRC, 57 deps='SRV_ACCESS_CHECK', 58 vars=locals()) 59 60 bld.SAMBA3_SUBSYSTEM('RPC_WINREG', 61 source=RPC_WINREG_SRC, 62 deps='REGFIO REG_API_REGF NDR_PERFCOUNT', 63 vars=locals()) 64 65 bld.SAMBA3_SUBSYSTEM('RPC_INITSHUTDOWN', 66 source=RPC_INITSHUTDOWN_SRC, 67 vars=locals()) 68 69 bld.SAMBA3_SUBSYSTEM('RPC_DSSETUP', 70 source=RPC_DSSETUP_SRC, 71 vars=locals()) 72 73 bld.SAMBA3_SUBSYSTEM('RPC_WKSSVC', 74 source=RPC_WKSSVC_SRC, 75 deps='LIBNET', 76 vars=locals()) 77 78 bld.SAMBA3_SUBSYSTEM('RPC_SVCCTL', 79 source=RPC_SVCCTL_SRC, 80 deps='SERVICES LIBCLI_WINREG_INTERNAL', 81 vars=locals()) 82 83 bld.SAMBA3_SUBSYSTEM('RPC_NTSVCS', 84 source=RPC_NTSVCS_SRC, 85 vars=locals()) 86 87 bld.SAMBA3_SUBSYSTEM('RPC_NETLOGON', 88 source=RPC_NETLOGON_SRC, 89 vars=locals()) 90 91 bld.SAMBA3_SUBSYSTEM('RPC_NETDFS', 92 source=RPC_NETDFS_SRC, 93 vars=locals()) 94 95 bld.SAMBA3_SUBSYSTEM('RPC_SRVSVC', 96 source=RPC_SRVSVC_SRC, 97 vars=locals()) 98 99 bld.SAMBA3_SUBSYSTEM('RPC_SPOOLSS', 100 source=RPC_SPOOLSS_SRC, 101 deps='cups PRINTING PRINTBACKEND LIBCLI_WINREG_INTERNAL', 102 vars=locals()) 103 104 bld.SAMBA3_SUBSYSTEM('RPC_EVENTLOG', 105 source=RPC_EVENTLOG_SRC, 106 deps='LIBEVENTLOG LIBCLI_WINREG_INTERNAL', 107 vars=locals()) 108 109 bld.SAMBA3_SUBSYSTEM('RPC_RPCECHO', 110 source=RPC_RPCECHO_SRC, 111 vars=locals()) 112 113 bld.SAMBA3_SUBSYSTEM('RPC_EPMAPPER', 114 source=RPC_EPMAPPER_SRC, 115 vars=locals()) 29 source='srv_access_check.c', 30 deps='samba-util') 116 31 117 32 bld.SAMBA3_SUBSYSTEM('RPC_SERVER', 118 33 source='srv_pipe_hnd.c srv_pipe.c', 119 deps='''RPC_NCACN_NP RPC_SERVICE RPC_CRYPTO 120 RPC_SAMR RPC_LSARPC RPC_WINREG RPC_INITSHUTDOWN 121 RPC_DSSETUP RPC_WKSSVC RPC_SVCCTL RPC_NTSVCS 122 RPC_NETLOGON RPC_NETDFS RPC_SRVSVC RPC_SPOOLSS 123 RPC_EVENTLOG RPC_RPCECHO RPC_SERVER RPC_EPMAPPER 124 RPC_SERVER_REGISTER NDR_NAMED_PIPE_AUTH''') 34 deps=''' 35 RPC_CONFIG 36 RPC_NCACN_NP 37 RPC_SERVER_LOOP 38 RPC_CRYPTO 39 NDR_NAMED_PIPE_AUTH 40 ''') 41 42 ### RPC_SERVICES 43 bld.SAMBA3_SUBSYSTEM('RPC_DSSETUP', 44 source='''dssetup/srv_dssetup_nt.c 45 ../../librpc/gen_ndr/srv_dssetup.c''', 46 deps='samba-util') 47 48 bld.SAMBA3_SUBSYSTEM('RPC_EPMAPPER', 49 source='''epmapper/srv_epmapper.c 50 ../../librpc/gen_ndr/srv_epmapper.c''', 51 deps='samba-util') 52 53 bld.SAMBA3_SUBSYSTEM('RPC_FSS_STATE', 54 source='''fss/srv_fss_state.c''', 55 deps='samba-util NDR_FSRVP_STATE') 56 57 bld.SAMBA3_SUBSYSTEM('RPC_FSS_AGENT', 58 source='''fss/srv_fss_agent.c 59 ../../librpc/gen_ndr/srv_fsrvp.c''', 60 deps='samba-util RPC_FSS_STATE') 61 62 bld.SAMBA3_SUBSYSTEM('RPC_EVENTLOG', 63 source='''eventlog/srv_eventlog_nt.c 64 eventlog/srv_eventlog_reg.c 65 ../../librpc/gen_ndr/srv_eventlog.c''', 66 deps='LIBEVENTLOG LIBCLI_WINREG_INTERNAL') 67 68 bld.SAMBA3_SUBSYSTEM('RPC_INITSHUTDOWN', 69 source='''initshutdown/srv_initshutdown_nt.c 70 ../../librpc/gen_ndr/srv_initshutdown.c''', 71 deps='samba-util') 72 73 bld.SAMBA3_SUBSYSTEM('RPC_LSARPC', 74 source='''lsa/srv_lsa_nt.c 75 ../../librpc/gen_ndr/srv_lsa.c''', 76 deps='SRV_ACCESS_CHECK LIBLSA') 77 78 bld.SAMBA3_SUBSYSTEM('RPC_NETDFS', 79 source='''dfs/srv_dfs_nt.c 80 ../../librpc/gen_ndr/srv_dfs.c''', 81 deps='samba-util') 82 83 bld.SAMBA3_SUBSYSTEM('RPC_NETLOGON', 84 source='''netlogon/srv_netlog_nt.c 85 ../../librpc/gen_ndr/srv_netlogon.c''') 86 87 bld.SAMBA3_SUBSYSTEM('RPC_NTSVCS', 88 source='''ntsvcs/srv_ntsvcs_nt.c 89 ../../librpc/gen_ndr/srv_ntsvcs.c''', 90 deps='samba-util') 91 92 bld.SAMBA3_SUBSYSTEM('RPC_RPCECHO', 93 source='''echo/srv_echo_nt.c 94 ../../librpc/gen_ndr/srv_echo.c''', 95 deps='samba-util') 96 97 bld.SAMBA3_SUBSYSTEM('RPC_SAMR', 98 source='''samr/srv_samr_nt.c 99 samr/srv_samr_util.c 100 samr/srv_samr_chgpasswd.c 101 ../../librpc/gen_ndr/srv_samr.c''', 102 deps='PLAINTEXT_AUTH SRV_ACCESS_CHECK') 103 104 bld.SAMBA3_SUBSYSTEM('RPC_SPOOLSS', 105 source='''spoolss/srv_spoolss_nt.c 106 ../../librpc/gen_ndr/srv_spoolss.c 107 spoolss/srv_spoolss_util.c''', 108 deps='PRINTING PRINTBACKEND LIBCLI_WINREG_INTERNAL') 109 110 bld.SAMBA3_SUBSYSTEM('RPC_SRVSVC', 111 source='''srvsvc/srv_srvsvc_nt.c 112 ../../librpc/gen_ndr/srv_srvsvc.c''', 113 deps='samba-util tdb') 114 115 bld.SAMBA3_SUBSYSTEM('RPC_SVCCTL', 116 source='''svcctl/srv_svcctl_nt.c 117 svcctl/srv_svcctl_reg.c 118 ../../librpc/gen_ndr/srv_svcctl.c''', 119 deps='SERVICES LIBCLI_WINREG_INTERNAL') 120 121 bld.SAMBA3_SUBSYSTEM('RPC_WINREG', 122 source='''winreg/srv_winreg_nt.c 123 ../../librpc/gen_ndr/srv_winreg.c''', 124 deps='REG_FULL REGFIO REG_API_REGF NDR_PERFCOUNT') 125 126 bld.SAMBA3_SUBSYSTEM('RPC_WKSSVC', 127 source='''wkssvc/srv_wkssvc_nt.c 128 ../../librpc/gen_ndr/srv_wkssvc.c''', 129 deps='LIBNET') 130 131 bld.SAMBA3_SUBSYSTEM('RPC_MDSSVC', 132 source='''mdssvc/mdssvc.c 133 mdssvc/dalloc.c 134 mdssvc/marshalling.c 135 mdssvc/sparql_mapping.c 136 mdssvc/sparql_parser.c 137 mdssvc/sparql_lexer.c 138 mdssvc/srv_mdssvc_nt.c 139 ../../librpc/gen_ndr/srv_mdssvc.c''', 140 deps='samba-util ' + bld.env['libtracker'], 141 enabled=bld.env.with_spotlight) 142 143 # RPC_SERVICE 144 bld.SAMBA3_SUBSYSTEM('RPC_SERVER_REGISTER', 145 source='rpc_ep_register.c ../librpc/rpc/dcerpc_ep.c', 146 deps='samba-util') 147 148 bld.SAMBA3_SUBSYSTEM('RPC_SERVICE', 149 source='rpc_service_setup.c', 150 deps=''' 151 RPC_SERVER 152 RPC_SERVER_REGISTER 153 RPC_SAMR 154 RPC_LSARPC 155 RPC_WINREG 156 RPC_INITSHUTDOWN 157 RPC_DSSETUP 158 RPC_WKSSVC 159 RPC_SVCCTL 160 RPC_NTSVCS 161 RPC_NETLOGON 162 RPC_NETDFS 163 RPC_SRVSVC 164 RPC_SPOOLSS 165 RPC_EVENTLOG 166 RPC_RPCECHO 167 RPC_SERVER 168 RPC_EPMAPPER 169 RPC_FSS_AGENT 170 RPC_MDSSVC 171 ''') 172 173 # RPC_DAEMONS 174 bld.SAMBA3_SUBSYSTEM('RPC_SOCK_HELPER', 175 source='rpc_sock_helper.c', 176 deps='RPC_SERVER_REGISTER') 177 178 bld.SAMBA3_SUBSYSTEM('EPMD', 179 source='epmd.c', 180 deps='samba-util') 181 182 bld.SAMBA3_SUBSYSTEM('LSASD', 183 source='lsasd.c', 184 deps='RPC_SOCK_HELPER samba-util') 185 186 bld.SAMBA3_SUBSYSTEM('FSSD', 187 source='fssd.c', 188 deps='samba-util') 189 190 bld.SAMBA3_SUBSYSTEM('MDSSD', 191 source='mdssd.c', 192 deps='RPC_SOCK_HELPER samba-util', 193 enabled=bld.env.with_spotlight)
Note:
See TracChangeset
for help on using the changeset viewer.
