<sect1>
<title>Locking</title>
-<para>
-<note>
-Since samba 2.2, samba supports other types of locking as well. This
-section is outdated.
-</note>
-</para>
-
<para>
The locking calls available under a DOS/Windows environment are much
richer than those available in unix. This means a unix server (like
<arg choice="opt">-l logfile</arg>
<arg choice="opt">-L <netbios name></arg>
<arg choice="opt">-I destinationIP</arg>
- <arg choice="opt">-E</arg>
+ <arg choice="opt">-E <terminal code></arg>
<arg choice="opt">-c <command string></arg>
<arg choice="opt">-i scope</arg>
<arg choice="opt">-O <socket options></arg>
<title>Introduction</title>
<para>
-The email address for bug reports for stable releases is <ulink url="samba@samba.org">samba@samba.org</ulink>.
-Bug reports for alpha releases should go to <ulink url="mailto:samba-technical@samba.org">samba-technical@samba.org</ulink>.
+The email address for bug reports is samba@samba.org
</para>
<para>
<para>
You may also like to look though the recent mailing list archives,
which are conveniently accessible on the Samba web pages
-at <ulink url="http://samba.org/samba/">http://samba.org/samba/</ulink>.
+at http://samba.org/samba/
</para>
</sect1>
</para>
<para>
-Starting with version 2.2.0 samba has Linux support for extensions to
+Samba version 2.2.0 will add Linux support for extensions to
the name service switch infrastructure so that linux clients will
be able to obtain resolution of MS Windows NetBIOS names to IP
Addresses. To gain this functionality Samba needs to be compiled
<para><programlisting>
[global]
-<ulink url="smb.conf.5.html#SECURITY"><parameter>security</parameter></ulink> = [share|user(default)|server|domain|ads]
+<ulink url="smb.conf.5.html#SECURITY"><parameter>security</parameter></ulink> = [share|user(default)|domain|ads]
</programlisting></para>
<para>
</para>
<para>
-The latest version of SAMBA (version 3.0 as of this writing), now
+The latest version of SAMBA (version 2.2.2 as of this writing), now
includes a functioning winbindd daemon. Please refer to the
<ulink url="http://samba.org/">main SAMBA web page</ulink> or,
better yet, your closest SAMBA mirror site for instructions on
If you'd like to work on any of these, please contact jerry@samba.org or jelmer@samba.org.
Outdated docs:
-docs/announce - needs updating before we release 3.0
-docs/history - needs updating (is current up to 1998 - merge with 10year.html)
+docs/OID/allocated-arcs.txt - does this file really belong here?
+docs/OID/samba-oid.mail - does this file really belong here?
+docs/announce - out of date (announces 2.2.0) - should it go away?
+docs/history - needs updating (is current up to 1998 - merge with 10year.html ?)
docs/docbook/devdoc/* - most of these docs are outdated and need updates...
docs/docbook/manpages/net.8.sgml - Still not finished
docs/docbook/manpages/rpcclient.1.sgml - Command documentation might be outdated
!==
This is a quick and dirty means of storing smbpasswd entries
-in LDAP. Samba 2.2.x does not have any ability to grab
+in smbpasswd. Samba 2.2.x does not have any ability to grab
this information directly from LDAP so you will need to
periodically generate an smbpasswd from an ldapsearch
"(objectclass=smbPasswordEntry)".
+++ /dev/null
-#!/bin/sh
-
-# This script is an input filter for printcap printing on a unix machine. It
-# uses the smbclient program to print the file to the specified smb-based
-# server and service.
-# For example you could have a printcap entry like this
-#
-# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint
-#
-# which would create a unix printer called "smb" that will print via this
-# script. You will need to create the spool directory /usr/spool/smb with
-# appropriate permissions and ownerships for your system.
-
-# Set these to the server and service you wish to print to
-# In this example I have a WfWg PC called "lapland" that has a printer
-# exported called "printer" with no password.
-
-#
-# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton)
-# so that the server, service, and password can be read from
-# a /usr/var/spool/lpd/PRINTNAME/.config file.
-#
-# Script further modified by Richard Sharpe to fix some things.
-# Get rid of the -x on the first line, and add parameters
-#
-# -t now causes translate to be used when sending files
-#
-# In order for this to work the /etc/printcap entry must include an
-# accounting file (af=...):
-#
-# cdcolour:\
-# :cm=CD IBM Colorjet on 6th:\
-# :sd=/var/spool/lpd/cdcolour:\
-# :af=/var/spool/lpd/cdcolour/acct:\
-# :if=/usr/local/etc/smbprint:\
-# :mx=0:\
-# :lp=/dev/null:
-#
-# The /usr/var/spool/lpd/PRINTNAME/.config file should contain:
-# server=PC_SERVER
-# service=PR_SHARENAME
-# password="password"
-#
-# E.g.
-# server=PAULS_PC
-# service=CJET_371
-# password=""
-
-#
-# Debugging log file, change to /dev/null if you like.
-#
-logfile=/tmp/smb-print.log
-# logfile=/dev/null
-
-
-#
-# The last parameter to the filter is the accounting file name.
-# Extract the directory name from the file name.
-# Concat this with /.config to get the config file.
-#
-TRANS=0
-eval acct_file=\${$#}
-spool_dir=`dirname $acct_file`
-config_file=$spool_dir/.config
-
-# Should read the following variables set in the config file:
-# server
-# service
-# password
-eval `cat $config_file`
-
-while getopts t c; do
- case $c in
- t)
- TRANS=1
- ;;
-
- '?') # Bad parameters, ignore it ...
- ;;
- esac
-done
-#
-# Some debugging help, change the >> to > if you want to same space.
-#
-echo "server $server, service $service" >> $logfile
-
-(
-# NOTE You may wish to add the line `echo translate' if you want automatic
-# CR/LF translation when printing.
- if [ $TRANS -eq 1 ]; then
- echo translate
- fi
- echo "print -"
- cat
-) | /usr/local/samba/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile
+++ /dev/null
-CC = @CC@
-CFLAGS = @CFLAGS@
-CPPFLAGS = @CPPFLAGS@
-LDFLAGS = @LDFLAGS@
-LDSHFLAGS = -shared
-srcdir = @builddir@
-FLAGS = $(CFLAGS) -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper -I. $(CPPFLAGS) -I$(srcdir)
-
-SAM_OBJS = sam_skel.so
-
-# Default target
-
-default: $(SAM_OBJS)
-
-# Pattern rules
-
-%.so: %.o
- $(CC) $(LDSHFLAGS) $(LDFLAGS) -o $@ $<
-
-%.o: %.c
- $(CC) $(FLAGS) -c $<
-
-# Misc targets
-
-clean:
- rm -rf .libs
- rm -f core *~ *% *.bak \
- $(SAM_OBJ) $(SAM_OBJS)
+++ /dev/null
-README for Samba SAM Database examples
-====================================================
-26-08-2002 Stefan (metze) Metzmacher <metze@metzemix.de>
-
-Every module MUST have a sam_version() function.
-
-this is defined in include/sam.h:
-#define SAM_MODULE_VERSIONING_MAGIC \
-int sam_version(void)\
-{\
- return SAM_INTERFACE_VERSION;\
-}
-
-You MUST add this line inside a module:
-SAM_MODULE_VERSIONING_MAGIC
-
-
-The sam_skel.c file in this directory contains a very basic example of
-a SAM plugin. It just prints the name of the function that is executed using
-DEBUG. Maybe it's nice to include some of the arguments to the function in the
-future too..
-
-New SAM plugins should go into the samba lib directory, (/usr/lib/samba/
-for most distributions) and should be prefixed with 'sam_' and should go into the
-subdir sam/. The SAM subsystem will search in /usr/lib/samba/sam and fall back to
-/usr/lib/samba/ .
-An example path would be:
-/usr/lib/samba/sam/sam_skel.so
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- this is a skeleton for SAM backend modules.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-static int sam_skel_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_skel_debug_level
-
-/* define the version of the SAM interface */
-SAM_MODULE_VERSIONING_MAGIC
-
-/* General API */
-
-NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, char **name, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID **sid, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Domain API */
-
-NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Account API */
-
-NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Group API */
-
-NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_init(SAM_METHODS *sam_methods, const char *module_params)
-{
- /* Functions your SAM module doesn't provide should be set
- * to NULL */
-
- sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc;
- sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc;
-
- sam_methods->sam_lookup_sid = sam_skel_lookup_sid;
- sam_methods->sam_lookup_name = sam_skel_lookup_name;
-
- /* Domain API */
-
- sam_methods->sam_update_domain = sam_skel_update_domain;
- sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle;
-
- /* Account API */
-
- sam_methods->sam_create_account = sam_skel_create_account;
- sam_methods->sam_add_account = sam_skel_add_account;
- sam_methods->sam_update_account = sam_skel_update_account;
- sam_methods->sam_delete_account = sam_skel_delete_account;
- sam_methods->sam_enum_accounts = sam_skel_enum_accounts;
-
- sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid;
- sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name;
-
- /* Group API */
-
- sam_methods->sam_create_group = sam_skel_create_group;
- sam_methods->sam_add_group = sam_skel_add_group;
- sam_methods->sam_update_group = sam_skel_update_group;
- sam_methods->sam_delete_group = sam_skel_delete_group;
- sam_methods->sam_enum_groups = sam_skel_enum_groups;
- sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid;
- sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name;
-
- sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group;
- sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group;
- sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers;
-
- sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid;
-
- sam_methods->free_private_data = NULL;
-
-
- sam_skel_debug_level = debug_add_class("sam_skel");
- if (sam_skel_debug_level == -1) {
- sam_skel_debug_level = DBGC_SAM;
- DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level));
-
- if(module_params)
- DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name));
- else
- DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name));
-
- return NT_STATUS_OK;
-}
BuildRoot : /tmp/%{Name}-%{Version}
Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz
+#Patch0: %{Name}-%{Version}-smbmount.patch
+#Patch1: %{Name}-%{Version}-install.patch
+#Patch2: %{Name}-%{Version}-smbconf.patch
+
%Package doc
Group : Server/Network
%Prep
%setup
-
+#%patch0 -p1
+#%patch1 -p1
+#%patch2 -p1
+
+# The commented out fixUP below should be best known as screwUP!
+# instead of patch (to help configuration) ... ;^)
+#%{fixUP} -vbT source/Makefile.in -e '
+# s:we don.t use sbindir because we want:if you want : +
+# s:(the previous releases of Samba):$1, please use: +
+# s:(SBINDIR\s*=\s*\@)b:# ./configure --sbindir=\\\$(BINDIR)\n${1}sb: +
+# s:/log\.(\S+):/log/samba.d/${1}d: +
+# s:(PASSWD_PROGRAM\s*=\s*)(/bin):$1/usr$2: +
+# s:^(LIBS\s*=):AUTH_$1: +
+# s:((SMBD|SWAT|RPCCLIENT|SMBPASSWD)_OBJ\) )(\$\(LDF):$1\$(AUTH_LIBS) $3:
+#'
for i in {cvs.,change-}log; do [ ! -f ../$i ] || mv ../$i source; done
s:/usr/local/:/usr/:g;
'
done
+%{fixUP} -vT docs/textdocs/Faxing.txt -e '
+ s:/usr/local/etc/:/etc/: +
+ s:/usr/local/:/usr/:;
+'
# End of DirtyHack(TM)
ln -s /usr/bin/smbumount umount.smbfs )
# First install /usr/bin progs
-for i in smbfilter debug2html
+for i in smbfilter make_printerdef debug2html
do
install -m 755 source/bin/$i $DESTDIR/usr/bin
done
Preparation Date: Sat Apr 14 2001
-Preparer: Gerald Carter <jerry@samba.org>
+Preparer: John H Terpstra <jht@samba.org>
-Instructions: Preparing Samba Packages for Mandrake Linux 8.x
+Instructions: Preparing Samba Packages for Mandrake Linux 7.2
===============================================================
We provide support only for current versions of Mandrake Linux.
#!/bin/sh
-# Copyright (C) John H Terpstra 1998-2002
-# Updated for RPM 3 by Jochen Wiedmann, joe@ispsoft.de
-# Changed for a generic tar file rebuild by abartlet@pcug.org.au
-# Taken from Red Hat build area by JHT
-# Changed by John H Terpstra to build on RH8.1 - should also work for earlier versions jht@samba.org
-# Changes from Buchan Milne <bgmilne@cae.co.za>
-
-# The following allows environment variables to override the target directories
-# the alternative is to have a file in your home directory calles .rpmmacros
-# containing the following:
-# %_topdir /home/mylogin/RPM
+# Copyright (C) 1998 John H Terpstra, 1999 K Spoon
#
-
-# rpm --eval should always give a correct answer for this
-SPECDIR=`rpm --eval "%{_specdir}"`
-SRCDIR=`rpm --eval "%{_sourcedir}"`
-
-# At this point the (SPECDIR and) SRCDIR vaiables must have a value!
-
+SPECDIR=/usr/src/RPM/SPECS
+SRCDIR=/usr/src/RPM/SOURCES
USERID=`id -u`
GRPID=`id -g`
VERSION='PVERSION'
-RPMVER=`rpm --version | awk '{print $3}'`
-echo The RPM Version on this machine is: $RPMVER
-
-case $RPMVER in
- 2*)
- echo Building for RPM v2.x
- sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba.spec
- ;;
- 3*)
- echo Building for RPM v3.x
- sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba.spec
- ;;
- 4*)
- echo Building for RPM v4.x
- sed -e "s/MANDIR_MACRO/\%\{_mandir\}/g" < samba2.spec > samba.spec
- ;;
- *)
- echo "Unknown RPM version: `rpm --version`"
- exit 1
- ;;
-esac
-
-( cd ../../source; if [ -f Makefile ]; then make distclean; fi )
-( cd ../../.. ; chown -R ${USERID}.${GRPID} samba-${VERSION} )
-echo "Compressing the source as bzip2, may take a while ..."
-( cd ../../.. ; tar --exclude=CVS -cjf ${SRCDIR}/samba-${VERSION}.tar.bz2 samba-${VERSION} )
-
-cp -av samba.spec ${SPECDIR}
-# cp -a *.patch.bz2 *.xpm.bz2 smb.* samba.xinetd samba.log $SRCDIR
-# Prepare to allow straight patches synced from Mandrake cvs:
-# Updating of sources and patches can be done more easily and accurately
-# by using info in the spec file. It won't work for files that use an rpm
-# macro in their name, but that shouldn't be a problem.
-
-SOURCES=`awk '/^Source/ {print $2}' samba.spec |grep -v "%{"`
-PATCHES=`awk '/^Patch/ {print $2}' samba.spec`
-
-for i in $PATCHES $SOURCES;do
- # We have two cases to fix, one where it's bzip2'ed
- # in the spec and not in CVS, one where it's bzip2'ed
- # in CVS but not in the spec
- [ -e $i ] && cp -av $i $SRCDIR
- i_nobz2=`echo $i|sed -e 's/.bz2$//'`
- i_bz2=$i.bz2
- [ -e $i_nobz2 ] && bzip2 -kf $i_nobz2 && mv -fv $i $SRCDIR
- [ -e $i_bz2 ] && bunzip2 -kf $i_bz2 && mv -fv $i $SRCDIR
-done
-
-echo Getting Ready to build release package
-cd ${SPECDIR}
-rpm -ba -v --clean --rmsource samba.spec $@
-
-echo Done.
+( cd ../../.. ; mv samba samba-$VERSION; chown -R ${USERID}.${GRPID} ${SRCDIR}/samba-$VERSION )
+( cd ../../.. ; tar --exclude=CVS -czvf ${SRCDIR}/samba-$VERSION.tar.gz samba-$VERSION )
+( cd ../../.. ; mv samba-$VERSION samba )
+cp -a *.spec $SPECDIR
+cp -a *.patch smb.* samba.log $SRCDIR
+cd $SPECDIR
+rpm -ba -v samba2.spec
-/var/log/samba/log.nmb {
+/var/log/samba/log.nmbd {
notifempty
missingok
postrotate
endscript
}
-/var/log/samba/log.smb {
+/var/log/samba/log.smbd {
notifempty
missingok
postrotate
port = 901
socket_type = stream
wait = no
- only_from = 127.0.0.1
+ only_from = localhost
user = root
server = /usr/sbin/swat
log_on_failure += USERID
-%define pkg_name samba
-%define ver 2.2.5
-%define rel 17mdk
-%define vscanver 0.2.5c
-
-# Determine whether this is the system samba or not.
-%define build_system 0
-%if %build_system
-%define samba_major %{null}
-%else
-%define samba_major 3
-%global _iconsdir %{_datadir}/icons/
-%global _miconsdir %{_datadir}/icons/mini
-%global _liconsdir %{_datadir}/icons/large
-%global _menudir %{_libdir}/menu
-#%%%%global __prefix /opt/samba%{samba_major}
-
-%global _mandir %{_datadir}/man
-%endif
-
-# 2.2.4 and 1 replace by samba-team at release
-%define pversion PVERSION
-%define prelease PRELEASE
-# For testing this setup:
-#%define pversion1 2.2.5
-#%define prelease1 %(date +%Y%m%d)
-
-#Check to see if p(version|release) has been replaced (1 if replaced)
-%define have_pversion %(if [ "%pversion" = `echo "pversion" |tr '[:lower:]' '[:upper:]'` ];then echo 0; else echo 1; fi)
-%define have_prelease %(if [ "%prelease" = `echo "prelease" |tr '[:lower:]' '[:upper:]'` ];then echo 0; else echo 1; fi)
-
-# We might have a prerelease:
-%define have_pre %(echo %pversion|awk '{p=0} /[a-z,A-Z][a-z,A-Z]/ {p=1} {print p}')
-%if %have_pre
-%define pre_ver %(perl -e '$name="%pversion"; print ($name =~ /(.*?)[a-z]/);')
-%define pre_pre %(echo %pversion|sed -e 's/%pre_ver//g')
-%endif
-
-
-# Check to see if we are running a build from a tarball release from samba.org
-# (%have_pversion) If so, disable vscan, unless explicitly requested
-# (--with vscan).
-%define build_vscan 1
-%if %have_pversion
-%define build_vscan 0
-%{?_with_vscan: %define build_vscan 1}
-%endif
-
-# We now do detection of the Mandrake release we are building on:
-#%define build_cooker %(if [ `awk '{print $3}' /etc/mandrake-release` = "Cooker" ];then echo 1; else echo 0; fi)
-#%define build_cooker %(if [[ `cat /etc/mandrake-release|grep Cooker` ]];then echo 1; else echo 0; fi)
-%define build_mdk91 %(if [ `awk '{print $4}' /etc/mandrake-release` = 9.1 ];then echo 1; else echo 0; fi)
-%define build_mdk90 %(if [ `awk '{print $4}' /etc/mandrake-release` = 9.0 ];then echo 1; else echo 0; fi)
-%define build_mdk83 %(if [ `awk '{print $4}' /etc/mandrake-release` = 8.3 ];then echo 1; else echo 0; fi)
-%define build_mdk82 %(if [ `awk '{print $4}' /etc/mandrake-release` = 8.2 ];then echo 1; else echo 0; fi)
-%define build_mdk81 %(if [ `awk '{print $4}' /etc/mandrake-release` = 8.1 ];then echo 1; else echo 0; fi)
-%define build_mdk80 %(if [ `awk '{print $4}' /etc/mandrake-release` = 8.0 ];then echo 1; else echo 0; fi)
-%define build_mdk72 %(if [ `awk '{print $4}' /etc/mandrake-release` = 7.2 ];then echo 1; else echo 0; fi)
-%define build_non_default 0
-
-# Default options
-%define build_acl 1
-%define build_winbind 1
-%define build_wins 1
-%define build_ldap 1
-%define build_ads 1
-
-# Set defaults for each version
-%if %build_mdk91
-%endif
-
-%if %build_mdk90
-%endif
-
-%if %build_mdk83
-%endif
-
-%if %build_mdk82
-%endif
-
-%if %build_mdk81
-%define build_winbind 0
-%define build_wins 0
-%endif
-
-%if %build_mdk80
-%define build_acl 0
-%define build_winbind 0
-%define build_wins 0
-%endif
-
-%if %build_mdk72
-%define build_acl 0
-%define build_winbind 0
-%define build_wins 0
-%endif
-
-# Allow commandline option overrides (borrowed from Vince's qmail srpm):
-# To use it, do rpm [-ba|--rebuild] --with 'xxx'
-# Check if the rpm was built with the defaults, otherwise we inform the user
-%define build_non_default 0
-%{?_with_acl: %{expand: %%define build_acl 1}}
-%{?_with_acl: %{expand: %%define build_non_default 1}}
-%{?_without_acl: %{expand: %%define build_acl 0}}
-%{?_without_acl: %{expand: %%define build_non_default 1}}
-%{?_with_winbind: %{expand: %%global build_winbind 1}}
-%{?_with_winbind: %{expand: %%define build_non_default 1}}
-%{?_without_winbind: %{expand: %%define build_winbind 0}}
-%{?_without_winbind: %{expand: %%define build_non_default 1}}
-%{?_with_wins: %{expand: %%global build_wins 1}}
-%{?_with_wins: %{expand: %%define build_non_default 1}}
-%{?_without_wins: %{expand: %%global build_wins 0}}
-%{?_without_wins: %{expand: %%define build_non_default 1}}
-%{?_with_ldap: %{expand: %%global build_ldap 1}}
-%{?_with_ldap: %{expand: %%define build_non_default 1}}
-%{?_without_ldap: %{expand: %%global build_ldap 0}}
-%{?_without_ldap: %{expand: %%define build_non_default 1}}
-%{?_with_ads: %{expand: %%define build_ads 1}}
-%{?_with_ads: %{expand: %%define build_non_default 1}}
-%{?_without_ads: %{expand: %%define build_ads 0}}
-%{?_without_ads: %{expand: %%define build_non_default 1}}
-
-# As if that weren't enough, we're going to try building with antivirus
-# support as an option also
-%define build_fprot 0
-%define build_kaspersky 0
-%define build_mks 0
-%define build_openantivirus 0
-%define build_sophos 0
-%define build_symantec 0
-%define build_trend 0
-%if %build_vscan
-%{?_with_fprot: %{expand: %%global build_fprot 1}}
-%{?_with_kaspersky: %{expand: %%global build_kaspersky 1}}
-%{?_with_mks: %{expand: %%global build_mks 1}}
-%{?_with_openav: %{expand: %%global build_openantivirus 1}}
-%{?_with_sophos: %{expand: %%global build_sophos 1}}
-%{?_with_symantec: %{expand: %%global build_symantec 1}}
-%{?_with_trend: %{expand: %%global build_trend 1}}
-%define vscandir "samba-vscan-%{vscanver}"
-%endif
-%define vfsdir "examples.bin/VFS"
-
-#Workaround missing macros in 8.x:
-%{!?perl_vendorlib: %{expand: %%global perl_vendorlib %{perl_sitearch}/../}}
-
-Summary: Samba SMB server.
-Name: %{pkg_name}%{samba_major}
-%if %have_pversion && %have_pre
-Version: %{pre_ver}
-%define source_ver %{pversion}
-%endif
-%if %have_pversion && !%have_pre
-Version: %{pversion}
-%define source_ver %{pversion}
-%endif
-%if !%have_pversion
-Version: %{ver}
-%define source_ver %{ver}
-%endif
-%if %have_prelease && !%have_pre
-Release: 1.%{prelease}mdk
-%endif
-%if %have_prelease && %have_pre
-Release: 0.%{pre_pre}.%{prelease}mdk
-%endif
-%if !%have_prelease
-Release: %{rel}
-%endif
-License: GPL
-Group: System/Servers
-Source: ftp://samba.org/pub/samba/samba-%{source_ver}.tar.bz2
-URL: http://www.samba.org
-Source1: samba.log
-Source3: samba.xinetd
-Source4: swat_48.xpm.bz2
-Source5: swat_32.xpm.bz2
-Source6: swat_16.xpm.bz2
-Source7: README.%{name}-mandrake-rpm
-%if %build_vscan
-Source8: samba-vscan-%{vscanver}.tar.bz2
-%endif
-Source10: samba-print-pdf.sh.bz2
-Patch1: smbw.patch.bz2
-Patch5: samba-2.2.0-gawk.patch.bz2
-Patch12: samba-2.2.0-buildroot.patch.bz2
-Patch17: samba-3.0-smbmount-sbin.patch.bz2
-Requires: pam >= 0.64, samba-common = %{version}
-BuildRequires: pam-devel autoconf readline-devel
-%if %build_acl
-BuildRequires: libacl-devel
-%endif
-%if %build_mdk72
-BuildRequires: cups-devel
-%else
-BuildRequires: libcups-devel
-%endif
-%if %build_ldap
-BuildRequires: libldap-devel
-%endif
-%if %build_ads
-BuildRequires: libldap-devel krb5-devel
-%endif
-BuildRoot: %{_tmppath}/%{name}-root
+Summary: Samba SMB client and server
+Name: samba
+Version: PVERSION
+Release: PRELEASE
+Copyright: GNU GPL version 2
+Group: Networking
+Source: ftp://samba.org/pub/samba/samba-%{version}.tar.gz
+Packager: Gerald (Jerry) Carter [Samba-Team] <jerry@samba.org>
+Requires: pam >= 0.72 kernel >= 2.2.1 glibc >= 2.1.2
+Prereq: chkconfig fileutils
+BuildRoot: /var/tmp/samba
Prefix: /usr
-Prereq: /sbin/chkconfig /bin/mktemp /usr/bin/killall
-Prereq: fileutils sed /bin/grep
%description
Samba provides an SMB server which can be used to provide
and does NOT need NetBEUI (Microsoft Raw NetBIOS frame)
protocol.
-Samba-3.0 features working NT Domain Control capability and
-includes the SWAT (Samba Web Administration Tool) that
-allows samba's smb.conf file to be remotely managed using your
+Samba-2.2 features working NT Domain Control capability and
+includes the SWAT (Samba Web Administration Tool) that
+allows samba's smb.conf file to be remotely managed using your
favourite web browser. For the time being this is being
-enabled on TCP port 901 via xinetd. SWAT is now included in
-it's own subpackage, samba-swat.
+enabled on TCP port 901 via inetd.
-Please refer to the WHATSNEW.txt document for fixup information.
-This binary release includes encrypted password support.
-
-Please read the smb.conf file and ENCRYPTION.txt in the
-docs directory for implementation details.
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-%if %build_non_default
-WARNING: This RPM was built with command-line options. Please
-see README.%{name}-mandrake-rpm in the documentation for
-more information.
-%endif
-
-%package server
-URL: http://www.samba.org
-Summary: Samba (SMB) server programs.
-Requires: %{name}-common = %{version}
-Group: Networking/Other
-Provides: samba
-Obsoletes: samba
-%if %build_system
-Obsoletes: samba-server-ldap
-Obsoletes: samba3-server
-%else
-Provides: samba-server
-%endif
-
-%description server
-Samba-server provides a SMB server which can be used to provide
-network services to SMB (sometimes called "Lan Manager")
-clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols
-and does NOT need NetBEUI (Microsoft Raw NetBIOS frame)
-protocol.
-
-Samba-3.0 features working NT Domain Control capability and
-includes the SWAT (Samba Web Administration Tool) that
-allows samba's smb.conf file to be remotely managed using your
-favourite web browser. For the time being this is being
-enabled on TCP port 901 via xinetd. SWAT is now included in
-it's own subpackage, samba-swat.
+Users are advised to use Samba-2.2 as a Windows NT4
+Domain Controller only on networks that do NOT have a Windows
+NT Domain Controller. This release does NOT as yet have
+Backup Domain control ability.
Please refer to the WHATSNEW.txt document for fixup information.
This binary release includes encrypted password support.
Please read the smb.conf file and ENCRYPTION.txt in the
docs directory for implementation details.
-%if %build_ldap
-This package was compiled with LDAP support, which means that
-passwords can be stored in LDAP or in smbpasswd files.
-To migrate your passwords from smbpasswd into LDAP, try
-examples/LDAP/import_smbpasswd.pl using:
-%{_datadir}/%{name}/scripts/import_smbpasswd.pl </etc/%{name}/smbpasswd
-
-Scripts for managing users in LDAP have been added to
-%{_datadir}/%{name}/scripts, configuration is in /etc/%{name}/smbldap_conf.pm
-%endif
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-%package client
-URL: http://www.samba.org
-Summary: Samba (SMB) client programs.
-Group: Networking/Other
-Requires: %{name}-common = %{version}
-Obsoletes: smbfs
-%if %build_system
-Obsoletes: samba3-client
-%else
-Provides: samba-client
-%endif
-
-%description client
-Samba-client provides some SMB clients, which complement the built-in
-SMB filesystem in Linux. These allow the accessing of SMB shares, and
-printing to SMB printers.
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-%package common
-URL: http://www.samba.org
-Summary: Files used by both Samba servers and clients.
-Group: System/Servers
-%if %build_system
-Obsoletes: samba-common-ldap
-Obsoletes: samba3-common
-%else
-Provides: samba-common
-%endif
-
-%description common
-Samba-common provides files necessary for both the server and client
-packages of Samba.
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-%package doc
-URL: http://www.samba.org
-Summary: Documentation for Samba servers and clients.
-Group: System/Servers
-Requires: %{name}-common = %{version}
-%if %build_system
-Obsoletes: samba3-doc
-%else
-Provides: samba-doc
-%endif
-
-%description doc
-Samba-doc provides documentation files for both the server and client
-packages of Samba.
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-%package swat
-URL: http://www.samba.org
-Summary: The Samba Web Administration Tool.
-Requires: %{name}-server = %{version}
-Requires: xinetd
-Group: System/Servers
-%if %build_system
-Obsoletes: samba-swat-ldap
-Obsoletes: samba3-swat
-%else
-Provides: samba-swat
-%endif
-
-%description swat
-SWAT (the Samba Web Administration Tool) allows samba's smb.conf file
-to be remotely managed using your favourite web browser. For the time
-being this is being enabled on TCP port 901 via xinetd. Note that
-SWAT does not use SSL encryption, nor does it preserve comments in
-your smb.conf file. Webmin uses SSL encryption by default, and
-preserves comments in configuration files, even if it does not display
-them, and is therefore the preferred method for remotely managing
-Samba.
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-%if %build_winbind
-%package winbind
-URL: http://www.samba.org
-Summary: Samba-winbind daemon, utilities and documentation
-Group: System/Servers
-Requires: %{name}-common = %{version}
-%description winbind
-Provides the winbind daemon and testing tools to allow authentication
-and group/user enumeration from a Windows or Samba domain controller.
-%endif
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-%if %build_wins
-%package -n nss_wins%{samba_major}
-URL: http://www.samba.org
-Summary: Name Service Switch service for WINS
-Group: System/Servers
-Requires: %{name}-common = %{version}
-PreReq: glibc
-%description -n nss_wins%{samba_major}
-Provides the libnss_wins shared library which resolves NetBIOS names to
-IP addresses.
-%endif
-
-%if !%build_system
-NOTE: This is a prerelease of samba-%{samba_major}, not intended
-for production use. If something breaks, file a bug report.
-%endif
-
-#Antivirus packages:
-%if %build_fprot
-%package vscan-fprot
-Summary: On-access virus scanning for samba using FPROT
-Group: System/Servers
-Requires: %{name}-server = %{version}
-Autoreq: 0
-%description vscan-fprot
-A vfs-module for samba to implement on-access scanning using the
-FPROT antivirus software (which must be installed to use this).
-%endif
-
-%if %build_kaspersky
-%package vscan-kaspersky
-Summary: On-access virus scanning for samba using Kaspersky
-Group: System/Servers
-Requires: %{name}-server = %{version}
-Autoreq: 0
-%description vscan-kaspersky
-A vfs-module for samba to implement on-access scanning using the
-Kaspersky antivirus software (which must be installed to use this).
-%endif
-
-%if %build_mks
-%package vscan-mks
-Summary: On-access virus scanning for samba using MKS
-Group: System/Servers
-Requires: %{name}-server = %{version}
-Autoreq: 0
-%description vscan-mks
-A vfs-module for samba to implement on-access scanning using the
-MKS antivirus software (which must be installed to use this).
-%endif
-
-%if %build_openantivirus
-%package vscan-openantivirus
-Summary: On-access virus scanning for samba using OpenAntivirus
-Group: System/Servers
-Requires: %{name}-server = %{version}
-Autoreq: 0
-%description vscan-openantivirus
-A vfs-module for samba to implement on-access scanning using the
-OpenAntivirus antivirus software (which must be installed to use this).
-%endif
-
-%if %build_sophos
-%package vscan-sophos
-Summary: On-access virus scanning for samba using Sophos
-Group: System/Servers
-Requires: %{name}-server = %{version}
-Autoreq: 0
-%description vscan-sophos
-A vfs-module for samba to implement on-access scanning using the
-Sophos antivirus software (which must be installed to use this).
-%endif
+%changelog
+* Mon May 21 2001 Gerald (Jerry) Carter <jerry@samba.org>
+ - removed docs/htmldocs and docs/manpages from /usr/share/docs
+ These het installed in /usr/share/swat already
+ - Fix for codepages and src not getting installed in the RPM
+ - Fixed minor typos
-%if %build_symantec
-%package vscan-symantec
-Summary: On-access virus scanning for samba using Symantec
-Group: System/Servers
-Requires: %{name}-server = %{version}
-Autoreq: 0
-%description vscan-symantec
-A vfs-module for samba to implement on-access scanning using the
-Symantec antivirus software (which must be installed to use this).
-%endif
+* Mon Apr 23 2001 Gerald (Jerry) Carter <jerry@samba.org>
+ - Added a few bug fixes to release the first Mandrake RPMS
-%if %build_trend
-%package vscan-trend
-Summary: On-access virus scanning for samba using Trend
-Group: System/Servers
-Requires: %{name}-server = %{version}
-Autoreq: 0
-%description vscan-trend
-A vfs-module for samba to implement on-access scanning using the
-Trend antivirus software (which must be installed to use this).
-%endif
+* Sat Apr 14 2001 John H Terpstra <jht@samba.org>
+ - Added official samba-team support for Mandrakesoft
+ - We get a lot of requests for this!
%prep
-# Build a summary of how this RPM was built:
-%if %build_acl
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --with acl"
-%else
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --without acl"
-%endif
-%if %build_winbind
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --with winbind"
-%else
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --without winbind"
-%endif
-%if %build_wins
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --with wins"
-%else
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --without wins"
-%endif
-%if %build_ldap
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --with ldap"
-%else
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --without ldap"
-%endif
-%if %build_ads
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --with ads"
-%else
-RPM_EXTRA_OPTIONS="$RPM_EXTRA_OPTIONS --without ads"
-%endif
-
-%if %build_non_default
-echo "Building a non-default rpm with the following command-line arguments:"
-echo "$RPM_EXTRA_OPTIONS"
-echo "This rpm was built with non-default options, thus, to build ">%{SOURCE7}
-echo "an identical rpm, you need to supply the following options">>%{SOURCE7}
-echo "at build time: $RPM_EXTRA_OPTIONS">>%{SOURCE7}
-echo -e "\n%{name}-%{version}-%{release}\n">>%{SOURCE7}
-%else
-echo "This rpm was built with default options">%{SOURCE7}
-echo -e "\n%{name}-%{version}-%{release}\n">>%{SOURCE7}
-%endif
-
-%if %build_vscan
-%setup -q -a 8 -n %{pkg_name}-%{source_ver}
-%else
-%setup -q -n %{pkg_name}-%{source_ver}
-%endif
-%patch1 -p1 -b .smbw
-%patch5 -p1 -b .gawk
-%patch12 -p1 -b .buildroot
-%patch17 -p1 -b .sbin
-cp %{SOURCE7} .
-
-# Make a copy of examples so that we have a clean one for doc:
-cp -a examples examples.bin
-
-%if %build_vscan
-# put antivirus files in examples.bin/VFS/
-for av in fprot kaspersky mks openantivirus sophos symantec trend; do
- cp -a %{vscandir}/$av %{vfsdir}
-done
-%endif
-
-# Edit some files when not building system samba:
-%if !%build_system
-perl -pi -e 's/%{pkg_name}/%{name}/g' source/auth/pampass.c
-%endif
+%setup
%build
-#%serverbuild
-(cd source
-autoconf
-CPPFLAGS="-I/usr/include/openssl"; export CPPFLAGS
-CFLAGS="$RPM_OPT_FLAGS"
-%configure --prefix=%{_prefix} \
- --with-fhs \
- --libdir=/etc/%{name} \
- --sysconfdir=/etc/%{name} \
- --localstatedir=/var \
- --with-configdir=/etc/%{name} \
- --with-codepagedir=/var/lib/%{name}/codepages \
- --with-privatedir=/etc/%{name} \
- --with-swatdir=%{_datadir}/swat%{samba_major} \
- --with-smbmount \
- --with-syslog \
- --with-automount \
- --with-pam \
- --with-vfs \
- --with-utmp \
- --with-msdfs \
- --with-smbwrapper \
- --with-manpages-langs=en \
- --with-logfilebase=/var/log/%{name} \
- --with-lockdir=/var/cache/%{name} \
- --with-piddir=/var/run/%{name} \
-%if !%build_system
- --program-suffix=%{samba_major} \
-%endif
-%if %build_acl
- --with-acl-support \
-%endif
-%if !%build_ldap
- --with-ldap=no \
-%endif
-%if !%build_ads
- --with-ads=no \
-%endif
- --with-quotas
-# --with-pam_smbpass \
-# --with-manpages-langs=en,ja,pl \
-
-#make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" all
-make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" \
- all smbfilter smbwrapper smbcacls pam_smbpass nsswitch nsswitch/libnss_wins.so debug2html
-# Build VFS modules (experimental)
-cd ../%vfsdir
-%configure --prefix=%{prefix} \
- --mandir=%{prefix}/share/man
-make
-#make CFLAGS="$RPM_OPT_FLAGS -I../../source -I../../source/include -I../../source/ubiqx \
-# -I../../source/smbwrapper -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
-)
+cd source
-# Build mkntpasswd in examples/LDAP/ for smbldaptools
-(
-cd examples.bin/LDAP/smbldap-tools/mkntpwd
-make
-)
-
-# Build antivirus vfs objects:
-%if %build_fprot
-echo "Building fprot"
-%endif
-%if %build_kaspersky
-echo "Building Kaspersky"
-(cd %{vfsdir}/kaspersky;make)
-%endif
-%if %build_mks
-echo "Building mks"
-(cd %{vfsdir}/mks;make)
-%endif
-%if %build_openantivirus
-echo "Building OpenAntivirus"
-(cd %{vfsdir}/openantivirus;make)
-%endif
-%if %build_sophos
-echo "building sophos"
-(cd %{vfsdir}/sophos;make)
-%endif
-%if %build_symantec
-echo "Building symantec"
-(cd %{vfsdir}/symantec;make)
-%endif
-%if %build_trend
-echo "Building Trend"
-(cd %{vfsdir}/trend;make)
-%endif
+%ifarch ia64
+libtoolize --copy --force # get it to recognize IA-64
+autoconf
+autoheader
+EXTRA="-D_LARGEFILE64_SOURCE"
+%endif
+
+NUMCPU=`grep processor /proc/cpuinfo | wc -l`
+
+CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \
+ --prefix=%{prefix} \
+ --with-fhs \
+ --libdir=/etc/samba \
+ --localstatedir=/var \
+ --with-codepagedir=%{prefix}/share/samba/codepages \
+ --with-configdir=/etc/samba \
+ --with-lockdir=/var/lock/samba \
+ --with-swatdir=%{prefix}/share/swat \
+ --with-quotas \
+ --with-smbmount \
+ --with-pam \
+ --with-pam_smbpass \
+ --with-syslog \
+ --with-utmp \
+ --with-netatalk \
+ --with-sambabook=%{prefix}/share/swat/using_samba
+
+make -j${NUMCPU} proto
+make -j${NUMCPU} all smbfilter nsswitch/libnss_wins.so debug2html
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT
-
-# Any entries here mean samba makefile is *really* broken:
-mkdir -p $RPM_BUILD_ROOT/etc/%{name}
-mkdir -p $RPM_BUILD_ROOT/%{_datadir}
-
-(cd source
-make DESTDIR=$RPM_BUILD_ROOT install)
-
-#need to stay
-mkdir -p $RPM_BUILD_ROOT/sbin
-mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,xinetd.d}
+mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,samba,xinetd.d}
+mkdir -p $RPM_BUILD_ROOT/etc/samba/security
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
-mkdir -p $RPM_BUILD_ROOT/var/cache/%{name}
-mkdir -p $RPM_BUILD_ROOT/var/log/%{name}
-mkdir -p $RPM_BUILD_ROOT/var/run/%{name}
-mkdir -p $RPM_BUILD_ROOT/var/spool/%{name}
-mkdir -p $RPM_BUILD_ROOT/var/lib/%{name}/{netlogon,profiles,printers}
-mkdir -p $RPM_BUILD_ROOT/var/lib/%{name}/printers/{W32X86,WIN40,W32ALPHA,W32MIPS,W32PPC}
-mkdir -p $RPM_BUILD_ROOT/var/lib/%{name}/codepages/src
mkdir -p $RPM_BUILD_ROOT/lib/security
-mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib
-mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/vfs
-mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}/scripts
-
-#smbwrapper and pam_winbind not handled by make, pam_smbpass.so doesn't build
-install -m 755 source/bin/smbwrapper.so $RPM_BUILD_ROOT%{_libdir}/smbwrapper%{samba_major}.so
-#install -m 755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security/pam_smbpass.so
-install -m 755 source/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/lib/security/pam_winbind%{samba_major}.so
-
-# Install VFS modules
-#install -m755 %vfsdir/audit.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs
-#for i in block recycle
-#do
-# install -m755 %vfsdir/$i/$i.so $RPM_BUILD_ROOT/%{_libdir}/samba/vfs
-#done
-
-# Antivirus support:
-# mkdir -p $RPM_BUILD_ROOT%{_libdir}/samba/vfs/vscan
- for av in fprotd kavp mksd oav sophos symantec trend; do
- if [ -d %{vfsdir}/$av -a -e %{vfsdir}/$av/vscan-$av.so ];then
- cp %{vfsdir}/$av/vscan-$av.so \
- $RPM_BUILD_ROOT%{_libdir}/samba/vfs/
- fi
- done
-
-#These scripts are not handled by make:
-#for i in addtosmbpass mksmbpasswd.sh smbtar convert_smbpasswd
-for i in addtosmbpass mksmbpasswd.sh convert_smbpasswd
+mkdir -p $RPM_BUILD_ROOT%{prefix}/{bin,sbin}
+mkdir -p $RPM_BUILD_ROOT/home/samba
+mkdir -p $RPM_BUILD_ROOT/sbin
+mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include}
+mkdir -p $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src
+mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{figs,gifs}
+mkdir -p $RPM_BUILD_ROOT%{prefix}/share/man/{man1,man5,man7,man8}
+mkdir -p $RPM_BUILD_ROOT/var/lock/samba
+mkdir -p $RPM_BUILD_ROOT/var/log/samba
+mkdir -p $RPM_BUILD_ROOT/var/spool/samba
+
+# Install standard binary files
+for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \
+ make_smbcodepage make_unicodemap make_printerdef rpcclient smbspool \
+ smbmount smbumount smbmnt
do
- install -m755 source/script/$i $RPM_BUILD_ROOT/%{_bindir}
+ install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin
done
-
-#libnss_* not handled by make:
-# Install the nsswitch library extension file
-for i in wins winbind; do
- install -m755 source/nsswitch/libnss_${i}.so $RPM_BUILD_ROOT/lib/libnss_${i}%{samba_major}.so
+for i in smbtar
+do
+ install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin
done
-# Make link for wins and winbind resolvers
-( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins%{samba_major}.so libnss_wins%{samba_major}.so.2; ln -s libnss_winbind%{samba_major}.so libnss_winbind%{samba_major}.so.2)
-
-# Install other stuff
-
-# install -m644 examples/VFS/recycle/recycle.conf $RPM_BUILD_ROOT/etc/samba/
- install -m644 packaging/Mandrake/smb.conf $RPM_BUILD_ROOT/etc/%{name}/smb.conf
- install -m644 packaging/Mandrake/smbusers $RPM_BUILD_ROOT/etc/%{name}/smbusers
- install -m755 packaging/Mandrake/smbprint $RPM_BUILD_ROOT/%{_bindir}
- #install -m755 packaging/RedHat/smbadduser $RPM_BUILD_ROOT/usr/bin
- install -m755 packaging/Mandrake/findsmb $RPM_BUILD_ROOT/%{_bindir}
- install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb%{samba_major}
- install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT/%{_sbindir}/%{name}
- install -m755 packaging/Mandrake/winbind.init $RPM_BUILD_ROOT/etc/rc.d/init.d/winbind%{samba_major}
- install -m755 packaging/Mandrake/winbind.init $RPM_BUILD_ROOT/%{_sbindir}/winbind%{samba_major}
- install -m644 packaging/Mandrake/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/%{name}
- install -m644 packaging/Mandrake/system-auth-winbind.pamd $RPM_BUILD_ROOT/etc/pam.d/system-auth-winbind%{samba_major}
-#
- install -m644 $RPM_SOURCE_DIR/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/%{name}
-# install -m644 packaging/Mandrake/samba-slapd-include.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/samba-slapd.include
-
-# Install smbldap-tools scripts:
-#for i in examples/LDAP/smbldap-tools/*.pl; do
-# install -m 750 $i $RPM_BUILD_ROOT/%{_datadir}/%{name}/scripts/
-#done
-
-#install -m 750 examples/LDAP/smbldap-tools/smbldap_tools.pm $RPM_BUILD_ROOT/%{_datadir}/%{name}/scripts/
-
-# The conf file
-#install -m 640 examples/LDAP/smbldap-tools/smbldap_conf.pm $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}
-
-# Link both smbldap*.pm into vendor-perl (any better ideas?)
-#mkdir -p %{buildroot}/%{perl_vendorlib}
-#ln -s %{_sysconfdir}/%{name}/smbldap_conf.pm $RPM_BUILD_ROOT/%{perl_vendorlib}
-#ln -s %{_datadir}/%{name}/scripts/smbldap_tools.pm $RPM_BUILD_ROOT/%{perl_vendorlib}
-
-#mkntpwd
-#install -m750 examples.bin/LDAP/smbldap-tools/mkntpwd/mkntpwd %{buildroot}/%{_sbindir}
-
-# Samba smbpasswd migration script:
-install -m700 examples/LDAP/export_smbpasswd.pl $RPM_BUILD_ROOT/%{_datadir}/%{name}/scripts/
-install -m700 examples/LDAP/import_smbpasswd.pl $RPM_BUILD_ROOT/%{_datadir}/%{name}/scripts/
-
-
-
-# make a conf file for winbind from the default one:
- cat packaging/Mandrake/smb.conf|sed -e 's/^; winbind/ winbind/g;s/^; obey pam/ obey pam/g; s/^; printer admin = @"D/ printer admin = @"D/g;s/^; password server = \*/ password server = \*/g;s/^; template/ template/g; s/^ security = user/ security = domain/g' > packaging/Mandrake/smb-winbind.conf
- install -m644 packaging/Mandrake/smb-winbind.conf $RPM_BUILD_ROOT/etc/%{name}/smb-winbind.conf
-# Link smbmount to /sbin/mount.smb and /sbin/mount.smbfs
-#I don't think it's possible for make to do this ...
- ln -s $RPM_BUILD_ROOT/%{_bindir}/smbmount%{samba_major} $RPM_BUILD_ROOT/sbin/mount.smb%{samba_major}
- ln -s $RPM_BUILD_ROOT/%{_bindir}/smbmount%{samba_major} $RPM_BUILD_ROOT/sbin/mount.smbfs%{samba_major}
- echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/%{name}/lmhosts
-
-# Link smbspool to CUPS (does not require installed CUPS)
-
- mkdir -p $RPM_BUILD_ROOT/%{_libdir}/cups/backend
- ln -s %{_bindir}/smbspool $RPM_BUILD_ROOT/%{_libdir}/cups/backend/smb%{samba_major}
-
-# xinetd support
-
- mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d
- install -m644 %{SOURCE3} $RPM_BUILD_ROOT/etc/xinetd.d/swat%{samba_major}
+# Install secure binary files
+for i in smbd nmbd swat debug2html smbfilter
+do
+ install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin
+done
-# menu support
+# we need a symlink for mount to recognise the smb and smbfs filesystem types
+ln -sf %{prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs
+ln -sf %{prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb
-mkdir -p $RPM_BUILD_ROOT%{_menudir}
-cat > $RPM_BUILD_ROOT%{_menudir}/%{name} << EOF
-?package(%{name}):command="gnome-moz-remote http://localhost:901/" needs="gnome" \
-icon="swat%{samba_major}.xpm" section="Configuration/Networking" title="Samba Configuration" \
-longtitle="The Swat Samba Administration Tool"
-?package(%{name}):command="sh -c '\$BROWSER http://localhost:901/'" needs="x11" \
-icon="swat%{samba_major}.xpm" section="Configuration/Networking" title="Samba Configuration" \
-longtitle="The Swat Samba Administration Tool"
-EOF
+# Install codepage source files
+for i in 437 737 775 850 852 861 866 932 936 949 950 1251; do
+ install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src
+done
+for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R; do
+ install -m644 source/codepages/CP$i.TXT $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src
+done
-mkdir -p $RPM_BUILD_ROOT%{_liconsdir} $RPM_BUILD_ROOT%{_iconsdir} $RPM_BUILD_ROOT%{_miconsdir}
+# Install the nsswitch library extenstion file
+install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
+# Make link for wins resolver
+( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins.so libnss_wins.so.2; )
-bzcat %{SOURCE4} > $RPM_BUILD_ROOT%{_liconsdir}/swat%{samba_major}.xpm
-bzcat %{SOURCE5} > $RPM_BUILD_ROOT%{_iconsdir}/swat%{samba_major}.xpm
-bzcat %{SOURCE6} > $RPM_BUILD_ROOT%{_miconsdir}/swat%{samba_major}.xpm
+# PAM Authentication file
+install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security
-bzcat %{SOURCE10}> $RPM_BUILD_ROOT%{_datadir}/%{name}/scripts/print-pdf
+# Install SWAT helper files
+for i in swat/help/*.html docs/htmldocs/*.html; do
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help
+done
+for i in swat/images/*.gif; do
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images
+done
+for i in swat/include/*.html; do
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include
+done
-# Fix configs when not building system samba:
-%if !%build_system
-# Work around non-existent but claimed --program-suffix support :-(
-for dir in %{_sbindir} %{_bindir};do
- FILES=`find %{buildroot}$dir -type f |grep -v "\."|grep -v %{samba_major}$`
- for OLD in $FILES; do
- NEW=`echo ${OLD}%{samba_major}`
- mv $OLD $NEW
- done
+# This is the O'Reily Samba Book - on-line
+for i in docs/htmldocs/using_samba/*.html; do
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba
done
-# And the man pages too:
-FILES=`find %{buildroot}%{_mandir} -type f `
-for OLD in $FILES; do
- BASE=`perl -e '$name="'${OLD}'"; print "",($name =~ /(.*?)\.[0-9]/), "\n";'`
- EXT=`echo $OLD|sed -e 's,'${BASE}',,g'`
- NEW=`echo ${BASE}%{samba_major}${EXT}`
- mv $OLD $NEW
-done
-# Replace paths in config files and init scripts:
-for i in smb winbind;do
- perl -pi -e 's,/subsys/'$i',/subsys/'$i'%{samba_major},g' $RPM_BUILD_ROOT/etc/rc.d/init.d/${i}%{samba_major}
+for i in docs/htmldocs/using_samba/figs/*.gif; do
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/figs
done
-for i in /etc/%{name}/smb.conf /etc/rc.d/init.d/smb%{samba_major} %{_sbindir}/%{name} /etc/rc.d/init.d/winbind%{samba_major} %{_sbindir}/winbind%{samba_major} /etc/logrotate.d/%{name} /etc/xinetd.d/swat%{samba_major}; do
- perl -pi -e 's,/%{pkg_name},/%{name},g; s,smbd,%{_sbindir}/smbd%{samba_major},g; s,nmbd,%{_sbindir}/nmbd%{samba_major},g; s,winbindd,%{_sbindir}/winbindd%{samba_major},g; s,/usr/sbin/swat,%{_sbindir}/swat%{samba_major},g' $RPM_BUILD_ROOT/$i;
+for i in docs/htmldocs/using_samba/gifs/*.gif; do
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/gifs
done
-# Fix pam files
-perl -pi -e 's/winbind/winbind%{samba_major}/g' $RPM_BUILD_ROOT/etc/pam.d/system-auth-winbind%{samba_major}
-# Fix xinetd file for swat:
-perl -pi -e 's,/usr/sbin,%{_sbindir},g' $RPM_BUILD_ROOT/etc/xinetd.d/swat%{samba_major}
-%endif
-%clean
-rm -rf $RPM_BUILD_ROOT
+# Install the miscellany
+install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat
+# Install level 1 man pages
+for i in *.1; do
+ install -m644 docs/manpages/$i $RPM_BUILD_ROOT%{prefix}/share/man/man1
+done
+install -m644 docs/manpages/smb.conf.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5
+install -m644 docs/manpages/lmhosts.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5
+install -m644 docs/manpages/smbpasswd.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5
+
+install -m644 docs/manpages/samba.7 $RPM_BUILD_ROOT%{prefix}/share/man/man7
+
+install -m644 docs/manpages/smbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/nmbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/smbpasswd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/swat.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/smbmount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/smbmnt.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/smbumount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+install -m644 docs/manpages/smbspool.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8
+
+install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat
+
+install -m644 packaging/Mandrake/smb.con* $RPM_BUILD_ROOT/etc/samba/
+install -m644 packaging/Mandrake/smbusers $RPM_BUILD_ROOT/etc/samba/smbusers
+install -m755 packaging/Mandrake/smbprint $RPM_BUILD_ROOT%{prefix}/bin
+install -m755 packaging/Mandrake/findsmb $RPM_BUILD_ROOT%{prefix}/bin
+install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb
+install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba
+install -m644 packaging/Mandrake/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba
+install -m644 packaging/Mandrake/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba
+install -m644 packaging/Mandrake/samba.xinetd $RPM_BUILD_ROOT/etc/xinetd.d/swat
+echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/samba/lmhosts
+
+##
+## remove these directories so they don't get installed twice
+##
+/bin/rm -rf docs/htmldocs
+/bin/rm -rf docs/manpages
-%post server
-/sbin/chkconfig --level 35 smb%{samba_major} on
+%clean
+rm -rf $RPM_BUILD_ROOT
-# Add a unix group for samba machine accounts
-groupadd -frg 421 machines
+%post
+/sbin/chkconfig --add smb
+/sbin/chkconfig smb off
-# Migrate tdb's from /var/lock/samba (taken from official samba spec file):
-for i in /var/lock/samba/*.tdb
+# Build codepage load files
+cd %{prefix}/share/samba/codepages
+for i in 437 737 775 850 852 861 866 932 936 949 950 1251
do
-if [ -f $i ]; then
- newname=`echo $i | sed -e's|var\/lock\/samba|var\/cache\/samba|'`
- echo "Moving $i to $newname"
- mv $i $newname
-fi
+%{prefix}/bin/make_smbcodepage c $i %{prefix}/share/samba/codepages/src/codepage_def.$i %{prefix}/share/samba/codepages/codepage.$i
done
-
-# Remove the transient tdb files (modified from version in off. samba spec:
-for TDB in brlock unexpected locking messages; do
- if [ -e /var/cache/%{name}/$TDB.tdb ]; then
- rm -f /var/cache/%{name}/$TDB.tdb;
- fi;
+for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R
+do
+%{prefix}/bin/make_unicodemap $i %{prefix}/share/samba/codepages/src/CP$i.TXT %{prefix}/share/samba/codepages/unicode_map.$i
done
-if [ -d /var/lock/samba ]; then
- rm -rf /var/lock/samba
-fi
-
-%post common
-# Basic migration script for pre-2.2.1 users,
-# since smb config moved from /etc to /etc/samba
-
-# Let's create a proper /etc/samba/smbpasswd file
-[ -f /etc/%{name}/smbpasswd ] || {
- echo "Creating password file for samba..."
- touch /etc/%{name}/smbpasswd
-}
-
-# And this too, in case we don't have smbd to create it for us
-[ -f /var/cache/%{name}/unexpected.tdb ] || {
- touch /var/cache/%{name}/unexpected.tdb
-}
-
-# Let's define the proper paths for config files
-perl -pi -e 's/(\/etc\/)(smb)/\1%{name}\/\2/' /etc/%{name}/smb.conf
-
-# Fix the logrotate.d file from smb and nmb to smbd and nmbd
-if [ -f /etc/logrotate.d/samba ]; then
- perl -pi -e 's/smb /smbd /' /etc/logrotate.d/samba
- perl -pi -e 's/nmb /nmbd /' /etc/logrotate.d/samba
+# Add swat entry to /etc/services if not already there
+if !( grep ^[:space:]*swat /etc/services > /dev/null ) then
+ echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services
fi
-# And not loose our machine account SID
-[ -f /etc/MACHINE.SID ] && mv -f /etc/MACHINE.SID /etc/%{name}/ ||:
-
-%if %build_winbind
-%post winbind
-if [ $1 = 1 ]; then
- /sbin/chkconfig winbind%{samba_major} on
- cp -af /etc/nsswitch.conf /etc/nsswitch.conf.rpmsave
- cp -af /etc/nsswitch.conf /etc/nsswitch.conf.rpmtemp
- for i in passwd group;do
- grep ^$i /etc/nsswitch.conf |grep -v 'winbind%{samba_major}' >/dev/null
- if [ $? = 0 ];then
- echo "Adding a winbind%{samba_major} entry to the $i section of /etc/nsswitch.conf"
- awk '/^'$i'/ {print $0 " winbind%{samba_major}"};!/^'$i'/ {print}' /etc/nsswitch.conf.rpmtemp >/etc/nsswitch.conf;
- cp -af /etc/nsswitch.conf /etc/nsswitch.conf.rpmtemp
- else
- echo "$i entry found in /etc/nsswitch.conf"
- fi
- done
- if [ -f /etc/nsswitch.conf.rpmtemp ];then rm -f /etc/nsswitch.conf.rpmtemp;fi
-fi
-
-%preun winbind
-if [ $1 = 0 ]; then
- echo "Removing winbind%{samba_major} entries from /etc/nsswitch.conf"
- perl -pi -e 's/ winbind%{samba_major}//' /etc/nsswitch.conf
-
- /sbin/chkconfig winbind%{samba_major} reset
-fi
-%endif %build_winbind
+%preun
+if [ $1 = 0 ] ; then
+ /sbin/chkconfig --del smb
-%if %build_wins
-%post -n nss_wins%{samba_major}
-if [ $1 = 1 ]; then
- cp -af /etc/nsswitch.conf /etc/nsswitch.conf.rpmsave
- grep '^hosts' /etc/nsswitch.conf |grep -v 'wins%{samba_major}' >/dev/null
- if [ $? = 0 ];then
- echo "Adding a wins entry to the hosts section of /etc/nsswitch.conf"
- awk '/^hosts/ {print $0 " wins%{samba_major}"};!/^hosts/ {print}' /etc/nsswitch.conf.rpmsave >/etc/nsswitch.conf;
- else
- echo "wins entry found in /etc/nsswitch.conf"
+ # We want to remove the browse.dat file
+ if [ -e /var/lock/samba/browse.dat ]; then
+ rm -f /var/lock/samba/browse.dat
fi
-# else
-# echo "Upgrade, leaving nsswitch.conf intact"
-fi
-
-%preun -n nss_wins%{samba_major}
-if [ $1 = 0 ]; then
- echo "Removing wins entry from /etc/nsswitch.conf"
- perl -pi -e 's/ wins%{samba_major}//' /etc/nsswitch.conf
-#else
-# echo "Leaving /etc/nsswitch.conf intact"
fi
-%endif %build_wins
-
-%preun
-
-/sbin/chkconfig --level 35 smb%{samba_major} reset
+%postun
+# Only delete remnants of samba if this is the final deletion.
if [ $1 = 0 ] ; then
-%_preun_service smb%{samba_major}
-# /sbin/chkconfig --level 35 smb reset
-# Let's not loose /var/cache/samba
-
-# for i in browse.dat wins.dat brlock.tdb unexpected.tdb connections.tdb \
-#locking.tdb messages.tdb;do
-# if [ -e /var/cache/samba/$i ]; then
-# mv -f /var/cache/samba/$i /var/cache/samba/$i.BAK
-# fi;
-# done
- if [ -d /var/log/%{name} ]; then
- rm -rf /var/log/%{name}/*
+ if [ -x /etc/pam.d/samba ]; then
+ rm -f /etc/pam.d/samba
fi
- if [ -d /var/cache/%{name} ]; then
- mv -f /var/cache/%{name} /var/cache/%{name}.BAK
+ if [ -e /var/log/samba ]; then
+ rm -rf /var/log/samba
+ fi
+ if [ -e /var/lock/samba ]; then
+ rm -rf /var/lock/samba
fi
-fi
-
-%post swat
-if [ -f /var/lock/subsys/xinetd ]; then
- service xinetd reload >/dev/null 2>&1 || :
-fi
-%update_menus
-
-%postun swat
-# Remove swat entry from xinetd
-if [ $1 = 0 -a -f /etc/xinetd.conf ] ; then
-rm -f /etc/xinetd.d/swat%{samba_major}
- service xinetd reload &>/dev/null || :
+ # Remove swat entries from /etc/inetd.conf and /etc/services
+ cd /etc
+ tmpfile=/etc/tmp.$$
+ sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile
+ mv $tmpfile services
fi
-if [ "$1" = "0" -a -x /usr/bin/update-menus ]; then /usr/bin/update-menus || true ; fi
-
-%clean_menus
-
-%triggerpostun -- samba < 1.9.18p7
-
-if [ $1 != 0 ]; then
- /sbin/chkconfig --level 35 smb on
+%triggerpostun -- samba < samba-2.0.0
+if [ $0 != 0 ]; then
+ /sbin/chkconfig --add smb
fi
-%triggerpostun -- samba < 2.0.5a-3, samba >= 2.0.0
-
-if [ $1 != 0 ]; then
- [ ! -d /var/lock/samba ] && mkdir -m 0755 /var/lock/samba ||:
- [ ! -d /var/spool/samba ] && mkdir -m 1777 /var/spool/samba ||:
- [ -f /etc/inetd.conf ] && chmod 644 /etc/services /etc/inetd.conf ||:
-fi
-
-%files server
-%defattr(-,root,root)
-#%attr(-,root,root) /sbin/*
-%{_sbindir}/%{name}
-%{_sbindir}/smbd%{samba_major}
-%{_sbindir}/nmbd%{samba_major}
-#%{_sbindir}/smbcontrol
-#%{_sbindir}/mkntpwd
-#%{prefix}/bin/addtosmbpass
-%{_bindir}/mksmbpasswd.sh
-%{_bindir}/smbstatus%{samba_major}
-%{_bindir}/convert_smbpasswd%{samba_major}
-%{_bindir}/pdbedit%{samba_major}
-%{_bindir}/smbgroupedit%{samba_major}
-#%attr(755,root,root) /lib/security/pam_smbpass*
-#/usr/share/swat
-%attr(-,root,root) %config(noreplace) /etc/%{name}/smbusers
-%attr(-,root,root) %config /etc/rc.d/init.d/smb%{samba_major}
-%attr(-,root,root) %config(noreplace) /etc/logrotate.d/%{name}
-%attr(-,root,root) %config(noreplace) /etc/pam.d/%{name}
-#%attr(-,root,root) %config(noreplace) /etc/%{name}/samba-slapd.include
-%{_mandir}/man1/smbstatus*.1*
-%{_mandir}/man5/smbpasswd*.5*
-%{_mandir}/man7/samba*.7*
-%{_mandir}/man8/smbd*.8*
-%{_mandir}/man8/nmbd*.8*
-%{_mandir}/man1/smbcontrol*.1*
-%{_mandir}/man5/lmhosts*.5*
-%{_mandir}/man5/smb.conf*.5*
-%attr(775,root,root) %dir /var/lib/%{name}/netlogon
-%attr(775,root,root) %dir /var/lib/%{name}/profiles
-%attr(775,root,root) %dir /var/lib/%{name}/printers/*
-%dir /var/cache/%{name}
-%dir /var/log/%{name}
-%attr(1777,root,root) %dir /var/spool/%{name}
-%dir %{_datadir}/%{name}/scripts
-%attr(0755,root,root) %{_datadir}/%{name}/scripts/print-pdf
-#%attr(0750,root,root) %{_datadir}/%{name}/scripts/smbldap*.pl
-#%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/%{name}/smbldap_conf.pm
-#%attr(0644,root,root) %{_datadir}/%{name}/scripts/smbldap_tools.pm
-#%{perl_vendorlib}/*.pm
-%attr(0700,root,root) %{_datadir}/%{name}/scripts/*port_smbpasswd.pl
-
-
-%files doc
-%defattr(-,root,root)
+%files
%doc README COPYING Manifest Read-Manifest-Now
%doc WHATSNEW.txt Roadmap
-%doc README.%{name}-mandrake-rpm
%doc docs
-%doc examples
%doc swat/README
-%attr(-,root,root) %{_datadir}/swat%{samba_major}/using_samba/*
-
-%files swat
-%defattr(-,root,root)
-%config(noreplace) /etc/xinetd.d/swat%{samba_major}
-#%attr(-,root,root) /sbin/*
-%{_sbindir}/swat%{samba_major}
-%{_menudir}/%{name}
-%{_miconsdir}/*.xpm
-%{_liconsdir}/*.xpm
-%{_iconsdir}/*.xpm
-%attr(-,root,root) %{_datadir}/swat%{samba_major}/help/*
-%attr(-,root,root) %{_datadir}/swat%{samba_major}/images/*
-%attr(-,root,root) %{_datadir}/swat%{samba_major}/include/*
-%{_mandir}/man8/swat*.8*
-
-%files client
-%defattr(-,root,root)
-%ifnarch alpha
-/sbin/mount.smb%{samba_major}
-/sbin/mount.smbfs%{samba_major}
-%attr(755,root,root) %{_bindir}/smbmount%{samba_major}
-%attr(4755,root,root) %{_bindir}/smbumount%{samba_major}
-#%attr(4755,root,root) %{_sbindir}/smbmnt
-%{_mandir}/man8/smbmnt*.8*
-%{_mandir}/man8/smbmount*.8*
-%{_mandir}/man8/smbumount*.8*
-%endif
-%{_bindir}/nmblookup%{samba_major}
-%{_bindir}/findsmb%{samba_major}
-%{_bindir}/smbclient%{samba_major}
-%{_bindir}/smbprint%{samba_major}
-%{_bindir}/smbtar%{samba_major}
-%{_bindir}/smbspool%{samba_major}
-# Link of smbspool to CUPS
-/%{_libdir}/cups/backend/smb%{samba_major}
-/%{_mandir}/man1/nmblookup*.1*
-/%{_mandir}/man1/findsmb*.1*
-/%{_mandir}/man1/smbclient*.1*
-/%{_mandir}/man1/smbtar*.1*
-
-%files common
-%defattr(-,root,root)
-%dir /var/cache/%{name}
-%dir /var/log/%{name}
-%dir /var/run/%{name}
-%{_bindir}/testparm%{samba_major}
-%{_bindir}/testprns%{samba_major}
-%{_bindir}/rpcclient%{samba_major}
-%{_bindir}/smbsh%{samba_major}
-%{_bindir}/smbpasswd%{samba_major}
-%{_bindir}/net%{samba_major}
-%{_bindir}/smbtree%{samba_major}
-%{_libdir}/smbwrapper%{samba_major}.so
-%attr(-,root,root) %config(noreplace) /etc/%{name}/smb.conf
-%attr(-,root,root) %config(noreplace) /etc/%{name}/smb-winbind.conf
-%attr(-,root,root) %config(noreplace) /etc/%{name}/lmhosts
-%attr(-,root,root) /var/lib/%{name}/codepages
-%{_mandir}/man1/testparm*.1*
-%{_mandir}/man1/smbsh*.1*
-%{_mandir}/man1/testprns*.1*
-%{_mandir}/man5/smb.conf*.5*
-%{_mandir}/man5/lmhosts*.5*
-%{_mandir}/man8/smbpasswd*.8*
-/%{_mandir}/man1/smbcacls*.1*
-
-%if %build_winbind
-%files winbind
-%defattr(-,root,root)
-%{_sbindir}/winbindd%{samba_major}
-%{_bindir}/wbinfo%{samba_major}
-%attr(755,root,root) /lib/security/pam_winbind*
-%attr(755,root,root) /lib/libnss_winbind%{samba_major}*
-%attr(-,root,root) %config /etc/rc.d/init.d/winbind%{samba_major}
-%attr(-,root,root) %config(noreplace) /etc/pam.d/system-auth-winbind*
-%{_mandir}/man8/winbindd*.8*
-%{_mandir}/man1/wbinfo*.1*
-%endif
-
-%if %build_wins
-%files -n nss_wins%{samba_major}
-%defattr(-,root,root)
-%attr(755,root,root) /lib/libnss_wins%{samba_major}.so*
-%endif
-
-#Files for antivirus support:
-%if %build_fprot
-%files vscan-fprot
-%defattr(-,root,root)
-%{_libdir}/%{name}/vfs/vscan-fprotd.so
-%doc examples.bin/VFS/fprot/INSTALL
-%endif
-
-%if %build_kaspersky
-%files vscan-kaspersky
-%defattr(-,root,root)
-%{_libdir}/%{name}/vfs/vscan-kavp.so
-%doc examples.bin/VFS/kaspersky/INSTALL
-%endif
-
-%if %build_mks
-%files vscan-mks
-%defattr(-,root,root)
-%{_libdir}/%{name}/vfs/vscan-mksd.so
-%doc examples.bin/VFS/mks/INSTALL
-%endif
-
-%if %build_openantivirus
-%files vscan-openantivirus
-%defattr(-,root,root)
-%{_libdir}/%{name}/vfs/vscan-oav.so
-%doc examples.bin/VFS/openantivirus/INSTALL
-%endif
-
-%if %build_sophos
-%files vscan-sophos
-%defattr(-,root,root)
-%{_libdir}/%{name}/vfs/vscan-sophos.so
-%doc examples.bin/VFS/sophos/INSTALL
-%endif
-
-%if %build_symantec
-%files vscan-symantec
-%defattr(-,root,root)
-%{_libdir}/%{name}/vfs/vscan-symantec.so
-%doc examples.bin/VFS/symantec/INSTALL
-%endif
-
-%if %build_trend
-%files vscan-trend
-%defattr(-,root,root)
-%{_libdir}/%{name}/vfs/vscan-trend.so
-%doc examples.bin/VFS/trend/INSTALL
-%endif
-
-%changelog
-* Mon Oct 28 2002 Buchan Milne <bgmilne@linux-mandrake.com> 3.0-0.alpha20.3mdk
-- Fix mount.smbfs3 pointing to smbmount not in package
-- Remove unnecessary lines from install (now done by make)
-- Build with ldap and ads on all releases by default
-- Put av-stuff back
-
-* Mon Oct 21 2002 Buchan Milne <bgmilne@linux-mandrake.com> 3.0-0.alpha20.2mdk
-- When not building as system samba, avoid conflicting with system samba
-- Macro-ize as much as possible for above (aka finish cleanups)
-- Fix paths in init scripts and logrotate and xinetd
-- Fix provides and obsoletes so as to provide samba, but not obsolete
- current stable until we have a stable release (when it's the system samba).
-- Add warnings to descriptions when not system samba.
-- This is now parallel installable with the normal samba release, for easy
- testing. It shouldn't touch existing installations. Of course, only
- one samba at a time on the same interface!
-
-* Sat Sep 28 2002 Buchan Milne <bgmilne@linux-mandrake.com> 3.0-0.alpha20.1mdk
-- Merge with 2.2.6pre2.2mdk
-- Detect alpha- and beta-, along with pre-releases
-
-* Tue Feb 05 2002 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha14-0.1mdk
-- Sync with 2.2.3-2mdk (new --without options, detect when
- building for a different distribution.
-
-* Mon Feb 04 2002 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha14-0.0mdk
-- Sync with 2.2.2-10mdk, which added build-time options --with ldap,
- winbind, acl, wins, mdk72, mdk80, mdk81, mdk82, cooker. Added
- warning in description if built with these options.
-
-* Wed Jan 23 2002 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha13-0.2mdk
-- Added %%if's for build_ads, which hopefully will add Active Directory
- Support (by request).
-
-* Thu Jan 17 2002 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha13-0.1mdk
-- More syncing with 2.2 rpm (post and postun scripts)
-- Testing without ldap
-
-* Thu Jan 17 2002 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha13-0.0mdk
-- 3.0-alpha13
-- Fixed installman.sh patch.
-
-* Wed Jan 09 2002 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha12-0.1mdk
-- Fixed %post and %preun for nss_wins, added %post and %preun for
- samba-winbind (chkconfig and winbind entries in nsswitch.conf)
-
-* Sun Dec 23 2001 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha12-0.0mdk
-- 3.0-alpha12
-- Sync up with changes made in 2.2.2 to support Mandrake 8.0, 7.2
-- Added new subpackage for swat
-- More %if's for ldap.
-
-* Thu Dec 20 2001 Buchan Milne <bgmilne@cae.co.za> 3.0-alpha11-0.0mdk
-- 3.0-alpha11
-
-* Wed Dec 19 2001 Buchan Milne <bgmilne@cae.co.za> 3.0alpha10-0.0mdk
-- 3.0-alpha10
-
-* Tue Dec 18 2001 Buchan Milne <bgmilne@cae.co.za> 3.0alpha9-0.0mdk
-- 3.0-alpha9
-
-* Mon Dec 17 2001 Buchan Milne <bgmilne@cae.co.za> 3.0alpha8-0.1mdk
-- Added net command to %files common, pdbedit and smbgroupedit to
- %files, s/%{prefix}\/bin/%{_bindir}/ (the big cleanup).
- Added patch to smb.init from 2.2.2 (got missed with 3.0-alpha1 patches)
-
-* Sun Dec 16 2001 Buchan Milne <bgmilne@cae.co.za> 3.0alpha8-0.0mdk
-- Patch for installman.sh to handle lang=en correctly (p24)
-- added --with-manpages-langs=en,ja,pl (translated manpages), but there
- aren't any manpages for these languages yet ... so we still
- need %dir and %doc entries for them ...
-- patch (p25) to configure.in to support more than 2 languages.
-- addtosmbpass seems to have returned for now, but make_* have disappeared!
-
-* Fri Dec 14 2001 Buchan Milne <bgmilne@cae.co.za> 3.0alpha6-0.0mdk
-- DESTDIR patch for Makefile.in (p23), remove a lot of %install scripts
- this forces move of smbcontrol and smbmnt to %{prefix}/bin
- removed --with-pam_smbpass as it doesn't compile.
-
-* Thu Dec 06 2001 Buchan Milne <bgmilne@cae.co.za> 3.0-0.0alpha1mdk
-- Samba 3.0alpha1 released (we missed Samba 3.0alpha0!)
-- Redid smbmount-sbin patch and smb.conf patch (20), removed xfs quota patch
- (applied upstream), removed ook-patch (codepage directory totally different).
-- Added winbind.init (21) and system-auth-winbind.pamd (22). Patches 20-23
- should be applied upstream before 3.0 ships ...
-
-* Wed Dec 05 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.2-6mdk
-- fixed typo in system-auth-winbind.pamd (--Thanks J. Gluck).
-- fixed %post xxx problem (smb not started in chkconfig --Thanks Viet & B. Kenworthy).
-
-* Fri Nov 23 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.2-5mdk
-- Had to remove the network recycle bin patch: it seems to mess up
- file deletion from windows (files appear to be "already in use")
-
-* Tue Nov 13 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.2-4mdk
-- added network recycle bin patch:
- <http://www.amherst.edu/~bbstone/howto/samba.html>
-- added "recycle bin = .recycled" parameter in smb.conf [homes].
-- fixed winbind/nss_wins perms (oh no I don't own that stuff ;o)
-
-* Mon Nov 12 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.2-3mdk
-- added %build 8.0 and 7.2, for tweakers to play around.
-- changed configure options:
- . removed --with-mmap, --with-netatalk (obsolete).
- . added --with-msdfs, --with-vfs (seems stable, but still need testing).
-
-* Mon Nov 12 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.2-2mdk
-- rebuilt with winbind and nss_wins enabled.
-
-* Wed Oct 31 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.2-1mdk
-- Rebuilt on cooker.
-
-* Wed Oct 31 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.992mdk
-- Patch for smb.conf to fix incorrect lpq command, typo in winbind,
- and add sample linpopup command. Added print driver directories.
-- New XFS quota patch (untested!, samba runs, but do quotas work? We
- can't check yet since the kernel doesn't seem to support XFS quotas!)
-
-* Fri Oct 19 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.2-0.99mdk
-- New samba.spec, almost ready for winbind operations. OLA for Buchan Milne
- Who did a tremendous integration work on 2.2.2.
- Rebuild on cooker, please test XFS (ACLs and quotas) again...
-
-* Mon Oct 15 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.9mdk
-- Samba-2.2.2. released! Use %defines to determine which subpackages
- are built and which Mandrake release we are buiding on/for (hint: define
- build_mdk81 1 for Mandrake 8.1 updates)
-
-* Sun Oct 14 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.20011014mdk
-- %post and %postun for nss_wins
-
-* Wed Oct 10 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.20011010mdk
-- New CVS snapshot, /etc/pam.d/system-auth-winbind added
- with configuration to allow easy winbind setup.
-
-* Sun Oct 7 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.20011007mdk
-- Added new package nss_wins and moved smbpasswd to common (required by
- winbind).
-
-* Sat Oct 6 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.20011006mdk
-- Added new package winbind.
-
-* Mon Oct 1 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.20011001mdk
-- Removed patch to smb init.d file (applied in cvs)
-
-* Sun Sep 30 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.20010930mdk
-- Added winbind init script, which still needs to check for running nmbd.
-
-* Thu Sep 27 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.2-0.20010927mdk
-- Built from samba-2.2.2-pre cvs, added winbindd, wbinfo, nss_winbind and
- pam_winbind, moved pam_smbpass from samba-common to samba. We still
- need a start-up script for winbind, or need to modify existing one.
-
-* Mon Sep 10 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1a-15mdk
-- Enabled acl support (XFS acls now supported by kernel-2.4.8-21mdk thx Chmou)
- Added smbd patch to support XFS quota (Nathan Scott)
-
-* Mon Sep 10 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1a-14mdk
-- Oops! smbpasswd created in wrong directory...
-
-* Tue Sep 06 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1a-13mdk
-- Removed a wrong comment in smb.conf.
- Added creation of smbpasswd during install.
-
-* Mon Aug 27 2001 Pixel <pixel@mandrakesoft.com> 2.2.1a-12mdk
-- really less verbose %%post
-
-* Sat Aug 25 2001 Geoffrey Lee <snailtalk@mandrakesoft.com> 2.2.1a-11mdk
-- Fix shared libs in /usr/bin silliness.
-
-* Thu Aug 23 2001 Pixel <pixel@mandrakesoft.com> 2.2.1a-10mdk
-- less verbose %%post
-
-* Wed Aug 22 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.1a-9mdk
-- Added smbcacls (missing in %files), modification to smb.conf: ([printers]
- is still needed, even with point-and-print!, user add script should
- use name and not gid, since we may not get the gid . New script for
- putting manpages in place (still need to be added in %files!). Moved
- smbcontrol to sbin and added it and its man page to %files.
-
-* Wed Aug 22 2001 Pixel <pixel@mandrakesoft.com> 2.2.1a-8mdk
-- cleanup /var/lib/samba/codepage/src
-
-* Tue Aug 21 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1a-7mdk
-- moved codepage generation to %install and codepage dir to /var/lib/samba
-
-* Tue Aug 21 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1a-6mdk
-- /lib/* was in both samba and samba-common
- Introducing samba-doc: "alas, for the sake of thy modem, shalt thou remember
- when Samba was under the Megabyte..."
-
-* Fri Aug 03 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1a-5mdk
-- Added "the gc touch" to smbinit through the use of killall -0 instead of
- grep cupsd | grep -v grep (too many greps :o)
-
-* Wed Jul 18 2001 Stefan van der Eijk <stefan@eijk.nu> 2.2.1a-4mdk
-- BuildRequires: libcups-devel
-- Removed BuildRequires: openssl-devel
-
-* Fri Jul 13 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1a-3mdk
-- replace chkconfig --add/del with --level 35 on/reset.
-
-* Fri Jul 13 2001 Geoffrey Lee <snailtalk@mandrakesoft.cm> 2.2.1a-2mdk
-- Replace discription s/inetd/xinetd/, we all love xinetd, blah.
-
-* Thu Jul 12 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.1a-1mdk
-- Bugfix release. Fixed add user script, added print$ share and printer admin
- We need to test interaction of new print support with CUPS, but printer
- driver uploads should work.
-
-* Wed Jul 11 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-17mdk
-- fixed smb.conf a bit, rebuilt on cooker.
-
-* Tue Jul 10 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.1-16mdk
-- Finally, samba 2.2.1 has actually been release. At least we were ready!
- Cleaned up smb.conf, and added some useful entries for domain controlling.
- Migrated changes made in samba's samba2.spec for 2.2.1 to this file.
- Added groupadd command in post to create a group for samba machine accounts.
- (We should still check the postun, samba removes pam, logs and cache)
-
-* Tue Jun 26 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-15mdk
-- fixed smbwrapper compile options.
-
-* Tue Jun 26 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-14mdk
-- added LFS support.
- added smbwrapper support (smbsh)
-
-* Wed Jun 20 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-13mdk
-- /sbin/mount.smb and /sbin/mount.smbfs now point to the correct location
- of smbmount (/usr/bin/smbmount)
-
-* Tue Jun 19 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-12mdk
-- smbmount and smbumount are now in /usr/bin and SUID.
- added ||: to triggerpostun son you don't get error 1 anymore when rpm -e
- Checked the .bz2 sources with file *: everything is OK now (I'm so stupid ;o)!
-
-* Tue Jun 19 2001 Geoffrey Lee <snailtalk@mandrakesoft.com> 2.2.1-11mdk
-- s/Copyright/License/;
-- Stop Sylvester from pretending .gz source to be .bz2 source via filename
- aka really bzip2 the source.
-
-* Mon Jun 18 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-10mdk
-- changed Till's startup script modifications: now samba is being reloaded
- automatically 1 minute after it has started (same reasons as below in 9mdk)
- added _post_ and _preun_ for service smb
- fixed creation of /var/lib/samba/{netlogon,profiles} (%dir was missing)
-
-* Thu Jun 14 2001 Till Kamppeter <till@mandrakesoft.com> 2.2.1-9mdk
-- Modified the Samba startup script so that in case of CUPS being used as
- printing system Samba only starts when the CUPS daemon is ready to accept
- requests. Otherwise the CUPS queues would not appear as Samba shares.
-
-* Mon Jun 11 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-8mdk
-- patched smbmount.c to have it call smbmnt in sbin (thanks Seb).
-
-* Wed May 30 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-7mdk
-- put SWAT menu icons back in place.
-
-* Mon May 28 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-6mdk
-- OOPS! fixed smbmount symlinks
-
-* Mon May 28 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-5mdk
-- removed inetd postun script, replaced with xinetd.
- updated binary list (smbcacls...)
- cleaned samba.spec
-
-* Mon May 28 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.1-4mdk
-- Changed configure options to point to correct log and codepage directories,
- added crude script to fix logrotate file for new log file names, updated
- patches to work with current CVS.
-
-* Thu May 24 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-3mdk
-- Cleaned and updated the %files section.
-
-* Sat May 19 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.1-2mdk
-- Moved all samba files from /etc to /etc/samba (Thanks DomS!).
- Fixed fixinit patch (/etc/samba/smb.conf)
-
-* Fri May 18 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.1-1mdk
-- Now use packaging/Mandrake/smb.conf, removed unused and obsolete
- patches, moved netlogon and profile shares to /var/lib/samba in the
- smb.conf to match the spec file. Added configuration for ntlogon to
- smb.conf. Removed pam-foo, fixinit and makefilepath patches. Removed
- symlink I introduced in 2.2.0-1mdk
-
-* Thu May 3 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.0-5mdk
-- Added more configure options. Changed Description field (thx John T).
-
-* Wed Apr 25 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.0-4mdk
-- moved netlogon and profiles to /var/lib/samba by popular demand ;o)
-
-* Tue Apr 24 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.0-3mdk
-- moved netlogon and profiles back to /home.
-
-* Fri Apr 20 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.2.0-2mdk
-- fixed post inetd/xinetd script&
-
-* Thu Apr 19 2001 Buchan Milne <bgmilne@cae.co.za> 2.2.0-1mdk
-- Upgrade to 2.2.0. Merged most of 2.0.7-25mdk's patches (beware
- nasty "ln -sf samba-%{ver} ../samba-2.0.7" hack to force some patches
- to take. smbadduser and addtosmbpass seem to have disappeared. Moved
- all Mandrake-specific files to packaging/Mandrake and made patches
- from those shipped with samba. Moved netlogon to /home/samba and added
- /home/samba/profiles. Added winbind,smbfilter and debug2html to make command.
-
-* Thu Apr 12 2001 Frederic Crozat <fcrozat@mandrakesoft.com> 2.0.7-25mdk
-- Fix menu entry and provide separate menu entry for GNOME
- (nautilus doesn't support HTTP authentication yet)
-- Add icons in package
-
-* Fri Mar 30 2001 Frederic Lepied <flepied@mandrakesoft.com> 2.0.7-24mdk
-- use new server macros
-
-* Wed Mar 21 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-23mdk
-- check whether /etc/inetd.conf exists (upgrade) or not (fresh install).
-
-* Thu Mar 15 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-22mdk
-- spec cosmetics, added '-r' option to lpr-cups command line so files are
- removed from /var/spool/samba after printing.
-
-* Tue Mar 06 2001 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-21mdk
-- merged last rh patches.
-
-* Thu Nov 23 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-20mdk
-- removed dependencies on cups and cups-devel so one can install samba without using cups
-- added /home/netlogon
-
-* Mon Nov 20 2000 Till Kamppeter <till@mandrakesoft.com> 2.0.7-19mdk
-- Changed default print command in /etc/smb.conf, so that the Windows
- driver of the printer has to be used on the client.
-- Fixed bug in smbspool which prevented from printing from a
- Linux-Samba-CUPS client to a Windows server through the guest account.
-
-* Mon Oct 16 2000 Till Kamppeter <till@mandrakesoft.com> 2.0.7-18mdk
-- Moved "smbspool" (Samba client of CUPS) to the samba-client package
-
-* Sat Oct 7 2000 Stefan van der Eijk <s.vandereijk@chello.nl> 2.0.7-17mdk
-- Added RedHat's "quota" patch to samba-glibc21.patch.bz2, this fixes
- quota related compile problems on the alpha.
-
-* Wed Oct 4 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-16mdk
-- Fixed 'guest ok = ok' flag in smb.conf
-
-* Tue Oct 3 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-15mdk
-- Allowed guest account to print in smb.conf
-- added swat icon in menu
-
-* Tue Oct 3 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-14mdk
-- Removed rh ssl patch and --with-ssl flag: not appropriate for 7.2
-
-* Tue Oct 3 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-13mdk
-- Changed fixinit patch.
-- Changed smb.conf for better CUPS configuration.
-- Thanks Fred for doing this ---vvv.
-
-* Tue Oct 3 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.0.7-12mdk
-- menu entry for web configuration tool.
-- merge with rh: xinetd + ssl + pam_stack.
-- Added smbadduser rh-bugfix w/o relocation of config-files.
-
-* Mon Oct 2 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.0.7-11mdk
-- added build requires on cups-devel and pam-devel.
-
-* Mon Oct 2 2000 Till Kamppeter <till@mandrakesoft.com> 2.0.7-10mdk
-- Fixed smb.conf entry for CUPS: "printcap name = lpstat", "lpstats" was
- wrong.
-
-* Mon Sep 25 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-9mdk
-- Cosmetic changes to make rpmlint more happy
-
-* Wed Sep 11 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-8mdk
-- added linkage to the using_samba book in swat
-
-* Fri Sep 01 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-7mdk
-- Added CUPS support to smb.conf
-- Added internationalization options to smb.conf [Global]
-
-* Wed Aug 30 2000 Till Kamppeter <till@mandrakesoft.com> 2.0.7-6mdk
-- Put "smbspool" to the files to install
-
-* Wed Aug 30 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-5mdk
-- Did some cleaning in the patches
-
-* Fri Jul 28 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-4mdk
-- relocated man pages from /usr/man to /usr/share/man for compatibility reasons
-
-* Fri Jul 28 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-3mdk
-- added make_unicodemap and build of unicode_map.$i in the spec file
-
-* Fri Jul 28 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-2mdk
-- renamed /etc/codepage/codepage.$i into /etc/codepage/unicode_map.$i to fix smbmount bug.
-
-* Fri Jul 07 2000 Sylvestre Taburet <staburet@mandrakesoft.com> 2.0.7-1mdk
-- 2.0.7
-
-* Wed Apr 05 2000 Francis Galiegue <fg@mandrakesoft.com> 2.0.6-4mdk
-
-- Titi sucks, does not put versions in changelog
-- Fixed groups for -common and -client
-- /usr/sbin/samba is no config file
-
-* Thu Mar 23 2000 Thierry Vignaud <tvignaud@mandrakesoft.com>
-- fix buggy post install script (pixel)
-
-* Fri Mar 17 2000 Francis Galiegue <francis@mandrakesoft.com> 2.0.6-2mdk
-
-- Changed group according to 7.1 specs
-- Some spec file changes
-- Let spec-helper do its job
-
-* Thu Nov 25 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
-- 2.0.6.
-
-* Tue Nov 2 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
-- Merge with rh changes.
-- Split in 3 packages.
-
-* Fri Aug 13 1999 Pablo Saratxaga <pablo@@mandrakesoft.com>
-- corrected a bug with %post (the $1 parameter is "1" in case of
- a first install, not "0". That parameter is the number of packages
- of the same name that will exist after running all the steps if nothing
- is removed; so it is "1" after first isntall, "2" for a second install
- or an upgrade, and "0" for a removal)
-
-* Wed Jul 28 1999 Pablo Saratxaga <pablo@@mandrakesoft.com>
-- made smbmnt and smbumount suid root, and only executable by group 'smb'
- add to 'smb' group any user that should be allowed to mount/unmount
- SMB shared directories
-
-* Fri Jul 23 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
-- 2.0.5a (bug security fix).
-
-* Wed Jul 21 1999 Axalon Bloodstone <axalon@linux-mandrake.com>
-- 2.0.5
-- cs/da/de/fi/fr/it/tr descriptions/summaries
-
-* Sun Jun 13 1999 Bernhard Rosenkränzer <bero@mandrakesoft.com>
-- 2.0.4b
-- recompile on a system that works ;)
-
-* Wed Apr 21 1999 Chmouel Boudjnah <chmouel@mandrakesoft.com>
-- Mandrake adaptations.
-- Bzip2 man-pages.
-
-* Fri Mar 26 1999 Bill Nottingham <notting@redhat.com>
-- add a mount.smb to make smb mounting a little easier.
-- smb filesystems apparently do not work on alpha. Oops.
-
-* Thu Mar 25 1999 Bill Nottingham <notting@redhat.com>
-- always create codepages
-
-* Tue Mar 23 1999 Bill Nottingham <notting@redhat.com>
-- logrotate changes
-
-* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
-- auto rebuild in the new build environment (release 3)
-
-* Fri Mar 19 1999 Preston Brown <pbrown@redhat.com>
-- updated init script to use graceful restart (not stop/start)
-
-* Tue Mar 9 1999 Bill Nottingham <notting@redhat.com>
-- update to 2.0.3
-
-* Thu Feb 18 1999 Bill Nottingham <notting@redhat.com>
-- update to 2.0.2
-
-* Mon Feb 15 1999 Bill Nottingham <notting@redhat.com>
-- swat swat
-
-* Tue Feb 9 1999 Bill Nottingham <notting@redhat.com>
-- fix bash2 breakage in post script
-
-* Fri Feb 5 1999 Bill Nottingham <notting@redhat.com>
-- update to 2.0.0
-
-* Mon Oct 12 1998 Cristian Gafton <gafton@redhat.com>
-- make sure all binaries are stripped
-
-* Thu Sep 17 1998 Jeff Johnson <jbj@redhat.com>
-- update to 1.9.18p10.
-- fix %triggerpostun.
-
-* Tue Jul 07 1998 Erik Troan <ewt@redhat.com>
-- updated postun triggerscript to check $0
-- clear /etc/codepages from %preun instead of %postun
-
-* Mon Jun 08 1998 Erik Troan <ewt@redhat.com>
-- made the %postun script a tad less agressive; no reason to remove
- the logs or lock file (after all, if the lock file is still there,
- samba is still running)
-- the %postun and %preun should only exectute if this is the final
- removal
-- migrated %triggerpostun from Red Hat's samba package to work around
- packaging problems in some Red Hat samba releases
+%doc examples
+%attr(-,root,root) %{prefix}/sbin/*
+%attr(-,root,root) /sbin/*
+%attr(-,root,root) %{prefix}/bin/*
+%attr(755,root,root) /lib/*
+%attr(-,root,root) %{prefix}/share/swat/help/*
+%attr(-,root,root) %{prefix}/share/swat/images/*
+%attr(-,root,root) %{prefix}/share/swat/include/*
+%attr(-,root,root) %{prefix}/share/swat/using_samba/*
+%attr(-,root,root) %config(noreplace) /etc/samba/lmhosts
+%attr(-,root,root) %config(noreplace) /etc/samba/smb.conf
+%attr(-,root,root) %config(noreplace) /etc/samba/smbusers
+%attr(-,root,root) /etc/rc.d/init.d/smb
+%attr(-,root,root) /etc/logrotate.d/samba
+%attr(-,root,root) %config(noreplace) /etc/pam.d/samba
+%attr(-,root,root) %{prefix}/share/man/man1/*
+%attr(-,root,root) %{prefix}/share/man/man5/*
+%attr(-,root,root) %{prefix}/share/man/man7/*
+%attr(-,root,root) %{prefix}/share/man/man8/*
+%attr(-,root,root) %dir /etc/samba/
+%attr(-,root,root) %dir /usr/share/samba/codepages/*
+%attr(-,root,root) %dir /usr/share/samba/codepages/src/*
+%attr(-,root,root) %dir /var/lock/samba
+%attr(-,root,root) %dir /var/log/samba
+%attr(1777,root,root) %dir /var/spool/samba
-* Sun Apr 26 1998 John H Terpstra <jht@samba.anu.edu.au>
-- minor tidy up in preparation for release of 1.9.18p5
-- added findsmb utility from SGI package
-* Wed Mar 18 1998 John H Terpstra <jht@samba.anu.edu.au>
-- Updated version and codepage info.
-- Release to test name resolve order
-* Sat Jan 24 1998 John H Terpstra <jht@samba.anu.edu.au>
-- Many optimisations (some suggested by Manoj Kasichainula <manojk@io.com>
-- Use of chkconfig in place of individual symlinks to /etc/rc.d/init/smb
-- Compounded make line
-- Updated smb.init restart mechanism
-- Use compound mkdir -p line instead of individual calls to mkdir
-- Fixed smb.conf file path for log files
-- Fixed smb.conf file path for incoming smb print spool directory
-- Added a number of options to smb.conf file
-- Added smbadduser command (missed from all previous RPMs) - Doooh!
-- Added smbuser file and smb.conf file updates for username map
-
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
#======================= Global Settings =====================================
[global]
-# 1. Server Naming Options:
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MDKGROUP
-# netbios name is the name you will see in "Network Neighbourhood",
-# but defaults to your hostname
-; netbios name = <name_of_this_server>
-
# server string is the equivalent of the NT Description field
server string = Samba Server %v
-# Message command is run by samba when a "popup" message is sent to it.
-# The example below is for use with LinPopUp:
-; message command = /usr/bin/linpopup "%f" "%m" %s; rm %s
+# This option is important for security. It allows you to restrict
+# connections to machines which are on your local network. The
+# following example restricts access to two C class networks and
+# the "loopback" interface. For more examples of the syntax see
+# the smb.conf man page
+; hosts allow = 192.168.1. 192.168.2. 127.
+
+# Enabling internationalization:
+# you can match a Windows code page with a UNIX character set.
+# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
+# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
+# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
+# 950 (Trad. Chin.).
+# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
+# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
+# This is an example for french users:
+; client code page = 850
+; character set = ISO8859-1
+
-# 2. Printing Options:
# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
# (as cups is now used in linux-mandrake 7.2 by default)
# if you want to automatically load your printer list rather
# bsd, sysv, plp, lprng, aix, hpux, qnx, cups
printing = cups
-# Samba 2.2 supports the Windows NT-style point-and-print feature. To
-# use this, you need to be able to upload print drivers to the samba
-# server. The printer admins (or root) may install drivers onto samba.
-# Note that this feature uses the print$ share, so you will need to
-# enable it below.
-# This parameter works like domain admin group:
-# printer admin = @<group> <user>
-; printer admin = @adm
-# This should work well for winbind:
-; printer admin = @"Domain Admins"
-
-# 3. Logging Options:
+
+# Uncomment this if you want a guest account, you must add this to /etc/passwd
+# otherwise the user "nobody" is used
+; guest account = pcguest
+
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 50
-# Set the log (verbosity) level (0 <= log level <= 10)
-; log level = 3
-
-# 4. Security and Domain Membership Options:
-# This option is important for security. It allows you to restrict
-# connections to machines which are on your local network. The
-# following example restricts access to two C class networks and
-# the "loopback" interface. For more examples of the syntax see
-# the smb.conf man page. Do not enable this if (tcp/ip) name resolution does
-# not work for all the hosts in your network.
-; hosts allow = 192.168.1. 192.168.2. 127.
-
-# Uncomment this if you want a guest account, you must add this to /etc/passwd
-# otherwise the user "nobody" is used
-; guest account = pcguest
-
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
-# Use password server option only with security = server or security = domain
-# When using security = domain, you should use password server = *
+# Use password server option only with security = server
; password server = <NT-Server-Name>
-; password server = *
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
-# Encrypted passwords are required for any use of samba in a Windows NT domain
-# The smbpasswd file is only required by a server doing authentication, thus
-# members of a domain do not need one.
- encrypt passwords = yes
- smb passwd file = /etc/samba/smbpasswd
+; encrypt passwords = yes
+; smb passwd file = /etc/samba/private/smbpasswd
# The following are needed to allow password changing from Windows to
-# also update the Linux system password.
+# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
; unix password sync = Yes
-# You either need to setup a passwd program and passwd chat, or
-# enable pam password change
-; pam password change = yes
; passwd program = /usr/bin/passwd %u
-; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
-;*passwd:*all*authentication*tokens*updated*successfully*
+; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
# Unix users can map to different SMB User names
-; username map = /etc/samba/smbusers
+; username map = /etc/smbusers
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
-; include = /etc/samba/smb.conf.%m
-
-# Options for using winbind. Winbind allows you to do all account and
-# authentication from a Windows or samba domain controller, creating
-# accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's
-# and gid's. winbind uid and winbind gid are the only required parameters.
-#
-# winbind uid is the range of uid's winbind can use when mapping RIDs to uid's
-; winbind uid = 10000-20000
-#
-# winbind gid is the range of uid's winbind can use when mapping RIDs to gid's
-; winbind gid = 10000-20000
-#
-# winbind separator is the character a user must use between their domain
-# name and username, defaults to "\"
-; winbind separator = +
-#
-# winbind use default domain allows you to have winbind return usernames
-# in the form user instead of DOMAIN+user for the domain listed in the
-# workgroup parameter.
-; winbind use default domain = yes
-#
-# template homedir determines the home directory for winbind users, with
-# %D expanding to their domain name and %U expanding to their username:
-; template homedir = /home/%D/%U
-
-# When using winbind, you may want to have samba create home directories
-# on the fly for authenticated users. Ensure that /etc/pam.d/samba is
-# using 'service=system-auth-winbind' in pam_stack modules, and then
-# enable obedience of pam restrictions below:
-; obey pam restrictions = yes
-
-#
-# template shell determines the shell users authenticated by winbind get
-; template shell = /bin/bash
+; include = /etc/smb.conf.%m
-# 5. Browser Control and Networking Options:
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
-# a specific host or from / to a whole subnet (see below)
+# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.2.44
+# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# and gives it a slightly higher chance of winning the election
; preferred master = yes
-# 6. Domain Control Options:
# Enable this if you want Samba to be a domain logon server for
-# Windows95 workstations or Primary Domain Controller for WinNT and Win2k
+# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# run a specific logon batch file per username
; logon script = %U.bat
-# Where to store roaming profiles for WinNT and Win2k
+# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
-# Where to store roaming profiles for Win9x. Be careful with this as it also
-# impacts where Win2k finds it's /HOME share
-; logon home = \\%L\%U\.profile
-
-# The add user script is used by a domain member to add local user accounts
-# that have been authenticated by the domain controller, or by the domain
-# controller to add local machine accounts when adding machines to the domain.
-# The script must work from the command line when replacing the macros,
-# or the operation will fail. Check that groups exist if forcing a group.
-# Script for domain controller for adding machines:
-; add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
-# Script for domain controller with LDAP backend for adding machines (please
-# configure in /etc/samba/smbldap_conf.pm first):
-; add user script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u
-# Script for domain member for adding local accounts for authenticated users:
-; add user script = /usr/sbin/useradd -s /bin/false %u
-
-# Domain groups:
-# domain admin group is a list of unix users or groups who are made members
-# of the Domain Admin group
-; domain admin group = root @wheel
-#
-# domain guest groups is a list of unix users or groups who are made members
-# of the Domain Guests group
-; domain guest group = nobody @guest
-
-# LDAP configuration for Domain Controlling:
-# The account (dn) that samba uses to access the LDAP server
-# This account needs to have write access to the LDAP tree
-# You will need to give samba the password for this dn, by
-# running 'smbpasswd -w mypassword'
-; ldap admin dn = cn=root,dc=mydomain,dc=com
-; ldap ssl = start_tls
-# start_tls should run on 389, but samba defaults incorrectly to 636
-; ldap port = 389
-; ldap suffix = dc=mydomain,dc=com
-; ldap server = ldap.mydomain.com
-
-
-# 7. Name Resolution Options:
# All NetBIOS names must be resolved to IP Addresses
# 'Name Resolve Order' allows the named resolution mechanism to be specified
# the default order is "host lmhosts wins bcast". "host" means use the unix
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
-# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
+# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
-# at least one WINS Server on the network. The default is NO.
+# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# this has been changed in version 1.9.18 to no.
dns proxy = no
-# 8. File Naming Options:
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
-# Enabling internationalization:
-# you can match a Windows code page with a UNIX character set.
-# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
-# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
-# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
-# 950 (Trad. Chin.).
-# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
-# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
-# This is an example for french users:
-; client code page = 850
-; character set = ISO8859-1
-
-
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
-# You can enable VFS recycle bin on a per share basis:
-# Uncomment the next 2 lines (make sure you create a
-# .recycle folder in the base of the share and ensure
-# all users will have write access to it. See
-# examples/VFS/recycle/REAME in samba-doc for details
-; vfs object = /usr/lib/samba/vfs/recycle.so
-; vfs options= /etc/samba/recycle.conf
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
+; share modes = no
#Uncomment the following 2 lines if you would like your login scripts to
#be created dynamically by ntlogon (check that you have it in the correct
-#location (the default of the ntlogon rpm available in contribs)
+#locationn (the default of the ntlogon rpm available in contribs)
;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon
;root postexec = rm -f /var/lib/samba/netlogon/%U.bat
# =====================================
# print command: see above for details.
# =====================================
- print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
+ print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
; print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
-# The following two commands are the samba defaults for printing=cups
-# change them only if you need different options:
-; lpq command = lpq -P %p
-; lprm command = cancel %p-%j
-
-# This share is used for Windows NT-style point-and-print support.
-# To be able to install drivers, you need to be either root, or listed
-# in the printer admin parameter above. Note that you also need write access
-# to the directory and share definition to be able to upload the drivers.
-# For more information on this, please see the Printing Support Section of
-# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
-[print$]
- path = /var/lib/samba/printers
- browseable = yes
- read only = yes
- write list = @adm root
-
-# A useful application of samba is to make a PDF-generation service
-# To streamline this, install windows postscript drivers (preferably colour)
-# on the samba server, so that clients can automatically install them.
-
-[pdf-generator]
- path = /var/tmp
- guest ok = No
- printable = Yes
- comment = PDF Generator (only valid users)
- #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &
- print command = /usr/share/samba/scripts/print-pdf %s ~%u \\\\\\\\%L\\\\%u %m %I &
+ lpq command = lpstat -o %p
+ lprm command = cancel %p-%j
# This one is useful for people to share files
;[tmp]
; public = yes
; writable = no
; write list = @staff
-# Audited directory through experimental VFS audit.so module:
-# Uncomment next line.
-; vfs object = /usr/lib/samba/vfs/audit.so
# Other examples.
#
-# A private printer, usable only by Fred. Spool data will be placed in Fred's
+# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; writable = no
; printable = yes
-# A private directory, usable only by Fred. Note that Fred requires write
+# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; printable = no
; create mask = 0765
+
#!/bin/sh
#
-# chkconfig: 35 91 9
+# chkconfig: - 91 35
# description: Starts and stops the Samba smbd and nmbd daemons \
# used to provide SMB network services.
start() {
- # If CUPS is used as printing system, reload smb after a 1 minute delay
- # to allow the printers to appear properly as samba shares.
- if killall -0 cupsd 2>/dev/null; then
- ( sleep 60 && killproc smbd -HUP ) &
- fi
- export TMPDIR="/var/tmp"
echo -n "Starting SMB services: "
daemon smbd -D
RETVAL=$?
start
}
reload() {
- export TMPDIR="/var/tmp"
echo -n "Reloading smb.conf file: "
killproc smbd -HUP
RETVAL=$?
-Preparation Date: Fri Aug 21, 1998
-Preparer: John H Terpstra <jht@samba.org>
+Preparer: Gerald Carter <jerry@samba.org>
-Instructions: Preparing Samba Packages for Red Hat Linux 5.X
+Instructions: Preparing Samba Packages for Red Hat Linux
===============================================================
-We provide support only for current versions of Red Hat Linux.
+We provide support only for the latest stable release of major
+branches (e.g 6.2, 7.3, and 8.0). The makerpms.sh script
+supports rpm version 2.x, 3.x, and 4.x
To produce the RPMS simply type:
- sh makerpms.sh
+
+ root# sh makerpms.sh
+++ /dev/null
-#!/usr/bin/perl
-#
-# Prints info on all smb responding machines on a subnet.
-# This script needs to be run on a machine without nmbd running and be
-# run as root to get correct info from WIN95 clients.
-#
-# syntax:
-# findsmb [subnet broadcast address]
-#
-# with no agrument it will list machines on the current subnet
-#
-# There will be a "+" in front of the workgroup name for machines that are
-# local master browsers for that workgroup. There will be an "*" in front
-# of the workgroup name for machines that are the domain master browser for
-# that workgroup.
-#
-
-$SAMBABIN = "/usr/bin";
-
-for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address
- $_ = shift;
- if (m/-d|-D/) {
- $DEBUG = 1;
- } else {
- if ($_) {
- $BCAST = "-B $_";
- }
- }
-}
-
-sub ipsort # do numeric sort on last field of IP address
-{
- @t1 = split(/\./,$a);
- @t2 = split(/\./,$b);
- @t1[3] <=> @t2[3];
-}
-
-# look for all machines that respond to a name lookup
-
-open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") ||
- die("Can't run nmblookup '*'.\n");
-
-# get rid of all lines that are not a response IP address,
-# strip everything but IP address and sort by last field in address
-
-@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,<NMBLOOKUP>);
-
-# print header info
-
-print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n";
-print "---------------------------------------------------------------------\n";
-
-foreach $ip (@ipaddrs) # loop through each IP address found
-{
- $ip =~ s/\n//; # strip newline from IP address
-
-# find the netbios names registered by each machine
-
- open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") ||
- die("Can't get nmb name list.\n");
- @nmblookup = <NMBLOOKUP>;
- close NMBLOOKUP;
-
-# get the first <00> name
-
- @name = grep(/<00>/,@nmblookup);
- $_ = @name[0];
- if ($_) { # we have a netbios name
- if (/GROUP/) { # is it a group name
- ($name, $aliases, $type, $length, @addresses) =
- gethostbyaddr(pack('C4',split('\.',$ip)),2);
- if (! $name) { # could not get name
- $name = "unknown nis name";
- }
- } else {
-# The Netbios name can contain lot of characters also '<' '>'
-# and spaces. The follwing cure inside name space but not
-# names starting or ending with spaces
- /(.{1,15})\s+<00>\s+/;
- $name = $1;
- }
-
-# do an smbclient command on the netbios name.
-
- open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") ||
- die("Can't do smbclient command.\n");
- @smb = <SMB>;
- close SMB;
-
- if ($DEBUG) { # if -d flag print results of nmblookup and smbclient
- print "===============================================================\n";
- print @nmblookup;
- print @smb;
- }
-
-# look for the OS= string
-
- @info = grep(/OS=/,@smb);
- $_ = @info[0];
- if ($_) { # we found response
- s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter
-
- } else { # no OS= string in response (WIN95 client)
-
-# for WIN95 clients get workgroup name from nmblookup response
- @name = grep(/<00> - <GROUP>/,@nmblookup);
- $_ = @name[0];
- if ($_) {
-# Same as before for space and characters
- /(.{1,15})\s+<00>\s+/;
- $_ = "[$1]";
- } else {
- $_ = "Unknown Workgroup";
- }
- }
-
-# see if machine registered a local master browser name
- if (grep(/<1d>/,@nmblookup)) {
- $master = '+'; # indicate local master browser
- if (grep(/<1b>/,@nmblookup)) { # how about domain master browser?
- $master = '*'; # indicate domain master browser
- }
- } else {
- $master = ' '; # not a browse master
- }
-
-# line up info in 3 columns
-
- print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n";
-
- } else { # no netbios name found
-# try getting the host name
- ($name, $aliases, $type, $length, @addresses) =
- gethostbyaddr(pack('C4',split('\.',$ip)),2);
- if (! $name) { # could not get name
- $name = "unknown nis name";
- }
- if ($DEBUG) { # if -d flag print results of nmblookup
- print "===============================================================\n";
- print @nmblookup;
- }
- print "$ip".' 'x(16-length($ip))."$name\n";
- }
-}
-
#!/bin/sh
-# Copyright (C) John H Terpstra 1998
+# Copyright (C) John H Terpstra 1998-2002
# Updated for RPM 3 by Jochen Wiedmann, joe@ispsoft.de
# Changed for a generic tar file rebuild by abartlet@pcug.org.au
+# Changed by John H Terpstra to build on RH7.2 - should also work for earlier versions jht@samba.org
+
+# The following allows environment variables to override the target directories
+# the alternative is to have a file in your home directory calles .rpmmacros
+# containing the following:
+# %_topdir /home/mylogin/redhat
+#
+# Note: Under this directory rpm expects to find the same directories that are under the
+# /usr/src/redhat directory
+#
+if [ -x ~/.rpmmacros ]; then
+ TOPDIR=`awk '/topdir/ {print $2}' < ~/.rpmmacros`
+ if [ z$TOPDIR <> "z" ]; then
+ SPECDIR=${TOPDIR}/SPECS
+ SRCDIR=${TOPDIR}/SOURCES
+ fi
+fi
+
+SPECDIR=${SPECDIR:-/usr/src/redhat/SPECS}
+SRCDIR=${SRCDIR:-/usr/src/redhat/SOURCES}
+
+# At this point the SPECDIR and SRCDIR vaiables must have a value!
+
USERID=`id -u`
GRPID=`id -g`
VERSION='PVERSION'
-rm -f ../../samba2.*.spec
+RPMVER=`rpm --version | awk '{print $3}'`
+RPM="rpm"
+echo The RPM Version on this machine is: $RPMVER
-case `rpm --version | awk '{print $3}'` in
- 2.*)
- sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba2.rpm2.spec
- cp samba2.rpm2.spec ../../
+case $RPMVER in
+ 2*)
+ echo Building for RPM v2.x
+ sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba.spec
+ sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2-devel.spec > samba-devel.spec
+ ;;
+ 3*)
+ echo Building for RPM v3.x
+ sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba.spec
+ sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2-devel.spec > samba-devel.spec
;;
- 3.*)
- sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba2.rpm3.spec
- cp samba2.rpm3.spec ../../
+ 4.1*)
+ echo Building for RPM v4.1
+ RPM="rpmbuild"
+ sed -e "s/MANDIR_MACRO/\%\{_mandir\}/g" < samba2.spec > samba.spec
+ sed -e "s/MANDIR_MACRO/\%\{_mandir\}/g" < samba2-devel.spec > samba-devel.spec
;;
- 4.*)
- sed -e "s/MANDIR_MACRO/\%\{_mandir\}/g" < samba2.spec > samba2.rpm4.spec
- cp samba2.rpm4.spec ../../
+ 4*)
+ echo Building for RPM v4.x
+ sed -e "s/MANDIR_MACRO/\%\{_mandir\}/g" < samba2.spec > samba.spec
+ sed -e "s/MANDIR_MACRO/\%\{_mandir\}/g" < samba2-devel.spec > samba-devel.spec
;;
*)
echo "Unknown RPM version: `rpm --version`"
( cd ../../source; if [ -f Makefile ]; then make distclean; fi )
( cd ../../.. ; chown -R ${USERID}.${GRPID} samba-${VERSION} )
-( cd ../../.. ; tar --exclude=CVS -czvf samba-${VERSION}.tar.gz samba-${VERSION}/samba2.*.spec samba-${VERSION} )
-rpm -ta -v ../../../samba-${VERSION}.tar.gz
+# We do this to make sure that the package always has the current version in it''s name
+if [ z$1 = z"devel" ]; then
+ (cd ../../.. ; mv samba samba-${VERSION} )
+fi
+
+( cd ../../.. ; tar --exclude=CVS -cf - samba-${VERSION} | bzip2 > ${SRCDIR}/samba-${VERSION}.tar.bz2 )
+cp -av samba.spec ${SPECDIR}
+cp -av samba-devel.spec ${SPECDIR}
+if [ z$1 = "zdevel" ]; then
+ echo Restoring source samba directory name
+ ( cd ../../.. ; mv samba-${VERSION} samba )
+ echo Getting Ready to build Developmental Build
+ cd ${SPECDIR}
+ rpm -ba -v samba-devel.spec
+else
+ echo Getting Ready to build release package
+ cd ${SPECDIR}
+ rpm -ba -v --clean --rmsource samba.spec
+fi
+echo Done.
Release: PRELEASE
Copyright: GNU GPL version 2
Group: Networking
-Source: ftp://samba.org/pub/samba/samba-%{version}.tar.gz
-Packager: John H Terpstra [Samba-Team] <jht@samba.org>
+Source: http://download.samba.org/samba/ftp/samba-%{version}.tar.bz2
+Packager: Gerald Carter [Samba-Team] <jerry@samba.org>
Requires: pam >= 0.72 kernel >= 2.2.1 glibc >= 2.1.2
Prereq: chkconfig fileutils
-Provides: samba = %{version}, samba-common = %{version}, samba-client = %{version}, samba-swat = %{version}
+Provides: samba = %{version}
+Obsoletes: samba-common, samba-client, samba-swat
BuildRoot: /var/tmp/samba
Prefix: /usr
%description
-Samba provides an SMB server which can be used to provide
-network services to SMB (sometimes called "Lan Manager")
-clients, including various versions of MS Windows, OS/2,
-and other Linux machines. Samba also provides some SMB
-clients, which complement the built-in SMB filesystem
-in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols
-and does NOT need NetBEUI (Microsoft Raw NetBIOS frame)
-protocol.
-
-Samba-2.2 features working NT Domain Control capability and
-includes the SWAT (Samba Web Administration Tool) that
-allows samba's smb.conf file to be remotely managed using your
-favourite web browser. For the time being this is being
-enabled on TCP port 901 via inetd.
-
Users are advised to use Samba-2.2 as a Windows NT4
-Domain Controller only on networks that do NOT have a Windows
-NT Domain Controller. This release does NOT as yet have
-Backup Domain control ability.
+Samba provides an SMB/CIFS server which can be used to provide
+network file and print services to SMB/CIFS clients, including
+various versions of MS Windows, OS/2, and other Linux machines.
+Samba also provides some SMB clients, which complement the
+built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP
+(NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS
+frame) protocol.
Please refer to the WHATSNEW.txt document for fixup information.
-This binary release includes encrypted password support.
-Please read the smb.conf file and ENCRYPTION.txt in the
-docs directory for implementation details.
+%changelog
+* Thu Jun 6 2002 Gerald Carter <jerry@samba.org>
+ - add separate winbindd init script
+ - build and install libsmbclient
-NOTE: Red Hat Linux uses PAM which has integrated support
-for Shadow passwords and quotas. Do NOT recompile with the
-SHADOW_PWD option enabled
+* Sun Jun 2 2002 Gerald Carter <jerry@samba.org>
+ - include audit and recycle VFS modules in /usr/lib/samba
-%changelog
* Mon May 6 2002 Gerald Carter <jerry@samba.org>
- moved findsmb to a standard component in samba's
"make install". Removed from specfile.
%setup
%build
+## Build main Samba source
cd source
%ifarch ia64
--with-msdfs \
--with-smbmount \
--with-pam \
+ --with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{prefix}/share/swat/using_samba \
- --with-swatdir=%{prefix}/share/swat
+ --with-swatdir=%{prefix}/share/swat \
+ --with-libsmbclient
make -j${NUMCPU} proto
make -j${NUMCPU} all nsswitch/libnss_wins.so
make -j${NUMCPU} debug2html
make -j${NUMCPU} bin/smbspool
+## Build VFS modules
+cd ../examples/VFS
+make
+
+
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/var/{log,run}/samba
mkdir -p $RPM_BUILD_ROOT/var/spool/samba
mkdir -p $RPM_BUILD_ROOT/lib/security
+mkdir -p $RPM_BUILD_ROOT%{prefix}/lib/samba/vfs
+mkdir -p $RPM_BUILD_ROOT%{prefix}/{lib,include}
# Install standard binary files
for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \
- make_printerdef rpcclient smbspool smbcacls smbcontrol wbinfo
+ rpcclient smbspool smbcacls smbcontrol wbinfo smbmnt
do
-install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin
+ install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin
done
-for i in mksmbpasswd.sh smbtar
+
+for i in mksmbpasswd.sh smbtar findsmb
do
-install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin
+ install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin
done
# Install secure binary files
-for i in smbd nmbd swat smbmount smbumount smbmnt debug2html winbindd
+for i in smbd nmbd swat smbmount smbumount debug2html winbindd
do
-install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin
+ install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin
done
# we need a symlink for mount to recognise the smb and smbfs filesystem types
cd source
make BASEDIR=$RPM_BUILD_ROOT/usr \
LIBDIR=$RPM_BUILD_ROOT/etc/samba \
+ VARDIR=$RPM_BUILD_ROOT/var \
SBINDIR=$RPM_BUILD_ROOT%{prefix}/sbin \
BINDIR=$RPM_BUILD_ROOT%{prefix}/bin \
MANDIR=$RPM_BUILD_ROOTMANDIR_MACRO \
SWATDIR=$RPM_BUILD_ROOT/usr/share/swat \
SAMBABOOK=$RPM_BUILD_ROOT/usr/share/swat/using_samba \
- installman installcp installswat
+ installman installswat
cd ..
-# Install the nsswitch library extension file
+# Install the nsswitch wins library
install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
# Make link for wins resolver
install -m755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/lib
install -m755 source/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/lib/security
+# Install pam_smbpass.so
+install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security
+
+# Install the VFS modules
+install -m755 examples/VFS/recycle.so $RPM_BUILD_ROOT%{prefix}/lib/samba/vfs
+install -m755 examples/VFS/audit.so $RPM_BUILD_ROOT%{prefix}/lib/samba/vfs
+install -m755 examples/VFS/netatalk.so $RPM_BUILD_ROOT%{prefix}/lib/samba/vfs
+
+# clean out VFS directory since it will get installed as documentation later
+(cd examples/VFS; make clean)
+
+# libsmbclient
+install -m 755 source/bin/libsmbclient.so $RPM_BUILD_ROOT%{prefix}/lib/
+install -m 755 source/bin/libsmbclient.a $RPM_BUILD_ROOT%{prefix}/lib/
+install -m 644 source/include/libsmbclient.h $RPM_BUILD_ROOT%{prefix}/include/
+
# Install SWAT helper files
for i in swat/help/*.html docs/htmldocs/*.html
do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help
done
for i in swat/images/*.gif
do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images
done
for i in swat/include/*.html
do
-install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include
+ install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include
done
# Install the miscellany
install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat
install -m755 packaging/RedHat/smbprint $RPM_BUILD_ROOT%{prefix}/bin
install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb
+install -m755 packaging/RedHat/winbind.init $RPM_BUILD_ROOT/etc/rc.d/init.d/winbind
install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba
install -m644 packaging/RedHat/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba
install -m644 packaging/RedHat/smb.conf $RPM_BUILD_ROOT/etc/samba/smb.conf
%post
/sbin/chkconfig --add smb
+/sbin/chkconfig --add winbind
/sbin/chkconfig smb off
+/sbin/chkconfig winbind off
echo "Looking for old /etc/smb.conf..."
if [ -f /etc/smb.conf -a ! -f /etc/samba/smb.conf ]; then
%{prefix}/sbin/smbd
%{prefix}/sbin/nmbd
%{prefix}/sbin/swat
-%{prefix}/sbin/smbmnt
+%{prefix}/bin/smbmnt
%{prefix}/sbin/smbmount
%{prefix}/sbin/smbumount
%{prefix}/sbin/winbindd
%{prefix}/bin/findsmb
%{prefix}/bin/smbstatus
%{prefix}/bin/nmblookup
-%{prefix}/bin/make_smbcodepage
-%{prefix}/bin/make_unicodemap
-%{prefix}/bin/make_printerdef
%{prefix}/bin/smbpasswd
%{prefix}/bin/smbtar
%{prefix}/bin/smbprint
%{prefix}/bin/smbcacls
%{prefix}/bin/wbinfo
%attr(755,root,root) /lib/libnss_wins.s*
+%attr(755,root,root) %{prefix}/lib/samba/vfs/*.so
+%{prefix}/include/libsmbclient.h
+%{prefix}/lib/libsmbclient.a
+%{prefix}/lib/libsmbclient.so
%{prefix}/share/swat/help/*
%{prefix}/share/swat/images/*
%{prefix}/share/swat/include/header.html
/etc/samba/samba.stack
/etc/samba/samba.xinetd
/etc/rc.d/init.d/smb
+/etc/rc.d/init.d/winbind
/etc/logrotate.d/samba
%config(noreplace) /etc/pam.d/samba
MANDIR_MACRO/man1/*
MANDIR_MACRO/man5/*
MANDIR_MACRO/man7/*
MANDIR_MACRO/man8/*
-%dir /etc/codepages/*
%attr(755,root,root) %dir /var/cache/samba
%dir /var/log/samba
%dir /var/run/samba
%attr(1777,root,root) %dir /var/spool/samba
%attr(-,root,root) /lib/libnss_winbind.so
%attr(-,root,root) /lib/security/pam_winbind.so
+%attr(-,root,root) /lib/security/pam_smbpass.so
echo -n "Starting SMB services: "
daemon smbd -D
daemon nmbd -D
- if [ "`grep -i 'winbind uid' /etc/samba/smb.conf | egrep -v [\#\;]`" ]; then
- daemon winbindd
- fi
echo
touch /var/lock/subsys/smb
;;
stop)
echo -n "Shutting down SMB services: "
- killproc smbd -TERM
+
+ ## we have to get all the smbd process here instead of just the
+ ## main parent (i.e. killproc) because it can take a long time
+ ## for an individual process to process a TERM signal
+ smbdpids=`ps guax | grep smbd | grep -v grep | awk '{print $2}'`
+ for pid in $smbdpids; do
+ kill -TERM $pid
+ done
+ ## nmbd is ok to kill using killproc()
killproc nmbd -TERM
- if [ "`ps -ef | grep winbind | grep -v grep`" ]; then
- killproc winbindd
- fi
rm -f /var/lock/subsys/smb
echo ""
;;
status)
status smbd
status nmbd
- status winbindd
;;
restart)
echo -n "Restarting SMB services: "
--- /dev/null
+#!/bin/sh
+#
+# chkconfig: 345 81 45
+# description: Starts and stops the Samba winbind daemon to provide \
+# user and group information from a domain controller to linux.
+
+# Source function library.
+if [ -f /etc/init.d/functions ] ; then
+ . /etc/init.d/functions
+elif [ -f /etc/rc.d/init.d/functions ] ; then
+ . /etc/rc.d/init.d/functions
+else
+ exit 0
+fi
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0
+
+# Check that smb.conf exists.
+[ -f /etc/samba/smb.conf ] || exit 0
+
+RETVAL=0
+
+
+start() {
+ echo -n "Starting Winbind services: "
+ RETVAL=1
+ if [ "`grep -i 'winbind uid' /etc/samba/smb.conf | egrep -v [\#\;]`" ]; then
+ daemon winbindd
+ RETVAL=$?
+ fi
+ echo
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/winbind || \
+ RETVAL=1
+ return $RETVAL
+}
+stop() {
+ echo -n "Shutting down Winbind services: "
+ RETVAL=1
+ if [ "`grep -i 'winbind uid' /etc/samba/smb.conf | egrep -v [\#\;]`" ]; then
+ killproc winbindd
+ RETVAL=$?
+ fi
+ echo
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/winbind
+ return $RETVAL
+}
+restart() {
+ stop
+ start
+}
+reload() {
+ export TMPDIR="/var/tmp"
+ echo -n "Checking domain trusts: "
+ killproc winbindd -HUP
+ RETVAL=$?
+ echo
+ return $RETVAL
+}
+mdkstatus() {
+ status winbindd
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ reload
+ ;;
+ status)
+ mdkstatus
+ ;;
+ condrestart)
+ [ -f /var/lock/subsys/winbindd ] && restart || :
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|status|condrestart}"
+ exit 1
+esac
+
+exit $?
TERMLDFLAGS=@TERMLDFLAGS@
TERMLIBS=@TERMLIBS@
PRINTLIBS=@PRINTLIBS@
-AUTHLIBS=@AUTHLIBS@
LINK=$(CC) $(FLAGS) $(LDFLAGS)
lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \
nsswitch/wb_client.o nsswitch/wb_common.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
- lib/adt_tree.o lib/popt_common.o lib/gencache.o $(TDB_OBJ) \
- lib/module.o
+ lib/adt_tree.o lib/popt_common.o lib/gencache.o $(TDB_OBJ)
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
passdb/pdb_unix.o passdb/util_sam_sid.o \
passdb/pdb_compat.o passdb/pdb_nisplus.o
-SAM_STATIC_MODULES = sam/sam_plugin.o sam/sam_skel.o sam/sam_ads.o
-
-SAM_OBJ = sam/account.o sam/get_set_account.o sam/get_set_group.o \
- sam/get_set_domain.o sam/interface.o $(SAM_STATIC_MODULES)
-
-SAMTEST_OBJ = torture/samtest.o torture/cmd_sam.o $(SAM_OBJ) $(LIB_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(READLINE_OBJ) lib/util_seaccess.o $(LIBADS_OBJ) $(PASSDB_OBJ) $(SECRETS_OBJ) $(GROUPDB_OBJ)
-
GROUPDB_OBJ = groupdb/mapping.o
# passdb/smbpass.o passdb/ldap.o passdb/nispass.o
$(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
$(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
$(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
- $(LIB_SMBD_OBJ) $(SAM_OBJ) $(REGISTRY_OBJ)
+ $(LIB_SMBD_OBJ) $(REGISTRY_OBJ)
NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \
$(LIB_OBJ) $(NSSWINS_OBJ)
bin/smbd: $(SMBD_OBJ) bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \
- $(AUTHLIBS) $(LIBS)
+ @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) $(LIBS)
bin/nmbd: $(NMBD_OBJ) bin/.dummy
@echo Linking $@
bin/swat: $(SWAT_OBJ) bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) \
- $(AUTHLIBS) $(LIBS)
+ @$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINTLIBS) $(LIBS)
bin/rpcclient: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @BUILD_POPT@
-bin/samtest: $(SAMTEST_OBJ) bin/.dummy
- @echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @BUILD_POPT@
-
bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS)
bin/vfstest: $(VFSTEST_OBJ) bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(AUTHLIBS) $(LIBS) @BUILD_POPT@
+ @$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINTLIBS) $(LIBS) @BUILD_POPT@
bin/locktest2: $(LOCKTEST2_OBJ) bin/.dummy
@echo Linking $@
libsmbclient: bin/libsmbclient.a bin/libsmbclient.@SHLIBEXT@
-bin/pdb_mysql.@SHLIBEXT@: $(PDB_MYSQL_OBJ)
- echo "Building plugin $@"
- $(SHLD) $(LDSHFLAGS) -o $@ $(PDB_MYSQL_OBJ) @MYSQL_LIBS@ \
- @SONAMEFLAG@`basename $@`
-nsswitch/libnss_wins.@SHLIBEXT@: $(NSS_OBJ)
+nsswitch/libnss_wins.so: $(NSS_OBJ)
@echo "Linking $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(NSS_OBJ) -lc \
@SONAMEFLAG@`basename $@`
install: installbin installman installscripts installdat installswat
installdirs:
- @$(SHELL) $(srcdir)/script/installdirs.sh $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(DESTDIR)$(PRIVATEDIR)
+ @$(SHELL) $(srcdir)/script/installdirs.sh $(BASEDIR) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR)
installservers: all installdirs
- @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(SPROGS)
+ @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS)
installbin: all installdirs
- @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(SPROGS)
- @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(PROGS)
+ @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS)
+ @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS)
installscripts: installdirs
- @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(DESTDIR)$(BINDIR) $(SCRIPTS)
+ @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(BINDIR) $(SCRIPTS)
installdat: installdirs
- @$(SHELL) $(srcdir)/script/installdat.sh $(DESTDIR)$(LIBDIR) $(srcdir)
+ @$(SHELL) $(srcdir)/script/installdat.sh $(LIBDIR) $(srcdir)
installswat: installdirs
- @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir)
+ @$(SHELL) $(srcdir)/script/installswat.sh $(SWATDIR) $(srcdir)
installclientlib:
- -$(INSTALLCMD) bin/libsmbclient.@SHLIBEXT@ $(DESTDIR)${prefix}/lib
- -$(INSTALLCMD) -d $(DESTDIR)${prefix}/include
- -$(INSTALLCMD) include/libsmbclient.h $(DESTDIR)${prefix}/include
+ -$(INSTALLCMD) bin/libsmbclient.@SHLIBEXT@ ${prefix}/lib
+ -$(INSTALLCMD) -d ${prefix}/include
+ -$(INSTALLCMD) include/libsmbclient.h ${prefix}/include
# Python extensions
@$(SHELL) $(srcdir)/script/revert.sh $(BINDIR) $(PROGS) $(SCRIPTS)
installman:
- @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(MANDIR) $(srcdir) $(man_langs) "@ROFF@"
+ @$(SHELL) $(srcdir)/script/installman.sh $(MANDIR) $(srcdir) $(man_langs) "@ROFF@"
.PHONY: showlayout
uninstall: uninstallman uninstallbin uninstallscripts
uninstallman:
- @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) $(man_langs)
+ @$(SHELL) $(srcdir)/script/uninstallman.sh $(MANDIR) $(srcdir) $(man_langs)
uninstallbin:
- @$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(SBINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(DESTDIR)$(SPROGS)
- @$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(DESTDIR)$(PROGS)
+ @$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS)
+ @$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS)
uninstallscripts:
- @$(SHELL) $(srcdir)/script/uninstallscripts.sh $(INSTALLPERMS) $(DESTDIR)$(BINDIR) $(SCRIPTS)
+ @$(SHELL) $(srcdir)/script/uninstallscripts.sh $(INSTALLPERMS) $(BINDIR) $(SCRIPTS)
# Toplevel clean files
TOPFILES=dynconfig.o dynconfig.po
* Remove the account disabled flag - we are updating the
* users password from a login.
*/
- if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) {
pdb_free_sam(&sampass);
return False;
}
return nt_status;
}
- if (!pdb_set_user_sid(sam_account, &user_sid, PDB_CHANGED)) {
+ if (!pdb_set_user_sid(sam_account, &user_sid)) {
pdb_free_sam(&sam_account);
return NT_STATUS_UNSUCCESSFUL;
}
- if (!pdb_set_group_sid(sam_account, &group_sid, PDB_CHANGED)) {
+ if (!pdb_set_group_sid(sam_account, &group_sid)) {
pdb_free_sam(&sam_account);
return NT_STATUS_UNSUCCESSFUL;
}
- if (!pdb_set_nt_username(sam_account, nt_username, PDB_CHANGED)) {
+ if (!pdb_set_nt_username(sam_account, nt_username)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_domain(sam_account, nt_domain, PDB_CHANGED)) {
+ if (!pdb_set_domain(sam_account, nt_domain)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)), PDB_CHANGED)) {
+ if (!pdb_set_fullname(sam_account, pdb_unistr2_convert(&(info3->uni_full_name)))) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), PDB_CHANGED)) {
+ if (!pdb_set_logon_script(sam_account, pdb_unistr2_convert(&(info3->uni_logon_script)), True)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), PDB_CHANGED)) {
+ if (!pdb_set_profile_path(sam_account, pdb_unistr2_convert(&(info3->uni_profile_path)), True)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), PDB_CHANGED)) {
+ if (!pdb_set_homedir(sam_account, pdb_unistr2_convert(&(info3->uni_home_dir)), True)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), PDB_CHANGED)) {
+ if (!pdb_set_dir_drive(sam_account, pdb_unistr2_convert(&(info3->uni_dir_drive)), True)) {
pdb_free_sam(&sam_account);
return NT_STATUS_NO_MEMORY;
}
extern file_info def_finfo;
/* timing globals */
-SMB_BIG_UINT get_total_size = 0;
-unsigned int get_total_time_ms = 0;
-static SMB_BIG_UINT put_total_size = 0;
-static unsigned int put_total_time_ms = 0;
+int get_total_size = 0;
+int get_total_time_ms = 0;
+static int put_total_size = 0;
+static int put_total_time_ms = 0;
/* totals globals */
static double dir_total;
--with-smbmount Include SMBMOUNT (Linux only) support (default=no)
--with-pam Include PAM support (default=no)
--with-pam_smbpass Build a PAM module to allow other applications to use our smbpasswd file (default=no)
- --with-sam Build new (experimental) SAM database (default=no)
--with-ldapsam Include LDAP SAM 2.2 compatible configuration (default=no)
--with-tdbsam Include experimental TDB SAM support (default=no)
--with-nisplussam Include NISPLUS SAM support (default=no)
-
-for ac_func in syslog vsyslog getgrouplist timegm
+for ac_func in syslog vsyslog getgrouplist
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
fi
fi
-# New experimental SAM system
-
-echo "$as_me:$LINENO: checking whether to build the new (experimental) SAM database" >&5
-echo $ECHO_N "checking whether to build the new (experimental) SAM database... $ECHO_C" >&6
-
-# Check whether --with-sam or --without-sam was given.
-if test "${with_sam+set}" = set; then
- withval="$with_sam"
- case "$withval" in
- yes)
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-cat >>confdefs.h <<\_ACEOF
-#define WITH_SAM 1
-_ACEOF
-
- ;;
- *)
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- ;;
- esac
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi;
-
-
########################################################################################
##
## TESTS FOR SAM BACKENDS. KEEP THESE GROUPED TOGETHER
# I added make files that are outside /source directory.
# I know this is not a good solution, will work out a better
# solution soon. --simo
- ac_config_files="$ac_config_files include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/pdb/mysql/Makefile ../examples/pdb/xml/Makefile ../examples/sam/Makefile"
+ ac_config_files="$ac_config_files include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/pdb/mysql/Makefile ../examples/pdb/xml/Makefile"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
# tests run on this system so they can be shared between configure
"../examples/VFS/Makefile" ) CONFIG_FILES="$CONFIG_FILES ../examples/VFS/Makefile" ;;
"../examples/pdb/mysql/Makefile" ) CONFIG_FILES="$CONFIG_FILES ../examples/pdb/mysql/Makefile" ;;
"../examples/pdb/xml/Makefile" ) CONFIG_FILES="$CONFIG_FILES ../examples/pdb/xml/Makefile" ;;
- "../examples/sam/Makefile" ) CONFIG_FILES="$CONFIG_FILES ../examples/sam/Makefile" ;;
"include/config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS include/config.h" ;;
*) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64)
AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf)
AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink)
-AC_CHECK_FUNCS(syslog vsyslog getgrouplist timegm)
+AC_CHECK_FUNCS(syslog vsyslog getgrouplist)
# setbuffer is needed for smbtorture
AC_CHECK_FUNCS(setbuffer)
fi
fi
-# New experimental SAM system
-
-AC_MSG_CHECKING([whether to build the new (experimental) SAM database])
-AC_ARG_WITH(sam,
-[ --with-sam Build new (experimental) SAM database (default=no)],
-[ case "$withval" in
- yes)
- AC_MSG_RESULT(yes)
- AC_DEFINE(WITH_SAM,1,[Whether to build the new (experimental) SAM database])
- ;;
- *)
- AC_MSG_RESULT(no)
- ;;
- esac ],
- AC_MSG_RESULT(no)
-)
-
-
########################################################################################
##
## TESTS FOR SAM BACKENDS. KEEP THESE GROUPED TOGETHER
esac
AC_MSG_RESULT($manlangs)
- manlangs=`echo $manlangs | sed "s/,/ /g"` # replacing commas with spaces to produce a list
+ manlangs=`echo $manlangs | sed "s/,/ /"` # replacing commas with spaces to produce a list
AC_SUBST(manlangs)],
[manlangs="en"
# I added make files that are outside /source directory.
# I know this is not a good solution, will work out a better
# solution soon. --simo
-AC_OUTPUT(include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/pdb/mysql/Makefile ../examples/pdb/xml/Makefile ../examples/sam/Makefile)
+AC_OUTPUT(include/stamp-h Makefile script/findsmb ../examples/VFS/Makefile ../examples/pdb/mysql/Makefile ../examples/pdb/xml/Makefile)
#################################################
# Print very concise instructions on building/use
map.priv_set.count=priv_set.count;
map.priv_set.set=priv_set.set;
- pdb_add_group_mapping_entry(&map);
+ add_mapping_entry(&map, TDB_INSERT);
return True;
}
DEBUG(10, ("get_domain_group_from_sid\n"));
/* if the group is NOT in the database, it CAN NOT be a domain group */
- if(!pdb_getgrsid(map, sid, with_priv))
+ if(!get_group_map_from_sid(sid, map, with_priv))
return False;
DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
}
/* The group is in the mapping table */
- if(pdb_getgrsid(map, sid, with_priv)) {
+ if(get_group_map_from_sid(sid, map, with_priv)) {
if (map->sid_name_use!=SID_NAME_ALIAS) {
if (with_priv)
free_privilege(&map->priv_set);
return(False);
}
- if(!pdb_getgrsid(map, sid, with_priv))
+ if(!get_group_map_from_sid(sid, map, with_priv))
return False;
if (map->sid_name_use!=SID_NAME_WKN_GRP) {
/*
* make a group map from scratch if doesn't exist.
*/
- if (!pdb_getgrgid(map, gid, with_priv)) {
+ if (!get_group_map_from_gid(gid, map, with_priv)) {
map->gid=gid;
map->sid_name_use=SID_NAME_ALIAS;
map->systemaccount=PR_ACCESS_FROM_NETWORK;
/* Define to 1 if you have the <termio.h> header file. */
#undef HAVE_TERMIO_H
-/* Define to 1 if you have the `timegm' function. */
-#undef HAVE_TIMEGM
-
/* Whether Tru64 ACLs are available */
#undef HAVE_TRU64_ACLS
/* Whether to include experimental quota support */
#undef WITH_QUOTAS
-/* Whether to build the new (experimental) SAM database */
-#undef WITH_SAM
-
/* Whether to include sendfile() support */
#undef WITH_SENDFILE
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GUMS_H
-#define _GUMS_H
-
-#define GUMS_VERSION_MAJOR 0
-#define GUMS_VERSION_MINOR 1
-
-#define GUMS_OBJ_NORMAL_USER 1
-#define GUMS_OBJ_GROUP 2
-#define GUMS_OBJ_DOMAIN 3
-#define GUMS_OBJ_ALIAS 4
-#define GUMS_OBJ_WORKSTATION_TRUST 5
-#define GUMS_OBJ_SERVER_TRUST 6
-#define GUMS_OBJ_DOMAIN_TRUST 7
-
-typedef struct gums_object
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
-
- DOM_SID *sid; /* Object Sid */
- char *name; /* Object Name */
- char *description; /* Object Description */
-
- void *data; /* Object Specific data */
-
-} GUMS_OBJECT;
-
-typedef struct gums_user
-{
- DOM_SID *group_sid; /* Primary Group SID */
-
- NTTIME *logon_time; /* logon time */
- NTTIME *logoff_time; /* logoff time */
- NTTIME *kickoff_time; /* kickoff time */
- NTTIME *pass_last_set_time; /* password last set time */
- NTTIME *pass_can_change_time; /* password can change time */
- NTTIME *pass_must_change_time; /* password must change time */
-
- char *full_name; /* user's full name string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
-
- DATA_BLOB *lm_pw; /* .data is Null if no password */
- DATA_BLOB *nt_pw; /* .data is Null if no password */
-
- uint32 unknown_3; /* 0x00ff ffff */
-
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
-
- uint32 unknown_5; /* 0x0002 0000 */
- uint32 unknown_6; /* 0x0000 04ec */
-
-} GUMS_USER;
-
-typedef struct gums_group
-{
- uint32 count; /* Number of SIDs */
- DOM_SID *members; /* SID array */
-
-} GUMS_GROUP;
-
-typedef struct gums_data_set
-{
- int type; /* GUMS_SET_xxx */
- void *data;
-
-} GUMS_DATA_SET;
-
-typedef struct gums_commit_set
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object type */
- DOM_SID sid; /* Object Sid */
- uint32 count; /* number of changes */
- GUMS_DATA_SET *data;
-} GUMS_COMMIT_SET;
-
-typedef struct gums_privilege
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- LUID_ATTR *privilege; /* Privilege Type */
- char *name; /* Object Name */
- char *description; /* Object Description */
-
- uint32 count;
- DOM_SID *members;
-
-} GUMS_PRIVILEGE;
-
-
-typedef struct gums_functions
-{
- /* Generic object functions */
-
- NTSTATUS (*get_domain_sid) (DOM_SID **sid, const char* name);
- NTSTATUS (*set_domain_sid) (const DOM_SID *sid);
-
- NTSTATUS (*get_sequence_number) (void);
-
- NTSTATUS (*new_object) (DOM_SID **sid, const char *name, const int obj_type);
- NTSTATUS (*delete_object) (const DOM_SID *sid);
-
- NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name);
- /* This function is used to get the list of all objects changed since b_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
- NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
- NTSTATUS (*enumerate_objects_stop) (void *handle);
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (const GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
-
- /* Group related functions */
- NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*add_members_to_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
- NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-} GUMS_FUNCTIONS;
-
-/* define value types */
-
-#define GUMS_SET_PRIMARY_GROUP 1
-#define GUMS_SET_SEC_DESC 2
-
-/* user specific type values */
-#define GUMS_SET_LOGON_TIME 10 /* keep NTTIME consecutive */
-#define GUMS_SET_LOGOFF_TIME 11 /* too ease checking */
-#define GUMS_SET_KICKOFF_TIME 13
-#define GUMS_SET_PASS_LAST_SET_TIME 14
-#define GUMS_SET_PASS_CAN_CHANGE_TIME 15
-#define GUMS_SET_PASS_MUST_CHANGE_TIME 16 /* NTTIME end */
-
-#define GUMS_SET_NAME 20 /* keep strings consecutive */
-#define GUMS_SET_DESCRIPTION 21 /* too ease checking */
-#define GUMS_SET_FULL_NAME 22
-#define GUMS_SET_HOME_DIRECTORY 23
-#define GUMS_SET_DRIVE 24
-#define GUMS_SET_LOGON_SCRIPT 25
-#define GUMS_SET_PROFILE_PATH 26
-#define GUMS_SET_WORKSTATIONS 27
-#define GUMS_SET_UNKNOWN_STRING 28
-#define GUMS_SET_MUNGED_DIAL 29 /* strings end */
-
-#define GUMS_SET_LM_PASSWORD 40
-#define GUMS_SET_NT_PASSWORD 41
-#define GUMS_SET_PLAINTEXT_PASSWORD 42
-#define GUMS_SET_UNKNOWN_3 43
-#define GUMS_SET_LOGON_DIVS 44
-#define GUMS_SET_HOURS_LEN 45
-#define GUMS_SET_HOURS 46
-#define GUMS_SET_UNKNOWN_5 47
-#define GUMS_SET_UNKNOWN_6 48
-
-#define GUMS_SET_MUST_CHANGE_PASS 50
-#define GUMS_SET_CANNOT_CHANGE_PASS 51
-#define GUMS_SET_PASS_NEVER_EXPIRE 52
-#define GUMS_SET_ACCOUNT_DISABLED 53
-#define GUMS_SET_ACCOUNT_LOCKOUT 54
-
-/*group specific type values */
-#define GUMS_ADD_SID_LIST 60
-#define GUMS_DEL_SID_LIST 61
-#define GUMS_SET_SID_LIST 62
-
-#endif /* _GUMS_H */
#include "passdb.h"
-#include "sam.h"
-
#include "session.h"
#include "asn_1.h"
#define VA_COPY(dest, src) (dest) = (src)
#endif
-#ifndef HAVE_TIMEGM
-time_t timegm(struct tm *tm);
-#endif
-
#endif /* _INCLUDES_H */
typedef struct _GROUP_MAP {
- struct pdb_methods *methods;
gid_t gid;
DOM_SID sid;
enum SID_NAME_USE sid_name_use;
* this SAMBA will load. Increment this if *ANY* changes are made to the interface.
*/
-#define PASSDB_INTERFACE_VERSION 4
+#define PASSDB_INTERFACE_VERSION 2
/* use this inside a passdb module */
#define PDB_MODULE_VERSIONING_MAGIC \
NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
-
- NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map,
- DOM_SID sid, BOOL with_priv);
-
- NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map,
- gid_t gid, BOOL with_priv);
-
- NTSTATUS (*pdb_getgrnam)(struct pdb_context *context, GROUP_MAP *map,
- char *name, BOOL with_priv);
-
- NTSTATUS (*pdb_add_group_mapping_entry)(struct pdb_context *context,
- GROUP_MAP *map);
- NTSTATUS (*pdb_update_group_mapping_entry)(struct pdb_context *context,
- GROUP_MAP *map);
-
- NTSTATUS (*pdb_delete_group_mapping_entry)(struct pdb_context *context,
- DOM_SID sid);
-
- NTSTATUS (*pdb_enum_group_mapping)(struct pdb_context *context,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv);
-
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username);
- NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid, BOOL with_priv);
-
- NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map,
- gid_t gid, BOOL with_priv);
-
- NTSTATUS (*getgrnam)(struct pdb_methods *methods, GROUP_MAP *map,
- char *name, BOOL with_priv);
-
- NTSTATUS (*add_group_mapping_entry)(struct pdb_methods *methods,
- GROUP_MAP *map);
-
- NTSTATUS (*update_group_mapping_entry)(struct pdb_methods *methods,
- GROUP_MAP *map);
-
- NTSTATUS (*delete_group_mapping_entry)(struct pdb_methods *methods,
- DOM_SID sid);
-
- NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv);
-
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);
+++ /dev/null
-#ifndef _RPC_CLIENT_PROTO_H_
-#define _RPC_CLIENT_PROTO_H_
-/* This file is automatically generated with "make proto". DO NOT EDIT */
-
-
-/*The following definitions come from lib/util_list.c */
-
-BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src);
-BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x,
- const RPC_HND_NODE *y);
-BOOL RpcHndList_set_connection(const POLICY_HND *hnd,
- struct cli_connection *con);
-BOOL RpcHndList_del_connection(const POLICY_HND *hnd);
-struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_connect.c */
-
-void init_connections(void);
-void free_connections(void);
-void cli_connection_free(struct cli_connection *con);
-void cli_connection_unlink(struct cli_connection *con);
-BOOL cli_connection_init(const char *srv_name, char *pipe_name,
- struct cli_connection **con);
-BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name,
- struct cli_connection **con,
- cli_auth_fns * auth, void *auth_creds);
-struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con);
-void *cli_conn_get_auth_creds(struct cli_connection *con);
-BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_ok(struct cli_connection *con);
-
-/*The following definitions come from rpc_client/cli_login.c */
-
-BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
-BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd);
-BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char *password,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char lm_chal[8],
- char *lm_chal_resp, char *nt_chal_resp,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_lsarpc.c */
-
-BOOL do_lsa_open_policy(struct cli_state *cli,
- char *system_name, POLICY_HND *hnd,
- BOOL sec_qos);
-BOOL do_lsa_query_info_pol(struct cli_state *cli,
- POLICY_HND *hnd, uint16 info_class,
- fstring domain_name, DOM_SID *domain_sid);
-BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
-BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access);
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names);
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids);
-
-/*The following definitions come from rpc_client/cli_netlogon.c */
-
-BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level);
-BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *srv_chal);
-BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
-BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]);
-BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-BOOL change_trust_account_password( char *domain, char *remote_machine_list);
-
-/*The following definitions come from rpc_client/cli_pipe.c */
-
-BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
- prs_struct *data, prs_struct *rdata);
-BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name);
-void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
-BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name);
-void cli_nt_session_close(struct cli_state *cli);
-
-/*The following definitions come from rpc_client/cli_reg.c */
-
-BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name,
- POLICY_HND *reg_hnd);
-BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd);
-BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd,
- char *class, uint32 *class_len,
- uint32 *num_subkeys, uint32 *max_subkeylen,
- uint32 *max_subkeysize, uint32 *num_values,
- uint32 *max_valnamelen, uint32 *max_valbufsize,
- uint32 *sec_desc, NTTIME *mod_time);
-BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk);
-BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd,
- char *key_value, uint32* key_type);
-BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf);
-BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf);
-BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name);
-BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name);
-BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, char *key_class,
- SEC_ACCESS *sam_access,
- POLICY_HND *key);
-BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
- int key_index, char *key_name,
- uint32 *unk_1, uint32 *unk_2,
- time_t *mod_time);
-BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd,
- char *val_name, uint32 type, BUFFER3 *data);
-BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd,
- int val_index, int max_valnamelen, int max_valbufsize,
- fstring val_name,
- uint32 *val_type, BUFFER2 *value);
-BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, uint32 unk_0,
- POLICY_HND *key_hnd);
-BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_samr.c */
-
-BOOL get_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol_open_domain, uint32 user_rid,
- uint32 *num_groups, DOM_GID *gid);
-BOOL get_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol_open_domain,
- uint32 info_level,
- uint32 user_rid, SAM_USER_INFO_21 *usr);
-BOOL do_samr_chgpasswd_user(struct cli_state *cli,
- char *srv_name, char *user_name,
- char nt_newpass[516], uchar nt_oldhash[16],
- char lm_newpass[516], uchar lm_oldhash[16]);
-BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name);
-BOOL do_samr_query_dom_info(struct cli_state *cli,
- POLICY_HND *domain_pol, uint16 switch_value);
-BOOL do_samr_enum_dom_users(struct cli_state *cli,
- POLICY_HND *pol, uint16 num_entries, uint16 unk_0,
- uint16 acb_mask, uint16 unk_1, uint32 size,
- struct acct_info **sam,
- int *num_sam_users);
-BOOL do_samr_connect(struct cli_state *cli,
- char *srv_name, uint32 unknown_0,
- POLICY_HND *connect_pol);
-BOOL do_samr_open_user(struct cli_state *cli,
- POLICY_HND *pol, uint32 unk_0, uint32 rid,
- POLICY_HND *user_pol);
-BOOL do_samr_open_domain(struct cli_state *cli,
- POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
- POLICY_HND *domain_pol);
-BOOL do_samr_query_unknown_12(struct cli_state *cli,
- POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids,
- uint32 *num_aliases,
- fstring als_names [MAX_LOOKUP_SIDS],
- uint32 num_als_users[MAX_LOOKUP_SIDS]);
-BOOL do_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid);
-BOOL do_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol, uint16 switch_value, void* usr);
-BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_spoolss_notify.c */
-
-BOOL spoolss_disconnect_from_client( struct cli_state *cli);
-BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine);
-BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle);
-BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle,
- uint32 change_low, uint32 change_high, uint32 *status);
-BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status);
-
-/*The following definitions come from rpc_client/cli_srvsvc.c */
-
-BOOL do_srv_net_srv_conn_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_CONN_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_sess_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_share_enum(struct cli_state *cli,
- char *server_name,
- uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o,
- uint32 preferred_len, ENUM_HND *hnd);
-BOOL do_srv_net_srv_file_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_get_info(struct cli_state *cli,
- char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_use.c */
-
-void init_cli_use(void);
-void free_cli_use(void);
-struct cli_state *cli_net_use_add(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL reuse, BOOL *is_new);
-BOOL cli_net_use_del(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL force_close, BOOL *connection_closed);
-void cli_net_use_enum(uint32 *num_cons, struct use_info ***use);
-void cli_use_wait_keyboard(void);
-
-/*The following definitions come from rpc_client/cli_wkssvc.c */
-
-BOOL do_wks_query_info(struct cli_state *cli,
- char *server_name, uint32 switch_value,
- WKS_INFO_100 *wks100);
-
-/*The following definitions come from rpc_client/ncacn_np_use.c */
-
-BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name,
- const vuser_key * key,
- BOOL force_close, BOOL *connection_closed);
-struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc,
- const vuser_key * key);
-struct ncacn_np *ncacn_np_use_add(const char *pipe_name,
- const vuser_key * key,
- const char *srv_name,
- const struct ntuser_creds *ntc,
- BOOL reuse, BOOL *is_new_connection);
-#endif /* _PROTO_H_ */
#define SAMR_SET_USERINFO 0x3A
#define SAMR_CONNECT4 0x3E
+/* Access bits to the SAM-object */
+
+#define SAMR_ACCESS_UNKNOWN_1 0x00000001
+#define SAMR_ACCESS_SHUTDOWN_SERVER 0x00000002
+#define SAMR_ACCESS_UNKNOWN_4 0x00000004
+#define SAMR_ACCESS_UNKNOWN_8 0x00000008
+#define SAMR_ACCESS_ENUM_DOMAINS 0x00000010
+#define SAMR_ACCESS_OPEN_DOMAIN 0x00000020
+
+#define SAMR_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
+ SAMR_ACCESS_OPEN_DOMAIN | \
+ SAMR_ACCESS_ENUM_DOMAINS | \
+ SAMR_ACCESS_UNKNOWN_8 | \
+ SAMR_ACCESS_UNKNOWN_4 | \
+ SAMR_ACCESS_SHUTDOWN_SERVER | \
+ SAMR_ACCESS_UNKNOWN_1 )
+
+#define SAMR_READ ( STANDARD_RIGHTS_READ_ACCESS | \
+ SAMR_ACCESS_ENUM_DOMAINS )
+
+#define SAMR_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
+ SAMR_ACCESS_UNKNOWN_8 | \
+ SAMR_ACCESS_UNKNOWN_4 | \
+ SAMR_ACCESS_SHUTDOWN_SERVER )
+
+#define SAMR_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ SAMR_ACCESS_OPEN_DOMAIN | \
+ SAMR_ACCESS_UNKNOWN_1 )
+
+/* Access bits to Domain-objects */
+
+#define DOMAIN_ACCESS_LOOKUP_INFO_1 0x000000001
+#define DOMAIN_ACCESS_SET_INFO_1 0x000000002
+#define DOMAIN_ACCESS_LOOKUP_INFO_2 0x000000004
+#define DOMAIN_ACCESS_SET_INFO_2 0x000000008
+#define DOMAIN_ACCESS_CREATE_USER 0x000000010
+#define DOMAIN_ACCESS_CREATE_GROUP 0x000000020
+#define DOMAIN_ACCESS_CREATE_ALIAS 0x000000040
+#define DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM 0x000000080
+#define DOMAIN_ACCESS_ENUM_ACCOUNTS 0x000000100
+#define DOMAIN_ACCESS_OPEN_ACCOUNT 0x000000200
+#define DOMAIN_ACCESS_SET_INFO_3 0x000000400
+
+#define DOMAIN_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
+ DOMAIN_ACCESS_SET_INFO_3 | \
+ DOMAIN_ACCESS_OPEN_ACCOUNT | \
+ DOMAIN_ACCESS_ENUM_ACCOUNTS | \
+ DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM | \
+ DOMAIN_ACCESS_CREATE_ALIAS | \
+ DOMAIN_ACCESS_CREATE_GROUP | \
+ DOMAIN_ACCESS_CREATE_USER | \
+ DOMAIN_ACCESS_SET_INFO_2 | \
+ DOMAIN_ACCESS_LOOKUP_INFO_2 | \
+ DOMAIN_ACCESS_SET_INFO_1 | \
+ DOMAIN_ACCESS_LOOKUP_INFO_1 )
+
+#define DOMAIN_READ ( STANDARD_RIGHTS_READ_ACCESS | \
+ DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM | \
+ DOMAIN_ACCESS_LOOKUP_INFO_2 )
+
+#define DOMAIN_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
+ DOMAIN_ACCESS_SET_INFO_3 | \
+ DOMAIN_ACCESS_CREATE_ALIAS | \
+ DOMAIN_ACCESS_CREATE_GROUP | \
+ DOMAIN_ACCESS_CREATE_USER | \
+ DOMAIN_ACCESS_SET_INFO_2 | \
+ DOMAIN_ACCESS_SET_INFO_1 )
+
+#define DOMAIN_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ DOMAIN_ACCESS_OPEN_ACCOUNT | \
+ DOMAIN_ACCESS_ENUM_ACCOUNTS | \
+ DOMAIN_ACCESS_LOOKUP_INFO_1 )
+
+/* Access bits to User-objects */
+
+#define USER_ACCESS_GET_NAME_ETC 0x00000001
+#define USER_ACCESS_GET_LOCALE 0x00000002
+#define USER_ACCESS_SET_LOC_COM 0x00000004
+#define USER_ACCESS_GET_LOGONINFO 0x00000008
+#define USER_ACCESS_UNKNOWN_10 0x00000010
+#define USER_ACCESS_SET_ATTRIBUTES 0x00000020
+#define USER_ACCESS_CHANGE_PASSWORD 0x00000040
+#define USER_ACCESS_SET_PASSWORD 0x00000080
+#define USER_ACCESS_GET_GROUPS 0x00000100
+#define USER_ACCESS_UNKNOWN_200 0x00000200
+#define USER_ACCESS_UNKNOWN_400 0x00000400
+
+#define USER_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
+ USER_ACCESS_UNKNOWN_400 | \
+ USER_ACCESS_UNKNOWN_200 | \
+ USER_ACCESS_GET_GROUPS | \
+ USER_ACCESS_SET_PASSWORD | \
+ USER_ACCESS_CHANGE_PASSWORD | \
+ USER_ACCESS_SET_ATTRIBUTES | \
+ USER_ACCESS_UNKNOWN_10 | \
+ USER_ACCESS_GET_LOGONINFO | \
+ USER_ACCESS_SET_LOC_COM | \
+ USER_ACCESS_GET_LOCALE | \
+ USER_ACCESS_GET_NAME_ETC )
+
+#define USER_READ ( STANDARD_RIGHTS_READ_ACCESS | \
+ USER_ACCESS_UNKNOWN_200 | \
+ USER_ACCESS_GET_GROUPS | \
+ USER_ACCESS_UNKNOWN_10 | \
+ USER_ACCESS_GET_LOGONINFO | \
+ USER_ACCESS_GET_LOCALE )
+
+#define USER_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
+ USER_ACCESS_CHANGE_PASSWORD | \
+ USER_ACCESS_SET_LOC_COM )
+
+#define USER_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ USER_ACCESS_CHANGE_PASSWORD | \
+ USER_ACCESS_GET_NAME_ETC )
+
+/* Access bits to Group-objects */
+
+#define GROUP_ACCESS_LOOKUP_INFO 0x00000001
+#define GROUP_ACCESS_SET_INFO 0x00000002
+#define GROUP_ACCESS_ADD_MEMBER 0x00000004
+#define GROUP_ACCESS_REMOVE_MEMBER 0x00000008
+#define GROUP_ACCESS_GET_MEMBERS 0x00000010
+
+#define GROUP_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
+ GROUP_ACCESS_GET_MEMBERS | \
+ GROUP_ACCESS_REMOVE_MEMBER | \
+ GROUP_ACCESS_ADD_MEMBER | \
+ GROUP_ACCESS_SET_INFO | \
+ GROUP_ACCESS_LOOKUP_INFO )
+
+#define GROUP_READ ( STANDARD_RIGHTS_READ_ACCESS | \
+ GROUP_ACCESS_GET_MEMBERS )
+
+#define GROUP_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
+ GROUP_ACCESS_REMOVE_MEMBER | \
+ GROUP_ACCESS_ADD_MEMBER | \
+ GROUP_ACCESS_SET_INFO )
+
+#define GROUP_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ GROUP_ACCESS_LOOKUP_INFO )
+
+/* Access bits to Alias-objects */
+
+#define ALIAS_ACCESS_ADD_MEMBER 0x00000001
+#define ALIAS_ACCESS_REMOVE_MEMBER 0x00000002
+#define ALIAS_ACCESS_GET_MEMBERS 0x00000004
+#define ALIAS_ACCESS_LOOKUP_INFO 0x00000008
+#define ALIAS_ACCESS_SET_INFO 0x00000010
+
+#define ALIAS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS | \
+ ALIAS_ACCESS_GET_MEMBERS | \
+ ALIAS_ACCESS_REMOVE_MEMBER | \
+ ALIAS_ACCESS_ADD_MEMBER | \
+ ALIAS_ACCESS_SET_INFO | \
+ ALIAS_ACCESS_LOOKUP_INFO )
+
+#define ALIAS_READ ( STANDARD_RIGHTS_READ_ACCESS | \
+ ALIAS_ACCESS_GET_MEMBERS )
+
+#define ALIAS_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS | \
+ ALIAS_ACCESS_REMOVE_MEMBER | \
+ ALIAS_ACCESS_ADD_MEMBER | \
+ ALIAS_ACCESS_SET_INFO )
+
+#define ALIAS_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS | \
+ ALIAS_ACCESS_LOOKUP_INFO )
typedef struct _DISP_USER_INFO {
SAM_ACCOUNT *sam;
#define SEC_RIGHTS_READ 0x00020019
#define SEC_RIGHTS_FULL_CONTROL 0x000f003f
#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000
-
/* for ADS */
#define SEC_RIGHTS_LIST_CONTENTS 0x4
#define SEC_RIGHTS_LIST_OBJECT 0x80
uint32 std_all;
} STANDARD_MAPPING;
-
-/* Security Access Masks Rights */
-
-#define SPECIFIC_RIGHTS_MASK 0x0000FFFF
-#define STANDARD_RIGHTS_MASK 0x00FF0000
-#define GENERIC_RIGHTS_MASK 0xF0000000
-
-#define SEC_RIGHT_SYSTEM_SECURITY 0x01000000
-#define SEC_RIGHT_MAXIMUM_ALLOWED 0x02000000
-
-/* Generic access rights */
-
-#define GENERIC_RIGHT_ALL_ACCESS 0x10000000
-#define GENERIC_RIGHT_EXECUTE_ACCESS 0x20000000
-#define GENERIC_RIGHT_WRITE_ACCESS 0x40000000
-#define GENERIC_RIGHT_READ_ACCESS 0x80000000
-
-/* Standard access rights. */
-
-#define STD_RIGHT_DELETE_ACCESS 0x00010000
-#define STD_RIGHT_READ_CONTROL_ACCESS 0x00020000
-#define STD_RIGHT_WRITE_DAC_ACCESS 0x00040000
-#define STD_RIGHT_WRITE_OWNER_ACCESS 0x00080000
-#define STD_RIGHT_SYNCHRONIZE_ACCESS 0x00100000
-
-#define STD_RIGHT_ALL_ACCESS 0x001F0000
-
-/* Combinations of standard masks. */
-#define STANDARD_RIGHTS_ALL_ACCESS STD_RIGHT_ALL_ACCESS /* 0x001f0000 */
-#define STANDARD_RIGHTS_EXECUTE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_READ_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_WRITE_ACCESS STD_RIGHT_READ_CONTROL_ACCESS /* 0x00020000 */
-#define STANDARD_RIGHTS_REQUIRED_ACCESS \
- (STD_RIGHT_DELETE_ACCESS | \
- STD_RIGHT_READ_CONTROL_ACCESS | \
- STD_RIGHT_WRITE_DAC_ACCESS | \
- STD_RIGHT_WRITE_OWNER_ACCESS) /* 0x000f0000 */
-
-/* File Object specific access rights */
-
-#define SA_RIGHT_FILE_READ_DATA 0x00000001
-#define SA_RIGHT_FILE_WRITE_DATA 0x00000002
-#define SA_RIGHT_FILE_APPEND_DATA 0x00000004
-#define SA_RIGHT_FILE_READ_EA 0x00000008
-#define SA_RIGHT_FILE_WRITE_EA 0x00000010
-#define SA_RIGHT_FILE_EXECUTE 0x00000020
-#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
-#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
-#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
-
-#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
-
-#define GENERIC_RIGHTS_FILE_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_FILE_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_READ_DATA | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_READ_EA)
-
-#define GENERIC_RIGHTS_FILE_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- STD_RIGHT_SYNCHRONIZE_ACCESS | \
- SA_RIGHT_FILE_WRITE_DATA | \
- SA_RIGHT_FILE_WRITE_ATTRIBUTES | \
- SA_RIGHT_FILE_WRITE_EA | \
- SA_RIGHT_FILE_APPEND_DATA)
-
-#define GENERIC_RIGHTS_FILE_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_FILE_READ_ATTRIBUTES | \
- SA_RIGHT_FILE_EXECUTE)
-
-
-/* SAM Object specific access rights */
-
-#define SA_RIGHT_SAM_UNKNOWN_1 0x00000001
-#define SA_RIGHT_SAM_SHUTDOWN_SERVER 0x00000002
-#define SA_RIGHT_SAM_UNKNOWN_4 0x00000004
-#define SA_RIGHT_SAM_UNKNOWN_8 0x00000008
-#define SA_RIGHT_SAM_ENUM_DOMAINS 0x00000010
-#define SA_RIGHT_SAM_OPEN_DOMAIN 0x00000020
-
-#define SA_RIGHT_SAM_ALL_ACCESS 0x0000003F
-
-#define GENERIC_RIGHTS_SAM_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_SAM_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_SAM_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_SAM_ENUM_DOMAINS)
-
-#define GENERIC_RIGHTS_SAM_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_SAM_UNKNOWN_8 | \
- SA_RIGHT_SAM_UNKNOWN_4 | \
- SA_RIGHT_SAM_SHUTDOWN_SERVER)
-
-#define GENERIC_RIGHTS_SAM_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_SAM_OPEN_DOMAIN | \
- SA_RIGHT_SAM_UNKNOWN_1)
-
-
-/* Domain Object specific access rights */
-
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_1 0x00000001
-#define SA_RIGHT_DOMAIN_SET_INFO_1 0x00000002
-#define SA_RIGHT_DOMAIN_LOOKUP_INFO_2 0x00000004
-#define SA_RIGHT_DOMAIN_SET_INFO_2 0x00000008
-#define SA_RIGHT_DOMAIN_CREATE_USER 0x00000010
-#define SA_RIGHT_DOMAIN_CREATE_GROUP 0x00000020
-#define SA_RIGHT_DOMAIN_CREATE_ALIAS 0x00000040
-#define SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM 0x00000080
-#define SA_RIGHT_DOMAIN_ENUM_ACCOUNTS 0x00000100
-#define SA_RIGHT_DOMAIN_OPEN_ACCOUNT 0x00000200
-#define SA_RIGHT_DOMAIN_SET_INFO_3 0x00000400
-
-#define SA_RIGHT_DOMAIN_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_DOMAIN_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_DOMAIN_ALL_ACCESS)
-
-#define GENERIC_RIGHTS_DOMAIN_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_2)
-
-#define GENERIC_RIGHTS_DOMAIN_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_DOMAIN_SET_INFO_3 | \
- SA_RIGHT_DOMAIN_CREATE_ALIAS | \
- SA_RIGHT_DOMAIN_CREATE_GROUP | \
- SA_RIGHT_DOMAIN_CREATE_USER | \
- SA_RIGHT_DOMAIN_SET_INFO_2 | \
- SA_RIGHT_DOMAIN_SET_INFO_1)
-
-#define GENERIC_RIGHTS_DOMAIN_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_DOMAIN_OPEN_ACCOUNT | \
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS | \
- SA_RIGHT_DOMAIN_LOOKUP_INFO_1)
-
-
-/* User Object specific access rights */
-
-#define SA_RIGHT_USER_GET_NAME_ETC 0x00000001
-#define SA_RIGHT_USER_GET_LOCALE 0x00000002
-#define SA_RIGHT_USER_SET_LOC_COM 0x00000004
-#define SA_RIGHT_USER_GET_LOGONINFO 0x00000008
-#define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010
-#define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020
-#define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040
-#define SA_RIGHT_USER_SET_PASSWORD 0x00000080
-#define SA_RIGHT_USER_GET_GROUPS 0x00000100
-#define SA_RIGHT_USER_UNKNOWN_200 0x00000200
-#define SA_RIGHT_USER_UNKNOWN_400 0x00000400
-
-#define SA_RIGHT_USER_ALL_ACCESS 0x000007FF
-
-#define GENERIC_RIGHTS_USER_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_USER_ALL_ACCESS) /* 0x000f07ff */
-
-#define GENERIC_RIGHTS_USER_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_USER_UNKNOWN_200 | \
- SA_RIGHT_USER_GET_GROUPS | \
- SA_RIGHT_USER_ACCT_FLAGS_EXPIRY | \
- SA_RIGHT_USER_GET_LOGONINFO | \
- SA_RIGHT_USER_GET_LOCALE) /* 0x0002031a */
-
-#define GENERIC_RIGHTS_USER_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_SET_LOC_COM) /* 0x00020044 */
-
-#define GENERIC_RIGHTS_USER_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_USER_CHANGE_PASSWORD | \
- SA_RIGHT_USER_GET_NAME_ETC ) /* 0x00020041 */
-
-
-/* Group Object specific access rights */
-
-#define SA_RIGHT_GROUP_LOOKUP_INFO 0x00000001
-#define SA_RIGHT_GROUP_SET_INFO 0x00000002
-#define SA_RIGHT_GROUP_ADD_MEMBER 0x00000004
-#define SA_RIGHT_GROUP_REMOVE_MEMBER 0x00000008
-#define SA_RIGHT_GROUP_GET_MEMBERS 0x00000010
-
-#define SA_RIGHT_GROUP_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_GROUP_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_GROUP_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_GROUP_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_GROUP_GET_MEMBERS) /* 0x00020010 */
-
-#define GENERIC_RIGHTS_GROUP_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_GROUP_REMOVE_MEMBER | \
- SA_RIGHT_GROUP_ADD_MEMBER | \
- SA_RIGHT_GROUP_SET_INFO ) /* 0x0002000e */
-
-#define GENERIC_RIGHTS_GROUP_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_GROUP_LOOKUP_INFO) /* 0x00020001 */
-
-
-/* Alias Object specific access rights */
-
-#define SA_RIGHT_ALIAS_ADD_MEMBER 0x00000001
-#define SA_RIGHT_ALIAS_REMOVE_MEMBER 0x00000002
-#define SA_RIGHT_ALIAS_GET_MEMBERS 0x00000004
-#define SA_RIGHT_ALIAS_LOOKUP_INFO 0x00000008
-#define SA_RIGHT_ALIAS_SET_INFO 0x00000010
-
-#define SA_RIGHT_ALIAS_ALL_ACCESS 0x0000001F
-
-#define GENERIC_RIGHTS_ALIAS_ALL_ACCESS \
- (STANDARD_RIGHTS_REQUIRED_ACCESS| \
- SA_RIGHT_ALIAS_ALL_ACCESS) /* 0x000f001f */
-
-#define GENERIC_RIGHTS_ALIAS_READ \
- (STANDARD_RIGHTS_READ_ACCESS | \
- SA_RIGHT_ALIAS_GET_MEMBERS ) /* 0x00020004 */
-
-#define GENERIC_RIGHTS_ALIAS_WRITE \
- (STANDARD_RIGHTS_WRITE_ACCESS | \
- SA_RIGHT_ALIAS_REMOVE_MEMBER | \
- SA_RIGHT_ALIAS_ADD_MEMBER | \
- SA_RIGHT_ALIAS_SET_INFO ) /* 0x00020013 */
-
-#define GENERIC_RIGHTS_ALIAS_EXECUTE \
- (STANDARD_RIGHTS_EXECUTE_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO ) /* 0x00020008 */
-
#endif /* _RPC_SECDES_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM structures
- Copyright (C) Kai Krueger 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Simo Sorce 2002
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _SAM_H
-#define _SAM_H
-
-/* We want to track down bugs early */
-#if 1
-#define SAM_ASSERT(x) SMB_ASSERT(x)
-#else
-#define SAM_ASSERT(x) while (0) { \
- if (!(x)) {
- DEBUG(0, ("SAM_ASSERT failed!\n"))
- return NT_STATUS_FAIL_CHECK;\
- } \
- }
-#endif
-
-
-/* let it be 0 until we have a stable interface --metze */
-#define SAM_INTERFACE_VERSION 0
-
-/* use this inside a passdb module */
-#define SAM_MODULE_VERSIONING_MAGIC \
-int sam_version(void)\
-{\
- return SAM_INTERFACE_VERSION;\
-}
-
-/* Backend to use by default when no backend was specified */
-#define SAM_DEFAULT_BACKEND "plugin"
-
-typedef struct sam_domain_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_domain_handle **);
- struct domain_data {
- DOM_SID sid; /*SID of the domain. Should not be changed */
- char *name; /* Name of the domain */
- char *servername; /* */
- NTTIME max_passwordage; /* time till next password expiration */
- NTTIME min_passwordage; /* time till password can be changed again */
- NTTIME lockout_duration; /* time till login is allowed again after lockout*/
- NTTIME reset_count; /* time till bad login counter is reset */
- uint16 min_passwordlength; /* minimum number of characters for a password */
- uint16 password_history; /* number of passwords stored in history */
- uint16 lockout_count; /* number of bad login attempts before lockout */
- BOOL force_logoff; /* force logoff after logon hours have expired */
- BOOL login_pwdchange; /* Users need to logon to change their password */
- uint32 num_accounts; /* number of accounts in the domain */
- uint32 num_groups; /* number of global groups */
- uint32 num_aliases; /* number of local groups */
- uint32 sam_sequence_number; /* global sequence number */
- } private;
-} SAM_DOMAIN_HANDLE;
-
-typedef struct sam_account_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_account_handle **);
- struct sam_account_data {
- uint32 init_flag;
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
- char * account_name; /* account_name string */
- SAM_DOMAIN_HANDLE * domain; /* domain of account */
- char *full_name; /* account's full name string */
- char *unix_home_dir; /* UNIX home directory string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *acct_desc; /* account description string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
- DOM_SID account_sid; /* Primary Account SID */
- DOM_SID group_sid; /* Primary Group SID */
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
- char *plaintext_pw; /* if Null not available */
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_1; /* 0x00ff ffff */
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
- uint32 unknown_2; /* 0x0002 0000 */
- uint32 unknown_3; /* 0x0000 04ec */
- } private;
-} SAM_ACCOUNT_HANDLE;
-
-typedef struct sam_group_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_group_handle **);
- struct sam_group_data {
- char *group_name;
- char *group_desc;
- DOM_SID sid;
- uint16 group_ctrl; /* specifies if the group is a local group or a global group */
- uint32 num_members;
- } private;
-} SAM_GROUP_HANDLE;
-
-
-typedef struct sam_group_member {
- DOM_SID sid;
- BOOL group; /* specifies if it is a group or a account */
-} SAM_GROUP_MEMBER;
-
-typedef struct sam_account_enum {
- DOM_SID sid;
- char *account_name;
- char *full_name;
- char *account_desc;
- uint16 acct_ctrl;
-} SAM_ACCOUNT_ENUM;
-
-typedef struct sam_group_enum {
- DOM_SID sid;
- char *group_name;
- char *group_desc;
- uint16 group_ctrl;
-} SAM_GROUP_ENUM;
-
-
-/* bits for group_ctrl: to spezify if the group is global group or alias */
-#define GCB_LOCAL_GROUP 0x0001
-#define GCB_ALIAS_GROUP (GCB_LOCAL_GROUP |GCB_BUILTIN)
-#define GCB_GLOBAL_GROUP 0x0002
-#define GCB_BUILTIN 0x1000
-
-typedef struct sam_context
-{
- struct sam_methods *methods;
- TALLOC_CTX *mem_ctx;
-
- void (*free_fn)(struct sam_context **);
-} SAM_CONTEXT;
-
-typedef struct sam_methods
-{
- struct sam_context *parent;
- struct sam_methods *next;
- struct sam_methods *prev;
- const char *backendname;
- const char *domain_name;
- DOM_SID domain_sid;
- void *private_data;
-
- /* General API */
-
- NTSTATUS (*sam_get_sec_desc) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd);
- NTSTATUS (*sam_set_sec_desc) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd);
-
- NTSTATUS (*sam_lookup_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type);
- NTSTATUS (*sam_lookup_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type);
-
- /* Domain API */
-
- NTSTATUS (*sam_update_domain) (const struct sam_methods *, const SAM_DOMAIN_HANDLE *domain);
- NTSTATUS (*sam_get_domain_handle) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain);
-
- /* Account API */
-
- NTSTATUS (*sam_create_account) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account);
- NTSTATUS (*sam_add_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account);
- NTSTATUS (*sam_update_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account);
- NTSTATUS (*sam_delete_account) (const struct sam_methods *, const SAM_ACCOUNT_HANDLE *account);
- NTSTATUS (*sam_enum_accounts) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts);
-
- NTSTATUS (*sam_get_account_by_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account);
- NTSTATUS (*sam_get_account_by_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account);
-
- /* Group API */
-
- NTSTATUS (*sam_create_group) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group);
- NTSTATUS (*sam_add_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group);
- NTSTATUS (*sam_update_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group);
- NTSTATUS (*sam_delete_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group);
- NTSTATUS (*sam_enum_groups) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups);
- NTSTATUS (*sam_get_group_by_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group);
- NTSTATUS (*sam_get_group_by_name) (const struct sam_methods *, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group);
-
- NTSTATUS (*sam_add_member_to_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member);
- NTSTATUS (*sam_delete_member_from_group) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member);
- NTSTATUS (*sam_enum_groupmembers) (const struct sam_methods *, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members);
-
- NTSTATUS (*sam_get_groups_of_sid) (const struct sam_methods *, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups);
-
- void (*free_private_data)(void **);
-} SAM_METHODS;
-
-typedef NTSTATUS (*sam_init_function)(SAM_METHODS *, const char *);
-
-struct sam_init_function_entry {
- char *module_name;
- /* Function to create a member of the sam_methods list */
- sam_init_function init;
-};
-
-typedef struct sam_backend_entry {
- char *module_name;
- char *module_params;
- char *domain_name;
- DOM_SID *domain_sid;
-} SAM_BACKEND_ENTRY;
-
-
-#endif /* _SAM_H */
/*
* bit flags representing initialized fields in SAM_ACCOUNT
*/
-enum pdb_elements {
- PDB_UNINIT,
- PDB_UID,
- PDB_GID,
- PDB_SMBHOME,
- PDB_PROFILE,
- PDB_DRIVE,
- PDB_LOGONSCRIPT,
- PDB_LOGONTIME,
- PDB_LOGOFFTIME,
- PDB_KICKOFFTIME,
- PDB_CANCHANGETIME,
- PDB_MUSTCHANGETIME,
- PDB_PLAINTEXT_PW,
- PDB_USERNAME,
- PDB_FULLNAME,
- PDB_DOMAIN,
- PDB_NTUSERNAME,
- PDB_HOURSLEN,
- PDB_LOGONDIVS,
- PDB_USERSID,
- PDB_GROUPSID,
- PDB_ACCTCTRL,
- PDB_PASSLASTSET,
- PDB_UNIXHOMEDIR,
- PDB_ACCTDESC,
- PDB_WORKSTATIONS,
- PDB_UNKNOWNSTR,
- PDB_MUNGEDDIAL,
- PDB_HOURS,
- PDB_UNKNOWN3,
- PDB_UNKNOWN5,
- PDB_UNKNOWN6,
- PDB_LMPASSWD,
- PDB_NTPASSWD,
-
- /* this must be the last element */
- PDB_COUNT,
-};
-
-enum pdb_value_state {
- PDB_DEFAULT=0,
- PDB_SET,
- PDB_CHANGED
-};
+#define FLAG_SAM_UNINIT 0x00000000
+#define FLAG_SAM_UID 0x00000001
+#define FLAG_SAM_GID 0x00000002
+#define FLAG_SAM_SMBHOME 0x00000004
+#define FLAG_SAM_PROFILE 0x00000008
+#define FLAG_SAM_DRIVE 0x00000010
+#define FLAG_SAM_LOGONSCRIPT 0x00000020
+#define FLAG_SAM_LOGONTIME 0x00000040
+#define FLAG_SAM_LOGOFFTIME 0x00000080
+#define FLAG_SAM_KICKOFFTIME 0x00000100
+#define FLAG_SAM_CANCHANGETIME 0x00000200
+#define FLAG_SAM_MUSTCHANGETIME 0x00000400
+#define FLAG_SAM_PLAINTEXT_PW 0x00000800
#define IS_SAM_UNIX_USER(x) \
- (( pdb_get_init_flags(x, PDB_UID) != PDB_DEFAULT ) \
- && ( pdb_get_init_flags(x,PDB_GID) != PDB_DEFAULT ))
+ ((pdb_get_init_flag(x) & FLAG_SAM_UID) \
+ && (pdb_get_init_flag(x) & FLAG_SAM_GID))
-#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET)
-#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED)
-#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT)
+#define IS_SAM_SET(x, flag) ((x)->private.init_flag & (flag))
typedef struct sam_passwd
{
struct user_data {
/* initiailization flags */
- struct bitmap *change_flags;
- struct bitmap *set_flags;
-
+ uint32 init_flag;
+
time_t logon_time; /* logon time */
time_t logoff_time; /* logoff time */
time_t kickoff_time; /* kickoff time */
#define DESIRED_ACCESS_PIPE 0x2019f
/* Generic access masks & rights. */
+#define SPECIFIC_RIGHTS_MASK 0x00FFFFL
+#define STANDARD_RIGHTS_MASK 0xFF0000L
#define DELETE_ACCESS (1L<<16) /* 0x00010000 */
#define READ_CONTROL_ACCESS (1L<<17) /* 0x00020000 */
#define WRITE_DAC_ACCESS (1L<<18) /* 0x00040000 */
#define WRITE_OWNER_ACCESS (1L<<19) /* 0x00080000 */
#define SYNCHRONIZE_ACCESS (1L<<20) /* 0x00100000 */
-#define SYSTEM_SECURITY_ACCESS (1L<<24) /* 0x01000000 */
-#define MAXIMUM_ALLOWED_ACCESS (1L<<25) /* 0x02000000 */
+/* Combinations of standard masks. */
+#define STANDARD_RIGHTS_ALL_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|SYNCHRONIZE_ACCESS) /* 0x001f0000 */
+#define STANDARD_RIGHTS_EXECUTE_ACCESS (READ_CONTROL_ACCESS) /* 0x00020000 */
+#define STANDARD_RIGHTS_READ_ACCESS (READ_CONTROL_ACCESS) /* 0x00200000 */
+#define STANDARD_RIGHTS_REQUIRED_ACCESS (DELETE_ACCESS|READ_CONTROL_ACCESS|WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS) /* 0x000f0000 */
+#define STANDARD_RIGHTS_WRITE_ACCESS (READ_CONTROL_ACCESS) /* 0x00020000 */
+
+#define SYSTEM_SECURITY_ACCESS (1L<<24) /* 0x01000000 */
+#define MAXIMUM_ALLOWED_ACCESS (1L<<25) /* 0x02000000 */
#define GENERIC_ALL_ACCESS (1<<28) /* 0x10000000 */
#define GENERIC_EXECUTE_ACCESS (1<<29) /* 0x20000000 */
#define GENERIC_WRITE_ACCESS (1<<30) /* 0x40000000 */
extern struct poptOption popt_common_debug[];
extern struct poptOption popt_common_configfile[];
-/* Module support */
-typedef NTSTATUS (init_module_function) (void);
-
#endif /* _SMB_H */
-#define VERSION "post3.0-HEAD"
+#define VERSION "3.0alpha21cvs"
SAFE_FREE(bm);
}
-/****************************************************************************
-talloc a bitmap
-****************************************************************************/
-struct bitmap *bitmap_talloc(TALLOC_CTX *mem_ctx, int n)
-{
- struct bitmap *bm;
-
- if (!mem_ctx) return NULL;
-
- bm = (struct bitmap *)talloc(mem_ctx, sizeof(*bm));
-
- if (!bm) return NULL;
-
- bm->n = n;
- bm->b = (uint32 *)talloc(mem_ctx, sizeof(bm->b[0])*(n+31)/32);
- if (!bm->b) {
- return NULL;
- }
-
- memset(bm->b, 0, sizeof(bm->b[0])*(n+31)/32);
-
- return bm;
-}
-
/****************************************************************************
set a bit in a bitmap
****************************************************************************/
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Groupname handling
- Copyright (C) Jeremy Allison 1998.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- * UNIX gid and Local or Domain SID resolution. This module resolves
- * only those entries in the map files, it is *NOT* responsible for
- * resolving UNIX groups not listed: that is an entirely different
- * matter, altogether...
- */
-
-/*
- *
- *
-
- format of the file is:
-
- unixname NT Group name
- unixname Domain Admins (well-known Domain Group)
- unixname DOMAIN_NAME\NT Group name
- unixname OTHER_DOMAIN_NAME\NT Group name
- unixname DOMAIN_NAME\Domain Admins (well-known Domain Group)
- ....
-
- if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
-
- *
- *
- */
-
-
-#include "includes.h"
-extern int DEBUGLEVEL;
-
-extern fstring global_myworkgroup;
-extern DOM_SID global_member_sid;
-extern fstring global_sam_name;
-extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_5_20;
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
- return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
-{
- return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
- return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_group_rid(uint32 gid)
-{
- uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
- return grp_rid;
-}
-
-/******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_alias_rid(uint32 gid)
-{
- uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
- return alias_rid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_uid_to_user_rid(uint32 uid)
-{
- uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
- return user_rid;
-}
-
-/******************************************************************
- converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
-{
- DOM_SID tmp_sid;
- uint32 rid;
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- if (!sid_equal(&global_sam_sid, &tmp_sid))
- {
- return False;
- }
-
- switch (type)
- {
- case SID_NAME_USER:
- {
- *id = pwdb_user_rid_to_uid(rid);
- return True;
- }
- case SID_NAME_ALIAS:
- {
- *id = pwdb_alias_rid_to_gid(rid);
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- *id = pwdb_group_rid_to_gid(rid);
- return True;
- }
- }
- return False;
-}
-
-/******************************************************************
- converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
-{
- sid_copy(sid, &global_sam_sid);
- switch (type)
- {
- case SID_NAME_USER:
- {
- sid_append_rid(sid, pwdb_uid_to_user_rid(id));
- return True;
- }
- case SID_NAME_ALIAS:
- {
- sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- sid_append_rid(sid, pwdb_gid_to_group_rid(id));
- return True;
- }
- }
- return False;
-}
-
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
- return (rid < 1000);
-}
-
-/*******************************************************************
- determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type: SID_ENUM_TYPE.
- */
- if (pwdb_rid_is_well_known(rid))
- {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- {
- return RID_TYPE_USER;
- }
- if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
- {
- return RID_TYPE_GROUP;
- }
- if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
- {
- return RID_TYPE_ALIAS;
- }
- }
- return (rid & RID_TYPE_MASK);
-}
-
-/*******************************************************************
- checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
- return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
-
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct name_map
-{
- ubi_slNode next;
- DOM_NAME_MAP grp;
-
-} name_map_entry;
-
-static ubi_slList groupname_map_list;
-static ubi_slList aliasname_map_list;
-static ubi_slList ntusrname_map_list;
-
-static void delete_name_entry(name_map_entry *gmep)
-{
- if (gmep->grp.nt_name)
- {
- free(gmep->grp.nt_name);
- }
- if (gmep->grp.nt_domain)
- {
- free(gmep->grp.nt_domain);
- }
- if (gmep->grp.unix_name)
- {
- free(gmep->grp.unix_name);
- }
- free((char*)gmep);
-}
-
-/**************************************************************************
- Delete all the entries in the name map list.
-***************************************************************************/
-
-static void delete_map_list(ubi_slList *map_list)
-{
- name_map_entry *gmep;
-
- while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
- {
- delete_name_entry(gmep);
- }
-}
-
-
-/**************************************************************************
- makes a group sid out of a domain sid and a _unix_ gid.
-***************************************************************************/
-static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
-{
- int ret = False;
- fstring sid_str;
-
- if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
- {
- DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
- grp->nt_domain));
- return False;
- }
-
- if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
- {
- /*
- * only builtin aliases are recognised in S-1-5-20
- */
- DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
- grp->nt_name));
-
- if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
- {
- DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
- grp->unix_name, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_USER)
- {
- DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_DOMAIN)
- {
- DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else
- {
- switch (type)
- {
- case DOM_MAP_USER:
- {
- grp->type = SID_NAME_USER;
- break;
- }
- case DOM_MAP_DOMAIN:
- {
- grp->type = SID_NAME_DOM_GRP;
- break;
- }
- case DOM_MAP_LOCAL:
- {
- grp->type = SID_NAME_ALIAS;
- break;
- }
- }
-
- ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
- }
-
- sid_to_string(sid_str, &grp->sid);
- DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n",
- grp->nt_domain, grp->nt_name, grp->unix_id, sid_str));
- return ret;
-}
-
-/**************************************************************************
- makes a group sid out of an nt domain, nt group name or a unix group name.
-***************************************************************************/
-static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type)
-{
- /*
- * Attempt to get the unix gid_t for this name.
- */
-
- DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name));
-
- if (type == DOM_MAP_USER)
- {
- const struct passwd *pwptr = Get_Pwnam(map->unix_name, False);
- if (pwptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)pwptr->pw_uid;
- }
- else
- {
- struct group *gptr = getgrnam(map->unix_name);
- if (gptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)gptr->gr_gid;
- }
-
- DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id));
-
- /*
- * Now map the name to an NT SID+RID.
- */
-
- if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name))
- {
- /* Must add client-call lookup code here, to
- * resolve remote domain's sid and the group's rid,
- * in that domain.
- *
- * NOTE: it is _incorrect_ to put code here that assumes
- * we are responsible for lookups for foriegn domains' RIDs.
- *
- * for foriegn domains for which we are *NOT* the PDC, all
- * we can be responsible for is the unix gid_t to which
- * the foriegn SID+rid maps to, on this _local_ machine.
- * we *CANNOT* make any short-cuts or assumptions about
- * RIDs in a foriegn domain.
- */
-
- if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain)))
- {
- DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n",
- map->nt_domain));
- return False;
- }
- }
-
- return make_mydomain_sid(map, type);
-}
-
-static BOOL make_name_entry(name_map_entry **new_ep,
- char *nt_domain, char *nt_group, char *unix_group,
- DOM_MAP_TYPE type)
-{
- /*
- * Create the list entry and add it onto the list.
- */
-
- DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
-
- (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
- if ((*new_ep) == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
- return False;
- }
-
- ZERO_STRUCTP(*new_ep);
-
- (*new_ep)->grp.nt_name = strdup(nt_group );
- (*new_ep)->grp.nt_domain = strdup(nt_domain );
- (*new_ep)->grp.unix_name = strdup(unix_group);
-
- if ((*new_ep)->grp.nt_name == NULL ||
- (*new_ep)->grp.unix_name == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
- delete_name_entry((*new_ep));
- return False;
- }
-
- /*
- * look up the group names, make the Group-SID and unix gid
- */
-
- if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type))
- {
- delete_name_entry((*new_ep));
- return False;
- }
-
- return True;
-}
-
-/**************************************************************************
- Load a name map file. Sets last accessed timestamp.
-***************************************************************************/
-static ubi_slList *load_name_map(DOM_MAP_TYPE type)
-{
- static time_t groupmap_file_last_modified = (time_t)0;
- static time_t aliasmap_file_last_modified = (time_t)0;
- static time_t ntusrmap_file_last_modified = (time_t)0;
- static BOOL initialised_group = False;
- static BOOL initialised_alias = False;
- static BOOL initialised_ntusr = False;
- char *groupname_map_file = lp_groupname_map();
- char *aliasname_map_file = lp_aliasname_map();
- char *ntusrname_map_file = lp_ntusrname_map();
-
- FILE *fp;
- char *s;
- pstring buf;
- name_map_entry *new_ep;
-
- time_t *file_last_modified = NULL;
- int *initialised = NULL;
- char *map_file = NULL;
- ubi_slList *map_list = NULL;
-
- switch (type)
- {
- case DOM_MAP_DOMAIN:
- {
- file_last_modified = &groupmap_file_last_modified;
- initialised = &initialised_group;
- map_file = groupname_map_file;
- map_list = &groupname_map_list;
-
- break;
- }
- case DOM_MAP_LOCAL:
- {
- file_last_modified = &aliasmap_file_last_modified;
- initialised = &initialised_alias;
- map_file = aliasname_map_file;
- map_list = &aliasname_map_list;
-
- break;
- }
- case DOM_MAP_USER:
- {
- file_last_modified = &ntusrmap_file_last_modified;
- initialised = &initialised_ntusr;
- map_file = ntusrname_map_file;
- map_list = &ntusrname_map_list;
-
- break;
- }
- }
-
- if (!(*initialised))
- {
- DEBUG(10,("initialising map %s\n", map_file));
- ubi_slInitList(map_list);
- (*initialised) = True;
- }
-
- if (!*map_file)
- {
- return map_list;
- }
-
- /*
- * Load the file.
- */
-
- fp = open_file_if_modified(map_file, "r", file_last_modified);
- if (!fp)
- {
- return map_list;
- }
-
- /*
- * Throw away any previous list.
- */
- delete_map_list(map_list);
-
- DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
-
- while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
- {
- pstring unixname;
- pstring nt_name;
- fstring nt_domain;
- fstring ntname;
- char *p;
-
- DEBUG(10,("Read line |%s|\n", s));
-
- memset(nt_name, 0, sizeof(nt_name));
-
- if (!*s || strchr("#;",*s))
- continue;
-
- if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
- continue;
-
- if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
- continue;
-
- trim_string(unixname, " ", " ");
- trim_string(nt_name, " ", " ");
-
- if (!*nt_name)
- continue;
-
- if (!*unixname)
- continue;
-
- p = strchr(nt_name, '\\');
-
- if (p == NULL)
- {
- memset(nt_domain, 0, sizeof(nt_domain));
- fstrcpy(ntname, nt_name);
- }
- else
- {
- *p = 0;
- p++;
- fstrcpy(nt_domain, nt_name);
- fstrcpy(ntname , p);
- }
-
- if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type))
- {
- ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
- DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
- new_ep->grp.unix_name,
- new_ep->grp.nt_domain,
- new_ep->grp.nt_name,
- new_ep->grp.type));
- }
- }
-
- DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
- ubi_slCount(map_list)));
-
- fclose(fp);
-
- return map_list;
-}
-
-static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
-{
- sid_copy(&grp->sid, &from->sid);
- grp->unix_id = from->unix_id;
- grp->nt_name = from->nt_name;
- grp->nt_domain = from->nt_domain;
- grp->unix_name = from->unix_name;
- grp->type = from->type;
-}
-
-#if 0
-/***********************************************************
- Lookup unix name.
-************************************************************/
-static BOOL map_unixname(DOM_MAP_TYPE type,
- char *unixname, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.unix_name, unixname))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-#endif
-
-/***********************************************************
- Lookup nt name.
-************************************************************/
-static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
- DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.nt_name , ntname) &&
- strequal(gmep->grp.nt_domain, ntdomain))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-
-/***********************************************************
- Lookup by SID
-************************************************************/
-static BOOL map_sid(DOM_MAP_TYPE type,
- DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (sid_equal(&gmep->grp.sid, psid))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- Lookup by gid_t.
-************************************************************/
-static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- fstring sid_str;
- sid_to_string(sid_str, &gmep->grp.sid);
- DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
- gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
- if (gmep->grp.unix_id == unix_id)
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n",
- gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- *
- * Call four functions to resolve unix group ids and either
- * local group SIDs or domain group SIDs listed in the local group
- * or domain group map files.
- *
- * Note that it is *NOT* the responsibility of these functions to
- * resolve entries that are not in the map files.
- *
- * Any SID can be in the map files (i.e from any Domain).
- *
- ***********************************************************/
-
-#if 0
-
-/***********************************************************
- Lookup a UNIX Group entry by name.
-************************************************************/
-BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
-}
-
-/***********************************************************
- Lookup a UNIX Alias entry by name.
-************************************************************/
-BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias name entry
-************************************************************/
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry
-************************************************************/
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
-}
-
-#endif
-
-/***********************************************************
- Lookup a Username entry by name.
-************************************************************/
-static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Username entry by SID.
-************************************************************/
-static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_USER, sid, grp_info);
-}
-
-/***********************************************************
- Lookup a Username SID entry by uid.
-************************************************************/
-static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by name.
-************************************************************/
-BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_LOCAL, psid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry by sid.
-************************************************************/
-BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_DOMAIN, psid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by gid_t.
-************************************************************/
-static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group SID entry by gid_t.
-************************************************************/
-static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info);
-}
-
-
-/************************************************************************
- Routine to look up User details by UNIX name
-*************************************************************************/
-BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp)
-{
- uid_t uid;
- DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name));
- if (nametouid(unix_usr_name, &uid))
- {
- return lookupsmbpwuid(uid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
-{
- struct cli_state cli;
- POLICY_HND lsa_pol;
- fstring srv_name;
- extern struct ntuser_creds *usr_creds;
- struct ntuser_creds usr;
-
- BOOL res3 = True;
- BOOL res4 = True;
- uint32 num_sids;
- DOM_SID *sids;
- uint8 *types;
- char *names[1];
-
- usr_creds = &usr;
-
- ZERO_STRUCT(usr);
- pwd_set_nullpwd(&usr.pwd);
-
- DEBUG(5,("lookup_remote_ntname: %s\n", ntname));
-
- if (!cli_connect_serverlist(&cli, lp_passwordserver()))
- {
- return False;
- }
-
- names[0] = ntname;
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, cli.desthost);
- strupper(srv_name);
-
- /* lookup domain controller; receive a policy handle */
- res3 = res3 ? lsa_open_policy( srv_name,
- &lsa_pol, True) : False;
-
- /* send lsa lookup sids call */
- res4 = res3 ? lsa_lookup_names( &lsa_pol,
- 1, names,
- &sids, &types, &num_sids) : False;
-
- res3 = res3 ? lsa_close(&lsa_pol) : False;
-
- if (res4 && res3 && sids != NULL && types != NULL)
- {
- sid_copy(sid, &sids[0]);
- *type = types[0];
- }
- else
- {
- res3 = False;
- }
- if (types != NULL)
- {
- free(types);
- }
-
- if (sids != NULL)
- {
- free(sids);
- }
-
- return res3 && res4;
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type,
- DOM_NAME_MAP *gmep)
-{
- /*
- * check with the PDC to see if it owns the name. if so,
- * the SID is resolved with the PDC database.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type))
- {
- if (sid_front_equal(&gmep->sid, &global_member_sid) &&
- strequal(gmep->nt_domain, global_myworkgroup) &&
- gmep->type == expected_type)
- {
- return True;
- }
- return False;
- }
- }
-
- /*
- * ... otherwise, it's one of ours. map the sid ourselves,
- * which can only happen in our own SAM database.
- */
-
- if (!strequal(gmep->nt_domain, global_sam_name))
- {
- return False;
- }
- if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
- {
- return False;
- }
-
- return True;
-}
-
-/*
- * used by lookup functions below
- */
-
-static fstring nt_name;
-static fstring unix_name;
-static fstring nt_domain;
-
-/*************************************************************************
- looks up a uid, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid));
- if (map_username_uid(uid, gmep))
- {
- return True;
- }
-#if 0
- if (lp_server_role() != ROLE_DOMAIN_NONE)
-#endif
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)uid;
-
- /*
- * ok, assume it's one of ours. then double-check it
- * if we are a member of a domain
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->nt_name, uidtoname(uid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
-#endif
- }
-
- /*
- * ok, it's one of ours.
- */
-
- gmep->nt_domain = global_sam_name;
- pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by NT name, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname));
-
- if (!split_domain_name(fullntname, nt_domain, nt_name))
- {
- return False;
- }
-
- if (map_nt_username(nt_name, nt_domain, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- uid_t uid;
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->unix_name, gmep->nt_name);
- if (!nametouid(gmep->unix_name, &uid))
- {
- return False;
- }
- gmep->unix_id = (uint32)uid;
-
- return get_sid_and_type(fullntname, gmep->type, gmep);
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by RID, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str));
-
- if (map_username_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/************************************************************************
- Routine to look up group / alias / well-known group RID by UNIX name
-*************************************************************************/
-BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp)
-{
- gid_t gid;
- DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name));
- if (nametogid(unix_grp_name, &gid))
- {
- return lookupsmbgrpgid(gid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/*************************************************************************
- looks up a SID, returns name map entry
-*************************************************************************/
-BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str));
-
- if (map_alias_sid(sid, gmep))
- {
- return True;
- }
- if (map_group_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
-
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops */
- return False;
-}
-
-/*************************************************************************
- looks up a gid, returns RID and type local, domain or well-known domain group
-*************************************************************************/
-BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid));
- if (map_alias_gid(gid, gmep))
- {
- return True;
- }
- if (map_group_gid(gid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)gid;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
- {
- return True;
- }
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
- fstrcpy(gmep->nt_name, gidtoname(gid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- return get_sid_and_type(gmep->nt_name, gmep->type, gmep);
- }
-
- /* oops */
- return False;
-}
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- module loading system
-
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#ifdef HAVE_DLOPEN
-NTSTATUS smb_load_module(const char *module_name)
-{
- void *handle;
- init_module_function *init;
- NTSTATUS nt_status;
-
- /* Always try to use LAZY symbol resolving; if the plugin has
- * backwards compatibility, there might be symbols in the
- * plugin referencing to old (removed) functions
- */
- handle = sys_dlopen(module_name, RTLD_LAZY);
-
- if(!handle) {
- DEBUG(0, ("Error loading module '%s': %s\n", module_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- init = sys_dlsym(handle, "init_module");
-
- if(!init) {
- DEBUG(0, ("Error trying to resolve symbol 'init_module' in %s: %s\n", module_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- nt_status = init();
-
- DEBUG(2, ("Module '%s' loaded\n", module_name));
-
- return nt_status;
-}
-
-#else /* HAVE_DLOPEN */
-
-NTSTATUS smb_load_module(const char *module_name)
-{
- DEBUG(0,("This samba executable has not been build with plugin support"));
- return NT_STATUS_NOT_SUPPORTED;
-}
-
-#endif /* HAVE_DLOPEN */
#endif /* HAVE_VSYSLOG */
-#ifndef HAVE_TIMEGM
-/*
- see the timegm man page on linux
-*/
- time_t timegm(struct tm *tm)
-{
- time_t ret;
- char *tz;
- char *tzvar;
-
- tz = getenv("TZ");
- putenv("TZ=");
- tzset();
- ret = mktime(tm);
- if (tz) {
- asprintf(&tzvar, "TZ=%s", tz);
- putenv(tzvar);
- safe_free(tzvar);
- } else {
- putenv("TZ");
- }
- tzset();
- return ret;
-}
-#endif
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
+ init_sec_access(&mask, SAMR_EXECUTE | SAMR_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
+ init_sec_access(&mask, SAMR_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
return atype;
}
-/*
-translated the GROUP_CTRL Flags to GroupType (groupType)
-*/
-uint32 ads_gcb2gtype(uint16 gcb)
-{
- uint32 gtype = 0x00000000;
-
- if (gcb & GCB_ALIAS_GROUP) gtype |= GTYPE_SECURITY_BUILTIN_LOCAL_GROUP;
- else if(gcb & GCB_LOCAL_GROUP) gtype |= GTYPE_SECURITY_DOMAIN_LOCAL_GROUP;
- if (gcb & GCB_GLOBAL_GROUP) gtype |= GTYPE_SECURITY_GLOBAL_GROUP;
-
- return gtype;
-}
-
-/*
-translated the GroupType (groupType) to GROUP_CTRL Flags
-*/
-uint16 ads_gtype2gcb(uint32 gtype)
-{
- uint16 gcb = 0x0000;
-
- switch(gtype) {
- case GTYPE_SECURITY_BUILTIN_LOCAL_GROUP:
- gcb = GCB_ALIAS_GROUP;
- break;
- case GTYPE_SECURITY_DOMAIN_LOCAL_GROUP:
- gcb = GCB_LOCAL_GROUP;
- break;
- case GTYPE_SECURITY_GLOBAL_GROUP:
- gcb = GCB_GLOBAL_GROUP;
- break;
-
- case GTYPE_DISTRIBUTION_GLOBAL_GROUP:
- gcb = GCB_GLOBAL_GROUP;
- break;
- case GTYPE_DISTRIBUTION_DOMAIN_LOCAL_GROUP:
- gcb = GCB_LOCAL_GROUP;
- break;
- case GTYPE_DISTRIBUTION_UNIVERSAL_GROUP:
- gcb = GCB_GLOBAL_GROUP;
- break;
- }
-
- return gcb;
-}
-
/*
get the accountType from the groupType
*/
krb5_ticket *tkt = NULL;
krb5_data salt;
krb5_encrypt_block eblock;
- int ret, i;
+ int ret;
krb5_keyblock * key;
krb5_principal host_princ;
char *host_princ_s;
fstring myname;
char *password_s;
krb5_data password;
- krb5_enctype *enctypes = NULL;
if (!secrets_init()) {
DEBUG(1,("secrets_init failed\n"));
ret = krb5_set_default_realm(context, ads->auth.realm);
if (ret) {
DEBUG(1,("krb5_set_default_realm failed (%s)\n", error_message(ret)));
+ ads_destroy(&ads);
return NT_STATUS_LOGON_FAILURE;
}
return NT_STATUS_NO_MEMORY;
}
- if ((ret = krb5_get_permitted_enctypes(context, &enctypes))) {
- DEBUG(1,("krb5_get_permitted_enctypes failed (%s)\n",
- error_message(ret)));
+ krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
+
+ ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
+ if (ret) {
+ DEBUG(1,("krb5_string_to_key failed (%s)\n", error_message(ret)));
return NT_STATUS_LOGON_FAILURE;
}
- /* we need to setup a auth context with each possible encoding type in turn */
- for (i=0;enctypes[i];i++) {
- krb5_use_enctype(context, &eblock, enctypes[i]);
-
- ret = krb5_string_to_key(context, &eblock, key, &password, &salt);
- if (ret) {
- continue;
- }
+ krb5_auth_con_setuseruserkey(context, auth_context, key);
- krb5_auth_con_setuseruserkey(context, auth_context, key);
+ packet.length = ticket->length;
+ packet.data = (krb5_pointer)ticket->data;
- packet.length = ticket->length;
- packet.data = (krb5_pointer)ticket->data;
-
- if (!(ret = krb5_rd_req(context, &auth_context, &packet,
- NULL, keytab, NULL, &tkt))) {
- krb5_free_ktypes(context, enctypes);
- break;
- }
- }
+#if 0
+ file_save("/tmp/ticket.dat", ticket->data, ticket->length);
+#endif
- if (!enctypes[i]) {
+ if ((ret = krb5_rd_req(context, &auth_context, &packet,
+ NULL, keytab, NULL, &tkt))) {
DEBUG(3,("krb5_rd_req with auth failed (%s)\n",
error_message(ret)));
return NT_STATUS_LOGON_FAILURE;
}
-#if 0
- file_save("/tmp/ticket.dat", ticket->data, ticket->length);
-#endif
-
-
if (tkt->enc_part2) {
*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
tkt->enc_part2->authorization_data[0]->length);
message_dispatch();
- /* rescan the trusted domains list. This must be done
- regularly to cope with transitive trusts */
- rescan_trusted_domains();
-
/* Free up temporary memory */
lp_talloc_free();
*/
static BOOL cm_rpc_find_dc(const char *domain, struct in_addr *dc_ip, fstring srv_name)
{
- struct in_addr *ip_list = NULL;
+ struct in_addr *ip_list = NULL, exclude_ip;
int count, i;
- if (!get_dc_list(False, domain, &ip_list, &count) &&
- !get_dc_list(True, domain, &ip_list, &count)) {
+ zero_ip(&exclude_ip);
+
+ /* Lookup domain controller name. Try the real PDC first to avoid
+ SAM sync delays */
+
+ if (get_dc_list(True, domain, &ip_list, &count)) {
+ if (name_status_find(domain, 0x1c, 0x20, ip_list[0], srv_name)) {
+ *dc_ip = ip_list[0];
+ SAFE_FREE(ip_list);
+ return True;
+ }
+ /* Didn't get name, remember not to talk to this DC. */
+ exclude_ip = ip_list[0];
+ SAFE_FREE(ip_list);
+ }
+
+ if (!get_dc_list(False, domain, &ip_list, &count)) {
DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
return False;
}
- /* Pick a nice close server */
- if (count > 1) {
- qsort(ip_list, count, sizeof(struct in_addr), QSORT_CAST ip_compare);
+ /* Remove the entry we've already failed with (should be the PDC). */
+ for (i = 0; i < count; i++) {
+ if (ip_equal( exclude_ip, ip_list[i]))
+ zero_ip(&ip_list[i]);
}
+ /* Pick a nice close server */
+ /* Look for DC on local net */
for (i = 0; i < count; i++) {
if (is_zero_ip(ip_list[i]))
continue;
+ if (!is_local_net(ip_list[i]))
+ continue;
+
if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) {
*dc_ip = ip_list[i];
SAFE_FREE(ip_list);
return True;
}
+ zero_ip(&ip_list[i]);
+ }
+
+ /*
+ * Secondly try and contact a random PDC/BDC.
+ */
+
+ i = (sys_random() % count);
+
+ if (!is_zero_ip(ip_list[i]) &&
+ name_status_find(domain, 0x1c, 0x20,
+ ip_list[i], srv_name)) {
+ *dc_ip = ip_list[i];
+ SAFE_FREE(ip_list);
+ return True;
}
+ zero_ip(&ip_list[i]); /* Tried and failed. */
+
+ /* Finally return first DC that we can contact using a node
+ status */
+ for (i = 0; i < count; i++) {
+ if (is_zero_ip(ip_list[i]))
+ continue;
+ if (name_status_find(domain, 0x1c, 0x20, ip_list[i], srv_name)) {
+ *dc_ip = ip_list[i];
+ SAFE_FREE(ip_list);
+ return True;
+ }
+ }
SAFE_FREE(ip_list);
}
state->response.extra_data = extra_data;
- /* must add one to length to copy the 0 for string termination */
- state->response.length += strlen(extra_data) + 1;
+ state->response.length += strlen(extra_data);
return WINBINDD_OK;
}
static time_t last_scan;
time_t t = time(NULL);
- /* trusted domains might be disabled */
- if (!lp_allow_trusted_domains()) {
- return;
- }
-
/* ony rescan every few minutes */
if ((unsigned)(t - last_scan) < WINBINDD_RESCAN_FREQ) {
return;
}
- last_scan = t;
-
+ last_scan = time(NULL);
+
DEBUG(1, ("scanning trusted domain list\n"));
if (!(mem_ctx = talloc_init_named("init_domain_list")))
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
+ user->private.init_flag = FLAG_SAM_UNINIT;
user->private.uid = user->private.gid = -1;
user->private.logon_time = (time_t)0;
pdb_fill_default_sam(sam_account);
- pdb_set_username(sam_account, pwd->pw_name, PDB_SET);
- pdb_set_fullname(sam_account, pwd->pw_gecos, PDB_SET);
+ pdb_set_username(sam_account, pwd->pw_name);
+ pdb_set_fullname(sam_account, pwd->pw_gecos);
- pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
+ pdb_set_unix_homedir(sam_account, pwd->pw_dir);
- pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
+ pdb_set_domain (sam_account, lp_workgroup());
- pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
- pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
+ pdb_set_uid(sam_account, pwd->pw_uid);
+ pdb_set_gid(sam_account, pwd->pw_gid);
/* When we get a proper uid -> SID and SID -> uid allocation
mechinism, we should call it here.
/* Ensure this *must* be set right */
if (strcmp(pwd->pw_name, guest_account) == 0) {
- if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) {
return NT_STATUS_UNSUCCESSFUL;
}
- if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) {
return NT_STATUS_UNSUCCESSFUL;
}
} else {
if (!pdb_set_user_sid_from_rid(sam_account,
- fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+ fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
DEBUG(0,("Can't set User SID from RID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
/* call the mapping code here */
- if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
- if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
+ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_set_group_sid(sam_account,&map.sid)){
DEBUG(0,("Can't set Group SID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
}
else {
- if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+ if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
DEBUG(0,("Can't set Group SID\n"));
return NT_STATUS_INVALID_PARAMETER;
}
lp_logon_path(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- PDB_DEFAULT);
+ False);
pdb_set_homedir(sam_account,
talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_home(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- PDB_DEFAULT);
+ False);
pdb_set_dir_drive(sam_account,
talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_drive(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- PDB_DEFAULT);
+ False);
pdb_set_logon_script(sam_account,
talloc_sub_specified((sam_account)->mem_ctx,
lp_logon_script(),
pwd->pw_name, global_myname,
pwd->pw_uid, pwd->pw_gid),
- PDB_DEFAULT);
- if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) {
+ False);
+ if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) {
DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name));
return NT_STATUS_UNSUCCESSFUL;
}
} else {
- if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST, PDB_DEFAULT)) {
+ if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) {
DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name));
return NT_STATUS_UNSUCCESSFUL;
}
pdb_free_sam(&sam_account);
- if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) {
+ if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) {
if (map.gid!=-1) {
DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
} else {
*/
/* check if it's a mapped group */
- if (pdb_getgrnam(&map, user, MAPPING_WITHOUT_PRIV)) {
+ if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) {
/* yes it's a mapped group */
sid_copy(&local_sid, &map.sid);
*psid_name_use = map.sid_name_use;
* JFM, 30/11/2001
*/
- if (pdb_getgrgid(&map, grp->gr_gid, MAPPING_WITHOUT_PRIV)){
+ if (get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){
return False;
}
if (pdb_getsampwsid(sam_user, psid)) {
- if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) {
+ if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) {
pdb_free_sam(&sam_user);
return False;
}
pdb_free_sam(&sam_user);
- if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
+ if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid)));
/* It's a group, not a user... */
return False;
sid_copy(psid, get_global_sam_sid());
- if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+ if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_copy(psid, &map.sid);
}
else {
* Or in the Builtin SID too. JFM, 11/30/2001
*/
- if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
+ if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
/* the SID is in the mapping table but not mapped */
if (map.gid==-1)
return False;
}
- if (!pdb_set_username(sam_pass, user_name, PDB_CHANGED)) {
+ if (!pdb_set_username(sam_pass, user_name)) {
slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
/* the 'other' acb bits not being changed here */
other_acb = (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL)));
if (local_flags & LOCAL_TRUST_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) {
slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else {
- if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) {
slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
*/
if (local_flags & LOCAL_DISABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) {
slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
} else if (local_flags & LOCAL_ENABLE_USER) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
if (local_flags & LOCAL_SET_NO_PASSWORD) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) {
slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
* don't create them disabled). JRA.
*/
if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) {
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) {
slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
}
}
- if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) {
+ if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) {
slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name);
pdb_free_sam(&sam_pass);
return False;
return (0);
}
-BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid, enum pdb_value_state flag)
+BOOL pdb_set_user_sid_from_rid (SAM_ACCOUNT *sampass, uint32 rid)
{
DOM_SID u_sid;
const DOM_SID *global_sam_sid;
if (!sid_append_rid(&u_sid, rid))
return False;
- if (!pdb_set_user_sid(sampass, &u_sid, flag))
+ if (!pdb_set_user_sid(sampass, &u_sid))
return False;
DEBUG(10, ("pdb_set_user_sid_from_rid:\n\tsetting user sid %s from rid %d\n",
return True;
}
-BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid, enum pdb_value_state flag)
+BOOL pdb_set_group_sid_from_rid (SAM_ACCOUNT *sampass, uint32 grid)
{
DOM_SID g_sid;
const DOM_SID *global_sam_sid;
if (!sid_append_rid(&g_sid, grid))
return False;
- if (!pdb_set_group_sid(sampass, &g_sid, flag))
+ if (!pdb_set_group_sid(sampass, &g_sid))
return False;
DEBUG(10, ("pdb_set_group_sid_from_rid:\n\tsetting group sid %s from rid %d\n",
#define PDB_NOT_QUITE_NULL ""
/*********************************************************************
- Collection of get...() functions for SAM_ACCOUNT.
+ Collection of get...() functions for SAM_ACCOUNT_INFO.
********************************************************************/
uint16 pdb_get_acct_ctrl (const SAM_ACCOUNT *sampass)
* @return the flags indicating the members initialised in the struct.
**/
-enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_elements element)
+uint32 pdb_get_init_flag (const SAM_ACCOUNT *sampass)
{
- enum pdb_value_state ret = PDB_DEFAULT;
-
- if (!sampass || !sampass->private.change_flags || !sampass->private.set_flags)
- return ret;
-
- if (bitmap_query(sampass->private.set_flags, element)) {
- DEBUG(10, ("element %d: SET\n", element));
- ret = PDB_SET;
- }
-
- if (bitmap_query(sampass->private.change_flags, element)) {
- DEBUG(10, ("element %d: CHANGED\n", element));
- ret = PDB_CHANGED;
- }
-
- if (ret == PDB_DEFAULT) {
- DEBUG(10, ("element %d: DEFAULT\n", element));
- }
-
- return ret;
+ if (sampass)
+ return sampass->private.init_flag;
+ else
+ return FLAG_SAM_UNINIT;
}
uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
return (NULL);
}
-uint32 pdb_get_unknown_3 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown3 (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->private.unknown_3);
return (-1);
}
-uint32 pdb_get_unknown_5 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown5 (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->private.unknown_5);
return (-1);
}
-uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass)
+uint32 pdb_get_unknown6 (const SAM_ACCOUNT *sampass)
{
if (sampass)
return (sampass->private.unknown_6);
}
/*********************************************************************
- Collection of set...() functions for SAM_ACCOUNT.
+ Collection of set...() functions for SAM_ACCOUNT_INFO.
********************************************************************/
-BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 acct_ctrl, enum pdb_value_state flag)
+BOOL pdb_set_acct_ctrl (SAM_ACCOUNT *sampass, uint16 flags)
{
if (!sampass)
return False;
- sampass->private.acct_ctrl = acct_ctrl;
-
- return pdb_set_init_flags(sampass, PDB_ACCTCTRL, flag);
+ if (sampass) {
+ sampass->private.acct_ctrl = flags;
+ return True;
+ }
+
+ return False;
}
-BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
+BOOL pdb_set_logon_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
{
if (!sampass)
return False;
sampass->private.logon_time = mytime;
- return pdb_set_init_flags(sampass, PDB_LOGONTIME, flag);
+ if (store)
+ pdb_set_init_flag(sampass, FLAG_SAM_LOGONTIME);
+
+ return True;
}
-BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
+BOOL pdb_set_logoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
{
if (!sampass)
return False;
sampass->private.logoff_time = mytime;
- return pdb_set_init_flags(sampass, PDB_LOGOFFTIME, flag);
+ if (store)
+ pdb_set_init_flag(sampass, FLAG_SAM_LOGOFFTIME);
+
+ return True;
}
-BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
+BOOL pdb_set_kickoff_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
{
if (!sampass)
return False;
sampass->private.kickoff_time = mytime;
- return pdb_set_init_flags(sampass, PDB_KICKOFFTIME, flag);
+ if (store)
+ pdb_set_init_flag(sampass, FLAG_SAM_KICKOFFTIME);
+
+ return True;
}
-BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
+BOOL pdb_set_pass_can_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
{
if (!sampass)
return False;
sampass->private.pass_can_change_time = mytime;
- return pdb_set_init_flags(sampass, PDB_CANCHANGETIME, flag);
+ if (store)
+ pdb_set_init_flag(sampass, FLAG_SAM_CANCHANGETIME);
+
+ return True;
}
-BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
+BOOL pdb_set_pass_must_change_time (SAM_ACCOUNT *sampass, time_t mytime, BOOL store)
{
if (!sampass)
return False;
sampass->private.pass_must_change_time = mytime;
- return pdb_set_init_flags(sampass, PDB_MUSTCHANGETIME, flag);
+ if (store)
+ pdb_set_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME);
+
+ return True;
}
-BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime, enum pdb_value_state flag)
+BOOL pdb_set_pass_last_set_time (SAM_ACCOUNT *sampass, time_t mytime)
{
if (!sampass)
return False;
sampass->private.pass_last_set_time = mytime;
- return pdb_set_init_flags(sampass, PDB_PASSLASTSET, flag);
+ return True;
}
-BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len, enum pdb_value_state flag)
+BOOL pdb_set_hours_len (SAM_ACCOUNT *sampass, uint32 len)
{
if (!sampass)
return False;
sampass->private.hours_len = len;
-
- return pdb_set_init_flags(sampass, PDB_HOURSLEN, flag);
+ return True;
}
-BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours, enum pdb_value_state flag)
+BOOL pdb_set_logon_divs (SAM_ACCOUNT *sampass, uint16 hours)
{
if (!sampass)
return False;
sampass->private.logon_divs = hours;
-
- return pdb_set_init_flags(sampass, PDB_LOGONDIVS, flag);
+ return True;
}
/**
* this flag is only added.
**/
-BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum pdb_value_state value_flag)
+BOOL pdb_set_init_flag (SAM_ACCOUNT *sampass, uint32 flag)
{
- if (!sampass || !sampass->mem_ctx)
+ if (!sampass)
return False;
- if (!sampass->private.set_flags) {
- if ((sampass->private.set_flags =
- bitmap_talloc(sampass->mem_ctx,
- PDB_COUNT))==NULL) {
- DEBUG(0,("bitmap_talloc failed\n"));
- return False;
- }
- }
- if (!sampass->private.change_flags) {
- if ((sampass->private.change_flags =
- bitmap_talloc(sampass->mem_ctx,
- PDB_COUNT))==NULL) {
- DEBUG(0,("bitmap_talloc failed\n"));
- return False;
- }
- }
-
- switch(value_flag) {
- case PDB_CHANGED:
- if (!bitmap_set(sampass->private.change_flags, element)) {
- DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
- return False;
- }
- if (!bitmap_set(sampass->private.set_flags, element)) {
- DEBUG(0,("Can't set flag: %d in set_falgs.\n",element));
- return False;
- }
- DEBUG(10, ("element %d -> now CHANGED\n", element));
- break;
- case PDB_SET:
- if (!bitmap_clear(sampass->private.change_flags, element)) {
- DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
- return False;
- }
- if (!bitmap_set(sampass->private.set_flags, element)) {
- DEBUG(0,("Can't set flag: %d in set_falgs.\n",element));
- return False;
- }
- DEBUG(10, ("element %d -> now SET\n", element));
- break;
- case PDB_DEFAULT:
- default:
- if (!bitmap_clear(sampass->private.change_flags, element)) {
- DEBUG(0,("Can't set flag: %d in change_flags.\n",element));
- return False;
- }
- if (!bitmap_clear(sampass->private.set_flags, element)) {
- DEBUG(0,("Can't set flag: %d in set_falgs.\n",element));
- return False;
- }
- DEBUG(10, ("element %d -> now DEFAULT\n", element));
- break;
- }
+ sampass->private.init_flag |= flag;
return True;
}
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag)
-{
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid)
+{
if (!sampass)
return False;
(int)uid, (int)sampass->private.uid));
sampass->private.uid = uid;
-
- return pdb_set_init_flags(sampass, PDB_UID, flag);
+ pdb_set_init_flag(sampass, FLAG_SAM_UID);
+
+ return True;
+
}
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag)
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid)
{
if (!sampass)
return False;
(int)gid, (int)sampass->private.gid));
sampass->private.gid = gid;
+ pdb_set_init_flag(sampass, FLAG_SAM_GID);
+
+ return True;
- return pdb_set_init_flags(sampass, PDB_GID, flag);
}
-BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag)
+BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid)
{
if (!sampass || !u_sid)
return False;
DEBUG(10, ("pdb_set_user_sid: setting user sid %s\n",
sid_string_static(&sampass->private.user_sid)));
-
- return pdb_set_init_flags(sampass, PDB_USERSID, flag);
+
+ return True;
}
-BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid, enum pdb_value_state flag)
+BOOL pdb_set_user_sid_from_string (SAM_ACCOUNT *sampass, fstring u_sid)
{
DOM_SID new_sid;
-
if (!sampass || !u_sid)
return False;
return False;
}
- if (!pdb_set_user_sid(sampass, &new_sid, flag)) {
+ if (!pdb_set_user_sid(sampass, &new_sid)) {
DEBUG(1, ("pdb_set_user_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", u_sid));
return False;
}
return True;
}
-BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid, enum pdb_value_state flag)
+BOOL pdb_set_group_sid (SAM_ACCOUNT *sampass, DOM_SID *g_sid)
{
if (!sampass || !g_sid)
return False;
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
sid_string_static(&sampass->private.group_sid)));
- return pdb_set_init_flags(sampass, PDB_GROUPSID, flag);
+ return True;
}
-BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid, enum pdb_value_state flag)
+BOOL pdb_set_group_sid_from_string (SAM_ACCOUNT *sampass, fstring g_sid)
{
DOM_SID new_sid;
if (!sampass || !g_sid)
return False;
}
- if (!pdb_set_group_sid(sampass, &new_sid, flag)) {
+ if (!pdb_set_group_sid(sampass, &new_sid)) {
DEBUG(1, ("pdb_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT!\n", g_sid));
return False;
}
Set the user's UNIX name.
********************************************************************/
-BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username, enum pdb_value_state flag)
-{
+BOOL pdb_set_username(SAM_ACCOUNT *sampass, const char *username)
+{
if (!sampass)
return False;
} else {
sampass->private.username = PDB_NOT_QUITE_NULL;
}
-
- return pdb_set_init_flags(sampass, PDB_USERNAME, flag);
+
+ return True;
}
/*********************************************************************
Set the domain name.
********************************************************************/
-BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain, enum pdb_value_state flag)
-{
+BOOL pdb_set_domain(SAM_ACCOUNT *sampass, const char *domain)
+{
if (!sampass)
return False;
sampass->private.domain = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_DOMAIN, flag);
+ return True;
}
/*********************************************************************
Set the user's NT name.
********************************************************************/
-BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username, enum pdb_value_state flag)
+BOOL pdb_set_nt_username(SAM_ACCOUNT *sampass, const char *nt_username)
{
if (!sampass)
return False;
sampass->private.nt_username = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_NTUSERNAME, flag);
+ return True;
}
/*********************************************************************
Set the user's full name.
********************************************************************/
-BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name, enum pdb_value_state flag)
+BOOL pdb_set_fullname(SAM_ACCOUNT *sampass, const char *full_name)
{
if (!sampass)
return False;
sampass->private.full_name = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_FULLNAME, flag);
+ return True;
}
/*********************************************************************
Set the user's logon script.
********************************************************************/
-BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, enum pdb_value_state flag)
+BOOL pdb_set_logon_script(SAM_ACCOUNT *sampass, const char *logon_script, BOOL store)
{
if (!sampass)
return False;
sampass->private.logon_script = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_LOGONSCRIPT, flag);
+ if (store) {
+ DEBUG(10, ("pdb_set_logon_script: setting logon script sam flag!\n"));
+ pdb_set_init_flag(sampass, FLAG_SAM_LOGONSCRIPT);
+ }
+
+ return True;
}
/*********************************************************************
Set the user's profile path.
********************************************************************/
-BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, enum pdb_value_state flag)
+BOOL pdb_set_profile_path (SAM_ACCOUNT *sampass, const char *profile_path, BOOL store)
{
if (!sampass)
return False;
sampass->private.profile_path = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_PROFILE, flag);
+ if (store) {
+ DEBUG(10, ("pdb_set_profile_path: setting profile path sam flag!\n"));
+ pdb_set_init_flag(sampass, FLAG_SAM_PROFILE);
+ }
+
+ return True;
}
/*********************************************************************
Set the user's directory drive.
********************************************************************/
-BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, enum pdb_value_state flag)
+BOOL pdb_set_dir_drive (SAM_ACCOUNT *sampass, const char *dir_drive, BOOL store)
{
if (!sampass)
return False;
sampass->private.dir_drive = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_DRIVE, flag);
+ if (store) {
+ DEBUG(10, ("pdb_set_dir_drive: setting dir drive sam flag!\n"));
+ pdb_set_init_flag(sampass, FLAG_SAM_DRIVE);
+ }
+
+ return True;
}
/*********************************************************************
Set the user's home directory.
********************************************************************/
-BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, enum pdb_value_state flag)
+BOOL pdb_set_homedir (SAM_ACCOUNT *sampass, const char *home_dir, BOOL store)
{
if (!sampass)
return False;
sampass->private.home_dir = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_SMBHOME, flag);
+ if (store) {
+ DEBUG(10, ("pdb_set_homedir: setting home dir sam flag!\n"));
+ pdb_set_init_flag(sampass, FLAG_SAM_SMBHOME);
+ }
+
+ return True;
}
/*********************************************************************
Set the user's unix home directory.
********************************************************************/
-BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir, enum pdb_value_state flag)
+BOOL pdb_set_unix_homedir (SAM_ACCOUNT *sampass, const char *unix_home_dir)
{
if (!sampass)
return False;
sampass->private.unix_home_dir = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_UNIXHOMEDIR, flag);
+ return True;
}
/*********************************************************************
Set the user's account description.
********************************************************************/
-BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc, enum pdb_value_state flag)
+BOOL pdb_set_acct_desc (SAM_ACCOUNT *sampass, const char *acct_desc)
{
if (!sampass)
return False;
sampass->private.acct_desc = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_ACCTDESC, flag);
+ return True;
}
/*********************************************************************
Set the user's workstation allowed list.
********************************************************************/
-BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations, enum pdb_value_state flag)
+BOOL pdb_set_workstations (SAM_ACCOUNT *sampass, const char *workstations)
{
if (!sampass)
return False;
sampass->private.workstations = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_WORKSTATIONS, flag);
+ return True;
}
/*********************************************************************
Set the user's 'unknown_str', whatever the heck this actually is...
********************************************************************/
-BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str, enum pdb_value_state flag)
+BOOL pdb_set_unknown_str (SAM_ACCOUNT *sampass, const char *unknown_str)
{
if (!sampass)
return False;
sampass->private.unknown_str = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_UNKNOWNSTR, flag);
+ return True;
}
/*********************************************************************
Set the user's dial string.
********************************************************************/
-BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial, enum pdb_value_state flag)
+BOOL pdb_set_munged_dial (SAM_ACCOUNT *sampass, const char *munged_dial)
{
if (!sampass)
return False;
sampass->private.munged_dial = PDB_NOT_QUITE_NULL;
}
- return pdb_set_init_flags(sampass, PDB_MUNGEDDIAL, flag);
+ return True;
}
/*********************************************************************
Set the user's NT hash.
********************************************************************/
-BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[NT_HASH_LEN], enum pdb_value_state flag)
+BOOL pdb_set_nt_passwd (SAM_ACCOUNT *sampass, const uint8 *pwd)
{
if (!sampass)
return False;
sampass->private.nt_pw = data_blob(pwd, NT_HASH_LEN);
- return pdb_set_init_flags(sampass, PDB_NTPASSWD, flag);
+ return True;
}
/*********************************************************************
Set the user's LM hash.
********************************************************************/
-BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[LM_HASH_LEN], enum pdb_value_state flag)
+BOOL pdb_set_lanman_passwd (SAM_ACCOUNT *sampass, const uint8 pwd[16])
{
if (!sampass)
return False;
sampass->private.lm_pw = data_blob(pwd, LM_HASH_LEN);
- return pdb_set_init_flags(sampass, PDB_LMPASSWD, flag);
+ return True;
}
/*********************************************************************
below)
********************************************************************/
-BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum pdb_value_state flag)
+BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password)
{
if (!sampass)
return False;
sampass->private.plaintext_pw = NULL;
}
- return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
+ return True;
}
-BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
+BOOL pdb_set_unknown_3 (SAM_ACCOUNT *sampass, uint32 unkn)
{
if (!sampass)
return False;
sampass->private.unknown_3 = unkn;
-
- return pdb_set_init_flags(sampass, PDB_UNKNOWN3, flag);
+ return True;
}
-BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
+BOOL pdb_set_unknown_5 (SAM_ACCOUNT *sampass, uint32 unkn)
{
if (!sampass)
return False;
sampass->private.unknown_5 = unkn;
-
- return pdb_set_init_flags(sampass, PDB_UNKNOWN5, flag);
+ return True;
}
-BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn, enum pdb_value_state flag)
+BOOL pdb_set_unknown_6 (SAM_ACCOUNT *sampass, uint32 unkn)
{
if (!sampass)
return False;
sampass->private.unknown_6 = unkn;
-
- return pdb_set_init_flags(sampass, PDB_UNKNOWN6, flag);
+ return True;
}
-BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours, enum pdb_value_state flag)
+BOOL pdb_set_hours (SAM_ACCOUNT *sampass, const uint8 *hours)
{
if (!sampass)
return False;
memcpy (sampass->private.hours, hours, MAX_HOURS_LEN);
- return pdb_set_init_flags(sampass, PDB_HOURS, flag);
+ return True;
}
if (!sampass)
return False;
- if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
+ if (!pdb_set_pass_last_set_time (sampass, time(NULL)))
return False;
if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
|| (expire==(uint32)-1)) {
- if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), PDB_CHANGED))
+ if (!pdb_set_pass_must_change_time (sampass, get_time_t_max(), False))
return False;
} else {
if (!pdb_set_pass_must_change_time (sampass,
pdb_get_pass_last_set_time(sampass)
- + expire, PDB_CHANGED))
+ + expire, True))
return False;
}
nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
- if (!pdb_set_nt_passwd (sampass, new_nt_p16, PDB_CHANGED))
+ if (!pdb_set_nt_passwd (sampass, new_nt_p16))
return False;
- if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
+ if (!pdb_set_lanman_passwd (sampass, new_lanman_p16))
return False;
- if (!pdb_set_plaintext_pw_only (sampass, plaintext, PDB_CHANGED))
+ if (!pdb_set_plaintext_pw_only (sampass, plaintext))
return False;
if (!pdb_set_pass_changed_now (sampass))
return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
}
-static NTSTATUS context_getgrsid(struct pdb_context *context,
- GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- struct pdb_methods *curmethods;
- if ((!context)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
- curmethods = context->pdb_methods;
- while (curmethods){
- ret = curmethods->getgrsid(curmethods, map, sid, with_priv);
- if (NT_STATUS_IS_OK(ret)) {
- map->methods = curmethods;
- return ret;
- }
- curmethods = curmethods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_getgrgid(struct pdb_context *context,
- GROUP_MAP *map, gid_t gid, BOOL with_priv)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- struct pdb_methods *curmethods;
- if ((!context)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
- curmethods = context->pdb_methods;
- while (curmethods){
- ret = curmethods->getgrgid(curmethods, map, gid, with_priv);
- if (NT_STATUS_IS_OK(ret)) {
- map->methods = curmethods;
- return ret;
- }
- curmethods = curmethods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_getgrnam(struct pdb_context *context,
- GROUP_MAP *map, char *name, BOOL with_priv)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- struct pdb_methods *curmethods;
- if ((!context)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
- curmethods = context->pdb_methods;
- while (curmethods){
- ret = curmethods->getgrnam(curmethods, map, name, with_priv);
- if (NT_STATUS_IS_OK(ret)) {
- map->methods = curmethods;
- return ret;
- }
- curmethods = curmethods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
- GROUP_MAP *map)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
- map);
-}
-
-static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
- GROUP_MAP *map)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->
- pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
-}
-
-static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
- DOM_SID sid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->
- pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
-}
-
-static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->enum_group_mapping(context->pdb_methods,
- sid_name_use, rmap,
- num_entries, unix_only,
- with_priv);
-}
-
/******************************************************************
Free and cleanup a pdb context, any associated data and anything
that the attached modules might have associated.
(*context)->pdb_add_sam_account = context_add_sam_account;
(*context)->pdb_update_sam_account = context_update_sam_account;
(*context)->pdb_delete_sam_account = context_delete_sam_account;
- (*context)->pdb_getgrsid = context_getgrsid;
- (*context)->pdb_getgrgid = context_getgrgid;
- (*context)->pdb_getgrnam = context_getgrnam;
- (*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
- (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
- (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
- (*context)->pdb_enum_group_mapping = context_enum_group_mapping;
(*context)->free_fn = free_pdb_context;
return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
}
-BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_getgrsid(pdb_context, map, sid, with_priv));
-}
-
-BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid, BOOL with_priv)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_getgrgid(pdb_context, map, gid, with_priv));
-}
-
-BOOL pdb_getgrnam(GROUP_MAP *map, char *name, BOOL with_priv)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_getgrnam(pdb_context, map, name, with_priv));
-}
-
-BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_add_group_mapping_entry(pdb_context, map));
-}
-
-BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_update_group_mapping_entry(pdb_context, map));
-}
-
-BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_delete_group_mapping_entry(pdb_context, sid));
-}
-
-BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
- int *num_entries, BOOL unix_only, BOOL with_priv)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_enum_group_mapping(pdb_context, sid_name_use,
- rmap, num_entries, unix_only,
- with_priv));
-}
-
#endif /* !defined(WITH_NISPLUS_SAM) */
/***************************************************************
LDAPMessage *entry;
int index;
- time_t last_ping;
/* retrive-once info */
const char *uri;
char *bind_secret;
};
-#define LDAPSAM_DONT_PING_TIME 10 /* ping only all 10 seconds */
static struct ldapsam_privates *static_ldap_state;
"userWorkstations", "rid",
"primaryGroupID", "lmPassword",
"ntPassword", "acctFlags",
- "domain", NULL };
+ "domain", "description", NULL };
/*******************************************************************
open a connection to the ldap server.
int version;
-#ifndef NO_LDAP_SECURITY
if (geteuid() != 0) {
DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root..\n"));
return False;
}
-#endif
#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
DEBUG(10, ("ldapsam_open_connection: %s\n", ldap_state->uri));
return True;
}
-/**********************************************************************
-Connect to LDAP server
-*********************************************************************/
-static NTSTATUS ldapsam_open(struct ldapsam_privates *ldap_state)
-{
- if (!ldap_state)
- return NT_STATUS_INVALID_PARAMETER;
-
- if ((ldap_state->ldap_struct != NULL) && ((ldap_state->last_ping + LDAPSAM_DONT_PING_TIME) < time(NULL))) {
- struct sockaddr_un addr;
- socklen_t len;
- int sd;
- if (ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_DESC, &sd) == 0 &&
- getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
- /* the other end has died. reopen. */
- ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
- ldap_state->ldap_struct = NULL;
- ldap_state->last_ping = (time_t)0;
- } else {
- ldap_state->last_ping = time(NULL);
- }
- }
-
- if (ldap_state->ldap_struct != NULL) {
- DEBUG(5,("ldapsam_open: allready connected to the LDAP server\n"));
- return NT_STATUS_OK;
- }
-
- if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) {
- ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
- ldap_state->ldap_struct = NULL;
- return NT_STATUS_UNSUCCESSFUL;
- }
-
-
- ldap_state->last_ping = time(NULL);
- DEBUG(4,("The LDAP server is succesful connected\n"));
-
- return NT_STATUS_OK;
-}
-
-/**********************************************************************
-Disconnect from LDAP server
-*********************************************************************/
-static NTSTATUS ldapsam_close(struct ldapsam_privates *ldap_state)
-{
- if (!ldap_state)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (ldap_state->ldap_struct != NULL) {
- ldap_unbind_ext(ldap_state->ldap_struct, NULL, NULL);
- ldap_state->ldap_struct = NULL;
- }
-
- DEBUG(5,("The connection to the LDAP server was closed\n"));
- /* maybe free the results here --metze */
-
- return NT_STATUS_OK;
-}
-
-static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts)
-{
- if (!ldap_state || !attempts)
- return (-1);
-
- if (*attempts != 0) {
- /* we retry after 0.5, 2, 4.5, 8, 12.5, 18, 24.5 seconds */
- msleep((((*attempts)*(*attempts))/2)*1000);
- }
- (*attempts)++;
-
- if (!NT_STATUS_IS_OK(ldapsam_open(ldap_state))){
- DEBUG(0,("Connection to LDAP Server failed for the %d try!\n",*attempts));
- return LDAP_SERVER_DOWN;
- }
-
- return LDAP_SUCCESS;
-}
-
-
-static int ldapsam_search(struct ldapsam_privates *ldap_state, char *base, int scope, char *filter, char *attrs[], int attrsonly, LDAPMessage **res)
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_search_s(ldap_state->ldap_struct, base, scope, filter, attrs, attrsonly, res);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
- ldapsam_close(ldap_state);
- }
-
- return rc;
-}
-
-static int ldapsam_modify(struct ldapsam_privates *ldap_state, char *dn, LDAPMod *attrs[])
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_modify_s(ldap_state->ldap_struct, dn, attrs);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
- ldapsam_close(ldap_state);
- }
-
- return rc;
-}
-
-static int ldapsam_add(struct ldapsam_privates *ldap_state, const char *dn, LDAPMod *attrs[])
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_add_s(ldap_state->ldap_struct, dn, attrs);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
- ldapsam_close(ldap_state);
- }
-
- return rc;
-}
-
-static int ldapsam_delete(struct ldapsam_privates *ldap_state, char *dn)
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_delete_s(ldap_state->ldap_struct, dn);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
- ldapsam_close(ldap_state);
- }
-
- return rc;
-}
-
-static int ldapsam_extended_operation(struct ldapsam_privates *ldap_state, LDAP_CONST char *reqoid, struct berval *reqdata, LDAPControl **serverctrls, LDAPControl **clientctrls, char **retoidp, struct berval **retdatap)
-{
- int rc = LDAP_SERVER_DOWN;
- int attempts = 0;
-
- if (!ldap_state)
- return (-1);
-
- while ((rc == LDAP_SERVER_DOWN) && (attempts < 8)) {
-
- if ((rc = ldapsam_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
- continue;
-
- rc = ldap_extended_operation_s(ldap_state->ldap_struct, reqoid, reqdata, serverctrls, clientctrls, retoidp, retdatap);
- }
-
- if (rc == LDAP_SERVER_DOWN) {
- DEBUG(0,("%s: LDAP server is down!\n",__FUNCTION__));
- ldapsam_close(ldap_state);
- }
-
- return rc;
-}
-
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, const char *filter, LDAPMessage ** result)
+static int ldapsam_search_one_user (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *filter, LDAPMessage ** result)
{
int scope = LDAP_SCOPE_SUBTREE;
int rc;
DEBUG(2, ("ldapsam_search_one_user: searching for:[%s]\n", filter));
- rc = ldapsam_search(ldap_state, lp_ldap_suffix (), scope, (char *)filter, (char **)attr, 0, result);
+ rc = ldap_search_s(ldap_struct, lp_ldap_suffix (), scope, filter, (char **)attr, 0, result);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_search_one_user: Problem during the LDAP search: %s\n",
/*******************************************************************
run the search by name.
******************************************************************/
-static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, const char *user,
+static int ldapsam_search_one_user_by_name (struct ldapsam_privates *ldap_state, LDAP * ldap_struct, const char *user,
LDAPMessage ** result)
{
pstring filter;
*/
all_string_sub(filter, "%u", user, sizeof(pstring));
- return ldapsam_search_one_user(ldap_state, filter, result);
+ return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
}
/*******************************************************************
run the search by uid.
******************************************************************/
static int ldapsam_search_one_user_by_uid(struct ldapsam_privates *ldap_state,
- int uid,
+ LDAP * ldap_struct, int uid,
LDAPMessage ** result)
{
struct passwd *user;
passwd_free(&user);
- return ldapsam_search_one_user(ldap_state, filter, result);
+ return ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
}
/*******************************************************************
run the search by rid.
******************************************************************/
static int ldapsam_search_one_user_by_rid (struct ldapsam_privates *ldap_state,
- uint32 rid,
+ LDAP * ldap_struct, uint32 rid,
LDAPMessage ** result)
{
pstring filter;
/* check if the user rid exsists, if not, try searching on the uid */
snprintf(filter, sizeof(filter) - 1, "rid=%i", rid);
- rc = ldapsam_search_one_user(ldap_state, filter, result);
+ rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, result);
if (rc != LDAP_SUCCESS)
- rc = ldapsam_search_one_user_by_uid(ldap_state,
+ rc = ldapsam_search_one_user_by_uid(ldap_state, ldap_struct,
fallback_pdb_user_rid_to_uid(rid),
result);
*********************************************************************/
static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
SAM_ACCOUNT * sampass,
- LDAPMessage * entry)
+ LDAP * ldap_struct, LDAPMessage * entry)
{
time_t logon_time,
logoff_time,
struct passwd *pw;
uint32 user_rid,
group_rid;
- uint8 smblmpwd[LM_HASH_LEN],
- smbntpwd[NT_HASH_LEN];
+ uint8 smblmpwd[16],
+ smbntpwd[16];
uint16 acct_ctrl,
logon_divs;
uint32 hours_len;
workstations[0] = '\0';
- if (sampass == NULL || ldap_state == NULL || entry == NULL) {
+ if (sampass == NULL || ldap_struct == NULL || entry == NULL) {
DEBUG(0, ("init_sam_from_ldap: NULL parameters found!\n"));
return False;
}
- if (ldap_state->ldap_struct == NULL) {
- DEBUG(0, ("init_sam_from_ldap: ldap_state->ldap_struct is NULL!\n"));
- return False;
- }
-
- get_single_attribute(ldap_state->ldap_struct, entry, "uid", username);
+ get_single_attribute(ldap_struct, entry, "uid", username);
DEBUG(2, ("Entry found for user: %s\n", username));
pstrcpy(nt_username, username);
pstrcpy(domain, lp_workgroup());
-
- pdb_set_username(sampass, username, PDB_SET);
- pdb_set_domain(sampass, domain, PDB_DEFAULT);
- pdb_set_nt_username(sampass, nt_username, PDB_SET);
-
- get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp);
+ get_single_attribute(ldap_struct, entry, "rid", temp);
user_rid = (uint32)atol(temp);
- pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
+ pdb_set_user_sid_from_rid(sampass, user_rid);
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) {
+ if (!get_single_attribute(ldap_struct, entry, "primaryGroupID", temp)) {
group_rid = 0;
} else {
group_rid = (uint32)atol(temp);
- pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
+ pdb_set_group_sid_from_rid(sampass, group_rid);
}
if ((ldap_state->permit_non_unix_accounts)
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
+ pdb_set_unix_homedir(sampass, pw->pw_dir);
passwd_free(&pw);
- pdb_set_uid(sampass, uid, PDB_SET);
- pdb_set_gid(sampass, gid, PDB_SET);
+ pdb_set_uid(sampass, uid);
+ pdb_set_gid(sampass, gid);
if (group_rid == 0) {
GROUP_MAP map;
/* call the mapping code here */
- if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
- pdb_set_group_sid(sampass, &map.sid, PDB_SET);
+ if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
+ pdb_set_group_sid(sampass, &map.sid);
}
else {
- pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
+ pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid));
}
}
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdLastSet", temp)) {
+ if (!get_single_attribute(ldap_struct, entry, "pwdLastSet", temp)) {
/* leave as default */
} else {
pass_last_set_time = (time_t) atol(temp);
- pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
+ pdb_set_pass_last_set_time(sampass, pass_last_set_time);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "logonTime", temp)) {
+ if (!get_single_attribute(ldap_struct, entry, "logonTime", temp)) {
/* leave as default */
} else {
logon_time = (time_t) atol(temp);
- pdb_set_logon_time(sampass, logon_time, PDB_SET);
+ pdb_set_logon_time(sampass, logon_time, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "logoffTime", temp)) {
+ if (!get_single_attribute(ldap_struct, entry, "logoffTime", temp)) {
/* leave as default */
} else {
logoff_time = (time_t) atol(temp);
- pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
+ pdb_set_logoff_time(sampass, logoff_time, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "kickoffTime", temp)) {
+ if (!get_single_attribute(ldap_struct, entry, "kickoffTime", temp)) {
/* leave as default */
} else {
kickoff_time = (time_t) atol(temp);
- pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
+ pdb_set_kickoff_time(sampass, kickoff_time, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdCanChange", temp)) {
+ if (!get_single_attribute(ldap_struct, entry, "pwdCanChange", temp)) {
/* leave as default */
} else {
pass_can_change_time = (time_t) atol(temp);
- pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
+ pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "pwdMustChange", temp)) {
+ if (!get_single_attribute(ldap_struct, entry, "pwdMustChange", temp)) {
/* leave as default */
} else {
pass_must_change_time = (time_t) atol(temp);
- pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
+ pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
}
/* recommend that 'gecos' and 'displayName' should refer to the same
* that fits your needs; using cn then displayName rather than 'userFullName'
*/
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "cn", fullname)) {
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "displayName", fullname)) {
+ if (!get_single_attribute(ldap_struct, entry, "cn", fullname)) {
+ if (!get_single_attribute(ldap_struct, entry, "displayName", fullname)) {
/* leave as default */
} else {
- pdb_set_fullname(sampass, fullname, PDB_SET);
+ pdb_set_fullname(sampass, fullname);
}
} else {
- pdb_set_fullname(sampass, fullname, PDB_SET);
+ pdb_set_fullname(sampass, fullname);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDrive", dir_drive)) {
+ if (!get_single_attribute(ldap_struct, entry, "homeDrive", dir_drive)) {
pdb_set_dir_drive(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_drive(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
} else {
- pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
+ pdb_set_dir_drive(sampass, dir_drive, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "smbHome", homedir)) {
+ if (!get_single_attribute(ldap_struct, entry, "smbHome", homedir)) {
pdb_set_homedir(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_home(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
} else {
- pdb_set_homedir(sampass, homedir, PDB_SET);
+ pdb_set_homedir(sampass, homedir, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "scriptPath", logon_script)) {
+ if (!get_single_attribute(ldap_struct, entry, "scriptPath", logon_script)) {
pdb_set_logon_script(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_script(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
} else {
- pdb_set_logon_script(sampass, logon_script, PDB_SET);
+ pdb_set_logon_script(sampass, logon_script, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "profilePath", profile_path)) {
+ if (!get_single_attribute(ldap_struct, entry, "profilePath", profile_path)) {
pdb_set_profile_path(sampass, talloc_sub_specified(sampass->mem_ctx,
lp_logon_path(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
} else {
- pdb_set_profile_path(sampass, profile_path, PDB_SET);
+ pdb_set_profile_path(sampass, profile_path, True);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "description", acct_desc)) {
+ if (!get_single_attribute(ldap_struct, entry, "description", acct_desc)) {
/* leave as default */
} else {
- pdb_set_acct_desc(sampass, acct_desc, PDB_SET);
+ pdb_set_acct_desc(sampass, acct_desc);
}
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "userWorkstations", workstations)) {
+ if (!get_single_attribute(ldap_struct, entry, "userWorkstations", workstations)) {
/* leave as default */;
} else {
- pdb_set_workstations(sampass, workstations, PDB_SET);
+ pdb_set_workstations(sampass, workstations);
}
/* FIXME: hours stuff should be cleaner */
hours_len = 21;
memset(hours, 0xff, hours_len);
- if (!get_single_attribute (ldap_state->ldap_struct, entry, "lmPassword", temp)) {
+ if (!get_single_attribute (ldap_struct, entry, "lmPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smblmpwd);
memset((char *)temp, '\0', strlen(temp)+1);
- if (!pdb_set_lanman_passwd(sampass, smblmpwd, PDB_SET))
+ if (!pdb_set_lanman_passwd(sampass, smblmpwd))
return False;
ZERO_STRUCT(smblmpwd);
}
- if (!get_single_attribute (ldap_state->ldap_struct, entry, "ntPassword", temp)) {
+ if (!get_single_attribute (ldap_struct, entry, "ntPassword", temp)) {
/* leave as default */
} else {
pdb_gethexpwd(temp, smbntpwd);
memset((char *)temp, '\0', strlen(temp)+1);
- if (!pdb_set_nt_passwd(sampass, smbntpwd, PDB_SET))
+ if (!pdb_set_nt_passwd(sampass, smbntpwd))
return False;
ZERO_STRUCT(smbntpwd);
}
- if (!get_single_attribute (ldap_state->ldap_struct, entry, "acctFlags", temp)) {
+ if (!get_single_attribute (ldap_struct, entry, "acctFlags", temp)) {
acct_ctrl |= ACB_NORMAL;
} else {
acct_ctrl = pdb_decode_acct_ctrl(temp);
if (acct_ctrl == 0)
acct_ctrl |= ACB_NORMAL;
- pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
+ pdb_set_acct_ctrl(sampass, acct_ctrl);
}
- pdb_set_hours_len(sampass, hours_len, PDB_SET);
- pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
+ pdb_set_hours_len(sampass, hours_len);
+ pdb_set_logon_divs(sampass, logon_divs);
+
+ pdb_set_username(sampass, username);
- pdb_set_munged_dial(sampass, munged_dial, PDB_SET);
+ pdb_set_domain(sampass, domain);
+ pdb_set_nt_username(sampass, nt_username);
+
+ pdb_set_munged_dial(sampass, munged_dial);
- /* pdb_set_unknown_3(sampass, unknown3, PDB_SET); */
- /* pdb_set_unknown_5(sampass, unknown5, PDB_SET); */
- /* pdb_set_unknown_6(sampass, unknown6, PDB_SET); */
+ /* pdb_set_unknown_3(sampass, unknown3); */
+ /* pdb_set_unknown_5(sampass, unknown5); */
+ /* pdb_set_unknown_6(sampass, unknown6); */
- pdb_set_hours(sampass, hours, PDB_SET);
+ pdb_set_hours(sampass, hours);
return True;
}
-static BOOL need_ldap_mod(BOOL pdb_add, const SAM_ACCOUNT * sampass, enum pdb_elements element) {
- if (pdb_add) {
- return (!IS_SAM_DEFAULT(sampass, element));
- } else {
- return IS_SAM_CHANGED(sampass, element);
- }
-}
-
/**********************************************************************
Initialize SAM_ACCOUNT from an LDAP query
(Based on init_buffer_from_sam in pdb_tdb.c)
*********************************************************************/
static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
LDAPMod *** mods, int ldap_op,
- BOOL pdb_add,
const SAM_ACCOUNT * sampass)
{
pstring temp;
* took out adding "objectclass: sambaAccount"
* do this on a per-mod basis
*/
- if (need_ldap_mod(pdb_add, sampass, PDB_USERNAME)) {
- make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
- DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
- }
-
- if ((rid = pdb_get_user_rid(sampass))!=0 ) {
- if (need_ldap_mod(pdb_add, sampass, PDB_USERSID)) {
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "rid", temp);
- }
- } else if (!IS_SAM_DEFAULT(sampass, PDB_UID)) {
+
+ make_a_mod(mods, ldap_op, "uid", pdb_get_username(sampass));
+ DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
+
+ if ( pdb_get_user_rid(sampass) ) {
+ rid = pdb_get_user_rid(sampass);
+ } else if (IS_SAM_SET(sampass, FLAG_SAM_UID)) {
rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(sampass));
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "rid", temp);
} else if (ldap_state->permit_non_unix_accounts) {
rid = ldapsam_get_next_available_nua_rid(ldap_state);
if (rid == 0) {
DEBUG(0, ("NO user RID specified on account %s, and findining next available NUA RID failed, cannot store!\n", pdb_get_username(sampass)));
return False;
}
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "rid", temp);
} else {
DEBUG(0, ("NO user RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
return False;
}
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "rid", temp);
-
- if ((rid = pdb_get_group_rid(sampass))!=0 ) {
- if (need_ldap_mod(pdb_add, sampass, PDB_GROUPSID)) {
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "primaryGroupID", temp);
- }
- } else if (!IS_SAM_DEFAULT(sampass, PDB_GID)) {
+ if ( pdb_get_group_rid(sampass) ) {
+ rid = pdb_get_group_rid(sampass);
+ } else if (IS_SAM_SET(sampass, FLAG_SAM_GID)) {
rid = pdb_gid_to_group_rid(pdb_get_gid(sampass));
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "primaryGroupID", temp);
} else if (ldap_state->permit_non_unix_accounts) {
rid = DOMAIN_GROUP_RID_USERS;
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_a_mod(mods, ldap_op, "primaryGroupID", temp);
} else {
DEBUG(0, ("NO group RID specified on account %s, cannot store!\n", pdb_get_username(sampass)));
return False;
}
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_a_mod(mods, ldap_op, "primaryGroupID", temp);
/* displayName, cn, and gecos should all be the same
* most easily accomplished by giving them the same OID
* gecos isn't set here b/c it should be handled by the
* add-user script
*/
- if (need_ldap_mod(pdb_add, sampass, PDB_FULLNAME)) {
- make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
- make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
- }
- if (need_ldap_mod(pdb_add, sampass, PDB_ACCTDESC)) {
- make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
- }
- if (need_ldap_mod(pdb_add, sampass, PDB_WORKSTATIONS)) {
- make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
- }
+
+ make_a_mod(mods, ldap_op, "displayName", pdb_get_fullname(sampass));
+ make_a_mod(mods, ldap_op, "cn", pdb_get_fullname(sampass));
+ make_a_mod(mods, ldap_op, "description", pdb_get_acct_desc(sampass));
+ make_a_mod(mods, ldap_op, "userWorkstations", pdb_get_workstations(sampass));
+
/*
* Only updates fields which have been set (not defaults from smb.conf)
*/
- if (need_ldap_mod(pdb_add, sampass, PDB_SMBHOME)) {
+ if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME))
make_a_mod(mods, ldap_op, "smbHome", pdb_get_homedir(sampass));
- }
-
- if (need_ldap_mod(pdb_add, sampass, PDB_DRIVE)) {
+
+ if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE))
make_a_mod(mods, ldap_op, "homeDrive", pdb_get_dir_drive(sampass));
- }
- if (need_ldap_mod(pdb_add, sampass, PDB_LOGONSCRIPT)) {
+ if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT))
make_a_mod(mods, ldap_op, "scriptPath", pdb_get_logon_script(sampass));
- }
-
- if (need_ldap_mod(pdb_add, sampass, PDB_PROFILE))
+
+ if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE))
make_a_mod(mods, ldap_op, "profilePath", pdb_get_profile_path(sampass));
- if (need_ldap_mod(pdb_add, sampass, PDB_LOGONTIME)) {
+ if (IS_SAM_SET(sampass, FLAG_SAM_LOGONTIME)) {
slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
make_a_mod(mods, ldap_op, "logonTime", temp);
}
- if (need_ldap_mod(pdb_add, sampass, PDB_LOGOFFTIME)) {
+ if (IS_SAM_SET(sampass, FLAG_SAM_LOGOFFTIME)) {
slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
make_a_mod(mods, ldap_op, "logoffTime", temp);
}
- if (need_ldap_mod(pdb_add, sampass, PDB_KICKOFFTIME)) {
+ if (IS_SAM_SET(sampass, FLAG_SAM_KICKOFFTIME)) {
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_kickoff_time(sampass));
make_a_mod(mods, ldap_op, "kickoffTime", temp);
}
- if (need_ldap_mod(pdb_add, sampass, PDB_CANCHANGETIME)) {
+ if (IS_SAM_SET(sampass, FLAG_SAM_CANCHANGETIME)) {
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_can_change_time(sampass));
make_a_mod(mods, ldap_op, "pwdCanChange", temp);
}
- if (need_ldap_mod(pdb_add, sampass, PDB_MUSTCHANGETIME)) {
+ if (IS_SAM_SET(sampass, FLAG_SAM_MUSTCHANGETIME)) {
slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_must_change_time(sampass));
make_a_mod(mods, ldap_op, "pwdMustChange", temp);
}
if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))||
(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_ONLY)) {
- if (need_ldap_mod(pdb_add, sampass, PDB_LMPASSWD)) {
- pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
- make_a_mod (mods, ldap_op, "lmPassword", temp);
- }
-
- if (need_ldap_mod(pdb_add, sampass, PDB_NTPASSWD)) {
- pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
- make_a_mod (mods, ldap_op, "ntPassword", temp);
- }
-
- if (need_ldap_mod(pdb_add, sampass, PDB_PASSLASTSET)) {
- slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
- make_a_mod(mods, ldap_op, "pwdLastSet", temp);
- }
+ pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass), pdb_get_acct_ctrl(sampass));
+ make_a_mod (mods, ldap_op, "lmPassword", temp);
+
+ pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass), pdb_get_acct_ctrl(sampass));
+ make_a_mod (mods, ldap_op, "ntPassword", temp);
+
+ slprintf (temp, sizeof (temp) - 1, "%li", pdb_get_pass_last_set_time(sampass));
+ make_a_mod(mods, ldap_op, "pwdLastSet", temp);
+
}
/* FIXME: Hours stuff goes in LDAP */
- if (need_ldap_mod(pdb_add, sampass, PDB_ACCTCTRL)) {
- make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
- NEW_PW_FORMAT_SPACE_PADDED_LEN));
- }
-
+
+ make_a_mod (mods, ldap_op, "acctFlags", pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
+ NEW_PW_FORMAT_SPACE_PADDED_LEN));
+
return True;
}
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid)
+static uint32 check_nua_rid_is_avail(struct ldapsam_privates *ldap_state, uint32 top_rid, LDAP *ldap_struct)
{
LDAPMessage *result;
uint32 final_rid = (top_rid & (~USER_RID_TYPE)) + RID_MULTIPLIER;
return 0;
}
- if (ldapsam_search_one_user_by_rid(ldap_state, final_rid, &result) != LDAP_SUCCESS) {
+ if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, final_rid, &result) != LDAP_SUCCESS) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the confirmation search failed!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
+ if (ldap_count_entries(ldap_struct, result) != 0) {
DEBUG(0, ("Cannot allocate NUA RID %d (0x%x), as the RID is already in use!!\n", final_rid, final_rid));
ldap_msgfree(result);
return 0;
/**********************************************************************
Extract the RID from an LDAP entry
*********************************************************************/
-static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry) {
+static uint32 entry_to_user_rid(struct ldapsam_privates *ldap_state, LDAPMessage *entry, LDAP *ldap_struct) {
uint32 rid;
SAM_ACCOUNT *user = NULL;
if (!NT_STATUS_IS_OK(pdb_init_sam(&user))) {
return 0;
}
- if (init_sam_from_ldap(ldap_state, user, entry)) {
+ if (init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
rid = pdb_get_user_rid(user);
} else {
rid =0;
/**********************************************************************
Connect to LDAP server and find the next available RID.
*********************************************************************/
-static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state)
+static uint32 search_top_nua_rid(struct ldapsam_privates *ldap_state, LDAP *ldap_struct)
{
int rc;
pstring filter;
#endif
DEBUG(2, ("ldapsam_get_next_available_nua_rid: searching for:[%s]\n", final_filter));
- rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
+ rc = ldap_search_s(ldap_struct, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, final_filter, (char **)attr, 0,
&result);
return 0;
}
- count = ldap_count_entries(ldap_state->ldap_struct, result);
+ count = ldap_count_entries(ldap_struct, result);
DEBUG(2, ("search_top_nua_rid: %d entries in the base!\n", count));
if (count == 0) {
}
free(final_filter);
- entry = ldap_first_entry(ldap_state->ldap_struct,result);
+ entry = ldap_first_entry(ldap_struct,result);
- top_rid = entry_to_user_rid(ldap_state, entry);
+ top_rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
- while ((entry = ldap_next_entry(ldap_state->ldap_struct, entry))) {
+ while ((entry = ldap_next_entry(ldap_struct, entry))) {
- rid = entry_to_user_rid(ldap_state, entry);
+ rid = entry_to_user_rid(ldap_state, entry, ldap_struct);
if (rid > top_rid) {
top_rid = rid;
}
Connect to LDAP server and find the next available RID.
*********************************************************************/
static uint32 ldapsam_get_next_available_nua_rid(struct ldapsam_privates *ldap_state) {
+ LDAP *ldap_struct;
uint32 next_nua_rid;
uint32 top_nua_rid;
- top_nua_rid = search_top_nua_rid(ldap_state);
+ if (!ldapsam_open_connection(ldap_state, &ldap_struct)) {
+ return 0;
+ }
+ if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
+ ldap_unbind(ldap_struct);
+ return 0;
+ }
+
+ top_nua_rid = search_top_nua_rid(ldap_state, ldap_struct);
next_nua_rid = check_nua_rid_is_avail(ldap_state,
- top_nua_rid);
+ top_nua_rid, ldap_struct);
+ ldap_unbind(ldap_struct);
return next_nua_rid;
}
*********************************************************************/
static NTSTATUS ldapsam_setsampwent(struct pdb_methods *my_methods, BOOL update)
{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
+ if (!ldapsam_open_connection(ldap_state, &ldap_state->ldap_struct)) {
+ return ret;
+ }
+ if (!ldapsam_connect_system(ldap_state, ldap_state->ldap_struct)) {
+ ldap_unbind(ldap_state->ldap_struct);
+ return ret;
+ }
+
pstrcpy(filter, lp_ldap_filter());
all_string_sub(filter, "%u", "*", sizeof(pstring));
- rc = ldapsam_search(ldap_state, lp_ldap_suffix(),
+ rc = ldap_search_s(ldap_state->ldap_struct, lp_ldap_suffix(),
LDAP_SCOPE_SUBTREE, filter, (char **)attr, 0,
&ldap_state->result);
DEBUG(0, ("LDAP search failed: %s\n", ldap_err2string(rc)));
DEBUG(3, ("Query was: %s, %s\n", lp_ldap_suffix(), filter));
ldap_msgfree(ldap_state->result);
+ ldap_unbind(ldap_state->ldap_struct);
+ ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
DEBUG(2, ("ldapsam_setsampwent: %d entries in the base!\n",
static void ldapsam_endsampwent(struct pdb_methods *my_methods)
{
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- if (ldap_state->result) {
+ if (ldap_state->ldap_struct && ldap_state->result) {
ldap_msgfree(ldap_state->result);
+ ldap_unbind(ldap_state->ldap_struct);
+ ldap_state->ldap_struct = NULL;
ldap_state->result = NULL;
}
}
return ret;
ldap_state->index++;
- bret = init_sam_from_ldap(ldap_state, user, ldap_state->entry);
+ bret = init_sam_from_ldap(ldap_state, user, ldap_state->ldap_struct,
+ ldap_state->entry);
ldap_state->entry = ldap_next_entry(ldap_state->ldap_struct,
ldap_state->entry);
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
+ LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (ldapsam_search_one_user_by_name(ldap_state, sname, &result) != LDAP_SUCCESS) {
- return NT_STATUS_UNSUCCESSFUL;
+ if (!ldapsam_open_connection(ldap_state, &ldap_struct))
+ return ret;
+ if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
+ ldap_unbind(ldap_struct);
+ return ret;
+ }
+ if (ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result) != LDAP_SUCCESS) {
+ ldap_unbind(ldap_struct);
+ return ret;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this user [%s] count=%d\n", sname,
- ldap_count_entries(ldap_state->ldap_struct, result)));
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_count_entries(ldap_struct, result)));
+ ldap_unbind(ldap_struct);
+ return ret;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ entry = ldap_first_entry(ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
DEBUG(1,("ldapsam_getsampwnam: init_sam_from_ldap failed for user '%s'!\n", sname));
ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_unbind(ldap_struct);
+ return ret;
}
ldap_msgfree(result);
+ ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
+ ldap_unbind(ldap_struct);
}
return ret;
}
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
+ LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
- if (ldapsam_search_one_user_by_rid(ldap_state, rid, &result) != LDAP_SUCCESS) {
- return NT_STATUS_UNSUCCESSFUL;
+ if (!ldapsam_open_connection(ldap_state, &ldap_struct))
+ return ret;
+
+ if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
+ ldap_unbind(ldap_struct);
+ return ret;
+ }
+ if (ldapsam_search_one_user_by_rid(ldap_state, ldap_struct, rid, &result) != LDAP_SUCCESS) {
+ ldap_unbind(ldap_struct);
+ return ret;
}
- if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) {
+ if (ldap_count_entries(ldap_struct, result) < 1) {
DEBUG(4,
("We don't find this rid [%i] count=%d\n", rid,
- ldap_count_entries(ldap_state->ldap_struct, result)));
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_count_entries(ldap_struct, result)));
+ ldap_unbind(ldap_struct);
+ return ret;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
+ entry = ldap_first_entry(ldap_struct, result);
if (entry) {
- if (!init_sam_from_ldap(ldap_state, user, entry)) {
+ if (!init_sam_from_ldap(ldap_state, user, ldap_struct, entry)) {
DEBUG(1,("ldapsam_getsampwrid: init_sam_from_ldap failed!\n"));
ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_unbind(ldap_struct);
+ return ret;
}
ldap_msgfree(result);
+ ldap_unbind(ldap_struct);
ret = NT_STATUS_OK;
} else {
ldap_msgfree(result);
+ ldap_unbind(ldap_struct);
}
return ret;
}
return ldapsam_getsampwrid(my_methods, user, rid);
}
-/********************************************************************
-Do the actual modification - also change a plaittext passord if
-it it set.
-**********************************************************************/
-
-static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op, BOOL pdb_add)
+static NTSTATUS ldapsam_modify_entry(LDAP *ldap_struct,SAM_ACCOUNT *newpwd,char *dn,LDAPMod **mods,int ldap_op)
{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ int version;
int rc;
- if (!my_methods || !newpwd || !dn) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!mods) {
- DEBUG(5,("mods is empty: nothing to modify\n"));
- /* may be password change below however */
- } else {
- switch(ldap_op)
- {
- case LDAP_MOD_ADD:
+ switch(ldap_op)
+ {
+ case LDAP_MOD_ADD:
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "account");
- if((rc = ldapsam_add(ldap_state,dn,mods))!=LDAP_SUCCESS) {
+ if((rc = ldap_add_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,
("failed to add user with uid = %s with: %s\n\t%s\n",
pdb_get_username(newpwd), ldap_err2string(rc),
ld_error));
free(ld_error);
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
break;
- case LDAP_MOD_REPLACE:
- if((rc = ldapsam_modify(ldap_state,dn,mods))!=LDAP_SUCCESS) {
+ case LDAP_MOD_REPLACE:
+ if((rc = ldap_modify_s(ldap_struct,dn,mods))!=LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING,
+ ldap_get_option(ldap_struct, LDAP_OPT_ERROR_STRING,
&ld_error);
DEBUG(0,
("failed to modify user with uid = %s with: %s\n\t%s\n",
pdb_get_username(newpwd), ldap_err2string(rc),
ld_error));
free(ld_error);
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
break;
- default:
+ default:
DEBUG(0,("Wrong LDAP operation type: %d!\n",ldap_op));
- return NT_STATUS_UNSUCCESSFUL;
- }
+ return ret;
}
#ifdef LDAP_EXOP_X_MODIFY_PASSWD
if (!(pdb_get_acct_ctrl(newpwd)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))&&
(lp_ldap_passwd_sync()!=LDAP_PASSWD_SYNC_OFF)&&
- need_ldap_mod(pdb_add, newpwd, PDB_PLAINTEXT_PW)&&
(pdb_get_plaintext_passwd(newpwd)!=NULL)) {
BerElement *ber;
struct berval *bv;
if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) {
DEBUG(0,("ber_alloc_t returns NULL\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
ber_printf (ber, "{");
ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,dn);
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ber_flatten returns a value <0\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
ber_free(ber,1);
-
- if ((rc = ldapsam_extended_operation(ldap_state, LDAP_EXOP_X_MODIFY_PASSWD,
+
+ if ((rc = ldap_extended_operation_s(ldap_struct, LDAP_EXOP_X_MODIFY_PASSWD,
bv, NULL, NULL, &retoid, &retdata))!=LDAP_SUCCESS) {
DEBUG(0,("LDAP Password could not be changed for user %s: %s\n",
pdb_get_username(newpwd),ldap_err2string(rc)));
*********************************************************************/
static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT * sam_acct)
{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
const char *sname;
int rc;
char *dn;
+ LDAP *ldap_struct;
LDAPMessage *entry;
LDAPMessage *result;
if (!sam_acct) {
DEBUG(0, ("sam_acct was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
sname = pdb_get_username(sam_acct);
+ if (!ldapsam_open_connection(ldap_state, &ldap_struct))
+ return ret;
+
DEBUG (3, ("Deleting user %s from LDAP.\n", sname));
+
+ if (!ldapsam_connect_system(ldap_state, ldap_struct)) {
+ ldap_unbind (ldap_struct);
+ DEBUG(0, ("Failed to delete user %s from LDAP.\n", sname));
+ return ret;
+ }
- rc = ldapsam_search_one_user_by_name(ldap_state, sname, &result);
- if (ldap_count_entries (ldap_state->ldap_struct, result) == 0) {
+ rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct, sname, &result);
+ if (ldap_count_entries (ldap_struct, result) == 0) {
DEBUG (0, ("User doesn't exit!\n"));
ldap_msgfree (result);
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_unbind (ldap_struct);
+ return ret;
}
- entry = ldap_first_entry (ldap_state->ldap_struct, result);
- dn = ldap_get_dn (ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry (ldap_struct, result);
+ dn = ldap_get_dn (ldap_struct, entry);
ldap_msgfree(result);
- rc = ldapsam_delete(ldap_state, dn);
+ rc = ldap_delete_s (ldap_struct, dn);
ldap_memfree (dn);
if (rc != LDAP_SUCCESS) {
char *ld_error;
- ldap_get_option (ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ ldap_get_option (ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
DEBUG (0,("failed to delete user with uid = %s with: %s\n\t%s\n",
sname, ldap_err2string (rc), ld_error));
free (ld_error);
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_unbind (ldap_struct);
+ return ret;
}
DEBUG (2,("successfully deleted uid = %s from the LDAP database\n", sname));
+ ldap_unbind (ldap_struct);
return NT_STATUS_OK;
}
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
char *dn;
+ LDAP *ldap_struct;
LDAPMessage *result;
LDAPMessage *entry;
LDAPMod **mods;
- if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, False, newpwd)) {
- DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (mods == NULL) {
- DEBUG(4,("mods is empty: nothing to update for user: %s\n",pdb_get_username(newpwd)));
- return NT_STATUS_OK;
+ if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
+ return ret;
+
+ if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
+ ldap_unbind(ldap_struct);
+ return ret;
}
-
- rc = ldapsam_search_one_user_by_name(ldap_state, pdb_get_username(newpwd), &result);
- if (ldap_count_entries(ldap_state->ldap_struct, result) == 0) {
+ rc = ldapsam_search_one_user_by_name(ldap_state, ldap_struct,
+ pdb_get_username(newpwd), &result);
+
+ if (ldap_count_entries(ldap_struct, result) == 0) {
DEBUG(0, ("No user to modify!\n"));
ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_unbind(ldap_struct);
+ return ret;
+ }
+
+ if (!init_ldap_from_sam(ldap_state, &mods, LDAP_MOD_REPLACE, newpwd)) {
+ DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
+ ldap_msgfree(result);
+ ldap_unbind(ldap_struct);
+ return ret;
}
- entry = ldap_first_entry(ldap_state->ldap_struct, result);
- dn = ldap_get_dn(ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry(ldap_struct, result);
+ dn = ldap_get_dn(ldap_struct, entry);
ldap_msgfree(result);
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,LDAP_MOD_REPLACE, False);
- if (NT_STATUS_IS_ERR(ret)) {
+ if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,LDAP_MOD_REPLACE))) {
DEBUG(0,("failed to modify user with uid = %s\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods,1);
+ ldap_unbind(ldap_struct);
return ret;
}
("successfully modified uid = %s in the LDAP database\n",
pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
+ ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
int rc;
pstring filter;
+ LDAP *ldap_struct = NULL;
LDAPMessage *result = NULL;
pstring dn;
LDAPMod **mods = NULL;
const char *username = pdb_get_username(newpwd);
if (!username || !*username) {
DEBUG(0, ("Cannot add user without a username!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
- rc = ldapsam_search_one_user_by_name (ldap_state, username, &result);
+ if (!ldapsam_open_connection(ldap_state, &ldap_struct)) /* open a connection to the server */
+ return ret;
- if (ldap_count_entries(ldap_state->ldap_struct, result) != 0) {
+ if (!ldapsam_connect_system(ldap_state, ldap_struct)) { /* connect as system account */
+ ldap_unbind(ldap_struct);
+ return ret;
+ }
+
+ rc = ldapsam_search_one_user_by_name (ldap_state, ldap_struct, username, &result);
+
+ if (ldap_count_entries(ldap_struct, result) != 0) {
DEBUG(0,("User already in the base, with samba properties\n"));
ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_unbind(ldap_struct);
+ return ret;
}
ldap_msgfree(result);
slprintf (filter, sizeof (filter) - 1, "uid=%s", username);
- rc = ldapsam_search_one_user(ldap_state, filter, &result);
- num_result = ldap_count_entries(ldap_state->ldap_struct, result);
+ rc = ldapsam_search_one_user(ldap_state, ldap_struct, filter, &result);
+ num_result = ldap_count_entries(ldap_struct, result);
if (num_result > 1) {
DEBUG (0, ("More than one user with that uid exists: bailing out!\n"));
ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
+ return ret;
}
/* Check if we need to update an existing entry */
DEBUG(3,("User exists without samba properties: adding them\n"));
ldap_op = LDAP_MOD_REPLACE;
- entry = ldap_first_entry (ldap_state->ldap_struct, result);
- tmp = ldap_get_dn (ldap_state->ldap_struct, entry);
+ entry = ldap_first_entry (ldap_struct, result);
+ tmp = ldap_get_dn (ldap_struct, entry);
slprintf (dn, sizeof (dn) - 1, "%s", tmp);
ldap_memfree (tmp);
} else {
ldap_msgfree(result);
- if (!init_ldap_from_sam(ldap_state, &mods, ldap_op, True, newpwd)) {
+ if (!init_ldap_from_sam(ldap_state, &mods, ldap_op, newpwd)) {
DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
ldap_mods_free(mods, 1);
- return NT_STATUS_UNSUCCESSFUL;
+ ldap_unbind(ldap_struct);
+ return ret;
}
-
- if (mods == NULL) {
- DEBUG(0,("mods is empty: nothing to add for user: %s\n",pdb_get_username(newpwd)));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
make_a_mod(&mods, LDAP_MOD_ADD, "objectclass", "sambaAccount");
- ret = ldapsam_modify_entry(my_methods,newpwd,dn,mods,ldap_op, True);
- if (NT_STATUS_IS_ERR(ret)) {
+ if (NT_STATUS_IS_ERR(ldapsam_modify_entry(ldap_struct,newpwd,dn,mods,ldap_op))) {
DEBUG(0,("failed to modify/add user with uid = %s (dn = %s)\n",
- pdb_get_username(newpwd),dn));
+ pdb_get_username(newpwd),dn));
ldap_mods_free(mods,1);
+ ldap_unbind(ldap_struct);
return ret;
}
DEBUG(2,("added: uid = %s in the LDAP database\n", pdb_get_username(newpwd)));
ldap_mods_free(mods, 1);
+ ldap_unbind(ldap_struct);
return NT_STATUS_OK;
}
-static NTSTATUS lsapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid, BOOL with_priv)
-{
- return get_group_map_from_sid(sid, map, with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS lsapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
- gid_t gid, BOOL with_priv)
-{
- return get_group_map_from_gid(gid, map, with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS lsapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
- char *name, BOOL with_priv)
-{
- return get_group_map_from_ntname(name, map, with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS lsapsam_add_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return add_mapping_entry(map, TDB_INSERT) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS lsapsam_update_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return add_mapping_entry(map, TDB_REPLACE) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS lsapsam_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
-{
- return group_map_remove(sid) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS lsapsam_enum_group_mapping(struct pdb_methods *methods,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv)
-{
- return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
- with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
static void free_private_data(void **vp)
{
struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
- ldapsam_close(*ldap_state);
+ if ((*ldap_state)->ldap_struct) {
+ ldap_unbind((*ldap_state)->ldap_struct);
+ }
if ((*ldap_state)->bind_secret) {
memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret));
}
- ldapsam_close(*ldap_state);
-
SAFE_FREE((*ldap_state)->bind_dn);
SAFE_FREE((*ldap_state)->bind_secret);
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
- (*pdb_method)->getgrsid = lsapsam_getgrsid;
- (*pdb_method)->getgrgid = lsapsam_getgrgid;
- (*pdb_method)->getgrnam = lsapsam_getgrnam;
- (*pdb_method)->add_group_mapping_entry = lsapsam_add_group_mapping_entry;
- (*pdb_method)->update_group_mapping_entry = lsapsam_update_group_mapping_entry;
- (*pdb_method)->delete_group_mapping_entry = lsapsam_delete_group_mapping_entry;
- (*pdb_method)->enum_group_mapping = lsapsam_enum_group_mapping;
/* TODO: Setup private data and free */
/* Don't change these timestamp settings without a good reason. They are
important for NT member server compatibility. */
- pdb_set_logon_time (pw_buf, (time_t) 0, PDB_DEFAULT);
+ pdb_set_logon_time (pw_buf, (time_t) 0, True);
ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGON_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "LNT-", 4) == 0)) {
int i;
if (i == 8) {
pdb_set_logon_time (pw_buf,
(time_t) strtol (ptr, NULL, 16),
- PDB_SET);
+ True);
}
}
- pdb_set_logoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
+ pdb_set_logoff_time (pw_buf, get_time_t_max (), True);
ptr = (uchar *) ENTRY_VAL (obj, NPF_LOGOFF_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "LOT-", 4) == 0)) {
int i;
if (i == 8) {
pdb_set_logoff_time (pw_buf,
(time_t) strtol (ptr, NULL, 16),
- PDB_SET);
+ True);
}
}
- pdb_set_kickoff_time (pw_buf, get_time_t_max (), PDB_DEFAULT);
+ pdb_set_kickoff_time (pw_buf, get_time_t_max (), True);
ptr = (uchar *) ENTRY_VAL (obj, NPF_KICK_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "KOT-", 4) == 0)) {
int i;
if (i == 8) {
pdb_set_kickoff_time (pw_buf,
(time_t) strtol (ptr, NULL, 16),
- PDB_SET);
+ True);
}
}
- pdb_set_pass_last_set_time (pw_buf, (time_t) 0, PDB_DEFAULT);
+ pdb_set_pass_last_set_time (pw_buf, (time_t) 0);
ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDLSET_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "LCT-", 4) == 0)) {
int i;
pdb_set_pass_last_set_time (pw_buf,
(time_t) strtol (ptr,
NULL,
- 16),
- PDB_SET);
+ 16));
}
}
- pdb_set_pass_can_change_time (pw_buf, (time_t) 0, PDB_DEFAULT);
+ pdb_set_pass_can_change_time (pw_buf, (time_t) 0, True);
ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDCCHG_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "CCT-", 4) == 0)) {
int i;
(time_t) strtol (ptr,
NULL,
16),
- PDB_SET);
+ True);
}
}
- pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), PDB_DEFAULT); /* Password never expires. */
+ pdb_set_pass_must_change_time (pw_buf, get_time_t_max (), True); /* Password never expires. */
ptr = (uchar *) ENTRY_VAL (obj, NPF_PWDMCHG_T);
if (ptr && *ptr && (StrnCaseCmp (ptr, "MCT-", 4) == 0)) {
int i;
(time_t) strtol (ptr,
NULL,
16),
- PDB_SET);
+ True);
}
}
/* string values */
- pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME), PDB_SET);
- pdb_set_domain (pw_buf, lp_workgroup (), PDB_DEFAULT);
+ pdb_set_username (pw_buf, ENTRY_VAL (obj, NPF_NAME));
+ pdb_set_domain (pw_buf, lp_workgroup ());
/* pdb_set_nt_username() -- cant set it here... */
get_single_attribute (obj, NPF_FULL_NAME, full_name,
#if 0
unix_to_dos (full_name, True);
#endif
- pdb_set_fullname (pw_buf, full_name, PDB_SET);
+ pdb_set_fullname (pw_buf, full_name);
pdb_set_acct_ctrl (pw_buf, pdb_decode_acct_ctrl (ENTRY_VAL (obj,
- NPF_ACB), PDB_SET));
+ NPF_ACB)));
get_single_attribute (obj, NPF_ACCT_DESC, acct_desc,
sizeof (pstring));
#if 0
unix_to_dos (acct_desc, True);
#endif
- pdb_set_acct_desc (pw_buf, acct_desc, PDB_SET);
+ pdb_set_acct_desc (pw_buf, acct_desc);
- pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET);
- pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT);
+ pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS));
+ pdb_set_munged_dial (pw_buf, NULL);
- pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET);
- pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET);
+ pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)));
+ pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)));
pdb_set_user_sid_from_rid (pw_buf,
- atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET);
+ atoi (ENTRY_VAL (obj, NPF_USER_RID)));
pdb_set_group_sid_from_rid (pw_buf,
- atoi (ENTRY_VAL (obj, NPF_GROUP_RID)), PDB_SET);
+ atoi (ENTRY_VAL (obj, NPF_GROUP_RID)));
/* values, must exist for user */
if (!(pdb_get_acct_ctrl (pw_buf) & ACB_WSTRUST)) {
sizeof (pstring));
if (!(home_dir && *home_dir)) {
pstrcpy (home_dir, lp_logon_home ());
- pdb_set_homedir (pw_buf, home_dir, PDB_DEFAULT);
+ pdb_set_homedir (pw_buf, home_dir, False);
} else
- pdb_set_homedir (pw_buf, home_dir, PDB_SET);
+ pdb_set_homedir (pw_buf, home_dir, True);
get_single_attribute (obj, NPF_DIR_DRIVE, home_drive,
sizeof (pstring));
if (!(home_drive && *home_drive)) {
pstrcpy (home_drive, lp_logon_drive ());
- pdb_set_dir_drive (pw_buf, home_drive, PDB_DEFAULT);
+ pdb_set_dir_drive (pw_buf, home_drive, False);
} else
- pdb_set_dir_drive (pw_buf, home_drive, PDB_SET);
+ pdb_set_dir_drive (pw_buf, home_drive, True);
get_single_attribute (obj, NPF_LOGON_SCRIPT, logon_script,
sizeof (pstring));
if (!(logon_script && *logon_script)) {
pstrcpy (logon_script, lp_logon_script ());
- pdb_set_logon_script (pw_buf, logon_script, PDB_DEFAULT);
} else
- pdb_set_logon_script (pw_buf, logon_script, PDB_SET);
+ pdb_set_logon_script (pw_buf, logon_script, True);
get_single_attribute (obj, NPF_PROFILE_PATH, profile_path,
sizeof (pstring));
if (!(profile_path && *profile_path)) {
pstrcpy (profile_path, lp_logon_path ());
- pdb_set_profile_path (pw_buf, profile_path, PDB_DEFAULT);
+ pdb_set_profile_path (pw_buf, profile_path, False);
} else
- pdb_set_profile_path (pw_buf, profile_path, PDB_SET);
+ pdb_set_profile_path (pw_buf, profile_path, True);
} else {
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
- pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
+ pdb_set_group_sid_from_rid (pw_buf, DOMAIN_GROUP_RID_USERS);
}
/* Check the lanman password column. */
ptr = (char *) ENTRY_VAL (obj, NPF_LMPWD);
- if (!pdb_set_lanman_passwd (pw_buf, NULL, PDB_DEFAULT))
+ if (!pdb_set_lanman_passwd (pw_buf, NULL))
return False;
if (!strncasecmp (ptr, "NO PASSWORD", 11)) {
pdb_set_acct_ctrl (pw_buf,
- pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ, PDB_SET);
+ pdb_get_acct_ctrl (pw_buf) | ACB_PWNOTREQ);
} else {
if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbpwd)) {
DEBUG (0, ("malformed LM pwd entry: %s.\n",
pdb_get_username (pw_buf)));
return False;
}
- if (!pdb_set_lanman_passwd (pw_buf, smbpwd, PDB_SET))
+ if (!pdb_set_lanman_passwd (pw_buf, smbpwd))
return False;
}
/* Check the NT password column. */
ptr = ENTRY_VAL (obj, NPF_NTPWD);
- if (!pdb_set_nt_passwd (pw_buf, NULL, PDB_DEFAULT))
+ if (!pdb_set_nt_passwd (pw_buf, NULL))
return False;
if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) &&
uid = %d.\n", pdb_get_uid (pw_buf)));
return False;
}
- if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET))
+ if (!pdb_set_nt_passwd (pw_buf, smbntpwd))
return False;
}
- pdb_set_unknown_3 (pw_buf, 0xffffff, PDB_DEFAULT); /* don't know */
- pdb_set_logon_divs (pw_buf, 168, PDB_DEFAULT); /* hours per week */
+ pdb_set_unknown_3 (pw_buf, 0xffffff); /* don't know */
+ pdb_set_logon_divs (pw_buf, 168); /* hours per week */
if ((hours_len = ENTRY_LEN (obj, NPF_HOURS)) == 21) {
memcpy (hours, ENTRY_VAL (obj, NPF_HOURS), hours_len);
/* available at all hours */
memset (hours, 0xff, hours_len);
}
- pdb_set_hours_len (pw_buf, hours_len, PDB_SET);
- pdb_set_hours (pw_buf, hours, PDB_SET);
+ pdb_set_hours_len (pw_buf, hours_len);
+ pdb_set_hours (pw_buf, hours);
- pdb_set_unknown_5 (pw_buf, 0x00020000, PDB_DEFAULT); /* don't know */
- pdb_set_unknown_6 (pw_buf, 0x000004ec, PDB_DEFAULT); /* don't know */
+ pdb_set_unknown_5 (pw_buf, 0x00020000); /* don't know */
+ pdb_set_unknown_6 (pw_buf, 0x000004ec); /* don't know */
return True;
}
rid = pdb_get_group_rid (sampass);
if (rid == 0) {
- if (pdb_getgrgid(&map, pdb_get_gid (sampass),
- MAPPING_WITHOUT_PRIV)) {
+ if (get_group_map_from_gid
+ (pdb_get_gid (sampass), &map,
+ MAPPING_WITHOUT_PRIV)) {
if (!sid_peek_check_rid
(get_global_sam_sid (), &map.sid, &rid))
return False;
&& (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid)
&& (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
- pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid), PDB_SET);
+ pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid));
/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here.
This was down the bottom for machines, but it looks pretty good as
a general default for non-unix users. --abartlet 2002-01-08
*/
- pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET);
- pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
- pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
+ pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS);
+ pdb_set_username (sam_pass, pw_buf->smb_name);
+ pdb_set_domain (sam_pass, lp_workgroup());
} else {
pwfile = getpwnam_alloc(pw_buf->smb_name);
passwd_free(&pwfile);
}
- pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
- pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);
- pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
- pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
- pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
+ pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd);
+ pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd);
+ pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl);
+ pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time);
+ pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, True);
#if 0 /* JERRY */
/* the smbpasswd format doesn't have a must change time field, so
we can't get this right. The best we can do is to set this to
some time in the future. 21 days seems as reasonable as any other value :)
*/
- pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE, PDB_DEFAULT);
+ pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE);
#endif
return True;
}
return NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS smbpasswd_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS smbpasswd_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
- gid_t gid, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS smbpasswd_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
- char *name, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS smbpasswd_add_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS smbpasswd_update_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS smbpasswd_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS smbpasswd_enum_group_mapping(struct pdb_methods *methods,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
static void free_private_data(void **vp)
{
struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
- (*pdb_method)->getgrsid = smbpasswd_getgrsid;
- (*pdb_method)->getgrgid = smbpasswd_getgrgid;
- (*pdb_method)->getgrnam = smbpasswd_getgrnam;
- (*pdb_method)->add_group_mapping_entry = smbpasswd_add_group_mapping_entry;
- (*pdb_method)->update_group_mapping_entry = smbpasswd_update_group_mapping_entry;
- (*pdb_method)->delete_group_mapping_entry = smbpasswd_delete_group_mapping_entry;
- (*pdb_method)->enum_group_mapping = smbpasswd_enum_group_mapping;
/* Setup private data and free function */
uid = pw->pw_uid;
gid = pw->pw_gid;
- pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
+ pdb_set_unix_homedir(sampass, pw->pw_dir);
passwd_free(&pw);
- pdb_set_uid(sampass, uid, PDB_SET);
- pdb_set_gid(sampass, gid, PDB_SET);
+ pdb_set_uid(sampass, uid);
+ pdb_set_gid(sampass, gid);
}
- pdb_set_logon_time(sampass, logon_time, PDB_SET);
- pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
- pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
- pdb_set_pass_can_change_time(sampass, pass_can_change_time, PDB_SET);
- pdb_set_pass_must_change_time(sampass, pass_must_change_time, PDB_SET);
- pdb_set_pass_last_set_time(sampass, pass_last_set_time, PDB_SET);
+ pdb_set_logon_time(sampass, logon_time, True);
+ pdb_set_logoff_time(sampass, logoff_time, True);
+ pdb_set_kickoff_time(sampass, kickoff_time, True);
+ pdb_set_pass_can_change_time(sampass, pass_can_change_time, True);
+ pdb_set_pass_must_change_time(sampass, pass_must_change_time, True);
+ pdb_set_pass_last_set_time(sampass, pass_last_set_time);
- pdb_set_username (sampass, username, PDB_SET);
- pdb_set_domain (sampass, domain, PDB_SET);
- pdb_set_nt_username (sampass, nt_username, PDB_SET);
- pdb_set_fullname (sampass, fullname, PDB_SET);
+ pdb_set_username (sampass, username);
+ pdb_set_domain (sampass, domain);
+ pdb_set_nt_username (sampass, nt_username);
+ pdb_set_fullname (sampass, fullname);
if (homedir) {
- pdb_set_homedir(sampass, homedir, PDB_SET);
+ pdb_set_homedir(sampass, homedir, True);
}
else {
pdb_set_homedir(sampass,
lp_logon_home(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
}
if (dir_drive)
- pdb_set_dir_drive(sampass, dir_drive, PDB_SET);
+ pdb_set_dir_drive(sampass, dir_drive, True);
else {
pdb_set_dir_drive(sampass,
talloc_sub_specified(sampass->mem_ctx,
lp_logon_drive(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
}
if (logon_script)
- pdb_set_logon_script(sampass, logon_script, PDB_SET);
+ pdb_set_logon_script(sampass, logon_script, True);
else {
pdb_set_logon_script(sampass,
talloc_sub_specified(sampass->mem_ctx,
lp_logon_script(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
}
if (profile_path) {
- pdb_set_profile_path(sampass, profile_path, PDB_SET);
+ pdb_set_profile_path(sampass, profile_path, True);
} else {
pdb_set_profile_path(sampass,
talloc_sub_specified(sampass->mem_ctx,
lp_logon_path(),
username, domain,
uid, gid),
- PDB_DEFAULT);
+ False);
}
- pdb_set_acct_desc (sampass, acct_desc, PDB_SET);
- pdb_set_workstations (sampass, workstations, PDB_SET);
- pdb_set_munged_dial (sampass, munged_dial, PDB_SET);
+ pdb_set_acct_desc (sampass, acct_desc);
+ pdb_set_workstations (sampass, workstations);
+ pdb_set_munged_dial (sampass, munged_dial);
if (lm_pw_ptr && lm_pw_len == LM_HASH_LEN) {
- if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr, PDB_SET)) {
+ if (!pdb_set_lanman_passwd(sampass, lm_pw_ptr)) {
ret = False;
goto done;
}
}
if (nt_pw_ptr && nt_pw_len == NT_HASH_LEN) {
- if (!pdb_set_nt_passwd(sampass, nt_pw_ptr, PDB_SET)) {
+ if (!pdb_set_nt_passwd(sampass, nt_pw_ptr)) {
ret = False;
goto done;
}
}
- pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
- pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
- pdb_set_unknown_3(sampass, unknown_3, PDB_SET);
- pdb_set_hours_len(sampass, hours_len, PDB_SET);
- pdb_set_unknown_5(sampass, unknown_5, PDB_SET);
- pdb_set_unknown_6(sampass, unknown_6, PDB_SET);
- pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET);
- pdb_set_logon_divs(sampass, logon_divs, PDB_SET);
- pdb_set_hours(sampass, hours, PDB_SET);
+ pdb_set_user_sid_from_rid(sampass, user_rid);
+ pdb_set_group_sid_from_rid(sampass, group_rid);
+ pdb_set_unknown_3(sampass, unknown_3);
+ pdb_set_hours_len(sampass, hours_len);
+ pdb_set_unknown_5(sampass, unknown_5);
+ pdb_set_unknown_6(sampass, unknown_6);
+ pdb_set_acct_ctrl(sampass, acct_ctrl);
+ pdb_set_logon_divs(sampass, logon_divs);
+ pdb_set_hours(sampass, hours);
done:
* Only updates fields which have been set (not defaults from smb.conf)
*/
- if (!IS_SAM_DEFAULT(sampass, PDB_DRIVE))
+ if (IS_SAM_SET(sampass, FLAG_SAM_DRIVE))
dir_drive = pdb_get_dir_drive(sampass);
else dir_drive = NULL;
if (dir_drive) dir_drive_len = strlen(dir_drive) +1;
else dir_drive_len = 0;
- if (!IS_SAM_DEFAULT(sampass, PDB_SMBHOME)) homedir = pdb_get_homedir(sampass);
+ if (IS_SAM_SET(sampass, FLAG_SAM_SMBHOME)) homedir = pdb_get_homedir(sampass);
else homedir = NULL;
if (homedir) homedir_len = strlen(homedir) +1;
else homedir_len = 0;
- if (!IS_SAM_DEFAULT(sampass, PDB_LOGONSCRIPT)) logon_script = pdb_get_logon_script(sampass);
+ if (IS_SAM_SET(sampass, FLAG_SAM_LOGONSCRIPT)) logon_script = pdb_get_logon_script(sampass);
else logon_script = NULL;
if (logon_script) logon_script_len = strlen(logon_script) +1;
else logon_script_len = 0;
- if (!IS_SAM_DEFAULT(sampass, PDB_PROFILE)) profile_path = pdb_get_profile_path(sampass);
+ if (IS_SAM_SET(sampass, FLAG_SAM_PROFILE)) profile_path = pdb_get_profile_path(sampass);
else profile_path = NULL;
if (profile_path) profile_path_len = strlen(profile_path) +1;
else profile_path_len = 0;
lm_pw_len, lm_pw,
nt_pw_len, nt_pw,
pdb_get_acct_ctrl(sampass),
- pdb_get_unknown_3(sampass),
+ pdb_get_unknown3(sampass),
pdb_get_logon_divs(sampass),
pdb_get_hours_len(sampass),
MAX_HOURS_LEN, pdb_get_hours(sampass),
- pdb_get_unknown_5(sampass),
- pdb_get_unknown_6(sampass));
+ pdb_get_unknown5(sampass),
+ pdb_get_unknown6(sampass));
/* malloc the space needed */
lm_pw_len, lm_pw,
nt_pw_len, nt_pw,
pdb_get_acct_ctrl(sampass),
- pdb_get_unknown_3(sampass),
+ pdb_get_unknown3(sampass),
pdb_get_logon_divs(sampass),
pdb_get_hours_len(sampass),
MAX_HOURS_LEN, pdb_get_hours(sampass),
- pdb_get_unknown_5(sampass),
- pdb_get_unknown_6(sampass));
+ pdb_get_unknown5(sampass),
+ pdb_get_unknown6(sampass));
/* check to make sure we got it correct */
goto done;
}
}
- pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
+ pdb_set_user_sid_from_rid(newpwd, user_rid);
} else {
user_rid = tdb_state->low_nua_rid;
tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
ret = False;
goto done;
}
- pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
+ pdb_set_user_sid_from_rid(newpwd, user_rid);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
goto done;
} else {
/* This seems like a good default choice for non-unix users */
- pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
+ pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS);
}
} else {
DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
return NT_STATUS_UNSUCCESSFUL;
}
-static NTSTATUS tdbsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid, BOOL with_priv)
-{
- return get_group_map_from_sid(sid, map, with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
- gid_t gid, BOOL with_priv)
-{
- return get_group_map_from_gid(gid, map, with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
- char *name, BOOL with_priv)
-{
- return get_group_map_from_ntname(name, map, with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_add_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return add_mapping_entry(map, TDB_INSERT) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_update_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return add_mapping_entry(map, TDB_REPLACE) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
-{
- return group_map_remove(sid) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
-static NTSTATUS tdbsam_enum_group_mapping(struct pdb_methods *methods,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv)
-{
- return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
- with_priv) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
-
static void free_private_data(void **vp)
{
struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
- (*pdb_method)->getgrsid = tdbsam_getgrsid;
- (*pdb_method)->getgrgid = tdbsam_getgrgid;
- (*pdb_method)->getgrnam = tdbsam_getgrnam;
- (*pdb_method)->add_group_mapping_entry = tdbsam_add_group_mapping_entry;
- (*pdb_method)->update_group_mapping_entry = tdbsam_update_group_mapping_entry;
- (*pdb_method)->delete_group_mapping_entry = tdbsam_delete_group_mapping_entry;
- (*pdb_method)->enum_group_mapping = tdbsam_enum_group_mapping;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
SAM_ACCOUNT *user, uint32 rid)
{
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct passwd *pass = NULL;
+ struct passwd *pass;
const char *guest_account = lp_guestaccount();
if (!(guest_account && *guest_account)) {
DEBUG(1, ("NULL guest account!?!?\n"));
}
} else if (pdb_rid_is_user(rid)) {
pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
- }
-
- if (pass == NULL) {
+ } else {
return nt_status;
}
return; /* NT_STATUS_NOT_IMPLEMENTED; */
}
-static NTSTATUS unixsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
- gid_t gid, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
- char *name, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_add_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_update_group_mapping_entry(struct pdb_methods *methods,
- GROUP_MAP *map)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS unixsam_enum_group_mapping(struct pdb_methods *methods,
- enum SID_NAME_USE sid_name_use,
- GROUP_MAP **rmap, int *num_entries,
- BOOL unix_only, BOOL with_priv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
(*pdb_method)->add_sam_account = unixsam_add_sam_account;
(*pdb_method)->update_sam_account = unixsam_update_sam_account;
(*pdb_method)->delete_sam_account = unixsam_delete_sam_account;
- (*pdb_method)->getgrsid = unixsam_getgrsid;
- (*pdb_method)->getgrgid = unixsam_getgrgid;
- (*pdb_method)->getgrnam = unixsam_getgrnam;
- (*pdb_method)->add_group_mapping_entry = unixsam_add_group_mapping_entry;
- (*pdb_method)->update_group_mapping_entry = unixsam_update_group_mapping_entry;
- (*pdb_method)->delete_group_mapping_entry = unixsam_delete_group_mapping_entry;
- (*pdb_method)->enum_group_mapping = unixsam_enum_group_mapping;
/* There's not very much to initialise here */
return NT_STATUS_OK;
__author__ = 'Martin Pool <mbp@sourcefrog.net>'
import unittest
-import oldtdbutil
+# import tdbutil
import samba.tdbpack
-both_unpackers = (samba.tdbpack.unpack, oldtdbutil.unpack)
-both_packers = (samba.tdbpack.pack, oldtdbutil.pack)
-
+packer = samba.tdbpack.pack
+unpacker = samba.tdbpack.unpack
+
+
class PackTests(unittest.TestCase):
symm_cases = [('B', ['hello' * 51], '\xff\0\0\0' + 'hello' * 51),
('w', [42], '\x2a\0'),
def test_symmetric(self):
"""Cookbook of symmetric pack/unpack tests
"""
- for packer in both_packers:
- for unpacker in both_unpackers:
- for format, values, expected in self.symm_cases:
- self.assertEquals(packer(format, values), expected)
- out, rest = unpacker(format, expected)
- self.assertEquals(rest, '')
- self.assertEquals(list(values), list(out))
+ for format, values, expected in self.symm_cases:
+ self.assertEquals(packer(format, values), expected)
+ out, rest = unpacker(format, expected)
+ self.assertEquals(rest, '')
+ self.assertEquals(list(values), list(out))
def test_pack(self):
# as if you called list()
]
- for packer in both_packers:
- for format, values, expected in cases:
- self.assertEquals(packer(format, values), expected)
+ for format, values, expected in cases:
+ self.assertEquals(packer(format, values), expected)
def test_unpack_extra(self):
# Test leftover data
- for unpacker in both_unpackers:
- for format, values, packed in self.symm_cases:
- out, rest = unpacker(format, packed + 'hello sailor!')
- self.assertEquals(rest, 'hello sailor!')
- self.assertEquals(list(values), list(out))
+ for format, values, packed in self.symm_cases:
+ out, rest = unpacker(format, packed + 'hello sailor!')
+ self.assertEquals(rest, 'hello sailor!')
+ self.assertEquals(list(values), list(out))
def test_unpack(self):
"""Cookbook of tricky unpack tests"""
cases = [
- # Apparently I couldn't think of any tests that weren't
- # symmetric :-/
]
- for unpacker in both_unpackers:
- for format, values, expected in cases:
- out, rest = unpacker(format, expected)
- self.assertEquals(rest, '')
- self.assertEquals(list(values), list(out))
+ for format, values, expected in cases:
+ out, rest = unpacker(format, expected)
+ self.assertEquals(rest, '')
+ self.assertEquals(list(values), list(out))
def test_pack_failures(self):
('f', [2], TypeError),
('P', [None], TypeError),
('P', (), IndexError),
- ('f', [hex], TypeError),
+ ('f', [packer], TypeError),
('fw', ['hello'], IndexError),
('f', [u'hello'], TypeError),
('B', [2], TypeError),
('fQ', ['2'], IndexError),
(2, [2], TypeError),
({}, {}, TypeError)]
- for packer in both_packers:
- for format, values, throwable_class in cases:
- def do_pack():
- packer(format, values)
- self.assertRaises(throwable_class, do_pack)
+ for format, values, throwable_class in cases:
+ def do_pack():
+ packer(format, values)
+ self.assertRaises(throwable_class, do_pack)
def test_unpack_failures(self):
('B', 'foobar', IndexError),
('BB', '\x01\0\0\0a\x01', IndexError),
]
-
- for unpacker in both_unpackers:
- for format, values, throwable_class in cases:
- def do_unpack():
- unpacker(format, values)
+
+ for format, values, throwable_class in cases:
+ def do_unpack():
+ unpacker(format, values)
self.assertRaises(throwable_class, do_unpack)
be freed by calling free(). */
struct cli_state *open_pipe_creds(char *server, PyObject *creds,
- int pipe_idx, char **errstr)
+ char *pipe_name, char **errstr)
{
char *username, *password, *domain;
struct cli_state *cli;
return NULL;
}
- if (!cli_nt_session_open(cli, pipe_idx)) {
+ if (!cli_nt_session_open(cli, pipe_name)) {
cli_shutdown(cli);
- asprintf(errstr, "error opening pipe index %d", pipe_idx);
+ free(cli);
+ asprintf(errstr, "error opening %s", pipe_name);
return NULL;
}
BOOL py_parse_creds(PyObject *creds, char **username, char **domain,
char **password, char **errstr);
struct cli_state *open_pipe_creds(char *server, PyObject *creds,
- int pipe_idx, char **errstr);
+ char *pipe_name, char **errstr);
BOOL get_level_value(PyObject *dict, uint32 *level);
/* The following definitions come from python/py_ntsec.c */
server += 2;
- if (!(cli = open_pipe_creds(server, creds, PI_LSARPC, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_LSARPC, &errstr))) {
PyErr_SetString(lsa_error, errstr);
free(errstr);
return NULL;
return NULL;
}
- if (!(cli = open_pipe_creds(server, creds, PI_SAMR, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SAMR, &errstr))) {
PyErr_SetString(samr_error, errstr);
free(errstr);
return NULL;
if (!NT_STATUS_IS_OK(ntstatus)) {
cli_shutdown(cli);
+ SAFE_FREE(cli);
PyErr_SetObject(samr_ntstatus, py_ntstatus_tuple(ntstatus));
goto done;
}
PyObject *kw)
{
cli_state_object *cli = (cli_state_object *)self;
- static char *kwlist[] = { "creds", NULL };
+ static char *kwlist[] = { "creds" };
PyObject *creds;
char *username, *domain, *password, *errstr;
BOOL result;
- if (!PyArg_ParseTupleAndKeywords(args, kw, "|O", kwlist, &creds))
+ if (!PyArg_ParseTupleAndKeywords(args, kw, "O", kwlist, &creds))
return NULL;
if (!py_parse_creds(creds, &username, &domain, &password, &errstr)) {
cli->cli, username, password, strlen(password) + 1,
password, strlen(password) + 1, domain);
- if (cli_is_error(cli->cli)) {
- PyErr_SetString(PyExc_RuntimeError, "session setup failed");
- return NULL;
- }
-
return Py_BuildValue("i", result);
}
static PyObject *py_smb_tconx(PyObject *self, PyObject *args, PyObject *kw)
{
cli_state_object *cli = (cli_state_object *)self;
- static char *kwlist[] = { "service", NULL };
- char *service;
- BOOL result;
-
- if (!PyArg_ParseTupleAndKeywords(args, kw, "s", kwlist, &service))
- return NULL;
-
- result = cli_send_tconX(
- cli->cli, service, strequal(service, "IPC$") ? "IPC" :
- "?????", "", 1);
-
- if (cli_is_error(cli->cli)) {
- PyErr_SetString(PyExc_RuntimeError, "tconx failed");
- return NULL;
- }
-
- return Py_BuildValue("i", result);
-}
-
-static PyObject *py_smb_nt_create_andx(PyObject *self, PyObject *args,
- PyObject *kw)
-{
- cli_state_object *cli = (cli_state_object *)self;
- static char *kwlist[] = { "filename", "desired_access",
- "file_attributes", "share_access",
- "create_disposition", NULL };
- char *filename;
- uint32 desired_access, file_attributes = 0,
- share_access = FILE_SHARE_READ | FILE_SHARE_WRITE,
- create_disposition = FILE_EXISTS_OPEN, create_options = 0;
- int result;
-
- /* Parse parameters */
-
- if (!PyArg_ParseTupleAndKeywords(
- args, kw, "si|iii", kwlist, &filename, &desired_access,
- &file_attributes, &share_access, &create_disposition,
- &create_options))
- return NULL;
-
- result = cli_nt_create_full(
- cli->cli, filename, desired_access, file_attributes,
- share_access, create_disposition, create_options);
-
- if (cli_is_error(cli->cli)) {
- PyErr_SetString(PyExc_RuntimeError, "nt_create_andx failed");
- return NULL;
- }
-
- /* Return FID */
-
- return PyInt_FromLong(result);
-}
-
-static PyObject *py_smb_close(PyObject *self, PyObject *args,
- PyObject *kw)
-{
- cli_state_object *cli = (cli_state_object *)self;
- static char *kwlist[] = { "fnum", NULL };
- BOOL result;
- int fnum;
-
- /* Parse parameters */
-
- if (!PyArg_ParseTupleAndKeywords(
- args, kw, "i", kwlist, &fnum))
- return NULL;
-
- result = cli_close(cli->cli, fnum);
-
- return PyInt_FromLong(result);
-}
-
-static PyObject *py_smb_unlink(PyObject *self, PyObject *args,
- PyObject *kw)
-{
- cli_state_object *cli = (cli_state_object *)self;
- static char *kwlist[] = { "filename", NULL };
- char *filename;
- BOOL result;
-
- /* Parse parameters */
-
- if (!PyArg_ParseTupleAndKeywords(
- args, kw, "s", kwlist, &filename))
- return NULL;
-
- result = cli_unlink(cli->cli, filename);
-
- return PyInt_FromLong(result);
-}
-
-static PyObject *py_smb_query_secdesc(PyObject *self, PyObject *args,
- PyObject *kw)
-{
- cli_state_object *cli = (cli_state_object *)self;
- static char *kwlist[] = { "fnum", NULL };
- PyObject *result;
- SEC_DESC *secdesc = NULL;
- int fnum;
- TALLOC_CTX *mem_ctx;
-
- /* Parse parameters */
-
- if (!PyArg_ParseTupleAndKeywords(
- args, kw, "i", kwlist, &fnum))
- return NULL;
-
- mem_ctx = talloc_init();
-
- secdesc = cli_query_secdesc(cli->cli, fnum, mem_ctx);
-
- if (cli_is_error(cli->cli)) {
- PyErr_SetString(PyExc_RuntimeError, "query_secdesc failed");
- return NULL;
- }
-
- if (!secdesc) {
- Py_INCREF(Py_None);
- result = Py_None;
- goto done;
- }
-
- if (!py_from_SECDESC(&result, secdesc)) {
- PyErr_SetString(
- PyExc_TypeError,
- "Invalid security descriptor returned");
- result = NULL;
- goto done;
- }
-
- done:
- talloc_destroy(mem_ctx);
-
- return result;
-
-}
-
-static PyObject *py_smb_set_secdesc(PyObject *self, PyObject *args,
- PyObject *kw)
-{
- cli_state_object *cli = (cli_state_object *)self;
- static char *kwlist[] = { "fnum", "security_descriptor", NULL };
- PyObject *py_secdesc;
- SEC_DESC *secdesc;
- TALLOC_CTX *mem_ctx = talloc_init();
- int fnum;
+ static char *kwlist[] = { "service", "creds" };
+ PyObject *creds;
+ char *service, *username, *domain, *password, *errstr;
BOOL result;
- /* Parse parameters */
-
- if (!PyArg_ParseTupleAndKeywords(
- args, kw, "iO", kwlist, &fnum, &py_secdesc))
+ if (!PyArg_ParseTupleAndKeywords(args, kw, "sO", kwlist, &service,
+ &creds))
return NULL;
- if (!py_to_SECDESC(&secdesc, py_secdesc, mem_ctx)) {
- PyErr_SetString(PyExc_TypeError,
- "Invalid security descriptor");
+ if (!py_parse_creds(creds, &username, &domain, &password, &errstr)) {
+ free(errstr);
return NULL;
}
- result = cli_set_secdesc(cli->cli, fnum, secdesc);
-
- if (cli_is_error(cli->cli)) {
- PyErr_SetString(PyExc_RuntimeError, "set_secdesc failed");
- return NULL;
- }
+ result = cli_send_tconX(
+ cli->cli, service, strequal(service, "IPC$") ? "IPC" : "?????",
+ password, strlen(password) + 1);
- return PyInt_FromLong(result);
+ return Py_BuildValue("i", result);
}
static PyMethodDef smb_hnd_methods[] = {
- /* Session and connection handling */
-
{ "session_request", (PyCFunction)py_smb_session_request,
METH_VARARGS | METH_KEYWORDS, "Request a session" },
{ "tconx", (PyCFunction)py_smb_tconx,
METH_VARARGS | METH_KEYWORDS, "Tree connect" },
- /* File operations */
-
- { "nt_create_andx", (PyCFunction)py_smb_nt_create_andx,
- METH_VARARGS | METH_KEYWORDS, "NT Create&X" },
-
- { "close", (PyCFunction)py_smb_close,
- METH_VARARGS | METH_KEYWORDS, "Close" },
-
- { "unlink", (PyCFunction)py_smb_unlink,
- METH_VARARGS | METH_KEYWORDS, "Unlink" },
-
- /* Security descriptors */
-
- { "query_secdesc", (PyCFunction)py_smb_query_secdesc,
- METH_VARARGS | METH_KEYWORDS, "Query security descriptor" },
-
- { "set_secdesc", (PyCFunction)py_smb_set_secdesc,
- METH_VARARGS | METH_KEYWORDS, "Set security descriptor" },
-
{ NULL }
};
/* Call rpc function */
- if (!(cli = open_pipe_creds(server, creds, PI_SPOOLSS, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SPOOLSS, &errstr))) {
PyErr_SetString(spoolss_error, errstr);
free(errstr);
goto done;
/* Call rpc function */
- if (!(cli = open_pipe_creds(server, creds, PI_SPOOLSS, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SPOOLSS, &errstr))) {
PyErr_SetString(spoolss_error, errstr);
free(errstr);
goto done;
return NULL;
}
- if (!(cli = open_pipe_creds(server, creds, PI_SPOOLSS, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SPOOLSS, &errstr))) {
PyErr_SetString(spoolss_error, errstr);
free(errstr);
goto done;
return NULL;
}
- if (!(cli = open_pipe_creds(server, creds, PI_SPOOLSS, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SPOOLSS, &errstr))) {
PyErr_SetString(spoolss_error, errstr);
free(errstr);
goto done;
return NULL;
}
- if (!(cli = open_pipe_creds(server, creds, PI_SPOOLSS, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SPOOLSS, &errstr))) {
PyErr_SetString(spoolss_error, errstr);
free(errstr);
goto done;
return NULL;
}
- if (!(cli = open_pipe_creds(server, creds, PI_SPOOLSS, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SPOOLSS, &errstr))) {
PyErr_SetString(spoolss_error, errstr);
free(errstr);
goto done;
&PyDict_Type, &info, &PyDict_Type, &creds))
return NULL;
- if (!(cli = open_pipe_creds(server, creds, PI_SPOOLSS, &errstr))) {
+ if (!(cli = open_pipe_creds(server, creds, PIPE_SPOOLSS, &errstr))) {
PyErr_SetString(spoolss_error, errstr);
free(errstr);
goto done;
}
-static PyObject *pytdbpack_bad_type(char ch,
- const char *expected,
- PyObject *val_obj)
-{
- PyObject *r = PyObject_Repr(val_obj);
- if (!r)
- return NULL;
- PyErr_Format(PyExc_TypeError,
- "tdbpack: format '%c' requires %s, not %s",
- ch, expected, PyString_AS_STRING(r));
- Py_DECREF(r);
- return val_obj;
-}
-
-
/*
- * Calculate the number of bytes required to pack a single value. While doing
- * this, also conduct some initial checks that the argument types are
- * reasonable.
- *
- * Returns -1 on exception.
- */
+ Calculate the number of bytes required to pack a single value.
+*/
static int
pytdbpack_calc_item_len(char ch,
PyObject *val_obj)
{
if (ch == 'd' || ch == 'w') {
if (!PyInt_Check(val_obj)) {
- pytdbpack_bad_type(ch, "Int", val_obj);
+ PyErr_Format(PyExc_TypeError,
+ "tdbpack: format '%c' requires an Int",
+ ch);
return -1;
}
if (ch == 'w')
else if (ch == 'f' || ch == 'P' || ch == 'B') {
/* nul-terminated 8-bit string */
if (!PyString_Check(val_obj)) {
- pytdbpack_bad_type(ch, "String", val_obj);
+ PyErr_Format(PyExc_TypeError,
+ "tdbpack: format '%c' requires a String",
+ ch);
+ return -1;
}
if (ch == 'B') {
}
else {
PyErr_Format(PyExc_ValueError,
- "tdbpack: format character '%c' is not supported",
+ __FUNCTION__ ": format character '%c' is not supported",
ch);
return -1;
Extension(name = "smb",
sources = [samba_srcdir + "python/py_smb.c",
- samba_srcdir + "python/py_common.c",
- samba_srcdir + "python/py_ntsec.c"],
+ samba_srcdir + "python/py_common.c"],
libraries = lib_list,
library_dirs = ["/usr/kerberos/lib"],
extra_compile_args = flags_list,
usr->user_rid = user_rid;
usr->group_rid = group_rid;
usr->acb_info = pdb_get_acct_ctrl(pw);
-
- /*
- Look at a user on a real NT4 PDC with usrmgr, press
- 'ok'. Then you will see that unknown_3 is set to
- 0x08f827fa. Look at the user immediately after that again,
- and you will see that 0x00fffff is returned. This solves
- the problem that you get access denied after having looked
- at the user.
- -- Volker
- */
- usr->unknown_3 = 0x00ffffff;
+ usr->unknown_3 = pdb_get_unknown3(pw);
usr->logon_divs = pdb_get_logon_divs(pw);
usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
- usr->unknown_5 = pdb_get_unknown_5(pw); /* 0x0002 0000 */
+ usr->unknown_5 = pdb_get_unknown5(pw); /* 0x0002 0000 */
if (pdb_get_pass_must_change_time(pw) == 0) {
usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
init_unistr2(&usr->uni_unknown_str, NULL, len_unknown_str);
init_unistr2(&usr->uni_munged_dial, munged_dial, len_munged_dial);
- usr->unknown_6 = pdb_get_unknown_6(pw);
+ usr->unknown_6 = pdb_get_unknown6(pw);
usr->padding4 = 0;
if (pdb_get_hours(pw)) {
return NT_STATUS_ACCESS_DENIED;
/* get the list of mapped groups (domain, local, builtin) */
- if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ if(!enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return NT_STATUS_OK;
if (q_u->enum_context >= num_entries)
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count));
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITHOUT_PRIV))
+ if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
/*
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
map.systemaccount=q_u->access;
- if(!pdb_update_group_mapping_entry(&map))
+ if(!add_mapping_entry(&map, TDB_REPLACE))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
set=&q_u->set;
add_privilege(&map.priv_set, *luid_attr);
}
- if(!pdb_update_group_mapping_entry(&map))
+ if(!add_mapping_entry(&map, TDB_REPLACE))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
+ if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
if (q_u->allrights!=0) {
remove_privilege(&map.priv_set, *luid_attr);
}
- if(!pdb_update_group_mapping_entry(&map))
+ if(!add_mapping_entry(&map, TDB_REPLACE))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
cred_hash3( pwd, q_u->pwd, p->dc.sess_key, 0);
/* lies! nt and lm passwords are _not_ the same: don't care */
- if (!pdb_set_lanman_passwd (sampass, pwd, PDB_CHANGED)) {
+ if (!pdb_set_lanman_passwd (sampass, pwd)) {
pdb_free_sam(&sampass);
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_set_nt_passwd (sampass, pwd, PDB_CHANGED)) {
+ if (!pdb_set_nt_passwd (sampass, pwd)) {
pdb_free_sam(&sampass);
return NT_STATUS_NO_MEMORY;
}
if ( fetch_reg_keys( regkey, &subkeys ) == -1 ) {
/* don't really know what to return here */
+
result = NT_STATUS_NO_SUCH_FILE;
}
else {
return False;
}
+
return True;
}
TALLOC_CTX *mem_ctx;
};
-struct generic_mapping sam_generic_mapping = {GENERIC_RIGHTS_SAM_READ, GENERIC_RIGHTS_SAM_WRITE, GENERIC_RIGHTS_SAM_EXECUTE, GENERIC_RIGHTS_SAM_ALL_ACCESS};
-struct generic_mapping dom_generic_mapping = {GENERIC_RIGHTS_DOMAIN_READ, GENERIC_RIGHTS_DOMAIN_WRITE, GENERIC_RIGHTS_DOMAIN_EXECUTE, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS};
-struct generic_mapping usr_generic_mapping = {GENERIC_RIGHTS_USER_READ, GENERIC_RIGHTS_USER_WRITE, GENERIC_RIGHTS_USER_EXECUTE, GENERIC_RIGHTS_USER_ALL_ACCESS};
-struct generic_mapping grp_generic_mapping = {GENERIC_RIGHTS_GROUP_READ, GENERIC_RIGHTS_GROUP_WRITE, GENERIC_RIGHTS_GROUP_EXECUTE, GENERIC_RIGHTS_GROUP_ALL_ACCESS};
-struct generic_mapping ali_generic_mapping = {GENERIC_RIGHTS_ALIAS_READ, GENERIC_RIGHTS_ALIAS_WRITE, GENERIC_RIGHTS_ALIAS_EXECUTE, GENERIC_RIGHTS_ALIAS_ALL_ACCESS};
+struct generic_mapping sam_generic_mapping = {SAMR_READ, SAMR_WRITE, SAMR_EXECUTE, SAMR_ALL_ACCESS};
+struct generic_mapping dom_generic_mapping = {DOMAIN_READ, DOMAIN_WRITE, DOMAIN_EXECUTE, DOMAIN_ALL_ACCESS};
+struct generic_mapping usr_generic_mapping = {USER_READ, USER_WRITE, USER_EXECUTE, USER_ALL_ACCESS};
+struct generic_mapping grp_generic_mapping = {GROUP_READ, GROUP_WRITE, GROUP_EXECUTE, GROUP_ALL_ACCESS};
+struct generic_mapping ali_generic_mapping = {ALIAS_READ, ALIAS_WRITE, ALIAS_EXECUTE, ALIAS_ALL_ACCESS};
static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size);
/* These now zero out the old password */
- pdb_set_lanman_passwd(sam_pass, NULL, PDB_DEFAULT);
- pdb_set_nt_passwd(sam_pass, NULL, PDB_DEFAULT);
+ pdb_set_lanman_passwd(sam_pass, NULL);
+ pdb_set_nt_passwd(sam_pass, NULL);
}
return NT_STATUS_OK;
}
- if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
+ if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
return NT_STATUS_NO_MEMORY;
}
if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN,"_samr_open_domain"))) {
+ if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_OPEN_DOMAIN,"_samr_open_domain"))) {
return status;
}
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_DOMAIN_EXECUTE | GENERIC_RIGHTS_DOMAIN_READ);
+ init_sec_access(&mask, DOMAIN_EXECUTE | DOMAIN_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS);
+ init_sec_access(&mask, DOMAIN_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_USER_EXECUTE | GENERIC_RIGHTS_USER_READ);
+ init_sec_access(&mask, USER_EXECUTE | USER_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_USER_ALL_ACCESS);
+ init_sec_access(&mask, USER_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*extended access for the user*/
- init_sec_access(&mask,READ_CONTROL_ACCESS | SA_RIGHT_USER_CHANGE_PASSWORD | SA_RIGHT_USER_SET_LOC_COM);
+ init_sec_access(&mask,READ_CONTROL_ACCESS | USER_ACCESS_CHANGE_PASSWORD | USER_ACCESS_SET_LOC_COM);
init_sec_ace(&ace[3], usr_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL)
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_GROUP_EXECUTE | GENERIC_RIGHTS_GROUP_READ);
+ init_sec_access(&mask, GROUP_EXECUTE | GROUP_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_GROUP_ALL_ACCESS);
+ init_sec_access(&mask, GROUP_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
/*basic access for every one*/
- init_sec_access(&mask, GENERIC_RIGHTS_ALIAS_EXECUTE | GENERIC_RIGHTS_ALIAS_READ);
+ init_sec_access(&mask, ALIAS_EXECUTE | ALIAS_READ);
init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/*full access for builtin aliases Administrators and Account Operators*/
- init_sec_access(&mask, GENERIC_RIGHTS_ALIAS_ALL_ACCESS);
+ init_sec_access(&mask, ALIAS_ALL_ACCESS);
init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
domain_sid = info->sid;
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ DOMAIN_ACCESS_ENUM_ACCOUNTS,
"_samr_enum_dom_users"))) {
return r_u->status;
}
/* well-known aliases */
if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
- pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+ enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
if (num_entries != 0) {
*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
uint32 trid;
- if(!pdb_getgrgid(&smap, grp->gr_gid, MAPPING_WITHOUT_PRIV))
+ if(!get_group_from_gid(grp->gr_gid, &smap, MAPPING_WITHOUT_PRIV))
continue;
if (smap.sid_name_use!=SID_NAME_ALIAS) {
*p_num_entries = 0;
- pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
+ enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
num_entries=group_entries-start_idx;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) {
return r_u->status;
}
/* Get what we need from the password database */
switch (q_u->switch_level) {
case 0x1:
- /* When playing with usrmgr, this is necessary
- if you want immediate refresh after editing
- a user. I would like to do this after the
- setuserinfo2, but we do not have access to
- the domain handle in that call, only to the
- user handle. Where else does this hurt?
- -- Volker
- */
-#if 0
- /* We cannot do this here - it kills performace. JRA. */
- free_samr_users(info);
-#endif
case 0x2:
case 0x4:
become_root();
/* find the policy handle. open a policy on it. */
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_LOOKUP_INFO, "_samr_query_aliasinfo"))) {
return r_u->status;
}
!sid_check_is_in_builtin(&sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!pdb_getgrsid(&map, sid, MAPPING_WITHOUT_PRIV))
+ if (!get_group_map_from_sid(sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
switch (q_u->switch_level) {
if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user"))) {
+ if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_user"))) {
return nt_status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, USER_ACCESS_GET_GROUPS, "_samr_query_usergroups"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) {
+ if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_USER, "_samr_create_user"))) {
return nt_status;
}
return nt_status;
}
- if (!pdb_set_username(sam_pass, account, PDB_CHANGED)) {
+ if (!pdb_set_username(sam_pass, account)) {
pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
}
- pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
+ pdb_set_acct_ctrl(sam_pass, acb_info);
if (!pdb_add_sam_account(sam_pass)) {
pdb_free_sam(&sam_pass);
if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_lookup_domain"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_OPEN_DOMAIN, "_samr_lookup_domain"))) {
return r_u->status;
}
if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SAMR_ACCESS_ENUM_DOMAINS, "_samr_enum_domains"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias"))) {
+ if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_alias"))) {
return status;
}
pdb_free_sam(&pwd);
return False;
}
-
- /* FIX ME: check if the value is really changed --metze */
- if (!pdb_set_acct_ctrl(pwd, id10->acb_info, PDB_CHANGED)) {
+
+ if (!pdb_set_acct_ctrl(pwd, id10->acb_info)) {
pdb_free_sam(&pwd);
return False;
}
return False;
}
- if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd, PDB_CHANGED)) {
+ if (!pdb_set_lanman_passwd (pwd, id12->lm_pwd)) {
pdb_free_sam(&pwd);
return False;
}
- if (!pdb_set_nt_passwd (pwd, id12->nt_pwd, PDB_CHANGED)) {
+ if (!pdb_set_nt_passwd (pwd, id12->nt_pwd)) {
pdb_free_sam(&pwd);
return False;
}
if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */
+ acc_required = USER_ACCESS_SET_LOC_COM | USER_ACCESS_SET_ATTRIBUTES; /* This is probably wrong */
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */
+ acc_required = USER_ACCESS_SET_LOC_COM | USER_ACCESS_SET_ATTRIBUTES; /* This is probably wrong */
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) {
return r_u->status;
}
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
- ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases");
- ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_query_useraliases");
+ ntstatus1 = access_check_samr_function(info->acc_granted, DOMAIN_ACCESS_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases");
+ ntstatus2 = access_check_samr_function(info->acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_query_useraliases");
if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) {
if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) &&
return NT_STATUS_INVALID_HANDLE;
if (!NT_STATUS_IS_OK(r_u->status =
- access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) {
+ access_check_samr_function(acc_granted, ALIAS_ACCESS_GET_MEMBERS, "_samr_query_aliasmem"))) {
return r_u->status;
}
if (sid_equal(&alias_sid, &global_sid_Builtin)) {
DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
- if(!get_builtin_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
+ if(!get_local_group_from_sid(als_sid, &map, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
} else {
if (sid_equal(&alias_sid, get_global_sam_sid())) {
if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_query_groupmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_GET_MEMBERS, "_samr_query_groupmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_add_aliasmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_ADD_MEMBER, "_samr_add_aliasmem"))) {
return r_u->status;
}
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
+ } else {
+ passwd_free(&pwd);
}
- if ((grp=getgrgid(map.gid)) == NULL) {
- passwd_free(&pwd);
+ if ((grp=getgrgid(map.gid)) == NULL)
return NT_STATUS_NO_SUCH_ALIAS;
- }
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
/* if the user is already in the group */
- if(user_in_group_list(pwd->pw_name, grp_name)) {
- passwd_free(&pwd);
+ if(user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_IN_ALIAS;
- }
/*
* ok, the group exist, the user exist, the user is not in the group,
smb_add_user_group(grp_name, pwd->pw_name);
/* check if the user has been added then ... */
- if(!user_in_group_list(pwd->pw_name, grp_name)) {
- passwd_free(&pwd);
+ if(!user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */
- }
- passwd_free(&pwd);
return NT_STATUS_OK;
}
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_del_aliasmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_REMOVE_MEMBER, "_samr_del_aliasmem"))) {
return r_u->status;
}
GROUP_MAP map;
uid_t uid;
NTSTATUS ret;
- SAM_ACCOUNT *sam_user=NULL;
+ SAM_ACCOUNT *sam_user;
BOOL check;
uint32 acc_granted;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_add_groupmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_ADD_MEMBER, "_samr_add_groupmem"))) {
return r_u->status;
}
if ((pwd=getpwuid_alloc(uid)) == NULL) {
return NT_STATUS_NO_SUCH_USER;
+ } else {
+ passwd_free(&pwd);
}
- if ((grp=getgrgid(map.gid)) == NULL) {
- passwd_free(&pwd);
+ if ((grp=getgrgid(map.gid)) == NULL)
return NT_STATUS_NO_SUCH_GROUP;
- }
/* we need to copy the name otherwise it's overloaded in user_in_group_list */
fstrcpy(grp_name, grp->gr_name);
/* if the user is already in the group */
- if(user_in_group_list(pwd->pw_name, grp_name)) {
- passwd_free(&pwd);
+ if(user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_IN_GROUP;
- }
/*
* ok, the group exist, the user exist, the user is not in the group,
smb_add_user_group(grp_name, pwd->pw_name);
/* check if the user has been added then ... */
- if(!user_in_group_list(pwd->pw_name, grp_name)) {
- passwd_free(&pwd);
+ if(!user_in_group_list(pwd->pw_name, grp_name))
return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */
- }
- passwd_free(&pwd);
return NT_STATUS_OK;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_del_groupmem"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_REMOVE_MEMBER, "_samr_del_groupmem"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_user"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_group"))) {
return r_u->status;
}
if ( (grp=getgrgid(gid)) != NULL)
return NT_STATUS_ACCESS_DENIED;
- if(!pdb_delete_group_mapping_entry(group_sid))
+ if(!group_map_remove(group_sid))
return NT_STATUS_ACCESS_DENIED;
if (!close_policy_hnd(p, &q_u->group_pol))
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DELETE_ACCESS, "_samr_delete_dom_alias"))) {
return r_u->status;
}
return NT_STATUS_ACCESS_DENIED;
/* don't check if we removed it as it could be an un-mapped group */
- pdb_delete_group_mapping_entry(alias_sid);
+ group_map_remove(alias_sid);
if (!close_policy_hnd(p, &q_u->alias_pol))
return NT_STATUS_OBJECT_NAME_INVALID;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_GROUP, "_samr_create_dom_group"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_CREATE_ALIAS, "_samr_create_alias"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_LOOKUP_INFO, "_samr_query_groupinfo"))) {
return r_u->status;
}
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, GROUP_ACCESS_SET_INFO, "_samr_set_groupinfo"))) {
return r_u->status;
}
return NT_STATUS_INVALID_INFO_CLASS;
}
- if(!pdb_update_group_mapping_entry(&map)) {
+ if(!add_mapping_entry(&map, TDB_REPLACE)) {
free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}
if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) {
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, ALIAS_ACCESS_SET_INFO, "_samr_set_aliasinfo"))) {
return r_u->status;
}
return NT_STATUS_INVALID_INFO_CLASS;
}
- if(!pdb_update_group_mapping_entry(&map)) {
+ if(!add_mapping_entry(&map, TDB_REPLACE)) {
free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}
if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group"))) {
+ if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, DOMAIN_ACCESS_OPEN_ACCOUNT, "_samr_open_group"))) {
return status;
}
stored_time = pdb_get_logon_time(to);
DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logon_time(to, unix_time, PDB_CHANGED);
+ pdb_set_logon_time(to, unix_time, True);
}
if (!nt_time_is_zero(&from->logoff_time)) {
unix_time=nt_time_to_unix(&from->logoff_time);
stored_time = pdb_get_logoff_time(to);
DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
+ pdb_set_logoff_time(to, unix_time, True);
}
if (!nt_time_is_zero(&from->kickoff_time)) {
stored_time = pdb_get_kickoff_time(to);
DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
+ pdb_set_kickoff_time(to, unix_time , True);
}
if (!nt_time_is_zero(&from->pass_can_change_time)) {
stored_time = pdb_get_pass_can_change_time(to);
DEBUG(10,("INFO_21 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
+ pdb_set_pass_can_change_time(to, unix_time, True);
}
if (!nt_time_is_zero(&from->pass_last_set_time)) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
+ pdb_set_pass_last_set_time(to, unix_time);
}
if (!nt_time_is_zero(&from->pass_must_change_time)) {
stored_time=pdb_get_pass_must_change_time(to);
DEBUG(10,("INFO_21 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
+ pdb_set_pass_must_change_time(to, unix_time, True);
}
/* Backend should check this for sainity */
new_string = pdb_unistr2_convert(&from->uni_user_name);
DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
if (STRING_CHANGED)
- pdb_set_username(to , new_string, PDB_CHANGED);
+ pdb_set_username(to , new_string);
}
if (from->hdr_full_name.buffer) {
old_string = pdb_get_fullname(to);
- new_string = pdb_unistr2_convert(&from->uni_full_name);
+ new_string = pdb_unistr2_convert(&from->uni_user_name);
DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_fullname(to , new_string, PDB_CHANGED);
+ pdb_set_fullname(to , new_string);
}
if (from->hdr_home_dir.buffer) {
new_string = pdb_unistr2_convert(&from->uni_home_dir);
DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_homedir(to , new_string, PDB_CHANGED);
+ pdb_set_homedir(to , new_string, True);
}
if (from->hdr_dir_drive.buffer) {
new_string = pdb_unistr2_convert(&from->uni_dir_drive);
DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_dir_drive(to , new_string, PDB_CHANGED);
+ pdb_set_dir_drive(to , new_string, True);
}
if (from->hdr_logon_script.buffer) {
new_string = pdb_unistr2_convert(&from->uni_logon_script);
DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_logon_script(to , new_string, PDB_CHANGED);
+ pdb_set_logon_script(to , new_string, True);
}
if (from->hdr_profile_path.buffer) {
new_string = pdb_unistr2_convert(&from->uni_profile_path);
DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_profile_path(to , new_string, PDB_CHANGED);
+ pdb_set_profile_path(to , new_string, True);
}
if (from->hdr_acct_desc.buffer) {
new_string = pdb_unistr2_convert(&from->uni_acct_desc);
DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_acct_desc(to , new_string, PDB_CHANGED);
+ pdb_set_acct_desc(to , new_string);
}
if (from->hdr_workstations.buffer) {
new_string = pdb_unistr2_convert(&from->uni_workstations);
DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_workstations(to , new_string, PDB_CHANGED);
+ pdb_set_workstations(to , new_string);
}
if (from->hdr_unknown_str.buffer) {
new_string = pdb_unistr2_convert(&from->uni_unknown_str);
DEBUG(10,("INFO_21 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_unknown_str(to , new_string, PDB_CHANGED);
+ pdb_set_unknown_str(to , new_string);
}
if (from->hdr_munged_dial.buffer) {
new_string = pdb_unistr2_convert(&from->uni_munged_dial);
DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_munged_dial(to , new_string, PDB_CHANGED);
+ pdb_set_munged_dial(to , new_string);
}
- if (from->user_rid != pdb_get_user_rid(to)) {
+ if (from->user_rid) {
DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
/* we really allow this ??? metze */
- /* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
+ /* pdb_set_user_sid_from_rid(to, from->user_rid);*/
}
- if (from->group_rid != pdb_get_group_rid(to)) {
+ if (from->group_rid) {
DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
- pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
+ pdb_set_group_sid_from_rid(to, from->group_rid);
}
DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
- if (from->acb_info != pdb_get_acct_ctrl(to)) {
- pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
- }
+ pdb_set_acct_ctrl(to, from->acb_info);
- DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
- if (from->unknown_3 != pdb_get_unknown_3(to)) {
- pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
- }
+ DEBUG(10,("INFO_21 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
+ pdb_set_unknown_3(to, from->unknown_3);
+
DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
- if (from->logon_divs != pdb_get_logon_divs(to)) {
- pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
- }
+ pdb_set_logon_divs(to, from->logon_divs);
DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
- if (from->logon_hrs.len != pdb_get_hours_len(to)) {
- pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
- }
-
+ pdb_set_hours_len(to, from->logon_hrs.len);
DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-/* Fix me: only update if it changes --metze */
- pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
+ pdb_set_hours(to, from->logon_hrs.hours);
- DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
- if (from->unknown_5 != pdb_get_unknown_5(to)) {
- pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
- }
+ DEBUG(10,("INFO_21 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
+ pdb_set_unknown_5(to, from->unknown_5);
- DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
- if (from->unknown_6 != pdb_get_unknown_6(to)) {
- pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
- }
+ DEBUG(10,("INFO_21 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
+ pdb_set_unknown_6(to, from->unknown_6);
DEBUG(10,("INFO_21 PADDING1 %02X %02X %02X %02X %02X %02X\n",
from->padding1[0],
DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
+ pdb_set_pass_must_change_time(to,0, True);
}
DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
stored_time = pdb_get_logon_time(to);
DEBUG(10,("INFO_23 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logon_time(to, unix_time, PDB_CHANGED);
+ pdb_set_logon_time(to, unix_time, True);
}
if (!nt_time_is_zero(&from->logoff_time)) {
unix_time=nt_time_to_unix(&from->logoff_time);
stored_time = pdb_get_logoff_time(to);
DEBUG(10,("INFO_23 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
+ pdb_set_logoff_time(to, unix_time, True);
}
if (!nt_time_is_zero(&from->kickoff_time)) {
stored_time = pdb_get_kickoff_time(to);
DEBUG(10,("INFO_23 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
+ pdb_set_kickoff_time(to, unix_time , True);
}
if (!nt_time_is_zero(&from->pass_can_change_time)) {
stored_time = pdb_get_pass_can_change_time(to);
DEBUG(10,("INFO_23 PASS_CAN_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_can_change_time(to, unix_time, PDB_CHANGED);
+ pdb_set_pass_can_change_time(to, unix_time, True);
}
if (!nt_time_is_zero(&from->pass_last_set_time)) {
unix_time=nt_time_to_unix(&from->pass_last_set_time);
stored_time = pdb_get_pass_last_set_time(to);
DEBUG(10,("INFO_23 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
+ pdb_set_pass_last_set_time(to, unix_time);
}
if (!nt_time_is_zero(&from->pass_must_change_time)) {
stored_time=pdb_get_pass_must_change_time(to);
DEBUG(10,("INFO_23 PASS_MUST_CH: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
if (stored_time != unix_time)
- pdb_set_pass_must_change_time(to, unix_time, PDB_CHANGED);
+ pdb_set_pass_must_change_time(to, unix_time, True);
}
/* Backend should check this for sainity */
new_string = pdb_unistr2_convert(&from->uni_user_name);
DEBUG(10,("INFO_23 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
if (STRING_CHANGED)
- pdb_set_username(to , new_string, PDB_CHANGED);
+ pdb_set_username(to , new_string);
}
if (from->hdr_full_name.buffer) {
old_string = pdb_get_fullname(to);
- new_string = pdb_unistr2_convert(&from->uni_full_name);
+ new_string = pdb_unistr2_convert(&from->uni_user_name);
DEBUG(10,("INFO_23 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_fullname(to , new_string, PDB_CHANGED);
+ pdb_set_fullname(to , new_string);
}
if (from->hdr_home_dir.buffer) {
new_string = pdb_unistr2_convert(&from->uni_home_dir);
DEBUG(10,("INFO_23 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_homedir(to , new_string, PDB_CHANGED);
+ pdb_set_homedir(to , new_string, True);
}
if (from->hdr_dir_drive.buffer) {
new_string = pdb_unistr2_convert(&from->uni_dir_drive);
DEBUG(10,("INFO_23 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_dir_drive(to , new_string, PDB_CHANGED);
+ pdb_set_dir_drive(to , new_string, True);
}
if (from->hdr_logon_script.buffer) {
new_string = pdb_unistr2_convert(&from->uni_logon_script);
DEBUG(10,("INFO_23 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_logon_script(to , new_string, PDB_CHANGED);
+ pdb_set_logon_script(to , new_string, True);
}
if (from->hdr_profile_path.buffer) {
new_string = pdb_unistr2_convert(&from->uni_profile_path);
DEBUG(10,("INFO_23 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_profile_path(to , new_string, PDB_CHANGED);
+ pdb_set_profile_path(to , new_string, True);
}
if (from->hdr_acct_desc.buffer) {
new_string = pdb_unistr2_convert(&from->uni_acct_desc);
DEBUG(10,("INFO_23 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
if (STRING_CHANGED)
- pdb_set_acct_desc(to , new_string, PDB_CHANGED);
+ pdb_set_acct_desc(to , new_string);
}
if (from->hdr_workstations.buffer) {
new_string = pdb_unistr2_convert(&from->uni_workstations);
DEBUG(10,("INFO_23 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_workstations(to , new_string, PDB_CHANGED);
+ pdb_set_workstations(to , new_string);
}
if (from->hdr_unknown_str.buffer) {
new_string = pdb_unistr2_convert(&from->uni_unknown_str);
DEBUG(10,("INFO_23 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_unknown_str(to , new_string, PDB_CHANGED);
+ pdb_set_unknown_str(to , new_string);
}
if (from->hdr_munged_dial.buffer) {
new_string = pdb_unistr2_convert(&from->uni_munged_dial);
DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
if (STRING_CHANGED)
- pdb_set_munged_dial(to , new_string, PDB_CHANGED);
+ pdb_set_munged_dial(to , new_string);
}
- if (from->user_rid != pdb_get_user_rid(to)) {
+ if (from->user_rid) {
DEBUG(10,("INFO_23 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
/* we really allow this ??? metze */
- /* pdb_set_user_sid_from_rid(to, from->user_rid, PDB_CHANGED);*/
+ /* pdb_set_user_sid_from_rid(to, from->user_rid);*/
}
- if (from->group_rid != pdb_get_group_rid(to)) {
+ if (from->group_rid) {
DEBUG(10,("INFO_23 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
- pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
+ pdb_set_group_sid_from_rid(to, from->group_rid);
}
DEBUG(10,("INFO_23 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
- if (from->acb_info != pdb_get_acct_ctrl(to)) {
- pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
- }
+ pdb_set_acct_ctrl(to, from->acb_info);
- DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown_3(to),from->unknown_3));
- if (from->unknown_3 != pdb_get_unknown_3(to)) {
- pdb_set_unknown_3(to, from->unknown_3, PDB_CHANGED);
- }
+ DEBUG(10,("INFO_23 UNKOWN_3: %08X -> %08X\n",pdb_get_unknown3(to),from->unknown_3));
+ pdb_set_unknown_3(to, from->unknown_3);
+
DEBUG(15,("INFO_23 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
- if (from->logon_divs != pdb_get_logon_divs(to)) {
- pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
- }
+ pdb_set_logon_divs(to, from->logon_divs);
DEBUG(15,("INFO_23 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
- if (from->logon_hrs.len != pdb_get_hours_len(to)) {
- pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
- }
-
+ pdb_set_hours_len(to, from->logon_hrs.len);
DEBUG(15,("INFO_23 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-/* Fix me: only update if it changes --metze */
- pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
+ pdb_set_hours(to, from->logon_hrs.hours);
- DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown_5(to),from->unknown_5));
- if (from->unknown_5 != pdb_get_unknown_5(to)) {
- pdb_set_unknown_5(to, from->unknown_5, PDB_CHANGED);
- }
+ DEBUG(10,("INFO_23 UNKOWN_5: %08X -> %08X\n",pdb_get_unknown5(to),from->unknown_5));
+ pdb_set_unknown_5(to, from->unknown_5);
- DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
- if (from->unknown_6 != pdb_get_unknown_6(to)) {
- pdb_set_unknown_6(to, from->unknown_6, PDB_CHANGED);
- }
+ DEBUG(10,("INFO_23 UNKOWN_6: %08X -> %08X\n",pdb_get_unknown6(to),from->unknown_6));
+ pdb_set_unknown_6(to, from->unknown_6);
DEBUG(10,("INFO_23 PADDING1 %02X %02X %02X %02X %02X %02X\n",
from->padding1[0],
DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
+ pdb_set_pass_must_change_time(to,0, True);
}
DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2));
DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
/* first get the list of the domain groups */
- if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
+ if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return False;
DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
+++ /dev/null
-SAM API \r
-\r
-NTSTATUS sam_get_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC **sd)\r
-NTSTATUS sam_set_sec_obj(NT_USER_TOKEN *access, DOM_SID *sid, SEC_DESC *sd)\r
-\r
-NTSTATUS sam_lookup_name(NT_USER_TOKEN *access, DOM_SID *domain, char *name, DOM_SID **sid, uint32 *type)\r
-NTSTATUS sam_lookup_sid(NT_USER_TOKEN *access, DOM_SID *sid, char **name, uint32 *type)\r
-\r
-\r
-Domain API \r
-\r
-NTSTATUS sam_update_domain(SAM_DOMAIN_HANDLE *domain)\r
-\r
-NTSTATUS sam_enum_domains(NT_USER_TOKEN *access, int32 *domain_count, DOM_SID **domains, char **domain_names)\r
-NTSTATUS sam_lookup_domain(NT_USER_TOKEN *access, char *domain, DOM_SID **domainsid)\r
-\r
-NTSTATUS sam_get_domain_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)\r
-\r
-\r
-User API\r
-\r
-NTSTATUS sam_create_user(NT_USER_TOKEN *access, uint32 access_desired, SAM_USER_HANDLE **user)\r
-NTSTATUS sam_add_user(SAM_USER_HANDLE *user)\r
-NTSTATUS sam_update_user(SAM_USER_HANDLE *user)\r
-NTSTATUS sam_delete_user(SAM_USER_HANDLE * user)\r
-\r
-NTSTATUS sam_enum_users(NT_USER_TOKEN *access, DOM_SID *domain, int32 *user_count, SAM_USER_ENUM **users)\r
-\r
-NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE **user)\r
-NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE **user)\r
-\r
-\r
-Group API \r
-\r
-NTSTATUS sam_create_group(NT_USER_TOKEN *access, uint32 access_desired, uint32 typ, SAM_GROUP_HANDLE **group)\r
-NTSTATUS sam_add_group(SAM_GROUP_HANDLE *samgroup)\r
-NTSTATUS sam_update_group(SAM_GROUP_HANDLE *samgroup)\r
-NTSTATUS sam_delete_group(SAM_GROUP_HANDLE *groupsid)\r
-\r
-NTSTATUS sam_enum_groups(NT_USER_TOKEN *access, DOM_SID *domainsid, uint32 typ, uint32 *groups_count, SAM_GROUP_ENUM **groups)\r
-\r
-NTSTATUS sam_get_group_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *groupsid, SAM_GROUP_HANDLE **group)\r
-NTSTATUS sam_get_group_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_GROUP_HANDLE **group)\r
-\r
-NTSTATUS sam_add_member_to_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)\r
-NTSTATUS sam_delete_member_from_group(SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)\r
-NTSTATUS sam_enum_groupmembers(SAM_GROUP_HANLDE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)\r
-\r
-NTSTATUS sam_get_groups_of_user(SAM_USER_HANDLE *user, uint32 typ, uint32 *group_count, SAM_GROUP_ENUM **groups)\r
-\r
-\r
-\r
-structures\r
-\r
-typedef _SAM_GROUP_MEMBER {\r
- DOM_SID sid; \r
- BOOL group; /* specifies if it is a group or a user */ \r
-\r
-} SAM_GROUP_MEMBER\r
-\r
-typedef struct sam_user_enum {\r
- DOM_SID sid; \r
- char *username; \r
- char *full_name; \r
- char *user_desc; \r
- uint16 acc_ctrl; \r
-} SAM_USER_ENUM;\r
-\r
-typedef struct sam_group_enum {\r
- DOM_SID sid;\r
- char *groupname;\r
- char *comment;\r
-} SAM_GROUP_ENUM\r
-\r
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)\r
-NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)\r
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)\r
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)\r
-NTSTATUS sam_{get,set}_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)\r
-NTSTATUS sam_{get,set}_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)\r
-NTSTATUS sam_{get,set}_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)\r
-NTSTATUS sam_{get,set}_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)\r
-NTSTATUS sam_{get,set}_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)\r
-NTSTATUS sam_{get,set}_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)\r
-NTSTATUS sam_{get,set}_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)\r
-NTSTATUS sam_{get,set}_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uin16 *password_history)\r
-NTSTATUS sam_{get,set}_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)\r
-NTSTATUS sam_{get,set}_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)\r
-NTSTATUS sam_{get,set}_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)\r
-\r
-NTSTATUS sam_get_user_sid(SAM_USER_HANDLE *user, DOM_SID **sid)\r
-NTSTATUS sam_{get,set}_user_pgroup(SAM_USER_HANDLE *user, DOM_SID **pgroup)\r
-NTSTATUS sam_{get,set}_user_name(SAM_USER_HANDLE *user, char **username)\r
-NTSTATUS sam_{get,set}_user_fullname(SAM_USER_HANDLE *user, char** fullname)\r
-NTSTATUS sam_{get,set}_user_description(SAM_USER_HANDLE *user, char **description)\r
-NTSTATUS sam_{get,set}_user_home_dir(SAM_USER_HANDLE *user, char **home_dir)\r
-NTSTATUS sam_{get,set}_user_dir_drive(SAM_USER_HANDLE *user, char **dir_drive)\r
-NTSTATUS sam_{get,set}_user_logon_script(SAM_USER_HANDLE *user, char **logon_script)\r
-NTSTATUS sam_{get,set}_user_profile_path(SAM_USER_HANDLE *user, char **profile_path)\r
-NTSTATUS sam_{get,set}_user_workstations(SAM_USER_HANDLE *user, char **workstations)\r
-NTSTATUS sam_{get,set}_user_munged_dial(SAM_USER_HANDLE *user, char **munged_dial)\r
-NTSTATUS sam_{get,set}_user_lm_pwd(SAM_USER_HANDLE *user, DATA_BLOB *lm_pwd)\r
-NTSTATUS sam_{get,set}_user_nt_pwd(SAM_USER_HANDLE *user, DATA_BLOB *nt_pwd)\r
-NTSTATUS sam_{get,set}_user_plain_pwd(SAM_USER_HANDLE *user, DATA_BLOB *plaintext_pwd)\r
-NTSTATUS sam_{get,set}_user_acct_ctrl(SAM_USER_HANDLE *user, uint16 *acct_ctrl)\r
-NTSTATUS sam_{get,set}_user_logon_divs(SAM_USER_HANDLE *user, uint16 *logon_divs)\r
-NTSTATUS sam_{get,set}_user_hours(SAM_USER_HANDLE *user, uint32 *hours_len, uint8 **hours)\r
-NTSTATUS sam_{get,set}_user_logon_time(SAM_USER_HANDLE *user, NTTIME *logon_time)\r
-NTSTATUS sam_{get,set}_user_logoff_time(SAM_USER_HANDLE *user, NTTIME *logoff_time)\r
-NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME kickoff_time)\r
-NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME pwd_last_set)\r
-NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME pwd_can_change)\r
-NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME pwd_must_change)\r
-NTSTATUS sam_{get,set}_user_unknown_1(SAM_USER_HANDLE *user, char **unknown_1)\r
-NTSTATUS sam_{get,set}_user_unknown_2(SAM_USER_HANDLE *user, uint32 *unknown_2)\r
-NTSTATUS sam_{get,set}_user_unknown_3(SAM_USER_HANDLE *user, uint32 *unknown_3)\r
-NTSTATUS sam_{get,set}_user_unknown_4(SAM_USER_HANDLE *user, uint32 *unknown_4)\r
-\r
-NTSTATUS sam_get_group_sid(SAM_GROUP_HANDLE *group, DOM_SID **sid)\r
-NTSTATUS sam_get_group_typ(SAM_GROUP_HANDLE *group, uint32 *typ)\r
-NTSTATUS sam_{get,set}_group_name(SAM_GROUP_HANDLE *group, char **group_name)\r
-NTSTATUS sam_{get,set}_group_comment(SAM_GROUP_HANDLE *group, char **comment)\r
-NTSTATUS sam_{get,set}_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
\ No newline at end of file
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Jeremy Allison 1996-2001
- Copyright (C) Luke Kenneth Casson Leighton 1996-1998
- Copyright (C) Gerald (Jerry) Carter 2000-2001
- Copyright (C) Andrew Bartlett 2001-2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_ACCOUNT_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account)
-{
- ZERO_STRUCT(account->private); /* Don't touch the talloc context */
-
- /* Don't change these timestamp settings without a good reason.
- They are important for NT member server compatibility. */
-
- /* FIXME: We should actually call get_nt_time_max() or sthng
- * here */
- unix_to_nt_time(&(account->private.logoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max());
- account->private.unknown_1 = 0x00ffffff; /* don't know */
- account->private.logon_divs = 168; /* hours per week */
- account->private.hours_len = 21; /* 21 times 8 bits = 168 */
- memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */
- account->private.unknown_2 = 0x00000000; /* don't know */
- account->private.unknown_3 = 0x000004ec; /* don't know */
-}
-
-static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account)
-{
- if (*account) {
- data_blob_clear_free(&((*account)->private.lm_pw));
- data_blob_clear_free(&((*account)->private.nt_pw));
- if((*account)->private.plaintext_pw!=NULL)
- memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw));
-
- talloc_destroy((*account)->mem_ctx);
- *account = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE));
-
- if (*account==NULL) {
- DEBUG(0,("sam_init_account_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*account)->mem_ctx = mem_ctx;
-
- (*account)->free_fn = NULL;
-
- sam_fill_default_account(*account);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct sam_passwd.
- ************************************************************/
-
-NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init_named("sam internal SAM_ACCOUNT_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*account)->free_fn = destroy_sam_talloc;
-
- return NT_STATUS_OK;
-}
-
-/**
- * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure.
- *
- * Also wipes the LM and NT hashes and plaintext password from
- * memory.
- *
- * @param account SAM_ACCOUNT_HANDLE to free members of.
- **/
-
-static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account)
-{
-
- /* Kill off sensitive data. Free()ed by the
- talloc mechinism */
-
- data_blob_clear_free(&(account->private.lm_pw));
- data_blob_clear_free(&(account->private.nt_pw));
- if (account->private.plaintext_pw)
- memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw));
-}
-
-
-/************************************************************
- Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes.
- ***********************************************************/
-
-NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account)
-{
- SMB_ASSERT(account != NULL);
-
- sam_free_account_contents(account);
-
- sam_fill_default_account(account);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_ACCOUNT_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- sam_free_account_contents(*account);
-
- if ((*account)->free_fn) {
- (*account)->free_fn(account);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
- static fstring acct_str;
- size_t i = 0;
-
- acct_str[i++] = '[';
-
- if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
- if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
- for ( ; i < length - 2 ; i++ )
- acct_str[i] = ' ';
-
- i = length - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
-
- return acct_str;
-}
-
-/**********************************************************
- Decode the account control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_acct_ctrl(const char *p)
-{
- uint16 acct_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
- case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
- case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
- case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
- case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
- case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
- case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
- case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
- case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
- case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
- case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return acct_ctrl;
-}
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-
-void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
-{
- if (pwd != NULL) {
- int i;
- for (i = 0; i < 16; i++)
- slprintf(&p[i*2], 3, "%02X", pwd[i]);
- } else {
- if (acct_ctrl & ACB_PWNOTREQ)
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- else
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
-}
-
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-
-BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
-{
- int i;
- unsigned char lonybble, hinybble;
- char *hexchars = "0123456789ABCDEF";
- char *p1, *p2;
-
- if (!p)
- return (False);
-
- for (i = 0; i < 32; i += 2) {
- hinybble = toupper(p[i]);
- lonybble = toupper(p[i + 1]);
-
- p1 = strchr(hexchars, hinybble);
- p2 = strchr(hexchars, lonybble);
-
- if (!p1 || !p2)
- return (False);
-
- hinybble = PTR_DIFF(p1, hexchars);
- lonybble = PTR_DIFF(p2, hexchars);
-
- pwd[i / 2] = (hinybble << 4) | lonybble;
- }
- return (True);
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM_ACCOUNT_HANDLE access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- NTSTATUS status;
- SAM_DOMAIN_HANDLE *domain;
- SAM_ASSERT(!sampass || !sid);
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
- DEBUG(0, ("sam_get_account_domain_sid: Can't get domain for account\n"));
- return status;
- }
-
- return sam_get_domain_sid(domain, sid);
-}
-
-NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, const char **domain_name)
-{
- NTSTATUS status;
- SAM_DOMAIN_HANDLE *domain;
- SAM_ASSERT(sampass && domain_name);
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
- DEBUG(0, ("sam_get_account_domain_name: Can't get domain for account\n"));
- return status;
- }
-
- return sam_get_domain_name(domain, domain_name);
-}
-
-NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *acct_ctrl)
-{
- SAM_ASSERT(sampass && acct_ctrl);
-
- *acct_ctrl = sampass->private.acct_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logon_time)
-{
- SAM_ASSERT(sampass && logon_time) ;
-
- *logon_time = sampass->private.logon_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logoff_time)
-{
- SAM_ASSERT(sampass && logoff_time) ;
-
- *logoff_time = sampass->private.logoff_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *kickoff_time)
-{
- SAM_ASSERT(sampass && kickoff_time);
-
- *kickoff_time = sampass->private.kickoff_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_last_set_time)
-{
- SAM_ASSERT(sampass && pass_last_set_time);
-
- *pass_last_set_time = sampass->private.pass_last_set_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_can_change_time)
-{
- SAM_ASSERT(sampass && pass_can_change_time);
-
- *pass_can_change_time = sampass->private.pass_can_change_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_must_change_time)
-{
- SAM_ASSERT(sampass && pass_must_change_time);
-
- *pass_must_change_time = sampass->private.pass_must_change_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *logon_divs)
-{
- SAM_ASSERT(sampass && logon_divs);
-
- *logon_divs = sampass->private.logon_divs;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_hours_len(const SAM_ACCOUNT_HANDLE *sampass, uint32 *hours_len)
-{
- SAM_ASSERT(sampass && hours_len);
-
- *hours_len = sampass->private.hours_len;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, const uint8 **hours)
-{
- SAM_ASSERT(sampass && hours);
-
- *hours = sampass->private.hours;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt_pwd)
-{
- SAM_ASSERT(sampass);
-
- SMB_ASSERT((!sampass->private.nt_pw.data)
- || sampass->private.nt_pw.length == NT_HASH_LEN);
-
- *nt_pwd = sampass->private.nt_pw;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm_pwd)
-{
- SAM_ASSERT(sampass);
-
- SMB_ASSERT((!sampass->private.lm_pw.data)
- || sampass->private.lm_pw.length == LM_HASH_LEN);
-
- *lm_pwd = sampass->private.lm_pw;
-
- return NT_STATUS_OK;
-}
-
-/* Return the plaintext password if known. Most of the time
- it isn't, so don't assume anything magic about this function.
-
- Used to pass the plaintext to sam backends that might
- want to store more than just the NTLM hashes.
-*/
-
-NTSTATUS sam_get_account_plaintext_pwd(const SAM_ACCOUNT_HANDLE *sampass, char **plain_pwd)
-{
- SAM_ASSERT(sampass && plain_pwd);
-
- *plain_pwd = sampass->private.plaintext_pw;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- SAM_ASSERT(sampass);
-
- *sid = &(sampass->private.account_sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
-{
- SAM_ASSERT(sampass);
-
- *sid = &(sampass->private.group_sid);
-
- return NT_STATUS_OK;
-}
-
-/**
- * Get flags showing what is initalised in the SAM_ACCOUNT_HANDLE
- * @param sampass the SAM_ACCOUNT_HANDLE in question
- * @return the flags indicating the members initialised in the struct.
- **/
-
-NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *initflag)
-{
- SAM_ASSERT(sampass);
-
- *initflag = sampass->private.init_flag;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_name)
-{
- SAM_ASSERT(sampass);
-
- *account_name = sampass->private.account_name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_ASSERT(sampass);
-
- *domain = sampass->private.domain;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **fullname)
-{
- SAM_ASSERT(sampass);
-
- *fullname = sampass->private.full_name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homedir)
-{
- SAM_ASSERT(sampass);
-
- *homedir = sampass->private.home_dir;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char **uhomedir)
-{
- SAM_ASSERT(sampass);
-
- *uhomedir = sampass->private.unix_home_dir;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dirdrive)
-{
- SAM_ASSERT(sampass);
-
- *dirdrive = sampass->private.dir_drive;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **logon_script)
-{
- SAM_ASSERT(sampass);
-
- *logon_script = sampass->private.logon_script;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **profile_path)
-{
- SAM_ASSERT(sampass);
-
- *profile_path = sampass->private.profile_path;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **description)
-{
- SAM_ASSERT(sampass);
-
- *description = sampass->private.acct_desc;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **workstations)
-{
- SAM_ASSERT(sampass);
-
- *workstations = sampass->private.workstations;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **unknown_str)
-{
- SAM_ASSERT(sampass);
-
- *unknown_str = sampass->private.unknown_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **munged_dial)
-{
- SAM_ASSERT(sampass);
-
- *munged_dial = sampass->private.munged_dial;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown1)
-{
- SAM_ASSERT(sampass && unknown1);
-
- *unknown1 = sampass->private.unknown_1;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown2)
-{
- SAM_ASSERT(sampass && unknown2);
-
- *unknown2 = sampass->private.unknown_2;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown3)
-{
- SAM_ASSERT(sampass && unknown3);
-
- *unknown3 = sampass->private.unknown_3;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Collection of set...() functions for SAM_ACCOUNT_HANDLE_INFO.
- ********************************************************************/
-
-NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 acct_ctrl)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.acct_ctrl = acct_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logon_time = mytime;
-
-
- return NT_STATUS_UNSUCCESSFUL;
-}
-
-NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logoff_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.kickoff_time = mytime;
-
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_can_change_time = mytime;
-
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_must_change_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.pass_last_set_time = mytime;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.hours_len = len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.logon_divs = hours;
- return NT_STATUS_OK;
-}
-
-/**
- * Set flags showing what is initalised in the SAM_ACCOUNT_HANDLE
- * @param sampass the SAM_ACCOUNT_HANDLE in question
- * @param flag The *new* flag to be set. Old flags preserved
- * this flag is only added.
- **/
-
-NTSTATUS sam_set_account_init_flag(SAM_ACCOUNT_HANDLE *sampass, uint32 flag)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.init_flag |= flag;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *u_sid)
-{
- SAM_ASSERT(sampass && u_sid);
-
- sid_copy(&sampass->private.account_sid, u_sid);
-
- DEBUG(10, ("sam_set_account_sid: setting account sid %s\n",
- sid_string_static(&sampass->private.account_sid)));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, const char *u_sid)
-{
- DOM_SID new_sid;
- SAM_ASSERT(sampass && u_sid);
-
- DEBUG(10, ("sam_set_account_sid_from_string: setting account sid %s\n",
- u_sid));
-
- if (!string_to_sid(&new_sid, u_sid)) {
- DEBUG(1, ("sam_set_account_sid_from_string: %s isn't a valid SID!\n", u_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(sam_set_account_sid(sampass, &new_sid))) {
- DEBUG(1, ("sam_set_account_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", u_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *g_sid)
-{
- SAM_ASSERT(sampass && g_sid);
-
- sid_copy(&sampass->private.group_sid, g_sid);
-
- DEBUG(10, ("sam_set_group_sid: setting group sid %s\n",
- sid_string_static(&sampass->private.group_sid)));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, const char *g_sid)
-{
- DOM_SID new_sid;
- SAM_ASSERT(sampass && g_sid);
-
- DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n",
- g_sid));
-
- if (!string_to_sid(&new_sid, g_sid)) {
- DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(sam_set_account_pgroup_sid(sampass, &new_sid))) {
- DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_ACCOUNT_HANDLE!\n", g_sid));
- return NT_STATUS_UNSUCCESSFUL;
- }
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the domain name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.domain = domain;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's NT name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_name)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_account_name: setting nt account_name %s, was %s\n", account_name, sampass->private.account_name));
-
- sampass->private.account_name = talloc_strdup(sampass->mem_ctx, account_name);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's full name.
- ********************************************************************/
-
-NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_name)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_account_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name));
-
- sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's logon script.
- ********************************************************************/
-
-NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *logon_script, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script));
-
- sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
-
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's profile path.
- ********************************************************************/
-
-NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *profile_path, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path));
-
- sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's directory drive.
- ********************************************************************/
-
-NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_drive, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
- sampass->private.dir_drive));
-
- sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's home directory.
- ********************************************************************/
-
-NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_dir, BOOL store)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir,
- sampass->private.home_dir));
-
- sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's unix home directory.
- ********************************************************************/
-
-NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *unix_home_dir)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
- sampass->private.unix_home_dir));
-
- sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's account description.
- ********************************************************************/
-
-NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct_desc)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's workstation allowed list.
- ********************************************************************/
-
-NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *workstations)
-{
- SAM_ASSERT(sampass);
-
- DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations,
- sampass->private.workstations));
-
- sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's 'unknown_str', whatever the heck this actually is...
- ********************************************************************/
-
-NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *unknown_str)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's dial string.
- ********************************************************************/
-
-NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *munged_dial)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's NT hash.
- ********************************************************************/
-
-NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.nt_pw = data;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's LM hash.
- ********************************************************************/
-
-NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.lm_pw = data;
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's plaintext password only (base procedure, see helper
- below)
- ********************************************************************/
-
-NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *plain_pwd)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, plain_pwd);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_1 = unkn;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_2 = unkn;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
-{
- SAM_ASSERT(sampass);
-
- sampass->private.unknown_3 = unkn;
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_account_hours(SAM_ACCOUNT_HANDLE *sampass, const uint8 *hours)
-{
- SAM_ASSERT(sampass);
-
- if (!hours) {
- memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
- return NT_STATUS_OK;
- }
-
- memcpy(sampass->private.hours, hours, MAX_HOURS_LEN);
-
- return NT_STATUS_OK;
-}
-
-/* Helpful interfaces to the above */
-
-/*********************************************************************
- Sets the last changed times and must change times for a normal
- password change.
- ********************************************************************/
-
-NTSTATUS sam_set_account_pass_changed_now(SAM_ACCOUNT_HANDLE *sampass)
-{
- uint32 expire;
- NTTIME temptime;
-
- SAM_ASSERT(sampass);
-
- unix_to_nt_time(&temptime, time(NULL));
- if (!NT_STATUS_IS_OK(sam_set_account_pass_last_set_time(sampass, temptime)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
- || (expire==(uint32)-1)) {
-
- get_nttime_max(&temptime);
- if (!NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime, False)))
- return NT_STATUS_UNSUCCESSFUL;
-
- } else {
- /* FIXME: Add expire to temptime */
-
- if (!NT_STATUS_IS_OK(sam_get_account_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_account_pass_must_change_time(sampass, temptime,True)))
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-/*********************************************************************
- Set the account's PLAINTEXT password. Used as an interface to the above.
- Also sets the last change time to NOW.
- ********************************************************************/
-
-NTSTATUS sam_set_account_passwd(SAM_ACCOUNT_HANDLE *sampass, const char *plaintext)
-{
- DATA_BLOB data;
- uchar new_lanman_p16[16];
- uchar new_nt_p16[16];
-
- SAM_ASSERT(sampass && plaintext);
-
- nt_lm_owf_gen(plaintext, new_nt_p16, new_lanman_p16);
-
- data = data_blob(new_nt_p16, 16);
- if (!NT_STATUS_IS_OK(sam_set_account_nt_pwd(sampass, data)))
- return NT_STATUS_UNSUCCESSFUL;
-
- data = data_blob(new_lanman_p16, 16);
-
- if (!NT_STATUS_IS_OK(sam_set_account_lm_pwd(sampass, data)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!NT_STATUS_IS_OK(sam_set_account_plaintext_pwd(sampass, plaintext)))
- return NT_STATUS_UNSUCCESSFUL;
-
- if (!NT_STATUS_IS_OK(sam_set_account_pass_changed_now(sampass)))
- return NT_STATUS_UNSUCCESSFUL;
-
- return NT_STATUS_OK;
-}
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM_DOMAIN access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, const DOM_SID **sid)
-{
- SAM_ASSERT(domain &&sid);
-
- *sid = &(domain->private.sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_accounts)
-{
- SAM_ASSERT(domain &&num_accounts);
-
- *num_accounts = domain->private.num_accounts;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
-{
- SAM_ASSERT(domain &&num_groups);
-
- *num_groups = domain->private.num_groups;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
-{
- SAM_ASSERT(domain &&num_aliases);
-
- *num_aliases = domain->private.num_aliases;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, const char **domain_name)
-{
- SAM_ASSERT(domain &&domain_name);
-
- *domain_name = domain->private.name;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, const char **server_name)
-{
- SAM_ASSERT(domain &&server_name);
-
- *server_name = domain->private.servername;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
-{
- SAM_ASSERT(domain &&max_passwordage);
-
- *max_passwordage = domain->private.max_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
-{
- SAM_ASSERT(domain &&min_passwordage);
-
- *min_passwordage = domain->private.min_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
-{
- SAM_ASSERT(domain &&lockout_duration);
-
- *lockout_duration = domain->private.lockout_duration;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
-{
- SAM_ASSERT(domain &&reset_lockout_count);
-
- *reset_lockout_count = domain->private.reset_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
-{
- SAM_ASSERT(domain &&min_passwordlength);
-
- *min_passwordlength = domain->private.min_passwordlength;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history)
-{
- SAM_ASSERT(domain &&password_history);
-
- *password_history = domain->private.password_history;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
-{
- SAM_ASSERT(domain &&lockout_count);
-
- *lockout_count = domain->private.lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
-{
- SAM_ASSERT(domain &&force_logoff);
-
- *force_logoff = domain->private.force_logoff;
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
-{
- SAM_ASSERT(domain && login_pwdchange);
-
- *login_pwdchange = domain->private.login_pwdchange;
-
- return NT_STATUS_OK;
-}
-
-/* Set */
-
-NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, const char *domain_name)
-{
- SAM_ASSERT(domain);
-
- domain->private.name = talloc_strdup(domain->mem_ctx, domain_name);
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage)
-{
- SAM_ASSERT(domain);
-
- domain->private.max_passwordage = max_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage)
-{
- SAM_ASSERT(domain);
-
- domain->private.min_passwordage = min_passwordage;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration)
-{
- SAM_ASSERT(domain);
-
- domain->private.lockout_duration = lockout_duration;
-
- return NT_STATUS_OK;
-}
-NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count)
-{
- SAM_ASSERT(domain);
-
- domain->private.reset_count = reset_lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength)
-{
- SAM_ASSERT(domain);
-
- domain->private.min_passwordlength = min_passwordlength;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history)
-{
- SAM_ASSERT(domain);
-
- domain->private.password_history = password_history;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count)
-{
- SAM_ASSERT(domain);
-
- domain->private.lockout_count = lockout_count;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff)
-{
- SAM_ASSERT(domain);
-
- domain->private.force_logoff = force_logoff;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange)
-{
- SAM_ASSERT(domain);
-
- domain->private.login_pwdchange = login_pwdchange;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, const char *server_name)
-{
- SAM_ASSERT(domain);
-
- domain->private.servername = talloc_strdup(domain->mem_ctx, server_name);
-
- return NT_STATUS_OK;
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM_USER_HANDLE access routines
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/* sam group get functions */
-
-NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, const DOM_SID **sid)
-{
- SAM_ASSERT(group && sid);
-
- *sid = &(group->private.sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_ctrl(const SAM_GROUP_HANDLE *group, uint32 *group_ctrl)
-{
- SAM_ASSERT(group && group_ctrl);
-
- *group_ctrl = group->private.group_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, const char **group_name)
-{
- SAM_ASSERT(group);
-
- *group_name = group->private.group_name;
-
- return NT_STATUS_OK;
-
-}
-NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, const char **group_desc)
-{
- SAM_ASSERT(group);
-
- *group_desc = group->private.group_desc;
-
- return NT_STATUS_OK;
-}
-
-/* sam group set functions */
-
-NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, const DOM_SID *sid)
-{
- SAM_ASSERT(group);
-
- if (!sid)
- ZERO_STRUCT(group->private.sid);
- else
- sid_copy(&(group->private.sid), sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_group_ctrl(SAM_GROUP_HANDLE *group, uint32 group_ctrl)
-{
- SAM_ASSERT(group);
-
- group->private.group_ctrl = group_ctrl;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, const char *group_name)
-{
- SAM_ASSERT(group);
-
- group->private.group_name = talloc_strdup(group->mem_ctx, group_name);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_group_description(SAM_GROUP_HANDLE *group, const char *group_desc)
-{
- SAM_ASSERT(group);
-
- group->private.group_desc = talloc_strdup(group->mem_ctx, group_desc);
-
- return NT_STATUS_OK;
-
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers
-
- Copyright (C) Stefan (metze) Metzmacher 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_GROUP_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_group(SAM_GROUP_HANDLE *group)
-{
- ZERO_STRUCT(group->private); /* Don't touch the talloc context */
-
-}
-
-static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group)
-{
- if (*group) {
-
- talloc_destroy((*group)->mem_ctx);
- *group = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE));
-
- if (*group==NULL) {
- DEBUG(0,("sam_init_group_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*group)->mem_ctx = mem_ctx;
-
- (*group)->free_fn = NULL;
-
- sam_fill_default_group(*group);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct SAM_GROUP_HANDLE.
- ************************************************************/
-
-NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init_named("sam internal SAM_GROUP_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*group)->free_fn = destroy_sam_group_handle_talloc;
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Reset the SAM_GROUP_HANDLE.
- ***********************************************************/
-
-NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group)
-{
- SMB_ASSERT(group != NULL);
-
- sam_fill_default_group(group);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_GROUP_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if ((*group)->free_fn) {
- (*group)->free_fn(group);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the group control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length)
-{
- static fstring group_str;
- size_t i = 0;
-
- group_str[i++] = '[';
-
- if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L';
- if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G';
-
- for ( ; i < length - 2 ; i++ )
- group_str[i] = ' ';
-
- i = length - 2;
- group_str[i++] = ']';
- group_str[i++] = '\0';
-
- return group_str;
-}
-
-/**********************************************************
- Decode the group control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_group_ctrl(const char *p)
-{
- uint16 group_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ }
- case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ }
-
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return group_ctrl;
-}
-
+++ /dev/null
-/*
- * Unix SMB/CIFS implementation.
- * SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998
- * Copyright (C) Simo Sorce 2000-2002
- * Copyright (C) Gerald Carter 2000
- * Copyright (C) Jeremy Allison 2001
- * Copyright (C) Andrew Bartlett 2002
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-static int tdbgumm_debug_level = DBGC_ALL;
-#undef DBGC_CLASS
-#define DBGC_CLASS tdbgumm_debug_level
-
-#define GUMM_VERSION "20021012"
-#define TDB_FILE_NAME "gums_storage.tdb"
-#define TDB_FORMAT_STRING "B"
-#define DOMAIN_PREFIX "DOMAIN_"
-#define USER_PREFIX "USER_"
-#define GROUP_PREFIX "GROUP_"
-#define SID_PREFIX "SID_"
-
-static TDB_CONTEXT *gumm_tdb = NULL;
-
-/***************************************************************
- objects enumeration.
-****************************************************************/
-
-static NTSTATUS enumerate_objects(DOM_SID **sids, const DOM_SID *sid, const int obj_type);
-{
- TDB_CONTEXT *enum_tdb = NULL;
- TDB_DATA key;
-
- /* Open tdb gums module */
- if (!(enum_tdb = tdb_open_log(TDB_FILE_NAME, 0, TDB_DEFAULT, update?(O_RDWR|O_CREAT):O_RDONLY, 0600)))
- {
- DEBUG(0, ("Unable to open/create gumm tdb database\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- enum_key = tdb_firstkey(enum_tdb);
-
-
-
- tdb_close(enum_tdb);
-
- return NT_STATUS_OK;
-}
-
-
-static NTSTATUS module_init()
-{
-}
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Grops and Users Management System initializations.
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_GUMS*/
-
-#define GMV_MAJOR 0
-#define GMV_MINOR 1
-
-GUMS_FUNCTIONS *gums_storage;
-static void *dl_handle;
-
-PRIVS privs[] = {
- {PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
- {PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"},
- {PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"},
- {PRIV_LOCK_MEMORY, "SeLockMemory", "Lock Memory"},
- {PRIV_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota Privilege"},
- {PRIV_MACHINE_ACCOUNT, "SeMachineAccount", "Machine Account"},
- {PRIV_TCB, "SeTCB", "TCB"},
- {PRIV_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
- {PRIV_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
- {PRIV_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
- {PRIV_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
- {PRIV_SYSTEMTIME, "SeSystemtimePrivilege", "System Time"},
- {PRIV_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
- {PRIV_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
- {PRIV_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
- {PRIV_CREATE_PERMANENT, "SeCreatePermanent", "Create Permanent"},
- {PRIV_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
- {PRIV_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
- {PRIV_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
- {PRIV_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
- {PRIV_AUDIT, "SeAudit", "Audit"},
- {PRIV_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
- {PRIV_CHANGE_NOTIFY, "SeChangeNotify", "Change Notify"},
- {PRIV_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
- {PRIV_UNDOCK, "SeUndock", "Undock"},
- {PRIV_SYNC_AGENT, "SeSynchronizationAgent", "Synchronization Agent"},
- {PRIV_ENABLE_DELEGATION, "SeEnableDelegation", "Enable Delegation"},
- {PRIV_ALL, "SaAllPrivs", "All Privileges"}
-};
-
-NTSTATUS gums_init(const char *module_name)
-{
- int (*module_version)(int);
- NTSTATUS (*module_init)();
-/* gums_module_init module_init;*/
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5, ("Opening gums module %s\n", module_name));
- dl_handle = sys_dlopen(module_name, RTLD_NOW);
- if (!dl_handle) {
- DEBUG(0, ("ERROR: Failed to load gums module %s, error: %s\n", module_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- module_version = sys_dlsym(dl_handle, "gumm_version");
- if (!module_version) {
- DEBUG(0, ("ERROR: Failed to find gums module version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MAJOR) != GUMS_VERSION_MAJOR) {
- DEBUG(0, ("ERROR: Module's major version does not match gums version!\n"));
- goto error;
- }
-
- if (module_version(GMV_MINOR) != GUMS_VERSION_MINOR) {
- DEBUG(1, ("WARNING: Module's minor version does not match gums version!\n"));
- }
-
- module_open = sys_dlsym(dl_handle, "gumm_init");
- if (!module_open) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- goto error;
- }
-
- DEBUG(5, ("Initializing module %s\n", module_name));
-
- ret = module_init(&gums_storage);
- goto done;
-
-error:
- ret = NT_STATUS_UNSUCCESSFUL;
- sys_dlclose(dl_handle);
-
-done:
- return ret;
-}
-
-NTSTATUS gums_unload(void)
-{
- NSTATUS ret;
- NTSTATUS (*module_finalize)();
-
- if (!dl_handle)
- return NT_STATUS_UNSUCCESSFUL;
-
- module_close = sys_dlsym(dl_handle, "gumm_finalize");
- if (!module_finalize) {
- DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(5, ("Finalizing module %s\n", module_name));
-
- ret = module_finalize();
- sys_dlclose(dl_handle);
-3
- return ret;
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-/* Functions to get info from a GUMS object */
-
-NTSTATUS gums_get_object_type(uint32 *type, const GUMS_OBJECT *obj)
-{
- *type = obj->type;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_seq_num(uint32 *version, const GUMS_OBJECT *obj)
-{
- *version = obj->version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_sec_desc(SEC_DESC **sec_desc, const GUMS_OBJECT *obj)
-{
- *sec_desc = obj->sec_desc;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_sid(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- *sid = obj->sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_name(char **name, const GUMS_OBJECT *obj)
-{
- *name = obj->name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_object_description(char **description, const GUMS_OBJECT *obj)
-{
- *description = obj->description;
- return NT_STATUS_OK;
-}
-
-/* User specific functions */
-
-NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
-{
- if (!priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- *priv_set = obj->priv_set;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- *sid = ((GUMS_USER *)(obj->data))->group_sid;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_nt_pwd(DATA_BLOB **nt_pwd, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!nt_pwd)
- return NT_STATUS_INVALID_PARAMETER;
-
- *nt_pwd = ((GUMS_USER *)(obj->data))->nt_pw;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_lm_pwd(DATA_BLOB **lm_pwd, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!lm_pwd)
- return NT_STATUS_INVALID_PARAMETER;
-
- *lm_pwd = ((GUMS_USER *)(obj->data))->lm_pw;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_fullname(char **fullname, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!fullname)
- return NT_STATUS_INVALID_PARAMETER;
-
- *fullname = ((GUMS_USER *)(obj->data))->full_name;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_homedir(char **homedir, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!homedir)
- return NT_STATUS_INVALID_PARAMETER;
-
- *homedir = ((GUMS_USER *)(obj->data))->home_dir;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_dir_drive(char **dirdrive, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!dirdrive)
- return NT_STATUS_INVALID_PARAMETER;
-
- *dirdrive = ((GUMS_USER *)(obj->data))->dir_drive;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_script(char **logon_script, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!logon_script)
- return NT_STATUS_INVALID_PARAMETER;
-
- *logon_script = ((GUMS_USER *)(obj->data))->logon_script;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_profile_path(char **profile_path, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!profile_path)
- return NT_STATUS_INVALID_PARAMETER;
-
- *profile_path = ((GUMS_USER *)(obj->data))->profile_path;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_workstations(char **workstations, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!workstations)
- return NT_STATUS_INVALID_PARAMETER;
-
- *workstations = ((GUMS_USER *)(obj->data))->workstations;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_str(char **unknown_str, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!unknown_str)
- return NT_STATUS_INVALID_PARAMETER;
-
- *unknown_str = ((GUMS_USER *)(obj->data))->unknown_str;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_munged_dial(char **munged_dial, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!munged_dial)
- return NT_STATUS_INVALID_PARAMETER;
-
- *munged_dial = ((GUMS_USER *)(obj->data))->munged_dial;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_time(NTTIME **logon_time, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!logon_time)
- return NT_STATUS_INVALID_PARAMETER;
-
- *logon_time = ((GUMS_USER *)(obj->data))->logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logoff_time(NTTIME **logoff_time, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!logoff_time)
- return NT_STATUS_INVALID_PARAMETER;
-
- *logoff_time = ((GUMS_USER *)(obj->data))->logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_kickoff_time(NTTIME **kickoff_time, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!kickoff_time)
- return NT_STATUS_INVALID_PARAMETER;
-
- *kickoff_time = ((GUMS_USER *)(obj->data))->kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_last_set_time(NTTIME **pass_last_set_time, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!pass_last_set_time)
- return NT_STATUS_INVALID_PARAMETER;
-
- *pass_last_set_time = ((GUMS_USER *)(obj->data))->pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_can_change_time(NTTIME **pass_can_change_time, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!pass_can_change_time)
- return NT_STATUS_INVALID_PARAMETER;
-
- *pass_can_change_time = ((GUMS_USER *)(obj->data))->pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_pass_must_change_time(NTTIME **pass_must_change_time, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!pass_must_change_time)
- return NT_STATUS_INVALID_PARAMETER;
-
- *pass_must_change_time = ((GUMS_USER *)(obj->data))->pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_logon_divs(uint16 *logon_divs, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!logon_divs)
- return NT_STATUS_INVALID_PARAMETER;
-
- *logon_divs = ((GUMS_USER *)(obj->data))->logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours_len(uint32 *hours_len, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!hours_len)
- return NT_STATUS_INVALID_PARAMETER;
-
- *hours_len = ((GUMS_USER *)(obj->data))->hours_len;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_hours(uint8 **hours, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!hours)
- return NT_STATUS_INVALID_PARAMETER;
-
- *hours = ((GUMS_USER *)(obj->data))->hours;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_3(uint32 *unknown3, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!unknown3)
- return NT_STATUS_INVALID_PARAMETER;
-
- *unknown3 = ((GUMS_USER *)(obj->data))->unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_5(uint32 *unknown5, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!unknown5)
- return NT_STATUS_INVALID_PARAMETER;
-
- *unknown5 = ((GUMS_USER *)(obj->data))->unknown_5;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_get_user_unknown_6(uint32 *unknown6, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!unknown6)
- return NT_STATUS_INVALID_PARAMETER;
-
- *unknown6 = ((GUMS_USER *)(obj->data))->unknown_6;
- return NT_STATUS_OK;
-}
-
-/* Group specific functions */
-
-NTSTATUS gums_get_group_members(uint32 *count, DOM_SID **members, const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- if (!members)
- return NT_STATUS_INVALID_PARAMETER;
-
- *count = ((GUMS_GROUP *)(obj->data))->count;
- *members = ((GUMS_GROUP *)(obj->data))->members;
- return NT_STATUS_OK;
-}
-
-/* set functions */
-
-NTSTATUS gums_create_data_set(GUMS_COMMIT_SET **com_set, TALLOC_CTX *ctx, DOM_SID *sid, uint32 type)
-{
- TALLOC_CTX *mem_ctx;
- GUMS_COMMIT_SET *set;
-
- mem_ctx = talloc_init_named("commit_set");
- if (mem_ctx == NULL)
- return NT_STATUS_NO_MEMORY;
- set = (GUMS_COMMIT_SET *)talloc(mem_ctx, sizeof(GUMS_COMMIT_SET));
- if (set == NULL) {
- talloc_destroy(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- set->mem_ctx = mem_ctx;
- set->type = type;
- sid_copy(&(set->sid), sid);
- set->count = 0;
- set->data = NULL;
- *com_set = set;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_sec_desc(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
-{
- GUMS_DATA_SET *data_set;
- SEC_DESC *new_sec_desc;
-
- if (!mem_ctx || !com_set || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SEC_DESC;
- new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
- if (new_sec_desc == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_sec_desc;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_del_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!mem_ctx || !com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_PRIVILEGE;
- if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_privilege_set(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
-{
- GUMS_DATA_SET *data_set;
- PRIVILEGE_SET *new_priv_set;
-
- if (!mem_ctx || !com_set || !priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SEC_DESC;
- if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_priv_set;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
-{
- GUMS_DATA_SET *data_set;
- char *new_str;
-
- if (!mem_ctx || !com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_str = talloc_strdup(mem_ctx, str);
- if (new_str == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (char *)(data_set->data) = new_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
-{
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
-}
-
-NTSTATUS gums_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
-{
- return gums_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
-}
-
-NTSTATUS gums_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
-}
-
-NTSTATUS gums_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
-}
-
-NTSTATUS gums_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
-}
-
-NTSTATUS gums_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
-}
-
-NTSTATUS gums_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
-}
-
-NTSTATUS gums_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
-}
-
-NTSTATUS gums_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
-}
-
-NTSTATUS gums_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
-}
-
-NTSTATUS gums_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *time)
-{
- GUMS_DATA_SET *data_set;
- NTTIME *new_time;
-
- if (!mem_ctx || !com_set || !time || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_time = talloc(mem_ctx, sizeof(NTTIME));
- if (new_time == NULL)
- return NT_STATUS_NO_MEMORY;
-
- new_time->low = time->low;
- new_time->high = time->high;
- (char *)(data_set->data) = new_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_logon_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
-}
-
-NTSTATUS gums_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
-}
-
-NTSTATUS gums_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
-}
-
-NTSTATUS gums_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
-}
-
-NTSTATUS gums_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
-}
-
-NTSTATUS gums_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
-}
-
-NTSTATUS gums_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_add_users_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_add_sids_to_group(mem_ctx, com_set, sids, count);
-}
-
-NTSTATUS gums_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_sids_in_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!mem_ctx || !com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
- data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SID_LIST;
- new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
-{
- return gums_storage->set_object_values(set->sid, set->count, set->data);
-}
-
-NTSTATUS gums_destroy_data_set(GUMS_COMMIT_SET **com_set)
-{
- talloc_destroy((*com_set)->mem_ctx);
- *com_set = NULL;
-
- return NT_STATUS_OK;
-}
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- GUMS backends helper functions
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-extern GUMS_FUNCTIONS *gums_storage;
-
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin_Administrators;
-extern DOM_SID global_sid_Builtin_Power_Users;
-extern DOM_SID global_sid_Builtin_Account_Operators;
-extern DOM_SID global_sid_Builtin_Server_Operators;
-extern DOM_SID global_sid_Builtin_Print_Operators;
-extern DOM_SID global_sid_Builtin_Backup_Operators;
-extern DOM_SID global_sid_Builtin_Replicator;
-extern DOM_SID global_sid_Builtin_Users;
-extern DOM_SID global_sid_Builtin_Guests;
-
-
-/* defines */
-
-#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define NTSTATUS_CHECK(str1, str2, err, label) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
-
-/****************************************************************************
- Check if a user is a mapped group.
-
- This function will check if the group SID is mapped onto a
- system managed gid or onto a winbind manged sid.
- In the first case it will be threated like a mapped group
- and the backend should take the member list with a getgrgid
- and ignore any user that have been possibly set into the group
- object.
-
- In the second case, the group is a fully SAM managed group
- served back to the system through winbind. In this case the
- members of a Local group are "unrolled" to cope with the fact
- that unix cannot contain groups inside groups.
- The backend MUST never call any getgr* / getpw* function or
- loops with winbind may happen.
- ****************************************************************************/
-
-/*
-NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
-{
- NTSTATUS result;
- gid_t id;
-
- /* look if mapping exist, do not make idmap alloc an uid if SID is not found * /
- result = idmap_get_gid_from_sid(&id, sid, False);
- if (NT_STATUS_IS_OK(result)) {
- *mapped = gid_is_in_winbind_range(id);
- } else {
- *mapped = False;
- }
-
- return result;
-}
-*/
-
-/****************************************************************************
- duplicate alloc luid_attr
- ****************************************************************************/
-NTSTATUS dupalloc_luid_attr(TALLOC_CTX *ctx, LUID_ATTR **new_la, LUID_ATTR old_la)
-{
- *new_la = (LUID_ATTR *)talloc(ctx, sizeof(LUID_ATTR));
- if (*new_la == NULL) {
- DEBUG(0,("dupalloc_luid_attr: could not Alloc memory to duplicate LUID_ATTR\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*new_la)->luid.high = old_la.luid.high;
- (*new_la)->luid.low = old_la.luid.low;
- (*new_la)->attr = old_la.attr;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- initialise a privilege list
- ****************************************************************************/
-void init_privilege(PRIVILEGE_SET *priv_set)
-{
- priv_set->count=0;
- priv_set->control=0;
- priv_set->set=NULL;
-}
-
-/****************************************************************************
- add a privilege to a privilege array
- ****************************************************************************/
-NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
-
- /* check if the privilege is not already in the list */
- if (check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* we can allocate memory to add the new privilege */
-
- new_set=(LUID_ATTR *)talloc_realloc(ctx, priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- new_set[priv_set->count].luid.high=set.luid.high;
- new_set[priv_set->count].luid.low=set.luid.low;
- new_set[priv_set->count].attr=set.attr;
-
- priv_set->count++;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- add all the privileges to a privilege array
- ****************************************************************************/
-NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
-{
- NTSTATUS result = NT_STATUS_OK;
- LUID_ATTR set;
-
- set.attr=0;
- set.luid.high=0;
-
- set.luid.low=SE_PRIV_ADD_USERS;
- result = add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_ADD_MACHINES;
- result = add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
- set.luid.low=SE_PRIV_PRINT_OPERATOR;
- result = add_privilege(priv_set, ctx, set);
- NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
-
-done:
- return result;
-}
-
-/****************************************************************************
- check if the privilege list is empty
- ****************************************************************************/
-BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
-{
- return (priv_set->count == 0);
-}
-
-/****************************************************************************
- check if the privilege is in the privilege list
- ****************************************************************************/
-BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
-{
- int i;
-
- /* if the list is empty, obviously we can't have it */
- if (check_empty_privilege(priv_set))
- return False;
-
- for (i=0; i<priv_set->count; i++) {
- LUID_ATTR *cur_set;
-
- cur_set=&priv_set->set[i];
- /* check only the low and high part. Checking the attr field has no meaning */
- if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) )
- return True;
- }
-
- return False;
-}
-
-/****************************************************************************
- remove a privilege from a privilege array
- ****************************************************************************/
-NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i,j;
-
- /* check if the privilege is in the list */
- if (!check_priv_in_privilege(priv_set, set))
- return NT_STATUS_UNSUCCESSFUL;
-
- /* special case if it's the only privilege in the list */
- if (priv_set->count==1) {
- init_privilege(priv_set);
- return NT_STATUS_OK;
- }
-
- /*
- * the privilege is there, create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set=(LUID_ATTR *)talloc(ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0, j=0; i<priv_set->count; i++) {
- if ((old_set[i].luid.low == set.luid.low) &&
- (old_set[i].luid.high == set.luid.high)) {
- continue;
- }
-
- new_set[j].luid.low = old_set[i].luid.low;
- new_set[j].luid.high = old_set[i].luid.high;
- new_set[j].attr = old_set[i].attr;
-
- j++;
- }
-
- if (j != priv_set->count - 1) {
- DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n"));
- DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* ok everything is fine */
-
- priv_set->count--;
- priv_set->set=new_set;
-
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
- duplicates a privilege array
- ****************************************************************************/
-NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
-{
- LUID_ATTR *new_set;
- LUID_ATTR *old_set;
- int i;
-
- *new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
- init_privilege(*new_priv_set);
-
- /* special case if there are no privileges in the list */
- if (priv_set->count == 0) {
- return NT_STATUS_OK;
- }
-
- /*
- * create a new list,
- * and copy the other privileges
- */
-
- old_set = priv_set->set;
-
- new_set = (LUID_ATTR *)talloc(mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
- if (new_set==NULL) {
- DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i < priv_set->count; i++) {
-
- new_set[i].luid.low = old_set[i].luid.low;
- new_set[i].luid.high = old_set[i].luid.high;
- new_set[i].attr = old_set[i].attr;
- }
-
- (*new_priv_set)->count = priv_set->count;
- (*new_priv_set)->control = priv_set->control;
- (*new_priv_set)->set = new_set;
-
- return NT_STATUS_OK;
-}
-
-#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
-#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
- (READ_CONTROL_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO | \
- SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */
-
-#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
-
-NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
-{
- DOM_SID *world = &global_sid_World;
- DOM_SID *admins = &global_sid_Builtin_Administrators;
- SEC_ACCESS sa;
- SEC_ACE sacl_ace;
- SEC_ACE dacl_aces[2];
- SEC_ACL *sacl = NULL;
- SEC_ACL *dacl = NULL;
- size_t psize;
-
- init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS);
- init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG);
-
- sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
- init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS);
- init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
-
- dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, admins, admins, sacl, dacl, &psize);
- if (!(*sec_desc)) {
- DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask)
-{
- NTSTATUS result;
- SEC_ACE *new_aces;
- unsigned num_aces;
- int i;
-
- num_aces = sec_desc->dacl->num_aces + 1;
- result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask);
- if (NT_STATUS_IS_OK(result)) {
- sec_desc->dacl->ace = new_aces;
- sec_desc->dacl->num_aces = num_aces;
- sec_desc->dacl->size = SEC_ACL_HEADER_SIZE;
- for (i = 0; i < num_aces; i++) {
- sec_desc->dacl->size += sec_desc->dacl->ace[i].size;
- }
- }
- return result;
-}
-
-NTSTATUS gums_init_builtin_groups(void)
-{
- NTSTATUS result;
- GUMS_OBJECT g_obj;
- GUMS_GROUP *g_grp;
- GUMS_PRIVILEGE g_priv;
-
- /* Build the well known Builtin Local Groups */
- g_obj.type = GUMS_OBJ_GROUP;
- g_obj.version = 1;
- g_obj.seq_num = 0;
- g_obj.mem_ctx = talloc_init_named("gums_init_backend_acct");
- if (g_obj.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Administrators */
-
- /* alloc group structure */
- g_obj.data = (void *)talloc(g_obj.mem_ctx, sizeof(GUMS_OBJ_GROUP));
- ALLOC_CHECK("gums_init_backend", g_obj.data, result, done);
-
- /* make admins sid */
- g_grp = (GUMS_GROUP *)g_obj.data;
- sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
-
- /* make security descriptor */
- result = create_builtin_alias_default_sec_desc(&(g_obj.sec_desc), g_obj.mem_ctx);
- NTSTATUS_CHECK("gums_init_backend", "create_builtin_alias_default_sec_desc", result, done);
-
- /* make privilege set */
- /* From BDC join trace:
- SeSecurityPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- SeTakeOwnershipPrivilege
- SeDebugPrivilege
- SeSystemEnvironmentPrivilege
- SeSystemProfilePrivilege
- SeProfileSingleProcessPrivilege
- SeIncreaseBasePriorityPrivilege
- SeLocalDriverPrivilege
- SeCreatePagefilePrivilege
- SeIncreaseQuotaPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Administrators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can fully administer the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* numebr of group members */
- g_grp->count = 0;
- g_grp->members = NULL;
-
- /* store Administrators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Power Users */
- /* Domain Controllers Does NOT have power Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Power_Users);
-
- /* make privilege set */
- /* SE_PRIV_??? */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
-/* > */ g_obj.description = talloc_strdup(g_obj.mem_ctx, "Power Users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Power Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Account Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Account_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Account Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain user and group accounts");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Account Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Server Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Server_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeSystemtimePrivilege
- SeShutdownPrivilege
- SeRemoteShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Server Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain servers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Server Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Print Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Print_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Print Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can administer domain printers");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Print Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Backup Operators */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Backup_Operators);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Backup Operators");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Members can bypass file security to backup files");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Backup Operators group */
- result = gums_storage->set_object(&g_obj);
-
- /* Replicator */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Replicator);
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege
- SeRestorePrivilege
- SeShutdownPrivilege
- */
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Replicator");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Supports file replication in a domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Replicator group */
- result = gums_storage->set_object(&g_obj);
-
- /* Users */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Users);
-
- /* add ACE to sec dsec dacl */
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- sec_desc_add_ace_to_dacl(g_obj.sec_desc, g_obj.mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Users");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Ordinary users");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Users group */
- result = gums_storage->set_object(&g_obj);
-
- /* Guests */
-
- sid_copy(g_obj.sid, &global_sid_Builtin_Guests);
-
- /* set name */
- g_obj.name = talloc_strdup(g_obj.mem_ctx, "Guests");
- ALLOC_CHECK("gums_init_backend", g_obj.name, result, done);
-
- /* set description */
- g_obj.description = talloc_strdup(g_obj.mem_ctx, "Users granted guest access to the computer/domain");
- ALLOC_CHECK("gums_init_backend", g_obj.description, result, done);
-
- /* store Guests group */
- result = gums_storage->set_object(&g_obj);
-
- /* set default privileges */
- g_priv.type = GUMS_OBJ_GROUP;
- g_priv.version = 1;
- g_priv.seq_num = 0;
- g_priv.mem_ctx = talloc_init_named("gums_init_backend_priv");
- if (g_priv.mem_ctx == NULL) {
- DEBUG(0, ("gums_init_backend: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
-
-
-done:
- talloc_destroy(g_obj.mem_ctx);
- talloc_destroy(g_priv.mem_ctx);
- return result;
-}
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Kai Krüger 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-extern DOM_SID global_sid_Builtin;
-
-/** List of various built-in sam modules */
-
-const struct sam_init_function_entry builtin_sam_init_functions[] = {
- { "plugin", sam_init_plugin },
-#ifdef HAVE_LDAP
- { "ads", sam_init_ads },
-#endif
- { "skel", sam_init_skel },
- { NULL, NULL}
-};
-
-
-static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (strequal(domainname, tmp_methods->domain_name))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
-{
- *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
-
- if (!*methods) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*methods);
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Free and cleanup a sam context, any associated data and anything
- that the attached modules might have associated.
- *******************************************************************/
-
-void free_sam_context(SAM_CONTEXT **context)
-{
- SAM_METHODS *sam_selected = (*context)->methods;
-
- while (sam_selected) {
- if (sam_selected->free_private_data) {
- sam_selected->free_private_data(&(sam_selected->private_data));
- }
- sam_selected = sam_selected->next;
- }
-
- talloc_destroy((*context)->mem_ctx);
- *context = NULL;
-}
-
-/******************************************************************
- Make a backend_entry from scratch
- *******************************************************************/
-
-static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
-{
- char *tmp = NULL;
- char *tmp_string = sam_backend_string;
-
- DEBUG(5,("make_backend_entry: %d\n", __LINE__));
-
- SAM_ASSERT(sam_backend_string && backend_entry);
-
- backend_entry->module_name = sam_backend_string;
-
- DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
-
- if ((tmp = strrchr(tmp_string, '|')) != NULL) {
- DEBUGADD(20,("a domain name has been specified\n"));
- *tmp = 0;
- backend_entry->domain_name = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if ((tmp = strchr(tmp_string, ':')) != NULL) {
- DEBUG(20,("options for the backend have been specified\n"));
- *tmp = 0;
- backend_entry->module_params = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if (backend_entry->domain_name == NULL) {
- DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
- backend_entry->module_name, lp_workgroup()));
- backend_entry->domain_name = smb_xstrdup(lp_workgroup());
- }
-
- if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
- DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
-
- if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
- DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
- backend_entry->domain_name));
- DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
- ZERO_STRUCTP(backend_entry->domain_sid);
- }
-
- DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
- backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- create sam_methods struct based on sam_backend_entry
- *****************************************************************/
-
-static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SAM_METHODS *methods;
- int i;
-
- DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
- return nt_status;
- }
-
- methods = *methods_ptr;
- methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
- methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
- sid_copy(&methods->domain_sid, backend_entry->domain_sid);
- methods->parent = context;
-
- DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
- for (i = 0; builtin_sam_init_functions[i].module_name; i++)
- {
- if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
- {
- DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
- DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
- nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
- if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
- } else {
- DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
- backend_entry->module_name, nt_errstr(nt_status)));
- }
- return nt_status;
- }
- }
-
- DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
-
- return NT_STATUS_INVALID_PARAMETER;
-}
-
-static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
-{
- SAM_BACKEND_ENTRY entry;
- DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
- SAM_METHODS *methods, *tmpmethods;
- NTSTATUS ntstatus;
-
- DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
-
- /* Make sure domain lp_workgroup() is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
- lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
-
- SAM_ASSERT(global_sam_sid);
-
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = lp_workgroup();
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, global_sam_sid);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
-
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
- return ntstatus;
- }
-
- /* Make sure the BUILTIN domain is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
- SAM_DEFAULT_BACKEND));
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = "BUILTIN";
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, &global_sid_Builtin);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
- return ntstatus;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
-{
- int i, j;
-
- DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
-
- for (i = 0; i < *nBackends; i++) {
- for (j = i + 1; j < *nBackends; j++) {
- if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
- DEBUG(0,("two backend modules claim the same domain %s\n",
- sid_string_static((*backend_entries)[j].domain_sid)));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
-{
- int i = 0, j = 0;
- SAM_METHODS *curmethods, *tmpmethods;
- int nBackends = 0;
- SAM_BACKEND_ENTRY *backends = NULL;
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
-
- if (!sam_backends_param) {
- DEBUG(1, ("no SAM backeds specified!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
- DEBUG(4,("make_sam_context failed\n"));
- return nt_status;
- }
-
- while (sam_backends_param[nBackends])
- nBackends++;
-
- DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
-
- if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
- DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- memset(backends, '\0', sizeof(*backends)*nBackends);
-
- for (i = 0; i < nBackends; i++) {
- DEBUG(8,("processing %s\n",sam_backends_param[i]));
- if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
- DEBUG(4,("make_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- }
-
- if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
- DEBUG(4,("check_duplicate_backend_entries failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
-
- for (i = 0; i < nBackends; i++) {
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
- }
-
- for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
-
- SAFE_FREE(backends);
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Make a sam_context from scratch.
- *******************************************************************/
-
-NTSTATUS make_sam_context(SAM_CONTEXT **context)
-{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init_named("sam_context internal allocation context");
-
- if (!mem_ctx) {
- DEBUG(0, ("make_sam_context: talloc init failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *context = talloc(mem_ctx, sizeof(**context));
- if (!*context) {
- DEBUG(0, ("make_sam_context: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*context);
-
- (*context)->mem_ctx = mem_ctx;
-
- (*context)->free_fn = free_sam_context;
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Return an already initialised sam_context, to facilitate backward
- compatibility (see functions below).
- *******************************************************************/
-
-static struct sam_context *sam_get_static_context(BOOL reload)
-{
- static SAM_CONTEXT *sam_context = NULL;
-
- if ((sam_context) && (reload)) {
- sam_context->free_fn(&sam_context);
- sam_context = NULL;
- }
-
- if (!sam_context) {
- if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
- DEBUG(4,("make_sam_context_list failed\n"));
- return NULL;
- }
-
- /* Make sure the required domains (default domain, builtin) are available */
- if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
- DEBUG(4,("sam_context_check_default_backends failed\n"));
- return NULL;
- }
- }
-
- return sam_context;
-}
-
-/***************************************************************
- Initialize the static context (at smbd startup etc).
-
- If uninitialised, context will auto-init on first use.
- ***************************************************************/
-
-BOOL initialize_sam(BOOL reload)
-{
- return (sam_get_static_context(reload) != NULL);
-}
-
-
-/**************************************************************
- External API. This is what the rest of the world calls...
-***************************************************************/
-
-/******************************************************************
- sam_* functions are used to link the external SAM interface
- with the internal backends. These functions lookup the appropriate
- backends for the domain and pass on to the function in sam_methods
- in the selected backend
-
- When the context parmater is NULL, the default is used.
- *******************************************************************/
-
-#define SAM_SETUP_CONTEXT if (!context) \
- context = sam_get_static_context(False);\
- if (!context) {\
- return NT_STATUS_UNSUCCESSFUL; \
- }\
-
-
-
-NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_sec_desc) {
- DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_set_sec_desc) {
- DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_name) {
- DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
- DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
- tmp_methods->domain_name, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- sid_copy(&domainsid, sid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_sid) {
- DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
- DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
- sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid domain specified */
- SAM_ASSERT(domain && domain->current_sam_methods);
-
- tmp_methods = domain->current_sam_methods;
-
- if (!tmp_methods->sam_update_domain) {
- DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
- DEBUG(4,("sam_update_domain in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
- int i = 0;
-
- DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters specified */
- SAM_ASSERT(domain_count && domains && domain_names);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
- *domain_count = 0;
-
- while (tmp_methods) {
- (*domain_count)++;
- tmp_methods= tmp_methods->next;
- }
-
- DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
-
- tmp_methods = context->methods;
-
- if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
- SAFE_FREE((*domains));
- return NT_STATUS_NO_MEMORY;
- }
-
- while (tmp_methods) {
- DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
- sid_copy(domains[i],&tmp_methods->domain_sid);
- *domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
- i++;
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
-
- DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid paramters */
- SAM_ASSERT(access_token && domain && domainsid);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- if (strcmp(domain, tmp_methods->domain_name) == 0) {
- (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy((*domainsid), &tmp_methods->domain_sid);
- return NT_STATUS_OK;
- }
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-
-NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && domain);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_domain_handle) {
- DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
- DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
- sid_string_static(domainsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(access_token && domainsid && account_name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_account) {
- DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
- DEBUG(4,("sam_create_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- DOM_SID domainsid;
- const DOM_SID *accountsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
- DEBUG(0,("Can't get account SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_account) {
- DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
- DEBUG(4,("sam_add_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_update_account) {
- DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
- DEBUG(4,("sam_update_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_delete_account) {
- DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
- DEBUG(4,("sam_delete_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && account_count && accounts);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
- DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- DOM_SID domainsid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && accountsid && account);
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_sid) {
- DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
- DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
- sid_string_static(accountsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_name) {
- DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
- DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && group_name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_group) {
- DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
- DEBUG(4,("sam_create_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- DOM_SID domainsid;
- const DOM_SID *groupsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
- DEBUG(0,("Can't get group SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_group) {
- DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
- DEBUG(4,("sam_add_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_update_group) {
- DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
- DEBUG(4,("sam_update_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_group) {
- DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
- DEBUG(4,("sam_delete_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && groups_count && groups);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
- DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && groupsid && group);
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_sid) {
- DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
- DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
- sid_string_static(groupsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_name) {
- DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
- DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_add_member_to_group) {
- DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-
-}
-
-NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_member_from_group) {
- DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods && members_count && members);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_enum_groupmembers) {
- DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
- DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- uint32 tmp_group_count;
- SAM_GROUP_ENUM *tmp_groups;
-
- DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid sam_context specified */
- SAM_ASSERT(access_token && sids && context && context->methods);
-
- *group_count = 0;
-
- *groups = NULL;
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- DEBUG(5,("getting groups from domain \n"));
- if (!tmp_methods->sam_get_groups_of_sid) {
- DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
- SAFE_FREE(*groups);
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
- DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
- SAFE_FREE(*groups);
- return nt_status;
- }
-
- *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM));
-
- memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);
-
- SAFE_FREE(tmp_groups);
-
- *group_count += tmp_group_count;
-
- tmp_methods = tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Active Directory SAM backend, for simulate a W2K DC in mixed mode.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-
-#ifdef HAVE_LDAP
-
-static int sam_ads_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_ads_debug_level
-
-#ifndef FIXME
-#define FIXME( body ) { DEBUG(0,("FIXME: "));\
- DEBUGADD(0,(body));}
-#endif
-
-#define ADS_STATUS_OK ADS_ERROR(0)
-#define ADS_STATUS_UNSUCCESSFUL ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL)
-#define ADS_STATUS_NOT_IMPLEMENTED ADS_ERROR_NT(NT_STATUS_NOT_IMPLEMENTED)
-
-
-#define ADS_SUBTREE_BUILTIN "CN=Builtin,"
-#define ADS_SUBTREE_COMPUTERS "CN=Computers,"
-#define ADS_SUBTREE_DC "CN=Domain Controllers,"
-#define ADS_SUBTREE_USERS "CN=Users,"
-#define ADS_ROOT_TREE ""
-/* Here are private module structs and functions */
-
-typedef struct sam_ads_privates {
- ADS_STRUCT *ads_struct;
- TALLOC_CTX *mem_ctx;
- BOOL bind_plaintext;
- char *ads_bind_dn;
- char *ads_bind_pw;
- char *ldap_uri;
- /* did we need something more? */
-}SAM_ADS_PRIVATES;
-
-
-/* get only these LDAP attributes, witch we really need for an account */
-const char *account_attrs[] = { "objectSid",
- "objectGUID",
- "sAMAccountType",
- "sAMAcountName",
- "userPrincipalName",
- "accountExpires",
- "badPasswordTime",
- "badPwdCount",
- "lastLogoff",
- "lastLogon",
- "userWorkstations",
- "dBCSPwd",
- "unicodePwd",
- "pwdLastSet",
- "userAccountControl",
- "profilePath",
- "homeDrive",
- "scriptPath",
- "homeDirectory",
- "cn",
- "primaryGroupID",/* 513 */
- "nsNPAllowDialIn",/* TRUE */
- "userParameters",/* Dial Back number ...*/
- "codePage",/* 0 */
- "countryCode",/* 0 */
- "adminCount",/* 1 or 0 */
- "logonCount",/* 0 */
- "managedObjects",
- "memberOf",/* dn */
- "instanceType",/* 4 */
- "name", /* sync with cn */
- "description",
- /* "nTSecurityDescriptor", */
- NULL};
-
-/* get only these LDAP attributes, witch we really need for a group */
-const char *group_attrs[] = {"objectSid",
- /* "objectGUID", */
- "sAMAccountType",
- "sAMAcountName",
- "groupType",
- /* "member", */
- "description",
- "name", /* sync with cn */
- /* "nTSecurityDescriptor", */
- NULL};
-
-
-/***************************************************
- return our ads connection. We keep the connection
- open to make things faster
-****************************************************/
-static ADS_STATUS sam_ads_cached_connection(SAM_ADS_PRIVATES *privates)
-{
- ADS_STRUCT *ads_struct;
- ADS_STATUS ads_status;
-
- if (!privates->ads_struct) {
- privates->ads_struct = ads_init_simple();
- ads_struct = privates->ads_struct;
- ads_struct->server.ldap_uri = smb_xstrdup(privates->ldap_uri);
- if ((!privates->ads_bind_dn) || (!*privates->ads_bind_dn)) {
- ads_struct->auth.flags |= ADS_AUTH_ANON_BIND;
- } else {
- ads_struct->auth.user_name
- = smb_xstrdup(privates->ads_bind_dn);
- if (privates->ads_bind_pw) {
- ads_struct->auth.password
- = smb_xstrdup(privates->ads_bind_pw);
- }
- }
- if (privates->bind_plaintext) {
- ads_struct->auth.flags |= ADS_AUTH_SIMPLE_BIND;
- }
- } else {
- ads_struct = privates->ads_struct;
- }
-
- if (ads_struct->ld != NULL) {
- /* connection has been opened. ping server. */
- struct sockaddr_un addr;
- socklen_t len;
- int sd;
- if (ldap_get_option(ads_struct->ld, LDAP_OPT_DESC, &sd) == 0 &&
- getpeername(sd, (struct sockaddr *) &addr, &len) < 0) {
- /* the other end has died. reopen. */
- ldap_unbind_ext(ads_struct->ld, NULL, NULL);
- ads_struct->ld = NULL;
- }
- }
-
- if (ads_struct->ld != NULL) {
- DEBUG(5,("sam_ads_cached_connection: allready connected to the LDAP server\n"));
- return ADS_SUCCESS;
- }
-
- ads_status = ads_connect(ads_struct);
-
- ads_status = ads_server_info(ads_struct);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(0,("Can't set server info: %s\n",ads_errstr(ads_status)));
- /* return ads_status; */ FIXME("for now we only warn!\n");
- }
-
- DEBUG(2, ("sam_ads_cached_connection: succesful connection to the LDAP server\n"));
- return ADS_SUCCESS;
-}
-
-static ADS_STATUS sam_ads_do_search(SAM_ADS_PRIVATES *privates, const char *bind_path, int scope, const char *exp, const char **attrs, void **res)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- ads_status = sam_ads_cached_connection(privates);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- return ads_do_search_retry(privates->ads_struct, bind_path, scope, exp, attrs, res);
-}
-
-
-/*********************************************
-here we have to check the update serial number
- - this is the core of the ldap cache
-*********************************************/
-static ADS_STATUS sam_ads_usn_is_valid(SAM_ADS_PRIVATES *privates, uint32 usn_in, uint32 *usn_out)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
-
- SAM_ASSERT(privates && privates->ads_struct && usn_out);
-
- ads_status = ads_USN(privates->ads_struct, usn_out);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (*usn_out == usn_in)
- return ADS_SUCCESS;
-
- return ads_status;
-}
-
-/***********************************************
-Initialize SAM_ACCOUNT_HANDLE from an ADS query
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_account_handle(SAM_ADS_PRIVATES *privates, SAM_ACCOUNT_HANDLE *account ,void *msg)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER);
- NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = account->mem_ctx;
- char *tmp_str = NULL;
-
- SAM_ASSERT(privates && ads_struct && account && mem_ctx && msg);
-
- FIXME("should we really use ads_pull_username()(or ads_pull_string())?\n");
- if ((account->private.account_name = ads_pull_username(ads_struct, mem_ctx, msg))==NULL) {
- DEBUG(0,("ads_pull_username failed\n"));
- return ADS_ERROR_NT(NT_STATUS_NO_SUCH_USER);
- }
-
- if ((account->private.full_name = ads_pull_string(ads_struct, mem_ctx, msg,"name"))==NULL) {
- DEBUG(3,("ads_pull_string for 'name' failed - skip\n"));
- }
-
- if ((account->private.acct_desc = ads_pull_string(ads_struct, mem_ctx, msg,"description"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'acct_desc' failed - skip\n"));
- }
-
- if ((account->private.home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"homeDirectory"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'homeDirectory' failed - skip\n"));
- }
-
- if ((account->private.dir_drive = ads_pull_string(ads_struct, mem_ctx, msg,"homeDrive"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'homeDrive' failed - skip\n"));
- }
-
- if ((account->private.profile_path = ads_pull_string(ads_struct, mem_ctx, msg,"profilePath"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'profilePath' failed - skip\n"));
- }
-
- if ((account->private.logon_script = ads_pull_string(ads_struct, mem_ctx, msg,"scriptPath"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'scriptPath' failed - skip\n"));
- }
-
- FIXME("check 'nsNPAllowDialIn' for munged_dial!\n");
- if ((account->private.munged_dial = ads_pull_string(ads_struct, mem_ctx, msg,"userParameters"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'userParameters' failed - skip\n"));
- }
-
- if ((account->private.unix_home_dir = ads_pull_string(ads_struct, mem_ctx, msg,"msSFUHomeDrirectory"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'msSFUHomeDrirectory' failed - skip\n"));
- }
-
-#if 0
- FIXME("use function intern mem_ctx for pwdLastSet\n");
- if ((tmp_str = ads_pull_string(ads_struct, mem_ctx, msg,"pwdLastSet"))!=NULL) {
- DEBUG(3,("ads_pull_string for 'pwdLastSet' failed - skip\n"));
- } else {
- account->private.pass_last_set_time = ads_parse_nttime(tmp_str);
- tmp_str = NULL;
-
- }
-#endif
-
-#if 0
-typedef struct sam_account_handle {
- TALLOC_CTX *mem_ctx;
- uint32 access_granted;
- const struct sam_methods *current_sam_methods; /* sam_methods creating this handle */
- void (*free_fn)(struct sam_account_handle **);
- struct sam_account_data {
- uint32 init_flag;
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
- char * account_name; /* account_name string */
- SAM_DOMAIN_HANDLE * domain; /* domain of account */
- char *full_name; /* account's full name string */
- char *unix_home_dir; /* UNIX home directory string */
- char *home_dir; /* home directory string */
- char *dir_drive; /* home directory drive string */
- char *logon_script; /* logon script string */
- char *profile_path; /* profile path string */
- char *acct_desc; /* account description string */
- char *workstations; /* login from workstations string */
- char *unknown_str; /* don't know what this is, yet. */
- char *munged_dial; /* munged path name and dial-back tel number */
- DOM_SID account_sid; /* Primary Account SID */
- DOM_SID group_sid; /* Primary Group SID */
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
- char *plaintext_pw; /* if Null not available */
- uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
- uint32 unknown_1; /* 0x00ff ffff */
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 hours[MAX_HOURS_LEN];
- uint32 unknown_2; /* 0x0002 0000 */
- uint32 unknown_3; /* 0x0000 04ec */
- } private;
-} SAM_ACCOUNT_HANDLE;
-#endif
-
- return ads_status;
-}
-
-
-/***********************************************
-Initialize SAM_GROUP_ENUM from an ads entry
-************************************************/
-/* not ready :-( */
-static ADS_STATUS ads_entry2sam_group_enum(SAM_ADS_PRIVATES *privates, TALLOC_CTX *mem_ctx, SAM_GROUP_ENUM **group_enum,const void *entry)
-{
- ADS_STATUS ads_status = ADS_STATUS_UNSUCCESSFUL;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SAM_GROUP_ENUM __group_enum;
- SAM_GROUP_ENUM *_group_enum = &__group_enum;
-
- SAM_ASSERT(privates && ads_struct && mem_ctx && group_enum && entry);
-
- *group_enum = _group_enum;
-
- DEBUG(3,("sam_ads: ads_entry2sam_account_handle\n"));
-
- if (!ads_pull_sid(ads_struct, &entry, "objectSid", &(_group_enum->sid))) {
- DEBUG(0,("No sid for!?\n"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_name = ads_pull_string(ads_struct, mem_ctx, &entry, "sAMAccountName"))) {
- DEBUG(0,("No groupname found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- if (!(_group_enum->group_desc = ads_pull_string(ads_struct, mem_ctx, &entry, "desciption"))) {
- DEBUG(0,("No description found"));
- return ADS_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(0,("sAMAccountName: %s\ndescription: %s\nobjectSid: %s\n",
- _group_enum->group_name,
- _group_enum->group_desc,
- sid_string_static(&(_group_enum->sid))
- ));
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_access_check(SAM_ADS_PRIVATES *privates, const SEC_DESC *sd, const NT_USER_TOKEN *access_token, uint32 access_desired, uint32 *acc_granted)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
- NTSTATUS nt_status;
- uint32 my_acc_granted;
-
- SAM_ASSERT(privates && sd && access_token);
- /* acc_granted can be set to NULL */
-
- /* the steps you need are:
- 1. get_sec_desc for sid
- 2. se_map_generic(accessdesired, generic_mapping)
- 3. se_access_check() */
-
- if (!se_access_check(sd, access_token, access_desired, (acc_granted)?acc_granted:&my_acc_granted, &nt_status)) {
- DEBUG(3,("sam_ads_access_check: ACCESS DENIED\n"));
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
- }
- ads_status = ADS_ERROR_NT(nt_status);
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_get_tree_sec_desc(SAM_ADS_PRIVATES *privates, const char *subtree, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- char *search_path;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
-
- SAM_ASSERT(privates && ads_struct && mem_ctx && sd);
- *sd = NULL;
-
- if (subtree) {
- asprintf(&search_path, "%s%s",subtree,ads_struct->config.bind_path);
- } else {
- asprintf(&search_path, "%s","");
- }
- ads_status = sam_ads_do_search(privates, search_path, LDAP_SCOPE_BASE, "(objectClass=*)", sec_desc_attrs, &sec_desc_res);
- SAFE_FREE(search_path);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if ((sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))==NULL) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- *sd = NULL;
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- return ads_status;
- }
-
- return ads_status;
-}
-
-static ADS_STATUS sam_ads_account_policy_get(SAM_ADS_PRIVATES *privates, int field, uint32 *value)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- ADS_STRUCT *ads_struct = privates->ads_struct;
- void *ap_res;
- void *ap_msg;
- const char *ap_attrs[] = {"minPwdLength",/* AP_MIN_PASSWORD_LEN */
- "pwdHistoryLength",/* AP_PASSWORD_HISTORY */
- "AP_USER_MUST_LOGON_TO_CHG_PASS",/* AP_USER_MUST_LOGON_TO_CHG_PASS */
- "maxPwdAge",/* AP_MAX_PASSWORD_AGE */
- "minPwdAge",/* AP_MIN_PASSWORD_AGE */
- "lockoutDuration",/* AP_LOCK_ACCOUNT_DURATION */
- "AP_RESET_COUNT_TIME",/* AP_RESET_COUNT_TIME */
- "AP_BAD_ATTEMPT_LOCKOUT",/* AP_BAD_ATTEMPT_LOCKOUT */
- "AP_TIME_TO_LOGOUT",/* AP_TIME_TO_LOGOUT */
- NULL};
- /*lockOutObservationWindow
- lockoutThreshold $ pwdProperties*/
- static uint32 ap[9];
- static uint32 ap_usn = 0;
- uint32 tmp_usn = 0;
-
- SAM_ASSERT(privates && ads_struct && value);
-
- FIXME("We need to decode all account_policy attributes!\n");
-
- ads_status = sam_ads_usn_is_valid(privates,ap_usn,&tmp_usn);
- if (!ADS_ERR_OK(ads_status)) {
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_BASE, "(objectClass=*)", ap_attrs, &ap_res);
- if (!ADS_ERR_OK(ads_status))
- return ads_status;
-
- if (ads_count_replies(ads_struct, ap_res) != 1) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!(ap_msg = ads_first_entry(ads_struct, ap_res))) {
- ads_msgfree(ads_struct, ap_res);
- return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
- }
-
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[0], &ap[0])) {
- /* AP_MIN_PASSWORD_LEN */
- ap[0] = MINPASSWDLENGTH;/* 5 chars minimum */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[1], &ap[1])) {
- /* AP_PASSWORD_HISTORY */
- ap[1] = 0;/* don't keep any old password */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[2], &ap[2])) {
- /* AP_USER_MUST_LOGON_TO_CHG_PASS */
- ap[2] = 0;/* don't force user to logon */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[3], &ap[3])) {
- /* AP_MAX_PASSWORD_AGE */
- ap[3] = MAX_PASSWORD_AGE;/* 21 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[4], &ap[4])) {
- /* AP_MIN_PASSWORD_AGE */
- ap[4] = 0;/* 0 days */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[5], &ap[5])) {
- /* AP_LOCK_ACCOUNT_DURATION */
- ap[5] = 0;/* lockout for 0 minutes */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[6], &ap[6])) {
- /* AP_RESET_COUNT_TIME */
- ap[6] = 0;/* reset immediatly */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[7], &ap[7])) {
- /* AP_BAD_ATTEMPT_LOCKOUT */
- ap[7] = 0;/* don't lockout */
- }
- if (!ads_pull_uint32(ads_struct, ap_msg, ap_attrs[8], &ap[8])) {
- /* AP_TIME_TO_LOGOUT */
- ap[8] = -1;/* don't force logout */
- }
-
- ads_msgfree(ads_struct, ap_res);
- ap_usn = tmp_usn;
- }
-
- switch(field) {
- case AP_MIN_PASSWORD_LEN:
- *value = ap[0];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_PASSWORD_HISTORY:
- *value = ap[1];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_USER_MUST_LOGON_TO_CHG_PASS:
- *value = ap[2];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MAX_PASSWORD_AGE:
- *value = ap[3];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_MIN_PASSWORD_AGE:
- *value = ap[4];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_LOCK_ACCOUNT_DURATION:
- *value = ap[5];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_RESET_COUNT_TIME:
- *value = ap[6];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_BAD_ATTEMPT_LOCKOUT:
- *value = ap[7];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- case AP_TIME_TO_LOGOUT:
- *value = ap[8];
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- break;
- default: *value = 0; break;
- }
-
- return ads_status;
-}
-
-
-/**********************************
-Now the functions off the SAM API
-***********************************/
-
-/* General API */
-static NTSTATUS sam_ads_get_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, SEC_DESC **sd)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx;
- char *sidstr,*filter;
- void *sec_desc_res;
- void *sec_desc_msg;
- const char *sec_desc_attrs[] = {"nTSecurityDescriptor",NULL};
- fstring sid_str;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && sid && sd);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
-
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- sidstr = sid_binstring(sid);
- if (asprintf(&filter, "(objectSid=%s)", sidstr) == -1) {
- SAFE_FREE(sidstr);
- return NT_STATUS_NO_MEMORY;
- }
-
- SAFE_FREE(sidstr);
-
- ads_status = sam_ads_do_search(privates,ads_struct->config.bind_path,
- LDAP_SCOPE_SUBTREE, filter, sec_desc_attrs,
- &sec_desc_res);
- SAFE_FREE(filter);
-
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- if (!(mem_ctx = talloc_init_named("sec_desc parse in sam_ads"))) {
- DEBUG(1, ("talloc_init_named() failed for sec_desc parse context in sam_ads"));
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_NO_MEMORY;
- }
-
- if (ads_count_replies(ads_struct, sec_desc_res) != 1) {
- DEBUG(1,("sam_ads_get_sec_desc: duplicate or 0 results for sid %s\n",
- sid_to_string(sid_str, sid)));
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!(sec_desc_msg = ads_first_entry(ads_struct, sec_desc_res))) {
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!ads_pull_sd(ads_struct, mem_ctx, sec_desc_msg, sec_desc_attrs[0], sd)) {
- ads_status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
- talloc_destroy(mem_ctx);
- ads_msgfree(ads_struct, sec_desc_res);
- return ads_ntstatus(ads_status);
- }
-
- /* now, were we allowed to see the SD we just got? */
-
- ads_msgfree(ads_struct, sec_desc_res);
- talloc_destroy(mem_ctx);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_set_sec_desc(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const DOM_SID *sid, const SEC_DESC *sd)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-
-static NTSTATUS sam_ads_lookup_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name,
- enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && mem_ctx && sid && name && type);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_sid_to_name(ads_struct, mem_ctx, sid, name, type);
-}
-
-static NTSTATUS sam_ads_lookup_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const char *name, DOM_SID *sid, enum SID_NAME_USE *type)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- SEC_DESC *my_sd;
-
- SAM_ASSERT(sam_method && access_token && name && sid && type);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &my_sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, my_sd, access_token, GENERIC_RIGHTS_DOMAIN_READ, NULL);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- return ads_name_to_sid(ads_struct, name, sid, type);
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_ads_update_domain(const SAM_METHODS *sam_method, const SAM_DOMAIN_HANDLE *domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_domain_handle(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token,
- const uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- TALLOC_CTX *mem_ctx = privates->mem_ctx; /*Fix me is this right??? */
- SAM_DOMAIN_HANDLE *dom_handle = NULL;
- SEC_DESC *sd;
- uint32 acc_granted;
- uint32 tmp_value;
-
- DEBUG(5,("sam_ads_get_domain_handle: %d\n",__LINE__));
-
- SAM_ASSERT(sam_method && access_token && domain);
-
- (*domain) = NULL;
-
- if ((dom_handle = talloc(mem_ctx, sizeof(SAM_DOMAIN_HANDLE))) == NULL) {
- DEBUG(0,("failed to talloc dom_handle\n"));
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- return ads_ntstatus(ads_status);
- }
-
- ZERO_STRUCTP(dom_handle);
-
- dom_handle->mem_ctx = mem_ctx; /*Fix me is this right??? */
- dom_handle->free_fn = NULL;
- dom_handle->current_sam_methods = sam_method;
-
- /* check if access can be granted as requested */
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- dom_handle->access_granted = acc_granted;
-
- /* fill all the values of dom_handle */
- sid_copy(&dom_handle->private.sid, &sam_method->domain_sid);
- dom_handle->private.name = smb_xstrdup(sam_method->domain_name);
- dom_handle->private.servername = "WHOKNOWS"; /* what is the servername */
-
- /*Fix me: sam_ads_account_policy_get() return ADS_STATUS! */
- ads_status = sam_ads_account_policy_get(privates, AP_MAX_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for max password age. Useing default\n"));
- tmp_value = MAX_PASSWORD_AGE;
- }
- unix_to_nt_time_abs(&dom_handle->private.max_passwordage,tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_AGE, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password age. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.min_passwordage, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_LOCK_ACCOUNT_DURATION, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for lockout duration. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.lockout_duration, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_RESET_COUNT_TIME, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for time till locout count is reset. Useing default\n"));
- tmp_value = 0;
- }
- unix_to_nt_time_abs(&dom_handle->private.reset_count, tmp_value);
-
- ads_status = sam_ads_account_policy_get(privates, AP_MIN_PASSWORD_LEN, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for min password length. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.min_passwordlength = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_PASSWORD_HISTORY, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed password history. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.password_history = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_BAD_ATTEMPT_LOCKOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for bad attempts till lockout. Useing default\n"));
- tmp_value = 0;
- }
- dom_handle->private.lockout_count = (uint16)tmp_value;
-
- ads_status = sam_ads_account_policy_get(privates, AP_TIME_TO_LOGOUT, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for force logout. Useing default\n"));
- tmp_value = -1;
- }
-
- ads_status = sam_ads_account_policy_get(privates, AP_USER_MUST_LOGON_TO_CHG_PASS, &tmp_value);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(4,("sam_ads_account_policy_get failed for user must login to change password. Useing default\n"));
- tmp_value = 0;
- }
-
- /* should the real values of num_accounts, num_groups and num_aliases be retreved?
- * I think it is to expensive to bother
- */
- dom_handle->private.num_accounts = 3;
- dom_handle->private.num_groups = 4;
- dom_handle->private.num_aliases = 5;
-
- *domain = dom_handle;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
- return ads_ntstatus(ads_status);
-}
-
-/* Account API */
-static NTSTATUS sam_ads_create_account(const SAM_METHODS *sam_method,
- const NT_USER_TOKEN *access_token, uint32 access_desired,
- const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && access_token && account_name && account);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_SUBTREE_USERS, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_ERROR(LDAP_NO_MEMORY);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- ADS_MODLIST mods;
- uint16 acct_ctrl;
- char *new_dn;
- SEC_DESC *sd;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && account);
-
- ads_status = ADS_ERROR_NT(sam_get_account_acct_ctrl(account,&acct_ctrl));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if ((acct_ctrl & ACB_WSTRUST)||(acct_ctrl & ACB_SVRTRUST)) {
- /* Computer account */
- char *name,*controlstr;
- char *hostname,*host_upn,*host_spn;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", "computer", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(host_upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Computers,%s", hostname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", host_upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ads_mod_str(mem_ctx, &mods, "servicePrincipalName", host_spn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "dNSHostName", hostname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- /* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystem", "Samba");
- if (!ADS_ERR_OK(ads_status))
- goto done;
- *//* ads_status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", VERSION);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- */
- /* End Computer account */
- } else {
- /* User account*/
- char *upn, *controlstr;
- char *name, *fullname;
- const char *objectClass[] = {"top", "person", "organizationalPerson",
- "user", NULL};
-
- ads_status = ADS_ERROR_NT(sam_get_account_name(account,&name));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- ads_status = ADS_ERROR_NT(sam_get_account_fullname(account,&fullname));
- if (!ADS_ERR_OK(ads_status))
- goto done;
-
- if (!(upn = talloc_asprintf(mem_ctx, "%s@%s", name, ads_struct->config.realm))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(new_dn = talloc_asprintf(mem_ctx, "CN=%s,CN=Users,%s", fullname,
- ads_struct->config.bind_path))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(controlstr = talloc_asprintf(mem_ctx, "%u", ads_acb2uf(acct_ctrl)))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- if (!(mods = ads_init_mods(mem_ctx))) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- goto done;
- }
-
- ads_status = ads_mod_str(mem_ctx, &mods, "cn", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_strlist(mem_ctx, &mods, "objectClass", objectClass);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", upn);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "displayName", fullname);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "sAMAccountName", name);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- ads_status = ads_mod_str(mem_ctx, &mods, "userAccountControl", controlstr);
- if (!ADS_ERR_OK(ads_status))
- goto done;
- }/* End User account */
-
- /* Finally at the account */
- ads_status = ads_gen_add(ads_struct, new_dn, mods);
-
-done:
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_account(const SAM_METHODS *sam_method, const SAM_ACCOUNT_HANDLE *account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
-
-
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_accounts(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-#if 0
-static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_sid && account);
-
- ads_status = ADS_ERROR_NT(sam_ads_get_sec_desc(sam_method, access_token, account_sid, &my_sd));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-#else
-static NTSTATUS sam_ads_get_account_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *account_sid, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-#endif
-
-#if 0
-static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- SEC_DESC *sd = NULL;
- uint32 acc_granted;
-
- SAM_ASSERT(sam_method && privates && ads_struct && access_token && account_name && account);
-
- ads_status = sam_ads_get_tree_sec_desc(privates, ADS_ROOT_TREE, &sd);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = sam_ads_access_check(privates, sd, access_token, access_desired, &acc_granted);
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- ads_status = ADS_ERROR_NT(sam_init_account(account));
- if (!ADS_ERR_OK(ads_status))
- return ads_ntstatus(ads_status);
-
- (*account)->access_granted = acc_granted;
-
- return ads_ntstatus(ads_status);
-}
-#else
-static NTSTATUS sam_ads_get_account_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *account_name, SAM_ACCOUNT_HANDLE **account)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-#endif
-
-/* Group API */
-static NTSTATUS sam_ads_create_group(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_update_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groups(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- SAM_ADS_PRIVATES *privates = (struct sam_ads_privates *)sam_method->private_data;
- ADS_STRUCT *ads_struct = privates->ads_struct;
- TALLOC_CTX *mem_ctx = privates->mem_ctx;
- void *res = NULL;
- void *msg = NULL;
- char *filter = NULL;
- int i = 0;
-
- /* get only these LDAP attributes, witch we really need for a group */
- const char *group_enum_attrs[] = {"objectSid",
- "description",
- "sAMAcountName",
- NULL};
-
- SAM_ASSERT(sam_method && access_token && groups_count && groups);
-
- *groups_count = 0;
-
- DEBUG(3,("ads: enum_dom_groups\n"));
-
- FIXME("get only group from the wanted Type!\n");
- asprintf(&filter, "(&(objectClass=group)(groupType=%s))", "*");
- ads_status = sam_ads_do_search(privates, ads_struct->config.bind_path, LDAP_SCOPE_SUBTREE, filter, group_enum_attrs, &res);
- if (!ADS_ERR_OK(ads_status)) {
- DEBUG(1,("enum_groups ads_search: %s\n", ads_errstr(ads_status)));
- }
-
- *groups_count = ads_count_replies(ads_struct, res);
- if (*groups_count == 0) {
- DEBUG(1,("enum_groups: No groups found\n"));
- }
-
- (*groups) = talloc_zero(mem_ctx, (*groups_count) * sizeof(**groups));
- if (!*groups) {
- ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- for (msg = ads_first_entry(ads_struct, res); msg; msg = ads_next_entry(ads_struct, msg)) {
- uint32 grouptype;
-
- if (!ads_pull_uint32(ads_struct, msg, "groupType", &grouptype)) {
- ;
- } else {
- (*groups)->group_ctrl = ads_gtype2gcb(grouptype);
- }
-
- if (!((*groups)->group_name = ads_pull_string(ads_struct, mem_ctx, msg, "sAMAccountName"))) {
- ;
- }
-
- if (!((*groups)->group_desc = ads_pull_string(ads_struct, mem_ctx, msg, "description"))) {
- ;
- }
-
- if (!ads_pull_sid(ads_struct, msg, "objectSid", &((*groups)->sid))) {
- DEBUG(1,("No sid for group %s !?\n", (*groups)->group_name));
- continue;
- }
-
- i++;
- }
-
- (*groups_count) = i;
-
- ads_status = ADS_ERROR_NT(NT_STATUS_OK);
-
- DEBUG(3,("ads enum_dom_groups gave %d entries\n", (*groups_count)));
-
- if (res) ads_msgfree(ads_struct, res);
-
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_group_by_name(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_add_member_to_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_delete_member_from_group(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_enum_groupmembers(const SAM_METHODS *sam_method, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-static NTSTATUS sam_ads_get_groups_of_sid(const SAM_METHODS *sam_method, const NT_USER_TOKEN *access_token, const DOM_SID **sids, const uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- ADS_STATUS ads_status = ADS_STATUS_NOT_IMPLEMENTED;
- DEBUG(0,("sam_ads: %s was called!\n",__FUNCTION__));
- SAM_ASSERT(sam_method);
- return ads_ntstatus(ads_status);
-}
-
-/**********************************
-Free our private data
-***********************************/
-static void sam_ads_free_private_data(void **vp)
-{
- SAM_ADS_PRIVATES **sam_ads_state = (SAM_ADS_PRIVATES **)vp;
-
- if ((*sam_ads_state)->ads_struct->ld) {
- ldap_unbind((*sam_ads_state)->ads_struct->ld);
- }
-
- ads_destroy(&((*sam_ads_state)->ads_struct));
-
- talloc_destroy((*sam_ads_state)->mem_ctx);
- FIXME("maybe we must free some other stuff here\n");
-
- *sam_ads_state = NULL;
-}
-
-
-
-/*****************************************************
-Init the ADS SAM backend
-******************************************************/
-NTSTATUS sam_init_ads(SAM_METHODS *sam_method, const char *module_params)
-{
- ADS_STATUS ads_status;
- SAM_ADS_PRIVATES *sam_ads_state;
- TALLOC_CTX *mem_ctx;
-
- SAM_ASSERT(sam_method && sam_method->parent);
-
- mem_ctx = sam_method->parent->mem_ctx;
-
- /* Here the SAM API functions of the sam_ads module */
-
- /* General API */
-
- sam_method->sam_get_sec_desc = sam_ads_get_sec_desc;
- sam_method->sam_set_sec_desc = sam_ads_set_sec_desc;
-
- sam_method->sam_lookup_sid = sam_ads_lookup_sid;
- sam_method->sam_lookup_name = sam_ads_lookup_name;
-
- /* Domain API */
-
- sam_method->sam_update_domain = sam_ads_update_domain;
- sam_method->sam_get_domain_handle = sam_ads_get_domain_handle;
-
- /* Account API */
-
- sam_method->sam_create_account = sam_ads_create_account;
- sam_method->sam_add_account = sam_ads_add_account;
- sam_method->sam_update_account = sam_ads_update_account;
- sam_method->sam_delete_account = sam_ads_delete_account;
- sam_method->sam_enum_accounts = sam_ads_enum_accounts;
-
- sam_method->sam_get_account_by_sid = sam_ads_get_account_by_sid;
- sam_method->sam_get_account_by_name = sam_ads_get_account_by_name;
-
- /* Group API */
-
- sam_method->sam_create_group = sam_ads_create_group;
- sam_method->sam_add_group = sam_ads_add_group;
- sam_method->sam_update_group = sam_ads_update_group;
- sam_method->sam_delete_group = sam_ads_delete_group;
- sam_method->sam_enum_groups = sam_ads_enum_groups;
- sam_method->sam_get_group_by_sid = sam_ads_get_group_by_sid;
- sam_method->sam_get_group_by_name = sam_ads_get_group_by_name;
-
- sam_method->sam_add_member_to_group = sam_ads_add_member_to_group;
- sam_method->sam_delete_member_from_group = sam_ads_delete_member_from_group;
- sam_method->sam_enum_groupmembers = sam_ads_enum_groupmembers;
-
- sam_method->sam_get_groups_of_sid = sam_ads_get_groups_of_sid;
-
- sam_ads_state = talloc_zero(mem_ctx, sizeof(SAM_ADS_PRIVATES));
- if (!sam_ads_state) {
- DEBUG(0, ("talloc() failed for sam_ads private_data!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!(sam_ads_state->mem_ctx = talloc_init_named("sam_ads_method"))) {
- DEBUG(0, ("talloc_init_named() failed for sam_ads_state->mem_ctx\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- sam_ads_state->ads_bind_dn = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind as"));
- sam_ads_state->ads_bind_pw = talloc_strdup(sam_ads_state->mem_ctx, lp_parm_string(NULL,"sam_ads","bind pw"));
-
- sam_ads_state->bind_plaintext = strequal(lp_parm_string(NULL, "sam_ads", "plaintext bind"), "yes");
-
- if (!sam_ads_state->ads_bind_dn || !sam_ads_state->ads_bind_pw) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- /* Maybe we should not check the result here? Server down on startup? */
-
- if (module_params && *module_params) {
- sam_ads_state->ldap_uri = talloc_strdup(sam_ads_state->mem_ctx, module_params);
- if (!sam_ads_state->ldap_uri) {
- DEBUG(0, ("talloc_strdup() failed for bind dn or password\n"));
- return NT_STATUS_NO_MEMORY;
- }
- } else {
- sam_ads_state->ldap_uri = "ldapi://";
- }
-
- ads_status = sam_ads_cached_connection(sam_ads_state);
- if (!ADS_ERR_OK(ads_status)) {
- return ads_ntstatus(ads_status);
- }
-
- sam_method->private_data = sam_ads_state;
- sam_method->free_private_data = sam_ads_free_private_data;
-
- sam_ads_debug_level = debug_add_class("sam_ads");
- if (sam_ads_debug_level == -1) {
- sam_ads_debug_level = DBGC_ALL;
- DEBUG(0, ("sam_ads: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_ads: Debug class number of 'sam_ads': %d\n", sam_ads_debug_level));
-
- DEBUG(5, ("Initializing sam_ads\n"));
- if (module_params)
- DEBUG(10, ("Module Parameters for Domain %s[%s]: %s\n", sam_method->domain_name, sam_method->domain_name, module_params));
- return NT_STATUS_OK;
-}
-
-#else /* HAVE_LDAP */
-void sam_ads_dummy(void)
-{
- DEBUG(0,("sam_ads: not supported!\n"));
-}
-#endif /* HAVE_LDAP */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Loadable san module interface.
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-NTSTATUS sam_init_plugin(SAM_METHODS *sam_methods, const char *module_params)
-{
- void *dl_handle;
- char *plugin_params, *plugin_name, *p;
- sam_init_function plugin_init;
- int (*plugin_version)(void);
-
- if (module_params == NULL) {
- DEBUG(0, ("The plugin module needs an argument!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- plugin_name = smb_xstrdup(module_params);
- p = strchr(plugin_name, ':');
- if (p) {
- *p = 0;
- plugin_params = p+1;
- trim_string(plugin_params, " ", " ");
- } else plugin_params = NULL;
- trim_string(plugin_name, " ", " ");
-
- DEBUG(5, ("Trying to load sam plugin %s\n", plugin_name));
- dl_handle = sys_dlopen(plugin_name, RTLD_NOW);
- if (!dl_handle) {
- DEBUG(0, ("Failed to load sam plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- plugin_version = sys_dlsym(dl_handle, "sam_version");
- if (!plugin_version) {
- sys_dlclose(dl_handle);
- DEBUG(0, ("Failed to find function 'sam_version' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (plugin_version()!=SAM_INTERFACE_VERSION) {
- sys_dlclose(dl_handle);
- DEBUG(0, ("Wrong SAM_INTERFACE_VERSION! sam plugin has version %d and version %d is needed! Please update!\n",
- plugin_version(),SAM_INTERFACE_VERSION));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- plugin_init = sys_dlsym(dl_handle, "sam_init");
- if (!plugin_init) {
- sys_dlclose(dl_handle);
- DEBUG(0, ("Failed to find function 'sam_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(5, ("Starting sam plugin %s with parameters %s for domain %s\n", plugin_name, plugin_params, sam_methods->domain_name));
- return plugin_init(sam_methods, plugin_params);
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- this is a skeleton for SAM backend modules.
-
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Andrew Bartlett 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-static int sam_skel_debug_level = DBGC_SAM;
-
-#undef DBGC_CLASS
-#define DBGC_CLASS sam_skel_debug_level
-
-/* define the version of the SAM interface */
-SAM_MODULE_VERSIONING_MAGIC
-
-/* General API */
-
-static NTSTATUS sam_skel_get_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_set_sec_desc(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_lookup_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_lookup_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const char *name, DOM_SID *sid, uint32 *type)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Domain API */
-
-static NTSTATUS sam_skel_update_domain(const SAM_METHODS *sam_methods, const SAM_DOMAIN_HANDLE *domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_domain_handle(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, SAM_DOMAIN_HANDLE **domain)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Account API */
-
-static NTSTATUS sam_skel_create_account(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_account(const SAM_METHODS *sam_methods, const SAM_ACCOUNT_HANDLE *account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_accounts(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_account_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_account_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Group API */
-
-static NTSTATUS sam_skel_create_group(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *account_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_add_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_update_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groups(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_get_group_by_name(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *name, SAM_GROUP_HANDLE **group)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_add_member_to_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_delete_member_from_group(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS sam_skel_enum_groupmembers(const SAM_METHODS *sam_methods, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS sam_skel_get_groups_of_sid(const SAM_METHODS *sam_methods, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- DEBUG(0,("sam_skel: %s was called!\n",__FUNCTION__));
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS sam_init_skel(SAM_METHODS *sam_methods, const char *module_params)
-{
- /* Functions your SAM module doesn't provide should be set
- * to NULL */
-
- sam_methods->sam_get_sec_desc = sam_skel_get_sec_desc;
- sam_methods->sam_set_sec_desc = sam_skel_set_sec_desc;
-
- sam_methods->sam_lookup_sid = sam_skel_lookup_sid;
- sam_methods->sam_lookup_name = sam_skel_lookup_name;
-
- /* Domain API */
-
- sam_methods->sam_update_domain = sam_skel_update_domain;
- sam_methods->sam_get_domain_handle = sam_skel_get_domain_handle;
-
- /* Account API */
-
- sam_methods->sam_create_account = sam_skel_create_account;
- sam_methods->sam_add_account = sam_skel_add_account;
- sam_methods->sam_update_account = sam_skel_update_account;
- sam_methods->sam_delete_account = sam_skel_delete_account;
- sam_methods->sam_enum_accounts = sam_skel_enum_accounts;
-
- sam_methods->sam_get_account_by_sid = sam_skel_get_account_by_sid;
- sam_methods->sam_get_account_by_name = sam_skel_get_account_by_name;
-
- /* Group API */
-
- sam_methods->sam_create_group = sam_skel_create_group;
- sam_methods->sam_add_group = sam_skel_add_group;
- sam_methods->sam_update_group = sam_skel_update_group;
- sam_methods->sam_delete_group = sam_skel_delete_group;
- sam_methods->sam_enum_groups = sam_skel_enum_groups;
- sam_methods->sam_get_group_by_sid = sam_skel_get_group_by_sid;
- sam_methods->sam_get_group_by_name = sam_skel_get_group_by_name;
-
- sam_methods->sam_add_member_to_group = sam_skel_add_member_to_group;
- sam_methods->sam_delete_member_from_group = sam_skel_delete_member_from_group;
- sam_methods->sam_enum_groupmembers = sam_skel_enum_groupmembers;
-
- sam_methods->sam_get_groups_of_sid = sam_skel_get_groups_of_sid;
-
- sam_methods->free_private_data = NULL;
-
-
- sam_skel_debug_level = debug_add_class("sam_skel");
- if (sam_skel_debug_level == -1) {
- sam_skel_debug_level = DBGC_SAM;
- DEBUG(0, ("sam_skel: Couldn't register custom debugging class!\n"));
- } else DEBUG(2, ("sam_skel: Debug class number of 'sam_skel': %d\n", sam_skel_debug_level));
-
- if(module_params)
- DEBUG(0, ("Starting 'sam_skel' with parameters '%s' for domain %s\n", module_params, sam_methods->domain_name));
- else
- DEBUG(0, ("Starting 'sam_skel' for domain %s without paramters\n", sam_methods->domain_name));
-
- return NT_STATUS_OK;
-}
D_P16(pwd, pass2, unenc_new_pw);
}
- if (!pdb_set_lanman_passwd(sampass, unenc_new_pw, PDB_CHANGED)) {
+ if (!pdb_set_lanman_passwd(sampass, unenc_new_pw)) {
return False;
}
- if (!pdb_set_nt_passwd (sampass, NULL, PDB_CHANGED)) {
+ if (!pdb_set_nt_passwd (sampass, NULL)) {
return False; /* We lose the NT hash. Sorry. */
}
StrnCpy(buf,src,sizeof(buf)/2);
pstring_sub(buf,"%S",lp_servicename(snum));
standard_sub_conn(conn,buf,sizeof(buf));
- l = push_ascii(*dst,buf,*n, STR_TERMINATE);
+ l = push_ascii(*dst,buf,*n-1, STR_TERMINATE);
(*dst) += l;
(*n) -= l;
return l;
return False;
/* get list of domain groups SID_DOMAIN_GRP=2 */
- if(!pdb_enum_group_mapping(SID_NAME_DOM_GRP , &group_list, &num_entries, False, False)) {
+ if(!enum_group_mapping(SID_NAME_DOM_GRP , &group_list, &num_entries, False, False)) {
DEBUG(3,("api_RNetGroupEnum:failed to get group list"));
return False;
}
* the new real sam db won't have reference to unix uids or gids
*/
if (!IS_SAM_UNIX_USER(server_info->sam_account)) {
- DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n"));
+ DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT (flags:%x)\n", pdb_get_init_flag(server_info->sam_account)));
free(vuser);
return UID_FIELD_INVALID;
}
current_user.conn = NULL;
current_user.vuid = UID_FIELD_INVALID;
- passwd_free(&pass);
-
return True;
}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM module functions
-
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "samtest.h"
-
-static void print_account(SAM_ACCOUNT_HANDLE *a)
-{
- /* FIXME */
-}
-
-static NTSTATUS cmd_context(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- char **plugins;
- int i;
-
- plugins = malloc(argc * sizeof(char *));
-
- for(i = 1; i < argc; i++)
- plugins[i-1] = argv[i];
-
- plugins[argc-1] = NULL;
-
- if(!NT_STATUS_IS_OK(status = make_sam_context_list(&st->context, plugins))) {
- printf("make_sam_context_list failed: %s\n", nt_errstr(status));
- SAFE_FREE(plugins);
- return status;
- }
-
- SAFE_FREE(plugins);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_load_module(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- char *plugin_arg[2];
- NTSTATUS status;
- if (argc != 2 && argc != 3) {
- printf("Usage: load <module path> [domain-name]\n");
- return NT_STATUS_OK;
- }
-
- if (argc == 3)
- asprintf(&plugin_arg[0], "plugin:%s|%s", argv[1], argv[2]);
- else
- asprintf(&plugin_arg[0], "plugin:%s", argv[1]);
-
- plugin_arg[1] = NULL;
-
- if(!NT_STATUS_IS_OK(status = make_sam_context_list(&st->context, plugin_arg))) {
- free(plugin_arg[0]);
- return status;
- }
-
- free(plugin_arg[0]);
-
- printf("load: ok\n");
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_get_sec_desc(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_set_sec_desc(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- char *name;
- uint32 type;
- NTSTATUS status;
- DOM_SID sid;
- if (argc != 2) {
- printf("Usage: lookup_sid <sid>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_lookup_sid(st->context, st->token, mem_ctx, &sid, &name, &type))) {
- printf("sam_lookup_sid failed!\n");
- return status;
- }
-
- printf("Name: %s\n", name);
- printf("Type: %d\n", type); /* FIXME: What kind of an integer is type ? */
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- DOM_SID sid;
- uint32 type;
- NTSTATUS status;
- if (argc != 3) {
- printf("Usage: lookup_name <domain> <name>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_lookup_name(st->context, st->token, argv[1], argv[2], &sid, &type))) {
- printf("sam_lookup_name failed!\n");
- return status;
- }
-
- printf("SID: %s\n", sid_string_static(&sid));
- printf("Type: %d\n", type);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- DOM_SID *sid;
- NTSTATUS status;
- if (argc != 2) {
- printf("Usage: lookup_domain <domain>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_lookup_domain(st->context, st->token, argv[1], &sid))) {
- printf("sam_lookup_name failed!\n");
- return status;
- }
-
- printf("SID: %s\n", sid_string_static(sid));
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_enum_domains(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- int32 domain_count, i;
- DOM_SID *domain_sids;
- char **domain_names;
- NTSTATUS status;
-
- if (!NT_STATUS_IS_OK(status = sam_enum_domains(st->context, st->token, &domain_count, &domain_sids, &domain_names))) {
- printf("sam_enum_domains failed!\n");
- return status;
- }
-
- if (domain_count == 0) {
- printf("No domains found!\n");
- return NT_STATUS_OK;
- }
-
- for (i = 0; i < domain_count; i++) {
- printf("%s %s\n", domain_names[i], sid_string_static(&domain_sids[i]));
- }
-
- SAFE_FREE(domain_sids);
- SAFE_FREE(domain_names);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_update_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_show_domain(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- DOM_SID sid;
- SAM_DOMAIN_HANDLE *domain;
- uint32 tmp_uint32;
- uint16 tmp_uint16;
- NTTIME tmp_nttime;
- BOOL tmp_bool;
- const char *tmp_string;
-
- if (argc != 2) {
- printf("Usage: show_domain <sid>\n");
- return status;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_by_sid(st->context, st->token, GENERIC_RIGHTS_DOMAIN_ALL_ACCESS, &sid, &domain))) {
- printf("sam_get_domain_by_sid failed\n");
- return status;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_num_accounts(domain, &tmp_uint32))) {
- printf("sam_get_domain_num_accounts failed: %s\n", nt_errstr(status));
- } else {
- printf("Number of accounts: %d\n", tmp_uint32);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_num_groups(domain, &tmp_uint32))) {
- printf("sam_get_domain_num_groups failed: %s\n", nt_errstr(status));
- } else {
- printf("Number of groups: %u\n", tmp_uint32);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_num_aliases(domain, &tmp_uint32))) {
- printf("sam_get_domain_num_aliases failed: %s\n", nt_errstr(status));
- } else {
- printf("Number of aliases: %u\n", tmp_uint32);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_name(domain, &tmp_string))) {
- printf("sam_get_domain_name failed: %s\n", nt_errstr(status));
- } else {
- printf("Domain Name: %s\n", tmp_string);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_lockout_count(domain, &tmp_uint16))) {
- printf("sam_get_domain_lockout_count failed: %s\n", nt_errstr(status));
- } else {
- printf("Lockout Count: %u\n", tmp_uint16);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_force_logoff(domain, &tmp_bool))) {
- printf("sam_get_domain_force_logoff failed: %s\n", nt_errstr(status));
- } else {
- printf("Force Logoff: %s\n", (tmp_bool?"Yes":"No"));
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_lockout_duration(domain, &tmp_nttime))) {
- printf("sam_get_domain_lockout_duration failed: %s\n", nt_errstr(status));
- } else {
- printf("Lockout duration: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_login_pwdchange(domain, &tmp_bool))) {
- printf("sam_get_domain_login_pwdchange failed: %s\n", nt_errstr(status));
- } else {
- printf("Password changing allowed: %s\n", (tmp_bool?"Yes":"No"));
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_max_pwdage(domain, &tmp_nttime))) {
- printf("sam_get_domain_max_pwdage failed: %s\n", nt_errstr(status));
- } else {
- printf("Maximum password age: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_min_pwdage(domain, &tmp_nttime))) {
- printf("sam_get_domain_min_pwdage failed: %s\n", nt_errstr(status));
- } else {
- printf("Minimal password age: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_min_pwdlength(domain, &tmp_uint16))) {
- printf("sam_get_domain_min_pwdlength: %s\n", nt_errstr(status));
- } else {
- printf("Minimal Password Length: %u\n", tmp_uint16);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_pwd_history(domain, &tmp_uint16))) {
- printf("sam_get_domain_pwd_history failed: %s\n", nt_errstr(status));
- } else {
- printf("Password history: %u\n", tmp_uint16);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_reset_count(domain, &tmp_nttime))) {
- printf("sam_get_domain_reset_count failed: %s\n", nt_errstr(status));
- } else {
- printf("Reset count: %u\n", tmp_nttime.low);
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_domain_server(domain, &tmp_string))) {
- printf("sam_get_domain_server failed: %s\n", nt_errstr(status));
- } else {
- printf("Server: %s\n", tmp_string);
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_create_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_update_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_delete_account(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_enum_accounts(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- DOM_SID sid;
- int32 account_count, i;
- SAM_ACCOUNT_ENUM *accounts;
-
- if (argc != 2) {
- printf("Usage: enum_accounts <domain-sid>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_enum_accounts(st->context, st->token, &sid, 0, &account_count, &accounts))) {
- printf("sam_enum_accounts failed: %s\n", nt_errstr(status));
- return status;
- }
-
- if (account_count == 0) {
- printf("No accounts found!\n");
- return NT_STATUS_OK;
- }
-
- for (i = 0; i < account_count; i++)
- printf("SID: %s\nName: %s\nFullname: %s\nDescription: %s\nACB_BITS: %08X\n\n",
- sid_string_static(&accounts[i].sid), accounts[i].account_name,
- accounts[i].full_name, accounts[i].account_desc,
- accounts[i].acct_ctrl);
-
- SAFE_FREE(accounts);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_account_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- DOM_SID sid;
- SAM_ACCOUNT_HANDLE *account;
-
- if (argc != 2) {
- printf("Usage: lookup_account_sid <account-sid>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!string_to_sid(&sid, argv[1])){
- printf("Unparseable SID specified!\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_by_sid(st->context, st->token, GENERIC_RIGHTS_USER_ALL_ACCESS, &sid, &account))) {
- printf("context_sam_get_account_by_sid failed: %s\n", nt_errstr(status));
- return status;
- }
-
- print_account(account);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_lookup_account_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- NTSTATUS status;
- SAM_ACCOUNT_HANDLE *account;
-
- if (argc != 3) {
- printf("Usage: lookup_account_name <domain-name> <account-name>\n");
- return NT_STATUS_INVALID_PARAMETER;
- }
-
-
- if (!NT_STATUS_IS_OK(status = sam_get_account_by_name(st->context, st->token, GENERIC_RIGHTS_USER_ALL_ACCESS, argv[1], argv[2], &account))) {
- printf("context_sam_get_account_by_sid failed: %s\n", nt_errstr(status));
- return status;
- }
-
- print_account(account);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_create_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_update_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_delete_group(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_enum_groups(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_group_sid(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_lookup_group_name(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_group_add_member(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS cmd_group_del_member(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS cmd_group_enum(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
-static NTSTATUS cmd_get_sid_groups(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-struct cmd_set sam_general_commands[] = {
-
- { "General SAM Commands" },
-
- { "load", cmd_load_module, "Load a module", "load <module.so> [domain-sid]" },
- { "context", cmd_context, "Load specified context", "context [DOMAIN|]backend1[:options] [DOMAIN|]backend2[:options]" },
- { "get_sec_desc", cmd_get_sec_desc, "Get security descriptor info", "get_sec_desc <access-token> <sid>" },
- { "set_sec_desc", cmd_set_sec_desc, "Set security descriptor info", "set_sec_desc <access-token> <sid>" },
- { "lookup_sid", cmd_lookup_sid, "Lookup type of specified SID", "lookup_sid <sid>" },
- { "lookup_name", cmd_lookup_name, "Lookup type of specified name", "lookup_name <sid>" },
- { NULL }
-};
-
-struct cmd_set sam_domain_commands[] = {
- { "Domain Commands" },
- { "update_domain", cmd_update_domain, "Update domain information", "update_domain [domain-options] domain-name | domain-sid" },
- { "show_domain", cmd_show_domain, "Show domain information", "show_domain domain-sid | domain-name" },
- { "enum_domains", cmd_enum_domains, "Enumerate all domains", "enum_domains <token> <acct-ctrl>" },
- { "lookup_domain", cmd_lookup_domain, "Lookup a domain by name", "lookup_domain domain-name" },
- { NULL }
-};
-
-struct cmd_set sam_account_commands[] = {
- { "Account Commands" },
- { "create_account", cmd_create_account, "Create a new account with specified properties", "create_account [account-options]" },
- { "update_account", cmd_update_account, "Update an existing account", "update_account [account-options] account-sid | account-name" },
- { "delete_account", cmd_delete_account, "Delete an account", "delete_account account-sid | account-name" },
- { "enum_accounts", cmd_enum_accounts, "Enumerate all accounts", "enum_accounts <token> <acct-ctrl>" },
- { "lookup_account", cmd_lookup_account, "Lookup an account by either sid or name", "lookup_account account-sid | account-name" },
- { "lookup_account_sid", cmd_lookup_account_sid, "Lookup an account by sid", "lookup_account_sid account-sid" },
- { "lookup_account_name", cmd_lookup_account_name, "Lookup an account by name", "lookup_account_name account-name" },
- { NULL }
-};
-
-struct cmd_set sam_group_commands[] = {
- { "Group Commands" },
- { "create_group", cmd_create_group, "Create a new group", "create_group [group-opts]" },
- { "update_group", cmd_update_group, "Update an existing group", "update_group [group-opts] group-name | group-sid" },
- { "delete_group", cmd_delete_group, "Delete an existing group", "delete_group group-name | group-sid" },
- { "enum_groups", cmd_enum_groups, "Enumerate all groups", "enum_groups <token> <group-ctrl>" },
- { "lookup_group", cmd_lookup_group, "Lookup a group by SID or name", "lookup_group group-sid | group-name" },
- { "lookup_group_sid", cmd_lookup_group_sid, "Lookup a group by SID", "lookup_group_sid <sid>" },
- { "lookup_group_name", cmd_lookup_group_name, "Lookup a group by name", "lookup_group_name <name>" },
- { "group_add_member", cmd_group_add_member, "Add group member to group", "group_add_member <group-name | group-sid> <member-name | member-sid>" },
- { "group_del_member", cmd_group_del_member, "Delete group member from group", "group_del_member <group-name | group-sid> <member-name | member-sid>" },
- { "group_enum", cmd_group_enum, "Enumerate all members of specified group", "group_enum group-sid | group-name" },
-
- { "get_sid_groups", cmd_get_sid_groups, "Get a list of groups specified sid is a member of", "group_enum <group-sid | group-name>" },
- { NULL }
-};
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM module tester
-
- Copyright (C) 2002 Jelmer Vernooij
-
- Parts of the code stolen from vfstest by Simo Sorce and Eric Lorimer
- Parts of the code stolen from rpcclient by Tim Potter
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "samtest.h"
-
-struct func_entry {
- char *name;
- int (*fn)(struct connection_struct *conn, const char *path);
-};
-
-/* List to hold groups of commands */
-static struct cmd_list {
- struct cmd_list *prev, *next;
- struct cmd_set *cmd_set;
-} *cmd_list;
-
-static char* next_command (char** cmdstr)
-{
- static pstring command;
- char *p;
-
- if (!cmdstr || !(*cmdstr))
- return NULL;
-
- p = strchr_m(*cmdstr, ';');
- if (p)
- *p = '\0';
- pstrcpy(command, *cmdstr);
- *cmdstr = p;
-
- return command;
-}
-
-/* Load specified configuration file */
-static NTSTATUS cmd_conf(struct samtest_state *sam, TALLOC_CTX *mem_ctx,
- int argc, char **argv)
-{
- if (argc != 2) {
- printf("Usage: %s <smb.conf>\n", argv[0]);
- return NT_STATUS_OK;
- }
-
- if (!lp_load(argv[1], False, True, False)) {
- printf("Error loading \"%s\"\n", argv[1]);
- return NT_STATUS_OK;
- }
-
- printf("\"%s\" successfully loaded\n", argv[1]);
- return NT_STATUS_OK;
-}
-
-/* Display help on commands */
-static NTSTATUS cmd_help(struct samtest_state *st, TALLOC_CTX *mem_ctx,
- int argc, char **argv)
-{
- struct cmd_list *tmp;
- struct cmd_set *tmp_set;
-
- /* Usage */
- if (argc > 2) {
- printf("Usage: %s [command]\n", argv[0]);
- return NT_STATUS_OK;
- }
-
- /* Help on one command */
-
- if (argc == 2) {
- for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
- tmp_set = tmp->cmd_set;
-
- while(tmp_set->name) {
- if (strequal(argv[1], tmp_set->name)) {
- if (tmp_set->usage &&
- tmp_set->usage[0])
- printf("%s\n", tmp_set->usage);
- else
- printf("No help for %s\n", tmp_set->name);
-
- return NT_STATUS_OK;
- }
-
- tmp_set++;
- }
- }
-
- printf("No such command: %s\n", argv[1]);
- return NT_STATUS_OK;
- }
-
- /* List all commands */
-
- for (tmp = cmd_list; tmp; tmp = tmp->next) {
-
- tmp_set = tmp->cmd_set;
-
- while(tmp_set->name) {
-
- printf("%20s\t%s\n", tmp_set->name,
- tmp_set->description ? tmp_set->description:
- "");
-
- tmp_set++;
- }
- }
-
- return NT_STATUS_OK;
-}
-
-/* Change the debug level */
-static NTSTATUS cmd_debuglevel(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- if (argc > 2) {
- printf("Usage: %s [debuglevel]\n", argv[0]);
- return NT_STATUS_OK;
- }
-
- if (argc == 2) {
- DEBUGLEVEL = atoi(argv[1]);
- }
-
- printf("debuglevel is %d\n", DEBUGLEVEL);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS cmd_quit(struct samtest_state *st, TALLOC_CTX *mem_ctx, int argc, char **argv)
-{
- /* Cleanup */
- talloc_destroy(mem_ctx);
-
- exit(0);
- return NT_STATUS_OK; /* NOTREACHED */
-}
-
-static struct cmd_set samtest_commands[] = {
-
- { "GENERAL OPTIONS" },
-
- { "help", cmd_help, "Get help on commands", "" },
- { "?", cmd_help, "Get help on commands", "" },
- { "conf", cmd_conf, "Load smb configuration file", "conf <smb.conf>" },
- { "debuglevel", cmd_debuglevel, "Set debug level", "" },
- { "exit", cmd_quit, "Exit program", "" },
- { "quit", cmd_quit, "Exit program", "" },
-
- { NULL }
-};
-
-static struct cmd_set separator_command[] = {
- { "---------------", NULL, "----------------------" },
- { NULL }
-};
-
-
-/*extern struct cmd_set sam_commands[];*/
-extern struct cmd_set sam_general_commands[];
-extern struct cmd_set sam_domain_commands[];
-extern struct cmd_set sam_account_commands[];
-extern struct cmd_set sam_group_commands[];
-static struct cmd_set *samtest_command_list[] = {
- samtest_commands,
- sam_general_commands,
- sam_domain_commands,
- sam_account_commands,
- sam_group_commands,
- NULL
-};
-
-static void add_command_set(struct cmd_set *cmd_set)
-{
- struct cmd_list *entry;
-
- if (!(entry = (struct cmd_list *)malloc(sizeof(struct cmd_list)))) {
- DEBUG(0, ("out of memory\n"));
- return;
- }
-
- ZERO_STRUCTP(entry);
-
- entry->cmd_set = cmd_set;
- DLIST_ADD(cmd_list, entry);
-}
-
-static NTSTATUS do_cmd(struct samtest_state *st, struct cmd_set *cmd_entry, char *cmd)
-{
- char *p = cmd, **argv = NULL;
- NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
- TALLOC_CTX *mem_ctx = NULL;
- pstring buf;
- int argc = 0, i;
-
- /* Count number of arguments first time through the loop then
- allocate memory and strdup them. */
-
- again:
- while(next_token(&p, buf, " ", sizeof(buf))) {
- if (argv) {
- argv[argc] = strdup(buf);
- }
-
- argc++;
- }
-
- if (!argv) {
-
- /* Create argument list */
-
- argv = (char **)malloc(sizeof(char *) * argc);
- memset(argv, 0, sizeof(char *) * argc);
-
- if (!argv) {
- fprintf(stderr, "out of memory\n");
- result = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- p = cmd;
- argc = 0;
-
- goto again;
- }
-
- /* Call the function */
-
- if (cmd_entry->fn) {
-
- if (mem_ctx == NULL) {
- /* Create mem_ctx */
- if (!(mem_ctx = talloc_init())) {
- DEBUG(0, ("talloc_init() failed\n"));
- goto done;
- }
- }
-
- /* Run command */
- result = cmd_entry->fn(st, mem_ctx, argc, argv);
-
- } else {
- fprintf (stderr, "Invalid command\n");
- goto done;
- }
-
- done:
-
- /* Cleanup */
-
- if (argv) {
- for (i = 0; i < argc; i++)
- SAFE_FREE(argv[i]);
-
- SAFE_FREE(argv);
- }
-
- return result;
-}
-
-/* Process a command entered at the prompt or as part of -c */
-static NTSTATUS process_cmd(struct samtest_state *st, char *cmd)
-{
- struct cmd_list *temp_list;
- BOOL found = False;
- pstring buf;
- char *p = cmd;
- NTSTATUS result = NT_STATUS_OK;
- int len = 0;
-
- if (cmd[strlen(cmd) - 1] == '\n')
- cmd[strlen(cmd) - 1] = '\0';
-
- if (!next_token(&p, buf, " ", sizeof(buf))) {
- return NT_STATUS_OK;
- }
-
- /* strip the trainly \n if it exsists */
- len = strlen(buf);
- if (buf[len-1] == '\n')
- buf[len-1] = '\0';
-
- /* Search for matching commands */
-
- for (temp_list = cmd_list; temp_list; temp_list = temp_list->next) {
- struct cmd_set *temp_set = temp_list->cmd_set;
-
- while(temp_set->name) {
- if (strequal(buf, temp_set->name)) {
- found = True;
- result = do_cmd(st, temp_set, cmd);
-
- goto done;
- }
- temp_set++;
- }
- }
-
- done:
- if (!found && buf[0]) {
- printf("command not found: %s\n", buf);
- return NT_STATUS_OK;
- }
-
- if (!NT_STATUS_IS_OK(result)) {
- printf("result was %s\n", nt_errstr(result));
- }
-
- return result;
-}
-
-void exit_server(char *reason)
-{
- DEBUG(3,("Server exit (%s)\n", (reason ? reason : "")));
- exit(0);
-}
-
-static int server_fd = -1;
-int last_message = -1;
-
-int smbd_server_fd(void)
-{
- return server_fd;
-}
-
-BOOL reload_services(BOOL test)
-{
- return True;
-}
-
-/* Main function */
-
-int main(int argc, char *argv[])
-{
- BOOL interactive = True;
- int opt;
- static char *cmdstr = "";
- static char *opt_logfile=NULL;
- static char *config_file = dyn_CONFIGFILE;
- pstring logfile;
- struct cmd_set **cmd_set;
- struct samtest_state st;
-
- /* make sure the vars that get altered (4th field) are in
- a fixed location or certain compilers complain */
- poptContext pc;
- struct poptOption long_options[] = {
- POPT_AUTOHELP
- { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_debug },
- {"command", 'e', POPT_ARG_STRING, &cmdstr, 'e', "Execute semicolon seperated cmds"},
- {"logfile", 'l', POPT_ARG_STRING, &opt_logfile, 'l', "Logfile to use instead of stdout"},
- {"configfile", 'c', POPT_ARG_STRING, &config_file, 0,"use different configuration file",NULL},
- { 0, 0, 0, 0}
- };
-
- ZERO_STRUCT(st);
-
- st.token = get_system_token();
-
- setlinebuf(stdout);
-
- DEBUGLEVEL = 1;
-
- pc = poptGetContext("samtest", argc, (const char **) argv,
- long_options, 0);
-
- while((opt = poptGetNextOpt(pc)) != -1) {
- switch (opt) {
- case 'l':
- slprintf(logfile, sizeof(logfile) - 1, "%s.client",
- opt_logfile);
- lp_set_logfile(logfile);
- interactive = False;
- break;
- }
- }
-
- if (!lp_load(config_file,True,False,False)) {
- fprintf(stderr, "Can't load %s - run testparm to debug it\n", config_file);
- exit(1);
- }
-
- poptFreeContext(pc);
-
- /* the following functions are part of the Samba debugging
- facilities. See lib/debug.c */
- setup_logging("samtest", interactive);
- if (!interactive)
- reopen_logs();
-
- /* Load command lists */
-
- cmd_set = samtest_command_list;
-
- while(*cmd_set) {
- add_command_set(*cmd_set);
- add_command_set(separator_command);
- cmd_set++;
- }
-
- /* Do anything specified with -c */
- if (cmdstr[0]) {
- char *cmd;
- char *p = cmdstr;
-
- while((cmd=next_command(&p)) != NULL) {
- process_cmd(&st, cmd);
- }
-
- return 0;
- }
-
- /* Loop around accepting commands */
-
- while(1) {
- pstring prompt;
- char *line;
-
- slprintf(prompt, sizeof(prompt) - 1, "samtest $> ");
-
- line = smb_readline(prompt, NULL, NULL);
-
- if (line == NULL)
- break;
-
- if (line[0] != '\n')
- process_cmd(&st, line);
- }
-
- return 0;
-}
return 0;
}
-static uint32 get_maxrid(void)
-{
- SAM_ACCOUNT *pwd = NULL;
- uint32 max_rid = 0;
- GROUP_MAP *map = NULL;
- int num_entries = 0;
- int i;
-
- if (!pdb_setsampwent(False)) {
- DEBUG(0, ("load_sampwd_entries: Unable to open passdb.\n"));
- return 0;
- }
-
- for (; (NT_STATUS_IS_OK(pdb_init_sam(&pwd)))
- && pdb_getsampwent(pwd) == True; pwd=NULL) {
- uint32 rid;
-
- if (!sid_peek_rid(pdb_get_user_sid(pwd), &rid)) {
- DEBUG(0, ("can't get RID for user '%s'\n",
- pdb_get_username(pwd)));
- pdb_free_sam(&pwd);
- continue;
- }
-
- if (rid > max_rid)
- max_rid = rid;
-
- DEBUG(1,("%d is user '%s'\n", rid, pdb_get_username(pwd)));
- pdb_free_sam(&pwd);
- }
-
- pdb_endsampwent();
- pdb_free_sam(&pwd);
-
- if (!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries,
- ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
- return max_rid;
-
- for (i = 0; i < num_entries; i++) {
- uint32 rid;
-
- if (!sid_peek_check_rid(get_global_sam_sid(), &map[i].sid,
- &rid)) {
- DEBUG(3, ("skipping map for group '%s', SID %s\n",
- map[i].nt_name,
- sid_string_static(&map[i].sid)));
- continue;
- }
- DEBUG(1,("%d is group '%s'\n", rid, map[i].nt_name));
-
- if (rid > max_rid)
- max_rid = rid;
- }
-
- SAFE_FREE(map);
-
- return max_rid;
-}
-
-static int net_maxrid(int argc, const char **argv)
-{
- uint32 rid;
-
- if (argc != 0) {
- DEBUG(0, ("usage: net initrid\n"));
- return 1;
- }
-
- if ((rid = get_maxrid()) == 0) {
- DEBUG(0, ("can't get current maximum rid\n"));
- return 1;
- }
-
- d_printf("Currently used maximum rid: %d\n", rid);
-
- return 0;
-}
-
/* main function table */
static struct functable net_func[] = {
{"RPC", net_rpc},
{"GETLOCALSID", net_getlocalsid},
{"SETLOCALSID", net_setlocalsid},
{"GETDOMAINSID", net_getdomainsid},
- {"MAXRID", net_maxrid},
{"HELP", net_help},
{NULL, NULL}
};
/* SamrConnect */
- nt_status = cli_samr_connect(cli, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
+ nt_status = cli_samr_connect(cli, mem_ctx, SAMR_ACCESS_OPEN_DOMAIN,
&connect_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
/* SamrOpenDomain - we have to open domain policy handle in order to be
able to enumerate accounts*/
nt_status = cli_samr_open_domain(cli, mem_ctx, &connect_hnd,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ DOMAIN_ACCESS_ENUM_ACCOUNTS,
&queried_dom_sid, &domain_hnd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open domain object. Error was %s\n",
static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds)
{
- unsigned sync_context = 0;
+ unsigned last_rid = -1;
NTSTATUS result;
int i;
TALLOC_CTX *mem_ctx;
d_printf("Dumping database %u\n", db_type);
do {
- result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type,
- sync_context,
+ result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, last_rid+1,
&num_deltas, &hdr_deltas, &deltas);
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds);
+ last_rid = 0;
for (i = 0; i < num_deltas; i++) {
display_sam_entry(&hdr_deltas[i], &deltas[i]);
+ last_rid = hdr_deltas[i].target_rid;
}
- sync_context += 1;
- } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+ } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
talloc_destroy(mem_ctx);
}
desc, workstations, profile. */
unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1);
- pdb_set_nt_username(account, s, PDB_CHANGED);
+ pdb_set_nt_username(account, s);
/* Unix username is the same - for sainity */
- pdb_set_username(account, s, PDB_CHANGED);
+ pdb_set_username(account, s);
unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1);
- pdb_set_fullname(account, s, PDB_CHANGED);
+ pdb_set_fullname(account, s);
unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1);
- pdb_set_homedir(account, s, PDB_CHANGED);
+ pdb_set_homedir(account, s, True);
unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1);
- pdb_set_dir_drive(account, s, PDB_CHANGED);
+ pdb_set_dir_drive(account, s, True);
unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1);
- pdb_set_logon_script(account, s, PDB_CHANGED);
+ pdb_set_logon_script(account, s, True);
unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1);
- pdb_set_acct_desc(account, s, PDB_CHANGED);
+ pdb_set_acct_desc(account, s);
unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1);
- pdb_set_workstations(account, s, PDB_CHANGED);
+ pdb_set_workstations(account, s);
unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1);
- pdb_set_profile_path(account, s, PDB_CHANGED);
+ pdb_set_profile_path(account, s, True);
/* User and group sid */
- pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED);
- pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED);
+ pdb_set_user_sid_from_rid(account, delta->user_rid);
+ pdb_set_group_sid_from_rid(account, delta->group_rid);
/* Logon and password information */
- pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED);
+ pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True);
pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time),
- PDB_CHANGED);
- pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED);
+ True);
+ pdb_set_logon_divs(account, delta->logon_divs);
/* TODO: logon hours */
/* TODO: bad password count */
/* TODO: logon count */
pdb_set_pass_last_set_time(
- account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED);
+ account, nt_time_to_unix(&delta->pwd_last_set_time));
- pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED);
+ pdb_set_kickoff_time(account, get_time_t_max(), True);
/* Decode hashes from password hash */
sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
- pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
- pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
+ pdb_set_nt_passwd(account, nt_passwd);
+ pdb_set_lanman_passwd(account, lm_passwd);
/* TODO: account expiry time */
- pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED);
+ pdb_set_acct_ctrl(account, delta->acb_info);
return NT_STATUS_OK;
}
pdb_update_sam_account(sam_account);
}
- if (!pdb_getgrsid(&map, *pdb_get_group_sid(sam_account), False)) {
+ if (!get_group_map_from_sid(*pdb_get_group_sid(sam_account),
+ &map, False)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
pdb_free_sam(&sam_account);
DOM_SID group_sid;
fstring sid_string;
GROUP_MAP map;
- BOOL insert = True;
+ int flag = TDB_INSERT;
unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1);
sid_append_rid(&group_sid, rid);
sid_to_string(sid_string, &group_sid);
- if (pdb_getgrsid(&map, group_sid, False)) {
+ if (get_group_map_from_sid(group_sid, &map, False)) {
grp = getgrgid(map.gid);
- insert = False;
+ flag = 0; /* Don't TDB_INSERT, mapping exists */
}
if (grp == NULL)
map.priv_set.count = 0;
map.priv_set.set = NULL;
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
+ add_mapping_entry(&map, flag);
return NT_STATUS_OK;
}
DOM_SID alias_sid;
fstring sid_string;
GROUP_MAP map;
- BOOL insert = True;
+ int insert_flag = TDB_INSERT;
unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1);
sid_append_rid(&alias_sid, rid);
sid_to_string(sid_string, &alias_sid);
- if (pdb_getgrsid(&map, alias_sid, False)) {
+ if (get_group_map_from_sid(alias_sid, &map, False)) {
grp = getgrgid(map.gid);
- insert = False;
+ insert_flag = 0; /* Don't TDB_INSERT, mapping exists */
}
if (grp == NULL) {
map.priv_set.count = 0;
map.priv_set.set = NULL;
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
+ add_mapping_entry(&map, insert_flag);
return NT_STATUS_OK;
}
fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds,
DOM_SID dom_sid)
{
- unsigned sync_context = 0;
+ unsigned last_rid = -1;
NTSTATUS result;
int i;
TALLOC_CTX *mem_ctx;
do {
result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds,
- db_type, sync_context,
+ db_type, last_rid+1,
&num_deltas,
&hdr_deltas, &deltas);
clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred),
ret_creds);
+ last_rid = 0;
for (i = 0; i < num_deltas; i++) {
fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid);
+ last_rid = hdr_deltas[i].target_rid;
}
- sync_context += 1;
- } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+ } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
talloc_destroy(mem_ctx);
}
}
if (fullname)
- pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
+ pdb_set_fullname(sam_pwent, fullname);
if (homedir)
- pdb_set_homedir(sam_pwent, homedir, PDB_CHANGED);
+ pdb_set_homedir(sam_pwent, homedir, True);
if (drive)
- pdb_set_dir_drive(sam_pwent,drive, PDB_CHANGED);
+ pdb_set_dir_drive(sam_pwent,drive, True);
if (script)
- pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
+ pdb_set_logon_script(sam_pwent, script, True);
if (profile)
- pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
+ pdb_set_profile_path (sam_pwent, profile, True);
if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
print_user_info (in, username, True, False);
} else {
fprintf (stderr, "WARNING: user %s does not exist in system passwd\n", username);
pdb_init_sam(&sam_pwent);
- if (!pdb_set_username(sam_pwent, username, PDB_CHANGED)) {
+ if (!pdb_set_username(sam_pwent, username)) {
return False;
}
}
SAFE_FREE(password2);
if (fullname)
- pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
+ pdb_set_fullname(sam_pwent, fullname);
if (homedir)
- pdb_set_homedir (sam_pwent, homedir, PDB_CHANGED);
+ pdb_set_homedir (sam_pwent, homedir, True);
if (drive)
- pdb_set_dir_drive (sam_pwent, drive, PDB_CHANGED);
+ pdb_set_dir_drive (sam_pwent, drive, True);
if (script)
- pdb_set_logon_script(sam_pwent, script, PDB_CHANGED);
+ pdb_set_logon_script(sam_pwent, script, True);
if (profile)
- pdb_set_profile_path (sam_pwent, profile, PDB_CHANGED);
+ pdb_set_profile_path (sam_pwent, profile, True);
- pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL, PDB_CHANGED);
+ pdb_set_acct_ctrl (sam_pwent, ACB_NORMAL);
if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) {
print_user_info (in, username, True, False);
pdb_set_plaintext_passwd (sam_pwent, password);
- pdb_set_username (sam_pwent, name, PDB_CHANGED);
+ pdb_set_username (sam_pwent, name);
- pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST, PDB_CHANGED);
+ pdb_set_acct_ctrl (sam_pwent, ACB_WSTRUST);
- pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS, PDB_CHANGED);
+ pdb_set_group_sid_from_rid(sam_pwent, DOMAIN_GROUP_RID_COMPUTERS);
if (NT_STATUS_IS_OK(in->pdb_add_sam_account (in, sam_pwent))) {
print_user_info (in, name, True, False);
if (StrnCaseCmp( input, "S-", 2)) {
/* Perhaps its the NT group name? */
- if (!pdb_getgrnam(&map, input, MAPPING_WITHOUT_PRIV)) {
+ if (!get_group_map_from_ntname(input, &map, MAPPING_WITHOUT_PRIV)) {
printf("NT Group %s doesn't exist in mapping DB\n", input);
return False;
} else {
}
/* Get the current mapping from the database */
- if(!pdb_getgrsid(&map, sid, MAPPING_WITH_PRIV)) {
+ if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) {
printf("This SID does not exist in the database\n");
return -1;
}
if (privilege!=NULL)
convert_priv_from_text(&map.priv_set, privilege);
- if (!pdb_add_group_mapping_entry(&map)) {
+ if (!add_mapping_entry(&map, TDB_REPLACE)) {
printf("Count not update group database\n");
free_privilege(&map.priv_set);
return -1;
return -1;
}
- if(!pdb_delete_group_mapping_entry(sid)) {
+ if(!group_map_remove(sid)) {
printf("removing group %s from the mapping db failed!\n", group);
return -1;
}
if (!long_list)
printf("NT group (SID) -> Unix group\n");
- if (!pdb_enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
+ if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
return -1;
for (i=0; i<entries; i++) {
/* Now determine smb.conf WINS settings */
if (lp_wins_support())
winstype = 1;
- if (lp_wins_server_list() && strlen(*lp_wins_server_list()))
- winstype = 2;
-
+/* if (strlen(lp_wins_server_list()) != 0 )
+ * winstype = 2;
+ */
/* Do we have a homes share? */
have_home = lp_servicenumber(HOMES_NAME);
<li><b>Books</b>
<ul>
<li><a href="/swat/using_samba/index.html" target="docs">Using Samba</a> - by Robert Eckstein, David Collier-Brown and Peter Kelly
- <li><a href="/swat/help/Samba-HOWTO.html">The Samba HOWTO Collection</a>
+ </ul>
+ <li><b>Samba HOWTO Collection</b></li>
+ <ul>
+ <li><a href="/swat/help/Samba-HOWTO-Collection.html">Entire Collection (one file)</a>
+ <li><a href="/swat/help/DOMAIN_MEMBER.html">security = domain in Samba 2.x</a>
+ <li><a href="/swat/help/winbind.html">Unified Logons between Windows NT and UNIX Using Winbind</a>
+ <li><a href="/swat/help/msdfs_setup.html">Setting Samba as an MS-DFS server</a>
+ <li><a href="/swat/help/NT_Security.html">UNIX Permission Bits and Samba 2.x</a>
+ <li><a href="/swat/help/OS2-Client-HOWTO.html">OS/2 Clients and Samba</a>
+ <li><a href="/swat/help/printer_driver2.html">Printing under Samba 2.2.x</a>
+ <li><a href="/swat/help/UNIX_INSTALL.html">HOWTO Install and Test Samba</a>
+ <li><a href="/swat/help/Integrating-with-Windows.html">Integrating Name Resolution and Authentication Services</a>
+ <li><a href="/swat/help/CVS-Access.html">CVS Access to Samba code</a>
</ul>
</ul>
git.samba.org / vlendec / samba-autobuild / .git / commitdiff