1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Merge branch 'master' of ssh://git.samba.org/data/git/samba into displaysec

This commit is contained in:
Jelmer Vernooij 2009-03-26 15:28:18 +01:00
commit 30a3dec549
22 changed files with 235 additions and 573 deletions

View File

@ -124,6 +124,7 @@ static const struct werror_code_struct dos_errs[] =
{ "WERR_DS_DRA_DB_ERROR", WERR_DS_DRA_DB_ERROR },
{ "WERR_DS_DRA_NO_REPLICA", WERR_DS_DRA_NO_REPLICA },
{ "WERR_DS_DRA_ACCESS_DENIED", WERR_DS_DRA_ACCESS_DENIED },
{ "WERR_DS_DRA_SOURCE_DISABLED", WERR_DS_DRA_SOURCE_DISABLED },
{ "WERR_DS_DNS_LOOKUP_FAILURE", WERR_DS_DNS_LOOKUP_FAILURE },
{ "WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX", WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX },
{ "WERR_DS_NO_MSDS_INTID", WERR_DS_NO_MSDS_INTID },

View File

@ -248,6 +248,7 @@ typedef uint32_t WERROR;
#define WERR_DS_DRA_DB_ERROR W_ERROR(0x00002103)
#define WERR_DS_DRA_NO_REPLICA W_ERROR(0x00002104)
#define WERR_DS_DRA_ACCESS_DENIED W_ERROR(0x00002105)
#define WERR_DS_DRA_SOURCE_DISABLED W_ERROR(0x00002108)
#define WERR_DS_DNS_LOOKUP_FAILURE W_ERROR(0x0000214c)
#define WERR_DS_WRONG_LINKED_ATTRIBUTE_SYNTAX W_ERROR(0x00002150)
#define WERR_DS_NO_MSDS_INTID W_ERROR(0x00002194)

View File

@ -319,7 +319,7 @@ RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
# this includes only the low level parse code, not stuff
# that requires knowledge of security contexts
RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0) rpc_parse/parse_sec.o
RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0)
RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o \
rpc_client/init_netlogon.o \
@ -1442,19 +1442,19 @@ bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHAR
@$(CC) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @BUILD_POPT@
bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ)
@echo Linking $@
@$(CC) -o $@ $(CIFS_MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
@$(CC) -o $@ $(CIFS_MOUNT_OBJ) $(DYNEXP) $(LDFLAGS)
bin/umount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @BUILD_POPT@
bin/umount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ)
@echo Linking $@
@$(CC) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
@$(CC) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS)
bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
bin/cifs.upcall@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking $@
@$(CC) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
$(LDAP_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
$(LIBTDB_LIBS) $(NSCD_LIBS)
bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
@ -1618,37 +1618,37 @@ bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @L
@echo Linking $@
@$(CC) -o $@ $(LDBEDIT_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking $@
@$(CC) -o $@ $(LDBSEARCH_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking $@
@$(CC) -o $@ $(LDBADD_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking $@
@$(CC) -o $@ $(LDBMODIFY_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking $@
@$(CC) -o $@ $(LDBDEL_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
bin/ldbrename: $(BINARY_PREREQS) $(LDBRENAME_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(LDBRENAME_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
bin/versiontest: $(BINARY_PREREQS) lib/version_test.o $(VERSION_OBJ)
@echo Linking $@
@ -2661,7 +2661,7 @@ bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@ @LIBTDB_SHARED@
@echo "Linking shared library $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \
$(LIBS) $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \
$(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@

View File

@ -5693,10 +5693,8 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli,
bool smb_io_time(const char *desc, NTTIME *nttime, prs_struct *ps, int depth);
bool smb_io_system_time(const char *desc, prs_struct *ps, int depth, SYSTEMTIME *systime);
bool make_systemtime(SYSTEMTIME *systime, struct tm *unixtime);
bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth);
bool smb_io_uuid(const char *desc, struct GUID *uuid,
prs_struct *ps, int depth);
void init_unistr(UNISTR *str, const char *buf);
void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags);
/* The following definitions come from rpc_parse/parse_prs.c */
@ -5818,11 +5816,6 @@ bool smb_io_rpc_auth_schannel_chk(const char *desc, int auth_len,
RPC_AUTH_SCHANNEL_CHK * chk,
prs_struct *ps, int depth);
/* The following definitions come from rpc_parse/parse_sec.c */
bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth);
bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth);
/* The following definitions come from rpc_server/srv_eventlog_lib.c */
TDB_CONTEXT *elog_init_tdb( char *tdbfilename );

View File

@ -207,6 +207,13 @@ static void avahi_timeout_update(AvahiTimeout *t, const struct timeval *tv)
{
TALLOC_FREE(t->te);
if (tv == NULL) {
/*
* Disable this timer
*/
return;
}
t->te = tevent_add_timer(t->ctx->ev, t, *tv, avahi_timeout_handler, t);
/*
* No failure mode defined here

View File

@ -57,6 +57,11 @@ static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
false, false,
PROTOCOL_NT1,
0, 0x20);
if (cli_ipc) {
cli_set_username(cli_ipc, ctx->username);
cli_set_password(cli_ipc, ctx->password);
cli_set_domain(cli_ipc, ctx->workgroup);
}
TALLOC_FREE(auth_info);
if (!cli_ipc) {

View File

@ -1497,6 +1497,9 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
NTSTATUS status = NT_STATUS_OK;
WERROR werr;
WERROR werr_tmp;
*r->out.entries_read = 0;
ZERO_STRUCT(connect_handle);
ZERO_STRUCT(domain_handle);
@ -1540,15 +1543,18 @@ WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
&total_size,
&returned_size,
&info);
if (!NT_STATUS_IS_OK(status)) {
werr = ntstatus_to_werror(status);
werr = ntstatus_to_werror(status);
if (NT_STATUS_IS_ERR(status)) {
goto done;
}
werr = convert_samr_dispinfo_to_NET_DISPLAY(ctx, &info,
r->in.level,
r->out.entries_read,
r->out.buffer);
werr_tmp = convert_samr_dispinfo_to_NET_DISPLAY(ctx, &info,
r->in.level,
r->out.entries_read,
r->out.buffer);
if (!W_ERROR_IS_OK(werr_tmp)) {
werr = werr_tmp;
}
done:
/* if last query */
if (NT_STATUS_IS_OK(status) ||

View File

@ -39,7 +39,7 @@ static char *file_pload(const char *syscmd, size_t *size)
total = 0;
while ((n = read(fd, buf, sizeof(buf))) > 0) {
p = (char *)SMB_REALLOC(p, total + n + 1);
p = talloc_realloc(NULL, p, char, total + n + 1);
if (!p) {
DEBUG(0,("file_pload: failed to expand buffer!\n"));
close(fd);

View File

@ -887,7 +887,8 @@ struct share_mode_lock *fetch_share_mode_unlocked(TALLOC_CTX *mem_ctx,
}
if (!fill_share_mode_lock(lck, id, servicepath, fname, data, NULL)) {
DEBUG(3, ("fill_share_mode_lock failed\n"));
DEBUG(10, ("fetch_share_mode_unlocked: no share_mode record "
"around (file not open)\n"));
TALLOC_FREE(lck);
return NULL;
}

View File

@ -712,8 +712,30 @@ static bool hbin_prs_sk_rec( const char *desc, REGF_HBIN *hbin, int depth, REGF_
if ( !prs_uint32( "size", ps, depth, &sk->size))
return False;
if ( !sec_io_desc( "sec_desc", &sk->sec_desc, ps, depth ))
return False;
{
NTSTATUS status;
TALLOC_CTX *mem_ctx = prs_get_mem_context(&hbin->ps);
DATA_BLOB blob;
if (MARSHALLING(&hbin->ps)) {
status = marshall_sec_desc(mem_ctx,
sk->sec_desc,
&blob.data, &blob.length);
if (!NT_STATUS_IS_OK(status))
return False;
if (!prs_copy_data_in(&hbin->ps, (const char *)blob.data, blob.length))
return False;
} else {
blob = data_blob_const(prs_data_p(&hbin->ps),
prs_data_size(&hbin->ps));
status = unmarshall_sec_desc(mem_ctx,
blob.data, blob.length,
&sk->sec_desc);
if (!NT_STATUS_IS_OK(status))
return False;
prs_set_offset(&hbin->ps, blob.length);
}
}
end_off = prs_offset( &hbin->ps );

View File

@ -100,44 +100,6 @@ bool make_systemtime(SYSTEMTIME *systime, struct tm *unixtime)
return True;
}
/*******************************************************************
Reads or writes a DOM_SID structure.
********************************************************************/
bool smb_io_dom_sid(const char *desc, DOM_SID *sid, prs_struct *ps, int depth)
{
int i;
if (sid == NULL)
return False;
prs_debug(ps, depth, desc, "smb_io_dom_sid");
depth++;
if(!prs_uint8 ("sid_rev_num", ps, depth, &sid->sid_rev_num))
return False;
if(!prs_uint8 ("num_auths ", ps, depth, (uint8 *)&sid->num_auths))
return False;
for (i = 0; i < 6; i++)
{
fstring tmp;
slprintf(tmp, sizeof(tmp) - 1, "id_auth[%d] ", i);
if(!prs_uint8 (tmp, ps, depth, &sid->id_auth[i]))
return False;
}
/* oops! XXXX should really issue a warning here... */
if (sid->num_auths > MAXSUBAUTHS)
sid->num_auths = MAXSUBAUTHS;
if(!prs_uint32s(False, "sub_auths ", ps, depth, sid->sub_auths, sid->num_auths))
return False;
return True;
}
/*******************************************************************
Reads or writes a struct GUID
********************************************************************/
@ -166,25 +128,6 @@ bool smb_io_uuid(const char *desc, struct GUID *uuid,
return True;
}
/*******************************************************************
Inits a UNISTR structure.
********************************************************************/
void init_unistr(UNISTR *str, const char *buf)
{
size_t len;
if (buf == NULL) {
str->buffer = NULL;
return;
}
len = rpcstr_push_talloc(talloc_tos(), &str->buffer, buf);
if (len == (size_t)-1) {
str->buffer = NULL;
}
}
/*******************************************************************
Inits a UNISTR2 structure.
********************************************************************/

View File

@ -1,436 +0,0 @@
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-1998,
* Copyright (C) Jeremy R. Allison 1995-2005.
* Copyright (C) Luke Kenneth Casson Leighton 1996-1998,
* Copyright (C) Paul Ashton 1997-1998.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_PARSE
/*******************************************************************
Reads or writes a SEC_ACE structure.
********************************************************************/
static bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps,
int depth)
{
uint32 old_offset;
uint32 offset_ace_size;
uint8 type;
if (psa == NULL)
return False;
prs_debug(ps, depth, desc, "sec_io_ace");
depth++;
old_offset = prs_offset(ps);
if (MARSHALLING(ps)) {
type = (uint8)psa->type;
}
if(!prs_uint8("type ", ps, depth, &type))
return False;
if (UNMARSHALLING(ps)) {
psa->type = (enum security_ace_type)type;
}
if(!prs_uint8("flags", ps, depth, &psa->flags))
return False;
if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_ace_size))
return False;
if(!prs_uint32("access_mask", ps, depth, &psa->access_mask))
return False;
/* check whether object access is present */
if (!sec_ace_object(psa->type)) {
if (!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
return False;
} else {
if (!prs_uint32("obj_flags", ps, depth, &psa->object.object.flags))
return False;
if (psa->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT)
if (!smb_io_uuid("obj_guid", &psa->object.object.type.type, ps,depth))
return False;
if (psa->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)
if (!smb_io_uuid("inh_guid", &psa->object.object.inherited_type.inherited_type, ps,depth))
return False;
if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
return False;
}
/* Theorectically an ACE can have a size greater than the
sum of its components. When marshalling, pad with extra null bytes up to the
correct size. */
if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) {
uint32 extra_len = psa->size - (prs_offset(ps) - old_offset);
uint32 i;
uint8 c = 0;
for (i = 0; i < extra_len; i++) {
if (!prs_uint8("ace extra space", ps, depth, &c))
return False;
}
}
if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset))
return False;
return True;
}
/*******************************************************************
Reads or writes a SEC_ACL structure.
First of the xx_io_xx functions that allocates its data structures
for you as it reads them.
********************************************************************/
static bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps,
int depth)
{
unsigned int i;
uint32 old_offset;
uint32 offset_acl_size;
SEC_ACL *psa;
uint16 revision;
/*
* Note that the size is always a multiple of 4 bytes due to the
* nature of the data structure. Therefore the prs_align() calls
* have been removed as they through us off when doing two-layer
* marshalling such as in the printing code (RPC_BUFFER). --jerry
*/
if (ppsa == NULL)
return False;
psa = *ppsa;
if(UNMARSHALLING(ps) && psa == NULL) {
/*
* This is a read and we must allocate the stuct to read into.
*/
if((psa = PRS_ALLOC_MEM(ps, SEC_ACL, 1)) == NULL)
return False;
*ppsa = psa;
}
prs_debug(ps, depth, desc, "sec_io_acl");
depth++;
old_offset = prs_offset(ps);
if (MARSHALLING(ps)) {
revision = (uint16)psa->revision;
}
if(!prs_uint16("revision", ps, depth, &revision))
return False;
if (UNMARSHALLING(ps)) {
psa->revision = (enum security_acl_revision)revision;
}
if(!prs_uint16_pre("size ", ps, depth, &psa->size, &offset_acl_size))
return False;
if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces))
return False;
if (UNMARSHALLING(ps)) {
if (psa->num_aces) {
if((psa->aces = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces)) == NULL)
return False;
} else {
psa->aces = NULL;
}
}
for (i = 0; i < psa->num_aces; i++) {
fstring tmp;
slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i);
if(!sec_io_ace(tmp, &psa->aces[i], ps, depth))
return False;
}
/* Theorectically an ACL can have a size greater than the
sum of its components. When marshalling, pad with extra null bytes up to the
correct size. */
if (MARSHALLING(ps) && (psa->size > prs_offset(ps) - old_offset)) {
uint32 extra_len = psa->size - (prs_offset(ps) - old_offset);
uint8 c = 0;
for (i = 0; i < extra_len; i++) {
if (!prs_uint8("acl extra space", ps, depth, &c))
return False;
}
}
if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset))
return False;
return True;
}
/*******************************************************************
Reads or writes a SEC_DESC structure.
If reading and the *ppsd = NULL, allocates the structure.
********************************************************************/
bool sec_io_desc(const char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
{
uint32 old_offset;
uint32 max_offset = 0; /* after we're done, move offset to end */
uint32 tmp_offset = 0;
uint32 off_sacl, off_dacl, off_owner_sid, off_grp_sid;
uint16 revision;
SEC_DESC *psd;
if (ppsd == NULL)
return False;
psd = *ppsd;
if (psd == NULL) {
if(UNMARSHALLING(ps)) {
if((psd = PRS_ALLOC_MEM(ps,SEC_DESC,1)) == NULL)
return False;
*ppsd = psd;
} else {
/* Marshalling - just ignore. */
return True;
}
}
prs_debug(ps, depth, desc, "sec_io_desc");
depth++;
/* start of security descriptor stored for back-calc offset purposes */
old_offset = prs_offset(ps);
if (MARSHALLING(ps)) {
revision = (uint16)psd->revision;
}
if(!prs_uint16("revision", ps, depth, &revision))
return False;
if (UNMARSHALLING(ps)) {
psd->revision = (enum security_descriptor_revision)revision;
}
if(!prs_uint16("type ", ps, depth, &psd->type))
return False;
if (MARSHALLING(ps)) {
uint32 offset = SEC_DESC_HEADER_SIZE;
/*
* Work out the offsets here, as we write it out.
*/
if (psd->sacl != NULL) {
off_sacl = offset;
offset += psd->sacl->size;
} else {
off_sacl = 0;
}
if (psd->dacl != NULL) {
off_dacl = offset;
offset += psd->dacl->size;
} else {
off_dacl = 0;
}
if (psd->owner_sid != NULL) {
off_owner_sid = offset;
offset += ndr_size_dom_sid(psd->owner_sid, NULL, 0);
} else {
off_owner_sid = 0;
}
if (psd->group_sid != NULL) {
off_grp_sid = offset;
offset += ndr_size_dom_sid(psd->group_sid, NULL, 0);
} else {
off_grp_sid = 0;
}
}
if(!prs_uint32("off_owner_sid", ps, depth, &off_owner_sid))
return False;
if(!prs_uint32("off_grp_sid ", ps, depth, &off_grp_sid))
return False;
if(!prs_uint32("off_sacl ", ps, depth, &off_sacl))
return False;
if(!prs_uint32("off_dacl ", ps, depth, &off_dacl))
return False;
max_offset = MAX(max_offset, prs_offset(ps));
if (off_owner_sid != 0) {
tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + off_owner_sid))
return False;
if (UNMARSHALLING(ps)) {
/* reading */
if((psd->owner_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
return False;
}
if(!smb_io_dom_sid("owner_sid ", psd->owner_sid , ps, depth))
return False;
max_offset = MAX(max_offset, prs_offset(ps));
if (!prs_set_offset(ps,tmp_offset))
return False;
}
if (psd->group_sid != 0) {
tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + off_grp_sid))
return False;
if (UNMARSHALLING(ps)) {
/* reading */
if((psd->group_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
return False;
}
if(!smb_io_dom_sid("grp_sid", psd->group_sid, ps, depth))
return False;
max_offset = MAX(max_offset, prs_offset(ps));
if (!prs_set_offset(ps,tmp_offset))
return False;
}
if ((psd->type & SEC_DESC_SACL_PRESENT) && off_sacl) {
tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + off_sacl))
return False;
if(!sec_io_acl("sacl", &psd->sacl, ps, depth))
return False;
max_offset = MAX(max_offset, prs_offset(ps));
if (!prs_set_offset(ps,tmp_offset))
return False;
}
if ((psd->type & SEC_DESC_DACL_PRESENT) && off_dacl != 0) {
tmp_offset = prs_offset(ps);
if(!prs_set_offset(ps, old_offset + off_dacl))
return False;
if(!sec_io_acl("dacl", &psd->dacl, ps, depth))
return False;
max_offset = MAX(max_offset, prs_offset(ps));
if (!prs_set_offset(ps,tmp_offset))
return False;
}
if(!prs_set_offset(ps, max_offset))
return False;
return True;
}
/*******************************************************************
Reads or writes a SEC_DESC_BUF structure.
********************************************************************/
bool sec_io_desc_buf(const char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth)
{
uint32 off_len;
uint32 off_max_len;
uint32 old_offset;
uint32 size;
uint32 len;
SEC_DESC_BUF *psdb;
uint32 ptr;
if (ppsdb == NULL)
return False;
psdb = *ppsdb;
if (UNMARSHALLING(ps) && psdb == NULL) {
if((psdb = PRS_ALLOC_MEM(ps,SEC_DESC_BUF,1)) == NULL)
return False;
*ppsdb = psdb;
}
prs_debug(ps, depth, desc, "sec_io_desc_buf");
depth++;
if(!prs_align(ps))
return False;
if(!prs_uint32_pre("max_len", ps, depth, &psdb->sd_size, &off_max_len))
return False;
ptr = 1;
if(!prs_uint32 ("ptr ", ps, depth, &ptr))
return False;
len = ndr_size_security_descriptor(psdb->sd, NULL, 0);
if(!prs_uint32_pre("len ", ps, depth, &len, &off_len))
return False;
old_offset = prs_offset(ps);
/* reading, length is non-zero; writing, descriptor is non-NULL */
if ((UNMARSHALLING(ps) && psdb->sd_size != 0) || (MARSHALLING(ps) && psdb->sd != NULL)) {
if(!sec_io_desc("sec ", &psdb->sd, ps, depth))
return False;
}
if(!prs_align(ps))
return False;
size = prs_offset(ps) - old_offset;
if(!prs_uint32_post("max_len", ps, depth, &psdb->sd_size, off_max_len, size == 0 ? psdb->sd_size : size))
return False;
if(!prs_uint32_post("len ", ps, depth, &len, off_len, size))
return False;
return True;
}

View File

@ -441,6 +441,8 @@ void reply_ntcreate_and_X(struct smb_request *req)
START_PROFILE(SMBntcreateX);
SET_STAT_INVALID(sbuf);
if (req->wct < 24) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
@ -865,6 +867,8 @@ static void call_nt_transact_create(connection_struct *conn,
uint8_t oplock_granted;
TALLOC_CTX *ctx = talloc_tos();
SET_STAT_INVALID(sbuf);
DEBUG(5,("call_nt_transact_create\n"));
/*

View File

@ -1606,6 +1606,8 @@ void reply_open(struct smb_request *req)
START_PROFILE(SMBopen);
SET_STAT_INVALID(sbuf);
if (req->wct < 2) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
END_PROFILE(SMBopen);
@ -1741,6 +1743,8 @@ void reply_open_and_X(struct smb_request *req)
return;
}
SET_STAT_INVALID(sbuf);
open_flags = SVAL(req->vwv+2, 0);
deny_mode = SVAL(req->vwv+3, 0);
smb_attr = SVAL(req->vwv+5, 0);
@ -1945,6 +1949,7 @@ void reply_mknew(struct smb_request *req)
START_PROFILE(SMBcreate);
ZERO_STRUCT(ft);
SET_STAT_INVALID(sbuf);
if (req->wct < 3) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
@ -2123,6 +2128,7 @@ void reply_ctemp(struct smb_request *req)
return;
}
SET_STAT_INVALID(sbuf);
SMB_VFS_STAT(conn,fname,&sbuf);
/* We should fail if file does not exist. */

View File

@ -895,6 +895,8 @@ static void call_trans2open(connection_struct *conn,
uint32 create_options = 0;
TALLOC_CTX *ctx = talloc_tos();
SET_STAT_INVALID(sbuf);
/*
* Ensure we have enough parameters to perform the operation.
*/

View File

@ -2260,14 +2260,13 @@ NTSTATUS rpc_printer_migrate_settings_internals(struct net_context *c,
info_dst.info2.secdesc = NULL;
#if 0
if (asprintf(&devicename, "\\\\%s\\%s", longname,
printername) < 0) {
info_dst.info2.devmode.devicename =
talloc_asprintf(mem_ctx, "\\\\%s\\%s",
longname, printername);
if (!info_dst.info2.devmode.devicename) {
nt_status = NT_STATUS_NO_MEMORY;
goto done;
}
init_unistr(&ctr_dst.printers_2->devmode->devicename,
devicename);
#endif
if (!net_spoolss_setprinter(pipe_hnd_dst, mem_ctx, &hnd_dst,
level, &info_dst))

View File

@ -24,6 +24,7 @@
#define __CREDENTIALS_KRB5_H__
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h>
#include <krb5.h>
struct gssapi_creds_container {

View File

@ -74,13 +74,9 @@
void kerberos_free_data_contents(krb5_context context, krb5_data *pdata)
{
#if defined(HAVE_KRB5_FREE_DATA_CONTENTS)
if (pdata->data) {
krb5_free_data_contents(context, pdata);
krb5_data_free(pdata);
}
#else
SAFE_FREE(pdata->data);
#endif
}
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)

View File

@ -71,7 +71,7 @@ schema_base = rootDse["schemaNamingContext"][0]
def possible_inferiors_search(db, oc):
"""return the possible inferiors via a search for the possibleInferiors attribute"""
res = db.search(base=schema_base,
expression=("ldapdisplayname=%s" % oc),
expression=("ldapDisplayName=%s" % oc),
attrs=["possibleInferiors"])
poss=[]
@ -86,47 +86,137 @@ def possible_inferiors_search(db, oc):
# see [MS-ADTS] section 3.1.1.4.5.21
# for this algorithm
# and section 3.1.1.4.2 for this algorithm
# !systemOnly=TRUE
# !objectClassCategory=2
# !objectClassCategory=3
def POSSINFERIORS(db, oc):
"""returns a list of possible inferiors to a class. Returned list has the ldapdisplayname, systemOnly and objectClassCategory for each element"""
expanded = [oc]
res = db.search(base=schema_base,
expression=("subclassof=%s" % str(oc["ldapdisplayname"][0])),
attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"])
def SUPCLASSES(classinfo, oc):
list = []
if oc == "top":
return list
if classinfo[oc].get("SUPCLASSES") is not None:
return classinfo[oc]["SUPCLASSES"]
res = classinfo[oc]["subClassOf"];
for r in res:
expanded.extend(POSSINFERIORS(db,r))
return expanded
list.append(r)
list.extend(SUPCLASSES(classinfo,r))
classinfo[oc]["SUPCLASSES"] = list
return list
def possible_inferiors_constructed(db, oc):
"""return the possbible inferiors via a recursive search and match"""
def AUXCLASSES(classinfo, oclist):
list = []
if oclist == []:
return list
for oc in oclist:
if classinfo[oc].get("AUXCLASSES") is not None:
list.extend(classinfo[oc]["AUXCLASSES"])
else:
list2 = []
list2.extend(classinfo[oc]["systemAuxiliaryClass"])
list2.extend(AUXCLASSES(classinfo, classinfo[oc]["systemAuxiliaryClass"]))
list2.extend(classinfo[oc]["auxiliaryClass"])
list2.extend(AUXCLASSES(classinfo, classinfo[oc]["auxiliaryClass"]))
list2.extend(AUXCLASSES(classinfo, SUPCLASSES(classinfo, oc)))
classinfo[oc]["AUXCLASSES"] = list2
list.extend(list2)
return list
def SUBCLASSES(classinfo, oclist):
list = []
for oc in oclist:
list.extend(classinfo[oc]["SUBCLASSES"])
return list
def POSSSUPERIORS(classinfo, oclist):
list = []
for oc in oclist:
if classinfo[oc].get("POSSSUPERIORS") is not None:
list.extend(classinfo[oc]["POSSSUPERIORS"])
else:
list2 = []
list2.extend(classinfo[oc]["systemPossSuperiors"])
list2.extend(classinfo[oc]["possSuperiors"])
list2.extend(POSSSUPERIORS(classinfo, SUPCLASSES(classinfo, oc)))
# the WSPP docs suggest we should do this:
# list2.extend(POSSSUPERIORS(classinfo, AUXCLASSES(classinfo, [oc])))
# but testing against w2k3 and w2k8 shows that we need to do this instead
list2.extend(SUBCLASSES(classinfo, list2))
classinfo[oc]["POSSSUPERIORS"] = list2
list.extend(list2)
return list
def pull_classinfo(db):
"""At startup we build a classinfo[] dictionary that holds all the information needed to construct the possible inferiors"""
classinfo = {}
res = db.search(base=schema_base,
expression=("(&(objectclass=classSchema)(|(posssuperiors=%s)(systemposssuperiors=%s)))" % (oc,oc)),
attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"])
poss = []
expression="objectclass=classSchema",
attrs=["ldapDisplayName", "systemOnly", "objectClassCategory",
"possSuperiors", "systemPossSuperiors",
"auxiliaryClass", "systemAuxiliaryClass", "subClassOf"])
for r in res:
poss.extend(POSSINFERIORS(db,r))
poss2 = []
for p in poss:
if (not (p["systemOnly"][0] == "TRUE" or
int(p["objectClassCategory"][0]) == 2 or
int(p["objectClassCategory"][0]) == 3)):
poss2.append(p["ldapdisplayname"][0])
poss2 = uniq_list(poss2)
poss2.sort()
return poss2
name = str(r["ldapDisplayName"][0])
classinfo[name] = {}
if str(r["systemOnly"]) == "TRUE":
classinfo[name]["systemOnly"] = True
else:
classinfo[name]["systemOnly"] = False
if r.get("objectClassCategory"):
classinfo[name]["objectClassCategory"] = int(r["objectClassCategory"][0])
else:
classinfo[name]["objectClassCategory"] = 0
for a in [ "possSuperiors", "systemPossSuperiors",
"auxiliaryClass", "systemAuxiliaryClass",
"subClassOf" ]:
classinfo[name][a] = []
if r.get(a):
for i in r[a]:
classinfo[name][a].append(str(i))
def test_class(db, oc):
# build a list of subclasses for each class
def subclasses_recurse(subclasses, oc):
list = subclasses[oc]
for c in list:
list.extend(subclasses_recurse(subclasses, c))
return list
subclasses = {}
for oc in classinfo:
subclasses[oc] = []
for oc in classinfo:
for c in classinfo[oc]["subClassOf"]:
if not c == oc:
subclasses[c].append(oc)
for oc in classinfo:
classinfo[oc]["SUBCLASSES"] = uniq_list(subclasses_recurse(subclasses, oc))
return classinfo
def is_in_list(list, c):
for a in list:
if c == a:
return True
return False
def possible_inferiors_constructed(db, classinfo, c):
list = []
for oc in classinfo:
superiors = POSSSUPERIORS(classinfo, [oc])
if (is_in_list(superiors, c) and
classinfo[oc]["systemOnly"] == False and
classinfo[oc]["objectClassCategory"] != 2 and
classinfo[oc]["objectClassCategory"] != 3):
list.append(oc)
list = uniq_list(list)
list.sort()
return list
def test_class(db, classinfo, oc):
"""test to see if one objectclass returns the correct possibleInferiors"""
print "testing objectClass %s" % oc
poss1 = possible_inferiors_search(db, oc)
poss2 = possible_inferiors_constructed(db, oc)
poss2 = possible_inferiors_constructed(db, classinfo, oc)
if poss1 != poss2:
print "Returned incorrect list for objectclass %s" % oc
print poss1
@ -137,19 +227,17 @@ def test_class(db, oc):
def get_object_classes(db):
"""return a list of all object classes"""
res = db.search(base=schema_base,
expression="objectClass=classSchema",
attrs=["ldapdisplayname"])
list=[]
for item in res:
list.append(item["ldapdisplayname"][0])
for item in classinfo:
list.append(item)
return list
classinfo = pull_classinfo(db)
if objectclass is None:
for oc in get_object_classes(db):
print "testing objectClass %s" % oc
test_class(db,oc)
test_class(db,classinfo,oc)
else:
test_class(db,objectclass)
test_class(db,classinfo,objectclass)
print "Lists match OK"

View File

@ -84,3 +84,7 @@
return -1;
}
#endif
const char *heimdal_version = "samba-internal-heimdal";
const char *heimdal_long_version = "samba-interal-heimdal";

View File

@ -41,6 +41,22 @@
#define HAVE_STRNDUP
#endif
#ifndef HAVE_STRLCPY
#define HAVE_STRLCPY
#endif
#ifndef HAVE_STRLCAT
#define HAVE_STRLCAT
#endif
#ifndef HAVE_STRCASECMP
#define HAVE_STRCASECMP
#endif
#ifndef HAVE_MKSTEMP
#define HAVE_MKSTEMP
#endif
#ifndef HAVE_SETENV
#define HAVE_SETENV
#endif
@ -84,4 +100,7 @@
#undef SOCKET_WRAPPER_REPLACE
#include "heimdal/lib/roken/roken.h.in"
extern const char *heimdal_version;
extern const char *heimdal_long_version;
#endif

View File

@ -345,7 +345,7 @@ static bool kdc_process(struct kdc_server *kdc,
}
if (k5_reply.length) {
*reply = data_blob_talloc(mem_ctx, k5_reply.data, k5_reply.length);
krb5_free_data_contents(kdc->smb_krb5_context->krb5_context, &k5_reply);
krb5_data_free(&k5_reply);
} else {
*reply = data_blob(NULL, 0);
}