sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s3-passdb: Implement new pdb trust calls for the default backend

Browse Source 
Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Sun Jun 12 06:45:25 CEST 2011 on sn-devel-104
This commit is contained in:
Sumit Bose 2011-05-31 15:32:29 +02:00 committed by Simo Sorce
parent 97af358656
commit d5661467e1
3 changed files with 194 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
source3/Makefile.in
View File

@ -1037,6 +1037,7 @@ PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \
$(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \
$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(POPT_LIB_OBJ) $(SMBLDAP_OBJ) ../lib/util/asn1.o
SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ1)
@ -1320,6 +1321,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o
PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
$(LIBTSOCKET_OBJ) $(PAM_ERRORS_OBJ)
IDMAP_RW_OBJ = winbindd/idmap_rw.o
@ -1502,6 +1504,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \
$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
$(WBCOMMON_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
$(DRSUAPI_OBJ) \
$(LIBNDR_GEN_OBJ0) $(LIBNDR_NETLOGON_OBJ) @BUILD_INIPARSER@
@ -1871,11 +1874,11 @@ bin/smbpasswd@EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ $(LIBTALL
$(DYNEXP) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) $(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
$(POPT_LIBS) $(PASSDB_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) \
$(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
$(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
bin/smbget@EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@ -3115,17 +3118,17 @@ bin/wbinfo@EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(
$(LIBWBCLIENT_LIBS)
bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
$(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
$(LIB_NONSMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) $(ZLIB_LIBS)
@echo Linking $@
@$(CC) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) $(ZLIB_LIBS) \
$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) @INIPARSERLIBS@
bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB)
bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTALLOC) $(LIBWBCLIENT) $(LIBTDB) $(ZLIB_LIBS)
@echo "Linking shared library $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) $(LIBCLI_LDAP_NDR_OBJ) -lpam $(DYNEXP) \
$(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
$(LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS)
bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) $(LIBTALLOC) $(LIBTDB)

104
source3/passdb/pdb_interface.c
View File

@ -25,6 +25,8 @@
#include "passdb.h"
#include "secrets.h"
#include "../librpc/gen_ndr/samr.h"
#include "../librpc/gen_ndr/drsblobs.h"
#include "../librpc/gen_ndr/ndr_drsblobs.h"
#include "memcache.h"
#include "nsswitch/winbind_client.h"
#include "../libcli/security/security.h"
@ -2144,7 +2146,62 @@ static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods,
const char *domain,
struct pdb_trusted_domain **td)
{
return NT_STATUS_NOT_IMPLEMENTED;
struct trustAuthInOutBlob taiob;
struct AuthenticationInformation aia;
struct pdb_trusted_domain *tdom;
enum ndr_err_code ndr_err;
time_t last_set_time;
char *pwd;
bool ok;
tdom = talloc(mem_ctx, struct pdb_trusted_domain);
if (!tdom) {
return NT_STATUS_NO_MEMORY;
}
tdom->domain_name = talloc_strdup(tdom, domain);
tdom->netbios_name = talloc_strdup(tdom, domain);
if (!tdom->domain_name || !tdom->netbios_name) {
talloc_free(tdom);
return NT_STATUS_NO_MEMORY;
}
tdom->trust_auth_incoming = data_blob_null;
ok = pdb_get_trusteddom_pw(domain, &pwd, &tdom->security_identifier,
&last_set_time);
if (!ok) {
talloc_free(tdom);
return NT_STATUS_UNSUCCESSFUL;
}
ZERO_STRUCT(taiob);
ZERO_STRUCT(aia);
taiob.count = 1;
taiob.current.count = 1;
taiob.current.array = &aia;
unix_to_nt_time(&aia.LastUpdateTime, last_set_time);
aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
aia.AuthInfo.clear.password = (uint8_t *) pwd;
aia.AuthInfo.clear.size = strlen(pwd);
taiob.previous.count = 0;
taiob.previous.array = NULL;
ndr_err = ndr_push_struct_blob(&tdom->trust_auth_outgoing,
tdom, &taiob,
(ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
talloc_free(tdom);
return NT_STATUS_UNSUCCESSFUL;
}
tdom->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
tdom->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
tdom->trust_attributes = 0;
tdom->trust_forest_trust_info = data_blob_null;
*td = tdom;
return NT_STATUS_OK;
}
static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods,
@ -2155,11 +2212,54 @@ static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *method
return NT_STATUS_NOT_IMPLEMENTED;
}
#define IS_NULL_DATA_BLOB(d) ((d).data == NULL && (d).length == 0)
static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods,
const char* domain,
const struct pdb_trusted_domain *td)
{
return NT_STATUS_NOT_IMPLEMENTED;
struct trustAuthInOutBlob taiob;
struct AuthenticationInformation *aia;
enum ndr_err_code ndr_err;
char *pwd;
bool ok;
if (td->trust_attributes != 0 ||
td->trust_type != LSA_TRUST_TYPE_DOWNLEVEL ||
td->trust_direction != LSA_TRUST_DIRECTION_OUTBOUND ||
!IS_NULL_DATA_BLOB(td->trust_auth_incoming) ||
!IS_NULL_DATA_BLOB(td->trust_forest_trust_info)) {
return NT_STATUS_NOT_IMPLEMENTED;
}
ZERO_STRUCT(taiob);
ndr_err = ndr_pull_struct_blob(&td->trust_auth_outgoing, talloc_tos(),
&taiob,
(ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return NT_STATUS_UNSUCCESSFUL;
}
aia = (struct AuthenticationInformation *) taiob.current.array;
if (taiob.count != 1 || taiob.current.count != 1 ||
taiob.previous.count != 0 ||
aia->AuthType != TRUST_AUTH_TYPE_CLEAR) {
return NT_STATUS_NOT_IMPLEMENTED;
}
pwd = talloc_strndup(talloc_tos(), (char *) aia->AuthInfo.clear.password,
aia->AuthInfo.clear.size);
if (!pwd) {
return NT_STATUS_NO_MEMORY;
}
ok = pdb_set_trusteddom_pw(domain, pwd, &td->security_identifier);
if (!ok) {
return NT_STATUS_UNSUCCESSFUL;
}
return NT_STATUS_OK;
}
static NTSTATUS pdb_default_del_trusted_domain(struct pdb_methods *methods,

83
source3/torture/pdbtest.c
View File

@ -24,6 +24,14 @@
#include "popt_common.h"
#include "passdb.h"
#include "../librpc/gen_ndr/drsblobs.h"
#include "../librpc/gen_ndr/ndr_drsblobs.h"
#include "../libcli/security/dom_sid.h"
#define TRUST_DOM "trustdom"
#define TRUST_PWD "trustpwd1232"
#define TRUST_SID "S-1-5-21-1111111111-2222222222-3333333333"
static bool samu_correct(struct samu *s1, struct samu *s2)
{
bool ret = True;
@ -366,6 +374,81 @@ int main(int argc, char **argv)
get_friendly_nt_error_msg(rv));
}
/* test trustdom calls */
struct pdb_trusted_domain *td;
struct pdb_trusted_domain *new_td;
struct trustAuthInOutBlob taiob;
struct AuthenticationInformation aia;
enum ndr_err_code ndr_err;
td = talloc_zero(ctx ,struct pdb_trusted_domain);
if (!td) {
fprintf(stderr, "talloc failed\n");
exit(1);
}
td->domain_name = talloc_strdup(td, TRUST_DOM);
td->netbios_name = talloc_strdup(td, TRUST_DOM);
if (!td->domain_name || !td->netbios_name) {
fprintf(stderr, "talloc failed\n");
exit(1);
}
td->trust_auth_incoming = data_blob_null;
ZERO_STRUCT(taiob);
ZERO_STRUCT(aia);
taiob.count = 1;
taiob.current.count = 1;
taiob.current.array = &aia;
unix_to_nt_time(&aia.LastUpdateTime, time(NULL));
aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
aia.AuthInfo.clear.password = (uint8_t *) talloc_strdup(ctx, TRUST_PWD);
aia.AuthInfo.clear.size = strlen(TRUST_PWD);
taiob.previous.count = 0;
taiob.previous.array = NULL;
ndr_err = ndr_push_struct_blob(&td->trust_auth_outgoing,
td, &taiob,
(ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
fprintf(stderr, "ndr_push_struct_blob failed.\n");
exit(1);
}
td->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
td->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
td->trust_attributes = 0;
td->trust_forest_trust_info = data_blob_null;
rv = pdb->set_trusted_domain(pdb, TRUST_DOM, td);
if (!NT_STATUS_IS_OK(rv)) {
fprintf(stderr, "Error in set_trusted_domain %s\n",
get_friendly_nt_error_msg(rv));
error = True;
}
rv = pdb->get_trusted_domain(pdb, ctx, TRUST_DOM, &new_td);
if (!NT_STATUS_IS_OK(rv)) {
fprintf(stderr, "Error in set_trusted_domain %s\n",
get_friendly_nt_error_msg(rv));
error = True;
}
if (!strequal(td->domain_name, new_td->domain_name) ||
!strequal(td->netbios_name, new_td->netbios_name) ||
!sid_equal(&td->security_identifier, &new_td->security_identifier) ||
td->trust_direction != new_td->trust_direction ||
td->trust_type != new_td->trust_type ||
td->trust_attributes != new_td->trust_attributes ||
td->trust_auth_incoming.length != new_td->trust_auth_incoming.length ||
td->trust_forest_trust_info.length != new_td->trust_forest_trust_info.length ||
data_blob_cmp(&td->trust_auth_outgoing, &new_td->trust_auth_outgoing) != 0) {
fprintf(stderr, "Old and new trusdet domain data do not match\n");
error = True;
}
TALLOC_FREE(ctx);
if (error) {