mirror of
https://github.com/samba-team/samba.git
synced 2025-08-03 04:22:09 +03:00
r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1
(This used to be commit 9727d05241)
This commit is contained in:
Gerald Carter
committed by
Gerald (Jerry) Carter
Gerald (Jerry) Carter
parent
450e8d5749
commit
f24d88cf9d
@ -128,10 +128,6 @@ BIN_PROGS3 = bin/smbpasswd@EXEEXT@ bin/rpcclient@EXEEXT@ bin/smbcacls@EXEEXT@ \
|
||||
bin/profiles@EXEEXT@ bin/ntlm_auth@EXEEXT@ \
|
||||
bin/smbcquotas@EXEEXT@
|
||||
|
||||
# editreg removed from standard build until it is portable. It needs a major rewrite to
|
||||
# achieve this (tridge)
|
||||
# bin/editreg@EXEEXT@
|
||||
|
||||
TORTURE_PROGS = bin/smbtorture@EXEEXT@ bin/msgtest@EXEEXT@ \
|
||||
bin/masktest@EXEEXT@ bin/locktest@EXEEXT@ \
|
||||
bin/locktest2@EXEEXT@ bin/nsstest@EXEEXT@ bin/vfstest@EXEEXT@
|
||||
@ -161,7 +157,7 @@ TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o
|
||||
|
||||
TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o tdb/tdbback.o
|
||||
|
||||
SMBLDAP_OBJ = @SMBLDAP@
|
||||
SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@
|
||||
|
||||
VERSION_OBJ = lib/version.o
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
########################################################
|
||||
SAMBA_VERSION_MAJOR=3
|
||||
SAMBA_VERSION_MINOR=0
|
||||
SAMBA_VERSION_RELEASE=15
|
||||
SAMBA_VERSION_RELEASE=20
|
||||
|
||||
########################################################
|
||||
# For 'pre' releases the version will be #
|
||||
@ -29,7 +29,7 @@ SAMBA_VERSION_RELEASE=15
|
||||
# e.g. SAMBA_VERSION_PRE_RELEASE=1 #
|
||||
# -> "2.2.9pre1" #
|
||||
########################################################
|
||||
SAMBA_VERSION_PRE_RELEASE=3
|
||||
SAMBA_VERSION_PRE_RELEASE=1
|
||||
|
||||
########################################################
|
||||
# For 'rc' releases the version will be #
|
||||
|
||||
@ -160,12 +160,12 @@ static int smb_print(struct cli_state *, char *, FILE *);
|
||||
if ((password = strchr_m(username, ':')) != NULL)
|
||||
*password++ = '\0';
|
||||
else
|
||||
password = CONST_DISCARD(char *, "");
|
||||
password = "";
|
||||
}
|
||||
else
|
||||
{
|
||||
username = "";
|
||||
password = CONST_DISCARD(char *, "");
|
||||
password = "";
|
||||
server = uri + 6;
|
||||
}
|
||||
|
||||
|
||||
@ -2576,6 +2576,8 @@ AC_MSG_RESULT($with_ldap_support)
|
||||
|
||||
SMBLDAP=""
|
||||
AC_SUBST(SMBLDAP)
|
||||
SMBLDAPUTIL=""
|
||||
AC_SUBST(SMBLDAPUTIL)
|
||||
if test x"$with_ldap_support" != x"no"; then
|
||||
|
||||
##################################################################
|
||||
@ -2632,6 +2634,7 @@ if test x"$with_ldap_support" != x"no"; then
|
||||
AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])
|
||||
default_static_modules="$default_static_modules pdb_ldap idmap_ldap";
|
||||
SMBLDAP="lib/smbldap.o"
|
||||
SMBLDAPUTIL="lib/smbldap_util.o"
|
||||
with_ldap_support=yes
|
||||
AC_MSG_CHECKING(whether LDAP support is used)
|
||||
AC_MSG_RESULT(yes)
|
||||
|
||||
@ -46,11 +46,11 @@
|
||||
#define LSA_CLEARAUDITLOG 0x09
|
||||
#define LSA_CREATEACCOUNT 0x0a
|
||||
#define LSA_ENUM_ACCOUNTS 0x0b
|
||||
#define LSA_CREATETRUSTDOM 0x0c
|
||||
#define LSA_CREATETRUSTDOM 0x0c /* TODO: implement this one -- jerry */
|
||||
#define LSA_ENUMTRUSTDOM 0x0d
|
||||
#define LSA_LOOKUPNAMES 0x0e
|
||||
#define LSA_LOOKUPSIDS 0x0f
|
||||
#define LSA_CREATESECRET 0x10
|
||||
#define LSA_CREATESECRET 0x10 /* TODO: implement this one -- jerry */
|
||||
#define LSA_OPENACCOUNT 0x11
|
||||
#define LSA_ENUMPRIVSACCOUNT 0x12
|
||||
#define LSA_ADDPRIVS 0x13
|
||||
@ -59,16 +59,16 @@
|
||||
#define LSA_SETQUOTAS 0x16
|
||||
#define LSA_GETSYSTEMACCOUNT 0x17
|
||||
#define LSA_SETSYSTEMACCOUNT 0x18
|
||||
#define LSA_OPENTRUSTDOM 0x19
|
||||
#define LSA_OPENTRUSTDOM 0x19 /* TODO: implement this one -- jerry */
|
||||
#define LSA_QUERYTRUSTDOM 0x1a
|
||||
#define LSA_SETINFOTRUSTDOM 0x1b
|
||||
#define LSA_OPENSECRET 0x1c
|
||||
#define LSA_SETSECRET 0x1d
|
||||
#define LSA_OPENSECRET 0x1c /* TODO: implement this one -- jerry */
|
||||
#define LSA_SETSECRET 0x1d /* TODO: implement this one -- jerry */
|
||||
#define LSA_QUERYSECRET 0x1e
|
||||
#define LSA_LOOKUPPRIVVALUE 0x1f
|
||||
#define LSA_LOOKUPPRIVNAME 0x20
|
||||
#define LSA_PRIV_GET_DISPNAME 0x21
|
||||
#define LSA_DELETEOBJECT 0x22
|
||||
#define LSA_DELETEOBJECT 0x22 /* TODO: implement this one -- jerry */
|
||||
#define LSA_ENUMACCTWITHRIGHT 0x23 /* TODO: implement this one -- jerry */
|
||||
#define LSA_ENUMACCTRIGHTS 0x24
|
||||
#define LSA_ADDACCTRIGHTS 0x25
|
||||
@ -475,25 +475,6 @@ typedef struct lsa_r_lookup_names
|
||||
NTSTATUS status; /* return code */
|
||||
} LSA_R_LOOKUP_NAMES;
|
||||
|
||||
/* This is probably a policy handle but at the moment we
|
||||
never read it - so use a dummy struct. */
|
||||
|
||||
typedef struct lsa_q_open_secret
|
||||
{
|
||||
uint32 dummy;
|
||||
} LSA_Q_OPEN_SECRET;
|
||||
|
||||
/* We always return "not found" at present - so just marshal the minimum. */
|
||||
|
||||
typedef struct lsa_r_open_secret
|
||||
{
|
||||
uint32 dummy1;
|
||||
uint32 dummy2;
|
||||
uint32 dummy3;
|
||||
uint32 dummy4;
|
||||
NTSTATUS status;
|
||||
} LSA_R_OPEN_SECRET;
|
||||
|
||||
typedef struct lsa_enum_priv_entry
|
||||
{
|
||||
UNIHDR hdr_name;
|
||||
@ -742,4 +723,92 @@ typedef struct lsa_r_removeprivs
|
||||
NTSTATUS status;
|
||||
} LSA_R_REMOVEPRIVS;
|
||||
|
||||
/*******************************************************/
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
uint32 count; /* ??? this is what ethereal calls it */
|
||||
DOM_SID sid;
|
||||
} LSA_Q_OPEN_TRUSTED_DOMAIN;
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
NTSTATUS status;
|
||||
} LSA_R_OPEN_TRUSTED_DOMAIN;
|
||||
|
||||
|
||||
/*******************************************************/
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
UNISTR4 secretname;
|
||||
uint32 access;
|
||||
} LSA_Q_OPEN_SECRET;
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
NTSTATUS status;
|
||||
} LSA_R_OPEN_SECRET;
|
||||
|
||||
|
||||
/*******************************************************/
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
} LSA_Q_DELETE_OBJECT;
|
||||
|
||||
typedef struct {
|
||||
NTSTATUS status;
|
||||
} LSA_R_DELETE_OBJECT;
|
||||
|
||||
|
||||
/*******************************************************/
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
UNISTR4 secretname;
|
||||
uint32 access;
|
||||
} LSA_Q_CREATE_SECRET;
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
NTSTATUS status;
|
||||
} LSA_R_CREATE_SECRET;
|
||||
|
||||
|
||||
/*******************************************************/
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
UNISTR4 secretname;
|
||||
uint32 access;
|
||||
} LSA_Q_CREATE_TRUSTED_DOMAIN;
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
NTSTATUS status;
|
||||
} LSA_R_CREATE_TRUSTED_DOMAIN;
|
||||
|
||||
|
||||
/*******************************************************/
|
||||
|
||||
typedef struct {
|
||||
uint32 size; /* size is written on the wire twice so I
|
||||
can only assume that one is supposed to
|
||||
be a max length and one is a size */
|
||||
UNISTR2 *data; /* not really a UNICODE string but the parsing
|
||||
is the same */
|
||||
} LSA_DATA_BLOB;
|
||||
|
||||
typedef struct {
|
||||
POLICY_HND handle;
|
||||
LSA_DATA_BLOB *old_value;
|
||||
LSA_DATA_BLOB *new_value;
|
||||
} LSA_Q_SET_SECRET;
|
||||
|
||||
typedef struct {
|
||||
NTSTATUS status;
|
||||
} LSA_R_SET_SECRET;
|
||||
|
||||
|
||||
#endif /* _RPC_LSA_H */
|
||||
|
||||
@ -129,17 +129,20 @@ typedef struct {
|
||||
* Buffer Headers -- use by SEC_DESC_BUF in winreg and netlogon code
|
||||
**********************************************************************/
|
||||
|
||||
/* TODO: replace this with an encompassing buffer structure */
|
||||
typedef struct {
|
||||
uint32 buf_max_len;
|
||||
uint32 buf_len;
|
||||
} BUFHDR;
|
||||
|
||||
/* this is a BUFHDR + a pointer to a buffer */
|
||||
typedef struct {
|
||||
uint32 info_level;
|
||||
uint32 length; /* uint8 chars */
|
||||
uint32 buffer;
|
||||
} BUFHDR2;
|
||||
|
||||
/* generic buffer ? wrapped around void*? */
|
||||
typedef struct {
|
||||
uint32 size;
|
||||
uint32 buffer;
|
||||
@ -152,7 +155,8 @@ typedef struct {
|
||||
|
||||
/* buffer used by \winreg\ calls to fill in arbitrary REG_XXX values.
|
||||
It *may* look like a UNISTR2 but it is *not*. This is not a goof
|
||||
by the winreg developers. It is a generic buffer */
|
||||
by the winreg developers. It is a generic buffer. buffer length
|
||||
is stored in bytes (not # of uint16's) */
|
||||
|
||||
typedef struct {
|
||||
uint32 buf_max_len;
|
||||
@ -215,10 +219,12 @@ typedef struct { /* UNISTR2 - unicode string size (in
|
||||
should include the NULL character */
|
||||
} UNISTR2;
|
||||
|
||||
/* i think this is the same as a BUFFER5 used in the spoolss code --jerry */
|
||||
/* not sure about how the termination matches between the uint16 buffers thought */
|
||||
|
||||
typedef struct { /* UNISTR3 - XXXX not sure about this structure */
|
||||
uint32 uni_str_len;
|
||||
UNISTR str;
|
||||
|
||||
} UNISTR3;
|
||||
|
||||
typedef struct { /* Buffer wrapped around a UNISTR2 */
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
Copyright (C) Andrew Tridgell 1992-1997
|
||||
Copyright (C) Luke Kenneth Casson Leighton 1996-1997
|
||||
Copyright (C) Paul Ashton 1997
|
||||
Copyright (C) Jean Fran<EFBFBD>ois Micouleau 2002
|
||||
Copyright (C) Jean François Micouleau 2002
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
@ -68,11 +68,22 @@
|
||||
#define SAM_DATABASE_BUILTIN 0x01 /* BUILTIN users and groups */
|
||||
#define SAM_DATABASE_PRIVS 0x02 /* Privileges */
|
||||
|
||||
/* flags use when sending a NETLOGON_CONTROL request */
|
||||
|
||||
#define NETLOGON_CONTROL_SYNC 0x2
|
||||
#define NETLOGON_CONTROL_REDISCOVER 0x5
|
||||
#define NETLOGON_CONTROL_TC_QUERY 0x6
|
||||
#define NETLOGON_CONTROL_TRANSPORT_NOTIFY 0x7
|
||||
#define NETLOGON_CONTROL_SET_DBFLAG 0xfffe
|
||||
|
||||
/* Some flag values reverse engineered from NLTEST.EXE */
|
||||
/* used in the NETLOGON_CONTROL[2] reply */
|
||||
|
||||
#define NL_CTRL_IN_SYNC 0x0000
|
||||
#define NL_CTRL_REPL_NEEDED 0x0001
|
||||
#define NL_CTRL_REPL_IN_PROGRESS 0x0002
|
||||
#define NL_CTRL_FULL_SYNC 0x0004
|
||||
|
||||
#if 0
|
||||
/* I think this is correct - it's what gets parsed on the wire. JRA. */
|
||||
/* NET_USER_INFO_2 */
|
||||
|
||||
@ -43,7 +43,7 @@
|
||||
* @note You are explicitly allowed to pass NULL pointers -- they will
|
||||
* always be ignored.
|
||||
**/
|
||||
#define SAFE_FREE(x) do { if ((x) != NULL) {free(CONST_DISCARD(void *, (x))); x=NULL;} } while(0)
|
||||
#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)
|
||||
#endif
|
||||
|
||||
/* zero a structure */
|
||||
@ -87,6 +87,7 @@
|
||||
* extern struct current_user current_user;
|
||||
*/
|
||||
#define FSP_BELONGS_CONN(fsp,conn) do {\
|
||||
extern struct current_user current_user;\
|
||||
if (!((fsp) && (conn) && ((conn)==(fsp)->conn) && (current_user.vuid==(fsp)->vuid))) \
|
||||
return(ERROR_DOS(ERRDOS,ERRbadfid));\
|
||||
} while(0)
|
||||
@ -97,6 +98,7 @@
|
||||
* extern struct current_user current_user;
|
||||
*/
|
||||
#define CHECK_FSP(fsp,conn) do {\
|
||||
extern struct current_user current_user;\
|
||||
if (!FNUM_OK(fsp,conn)) \
|
||||
return(ERROR_DOS(ERRDOS,ERRbadfid)); \
|
||||
else if((fsp)->fd == -1) \
|
||||
@ -289,6 +291,9 @@ copy an IP address from one buffer to another
|
||||
#define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)_talloc_realloc_array(ctx, ptr, sizeof(type), count, #type)
|
||||
#define talloc_destroy(ctx) talloc_free(ctx)
|
||||
|
||||
/* only define PARANOID_MALLOC_CHECKER with --enable-developer and not compiling
|
||||
the smbmount utils */
|
||||
|
||||
#if defined(DEVELOPER) && !defined(SMBMOUNT_MALLOC)
|
||||
# define PARANOID_MALLOC_CHECKER 1
|
||||
#endif
|
||||
|
||||
@ -231,7 +231,7 @@ const char *lang_msg(const char *msgid)
|
||||
void lang_msg_free(const char *msgstr)
|
||||
{
|
||||
if (!tdb) return;
|
||||
free(CONST_DISCARD(void *, msgstr));
|
||||
free((void *)msgstr);
|
||||
}
|
||||
|
||||
|
||||
@ -248,7 +248,7 @@ const char *lang_msg_rotate(const char *msgid)
|
||||
static pstring bufs[NUM_LANG_BUFS];
|
||||
static int next;
|
||||
|
||||
msgstr = CONST_DISCARD(char *, lang_msg(msgid));
|
||||
msgstr = (char *)lang_msg(msgid);
|
||||
if (!msgstr) return msgid;
|
||||
|
||||
pstrcpy(bufs[next], msgstr);
|
||||
|
||||
@ -133,7 +133,7 @@ static BOOL string_match(const char *tok,const char *s, char *invalid_char)
|
||||
/* client_match - match host name and address against token */
|
||||
static BOOL client_match(const char *tok, const char *item)
|
||||
{
|
||||
const char **client = CONST_ADD(const char **, item);
|
||||
const char **client = (const char **)item;
|
||||
BOOL match;
|
||||
char invalid_char = '\0';
|
||||
|
||||
|
||||
@ -135,7 +135,7 @@ static size_t sys_iconv(void *cd,
|
||||
{
|
||||
#ifdef HAVE_NATIVE_ICONV
|
||||
size_t ret = iconv((iconv_t)cd,
|
||||
CONST_DISCARD(char **, inbuf), inbytesleft,
|
||||
(char **)inbuf, inbytesleft,
|
||||
outbuf, outbytesleft);
|
||||
if (ret == (size_t)-1) {
|
||||
int saved_errno = errno;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
/*
|
||||
Unix SMB/CIFS implementation.
|
||||
LDAP protocol helper functions for SAMBA
|
||||
Copyright (C) Jean Fran<EFBFBD>ois Micouleau 1998
|
||||
Copyright (C) Jean François Micouleau 1998
|
||||
Copyright (C) Gerald Carter 2001-2003
|
||||
Copyright (C) Shahms King 2001
|
||||
Copyright (C) Andrew Bartlett 2002-2003
|
||||
@ -274,71 +274,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
|
||||
SAFE_FREE( list );
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
find the ldap password
|
||||
******************************************************************/
|
||||
static BOOL fetch_ldap_pw(char **dn, char** pw)
|
||||
{
|
||||
char *key = NULL;
|
||||
size_t size;
|
||||
|
||||
*dn = smb_xstrdup(lp_ldap_admin_dn());
|
||||
|
||||
if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
|
||||
SAFE_FREE(*dn);
|
||||
DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
|
||||
}
|
||||
|
||||
*pw=secrets_fetch(key, &size);
|
||||
SAFE_FREE(key);
|
||||
|
||||
if (!size) {
|
||||
/* Upgrade 2.2 style entry */
|
||||
char *p;
|
||||
char* old_style_key = SMB_STRDUP(*dn);
|
||||
char *data;
|
||||
fstring old_style_pw;
|
||||
|
||||
if (!old_style_key) {
|
||||
DEBUG(0, ("fetch_ldap_pw: strdup failed!\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
for (p=old_style_key; *p; p++)
|
||||
if (*p == ',') *p = '/';
|
||||
|
||||
data=secrets_fetch(old_style_key, &size);
|
||||
if (!size && size < sizeof(old_style_pw)) {
|
||||
DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n"));
|
||||
SAFE_FREE(old_style_key);
|
||||
SAFE_FREE(*dn);
|
||||
return False;
|
||||
}
|
||||
|
||||
size = MIN(size, sizeof(fstring)-1);
|
||||
strncpy(old_style_pw, data, size);
|
||||
old_style_pw[size] = 0;
|
||||
|
||||
SAFE_FREE(data);
|
||||
|
||||
if (!secrets_store_ldap_pw(*dn, old_style_pw)) {
|
||||
DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n"));
|
||||
SAFE_FREE(old_style_key);
|
||||
SAFE_FREE(*dn);
|
||||
return False;
|
||||
}
|
||||
if (!secrets_delete(old_style_key)) {
|
||||
DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n"));
|
||||
}
|
||||
|
||||
SAFE_FREE(old_style_key);
|
||||
|
||||
*pw = smb_xstrdup(old_style_pw);
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Search an attribute and return the first value found.
|
||||
******************************************************************/
|
||||
@ -402,7 +337,7 @@ static BOOL fetch_ldap_pw(char **dn, char** pw)
|
||||
}
|
||||
|
||||
#if 0 /* commented out after discussion with abartlet. Do not reenable.
|
||||
left here so other so re-add similar code --jerry */
|
||||
left here so other do not re-add similar code --jerry */
|
||||
if (value == NULL || *value == '\0')
|
||||
return;
|
||||
#endif
|
||||
@ -877,8 +812,8 @@ static int smbldap_open(struct smbldap_state *ldap_state)
|
||||
{
|
||||
int rc, opt_rc;
|
||||
BOOL reopen = False;
|
||||
|
||||
SMB_ASSERT(ldap_state);
|
||||
|
||||
#ifndef NO_LDAP_SECURITY
|
||||
if (geteuid() != 0) {
|
||||
DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n"));
|
||||
@ -1383,181 +1318,6 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
Add the sambaDomain to LDAP, so we don't have to search for this stuff
|
||||
again. This is a once-add operation for now.
|
||||
|
||||
TODO: Add other attributes, and allow modification.
|
||||
*********************************************************************/
|
||||
static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
|
||||
const char *domain_name)
|
||||
{
|
||||
fstring sid_string;
|
||||
fstring algorithmic_rid_base_string;
|
||||
pstring filter, dn;
|
||||
LDAPMod **mods = NULL;
|
||||
int rc;
|
||||
int ldap_op;
|
||||
LDAPMessage *result = NULL;
|
||||
int num_result;
|
||||
const char **attr_list;
|
||||
uid_t u_low, u_high;
|
||||
gid_t g_low, g_high;
|
||||
uint32 rid_low, rid_high;
|
||||
|
||||
slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))",
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name, LDAP_OBJ_DOMINFO);
|
||||
|
||||
attr_list = get_attr_list( dominfo_attr_list );
|
||||
rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result);
|
||||
free_attr_list( attr_list );
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
num_result = ldap_count_entries(ldap_state->ldap_struct, result);
|
||||
|
||||
if (num_result > 1) {
|
||||
DEBUG (0, ("More than domain with that name exists: bailing out!\n"));
|
||||
ldap_msgfree(result);
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
/* Check if we need to add an entry */
|
||||
DEBUG(3,("Adding new domain\n"));
|
||||
ldap_op = LDAP_MOD_ADD;
|
||||
|
||||
pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name, lp_ldap_suffix());
|
||||
|
||||
/* Free original search */
|
||||
ldap_msgfree(result);
|
||||
|
||||
/* make the changes - the entry *must* not already have samba attributes */
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name);
|
||||
|
||||
/* If we don't have an entry, then ask secrets.tdb for what it thinks.
|
||||
It may choose to make it up */
|
||||
|
||||
sid_to_string(sid_string, get_global_sam_sid());
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string);
|
||||
|
||||
slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base());
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE),
|
||||
algorithmic_rid_base_string);
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
|
||||
|
||||
/* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set.
|
||||
TODO: fix all the places where the line between idmap and normal operations
|
||||
needed by smbd gets fuzzy --jerry 2003-08-11 */
|
||||
|
||||
if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high)
|
||||
&& get_free_rid_range(&rid_low, &rid_high) )
|
||||
{
|
||||
fstring rid_str;
|
||||
|
||||
fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE );
|
||||
DEBUG(10,("setting next available user rid [%s]\n", rid_str));
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD,
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
|
||||
rid_str);
|
||||
|
||||
fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE );
|
||||
DEBUG(10,("setting next available group rid [%s]\n", rid_str));
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD,
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
|
||||
rid_str);
|
||||
|
||||
}
|
||||
|
||||
|
||||
switch(ldap_op)
|
||||
{
|
||||
case LDAP_MOD_ADD:
|
||||
rc = smbldap_add(ldap_state, dn, mods);
|
||||
break;
|
||||
case LDAP_MOD_REPLACE:
|
||||
rc = smbldap_modify(ldap_state, dn, mods);
|
||||
break;
|
||||
default:
|
||||
DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (rc!=LDAP_SUCCESS) {
|
||||
char *ld_error = NULL;
|
||||
ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
|
||||
DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n",
|
||||
ldap_op == LDAP_MOD_ADD ? "add" : "modify",
|
||||
dn, ldap_err2string(rc),
|
||||
ld_error?ld_error:"unknown"));
|
||||
SAFE_FREE(ld_error);
|
||||
|
||||
ldap_mods_free(mods, True);
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name));
|
||||
ldap_mods_free(mods, True);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
Search for the domain info entry
|
||||
*********************************************************************/
|
||||
NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
|
||||
LDAPMessage ** result, const char *domain_name,
|
||||
BOOL try_add)
|
||||
{
|
||||
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
|
||||
pstring filter;
|
||||
int rc;
|
||||
const char **attr_list;
|
||||
int count;
|
||||
|
||||
pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
|
||||
LDAP_OBJ_DOMINFO,
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name);
|
||||
|
||||
DEBUG(2, ("Searching for:[%s]\n", filter));
|
||||
|
||||
|
||||
attr_list = get_attr_list( dominfo_attr_list );
|
||||
rc = smbldap_search_suffix(ldap_state, filter, attr_list , result);
|
||||
free_attr_list( attr_list );
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc)));
|
||||
DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter));
|
||||
} else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) {
|
||||
DEBUG(3, ("Got no domain info entries for domain\n"));
|
||||
ldap_msgfree(*result);
|
||||
*result = NULL;
|
||||
if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) {
|
||||
return smbldap_search_domain_info(ldap_state, result, domain_name, False);
|
||||
}
|
||||
else {
|
||||
DEBUG(0, ("Adding domain info for %s failed with %s\n",
|
||||
domain_name, nt_errstr(ret)));
|
||||
return ret;
|
||||
}
|
||||
} else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) {
|
||||
DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n",
|
||||
count, domain_name));
|
||||
ldap_msgfree(*result);
|
||||
*result = NULL;
|
||||
return ret;
|
||||
} else {
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX.
|
||||
********************************************************************/
|
||||
@ -1597,14 +1357,14 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char
|
||||
}
|
||||
|
||||
if (!strequal(attrs[0], "supportedExtension") &&
|
||||
!strequal(attrs[0], "supportedControl")) {
|
||||
!strequal(attrs[0], "supportedControl") &&
|
||||
!strequal(attrs[0], "namingContexts")) {
|
||||
DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
|
||||
return False;
|
||||
}
|
||||
|
||||
rc = ldap_search_s(ldap_state->ldap_struct, "", LDAP_SCOPE_BASE,
|
||||
"(objectclass=*)", CONST_DISCARD(char **, attrs),
|
||||
0 , &msg);
|
||||
"(objectclass=*)", attrs, 0 , &msg);
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
|
||||
@ -1652,6 +1412,7 @@ static BOOL smbldap_check_root_dse(struct smbldap_state *ldap_state, const char
|
||||
ldap_msgfree(msg);
|
||||
|
||||
return result;
|
||||
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
@ -1673,3 +1434,13 @@ BOOL smbldap_has_extension(struct smbldap_state *ldap_state, const char *extensi
|
||||
const char *attrs[] = { "supportedExtension", NULL };
|
||||
return smbldap_check_root_dse(ldap_state, attrs, extension);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Check if LDAP-Server holds a given namingContext
|
||||
********************************************************************/
|
||||
|
||||
BOOL smbldap_has_naming_context(struct smbldap_state *ldap_state, const char *naming_context)
|
||||
{
|
||||
const char *attrs[] = { "namingContexts", NULL };
|
||||
return smbldap_check_root_dse(ldap_state, attrs, naming_context);
|
||||
}
|
||||
|
||||
203
source3/lib/smbldap_util.c
Normal file
203
source3/lib/smbldap_util.c
Normal file
@ -0,0 +1,203 @@
|
||||
/*
|
||||
Unix SMB/CIFS mplementation.
|
||||
LDAP protocol helper functions for SAMBA
|
||||
Copyright (C) Jean Fran<61>ois Micouleau 1998
|
||||
Copyright (C) Gerald Carter 2001-2003
|
||||
Copyright (C) Shahms King 2001
|
||||
Copyright (C) Andrew Bartlett 2002-2003
|
||||
Copyright (C) Stefan (metze) Metzmacher 2002-2003
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include "smbldap.h"
|
||||
|
||||
/**********************************************************************
|
||||
Add the sambaDomain to LDAP, so we don't have to search for this stuff
|
||||
again. This is a once-add operation for now.
|
||||
|
||||
TODO: Add other attributes, and allow modification.
|
||||
*********************************************************************/
|
||||
static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
|
||||
const char *domain_name)
|
||||
{
|
||||
fstring sid_string;
|
||||
fstring algorithmic_rid_base_string;
|
||||
pstring filter, dn;
|
||||
LDAPMod **mods = NULL;
|
||||
int rc;
|
||||
int ldap_op;
|
||||
LDAPMessage *result = NULL;
|
||||
int num_result;
|
||||
const char **attr_list;
|
||||
uid_t u_low, u_high;
|
||||
gid_t g_low, g_high;
|
||||
uint32 rid_low, rid_high;
|
||||
|
||||
slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))",
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name, LDAP_OBJ_DOMINFO);
|
||||
|
||||
attr_list = get_attr_list( dominfo_attr_list );
|
||||
rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result);
|
||||
free_attr_list( attr_list );
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
num_result = ldap_count_entries(ldap_state->ldap_struct, result);
|
||||
|
||||
if (num_result > 1) {
|
||||
DEBUG (0, ("More than domain with that name exists: bailing out!\n"));
|
||||
ldap_msgfree(result);
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
/* Check if we need to add an entry */
|
||||
DEBUG(3,("Adding new domain\n"));
|
||||
ldap_op = LDAP_MOD_ADD;
|
||||
|
||||
pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name, lp_ldap_suffix());
|
||||
|
||||
/* Free original search */
|
||||
ldap_msgfree(result);
|
||||
|
||||
/* make the changes - the entry *must* not already have samba attributes */
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name);
|
||||
|
||||
/* If we don't have an entry, then ask secrets.tdb for what it thinks.
|
||||
It may choose to make it up */
|
||||
|
||||
sid_to_string(sid_string, get_global_sam_sid());
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string);
|
||||
|
||||
slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base());
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE),
|
||||
algorithmic_rid_base_string);
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
|
||||
|
||||
/* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set.
|
||||
TODO: fix all the places where the line between idmap and normal operations
|
||||
needed by smbd gets fuzzy --jerry 2003-08-11 */
|
||||
|
||||
if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high)
|
||||
&& get_free_rid_range(&rid_low, &rid_high) )
|
||||
{
|
||||
fstring rid_str;
|
||||
|
||||
fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE );
|
||||
DEBUG(10,("setting next available user rid [%s]\n", rid_str));
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD,
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
|
||||
rid_str);
|
||||
|
||||
fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE );
|
||||
DEBUG(10,("setting next available group rid [%s]\n", rid_str));
|
||||
smbldap_set_mod(&mods, LDAP_MOD_ADD,
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
|
||||
rid_str);
|
||||
|
||||
}
|
||||
|
||||
|
||||
switch(ldap_op)
|
||||
{
|
||||
case LDAP_MOD_ADD:
|
||||
rc = smbldap_add(ldap_state, dn, mods);
|
||||
break;
|
||||
case LDAP_MOD_REPLACE:
|
||||
rc = smbldap_modify(ldap_state, dn, mods);
|
||||
break;
|
||||
default:
|
||||
DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
if (rc!=LDAP_SUCCESS) {
|
||||
char *ld_error = NULL;
|
||||
ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
|
||||
DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n",
|
||||
ldap_op == LDAP_MOD_ADD ? "add" : "modify",
|
||||
dn, ldap_err2string(rc),
|
||||
ld_error?ld_error:"unknown"));
|
||||
SAFE_FREE(ld_error);
|
||||
|
||||
ldap_mods_free(mods, True);
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name));
|
||||
ldap_mods_free(mods, True);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/**********************************************************************
|
||||
Search for the domain info entry
|
||||
*********************************************************************/
|
||||
NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
|
||||
LDAPMessage ** result, const char *domain_name,
|
||||
BOOL try_add)
|
||||
{
|
||||
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
|
||||
pstring filter;
|
||||
int rc;
|
||||
const char **attr_list;
|
||||
int count;
|
||||
|
||||
pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
|
||||
LDAP_OBJ_DOMINFO,
|
||||
get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
|
||||
domain_name);
|
||||
|
||||
DEBUG(2, ("Searching for:[%s]\n", filter));
|
||||
|
||||
|
||||
attr_list = get_attr_list( dominfo_attr_list );
|
||||
rc = smbldap_search_suffix(ldap_state, filter, attr_list , result);
|
||||
free_attr_list( attr_list );
|
||||
|
||||
if (rc != LDAP_SUCCESS) {
|
||||
DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc)));
|
||||
DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter));
|
||||
} else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) {
|
||||
DEBUG(3, ("Got no domain info entries for domain\n"));
|
||||
ldap_msgfree(*result);
|
||||
*result = NULL;
|
||||
if ( try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name)) ) {
|
||||
return smbldap_search_domain_info(ldap_state, result, domain_name, False);
|
||||
}
|
||||
else {
|
||||
DEBUG(0, ("Adding domain info for %s failed with %s\n",
|
||||
domain_name, nt_errstr(ret)));
|
||||
return ret;
|
||||
}
|
||||
} else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) {
|
||||
DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n",
|
||||
count, domain_name));
|
||||
ldap_msgfree(*result);
|
||||
*result = NULL;
|
||||
return ret;
|
||||
} else {
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -786,7 +786,7 @@ BOOL nt_time_is_zero(NTTIME *nt)
|
||||
Return a timeval difference in usec.
|
||||
****************************************************************************/
|
||||
|
||||
SMB_BIG_INT usec_time_diff(struct timeval *larget, struct timeval *smallt)
|
||||
SMB_BIG_INT usec_time_diff(const struct timeval *larget, const struct timeval *smallt)
|
||||
{
|
||||
SMB_BIG_INT sec_diff = larget->tv_sec - smallt->tv_sec;
|
||||
return (sec_diff * 1000000) + (SMB_BIG_INT)(larget->tv_usec - smallt->tv_usec);
|
||||
|
||||
@ -45,7 +45,7 @@ BOOL next_token(const char **ptr,char *buff, const char *sep, size_t bufsize)
|
||||
if (!ptr)
|
||||
return(False);
|
||||
|
||||
s = CONST_DISCARD(char *, *ptr);
|
||||
s = (char *)*ptr;
|
||||
|
||||
/* default to simple separators */
|
||||
if (!sep)
|
||||
@ -109,7 +109,7 @@ void set_first_token(char *ptr)
|
||||
|
||||
char **toktocliplist(int *ctok, const char *sep)
|
||||
{
|
||||
char *s = CONST_DISCARD(char *, last_ptr);
|
||||
char *s=(char *)last_ptr;
|
||||
int ictok=0;
|
||||
char **ret, **iret;
|
||||
|
||||
@ -132,7 +132,7 @@ char **toktocliplist(int *ctok, const char *sep)
|
||||
} while(*s);
|
||||
|
||||
*ctok=ictok;
|
||||
s = CONST_DISCARD(char *, last_ptr);
|
||||
s=(char *)last_ptr;
|
||||
|
||||
if (!(ret=iret=SMB_MALLOC_ARRAY(char *,ictok+1)))
|
||||
return NULL;
|
||||
@ -1221,7 +1221,7 @@ char *strchr_m(const char *src, char c)
|
||||
|
||||
for (s = src; *s && !(((unsigned char)s[0]) & 0x80); s++) {
|
||||
if (*s == c)
|
||||
return CONST_DISCARD(char *, s);
|
||||
return (char *)s;
|
||||
}
|
||||
|
||||
if (!*s)
|
||||
@ -1238,7 +1238,7 @@ char *strchr_m(const char *src, char c)
|
||||
return NULL;
|
||||
*p = 0;
|
||||
pull_ucs2_pstring(s2, ws);
|
||||
return CONST_DISCARD(char *, (s+strlen(s2)));
|
||||
return (char *)(s+strlen(s2));
|
||||
}
|
||||
|
||||
char *strrchr_m(const char *s, char c)
|
||||
@ -1275,7 +1275,7 @@ char *strrchr_m(const char *s, char c)
|
||||
break;
|
||||
}
|
||||
/* No - we have a match ! */
|
||||
return CONST_DISCARD(char *, cp);
|
||||
return (char *)cp;
|
||||
}
|
||||
} while (cp-- != s);
|
||||
if (!got_mb)
|
||||
@ -1294,7 +1294,7 @@ char *strrchr_m(const char *s, char c)
|
||||
return NULL;
|
||||
*p = 0;
|
||||
pull_ucs2_pstring(s2, ws);
|
||||
return CONST_DISCARD(char *, (s+strlen(s2)));
|
||||
return (char *)(s+strlen(s2));
|
||||
}
|
||||
}
|
||||
|
||||
@ -1315,7 +1315,7 @@ char *strnrchr_m(const char *s, char c, unsigned int n)
|
||||
return NULL;
|
||||
*p = 0;
|
||||
pull_ucs2_pstring(s2, ws);
|
||||
return CONST_DISCARD(char *, (s+strlen(s2)));
|
||||
return (char *)(s+strlen(s2));
|
||||
}
|
||||
|
||||
/***********************************************************************
|
||||
@ -1334,7 +1334,7 @@ char *strstr_m(const char *src, const char *findstr)
|
||||
|
||||
/* for correctness */
|
||||
if (!findstr[0]) {
|
||||
return CONST_DISCARD(char *, src);
|
||||
return (char*)src;
|
||||
}
|
||||
|
||||
/* Samba does single character findstr calls a *lot*. */
|
||||
@ -1351,7 +1351,7 @@ char *strstr_m(const char *src, const char *findstr)
|
||||
findstr_len = strlen(findstr);
|
||||
|
||||
if (strncmp(s, findstr, findstr_len) == 0) {
|
||||
return CONST_DISCARD(char *, s);
|
||||
return (char *)s;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1392,7 +1392,7 @@ char *strstr_m(const char *src, const char *findstr)
|
||||
DEBUG(0,("strstr_m: dest malloc fail\n"));
|
||||
return NULL;
|
||||
}
|
||||
retp = CONST_DISCARD(char *, (s+strlen(s2)));
|
||||
retp = (char *)(s+strlen(s2));
|
||||
SAFE_FREE(src_w);
|
||||
SAFE_FREE(find_w);
|
||||
SAFE_FREE(s2);
|
||||
|
||||
@ -382,10 +382,10 @@ size_t strnlen_w(const smb_ucs2_t *src, size_t max)
|
||||
smb_ucs2_t *strchr_w(const smb_ucs2_t *s, smb_ucs2_t c)
|
||||
{
|
||||
while (*s != 0) {
|
||||
if (c == *s) return CONST_DISCARD(smb_ucs2_t *, s);
|
||||
if (c == *s) return (smb_ucs2_t *)s;
|
||||
s++;
|
||||
}
|
||||
if (c == *s) return CONST_DISCARD(smb_ucs2_t *, s);
|
||||
if (c == *s) return (smb_ucs2_t *)s;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
@ -406,7 +406,7 @@ smb_ucs2_t *strrchr_w(const smb_ucs2_t *s, smb_ucs2_t c)
|
||||
if (len == 0) return NULL;
|
||||
p += (len - 1);
|
||||
do {
|
||||
if (c == *p) return CONST_DISCARD(smb_ucs2_t *, p);
|
||||
if (c == *p) return (smb_ucs2_t *)p;
|
||||
} while (p-- != s);
|
||||
return NULL;
|
||||
}
|
||||
@ -427,7 +427,7 @@ smb_ucs2_t *strnrchr_w(const smb_ucs2_t *s, smb_ucs2_t c, unsigned int n)
|
||||
n--;
|
||||
|
||||
if (!n)
|
||||
return CONST_DISCARD(smb_ucs2_t *, p);
|
||||
return (smb_ucs2_t *)p;
|
||||
} while (p-- != s);
|
||||
return NULL;
|
||||
}
|
||||
@ -445,7 +445,7 @@ smb_ucs2_t *strstr_w(const smb_ucs2_t *s, const smb_ucs2_t *ins)
|
||||
return NULL;
|
||||
|
||||
inslen = strlen_w(ins);
|
||||
r = CONST_DISCARD(smb_ucs2_t *, s);
|
||||
r = (smb_ucs2_t *)s;
|
||||
|
||||
while ((r = strchr_w(r, *ins))) {
|
||||
if (strncmp_w(r, ins, inslen) == 0)
|
||||
@ -716,7 +716,7 @@ smb_ucs2_t *strpbrk_wa(const smb_ucs2_t *s, const char *p)
|
||||
int i;
|
||||
for (i=0; p[i] && *s != UCS2_CHAR(p[i]); i++)
|
||||
;
|
||||
if (p[i]) return CONST_DISCARD(smb_ucs2_t *, s);
|
||||
if (p[i]) return (smb_ucs2_t *)s;
|
||||
s++;
|
||||
}
|
||||
return NULL;
|
||||
@ -731,7 +731,7 @@ smb_ucs2_t *strstr_wa(const smb_ucs2_t *s, const char *ins)
|
||||
return NULL;
|
||||
|
||||
inslen = strlen(ins);
|
||||
r = CONST_DISCARD(smb_ucs2_t *, s);
|
||||
r = (smb_ucs2_t *)s;
|
||||
|
||||
while ((r = strchr_w(r, UCS2_CHAR(*ins)))) {
|
||||
if (strncmp_wa(r, ins, inslen) == 0)
|
||||
|
||||
@ -94,7 +94,7 @@ BOOL smb_string_to_uuid(const char *in, struct uuid* uu)
|
||||
{
|
||||
BOOL ret = False;
|
||||
const char *ptr = in;
|
||||
char *end = CONST_DISCARD(char *, in);
|
||||
char *end = (char *)in;
|
||||
int i;
|
||||
unsigned v1, v2;
|
||||
|
||||
|
||||
@ -61,10 +61,8 @@ ADS_STATUS ads_find_printers(ADS_STRUCT *ads, void **res)
|
||||
|
||||
/* For the moment only display all printers */
|
||||
|
||||
ldap_expr =
|
||||
CONST_DISCARD(char *,
|
||||
"(&(!(showInAdvancedViewOnly=TRUE))(uncName=*)"
|
||||
"(objectCategory=printQueue))");
|
||||
ldap_expr = "(&(!(showInAdvancedViewOnly=TRUE))(uncName=*)"
|
||||
"(objectCategory=printQueue))";
|
||||
|
||||
return ads_search(ads, res, ldap_expr, attrs);
|
||||
}
|
||||
|
||||
@ -18,8 +18,6 @@
|
||||
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
*/
|
||||
|
||||
#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef HAVE_LDAP
|
||||
@ -287,8 +285,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
|
||||
ENCTYPE_DES_CBC_MD5,
|
||||
ENCTYPE_NULL};
|
||||
gss_OID_desc nt_principal =
|
||||
{10, CONST_DISCARD(char *,
|
||||
"\052\206\110\206\367\022\001\002\002\002")};
|
||||
{10, "\052\206\110\206\367\022\001\002\002\002"};
|
||||
|
||||
/* we need to fetch a service ticket as the ldap user in the
|
||||
servers realm, regardless of our realm */
|
||||
|
||||
@ -338,8 +338,7 @@ int spnego_gen_negTokenTarg(const char *principal, int time_offset,
|
||||
return retval;
|
||||
|
||||
/* wrap that up in a nice GSS-API wrapping */
|
||||
tkt_wrapped = spnego_gen_krb5_wrap(
|
||||
tkt, CONST_ADD(const uint8 *, TOK_ID_KRB_AP_REQ));
|
||||
tkt_wrapped = spnego_gen_krb5_wrap(tkt, TOK_ID_KRB_AP_REQ);
|
||||
|
||||
/* and wrap that in a shiny SPNEGO wrapper */
|
||||
*targ = gen_negTokenTarg(krb_mechs, tkt_wrapped);
|
||||
|
||||
@ -42,14 +42,12 @@ static BOOL read_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token)
|
||||
asn1_start_tag(asn1, ASN1_CONTEXT(0));
|
||||
asn1_start_tag(asn1, ASN1_SEQUENCE(0));
|
||||
|
||||
token->mechTypes = SMB_MALLOC_P(const char *);
|
||||
token->mechTypes = SMB_MALLOC_P(char *);
|
||||
for (i = 0; !asn1->has_error &&
|
||||
0 < asn1_tag_remaining(asn1); i++) {
|
||||
token->mechTypes =
|
||||
SMB_REALLOC_ARRAY(token->mechTypes, const char *, i + 2);
|
||||
asn1_read_OID(asn1,
|
||||
CONST_DISCARD(char **,
|
||||
(token->mechTypes + i)));
|
||||
SMB_REALLOC_ARRAY(token->mechTypes, char *, i + 2);
|
||||
asn1_read_OID(asn1, token->mechTypes + i);
|
||||
}
|
||||
token->mechTypes[i] = NULL;
|
||||
|
||||
@ -184,7 +182,7 @@ static BOOL read_negTokenTarg(ASN1_DATA *asn1, negTokenTarg_t *token)
|
||||
break;
|
||||
case ASN1_CONTEXT(1):
|
||||
asn1_start_tag(asn1, ASN1_CONTEXT(1));
|
||||
asn1_read_OID(asn1, CONST_DISCARD(char **, &token->supportedMech));
|
||||
asn1_read_OID(asn1, &token->supportedMech);
|
||||
asn1_end_tag(asn1);
|
||||
break;
|
||||
case ASN1_CONTEXT(2):
|
||||
@ -319,8 +317,7 @@ BOOL free_spnego_data(SPNEGO_DATA *spnego)
|
||||
if (spnego->negTokenInit.mechTypes) {
|
||||
int i;
|
||||
for (i = 0; spnego->negTokenInit.mechTypes[i]; i++) {
|
||||
free(CONST_DISCARD(void *,
|
||||
spnego->negTokenInit.mechTypes[i]));
|
||||
free(spnego->negTokenInit.mechTypes[i]);
|
||||
}
|
||||
free(spnego->negTokenInit.mechTypes);
|
||||
}
|
||||
@ -329,7 +326,7 @@ BOOL free_spnego_data(SPNEGO_DATA *spnego)
|
||||
break;
|
||||
case SPNEGO_NEG_TOKEN_TARG:
|
||||
if (spnego->negTokenTarg.supportedMech) {
|
||||
free(CONST_DISCARD(void *, spnego->negTokenTarg.supportedMech));
|
||||
free(spnego->negTokenTarg.supportedMech);
|
||||
}
|
||||
data_blob_free(&spnego->negTokenTarg.responseToken);
|
||||
data_blob_free(&spnego->negTokenTarg.mechListMIC);
|
||||
|
||||
@ -120,10 +120,11 @@
|
||||
the right thing about local DST. Unlike previous versions, this
|
||||
version is reentrant. */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#ifdef HAVE_ALLOCA_H
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include <config.h>
|
||||
# ifdef HAVE_ALLOCA_H
|
||||
# include <alloca.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* Since the code of getdate.y is not included in the Emacs executable
|
||||
|
||||
@ -25,10 +25,11 @@
|
||||
the right thing about local DST. Unlike previous versions, this
|
||||
version is reentrant. */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#ifdef HAVE_ALLOCA_H
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include <config.h>
|
||||
# ifdef HAVE_ALLOCA_H
|
||||
# include <alloca.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* Since the code of getdate.y is not included in the Emacs executable
|
||||
|
||||
@ -26,8 +26,8 @@ static struct {
|
||||
char *to;
|
||||
int len;
|
||||
} weird_table[] = {
|
||||
{'q', CONST_DISCARD(char *, "^q^"), 3},
|
||||
{'Q', CONST_DISCARD(char *, "^Q^"), 3},
|
||||
{'q', "^q^", 3},
|
||||
{'Q', "^Q^", 3},
|
||||
{0, NULL}
|
||||
};
|
||||
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
#endif
|
||||
|
||||
#ifndef SAFE_FREE
|
||||
#define SAFE_FREE(x) do { if(x) {free(CONST_DISCARD(void *, (x))); x=NULL;} } while(0)
|
||||
#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
|
||||
#endif
|
||||
|
||||
#ifndef _WINBINDD_NTDOM_H
|
||||
@ -101,16 +101,6 @@ enum winbindd_cmd {
|
||||
WINBINDD_WINS_BYIP,
|
||||
WINBINDD_WINS_BYNAME,
|
||||
|
||||
/* account management commands */
|
||||
|
||||
WINBINDD_CREATE_USER,
|
||||
WINBINDD_CREATE_GROUP,
|
||||
WINBINDD_ADD_USER_TO_GROUP,
|
||||
WINBINDD_REMOVE_USER_FROM_GROUP,
|
||||
WINBINDD_SET_USER_PRIMARY_GROUP,
|
||||
WINBINDD_DELETE_USER,
|
||||
WINBINDD_DELETE_GROUP,
|
||||
|
||||
/* this is like GETGRENT but gives an empty group list */
|
||||
WINBINDD_GETGRLST,
|
||||
|
||||
|
||||
@ -540,6 +540,71 @@ BOOL secrets_store_ldap_pw(const char* dn, char* pw)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
find the ldap password
|
||||
******************************************************************/
|
||||
BOOL fetch_ldap_pw(char **dn, char** pw)
|
||||
{
|
||||
char *key = NULL;
|
||||
size_t size;
|
||||
|
||||
*dn = smb_xstrdup(lp_ldap_admin_dn());
|
||||
|
||||
if (asprintf(&key, "%s/%s", SECRETS_LDAP_BIND_PW, *dn) < 0) {
|
||||
SAFE_FREE(*dn);
|
||||
DEBUG(0, ("fetch_ldap_pw: asprintf failed!\n"));
|
||||
}
|
||||
|
||||
*pw=secrets_fetch(key, &size);
|
||||
SAFE_FREE(key);
|
||||
|
||||
if (!size) {
|
||||
/* Upgrade 2.2 style entry */
|
||||
char *p;
|
||||
char* old_style_key = SMB_STRDUP(*dn);
|
||||
char *data;
|
||||
fstring old_style_pw;
|
||||
|
||||
if (!old_style_key) {
|
||||
DEBUG(0, ("fetch_ldap_pw: strdup failed!\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
for (p=old_style_key; *p; p++)
|
||||
if (*p == ',') *p = '/';
|
||||
|
||||
data=secrets_fetch(old_style_key, &size);
|
||||
if (!size && size < sizeof(old_style_pw)) {
|
||||
DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n"));
|
||||
SAFE_FREE(old_style_key);
|
||||
SAFE_FREE(*dn);
|
||||
return False;
|
||||
}
|
||||
|
||||
size = MIN(size, sizeof(fstring)-1);
|
||||
strncpy(old_style_pw, data, size);
|
||||
old_style_pw[size] = 0;
|
||||
|
||||
SAFE_FREE(data);
|
||||
|
||||
if (!secrets_store_ldap_pw(*dn, old_style_pw)) {
|
||||
DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n"));
|
||||
SAFE_FREE(old_style_key);
|
||||
SAFE_FREE(*dn);
|
||||
return False;
|
||||
}
|
||||
if (!secrets_delete(old_style_key)) {
|
||||
DEBUG(0,("fetch_ldap_pw: old ldap secret could not be deleted!\n"));
|
||||
}
|
||||
|
||||
SAFE_FREE(old_style_key);
|
||||
|
||||
*pw = smb_xstrdup(old_style_pw);
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get trusted domains info from secrets.tdb.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -6,6 +6,7 @@
|
||||
* Copyright (C) Paul Ashton 1997,
|
||||
* Copyright (C) Jeremy Allison 2001,
|
||||
* Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003.
|
||||
* Copyright (C) Gerald (Jerry) Carter 2005
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -765,6 +766,156 @@ static BOOL api_lsa_lookup_priv_value(pipes_struct *p)
|
||||
return True;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
static BOOL api_lsa_open_trust_dom(pipes_struct *p)
|
||||
{
|
||||
LSA_Q_OPEN_TRUSTED_DOMAIN q_u;
|
||||
LSA_R_OPEN_TRUSTED_DOMAIN r_u;
|
||||
|
||||
prs_struct *data = &p->in_data.data;
|
||||
prs_struct *rdata = &p->out_data.rdata;
|
||||
|
||||
ZERO_STRUCT(q_u);
|
||||
ZERO_STRUCT(r_u);
|
||||
|
||||
if(!lsa_io_q_open_trusted_domain("", &q_u, data, 0)) {
|
||||
DEBUG(0,("api_lsa_open_trust_dom: failed to unmarshall LSA_Q_OPEN_TRUSTED_DOMAIN .\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
r_u.status = _lsa_open_trusted_domain(p, &q_u, &r_u);
|
||||
|
||||
/* store the response in the SMB stream */
|
||||
if(!lsa_io_r_open_trusted_domain("", &r_u, rdata, 0)) {
|
||||
DEBUG(0,("api_lsa_open_trust_dom: Failed to marshall LSA_R_OPEN_TRUSTED_DOMAIN.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
static BOOL api_lsa_create_trust_dom(pipes_struct *p)
|
||||
{
|
||||
LSA_Q_CREATE_TRUSTED_DOMAIN q_u;
|
||||
LSA_R_CREATE_TRUSTED_DOMAIN r_u;
|
||||
|
||||
prs_struct *data = &p->in_data.data;
|
||||
prs_struct *rdata = &p->out_data.rdata;
|
||||
|
||||
ZERO_STRUCT(q_u);
|
||||
ZERO_STRUCT(r_u);
|
||||
|
||||
if(!lsa_io_q_create_trusted_domain("", &q_u, data, 0)) {
|
||||
DEBUG(0,("api_lsa_create_trust_dom: failed to unmarshall LSA_Q_CREATE_TRUSTED_DOMAIN .\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
r_u.status = _lsa_create_trusted_domain(p, &q_u, &r_u);
|
||||
|
||||
/* store the response in the SMB stream */
|
||||
if(!lsa_io_r_create_trusted_domain("", &r_u, rdata, 0)) {
|
||||
DEBUG(0,("api_lsa_create_trust_dom: Failed to marshall LSA_R_CREATE_TRUSTED_DOMAIN.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
static BOOL api_lsa_create_secret(pipes_struct *p)
|
||||
{
|
||||
LSA_Q_CREATE_SECRET q_u;
|
||||
LSA_R_CREATE_SECRET r_u;
|
||||
|
||||
prs_struct *data = &p->in_data.data;
|
||||
prs_struct *rdata = &p->out_data.rdata;
|
||||
|
||||
ZERO_STRUCT(q_u);
|
||||
ZERO_STRUCT(r_u);
|
||||
|
||||
if(!lsa_io_q_create_secret("", &q_u, data, 0)) {
|
||||
DEBUG(0,("api_lsa_create_secret: failed to unmarshall LSA_Q_CREATE_SECRET.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
r_u.status = _lsa_create_secret(p, &q_u, &r_u);
|
||||
|
||||
/* store the response in the SMB stream */
|
||||
if(!lsa_io_r_create_secret("", &r_u, rdata, 0)) {
|
||||
DEBUG(0,("api_lsa_create_secret: Failed to marshall LSA_R_CREATE_SECRET.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
static BOOL api_lsa_set_secret(pipes_struct *p)
|
||||
{
|
||||
LSA_Q_SET_SECRET q_u;
|
||||
LSA_R_SET_SECRET r_u;
|
||||
|
||||
prs_struct *data = &p->in_data.data;
|
||||
prs_struct *rdata = &p->out_data.rdata;
|
||||
|
||||
ZERO_STRUCT(q_u);
|
||||
ZERO_STRUCT(r_u);
|
||||
|
||||
if(!lsa_io_q_set_secret("", &q_u, data, 0)) {
|
||||
DEBUG(0,("api_lsa_set_secret: failed to unmarshall LSA_Q_SET_SECRET.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
r_u.status = _lsa_set_secret(p, &q_u, &r_u);
|
||||
|
||||
/* store the response in the SMB stream */
|
||||
if(!lsa_io_r_set_secret("", &r_u, rdata, 0)) {
|
||||
DEBUG(0,("api_lsa_set_secret: Failed to marshall LSA_R_SET_SECRET.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
static BOOL api_lsa_delete_object(pipes_struct *p)
|
||||
{
|
||||
LSA_Q_DELETE_OBJECT q_u;
|
||||
LSA_R_DELETE_OBJECT r_u;
|
||||
|
||||
prs_struct *data = &p->in_data.data;
|
||||
prs_struct *rdata = &p->out_data.rdata;
|
||||
|
||||
ZERO_STRUCT(q_u);
|
||||
ZERO_STRUCT(r_u);
|
||||
|
||||
if(!lsa_io_q_delete_object("", &q_u, data, 0)) {
|
||||
DEBUG(0,("api_lsa_delete_object: failed to unmarshall LSA_Q_DELETE_OBJECT.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
r_u.status = _lsa_delete_object(p, &q_u, &r_u);
|
||||
|
||||
/* store the response in the SMB stream */
|
||||
if(!lsa_io_r_delete_object("", &r_u, rdata, 0)) {
|
||||
DEBUG(0,("api_lsa_delete_object: Failed to marshall LSA_R_DELETE_OBJECT.\n"));
|
||||
return False;
|
||||
}
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
#if 0 /* AD DC work in ongoing in Samba 4 */
|
||||
|
||||
/***************************************************************************
|
||||
@ -827,7 +978,13 @@ static struct api_struct api_lsa_cmds[] =
|
||||
{ "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights },
|
||||
{ "LSA_ENUMACCTRIGHTS" , LSA_ENUMACCTRIGHTS , api_lsa_enum_acct_rights },
|
||||
{ "LSA_QUERYSECOBJ" , LSA_QUERYSECOBJ , api_lsa_query_secobj },
|
||||
{ "LSA_LOOKUPPRIVVALUE" , LSA_LOOKUPPRIVVALUE , api_lsa_lookup_priv_value }
|
||||
{ "LSA_LOOKUPPRIVVALUE" , LSA_LOOKUPPRIVVALUE , api_lsa_lookup_priv_value },
|
||||
{ "LSA_OPENTRUSTDOM" , LSA_OPENTRUSTDOM , api_lsa_open_trust_dom },
|
||||
{ "LSA_OPENSECRET" , LSA_OPENSECRET , api_lsa_open_secret },
|
||||
{ "LSA_CREATETRUSTDOM" , LSA_CREATETRUSTDOM , api_lsa_create_trust_dom },
|
||||
{ "LSA_CREATSECRET" , LSA_CREATESECRET , api_lsa_create_secret },
|
||||
{ "LSA_SETSECRET" , LSA_SETSECRET , api_lsa_set_secret },
|
||||
{ "LSA_DELETEOBJECT" , LSA_DELETEOBJECT , api_lsa_delete_object }
|
||||
#if 0 /* AD DC work in ongoing in Samba 4 */
|
||||
/* be careful of the adding of new RPC's. See commentrs below about
|
||||
ADS DC capabilities */
|
||||
|
||||
@ -749,7 +749,6 @@ NTSTATUS _lsa_close(pipes_struct *p, LSA_Q_CLOSE *q_u, LSA_R_CLOSE *r_u)
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
"No more secrets Marty...." :-).
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_open_secret(pipes_struct *p, LSA_Q_OPEN_SECRET *q_u, LSA_R_OPEN_SECRET *r_u)
|
||||
@ -757,6 +756,46 @@ NTSTATUS _lsa_open_secret(pipes_struct *p, LSA_Q_OPEN_SECRET *q_u, LSA_R_OPEN_SE
|
||||
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_open_trusted_domain(pipes_struct *p, LSA_Q_OPEN_TRUSTED_DOMAIN *q_u, LSA_R_OPEN_TRUSTED_DOMAIN *r_u)
|
||||
{
|
||||
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_create_trusted_domain(pipes_struct *p, LSA_Q_CREATE_TRUSTED_DOMAIN *q_u, LSA_R_CREATE_TRUSTED_DOMAIN *r_u)
|
||||
{
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_create_secret(pipes_struct *p, LSA_Q_CREATE_SECRET *q_u, LSA_R_CREATE_SECRET *r_u)
|
||||
{
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_set_secret(pipes_struct *p, LSA_Q_SET_SECRET *q_u, LSA_R_SET_SECRET *r_u)
|
||||
{
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
***************************************************************************/
|
||||
|
||||
NTSTATUS _lsa_delete_object(pipes_struct *p, LSA_Q_DELETE_OBJECT *q_u, LSA_R_DELETE_OBJECT *r_u)
|
||||
{
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
_lsa_enum_privs.
|
||||
***************************************************************************/
|
||||
|
||||
@ -56,12 +56,6 @@ static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
|
||||
net_reply_logon_ctrl:
|
||||
*************************************************************************/
|
||||
|
||||
/* Some flag values reverse engineered from NLTEST.EXE */
|
||||
|
||||
#define LOGON_CTRL_IN_SYNC 0x00
|
||||
#define LOGON_CTRL_REPL_NEEDED 0x01
|
||||
#define LOGON_CTRL_REPL_IN_PROGRESS 0x02
|
||||
|
||||
NTSTATUS _net_logon_ctrl(pipes_struct *p, NET_Q_LOGON_CTRL *q_u,
|
||||
NET_R_LOGON_CTRL *r_u)
|
||||
{
|
||||
|
||||
@ -7247,6 +7247,7 @@ static void fill_port_2(PORT_INFO_2 *port, const char *name)
|
||||
port->reserved=0x0;
|
||||
}
|
||||
|
||||
|
||||
/****************************************************************************
|
||||
wrapper around the enumer ports command
|
||||
****************************************************************************/
|
||||
|
||||
@ -101,8 +101,7 @@ static BOOL kernel_check_notify(connection_struct *conn, uint16 vuid, char *path
|
||||
close((int)fd_pending_array[i]);
|
||||
fd_pending_array[i] = (SIG_ATOMIC_T)-1;
|
||||
if (signals_received - i - 1) {
|
||||
memmove(CONST_DISCARD(void *, &fd_pending_array[i]),
|
||||
CONST_DISCARD(void *, &fd_pending_array[i+1]),
|
||||
memmove((void *)&fd_pending_array[i], (void *)&fd_pending_array[i+1],
|
||||
sizeof(SIG_ATOMIC_T)*(signals_received-i-1));
|
||||
}
|
||||
data->directory_handle = -1;
|
||||
@ -130,8 +129,7 @@ static void kernel_remove_notify(void *datap)
|
||||
if (fd == (int)fd_pending_array[i]) {
|
||||
fd_pending_array[i] = (SIG_ATOMIC_T)-1;
|
||||
if (signals_received - i - 1) {
|
||||
memmove(CONST_DISCARD(void *, &fd_pending_array[i]),
|
||||
CONST_DISCARD(void *, &fd_pending_array[i+1]),
|
||||
memmove((void *)&fd_pending_array[i], (void *)&fd_pending_array[i+1],
|
||||
sizeof(SIG_ATOMIC_T)*(signals_received-i-1));
|
||||
}
|
||||
data->directory_handle = -1;
|
||||
|
||||
@ -362,7 +362,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
|
||||
conn->service = snum;
|
||||
conn->used = True;
|
||||
conn->printer = (strncmp(dev,"LPT",3) == 0);
|
||||
conn->ipc = ((strncmp(dev,"IPC",3) == 0) || strequal(dev,"ADMIN$"));
|
||||
conn->ipc = ( (strncmp(dev,"IPC",3) == 0) || ( lp_enable_asu_support() && strequal(dev,"ADMIN$")) );
|
||||
conn->dirptr = NULL;
|
||||
|
||||
/* Case options for the share. */
|
||||
@ -783,7 +783,9 @@ connection_struct *make_connection(const char *service_in, DATA_BLOB password,
|
||||
snum = find_service(service);
|
||||
|
||||
if (snum < 0) {
|
||||
if (strequal(service,"IPC$") || strequal(service,"ADMIN$")) {
|
||||
if (strequal(service,"IPC$")
|
||||
|| (lp_enable_asu_support() && strequal(service,"ADMIN$")))
|
||||
{
|
||||
DEBUG(3,("refusing IPC connection to %s\n", service));
|
||||
*status = NT_STATUS_ACCESS_DENIED;
|
||||
return NULL;
|
||||
|
||||
@ -25,12 +25,6 @@
|
||||
|
||||
uint32 global_client_caps = 0;
|
||||
|
||||
extern BOOL global_encrypted_passwords_negotiated;
|
||||
extern BOOL global_spnego_negotiated;
|
||||
extern enum protocol_types Protocol;
|
||||
extern int max_send;
|
||||
extern struct auth_context *negprot_global_auth_context;
|
||||
|
||||
static struct auth_ntlmssp_state *global_ntlmssp_state;
|
||||
|
||||
/*
|
||||
@ -319,9 +313,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
|
||||
|
||||
/* wrap that up in a nice GSS-API wrapping */
|
||||
if (NT_STATUS_IS_OK(ret)) {
|
||||
ap_rep_wrapped = spnego_gen_krb5_wrap(
|
||||
ap_rep,
|
||||
CONST_ADD(const uint8 *, TOK_ID_KRB_AP_REP));
|
||||
ap_rep_wrapped = spnego_gen_krb5_wrap(ap_rep, TOK_ID_KRB_AP_REP);
|
||||
} else {
|
||||
ap_rep_wrapped = data_blob(NULL, 0);
|
||||
}
|
||||
@ -643,8 +635,13 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
|
||||
fstring native_lanman;
|
||||
fstring primary_domain;
|
||||
static BOOL done_sesssetup = False;
|
||||
extern BOOL global_encrypted_passwords_negotiated;
|
||||
extern BOOL global_spnego_negotiated;
|
||||
extern enum protocol_types Protocol;
|
||||
extern int max_send;
|
||||
|
||||
auth_usersupplied_info *user_info = NULL;
|
||||
extern struct auth_context *negprot_global_auth_context;
|
||||
auth_serversupplied_info *server_info = NULL;
|
||||
|
||||
NTSTATUS nt_status;
|
||||
|
||||
@ -128,7 +128,7 @@
|
||||
|
||||
/* free memory if the pointer is valid and zero the pointer */
|
||||
#ifndef SAFE_FREE
|
||||
#define SAFE_FREE(x) do { if ((x) != NULL) {free(CONST_DISCARD(void *, (x))); (x)=NULL;} } while(0)
|
||||
#define SAFE_FREE(x) do { if ((x) != NULL) {free((x)); (x)=NULL;} } while(0)
|
||||
#endif
|
||||
|
||||
#define BUCKET(hash) ((hash) % tdb->header.hash_size)
|
||||
|
||||
@ -390,9 +390,8 @@ BOOL tdb_change_uint32_atomic(TDB_CONTEXT *tdb, const char *keystr, uint32 *oldv
|
||||
integers and strings.
|
||||
****************************************************************************/
|
||||
|
||||
size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
|
||||
size_t tdb_pack_va(char *buf, int bufsize, const char *fmt, va_list ap)
|
||||
{
|
||||
va_list ap;
|
||||
uint8 bt;
|
||||
uint16 w;
|
||||
uint32 d;
|
||||
@ -405,8 +404,6 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
|
||||
const char *fmt0 = fmt;
|
||||
int bufsize0 = bufsize;
|
||||
|
||||
va_start(ap, fmt);
|
||||
|
||||
while (*fmt) {
|
||||
switch ((c = *fmt++)) {
|
||||
case 'b': /* unsigned 8-bit integer */
|
||||
@ -471,14 +468,54 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
|
||||
bufsize = 0;
|
||||
}
|
||||
|
||||
va_end(ap);
|
||||
|
||||
DEBUG(18,("tdb_pack(%s, %d) -> %d\n",
|
||||
DEBUG(18,("tdb_pack_va(%s, %d) -> %d\n",
|
||||
fmt0, bufsize0, (int)PTR_DIFF(buf, buf0)));
|
||||
|
||||
return PTR_DIFF(buf, buf0);
|
||||
}
|
||||
|
||||
size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
size_t result;
|
||||
|
||||
va_start(ap, fmt);
|
||||
result = tdb_pack_va(buf, bufsize, fmt, ap);
|
||||
va_end(ap);
|
||||
return result;
|
||||
}
|
||||
|
||||
BOOL tdb_pack_append(TALLOC_CTX *mem_ctx, uint8_t **buf, size_t *len,
|
||||
const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
size_t len1, len2;
|
||||
|
||||
va_start(ap, fmt);
|
||||
len1 = tdb_pack_va(NULL, 0, fmt, ap);
|
||||
va_end(ap);
|
||||
|
||||
if (mem_ctx != NULL)
|
||||
*buf = TALLOC_REALLOC_ARRAY(mem_ctx, *buf, uint8_t,
|
||||
(*len) + len1);
|
||||
else
|
||||
*buf = SMB_REALLOC_ARRAY(*buf, uint8_t, (*len) + len1);
|
||||
|
||||
if (*buf == NULL)
|
||||
return False;
|
||||
|
||||
va_start(ap, fmt);
|
||||
len2 = tdb_pack_va((*buf)+(*len), len1, fmt, ap);
|
||||
va_end(ap);
|
||||
|
||||
if (len1 != len2)
|
||||
return False;
|
||||
|
||||
*len += len2;
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
Useful pair of routines for packing/unpacking data consisting of
|
||||
integers and strings.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -81,7 +81,7 @@ static int net_ads_lookup(int argc, const char **argv)
|
||||
d_printf("Didn't find the cldap server!\n");
|
||||
return -1;
|
||||
} if (!ads->config.realm) {
|
||||
ads->config.realm = CONST_DISCARD(char *, opt_target_workgroup);
|
||||
ads->config.realm = opt_target_workgroup;
|
||||
ads->ldap_port = 389;
|
||||
}
|
||||
|
||||
@ -753,7 +753,7 @@ int net_ads_join(int argc, const char **argv)
|
||||
ads_msgfree(ads, res);
|
||||
|
||||
if (rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_NO_SUCH_OBJECT) {
|
||||
d_printf("ads_join: organizational unit %s does not exist (dn:%s)\n",
|
||||
d_printf("ads_join_realm: organizational unit %s does not exist (dn:%s)\n",
|
||||
org_unit, dn);
|
||||
ads_destroy(&ads);
|
||||
return -1;
|
||||
@ -761,14 +761,14 @@ int net_ads_join(int argc, const char **argv)
|
||||
free(dn);
|
||||
|
||||
if (!ADS_ERR_OK(rc)) {
|
||||
d_printf("ads_join: %s\n", ads_errstr(rc));
|
||||
d_printf("ads_join_realm: %s\n", ads_errstr(rc));
|
||||
ads_destroy(&ads);
|
||||
return -1;
|
||||
}
|
||||
|
||||
rc = ads_join_realm(ads, global_myname(), account_type, org_unit);
|
||||
if (!ADS_ERR_OK(rc)) {
|
||||
d_printf("ads_join: %s\n", ads_errstr(rc));
|
||||
d_printf("ads_join_realm: %s\n", ads_errstr(rc));
|
||||
ads_destroy(&ads);
|
||||
return -1;
|
||||
}
|
||||
@ -1172,7 +1172,7 @@ static int net_ads_password(int argc, const char **argv)
|
||||
}
|
||||
|
||||
if (argv[1]) {
|
||||
new_password = CONST_DISCARD(char *, argv[1]);
|
||||
new_password = (char *)argv[1];
|
||||
} else {
|
||||
asprintf(&prompt, "Enter new password for %s:", user);
|
||||
new_password = getpass(prompt);
|
||||
|
||||
@ -3,7 +3,8 @@
|
||||
* RPC Pipe client / server routines
|
||||
* Copyright (C) Andrew Tridgell 1992-2000,
|
||||
* Copyright (C) Jean Fran<61>ois Micouleau 1998-2001.
|
||||
* Copyright (C) Gerald Carter 2003.
|
||||
* Copyright (C) Gerald Carter 2003,
|
||||
* Copyright (C) Volker Lendecke 2004
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
||||
Reference in New Issue
Block a user