[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-test-1894-gefb6d24
Günther Deschner
gd at samba.org
Tue Feb 5 11:54:55 GMT 2008
The branch, v3-2-test has been updated
via efb6d24e97e489e44991091b10196b6ac582485b (commit)
from a3d0450e0a054bdb8997db544a7efc8aa67f074d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit efb6d24e97e489e44991091b10196b6ac582485b
Author: Günther Deschner <gd at samba.org>
Date: Tue Feb 5 12:54:19 2008 +0100
Remove trailing while space, just couldn't resist. No code change.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/rpc_server/srv_samr.c | 30 +-
source/rpc_server/srv_samr_nt.c | 652 +++++++++++++++++++-------------------
2 files changed, 341 insertions(+), 341 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_server/srv_samr.c b/source/rpc_server/srv_samr.c
index d41d828..bc7fd0e 100644
--- a/source/rpc_server/srv_samr.c
+++ b/source/rpc_server/srv_samr.c
@@ -1,4 +1,4 @@
-/*
+/*
* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-1997,
@@ -7,21 +7,21 @@
* Copyright (C) Marc Jacobsen 1999,
* Copyright (C) Jean François Micouleau 1998-2001,
* Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2002-2003.
- *
- * Split into interface and implementation modules by,
+ *
+ * Split into interface and implementation modules by,
*
* Copyright (C) Jeremy Allison 2001.
- *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
@@ -173,7 +173,7 @@ static bool api_samr_enum_dom_aliases(pipes_struct *p)
SAMR_R_ENUM_DOM_ALIASES r_u;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
-
+
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
@@ -251,7 +251,7 @@ static bool api_samr_query_aliasinfo(pipes_struct *p)
DEBUG(0,("api_samr_query_aliasinfo: unable to marshall SAMR_R_QUERY_ALIASINFO.\n"));
return False;
}
-
+
return True;
}
@@ -520,7 +520,7 @@ static bool api_samr_enum_domains(pipes_struct *p)
SAMR_R_ENUM_DOMAINS r_u;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
-
+
ZERO_STRUCT(q_u);
ZERO_STRUCT(r_u);
@@ -535,7 +535,7 @@ static bool api_samr_enum_domains(pipes_struct *p)
DEBUG(0,("api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS.\n"));
return False;
}
-
+
return True;
}
@@ -930,7 +930,7 @@ static struct api_struct api_samr_cmds [] =
{"SAMR_CONNECT_ANON" , SAMR_CONNECT_ANON , api_samr_connect_anon },
{"SAMR_ENUM_DOMAINS" , SAMR_ENUM_DOMAINS , api_samr_enum_domains },
{"SAMR_ENUM_DOM_USERS" , SAMR_ENUM_DOM_USERS , api_samr_enum_dom_users },
-
+
{"SAMR_ENUM_DOM_GROUPS" , SAMR_ENUM_DOM_GROUPS , api_samr_enum_dom_groups },
{"SAMR_ENUM_DOM_ALIASES" , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
{"SAMR_QUERY_USERALIASES" , SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
@@ -940,7 +940,7 @@ static struct api_struct api_samr_cmds [] =
{"SAMR_DEL_ALIASMEM" , SAMR_DEL_ALIASMEM , api_samr_del_aliasmem },
{"SAMR_ADD_GROUPMEM" , SAMR_ADD_GROUPMEM , api_samr_add_groupmem },
{"SAMR_DEL_GROUPMEM" , SAMR_DEL_GROUPMEM , api_samr_del_groupmem },
-
+
{"SAMR_DELETE_DOM_USER" , SAMR_DELETE_DOM_USER , api_samr_delete_dom_user },
{"SAMR_DELETE_DOM_GROUP" , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group },
{"SAMR_DELETE_DOM_ALIAS" , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias },
@@ -951,13 +951,13 @@ static struct api_struct api_samr_cmds [] =
{"SAMR_QUERY_USERINFO" , SAMR_QUERY_USERINFO , api_samr_query_userinfo },
{"SAMR_SET_USERINFO" , SAMR_SET_USERINFO , api_samr_set_userinfo },
{"SAMR_SET_USERINFO2" , SAMR_SET_USERINFO2 , api_samr_set_userinfo2 },
-
+
{"SAMR_QUERY_DOMAIN_INFO" , SAMR_QUERY_DOMAIN_INFO, api_samr_query_domain_info},
{"SAMR_QUERY_USERGROUPS" , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
{"SAMR_QUERY_DISPINFO" , SAMR_QUERY_DISPINFO , api_samr_query_dispinfo },
{"SAMR_QUERY_DISPINFO3" , SAMR_QUERY_DISPINFO3 , api_samr_query_dispinfo },
{"SAMR_QUERY_DISPINFO4" , SAMR_QUERY_DISPINFO4 , api_samr_query_dispinfo },
-
+
{"SAMR_QUERY_ALIASINFO" , SAMR_QUERY_ALIASINFO , api_samr_query_aliasinfo },
{"SAMR_QUERY_GROUPINFO" , SAMR_QUERY_GROUPINFO , api_samr_query_groupinfo },
{"SAMR_SET_GROUPINFO" , SAMR_SET_GROUPINFO , api_samr_set_groupinfo },
@@ -971,7 +971,7 @@ static struct api_struct api_samr_cmds [] =
{"SAMR_OPEN_DOMAIN" , SAMR_OPEN_DOMAIN , api_samr_open_domain },
{"SAMR_REMOVE_SID_FOREIGN_DOMAIN" , SAMR_REMOVE_SID_FOREIGN_DOMAIN , api_samr_remove_sid_foreign_domain },
{"SAMR_LOOKUP_DOMAIN" , SAMR_LOOKUP_DOMAIN , api_samr_lookup_domain },
-
+
{"SAMR_QUERY_SEC_OBJECT" , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj },
{"SAMR_SET_SEC_OBJECT" , SAMR_SET_SEC_OBJECT , api_samr_set_sec_obj },
{"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo},
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 0c9547e..586d222 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -125,12 +125,12 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
/* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
init_sec_access(&mask, map->generic_all);
-
+
init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
/* Add Full Access for Domain Admins if we are a DC */
-
+
if ( IS_DC ) {
sid_copy( &domadmin_sid, get_global_sam_sid() );
sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
@@ -162,57 +162,57 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
level of access for further checks.
********************************************************************/
-static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
+static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
SE_PRIV *rights, uint32 rights_mask,
- uint32 des_access, uint32 *acc_granted,
+ uint32 des_access, uint32 *acc_granted,
const char *debug )
{
NTSTATUS status = NT_STATUS_ACCESS_DENIED;
uint32 saved_mask = 0;
- /* check privileges; certain SAM access bits should be overridden
- by privileges (mostly having to do with creating/modifying/deleting
+ /* check privileges; certain SAM access bits should be overridden
+ by privileges (mostly having to do with creating/modifying/deleting
users and groups) */
-
+
if ( rights && user_has_any_privilege( token, rights ) ) {
-
+
saved_mask = (des_access & rights_mask);
des_access &= ~saved_mask;
-
+
DEBUG(4,("access_check_samr_object: user rights access mask [0x%x]\n",
rights_mask));
}
-
-
+
+
/* check the security descriptor first */
-
+
if ( se_access_check(psd, token, des_access, acc_granted, &status) )
goto done;
-
+
/* give root a free pass */
-
+
if ( geteuid() == sec_initial_uid() ) {
-
+
DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access));
DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n"));
-
+
*acc_granted = des_access;
-
+
status = NT_STATUS_OK;
goto done;
}
-
-
+
+
done:
- /* add in any bits saved during the privilege check (only
+ /* add in any bits saved during the privilege check (only
matters is status is ok) */
-
+
*acc_granted |= rights_mask;
- DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
- debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
+ DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
+ debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
des_access, *acc_granted));
-
+
return status;
}
@@ -222,28 +222,28 @@ done:
static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
{
- DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n",
+ DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
/* check the security descriptor first */
-
+
if ( (acc_granted&acc_required) == acc_required )
return NT_STATUS_OK;
-
+
/* give root a free pass */
if (geteuid() == sec_initial_uid()) {
-
+
DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
DEBUGADD(4,("but overwritten by euid == 0\n"));
-
+
return NT_STATUS_OK;
}
-
- DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n",
+
+ DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n",
debug, acc_granted, acc_required));
-
+
return NT_STATUS_ACCESS_DENIED;
}
@@ -278,7 +278,7 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
/* There are two cases to consider here:
1) The SID is a domain SID and we look for an equality match, or
- 2) This is an account SID and so we return the DISP_INFO* for our
+ 2) This is an account SID and so we return the DISP_INFO* for our
domain */
if (psid == NULL) {
@@ -293,7 +293,7 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
return &builtin_dispinfo;
}
-
+
if (sid_check_is_domain(psid) || sid_check_is_in_our_domain(psid)) {
/*
* Necessary only once, but it does not really hurt.
@@ -315,7 +315,7 @@ static struct samr_info *get_samr_info_by_sid(DOM_SID *psid)
struct samr_info *info;
fstring sid_str;
TALLOC_CTX *mem_ctx;
-
+
if (psid) {
sid_to_fstring(sid_str, psid);
} else {
@@ -465,7 +465,7 @@ static void force_flush_samr_cache(DISP_INFO *disp_info)
static void samr_clear_sam_passwd(struct samu *sam_pass)
{
-
+
if (!sam_pass)
return;
@@ -573,28 +573,28 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p,
SE_PRIV se_rights;
/* find the connection policy handle. */
-
+
if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
return NT_STATUS_INVALID_HANDLE;
- status = access_check_samr_function( info->acc_granted,
+ status = access_check_samr_function( info->acc_granted,
SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_OpenDomain" );
-
+
if ( !NT_STATUS_IS_OK(status) )
return status;
/*check if access can be granted as requested by client. */
-
+
make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
se_map_generic( &des_access, &dom_generic_mapping );
-
+
se_priv_copy( &se_rights, &se_machine_account );
se_priv_add( &se_rights, &se_add_users );
- status = access_check_samr_object( psd, p->pipe_user.nt_user_token,
- &se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
+ status = access_check_samr_object( psd, p->pipe_user.nt_user_token,
+ &se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
&acc_granted, "_samr_OpenDomain" );
-
+
if ( !NT_STATUS_IS_OK(status) )
return status;
@@ -648,7 +648,7 @@ NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
/*******************************************************************
********************************************************************/
-static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
+static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
DOM_SID *sid, uint32 *acc_granted,
DISP_INFO **ppdisp_info)
{
@@ -706,9 +706,9 @@ NTSTATUS _samr_SetSecurity(pipes_struct *p,
dacl = r->in.sdbuf->sd->dacl;
for (i=0; i < dacl->num_aces; i++) {
if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
- ret = pdb_set_pass_can_change(sampass,
- (dacl->aces[i].access_mask &
- SA_RIGHT_USER_CHANGE_PASSWORD) ?
+ ret = pdb_set_pass_can_change(sampass,
+ (dacl->aces[i].access_mask &
+ SA_RIGHT_USER_CHANGE_PASSWORD) ?
True: False);
break;
}
@@ -791,7 +791,7 @@ NTSTATUS _samr_QuerySecurity(pipes_struct *p,
if (pol_sid.sid_rev_num == 0) {
DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
- } else if (sid_equal(&pol_sid,get_global_sam_sid())) {
+ } else if (sid_equal(&pol_sid,get_global_sam_sid())) {
/* check if it is our domain SID */
DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
"with SID: %s\n", sid_string_dbg(&pol_sid)));
@@ -837,7 +837,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
uint32 i;
SAM_ENTRY *sam;
UNISTR2 *uni_name;
-
+
*sam_pp = NULL;
*uni_name_pp = NULL;
@@ -880,7 +880,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
samr_reply_enum_dom_users
********************************************************************/
-NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
+NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
SAMR_R_ENUM_DOM_USERS *r_u)
{
struct samr_info *info = NULL;
@@ -890,19 +890,19 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
uint32 max_entries = max_sam_entries;
struct samr_displayentry *entries = NULL;
-
+
r_u->status = NT_STATUS_OK;
/* find the policy handle. open a policy on it. */
if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
return NT_STATUS_INVALID_HANDLE;
- if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted,
- SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+ if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted,
+ SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
"_samr_enum_dom_users"))) {
return r_u->status;
}
-
+
DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
if (info->builtin_domain) {
@@ -949,7 +949,7 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
}
r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam,
- &r_u->uni_acct_name,
+ &r_u->uni_acct_name,
num_account, enum_context,
entries);
@@ -1062,7 +1062,7 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM
num_groups = pdb_search_entries(info->disp_info->groups, q_u->start_idx,
MAX_SAM_ENTRIES, &groups);
unbecome_root();
-
+
/* Ensure we cache this enumeration. */
set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
@@ -1112,7 +1112,7 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
num_aliases = pdb_search_entries(info->disp_info->aliases, q_u->start_idx,
MAX_SAM_ENTRIES, &aliases);
unbecome_root();
-
+
/* Ensure we cache this enumeration. */
set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
@@ -1131,12 +1131,12 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
samr_reply_query_dispinfo
********************************************************************/
-NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
+NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
SAMR_R_QUERY_DISPINFO *r_u)
{
struct samr_info *info = NULL;
uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
-
+
uint32 max_entries=q_u->max_entries;
uint32 enum_context=q_u->start_idx;
uint32 max_size=q_u->max_size;
@@ -1158,7 +1158,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
/*
* calculate how many entries we will return.
- * based on
+ * based on
* - the number of entries the client asked
* - our limit on that
* - the starting point (enumeration context)
@@ -1202,7 +1202,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
* return */
temp_size=max_entries*struct_size;
-
+
if (temp_size>max_size) {
max_entries=MIN((max_size/struct_size),max_entries);;
DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to "
@@ -1365,11 +1365,11 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
become_root();
status = pdb_get_aliasinfo(&sid, &info);
unbecome_root();
-
+
if ( !NT_STATUS_IS_OK(status))
return status;
- if ( !(r_u->ctr = TALLOC_ZERO_P( p->mem_ctx, ALIAS_INFO_CTR )) )
+ if ( !(r_u->ctr = TALLOC_ZERO_P( p->mem_ctx, ALIAS_INFO_CTR )) )
return NT_STATUS_NO_MEMORY;
@@ -1475,7 +1475,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH);
return r_u->status;
}
-
+
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */
return r_u->status;
}
@@ -1487,7 +1487,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO
DEBUG(5,("_samr_lookup_names: looking name on SID %s\n",
sid_string_dbg(&pol_sid)));
-
+
for (i = 0; i < num_rids; i++) {
fstring name;
int ret;
@@ -1545,11 +1545,11 @@ NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
* Pass the user through the NT -> unix user mapping
* function.
*/
-
+
(void)map_username(user_name);
-
+
/*
--
Samba Shared Repository
More information about the samba-cvs
mailing list