[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-2864-g7d8d60b
Günther Deschner
gd at samba.org
Tue Jun 17 08:49:25 GMT 2008
The branch, v3-3-test has been updated
via 7d8d60bcbae79f3cdd55b27217145ffbd19f161d (commit)
via eb4232fec05cd87ea85a781b84a3fbe85f469703 (commit)
via e0843e631e379645296a5fe34dfc83bc265ebef3 (commit)
via 1d5758ec3a5160e5649242c42f6e4a7b39eb6199 (commit)
via b3b6af0a3e25fab0a14c9c802dbabd3d03448ebe (commit)
from 4394235378f85ccb911d662d95f1545a14240bdf (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 7d8d60bcbae79f3cdd55b27217145ffbd19f161d
Author: Günther Deschner <gd at samba.org>
Date: Tue Jun 17 10:38:07 2008 +0200
net_vampire: fix samsync_process_database().
Turns out the password hashes are not rid encrypted in the samsync reply.
Guenther
commit eb4232fec05cd87ea85a781b84a3fbe85f469703
Author: Günther Deschner <gd at samba.org>
Date: Tue Jun 17 10:36:53 2008 +0200
net_vampire: fix build warning.
Guenther
commit e0843e631e379645296a5fe34dfc83bc265ebef3
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 16 13:49:05 2008 +0200
net_vampire: use generic output filename and use correct argv element.
Guenther
commit 1d5758ec3a5160e5649242c42f6e4a7b39eb6199
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 16 12:37:57 2008 +0200
net_vampire: move ldif code out of net_rpc_samsync.c
Guenther
commit b3b6af0a3e25fab0a14c9c802dbabd3d03448ebe
Author: Günther Deschner <gd at samba.org>
Date: Mon Jun 16 12:09:08 2008 +0200
net_vampire: move some samsync functions to libnet.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source/Makefile.in | 1 +
source/libnet/libnet.h | 1 +
source/libnet/libnet_proto.h | 9 +-
source/libnet/libnet_samsync.c | 165 +++-
.../{include/ads_dns.h => libnet/libnet_samsync.h} | 62 +-
source/libnet/libnet_samsync_ldif.c | 1209 ++++++++++++++++++
source/utils/net.h | 43 -
source/utils/net_rpc_samsync.c | 1316 +-------------------
8 files changed, 1407 insertions(+), 1399 deletions(-)
copy source/{include/ads_dns.h => libnet/libnet_samsync.h} (50%)
create mode 100644 source/libnet/libnet_samsync_ldif.c
Changeset truncated at 500 lines:
diff --git a/source/Makefile.in b/source/Makefile.in
index 3eb1142..b61dcdb 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -893,6 +893,7 @@ SMBCONFTORT_OBJ = $(SMBCONFTORT_OBJ0) \
LIBNET_OBJ = libnet/libnet_join.o \
libnet/libnet_samsync.o \
+ libnet/libnet_samsync_ldif.o \
librpc/gen_ndr/ndr_libnet_join.o
NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
diff --git a/source/libnet/libnet.h b/source/libnet/libnet.h
index 6768b94..2b5e60b 100644
--- a/source/libnet/libnet.h
+++ b/source/libnet/libnet.h
@@ -20,6 +20,7 @@
#ifndef __LIBNET_H__
#define __LIBNET_H__
+#include "libnet/libnet_samsync.h"
#include "librpc/gen_ndr/libnet_join.h"
#include "libnet/libnet_proto.h"
diff --git a/source/libnet/libnet_proto.h b/source/libnet/libnet_proto.h
index 52382e9..eeb4a72 100644
--- a/source/libnet/libnet_proto.h
+++ b/source/libnet/libnet_proto.h
@@ -50,5 +50,12 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
bool rid_crypt,
enum netr_SamDatabaseID database_id,
struct netr_DELTA_ENUM_ARRAY *r);
-
+NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *domain_sid,
+ enum net_samsync_mode mode,
+ struct samsync_context **ctx_p);
+NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd,
+ enum netr_SamDatabaseID database_id,
+ samsync_fn_t callback_fn,
+ struct samsync_context *ctx);
#endif /* _LIBNET_PROTO_H_ */
diff --git a/source/libnet/libnet_samsync.c b/source/libnet/libnet_samsync.c
index e45a845..3c6a87a 100644
--- a/source/libnet/libnet_samsync.c
+++ b/source/libnet/libnet_samsync.c
@@ -22,6 +22,7 @@
#include "includes.h"
+#include "libnet/libnet_samsync.h"
/**
* Decrypt and extract the user's passwords.
@@ -41,7 +42,6 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx,
struct netr_DELTA_USER *user = delta->delta_union.user;
struct samr_Password lm_hash;
struct samr_Password nt_hash;
- const char *username = user->account_name.string;
if (rid_crypt) {
if (user->lm_password_present) {
@@ -186,3 +186,166 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+
+/**
+ * samsync_init_context
+ */
+
+NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *domain_sid,
+ enum net_samsync_mode mode,
+ struct samsync_context **ctx_p)
+{
+ struct samsync_context *ctx;
+
+ *ctx_p = NULL;
+
+ ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context);
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ ctx->mode = mode;
+
+ if (domain_sid) {
+ ctx->domain_sid = sid_dup_talloc(mem_ctx, domain_sid);
+ NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid);
+
+ ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid);
+ NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str);
+ }
+
+ *ctx_p = ctx;
+
+ return NT_STATUS_OK;
+}
+
+/**
+ * samsync_debug_str
+ */
+
+static const char *samsync_debug_str(TALLOC_CTX *mem_ctx,
+ enum net_samsync_mode mode,
+ enum netr_SamDatabaseID database_id)
+{
+ const char *action = NULL;
+ const char *str = NULL;
+
+ switch (mode) {
+ case NET_SAMSYNC_MODE_DUMP:
+ action = "Dumping (to stdout)";
+ break;
+ case NET_SAMSYNC_MODE_FETCH_PASSDB:
+ action = "Fetching (to passdb)";
+ break;
+ case NET_SAMSYNC_MODE_FETCH_LDIF:
+ action = "Fetching (to ldif)";
+ break;
+ default:
+ action = "Unknown";
+ break;
+ }
+
+ switch (database_id) {
+ case SAM_DATABASE_DOMAIN:
+ str = talloc_asprintf(mem_ctx, "%s DOMAIN database",
+ action);
+ break;
+ case SAM_DATABASE_BUILTIN:
+ str = talloc_asprintf(mem_ctx, "%s BUILTIN database",
+ action);
+ break;
+ case SAM_DATABASE_PRIVS:
+ str = talloc_asprintf(mem_ctx, "%s PRIVS database",
+ action);
+ break;
+ default:
+ str = talloc_asprintf(mem_ctx, "%s unknown database type %u",
+ action, database_id);
+ break;
+ }
+
+ return str;
+}
+
+/**
+ * samsync_process_database
+ */
+
+NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd,
+ enum netr_SamDatabaseID database_id,
+ samsync_fn_t callback_fn,
+ struct samsync_context *ctx)
+{
+ NTSTATUS result;
+ TALLOC_CTX *mem_ctx;
+ const char *logon_server = pipe_hnd->desthost;
+ const char *computername = global_myname();
+ struct netr_Authenticator credential;
+ struct netr_Authenticator return_authenticator;
+ uint16_t restart_state = 0;
+ uint32_t sync_context = 0;
+ const char *debug_str;
+ DATA_BLOB session_key;
+
+ ZERO_STRUCT(return_authenticator);
+
+ if (!(mem_ctx = talloc_init("samsync_process_database"))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id);
+ if (debug_str) {
+ d_fprintf(stderr, "%s\n", debug_str);
+ }
+
+ do {
+ struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+
+ netlogon_creds_client_step(pipe_hnd->dc, &credential);
+
+ result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx,
+ logon_server,
+ computername,
+ &credential,
+ &return_authenticator,
+ database_id,
+ restart_state,
+ &sync_context,
+ &delta_enum_array,
+ 0xffff);
+ if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) {
+ return result;
+ }
+
+ /* Check returned credentials. */
+ if (!netlogon_creds_client_check(pipe_hnd->dc,
+ &return_authenticator.cred)) {
+ DEBUG(0,("credentials chain check failed\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (NT_STATUS_IS_ERR(result)) {
+ break;
+ }
+
+ session_key = data_blob_const(pipe_hnd->dc->sess_key, 16);
+
+ samsync_fix_delta_array(mem_ctx,
+ &session_key,
+ false,
+ database_id,
+ delta_enum_array);
+
+ /* Process results */
+ callback_fn(mem_ctx, database_id, delta_enum_array, result, ctx);
+
+ TALLOC_FREE(delta_enum_array);
+
+ /* Increment sync_context */
+ sync_context += 1;
+
+ } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+
+ talloc_destroy(mem_ctx);
+
+ return result;
+}
diff --git a/source/include/ads_dns.h b/source/libnet/libnet_samsync.h
similarity index 50%
copy from source/include/ads_dns.h
copy to source/libnet/libnet_samsync.h
index 24805f8..38ef9c5 100644
--- a/source/include/ads_dns.h
+++ b/source/libnet/libnet_samsync.h
@@ -1,7 +1,7 @@
/*
* Unix SMB/CIFS implementation.
- * Internal DNS query structures
- * Copyright (C) Gerald Carter 2006.
+ * libnet Support
+ * Copyright (C) Guenther Deschner 2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -17,45 +17,29 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _ADS_DNS_H
-#define _ADS_DNS_H
-/* DNS query section in replies */
-
-struct dns_query {
- const char *hostname;
- uint16 type;
- uint16 in_class;
+enum net_samsync_mode {
+ NET_SAMSYNC_MODE_FETCH_PASSDB = 0,
+ NET_SAMSYNC_MODE_FETCH_LDIF = 1,
+ NET_SAMSYNC_MODE_DUMP = 2
};
-/* DNS RR record in reply */
-
-struct dns_rr {
- const char *hostname;
- uint16 type;
- uint16 in_class;
- uint32 ttl;
- uint16 rdatalen;
- uint8 *rdata;
-};
-
-/* SRV records */
-
-struct dns_rr_srv {
- const char *hostname;
- uint16 priority;
- uint16 weight;
- uint16 port;
- size_t num_ips;
- struct sockaddr_storage *ss_s; /* support multi-homed hosts */
+struct samsync_context {
+ enum net_samsync_mode mode;
+ const struct dom_sid *domain_sid;
+ const char *domain_sid_str;
+ const char *output_filename;
+ void *private_data;
};
-/* NS records */
-
-struct dns_rr_ns {
- const char *hostname;
- struct sockaddr_storage ss;
-};
-
-
-#endif /* _ADS_DNS_H */
+typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *,
+ enum netr_SamDatabaseID,
+ struct netr_DELTA_ENUM_ARRAY *,
+ NTSTATUS,
+ struct samsync_context *);
+
+NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
+ enum netr_SamDatabaseID database_id,
+ struct netr_DELTA_ENUM_ARRAY *r,
+ NTSTATUS result,
+ struct samsync_context *ctx);
diff --git a/source/libnet/libnet_samsync_ldif.c b/source/libnet/libnet_samsync_ldif.c
new file mode 100644
index 0000000..86de2ab
--- /dev/null
+++ b/source/libnet/libnet_samsync_ldif.c
@@ -0,0 +1,1209 @@
+/*
+ Unix SMB/CIFS implementation.
+ dump the remote SAM using rpc samsync operations
+
+ Copyright (C) Andrew Tridgell 2002
+ Copyright (C) Tim Potter 2001,2002
+ Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2005
+ Modified by Volker Lendecke 2002
+ Copyright (C) Jeremy Allison 2005.
+ Copyright (C) Guenther Deschner 2008.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "utils/net.h"
+
+/* uid's and gid's for writing deltas to ldif */
+static uint32 ldif_gid = 999;
+static uint32 ldif_uid = 999;
+
+/* Structure for mapping accounts to groups */
+/* Array element is the group rid */
+typedef struct _groupmap {
+ uint32_t rid;
+ uint32_t gidNumber;
+ const char *sambaSID;
+ const char *group_dn;
+} GROUPMAP;
+
+typedef struct _accountmap {
+ uint32_t rid;
+ const char *cn;
+} ACCOUNTMAP;
+
+struct samsync_ldif_context {
+ GROUPMAP *groupmap;
+ ACCOUNTMAP *accountmap;
+ bool initialized;
+ const char *add_template;
+ const char *mod_template;
+ char *add_name;
+ char *mod_name;
+ FILE *add_file;
+ FILE *mod_file;
+ FILE *ldif_file;
+ const char *suffix;
+ int num_alloced;
+};
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS populate_ldap_for_ldif(const char *sid,
+ const char *suffix,
+ const char *builtin_sid,
+ FILE *add_fd)
+{
+ const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix;
+ char *user_attr=NULL, *group_attr=NULL;
+ char *suffix_attr;
+ int len;
+
+ /* Get the suffix attribute */
+ suffix_attr = sstring_sub(suffix, '=', ',');
+ if (suffix_attr == NULL) {
+ len = strlen(suffix);
+ suffix_attr = (char*)SMB_MALLOC(len+1);
+ memcpy(suffix_attr, suffix, len);
+ suffix_attr[len] = '\0';
+ }
+
+ /* Write the base */
+ fprintf(add_fd, "# %s\n", suffix);
+ fprintf(add_fd, "dn: %s\n", suffix);
+ fprintf(add_fd, "objectClass: dcObject\n");
+ fprintf(add_fd, "objectClass: organization\n");
+ fprintf(add_fd, "o: %s\n", suffix_attr);
+ fprintf(add_fd, "dc: %s\n", suffix_attr);
+ fprintf(add_fd, "\n");
+ fflush(add_fd);
+
+ user_suffix = lp_ldap_user_suffix();
+ if (user_suffix == NULL) {
+ SAFE_FREE(suffix_attr);
+ return NT_STATUS_NO_MEMORY;
+ }
+ /* If it exists and is distinct from other containers,
+ Write the Users entity */
+ if (*user_suffix && strcmp(user_suffix, suffix)) {
+ user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ',');
+ fprintf(add_fd, "# %s\n", user_suffix);
+ fprintf(add_fd, "dn: %s\n", user_suffix);
+ fprintf(add_fd, "objectClass: organizationalUnit\n");
+ fprintf(add_fd, "ou: %s\n", user_attr);
+ fprintf(add_fd, "\n");
+ fflush(add_fd);
+ }
+
+
+ group_suffix = lp_ldap_group_suffix();
+ if (group_suffix == NULL) {
+ SAFE_FREE(suffix_attr);
+ SAFE_FREE(user_attr);
+ return NT_STATUS_NO_MEMORY;
+ }
+ /* If it exists and is distinct from other containers,
+ Write the Groups entity */
+ if (*group_suffix && strcmp(group_suffix, suffix)) {
+ group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ',');
+ fprintf(add_fd, "# %s\n", group_suffix);
+ fprintf(add_fd, "dn: %s\n", group_suffix);
+ fprintf(add_fd, "objectClass: organizationalUnit\n");
+ fprintf(add_fd, "ou: %s\n", group_attr);
+ fprintf(add_fd, "\n");
+ fflush(add_fd);
+ }
+
+ /* If it exists and is distinct from other containers,
+ Write the Computers entity */
+ machine_suffix = lp_ldap_machine_suffix();
+ if (machine_suffix == NULL) {
+ SAFE_FREE(suffix_attr);
+ SAFE_FREE(user_attr);
+ SAFE_FREE(group_attr);
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (*machine_suffix && strcmp(machine_suffix, user_suffix) &&
+ strcmp(machine_suffix, suffix)) {
+ char *machine_ou = NULL;
+ fprintf(add_fd, "# %s\n", machine_suffix);
+ fprintf(add_fd, "dn: %s\n", machine_suffix);
+ fprintf(add_fd, "objectClass: organizationalUnit\n");
+ /* this isn't totally correct as it assumes that
+ there _must_ be an ou. just fixing memleak now. jmcd */
+ machine_ou = sstring_sub(lp_ldap_machine_suffix(), '=', ',');
+ fprintf(add_fd, "ou: %s\n", machine_ou);
+ SAFE_FREE(machine_ou);
+ fprintf(add_fd, "\n");
+ fflush(add_fd);
+ }
+
+ /* If it exists and is distinct from other containers,
+ Write the IdMap entity */
+ idmap_suffix = lp_ldap_idmap_suffix();
+ if (idmap_suffix == NULL) {
+ SAFE_FREE(suffix_attr);
+ SAFE_FREE(user_attr);
+ SAFE_FREE(group_attr);
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (*idmap_suffix &&
+ strcmp(idmap_suffix, user_suffix) &&
+ strcmp(idmap_suffix, suffix)) {
+ char *s;
+ fprintf(add_fd, "# %s\n", idmap_suffix);
+ fprintf(add_fd, "dn: %s\n", idmap_suffix);
+ fprintf(add_fd, "ObjectClass: organizationalUnit\n");
+ s = sstring_sub(lp_ldap_idmap_suffix(), '=', ',');
+ fprintf(add_fd, "ou: %s\n", s);
+ SAFE_FREE(s);
+ fprintf(add_fd, "\n");
+ fflush(add_fd);
+ }
+
+ /* Write the domain entity */
+ fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix);
+ fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(),
+ suffix);
+ fprintf(add_fd, "objectClass: sambaDomain\n");
--
Samba Shared Repository
More information about the samba-cvs
mailing list