[SCM] Samba Shared Repository - branch master updated
Björn Baumbach
bbaumbach at samba.org
Thu Oct 11 11:41:02 UTC 2018
The branch, master has been updated
via ff3e2fa vfs_full_audit: ntimes: log a-, m-, c- and creation-time
via b773be3 dns update: add missing newline in error debug message
via e578627 selftest: test samba-tool ntacl get/set on AD member server
via e54d4ff samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role
via 01ff09a s3/py_passdb: add get_domain_sid() to get domain sid from secrets database
via 38fe315 samba-tool ntacl: pass system session to get/set-ntacl functions
via bc8d0d5 pysmbd: handle file not found error
via ab558fa pysmbd: add option to pass a session info to set_nt_acl() function
via 6f08cb6 s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()
via f3b7ba1 s4-auth: allow to create unix token from system session info
via 29e757a s4-auth: fetch possible out of memory error
via 29af2df s4-auth: use TALLOC_FREE() shortcut
via 9a44be6 s4-auth: fix a typo in a comment
via ea38be4 python: Add samba.auth.copy_session_info()
via 96b5bf1 auth: move copy_session_info() from source3 into the global auth context
from 31daab8 vfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ff3e2fa84f1c083d4eaa057c8f0ba518ff1fe086
Author: Björn Baumbach <bb at sernet.de>
Date: Thu Sep 27 10:32:37 2018 +0200
vfs_full_audit: ntimes: log a-, m-, c- and creation-time
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Björn Baumbach <bb at sernet.de>
Autobuild-Date(master): Thu Oct 11 13:40:27 CEST 2018 on sn-devel-144
commit b773be3371ef9014511b58951986f92f59bd6975
Author: Björn Baumbach <bb at sernet.de>
Date: Fri Aug 31 16:12:34 2018 +0200
dns update: add missing newline in error debug message
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit e57862760ea71792856222b6754d3b251ff44581
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Sep 19 16:36:45 2018 +0200
selftest: test samba-tool ntacl get/set on AD member server
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit e54d4ffbaa3fb1ab9e80d4d107bf2a4d9c3d2d8f
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 16:32:50 2018 +0200
samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role
Can be used to get and apply NT-ACLs on Samba member servers.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 01ff09adccc88367e807bbf5d5e8cd2eae6a38b0
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 16:30:53 2018 +0200
s3/py_passdb: add get_domain_sid() to get domain sid from secrets database
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 38fe315bcf7c20ae00f2b1ad5e497a8d1046850d
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 16:20:49 2018 +0200
samba-tool ntacl: pass system session to get/set-ntacl functions
The filled session is needed in different vfs modules.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit bc8d0d51602831976d426aee53e9ab83a6813497
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Sep 19 16:52:54 2018 +0200
pysmbd: handle file not found error
Avoid PANIC: internal error
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit ab558fa14c296b90f182ea4f53b2fb410d851837
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 15:29:58 2018 +0200
pysmbd: add option to pass a session info to set_nt_acl() function
A filled session info is needed by some vfs modules, e.g. full_audit.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 6f08cb6693b744bfd8cbf66415957baabd07ec3a
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 25 13:16:15 2018 +0200
s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()
With this patch the auth_session_info_fill_unix() uses the "unix_name"
from the session_info->unix_info if no original_user_name was specified.
This is used to process a system session info where no original_user_name
is given.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit f3b7ba1746a33d058901dd8274953e6c5379e2b1
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 25 13:11:09 2018 +0200
s4-auth: allow to create unix token from system session info
Without this patch security_token_to_unix_token() fails with
NT_STATUS_ACCESS_DENIED, because the system session does only
have one SID.
For a typical token are at least two or more SIDs expected.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 29e757aca23933c52f9420d2cffbe5be17cf585d
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 14:46:03 2018 +0200
s4-auth: fetch possible out of memory error
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 29af2df4e138b4088532e898a152bacfd3a2c830
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 14:45:05 2018 +0200
s4-auth: use TALLOC_FREE() shortcut
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 9a44be636e3f5ac02c8683ff483cbf924e8bf340
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 14:43:33 2018 +0200
s4-auth: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit ea38be487e64dcdac65f7080ac86f9e0699432b9
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Sep 4 14:37:41 2018 +0200
python: Add samba.auth.copy_session_info()
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 96b5bf1370fc7975e766dccb1ad70aa57f1d9c6a
Author: Björn Baumbach <bb at sernet.de>
Date: Thu Aug 30 16:33:25 2018 +0200
auth: move copy_session_info() from source3 into the global auth context
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/auth_util.c | 68 ++++++++++++++++++
lib/util/util_str_escape.h => auth/auth_util.h | 14 ++--
auth/wscript_build | 16 ++++-
python/samba/netcmd/ntacl.py | 98 +++++++++++++++++++-------
python/samba/ntacls.py | 13 +++-
source3/auth/auth_util.c | 39 +---------
source3/auth/proto.h | 2 -
source3/auth/wscript_build | 2 +-
source3/modules/vfs_full_audit.c | 35 ++++++++-
source3/passdb/py_passdb.c | 28 ++++++++
source3/rpc_server/rpc_ncacn_np.c | 1 +
source3/smbd/msdfs.c | 1 +
source3/smbd/pysmbd.c | 55 +++++++++++++--
source3/smbd/service.c | 1 +
source3/smbd/uid.c | 1 +
source4/auth/pyauth.c | 59 ++++++++++++++++
source4/auth/system_session.c | 12 ++--
source4/auth/unix_token.c | 19 +++++
source4/dsdb/dns/dns_update.c | 3 +-
source4/selftest/tests.py | 1 +
testprogs/blackbox/test_samba-tool_ntacl.sh | 68 ++++++++++++++++++
21 files changed, 444 insertions(+), 92 deletions(-)
create mode 100644 auth/auth_util.c
copy lib/util/util_str_escape.h => auth/auth_util.h (79%)
create mode 100755 testprogs/blackbox/test_samba-tool_ntacl.sh
Changeset truncated at 500 lines:
diff --git a/auth/auth_util.c b/auth/auth_util.c
new file mode 100644
index 0000000..f3586f1
--- /dev/null
+++ b/auth/auth_util.c
@@ -0,0 +1,68 @@
+/*
+ Unix SMB/CIFS implementation.
+ Authentication utility functions
+
+ Copyright (C) Andrew Bartlett <abartlet at samba.org> 2017
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_auth.h"
+#include "auth_util.h"
+
+struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
+ const struct auth_session_info *src)
+{
+ struct auth_session_info *dst;
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_push_struct_blob(
+ &blob,
+ talloc_tos(),
+ src,
+ (ndr_push_flags_fn_t)ndr_push_auth_session_info);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DBG_ERR("copy_session_info(): ndr_push_auth_session_info "
+ "failed: %s\n",
+ ndr_errstr(ndr_err));
+ return NULL;
+ }
+
+ dst = talloc(mem_ctx, struct auth_session_info);
+ if (dst == NULL) {
+ DBG_ERR("talloc failed\n");
+ TALLOC_FREE(blob.data);
+ return NULL;
+ }
+
+ ndr_err = ndr_pull_struct_blob(
+ &blob,
+ dst,
+ dst,
+ (ndr_pull_flags_fn_t)ndr_pull_auth_session_info);
+ TALLOC_FREE(blob.data);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DBG_ERR("copy_session_info(): ndr_pull_auth_session_info "
+ "failed: %s\n",
+ ndr_errstr(ndr_err));
+ TALLOC_FREE(dst);
+ return NULL;
+ }
+
+ return dst;
+}
diff --git a/lib/util/util_str_escape.h b/auth/auth_util.h
similarity index 79%
copy from lib/util/util_str_escape.h
copy to auth/auth_util.h
index 0b4c596..1037cb8 100644
--- a/lib/util/util_str_escape.h
+++ b/auth/auth_util.h
@@ -1,5 +1,6 @@
/*
- Samba string escaping routines
+ Unix SMB/CIFS implementation.
+ Authentication utility functions
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2017
@@ -17,11 +18,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _SAMBA_UTIL_STR_ESCAPE_H
-#define _SAMBA_UTIL_STR_ESCAPE_H
-
-#include <talloc.h>
-
-char *log_escape(TALLOC_CTX *frame, const char *in);
-
-#endif
+struct auth_session_info *copy_session_info(
+ TALLOC_CTX *mem_ctx,
+ const struct auth_session_info *src);
diff --git a/auth/wscript_build b/auth/wscript_build
index e2e3d21..a8b0e6c 100644
--- a/auth/wscript_build
+++ b/auth/wscript_build
@@ -1,8 +1,20 @@
#!/usr/bin/env python
bld.SAMBA_LIBRARY('common_auth',
- source='auth_sam_reply.c wbc_auth_util.c auth_log.c',
- deps='talloc samba-security samba-util util_str_escape LIBTSOCKET audit_logging jansson MESSAGING_SEND server_id_db ',
+ source='''auth_sam_reply.c
+ wbc_auth_util.c
+ auth_log.c
+ auth_util.c''',
+ deps='''talloc
+ samba-security
+ samba-util
+ util_str_escape
+ LIBTSOCKET
+ audit_logging
+ jansson
+ MESSAGING_SEND
+ server_id_db
+ ndr-samba''',
private_library=True)
bld.RECURSE('gensec')
diff --git a/python/samba/netcmd/ntacl.py b/python/samba/netcmd/ntacl.py
index 0af07ff..323add7 100644
--- a/python/samba/netcmd/ntacl.py
+++ b/python/samba/netcmd/ntacl.py
@@ -29,7 +29,11 @@ from samba import provision
from ldb import SCOPE_BASE
import os
-from samba.auth import system_session
+from samba.auth import (
+ system_session,
+ session_info_fill_unix,
+ copy_session_info,
+)
from samba.netcmd import (
Command,
CommandError,
@@ -37,6 +41,12 @@ from samba.netcmd import (
Option,
)
+def system_session_unix():
+ session_info = system_session()
+ session_info_unix = copy_session_info(session_info)
+ session_info_fill_unix(session_info_unix, None)
+
+ return session_info_unix
class cmd_ntacl_set(Command):
"""Set ACLs on a file."""
@@ -67,28 +77,48 @@ class cmd_ntacl_set(Command):
service=None):
logger = self.get_logger()
lp = sambaopts.get_loadparm()
- try:
- samdb = SamDB(session_info=system_session(),
- lp=lp)
- except Exception as e:
- raise CommandError("Unable to open samdb:", e)
+
+ is_ad_dc = False
+ server_role = lp.server_role()
+ if server_role == "ROLE_ACTIVE_DIRECTORY_DC":
+ is_ad_dc = True
if not use_ntvfs and not use_s3fs:
use_ntvfs = "smb" in lp.get("server services")
elif use_s3fs:
use_ntvfs = False
- try:
- domain_sid = security.dom_sid(samdb.domain_sid)
- except:
- raise CommandError("Unable to read domain SID from configuration files")
-
s3conf = s3param.get_context()
s3conf.load(lp.configfile)
- # ensure we are using the right samba_dsdb passdb backend, no matter what
- s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url)
- setntacl(lp, file, acl, str(domain_sid), xattr_backend, eadb_file, use_ntvfs=use_ntvfs, service=service)
+ if is_ad_dc:
+ try:
+ samdb = SamDB(session_info=system_session(),
+ lp=lp)
+ except Exception as e:
+ raise CommandError("Unable to open samdb:", e)
+ # ensure we are using the right samba_dsdb passdb backend, no
+ # matter what
+ s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url)
+
+ try:
+ if is_ad_dc:
+ domain_sid = security.dom_sid(samdb.domain_sid)
+ else:
+ domain_sid = passdb.get_domain_sid()
+ except:
+ raise CommandError("Unable to read domain SID from configuration "
+ "files")
+
+ setntacl(lp,
+ file,
+ acl,
+ str(domain_sid),
+ xattr_backend,
+ eadb_file,
+ use_ntvfs=use_ntvfs,
+ service=service,
+ session_info=system_session_unix())
if use_ntvfs:
logger.warning("Please note that POSIX permissions have NOT been changed, only the stored NT ACL")
@@ -143,11 +173,11 @@ class cmd_ntacl_get(Command):
credopts=None, sambaopts=None, versionopts=None,
service=None):
lp = sambaopts.get_loadparm()
- try:
- samdb = SamDB(session_info=system_session(),
- lp=lp)
- except Exception as e:
- raise CommandError("Unable to open samdb:", e)
+
+ is_ad_dc = False
+ server_role = lp.server_role()
+ if server_role == "ROLE_ACTIVE_DIRECTORY_DC":
+ is_ad_dc = True
if not use_ntvfs and not use_s3fs:
use_ntvfs = "smb" in lp.get("server services")
@@ -156,15 +186,33 @@ class cmd_ntacl_get(Command):
s3conf = s3param.get_context()
s3conf.load(lp.configfile)
- # ensure we are using the right samba_dsdb passdb backend, no matter what
- s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url)
-
- acl = getntacl(lp, file, xattr_backend, eadb_file, direct_db_access=use_ntvfs, service=service)
+ if is_ad_dc:
+ try:
+ samdb = SamDB(session_info=system_session(),
+ lp=lp)
+ except Exception as e:
+ raise CommandError("Unable to open samdb:", e)
+
+ # ensure we are using the right samba_dsdb passdb backend, no
+ # matter what
+ s3conf.set("passdb backend", "samba_dsdb:%s" % samdb.url)
+
+ acl = getntacl(lp,
+ file,
+ xattr_backend,
+ eadb_file,
+ direct_db_access=use_ntvfs,
+ service=service,
+ session_info=system_session_unix())
if as_sddl:
try:
- domain_sid = security.dom_sid(samdb.domain_sid)
+ if is_ad_dc:
+ domain_sid = security.dom_sid(samdb.domain_sid)
+ else:
+ domain_sid = passdb.get_domain_sid()
except:
- raise CommandError("Unable to read domain SID from configuration files")
+ raise CommandError("Unable to read domain SID from "
+ "configuration files")
self.outf.write(acl.as_sddl(domain_sid) + "\n")
else:
self.outf.write(ndr_print(acl))
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 3ce27f3..838152a 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -93,7 +93,13 @@ def getdosinfo(lp, file):
return ndr_unpack(xattr.DOSATTRIB, attribute)
-def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True, service=None):
+def getntacl(lp,
+ file,
+ backend=None,
+ eadbfile=None,
+ direct_db_access=True,
+ service=None,
+ session_info=None):
if direct_db_access:
(backend_obj, dbname) = checkset_backend(lp, backend, eadbfile)
if dbname is not None:
@@ -119,7 +125,10 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True, servi
elif ntacl.version == 4:
return ntacl.info.sd
else:
- return smbd.get_nt_acl(file, SECURITY_SECINFO_FLAGS, service=service)
+ return smbd.get_nt_acl(file,
+ SECURITY_SECINFO_FLAGS,
+ service=service,
+ session_info=session_info)
def setntacl(lp, file, sddl, domsid,
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 24d1e37..7b0d69f 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -38,6 +38,7 @@
#include "../lib/tsocket/tsocket.h"
#include "rpc_client/util_netlogon.h"
#include "source4/auth/auth.h"
+#include "auth/auth_util.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -1674,44 +1675,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
return dst;
}
-struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
- const struct auth_session_info *src)
-{
- struct auth_session_info *dst;
- DATA_BLOB blob;
- enum ndr_err_code ndr_err;
-
- ndr_err = ndr_push_struct_blob(
- &blob, talloc_tos(), src,
- (ndr_push_flags_fn_t)ndr_push_auth_session_info);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(0, ("copy_session_info(): ndr_push_auth_session_info failed: "
- "%s\n", ndr_errstr(ndr_err)));
- return NULL;
- }
-
- dst = talloc(mem_ctx, struct auth_session_info);
- if (dst == NULL) {
- DEBUG(0, ("talloc failed\n"));
- TALLOC_FREE(blob.data);
- return NULL;
- }
-
- ndr_err = ndr_pull_struct_blob(
- &blob, dst, dst,
- (ndr_pull_flags_fn_t)ndr_pull_auth_session_info);
- TALLOC_FREE(blob.data);
-
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DEBUG(0, ("copy_session_info(): ndr_pull_auth_session_info failed: "
- "%s\n", ndr_errstr(ndr_err)));
- TALLOC_FREE(dst);
- return NULL;
- }
-
- return dst;
-}
-
/*
* Set a new session key. Used in the rpc server where we have to override the
* SMB level session key with SystemLibraryDTC
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index e4a6830..75cf1e6 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -270,8 +270,6 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
const char *username,
bool is_guest,
struct auth_session_info **session_info);
-struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
- const struct auth_session_info *src);
bool init_guest_session_info(TALLOC_CTX *mem_ctx);
NTSTATUS init_system_session_info(TALLOC_CTX *mem_ctx);
bool session_info_set_session_key(struct auth_session_info *info,
diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build
index 8fd7dcd..d27c231 100644
--- a/source3/auth/wscript_build
+++ b/source3/auth/wscript_build
@@ -14,7 +14,7 @@ bld.SAMBA3_SUBSYSTEM('AUTH_COMMON',
server_info.c
server_info_sam.c
user_info.c''',
- deps='TOKEN_UTIL DCUTIL USER_UTIL')
+ deps='TOKEN_UTIL DCUTIL USER_UTIL common_auth')
bld.SAMBA3_LIBRARY('auth',
source='''auth.c
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index e7ca89f..bae0810 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -1600,11 +1600,42 @@ static int smb_full_audit_ntimes(vfs_handle_struct *handle,
struct smb_file_time *ft)
{
int result;
+ time_t create_time = convert_timespec_to_time_t(ft->create_time);
+ time_t atime = convert_timespec_to_time_t(ft->atime);
+ time_t mtime = convert_timespec_to_time_t(ft->mtime);
+ time_t ctime = convert_timespec_to_time_t(ft->ctime);
+ const char *create_time_str = "";
+ const char *atime_str = "";
+ const char *mtime_str = "";
+ const char *ctime_str = "";
+ TALLOC_CTX *frame = talloc_stackframe();
result = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
- do_log(SMB_VFS_OP_NTIMES, (result >= 0), handle, "%s",
- smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname));
+ if (create_time > 0) {
+ create_time_str = timestring(frame, create_time);
+ }
+ if (atime > 0) {
+ atime_str = timestring(frame, atime);
+ }
+ if (mtime > 0) {
+ mtime_str = timestring(frame, mtime);
+ }
+ if (ctime > 0) {
+ ctime_str = timestring(frame, ctime);
+ }
+
+ do_log(SMB_VFS_OP_NTIMES,
+ (result >= 0),
+ handle,
+ "%s|%s|%s|%s|%s",
+ smb_fname_str_do_log(handle->conn->cwd_fname, smb_fname),
+ create_time_str,
+ atime_str,
+ mtime_str,
+ ctime_str);
+
+ TALLOC_FREE(frame);
return result;
}
diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
index 31e3907..1bcf3f6 100644
--- a/source3/passdb/py_passdb.c
+++ b/source3/passdb/py_passdb.c
@@ -3662,6 +3662,31 @@ static PyObject *py_reload_static_pdb(PyObject *self, PyObject *args)
Py_RETURN_NONE;
}
+static PyObject *py_get_domain_sid(PyObject *self, PyObject *unused)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct dom_sid domain_sid, *domain_sid_copy;
+ PyObject *py_dom_sid = Py_None;
+ bool ret = false;
+
+ ret = secrets_fetch_domain_sid(lp_workgroup(), &domain_sid);
+ if (!ret) {
+ talloc_free(frame);
+ return PyErr_NoMemory();
+ }
+
+ domain_sid_copy = dom_sid_dup(frame, &domain_sid);
+ if (domain_sid_copy == NULL) {
+ talloc_free(frame);
+ return PyErr_NoMemory();
+ }
+
+ py_dom_sid = pytalloc_steal(dom_sid_Type, domain_sid_copy);
+
+ talloc_free(frame);
+ return py_dom_sid;
+}
+
static PyObject *py_get_global_sam_sid(PyObject *self, PyObject *unused)
{
TALLOC_CTX *frame = talloc_stackframe();
@@ -3697,6 +3722,9 @@ static PyMethodDef py_passdb_methods[] = {
{ "get_global_sam_sid", py_get_global_sam_sid, METH_NOARGS,
"get_global_sam_sid() -> dom_sid\n\n \
Return domain SID." },
+ { "get_domain_sid", py_get_domain_sid, METH_NOARGS,
+ "get_domain_sid() -> dom_sid\n\n \
+ Return domain SID from secrets database." },
{ "reload_static_pdb", py_reload_static_pdb, METH_NOARGS,
"reload_static_pdb() -> None\n\n \
Re-initalise the static pdb used internally. Needed if 'passdb backend' is changed." },
diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c
index 511d54e8..5ee98a1 100644
--- a/source3/rpc_server/rpc_ncacn_np.c
+++ b/source3/rpc_server/rpc_ncacn_np.c
@@ -30,6 +30,7 @@
#include "librpc/gen_ndr/netlogon.h"
#include "librpc/gen_ndr/auth.h"
#include "../auth/auth_sam_reply.h"
+#include "../auth/auth_util.h"
#include "auth.h"
#include "rpc_server/rpc_pipes.h"
--
Samba Shared Repository
More information about the samba-cvs
mailing list