trusted domains patch
mimir at diament.ists.pwr.wroc.pl
mimir at diament.ists.pwr.wroc.pl
Thu Jul 18 03:52:01 GMT 2002
This is yet one patch to trusted domains functionality collection.
No revolution -- just some updates and new utility to net tool.
This allows to list domains trusted by samba (by reading secrets.tdb).
More patches are under construction...
--
cheers,
+------------------------------------------------------------+
|Rafal 'Mimir' Szczesniak <mimir at diament.ists.pwr.wroc.pl> |
|*BSD, GNU/Linux and Samba /
|__________________________________________________________/
-------------- next part --------------
Index: lib/util_unistr.c
===================================================================
RCS file: /cvsroot/samba/source/lib/util_unistr.c,v
retrieving revision 1.93
diff -u -r1.93 util_unistr.c
--- lib/util_unistr.c 14 Apr 2002 09:44:14 -0000 1.93
+++ lib/util_unistr.c 18 Jul 2002 10:26:24 -0000
@@ -218,6 +218,29 @@
pull_ucs2(NULL, dest, str->buffer, maxlen, str->uni_str_len*2, STR_NOALIGN);
}
+/**
+ * Convert smb_ucs2_t string to an ASCII string
+ *
+ * @param dest Destination ASCII string
+ * @param src Source UCS2 string
+ * @para maxlen maximum number of characters to be copied to dest
+ */
+char* ucs2_to_ascii(char *dest, const smb_ucs2_t *src, size_t maxlen)
+{
+ size_t src_len;
+
+ if (src == NULL) {
+ *dest = '\0';
+ return dest;
+ }
+
+ src_len = strlen_w(src);
+
+ pull_ucs2(NULL, dest, src, maxlen, src_len * 2, STR_NOALIGN);
+
+ return dest;
+}
+
/*******************************************************************
duplicate a UNISTR2 string into a null terminated char*
Index: libsmb/cli_lsarpc.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/cli_lsarpc.c,v
retrieving revision 1.46
diff -u -r1.46 cli_lsarpc.c
--- libsmb/cli_lsarpc.c 1 Jun 2002 00:10:08 -0000 1.46
+++ libsmb/cli_lsarpc.c 18 Jul 2002 10:26:28 -0000
@@ -632,6 +632,108 @@
return result;
}
+
+/**
+ * Enumerate list of trusted domains - higher level wrapper function for
+ * @see cli_lsa_enum_trust_dom()
+ *
+ * @param cli client state (cli_state) structure of the connection
+ * @param mem_ctx memory context
+ * @param pol opened lsa policy handle
+ * @param pref_num_domains preferred max number of entries returned in one response
+ * @param num_domains total number of trusted domains returned during enumeration
+ * @param domain_names returned trusted domain names
+ * @param domain_sids returned trusted domain sids
+ *
+ * @return nt status code of response
+ **/
+NTSTATUS cli_lsa_enum_trust_domains(struct cli_state *cli, TALLOC_CTX *mem_ctx,
+ POLICY_HND *pol, uint32 *pref_num_domains,
+ uint32 *num_domains,
+ char ***domain_names, DOM_SID **domain_sids)
+{
+ NTSTATUS status;
+ uint32 enum_ctx = 0;
+ int alloc_chunk = 1;
+
+ /* l_ prefix is for "locally" used variables */
+ char **l_domain_names;
+ DOM_SID *l_domain_sids;
+ uint32 l_num_domains = 0;
+
+ if (!pref_num_domains) {
+ pref_num_domains = talloc(mem_ctx, sizeof(*pref_num_domains));
+ if (!pref_num_domains)
+ return NT_STATUS_NO_MEMORY;
+
+ *pref_num_domains = 5;
+ }
+
+ /*
+ * allocate memory for arrays of domain names and sids
+ * that will be returned
+ * TODO: all pointers in the arrays should be zeroed
+ */
+ *domain_names = (char **)talloc(mem_ctx, sizeof(char*) * alloc_chunk);
+
+ if (!*domain_names) {
+ DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * alloc_chunk);
+ if (!domain_sids) {
+ DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ do {
+ int i;
+
+ /* perform a single lsa_enum_trust_dom request */
+ status = cli_lsa_enum_trust_dom(cli, mem_ctx, pol, &enum_ctx,
+ pref_num_domains, &l_num_domains,
+ &l_domain_names, &l_domain_sids);
+
+ *num_domains += l_num_domains;
+
+ if (*num_domains > alloc_chunk) {
+ alloc_chunk += 5;
+
+ /*
+ * number of enumerated domains so far, has exceeded
+ * size of arrays that are to be returned.
+ * do reallocation of the arrays.
+ */
+ *domain_names = (char**) talloc_realloc(mem_ctx, (void *)*domain_names,
+ sizeof(char*) * alloc_chunk);
+ if (!*domain_names) {
+ DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *domain_sids = (DOM_SID*) talloc_realloc(mem_ctx, (void *)*domain_sids,
+ sizeof(DOM_SID) * alloc_chunk);
+ if (!domain_sids) {
+ DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ /*
+ * put results of this call to returned arrays
+ */
+ for (i = (enum_ctx - l_num_domains); i < enum_ctx; i++) {
+ domain_names[i] = &l_domain_names[i - (enum_ctx - l_num_domains)];
+ domain_sids[i] = &l_domain_sids[i - (enum_ctx - l_num_domains)];
+ }
+
+ } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
+
+ return status;
+}
+
+
/** Enumerate privileges*/
NTSTATUS cli_lsa_enum_privilege(struct cli_state *cli, TALLOC_CTX *mem_ctx,
Index: libsmb/cliconnect.c
===================================================================
RCS file: /cvsroot/samba/source/libsmb/cliconnect.c,v
retrieving revision 1.87
diff -u -r1.87 cliconnect.c
--- libsmb/cliconnect.c 15 Jul 2002 10:37:42 -0000 1.87
+++ libsmb/cliconnect.c 18 Jul 2002 10:26:28 -0000
@@ -1182,9 +1182,8 @@
if (!cli_session_setup(cli, user, password, strlen(password)+1,
password, strlen(password)+1,
domain)) {
- if (!(flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
- || cli_session_setup(cli, "", "", 0,
- "", 0, domain)) {
+ if ((flags & CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK)
+ && cli_session_setup(cli, "", "", 0, "", 0, domain)) {
} else {
nt_status = cli_nt_error(cli);
DEBUG(1,("failed session setup with %s\n", nt_errstr(nt_status)));
Index: passdb/secrets.c
===================================================================
RCS file: /cvsroot/samba/source/passdb/secrets.c,v
retrieving revision 1.37
diff -u -r1.37 secrets.c
--- passdb/secrets.c 23 May 2002 15:42:29 -0000 1.37
+++ passdb/secrets.c 18 Jul 2002 10:26:53 -0000
@@ -388,7 +388,9 @@
/**
- * The linked list is allocated on the supplied talloc context, caller gets to destory
+ * Get trusted domains info from secrets.tdb.
+ *
+ * The linked list is allocated on the supplied talloc context, caller gets to destroy
* when done.
*
* @param ctx Allocation context
@@ -409,10 +411,11 @@
int start_idx;
uint32 idx = 0;
size_t size;
+ char dom_name[32];
struct trusted_dom_pass *pass;
NTSTATUS status;
- secrets_init();
+ if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
*num_domains = 0;
start_idx = *enum_ctx;
@@ -455,6 +458,10 @@
SAFE_FREE(pass);
continue;
}
+
+ ucs2_to_ascii(dom_name, pass->uni_name, sizeof(dom_name));
+ DEBUG(18, ("Fetched secret record num %d.\nDomain name: %s, SID: %s\n",
+ idx, dom_name, sid_string_static(&pass->domain_sid)));
SAFE_FREE(secrets_key);
@@ -475,6 +482,10 @@
dom->name = talloc_strdup_w(ctx, pass->uni_name);
(*domains)[idx - start_idx] = dom;
+
+ DEBUG(18, ("Secret record is in required range.\n
+ start_idx = %d, max_num_domains = %d. Added to returned array.\n",
+ start_idx, max_num_domains));
*enum_ctx = idx + 1;
(*num_domains)++;
@@ -487,6 +498,10 @@
/* this is the last entry in the whole enumeration */
status = NT_STATUS_OK;
}
+ } else {
+ DEBUG(18, ("Secret is outside the required range.\n
+ start_idx = %d, max_num_domains = %d. Not added to returned array\n",
+ start_idx, max_num_domains));
}
idx++;
Index: smbd/process.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/process.c,v
retrieving revision 1.97
diff -u -r1.97 process.c
--- smbd/process.c 17 Jun 2002 15:33:13 -0000 1.97
+++ smbd/process.c 18 Jul 2002 10:26:58 -0000
@@ -152,7 +152,7 @@
Returns False on timeout or error.
Else returns True.
-The timeout is in milli seconds
+The timeout is in milliseconds
****************************************************************************/
static BOOL receive_message_or_smb(char *buffer, int buffer_len, int timeout)
Index: utils/net_rpc.c
===================================================================
RCS file: /cvsroot/samba/source/utils/net_rpc.c,v
retrieving revision 1.23
diff -u -r1.23 net_rpc.c
--- utils/net_rpc.c 13 Jul 2002 15:14:39 -0000 1.23
+++ utils/net_rpc.c 18 Jul 2002 10:27:02 -0000
@@ -1562,9 +1562,10 @@
extern char *opt_user_name;
extern char *opt_password;
+extern char *opt_workgroup;
-static int rpc_trustdom_establish(int argc, const char **argv) {
-
+static int rpc_trustdom_establish(int argc, const char **argv)
+{
struct cli_state *cli;
struct in_addr server_ip;
POLICY_HND connect_hnd;
@@ -1582,7 +1583,7 @@
*/
if (argc != 1) {
- d_printf("Usage: net rpc trustdom add <domain_name>\n");
+ d_printf("Usage: net rpc trustdom establish <domain_name>\n");
return -1;
}
@@ -1590,6 +1591,15 @@
domain_name = smb_xstrdup(argv[0]);
strupper(domain_name);
+ /*
+ * opt_workgroup will be used by connection functions further,
+ * hence it should be set to remote domain name instead of ours
+ */
+ if (opt_workgroup) {
+ SAFE_FREE(opt_workgroup);
+ opt_workgroup = smb_xstrdup(domain_name);
+ };
+
asprintf(&acct_name, "%s$", lp_workgroup());
strupper(acct_name);
@@ -1743,8 +1753,8 @@
* @return Integer status (0 means success)
**/
-static int rpc_trustdom_revoke(int argc, const char **argv) {
-
+static int rpc_trustdom_revoke(int argc, const char **argv)
+{
char* domain_name;
if (argc < 1) return -1;
@@ -1772,7 +1782,8 @@
* @return Integer status returned to shell
**/
-static int rpc_trustdom_usage(int argc, const char **argv) {
+static int rpc_trustdom_usage(int argc, const char **argv)
+{
d_printf(" net rpc trustdom add \t\t add trusting domain's account\n");
d_printf(" net rpc trustdom del \t\t delete trusting domain's account\n");
d_printf(" net rpc trustdom establish \t establish relationship to trusted domain\n");
@@ -1782,6 +1793,58 @@
}
+static int rpc_trustdom_list(int argc, const char **argv)
+{
+ /* trusted domains listing variables */
+ TALLOC_CTX* ctx;
+ NTSTATUS nt_status;
+ int enum_ctx = 0, max_num_domains = 5;
+ int num_domains, i, pad_len, col_len = 20;
+ TRUSTDOM** domains;
+ fstring ascii_dom_name, ascii_sid, padding;
+
+ /* trusting domains listing variables */
+
+
+ /*
+ * Listing trusted domains stored in secrets.tdb
+ */
+
+ d_printf("Trusted domains list:\n\n");
+
+ ctx = talloc_init();
+
+ do {
+ nt_status = secrets_get_trusted_domains(ctx, &enum_ctx, max_num_domains, &num_domains, &domains);
+ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) {
+ DEBUG(0, ("Permission denied. You must be root to do this.\n"));
+ return -1;
+ };
+
+ for (i = 0; i < num_domains; i++) {
+ /* convert returned structure members to strings */
+ ucs2_to_ascii(ascii_dom_name, domains[i]->name, sizeof(ascii_dom_name);
+ sid_to_string(ascii_sid, &(domains[i]->sid));
+
+ /* calculate padding space for d_printf to look nicer */
+ pad_len = col_len - strlen(ascii_dom_name);
+ padding[pad_len] = 0;
+ do padding[--pad_len] = ' '; while (pad_len);
+
+ d_printf("%s%s%s\n", ascii_dom_name, padding, ascii_sid);
+ };
+
+ } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
+
+ /*
+ * Listing trusting domains account stored in passdb backend
+ */
+
+ d_printf("\nTrusting domains list: not yet implemented\n");
+
+ return 0;
+}
+
/**
* Entrypoint for 'net rpc trustdom' code
*
@@ -1799,6 +1864,7 @@
{"establish", rpc_trustdom_establish},
{"revoke", rpc_trustdom_revoke},
{"help", rpc_trustdom_usage},
+ {"list", rpc_trustdom_list},
{NULL, NULL}
};
More information about the samba-technical
mailing list