59) Remove code in idmap_ldap that searches the user suffix and group
suffix. It's not needed and provides inconsistent functionality
from the tdb backend.
-
+60) Patch to handle munged dial string for Windows 200 TSE.
+61) Correct the "smbldap_open: cannot access when not root error"
+ messages when looking up group information (bug 281).
+
+
Changes since 3.0.0
-------------------
static NTSTATUS guestsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
{
-#if 0 /* JERRY */
+#if 1 /* JERRY */
+
+ /* apparently thr build farm relies upon this heavior :-( */
+
return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
#else
/* I don't think we should allow any modification of
return;
}
+/*******************************************************************
+ Inits a UNISTR2 structure from a DATA_BLOB.
+ The length of the data_blob must count the bytes of the buffer.
+ Copies the blob data.
+********************************************************************/
+
+void init_unistr2_from_datablob(UNISTR2 *str, DATA_BLOB *blob)
+{
+ /* Allocs the unistring */
+ init_unistr2(str, NULL, UNI_FLAGS_NONE);
+
+ /* Sets the values */
+ str->uni_str_len = blob->length / sizeof(uint16);
+ str->uni_max_len = str->uni_str_len;
+ str->offset = 0;
+ str->buffer = (uint16 *) memdup(blob->data, blob->length);
+ if (!str->buffer) {
+ smb_panic("init_unistr2_from_datablob: malloc fail\n");
+ }
+}
+
/*******************************************************************
Reads or writes a UNISTR2 structure.
XXXX NOTE: UNISTR2 structures need NOT be null-terminated.
LOGON_HRS * hrs, uint16 bad_password_count, uint16 logon_count,
char newpass[516], uint32 unknown_6)
{
+ DATA_BLOB blob = base64_decode_data_blob(mung_dial);
+
usr->logon_time = *logon_time; /* all zeros */
usr->logoff_time = *logoff_time; /* all zeros */
usr->kickoff_time = *kickoff_time; /* all zeros */
init_unistr2(&usr->uni_unknown_str, unk_str, UNI_FLAGS_NONE);
init_uni_hdr(&usr->hdr_unknown_str, &usr->uni_unknown_str);
- init_unistr2(&usr->uni_munged_dial, mung_dial, UNI_FLAGS_NONE);
+ init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ data_blob_free(&blob);
+
usr->unknown_6 = unknown_6; /* 0x0000 04ec */
usr->padding4 = 0;
const char* description = pdb_get_acct_desc(pw);
const char* workstations = pdb_get_workstations(pw);
const char* munged_dial = pdb_get_munged_dial(pw);
+ DATA_BLOB blob = base64_decode_data_blob(munged_dial);
uint32 user_rid;
const DOM_SID *user_sid;
user_name,
sid_to_string(user_sid_string, user_sid),
sid_to_string(domain_sid_string, domain_sid)));
+ data_blob_free(&blob);
return NT_STATUS_UNSUCCESSFUL;
}
user_name,
sid_to_string(group_sid_string, group_sid),
sid_to_string(domain_sid_string, domain_sid)));
+ data_blob_free(&blob);
return NT_STATUS_UNSUCCESSFUL;
}
init_unistr2(&usr->uni_unknown_str, NULL, UNI_STR_TERMINATE);
init_uni_hdr(&usr->hdr_unknown_str, &usr->uni_unknown_str);
- init_unistr2(&usr->uni_munged_dial, munged_dial, UNI_STR_TERMINATE);
+ init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+ data_blob_free(&blob);
usr->unknown_6 = pdb_get_unknown_6(pw);
usr->padding4 = 0;
void init_sam_user_info20A(SAM_USER_INFO_20 *usr, SAM_ACCOUNT *pw)
{
const char *munged_dial = pdb_get_munged_dial(pw);
-
- init_unistr2(&usr->uni_munged_dial, munged_dial, UNI_STR_TERMINATE);
+ DATA_BLOB blob = base64_decode_data_blob(munged_dial);
+
+ init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
-
+ data_blob_free(&blob);
}
/*******************************************************************
/* well-known aliases */
if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
+ become_root();
pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED);
+ unbecome_root();
if (num_entries != 0) {
*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
struct sys_grent *grp;
gid_t winbind_gid_low, winbind_gid_high;
BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
+ BOOL ret;
/* local aliases */
/* we return the UNIX groups here. This seems to be the right */
for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
uint32 trid;
- if(!pdb_getgrgid(&smap, grp->gr_gid))
+ become_root();
+ ret = pdb_getgrgid(&smap, grp->gr_gid);
+ unbecome_root();
+ if( !ret )
continue;
if (smap.sid_name_use!=SID_NAME_ALIAS) {
}
+/*******************************************************************
+ set_user_info_20
+ ********************************************************************/
+
+static BOOL set_user_info_20(SAM_USER_INFO_20 *id20, DOM_SID *sid)
+{
+ SAM_ACCOUNT *pwd = NULL;
+
+ if (id20 == NULL) {
+ DEBUG(5, ("set_user_info_20: NULL id20\n"));
+ return False;
+ }
+
+ pdb_init_sam(&pwd);
+
+ if (!pdb_getsampwsid(pwd, sid)) {
+ pdb_free_sam(&pwd);
+ return False;
+ }
+
+ copy_id20_to_sam_passwd(pwd, id20);
+
+ /* write the change out */
+ if(!pdb_update_sam_account(pwd)) {
+ pdb_free_sam(&pwd);
+ return False;
+ }
+
+ pdb_free_sam(&pwd);
+
+ return True;
+}
/*******************************************************************
set_user_info_21
********************************************************************/
if (!set_user_info_21(ctr->info.id21, &sid))
return NT_STATUS_ACCESS_DENIED;
break;
+ case 20:
+ if (!set_user_info_20(ctr->info.id20, &sid))
+ return NT_STATUS_ACCESS_DENIED;
+ break;
case 16:
if (!set_user_info_10(ctr->info.id10, &sid))
return NT_STATUS_ACCESS_DENIED;
int num_uids=0;
GROUP_INFO_CTR *ctr;
uint32 acc_granted;
+ BOOL ret;
if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
return r_u->status;
}
- if (!get_domain_group_from_sid(group_sid, &map))
+ become_root();
+ ret = get_domain_group_from_sid(group_sid, &map);
+ unbecome_root();
+ if (!ret)
return NT_STATUS_INVALID_HANDLE;
ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR));
size_t sd_size;
NTSTATUS status;
fstring sid_string;
+ BOOL ret;
if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted))
return NT_STATUS_INVALID_HANDLE;
DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string));
/* check if that group really exists */
- if (!get_domain_group_from_sid(info->sid, &map))
+ become_root();
+ ret = get_domain_group_from_sid(info->sid, &map);
+ unbecome_root();
+ if (!ret)
return NT_STATUS_NO_SUCH_GROUP;
/* get a (unique) handle. open a policy on it. */
return r_u->status;
}
-
(!old_string && new_string) ||\
(old_string && new_string && (strcmp(old_string, new_string) != 0))
+#define STRING_CHANGED_NC(s1,s2) ((s1) && !(s2)) ||\
+ (!(s1) && (s2)) ||\
+ ((s1) && (s2) && (strcmp((s1), (s2)) != 0))
+
+/*************************************************************
+ Copies a SAM_USER_INFO_20 to a SAM_ACCOUNT
+**************************************************************/
+
+void copy_id20_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_20 *from)
+{
+ const char *old_string;
+ char *new_string;
+ DATA_BLOB mung;
+
+ if (from == NULL || to == NULL)
+ return;
+
+ if (from->hdr_munged_dial.buffer) {
+ old_string = pdb_get_munged_dial(to);
+ mung.length = from->hdr_munged_dial.uni_str_len;
+ mung.data = (uint8 *) from->uni_munged_dial.buffer;
+ new_string = base64_encode_data_blob(mung);
+ DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
+ if (STRING_CHANGED_NC(old_string,new_string))
+ pdb_set_munged_dial(to , new_string, PDB_CHANGED);
+
+ SAFE_FREE(new_string);
+ }
+}
+
/*************************************************************
Copies a SAM_USER_INFO_21 to a SAM_ACCOUNT
**************************************************************/
{
time_t unix_time, stored_time;
const char *old_string, *new_string;
+ DATA_BLOB mung;
if (from == NULL || to == NULL)
return;
}
if (from->hdr_munged_dial.buffer) {
+ char *newstr;
old_string = pdb_get_munged_dial(to);
- new_string = unistr2_static(&from->uni_munged_dial);
- DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_munged_dial(to , new_string, PDB_CHANGED);
+ mung.length = from->hdr_munged_dial.uni_str_len;
+ mung.data = (uint8 *) from->uni_munged_dial.buffer;
+ newstr = base64_encode_data_blob(mung);
+ DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
+ if (STRING_CHANGED_NC(old_string,newstr))
+ pdb_set_munged_dial(to , newstr, PDB_CHANGED);
+
+ SAFE_FREE(newstr);
}
if (from->user_rid == 0) {
{
time_t unix_time, stored_time;
const char *old_string, *new_string;
+ DATA_BLOB mung;
if (from == NULL || to == NULL)
return;
}
if (from->hdr_munged_dial.buffer) {
+ char *newstr;
old_string = pdb_get_munged_dial(to);
- new_string = unistr2_static(&from->uni_munged_dial);
- DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
- if (STRING_CHANGED)
- pdb_set_munged_dial(to , new_string, PDB_CHANGED);
+ mung.length = from->hdr_munged_dial.uni_str_len;
+ mung.data = (uint8 *) from->uni_munged_dial.buffer;
+ newstr = base64_encode_data_blob(mung);
+ DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
+ if (STRING_CHANGED_NC(old_string, newstr))
+ pdb_set_munged_dial(to , newstr, PDB_CHANGED);
+
+ SAFE_FREE(newstr);
}
if (from->user_rid == 0) {
DEBUG(10,("INFO_23 PADDING_4: %08X\n",from->padding4));
}
-
-
# Install images
for ln in $LANGS; do
-for f in $SRCDIR../swat/$ln/images/*.gif; do
+ for f in $SRCDIR../swat/$ln/images/*.gif; do
FNAME=$SWATDIR/$ln/images/`basename $f`
echo $FNAME
cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
chmod 0644 $FNAME
-done
+ done
-# Install html help
+ # Install html help
-for f in $SRCDIR../swat/$ln/help/*.html; do
+ for f in $SRCDIR../swat/$ln/help/*.html; do
FNAME=$SWATDIR/$ln/help/`basename $f`
echo $FNAME
if [ "x$BOOKDIR" = "x" ]; then
cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
rm -f $f
chmod 0644 $FNAME
-done
+ done
-# Install html documentation
+ # Install "server-side" includes
-for f in $SRCDIR../docs/htmldocs/*.html; do
- FNAME=$SWATDIR/help/`basename $f`
+ for f in $SRCDIR../swat/$ln/include/*.html; do
+ FNAME=$SWATDIR/$ln/include/`basename $f`
echo $FNAME
cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
chmod 0644 $FNAME
+ done
+
done
-# Install "server-side" includes
+# Install html documentation
-for f in $SRCDIR../swat/$ln/include/*.html; do
- FNAME=$SWATDIR/$ln/include/`basename $f`
+for f in $SRCDIR../docs/htmldocs/*.html; do
+ FNAME=$SWATDIR/help/`basename $f`
echo $FNAME
cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
chmod 0644 $FNAME
done
-done
-
# Install Using Samba book (but only if it is there)
if [ "x$BOOKDIR" != "x" -a -f $SRCDIR../docs/htmldocs/using_samba/toc.html ]; then
projects / thirdparty / samba.git / commitdiff
