static bool test_cmp(struct torture_context *tctx)
{
DATA_BLOB a = data_blob_string_const("bla");
DATA_BLOB b = data_blob_string_const("blae");
torture_assert(tctx, data_blob_cmp(&a, &b) != 0, "cmp different");
torture_assert(tctx, data_blob_cmp(&a, &a) == 0, "cmp self");
return true;
}
/*
see if two DNs match, comparing first by GUID, then by SID, and
finally by string components
*/
static int samba_dn_extended_match(struct ldb_context *ldb,
const struct ldb_val *v1,
const struct ldb_val *v2,
bool *matched)
{
TALLOC_CTX *tmp_ctx;
struct ldb_dn *dn1, *dn2;
const struct ldb_val *guid1, *guid2, *sid1, *sid2;
uint32_t rmd_flags1, rmd_flags2;
tmp_ctx = talloc_new(ldb);
dn1 = ldb_dn_from_ldb_val(tmp_ctx, ldb, v1);
dn2 = ldb_dn_from_ldb_val(tmp_ctx, ldb, v2);
if (!dn1 || !dn2) {
/* couldn't parse as DN's */
talloc_free(tmp_ctx);
(*matched) = false;
return LDB_SUCCESS;
}
rmd_flags1 = dsdb_dn_rmd_flags(dn1);
rmd_flags2 = dsdb_dn_rmd_flags(dn2);
if ((rmd_flags1 & DSDB_RMD_FLAG_DELETED) !=
(rmd_flags2 & DSDB_RMD_FLAG_DELETED)) {
/* only match if they have the same deletion status */
talloc_free(tmp_ctx);
(*matched) = false;
return LDB_SUCCESS;
}
guid1 = ldb_dn_get_extended_component(dn1, "GUID");
guid2 = ldb_dn_get_extended_component(dn2, "GUID");
if (guid1 && guid2) {
(*matched) = (data_blob_cmp(guid1, guid2) == 0);
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
sid1 = ldb_dn_get_extended_component(dn1, "SID");
sid2 = ldb_dn_get_extended_component(dn2, "SID");
if (sid1 && sid2) {
(*matched) = (data_blob_cmp(sid1, sid2) == 0);
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
(*matched) = (ldb_dn_compare(dn1, dn2) == 0);
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
int registry_value_cmp(const struct registry_value* v1, const struct registry_value* v2)
{
if (v1->type == v2->type) {
return data_blob_cmp(&v1->data, &v2->data);
}
return v1->type - v2->type;
}
static int acl_childClasses(struct ldb_module *module,
struct ldb_message *sd_msg,
struct ldb_message *msg,
const char *attrName)
{
struct ldb_message_element *oc_el;
struct ldb_message_element *allowedClasses;
struct ldb_context *ldb = ldb_module_get_ctx(module);
const struct dsdb_schema *schema = dsdb_get_schema(ldb);
const struct dsdb_class *sclass;
int i, j, ret;
/* If we don't have a schema yet, we can't do anything... */
if (schema == NULL) {
return LDB_SUCCESS;
}
/* Must remove any existing attribute, or else confusion reins */
ldb_msg_remove_attr(msg, attrName);
ret = ldb_msg_add_empty(msg, attrName, 0, &allowedClasses);
if (ret != LDB_SUCCESS) {
return ret;
}
oc_el = ldb_msg_find_element(sd_msg, "objectClass");
for (i=0; oc_el && i < oc_el->num_values; i++) {
sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
if (!sclass) {
/* We don't know this class? what is going on? */
continue;
}
for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
ldb_msg_add_string(msg, attrName, sclass->possibleInferiors[j]);
}
}
if (allowedClasses->num_values > 1) {
qsort(allowedClasses->values,
allowedClasses->num_values,
sizeof(*allowedClasses->values),
(comparison_fn_t)data_blob_cmp);
for (i=1 ; i < allowedClasses->num_values; i++) {
struct ldb_val *val1 = &allowedClasses->values[i-1];
struct ldb_val *val2 = &allowedClasses->values[i];
if (data_blob_cmp(val1, val2) == 0) {
memmove(val1, val2, (allowedClasses->num_values - i) * sizeof(struct ldb_val));
allowedClasses->num_values--;
i--;
}
}
}
return LDB_SUCCESS;
}
static int handle_dereference(struct ldb_dn *dn,
struct dsdb_openldap_dereference_result **dereference_attrs,
const char *attr, const DATA_BLOB *val)
{
const struct ldb_val *entryUUIDblob, *sid_blob;
struct ldb_message fake_msg; /* easier to use routines that expect an ldb_message */
int j;
fake_msg.num_elements = 0;
/* Look for this attribute in the returned control */
for (j = 0; dereference_attrs && dereference_attrs[j]; j++) {
struct ldb_val source_dn = data_blob_string_const(dereference_attrs[j]->dereferenced_dn);
if (ldb_attr_cmp(dereference_attrs[j]->source_attribute, attr) == 0
&& data_blob_cmp(&source_dn, val) == 0) {
fake_msg.num_elements = dereference_attrs[j]->num_attributes;
fake_msg.elements = dereference_attrs[j]->attributes;
break;
}
}
if (!fake_msg.num_elements) {
return LDB_SUCCESS;
}
/* Look for an OpenLDAP entryUUID */
entryUUIDblob = ldb_msg_find_ldb_val(&fake_msg, "entryUUID");
if (entryUUIDblob) {
NTSTATUS status;
enum ndr_err_code ndr_err;
struct ldb_val guid_blob;
struct GUID guid;
status = GUID_from_data_blob(entryUUIDblob, &guid);
if (!NT_STATUS_IS_OK(status)) {
return LDB_ERR_INVALID_DN_SYNTAX;
}
ndr_err = ndr_push_struct_blob(&guid_blob, NULL, NULL, &guid,
(ndr_push_flags_fn_t)ndr_push_GUID);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return LDB_ERR_INVALID_DN_SYNTAX;
}
ldb_dn_set_extended_component(dn, "GUID", &guid_blob);
}
sid_blob = ldb_msg_find_ldb_val(&fake_msg, "objectSID");
/* Look for the objectSID */
if (sid_blob) {
ldb_dn_set_extended_component(dn, "SID", sid_blob);
}
return LDB_SUCCESS;
}
/*
this is a paranoid NDR input validator. For every packet we pull
from the wire we push it back again then pull and push it
again. Then we compare the raw NDR data for that to the NDR we
initially generated. If they don't match then we know we must have a
bug in either the pull or push side of our code
*/
static NTSTATUS dcerpc_ndr_validate_out(struct dcerpc_connection *c,
struct ndr_pull *pull_in,
void *struct_ptr,
size_t struct_size,
ndr_push_flags_fn_t ndr_push,
ndr_pull_flags_fn_t ndr_pull,
ndr_print_function_t ndr_print)
{
void *st;
struct ndr_pull *pull;
struct ndr_push *push;
DATA_BLOB blob, blob2;
TALLOC_CTX *mem_ctx = pull_in;
char *s1, *s2;
enum ndr_err_code ndr_err;
st = talloc_size(mem_ctx, struct_size);
if (!st) {
return NT_STATUS_NO_MEMORY;
}
memcpy(st, struct_ptr, struct_size);
push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
if (!push) {
return NT_STATUS_NO_MEMORY;
}
ndr_err = ndr_push(push, NDR_OUT, struct_ptr);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
"failed output validation push - %s",
nt_errstr(status));
return ndr_map_error2ntstatus(ndr_err);
}
blob = ndr_push_blob(push);
pull = ndr_pull_init_flags(c, &blob, mem_ctx);
if (!pull) {
return NT_STATUS_NO_MEMORY;
}
pull->flags |= LIBNDR_FLAG_REF_ALLOC;
ndr_err = ndr_pull(pull, NDR_OUT, st);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
"failed output validation pull - %s",
nt_errstr(status));
return ndr_map_error2ntstatus(ndr_err);
}
push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
if (!push) {
return NT_STATUS_NO_MEMORY;
}
ndr_err = ndr_push(push, NDR_OUT, st);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
"failed output validation push2 - %s",
nt_errstr(status));
return ndr_map_error2ntstatus(ndr_err);
}
blob2 = ndr_push_blob(push);
if (data_blob_cmp(&blob, &blob2) != 0) {
DEBUG(3,("original:\n"));
dump_data(3, blob.data, blob.length);
DEBUG(3,("secondary:\n"));
dump_data(3, blob2.data, blob2.length);
ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
"failed output validation blobs doesn't match");
return ndr_map_error2ntstatus(ndr_err);
}
/* this checks the printed forms of the two structures, which effectively
tests all of the value() attributes */
s1 = ndr_print_function_string(mem_ctx, ndr_print, "VALIDATE",
NDR_OUT, struct_ptr);
s2 = ndr_print_function_string(mem_ctx, ndr_print, "VALIDATE",
NDR_OUT, st);
if (strcmp(s1, s2) != 0) {
#if 1
DEBUG(3,("VALIDATE ERROR:\nWIRE:\n%s\n GEN:\n%s\n", s1, s2));
#else
/* this is sometimes useful */
printf("VALIDATE ERROR\n");
file_save("wire.dat", s1, strlen(s1));
file_save("gen.dat", s2, strlen(s2));
system("diff -u wire.dat gen.dat");
#endif
ndr_err = ndr_push_error(push, NDR_ERR_VALIDATE,
"failed output validation strings doesn't match");
return ndr_map_error2ntstatus(ndr_err);
}
return NT_STATUS_OK;
}
/*
this is a paranoid NDR validator. For every packet we push onto the wire
we pull it back again, then push it again. Then we compare the raw NDR data
for that to the NDR we initially generated. If they don't match then we know
we must have a bug in either the pull or push side of our code
*/
static NTSTATUS dcerpc_ndr_validate_in(struct dcerpc_connection *c,
TALLOC_CTX *mem_ctx,
DATA_BLOB blob,
size_t struct_size,
ndr_push_flags_fn_t ndr_push,
ndr_pull_flags_fn_t ndr_pull)
{
void *st;
struct ndr_pull *pull;
struct ndr_push *push;
DATA_BLOB blob2;
enum ndr_err_code ndr_err;
st = talloc_size(mem_ctx, struct_size);
if (!st) {
return NT_STATUS_NO_MEMORY;
}
pull = ndr_pull_init_flags(c, &blob, mem_ctx);
if (!pull) {
return NT_STATUS_NO_MEMORY;
}
pull->flags |= LIBNDR_FLAG_REF_ALLOC;
ndr_err = ndr_pull(pull, NDR_IN, st);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
"failed input validation pull - %s",
nt_errstr(status));
return ndr_map_error2ntstatus(ndr_err);
}
push = ndr_push_init_ctx(mem_ctx, c->iconv_convenience);
if (!push) {
return NT_STATUS_NO_MEMORY;
}
ndr_err = ndr_push(push, NDR_IN, st);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
"failed input validation push - %s",
nt_errstr(status));
return ndr_map_error2ntstatus(ndr_err);
}
blob2 = ndr_push_blob(push);
if (data_blob_cmp(&blob, &blob2) != 0) {
DEBUG(3,("original:\n"));
dump_data(3, blob.data, blob.length);
DEBUG(3,("secondary:\n"));
dump_data(3, blob2.data, blob2.length);
ndr_err = ndr_pull_error(pull, NDR_ERR_VALIDATE,
"failed input validation blobs doesn't match");
return ndr_map_error2ntstatus(ndr_err);
}
return NT_STATUS_OK;
}
static int acl_childClassesEffective(struct ldb_module *module,
struct ldb_message *sd_msg,
struct ldb_message *msg,
struct acl_context *ac)
{
struct ldb_message_element *oc_el;
struct ldb_message_element *allowedClasses = NULL;
struct ldb_context *ldb = ldb_module_get_ctx(module);
const struct dsdb_schema *schema = dsdb_get_schema(ldb);
const struct dsdb_class *sclass;
struct security_descriptor *sd;
struct dom_sid *sid = NULL;
int i, j, ret;
if (ac->user_type == SECURITY_SYSTEM) {
return acl_childClasses(module, sd_msg, msg, "allowedChildClassesEffective");
}
/* If we don't have a schema yet, we can't do anything... */
if (schema == NULL) {
return LDB_SUCCESS;
}
/* Must remove any existing attribute, or else confusion reins */
ldb_msg_remove_attr(msg, "allowedChildClassesEffective");
oc_el = ldb_msg_find_element(sd_msg, "objectClass");
ret = get_sd_from_ldb_message(msg, sd_msg, &sd);
if (ret != LDB_SUCCESS) {
return ret;
}
ret = get_dom_sid_from_ldb_message(msg, sd_msg, &sid);
if (ret != LDB_SUCCESS) {
return ret;
}
for (i=0; oc_el && i < oc_el->num_values; i++) {
sclass = dsdb_class_by_lDAPDisplayName_ldb_val(schema, &oc_el->values[i]);
if (!sclass) {
/* We don't know this class? what is going on? */
continue;
}
for (j=0; sclass->possibleInferiors && sclass->possibleInferiors[j]; j++) {
ret = acl_check_access_on_class(module,
msg,
sd,
sid,
SEC_ADS_CREATE_CHILD,
sclass->possibleInferiors[j]);
if (ret == LDB_SUCCESS) {
ldb_msg_add_string(msg, "allowedChildClassesEffective",
sclass->possibleInferiors[j]);
}
}
}
allowedClasses = ldb_msg_find_element(msg, "allowedChildClassesEffective");
if (!allowedClasses) {
return LDB_SUCCESS;
}
if (allowedClasses->num_values > 1) {
qsort(allowedClasses->values,
allowedClasses->num_values,
sizeof(*allowedClasses->values),
(comparison_fn_t)data_blob_cmp);
for (i=1 ; i < allowedClasses->num_values; i++) {
struct ldb_val *val1 = &allowedClasses->values[i-1];
struct ldb_val *val2 = &allowedClasses->values[i];
if (data_blob_cmp(val1, val2) == 0) {
memmove(val1, val2, (allowedClasses->num_values - i) * sizeof( struct ldb_val));
allowedClasses->num_values--;
i--;
}
}
}
return LDB_SUCCESS;
}
/*
* Generate difference between two keys
*/
WERROR reg_generate_diff_key(struct registry_key *oldkey,
struct registry_key *newkey,
const char *path,
const struct reg_diff_callbacks *callbacks,
void *callback_data)
{
int i;
struct registry_key *t1 = NULL, *t2 = NULL;
char *tmppath;
const char *keyname1;
WERROR error, error1, error2;
TALLOC_CTX *mem_ctx = talloc_init("writediff");
uint32_t old_num_subkeys, old_num_values,
new_num_subkeys, new_num_values;
if (oldkey != NULL) {
error = reg_key_get_info(mem_ctx, oldkey, NULL,
&old_num_subkeys, &old_num_values,
NULL, NULL, NULL, NULL);
if (!W_ERROR_IS_OK(error)) {
DEBUG(0, ("Error occurred while getting key info: %s\n",
win_errstr(error)));
talloc_free(mem_ctx);
return error;
}
} else {
old_num_subkeys = 0;
old_num_values = 0;
}
/* Subkeys that were changed or deleted */
for (i = 0; i < old_num_subkeys; i++) {
error1 = reg_key_get_subkey_by_index(mem_ctx, oldkey, i,
&keyname1, NULL, NULL);
if (!W_ERROR_IS_OK(error1)) {
DEBUG(0, ("Error occurred while getting subkey by index: %s\n",
win_errstr(error1)));
continue;
}
if (newkey != NULL) {
error2 = reg_open_key(mem_ctx, newkey, keyname1, &t2);
} else {
error2 = WERR_BADFILE;
t2 = NULL;
}
if (!W_ERROR_IS_OK(error2) && !W_ERROR_EQUAL(error2, WERR_BADFILE)) {
DEBUG(0, ("Error occured while getting subkey by name: %s\n",
win_errstr(error2)));
talloc_free(mem_ctx);
return error2;
}
/* if "error2" is going to be "WERR_BADFILE", then newkey */
/* didn't have such a subkey and therefore add a del diff */
tmppath = talloc_asprintf(mem_ctx, "%s\\%s", path, keyname1);
if (!W_ERROR_IS_OK(error2))
callbacks->del_key(callback_data, tmppath);
/* perform here also the recursive invocation */
error1 = reg_open_key(mem_ctx, oldkey, keyname1, &t1);
if (!W_ERROR_IS_OK(error1)) {
DEBUG(0, ("Error occured while getting subkey by name: %s\n",
win_errstr(error1)));
talloc_free(mem_ctx);
return error1;
}
reg_generate_diff_key(t1, t2, tmppath, callbacks, callback_data);
talloc_free(tmppath);
}
if (newkey != NULL) {
error = reg_key_get_info(mem_ctx, newkey, NULL,
&new_num_subkeys, &new_num_values,
NULL, NULL, NULL, NULL);
if (!W_ERROR_IS_OK(error)) {
DEBUG(0, ("Error occurred while getting key info: %s\n",
win_errstr(error)));
talloc_free(mem_ctx);
return error;
}
} else {
new_num_subkeys = 0;
new_num_values = 0;
}
/* Subkeys that were added */
for(i = 0; i < new_num_subkeys; i++) {
error1 = reg_key_get_subkey_by_index(mem_ctx, newkey, i,
&keyname1, NULL, NULL);
if (!W_ERROR_IS_OK(error1)) {
DEBUG(0, ("Error occurred while getting subkey by index: %s\n",
win_errstr(error1)));
talloc_free(mem_ctx);
return error1;
}
if (oldkey != NULL) {
error2 = reg_open_key(mem_ctx, oldkey, keyname1, &t1);
if (W_ERROR_IS_OK(error2))
continue;
} else {
error2 = WERR_BADFILE;
t1 = NULL;
}
if (!W_ERROR_EQUAL(error2, WERR_BADFILE)) {
DEBUG(0, ("Error occurred while getting subkey by name: %s\n",
win_errstr(error2)));
talloc_free(mem_ctx);
return error2;
}
/* oldkey didn't have such a subkey, add add diff */
tmppath = talloc_asprintf(mem_ctx, "%s\\%s", path, keyname1);
callbacks->add_key(callback_data, tmppath);
/* perform here also the recursive invocation */
error1 = reg_open_key(mem_ctx, newkey, keyname1, &t2);
if (!W_ERROR_IS_OK(error1)) {
DEBUG(0, ("Error occured while getting subkey by name: %s\n",
win_errstr(error1)));
talloc_free(mem_ctx);
return error1;
}
reg_generate_diff_key(t1, t2, tmppath, callbacks, callback_data);
talloc_free(tmppath);
}
/* Values that were added or changed */
for(i = 0; i < new_num_values; i++) {
const char *name;
uint32_t type1, type2;
DATA_BLOB contents1, contents2;
error1 = reg_key_get_value_by_index(mem_ctx, newkey, i,
&name, &type1, &contents1);
if (!W_ERROR_IS_OK(error1)) {
DEBUG(0, ("Unable to get value by index: %s\n",
win_errstr(error1)));
talloc_free(mem_ctx);
return error1;
}
if (oldkey != NULL) {
error2 = reg_key_get_value_by_name(mem_ctx, oldkey,
name, &type2,
&contents2);
} else
error2 = WERR_BADFILE;
if (!W_ERROR_IS_OK(error2)
&& !W_ERROR_EQUAL(error2, WERR_BADFILE)) {
DEBUG(0, ("Error occurred while getting value by name: %s\n",
win_errstr(error2)));
talloc_free(mem_ctx);
return error2;
}
if (W_ERROR_IS_OK(error2)
&& (data_blob_cmp(&contents1, &contents2) == 0)
&& (type1 == type2))
continue;
callbacks->set_value(callback_data, path, name,
type1, contents1);
}
/* Values that were deleted */
for (i = 0; i < old_num_values; i++) {
const char *name;
uint32_t type;
DATA_BLOB contents;
error1 = reg_key_get_value_by_index(mem_ctx, oldkey, i, &name,
&type, &contents);
if (!W_ERROR_IS_OK(error1)) {
DEBUG(0, ("Unable to get value by index: %s\n",
win_errstr(error1)));
talloc_free(mem_ctx);
return error1;
}
if (newkey != NULL)
error2 = reg_key_get_value_by_name(mem_ctx, newkey,
name, &type, &contents);
else
error2 = WERR_BADFILE;
if (W_ERROR_IS_OK(error2))
continue;
if (!W_ERROR_EQUAL(error2, WERR_BADFILE)) {
DEBUG(0, ("Error occurred while getting value by name: %s\n",
win_errstr(error2)));
talloc_free(mem_ctx);
return error2;
}
callbacks->del_value(callback_data, path, name);
}
talloc_free(mem_ctx);
return WERR_OK;
}
