Exemple #1
0
static int traverse_sessionid(struct db_record *db, void *state)
{
	struct sessionid sessionid;
	fstring uid_str, gid_str;

	if (db->value.dsize != sizeof(sessionid))
		return 0;

	memcpy(&sessionid, db->value.dptr, sizeof(sessionid));

	if (!process_exists(sessionid.pid) || !Ucrit_checkUid(sessionid.uid)) {
		return 0;
	}

	Ucrit_addPid( sessionid.pid );

	fstr_sprintf(uid_str, "%d", sessionid.uid);
	fstr_sprintf(gid_str, "%d", sessionid.gid);

	d_printf("%-7s   %-12s  %-12s  %-12s (%s)\n",
		 procid_str_static(&sessionid.pid),
		 numeric_only ? uid_str : uidtoname(sessionid.uid),
		 numeric_only ? gid_str : gidtoname(sessionid.gid), 
		 sessionid.remote_machine, sessionid.hostname);
	
	return 0;
}
Exemple #2
0
void idmap_cache_set_sid2gid(const struct dom_sid *sid, gid_t gid)
{
	time_t now = time(NULL);
	time_t timeout;
	fstring sidstr, key, value;

	if (!is_null_sid(sid)) {
		fstr_sprintf(key, "IDMAP/SID2GID/%s",
			     sid_to_fstring(sidstr, sid));
		fstr_sprintf(value, "%d", (int)gid);
		timeout = (gid == -1)
			? lp_idmap_negative_cache_time()
			: lp_idmap_cache_time();
		gencache_set(key, value, now + timeout);
	}
	if (gid != -1) {
		fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)gid);
		if (is_null_sid(sid)) {
			/* negative gid mapping */
			fstrcpy(value, "-");
			timeout = lp_idmap_negative_cache_time();
		}
		else {
			sid_to_fstring(value, sid);
			timeout = lp_idmap_cache_time();
		}
		gencache_set(key, value, now + timeout);
	}
}
Exemple #3
0
static char *onefs_cbrl_blr_state_str(const struct blocking_lock_record *blr)
{
	static fstring result;
	struct onefs_cbrl_blr_state *bs;

	SMB_ASSERT(blr);

	bs = (struct onefs_cbrl_blr_state *)blr->blr_private;

	if (bs == NULL) {
		fstrcpy(result, "NULL CBRL BLR state - Posix lock?");
		return result;
	}

	switch (bs->state) {
	case ONEFS_CBRL_NONE:
		fstr_sprintf(result, "CBRL BLR id=%llu: state=NONE", bs->id);
		break;
	case ONEFS_CBRL_ASYNC:
		fstr_sprintf(result, "CBRL BLR id=%llu: state=ASYNC", bs->id);
		break;
	case ONEFS_CBRL_DONE:
		fstr_sprintf(result, "CBRL BLR id=%llu: state=DONE", bs->id);
		break;
	case ONEFS_CBRL_ERROR:
		fstr_sprintf(result, "CBRL BLR id=%llu: state=ERROR", bs->id);
		break;
	default:
		fstr_sprintf(result, "CBRL BLR id=%llu: unknown state %d",
		    bs->id, bs->state);
		break;
	}

	return result;
}
Exemple #4
0
static BOOL unparse_afs_acl(struct afs_acl *acl, char *acl_str)
{
	/* TODO: String length checks!!!! */

	int positives = 0;
	int negatives = 0;
	fstring line;

	*acl_str = 0;

	struct afs_ace *ace = acl->acelist;

	while (ace != NULL) {
		if (ace->positive)
			positives++;
		else
			negatives++;
		ace = ace->next;
	}

	fstr_sprintf(line, "%d\n", positives);
	safe_strcat(acl_str, line, MAXSIZE);

	fstr_sprintf(line, "%d\n", negatives);
	safe_strcat(acl_str, line, MAXSIZE);

	ace = acl->acelist;

	while (ace != NULL) {
		fstr_sprintf(line, "%s\t%d\n", ace->name, ace->rights);
		safe_strcat(acl_str, line, MAXSIZE);
		ace = ace->next;
	}
	return True;
}
Exemple #5
0
static int traverse_sessionid(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, void *state)
{
	struct sessionid sessionid;
	fstring uid_str, gid_str;

	if (dbuf.dsize != sizeof(sessionid))
		return 0;

	memcpy(&sessionid, dbuf.dptr, sizeof(sessionid));

	if (!process_exists_by_pid(sessionid.pid) || !Ucrit_checkUid(sessionid.uid)) {
		return 0;
	}

	Ucrit_addPid( sessionid.pid );

	fstr_sprintf(uid_str, "%d", sessionid.uid);
	fstr_sprintf(gid_str, "%d", sessionid.gid);

	d_printf("%5d   %-12s  %-12s  %-12s (%s)\n",
		 (int)sessionid.pid,
		 numeric_only ? uid_str : uidtoname(sessionid.uid),
		 numeric_only ? gid_str : gidtoname(sessionid.gid), 
		 sessionid.remote_machine, sessionid.hostname);
	
	return 0;
}
static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd,
				TALLOC_CTX *mem_ctx,
				struct dom_sid *sid,
				fstring name)
{
	struct policy_handle pol;
	enum lsa_SidType *sid_types = NULL;
	NTSTATUS status, result;
	char **domains = NULL, **names = NULL;
	struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;

	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
		SEC_FLAG_MAXIMUM_ALLOWED, &pol);

	if ( !NT_STATUS_IS_OK(status) )
		return status;

	status = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &pol, 1, sid, &domains, &names, &sid_types);

	if ( NT_STATUS_IS_OK(status) ) {
		if ( *domains[0] )
			fstr_sprintf( name, "%s\\%s", domains[0], names[0] );
		else
			fstrcpy( name, names[0] );
	}

	dcerpc_lsa_Close(b, mem_ctx, &pol, &result);
	return status;
}
Exemple #7
0
static bool set_privileges( const DOM_SID *sid, SE_PRIV *mask )
{
	struct db_context *db = get_account_pol_db();
	fstring tmp, keystr;
	TDB_DATA data;

	if ( !lp_enable_privileges() )
		return False;

	if ( db == NULL )
		return False;

	if ( !sid || (sid->num_auths == 0) ) {
		DEBUG(0,("set_privileges: Refusing to store empty SID!\n"));
		return False;
	}

	/* PRIV_<SID> (NULL terminated) as the key */

	fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));

	/* no packing.  static size structure, just write it out */

	data.dptr  = (uint8 *)mask;
	data.dsize = sizeof(SE_PRIV);

	return NT_STATUS_IS_OK(dbwrap_store_bystring(db, keystr, data,
						     TDB_REPLACE));
}
Exemple #8
0
static bool get_privileges( const DOM_SID *sid, SE_PRIV *mask )
{
	struct db_context *db = get_account_pol_db();
	fstring tmp, keystr;
	TDB_DATA data;

	/* Fail if the admin has not enable privileges */

	if ( !lp_enable_privileges() ) {
		return False;
	}

	if ( db == NULL )
		return False;

	/* PRIV_<SID> (NULL terminated) as the key */

	fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));

	data = dbwrap_fetch_bystring( db, talloc_tos(), keystr );

	if ( !data.dptr ) {
		DEBUG(3, ("get_privileges: No privileges assigned to SID "
			  "[%s]\n", sid_string_dbg(sid)));
		return False;
	}

	SMB_ASSERT( data.dsize == sizeof( SE_PRIV ) );

	se_priv_copy( mask, (SE_PRIV*)data.dptr );
	TALLOC_FREE(data.dptr);

	return True;
}
Exemple #9
0
static const char *session_dialect_str(uint16_t dialect)
{
	static fstring unkown_dialect;

	switch(dialect){
	case SMB2_DIALECT_REVISION_000:
		return "NT1";
	case SMB2_DIALECT_REVISION_202:
		return "SMB2_02";
	case SMB2_DIALECT_REVISION_210:
		return "SMB2_10";
	case SMB2_DIALECT_REVISION_222:
		return "SMB2_22";
	case SMB2_DIALECT_REVISION_224:
		return "SMB2_24";
	case SMB3_DIALECT_REVISION_300:
		return "SMB3_00";
	case SMB3_DIALECT_REVISION_302:
		return "SMB3_02";
	case SMB3_DIALECT_REVISION_310:
		return "SMB3_10";
	case SMB3_DIALECT_REVISION_311:
		return "SMB3_11";
	}

	fstr_sprintf(unkown_dialect, "Unknown (0x%04x)", dialect);
	return unkown_dialect;
}
static NTSTATUS store_cache_seqnum( struct winbindd_domain *domain )
{
	TDB_DATA data, key;
	fstring key_str;
	char buf[8];
	
	if (!wcache->tdb) {
		DEBUG(10,("store_cache_seqnum: tdb == NULL\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
		
	fstr_sprintf( key_str, "SEQNUM/%s", domain->name );
	key.dptr = key_str;
	key.dsize = strlen(key_str)+1;
	
	SIVAL(buf, 0, domain->sequence_number);
	SIVAL(buf, 4, domain->last_seq_check);
	data.dptr = buf;
	data.dsize = 8;
	
	if ( tdb_store( wcache->tdb, key, data, TDB_REPLACE) == -1 ) {
		DEBUG(10,("store_cache_seqnum: tdb_store fail key [%s]\n", key_str ));
		return NT_STATUS_UNSUCCESSFUL;
	}

	DEBUG(10,("store_cache_seqnum: success [%s][%u @ %u]\n", 
		domain->name, domain->sequence_number, 
		(uint32)domain->last_seq_check));
	
	return NT_STATUS_OK;
}
Exemple #11
0
static BOOL set_privileges( const DOM_SID *sid, SE_PRIV *mask )
{
	TDB_CONTEXT *tdb = get_account_pol_tdb();
	fstring keystr;
	TDB_DATA key, data;
	
	if ( !lp_enable_privileges() )
		return False;

	if ( !tdb )
		return False;

	if ( !sid || (sid->num_auths == 0) ) {
		DEBUG(0,("set_privileges: Refusing to store empty SID!\n"));
		return False;
	}

	/* PRIV_<SID> (NULL terminated) as the key */
	
	fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) );
	key.dptr = keystr;
	key.dsize = strlen(keystr) + 1;
	
	/* no packing.  static size structure, just write it out */
	
	data.dptr  = (char*)mask;
	data.dsize = sizeof(SE_PRIV);

	return ( tdb_store(tdb, key, data, TDB_REPLACE) != -1 );
}
Exemple #12
0
static const char *display_time(NTTIME nttime)
{
	static fstring string;

	float high;
	float low;
	int sec;
	int days, hours, mins, secs;

	if (nttime.high==0 && nttime.low==0)
		return "Now";

	if (nttime.high==0x80000000 && nttime.low==0)
		return "Never";

	high = 65536;	
	high = high/10000;
	high = high*65536;
	high = high/1000;
	high = high * (~nttime.high);

	low = ~nttime.low;	
	low = low/(1000*1000*10);

	sec=high+low;

	days=sec/(60*60*24);
	hours=(sec - (days*60*60*24)) / (60*60);
	mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
	secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);

	fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs);
	return (string);
}
Exemple #13
0
static int push_signature(uint8_t **outbuf)
{
	char *lanman;
	int result, tmp;
	fstring native_os;

	result = 0;

	fstr_sprintf(native_os, "Windows %d.%d", SAMBA_MAJOR_NBT_ANNOUNCE_VERSION,
		SAMBA_MINOR_NBT_ANNOUNCE_VERSION);

	tmp = message_push_string(outbuf, native_os, STR_TERMINATE);

	if (tmp == -1) return -1;
	result += tmp;

	if (asprintf(&lanman, "Samba %s", samba_version_string()) != -1) {
		tmp = message_push_string(outbuf, lanman, STR_TERMINATE);
		SAFE_FREE(lanman);
	}
	else {
		tmp = message_push_string(outbuf, "Samba", STR_TERMINATE);
	}

	if (tmp == -1) return -1;
	result += tmp;

	tmp = message_push_string(outbuf, lp_workgroup(), STR_TERMINATE);

	if (tmp == -1) return -1;
	result += tmp;

	return result;
}
Exemple #14
0
static NTSTATUS sid_to_name(struct rpc_pipe_client *pipe_hnd,
				TALLOC_CTX *mem_ctx,
				DOM_SID *sid,
				fstring name)
{
	struct policy_handle pol;
	enum lsa_SidType *sid_types = NULL;
	NTSTATUS result;
	char **domains = NULL, **names = NULL;

	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
		SEC_FLAG_MAXIMUM_ALLOWED, &pol);

	if ( !NT_STATUS_IS_OK(result) )
		return result;

	result = rpccli_lsa_lookup_sids(pipe_hnd, mem_ctx, &pol, 1, sid, &domains, &names, &sid_types);

	if ( NT_STATUS_IS_OK(result) ) {
		if ( *domains[0] )
			fstr_sprintf( name, "%s\\%s", domains[0], names[0] );
		else
			fstrcpy( name, names[0] );
	}

	rpccli_lsa_Close(pipe_hnd, mem_ctx, &pol);
	return result;
}
Exemple #15
0
static bool tdb_delete_samacct_only( struct samu *sam_pass )
{
	fstring 	keystr;
	fstring		name;
	NTSTATUS status;

	fstrcpy(name, pdb_get_username(sam_pass));
	if (!strlower_m(name)) {
		return false;
	}

  	/* set the search key */

	fstr_sprintf(keystr, "%s%s", USERPREFIX, name);

	/* it's outaa here!  8^) */
	if ( !tdbsam_open( tdbsam_filename ) ) {
		DEBUG(0,("tdb_delete_samacct_only: failed to open %s!\n",
			 tdbsam_filename));
		return false;
	}

	status = dbwrap_delete_bystring(db_sam, keystr);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(5, ("Error deleting entry from tdb passwd "
			  "database: %s!\n", nt_errstr(status)));
		return false;
	}

	return true;
}
Exemple #16
0
/***************************************************************************
 Update the TDB SAM RID record only
 Assumes that the tdbsam is already open
****************************************************************************/
static bool tdb_update_ridrec_only( struct samu* newpwd, int flag )
{
	TDB_DATA 	data;
	fstring 	keystr;
	fstring		name;
	NTSTATUS status;

	fstrcpy(name, pdb_get_username(newpwd));
	if (!strlower_m(name)) {
		return false;
	}

	/* setup RID data */
	data = string_term_tdb_data(name);

	/* setup the RID index key */
	fstr_sprintf(keystr, "%s%.8x", RIDPREFIX, pdb_get_user_rid(newpwd));

	/* add the reference */
	status = dbwrap_store_bystring(db_sam, keystr, data, flag);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("Unable to modify TDB passwd: %s!\n",
			  nt_errstr(status)));
		return false;
	}

	return true;

}
Exemple #17
0
static NTSTATUS sid_to_name(struct cli_state *cli, 
			    TALLOC_CTX *mem_ctx,
			    DOM_SID *sid, fstring name)
{
	POLICY_HND pol;
	uint32 *sid_types;
	NTSTATUS result;
	char **domains, **names;

	result = cli_lsa_open_policy(cli, mem_ctx, True, 
		SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
		
	if ( !NT_STATUS_IS_OK(result) )
		return result;

	result = cli_lsa_lookup_sids(cli, mem_ctx, &pol, 1, sid, &domains, &names, &sid_types);
	
	if ( NT_STATUS_IS_OK(result) ) {
		if ( *domains[0] )
			fstr_sprintf( name, "%s\\%s", domains[0], names[0] );
		else
			fstrcpy( name, names[0] );
	}

	cli_lsa_close(cli, mem_ctx, &pol);
	return result;
}
Exemple #18
0
static char *quota_str_static(SMB_BIG_UINT val, BOOL special, BOOL _numeric)
{
	static fstring buffer;
	
	memset(buffer,'\0',sizeof(buffer));

	if (!_numeric&&special&&(val == SMB_NTQUOTAS_NO_LIMIT)) {
		fstr_sprintf(buffer,"NO LIMIT");
		return buffer;
	}
#if defined(HAVE_LONGLONG)
	fstr_sprintf(buffer,"%llu",val);
#else
	fstr_sprintf(buffer,"%lu",val);
#endif	
	return buffer;
}
Exemple #19
0
static NTSTATUS tdbsam_getsampwnam (struct pdb_methods *my_methods,
				    struct samu *user, const char *sname)
{
	TDB_DATA 	data;
	fstring 	keystr;
	fstring		name;
	NTSTATUS status;

	if ( !user ) {
		DEBUG(0,("pdb_getsampwnam: struct samu is NULL.\n"));
		return NT_STATUS_NO_MEMORY;
	}

	/* Data is stored in all lower-case */
	fstrcpy(name, sname);
	if (!strlower_m(name)) {
		return NT_STATUS_INVALID_PARAMETER;
	}

	/* set search key */
	fstr_sprintf(keystr, "%s%s", USERPREFIX, name);

	/* open the database */

	if ( !tdbsam_open( tdbsam_filename ) ) {
		DEBUG(0,("tdbsam_getsampwnam: failed to open %s!\n", tdbsam_filename));
		return NT_STATUS_ACCESS_DENIED;
	}

	/* get the record */

	status = dbwrap_fetch_bystring(db_sam, talloc_tos(), keystr, &data);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(5,("pdb_getsampwnam (TDB): error fetching database.\n"));
		DEBUGADD(5, (" Key: %s\n", keystr));
		return NT_STATUS_NO_SUCH_USER;
	}

	if (data.dsize == 0) {
		DEBUG(5, ("%s: Got 0-sized record for key %s\n", __func__,
			  keystr));
		return NT_STATUS_NO_SUCH_USER;
	}

  	/* unpack the buffer */

	if (!init_samu_from_buffer(user, SAMU_BUFFER_LATEST, data.dptr, data.dsize)) {
		DEBUG(0,("pdb_getsampwent: Bad struct samu entry returned from TDB!\n"));
		TALLOC_FREE(data.dptr);
		return NT_STATUS_NO_MEMORY;
	}

	/* success */

	TALLOC_FREE(data.dptr);

	return NT_STATUS_OK;
}
bool trustdom_cache_store_timestamp( uint32 t, time_t timeout )
{
	fstring value;

	fstr_sprintf(value, "%d", t );

	if (!gencache_set(TDOMTSKEY, value, timeout)) {
		DEBUG(5, ("failed to set timestamp for trustdom_cache\n"));
		return False;
	} 

	return True;
}
Exemple #21
0
static int add_signature(char *outbuf, char *p)
{
	char *start = p;
	fstring lanman;

	fstr_sprintf( lanman, "Samba %s", SAMBA_VERSION_STRING);

	p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);
	p += srvstr_push(outbuf, p, lanman, -1, STR_TERMINATE);
	p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);

	return PTR_DIFF(p, start);
}
Exemple #22
0
static int traverse_sessionid(const char *key, struct sessionid *session,
			      void *private_data)
{
	fstring uid_str, gid_str;

	if (!process_exists(session->pid)
	    || !Ucrit_checkUid(session->uid)) {
		return 0;
	}

	Ucrit_addPid(session->pid);

	fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
	fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);

	d_printf("%-7s   %-12s  %-12s  %-12s (%s)\n",
		 procid_str_static(&session->pid),
		 numeric_only ? uid_str : uidtoname(session->uid),
		 numeric_only ? gid_str : gidtoname(session->gid),
		 session->remote_machine, session->hostname);

	return 0;
}
Exemple #23
0
/* run kinit to setup our ccache */
int ads_kinit_password(ADS_STRUCT *ads)
{
	char *s;
	int ret;
	const char *account_name;
	fstring acct_name;

	if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
		account_name = ads->auth.user_name;
		goto got_accountname;
	}

	if ( IS_DC ) {
		/* this will end up getting a ticket for [email protected] */
		account_name = lp_workgroup();
	} else {
		/* always use the sAMAccountName for security = domain */
		/* global_myname()[email protected] */
		if ( lp_security() == SEC_DOMAIN ) {
			fstr_sprintf( acct_name, "%s$", global_myname() );
			account_name = acct_name;
		}
		else
			/* This looks like host/global_myname()@REA.LM */
			account_name = ads->auth.user_name;
	}

 got_accountname:
	if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
		return KRB5_CC_NOMEM;
	}

	if (!ads->auth.password) {
		SAFE_FREE(s);
		return KRB5_LIBOS_CANTREADPWD;
	}

	ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
			&ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,
			NULL);

	if (ret) {
		DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
			 s, error_message(ret)));
	}
	SAFE_FREE(s);
	return ret;
}
Exemple #24
0
const char *svc_status_string( uint32 state )
{
	fstring msg;
	int i;

	fstr_sprintf( msg, _("Unknown State [%d]"), state );

	for ( i=0; state_msg_table[i].message; i++ ) {
		if ( state_msg_table[i].flag == state ) {
			fstrcpy( msg, state_msg_table[i].message );
			break;
		}
	}

	return talloc_strdup(talloc_tos(), msg);
}
Exemple #25
0
const char* svc_status_string( uint32 state )
{
	static fstring msg;
	int i;
	
	fstr_sprintf( msg, "Unknown State [%d]", state );
	
	for ( i=0; state_msg_table[i].message; i++ ) {
		if ( state_msg_table[i].flag == state ) {
			fstrcpy( msg, state_msg_table[i].message );
			break;	
		}
	}
	
	return msg;
}
Exemple #26
0
/***************************************************************************
 Update the TDB SAM account record only
 Assumes that the tdbsam is already open 
****************************************************************************/
static bool tdb_update_samacct_only( struct samu* newpwd, int flag )
{
	TDB_DATA 	data;
	uint8_t		*buf = NULL;
	fstring 	keystr;
	fstring		name;
	bool		ret = false;
	NTSTATUS status;

	/* copy the struct samu struct into a BYTE buffer for storage */

	if ( (data.dsize=init_buffer_from_samu(&buf, newpwd, False)) == -1 ) {
		DEBUG(0,("tdb_update_sam: ERROR - Unable to copy struct samu info BYTE buffer!\n"));
		goto done;
	}
	data.dptr = buf;

	fstrcpy(name, pdb_get_username(newpwd));
	if (!strlower_m(name)) {
		goto done;
	}

	DEBUG(5, ("Storing %saccount %s with RID %d\n",
		  flag == TDB_INSERT ? "(new) " : "", name,
		  pdb_get_user_rid(newpwd)));

  	/* setup the USER index key */
	fstr_sprintf(keystr, "%s%s", USERPREFIX, name);

	/* add the account */

	status = dbwrap_store_bystring(db_sam, keystr, data, flag);
	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(0, ("Unable to modify passwd TDB: %s!",
			  nt_errstr(status)));
		goto done;
	}

	ret = true;

done:
	/* cleanup */
	SAFE_FREE(buf);
	return ret;
}
Exemple #27
0
NTSTATUS create_builtin_administrators(const struct dom_sid *dom_sid)
{
	NTSTATUS status;
	struct dom_sid dom_admins, root_sid;
	fstring root_name;
	enum lsa_SidType type;
	TALLOC_CTX *ctx;
	bool ret;

	status = create_builtin(BUILTIN_RID_ADMINISTRATORS);
	if ( !NT_STATUS_IS_OK(status) ) {
		DEBUG(5,("create_builtin_administrators: Failed to create Administrators\n"));
		return status;
	}

	/* add domain admins */
	if ((IS_DC || (lp_server_role() == ROLE_DOMAIN_MEMBER))
		&& sid_compose(&dom_admins, dom_sid, DOMAIN_RID_ADMINS))
	{
		status = add_sid_to_builtin(&global_sid_Builtin_Administrators,
					    &dom_admins);
		if (!NT_STATUS_IS_OK(status)) {
			return status;
		}
	}

	/* add root */
	if ( (ctx = talloc_init("create_builtin_administrators")) == NULL ) {
		return NT_STATUS_NO_MEMORY;
	}
	fstr_sprintf( root_name, "%s\\root", get_global_sam_name() );
	ret = lookup_name(ctx, root_name, LOOKUP_NAME_DOMAIN, NULL, NULL,
			  &root_sid, &type);
	TALLOC_FREE( ctx );

	if ( ret ) {
		status = add_sid_to_builtin(&global_sid_Builtin_Administrators,
					    &root_sid);
	}

	return status;
}
static NTSTATUS fetch_cache_seqnum( struct winbindd_domain *domain, time_t now )
{
	TDB_DATA data;
	fstring key;
	uint32 time_diff;
	
	if (!wcache->tdb) {
		DEBUG(10,("fetch_cache_seqnum: tdb == NULL\n"));
		return NT_STATUS_UNSUCCESSFUL;
	}
		
	fstr_sprintf( key, "SEQNUM/%s", domain->name );
	
	data = tdb_fetch_bystring( wcache->tdb, key );
	if ( !data.dptr || data.dsize!=8 ) {
		DEBUG(10,("fetch_cache_seqnum: invalid data size key [%s]\n", key ));
		return NT_STATUS_UNSUCCESSFUL;
	}
	
	domain->sequence_number = IVAL(data.dptr, 0);
	domain->last_seq_check  = IVAL(data.dptr, 4);
	
	/* have we expired? */
	
	time_diff = now - domain->last_seq_check;
	if ( time_diff > lp_winbind_cache_time() ) {
		DEBUG(10,("fetch_cache_seqnum: timeout [%s][%u @ %u]\n",
			domain->name, domain->sequence_number,
			(uint32)domain->last_seq_check));
		return NT_STATUS_UNSUCCESSFUL;
	}

	DEBUG(10,("fetch_cache_seqnum: success [%s][%u @ %u]\n", 
		domain->name, domain->sequence_number, 
		(uint32)domain->last_seq_check));

	return NT_STATUS_OK;
}
Exemple #29
0
WERROR rpccli_svcctl_open_scm(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
                              POLICY_HND *hSCM, uint32 access_desired )
{
	SVCCTL_Q_OPEN_SCMANAGER in;
	SVCCTL_R_OPEN_SCMANAGER out;
	prs_struct qbuf, rbuf;
	fstring server;
	
	ZERO_STRUCT(in);
	ZERO_STRUCT(out);
	
	/* leave the database name NULL to get the default service db */

	in.database = NULL;

	/* set the server name */

	if ( !(in.servername = TALLOC_P( mem_ctx, UNISTR2 )) )
		return WERR_NOMEM;
	fstr_sprintf( server, "\\\\%s", cli->cli->desthost );
	init_unistr2( in.servername, server, UNI_STR_TERMINATE );

	in.access = access_desired;
	
	CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SCMANAGER_W, 
	            in, out, 
	            qbuf, rbuf,
	            svcctl_io_q_open_scmanager,
	            svcctl_io_r_open_scmanager, 
	            WERR_GENERAL_FAILURE );
	
	if ( !W_ERROR_IS_OK( out.status ) )
		return out.status;

	memcpy( hSCM, &out.handle, sizeof(POLICY_HND) );
	
	return out.status;
}
Exemple #30
0
NTSTATUS privilege_delete_account(const struct dom_sid *sid)
{
	struct db_context *db = get_account_pol_db();
	fstring tmp, keystr;

	if (!lp_enable_privileges()) {
		return NT_STATUS_OK;
	}

	if (!db) {
		return NT_STATUS_INVALID_HANDLE;
	}

	if (!sid || (sid->num_auths == 0)) {
		return NT_STATUS_INVALID_SID;
	}

	/* PRIV_<SID> (NULL terminated) as the key */

	fstr_sprintf(keystr, "%s%s", PRIVPREFIX, sid_to_fstring(tmp, sid));

	return dbwrap_delete_bystring(db, keystr);
}