static bool hbin_prs_key( REGF_FILE *file, REGF_HBIN *hbin, REGF_NK_REC *nk ) { int depth = 0; REGF_HBIN *sub_hbin; depth++; /* get the initial nk record */ if (!prs_nk_rec("nk_rec", &hbin->ps, depth, nk)) return false; /* fill in values */ if ( nk->num_values && (nk->values_off!=REGF_OFFSET_NONE) ) { sub_hbin = hbin; if ( !hbin_contains_offset( hbin, nk->values_off ) ) { sub_hbin = lookup_hbin_block( file, nk->values_off ); if ( !sub_hbin ) { /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing value_list_offset [0x%x]\n", nk->values_off));*/ return false; } } if(!hbin_prs_vk_records("vk_rec", sub_hbin, depth, nk, file)) return false; } /* now get subkeys */ if ( nk->num_subkeys && (nk->subkeys_off!=REGF_OFFSET_NONE) ) { sub_hbin = hbin; if ( !hbin_contains_offset( hbin, nk->subkeys_off ) ) { sub_hbin = lookup_hbin_block( file, nk->subkeys_off ); if ( !sub_hbin ) { /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing subkey_offset [0x%x]\n", nk->subkeys_off));*/ return false; } } if (!hbin_prs_lf_records("lf_rec", sub_hbin, depth, nk)) return false; } /* get the to the security descriptor. First look if we have already parsed it */ if ((nk->sk_off!=REGF_OFFSET_NONE) && !(nk->sec_desc = find_sk_record_by_offset( file, nk->sk_off ))) { sub_hbin = hbin; if (!hbin_contains_offset(hbin, nk->sk_off)) { sub_hbin = lookup_hbin_block( file, nk->sk_off ); if ( !sub_hbin ) { /*DEBUG(0,("hbin_prs_key: Failed to find HBIN block containing sk_offset [0x%x]\n", nk->subkeys_off));*/ return false; } } if ( !(nk->sec_desc = (REGF_SK_REC*)zalloc(sizeof(REGF_SK_REC) )) ) return false; nk->sec_desc->sk_off = nk->sk_off; if ( !hbin_prs_sk_rec( "sk_rec", sub_hbin, depth, nk->sec_desc )) return false; /* add to the list of security descriptors (ref_count has been read from the files) */ nk->sec_desc->sk_off = nk->sk_off; /* XXX: this kind of caching needs to be re-evaluated */ DLIST_ADD( file->sec_desc_list, nk->sec_desc ); } return true; }
/* * Connect to a server for getting/setting attributes, possibly on an existing * connection. This works similarly to SMBC_server(). */ SMBCSRV * SMBC_attr_server(TALLOC_CTX *ctx, SMBCCTX *context, const char *server, uint16_t port, const char *share, char **pp_workgroup, char **pp_username, char **pp_password) { int flags; struct cli_state *ipc_cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; NTSTATUS nt_status; SMBCSRV *srv=NULL; SMBCSRV *ipc_srv=NULL; /* * Use srv->cli->desthost and srv->cli->share instead of * server and share below to connect to the actual share, * i.e., a normal share or a referred share from * 'msdfs proxy' share. */ srv = SMBC_server(ctx, context, true, server, port, share, pp_workgroup, pp_username, pp_password); if (!srv) { return NULL; } server = smbXcli_conn_remote_name(srv->cli->conn); share = srv->cli->share; /* * See if we've already created this special connection. Reference * our "special" share name '*IPC$', which is an impossible real share * name due to the leading asterisk. */ ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", pp_workgroup, pp_username, pp_password); if (!ipc_srv) { int signing_state = SMB_SIGNING_DEFAULT; /* We didn't find a cached connection. Get the password */ if (!*pp_password || (*pp_password)[0] == '\0') { /* ... then retrieve it now. */ SMBC_call_auth_fn(ctx, context, server, share, pp_workgroup, pp_username, pp_password); if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; return NULL; } } flags = 0; if (smbc_getOptionUseKerberos(context)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS; } if (smbc_getOptionUseCCache(context)) { flags |= CLI_FULL_CONNECTION_USE_CCACHE; } if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { signing_state = SMB_SIGNING_REQUIRED; } nt_status = cli_full_connection(&ipc_cli, lp_netbios_name(), server, NULL, 0, "IPC$", "?????", *pp_username, *pp_workgroup, *pp_password, flags, signing_state); if (! NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); errno = ENOTSUP; return NULL; } if (context->internal->smb_encryption_level) { /* Attempt encryption. */ nt_status = cli_cm_force_encryption(ipc_cli, *pp_username, *pp_password, *pp_workgroup, "IPC$"); if (!NT_STATUS_IS_OK(nt_status)) { /* * context->smb_encryption_level == * 1 means don't fail if encryption can't be * negotiated, == 2 means fail if encryption * can't be negotiated. */ DEBUG(4,(" SMB encrypt failed on IPC$\n")); if (context->internal->smb_encryption_level == 2) { cli_shutdown(ipc_cli); errno = EPERM; return NULL; } } DEBUG(4,(" SMB encrypt ok on IPC$\n")); } ipc_srv = SMB_MALLOC_P(SMBCSRV); if (!ipc_srv) { errno = ENOMEM; cli_shutdown(ipc_cli); return NULL; } ZERO_STRUCTP(ipc_srv); DLIST_ADD(ipc_srv->cli, ipc_cli); nt_status = cli_rpc_pipe_open_noauth( ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("cli_nt_session_open fail!\n")); errno = ENOTSUP; cli_shutdown(ipc_srv->cli); free(ipc_srv); return NULL; } /* * Some systems don't support * SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000 * so we might as well do it too. */ nt_status = rpccli_lsa_open_policy( pipe_hnd, talloc_tos(), True, GENERIC_EXECUTE_ACCESS, &ipc_srv->pol); if (!NT_STATUS_IS_OK(nt_status)) { errno = SMBC_errno(context, ipc_srv->cli); cli_shutdown(ipc_srv->cli); free(ipc_srv); return NULL; } /* now add it to the cache (internal or external) */ errno = 0; /* let cache function set errno if it likes */ if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv, server, "*IPC$", *pp_workgroup, *pp_username)) { DEBUG(3, (" Failed to add server to cache\n")); if (errno == 0) { errno = ENOMEM; } cli_shutdown(ipc_srv->cli); free(ipc_srv); return NULL; } DLIST_ADD(context->internal->servers, ipc_srv); } return ipc_srv; }
struct tdb_print_db *get_print_db_byname(const char *printername) { struct tdb_print_db *p = NULL, *last_entry = NULL; size_t num_open = 0; char *printdb_path = NULL; bool done_become_root = False; char *print_cache_path; int ret; SMB_ASSERT(printername != NULL); for (p = print_db_head, last_entry = print_db_head; p; p = p->next) { /* Ensure the list terminates... JRA. */ SMB_ASSERT(p->next != print_db_head); if (p->tdb && strequal(p->printer_name, printername)) { DLIST_PROMOTE(print_db_head, p); p->ref_count++; return p; } num_open++; last_entry = p; } /* Not found. */ if (num_open >= MAX_PRINT_DBS_OPEN) { /* Try and recycle the last entry. */ if (print_db_head && last_entry) { DLIST_PROMOTE(print_db_head, last_entry); } for (p = print_db_head; p; p = p->next) { if (p->ref_count) continue; if (p->tdb) { if (tdb_close(p->tdb)) { DEBUG(0,("get_print_db: Failed to close tdb for printer %s\n", p->printer_name )); return NULL; } } p->tdb = NULL; p->ref_count = 0; memset(p->printer_name, '\0', sizeof(p->printer_name)); break; } if (p && print_db_head) { DLIST_PROMOTE(print_db_head, p); p = print_db_head; } } if (!p) { /* Create one. */ p = SMB_MALLOC_P(struct tdb_print_db); if (!p) { DEBUG(0,("get_print_db: malloc fail !\n")); return NULL; } ZERO_STRUCTP(p); DLIST_ADD(print_db_head, p); }
static void add_subnet(struct subnet_record *subrec) { DLIST_ADD(subnetlist, subrec); }
BOOL cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST **pqt_list) { BOOL ret = False; uint16 setup; char params[16]; char *rparam=NULL, *rdata=NULL; unsigned int rparam_count=0, rdata_count=0; unsigned int offset; const char *curdata = NULL; unsigned int curdata_count = 0; TALLOC_CTX *mem_ctx = NULL; SMB_NTQUOTA_STRUCT qt; SMB_NTQUOTA_LIST *tmp_list_ent; if (!cli||!pqt_list) smb_panic("cli_list_user_quota() called with NULL Pointer!"); setup = NT_TRANSACT_GET_USER_QUOTA; SSVAL(params, 0,quota_fnum); SSVAL(params, 2,TRANSACT_GET_USER_QUOTA_LIST_START); SIVAL(params, 4,0x00000000); SIVAL(params, 8,0x00000000); SIVAL(params,12,0x00000000); if (!cli_send_nt_trans(cli, NT_TRANSACT_GET_USER_QUOTA, 0, &setup, 1, 0, params, 16, 4, NULL, 0, 2048)) { DEBUG(1,("Failed to send NT_TRANSACT_GET_USER_QUOTA\n")); goto cleanup; } if (!cli_receive_nt_trans(cli, &rparam, &rparam_count, &rdata, &rdata_count)) { DEBUG(1,("Failed to recv NT_TRANSACT_GET_USER_QUOTA\n")); goto cleanup; } if (cli_is_error(cli)) { ret = False; goto cleanup; } else { ret = True; } if (rdata_count == 0) { *pqt_list = NULL; return True; } if ((mem_ctx=talloc_init("SMB_USER_QUOTA_LIST"))==NULL) { DEBUG(0,("talloc_init() failed\n")); return (-1); } offset = 1; for (curdata=rdata,curdata_count=rdata_count; ((curdata)&&(curdata_count>=8)&&(offset>0)); curdata +=offset,curdata_count -= offset) { ZERO_STRUCT(qt); if (!parse_user_quota_record(curdata, curdata_count, &offset, &qt)) { DEBUG(1,("Failed to parse the quota record\n")); goto cleanup; } if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { DEBUG(0,("talloc_zero() failed\n")); return (-1); } if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { DEBUG(0,("talloc_zero() failed\n")); return (-1); } memcpy(tmp_list_ent->quotas,&qt,sizeof(qt)); tmp_list_ent->mem_ctx = mem_ctx; DLIST_ADD((*pqt_list),tmp_list_ent); } SSVAL(params, 2,TRANSACT_GET_USER_QUOTA_LIST_CONTINUE); while(1) { if (!cli_send_nt_trans(cli, NT_TRANSACT_GET_USER_QUOTA, 0, &setup, 1, 0, params, 16, 4, NULL, 0, 2048)) { DEBUG(1,("Failed to send NT_TRANSACT_GET_USER_QUOTA\n")); goto cleanup; } SAFE_FREE(rparam); SAFE_FREE(rdata); if (!cli_receive_nt_trans(cli, &rparam, &rparam_count, &rdata, &rdata_count)) { DEBUG(1,("Failed to recv NT_TRANSACT_GET_USER_QUOTA\n")); goto cleanup; } if (cli_is_error(cli)) { ret = False; goto cleanup; } else { ret = True; } if (rdata_count == 0) { break; } offset = 1; for (curdata=rdata,curdata_count=rdata_count; ((curdata)&&(curdata_count>=8)&&(offset>0)); curdata +=offset,curdata_count -= offset) { ZERO_STRUCT(qt); if (!parse_user_quota_record(curdata, curdata_count, &offset, &qt)) { DEBUG(1,("Failed to parse the quota record\n")); goto cleanup; } if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { DEBUG(0,("talloc_zero() failed\n")); talloc_destroy(mem_ctx); goto cleanup; } if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { DEBUG(0,("talloc_zero() failed\n")); talloc_destroy(mem_ctx); goto cleanup; } memcpy(tmp_list_ent->quotas,&qt,sizeof(qt)); tmp_list_ent->mem_ctx = mem_ctx; DLIST_ADD((*pqt_list),tmp_list_ent); } } ret = True; cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); return ret; }
/***************************************************** return a connection to a server (existing or new) *******************************************************/ struct smbw_server *smbw_server(char *server, char *share) { struct smbw_server *srv=NULL; struct cli_state c; char *username; char *password; char *workgroup; struct nmb_name called, calling; char *p, *server_n = server; fstring group; pstring ipenv; struct in_addr ip; zero_ip(&ip); ZERO_STRUCT(c); get_auth_data_fn(server, share, &workgroup, &username, &password); /* try to use an existing connection */ for (srv=smbw_srvs;srv;srv=srv->next) { if (strcmp(server,srv->server_name)==0 && strcmp(share,srv->share_name)==0 && strcmp(workgroup,srv->workgroup)==0 && strcmp(username, srv->username) == 0) return srv; } if (server[0] == 0) { errno = EPERM; return NULL; } make_nmb_name(&calling, global_myname, 0x0); make_nmb_name(&called , server, 0x20); DEBUG(4,("server_n=[%s] server=[%s]\n", server_n, server)); if ((p=strchr(server_n,'#')) && (strcmp(p+1,"1D")==0 || strcmp(p+1,"01")==0)) { struct in_addr sip; pstring s; fstrcpy(group, server_n); p = strchr(group,'#'); *p = 0; /* cache the workgroup master lookup */ slprintf(s,sizeof(s)-1,"MASTER_%s", group); if (!(server_n = smbw_getshared(s))) { if (!find_master_ip(group, &sip)) { errno = ENOENT; return NULL; } fstrcpy(group, inet_ntoa(sip)); server_n = group; smbw_setshared(s,server_n); } } DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server)); again: slprintf(ipenv,sizeof(ipenv)-1,"HOST_%s", server_n); zero_ip(&ip); if ((p=smbw_getshared(ipenv))) { ip = *(interpret_addr2(p)); } /* have to open a new connection */ if (!cli_initialise(&c) || !cli_connect(&c, server_n, &ip)) { errno = ENOENT; return NULL; } if (!cli_session_request(&c, &calling, &called)) { cli_shutdown(&c); if (strcmp(called.name, "*SMBSERVER")) { make_nmb_name(&called , "*SMBSERVER", 0x20); goto again; } errno = ENOENT; return NULL; } DEBUG(4,(" session request ok\n")); if (!cli_negprot(&c)) { cli_shutdown(&c); errno = ENOENT; return NULL; } if (!cli_session_setup(&c, username, password, strlen(password), password, strlen(password), workgroup) && /* try an anonymous login if it failed */ !cli_session_setup(&c, "", "", 1,"", 0, workgroup)) { cli_shutdown(&c); errno = EPERM; return NULL; } DEBUG(4,(" session setup ok\n")); if (!cli_send_tconX(&c, share, "?????", password, strlen(password)+1)) { errno = smbw_errno(&c); cli_shutdown(&c); return NULL; } smbw_setshared(ipenv,inet_ntoa(ip)); DEBUG(4,(" tconx ok\n")); srv = (struct smbw_server *)malloc(sizeof(*srv)); if (!srv) { errno = ENOMEM; goto failed; } ZERO_STRUCTP(srv); srv->cli = c; srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); srv->server_name = strdup(server); if (!srv->server_name) { errno = ENOMEM; goto failed; } srv->share_name = strdup(share); if (!srv->share_name) { errno = ENOMEM; goto failed; } srv->workgroup = strdup(workgroup); if (!srv->workgroup) { errno = ENOMEM; goto failed; } srv->username = strdup(username); if (!srv->username) { errno = ENOMEM; goto failed; } /* some programs play with file descriptors fairly intimately. We try to get out of the way by duping to a high fd number */ if (fcntl(SMBW_CLI_FD + srv->cli.fd, F_GETFD) && errno == EBADF) { if (dup2(srv->cli.fd,SMBW_CLI_FD+srv->cli.fd) == srv->cli.fd+SMBW_CLI_FD) { close(srv->cli.fd); srv->cli.fd += SMBW_CLI_FD; } } DLIST_ADD(smbw_srvs, srv); return srv; failed: cli_shutdown(&c); if (!srv) return NULL; SAFE_FREE(srv->server_name); SAFE_FREE(srv->share_name); SAFE_FREE(srv); return NULL; }
SMBCFILE * SMBC_open_ctx(SMBCCTX *context, const char *fname, int flags, mode_t mode) { char *server = NULL; char *share = NULL; char *user = NULL; char *password = NULL; char *workgroup = NULL; char *path = NULL; char *targetpath = NULL; struct cli_state *targetcli = NULL; SMBCSRV *srv = NULL; SMBCFILE *file = NULL; uint16_t fd; uint16_t port = 0; NTSTATUS status = NT_STATUS_OBJECT_PATH_INVALID; TALLOC_CTX *frame = talloc_stackframe(); if (!context || !context->internal->initialized) { errno = EINVAL; /* Best I can think of ... */ TALLOC_FREE(frame); return NULL; } if (!fname) { errno = EINVAL; TALLOC_FREE(frame); return NULL; } if (SMBC_parse_path(frame, context, fname, &workgroup, &server, &port, &share, &path, &user, &password, NULL)) { errno = EINVAL; TALLOC_FREE(frame); return NULL; } if (!user || user[0] == (char)0) { user = talloc_strdup(frame, smbc_getUser(context)); if (!user) { errno = ENOMEM; TALLOC_FREE(frame); return NULL; } } srv = SMBC_server(frame, context, True, server, port, share, &workgroup, &user, &password); if (!srv) { if (errno == EPERM) errno = EACCES; TALLOC_FREE(frame); return NULL; /* SMBC_server sets errno */ } /* Hmmm, the test for a directory is suspect here ... FIXME */ if (strlen(path) > 0 && path[strlen(path) - 1] == '\\') { status = NT_STATUS_OBJECT_PATH_INVALID; } else { file = SMB_MALLOC_P(SMBCFILE); if (!file) { errno = ENOMEM; TALLOC_FREE(frame); return NULL; } ZERO_STRUCTP(file); /*d_printf(">>>open: resolving %s\n", path);*/ status = cli_resolve_path( frame, "", context->internal->auth_info, srv->cli, path, &targetcli, &targetpath); if (!NT_STATUS_IS_OK(status)) { d_printf("Could not resolve %s\n", path); errno = ENOENT; SAFE_FREE(file); TALLOC_FREE(frame); return NULL; } /*d_printf(">>>open: resolved %s as %s\n", path, targetpath);*/ status = cli_open(targetcli, targetpath, flags, context->internal->share_mode, &fd); if (!NT_STATUS_IS_OK(status)) { /* Handle the error ... */ SAFE_FREE(file); errno = SMBC_errno(context, targetcli); TALLOC_FREE(frame); return NULL; } /* Fill in file struct */ file->cli_fd = fd; file->fname = SMB_STRDUP(fname); file->srv = srv; file->offset = 0; file->file = True; DLIST_ADD(context->internal->files, file); /* * If the file was opened in O_APPEND mode, all write * operations should be appended to the file. To do that, * though, using this protocol, would require a getattrE() * call for each and every write, to determine where the end * of the file is. (There does not appear to be an append flag * in the protocol.) Rather than add all of that overhead of * retrieving the current end-of-file offset prior to each * write operation, we'll assume that most append operations * will continuously write, so we'll just set the offset to * the end of the file now and hope that's adequate. * * Note to self: If this proves inadequate, and O_APPEND * should, in some cases, be forced for each write, add a * field in the context options structure, for * "strict_append_mode" which would select between the current * behavior (if FALSE) or issuing a getattrE() prior to each * write and forcing the write to the end of the file (if * TRUE). Adding that capability will likely require adding * an "append" flag into the _SMBCFILE structure to track * whether a file was opened in O_APPEND mode. -- djl */ if (flags & O_APPEND) { if (SMBC_lseek_ctx(context, file, 0, SEEK_END) < 0) { (void) SMBC_close_ctx(context, file); errno = ENXIO; TALLOC_FREE(frame); return NULL; } } TALLOC_FREE(frame); return file; } /* Check if opendir needed ... */ if (!NT_STATUS_IS_OK(status)) { int eno = 0; eno = SMBC_errno(context, srv->cli); file = smbc_getFunctionOpendir(context)(context, fname); if (!file) errno = eno; TALLOC_FREE(frame); return file; } errno = EINVAL; /* FIXME, correct errno ? */ TALLOC_FREE(frame); return NULL; }
NTSTATUS add_ccache_to_list(const char *princ_name, const char *ccname, const char *service, const char *username, const char *pass, const char *realm, uid_t uid, time_t create_time, time_t ticket_end, time_t renew_until, bool postponed_request) { struct WINBINDD_CCACHE_ENTRY *entry = NULL; struct timeval t; NTSTATUS ntret; #ifdef HAVE_KRB5 int ret; #endif if ((username == NULL && princ_name == NULL) || ccname == NULL || uid < 0) { return NT_STATUS_INVALID_PARAMETER; } if (ccache_entry_count() + 1 > MAX_CCACHES) { DEBUG(10,("add_ccache_to_list: " "max number of ccaches reached\n")); return NT_STATUS_NO_MORE_ENTRIES; } /* If it is cached login, destroy krb5 ticket * to avoid surprise. */ #ifdef HAVE_KRB5 if (postponed_request) { /* ignore KRB5_FCC_NOFILE error here */ ret = ads_kdestroy(ccname); if (ret == KRB5_FCC_NOFILE) { ret = 0; } if (ret) { DEBUG(0, ("add_ccache_to_list: failed to destroy " "user krb5 ccache %s with %s\n", ccname, error_message(ret))); return krb5_to_nt_status(ret); } DEBUG(10, ("add_ccache_to_list: successfully destroyed " "krb5 ccache %s for user %s\n", ccname, username)); } #endif /* Reference count old entries */ entry = get_ccache_by_username(username); if (entry) { /* Check cached entries are identical. */ if (!ccache_entry_identical(username, uid, ccname)) { return NT_STATUS_INVALID_PARAMETER; } entry->ref_count++; DEBUG(10,("add_ccache_to_list: " "ref count on entry %s is now %d\n", username, entry->ref_count)); /* FIXME: in this case we still might want to have a krb5 cred * event handler created - gd * Add ticket refresh handler here */ if (!lp_winbind_refresh_tickets() || renew_until <= 0) { return NT_STATUS_OK; } if (!entry->event) { if (postponed_request) { t = timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0); add_krb5_ticket_gain_handler_event(entry, t); } else { /* Renew at 1/2 the ticket expiration time */ #if defined(DEBUG_KRB5_TKT_RENEWAL) t = timeval_set(time(NULL)+30, 0); #else t = timeval_set(krb5_event_refresh_time(ticket_end), 0); #endif if (!entry->refresh_time) { entry->refresh_time = t.tv_sec; } entry->event = tevent_add_timer(winbind_event_context(), entry, t, krb5_ticket_refresh_handler, entry); } if (!entry->event) { ntret = remove_ccache(username); if (!NT_STATUS_IS_OK(ntret)) { DEBUG(0, ("add_ccache_to_list: Failed to remove krb5 " "ccache %s for user %s\n", entry->ccname, entry->username)); DEBUG(0, ("add_ccache_to_list: error is %s\n", nt_errstr(ntret))); return ntret; } return NT_STATUS_NO_MEMORY; } DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n")); } /* * If we're set up to renew our krb5 tickets, we must * cache the credentials in memory for the ticket * renew function (or increase the reference count * if we're logging in more than once). Fix inspired * by patch from Ian Gordon <*****@*****.**> * for bugid #9098. */ ntret = winbindd_add_memory_creds(username, uid, pass); DEBUG(10, ("winbindd_add_memory_creds returned: %s\n", nt_errstr(ntret))); return NT_STATUS_OK; } entry = talloc(NULL, struct WINBINDD_CCACHE_ENTRY); if (!entry) { return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(entry); if (username) { entry->username = talloc_strdup(entry, username); if (!entry->username) { goto no_mem; } } if (princ_name) { entry->principal_name = talloc_strdup(entry, princ_name); if (!entry->principal_name) { goto no_mem; } } if (service) { entry->service = talloc_strdup(entry, service); if (!entry->service) { goto no_mem; } } entry->ccname = talloc_strdup(entry, ccname); if (!entry->ccname) { goto no_mem; } entry->realm = talloc_strdup(entry, realm); if (!entry->realm) { goto no_mem; } entry->create_time = create_time; entry->renew_until = renew_until; entry->uid = uid; entry->ref_count = 1; if (!lp_winbind_refresh_tickets() || renew_until <= 0) { goto add_entry; } if (postponed_request) { t = timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0); add_krb5_ticket_gain_handler_event(entry, t); } else { /* Renew at 1/2 the ticket expiration time */ #if defined(DEBUG_KRB5_TKT_RENEWAL) t = timeval_set(time(NULL)+30, 0); #else t = timeval_set(krb5_event_refresh_time(ticket_end), 0); #endif if (entry->refresh_time == 0) { entry->refresh_time = t.tv_sec; } entry->event = tevent_add_timer(winbind_event_context(), entry, t, krb5_ticket_refresh_handler, entry); } if (!entry->event) { goto no_mem; } DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n")); add_entry: DLIST_ADD(ccache_list, entry); DEBUG(10,("add_ccache_to_list: " "added ccache [%s] for user [%s] to the list\n", ccname, username)); if (entry->event) { /* * If we're set up to renew our krb5 tickets, we must * cache the credentials in memory for the ticket * renew function. Fix inspired by patch from * Ian Gordon <*****@*****.**> for * bugid #9098. */ ntret = winbindd_add_memory_creds(username, uid, pass); DEBUG(10, ("winbindd_add_memory_creds returned: %s\n", nt_errstr(ntret))); } return NT_STATUS_OK; no_mem: TALLOC_FREE(entry); return NT_STATUS_NO_MEMORY; }
static NTSTATUS winbindd_add_memory_creds_internal(const char *username, uid_t uid, const char *pass) { /* Shortcut to ensure we don't store if no mlock. */ #if !defined(HAVE_MLOCK) || !defined(HAVE_MUNLOCK) return NT_STATUS_OK; #else NTSTATUS status; struct WINBINDD_MEMORY_CREDS *memcredp = NULL; memcredp = find_memory_creds_by_name(username); if (uid == (uid_t)-1) { DEBUG(0,("winbindd_add_memory_creds_internal: " "invalid uid for user %s.\n", username)); return NT_STATUS_INVALID_PARAMETER; } if (memcredp) { /* Already exists. Increment the reference count and replace stored creds. */ if (uid != memcredp->uid) { DEBUG(0,("winbindd_add_memory_creds_internal: " "uid %u for user %s doesn't " "match stored uid %u. Replacing.\n", (unsigned int)uid, username, (unsigned int)memcredp->uid)); memcredp->uid = uid; } memcredp->ref_count++; DEBUG(10,("winbindd_add_memory_creds_internal: " "ref count for user %s is now %d\n", username, memcredp->ref_count)); return winbindd_replace_memory_creds_internal(memcredp, pass); } memcredp = talloc_zero(NULL, struct WINBINDD_MEMORY_CREDS); if (!memcredp) { return NT_STATUS_NO_MEMORY; } memcredp->username = talloc_strdup(memcredp, username); if (!memcredp->username) { talloc_destroy(memcredp); return NT_STATUS_NO_MEMORY; } status = store_memory_creds(memcredp, pass); if (!NT_STATUS_IS_OK(status)) { talloc_destroy(memcredp); return status; } memcredp->uid = uid; memcredp->ref_count = 1; DLIST_ADD(memory_creds_list, memcredp); DEBUG(10,("winbindd_add_memory_creds_internal: " "added entry for user %s\n", username)); return NT_STATUS_OK; #endif }
pipes_struct *open_rpc_pipe_p(char *pipe_name, connection_struct *conn, uint16 vuid) { int i; pipes_struct *p; static int next_pipe; DEBUG(4,("Open pipe requested %s (pipes_open=%d)\n", pipe_name, pipes_open)); /* not repeating pipe numbers makes it easier to track things in log files and prevents client bugs where pipe numbers are reused over connection restarts */ if (next_pipe == 0) next_pipe = (getpid() ^ time(NULL)) % MAX_OPEN_PIPES; i = bitmap_find(bmap, next_pipe); if (i == -1) { DEBUG(0,("ERROR! Out of pipe structures\n")); return NULL; } next_pipe = (i+1) % MAX_OPEN_PIPES; for (p = Pipes; p; p = p->next) DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); p = (pipes_struct *)malloc(sizeof(*p)); if (!p) return NULL; ZERO_STRUCTP(p); DLIST_ADD(Pipes, p); /* * Initialize the incoming RPC data buffer with one PDU worth of memory. * We cheat here and say we're marshalling, as we intend to add incoming * data directly into the prs_struct and we want it to auto grow. We will * change the type to UNMARSALLING before processing the stream. */ if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); return NULL; } bitmap_set(bmap, i); i += pipe_handle_offset; pipes_open++; p->pnum = i; p->open = True; p->device_state = 0; p->priority = 0; p->conn = conn; p->vuid = vuid; p->max_trans_reply = 0; p->ntlmssp_chal_flags = 0; p->ntlmssp_auth_validated = False; p->ntlmssp_auth_requested = False; p->pipe_bound = False; p->fault_state = False; /* * Initialize the incoming RPC struct. */ p->in_data.pdu_needed_len = 0; p->in_data.pdu_received_len = 0; /* * Initialize the outgoing RPC struct. */ p->out_data.current_pdu_len = 0; p->out_data.current_pdu_sent = 0; p->out_data.data_sent_length = 0; /* * Initialize the outgoing RPC data buffer with no memory. */ prs_init(&p->out_data.rdata, 0, 4, MARSHALL); p->uid = (uid_t)-1; p->gid = (gid_t)-1; fstrcpy(p->name, pipe_name); DEBUG(4,("Opened pipe %s with handle %x (pipes_open=%d)\n", pipe_name, i, pipes_open)); chain_p = p; /* OVERWRITE p as a temp variable, to display all open pipes */ for (p = Pipes; p; p = p->next) DEBUG(5,("open pipes: name %s pnum=%x\n", p->name, p->pnum)); return chain_p; }
static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session, struct smbXsrv_session_auth0 **_auth, struct smbd_smb2_request *smb2req, uint8_t in_security_mode, struct auth_session_info *session_info, uint16_t *out_session_flags, uint64_t *out_session_id) { NTSTATUS status; bool guest = false; uint8_t session_key[16]; struct smbXsrv_session *x = session; struct smbXsrv_session_auth0 *auth = *_auth; struct smbXsrv_connection *xconn = smb2req->xconn; size_t i; struct _derivation { DATA_BLOB label; DATA_BLOB context; }; struct { struct _derivation signing; struct _derivation encryption; struct _derivation decryption; struct _derivation application; } derivation = { }; *_auth = NULL; if (xconn->protocol >= PROTOCOL_SMB3_10) { struct smbXsrv_preauth *preauth; struct _derivation *d; DATA_BLOB p; struct hc_sha512state sctx; preauth = talloc_move(smb2req, &auth->preauth); samba_SHA512_Init(&sctx); samba_SHA512_Update(&sctx, preauth->sha512_value, sizeof(preauth->sha512_value)); for (i = 1; i < smb2req->in.vector_count; i++) { samba_SHA512_Update(&sctx, smb2req->in.vector[i].iov_base, smb2req->in.vector[i].iov_len); } samba_SHA512_Final(preauth->sha512_value, &sctx); p = data_blob_const(preauth->sha512_value, sizeof(preauth->sha512_value)); d = &derivation.signing; d->label = data_blob_string_const_null("SMBSigningKey"); d->context = p; d = &derivation.decryption; d->label = data_blob_string_const_null("SMBC2SCipherKey"); d->context = p; d = &derivation.encryption; d->label = data_blob_string_const_null("SMBS2CCipherKey"); d->context = p; d = &derivation.application; d->label = data_blob_string_const_null("SMBAppKey"); d->context = p; } else if (xconn->protocol >= PROTOCOL_SMB2_24) { struct _derivation *d; d = &derivation.signing; d->label = data_blob_string_const_null("SMB2AESCMAC"); d->context = data_blob_string_const_null("SmbSign"); d = &derivation.decryption; d->label = data_blob_string_const_null("SMB2AESCCM"); d->context = data_blob_string_const_null("ServerIn "); d = &derivation.encryption; d->label = data_blob_string_const_null("SMB2AESCCM"); d->context = data_blob_string_const_null("ServerOut"); d = &derivation.application; d->label = data_blob_string_const_null("SMB2APP"); d->context = data_blob_string_const_null("SmbRpc"); } if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == SMB_SIGNING_REQUIRED) { x->global->signing_flags = SMBXSRV_SIGNING_REQUIRED; } if ((lp_smb_encrypt(-1) >= SMB_SIGNING_DESIRED) && (xconn->smb2.client.capabilities & SMB2_CAP_ENCRYPTION)) { x->global->encryption_flags = SMBXSRV_ENCRYPTION_DESIRED; } if (lp_smb_encrypt(-1) == SMB_SIGNING_REQUIRED) { x->global->encryption_flags = SMBXSRV_ENCRYPTION_REQUIRED | SMBXSRV_ENCRYPTION_DESIRED; } if (security_session_user_level(session_info, NULL) < SECURITY_USER) { /* we map anonymous to guest internally */ *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST; *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; /* force no signing */ x->global->signing_flags &= ~SMBXSRV_SIGNING_REQUIRED; guest = true; } if (guest && (x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED)) { DEBUG(1,("reject guest session as encryption is required\n")); return NT_STATUS_ACCESS_DENIED; } if (xconn->smb2.server.cipher == 0) { if (x->global->encryption_flags & SMBXSRV_ENCRYPTION_REQUIRED) { DEBUG(1,("reject session with dialect[0x%04X] " "as encryption is required\n", xconn->smb2.server.dialect)); return NT_STATUS_ACCESS_DENIED; } } else { x->global->channels[0].encryption_cipher = xconn->smb2.server.cipher; } if (x->global->encryption_flags & SMBXSRV_ENCRYPTION_DESIRED) { *out_session_flags |= SMB2_SESSION_FLAG_ENCRYPT_DATA; } ZERO_STRUCT(session_key); memcpy(session_key, session_info->session_key.data, MIN(session_info->session_key.length, sizeof(session_key))); x->global->signing_key = data_blob_talloc(x->global, session_key, sizeof(session_key)); if (x->global->signing_key.data == NULL) { ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } if (xconn->protocol >= PROTOCOL_SMB2_24) { struct _derivation *d = &derivation.signing; smb2_key_derivation(session_key, sizeof(session_key), d->label.data, d->label.length, d->context.data, d->context.length, x->global->signing_key.data); } if (xconn->protocol >= PROTOCOL_SMB2_24) { struct _derivation *d = &derivation.decryption; x->global->decryption_key = data_blob_talloc(x->global, session_key, sizeof(session_key)); if (x->global->decryption_key.data == NULL) { ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } smb2_key_derivation(session_key, sizeof(session_key), d->label.data, d->label.length, d->context.data, d->context.length, x->global->decryption_key.data); } if (xconn->protocol >= PROTOCOL_SMB2_24) { struct _derivation *d = &derivation.encryption; size_t nonce_size; x->global->encryption_key = data_blob_talloc(x->global, session_key, sizeof(session_key)); if (x->global->encryption_key.data == NULL) { ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } smb2_key_derivation(session_key, sizeof(session_key), d->label.data, d->label.length, d->context.data, d->context.length, x->global->encryption_key.data); /* * CCM and GCM algorithms must never have their * nonce wrap, or the security of the whole * communication and the keys is destroyed. * We must drop the connection once we have * transfered too much data. * * NOTE: We assume nonces greater than 8 bytes. */ generate_random_buffer((uint8_t *)&x->nonce_high_random, sizeof(x->nonce_high_random)); switch (xconn->smb2.server.cipher) { case SMB2_ENCRYPTION_AES128_CCM: nonce_size = AES_CCM_128_NONCE_SIZE; break; case SMB2_ENCRYPTION_AES128_GCM: nonce_size = AES_GCM_128_IV_SIZE; break; default: nonce_size = 0; break; } x->nonce_high_max = SMB2_NONCE_HIGH_MAX(nonce_size); x->nonce_high = 0; x->nonce_low = 0; } x->global->application_key = data_blob_dup_talloc(x->global, x->global->signing_key); if (x->global->application_key.data == NULL) { ZERO_STRUCT(session_key); return NT_STATUS_NO_MEMORY; } if (xconn->protocol >= PROTOCOL_SMB2_24) { struct _derivation *d = &derivation.application; smb2_key_derivation(session_key, sizeof(session_key), d->label.data, d->label.length, d->context.data, d->context.length, x->global->application_key.data); } ZERO_STRUCT(session_key); x->global->channels[0].signing_key = data_blob_dup_talloc(x->global->channels, x->global->signing_key); if (x->global->channels[0].signing_key.data == NULL) { return NT_STATUS_NO_MEMORY; } data_blob_clear_free(&session_info->session_key); session_info->session_key = data_blob_dup_talloc(session_info, x->global->application_key); if (session_info->session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } session->compat = talloc_zero(session, struct user_struct); if (session->compat == NULL) { return NT_STATUS_NO_MEMORY; } session->compat->session = session; session->compat->homes_snum = -1; session->compat->session_info = session_info; session->compat->session_keystr = NULL; session->compat->vuid = session->global->session_wire_id; DLIST_ADD(smb2req->sconn->users, session->compat); smb2req->sconn->num_users++; if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { session->compat->homes_snum = register_homes_share(session_info->unix_info->unix_name); } set_current_user_info(session_info->unix_info->sanitized_username, session_info->unix_info->unix_name, session_info->info->domain_name); reload_services(smb2req->sconn, conn_snum_used, true); session->status = NT_STATUS_OK; session->global->auth_session_info = talloc_move(session->global, &session_info); session->global->auth_session_info_seqnum += 1; for (i=0; i < session->global->num_channels; i++) { struct smbXsrv_channel_global0 *_c = &session->global->channels[i]; _c->auth_session_info_seqnum = session->global->auth_session_info_seqnum; } session->global->auth_time = timeval_to_nttime(&smb2req->request_time); session->global->expiration_time = gensec_expire_time(auth->gensec); if (!session_claim(session)) { DEBUG(1, ("smb2: Failed to claim session " "for vuid=%llu\n", (unsigned long long)session->compat->vuid)); return NT_STATUS_LOGON_FAILURE; } TALLOC_FREE(auth); status = smbXsrv_session_update(session); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("smb2: Failed to update session for vuid=%llu - %s\n", (unsigned long long)session->compat->vuid, nt_errstr(status))); return NT_STATUS_LOGON_FAILURE; } /* * we attach the session to the request * so that the response can be signed */ if (!guest) { smb2req->do_signing = true; } global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32); *out_session_id = session->global->session_wire_id; return NT_STATUS_OK; }
int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, DATA_BLOB response_blob, const char *smb_name) { user_struct *vuser = NULL; /* Ensure no vuid gets registered in share level security. */ if(lp_security() == SEC_SHARE) { data_blob_free(&session_key); return UID_FIELD_INVALID; } /* Limit allowed vuids to 16bits - VUID_OFFSET. */ if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) { data_blob_free(&session_key); return UID_FIELD_INVALID; } if((vuser = SMB_MALLOC_P(user_struct)) == NULL) { DEBUG(0,("Failed to malloc users struct!\n")); data_blob_free(&session_key); return UID_FIELD_INVALID; } ZERO_STRUCTP(vuser); /* Allocate a free vuid. Yes this is a linear search... :-) */ while( get_valid_user_struct(next_vuid) != NULL ) { next_vuid++; /* Check for vuid wrap. */ if (next_vuid == UID_FIELD_INVALID) next_vuid = VUID_OFFSET; } DEBUG(10,("register_vuid: allocated vuid = %u\n", (unsigned int)next_vuid )); vuser->vuid = next_vuid; /* the next functions should be done by a SID mapping system (SMS) as * the new real sam db won't have reference to unix uids or gids */ vuser->uid = server_info->uid; vuser->gid = server_info->gid; vuser->n_groups = server_info->n_groups; if (vuser->n_groups) { if (!(vuser->groups = memdup(server_info->groups, sizeof(gid_t) * vuser->n_groups))) { DEBUG(0,("register_vuid: failed to memdup vuser->groups\n")); data_blob_free(&session_key); free(vuser); free_server_info(&server_info); return UID_FIELD_INVALID; } } vuser->guest = server_info->guest; fstrcpy(vuser->user.unix_name, server_info->unix_name); /* This is a potentially untrusted username */ alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$", sizeof(vuser->user.smb_name)); fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account)); fstrcpy(vuser->user.full_name, pdb_get_fullname(server_info->sam_account)); { /* Keep the homedir handy */ const char *homedir = pdb_get_homedir(server_info->sam_account); const char *logon_script = pdb_get_logon_script(server_info->sam_account); if (!IS_SAM_DEFAULT(server_info->sam_account, PDB_UNIXHOMEDIR)) { const char *unix_homedir = pdb_get_unix_homedir(server_info->sam_account); if (unix_homedir) { vuser->unix_homedir = smb_xstrdup(unix_homedir); } } else { struct passwd *passwd = getpwnam_alloc(vuser->user.unix_name); if (passwd) { vuser->unix_homedir = smb_xstrdup(passwd->pw_dir); passwd_free(&passwd); } } if (homedir) { vuser->homedir = smb_xstrdup(homedir); } if (logon_script) { vuser->logon_script = smb_xstrdup(logon_script); } } vuser->session_key = session_key; DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", (unsigned int)vuser->uid, (unsigned int)vuser->gid, vuser->user.unix_name, vuser->user.smb_name, vuser->user.domain, vuser->guest )); DEBUG(3, ("User name: %s\tReal name: %s\n",vuser->user.unix_name,vuser->user.full_name)); if (server_info->ptok) { vuser->nt_user_token = dup_nt_token(server_info->ptok); } else { DEBUG(1, ("server_info does not contain a user_token - cannot continue\n")); free_server_info(&server_info); data_blob_free(&session_key); SAFE_FREE(vuser->homedir); SAFE_FREE(vuser->unix_homedir); SAFE_FREE(vuser->logon_script); SAFE_FREE(vuser); return UID_FIELD_INVALID; } /* use this to keep tabs on all our info from the authentication */ vuser->server_info = server_info; DEBUG(3,("UNIX uid %d is UNIX user %s, and will be vuid %u\n",(int)vuser->uid,vuser->user.unix_name, vuser->vuid)); next_vuid++; num_validated_vuids++; DLIST_ADD(validated_users, vuser); if (!session_claim(vuser)) { DEBUG(1,("Failed to claim session for vuid=%d\n", vuser->vuid)); invalidate_vuid(vuser->vuid); return -1; } /* Register a home dir service for this user iff (a) This is not a guest connection, (b) we have a home directory defined (c) there s not an existing static share by that name If a share exists by this name (autoloaded or not) reuse it . */ vuser->homes_snum = -1; if ( (!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir)) { int servicenumber = lp_servicenumber(vuser->user.unix_name); if ( servicenumber == -1 ) { DEBUG(3, ("Adding homes service for user '%s' using home directory: '%s'\n", vuser->user.unix_name, vuser->unix_homedir)); vuser->homes_snum = add_home_service(vuser->user.unix_name, vuser->user.unix_name, vuser->unix_homedir); } else { DEBUG(3, ("Using static (or previously created) service for user '%s'; path = '%s'\n", vuser->user.unix_name, lp_pathname(servicenumber) )); vuser->homes_snum = servicenumber; } } if (srv_is_signing_negotiated() && !vuser->guest && !srv_signing_started()) { /* Try and turn on server signing on the first non-guest sessionsetup. */ srv_set_signing(vuser->session_key, response_blob); } /* fill in the current_user_info struct */ set_current_user_info( &vuser->user ); return vuser->vuid; }
static NTSTATUS smbd_smb2_auth_generic_return(struct smbd_smb2_session *session, struct smbd_smb2_request *smb2req, uint8_t in_security_mode, DATA_BLOB in_security_buffer, uint16_t *out_session_flags, uint64_t *out_session_id) { bool guest = false; if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == SMB_SIGNING_REQUIRED) { session->do_signing = true; } if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) { /* we map anonymous to guest internally */ *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST; *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL; /* force no signing */ session->do_signing = false; guest = true; } session->session_key = session->session_info->session_key; session->compat_vuser = talloc_zero(session, user_struct); if (session->compat_vuser == NULL) { TALLOC_FREE(session); return NT_STATUS_NO_MEMORY; } session->compat_vuser->gensec_security = session->gensec_security; session->compat_vuser->homes_snum = -1; session->compat_vuser->session_info = session->session_info; session->compat_vuser->session_keystr = NULL; session->compat_vuser->vuid = session->vuid; DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser); if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_info->unix_name); } if (!session_claim(session->sconn, session->compat_vuser)) { DEBUG(1, ("smb2: Failed to claim session " "for vuid=%d\n", session->compat_vuser->vuid)); TALLOC_FREE(session); return NT_STATUS_LOGON_FAILURE; } set_current_user_info(session->session_info->unix_info->sanitized_username, session->session_info->unix_info->unix_name, session->session_info->info->domain_name); reload_services(smb2req->sconn, conn_snum_used, true); session->status = NT_STATUS_OK; /* * we attach the session to the request * so that the response can be signed */ smb2req->session = session; if (!guest) { smb2req->do_signing = true; } global_client_caps |= (CAP_LEVEL_II_OPLOCKS|CAP_STATUS32); *out_session_id = session->vuid; return NT_STATUS_OK; }
NTSTATUS file_new(struct smb_request *req, connection_struct *conn, files_struct **result) { struct smbd_server_connection *sconn = conn->sconn; int i; files_struct *fsp; NTSTATUS status; /* we want to give out file handles differently on each new connection because of a common bug in MS clients where they try to reuse a file descriptor from an earlier smb connection. This code increases the chance that the errant client will get an error rather than causing corruption */ if (sconn->first_file == 0) { sconn->first_file = (getpid() ^ (int)time(NULL)); sconn->first_file %= sconn->real_max_open_files; } /* TODO: Port the id-tree implementation from Samba4 */ i = bitmap_find(sconn->file_bmap, sconn->first_file); if (i == -1) { DEBUG(0,("ERROR! Out of file structures\n")); /* TODO: We have to unconditionally return a DOS error here, * W2k3 even returns ERRDOS/ERRnofids for ntcreate&x with * NTSTATUS negotiated */ return NT_STATUS_TOO_MANY_OPENED_FILES; } /* * Make a child of the connection_struct as an fsp can't exist * independent of a connection. */ fsp = talloc_zero(conn, struct files_struct); if (!fsp) { return NT_STATUS_NO_MEMORY; } /* * This can't be a child of fsp because the file_handle can be ref'd * when doing a dos/fcb open, which will then share the file_handle * across multiple fsps. */ fsp->fh = talloc_zero(conn, struct fd_handle); if (!fsp->fh) { TALLOC_FREE(fsp); return NT_STATUS_NO_MEMORY; } fsp->fh->ref_count = 1; fsp->fh->fd = -1; fsp->conn = conn; fsp->fh->gen_id = get_gen_count(sconn); GetTimeOfDay(&fsp->open_time); sconn->first_file = (i+1) % (sconn->real_max_open_files); bitmap_set(sconn->file_bmap, i); fsp->fnum = i + FILE_HANDLE_OFFSET; SMB_ASSERT(fsp->fnum < 65536); /* * Create an smb_filename with "" for the base_name. There are very * few NULL checks, so make sure it's initialized with something. to * be safe until an audit can be done. */ status = create_synthetic_smb_fname(fsp, "", NULL, NULL, &fsp->fsp_name); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(fsp); TALLOC_FREE(fsp->fh); } DLIST_ADD(sconn->files, fsp); sconn->num_files += 1; DEBUG(5,("allocated file structure %d, fnum = %d (%u used)\n", i, fsp->fnum, (unsigned int)sconn->num_files)); if (req != NULL) { req->chain_fsp = fsp; } /* A new fsp invalidates the positive and negative fsp_fi_cache as the new fsp is pushed at the start of the list and we search from a cache hit to the *end* of the list. */ ZERO_STRUCT(sconn->fsp_fi_cache); conn->num_files_open++; *result = fsp; return NT_STATUS_OK; }
WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb, struct dsdb_schema *schema, struct ldb_message *msg) { WERROR status; struct dsdb_attribute *attr = talloc_zero(schema, struct dsdb_attribute); if (!attr) { return WERR_NOMEM; } GET_STRING_LDB(msg, "cn", attr, attr, cn, false); GET_STRING_LDB(msg, "lDAPDisplayName", attr, attr, lDAPDisplayName, true); GET_STRING_LDB(msg, "attributeID", attr, attr, attributeID_oid, true); if (!schema->prefixmap || schema->prefixmap->length == 0) { /* set an invalid value */ attr->attributeID_id = DRSUAPI_ATTID_INVALID; } else { status = dsdb_schema_pfm_make_attid(schema->prefixmap, attr->attributeID_oid, &attr->attributeID_id); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n", __location__, attr->lDAPDisplayName, attr->attributeID_oid, win_errstr(status))); return status; } } /* fetch msDS-IntId to be used in resolving ATTRTYP values */ GET_UINT32_LDB(msg, "msDS-IntId", attr, msDS_IntId); GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID); GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID); GET_GUID_LDB(msg, "attributeSecurityGUID", attr, attributeSecurityGUID); GET_GUID_LDB(msg, "objectGUID", attr, objectGUID); GET_UINT32_LDB(msg, "searchFlags", attr, searchFlags); GET_UINT32_LDB(msg, "systemFlags", attr, systemFlags); GET_BOOL_LDB(msg, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false); GET_UINT32_LDB(msg, "linkID", attr, linkID); GET_STRING_LDB(msg, "attributeSyntax", attr, attr, attributeSyntax_oid, true); if (!schema->prefixmap || schema->prefixmap->length == 0) { /* set an invalid value */ attr->attributeSyntax_id = DRSUAPI_ATTID_INVALID; } else { status = dsdb_schema_pfm_attid_from_oid(schema->prefixmap, attr->attributeSyntax_oid, &attr->attributeSyntax_id); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("%s: '%s': unable to map attributeSyntax_ %s: %s\n", __location__, attr->lDAPDisplayName, attr->attributeSyntax_oid, win_errstr(status))); return status; } } GET_UINT32_LDB(msg, "oMSyntax", attr, oMSyntax); GET_BLOB_LDB(msg, "oMObjectClass", attr, attr, oMObjectClass); GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true); GET_UINT32_PTR_LDB(msg, "rangeLower", attr, attr, rangeLower); GET_UINT32_PTR_LDB(msg, "rangeUpper", attr, attr, rangeUpper); GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false); GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx); GET_BLOB_LDB(msg, "msDs-Schema-Extensions", attr, attr, msDs_Schema_Extensions); GET_BOOL_LDB(msg, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false); GET_STRING_LDB(msg, "adminDisplayName", attr, attr, adminDisplayName, false); GET_STRING_LDB(msg, "adminDescription", attr, attr, adminDescription, false); GET_STRING_LDB(msg, "classDisplayName", attr, attr, classDisplayName, false); GET_BOOL_LDB(msg, "isEphemeral", attr, isEphemeral, false); GET_BOOL_LDB(msg, "isDefunct", attr, isDefunct, false); GET_BOOL_LDB(msg, "systemOnly", attr, systemOnly, false); attr->syntax = dsdb_syntax_for_attribute(attr); if (!attr->syntax) { DEBUG(0,(__location__ ": Unknown schema syntax for %s\n", attr->lDAPDisplayName)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) { DEBUG(0,(__location__ ": Unknown schema syntax for %s - ldb_syntax: %s, ldap_oid: %s\n", attr->lDAPDisplayName, attr->syntax->ldb_syntax, attr->syntax->ldap_oid)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } DLIST_ADD(schema->attributes, attr); return WERR_OK; }
NTSTATUS file_new(struct smb_request *req, connection_struct *conn, files_struct **result) { int i; files_struct *fsp; /* we want to give out file handles differently on each new connection because of a common bug in MS clients where they try to reuse a file descriptor from an earlier smb connection. This code increases the chance that the errant client will get an error rather than causing corruption */ if (first_file == 0) { first_file = (sys_getpid() ^ (int)time(NULL)) % real_max_open_files; } /* TODO: Port the id-tree implementation from Samba4 */ i = bitmap_find(file_bmap, first_file); if (i == -1) { DEBUG(0,("ERROR! Out of file structures\n")); /* TODO: We have to unconditionally return a DOS error here, * W2k3 even returns ERRDOS/ERRnofids for ntcreate&x with * NTSTATUS negotiated */ return NT_STATUS_TOO_MANY_OPENED_FILES; } fsp = SMB_MALLOC_P(files_struct); if (!fsp) { return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(fsp); fsp->fh = SMB_MALLOC_P(struct fd_handle); if (!fsp->fh) { SAFE_FREE(fsp); return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(fsp->fh); fsp->fh->ref_count = 1; fsp->fh->fd = -1; fsp->conn = conn; fsp->fh->gen_id = get_gen_count(); GetTimeOfDay(&fsp->open_time); first_file = (i+1) % real_max_open_files; bitmap_set(file_bmap, i); files_used++; fsp->fnum = i + FILE_HANDLE_OFFSET; SMB_ASSERT(fsp->fnum < 65536); string_set(&fsp->fsp_name,""); DLIST_ADD(Files, fsp); DEBUG(5,("allocated file structure %d, fnum = %d (%d used)\n", i, fsp->fnum, files_used)); if (req != NULL) { req->chain_fsp = fsp; } /* A new fsp invalidates the positive and negative fsp_fi_cache as the new fsp is pushed at the start of the list and we search from a cache hit to the *end* of the list. */ ZERO_STRUCT(fsp_fi_cache); conn->num_files_open++; *result = fsp; return NT_STATUS_OK; }
WERROR dsdb_class_from_ldb(struct dsdb_schema *schema, struct ldb_message *msg) { WERROR status; struct dsdb_class *obj = talloc_zero(schema, struct dsdb_class); if (!obj) { return WERR_NOMEM; } GET_STRING_LDB(msg, "cn", obj, obj, cn, false); GET_STRING_LDB(msg, "lDAPDisplayName", obj, obj, lDAPDisplayName, true); GET_STRING_LDB(msg, "governsID", obj, obj, governsID_oid, true); if (!schema->prefixmap || schema->prefixmap->length == 0) { /* set an invalid value */ obj->governsID_id = DRSUAPI_ATTID_INVALID; } else { status = dsdb_schema_pfm_make_attid(schema->prefixmap, obj->governsID_oid, &obj->governsID_id); if (!W_ERROR_IS_OK(status)) { DEBUG(0,("%s: '%s': unable to map governsID %s: %s\n", __location__, obj->lDAPDisplayName, obj->governsID_oid, win_errstr(status))); return status; } } GET_GUID_LDB(msg, "schemaIDGUID", obj, schemaIDGUID); GET_GUID_LDB(msg, "objectGUID", obj, objectGUID); GET_UINT32_LDB(msg, "objectClassCategory", obj, objectClassCategory); GET_STRING_LDB(msg, "rDNAttID", obj, obj, rDNAttID, false); GET_STRING_LDB(msg, "defaultObjectCategory", obj, obj, defaultObjectCategory, true); GET_STRING_LDB(msg, "subClassOf", obj, obj, subClassOf, true); GET_STRING_LIST_LDB(msg, "systemAuxiliaryClass", obj, obj, systemAuxiliaryClass); GET_STRING_LIST_LDB(msg, "auxiliaryClass", obj, obj, auxiliaryClass); GET_STRING_LIST_LDB(msg, "systemMustContain", obj, obj, systemMustContain); GET_STRING_LIST_LDB(msg, "systemMayContain", obj, obj, systemMayContain); GET_STRING_LIST_LDB(msg, "mustContain", obj, obj, mustContain); GET_STRING_LIST_LDB(msg, "mayContain", obj, obj, mayContain); GET_STRING_LIST_LDB(msg, "systemPossSuperiors", obj, obj, systemPossSuperiors); GET_STRING_LIST_LDB(msg, "possSuperiors", obj, obj, possSuperiors); GET_STRING_LDB(msg, "defaultSecurityDescriptor", obj, obj, defaultSecurityDescriptor, false); GET_UINT32_LDB(msg, "schemaFlagsEx", obj, schemaFlagsEx); GET_UINT32_LDB(msg, "systemFlags", obj, systemFlags); GET_BLOB_LDB(msg, "msDs-Schema-Extensions", obj, obj, msDs_Schema_Extensions); GET_BOOL_LDB(msg, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false); GET_STRING_LDB(msg, "adminDisplayName", obj, obj, adminDisplayName, false); GET_STRING_LDB(msg, "adminDescription", obj, obj, adminDescription, false); GET_STRING_LDB(msg, "classDisplayName", obj, obj, classDisplayName, false); GET_BOOL_LDB(msg, "defaultHidingValue", obj, defaultHidingValue, false); GET_BOOL_LDB(msg, "isDefunct", obj, isDefunct, false); GET_BOOL_LDB(msg, "systemOnly", obj, systemOnly, false); DLIST_ADD(schema->classes, obj); return WERR_OK; }
static void add_workgroup(struct subnet_record *subrec, struct work_record *work) { work->subnet = subrec; DLIST_ADD(subrec->workgrouplist, work); subrec->work_changed = True; }
/***************************************************** a wrapper for open() *******************************************************/ int smbw_open(const char *fname, int flags, mode_t mode) { fstring server, share; pstring path; struct smbw_server *srv=NULL; int eno=0, fd = -1; struct smbw_file *file=NULL; smbw_init(); if (!fname) { errno = EINVAL; return -1; } smbw_busy++; /* work out what server they are after */ smbw_parse_path(fname, server, share, path); /* get a connection to the server */ srv = smbw_server(server, share); if (!srv) { /* smbw_server sets errno */ goto failed; } if (path[strlen(path)-1] == '\\') { fd = -1; } else { fd = cli_open(&srv->cli, path, flags, DENY_NONE); } if (fd == -1) { /* it might be a directory. Maybe we should use chkpath? */ eno = smbw_errno(&srv->cli); fd = smbw_dir_open(fname); if (fd == -1) errno = eno; smbw_busy--; return fd; } file = (struct smbw_file *)malloc(sizeof(*file)); if (!file) { errno = ENOMEM; goto failed; } ZERO_STRUCTP(file); file->f = (struct smbw_filedes *)malloc(sizeof(*(file->f))); if (!file->f) { errno = ENOMEM; goto failed; } ZERO_STRUCTP(file->f); file->f->cli_fd = fd; file->f->fname = strdup(path); if (!file->f->fname) { errno = ENOMEM; goto failed; } file->srv = srv; file->fd = open(SMBW_DUMMY, O_WRONLY); if (file->fd == -1) { errno = EMFILE; goto failed; } if (bitmap_query(smbw_file_bmap, file->fd)) { DEBUG(0,("ERROR: fd used in smbw_open\n")); errno = EIO; goto failed; } file->f->ref_count=1; bitmap_set(smbw_file_bmap, file->fd); DLIST_ADD(smbw_files, file); DEBUG(4,("opened %s\n", fname)); smbw_busy--; return file->fd; failed: if (fd != -1) { cli_close(&srv->cli, fd); } if (file) { if (file->f) { SAFE_FREE(file->f->fname); SAFE_FREE(file->f); } SAFE_FREE(file); } smbw_busy--; return -1; }
SMBCSRV * SMBC_server(TALLOC_CTX *ctx, SMBCCTX *context, bool connect_if_not_found, const char *server, const char *share, char **pp_workgroup, char **pp_username, char **pp_password) { SMBCSRV *srv=NULL; char *workgroup = NULL; struct cli_state *c; struct nmb_name called, calling; const char *server_n = server; struct sockaddr_storage ss; int tried_reverse = 0; int port_try_first; int port_try_next; int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0); uint32 fs_attrs = 0; const char *username_used; NTSTATUS status; zero_sockaddr(&ss); ZERO_STRUCT(c); if (server[0] == 0) { errno = EPERM; return NULL; } /* Look for a cached connection */ srv = SMBC_find_server(ctx, context, server, share, pp_workgroup, pp_username, pp_password); /* * If we found a connection and we're only allowed one share per * server... */ if (srv && *share != '\0' && smbc_getOptionOneSharePerServer(context)) { /* * ... then if there's no current connection to the share, * connect to it. SMBC_find_server(), or rather the function * pointed to by context->get_cached_srv_fn which * was called by SMBC_find_server(), will have issued a tree * disconnect if the requested share is not the same as the * one that was already connected. */ if (srv->cli->cnum == (uint16) -1) { /* Ensure we have accurate auth info */ SMBC_call_auth_fn(ctx, context, server, share, pp_workgroup, pp_username, pp_password); if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); return NULL; } /* * We don't need to renegotiate encryption * here as the encryption context is not per * tid. */ if (!cli_send_tconX(srv->cli, share, "?????", *pp_password, strlen(*pp_password)+1)) { errno = SMBC_errno(context, srv->cli); cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); srv = NULL; } /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); } else if (!cli_get_fs_attr_info(c, &fs_attrs)) { DEBUG(4, ("Could not retrieve " "case sensitivity flag: %s.\n", cli_errstr(c))); /* * We can't determine the case sensitivity of * the share. We have no choice but to use the * user-specified case sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); cli_set_case_sensitive( c, (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? True : False)); } /* * Regenerate the dev value since it's based on both * server and share */ if (srv) { srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); } } } /* If we have a connection... */ if (srv) { /* ... then we're done here. Give 'em what they came for. */ goto done; } /* If we're not asked to connect when a connection doesn't exist... */ if (! connect_if_not_found) { /* ... then we're done here. */ return NULL; } if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; return NULL; } make_nmb_name(&calling, smbc_getNetbiosName(context), 0x0); make_nmb_name(&called , server, 0x20); DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server)); DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server)); again: zero_sockaddr(&ss); /* have to open a new connection */ if ((c = cli_initialise()) == NULL) { errno = ENOMEM; return NULL; } if (smbc_getOptionUseKerberos(context)) { c->use_kerberos = True; } if (smbc_getOptionFallbackAfterKerberos(context)) { c->fallback_after_kerberos = True; } c->timeout = smbc_getTimeout(context); /* * Force use of port 139 for first try if share is $IPC, empty, or * null, so browse lists can work */ if (share == NULL || *share == '\0' || is_ipc) { port_try_first = 139; port_try_next = 445; } else { port_try_first = 445; port_try_next = 139; } c->port = port_try_first; status = cli_connect(c, server_n, &ss); if (!NT_STATUS_IS_OK(status)) { /* First connection attempt failed. Try alternate port. */ c->port = port_try_next; status = cli_connect(c, server_n, &ss); if (!NT_STATUS_IS_OK(status)) { cli_shutdown(c); errno = ETIMEDOUT; return NULL; } } if (!cli_session_request(c, &calling, &called)) { cli_shutdown(c); if (strcmp(called.name, "*SMBSERVER")) { make_nmb_name(&called , "*SMBSERVER", 0x20); goto again; } else { /* Try one more time, but ensure we don't loop */ /* Only try this if server is an IP address ... */ if (is_ipaddress(server) && !tried_reverse) { fstring remote_name; struct sockaddr_storage rem_ss; if (!interpret_string_addr(&rem_ss, server, NI_NUMERICHOST)) { DEBUG(4, ("Could not convert IP address " "%s to struct sockaddr_storage\n", server)); errno = ETIMEDOUT; return NULL; } tried_reverse++; /* Yuck */ if (name_status_find("*", 0, 0, &rem_ss, remote_name)) { make_nmb_name(&called, remote_name, 0x20); goto again; } } } errno = ETIMEDOUT; return NULL; } DEBUG(4,(" session request ok\n")); if (!cli_negprot(c)) { cli_shutdown(c); errno = ETIMEDOUT; return NULL; } username_used = *pp_username; if (!NT_STATUS_IS_OK(cli_session_setup(c, username_used, *pp_password, strlen(*pp_password), *pp_password, strlen(*pp_password), *pp_workgroup))) { /* Failed. Try an anonymous login, if allowed by flags. */ username_used = ""; if (smbc_getOptionNoAutoAnonymousLogin(context) || !NT_STATUS_IS_OK(cli_session_setup(c, username_used, *pp_password, 1, *pp_password, 0, *pp_workgroup))) { cli_shutdown(c); errno = EPERM; return NULL; } } cli_init_creds(c, username_used, *pp_workgroup, *pp_password); DEBUG(4,(" session setup ok\n")); if (!cli_send_tconX(c, share, "?????", *pp_password, strlen(*pp_password)+1)) { errno = SMBC_errno(context, c); cli_shutdown(c); return NULL; } DEBUG(4,(" tconx ok\n")); /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); } else if (!cli_get_fs_attr_info(c, &fs_attrs)) { DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n", cli_errstr(c))); /* * We can't determine the case sensitivity of the share. We * have no choice but to use the user-specified case * sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); cli_set_case_sensitive(c, (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? True : False)); } if (context->internal->smb_encryption_level) { /* Attempt UNIX smb encryption. */ if (!NT_STATUS_IS_OK(cli_force_encryption(c, username_used, *pp_password, *pp_workgroup))) { /* * context->smb_encryption_level == 1 * means don't fail if encryption can't be negotiated, * == 2 means fail if encryption can't be negotiated. */ DEBUG(4,(" SMB encrypt failed\n")); if (context->internal->smb_encryption_level == 2) { cli_shutdown(c); errno = EPERM; return NULL; } } DEBUG(4,(" SMB encrypt ok\n")); } /* * Ok, we have got a nice connection * Let's allocate a server structure. */ srv = SMB_MALLOC_P(SMBCSRV); if (!srv) { errno = ENOMEM; goto failed; } ZERO_STRUCTP(srv); srv->cli = c; srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); srv->no_pathinfo = False; srv->no_pathinfo2 = False; srv->no_nt_session = False; /* now add it to the cache (internal or external) */ /* Let the cache function set errno if it wants to */ errno = 0; if (smbc_getFunctionAddCachedServer(context)(context, srv, server, share, *pp_workgroup, *pp_username)) { int saved_errno = errno; DEBUG(3, (" Failed to add server to cache\n")); errno = saved_errno; if (errno == 0) { errno = ENOMEM; } goto failed; } DEBUG(2, ("Server connect ok: //%s/%s: %p\n", server, share, srv)); DLIST_ADD(context->internal->servers, srv); done: if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) { workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context)); } else { workgroup = *pp_workgroup; } if(!workgroup) { return NULL; } /* set the credentials to make DFS work */ smbc_set_credentials_with_fallback(context, workgroup, *pp_username, *pp_password); return srv; failed: cli_shutdown(c); if (!srv) { return NULL; } SAFE_FREE(srv); return NULL; }
/* load our local partition list */ static WERROR kccsrv_load_partitions(struct kccsrv_service *s) { struct ldb_dn *basedn; struct ldb_result *r; struct ldb_message_element *el; static const char *attrs[] = { "namingContexts", "configurationNamingContext", NULL }; unsigned int i; int ret; basedn = ldb_dn_new(s, s->samdb, NULL); W_ERROR_HAVE_NO_MEMORY(basedn); ret = ldb_search(s->samdb, s, &r, basedn, LDB_SCOPE_BASE, attrs, "(objectClass=*)"); talloc_free(basedn); if (ret != LDB_SUCCESS) { return WERR_FOOBAR; } else if (r->count != 1) { talloc_free(r); return WERR_FOOBAR; } el = ldb_msg_find_element(r->msgs[0], "namingContexts"); if (!el) { return WERR_FOOBAR; } for (i=0; i < el->num_values; i++) { const char *v = (const char *)el->values[i].data; struct ldb_dn *pdn; struct kccsrv_partition *p; pdn = ldb_dn_new(s, s->samdb, v); if (!ldb_dn_validate(pdn)) { return WERR_FOOBAR; } p = talloc_zero(s, struct kccsrv_partition); W_ERROR_HAVE_NO_MEMORY(p); p->dn = talloc_steal(p, pdn); p->service = s; DLIST_ADD(s->partitions, p); DEBUG(2, ("kccsrv_partition[%s] loaded\n", v)); } el = ldb_msg_find_element(r->msgs[0], "configurationNamingContext"); if (!el) { return WERR_FOOBAR; } s->config_dn = ldb_dn_new(s, s->samdb, (const char *)el->values[0].data); if (!ldb_dn_validate(s->config_dn)) { return WERR_FOOBAR; } talloc_free(r); return WERR_OK; }
/* * Connect to a server for getting/setting attributes, possibly on an existing * connection. This works similarly to SMBC_server(). */ SMBCSRV * SMBC_attr_server(TALLOC_CTX *ctx, SMBCCTX *context, const char *server, const char *share, char **pp_workgroup, char **pp_username, char **pp_password) { int flags; struct sockaddr_storage ss; struct cli_state *ipc_cli; struct rpc_pipe_client *pipe_hnd; NTSTATUS nt_status; SMBCSRV *ipc_srv=NULL; /* * See if we've already created this special connection. Reference * our "special" share name '*IPC$', which is an impossible real share * name due to the leading asterisk. */ ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$", pp_workgroup, pp_username, pp_password); if (!ipc_srv) { /* We didn't find a cached connection. Get the password */ if (!*pp_password || (*pp_password)[0] == '\0') { /* ... then retrieve it now. */ SMBC_call_auth_fn(ctx, context, server, share, pp_workgroup, pp_username, pp_password); if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; return NULL; } } flags = 0; if (smbc_getOptionUseKerberos(context)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS; } zero_sockaddr(&ss); nt_status = cli_full_connection(&ipc_cli, global_myname(), server, &ss, 0, "IPC$", "?????", *pp_username, *pp_workgroup, *pp_password, flags, Undefined, NULL); if (! NT_STATUS_IS_OK(nt_status)) { DEBUG(1,("cli_full_connection failed! (%s)\n", nt_errstr(nt_status))); errno = ENOTSUP; return NULL; } if (context->internal->smb_encryption_level) { /* Attempt UNIX smb encryption. */ if (!NT_STATUS_IS_OK(cli_force_encryption(ipc_cli, *pp_username, *pp_password, *pp_workgroup))) { /* * context->smb_encryption_level == * 1 means don't fail if encryption can't be * negotiated, == 2 means fail if encryption * can't be negotiated. */ DEBUG(4,(" SMB encrypt failed on IPC$\n")); if (context->internal->smb_encryption_level == 2) { cli_shutdown(ipc_cli); errno = EPERM; return NULL; } } DEBUG(4,(" SMB encrypt ok on IPC$\n")); } ipc_srv = SMB_MALLOC_P(SMBCSRV); if (!ipc_srv) { errno = ENOMEM; cli_shutdown(ipc_cli); return NULL; } ZERO_STRUCTP(ipc_srv); ipc_srv->cli = ipc_cli; nt_status = cli_rpc_pipe_open_noauth( ipc_srv->cli, &ndr_table_lsarpc.syntax_id, &pipe_hnd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(1, ("cli_nt_session_open fail!\n")); errno = ENOTSUP; cli_shutdown(ipc_srv->cli); free(ipc_srv); return NULL; } /* * Some systems don't support * SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000 * so we might as well do it too. */ nt_status = rpccli_lsa_open_policy( pipe_hnd, talloc_tos(), True, GENERIC_EXECUTE_ACCESS, &ipc_srv->pol); if (!NT_STATUS_IS_OK(nt_status)) { errno = SMBC_errno(context, ipc_srv->cli); cli_shutdown(ipc_srv->cli); return NULL; } /* now add it to the cache (internal or external) */ errno = 0; /* let cache function set errno if it likes */ if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv, server, "*IPC$", *pp_workgroup, *pp_username)) { DEBUG(3, (" Failed to add server to cache\n")); if (errno == 0) { errno = ENOMEM; } cli_shutdown(ipc_srv->cli); free(ipc_srv); return NULL; } DLIST_ADD(context->internal->servers, ipc_srv); } return ipc_srv; }
static int aicloud_connection_smb_info_init(server *srv, connection *con, plugin_data *p) { UNUSED(srv); char pWorkgroup[30]={0}; char pServer[64]={0}; char pShare[1280]={0}; char pPath[1280]={0}; smbc_wrapper_parse_path2(con, pWorkgroup, pServer, pShare, pPath); buffer* bworkgroup = buffer_init(); buffer* bserver = buffer_init(); buffer* bshare = buffer_init(); buffer* bpath = buffer_init(); URI_QUERY_TYPE qflag = SMB_FILE_QUERY; if(pWorkgroup[0] != '\0') buffer_copy_string(bworkgroup, pWorkgroup); if(pServer[0] != '\0') { int isHost = smbc_check_connectivity(con->physical_auth_url->ptr); if(isHost) { buffer_copy_string(bserver, pServer); } else{ buffer_free(bworkgroup); buffer_free(bserver); buffer_free(bshare); buffer_free(bpath); return 2; } } else { if(qflag == SMB_FILE_QUERY) { qflag = SMB_HOST_QUERY; } } if(pServer[0] != '\0' && pShare[0] != '\0') { buffer_copy_string(bshare, pShare); } else { if(qflag == SMB_FILE_QUERY) { qflag = SMB_SHARE_QUERY; } } if(pServer[0] != '\0' && pShare[0] != '\0' && pPath[0] != '\0') { buffer_copy_string(bpath, pPath); qflag = SMB_FILE_QUERY; } data_string *ds = (data_string *)array_get_element(con->request.headers, "user-Agent"); smb_info_t *smb_info; if( ds && ( strstr( ds->value->ptr, "Mozilla" ) || strstr( ds->value->ptr, "Opera" ) || con->mode == SMB_NTLM ) ){ //- From browser, like IE, Chrome, Firefox, Safari if(smb_info = smbdav_get_smb_info_from_pool(srv, con, p)){ Cdbg(DBE, "Get smb_info from pool smb_info->qflag=[%d], smb_info->user=[%s], smb_info->pass=[%s]", smb_info->qflag, smb_info->username->ptr, smb_info->password->ptr); } else{ smb_info = calloc(1, sizeof(smb_info_t)); smb_info->username = buffer_init(); smb_info->password = buffer_init(); smb_info->workgroup = buffer_init(); smb_info->server = buffer_init(); smb_info->share = buffer_init(); smb_info->path = buffer_init(); smb_info->user_agent = buffer_init(); smb_info->src_ip = buffer_init(); if(con->mode == SMB_NTLM){ smb_info->cli = smbc_cli_initialize(); if(!buffer_is_empty(bserver)){ smbc_cli_connect(smb_info->cli, bserver->ptr, SMB_PORT); } smb_info->ntlmssp_state = NULL; smb_info->state = NTLMSSP_INITIAL; } DLIST_ADD(p->smb_info_list, smb_info); } con->smb_info = smb_info; } else{ smb_info = calloc(1, sizeof(smb_info_t)); smb_info->username = buffer_init(); smb_info->password = buffer_init(); smb_info->workgroup = buffer_init(); smb_info->server = buffer_init(); smb_info->share = buffer_init(); smb_info->path = buffer_init(); smb_info->user_agent = buffer_init(); smb_info->src_ip = buffer_init(); con->smb_info = smb_info; } con->smb_info->auth_time = time(NULL); con->smb_info->auth_right = 0; if(ds) buffer_copy_string(con->smb_info->user_agent, ds->value->ptr); con->smb_info->qflag = qflag; buffer_copy_string_buffer(con->smb_info->workgroup, bworkgroup); buffer_copy_string_buffer(con->smb_info->server, bserver); buffer_copy_string_buffer(con->smb_info->share, bshare); buffer_copy_string_buffer(con->smb_info->path, bpath); buffer_copy_string_buffer(con->smb_info->src_ip, con->dst_addr_buf); Cdbg(DBE, "con->smb_info->workgroup=[%s]", con->smb_info->workgroup->ptr); Cdbg(DBE, "con->smb_info->server=[%s]", con->smb_info->server->ptr); Cdbg(DBE, "con->smb_info->share=[%s]", con->smb_info->share->ptr); Cdbg(DBE, "con->smb_info->path=[%s]", con->smb_info->path->ptr); Cdbg(DBE, "con->smb_info->user_agent=[%s]", con->smb_info->user_agent->ptr); Cdbg(DBE, "con->smb_info->src_ip=[%s]", con->smb_info->src_ip->ptr); Cdbg(DBE, "con->smb_info->qflag=[%d]", con->smb_info->qflag); buffer_free(bworkgroup); buffer_free(bserver); buffer_free(bshare); buffer_free(bpath); return 1; }
/* wrapped connection to a ldb database to close just talloc_free() the returned ldb_context TODO: We need an error_string parameter */ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct loadparm_context *lp_ctx, const char *url, struct auth_session_info *session_info, struct cli_credentials *credentials, unsigned int flags) { struct ldb_context *ldb; int ret; char *real_url = NULL; struct ldb_wrap *w; struct ldb_wrap_context c; c.url = url; c.ev = ev; c.lp_ctx = lp_ctx; c.session_info = session_info; c.credentials = credentials; c.flags = flags; /* see if we can re-use an existing ldb */ for (w=ldb_wrap_list; w; w=w->next) { if (ldb_wrap_same_context(&c, &w->context)) { return talloc_reference(mem_ctx, w->ldb); } } /* we want to use the existing event context if possible. This relies on the fact that in smbd, everything is a child of the main event_context */ if (ev == NULL) { return NULL; } ldb = ldb_init(mem_ctx, ev); if (ldb == NULL) { return NULL; } ldb_set_modules_dir(ldb, talloc_asprintf(ldb, "%s/ldb", lp_modulesdir(lp_ctx))); if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { talloc_free(ldb); return NULL; } if (ldb_set_opaque(ldb, "credentials", credentials)) { talloc_free(ldb); return NULL; } if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) { talloc_free(ldb); return NULL; } /* This must be done before we load the schema, as these * handlers for objectSid and objectGUID etc must take * precedence over the 'binary attribute' declaration in the * schema */ ret = ldb_register_samba_handlers(ldb); if (ret == -1) { talloc_free(ldb); return NULL; } if (lp_ctx != NULL && strcmp(lp_sam_url(lp_ctx), url) == 0) { dsdb_set_global_schema(ldb); } ldb_set_debug(ldb, ldb_wrap_debug, NULL); ldb_set_utf8_fns(ldb, NULL, wrap_casefold); real_url = private_path(ldb, lp_ctx, url); if (real_url == NULL) { talloc_free(ldb); return NULL; } /* allow admins to force non-sync ldb for all databases */ if (lp_parm_bool(lp_ctx, NULL, "ldb", "nosync", false)) { flags |= LDB_FLG_NOSYNC; } if (DEBUGLVL(10)) { flags |= LDB_FLG_ENABLE_TRACING; } /* we usually want Samba databases to be private. If we later find we need one public, we will need to add a parameter to ldb_wrap_connect() */ ldb_set_create_perms(ldb, 0600); ret = ldb_connect(ldb, real_url, flags, NULL); if (ret != LDB_SUCCESS) { talloc_free(ldb); return NULL; } /* setup for leak detection */ ldb_set_opaque(ldb, "wrap_url", real_url); /* add to the list of open ldb contexts */ w = talloc(ldb, struct ldb_wrap); if (w == NULL) { talloc_free(ldb); return NULL; } w->context = c; w->context.url = talloc_strdup(w, url); if (w->context.url == NULL) { talloc_free(ldb); return NULL; } w->ldb = ldb; DLIST_ADD(ldb_wrap_list, w); /* make the resulting schema global */ if (lp_ctx != NULL && strcmp(lp_sam_url(lp_ctx), url) == 0) { dsdb_make_schema_global(ldb); } DEBUG(3,("ldb_wrap open of %s\n", url)); talloc_set_destructor(w, ldb_wrap_destructor); return ldb; }
static SMBCSRV * SMBC_server_internal(TALLOC_CTX *ctx, SMBCCTX *context, bool connect_if_not_found, const char *server, uint16_t port, const char *share, char **pp_workgroup, char **pp_username, char **pp_password, bool *in_cache) { SMBCSRV *srv=NULL; char *workgroup = NULL; struct cli_state *c = NULL; const char *server_n = server; int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0); uint32_t fs_attrs = 0; const char *username_used = NULL; const char *password_used = NULL; NTSTATUS status; char *newserver, *newshare; int flags = 0; struct smbXcli_tcon *tcon = NULL; int signing_state = SMB_SIGNING_DEFAULT; struct cli_credentials *creds = NULL; bool use_kerberos = false; bool fallback_after_kerberos = false; bool use_ccache = false; bool pw_nt_hash = false; ZERO_STRUCT(c); *in_cache = false; if (server[0] == 0) { errno = EPERM; return NULL; } /* Look for a cached connection */ srv = SMBC_find_server(ctx, context, server, share, pp_workgroup, pp_username, pp_password); /* * If we found a connection and we're only allowed one share per * server... */ if (srv && share != NULL && *share != '\0' && smbc_getOptionOneSharePerServer(context)) { /* * ... then if there's no current connection to the share, * connect to it. SMBC_find_server(), or rather the function * pointed to by context->get_cached_srv_fn which * was called by SMBC_find_server(), will have issued a tree * disconnect if the requested share is not the same as the * one that was already connected. */ /* * Use srv->cli->desthost and srv->cli->share instead of * server and share below to connect to the actual share, * i.e., a normal share or a referred share from * 'msdfs proxy' share. */ if (!cli_state_has_tcon(srv->cli)) { /* Ensure we have accurate auth info */ SMBC_call_auth_fn(ctx, context, smbXcli_conn_remote_name(srv->cli->conn), srv->cli->share, pp_workgroup, pp_username, pp_password); if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); return NULL; } /* * We don't need to renegotiate encryption * here as the encryption context is not per * tid. */ status = cli_tree_connect(srv->cli, srv->cli->share, "?????", *pp_password); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); cli_shutdown(srv->cli); srv->cli = NULL; smbc_getFunctionRemoveCachedServer(context)(context, srv); srv = NULL; } /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); status = NT_STATUS_OK; } else { status = cli_get_fs_attr_info(c, &fs_attrs); } if (!NT_STATUS_IS_OK(status)) { DEBUG(4, ("Could not retrieve " "case sensitivity flag: %s.\n", nt_errstr(status))); /* * We can't determine the case sensitivity of * the share. We have no choice but to use the * user-specified case sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else if (!is_ipc) { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); cli_set_case_sensitive( c, (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? True : False)); } /* * Regenerate the dev value since it's based on both * server and share */ if (srv) { const char *remote_name = smbXcli_conn_remote_name(srv->cli->conn); srv->dev = (dev_t)(str_checksum(remote_name) ^ str_checksum(srv->cli->share)); } } } /* If we have a connection... */ if (srv) { /* ... then we're done here. Give 'em what they came for. */ *in_cache = true; goto done; } /* If we're not asked to connect when a connection doesn't exist... */ if (! connect_if_not_found) { /* ... then we're done here. */ return NULL; } if (!*pp_workgroup || !*pp_username || !*pp_password) { errno = ENOMEM; return NULL; } DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server)); DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server)); status = NT_STATUS_UNSUCCESSFUL; if (smbc_getOptionUseKerberos(context)) { flags |= CLI_FULL_CONNECTION_USE_KERBEROS; use_kerberos = true; } if (smbc_getOptionFallbackAfterKerberos(context)) { flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; fallback_after_kerberos = true; } if (smbc_getOptionUseCCache(context)) { flags |= CLI_FULL_CONNECTION_USE_CCACHE; use_ccache = true; } if (smbc_getOptionUseNTHash(context)) { flags |= CLI_FULL_CONNECTION_USE_NT_HASH; pw_nt_hash = true; } if (context->internal->smb_encryption_level != SMBC_ENCRYPTLEVEL_NONE) { signing_state = SMB_SIGNING_REQUIRED; } if (port == 0) { if (share == NULL || *share == '\0' || is_ipc) { /* * Try 139 first for IPC$ */ status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20, smbc_getNetbiosName(context), signing_state, flags, &c); } } if (!NT_STATUS_IS_OK(status)) { /* * No IPC$ or 139 did not work */ status = cli_connect_nb(server_n, NULL, port, 0x20, smbc_getNetbiosName(context), signing_state, flags, &c); } if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); return NULL; } cli_set_timeout(c, smbc_getTimeout(context)); status = smbXcli_negprot(c->conn, c->timeout, lp_client_min_protocol(), lp_client_max_protocol()); if (!NT_STATUS_IS_OK(status)) { cli_shutdown(c); errno = ETIMEDOUT; return NULL; } if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { /* Ensure we ask for some initial credits. */ smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS); } username_used = *pp_username; password_used = *pp_password; creds = cli_session_creds_init(c, username_used, *pp_workgroup, NULL, /* realm */ password_used, use_kerberos, fallback_after_kerberos, use_ccache, pw_nt_hash); if (creds == NULL) { cli_shutdown(c); errno = ENOMEM; return NULL; } status = cli_session_setup_creds(c, creds); if (!NT_STATUS_IS_OK(status)) { /* Failed. Try an anonymous login, if allowed by flags. */ username_used = ""; password_used = ""; if (smbc_getOptionNoAutoAnonymousLogin(context) || !NT_STATUS_IS_OK(cli_session_setup_anon(c))) { cli_shutdown(c); errno = EPERM; return NULL; } } DEBUG(4,(" session setup ok\n")); /* here's the fun part....to support 'msdfs proxy' shares (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL here before trying to connect to the original share. cli_check_msdfs_proxy() will fail if it is a normal share. */ if (smbXcli_conn_dfs_supported(c->conn) && cli_check_msdfs_proxy(ctx, c, share, &newserver, &newshare, /* FIXME: cli_check_msdfs_proxy() does not support smbc_smb_encrypt_level type */ context->internal->smb_encryption_level ? true : false, creds)) { cli_shutdown(c); srv = SMBC_server_internal(ctx, context, connect_if_not_found, newserver, port, newshare, pp_workgroup, pp_username, pp_password, in_cache); TALLOC_FREE(newserver); TALLOC_FREE(newshare); return srv; } /* must be a normal share */ status = cli_tree_connect_creds(c, share, "?????", creds); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); cli_shutdown(c); return NULL; } DEBUG(4,(" tconx ok\n")); if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) { tcon = c->smb2.tcon; } else { tcon = c->smb1.tcon; } /* Determine if this share supports case sensitivity */ if (is_ipc) { DEBUG(4, ("IPC$ so ignore case sensitivity\n")); status = NT_STATUS_OK; } else { status = cli_get_fs_attr_info(c, &fs_attrs); } if (!NT_STATUS_IS_OK(status)) { DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n", nt_errstr(status))); /* * We can't determine the case sensitivity of the share. We * have no choice but to use the user-specified case * sensitivity setting. */ if (smbc_getOptionCaseSensitive(context)) { cli_set_case_sensitive(c, True); } else { cli_set_case_sensitive(c, False); } } else if (!is_ipc) { DEBUG(4, ("Case sensitive: %s\n", (fs_attrs & FILE_CASE_SENSITIVE_SEARCH ? "True" : "False"))); smbXcli_tcon_set_fs_attributes(tcon, fs_attrs); } if (context->internal->smb_encryption_level) { /* Attempt encryption. */ status = cli_cm_force_encryption_creds(c, creds, share); if (!NT_STATUS_IS_OK(status)) { /* * context->smb_encryption_level == 1 * means don't fail if encryption can't be negotiated, * == 2 means fail if encryption can't be negotiated. */ DEBUG(4,(" SMB encrypt failed\n")); if (context->internal->smb_encryption_level == 2) { cli_shutdown(c); errno = EPERM; return NULL; } } DEBUG(4,(" SMB encrypt ok\n")); } /* * Ok, we have got a nice connection * Let's allocate a server structure. */ srv = SMB_MALLOC_P(SMBCSRV); if (!srv) { cli_shutdown(c); errno = ENOMEM; return NULL; } ZERO_STRUCTP(srv); DLIST_ADD(srv->cli, c); srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share)); srv->no_pathinfo = False; srv->no_pathinfo2 = False; srv->no_pathinfo3 = False; srv->no_nt_session = False; done: if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) { workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context)); } else { workgroup = *pp_workgroup; } if(!workgroup) { if (c != NULL) { cli_shutdown(c); } SAFE_FREE(srv); return NULL; } /* set the credentials to make DFS work */ smbc_set_credentials_with_fallback(context, workgroup, *pp_username, *pp_password); return srv; }
int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list) { struct passwd *usr; TALLOC_CTX *mem_ctx = NULL; if (!fsp||!fsp->conn||!qt_list) return (-1); *qt_list = NULL; if ((mem_ctx=talloc_init("SMB_USER_QUOTA_LIST"))==NULL) { DEBUG(0,("talloc_init() failed\n")); return (-1); } sys_setpwent(); while ((usr = sys_getpwent()) != NULL) { SMB_NTQUOTA_STRUCT tmp_qt; SMB_NTQUOTA_LIST *tmp_list_ent; DOM_SID sid; ZERO_STRUCT(tmp_qt); if (allready_in_quota_list((*qt_list),usr->pw_uid)) { DEBUG(5,("record for uid[%ld] allready in the list\n",(long)usr->pw_uid)); continue; } uid_to_sid(&sid, usr->pw_uid); if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &tmp_qt)!=0) { DEBUG(5,("no quota entry for sid[%s] path[%s]\n", sid_string_static(&sid),fsp->conn->connectpath)); continue; } DEBUG(15,("quota entry for id[%s] path[%s]\n", sid_string_static(&sid),fsp->conn->connectpath)); if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { DEBUG(0,("TALLOC_ZERO() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); return (-1); } if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { DEBUG(0,("TALLOC_ZERO() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); return (-1); } tmp_list_ent->uid = usr->pw_uid; memcpy(tmp_list_ent->quotas,&tmp_qt,sizeof(tmp_qt)); tmp_list_ent->mem_ctx = mem_ctx; DLIST_ADD((*qt_list),tmp_list_ent); } sys_endpwent(); return 0; }
struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax, const struct tsocket_address *remote_address, const struct tsocket_address *local_address, const struct auth_session_info *session_info, struct messaging_context *msg_ctx) { struct pipes_struct *p; struct pipe_rpc_fns *context_fns; const char *pipe_name; int ret; const struct ndr_interface_table *table; table = ndr_table_by_uuid(&syntax->uuid); if (table == NULL) { DEBUG(0,("unknown interface\n")); return NULL; } pipe_name = dcerpc_default_transport_endpoint(mem_ctx, NCACN_NP, table); DEBUG(4,("Create pipe requested %s\n", pipe_name)); ret = make_base_pipes_struct(mem_ctx, msg_ctx, pipe_name, NCALRPC, RPC_LITTLE_ENDIAN, remote_address, local_address, &p); if (ret) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; } if (!init_pipe_handles(p, syntax)) { DEBUG(0,("open_rpc_pipe_p: init_pipe_handles failed.\n")); TALLOC_FREE(p); return NULL; } p->session_info = copy_session_info(p, session_info); if (p->session_info == NULL) { DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n")); close_policy_by_pipe(p); TALLOC_FREE(p); return NULL; } context_fns = talloc_zero(p, struct pipe_rpc_fns); if (context_fns == NULL) { DEBUG(0,("talloc() failed!\n")); TALLOC_FREE(p); return NULL; } context_fns->next = context_fns->prev = NULL; context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(syntax); context_fns->cmds = rpc_srv_get_pipe_cmds(syntax); context_fns->context_id = 0; context_fns->syntax = *syntax; /* add to the list of open contexts */ DLIST_ADD(p->contexts, context_fns); DEBUG(4,("Created internal pipe %s\n", pipe_name)); return p; }
struct dsdb_schema *dsdb_schema_copy_shallow(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, const struct dsdb_schema *schema) { int ret; struct dsdb_class *cls; struct dsdb_attribute *attr; struct dsdb_schema *schema_copy; schema_copy = dsdb_new_schema(mem_ctx); if (!schema_copy) { return NULL; } /* schema base_dn */ schema_copy->base_dn = ldb_dn_copy(schema_copy, schema->base_dn); if (!schema_copy->base_dn) { goto failed; } /* copy prexiMap & schemaInfo */ schema_copy->prefixmap = dsdb_schema_pfm_copy_shallow(schema_copy, schema->prefixmap); if (!schema_copy->prefixmap) { goto failed; } schema_copy->schema_info = talloc_strdup(schema_copy, schema->schema_info); /* copy classes and attributes*/ for (cls = schema->classes; cls; cls = cls->next) { struct dsdb_class *class_copy = talloc_memdup(schema_copy, cls, sizeof(*cls)); if (!class_copy) { goto failed; } DLIST_ADD(schema_copy->classes, class_copy); } schema_copy->num_classes = schema->num_classes; for (attr = schema->attributes; attr; attr = attr->next) { struct dsdb_attribute *a_copy = talloc_memdup(schema_copy, attr, sizeof(*attr)); if (!a_copy) { goto failed; } DLIST_ADD(schema_copy->attributes, a_copy); } schema_copy->num_attributes = schema->num_attributes; /* rebuild indexes */ ret = dsdb_setup_sorted_accessors(ldb, schema_copy); if (ret != LDB_SUCCESS) { goto failed; } /* leave reload_seq_number = 0 so it will be refresh ASAP */ schema_copy->refresh_fn = schema->refresh_fn; schema_copy->loaded_from_module = schema->loaded_from_module; return schema_copy; failed: talloc_free(schema_copy); return NULL; }
/* add a watch. The watch is removed when the caller calls talloc_free() on *handle */ NTSTATUS inotify_watch(struct sys_notify_context *ctx, const char *path, uint32_t *filter, uint32_t *subdir_filter, void (*callback)(struct sys_notify_context *ctx, void *private_data, struct notify_event *ev), void *private_data, void *handle_p) { struct inotify_private *in; int wd; uint32_t mask; struct inotify_watch_context *w; uint32_t orig_filter = *filter; void **handle = (void **)handle_p; /* maybe setup the inotify fd */ if (ctx->private_data == NULL) { NTSTATUS status; status = inotify_setup(ctx); NT_STATUS_NOT_OK_RETURN(status); } in = talloc_get_type(ctx->private_data, struct inotify_private); mask = inotify_map(filter); if (mask == 0) { /* this filter can't be handled by inotify */ return NT_STATUS_INVALID_PARAMETER; } /* using IN_MASK_ADD allows us to cope with inotify() returning the same watch descriptor for multiple watches on the same path */ mask |= (IN_MASK_ADD | IN_ONLYDIR); /* get a new watch descriptor for this path */ wd = inotify_add_watch(in->fd, path, mask); if (wd == -1) { *filter = orig_filter; DEBUG(1, ("inotify_add_watch returned %s\n", strerror(errno))); return map_nt_error_from_unix(errno); } DEBUG(10, ("inotify_add_watch for %s mask %x returned wd %d\n", path, mask, wd)); w = talloc(in, struct inotify_watch_context); if (w == NULL) { inotify_rm_watch(in->fd, wd); *filter = orig_filter; return NT_STATUS_NO_MEMORY; } w->in = in; w->wd = wd; w->callback = callback; w->private_data = private_data; w->mask = mask; w->filter = orig_filter; w->path = talloc_strdup(w, path); if (w->path == NULL) { inotify_rm_watch(in->fd, wd); *filter = orig_filter; return NT_STATUS_NO_MEMORY; } (*handle) = w; DLIST_ADD(in->watches, w); /* the caller frees the handle to stop watching */ talloc_set_destructor(w, watch_destructor); return NT_STATUS_OK; }
static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx, const char *server_name, struct client_ipc_connection **pp) { struct libnetapi_private_ctx *priv_ctx; struct user_auth_info *auth_info = NULL; struct cli_state *cli_ipc = NULL; struct client_ipc_connection *p; NTSTATUS status; if (!ctx || !pp || !server_name) { return WERR_INVALID_PARAMETER; } priv_ctx = (struct libnetapi_private_ctx *)ctx->private_data; p = ipc_cm_find(priv_ctx, server_name); if (p) { *pp = p; return WERR_OK; } auth_info = user_auth_info_init(ctx); if (!auth_info) { return WERR_NOT_ENOUGH_MEMORY; } auth_info->signing_state = SMB_SIGNING_IPC_DEFAULT; set_cmdline_auth_info_use_kerberos(auth_info, ctx->use_kerberos); set_cmdline_auth_info_username(auth_info, ctx->username); if (ctx->password) { set_cmdline_auth_info_password(auth_info, ctx->password); } else { set_cmdline_auth_info_getpass(auth_info); } if (ctx->username && ctx->username[0] && ctx->password && ctx->password[0] && ctx->use_kerberos) { set_cmdline_auth_info_fallback_after_kerberos(auth_info, true); } if (ctx->use_ccache) { set_cmdline_auth_info_use_ccache(auth_info, true); } status = cli_cm_open(ctx, NULL, server_name, "IPC$", auth_info, false, false, lp_client_max_protocol(), 0, 0x20, &cli_ipc); if (!NT_STATUS_IS_OK(status)) { cli_ipc = NULL; } TALLOC_FREE(auth_info); if (!cli_ipc) { libnetapi_set_error_string(ctx, "Failed to connect to IPC$ share on %s", server_name); return WERR_CAN_NOT_COMPLETE; } p = talloc_zero(ctx, struct client_ipc_connection); if (p == NULL) { return WERR_NOT_ENOUGH_MEMORY; } p->cli = cli_ipc; DLIST_ADD(priv_ctx->ipc_connections, p); *pp = p; return WERR_OK; }