diff options
Diffstat (limited to 'source3/utils/profiles.c')
-rw-r--r-- | source3/utils/profiles.c | 365 |
1 files changed, 365 insertions, 0 deletions
diff --git a/source3/utils/profiles.c b/source3/utils/profiles.c new file mode 100644 index 0000000..ab1eb26 --- /dev/null +++ b/source3/utils/profiles.c @@ -0,0 +1,365 @@ +/* + Samba Unix/Linux SMB client utility profiles.c + + Copyright (C) Richard Sharpe, <rsharpe@richardsharpe.com> 2002 + Copyright (C) Jelmer Vernooij (conversion to popt) 2003 + Copyright (C) Gerald (Jerry) Carter 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "system/filesys.h" +#include "lib/cmdline/cmdline.h" +#include "registry/reg_objects.h" +#include "registry/regfio.h" +#include "../libcli/security/security.h" + +/* GLOBAL VARIABLES */ + +struct dom_sid old_sid, new_sid; +int change = 0, new_val = 0; +int opt_verbose = False; + +/******************************************************************** +********************************************************************/ + +static void verbose_output(const char *format, ...) PRINTF_ATTRIBUTE(1,2); +static void verbose_output(const char *format, ...) +{ + va_list args; + char *var = NULL; + + if (!opt_verbose) { + return; + } + + va_start(args, format); + if ((vasprintf(&var, format, args)) == -1) { + va_end(args); + return; + } + + fprintf(stdout, "%s", var); + va_end(args); + SAFE_FREE(var); +} + +/******************************************************************** +********************************************************************/ + +static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, struct dom_sid *s2 ) +{ + struct security_acl *theacl; + int i; + bool update = False; + struct dom_sid_buf buf; + + verbose_output(" Owner SID: %s\n", + dom_sid_str_buf(sd->owner_sid, &buf)); + if ( dom_sid_equal( sd->owner_sid, s1 ) ) { + sid_copy( sd->owner_sid, s2 ); + update = True; + verbose_output(" New Owner SID: %s\n", + dom_sid_str_buf(sd->owner_sid, &buf)); + + } + + verbose_output(" Group SID: %s\n", + dom_sid_str_buf(sd->group_sid, &buf)); + if ( dom_sid_equal( sd->group_sid, s1 ) ) { + sid_copy( sd->group_sid, s2 ); + update = True; + verbose_output(" New Group SID: %s\n", + dom_sid_str_buf(sd->group_sid, &buf)); + } + + theacl = sd->dacl; + verbose_output(" DACL: %d entries:\n", theacl->num_aces); + for ( i=0; i<theacl->num_aces; i++ ) { + verbose_output(" Trustee SID: %s\n", + dom_sid_str_buf(&theacl->aces[i].trustee, + &buf)); + if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) { + sid_copy( &theacl->aces[i].trustee, s2 ); + update = True; + verbose_output( + " New Trustee SID: %s\n", + dom_sid_str_buf(&theacl->aces[i].trustee, + &buf)); + } + } + +#if 0 + theacl = sd->sacl; + verbose_output(" SACL: %d entries: \n", theacl->num_aces); + for ( i=0; i<theacl->num_aces; i++ ) { + verbose_output(" Trustee SID: %s\n", + dom_sid_str_buf(&theacl->aces[i].trustee, + &buf)); + if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) { + sid_copy( &theacl->aces[i].trustee, s2 ); + update = True; + verbose_output( + " New Trustee SID: %s\n", + dom_sid_str_buf(&theacl->aces[i].trustee, + &buf)); + } + } +#endif + return update; +} + +/******************************************************************** +********************************************************************/ + +static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk, + REGF_NK_REC *parent, REGF_FILE *outfile, + const char *parentpath ) +{ + REGF_NK_REC *key, *subkey; + struct security_descriptor *new_sd; + struct regval_ctr *values; + struct regsubkey_ctr *subkeys; + int i; + char *path; + WERROR werr; + + /* swap out the SIDs in the security descriptor */ + + if (nk->sec_desc->sec_desc == NULL) { + fprintf(stderr, "Invalid (NULL) security descriptor!\n"); + return false; + } + + new_sd = security_descriptor_copy(outfile->mem_ctx, + nk->sec_desc->sec_desc); + if (new_sd == NULL) { + fprintf(stderr, "Failed to copy security descriptor!\n"); + return False; + } + + verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname); + swap_sid_in_acl( new_sd, &old_sid, &new_sid ); + + werr = regsubkey_ctr_init(NULL, &subkeys); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(0,("copy_registry_tree: talloc() failure!\n")); + return False; + } + + werr = regval_ctr_init(subkeys, &values); + if (!W_ERROR_IS_OK(werr)) { + TALLOC_FREE( subkeys ); + DEBUG(0,("copy_registry_tree: talloc() failure!\n")); + return False; + } + + /* copy values into the struct regval_ctr */ + + for ( i=0; i<nk->num_values; i++ ) { + regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type, + nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) ); + } + + /* copy subkeys into the struct regsubkey_ctr */ + + while ( (subkey = regfio_fetch_subkey( infile, nk )) ) { + regsubkey_ctr_addkey( subkeys, subkey->keyname ); + } + + key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent ); + + /* write each one of the subkeys out */ + + path = talloc_asprintf(subkeys, "%s%s%s", + parentpath, parent ? "\\" : "",nk->keyname); + if (!path) { + TALLOC_FREE( subkeys ); + return false; + } + + nk->subkey_index = 0; + while ((subkey = regfio_fetch_subkey(infile, nk))) { + if (!copy_registry_tree( infile, subkey, key, outfile, path)) { + TALLOC_FREE(subkeys); + return false; + } + } + + + verbose_output("[%s]\n", path); + + /* values is a talloc()'d child of subkeys here so just throw it all away */ + TALLOC_FREE(subkeys); + + return True; +} + +/********************************************************************* +*********************************************************************/ + +int main( int argc, const char *argv[] ) +{ + TALLOC_CTX *frame = talloc_stackframe(); + int opt; + REGF_FILE *infile, *outfile; + REGF_NK_REC *nk; + char *orig_filename, *new_filename; + struct poptOption long_options[] = { + POPT_AUTOHELP + { + .longName = "change-sid", + .shortName = 'c', + .argInfo = POPT_ARG_STRING, + .arg = NULL, + .val = 'c', + .descrip = "Provides SID to change", + }, + { + .longName = "new-sid", + .shortName = 'n', + .argInfo = POPT_ARG_STRING, + .arg = NULL, + .val = 'n', + .descrip = "Provides SID to change to", + }, + { + .longName = "verbose", + .shortName = 'v', + .argInfo = POPT_ARG_NONE, + .arg = &opt_verbose, + .val = 'v', + .descrip = "Verbose output", + }, + POPT_COMMON_SAMBA + POPT_COMMON_VERSION + POPT_TABLEEND + }; + poptContext pc; + bool ok; + + smb_init_locale(); + + ok = samba_cmdline_init(frame, + SAMBA_CMDLINE_CONFIG_CLIENT, + false /* require_smbconf */); + if (!ok) { + DBG_ERR("Failed to init cmdline parser!\n"); + TALLOC_FREE(frame); + exit(1); + } + + pc = samba_popt_get_context(getprogname(), + argc, + argv, + long_options, + POPT_CONTEXT_KEEP_FIRST); + if (pc == NULL) { + DBG_ERR("Failed to setup popt context!\n"); + TALLOC_FREE(frame); + exit(1); + } + + poptSetOtherOptionHelp(pc, "<profilefile>"); + + /* Now, process the arguments */ + + while ((opt = poptGetNextOpt(pc)) != -1) { + switch (opt) { + case 'c': + change = 1; + if (!string_to_sid(&old_sid, poptGetOptArg(pc))) { + fprintf(stderr, "Argument to -c should be a SID in form of S-1-5-...\n"); + poptPrintUsage(pc, stderr, 0); + exit(254); + } + break; + + case 'n': + new_val = 1; + if (!string_to_sid(&new_sid, poptGetOptArg(pc))) { + fprintf(stderr, "Argument to -n should be a SID in form of S-1-5-...\n"); + poptPrintUsage(pc, stderr, 0); + exit(253); + } + break; + + case POPT_ERROR_BADOPT: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); + exit(1); + } + } + + poptGetArg(pc); + + if (!poptPeekArg(pc)) { + poptPrintUsage(pc, stderr, 0); + exit(1); + } + + if ((!change && new_val) || (change && !new_val)) { + fprintf(stderr, "You must specify both -c and -n if one or the other is set!\n"); + poptPrintUsage(pc, stderr, 0); + exit(252); + } + + orig_filename = talloc_strdup(frame, poptPeekArg(pc)); + if (!orig_filename) { + exit(ENOMEM); + } + new_filename = talloc_asprintf(frame, + "%s.new", + orig_filename); + if (!new_filename) { + exit(ENOMEM); + } + + if (!(infile = regfio_open( orig_filename, O_RDONLY, 0))) { + fprintf( stderr, "Failed to open %s!\n", orig_filename ); + fprintf( stderr, "Error was (%s)\n", strerror(errno) ); + exit (1); + } + + if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC), + (S_IRUSR|S_IWUSR) )) ) { + fprintf( stderr, "Failed to open new file %s!\n", new_filename ); + fprintf( stderr, "Error was (%s)\n", strerror(errno) ); + exit (1); + } + + /* actually do the update now */ + + if ((nk = regfio_rootkey( infile )) == NULL) { + fprintf(stderr, "Could not get rootkey\n"); + exit(3); + } + + if (!copy_registry_tree( infile, nk, NULL, outfile, "")) { + fprintf(stderr, "Failed to write updated registry file!\n"); + exit(2); + } + + /* cleanup */ + + regfio_close(infile); + regfio_close(outfile); + + poptFreeContext(pc); + + TALLOC_FREE(frame); + return 0; +} |