summaryrefslogtreecommitdiffstats
path: root/source3/lib
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--source3/lib/ABI/smbldap-0.sigs28
-rw-r--r--source3/lib/ABI/smbldap-1.sigs31
-rw-r--r--source3/lib/ABI/smbldap-2.1.0.sigs33
-rw-r--r--source3/lib/ABI/smbldap-2.sigs32
-rw-r--r--source3/lib/addrchange.c314
-rw-r--r--source3/lib/addrchange.h45
-rw-r--r--source3/lib/adouble.c2856
-rw-r--r--source3/lib/adouble.h192
-rw-r--r--source3/lib/adt_tree.c448
-rw-r--r--source3/lib/audit.c149
-rw-r--r--source3/lib/avahi.c275
-rw-r--r--source3/lib/background.c256
-rw-r--r--source3/lib/background.h45
-rw-r--r--source3/lib/cbuf.c328
-rw-r--r--source3/lib/cbuf.h245
-rw-r--r--source3/lib/charcnv.c535
-rw-r--r--source3/lib/cleanupdb.c169
-rw-r--r--source3/lib/cleanupdb.h32
-rw-r--r--source3/lib/cluster_support.c72
-rw-r--r--source3/lib/cluster_support.h21
-rw-r--r--source3/lib/cmdline_contexts.c71
-rw-r--r--source3/lib/cmdline_contexts.h27
-rw-r--r--source3/lib/ctdb_dummy.c180
-rw-r--r--source3/lib/ctdbd_conn.c2341
-rw-r--r--source3/lib/dbwrap/dbwrap_ctdb.c1985
-rw-r--r--source3/lib/dbwrap/dbwrap_ctdb.h40
-rw-r--r--source3/lib/dbwrap/dbwrap_open.c197
-rw-r--r--source3/lib/dbwrap/dbwrap_open.h45
-rw-r--r--source3/lib/dbwrap/dbwrap_watch.c1285
-rw-r--r--source3/lib/dbwrap/dbwrap_watch.h45
-rw-r--r--source3/lib/dmallocmsg.c79
-rw-r--r--source3/lib/dumpcore.c343
-rw-r--r--source3/lib/errmap_unix.c158
-rw-r--r--source3/lib/eventlog/eventlog.c1066
-rw-r--r--source3/lib/eventlog/eventlog.h45
-rw-r--r--source3/lib/eventlog/proto.h62
-rw-r--r--source3/lib/file_id.c82
-rw-r--r--source3/lib/file_id.h44
-rw-r--r--source3/lib/filename_util.c406
-rw-r--r--source3/lib/fstring.c67
-rw-r--r--source3/lib/g_lock.c1984
-rw-r--r--source3/lib/gencache.c742
-rw-r--r--source3/lib/gencache.h60
-rw-r--r--source3/lib/global_contexts.c71
-rw-r--r--source3/lib/global_contexts.h31
-rw-r--r--source3/lib/id_cache.c116
-rw-r--r--source3/lib/id_cache.h40
-rw-r--r--source3/lib/idmap_cache.c442
-rw-r--r--source3/lib/idmap_cache.h40
-rw-r--r--source3/lib/interface.c721
-rw-r--r--source3/lib/interface.h46
-rw-r--r--source3/lib/ldap_debug_handler.c51
-rw-r--r--source3/lib/ldap_escape.c137
-rw-r--r--source3/lib/lsa.c73
-rw-r--r--source3/lib/messages.c1480
-rw-r--r--source3/lib/messages_ctdb.c306
-rw-r--r--source3/lib/messages_ctdb.h44
-rw-r--r--source3/lib/messages_ctdb_ref.c145
-rw-r--r--source3/lib/messages_ctdb_ref.h35
-rw-r--r--source3/lib/messages_util.c42
-rw-r--r--source3/lib/messages_util.h33
-rw-r--r--source3/lib/ms_fnmatch.c232
-rw-r--r--source3/lib/namearray.c39
-rw-r--r--source3/lib/namemap_cache.c333
-rw-r--r--source3/lib/namemap_cache.h49
-rw-r--r--source3/lib/netapi/Doxyfile1362
-rw-r--r--source3/lib/netapi/cm.c284
-rw-r--r--source3/lib/netapi/examples/common.c249
-rw-r--r--source3/lib/netapi/examples/common.h18
-rw-r--r--source3/lib/netapi/examples/dsgetdc/dsgetdc.c101
-rw-r--r--source3/lib/netapi/examples/file/file_close.c83
-rw-r--r--source3/lib/netapi/examples/file/file_enum.c146
-rw-r--r--source3/lib/netapi/examples/file/file_getinfo.c112
-rw-r--r--source3/lib/netapi/examples/getdc/getdc.c86
-rw-r--r--source3/lib/netapi/examples/group/group_add.c90
-rw-r--r--source3/lib/netapi/examples/group/group_adduser.c91
-rw-r--r--source3/lib/netapi/examples/group/group_del.c82
-rw-r--r--source3/lib/netapi/examples/group/group_deluser.c91
-rw-r--r--source3/lib/netapi/examples/group/group_enum.c153
-rw-r--r--source3/lib/netapi/examples/group/group_getinfo.c127
-rw-r--r--source3/lib/netapi/examples/group/group_getusers.c132
-rw-r--r--source3/lib/netapi/examples/group/group_setinfo.c142
-rw-r--r--source3/lib/netapi/examples/group/group_setusers.c142
-rw-r--r--source3/lib/netapi/examples/join/djoin.c166
-rw-r--r--source3/lib/netapi/examples/join/getjoinableous.c110
-rw-r--r--source3/lib/netapi/examples/join/getjoininformation.c105
-rw-r--r--source3/lib/netapi/examples/join/netdomjoin.c104
-rw-r--r--source3/lib/netapi/examples/join/provision_computer_account.c122
-rw-r--r--source3/lib/netapi/examples/join/rename_machine.c101
-rw-r--r--source3/lib/netapi/examples/join/request_offline_domain_join.c97
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_add.c106
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_addmembers.c141
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_del.c83
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_delmembers.c141
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_enum.c126
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_getinfo.c112
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_getmembers.c165
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_setinfo.c128
-rw-r--r--source3/lib/netapi/examples/localgroup/localgroup_setmembers.c146
-rw-r--r--source3/lib/netapi/examples/netdomjoin-gui/logo-small.pngbin0 -> 4485 bytes
-rw-r--r--source3/lib/netapi/examples/netdomjoin-gui/logo.pngbin0 -> 9329 bytes
-rw-r--r--source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c1888
-rwxr-xr-xsource3/lib/netapi/examples/netdomjoin-gui/samba.icobin0 -> 1406 bytes
-rw-r--r--source3/lib/netapi/examples/netlogon/netlogon_control.c143
-rw-r--r--source3/lib/netapi/examples/netlogon/netlogon_control2.c147
-rw-r--r--source3/lib/netapi/examples/netlogon/nltest.c677
-rw-r--r--source3/lib/netapi/examples/server/remote_tod.c83
-rw-r--r--source3/lib/netapi/examples/server/server_getinfo.c136
-rw-r--r--source3/lib/netapi/examples/share/share_add.c105
-rw-r--r--source3/lib/netapi/examples/share/share_del.c85
-rw-r--r--source3/lib/netapi/examples/share/share_enum.c142
-rw-r--r--source3/lib/netapi/examples/share/share_getinfo.c152
-rw-r--r--source3/lib/netapi/examples/share/share_setinfo.c105
-rw-r--r--source3/lib/netapi/examples/shutdown/shutdown_abort.c76
-rw-r--r--source3/lib/netapi/examples/shutdown/shutdown_init.c94
-rw-r--r--source3/lib/netapi/examples/user/user_add.c103
-rw-r--r--source3/lib/netapi/examples/user/user_chgpwd.c99
-rw-r--r--source3/lib/netapi/examples/user/user_del.c82
-rw-r--r--source3/lib/netapi/examples/user/user_dispinfo.c100
-rw-r--r--source3/lib/netapi/examples/user/user_enum.c157
-rw-r--r--source3/lib/netapi/examples/user/user_getgroups.c133
-rw-r--r--source3/lib/netapi/examples/user/user_getinfo.c293
-rw-r--r--source3/lib/netapi/examples/user/user_getlocalgroups.c122
-rw-r--r--source3/lib/netapi/examples/user/user_modalsget.c131
-rw-r--r--source3/lib/netapi/examples/user/user_modalsset.c132
-rw-r--r--source3/lib/netapi/examples/user/user_setgroups.c144
-rw-r--r--source3/lib/netapi/examples/user/user_setinfo.c200
-rw-r--r--source3/lib/netapi/examples/wscript_build72
-rw-r--r--source3/lib/netapi/file.c283
-rw-r--r--source3/lib/netapi/getdc.c212
-rw-r--r--source3/lib/netapi/group.c1848
-rw-r--r--source3/lib/netapi/joindomain.c1145
-rw-r--r--source3/lib/netapi/libnetapi.c3019
-rw-r--r--source3/lib/netapi/libnetapi.h523
-rw-r--r--source3/lib/netapi/localgroup.c1390
-rw-r--r--source3/lib/netapi/netapi.c523
-rw-r--r--source3/lib/netapi/netapi.h2778
-rw-r--r--source3/lib/netapi/netapi_net.h26
-rw-r--r--source3/lib/netapi/netapi_private.h114
-rw-r--r--source3/lib/netapi/netlogon.c248
-rw-r--r--source3/lib/netapi/samr.c346
-rw-r--r--source3/lib/netapi/serverinfo.c701
-rw-r--r--source3/lib/netapi/share.c573
-rw-r--r--source3/lib/netapi/shutdown.c110
-rw-r--r--source3/lib/netapi/sid.c71
-rw-r--r--source3/lib/netapi/tests/common.c116
-rw-r--r--source3/lib/netapi/tests/common.h67
-rw-r--r--source3/lib/netapi/tests/netapitest.c112
-rw-r--r--source3/lib/netapi/tests/netdisplay.c150
-rw-r--r--source3/lib/netapi/tests/netfile.c138
-rw-r--r--source3/lib/netapi/tests/netgroup.c503
-rw-r--r--source3/lib/netapi/tests/netlocalgroup.c226
-rw-r--r--source3/lib/netapi/tests/netserver.c61
-rw-r--r--source3/lib/netapi/tests/netshare.c250
-rw-r--r--source3/lib/netapi/tests/netuser.c462
-rw-r--r--source3/lib/netapi/tests/netwksta.c62
-rw-r--r--source3/lib/netapi/tests/wscript_build6
-rw-r--r--source3/lib/netapi/user.c3638
-rw-r--r--source3/lib/netapi/wkstainfo.c154
-rw-r--r--source3/lib/per_thread_cwd.c156
-rw-r--r--source3/lib/privileges.c514
-rw-r--r--source3/lib/privileges.h45
-rw-r--r--source3/lib/readdir_attr.h37
-rw-r--r--source3/lib/recvfile.c310
-rw-r--r--source3/lib/sendfile.c602
-rw-r--r--source3/lib/server_id_db_util.c99
-rw-r--r--source3/lib/server_id_db_util.h22
-rw-r--r--source3/lib/server_id_watch.c104
-rw-r--r--source3/lib/server_id_watch.h33
-rw-r--r--source3/lib/server_mutex.c104
-rw-r--r--source3/lib/serverid.c62
-rw-r--r--source3/lib/sessionid_tdb.c95
-rw-r--r--source3/lib/sharesec.c588
-rw-r--r--source3/lib/smbconf/pys3smbconf.c212
-rw-r--r--source3/lib/smbconf/smbconf_init.c96
-rw-r--r--source3/lib/smbconf/smbconf_init.h32
-rw-r--r--source3/lib/smbconf/smbconf_reg.c1246
-rw-r--r--source3/lib/smbconf/smbconf_reg.h38
-rw-r--r--source3/lib/smbconf/testsuite.c338
-rw-r--r--source3/lib/smbd_shim.c116
-rw-r--r--source3/lib/smbd_shim.h53
-rw-r--r--source3/lib/smbldap.c1941
-rw-r--r--source3/lib/smbrun.c354
-rw-r--r--source3/lib/srprs.c228
-rw-r--r--source3/lib/srprs.h189
-rw-r--r--source3/lib/string_replace.c192
-rw-r--r--source3/lib/string_replace.h35
-rw-r--r--source3/lib/substitute.c675
-rw-r--r--source3/lib/substitute.h65
-rw-r--r--source3/lib/substitute_generic.c113
-rw-r--r--source3/lib/sysacls.c518
-rw-r--r--source3/lib/sysquotas.c619
-rw-r--r--source3/lib/sysquotas_4A.c334
-rw-r--r--source3/lib/sysquotas_4B.c243
-rw-r--r--source3/lib/sysquotas_jfs2.c150
-rw-r--r--source3/lib/sysquotas_linux.c220
-rw-r--r--source3/lib/sysquotas_nfs.c303
-rw-r--r--source3/lib/sysquotas_xfs.c345
-rw-r--r--source3/lib/system.c1076
-rw-r--r--source3/lib/system_smbd.c253
-rw-r--r--source3/lib/tallocmsg.c85
-rw-r--r--source3/lib/tdb_validate.c538
-rw-r--r--source3/lib/tdb_validate.h79
-rw-r--r--source3/lib/test_adouble.c389
-rw-r--r--source3/lib/test_tldap.c63
-rw-r--r--source3/lib/tevent_barrier.c192
-rw-r--r--source3/lib/tevent_barrier.h37
-rw-r--r--source3/lib/tevent_glib_glue.c881
-rw-r--r--source3/lib/tevent_glib_glue.h68
-rw-r--r--source3/lib/tevent_glib_glue_tests.c397
-rw-r--r--source3/lib/time.c458
-rw-r--r--source3/lib/tldap.c2726
-rw-r--r--source3/lib/tldap_gensec_bind.c366
-rw-r--r--source3/lib/tldap_gensec_bind.h33
-rw-r--r--source3/lib/tldap_util.c843
-rw-r--r--source3/lib/username.c243
-rw-r--r--source3/lib/util.c2013
-rw-r--r--source3/lib/util_builtin.c158
-rw-r--r--source3/lib/util_cluster.c42
-rw-r--r--source3/lib/util_cluster.h27
-rw-r--r--source3/lib/util_ea.c126
-rw-r--r--source3/lib/util_ea.h36
-rw-r--r--source3/lib/util_event.c102
-rw-r--r--source3/lib/util_file.c187
-rw-r--r--source3/lib/util_file.h35
-rw-r--r--source3/lib/util_macstreams.c73
-rw-r--r--source3/lib/util_macstreams.h27
-rw-r--r--source3/lib/util_malloc.c122
-rw-r--r--source3/lib/util_matching.c391
-rw-r--r--source3/lib/util_matching.h40
-rw-r--r--source3/lib/util_names.c86
-rw-r--r--source3/lib/util_nscd.c45
-rw-r--r--source3/lib/util_nttoken.c103
-rw-r--r--source3/lib/util_path.c350
-rw-r--r--source3/lib/util_path.h55
-rw-r--r--source3/lib/util_procid.c69
-rw-r--r--source3/lib/util_procid.h37
-rw-r--r--source3/lib/util_sd.c626
-rw-r--r--source3/lib/util_sec.c598
-rw-r--r--source3/lib/util_sid.c206
-rw-r--r--source3/lib/util_sid_passdb.c131
-rw-r--r--source3/lib/util_sid_passdb.h36
-rw-r--r--source3/lib/util_sock.c1232
-rw-r--r--source3/lib/util_specialsids.c42
-rw-r--r--source3/lib/util_specialsids.h29
-rw-r--r--source3/lib/util_str.c762
-rw-r--r--source3/lib/util_tdb.c449
-rw-r--r--source3/lib/util_transfer_file.c119
-rw-r--r--source3/lib/util_tsock.c149
-rw-r--r--source3/lib/util_tsock.h38
-rw-r--r--source3/lib/util_unixsids.c80
-rw-r--r--source3/lib/util_unixsids.h36
-rw-r--r--source3/lib/util_wellknown.c192
-rw-r--r--source3/lib/version.c32
-rw-r--r--source3/lib/version_test.c26
-rw-r--r--source3/lib/winbind_util.c403
-rw-r--r--source3/lib/winbind_util.h56
-rw-r--r--source3/lib/wins_srv.c409
-rw-r--r--source3/lib/xattr_tdb.c468
-rw-r--r--source3/lib/xattr_tdb.h41
-rw-r--r--source3/libads/ads_ldap_protos.h142
-rw-r--r--source3/libads/ads_proto.h229
-rw-r--r--source3/libads/ads_status.c157
-rw-r--r--source3/libads/ads_status.h68
-rw-r--r--source3/libads/ads_struct.c239
-rw-r--r--source3/libads/authdata.c323
-rw-r--r--source3/libads/cldap.c453
-rw-r--r--source3/libads/cldap.h60
-rw-r--r--source3/libads/disp_sec.c254
-rw-r--r--source3/libads/kerberos.c908
-rw-r--r--source3/libads/kerberos_keytab.c1026
-rw-r--r--source3/libads/kerberos_proto.h104
-rw-r--r--source3/libads/kerberos_util.c80
-rw-r--r--source3/libads/krb5_setpw.c329
-rw-r--r--source3/libads/ldap.c4684
-rw-r--r--source3/libads/ldap_printer.c361
-rw-r--r--source3/libads/ldap_schema.c354
-rw-r--r--source3/libads/ldap_schema.h57
-rw-r--r--source3/libads/ldap_schema_oids.h49
-rw-r--r--source3/libads/ldap_user.c132
-rw-r--r--source3/libads/ldap_utils.c389
-rw-r--r--source3/libads/net_ads_setspn.c229
-rw-r--r--source3/libads/sasl.c855
-rw-r--r--source3/libads/sasl_wrapping.c351
-rw-r--r--source3/libads/sitename_cache.c132
-rw-r--r--source3/libads/sitename_cache.h28
-rw-r--r--source3/libads/util.c236
-rw-r--r--source3/libgpo/gpext/registry.c440
-rw-r--r--source3/libgpo/gpext/scripts.c487
-rw-r--r--source3/libgpo/gpext/security.c297
-rw-r--r--source3/libgpo/gpext/wscript_build23
-rw-r--r--source3/libnet/libnet_dssync.c724
-rw-r--r--source3/libnet/libnet_dssync.h73
-rw-r--r--source3/libnet/libnet_dssync_keytab.c609
-rw-r--r--source3/libnet/libnet_dssync_passdb.c1955
-rw-r--r--source3/libnet/libnet_join.c3289
-rw-r--r--source3/libnet/libnet_join.h40
-rw-r--r--source3/libnet/libnet_join_offline.c441
-rw-r--r--source3/libnet/libnet_join_offline.h26
-rw-r--r--source3/libnet/libnet_keytab.c457
-rw-r--r--source3/libnet/libnet_keytab.h61
-rw-r--r--source3/libnet/netapi.pc.in11
-rw-r--r--source3/librpc/crypto/gse.c1438
-rw-r--r--source3/librpc/crypto/gse.h26
-rw-r--r--source3/librpc/crypto/gse_krb5.c609
-rw-r--r--source3/librpc/crypto/gse_krb5.h30
-rw-r--r--source3/librpc/gen_ndr/README4
-rw-r--r--source3/librpc/idl/IDL_LICENSE.txt9
-rw-r--r--source3/librpc/idl/ads.idl130
-rw-r--r--source3/librpc/idl/leases_db.idl54
-rw-r--r--source3/librpc/idl/libnet_join.idl91
-rw-r--r--source3/librpc/idl/libnetapi.idl2070
-rw-r--r--source3/librpc/idl/open_files.idl133
-rw-r--r--source3/librpc/idl/perfcount.idl172
-rw-r--r--source3/librpc/idl/rpc_host.idl93
-rw-r--r--source3/librpc/idl/rpcd_witness.idl109
-rw-r--r--source3/librpc/idl/secrets.idl131
-rw-r--r--source3/librpc/idl/smbXsrv.idl549
-rw-r--r--source3/librpc/idl/wscript_build41
-rw-r--r--source3/librpc/ndr/ndr_ads.c32
-rw-r--r--source3/librpc/rpc/dcerpc.h80
-rw-r--r--source3/librpc/rpc/dcerpc_helpers.c520
-rw-r--r--source3/librpc/wscript_build53
-rw-r--r--source3/libsmb/ABI/smbclient-0.1.0.sigs172
-rw-r--r--source3/libsmb/ABI/smbclient-0.2.0.sigs172
-rw-r--r--source3/libsmb/ABI/smbclient-0.2.1.sigs174
-rw-r--r--source3/libsmb/ABI/smbclient-0.2.2.sigs176
-rw-r--r--source3/libsmb/ABI/smbclient-0.2.3.sigs179
-rw-r--r--source3/libsmb/ABI/smbclient-0.3.0.sigs179
-rw-r--r--source3/libsmb/ABI/smbclient-0.3.1.sigs180
-rw-r--r--source3/libsmb/ABI/smbclient-0.3.2.sigs181
-rw-r--r--source3/libsmb/ABI/smbclient-0.3.3.sigs184
-rw-r--r--source3/libsmb/ABI/smbclient-0.4.0.sigs184
-rw-r--r--source3/libsmb/ABI/smbclient-0.5.0.sigs185
-rw-r--r--source3/libsmb/ABI/smbclient-0.6.0.sigs188
-rw-r--r--source3/libsmb/ABI/smbclient-0.7.0.sigs188
-rw-r--r--source3/libsmb/ABI/smbclient-0.8.0.sigs190
-rw-r--r--source3/libsmb/async_smb.c269
-rw-r--r--source3/libsmb/auth_generic.c229
-rw-r--r--source3/libsmb/cli_smb2_fnum.c5040
-rw-r--r--source3/libsmb/cli_smb2_fnum.h324
-rw-r--r--source3/libsmb/cliconnect.c4026
-rw-r--r--source3/libsmb/clidfs.c1451
-rw-r--r--source3/libsmb/clidgram.c482
-rw-r--r--source3/libsmb/clidgram.h54
-rw-r--r--source3/libsmb/clientgen.c650
-rw-r--r--source3/libsmb/clierror.c119
-rw-r--r--source3/libsmb/clifile.c7486
-rw-r--r--source3/libsmb/clifsinfo.c815
-rw-r--r--source3/libsmb/clilist.c1255
-rw-r--r--source3/libsmb/climessage.c411
-rw-r--r--source3/libsmb/clioplock.c169
-rw-r--r--source3/libsmb/cliprint.c219
-rw-r--r--source3/libsmb/cliquota.c696
-rw-r--r--source3/libsmb/clirap.c1853
-rw-r--r--source3/libsmb/clirap.h206
-rw-r--r--source3/libsmb/clireadwrite.c1907
-rw-r--r--source3/libsmb/clisecdesc.c372
-rw-r--r--source3/libsmb/clisymlink.c650
-rw-r--r--source3/libsmb/clitrans.c224
-rw-r--r--source3/libsmb/conncache.c227
-rw-r--r--source3/libsmb/dsgetdcname.c1274
-rw-r--r--source3/libsmb/dsgetdcname.h43
-rw-r--r--source3/libsmb/errormap.c295
-rw-r--r--source3/libsmb/errormap_wbc.c62
-rw-r--r--source3/libsmb/errormap_wbc.h29
-rw-r--r--source3/libsmb/libsmb.h31
-rw-r--r--source3/libsmb/libsmb_cache.c242
-rw-r--r--source3/libsmb/libsmb_compat.c581
-rw-r--r--source3/libsmb/libsmb_context.c807
-rw-r--r--source3/libsmb/libsmb_dir.c2726
-rw-r--r--source3/libsmb/libsmb_file.c803
-rw-r--r--source3/libsmb/libsmb_misc.c46
-rw-r--r--source3/libsmb/libsmb_path.c416
-rw-r--r--source3/libsmb/libsmb_printjob.c335
-rw-r--r--source3/libsmb/libsmb_server.c910
-rw-r--r--source3/libsmb/libsmb_setget.c1155
-rw-r--r--source3/libsmb/libsmb_stat.c538
-rw-r--r--source3/libsmb/libsmb_thread_impl.c127
-rw-r--r--source3/libsmb/libsmb_thread_posix.c52
-rw-r--r--source3/libsmb/libsmb_xattr.c2406
-rw-r--r--source3/libsmb/namecache.c480
-rw-r--r--source3/libsmb/namequery.c3538
-rw-r--r--source3/libsmb/namequery.h116
-rw-r--r--source3/libsmb/namequery_dc.c262
-rw-r--r--source3/libsmb/nmblib.c1466
-rw-r--r--source3/libsmb/nmblib.h59
-rw-r--r--source3/libsmb/passchange.c323
-rw-r--r--source3/libsmb/proto.h1080
-rw-r--r--source3/libsmb/pylibsmb.c3030
-rw-r--r--source3/libsmb/samlogon_cache.c405
-rw-r--r--source3/libsmb/samlogon_cache.h46
-rw-r--r--source3/libsmb/smbclient.pc.in11
-rw-r--r--source3/libsmb/smberr.c224
-rw-r--r--source3/libsmb/smbsock_connect.c870
-rw-r--r--source3/libsmb/trusts_util.c630
-rw-r--r--source3/libsmb/unexpected.c751
-rw-r--r--source3/libsmb/unexpected.h49
-rw-r--r--source3/libsmb/wscript30
399 files changed, 168753 insertions, 0 deletions
diff --git a/source3/lib/ABI/smbldap-0.sigs b/source3/lib/ABI/smbldap-0.sigs
new file mode 100644
index 0000000..d0e1d2f
--- /dev/null
+++ b/source3/lib/ABI/smbldap-0.sigs
@@ -0,0 +1,28 @@
+smbldap_add: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_delete: int (struct smbldap_state *, const char *)
+smbldap_extended_operation: int (struct smbldap_state *, const char *, struct berval *, LDAPControl **, LDAPControl **, char **, struct berval **)
+smbldap_free_struct: void (struct smbldap_state **)
+smbldap_get_single_attribute: bool (LDAP *, LDAPMessage *, const char *, char *, int)
+smbldap_has_control: bool (LDAP *, const char *)
+smbldap_has_extension: bool (LDAP *, const char *)
+smbldap_has_naming_context: bool (LDAP *, const char *)
+smbldap_init: NTSTATUS (TALLOC_CTX *, struct tevent_context *, const char *, bool, const char *, const char *, struct smbldap_state **)
+smbldap_make_mod: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const char *)
+smbldap_make_mod_blob: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const DATA_BLOB *)
+smbldap_modify: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_pull_sid: bool (LDAP *, LDAPMessage *, const char *, struct dom_sid *)
+smbldap_search: int (struct smbldap_state *, const char *, int, const char *, const char **, int, LDAPMessage **)
+smbldap_search_paged: int (struct smbldap_state *, const char *, int, const char *, const char **, int, int, LDAPMessage **, void **)
+smbldap_search_suffix: int (struct smbldap_state *, const char *, const char **, LDAPMessage **)
+smbldap_set_creds: bool (struct smbldap_state *, bool, const char *, const char *)
+smbldap_set_mod: void (LDAPMod ***, int, const char *, const char *)
+smbldap_set_mod_blob: void (LDAPMod ***, int, const char *, const DATA_BLOB *)
+smbldap_setup_full_conn: int (LDAP **, const char *)
+smbldap_start_tls: int (LDAP *, int)
+smbldap_talloc_autofree_ldapmod: void (TALLOC_CTX *, LDAPMod **)
+smbldap_talloc_autofree_ldapmsg: void (TALLOC_CTX *, LDAPMessage *)
+smbldap_talloc_dn: char *(TALLOC_CTX *, LDAP *, LDAPMessage *)
+smbldap_talloc_first_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_blob: bool (TALLOC_CTX *, LDAP *, LDAPMessage *, const char *, DATA_BLOB *)
+smbldap_talloc_smallest_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
diff --git a/source3/lib/ABI/smbldap-1.sigs b/source3/lib/ABI/smbldap-1.sigs
new file mode 100644
index 0000000..cacc56d
--- /dev/null
+++ b/source3/lib/ABI/smbldap-1.sigs
@@ -0,0 +1,31 @@
+smbldap_add: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_delete: int (struct smbldap_state *, const char *)
+smbldap_extended_operation: int (struct smbldap_state *, const char *, struct berval *, LDAPControl **, LDAPControl **, char **, struct berval **)
+smbldap_free_struct: void (struct smbldap_state **)
+smbldap_get_ldap: LDAP *(struct smbldap_state *)
+smbldap_get_paged_results: bool (struct smbldap_state *)
+smbldap_get_single_attribute: bool (LDAP *, LDAPMessage *, const char *, char *, int)
+smbldap_has_control: bool (LDAP *, const char *)
+smbldap_has_extension: bool (LDAP *, const char *)
+smbldap_has_naming_context: bool (LDAP *, const char *)
+smbldap_init: NTSTATUS (TALLOC_CTX *, struct tevent_context *, const char *, bool, const char *, const char *, struct smbldap_state **)
+smbldap_make_mod: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const char *)
+smbldap_make_mod_blob: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const DATA_BLOB *)
+smbldap_modify: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_pull_sid: bool (LDAP *, LDAPMessage *, const char *, struct dom_sid *)
+smbldap_search: int (struct smbldap_state *, const char *, int, const char *, const char **, int, LDAPMessage **)
+smbldap_search_paged: int (struct smbldap_state *, const char *, int, const char *, const char **, int, int, LDAPMessage **, void **)
+smbldap_search_suffix: int (struct smbldap_state *, const char *, const char **, LDAPMessage **)
+smbldap_set_creds: bool (struct smbldap_state *, bool, const char *, const char *)
+smbldap_set_mod: void (LDAPMod ***, int, const char *, const char *)
+smbldap_set_mod_blob: void (LDAPMod ***, int, const char *, const DATA_BLOB *)
+smbldap_set_paged_results: void (struct smbldap_state *, bool)
+smbldap_setup_full_conn: int (LDAP **, const char *)
+smbldap_start_tls: int (LDAP *, int)
+smbldap_talloc_autofree_ldapmod: void (TALLOC_CTX *, LDAPMod **)
+smbldap_talloc_autofree_ldapmsg: void (TALLOC_CTX *, LDAPMessage *)
+smbldap_talloc_dn: char *(TALLOC_CTX *, LDAP *, LDAPMessage *)
+smbldap_talloc_first_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_blob: bool (TALLOC_CTX *, LDAP *, LDAPMessage *, const char *, DATA_BLOB *)
+smbldap_talloc_smallest_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
diff --git a/source3/lib/ABI/smbldap-2.1.0.sigs b/source3/lib/ABI/smbldap-2.1.0.sigs
new file mode 100644
index 0000000..67dcc9a
--- /dev/null
+++ b/source3/lib/ABI/smbldap-2.1.0.sigs
@@ -0,0 +1,33 @@
+smbldap_add: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_delete: int (struct smbldap_state *, const char *)
+smbldap_extended_operation: int (struct smbldap_state *, const char *, struct berval *, LDAPControl **, LDAPControl **, char **, struct berval **)
+smbldap_free_struct: void (struct smbldap_state **)
+smbldap_get_ldap: LDAP *(struct smbldap_state *)
+smbldap_get_paged_results: bool (struct smbldap_state *)
+smbldap_get_single_attribute: bool (LDAP *, LDAPMessage *, const char *, char *, int)
+smbldap_has_control: bool (LDAP *, const char *)
+smbldap_has_extension: bool (LDAP *, const char *)
+smbldap_has_naming_context: bool (LDAP *, const char *)
+smbldap_init: NTSTATUS (TALLOC_CTX *, struct tevent_context *, const char *, bool, const char *, const char *, struct smbldap_state **)
+smbldap_make_mod: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const char *)
+smbldap_make_mod_blob: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const DATA_BLOB *)
+smbldap_modify: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_pull_sid: bool (LDAP *, LDAPMessage *, const char *, struct dom_sid *)
+smbldap_search: int (struct smbldap_state *, const char *, int, const char *, const char **, int, LDAPMessage **)
+smbldap_search_paged: int (struct smbldap_state *, const char *, int, const char *, const char **, int, int, LDAPMessage **, void **)
+smbldap_search_suffix: int (struct smbldap_state *, const char *, const char **, LDAPMessage **)
+smbldap_set_bind_callback: void (struct smbldap_state *, smbldap_bind_callback_fn, void *)
+smbldap_set_creds: bool (struct smbldap_state *, bool, const char *, const char *)
+smbldap_set_mod: void (LDAPMod ***, int, const char *, const char *)
+smbldap_set_mod_blob: void (LDAPMod ***, int, const char *, const DATA_BLOB *)
+smbldap_set_paged_results: void (struct smbldap_state *, bool)
+smbldap_setup_full_conn: int (LDAP **, const char *)
+smbldap_start_tls: int (LDAP *, int)
+smbldap_start_tls_start: int (LDAP *, int)
+smbldap_talloc_autofree_ldapmod: void (TALLOC_CTX *, LDAPMod **)
+smbldap_talloc_autofree_ldapmsg: void (TALLOC_CTX *, LDAPMessage *)
+smbldap_talloc_dn: char *(TALLOC_CTX *, LDAP *, LDAPMessage *)
+smbldap_talloc_first_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_blob: bool (TALLOC_CTX *, LDAP *, LDAPMessage *, const char *, DATA_BLOB *)
+smbldap_talloc_smallest_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
diff --git a/source3/lib/ABI/smbldap-2.sigs b/source3/lib/ABI/smbldap-2.sigs
new file mode 100644
index 0000000..8abefec
--- /dev/null
+++ b/source3/lib/ABI/smbldap-2.sigs
@@ -0,0 +1,32 @@
+smbldap_add: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_delete: int (struct smbldap_state *, const char *)
+smbldap_extended_operation: int (struct smbldap_state *, const char *, struct berval *, LDAPControl **, LDAPControl **, char **, struct berval **)
+smbldap_free_struct: void (struct smbldap_state **)
+smbldap_get_ldap: LDAP *(struct smbldap_state *)
+smbldap_get_paged_results: bool (struct smbldap_state *)
+smbldap_get_single_attribute: bool (LDAP *, LDAPMessage *, const char *, char *, int)
+smbldap_has_control: bool (LDAP *, const char *)
+smbldap_has_extension: bool (LDAP *, const char *)
+smbldap_has_naming_context: bool (LDAP *, const char *)
+smbldap_init: NTSTATUS (TALLOC_CTX *, struct tevent_context *, const char *, bool, const char *, const char *, struct smbldap_state **)
+smbldap_make_mod: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const char *)
+smbldap_make_mod_blob: void (LDAP *, LDAPMessage *, LDAPMod ***, const char *, const DATA_BLOB *)
+smbldap_modify: int (struct smbldap_state *, const char *, LDAPMod **)
+smbldap_pull_sid: bool (LDAP *, LDAPMessage *, const char *, struct dom_sid *)
+smbldap_search: int (struct smbldap_state *, const char *, int, const char *, const char **, int, LDAPMessage **)
+smbldap_search_paged: int (struct smbldap_state *, const char *, int, const char *, const char **, int, int, LDAPMessage **, void **)
+smbldap_search_suffix: int (struct smbldap_state *, const char *, const char **, LDAPMessage **)
+smbldap_set_bind_callback: void (struct smbldap_state *, smbldap_bind_callback_fn, void *)
+smbldap_set_creds: bool (struct smbldap_state *, bool, const char *, const char *)
+smbldap_set_mod: void (LDAPMod ***, int, const char *, const char *)
+smbldap_set_mod_blob: void (LDAPMod ***, int, const char *, const DATA_BLOB *)
+smbldap_set_paged_results: void (struct smbldap_state *, bool)
+smbldap_setup_full_conn: int (LDAP **, const char *)
+smbldap_start_tls: int (LDAP *, int)
+smbldap_talloc_autofree_ldapmod: void (TALLOC_CTX *, LDAPMod **)
+smbldap_talloc_autofree_ldapmsg: void (TALLOC_CTX *, LDAPMessage *)
+smbldap_talloc_dn: char *(TALLOC_CTX *, LDAP *, LDAPMessage *)
+smbldap_talloc_first_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
+smbldap_talloc_single_blob: bool (TALLOC_CTX *, LDAP *, LDAPMessage *, const char *, DATA_BLOB *)
+smbldap_talloc_smallest_attribute: char *(LDAP *, LDAPMessage *, const char *, TALLOC_CTX *)
diff --git a/source3/lib/addrchange.c b/source3/lib/addrchange.c
new file mode 100644
index 0000000..9a64e8d
--- /dev/null
+++ b/source3/lib/addrchange.c
@@ -0,0 +1,314 @@
+/*
+ * Samba Unix/Linux SMB client library
+ * Copyright (C) Volker Lendecke 2011
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/addrchange.h"
+#include "../lib/util/tevent_ntstatus.h"
+
+#ifdef HAVE_LINUX_RTNETLINK_H
+
+#include "asm/types.h"
+#include "linux/netlink.h"
+#include "linux/rtnetlink.h"
+#include "lib/tsocket/tsocket.h"
+
+struct addrchange_context {
+ struct tdgram_context *sock;
+};
+
+NTSTATUS addrchange_context_create(TALLOC_CTX *mem_ctx,
+ struct addrchange_context **pctx)
+{
+ struct addrchange_context *ctx;
+ struct sockaddr_nl addr;
+ NTSTATUS status;
+ int sock = -1;
+ int res;
+ bool ok;
+
+ ctx = talloc(mem_ctx, struct addrchange_context);
+ if (ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ if (sock == -1) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ ok = smb_set_close_on_exec(sock);
+ if (!ok) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ res = set_blocking(sock, false);
+ if (res == -1) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ /*
+ * We're interested in address changes
+ */
+ ZERO_STRUCT(addr);
+ addr.nl_family = AF_NETLINK;
+ addr.nl_groups = RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_IFADDR;
+
+ res = bind(sock, (struct sockaddr *)(void *)&addr, sizeof(addr));
+ if (res == -1) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ res = tdgram_bsd_existing_socket(ctx, sock, &ctx->sock);
+ if (res == -1) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ *pctx = ctx;
+ return NT_STATUS_OK;
+fail:
+ if (sock != -1) {
+ close(sock);
+ }
+ TALLOC_FREE(ctx);
+ return status;
+}
+
+struct addrchange_state {
+ struct tevent_context *ev;
+ struct addrchange_context *ctx;
+ uint8_t *buf;
+ struct tsocket_address *fromaddr;
+
+ enum addrchange_type type;
+ struct sockaddr_storage addr;
+};
+
+static void addrchange_done(struct tevent_req *subreq);
+
+struct tevent_req *addrchange_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct addrchange_context *ctx)
+{
+ struct tevent_req *req, *subreq;
+ struct addrchange_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct addrchange_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ctx = ctx;
+
+ subreq = tdgram_recvfrom_send(state, state->ev, state->ctx->sock);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, state->ev);
+ }
+ tevent_req_set_callback(subreq, addrchange_done, req);
+ return req;
+}
+
+static void addrchange_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct addrchange_state *state = tevent_req_data(
+ req, struct addrchange_state);
+ union {
+ struct sockaddr sa;
+ struct sockaddr_nl nl;
+ struct sockaddr_storage ss;
+ } fromaddr;
+ struct nlmsghdr *h;
+ struct ifaddrmsg *ifa;
+ struct rtattr *rta;
+ ssize_t received;
+ int len;
+ int err;
+ bool found;
+
+ received = tdgram_recvfrom_recv(subreq, &err, state,
+ &state->buf,
+ &state->fromaddr);
+ TALLOC_FREE(subreq);
+ if (received == -1) {
+ DEBUG(10, ("tdgram_recvfrom_recv returned %s\n", strerror(err)));
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+ len = tsocket_address_bsd_sockaddr(state->fromaddr,
+ &fromaddr.sa,
+ sizeof(fromaddr));
+
+ if ((len != sizeof(fromaddr.nl) ||
+ fromaddr.sa.sa_family != AF_NETLINK))
+ {
+ DEBUG(10, ("Got message from wrong addr\n"));
+ goto retry;
+ }
+
+ if (fromaddr.nl.nl_pid != 0) {
+ DEBUG(10, ("Got msg from pid %d, not from the kernel\n",
+ (int)fromaddr.nl.nl_pid));
+ goto retry;
+ }
+
+ if (received < sizeof(struct nlmsghdr)) {
+ DEBUG(10, ("received %d, expected at least %d\n",
+ (int)received, (int)sizeof(struct nlmsghdr)));
+ goto retry;
+ }
+
+ h = (struct nlmsghdr *)state->buf;
+ if (h->nlmsg_len < sizeof(struct nlmsghdr)) {
+ DEBUG(10, ("nlmsg_len=%d, expected at least %d\n",
+ (int)h->nlmsg_len, (int)sizeof(struct nlmsghdr)));
+ goto retry;
+ }
+ if (h->nlmsg_len > received) {
+ DEBUG(10, ("nlmsg_len=%d, expected at most %d\n",
+ (int)h->nlmsg_len, (int)received));
+ goto retry;
+ }
+ switch (h->nlmsg_type) {
+ case RTM_NEWADDR:
+ state->type = ADDRCHANGE_ADD;
+ break;
+ case RTM_DELADDR:
+ state->type = ADDRCHANGE_DEL;
+ break;
+ default:
+ DEBUG(10, ("Got unexpected type %d - ignoring\n", h->nlmsg_type));
+ goto retry;
+ }
+
+ if (h->nlmsg_len < sizeof(struct nlmsghdr)+sizeof(struct ifaddrmsg)) {
+ DEBUG(10, ("nlmsg_len=%d, expected at least %d\n",
+ (int)h->nlmsg_len,
+ (int)(sizeof(struct nlmsghdr)
+ +sizeof(struct ifaddrmsg))));
+ tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
+ return;
+ }
+
+ ifa = (struct ifaddrmsg *)NLMSG_DATA(h);
+
+ state->addr.ss_family = ifa->ifa_family;
+
+ len = h->nlmsg_len - sizeof(struct nlmsghdr) + sizeof(struct ifaddrmsg);
+
+ found = false;
+
+ for (rta = IFA_RTA(ifa); RTA_OK(rta, len); rta = RTA_NEXT(rta, len)) {
+
+ if ((rta->rta_type != IFA_LOCAL)
+ && (rta->rta_type != IFA_ADDRESS)) {
+ continue;
+ }
+
+ switch (ifa->ifa_family) {
+ case AF_INET: {
+ struct sockaddr_in *v4_addr;
+ v4_addr = (struct sockaddr_in *)(void *)&state->addr;
+
+ if (RTA_PAYLOAD(rta) != sizeof(uint32_t)) {
+ continue;
+ }
+ v4_addr->sin_addr.s_addr = *(uint32_t *)RTA_DATA(rta);
+ found = true;
+ break;
+ }
+ case AF_INET6: {
+ struct sockaddr_in6 *v6_addr;
+ v6_addr = (struct sockaddr_in6 *)(void *)&state->addr;
+
+ if (RTA_PAYLOAD(rta) !=
+ sizeof(v6_addr->sin6_addr.s6_addr)) {
+ continue;
+ }
+ memcpy(v6_addr->sin6_addr.s6_addr, RTA_DATA(rta),
+ sizeof(v6_addr->sin6_addr.s6_addr));
+ found = true;
+ break;
+ }
+ }
+ }
+
+ if (!found) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
+ return;
+ }
+
+ tevent_req_done(req);
+ return;
+
+retry:
+ TALLOC_FREE(state->buf);
+ TALLOC_FREE(state->fromaddr);
+
+ subreq = tdgram_recvfrom_send(state, state->ev, state->ctx->sock);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, addrchange_done, req);
+}
+
+NTSTATUS addrchange_recv(struct tevent_req *req, enum addrchange_type *type,
+ struct sockaddr_storage *addr)
+{
+ struct addrchange_state *state = tevent_req_data(
+ req, struct addrchange_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ *type = state->type;
+ *addr = state->addr;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+#else
+
+NTSTATUS addrchange_context_create(TALLOC_CTX *mem_ctx,
+ struct addrchange_context **pctx)
+{
+ return NT_STATUS_NOT_SUPPORTED;
+}
+
+struct tevent_req *addrchange_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct addrchange_context *ctx)
+{
+ return NULL;
+}
+
+NTSTATUS addrchange_recv(struct tevent_req *req, enum addrchange_type *type,
+ struct sockaddr_storage *addr)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+#endif
diff --git a/source3/lib/addrchange.h b/source3/lib/addrchange.h
new file mode 100644
index 0000000..1106380
--- /dev/null
+++ b/source3/lib/addrchange.h
@@ -0,0 +1,45 @@
+/*
+ * Samba Unix/Linux SMB client library
+ * Copyright (C) Volker Lendecke 2011
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __ADDRCHANGE_H__
+#define __ADDRCHANGE_H__
+
+#include "replace.h"
+#include "system/network.h"
+#include <talloc.h>
+#include <tevent.h>
+#include "libcli/util/ntstatus.h"
+
+struct addrchange_context;
+
+NTSTATUS addrchange_context_create(TALLOC_CTX *mem_ctx,
+ struct addrchange_context **pctx);
+
+struct tevent_req *addrchange_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct addrchange_context *ctx);
+
+enum addrchange_type {
+ ADDRCHANGE_ADD,
+ ADDRCHANGE_DEL
+};
+
+NTSTATUS addrchange_recv(struct tevent_req *req, enum addrchange_type *type,
+ struct sockaddr_storage *addr);
+
+#endif
diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c
new file mode 100644
index 0000000..1e8dbc4
--- /dev/null
+++ b/source3/lib/adouble.c
@@ -0,0 +1,2856 @@
+/*
+ * Samba AppleDouble helpers
+ *
+ * Copyright (C) Ralph Boehme, 2019
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "adouble.h"
+#include "MacExtensions.h"
+#include "string_replace.h"
+#include "smbd/smbd.h"
+#include "system/filesys.h"
+#include "libcli/security/security.h"
+#include "lib/util_macstreams.h"
+#include "auth.h"
+
+/*
+ "._" AppleDouble Header File Layout:
+
+ MAGIC 0x00051607
+ VERSION 0x00020000
+ FILLER 0
+ COUNT 2
+ .-- AD ENTRY[0] Finder Info Entry (must be first)
+ .--+-- AD ENTRY[1] Resource Fork Entry (must be last)
+ | | /////////////
+ | '-> FINDER INFO Fixed Size Data (32 Bytes)
+ | ~~~~~~~~~~~~~ 2 Bytes Padding
+ | EXT ATTR HDR Fixed Size Data (36 Bytes)
+ | /////////////
+ | ATTR ENTRY[0] --.
+ | ATTR ENTRY[1] --+--.
+ | ATTR ENTRY[2] --+--+--.
+ | ... | | |
+ | ATTR ENTRY[N] --+--+--+--.
+ | ATTR DATA 0 <-' | | |
+ | //////////// | | |
+ | ATTR DATA 1 <----' | |
+ | ///////////// | |
+ | ATTR DATA 2 <-------' |
+ | ///////////// |
+ | ... |
+ | ATTR DATA N <----------'
+ | /////////////
+ | ... Attribute Free Space
+ |
+ '----> RESOURCE FORK
+ ... Variable Sized Data
+ ...
+*/
+
+/* Number of actually used entries */
+#define ADEID_NUM_XATTR 8
+#define ADEID_NUM_DOT_UND 2
+#define ADEID_NUM_RSRC_XATTR 1
+
+/* Sizes of relevant entry bits */
+#define ADEDLEN_MAGIC 4
+#define ADEDLEN_VERSION 4
+#define ADEDLEN_FILLER 16
+#define AD_FILLER_TAG "Netatalk " /* should be 16 bytes */
+#define AD_FILLER_TAG_OSX "Mac OS X " /* should be 16 bytes */
+#define ADEDLEN_NENTRIES 2
+#define AD_HEADER_LEN (ADEDLEN_MAGIC + ADEDLEN_VERSION + \
+ ADEDLEN_FILLER + ADEDLEN_NENTRIES) /* 26 */
+#define AD_ENTRY_LEN_EID 4
+#define AD_ENTRY_LEN_OFF 4
+#define AD_ENTRY_LEN_LEN 4
+#define AD_ENTRY_LEN (AD_ENTRY_LEN_EID + AD_ENTRY_LEN_OFF + AD_ENTRY_LEN_LEN)
+
+/* Offsets */
+#define ADEDOFF_MAGIC 0
+#define ADEDOFF_VERSION (ADEDOFF_MAGIC + ADEDLEN_MAGIC)
+#define ADEDOFF_FILLER (ADEDOFF_VERSION + ADEDLEN_VERSION)
+#define ADEDOFF_NENTRIES (ADEDOFF_FILLER + ADEDLEN_FILLER)
+
+#define ADEDOFF_FINDERI_XATTR (AD_HEADER_LEN + \
+ (ADEID_NUM_XATTR * AD_ENTRY_LEN))
+#define ADEDOFF_COMMENT_XATTR (ADEDOFF_FINDERI_XATTR + ADEDLEN_FINDERI)
+#define ADEDOFF_FILEDATESI_XATTR (ADEDOFF_COMMENT_XATTR + ADEDLEN_COMMENT)
+#define ADEDOFF_AFPFILEI_XATTR (ADEDOFF_FILEDATESI_XATTR + \
+ ADEDLEN_FILEDATESI)
+#define ADEDOFF_PRIVDEV_XATTR (ADEDOFF_AFPFILEI_XATTR + ADEDLEN_AFPFILEI)
+#define ADEDOFF_PRIVINO_XATTR (ADEDOFF_PRIVDEV_XATTR + ADEDLEN_PRIVDEV)
+#define ADEDOFF_PRIVSYN_XATTR (ADEDOFF_PRIVINO_XATTR + ADEDLEN_PRIVINO)
+#define ADEDOFF_PRIVID_XATTR (ADEDOFF_PRIVSYN_XATTR + ADEDLEN_PRIVSYN)
+
+#define ADEDOFF_FINDERI_DOT_UND (AD_HEADER_LEN + \
+ (ADEID_NUM_DOT_UND * AD_ENTRY_LEN))
+#define ADEDOFF_RFORK_DOT_UND (ADEDOFF_FINDERI_DOT_UND + ADEDLEN_FINDERI)
+
+#define AD_DATASZ_XATTR (AD_HEADER_LEN + \
+ (ADEID_NUM_XATTR * AD_ENTRY_LEN) + \
+ ADEDLEN_FINDERI + ADEDLEN_COMMENT + \
+ ADEDLEN_FILEDATESI + ADEDLEN_AFPFILEI + \
+ ADEDLEN_PRIVDEV + ADEDLEN_PRIVINO + \
+ ADEDLEN_PRIVSYN + ADEDLEN_PRIVID)
+
+#if AD_DATASZ_XATTR != 402
+#error bad size for AD_DATASZ_XATTR
+#endif
+
+#define AD_DATASZ_DOT_UND (AD_HEADER_LEN + \
+ (ADEID_NUM_DOT_UND * AD_ENTRY_LEN) + \
+ ADEDLEN_FINDERI)
+#if AD_DATASZ_DOT_UND != 82
+#error bad size for AD_DATASZ_DOT_UND
+#endif
+
+#define AD_XATTR_HDR_MAGIC 0x41545452 /* 'ATTR' */
+#define AD_XATTR_MAX_ENTRIES 1024 /* Some arbitrarily enforced limit */
+#define AD_XATTR_HDR_SIZE 36
+#define AD_XATTR_MAX_HDR_SIZE 65536
+#define ADX_ENTRY_FIXED_SIZE (4+4+2+1)
+
+/*
+ * Both struct ad_xattr_header and struct ad_xattr_entry describe the in memory
+ * representation as well as the on-disk format.
+ *
+ * The ad_xattr_header follows the FinderInfo data in the FinderInfo entry if
+ * the length of the FinderInfo entry is larger then 32 bytes. It is then
+ * preceded with 2 bytes padding.
+ *
+ * Cf: https://opensource.apple.com/source/xnu/xnu-4570.1.46/bsd/vfs/vfs_xattr.c
+ */
+
+struct ad_xattr_header {
+ uint32_t adx_magic; /* ATTR_HDR_MAGIC */
+ uint32_t adx_debug_tag; /* for debugging == file id of owning file */
+ uint32_t adx_total_size; /* file offset of end of attribute header + entries + data */
+ uint32_t adx_data_start; /* file offset to attribute data area */
+ uint32_t adx_data_length; /* length of attribute data area */
+ uint32_t adx_reserved[3];
+ uint16_t adx_flags;
+ uint16_t adx_num_attrs;
+};
+
+/* On-disk entries are aligned on 4 byte boundaries */
+struct ad_xattr_entry {
+ uint32_t adx_offset; /* file offset to data */
+ uint32_t adx_length; /* size of attribute data */
+ uint16_t adx_flags;
+ uint8_t adx_namelen; /* included the NULL terminator */
+ char *adx_name; /* NULL-terminated UTF-8 name */
+};
+
+struct ad_entry {
+ size_t ade_off;
+ size_t ade_len;
+};
+
+struct adouble {
+ files_struct *ad_fsp;
+ bool ad_opened;
+ adouble_type_t ad_type;
+ uint32_t ad_magic;
+ uint32_t ad_version;
+ uint8_t ad_filler[ADEDLEN_FILLER];
+ struct ad_entry ad_eid[ADEID_MAX];
+ char *ad_data;
+ char *ad_rsrc_data;
+ struct ad_xattr_header adx_header;
+ struct ad_xattr_entry *adx_entries;
+ char *adx_data;
+};
+
+struct ad_entry_order {
+ uint32_t id, offset, len;
+};
+
+/* Netatalk AppleDouble metadata xattr */
+static const
+struct ad_entry_order entry_order_meta_xattr[ADEID_NUM_XATTR + 1] = {
+ {ADEID_FINDERI, ADEDOFF_FINDERI_XATTR, ADEDLEN_FINDERI},
+ {ADEID_COMMENT, ADEDOFF_COMMENT_XATTR, 0},
+ {ADEID_FILEDATESI, ADEDOFF_FILEDATESI_XATTR, ADEDLEN_FILEDATESI},
+ {ADEID_AFPFILEI, ADEDOFF_AFPFILEI_XATTR, ADEDLEN_AFPFILEI},
+ {ADEID_PRIVDEV, ADEDOFF_PRIVDEV_XATTR, 0},
+ {ADEID_PRIVINO, ADEDOFF_PRIVINO_XATTR, 0},
+ {ADEID_PRIVSYN, ADEDOFF_PRIVSYN_XATTR, 0},
+ {ADEID_PRIVID, ADEDOFF_PRIVID_XATTR, 0},
+ {0, 0, 0}
+};
+
+/* AppleDouble resource fork file (the ones prefixed by "._") */
+static const
+struct ad_entry_order entry_order_dot_und[ADEID_NUM_DOT_UND + 1] = {
+ {ADEID_FINDERI, ADEDOFF_FINDERI_DOT_UND, ADEDLEN_FINDERI},
+ {ADEID_RFORK, ADEDOFF_RFORK_DOT_UND, 0},
+ {0, 0, 0}
+};
+
+/* Conversion from enumerated id to on-disk AppleDouble id */
+#define AD_EID_DISK(a) (set_eid[a])
+static const uint32_t set_eid[] = {
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+ AD_DEV, AD_INO, AD_SYN, AD_ID
+};
+
+static char empty_resourcefork[] = {
+ 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1E,
+ 0x54, 0x68, 0x69, 0x73, 0x20, 0x72, 0x65, 0x73,
+ 0x6F, 0x75, 0x72, 0x63, 0x65, 0x20, 0x66, 0x6F,
+ 0x72, 0x6B, 0x20, 0x69, 0x6E, 0x74, 0x65, 0x6E,
+ 0x74, 0x69, 0x6F, 0x6E, 0x61, 0x6C, 0x6C, 0x79,
+ 0x20, 0x6C, 0x65, 0x66, 0x74, 0x20, 0x62, 0x6C,
+ 0x61, 0x6E, 0x6B, 0x20, 0x20, 0x20, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1E,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x1C, 0x00, 0x1E, 0xFF, 0xFF
+};
+
+size_t ad_getentrylen(const struct adouble *ad, int eid)
+{
+ return ad->ad_eid[eid].ade_len;
+}
+
+size_t ad_getentryoff(const struct adouble *ad, int eid)
+{
+ return ad->ad_eid[eid].ade_off;
+}
+
+size_t ad_setentrylen(struct adouble *ad, int eid, size_t len)
+{
+ return ad->ad_eid[eid].ade_len = len;
+}
+
+size_t ad_setentryoff(struct adouble *ad, int eid, size_t off)
+{
+ return ad->ad_eid[eid].ade_off = off;
+}
+
+/*
+ * All entries besides FinderInfo and resource fork must fit into the
+ * buffer. FinderInfo is special as it may be larger then the default 32 bytes
+ * if it contains marshalled xattrs, which we will fixup that in
+ * ad_convert(). The first 32 bytes however must also be part of the buffer.
+ *
+ * The resource fork is never accessed directly by the ad_data buf.
+ */
+static bool ad_entry_check_size(uint32_t eid,
+ size_t bufsize,
+ uint32_t off,
+ uint32_t got_len)
+{
+ struct {
+ off_t expected_len;
+ bool fixed_size;
+ bool minimum_size;
+ } ad_checks[] = {
+ [ADEID_DFORK] = {-1, false, false}, /* not applicable */
+ [ADEID_RFORK] = {-1, false, false}, /* no limit */
+ [ADEID_NAME] = {ADEDLEN_NAME, false, false},
+ [ADEID_COMMENT] = {ADEDLEN_COMMENT, false, false},
+ [ADEID_ICONBW] = {ADEDLEN_ICONBW, true, false},
+ [ADEID_ICONCOL] = {ADEDLEN_ICONCOL, false, false},
+ [ADEID_FILEI] = {ADEDLEN_FILEI, true, false},
+ [ADEID_FILEDATESI] = {ADEDLEN_FILEDATESI, true, false},
+ [ADEID_FINDERI] = {ADEDLEN_FINDERI, false, true},
+ [ADEID_MACFILEI] = {ADEDLEN_MACFILEI, true, false},
+ [ADEID_PRODOSFILEI] = {ADEDLEN_PRODOSFILEI, true, false},
+ [ADEID_MSDOSFILEI] = {ADEDLEN_MSDOSFILEI, true, false},
+ [ADEID_SHORTNAME] = {ADEDLEN_SHORTNAME, false, false},
+ [ADEID_AFPFILEI] = {ADEDLEN_AFPFILEI, true, false},
+ [ADEID_DID] = {ADEDLEN_DID, true, false},
+ [ADEID_PRIVDEV] = {ADEDLEN_PRIVDEV, true, false},
+ [ADEID_PRIVINO] = {ADEDLEN_PRIVINO, true, false},
+ [ADEID_PRIVSYN] = {ADEDLEN_PRIVSYN, true, false},
+ [ADEID_PRIVID] = {ADEDLEN_PRIVID, true, false},
+ };
+
+ if (eid >= ADEID_MAX) {
+ return false;
+ }
+ if (got_len == 0) {
+ /* Entry present, but empty, allow */
+ return true;
+ }
+ if (ad_checks[eid].expected_len == 0) {
+ /*
+ * Shouldn't happen: implicitly initialized to zero because
+ * explicit initializer missing.
+ */
+ return false;
+ }
+ if (ad_checks[eid].expected_len == -1) {
+ /* Unused or no limit */
+ return true;
+ }
+ if (ad_checks[eid].fixed_size) {
+ if (ad_checks[eid].expected_len != got_len) {
+ /* Wrong size for fixed size entry. */
+ return false;
+ }
+ } else {
+ if (ad_checks[eid].minimum_size) {
+ if (got_len < ad_checks[eid].expected_len) {
+ /*
+ * Too small for variable sized entry with
+ * minimum size.
+ */
+ return false;
+ }
+ } else {
+ if (got_len > ad_checks[eid].expected_len) {
+ /* Too big for variable sized entry. */
+ return false;
+ }
+ }
+ }
+ if (off + got_len < off) {
+ /* wrap around */
+ return false;
+ }
+ if (off + got_len > bufsize) {
+ /* overflow */
+ return false;
+ }
+ return true;
+}
+
+/**
+ * Return a pointer to an AppleDouble entry
+ *
+ * Returns NULL if the entry is not present
+ **/
+char *ad_get_entry(const struct adouble *ad, int eid)
+{
+ size_t bufsize = talloc_get_size(ad->ad_data);
+ off_t off = ad_getentryoff(ad, eid);
+ size_t len = ad_getentrylen(ad, eid);
+ bool valid;
+
+ valid = ad_entry_check_size(eid, bufsize, off, len);
+ if (!valid) {
+ return NULL;
+ }
+
+ if (off == 0 || len == 0) {
+ return NULL;
+ }
+
+ return ad->ad_data + off;
+}
+
+/**
+ * Get a date
+ **/
+int ad_getdate(const struct adouble *ad, unsigned int dateoff, uint32_t *date)
+{
+ bool xlate = (dateoff & AD_DATE_UNIX);
+ char *p = NULL;
+
+ dateoff &= AD_DATE_MASK;
+ p = ad_get_entry(ad, ADEID_FILEDATESI);
+ if (p == NULL) {
+ return -1;
+ }
+
+ if (dateoff > AD_DATE_ACCESS) {
+ return -1;
+ }
+
+ memcpy(date, p + dateoff, sizeof(uint32_t));
+
+ if (xlate) {
+ *date = AD_DATE_TO_UNIX(*date);
+ }
+ return 0;
+}
+
+/**
+ * Set a date
+ **/
+int ad_setdate(struct adouble *ad, unsigned int dateoff, uint32_t date)
+{
+ bool xlate = (dateoff & AD_DATE_UNIX);
+ char *p = NULL;
+
+ p = ad_get_entry(ad, ADEID_FILEDATESI);
+ if (p == NULL) {
+ return -1;
+ }
+
+ dateoff &= AD_DATE_MASK;
+ if (xlate) {
+ date = AD_DATE_FROM_UNIX(date);
+ }
+
+ if (dateoff > AD_DATE_ACCESS) {
+ return -1;
+ }
+
+ memcpy(p + dateoff, &date, sizeof(date));
+
+ return 0;
+}
+
+
+/**
+ * Map on-disk AppleDouble id to enumerated id
+ **/
+static uint32_t get_eid(uint32_t eid)
+{
+ if (eid <= 15) {
+ return eid;
+ }
+
+ switch (eid) {
+ case AD_DEV:
+ return ADEID_PRIVDEV;
+ case AD_INO:
+ return ADEID_PRIVINO;
+ case AD_SYN:
+ return ADEID_PRIVSYN;
+ case AD_ID:
+ return ADEID_PRIVID;
+ default:
+ break;
+ }
+
+ return 0;
+}
+
+/*
+ * Move resourcefork data in an AppleDouble file
+ *
+ * This is supposed to make room in an AppleDouble file by moving the
+ * resourcefork data behind the space required for packing additional xattr data
+ * in the extended FinderInfo entry.
+ *
+ * When we're called we're expecting an AppleDouble file with just two entries
+ * (FinderInfo an Resourcefork) and the resourcefork is expected at a fixed
+ * offset of ADEDOFF_RFORK_DOT_UND.
+ */
+static bool ad_pack_move_reso(struct vfs_handle_struct *handle,
+ struct adouble *ad,
+ files_struct *fsp)
+{
+ size_t reso_len;
+ size_t reso_off;
+ size_t n;
+ bool ok;
+
+ reso_len = ad_getentrylen(ad, ADEID_RFORK);
+ reso_off = ad_getentryoff(ad, ADEID_RFORK);
+
+ if (reso_len == 0) {
+ return true;
+ }
+
+ if (ad->ad_rsrc_data == NULL) {
+ /*
+ * This buffer is already set when converting a resourcefork
+ * stream from vfs_streams_depot backend via ad_unconvert(). It
+ * is NULL with vfs_streams_xattr where the resourcefork stream
+ * is stored in an AppleDouble sidecar file vy vfs_fruit.
+ */
+ ad->ad_rsrc_data = talloc_size(ad, reso_len);
+ if (ad->ad_rsrc_data == NULL) {
+ return false;
+ }
+
+ n = SMB_VFS_NEXT_PREAD(handle,
+ fsp,
+ ad->ad_rsrc_data,
+ reso_len,
+ ADEDOFF_RFORK_DOT_UND);
+ if (n != reso_len) {
+ DBG_ERR("Read on [%s] failed\n",
+ fsp_str_dbg(fsp));
+ ok = false;
+ goto out;
+ }
+ }
+
+ n = SMB_VFS_NEXT_PWRITE(handle,
+ fsp,
+ ad->ad_rsrc_data,
+ reso_len,
+ reso_off);
+ if (n != reso_len) {
+ DBG_ERR("Write on [%s] failed\n",
+ fsp_str_dbg(fsp));
+ ok = false;
+ goto out;
+ }
+
+ ok = true;
+out:
+ return ok;
+}
+
+static bool ad_pack_xattrs(struct vfs_handle_struct *handle,
+ struct adouble *ad,
+ files_struct *fsp)
+{
+ struct ad_xattr_header *h = &ad->adx_header;
+ size_t oldsize;
+ uint32_t off;
+ uint32_t data_off;
+ uint16_t i;
+ bool ok;
+
+ if (ad->adx_entries == NULL) {
+ /* No xattrs, nothing to pack */
+ return true;
+ }
+
+ if (fsp == NULL) {
+ DBG_ERR("fsp unexpectedly NULL\n");
+ return false;
+ }
+
+ oldsize = talloc_get_size(ad->ad_data);
+ if (oldsize < AD_XATTR_MAX_HDR_SIZE) {
+ ad->ad_data = talloc_realloc(ad,
+ ad->ad_data,
+ char,
+ AD_XATTR_MAX_HDR_SIZE);
+ if (ad->ad_data == NULL) {
+ return false;
+ }
+ memset(ad->ad_data + oldsize,
+ 0,
+ AD_XATTR_MAX_HDR_SIZE - oldsize);
+ }
+
+ /*
+ * First, let's calculate the start of the xattr data area which will be
+ * after the xattr header + header entries.
+ */
+
+ data_off = ad_getentryoff(ad, ADEID_FINDERI);
+ data_off += ADEDLEN_FINDERI + AD_XATTR_HDR_SIZE;
+ /* 2 bytes padding */
+ data_off += 2;
+
+ for (i = 0; i < h->adx_num_attrs; i++) {
+ struct ad_xattr_entry *e = &ad->adx_entries[i];
+
+ /* Align on 4 byte boundary */
+ data_off = (data_off + 3) & ~3;
+
+ data_off += e->adx_namelen + ADX_ENTRY_FIXED_SIZE;
+ if (data_off >= AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+ }
+
+ off = ad_getentryoff(ad, ADEID_FINDERI);
+ off += ADEDLEN_FINDERI + AD_XATTR_HDR_SIZE;
+ /* 2 bytes padding */
+ off += 2;
+
+ for (i = 0; i < h->adx_num_attrs; i++) {
+ struct ad_xattr_entry *e = &ad->adx_entries[i];
+
+ /* Align on 4 byte boundary */
+ off = (off + 3) & ~3;
+
+ e->adx_offset = data_off;
+ data_off += e->adx_length;
+
+ DBG_DEBUG("%zu(%s){%zu}: off [%zu] adx_length [%zu] "
+ "adx_data_off [%zu]\n",
+ (size_t)i,
+ e->adx_name,
+ (size_t)e->adx_namelen,
+ (size_t)off,
+ (size_t)e->adx_length,
+ (size_t)e->adx_offset);
+
+ if (off + 4 >= AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+ RSIVAL(ad->ad_data, off, e->adx_offset);
+ off += 4;
+
+ if (off + 4 >= AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+ RSIVAL(ad->ad_data, off, e->adx_length);
+ off += 4;
+
+ if (off + 2 >= AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+ RSSVAL(ad->ad_data, off, e->adx_flags);
+ off += 2;
+
+ if (off + 1 >= AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+ SCVAL(ad->ad_data, off, e->adx_namelen);
+ off += 1;
+
+ if (off + e->adx_namelen >= AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+ memcpy(ad->ad_data + off, e->adx_name, e->adx_namelen);
+ off += e->adx_namelen;
+ }
+
+ h->adx_data_start = off;
+ h->adx_data_length = talloc_get_size(ad->adx_data);
+ h->adx_total_size = h->adx_data_start + h->adx_data_length;
+
+ if (talloc_get_size(ad->ad_data) < h->adx_total_size) {
+ ad->ad_data = talloc_realloc(ad,
+ ad->ad_data,
+ char,
+ h->adx_total_size);
+ if (ad->ad_data == NULL) {
+ return false;
+ }
+ }
+
+ memcpy(ad->ad_data + h->adx_data_start,
+ ad->adx_data,
+ h->adx_data_length);
+
+ ad_setentrylen(ad,
+ ADEID_FINDERI,
+ h->adx_total_size - ad_getentryoff(ad, ADEID_FINDERI));
+
+ ad_setentryoff(ad,
+ ADEID_RFORK,
+ ad_getentryoff(ad, ADEID_FINDERI) +
+ ad_getentrylen(ad, ADEID_FINDERI));
+
+ memcpy(ad->ad_data + ADEDOFF_FILLER, AD_FILLER_TAG_OSX, ADEDLEN_FILLER);
+
+ /*
+ * Rewind, then update the header fields.
+ */
+
+ off = ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI;
+ /* 2 bytes padding */
+ off += 2;
+
+ RSIVAL(ad->ad_data, off, AD_XATTR_HDR_MAGIC);
+ off += 4;
+ RSIVAL(ad->ad_data, off, 0);
+ off += 4;
+ RSIVAL(ad->ad_data, off, h->adx_total_size);
+ off += 4;
+ RSIVAL(ad->ad_data, off, h->adx_data_start);
+ off += 4;
+ RSIVAL(ad->ad_data, off, h->adx_data_length);
+ off += 4;
+
+ /* adx_reserved and adx_flags */
+ memset(ad->ad_data + off, 0, 3 * 4 + 2);
+ off += 3 * 4 + 2;
+
+ RSSVAL(ad->ad_data, off, h->adx_num_attrs);
+ off += 2;
+
+ ok = ad_pack_move_reso(handle, ad, fsp);
+ if (!ok) {
+ DBG_ERR("Moving resourcefork of [%s] failed\n",
+ fsp_str_dbg(fsp));
+ return false;
+ }
+
+ return true;
+}
+
+/**
+ * Pack AppleDouble structure into data buffer
+ **/
+static bool ad_pack(struct vfs_handle_struct *handle,
+ struct adouble *ad,
+ files_struct *fsp)
+{
+ uint32_t eid;
+ uint16_t nent;
+ uint32_t bufsize;
+ uint32_t offset = 0;
+ bool ok;
+
+ bufsize = talloc_get_size(ad->ad_data);
+ if (bufsize < AD_DATASZ_DOT_UND) {
+ DBG_ERR("bad buffer size [0x%" PRIx32 "]\n", bufsize);
+ return false;
+ }
+
+ if (offset + ADEDLEN_MAGIC < offset ||
+ offset + ADEDLEN_MAGIC >= bufsize) {
+ return false;
+ }
+ RSIVAL(ad->ad_data, offset, ad->ad_magic);
+ offset += ADEDLEN_MAGIC;
+
+ if (offset + ADEDLEN_VERSION < offset ||
+ offset + ADEDLEN_VERSION >= bufsize) {
+ return false;
+ }
+ RSIVAL(ad->ad_data, offset, ad->ad_version);
+ offset += ADEDLEN_VERSION;
+
+ if (offset + ADEDLEN_FILLER < offset ||
+ offset + ADEDLEN_FILLER >= bufsize) {
+ return false;
+ }
+ if (ad->ad_type == ADOUBLE_RSRC) {
+ memcpy(ad->ad_data + offset, AD_FILLER_TAG, ADEDLEN_FILLER);
+ }
+ offset += ADEDLEN_FILLER;
+
+ if (offset + ADEDLEN_NENTRIES < offset ||
+ offset + ADEDLEN_NENTRIES >= bufsize) {
+ return false;
+ }
+ offset += ADEDLEN_NENTRIES;
+
+ ok = ad_pack_xattrs(handle, ad, fsp);
+ if (!ok) {
+ return false;
+ }
+
+ for (eid = 0, nent = 0; eid < ADEID_MAX; eid++) {
+ if (ad->ad_eid[eid].ade_off == 0) {
+ /*
+ * ade_off is also used as indicator whether a
+ * specific entry is used or not
+ */
+ continue;
+ }
+
+ if (offset + AD_ENTRY_LEN_EID < offset ||
+ offset + AD_ENTRY_LEN_EID >= bufsize) {
+ return false;
+ }
+ RSIVAL(ad->ad_data, offset, AD_EID_DISK(eid));
+ offset += AD_ENTRY_LEN_EID;
+
+ if (offset + AD_ENTRY_LEN_OFF < offset ||
+ offset + AD_ENTRY_LEN_OFF >= bufsize) {
+ return false;
+ }
+ RSIVAL(ad->ad_data, offset, ad->ad_eid[eid].ade_off);
+ offset += AD_ENTRY_LEN_OFF;
+
+ if (offset + AD_ENTRY_LEN_LEN < offset ||
+ offset + AD_ENTRY_LEN_LEN >= bufsize) {
+ return false;
+ }
+ RSIVAL(ad->ad_data, offset, ad->ad_eid[eid].ade_len);
+ offset += AD_ENTRY_LEN_LEN;
+
+ nent++;
+ }
+
+ if (ADEDOFF_NENTRIES + 2 >= bufsize) {
+ return false;
+ }
+ RSSVAL(ad->ad_data, ADEDOFF_NENTRIES, nent);
+
+ return true;
+}
+
+static bool ad_unpack_xattrs(struct adouble *ad)
+{
+ struct ad_xattr_header *h = &ad->adx_header;
+ size_t bufsize = talloc_get_size(ad->ad_data);
+ const char *p = ad->ad_data;
+ uint32_t hoff;
+ uint32_t i;
+
+ if (ad->ad_type != ADOUBLE_RSRC) {
+ return false;
+ }
+
+ if (ad_getentrylen(ad, ADEID_FINDERI) <= ADEDLEN_FINDERI) {
+ return true;
+ }
+
+ /*
+ * Ensure the buffer ad->ad_data was allocated by ad_alloc() for an
+ * ADOUBLE_RSRC type (._ AppleDouble file on-disk).
+ */
+ if (bufsize != AD_XATTR_MAX_HDR_SIZE) {
+ return false;
+ }
+
+ /* 2 bytes padding */
+ hoff = ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI + 2;
+
+ h->adx_magic = RIVAL(p, hoff + 0);
+ h->adx_debug_tag = RIVAL(p, hoff + 4); /* Not used -> not checked */
+ h->adx_total_size = RIVAL(p, hoff + 8);
+ h->adx_data_start = RIVAL(p, hoff + 12);
+ h->adx_data_length = RIVAL(p, hoff + 16);
+ h->adx_flags = RSVAL(p, hoff + 32); /* Not used -> not checked */
+ h->adx_num_attrs = RSVAL(p, hoff + 34);
+
+ if (h->adx_magic != AD_XATTR_HDR_MAGIC) {
+ DBG_ERR("Bad magic: 0x%" PRIx32 "\n", h->adx_magic);
+ return false;
+ }
+
+ if (h->adx_total_size > ad_getentryoff(ad, ADEID_RFORK)) {
+ DBG_ERR("Bad total size: 0x%" PRIx32 "\n", h->adx_total_size);
+ return false;
+ }
+ if (h->adx_total_size > AD_XATTR_MAX_HDR_SIZE) {
+ DBG_ERR("Bad total size: 0x%" PRIx32 "\n", h->adx_total_size);
+ return false;
+ }
+
+ if (h->adx_data_start < (hoff + AD_XATTR_HDR_SIZE)) {
+ DBG_ERR("Bad start: 0x%" PRIx32 "\n", h->adx_data_start);
+ return false;
+ }
+
+ if ((h->adx_data_start + h->adx_data_length) < h->adx_data_start) {
+ DBG_ERR("Bad length: %" PRIu32 "\n", h->adx_data_length);
+ return false;
+ }
+ if ((h->adx_data_start + h->adx_data_length) >
+ ad->adx_header.adx_total_size)
+ {
+ DBG_ERR("Bad length: %" PRIu32 "\n", h->adx_data_length);
+ return false;
+ }
+
+ if (h->adx_num_attrs > AD_XATTR_MAX_ENTRIES) {
+ DBG_ERR("Bad num xattrs: %" PRIu16 "\n", h->adx_num_attrs);
+ return false;
+ }
+
+ if (h->adx_num_attrs == 0) {
+ return true;
+ }
+
+ ad->adx_entries = talloc_zero_array(
+ ad, struct ad_xattr_entry, h->adx_num_attrs);
+ if (ad->adx_entries == NULL) {
+ return false;
+ }
+
+ hoff += AD_XATTR_HDR_SIZE;
+
+ for (i = 0; i < h->adx_num_attrs; i++) {
+ struct ad_xattr_entry *e = &ad->adx_entries[i];
+
+ hoff = (hoff + 3) & ~3;
+
+ e->adx_offset = RIVAL(p, hoff + 0);
+ e->adx_length = RIVAL(p, hoff + 4);
+ e->adx_flags = RSVAL(p, hoff + 8);
+ e->adx_namelen = *(p + hoff + 10);
+
+ if (e->adx_offset >= ad->adx_header.adx_total_size) {
+ DBG_ERR("Bad adx_offset: %" PRIx32 "\n",
+ e->adx_offset);
+ return false;
+ }
+
+ if ((e->adx_offset + e->adx_length) < e->adx_offset) {
+ DBG_ERR("Bad adx_length: %" PRIx32 "\n",
+ e->adx_length);
+ return false;
+ }
+
+ if ((e->adx_offset + e->adx_length) >
+ ad->adx_header.adx_total_size)
+ {
+ DBG_ERR("Bad adx_length: %" PRIx32 "\n",
+ e->adx_length);
+ return false;
+ }
+
+ if (e->adx_namelen == 0) {
+ DBG_ERR("Bad adx_namelen: %" PRIx32 "\n",
+ e->adx_namelen);
+ return false;
+ }
+ if ((hoff + 11 + e->adx_namelen) < hoff + 11) {
+ DBG_ERR("Bad adx_namelen: %" PRIx32 "\n",
+ e->adx_namelen);
+ return false;
+ }
+ if ((hoff + 11 + e->adx_namelen) >
+ ad->adx_header.adx_data_start)
+ {
+ DBG_ERR("Bad adx_namelen: %" PRIx32 "\n",
+ e->adx_namelen);
+ return false;
+ }
+
+ e->adx_name = talloc_strndup(ad->adx_entries,
+ p + hoff + 11,
+ e->adx_namelen);
+ if (e->adx_name == NULL) {
+ return false;
+ }
+
+ DBG_DEBUG("xattr [%s] offset [0x%x] size [0x%x]\n",
+ e->adx_name, e->adx_offset, e->adx_length);
+ dump_data(10, (uint8_t *)(ad->ad_data + e->adx_offset),
+ e->adx_length);
+
+ hoff += 11 + e->adx_namelen;
+ }
+
+ return true;
+}
+
+/**
+ * Unpack an AppleDouble blob into a struct adoble
+ **/
+static bool ad_unpack(struct adouble *ad, const size_t nentries,
+ size_t filesize)
+{
+ size_t bufsize = talloc_get_size(ad->ad_data);
+ size_t adentries, i;
+ uint32_t eid, len, off;
+ bool ok;
+
+ /*
+ * The size of the buffer ad->ad_data is checked when read, so
+ * we wouldn't have to check our own offsets, a few extra
+ * checks won't hurt though. We have to check the offsets we
+ * read from the buffer anyway.
+ */
+
+ if (bufsize < (AD_HEADER_LEN + (AD_ENTRY_LEN * nentries))) {
+ DBG_NOTICE("Bad size\n");
+ return false;
+ }
+
+ ad->ad_magic = RIVAL(ad->ad_data, 0);
+ ad->ad_version = RIVAL(ad->ad_data, ADEDOFF_VERSION);
+ if ((ad->ad_magic != AD_MAGIC) || (ad->ad_version != AD_VERSION)) {
+ DBG_NOTICE("Wrong magic or version\n");
+ return false;
+ }
+
+ memcpy(ad->ad_filler, ad->ad_data + ADEDOFF_FILLER, ADEDLEN_FILLER);
+
+ adentries = RSVAL(ad->ad_data, ADEDOFF_NENTRIES);
+ if (adentries != nentries) {
+ DBG_NOTICE("Invalid number of entries: %zu\n", adentries);
+ return false;
+ }
+
+ /* now, read in the entry bits */
+ for (i = 0; i < adentries; i++) {
+ eid = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN));
+ eid = get_eid(eid);
+ off = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) + 4);
+ len = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) + 8);
+
+ if (!eid || eid >= ADEID_MAX) {
+ DBG_NOTICE("Bogus eid %d\n", eid);
+ return false;
+ }
+
+ /*
+ * All entries other than the resource fork are
+ * expected to be read into the ad_data buffer, so
+ * ensure the specified offset is within that bound
+ */
+ if ((off > bufsize) && (eid != ADEID_RFORK)) {
+ DBG_NOTICE("Bogus eid %d: off: %" PRIu32
+ ", len: %" PRIu32 "\n",
+ eid,
+ off,
+ len);
+ return false;
+ }
+
+ ok = ad_entry_check_size(eid, bufsize, off, len);
+ if (!ok) {
+ DBG_NOTICE("Bogus eid [%" PRIu32 "] bufsize [%zu] "
+ "off [%" PRIu32 "] len [%" PRIu32 "]\n",
+ eid,
+ bufsize,
+ off,
+ len);
+ return false;
+ }
+
+ /*
+ * That would be obviously broken
+ */
+ if (off > filesize) {
+ DBG_NOTICE("Bogus eid %d: off: %" PRIu32
+ ", len: %" PRIu32 "\n",
+ eid,
+ off,
+ len);
+ return false;
+ }
+
+ /*
+ * Check for any entry that has its end beyond the
+ * filesize.
+ */
+ if (off + len < off) {
+ DBG_NOTICE("offset wrap in eid %d: off: %" PRIu32
+ ", len: %" PRIu32 "\n",
+ eid,
+ off,
+ len);
+ return false;
+
+ }
+ if (off + len > filesize) {
+ /*
+ * If this is the resource fork entry, we fix
+ * up the length, for any other entry we bail
+ * out.
+ */
+ if (eid != ADEID_RFORK) {
+ DBG_NOTICE("Bogus eid %d: off: %" PRIu32
+ ", len: %" PRIu32 "\n",
+ eid,
+ off,
+ len);
+ return false;
+ }
+
+ /*
+ * Fixup the resource fork entry by limiting
+ * the size to entryoffset - filesize.
+ */
+ len = filesize - off;
+ DBG_NOTICE("Limiting ADEID_RFORK: off: %" PRIu32
+ ", len: %" PRIu32 "\n",
+ off,
+ len);
+ }
+
+ ad->ad_eid[eid].ade_off = off;
+ ad->ad_eid[eid].ade_len = len;
+ }
+
+ if (ad->ad_type == ADOUBLE_RSRC) {
+ ok = ad_unpack_xattrs(ad);
+ if (!ok) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+static bool ad_convert_move_reso(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ char *buf = NULL;
+ size_t rforklen;
+ size_t rforkoff;
+ ssize_t n;
+ int ret;
+
+ rforklen = ad_getentrylen(ad, ADEID_RFORK);
+ if (rforklen == 0) {
+ return true;
+ }
+
+ buf = talloc_size(ad, rforklen);
+ if (buf == NULL) {
+ /*
+ * This allocates a buffer for reading the resource fork data in
+ * one big swoop. Resource forks won't be larger then, say, 64
+ * MB, I swear, so just doing the allocation with the talloc
+ * limit as safeguard seems safe.
+ */
+ DBG_ERR("Failed to allocate %zu bytes for rfork\n",
+ rforklen);
+ return false;
+ }
+
+ rforkoff = ad_getentryoff(ad, ADEID_RFORK);
+
+ n = SMB_VFS_PREAD(ad->ad_fsp, buf, rforklen, rforkoff);
+ if (n != rforklen) {
+ DBG_ERR("Reading %zu bytes from rfork [%s] failed: %s\n",
+ rforklen, fsp_str_dbg(ad->ad_fsp), strerror(errno));
+ return false;
+ }
+
+ rforkoff = ADEDOFF_RFORK_DOT_UND;
+
+ n = SMB_VFS_PWRITE(ad->ad_fsp, buf, rforklen, rforkoff);
+ if (n != rforklen) {
+ DBG_ERR("Writing %zu bytes to rfork [%s] failed: %s\n",
+ rforklen, fsp_str_dbg(ad->ad_fsp), strerror(errno));
+ return false;
+ }
+
+ ad_setentryoff(ad, ADEID_RFORK, ADEDOFF_RFORK_DOT_UND);
+
+ ret = ad_fset(handle, ad, ad->ad_fsp);
+ if (ret != 0) {
+ DBG_ERR("ad_fset on [%s] failed\n", fsp_str_dbg(ad->ad_fsp));
+ return false;
+ }
+
+ return true;
+}
+
+static bool ad_convert_xattr(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname,
+ const char *catia_mappings,
+ bool *converted_xattr)
+{
+ static struct char_mappings **string_replace_cmaps = NULL;
+ uint16_t i;
+ int saved_errno = 0;
+ NTSTATUS status;
+ int rc;
+ bool ok;
+
+ *converted_xattr = false;
+
+ if (ad_getentrylen(ad, ADEID_FINDERI) == ADEDLEN_FINDERI) {
+ return true;
+ }
+
+ if (string_replace_cmaps == NULL) {
+ const char **mappings = NULL;
+
+ mappings = str_list_make_v3_const(
+ talloc_tos(), catia_mappings, NULL);
+ if (mappings == NULL) {
+ return false;
+ }
+ string_replace_cmaps = string_replace_init_map(
+ handle->conn->sconn, mappings);
+ TALLOC_FREE(mappings);
+ }
+
+ for (i = 0; i < ad->adx_header.adx_num_attrs; i++) {
+ struct ad_xattr_entry *e = &ad->adx_entries[i];
+ char *mapped_name = NULL;
+ char *tmp = NULL;
+ struct smb_filename *stream_name = NULL;
+ files_struct *fsp = NULL;
+ ssize_t nwritten;
+
+ status = string_replace_allocate(handle->conn,
+ e->adx_name,
+ string_replace_cmaps,
+ talloc_tos(),
+ &mapped_name,
+ vfs_translate_to_windows);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))
+ {
+ DBG_ERR("string_replace_allocate failed\n");
+ ok = false;
+ goto fail;
+ }
+
+ tmp = mapped_name;
+ mapped_name = talloc_asprintf(talloc_tos(), ":%s", tmp);
+ TALLOC_FREE(tmp);
+ if (mapped_name == NULL) {
+ ok = false;
+ goto fail;
+ }
+
+ stream_name = synthetic_smb_fname(talloc_tos(),
+ smb_fname->base_name,
+ mapped_name,
+ NULL,
+ smb_fname->twrp,
+ smb_fname->flags);
+ TALLOC_FREE(mapped_name);
+ if (stream_name == NULL) {
+ DBG_ERR("synthetic_smb_fname failed\n");
+ ok = false;
+ goto fail;
+ }
+
+ DBG_DEBUG("stream_name: %s\n", smb_fname_str_dbg(stream_name));
+
+ status = openat_pathref_fsp(handle->conn->cwd_fsp, stream_name);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND))
+ {
+ ok = false;
+ goto fail;
+ }
+
+ status = SMB_VFS_CREATE_FILE(
+ handle->conn, /* conn */
+ NULL, /* req */
+ NULL, /* dirfsp */
+ stream_name, /* fname */
+ FILE_GENERIC_WRITE, /* access_mask */
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN_IF, /* create_disposition */
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ NULL, /* lease */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL, /* psbuf */
+ NULL, NULL); /* create context */
+ TALLOC_FREE(stream_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("SMB_VFS_CREATE_FILE failed\n");
+ ok = false;
+ goto fail;
+ }
+
+ nwritten = SMB_VFS_PWRITE(fsp,
+ ad->ad_data + e->adx_offset,
+ e->adx_length,
+ 0);
+ if (nwritten == -1) {
+ DBG_ERR("SMB_VFS_PWRITE failed\n");
+ saved_errno = errno;
+ close_file_free(NULL, &fsp, ERROR_CLOSE);
+ errno = saved_errno;
+ ok = false;
+ goto fail;
+ }
+
+ status = close_file_free(NULL, &fsp, NORMAL_CLOSE);
+ if (!NT_STATUS_IS_OK(status)) {
+ ok = false;
+ goto fail;
+ }
+ fsp = NULL;
+ }
+
+ ad->adx_header.adx_num_attrs = 0;
+ TALLOC_FREE(ad->adx_entries);
+
+ ad_setentrylen(ad, ADEID_FINDERI, ADEDLEN_FINDERI);
+
+ rc = ad_fset(handle, ad, ad->ad_fsp);
+ if (rc != 0) {
+ DBG_ERR("ad_fset on [%s] failed: %s\n",
+ fsp_str_dbg(ad->ad_fsp), strerror(errno));
+ ok = false;
+ goto fail;
+ }
+
+ ok = ad_convert_move_reso(handle, ad, smb_fname);
+ if (!ok) {
+ goto fail;
+ }
+
+ *converted_xattr = true;
+ ok = true;
+
+fail:
+ return ok;
+}
+
+static bool ad_convert_finderinfo(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ char *p_ad = NULL;
+ AfpInfo *ai = NULL;
+ DATA_BLOB aiblob;
+ struct smb_filename *stream_name = NULL;
+ files_struct *fsp = NULL;
+ size_t size;
+ ssize_t nwritten;
+ NTSTATUS status;
+ int saved_errno = 0;
+ int cmp;
+
+ cmp = memcmp(ad->ad_filler, AD_FILLER_TAG_OSX, ADEDLEN_FILLER);
+ if (cmp != 0) {
+ return true;
+ }
+
+ p_ad = ad_get_entry(ad, ADEID_FINDERI);
+ if (p_ad == NULL) {
+ return false;
+ }
+
+ ai = afpinfo_new(talloc_tos());
+ if (ai == NULL) {
+ return false;
+ }
+
+ memcpy(ai->afpi_FinderInfo, p_ad, ADEDLEN_FINDERI);
+
+ aiblob = data_blob_talloc(talloc_tos(), NULL, AFP_INFO_SIZE);
+ if (aiblob.data == NULL) {
+ TALLOC_FREE(ai);
+ return false;
+ }
+
+ size = afpinfo_pack(ai, (char *)aiblob.data);
+ TALLOC_FREE(ai);
+ if (size != AFP_INFO_SIZE) {
+ return false;
+ }
+
+ stream_name = synthetic_smb_fname(talloc_tos(),
+ smb_fname->base_name,
+ AFPINFO_STREAM,
+ NULL,
+ smb_fname->twrp,
+ smb_fname->flags);
+ if (stream_name == NULL) {
+ data_blob_free(&aiblob);
+ DBG_ERR("synthetic_smb_fname failed\n");
+ return false;
+ }
+
+ DBG_DEBUG("stream_name: %s\n", smb_fname_str_dbg(stream_name));
+
+ status = openat_pathref_fsp(handle->conn->cwd_fsp, stream_name);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND))
+ {
+ return false;
+ }
+
+ status = SMB_VFS_CREATE_FILE(
+ handle->conn, /* conn */
+ NULL, /* req */
+ NULL, /* dirfsp */
+ stream_name, /* fname */
+ FILE_GENERIC_WRITE, /* access_mask */
+ FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN_IF, /* create_disposition */
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ NULL, /* lease */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL, /* psbuf */
+ NULL, NULL); /* create context */
+ TALLOC_FREE(stream_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("SMB_VFS_CREATE_FILE failed\n");
+ return false;
+ }
+
+ nwritten = SMB_VFS_PWRITE(fsp,
+ aiblob.data,
+ aiblob.length,
+ 0);
+ if (nwritten == -1) {
+ DBG_ERR("SMB_VFS_PWRITE failed\n");
+ saved_errno = errno;
+ close_file_free(NULL, &fsp, ERROR_CLOSE);
+ errno = saved_errno;
+ return false;
+ }
+
+ status = close_file_free(NULL, &fsp, NORMAL_CLOSE);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+ fsp = NULL;
+
+ return true;
+}
+
+static bool ad_convert_truncate(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ int rc;
+ off_t newlen;
+
+ newlen = ADEDOFF_RFORK_DOT_UND + ad_getentrylen(ad, ADEID_RFORK);
+
+ rc = SMB_VFS_FTRUNCATE(ad->ad_fsp, newlen);
+ if (rc != 0) {
+ return false;
+ }
+
+ return true;
+}
+
+static bool ad_convert_blank_rfork(vfs_handle_struct *handle,
+ struct adouble *ad,
+ uint32_t flags,
+ bool *blank)
+{
+ size_t rforklen = sizeof(empty_resourcefork);
+ char buf[rforklen];
+ ssize_t nread;
+ int cmp;
+ int rc;
+
+ *blank = false;
+
+ if (!(flags & AD_CONV_WIPE_BLANK)) {
+ return true;
+ }
+
+ if (ad_getentrylen(ad, ADEID_RFORK) != rforklen) {
+ return true;
+ }
+
+ nread = SMB_VFS_PREAD(ad->ad_fsp, buf, rforklen, ADEDOFF_RFORK_DOT_UND);
+ if (nread != rforklen) {
+ DBG_ERR("Reading %zu bytes from rfork [%s] failed: %s\n",
+ rforklen, fsp_str_dbg(ad->ad_fsp), strerror(errno));
+ return false;
+ }
+
+ cmp = memcmp(buf, empty_resourcefork, rforklen);
+ if (cmp != 0) {
+ return true;
+ }
+
+ ad_setentrylen(ad, ADEID_RFORK, 0);
+
+ rc = ad_fset(handle, ad, ad->ad_fsp);
+ if (rc != 0) {
+ DBG_ERR("ad_fset on [%s] failed\n", fsp_str_dbg(ad->ad_fsp));
+ return false;
+ }
+
+ *blank = true;
+ return true;
+}
+
+static bool ad_convert_delete_adfile(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname,
+ uint32_t flags)
+{
+ struct smb_filename *parent_fname = NULL;
+ struct smb_filename *at_fname = NULL;
+ struct smb_filename *ad_name = NULL;
+ NTSTATUS status;
+ int rc;
+
+ if (ad_getentrylen(ad, ADEID_RFORK) > 0) {
+ return true;
+ }
+
+ if (!(flags & AD_CONV_DELETE)) {
+ return true;
+ }
+
+ rc = adouble_path(talloc_tos(), smb_fname, &ad_name);
+ if (rc != 0) {
+ return false;
+ }
+
+ status = parent_pathref(talloc_tos(),
+ handle->conn->cwd_fsp,
+ ad_name,
+ &parent_fname,
+ &at_fname);
+ TALLOC_FREE(ad_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ rc = SMB_VFS_NEXT_UNLINKAT(handle,
+ parent_fname->fsp,
+ at_fname,
+ 0);
+ if (rc != 0) {
+ DBG_ERR("Unlinking [%s/%s] failed: %s\n",
+ smb_fname_str_dbg(parent_fname),
+ smb_fname_str_dbg(at_fname), strerror(errno));
+ TALLOC_FREE(parent_fname);
+ return false;
+ }
+
+ DBG_WARNING("Unlinked [%s/%s] after conversion\n",
+ smb_fname_str_dbg(parent_fname),
+ smb_fname_str_dbg(at_fname));
+ TALLOC_FREE(parent_fname);
+
+ return true;
+}
+
+/**
+ * Convert from Apple's ._ file to Netatalk
+ *
+ * Apple's AppleDouble may contain a FinderInfo entry longer then 32
+ * bytes containing packed xattrs.
+ *
+ * @return -1 in case an error occurred, 0 if no conversion was done, 1
+ * otherwise
+ **/
+int ad_convert(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ const char *catia_mappings,
+ uint32_t flags)
+{
+ struct adouble *ad = NULL;
+ bool ok;
+ bool converted_xattr = false;
+ bool blank;
+ int ret;
+
+ ad = ad_get(talloc_tos(), handle, smb_fname, ADOUBLE_RSRC);
+ if (ad == NULL) {
+ return 0;
+ }
+
+ ok = ad_convert_xattr(handle,
+ ad,
+ smb_fname,
+ catia_mappings,
+ &converted_xattr);
+ if (!ok) {
+ ret = -1;
+ goto done;
+ }
+
+ ok = ad_convert_blank_rfork(handle, ad, flags, &blank);
+ if (!ok) {
+ ret = -1;
+ goto done;
+ }
+
+ if (converted_xattr || blank) {
+ ok = ad_convert_truncate(handle, ad, smb_fname);
+ if (!ok) {
+ ret = -1;
+ goto done;
+ }
+ }
+
+ ok = ad_convert_finderinfo(handle, ad, smb_fname);
+ if (!ok) {
+ DBG_ERR("Failed to convert [%s]\n",
+ smb_fname_str_dbg(smb_fname));
+ ret = -1;
+ goto done;
+ }
+
+ ok = ad_convert_delete_adfile(handle,
+ ad,
+ smb_fname,
+ flags);
+ if (!ok) {
+ ret = -1;
+ goto done;
+ }
+
+ ret = 0;
+done:
+ TALLOC_FREE(ad);
+ return ret;
+}
+
+static bool ad_unconvert_open_ad(TALLOC_CTX *mem_ctx,
+ struct vfs_handle_struct *handle,
+ struct smb_filename *smb_fname,
+ struct smb_filename *adpath,
+ files_struct **_fsp)
+{
+ files_struct *fsp = NULL;
+ NTSTATUS status;
+ int ret;
+
+ status = openat_pathref_fsp(handle->conn->cwd_fsp, adpath);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ return false;
+ }
+
+ status = SMB_VFS_CREATE_FILE(
+ handle->conn,
+ NULL, /* req */
+ NULL, /* dirfsp */
+ adpath,
+ FILE_READ_DATA|FILE_WRITE_DATA,
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_OPEN_IF,
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY,
+ NULL, /* lease */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp,
+ NULL, /* info */
+ NULL, NULL); /* create context */
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("SMB_VFS_CREATE_FILE [%s] failed: %s\n",
+ smb_fname_str_dbg(adpath), nt_errstr(status));
+ return false;
+ }
+
+ if (fsp->fsp_name->st.st_ex_uid != smb_fname->st.st_ex_uid ||
+ fsp->fsp_name->st.st_ex_gid != smb_fname->st.st_ex_gid)
+ {
+ ret = SMB_VFS_FCHOWN(fsp,
+ smb_fname->st.st_ex_uid,
+ smb_fname->st.st_ex_gid);
+ if (ret != 0) {
+ DBG_ERR("SMB_VFS_FCHOWN [%s] failed: %s\n",
+ fsp_str_dbg(fsp), nt_errstr(status));
+ close_file_free(NULL, &fsp, NORMAL_CLOSE);
+ return false;
+ }
+ }
+
+ *_fsp = fsp;
+ return true;
+}
+
+static bool ad_unconvert_get_streams(struct vfs_handle_struct *handle,
+ struct smb_filename *smb_fname,
+ TALLOC_CTX *mem_ctx,
+ unsigned int *num_streams,
+ struct stream_struct **streams)
+{
+ files_struct *fsp = NULL;
+ NTSTATUS status;
+
+ status = openat_pathref_fsp(handle->conn->cwd_fsp, smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ status = SMB_VFS_CREATE_FILE(
+ handle->conn, /* conn */
+ NULL, /* req */
+ NULL, /* dirfsp */
+ smb_fname, /* fname */
+ FILE_READ_ATTRIBUTES, /* access_mask */
+ (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
+ FILE_SHARE_DELETE),
+ FILE_OPEN, /* create_disposition*/
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ NULL, /* lease */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL, /* pinfo */
+ NULL, NULL); /* create context */
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("Opening [%s] failed: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ return false;
+ }
+
+ status = vfs_fstreaminfo(fsp,
+ mem_ctx,
+ num_streams,
+ streams);
+ if (!NT_STATUS_IS_OK(status)) {
+ close_file_free(NULL, &fsp, NORMAL_CLOSE);
+ DBG_ERR("streaminfo on [%s] failed: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ return false;
+ }
+
+ status = close_file_free(NULL, &fsp, NORMAL_CLOSE);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("close_file [%s] failed: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ return false;
+ }
+
+ return true;
+}
+
+struct ad_collect_state {
+ bool have_adfile;
+ size_t adx_data_off;
+ char *rsrc_data_buf;
+};
+
+static bool ad_collect_one_stream(struct vfs_handle_struct *handle,
+ struct char_mappings **cmaps,
+ struct smb_filename *smb_fname,
+ const struct stream_struct *stream,
+ struct adouble *ad,
+ struct ad_collect_state *state)
+{
+ struct smb_filename *sname = NULL;
+ files_struct *fsp = NULL;
+ struct ad_xattr_entry *e = NULL;
+ char *mapped_name = NULL;
+ char *p = NULL;
+ size_t needed_size;
+ ssize_t nread;
+ NTSTATUS status;
+ bool ok;
+
+ sname = synthetic_smb_fname(ad,
+ smb_fname->base_name,
+ stream->name,
+ NULL,
+ smb_fname->twrp,
+ 0);
+ if (sname == NULL) {
+ return false;
+ }
+
+ if (is_ntfs_default_stream_smb_fname(sname)) {
+ TALLOC_FREE(sname);
+ return true;
+ }
+
+ DBG_DEBUG("Collecting stream [%s]\n", smb_fname_str_dbg(sname));
+
+ status = openat_pathref_fsp(handle->conn->cwd_fsp, sname);
+ if (!NT_STATUS_IS_OK(status)) {
+ ok = false;
+ goto out;
+ }
+
+ status = SMB_VFS_CREATE_FILE(
+ handle->conn,
+ NULL, /* req */
+ NULL, /* dirfsp */
+ sname,
+ FILE_READ_DATA|DELETE_ACCESS,
+ FILE_SHARE_READ,
+ FILE_OPEN,
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ NULL, /* lease */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp,
+ NULL, /* info */
+ NULL, NULL); /* create context */
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("SMB_VFS_CREATE_FILE [%s] failed\n",
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+
+ if (is_afpinfo_stream(stream->name)) {
+ char buf[AFP_INFO_SIZE];
+
+ if (stream->size != AFP_INFO_SIZE) {
+ DBG_ERR("Bad size [%zd] on [%s]\n",
+ (ssize_t)stream->size,
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+
+ nread = SMB_VFS_PREAD(fsp, buf, stream->size, 0);
+ if (nread != AFP_INFO_SIZE) {
+ DBG_ERR("Bad size [%zd] on [%s]\n",
+ (ssize_t)stream->size,
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+
+ memcpy(ad->ad_data + ADEDOFF_FINDERI_DOT_UND,
+ buf + AFP_OFF_FinderInfo,
+ AFP_FinderSize);
+
+ ok = set_delete_on_close(fsp,
+ true,
+ fsp->conn->session_info->security_token,
+ fsp->conn->session_info->unix_token);
+ if (!ok) {
+ DBG_ERR("Deleting [%s] failed\n",
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+ ok = true;
+ goto out;
+ }
+
+ if (is_afpresource_stream(stream->name)) {
+ ad->ad_rsrc_data = talloc_size(ad, stream->size);
+ if (ad->ad_rsrc_data == NULL) {
+ ok = false;
+ goto out;
+ }
+
+ nread = SMB_VFS_PREAD(fsp,
+ ad->ad_rsrc_data,
+ stream->size,
+ 0);
+ if (nread != stream->size) {
+ DBG_ERR("Bad size [%zd] on [%s]\n",
+ (ssize_t)stream->size,
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+
+ ad_setentrylen(ad, ADEID_RFORK, stream->size);
+
+ if (!state->have_adfile) {
+ /*
+ * We have a resource *stream* but no AppleDouble
+ * sidecar file, this means the share is configured with
+ * fruit:resource=stream. So we should delete the
+ * resource stream.
+ */
+ ok = set_delete_on_close(
+ fsp,
+ true,
+ fsp->conn->session_info->security_token,
+ fsp->conn->session_info->unix_token);
+ if (!ok) {
+ DBG_ERR("Deleting [%s] failed\n",
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+ }
+ ok = true;
+ goto out;
+ }
+
+ ad->adx_entries = talloc_realloc(ad,
+ ad->adx_entries,
+ struct ad_xattr_entry,
+ ad->adx_header.adx_num_attrs + 1);
+ if (ad->adx_entries == NULL) {
+ ok = false;
+ goto out;
+ }
+
+ e = &ad->adx_entries[ad->adx_header.adx_num_attrs];
+ *e = (struct ad_xattr_entry) {
+ .adx_length = stream->size,
+ };
+ e->adx_name = talloc_strdup(ad, stream->name + 1);
+ if (e->adx_name == NULL) {
+ ok = false;
+ goto out;
+ }
+ p = strchr(e->adx_name, ':');
+ if (p != NULL) {
+ *p = '\0';
+ }
+
+ status = string_replace_allocate(handle->conn,
+ e->adx_name,
+ cmaps,
+ ad,
+ &mapped_name,
+ vfs_translate_to_unix);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))
+ {
+ DBG_ERR("string_replace_allocate failed\n");
+ ok = false;
+ goto out;
+ }
+
+ e->adx_name = mapped_name;
+ e->adx_namelen = strlen(e->adx_name) + 1,
+
+ DBG_DEBUG("%u: name (%s) size (%zu)\n",
+ ad->adx_header.adx_num_attrs,
+ e->adx_name,
+ (size_t)e->adx_length);
+
+ ad->adx_header.adx_num_attrs++;
+
+ needed_size = state->adx_data_off + stream->size;
+ if (needed_size > talloc_get_size(ad->adx_data)) {
+ ad->adx_data = talloc_realloc(ad,
+ ad->adx_data,
+ char,
+ needed_size);
+ if (ad->adx_data == NULL) {
+ ok = false;
+ goto out;
+ }
+ }
+
+ nread = SMB_VFS_PREAD(fsp,
+ ad->adx_data + state->adx_data_off,
+ stream->size,
+ 0);
+ if (nread != stream->size) {
+ DBG_ERR("Bad size [%zd] on [%s]\n",
+ (ssize_t)stream->size,
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+ state->adx_data_off += nread;
+
+ ok = set_delete_on_close(fsp,
+ true,
+ fsp->conn->session_info->security_token,
+ fsp->conn->session_info->unix_token);
+ if (!ok) {
+ DBG_ERR("Deleting [%s] failed\n",
+ smb_fname_str_dbg(sname));
+ ok = false;
+ goto out;
+ }
+
+out:
+ TALLOC_FREE(sname);
+ if (fsp != NULL) {
+ status = close_file_free(NULL, &fsp, NORMAL_CLOSE);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("close_file [%s] failed: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ ok = false;
+ }
+ }
+
+ return ok;
+}
+
+/**
+ * Convert filesystem metadata to AppleDouble file
+ **/
+bool ad_unconvert(TALLOC_CTX *mem_ctx,
+ struct vfs_handle_struct *handle,
+ const char *catia_mappings,
+ struct smb_filename *smb_fname,
+ bool *converted)
+{
+ static struct char_mappings **cmaps = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct ad_collect_state state;
+ struct stream_struct *streams = NULL;
+ struct smb_filename *adpath = NULL;
+ struct adouble *ad = NULL;
+ unsigned int num_streams = 0;
+ size_t to_convert = 0;
+ bool have_rsrc = false;
+ files_struct *fsp = NULL;
+ size_t i;
+ NTSTATUS status;
+ int ret;
+ bool ok;
+
+ *converted = false;
+
+ if (cmaps == NULL) {
+ const char **mappings = NULL;
+
+ mappings = str_list_make_v3_const(
+ frame, catia_mappings, NULL);
+ if (mappings == NULL) {
+ ok = false;
+ goto out;
+ }
+ cmaps = string_replace_init_map(mem_ctx, mappings);
+ TALLOC_FREE(mappings);
+ }
+
+ ok = ad_unconvert_get_streams(handle,
+ smb_fname,
+ frame,
+ &num_streams,
+ &streams);
+ if (!ok) {
+ goto out;
+ }
+
+ for (i = 0; i < num_streams; i++) {
+ if (strcasecmp_m(streams[i].name, "::$DATA") == 0) {
+ continue;
+ }
+ to_convert++;
+ if (is_afpresource_stream(streams[i].name)) {
+ have_rsrc = true;
+ }
+ }
+
+ if (to_convert == 0) {
+ ok = true;
+ goto out;
+ }
+
+ state = (struct ad_collect_state) {
+ .adx_data_off = 0,
+ };
+
+ ret = adouble_path(frame, smb_fname, &adpath);
+ if (ret != 0) {
+ ok = false;
+ goto out;
+ }
+
+ ret = SMB_VFS_STAT(handle->conn, adpath);
+ if (ret == 0) {
+ state.have_adfile = true;
+ } else {
+ if (errno != ENOENT) {
+ ok = false;
+ goto out;
+ }
+ state.have_adfile = false;
+ }
+
+ if (to_convert == 1 && have_rsrc && state.have_adfile) {
+ /*
+ * So we have just a single stream, the resource fork stream
+ * from an AppleDouble file. Fine, that means there's nothing to
+ * convert.
+ */
+ ok = true;
+ goto out;
+ }
+
+ ad = ad_init(frame, ADOUBLE_RSRC);
+ if (ad == NULL) {
+ ok = false;
+ goto out;
+ }
+
+ for (i = 0; i < num_streams; i++) {
+ ok = ad_collect_one_stream(handle,
+ cmaps,
+ smb_fname,
+ &streams[i],
+ ad,
+ &state);
+ if (!ok) {
+ goto out;
+ }
+ }
+
+ ok = ad_unconvert_open_ad(frame, handle, smb_fname, adpath, &fsp);
+ if (!ok) {
+ DBG_ERR("Failed to open adfile [%s]\n",
+ smb_fname_str_dbg(smb_fname));
+ goto out;
+ }
+
+ ret = ad_fset(handle, ad, fsp);
+ if (ret != 0) {
+ ok = false;
+ goto out;
+ }
+
+ *converted = true;
+ ok = true;
+
+out:
+ if (fsp != NULL) {
+ status = close_file_free(NULL, &fsp, NORMAL_CLOSE);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("close_file_free() [%s] failed: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status));
+ ok = false;
+ }
+ }
+ TALLOC_FREE(frame);
+ return ok;
+}
+
+/**
+ * Read and parse Netatalk AppleDouble metadata xattr
+ **/
+static ssize_t ad_read_meta(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ int rc = 0;
+ ssize_t ealen;
+ bool ok;
+ struct files_struct *fsp = smb_fname->fsp;
+
+ DEBUG(10, ("reading meta xattr for %s\n", smb_fname->base_name));
+
+ fsp = metadata_fsp(fsp);
+
+ ealen = SMB_VFS_FGETXATTR(fsp,
+ AFPINFO_EA_NETATALK,
+ ad->ad_data,
+ AD_DATASZ_XATTR);
+
+ if (ealen == -1) {
+ switch (errno) {
+ case ENOATTR:
+ case ENOENT:
+ if (errno == ENOATTR) {
+ errno = ENOENT;
+ }
+ rc = -1;
+ goto exit;
+ default:
+ DEBUG(2, ("error reading meta xattr: %s\n",
+ strerror(errno)));
+ rc = -1;
+ goto exit;
+ }
+ }
+ if (ealen != AD_DATASZ_XATTR) {
+ DEBUG(2, ("bad size %zd\n", ealen));
+ errno = EINVAL;
+ rc = -1;
+ goto exit;
+ }
+
+ /* Now parse entries */
+ ok = ad_unpack(ad, ADEID_NUM_XATTR, AD_DATASZ_XATTR);
+ if (!ok) {
+ DBG_WARNING(
+ "Invalid AppleDouble xattr metadata (%s) in file: %s - "
+ "Consider deleting the corrupted file.\n",
+ smb_fname->base_name,
+ ad->ad_fsp->fsp_name->base_name);
+ errno = EINVAL;
+ rc = -1;
+ goto exit;
+ }
+
+ if (!ad_getentryoff(ad, ADEID_FINDERI)
+ || !ad_getentryoff(ad, ADEID_COMMENT)
+ || !ad_getentryoff(ad, ADEID_FILEDATESI)
+ || !ad_getentryoff(ad, ADEID_AFPFILEI)
+ || !ad_getentryoff(ad, ADEID_PRIVDEV)
+ || !ad_getentryoff(ad, ADEID_PRIVINO)
+ || !ad_getentryoff(ad, ADEID_PRIVSYN)
+ || !ad_getentryoff(ad, ADEID_PRIVID)) {
+ DEBUG(2, ("invalid AppleDouble metadata xattr\n"));
+ errno = EINVAL;
+ rc = -1;
+ goto exit;
+ }
+
+exit:
+ DEBUG(10, ("reading meta xattr for %s, rc: %d\n",
+ smb_fname->base_name, rc));
+
+ if (rc != 0) {
+ ealen = -1;
+ if (errno == EINVAL) {
+ become_root();
+ (void)SMB_VFS_FREMOVEXATTR(fsp,
+ AFPINFO_EA_NETATALK);
+ unbecome_root();
+ errno = ENOENT;
+ }
+ }
+ return ealen;
+}
+
+static NTSTATUS adouble_open_rsrc_fsp(const struct files_struct *dirfsp,
+ const struct smb_filename *smb_base_fname,
+ int in_flags,
+ mode_t mode,
+ struct files_struct **_ad_fsp)
+{
+ int rc = 0;
+ struct adouble *ad = NULL;
+ struct smb_filename *adp_smb_fname = NULL;
+ struct files_struct *ad_fsp = NULL;
+ NTSTATUS status;
+ struct vfs_open_how how = { .flags = in_flags, .mode = mode, };
+
+ rc = adouble_path(talloc_tos(),
+ smb_base_fname,
+ &adp_smb_fname);
+ if (rc != 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = create_internal_fsp(dirfsp->conn,
+ adp_smb_fname,
+ &ad_fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+#ifdef O_PATH
+ how.flags &= ~(O_PATH);
+#endif
+ if (how.flags & (O_CREAT | O_TRUNC | O_WRONLY)) {
+ /* We always need read/write access for the metadata header too */
+ how.flags &= ~(O_WRONLY);
+ how.flags |= O_RDWR;
+ }
+
+ status = fd_openat(dirfsp,
+ adp_smb_fname,
+ ad_fsp,
+ &how);
+ if (!NT_STATUS_IS_OK(status)) {
+ file_free(NULL, ad_fsp);
+ return status;
+ }
+
+ if (how.flags & (O_CREAT | O_TRUNC)) {
+ ad = ad_init(talloc_tos(), ADOUBLE_RSRC);
+ if (ad == NULL) {
+ file_free(NULL, ad_fsp);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ rc = ad_fset(ad_fsp->conn->vfs_handles, ad, ad_fsp);
+ if (rc != 0) {
+ file_free(NULL, ad_fsp);
+ return NT_STATUS_IO_DEVICE_ERROR;
+ }
+ TALLOC_FREE(ad);
+ }
+
+ *_ad_fsp = ad_fsp;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS adouble_open_from_base_fsp(const struct files_struct *dirfsp,
+ struct files_struct *base_fsp,
+ adouble_type_t type,
+ int flags,
+ mode_t mode,
+ struct files_struct **_ad_fsp)
+{
+ *_ad_fsp = NULL;
+
+ SMB_ASSERT(base_fsp != NULL);
+ SMB_ASSERT(!fsp_is_alternate_stream(base_fsp));
+
+ switch (type) {
+ case ADOUBLE_META:
+ return NT_STATUS_INTERNAL_ERROR;
+ case ADOUBLE_RSRC:
+ return adouble_open_rsrc_fsp(dirfsp,
+ base_fsp->fsp_name,
+ flags,
+ mode,
+ _ad_fsp);
+ }
+
+ return NT_STATUS_INTERNAL_ERROR;
+}
+
+/*
+ * Here's the deal: for ADOUBLE_META we can do without an fd as we can issue
+ * path based xattr calls. For ADOUBLE_RSRC however we need a full-fledged fd
+ * for file IO on the ._ file.
+ */
+static int ad_open(vfs_handle_struct *handle,
+ struct adouble *ad,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ int flags,
+ mode_t mode)
+{
+ NTSTATUS status;
+
+ DBG_DEBUG("Path [%s] type [%s]\n", smb_fname->base_name,
+ ad->ad_type == ADOUBLE_META ? "meta" : "rsrc");
+
+ if (ad->ad_type == ADOUBLE_META) {
+ return 0;
+ }
+
+ if (fsp != NULL) {
+ ad->ad_fsp = fsp;
+ ad->ad_opened = false;
+ return 0;
+ }
+
+ status = adouble_open_rsrc_fsp(handle->conn->cwd_fsp,
+ smb_fname,
+ flags,
+ mode,
+ &ad->ad_fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = map_errno_from_nt_status(status);
+ return -1;
+ }
+ ad->ad_opened = true;
+
+ DBG_DEBUG("Path [%s] type [%s]\n",
+ smb_fname->base_name,
+ ad->ad_type == ADOUBLE_META ? "meta" : "rsrc");
+
+ return 0;
+}
+
+static ssize_t ad_read_rsrc_adouble(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ size_t to_read;
+ ssize_t len;
+ int ret;
+ bool ok;
+
+ ret = SMB_VFS_NEXT_FSTAT(handle, ad->ad_fsp, &ad->ad_fsp->fsp_name->st);
+ if (ret != 0) {
+ DBG_ERR("fstat [%s] failed: %s\n",
+ fsp_str_dbg(ad->ad_fsp), strerror(errno));
+ return -1;
+ }
+
+ to_read = ad->ad_fsp->fsp_name->st.st_ex_size;
+ if (to_read > AD_XATTR_MAX_HDR_SIZE) {
+ to_read = AD_XATTR_MAX_HDR_SIZE;
+ }
+
+ len = SMB_VFS_NEXT_PREAD(handle,
+ ad->ad_fsp,
+ ad->ad_data,
+ to_read,
+ 0);
+ if (len != to_read) {
+ DBG_NOTICE("%s %s: bad size: %zd\n",
+ smb_fname->base_name, strerror(errno), len);
+ return -1;
+ }
+
+ /* Now parse entries */
+ ok = ad_unpack(ad,
+ ADEID_NUM_DOT_UND,
+ ad->ad_fsp->fsp_name->st.st_ex_size);
+ if (!ok) {
+ DBG_WARNING("Invalid AppleDouble resource (%s) in file: %s - "
+ "Consider deleting the corrupted file.\n",
+ smb_fname->base_name,
+ ad->ad_fsp->fsp_name->base_name);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if ((ad_getentryoff(ad, ADEID_FINDERI) != ADEDOFF_FINDERI_DOT_UND)
+ || (ad_getentrylen(ad, ADEID_FINDERI) < ADEDLEN_FINDERI)
+ || (ad_getentryoff(ad, ADEID_RFORK) < ADEDOFF_RFORK_DOT_UND))
+ {
+ DBG_WARNING("Invalid AppleDouble resource (%s) in file: %s - "
+ "Consider deleting the corrupted file.\n",
+ smb_fname->base_name,
+ ad->ad_fsp->fsp_name->base_name);
+ errno = EINVAL;
+ return -1;
+ }
+
+ return len;
+}
+
+/**
+ * Read and parse resource fork, either ._ AppleDouble file or xattr
+ **/
+static ssize_t ad_read_rsrc(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ return ad_read_rsrc_adouble(handle, ad, smb_fname);
+}
+
+/**
+ * Read and unpack an AppleDouble metadata xattr or resource
+ **/
+static ssize_t ad_read(vfs_handle_struct *handle,
+ struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ switch (ad->ad_type) {
+ case ADOUBLE_META:
+ return ad_read_meta(handle, ad, smb_fname);
+ case ADOUBLE_RSRC:
+ return ad_read_rsrc(handle, ad, smb_fname);
+ default:
+ return -1;
+ }
+}
+
+static int adouble_destructor(struct adouble *ad)
+{
+ NTSTATUS status;
+
+ if (!ad->ad_opened) {
+ return 0;
+ }
+
+ SMB_ASSERT(ad->ad_fsp != NULL);
+
+ status = fd_close(ad->ad_fsp);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("Closing [%s] failed: %s\n",
+ fsp_str_dbg(ad->ad_fsp), nt_errstr(status));
+ }
+ file_free(NULL, ad->ad_fsp);
+ ad->ad_fsp = NULL;
+ ad->ad_opened = false;
+
+ return 0;
+}
+
+/**
+ * Allocate a struct adouble without initialiing it
+ *
+ * The struct is either hang of the fsp extension context or if fsp is
+ * NULL from ctx.
+ *
+ * @param[in] ctx talloc context
+ * @param[in] handle vfs handle
+ * @param[in] type type of AppleDouble, ADOUBLE_META or ADOUBLE_RSRC
+ *
+ * @return adouble handle
+ **/
+static struct adouble *ad_alloc(TALLOC_CTX *ctx,
+ adouble_type_t type)
+{
+ int rc = 0;
+ size_t adsize = 0;
+ struct adouble *ad;
+
+ switch (type) {
+ case ADOUBLE_META:
+ adsize = AD_DATASZ_XATTR;
+ break;
+ case ADOUBLE_RSRC:
+ /*
+ * AppleDouble ._ file case, optimize for fewer (but larger)
+ * IOs. Two cases:
+ *
+ * - without xattrs size of the header is exactly
+ * AD_DATASZ_DOT_UND (82) bytes
+ *
+ * - with embedded xattrs it can be larger, up to
+ * AD_XATTR_MAX_HDR_SIZE
+ *
+ * Larger headers are not supported, but this is a reasonable
+ * limit that is also employed by the macOS client.
+ *
+ * We used the largest possible size to be able to read the full
+ * header with one IO.
+ */
+ adsize = AD_XATTR_MAX_HDR_SIZE;
+ break;
+ default:
+ return NULL;
+ }
+
+ ad = talloc_zero(ctx, struct adouble);
+ if (ad == NULL) {
+ rc = -1;
+ goto exit;
+ }
+
+ if (adsize) {
+ ad->ad_data = talloc_zero_array(ad, char, adsize);
+ if (ad->ad_data == NULL) {
+ rc = -1;
+ goto exit;
+ }
+ }
+
+ ad->ad_type = type;
+ ad->ad_magic = AD_MAGIC;
+ ad->ad_version = AD_VERSION;
+
+ talloc_set_destructor(ad, adouble_destructor);
+
+exit:
+ if (rc != 0) {
+ TALLOC_FREE(ad);
+ }
+ return ad;
+}
+
+/**
+ * Allocate and initialize a new struct adouble
+ *
+ * @param[in] ctx talloc context
+ * @param[in] type type of AppleDouble, ADOUBLE_META or ADOUBLE_RSRC
+ *
+ * @return adouble handle, initialized
+ **/
+struct adouble *ad_init(TALLOC_CTX *ctx, adouble_type_t type)
+{
+ int rc = 0;
+ const struct ad_entry_order *eid;
+ struct adouble *ad = NULL;
+ time_t t = time(NULL);
+
+ switch (type) {
+ case ADOUBLE_META:
+ eid = entry_order_meta_xattr;
+ break;
+ case ADOUBLE_RSRC:
+ eid = entry_order_dot_und;
+ break;
+ default:
+ return NULL;
+ }
+
+ ad = ad_alloc(ctx, type);
+ if (ad == NULL) {
+ return NULL;
+ }
+
+ while (eid->id) {
+ ad->ad_eid[eid->id].ade_off = eid->offset;
+ ad->ad_eid[eid->id].ade_len = eid->len;
+ eid++;
+ }
+
+ /* put something sane in the date fields */
+ ad_setdate(ad, AD_DATE_CREATE | AD_DATE_UNIX, t);
+ ad_setdate(ad, AD_DATE_MODIFY | AD_DATE_UNIX, t);
+ ad_setdate(ad, AD_DATE_ACCESS | AD_DATE_UNIX, t);
+ ad_setdate(ad, AD_DATE_BACKUP, htonl(AD_DATE_START));
+
+ if (rc != 0) {
+ TALLOC_FREE(ad);
+ }
+ return ad;
+}
+
+static struct adouble *ad_get_internal(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ adouble_type_t type)
+{
+ int rc = 0;
+ ssize_t len;
+ struct adouble *ad = NULL;
+ int mode;
+
+ if (fsp != NULL) {
+ if (fsp_is_alternate_stream(fsp)) {
+ smb_fname = fsp->base_fsp->fsp_name;
+ } else {
+ smb_fname = fsp->fsp_name;
+ }
+ }
+
+ DEBUG(10, ("ad_get(%s) called for %s\n",
+ type == ADOUBLE_META ? "meta" : "rsrc",
+ smb_fname != NULL ? smb_fname->base_name : "???"));
+
+ ad = ad_alloc(ctx, type);
+ if (ad == NULL) {
+ rc = -1;
+ goto exit;
+ }
+
+ /* Try rw first so we can use the fd in ad_convert() */
+ mode = O_RDWR;
+
+ rc = ad_open(handle, ad, fsp, smb_fname, mode, 0);
+ if (rc == -1 && ((errno == EROFS) || (errno == EACCES))) {
+ mode = O_RDONLY;
+ rc = ad_open(handle, ad, fsp, smb_fname, mode, 0);
+ }
+ if (rc == -1) {
+ DBG_DEBUG("ad_open [%s] error [%s]\n",
+ smb_fname->base_name, strerror(errno));
+ goto exit;
+
+ }
+
+ len = ad_read(handle, ad, smb_fname);
+ if (len == -1) {
+ DEBUG(10, ("error reading AppleDouble for %s\n",
+ smb_fname->base_name));
+ rc = -1;
+ goto exit;
+ }
+
+exit:
+ DEBUG(10, ("ad_get(%s) for %s returning %d\n",
+ type == ADOUBLE_META ? "meta" : "rsrc",
+ smb_fname->base_name, rc));
+
+ if (rc != 0) {
+ TALLOC_FREE(ad);
+ }
+ return ad;
+}
+
+/**
+ * Return AppleDouble data for a file
+ *
+ * @param[in] ctx talloc context
+ * @param[in] handle vfs handle
+ * @param[in] smb_fname pathname to file or directory
+ * @param[in] type type of AppleDouble, ADOUBLE_META or ADOUBLE_RSRC
+ *
+ * @return talloced struct adouble or NULL on error
+ **/
+struct adouble *ad_get(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ adouble_type_t type)
+{
+ return ad_get_internal(ctx, handle, NULL, smb_fname, type);
+}
+
+/**
+ * Return AppleDouble data for a file
+ *
+ * @param[in] ctx talloc context
+ * @param[in] handle vfs handle
+ * @param[in] fsp fsp to use for IO
+ * @param[in] type type of AppleDouble, ADOUBLE_META or ADOUBLE_RSRC
+ *
+ * @return talloced struct adouble or NULL on error
+ **/
+struct adouble *ad_fget(TALLOC_CTX *ctx, vfs_handle_struct *handle,
+ files_struct *fsp, adouble_type_t type)
+{
+ return ad_get_internal(ctx, handle, fsp, NULL, type);
+}
+
+/**
+ * Set AppleDouble metadata on a file or directory
+ *
+ * @param[in] ad adouble handle
+ * @param[in] fsp file handle
+ *
+ * @return status code, 0 means success
+ **/
+int ad_fset(struct vfs_handle_struct *handle,
+ struct adouble *ad,
+ files_struct *fsp)
+{
+ int rc = -1;
+ ssize_t len;
+ bool ok;
+
+ DBG_DEBUG("Path [%s]\n", fsp_str_dbg(fsp));
+
+ ok = ad_pack(handle, ad, fsp);
+ if (!ok) {
+ return -1;
+ }
+
+ switch (ad->ad_type) {
+ case ADOUBLE_META:
+ rc = SMB_VFS_NEXT_FSETXATTR(handle,
+ fsp->base_fsp ? fsp->base_fsp : fsp,
+ AFPINFO_EA_NETATALK,
+ ad->ad_data,
+ AD_DATASZ_XATTR, 0);
+ break;
+ case ADOUBLE_RSRC:
+ len = SMB_VFS_NEXT_PWRITE(handle,
+ fsp,
+ ad->ad_data,
+ ad_getentryoff(ad, ADEID_RFORK),
+ 0);
+ if (len != ad_getentryoff(ad, ADEID_RFORK)) {
+ DBG_ERR("short write on %s: %zd\n", fsp_str_dbg(fsp), len);
+ return -1;
+ }
+ rc = 0;
+ break;
+
+ default:
+ return -1;
+ }
+
+ DBG_DEBUG("Path [%s] rc [%d]\n", fsp_str_dbg(fsp), rc);
+
+ return rc;
+}
+
+bool is_adouble_file(const char *path)
+{
+ const char *p = NULL;
+ int match;
+
+ p = strrchr(path, '/');
+ if (p == NULL) {
+ p = path;
+ } else {
+ p++;
+ }
+
+ match = strncmp(p,
+ ADOUBLE_NAME_PREFIX,
+ strlen(ADOUBLE_NAME_PREFIX));
+ if (match != 0) {
+ return false;
+ }
+ return true;
+}
+
+/**
+ * Prepend "._" to a basename
+ * Return a new struct smb_filename with stream_name == NULL.
+ **/
+int adouble_path(TALLOC_CTX *ctx,
+ const struct smb_filename *smb_fname_in,
+ struct smb_filename **pp_smb_fname_out)
+{
+ char *parent;
+ const char *base;
+ struct smb_filename *smb_fname = NULL;
+
+ smb_fname = cp_smb_filename_nostream(ctx, smb_fname_in);
+ if (smb_fname == NULL) {
+ return -1;
+ }
+
+ /* We're replacing base_name. */
+ TALLOC_FREE(smb_fname->base_name);
+
+ SET_STAT_INVALID(smb_fname->st);
+
+ if (!parent_dirname(smb_fname, smb_fname_in->base_name,
+ &parent, &base)) {
+ TALLOC_FREE(smb_fname);
+ return -1;
+ }
+
+ if (ISDOT(parent)) {
+ smb_fname->base_name = talloc_asprintf(smb_fname,
+ "._%s", base);
+ } else {
+ smb_fname->base_name = talloc_asprintf(smb_fname,
+ "%s/._%s", parent, base);
+ }
+ if (smb_fname->base_name == NULL) {
+ TALLOC_FREE(smb_fname);
+ return -1;
+ }
+
+ *pp_smb_fname_out = smb_fname;
+
+ return 0;
+}
+
+/**
+ * Allocate and initialize an AfpInfo struct
+ **/
+AfpInfo *afpinfo_new(TALLOC_CTX *ctx)
+{
+ AfpInfo *ai = talloc_zero(ctx, AfpInfo);
+ if (ai == NULL) {
+ return NULL;
+ }
+ ai->afpi_Signature = AFP_Signature;
+ ai->afpi_Version = AFP_Version;
+ ai->afpi_BackupTime = AD_DATE_START;
+ return ai;
+}
+
+/**
+ * Pack an AfpInfo struct into a buffer
+ *
+ * Buffer size must be at least AFP_INFO_SIZE
+ * Returns size of packed buffer
+ **/
+ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
+{
+ memset(buf, 0, AFP_INFO_SIZE);
+
+ RSIVAL(buf, 0, ai->afpi_Signature);
+ RSIVAL(buf, 4, ai->afpi_Version);
+ RSIVAL(buf, 12, ai->afpi_BackupTime);
+ memcpy(buf + 16, ai->afpi_FinderInfo, sizeof(ai->afpi_FinderInfo));
+
+ return AFP_INFO_SIZE;
+}
+
+/**
+ * Unpack a buffer into a AfpInfo structure
+ *
+ * Buffer size must be at least AFP_INFO_SIZE
+ * Returns allocated AfpInfo struct
+ **/
+AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data, bool validate)
+{
+ AfpInfo *ai = talloc_zero(ctx, AfpInfo);
+ if (ai == NULL) {
+ return NULL;
+ }
+
+ ai->afpi_Signature = RIVAL(data, 0);
+ ai->afpi_Version = RIVAL(data, 4);
+ ai->afpi_BackupTime = RIVAL(data, 12);
+ memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
+ sizeof(ai->afpi_FinderInfo));
+
+ if (validate) {
+ if (ai->afpi_Signature != AFP_Signature
+ || ai->afpi_Version != AFP_Version)
+ {
+ DEBUG(1, ("Bad AfpInfo signature or version\n"));
+ TALLOC_FREE(ai);
+ }
+ } else {
+ ai->afpi_Signature = AFP_Signature;
+ ai->afpi_Version = AFP_Version;
+ }
+
+ return ai;
+}
diff --git a/source3/lib/adouble.h b/source3/lib/adouble.h
new file mode 100644
index 0000000..d2c7293
--- /dev/null
+++ b/source3/lib/adouble.h
@@ -0,0 +1,192 @@
+/*
+ * Samba AppleDouble helpers
+ *
+ * Copyright (C) Ralph Boehme, 2019
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _ADOUBLE_H_
+#define _ADOUBLE_H_
+
+#include "MacExtensions.h"
+
+#define ADOUBLE_NAME_PREFIX "._"
+
+#define NETATALK_META_XATTR "org.netatalk.Metadata"
+#define NETATALK_RSRC_XATTR "org.netatalk.ResourceFork"
+
+#if defined(HAVE_ATTROPEN)
+#define AFPINFO_EA_NETATALK NETATALK_META_XATTR
+#define AFPRESOURCE_EA_NETATALK NETATALK_RSRC_XATTR
+#else
+#define AFPINFO_EA_NETATALK "user." NETATALK_META_XATTR
+#define AFPRESOURCE_EA_NETATALK "user." NETATALK_RSRC_XATTR
+#endif
+
+/*
+ * There are two AppleDouble blobs we deal with:
+ *
+ * - ADOUBLE_META - AppleDouble blob used by Netatalk for storing
+ * metadata in an xattr
+ *
+ * - ADOUBLE_RSRC - AppleDouble blob used by OS X and Netatalk in
+ * ._ files
+ */
+typedef enum {ADOUBLE_META, ADOUBLE_RSRC} adouble_type_t;
+
+/* Version info */
+#define AD_VERSION2 0x00020000
+#define AD_VERSION AD_VERSION2
+
+/*
+ * AppleDouble entry IDs.
+ */
+#define ADEID_DFORK 1
+#define ADEID_RFORK 2
+#define ADEID_NAME 3
+#define ADEID_COMMENT 4
+#define ADEID_ICONBW 5
+#define ADEID_ICONCOL 6
+#define ADEID_FILEI 7
+#define ADEID_FILEDATESI 8
+#define ADEID_FINDERI 9
+#define ADEID_MACFILEI 10
+#define ADEID_PRODOSFILEI 11
+#define ADEID_MSDOSFILEI 12
+#define ADEID_SHORTNAME 13
+#define ADEID_AFPFILEI 14
+#define ADEID_DID 15
+
+/* Private Netatalk entries */
+#define ADEID_PRIVDEV 16
+#define ADEID_PRIVINO 17
+#define ADEID_PRIVSYN 18
+#define ADEID_PRIVID 19
+#define ADEID_MAX (ADEID_PRIVID + 1)
+
+/*
+ * These are the real ids for the private entries,
+ * as stored in the adouble file
+ */
+#define AD_DEV 0x80444556
+#define AD_INO 0x80494E4F
+#define AD_SYN 0x8053594E
+#define AD_ID 0x8053567E
+
+/* AppleDouble magic */
+#define AD_APPLESINGLE_MAGIC 0x00051600
+#define AD_APPLEDOUBLE_MAGIC 0x00051607
+#define AD_MAGIC AD_APPLEDOUBLE_MAGIC
+
+/* Field widths */
+#define ADEDLEN_NAME 255
+#define ADEDLEN_COMMENT 200
+#define ADEDLEN_FILEI 16
+#define ADEDLEN_FINDERI 32
+#define ADEDLEN_FILEDATESI 16
+#define ADEDLEN_SHORTNAME 12 /* length up to 8.3 */
+#define ADEDLEN_AFPFILEI 4
+#define ADEDLEN_MACFILEI 4
+#define ADEDLEN_PRODOSFILEI 8
+#define ADEDLEN_MSDOSFILEI 2
+#define ADEDLEN_ICONBW 128
+#define ADEDLEN_ICONCOL 1024
+#define ADEDLEN_DID 4
+#define ADEDLEN_PRIVDEV 8
+#define ADEDLEN_PRIVINO 8
+#define ADEDLEN_PRIVSYN 8
+#define ADEDLEN_PRIVID 4
+
+/*
+ * Sharemode locks fcntl() offsets
+ */
+#if _FILE_OFFSET_BITS == 64 || defined(HAVE_LARGEFILE)
+#define AD_FILELOCK_BASE (UINT64_C(0x7FFFFFFFFFFFFFFF) - 9)
+#else
+#define AD_FILELOCK_BASE (UINT32_C(0x7FFFFFFF) - 9)
+#endif
+#define BYTELOCK_MAX (AD_FILELOCK_BASE - 1)
+
+#define AD_FILELOCK_OPEN_WR (AD_FILELOCK_BASE + 0)
+#define AD_FILELOCK_OPEN_RD (AD_FILELOCK_BASE + 1)
+#define AD_FILELOCK_RSRC_OPEN_WR (AD_FILELOCK_BASE + 2)
+#define AD_FILELOCK_RSRC_OPEN_RD (AD_FILELOCK_BASE + 3)
+#define AD_FILELOCK_DENY_WR (AD_FILELOCK_BASE + 4)
+#define AD_FILELOCK_DENY_RD (AD_FILELOCK_BASE + 5)
+#define AD_FILELOCK_RSRC_DENY_WR (AD_FILELOCK_BASE + 6)
+#define AD_FILELOCK_RSRC_DENY_RD (AD_FILELOCK_BASE + 7)
+#define AD_FILELOCK_OPEN_NONE (AD_FILELOCK_BASE + 8)
+#define AD_FILELOCK_RSRC_OPEN_NONE (AD_FILELOCK_BASE + 9)
+
+/* Time stuff we overload the bits a little */
+#define AD_DATE_CREATE 0
+#define AD_DATE_MODIFY 4
+#define AD_DATE_BACKUP 8
+#define AD_DATE_ACCESS 12
+#define AD_DATE_MASK (AD_DATE_CREATE | AD_DATE_MODIFY | \
+ AD_DATE_BACKUP | AD_DATE_ACCESS)
+#define AD_DATE_UNIX (1 << 10)
+#define AD_DATE_START 0x80000000
+#define AD_DATE_DELTA 946684800
+#define AD_DATE_FROM_UNIX(x) (htonl((x) - AD_DATE_DELTA))
+#define AD_DATE_TO_UNIX(x) (ntohl(x) + AD_DATE_DELTA)
+
+#define AD_CONV_WIPE_BLANK (1<<0)
+#define AD_CONV_DELETE (1<<1)
+
+struct adouble;
+
+size_t ad_getentrylen(const struct adouble *ad, int eid);
+size_t ad_getentryoff(const struct adouble *ad, int eid);
+size_t ad_setentrylen(struct adouble *ad, int eid, size_t len);
+size_t ad_setentryoff(struct adouble *ad, int eid, size_t off);
+char *ad_get_entry(const struct adouble *ad, int eid);
+int ad_getdate(const struct adouble *ad, unsigned int dateoff, uint32_t *date);
+int ad_setdate(struct adouble *ad, unsigned int dateoff, uint32_t date);
+int ad_convert(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ const char *catia_mappings,
+ uint32_t flags);
+bool ad_unconvert(TALLOC_CTX *mem_ctx,
+ struct vfs_handle_struct *handle,
+ const char *catia_mappings,
+ struct smb_filename *smb_fname,
+ bool *converted);
+struct adouble *ad_init(TALLOC_CTX *ctx, adouble_type_t type);
+NTSTATUS adouble_open_from_base_fsp(const struct files_struct *dirfsp,
+ struct files_struct *base_fsp,
+ adouble_type_t type,
+ int flags,
+ mode_t mode,
+ struct files_struct **_ad_fsp);
+struct adouble *ad_get(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ adouble_type_t type);
+struct adouble *ad_fget(TALLOC_CTX *ctx, vfs_handle_struct *handle,
+ files_struct *fsp, adouble_type_t type);
+int ad_fset(struct vfs_handle_struct *handle,
+ struct adouble *ad,
+ files_struct *fsp);
+bool is_adouble_file(const char *path);
+int adouble_path(TALLOC_CTX *ctx,
+ const struct smb_filename *smb_fname_in,
+ struct smb_filename **pp_smb_fname_out);
+
+AfpInfo *afpinfo_new(TALLOC_CTX *ctx);
+ssize_t afpinfo_pack(const AfpInfo *ai, char *buf);
+AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data, bool validate);
+
+#endif
diff --git a/source3/lib/adt_tree.c b/source3/lib/adt_tree.c
new file mode 100644
index 0000000..5c2b266
--- /dev/null
+++ b/source3/lib/adt_tree.c
@@ -0,0 +1,448 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Generic Abstract Data Types
+ * Copyright (C) Gerald Carter 2002.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include <talloc.h>
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+#include "util/charset/charset.h"
+#include "source3/include/smb_macros.h"
+#include "adt_tree.h"
+
+struct tree_node {
+ struct tree_node *parent;
+ struct tree_node **children;
+ int num_children;
+ char *key;
+ void *data_p;
+};
+
+struct sorted_tree {
+ struct tree_node *root;
+};
+
+/**************************************************************************
+ *************************************************************************/
+
+static bool trim_tree_keypath( char *path, char **base, char **new_path )
+{
+ char *p;
+
+ *new_path = *base = NULL;
+
+ if ( !path )
+ return false;
+
+ *base = path;
+
+ p = strchr( path, '\\' );
+
+ if ( p ) {
+ *p = '\0';
+ *new_path = p+1;
+ }
+
+ return true;
+}
+
+/**************************************************************************
+ Initialize the tree's root.
+ *************************************************************************/
+
+struct sorted_tree *pathtree_init(void *data_p)
+{
+ struct sorted_tree *tree = NULL;
+
+ tree = talloc_zero(NULL, struct sorted_tree);
+ if (tree == NULL) {
+ return NULL;
+ }
+
+ tree->root = talloc_zero(tree, struct tree_node);
+ if (tree->root == NULL) {
+ TALLOC_FREE( tree );
+ return NULL;
+ }
+
+ tree->root->data_p = data_p;
+
+ return tree;
+}
+
+
+/**************************************************************************
+ Find the next child given a key string
+ *************************************************************************/
+
+static struct tree_node *pathtree_birth_child(struct tree_node *node,
+ char* key )
+{
+ struct tree_node *infant = NULL;
+ struct tree_node **siblings;
+ int i;
+
+ infant = talloc_zero(node, struct tree_node);
+ if (infant == NULL) {
+ return NULL;
+ }
+
+ infant->key = talloc_strdup( infant, key );
+ infant->parent = node;
+
+ siblings = talloc_realloc(node, node->children, struct tree_node *,
+ node->num_children+1);
+
+ if ( siblings )
+ node->children = siblings;
+
+ node->num_children++;
+
+ /* first child */
+
+ if ( node->num_children == 1 ) {
+ DEBUG(11,("pathtree_birth_child: First child of node [%s]! [%s]\n",
+ node->key ? node->key : "NULL", infant->key ));
+ node->children[0] = infant;
+ }
+ else
+ {
+ /*
+ * multiple siblings .... (at least 2 children)
+ *
+ * work from the end of the list forward
+ * The last child is not set at this point
+ * Insert the new infanct in ascending order
+ * from left to right
+ */
+
+ for ( i = node->num_children-1; i>=1; i-- )
+ {
+ DEBUG(11,("pathtree_birth_child: Looking for crib; infant -> [%s], child -> [%s]\n",
+ infant->key, node->children[i-1]->key));
+
+ /* the strings should never match assuming that we
+ have called pathtree_find_child() first */
+
+ if ( strcasecmp_m( infant->key, node->children[i-1]->key ) > 0 ) {
+ DEBUG(11,("pathtree_birth_child: storing infant in i == [%d]\n",
+ i));
+ node->children[i] = infant;
+ break;
+ }
+
+ /* bump everything towards the end on slot */
+
+ node->children[i] = node->children[i-1];
+ }
+
+ DEBUG(11,("pathtree_birth_child: Exiting loop (i == [%d])\n", i ));
+
+ /* if we haven't found the correct slot yet, the child
+ will be first in the list */
+
+ if ( i == 0 )
+ node->children[0] = infant;
+ }
+
+ return infant;
+}
+
+/**************************************************************************
+ Find the next child given a key string
+ *************************************************************************/
+
+static struct tree_node *pathtree_find_child(struct tree_node *node,
+ char *key )
+{
+ struct tree_node *next = NULL;
+ int i, result;
+
+ if ( !node ) {
+ DEBUG(0,("pathtree_find_child: NULL node passed into function!\n"));
+ return NULL;
+ }
+
+ if ( !key ) {
+ DEBUG(0,("pathtree_find_child: NULL key string passed into function!\n"));
+ return NULL;
+ }
+
+ for ( i=0; i<node->num_children; i++ )
+ {
+ DEBUG(11,("pathtree_find_child: child key => [%s]\n",
+ node->children[i]->key));
+
+ result = strcasecmp_m( node->children[i]->key, key );
+
+ if ( result == 0 )
+ next = node->children[i];
+
+ /* if result > 0 then we've gone to far because
+ the list of children is sorted by key name
+ If result == 0, then we have a match */
+
+ if ( result > 0 )
+ break;
+ }
+
+ DEBUG(11,("pathtree_find_child: %s [%s]\n",
+ next ? "Found" : "Did not find", key ));
+
+ return next;
+}
+
+/**************************************************************************
+ Add a new node into the tree given a key path and a blob of data
+ *************************************************************************/
+
+bool pathtree_add(struct sorted_tree *tree, const char *path, void *data_p)
+{
+ char *str, *base, *path2;
+ struct tree_node *current, *next;
+ bool ret = true;
+
+ DEBUG(8,("pathtree_add: Enter\n"));
+
+ if ( !path || *path != '\\' ) {
+ DEBUG(0,("pathtree_add: Attempt to add a node with a bad path [%s]\n",
+ path ? path : "NULL" ));
+ return false;
+ }
+
+ if ( !tree ) {
+ DEBUG(0,("pathtree_add: Attempt to add a node to an uninitialized tree!\n"));
+ return false;
+ }
+
+ /* move past the first '\\' */
+
+ path++;
+ path2 = SMB_STRDUP( path );
+ if ( !path2 ) {
+ DEBUG(0,("pathtree_add: strdup() failed on string [%s]!?!?!\n", path));
+ return false;
+ }
+
+
+ /*
+ * this works sort of like a 'mkdir -p' call, possibly
+ * creating an entire path to the new node at once
+ * The path should be of the form /<key1>/<key2>/...
+ */
+
+ base = path2;
+ str = path2;
+ current = tree->root;
+
+ do {
+ /* break off the remaining part of the path */
+
+ str = strchr( str, '\\' );
+ if ( str )
+ *str = '\0';
+
+ /* iterate to the next child--birth it if necessary */
+
+ next = pathtree_find_child( current, base );
+ if ( !next ) {
+ next = pathtree_birth_child( current, base );
+ if ( !next ) {
+ DEBUG(0,("pathtree_add: Failed to create new child!\n"));
+ ret = false;
+ goto done;
+ }
+ }
+ current = next;
+
+ /* setup the next part of the path */
+
+ base = str;
+ if ( base ) {
+ *base = '\\';
+ base++;
+ str = base;
+ }
+
+ } while ( base != NULL );
+
+ current->data_p = data_p;
+
+ DEBUG(10,("pathtree_add: Successfully added node [%s] to tree\n",
+ path ));
+
+ DEBUG(8,("pathtree_add: Exit\n"));
+
+done:
+ SAFE_FREE( path2 );
+ return ret;
+}
+
+
+/**************************************************************************
+ Recursive routine to print out all children of a struct tree_node
+ *************************************************************************/
+
+static void pathtree_print_children(TALLOC_CTX *ctx,
+ struct tree_node *node,
+ int debug,
+ const char *path )
+{
+ int i;
+ int num_children;
+ char *path2 = NULL;
+
+ if ( !node )
+ return;
+
+ if ( node->key )
+ DEBUG(debug,("%s: [%s] (%s)\n", path ? path : "NULL", node->key,
+ node->data_p ? "data" : "NULL" ));
+
+ if ( path ) {
+ path2 = talloc_strdup(ctx, path);
+ if (!path2) {
+ return;
+ }
+ }
+
+ path2 = talloc_asprintf(ctx,
+ "%s%s/",
+ path ? path : "",
+ node->key ? node->key : "NULL");
+ if (!path2) {
+ return;
+ }
+
+ num_children = node->num_children;
+ for ( i=0; i<num_children; i++ ) {
+ pathtree_print_children(ctx, node->children[i], debug, path2 );
+ }
+}
+
+/**************************************************************************
+ Dump the kys for a tree to the log file
+ *************************************************************************/
+
+void pathtree_print_keys(struct sorted_tree *tree, int debug )
+{
+ int i;
+ int num_children = tree->root->num_children;
+
+ if ( tree->root->key )
+ DEBUG(debug,("ROOT/: [%s] (%s)\n", tree->root->key,
+ tree->root->data_p ? "data" : "NULL" ));
+
+ for ( i=0; i<num_children; i++ ) {
+ TALLOC_CTX *ctx = talloc_stackframe();
+ pathtree_print_children(ctx, tree->root->children[i], debug,
+ tree->root->key ? tree->root->key : "ROOT/" );
+ TALLOC_FREE(ctx);
+ }
+
+}
+
+/**************************************************************************
+ return the data_p for for the node in tree matching the key string
+ The key string is the full path. We must break it apart and walk
+ the tree
+ *************************************************************************/
+
+void* pathtree_find(struct sorted_tree *tree, char *key )
+{
+ char *keystr, *base = NULL, *str = NULL, *p;
+ struct tree_node *current;
+ void *result = NULL;
+
+ DEBUG(10,("pathtree_find: Enter [%s]\n", key ? key : "NULL" ));
+
+ /* sanity checks first */
+
+ if ( !key ) {
+ DEBUG(0,("pathtree_find: Attempt to search tree using NULL search string!\n"));
+ return NULL;
+ }
+
+ if ( !tree ) {
+ DEBUG(0,("pathtree_find: Attempt to search an uninitialized tree using string [%s]!\n",
+ key ? key : "NULL" ));
+ return NULL;
+ }
+
+ if ( !tree->root )
+ return NULL;
+
+ /* make a copy to play with */
+
+ if ( *key == '\\' )
+ keystr = SMB_STRDUP( key+1 );
+ else
+ keystr = SMB_STRDUP( key );
+
+ if ( !keystr ) {
+ DEBUG(0,("pathtree_find: strdup() failed on string [%s]!?!?!\n", key));
+ return NULL;
+ }
+
+ /* start breaking the path apart */
+
+ p = keystr;
+ current = tree->root;
+
+ if ( tree->root->data_p )
+ result = tree->root->data_p;
+
+ do
+ {
+ /* break off the remaining part of the path */
+
+ trim_tree_keypath( p, &base, &str );
+
+ DEBUG(11,("pathtree_find: [loop] base => [%s], new_path => [%s]\n",
+ base ? base : "",
+ str ? str : ""));
+
+ /* iterate to the next child */
+
+ current = pathtree_find_child( current, base );
+
+ /*
+ * the idea is that the data_p for a parent should
+ * be inherited by all children, but allow it to be
+ * overridden farther down
+ */
+
+ if ( current && current->data_p )
+ result = current->data_p;
+
+ /* reset the path pointer 'p' to the remaining part of the key string */
+
+ p = str;
+
+ } while ( str && current );
+
+ /* result should be the data_p from the lowest match node in the tree */
+ if ( result )
+ DEBUG(11,("pathtree_find: Found data_p!\n"));
+
+ SAFE_FREE( keystr );
+
+ DEBUG(10,("pathtree_find: Exit\n"));
+
+ return result;
+}
diff --git a/source3/lib/audit.c b/source3/lib/audit.c
new file mode 100644
index 0000000..f0dc5c2
--- /dev/null
+++ b/source3/lib/audit.c
@@ -0,0 +1,149 @@
+/*
+ Unix SMB/CIFS implementation.
+ Auditing helper functions.
+ Copyright (C) Guenther Deschner 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../librpc/gen_ndr/lsa.h"
+
+static const struct audit_category_tab {
+ uint32_t category;
+ const char *category_str;
+ const char *param_str;
+ const char *description;
+} audit_category_tab [] = {
+ { LSA_AUDIT_CATEGORY_LOGON,
+ "LSA_AUDIT_CATEGORY_LOGON",
+ "LOGON", "Logon events" },
+ { LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
+ "LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS",
+ "PRIVILEGE", "Privilege Use" },
+ { LSA_AUDIT_CATEGORY_SYSTEM,
+ "LSA_AUDIT_CATEGORY_SYSTEM",
+ "SYSTEM", "System Events" },
+ { LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
+ "LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES",
+ "POLICY", "Policy Change" },
+ { LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
+ "LSA_AUDIT_CATEGORY_PROCCESS_TRACKING",
+ "PROCESS", "Process Tracking" },
+ { LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
+ "LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS",
+ "OBJECT", "Object Access" },
+ { LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
+ "LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT",
+ "SAM", "Account Management" },
+ { LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,
+ "LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS",
+ "DIRECTORY", "Directory service access" },
+ { LSA_AUDIT_CATEGORY_ACCOUNT_LOGON,
+ "LSA_AUDIT_CATEGORY_ACCOUNT_LOGON",
+ "ACCOUNT", "Account logon events" },
+ { .category = 0 }
+};
+
+const char *audit_category_str(uint32_t category)
+{
+ int i;
+ for (i=0; audit_category_tab[i].category_str; i++) {
+ if (category == audit_category_tab[i].category) {
+ return audit_category_tab[i].category_str;
+ }
+ }
+ return NULL;
+}
+
+const char *audit_param_str(uint32_t category)
+{
+ int i;
+ for (i=0; audit_category_tab[i].param_str; i++) {
+ if (category == audit_category_tab[i].category) {
+ return audit_category_tab[i].param_str;
+ }
+ }
+ return NULL;
+}
+
+const char *audit_description_str(uint32_t category)
+{
+ int i;
+ for (i=0; audit_category_tab[i].description; i++) {
+ if (category == audit_category_tab[i].category) {
+ return audit_category_tab[i].description;
+ }
+ }
+ return NULL;
+}
+
+bool get_audit_category_from_param(const char *param, uint32_t *audit_category)
+{
+ *audit_category = Undefined;
+
+ if (strequal(param, "SYSTEM")) {
+ *audit_category = LSA_AUDIT_CATEGORY_SYSTEM;
+ } else if (strequal(param, "LOGON")) {
+ *audit_category = LSA_AUDIT_CATEGORY_LOGON;
+ } else if (strequal(param, "OBJECT")) {
+ *audit_category = LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS;
+ } else if (strequal(param, "PRIVILEGE")) {
+ *audit_category = LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS;
+ } else if (strequal(param, "PROCESS")) {
+ *audit_category = LSA_AUDIT_CATEGORY_PROCCESS_TRACKING;
+ } else if (strequal(param, "POLICY")) {
+ *audit_category = LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES;
+ } else if (strequal(param, "SAM")) {
+ *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT;
+ } else if (strequal(param, "DIRECTORY")) {
+ *audit_category = LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS;
+ } else if (strequal(param, "ACCOUNT")) {
+ *audit_category = LSA_AUDIT_CATEGORY_ACCOUNT_LOGON;
+ } else {
+ DEBUG(0,("unknown parameter: %s\n", param));
+ return False;
+ }
+
+ return True;
+}
+
+const char *audit_policy_str(TALLOC_CTX *mem_ctx, uint32_t policy)
+{
+ const char *ret = NULL;
+
+ if (policy == LSA_AUDIT_POLICY_NONE) {
+ return talloc_strdup(mem_ctx, "None");
+ }
+
+ if (policy & LSA_AUDIT_POLICY_SUCCESS) {
+ ret = talloc_strdup(mem_ctx, "Success");
+ if (ret == NULL) {
+ return NULL;
+ }
+ }
+
+ if (policy & LSA_AUDIT_POLICY_FAILURE) {
+ if (ret) {
+ ret = talloc_asprintf(mem_ctx, "%s, %s", ret, "Failure");
+ if (ret == NULL) {
+ return NULL;
+ }
+ } else {
+ return talloc_strdup(mem_ctx, "Failure");
+ }
+ }
+
+ return ret;
+}
diff --git a/source3/lib/avahi.c b/source3/lib/avahi.c
new file mode 100644
index 0000000..269b329
--- /dev/null
+++ b/source3/lib/avahi.c
@@ -0,0 +1,275 @@
+/*
+ Unix SMB/CIFS implementation.
+ Connect avahi to lib/tevents
+ Copyright (C) Volker Lendecke 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#include <avahi-common/watch.h>
+
+struct avahi_poll_context {
+ struct tevent_context *ev;
+ AvahiWatch **watches;
+ AvahiTimeout **timeouts;
+};
+
+struct AvahiWatch {
+ struct avahi_poll_context *ctx;
+ struct tevent_fd *fde;
+ int fd;
+ AvahiWatchEvent latest_event;
+ AvahiWatchCallback callback;
+ void *userdata;
+};
+
+struct AvahiTimeout {
+ struct avahi_poll_context *ctx;
+ struct tevent_timer *te;
+ AvahiTimeoutCallback callback;
+ void *userdata;
+};
+
+static uint16_t avahi_flags_map_to_tevent(AvahiWatchEvent event)
+{
+ return ((event & AVAHI_WATCH_IN) ? TEVENT_FD_READ : 0)
+ | ((event & AVAHI_WATCH_OUT) ? TEVENT_FD_WRITE : 0);
+}
+
+static void avahi_fd_handler(struct tevent_context *ev,
+ struct tevent_fd *fde, uint16_t flags,
+ void *private_data);
+
+static AvahiWatch *avahi_watch_new(const AvahiPoll *api, int fd,
+ AvahiWatchEvent event,
+ AvahiWatchCallback callback,
+ void *userdata)
+{
+ struct avahi_poll_context *ctx = talloc_get_type_abort(
+ api->userdata, struct avahi_poll_context);
+ int num_watches = talloc_array_length(ctx->watches);
+ AvahiWatch **tmp, *watch_ctx;
+
+ tmp = talloc_realloc(ctx, ctx->watches, AvahiWatch *, num_watches + 1);
+ if (tmp == NULL) {
+ return NULL;
+ }
+ ctx->watches = tmp;
+
+ watch_ctx = talloc(tmp, AvahiWatch);
+ if (watch_ctx == NULL) {
+ goto fail;
+ }
+ ctx->watches[num_watches] = watch_ctx;
+
+ watch_ctx->ctx = ctx;
+ watch_ctx->fde = tevent_add_fd(ctx->ev, watch_ctx, fd,
+ avahi_flags_map_to_tevent(event),
+ avahi_fd_handler, watch_ctx);
+ if (watch_ctx->fde == NULL) {
+ goto fail;
+ }
+ watch_ctx->callback = callback;
+ watch_ctx->userdata = userdata;
+ return watch_ctx;
+
+ fail:
+ TALLOC_FREE(watch_ctx);
+ ctx->watches = talloc_realloc(ctx, ctx->watches, AvahiWatch *,
+ num_watches);
+ return NULL;
+}
+
+static void avahi_fd_handler(struct tevent_context *ev,
+ struct tevent_fd *fde, uint16_t flags,
+ void *private_data)
+{
+ AvahiWatch *watch_ctx = talloc_get_type_abort(private_data, AvahiWatch);
+
+ watch_ctx->latest_event =
+ ((flags & TEVENT_FD_READ) ? AVAHI_WATCH_IN : 0)
+ | ((flags & TEVENT_FD_WRITE) ? AVAHI_WATCH_OUT : 0);
+
+ watch_ctx->callback(watch_ctx, watch_ctx->fd, watch_ctx->latest_event,
+ watch_ctx->userdata);
+}
+
+static void avahi_watch_update(AvahiWatch *w, AvahiWatchEvent event)
+{
+ tevent_fd_set_flags(w->fde, avahi_flags_map_to_tevent(event));
+}
+
+static AvahiWatchEvent avahi_watch_get_events(AvahiWatch *w)
+{
+ return w->latest_event;
+}
+
+static void avahi_watch_free(AvahiWatch *w)
+{
+ int i, num_watches;
+ AvahiWatch **watches = w->ctx->watches;
+ struct avahi_poll_context *ctx;
+
+ num_watches = talloc_array_length(watches);
+
+ for (i=0; i<num_watches; i++) {
+ if (w == watches[i]) {
+ break;
+ }
+ }
+ if (i == num_watches) {
+ return;
+ }
+ ctx = w->ctx;
+ TALLOC_FREE(w);
+ memmove(&watches[i], &watches[i+1],
+ sizeof(*watches) * (num_watches - i - 1));
+ ctx->watches = talloc_realloc(ctx, watches, AvahiWatch *,
+ num_watches - 1);
+}
+
+static void avahi_timeout_handler(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval current_time,
+ void *private_data);
+
+static AvahiTimeout *avahi_timeout_new(const AvahiPoll *api,
+ const struct timeval *tv,
+ AvahiTimeoutCallback callback,
+ void *userdata)
+{
+ struct avahi_poll_context *ctx = talloc_get_type_abort(
+ api->userdata, struct avahi_poll_context);
+ int num_timeouts = talloc_array_length(ctx->timeouts);
+ AvahiTimeout **tmp, *timeout_ctx;
+
+ tmp = talloc_realloc(ctx, ctx->timeouts, AvahiTimeout *,
+ num_timeouts + 1);
+ if (tmp == NULL) {
+ return NULL;
+ }
+ ctx->timeouts = tmp;
+
+ timeout_ctx = talloc(tmp, AvahiTimeout);
+ if (timeout_ctx == NULL) {
+ goto fail;
+ }
+ ctx->timeouts[num_timeouts] = timeout_ctx;
+
+ timeout_ctx->ctx = ctx;
+ if (tv == NULL) {
+ timeout_ctx->te = NULL;
+ } else {
+ timeout_ctx->te = tevent_add_timer(ctx->ev, timeout_ctx,
+ *tv, avahi_timeout_handler,
+ timeout_ctx);
+ if (timeout_ctx->te == NULL) {
+ goto fail;
+ }
+ }
+ timeout_ctx->callback = callback;
+ timeout_ctx->userdata = userdata;
+ return timeout_ctx;
+
+ fail:
+ TALLOC_FREE(timeout_ctx);
+ ctx->timeouts = talloc_realloc(ctx, ctx->timeouts, AvahiTimeout *,
+ num_timeouts);
+ return NULL;
+}
+
+static void avahi_timeout_handler(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval current_time,
+ void *private_data)
+{
+ AvahiTimeout *timeout_ctx = talloc_get_type_abort(
+ private_data, AvahiTimeout);
+
+ TALLOC_FREE(timeout_ctx->te);
+ timeout_ctx->callback(timeout_ctx, timeout_ctx->userdata);
+}
+
+static void avahi_timeout_update(AvahiTimeout *t, const struct timeval *tv)
+{
+ TALLOC_FREE(t->te);
+
+ if (tv == NULL) {
+ /*
+ * Disable this timer
+ */
+ return;
+ }
+
+ t->te = tevent_add_timer(t->ctx->ev, t, *tv, avahi_timeout_handler, t);
+ /*
+ * No failure mode defined here
+ */
+ SMB_ASSERT(t->te != NULL);
+}
+
+static void avahi_timeout_free(AvahiTimeout *t)
+{
+ int i, num_timeouts;
+ AvahiTimeout **timeouts = t->ctx->timeouts;
+ struct avahi_poll_context *ctx;
+
+ num_timeouts = talloc_array_length(timeouts);
+
+ for (i=0; i<num_timeouts; i++) {
+ if (t == timeouts[i]) {
+ break;
+ }
+ }
+ if (i == num_timeouts) {
+ return;
+ }
+ ctx = t->ctx;
+ TALLOC_FREE(t);
+ memmove(&timeouts[i], &timeouts[i+1],
+ sizeof(*timeouts) * (num_timeouts - i - 1));
+ ctx->timeouts = talloc_realloc(ctx, timeouts, AvahiTimeout *,
+ num_timeouts - 1);
+}
+
+struct AvahiPoll *tevent_avahi_poll(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev)
+{
+ struct AvahiPoll *result;
+ struct avahi_poll_context *ctx;
+
+ result = talloc(mem_ctx, struct AvahiPoll);
+ if (result == NULL) {
+ return result;
+ }
+ ctx = talloc_zero(result, struct avahi_poll_context);
+ if (ctx == NULL) {
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ ctx->ev = ev;
+
+ result->watch_new = avahi_watch_new;
+ result->watch_update = avahi_watch_update;
+ result->watch_get_events = avahi_watch_get_events;
+ result->watch_free = avahi_watch_free;
+ result->timeout_new = avahi_timeout_new;
+ result->timeout_update = avahi_timeout_update;
+ result->timeout_free = avahi_timeout_free;
+ result->userdata = ctx;
+
+ return result;
+}
diff --git a/source3/lib/background.c b/source3/lib/background.c
new file mode 100644
index 0000000..cf6cc3a
--- /dev/null
+++ b/source3/lib/background.c
@@ -0,0 +1,256 @@
+/*
+ Unix SMB/CIFS implementation.
+ Regular background jobs as forked helpers
+ Copyright (C) Volker Lendecke 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/async_req/async_sock.h"
+#include "include/messages.h"
+#include "background.h"
+
+struct background_job_state {
+ struct tevent_context *ev;
+ struct messaging_context *msg;
+ uint32_t *trigger_msgs;
+ size_t num_trigger_msgs;
+ bool parent_longlived;
+ int (*fn)(void *private_data);
+ void *private_data;
+
+ struct tevent_req *wakeup_req;
+ int pipe_fd;
+ struct tevent_req *pipe_req;
+};
+
+static int background_job_state_destructor(struct background_job_state *s);
+static void background_job_waited(struct tevent_req *subreq);
+static void background_job_done(struct tevent_req *subreq);
+static bool background_job_trigger(
+ struct messaging_rec *rec, void *private_data);
+
+struct tevent_req *background_job_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ uint32_t *trigger_msgs,
+ size_t num_trigger_msgs,
+ time_t initial_wait_sec,
+ int (*fn)(void *private_data),
+ void *private_data)
+{
+ struct tevent_req *req, *subreq;
+ struct background_job_state *state;
+ size_t i;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct background_job_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->ev = ev;
+ state->msg = msg;
+
+ if (num_trigger_msgs != 0) {
+ state->trigger_msgs = (uint32_t *)talloc_memdup(
+ state, trigger_msgs,
+ sizeof(uint32_t) * num_trigger_msgs);
+ if (tevent_req_nomem(state->trigger_msgs, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->num_trigger_msgs = num_trigger_msgs;
+ }
+
+ state->fn = fn;
+ state->private_data = private_data;
+
+ state->pipe_fd = -1;
+ talloc_set_destructor(state, background_job_state_destructor);
+
+ for (i=0; i<num_trigger_msgs; i++) {
+ subreq = messaging_filtered_read_send(
+ state, ev, msg, background_job_trigger, state);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ subreq = tevent_wakeup_send(
+ state, state->ev, timeval_current_ofs(initial_wait_sec, 0));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, background_job_waited, req);
+ state->wakeup_req = subreq;
+ return req;
+}
+
+static int background_job_state_destructor(struct background_job_state *state)
+{
+ TALLOC_FREE(state->pipe_req);
+ if (state->pipe_fd != -1) {
+ close(state->pipe_fd);
+ state->pipe_fd = -1;
+ }
+
+ return 0;
+}
+
+static bool background_job_trigger(
+ struct messaging_rec *rec, void *private_data)
+{
+ struct background_job_state *state = talloc_get_type_abort(
+ private_data, struct background_job_state);
+ size_t i;
+
+ if (state->wakeup_req == NULL) {
+ return false;
+ }
+ for (i=0; i<state->num_trigger_msgs; i++) {
+ if (rec->msg_type == state->trigger_msgs[i]) {
+ break;
+ }
+ }
+ if (i == state->num_trigger_msgs) {
+ return false;
+ }
+ if (!tevent_req_set_endtime(state->wakeup_req, state->ev,
+ timeval_zero())) {
+ DEBUG(10, ("tevent_req_set_endtime failed\n"));
+ }
+ return false;
+}
+
+static void background_job_waited(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct background_job_state *state = tevent_req_data(
+ req, struct background_job_state);
+ int fds[2];
+ int res;
+ bool ret;
+
+ ret = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ state->wakeup_req = NULL;
+ if (!ret) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+
+ res = pipe(fds);
+ if (res == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(errno));
+ return;
+ }
+
+ res = fork();
+ if (res == -1) {
+ int err = errno;
+ close(fds[0]);
+ close(fds[1]);
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+
+ if (res == 0) {
+ /* child */
+
+ NTSTATUS status;
+ ssize_t written;
+
+ close(fds[0]);
+
+ status = reinit_after_fork(state->msg, state->ev, true);
+ if (NT_STATUS_IS_OK(status)) {
+ res = state->fn(state->private_data);
+ } else {
+ res = -1;
+ }
+ written = write(fds[1], &res, sizeof(res));
+ if (written == -1) {
+ _exit(1);
+ }
+
+ /*
+ * No TALLOC_FREE here, messaging_parent_dgm_cleanup_init for
+ * example calls background_job_send with "messaging_context"
+ * as talloc parent. Thus "state" will be freed with the
+ * following talloc_free will have removed "state" when it
+ * returns. TALLOC_FREE will then write a NULL into free'ed
+ * memory. talloc_free() is required although we immediately
+ * exit, the messaging_context's destructor will want to clean
+ * up.
+ */
+ talloc_free(state->msg);
+ _exit(0);
+ }
+
+ /* parent */
+
+ close(fds[1]);
+ state->pipe_fd = fds[0];
+
+ subreq = read_packet_send(state, state->ev, state->pipe_fd,
+ sizeof(int), NULL, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, background_job_done, req);
+ state->pipe_req = subreq;
+}
+
+static void background_job_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct background_job_state *state = tevent_req_data(
+ req, struct background_job_state);
+ ssize_t ret;
+ uint8_t *buf;
+ int err;
+ int wait_secs;
+
+ state->pipe_req = NULL;
+
+ ret = read_packet_recv(subreq, talloc_tos(), &buf, &err);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+ close(state->pipe_fd);
+ state->pipe_fd = -1;
+ memcpy(&wait_secs, buf, sizeof(wait_secs));
+ if (wait_secs == -1) {
+ tevent_req_done(req);
+ return;
+ }
+ subreq = tevent_wakeup_send(
+ state, state->ev, timeval_current_ofs(wait_secs, 0));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, background_job_waited, req);
+ state->wakeup_req = subreq;
+}
+
+NTSTATUS background_job_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
diff --git a/source3/lib/background.h b/source3/lib/background.h
new file mode 100644
index 0000000..8c8fe22
--- /dev/null
+++ b/source3/lib/background.h
@@ -0,0 +1,45 @@
+/*
+ Unix SMB/CIFS implementation.
+ Regular background jobs as forked helpers
+ Copyright (C) Volker Lendecke 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIB_BACKGROUND_H_
+#define _LIB_BACKGROUND_H_
+
+#include "replace.h"
+#include <tevent.h>
+#include "libcli/util/ntstatus.h"
+
+struct messaging_context;
+
+/*
+ * From a parent process regularly fork a process and execute fn(). fn()
+ * returns the number of seconds to wait before it is run next time. Returning
+ * -1 means stop the job.
+ */
+
+struct tevent_req *background_job_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ uint32_t *trigger_msgs,
+ size_t num_trigger_msgs,
+ time_t initial_wait_sec,
+ int (*fn)(void *private_data),
+ void *private_data);
+NTSTATUS background_job_recv(struct tevent_req *req);
+
+#endif
diff --git a/source3/lib/cbuf.c b/source3/lib/cbuf.c
new file mode 100644
index 0000000..de0518d
--- /dev/null
+++ b/source3/lib/cbuf.c
@@ -0,0 +1,328 @@
+/*
+ * Samba Unix/Linux SMB client library
+ *
+ * Copyright (C) Gregor Beck 2010
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file cbuf.c
+ * @author Gregor Beck <gb@sernet.de>
+ * @date Aug 2010
+ *
+ * @brief A talloced character buffer.
+ *
+ */
+
+
+#include "replace.h"
+#include "system/locale.h"
+#include "cbuf.h"
+#include <talloc.h>
+#include <assert.h>
+#include "lib/util/byteorder.h"
+
+
+struct cbuf {
+ char* buf;
+ size_t pos;
+ size_t size;
+};
+
+
+cbuf* cbuf_clear(cbuf* b)
+{
+ cbuf_setpos(b, 0);
+ return b;
+}
+
+cbuf* cbuf_new(const void* ctx)
+{
+ cbuf* s = talloc(ctx, cbuf);
+ if (s == NULL)
+ return NULL;
+ s->size = 32;
+ s->buf = (char *)talloc_size(s, s->size);
+ if (s->size && (s->buf == NULL)) {
+ talloc_free(s);
+ return NULL;
+ }
+ return cbuf_clear(s);
+}
+
+cbuf* cbuf_copy(const cbuf* b)
+{
+ cbuf* s = talloc(talloc_parent(b), cbuf);
+ if (s == NULL) {
+ return NULL;
+ }
+
+ s->buf = (char *)talloc_memdup(s, b->buf, b->size); /* only up to pos? */
+
+ /* XXX shallow did not work, because realloc */
+ /* fails with multiple references */
+ /* s->buf = talloc_reference(s, b->buf); */
+
+ if (s->buf == NULL) {
+ cbuf_delete(s);
+ return NULL;
+ }
+ s->size = b->size;
+ s->pos = b->pos;
+ return s;
+}
+
+void cbuf_delete(cbuf* b)
+{
+ talloc_free(b);
+}
+
+#define SWAP(A,B,T) do { \
+ T tmp = A; A = B; B = tmp; \
+ } while(0)
+
+
+void cbuf_swap(cbuf* b1, cbuf* b2)
+{
+ if (b1 == b2) {
+ return;
+ }
+ talloc_reparent(b1, b2, b1->buf);
+ talloc_reparent(b2, b1, b2->buf);
+ SWAP(b1->buf, b2->buf, char*);
+ SWAP(b1->pos, b2->pos, size_t);
+ SWAP(b1->size, b2->size, size_t);
+}
+
+
+
+cbuf* cbuf_takeover(cbuf* b1, cbuf* b2)
+{
+ talloc_reparent(b2, b1, b2->buf);
+ b1->buf = b2->buf;
+ b1->pos = b2->pos;
+ b1->size = b2->size;
+ cbuf_delete(b2);
+ return b1;
+}
+
+cbuf* cbuf_swapptr(cbuf* b, char** ptr, size_t len)
+{
+ void* p = talloc_parent(*ptr);
+ SWAP(b->buf, *ptr, char*);
+ talloc_steal(b, b->buf);
+ talloc_steal(p, *ptr);
+ b->size = talloc_get_size(b->buf);
+ b->pos = (len == -1) ? strlen(b->buf) : len;
+
+ assert(b->pos <= b->size);
+ return b;
+}
+
+cbuf* cbuf_resize(cbuf* b, size_t size)
+{
+ char* save_buf = b->buf;
+ b->buf = talloc_realloc(b, b->buf, char, size);
+ if (b->buf == NULL) {
+ talloc_free(save_buf);
+ b->size = 0;
+ } else {
+ b->size = size;
+ }
+ b->pos = MIN(b->pos, b->size);
+ return b->buf ? b : NULL;
+}
+
+char* cbuf_reserve(cbuf* b, size_t len)
+{
+ if(b->size < b->pos + len)
+ cbuf_resize(b, MAX(2*b->size, b->pos + len));
+ return b->buf ? b->buf + b->pos : NULL;
+}
+
+int cbuf_puts(cbuf* b, const char* str, size_t len)
+{
+ char* dst;
+
+ if (b == NULL)
+ return 0;
+
+ if (len == -1) {
+ len=strlen(str);
+ }
+
+ dst = cbuf_reserve(b, len+1);
+ if (dst == NULL)
+ return -1;
+
+ memcpy(dst, str, len);
+ dst[len] = '\0'; /* just to ease debugging */
+
+ b->pos += len;
+ assert(b->pos < b->size);
+
+ return len;
+}
+
+int cbuf_putc(cbuf* b, char c) {
+ char* dst;
+
+ if (b == NULL)
+ return 0;
+
+ dst = cbuf_reserve(b, 2);
+ if (dst == NULL) {
+ return -1;
+ }
+
+ dst[0] = c;
+ dst[1] = '\0'; /* just to ease debugging */
+
+ b->pos++;
+ assert(b->pos < b->size);
+
+ return 1;
+}
+
+int cbuf_putdw(cbuf* b, uint32_t u) {
+ char* dst;
+ static const size_t LEN = sizeof(uint32_t);
+
+ if (b == NULL)
+ return 0;
+
+ dst = cbuf_reserve(b, LEN);
+ if (dst == NULL) {
+ return -1;
+ }
+
+ SIVAL(dst, 0, u);
+
+ b->pos += LEN;
+ assert(b->pos <= b->size); /* no NULL termination*/
+
+ return LEN;
+}
+
+size_t cbuf_getpos(const cbuf* b) {
+ assert(b->pos <= b->size);
+ return b->pos;
+}
+
+void cbuf_setpos(cbuf* b, size_t pos) {
+ assert(pos <= b->size);
+ b->pos = pos;
+ if (pos < b->size)
+ b->buf[pos] = '\0'; /* just to ease debugging */
+}
+
+char* cbuf_gets(cbuf* b, size_t idx) {
+ assert(idx <= b->pos);
+
+ if (cbuf_reserve(b, 1) == NULL)
+ return NULL;
+
+ b->buf[b->pos] = '\0';
+ return b->buf + idx;
+}
+
+int cbuf_printf(cbuf* b, const char* fmt, ...)
+{
+ va_list args, args2;
+ int len;
+ char* dst = b->buf + b->pos;
+ const int avail = b->size - b->pos;
+ assert(avail >= 0);
+
+ va_start(args, fmt);
+ va_copy(args2, args);
+
+ len = vsnprintf(dst, avail, fmt, args);
+
+ if (len >= avail) {
+ dst = cbuf_reserve(b, len+1);
+ len = (dst != NULL) ? vsnprintf(dst, len+1, fmt, args2) : -1;
+ }
+
+ if (len > 0) {
+ b->pos += len;
+ }
+
+ va_end(args);
+ va_end(args2);
+ assert(b->pos <= b->size);
+
+ return len;
+}
+
+int cbuf_print_quoted_string(cbuf* ost, const char* s)
+{
+ int n = 1;
+ cbuf_putc(ost,'"');
+
+ while(true) {
+ switch (*s) {
+ case '\0':
+ cbuf_putc(ost, '"');
+ return n+1;
+
+ case '"':
+ case '\\':
+ cbuf_putc(ost, '\\');
+ n++;
+
+ FALL_THROUGH;
+ default:
+ cbuf_putc(ost, *s);
+ n++;
+ }
+ s++;
+ }
+}
+
+
+int cbuf_print_quoted(cbuf* ost, const char* s, size_t len)
+{
+ int n = 1;
+ int ret;
+ cbuf_reserve(ost, len+2);
+
+ cbuf_putc(ost,'"');
+
+ while(len--) {
+ switch (*s) {
+ case '"':
+ case '\\':
+ ret = cbuf_printf(ost, "\\%c", *s);
+ break;
+ default:
+ if (isprint(*s) && ((*s == ' ') || !isspace(*s))) {
+ ret = cbuf_putc(ost, *s);
+ } else {
+ ret = cbuf_printf(ost,
+ "\\%02x",
+ (unsigned char)*s);
+ }
+ }
+ s++;
+ if (ret == -1) {
+ return -1;
+ }
+ n += ret;
+ }
+ ret = cbuf_putc(ost,'"');
+
+ return (ret == -1) ? -1 : (n + ret);
+}
diff --git a/source3/lib/cbuf.h b/source3/lib/cbuf.h
new file mode 100644
index 0000000..d4f5a72
--- /dev/null
+++ b/source3/lib/cbuf.h
@@ -0,0 +1,245 @@
+/*
+ * Samba Unix/Linux SMB client library
+ * Copyright (C) Gregor Beck 2010
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file cbuf.h
+ * @author Gregor Beck <gb@sernet.de>
+ * @date Aug 2010
+ *
+ * @brief A talloced character buffer.
+ *
+ * A cbuf carries a write position and keeps track of its size.
+ */
+
+#ifndef __CBUF_H
+#define __CBUF_H
+
+struct cbuf;
+typedef struct cbuf cbuf;
+
+/**
+ * Create a new character buffer.
+ *
+ * @param talloc_ctx the talloc parent
+ *
+ * @return a new cbuf object, NULL on error
+ */
+cbuf* cbuf_new(const void* talloc_ctx);
+
+/**
+ * Create a copy of a character buffer.
+ *
+ * @param b the cbuf to copy
+ * @return a new cbuf object, NULL on error
+ */
+cbuf* cbuf_copy(const cbuf* b);
+
+/**
+ * Delete a character buffer.
+ * This invalidates b and free's the memory allocated.
+ * @warning don't talloc_free b directly, however freeing
+ * the parent works as expected
+ * @param b the cbuf to delete
+ */
+void cbuf_delete(cbuf* b);
+
+/**
+ * Reset the buffer to initial state.
+ * Set the write position to the start of buffer, effectivly
+ * clearing its contents. Doesn't free memory.
+ *
+ * @param b the buffer to clear
+ *
+ * @return b
+ */
+cbuf* cbuf_clear(cbuf* b);
+
+/**
+ * Swap the contents of two buffers in O(1).
+ *
+ * @param b1 a character buffer
+ * @param b2 another character buffer
+ */
+void cbuf_swap(cbuf* b1, cbuf* b2);
+
+/**
+ * Swap the contents of a buffer with a talloced string.
+ *
+ * @param b a character buffer
+ * @param ptr a pointer to a talloced string
+ * @param len size of string, -1 means strlen(*ptr)
+ *
+ * @return b
+ */
+cbuf* cbuf_swapptr(cbuf* b, char** ptr, size_t len);
+
+/**
+ * Let a character buffer takeover the contents of another.
+ * This is equivalent to @code
+ * cbuf_swap(b1, b2);
+ * cbuf_delete(b2);
+ * @endcode
+ * @param b1 the destination
+ * @param b2 the victim
+ *
+ * @return b1
+ */
+cbuf* cbuf_takeover(cbuf* b1, cbuf* b2);
+
+/**
+ * Resize a character buffer.
+ * This may free allocated memory.
+ *
+ * @param b the character buffer.
+ * @param size the new size
+ *
+ * @return b, NULL on error
+ */
+cbuf* cbuf_resize(cbuf* b, size_t size);
+
+/**
+ * Reserve space in a character buffer.
+ * Assert there are at least len bytes following the current write position.
+ *
+ * @param b a character buffer
+ * @param len number of bytes to reserve.
+ *
+ * @return a pointer to the current write position, NULL on error
+ */
+char* cbuf_reserve(cbuf* b, size_t len);
+
+/**
+ * Put a character into the buffer.
+ *
+ * @param b a character buffer, may be NULL.
+ * @param c a character
+ * @return number of characters written ((b==NULL) ? 0 : 1)
+ *
+ * @retval -1 on error
+ */
+int cbuf_putc(cbuf* b, char c);
+
+/**
+ * Put a string into the buffer.
+ *
+ * @param b a character buffer, may be NULL
+ * @param str a string
+ * @param len number of bytes to write, -1 means strlen(str)
+ *
+ * @return number of characters written, -1 on error
+ */
+int cbuf_puts(cbuf* b, const char* str, size_t len);
+
+/* /\** */
+/* * Put a string into the buffer, changing case. */
+/* * */
+/* * @param b a character buffer, may be NULL */
+/* * @param str a string */
+/* * @param len number of bytes to write, -1 means strlen(str) */
+/* * @param c a character specifying case: */
+/* * @li 'U' upper case */
+/* * @li 'L' lower case */
+/* * @li 'T' title case */
+/* * @li 'P' preserve case */
+/* * @return number of characters written, -1 on error */
+/* *\/ */
+/* int cbuf_puts_case(cbuf* b, const char* str, size_t len, char c); */
+
+
+
+/**
+ * Put a uint32 into the buffer.
+ * Write in little endian order.
+ *
+ * @param b a character buffer, may be NULL
+ * @param u an uint32
+ *
+ * @return number of characters written, -1 on error
+ */
+int cbuf_putdw(cbuf* b, uint32_t u);
+
+/**
+ * Print formatted to a character buffer.
+ *
+ * @param b a character buffer
+ * @param fmt a printf format string
+ *
+ * @return number of characters written, negative on error
+ */
+int cbuf_printf(cbuf* b, const char* fmt, ...) PRINTF_ATTRIBUTE(2,3);
+
+
+/**
+ * Get the current write position.
+ *
+ * @param b a character buffer.
+ *
+ * @return index of the next character to write.
+ */
+size_t cbuf_getpos(const cbuf* b);
+
+/**
+ * Set the current write position of a buffer.
+ * Invalidates the buffer contents from on the new position.
+ *
+ * @param b a character buffer
+ * @param pos a position obtained by cbuf_getpos
+ */
+void cbuf_setpos(cbuf* b, size_t pos);
+
+/**
+ * Get the buffer contents
+ * starting at idx.
+ * @pre @code idx <= cbuf_getpos(b) @endcode
+ * @param b a character buffer
+ * @param idx a position obtained by cbuf_getpos
+ *
+ * @return a NUL terminated string
+ */
+char* cbuf_gets(cbuf* b, size_t idx);
+
+/**
+ * Print quoted string to stream.
+ *
+ * @todo check for ssputc failure
+ * @see srprs_quoted_string
+ *
+ * @param[out] ost outstream
+ * @param[in] s '\0' terminated string of printable characters.
+ *
+ * @return number of bytes written, -1 on error
+ */
+int cbuf_print_quoted_string(cbuf* ost, const char* s);
+
+/**
+ * Print quoted string to stream.
+ * Escapes nonprintable characters.
+ *
+ * @todo check for ssputc failure
+ * @see srprs_quoted
+ *
+ * @param[out] ost outstream
+ * @param[in] s string of bytes
+ * @param[in] len number of bytes
+ *
+ * @return number of bytes written, -1 on error
+ */
+int cbuf_print_quoted(cbuf* ost, const char* s, size_t len);
+
+
+#endif /*__CBUF_H*/
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
new file mode 100644
index 0000000..d00a3a3
--- /dev/null
+++ b/source3/lib/charcnv.c
@@ -0,0 +1,535 @@
+/*
+ Unix SMB/CIFS implementation.
+ Character set conversion Extensions
+ Copyright (C) Igor Vergeichik <iverg@mail.ru> 2001
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Martin Pool 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+#include "includes.h"
+
+/**
+ * Destroy global objects allocated by init_iconv()
+ **/
+void gfree_charcnv(void)
+{
+ free_iconv_handle();
+}
+
+/**
+ * Copy a string from a char* unix src to a dos codepage string destination.
+ *
+ * @return the number of bytes occupied by the string in the destination.
+ *
+ * @param flags can include
+ * <dl>
+ * <dt>STR_TERMINATE</dt> <dd>means include the null termination</dd>
+ * <dt>STR_UPPER</dt> <dd>means uppercase in the destination</dd>
+ * </dl>
+ *
+ * @param dest_len the maximum length in bytes allowed in the
+ * destination.
+ **/
+size_t push_ascii(void *dest, const char *src, size_t dest_len, int flags)
+{
+ size_t src_len = 0;
+ char *tmpbuf = NULL;
+ size_t size = 0;
+ bool ret;
+
+ /* No longer allow a length of -1. */
+ if (dest_len == (size_t)-1) {
+ smb_panic("push_ascii - dest_len == -1");
+ }
+
+ if (flags & STR_UPPER) {
+ tmpbuf = SMB_STRDUP(src);
+ if (!tmpbuf) {
+ smb_panic("malloc fail");
+ }
+ if (!strupper_m(tmpbuf)) {
+ if ((flags & (STR_TERMINATE|STR_TERMINATE_ASCII)) &&
+ dest &&
+ dest_len > 0) {
+ *(char *)dest = 0;
+ }
+ SAFE_FREE(tmpbuf);
+ return 0;
+ }
+ src = tmpbuf;
+ }
+
+ src_len = strlen(src);
+ if (flags & (STR_TERMINATE | STR_TERMINATE_ASCII)) {
+ src_len++;
+ }
+
+ ret = convert_string(CH_UNIX, CH_DOS, src, src_len, dest, dest_len, &size);
+ SAFE_FREE(tmpbuf);
+ if (ret == false) {
+ if ((flags & (STR_TERMINATE | STR_TERMINATE_ASCII)) &&
+ dest_len > 0) {
+ ((char *)dest)[0] = '\0';
+ }
+ return 0;
+ }
+ return size;
+}
+
+/********************************************************************
+ Push and malloc an ascii string. src and dest null terminated.
+********************************************************************/
+
+/**
+ * Copy a string from a dos codepage source to a unix char* destination.
+ *
+ * The resulting string in "dest" is always null terminated.
+ *
+ * @param flags can have:
+ * <dl>
+ * <dt>STR_TERMINATE</dt>
+ * <dd>STR_TERMINATE means the string in @p src
+ * is null terminated, and src_len is ignored.</dd>
+ * </dl>
+ *
+ * @param src_len is the length of the source area in bytes.
+ * @returns the number of bytes occupied by the string in @p src.
+ **/
+size_t pull_ascii(char *dest, const void *src, size_t dest_len, size_t src_len, int flags)
+{
+ bool ret;
+ size_t size = 0;
+
+ if (dest_len == (size_t)-1) {
+ /* No longer allow dest_len of -1. */
+ smb_panic("pull_ascii - invalid dest_len of -1");
+ }
+
+ if (flags & STR_TERMINATE) {
+ if (src_len == (size_t)-1) {
+ src_len = strlen((const char *)src) + 1;
+ } else {
+ size_t len = strnlen((const char *)src, src_len);
+ if (len < src_len)
+ len++;
+ src_len = len;
+ }
+ }
+
+ ret = convert_string(CH_DOS, CH_UNIX, src, src_len, dest, dest_len, &size);
+ if (ret == false) {
+ size = 0;
+ dest_len = 0;
+ }
+
+ if (dest_len && size) {
+ /* Did we already process the terminating zero ? */
+ if (dest[MIN(size-1, dest_len-1)] != 0) {
+ dest[MIN(size, dest_len-1)] = 0;
+ }
+ } else {
+ dest[0] = 0;
+ }
+
+ return src_len;
+}
+
+/**
+ * Copy a string from a dos codepage source to a unix char* destination.
+ * Talloc version.
+ *
+ * The resulting string in "dest" is always null terminated.
+ *
+ * @param flags can have:
+ * <dl>
+ * <dt>STR_TERMINATE</dt>
+ * <dd>STR_TERMINATE means the string in @p src
+ * is null terminated, and src_len is ignored.</dd>
+ * </dl>
+ *
+ * @param src_len is the length of the source area in bytes.
+ * @returns the number of bytes occupied by the string in @p src.
+ **/
+
+static size_t pull_ascii_base_talloc(TALLOC_CTX *ctx,
+ char **ppdest,
+ const void *src,
+ size_t src_len,
+ int flags)
+{
+ char *dest = NULL;
+ size_t dest_len;
+
+ *ppdest = NULL;
+
+ if (!src_len) {
+ return 0;
+ }
+
+ if (src_len == (size_t)-1) {
+ smb_panic("src_len == -1 in pull_ascii_base_talloc");
+ }
+
+ if (flags & STR_TERMINATE) {
+ size_t len = strnlen((const char *)src, src_len);
+ if (len < src_len)
+ len++;
+ src_len = len;
+ /* Ensure we don't use an insane length from the client. */
+ if (src_len >= 1024*1024) {
+ char *msg = talloc_asprintf(ctx,
+ "Bad src length (%u) in "
+ "pull_ascii_base_talloc",
+ (unsigned int)src_len);
+ smb_panic(msg);
+ }
+ }
+
+ /* src_len != -1 here. */
+
+ if (!convert_string_talloc(ctx, CH_DOS, CH_UNIX, src, src_len, &dest,
+ &dest_len)) {
+ dest_len = 0;
+ }
+
+ if (dest_len && dest) {
+ /* Did we already process the terminating zero ? */
+ if (dest[dest_len-1] != 0) {
+ size_t size = talloc_get_size(dest);
+ /* Have we got space to append the '\0' ? */
+ if (size <= dest_len) {
+ /* No, realloc. */
+ dest = talloc_realloc(ctx, dest, char,
+ dest_len+1);
+ if (!dest) {
+ /* talloc fail. */
+ dest_len = (size_t)-1;
+ return 0;
+ }
+ }
+ /* Yay - space ! */
+ dest[dest_len] = '\0';
+ dest_len++;
+ }
+ } else if (dest) {
+ dest[0] = 0;
+ }
+
+ *ppdest = dest;
+ return src_len;
+}
+
+/**
+ * Copy a string from a char* src to a unicode destination.
+ *
+ * @returns the number of bytes occupied by the string in the destination.
+ *
+ * @param flags can have:
+ *
+ * <dl>
+ * <dt>STR_TERMINATE <dd>means include the null termination.
+ * <dt>STR_UPPER <dd>means uppercase in the destination.
+ * <dt>STR_NOALIGN <dd>means don't do alignment.
+ * </dl>
+ *
+ * @param dest_len is the maximum length allowed in the
+ * destination.
+ **/
+
+static size_t push_ucs2(const void *base_ptr, void *dest, const char *src, size_t dest_len, int flags)
+{
+ size_t len=0;
+ size_t src_len;
+ size_t size = 0;
+ bool ret;
+
+ if (dest_len == (size_t)-1) {
+ /* No longer allow dest_len of -1. */
+ smb_panic("push_ucs2 - invalid dest_len of -1");
+ }
+
+ if (flags & STR_TERMINATE)
+ src_len = (size_t)-1;
+ else
+ src_len = strlen(src);
+
+ if (ucs2_align(base_ptr, dest, flags)) {
+ *(char *)dest = 0;
+ dest = (void *)((char *)dest + 1);
+ if (dest_len)
+ dest_len--;
+ len++;
+ }
+
+ /* ucs2 is always a multiple of 2 bytes */
+ dest_len &= ~1;
+
+ ret = convert_string(CH_UNIX, CH_UTF16LE, src, src_len, dest, dest_len, &size);
+ if (ret == false) {
+ if ((flags & STR_TERMINATE) &&
+ dest &&
+ dest_len) {
+ *(char *)dest = 0;
+ }
+ return len;
+ }
+
+ len += size;
+
+ if (flags & STR_UPPER) {
+ smb_ucs2_t *dest_ucs2 = (smb_ucs2_t *)dest;
+ size_t i;
+
+ /* We check for i < (size / 2) below as the dest string isn't null
+ terminated if STR_TERMINATE isn't set. */
+
+ for (i = 0; i < (size / 2) && i < (dest_len / 2) && dest_ucs2[i]; i++) {
+ smb_ucs2_t v = toupper_w(dest_ucs2[i]);
+ if (v != dest_ucs2[i]) {
+ dest_ucs2[i] = v;
+ }
+ }
+ }
+
+ return len;
+}
+
+/**
+ Copy a string from a ucs2 source to a unix char* destination.
+ Talloc version with a base pointer.
+ Uses malloc if TALLOC_CTX is NULL (this is a bad interface and
+ needs fixing. JRA).
+ Flags can have:
+ STR_TERMINATE means the string in src is null terminated.
+ STR_NOALIGN means don't try to align.
+ if STR_TERMINATE is set then src_len is ignored if it is -1.
+ src_len is the length of the source area in bytes
+ Return the number of bytes occupied by the string in src.
+ The resulting string in "dest" is always null terminated.
+**/
+
+static size_t pull_ucs2_base_talloc(TALLOC_CTX *ctx,
+ const void *base_ptr,
+ char **ppdest,
+ const void *src,
+ size_t src_len,
+ int flags)
+{
+ char *dest;
+ size_t dest_len;
+ size_t ucs2_align_len = 0;
+
+ *ppdest = NULL;
+
+#ifdef DEVELOPER
+ /* Ensure we never use the braindead "malloc" variant. */
+ if (ctx == NULL) {
+ smb_panic("NULL talloc CTX in pull_ucs2_base_talloc\n");
+ }
+#endif
+
+ if (!src_len) {
+ return 0;
+ }
+
+ if (src_len == (size_t)-1) {
+ /* no longer used anywhere, but worth checking */
+ smb_panic("sec_len == -1 in pull_ucs2_base_talloc");
+ }
+
+ if (ucs2_align(base_ptr, src, flags)) {
+ src = (const void *)((const char *)src + 1);
+ src_len--;
+ ucs2_align_len = 1;
+ }
+
+ if (flags & STR_TERMINATE) {
+ /* src_len -1 is the default for null terminated strings. */
+ size_t len = strnlen_w((const smb_ucs2_t *)src,
+ src_len/2);
+ if (len < src_len/2)
+ len++;
+ src_len = len*2;
+
+ /* Ensure we don't use an insane length from the client. */
+ if (src_len >= 1024*1024) {
+ smb_panic("Bad src length in pull_ucs2_base_talloc\n");
+ }
+ }
+
+ /* ucs2 is always a multiple of 2 bytes */
+ src_len &= ~1;
+
+ if (!convert_string_talloc(ctx, CH_UTF16LE, CH_UNIX, src, src_len,
+ (void *)&dest, &dest_len)) {
+ dest_len = 0;
+ }
+
+ if (dest_len) {
+ /* Did we already process the terminating zero ? */
+ if (dest[dest_len-1] != 0) {
+ size_t size = talloc_get_size(dest);
+ /* Have we got space to append the '\0' ? */
+ if (size <= dest_len) {
+ /* No, realloc. */
+ dest = talloc_realloc(ctx, dest, char,
+ dest_len+1);
+ if (!dest) {
+ /* talloc fail. */
+ dest_len = (size_t)-1;
+ return 0;
+ }
+ }
+ /* Yay - space ! */
+ dest[dest_len] = '\0';
+ dest_len++;
+ }
+ } else if (dest) {
+ dest[0] = 0;
+ }
+
+ *ppdest = dest;
+ return src_len + ucs2_align_len;
+}
+
+/**
+ Copy a string from a char* src to a unicode or ascii
+ dos codepage destination choosing unicode or ascii based on the
+ flags supplied
+ Return the number of bytes occupied by the string in the destination.
+ flags can have:
+ STR_TERMINATE means include the null termination.
+ STR_UPPER means uppercase in the destination.
+ STR_ASCII use ascii even with unicode packet.
+ STR_NOALIGN means don't do alignment.
+ dest_len is the maximum length allowed in the destination. If dest_len
+ is -1 then no maximum is used.
+**/
+
+size_t push_string_check_fn(void *dest, const char *src,
+ size_t dest_len, int flags)
+{
+ if (!(flags & STR_ASCII) && (flags & STR_UNICODE)) {
+ return push_ucs2(NULL, dest, src, dest_len, flags);
+ }
+ return push_ascii(dest, src, dest_len, flags);
+}
+
+
+/**
+ Copy a string from a char* src to a unicode or ascii
+ dos codepage destination choosing unicode or ascii based on the
+ flags in the SMB buffer starting at base_ptr.
+ Return the number of bytes occupied by the string in the destination.
+ flags can have:
+ STR_TERMINATE means include the null termination.
+ STR_UPPER means uppercase in the destination.
+ STR_ASCII use ascii even with unicode packet.
+ STR_NOALIGN means don't do alignment.
+ dest_len is the maximum length allowed in the destination. If dest_len
+ is -1 then no maximum is used.
+**/
+
+size_t push_string_base(const char *base, uint16_t flags2,
+ void *dest, const char *src,
+ size_t dest_len, int flags)
+{
+
+ if (!(flags & STR_ASCII) && \
+ ((flags & STR_UNICODE || \
+ (flags2 & FLAGS2_UNICODE_STRINGS)))) {
+ return push_ucs2(base, dest, src, dest_len, flags);
+ }
+ return push_ascii(dest, src, dest_len, flags);
+}
+
+/**
+ Copy a string from a unicode or ascii source (depending on
+ the packet flags) to a char* destination.
+ Variant that uses talloc.
+ Flags can have:
+ STR_TERMINATE means the string in src is null terminated.
+ STR_UNICODE means to force as unicode.
+ STR_ASCII use ascii even with unicode packet.
+ STR_NOALIGN means don't do alignment.
+ if STR_TERMINATE is set then src_len is ignored is it is -1
+ src_len is the length of the source area in bytes.
+ Return the number of bytes occupied by the string in src.
+ The resulting string in "dest" is always null terminated.
+**/
+
+size_t pull_string_talloc(TALLOC_CTX *ctx,
+ const void *base_ptr,
+ uint16_t smb_flags2,
+ char **ppdest,
+ const void *src,
+ size_t src_len,
+ int flags)
+{
+ if ((base_ptr == NULL) && ((flags & (STR_ASCII|STR_UNICODE)) == 0)) {
+ smb_panic("No base ptr to get flg2 and neither ASCII nor "
+ "UNICODE defined");
+ }
+
+ if (!(flags & STR_ASCII) && \
+ ((flags & STR_UNICODE || \
+ (smb_flags2 & FLAGS2_UNICODE_STRINGS)))) {
+ return pull_ucs2_base_talloc(ctx,
+ base_ptr,
+ ppdest,
+ src,
+ src_len,
+ flags);
+ }
+ return pull_ascii_base_talloc(ctx,
+ ppdest,
+ src,
+ src_len,
+ flags);
+}
+
+/*******************************************************************
+ Write a string in (little-endian) unicode format. src is in
+ the current DOS codepage. len is the length in bytes of the
+ string pointed to by dst.
+
+ if null_terminate is True then null terminate the packet (adds 2 bytes)
+
+ the return value is the length in bytes consumed by the string, including the
+ null termination if applied
+********************************************************************/
+
+size_t dos_PutUniCode(char *dst,const char *src, size_t len, bool null_terminate)
+{
+ int flags = null_terminate ? STR_UNICODE|STR_NOALIGN|STR_TERMINATE
+ : STR_UNICODE|STR_NOALIGN;
+ return push_ucs2(NULL, dst, src, len, flags);
+}
+
+
+/* Converts a string from internal samba format to unicode. Always terminates.
+ * Actually just a wrapper round push_ucs2_talloc().
+ */
+
+int rpcstr_push_talloc(TALLOC_CTX *ctx, smb_ucs2_t **dest, const char *src)
+{
+ size_t size;
+ if (push_ucs2_talloc(ctx, dest, src, &size))
+ return size;
+ else
+ return -1;
+}
diff --git a/source3/lib/cleanupdb.c b/source3/lib/cleanupdb.c
new file mode 100644
index 0000000..1b3c5a2
--- /dev/null
+++ b/source3/lib/cleanupdb.c
@@ -0,0 +1,169 @@
+/*
+ Unix SMB/CIFS implementation.
+ Implementation of reliable cleanup events
+ Copyright (C) Ralph Boehme 2016
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "system/filesys.h"
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/debug.h"
+#include "source3/lib/cleanupdb.h"
+#include "source3/lib/util_path.h"
+
+struct cleanup_key {
+ pid_t pid;
+};
+
+struct cleanup_rec {
+ bool unclean;
+};
+
+static struct tdb_wrap *cleanup_db(void)
+{
+ static struct tdb_wrap *db;
+ char *db_path = NULL;
+ int tdbflags = TDB_INCOMPATIBLE_HASH | TDB_CLEAR_IF_FIRST |
+ TDB_MUTEX_LOCKING;
+
+ if (db != NULL) {
+ return db;
+ }
+
+ db_path = lock_path(talloc_tos(), "smbd_cleanupd.tdb");
+ if (db_path == NULL) {
+ return NULL;
+ }
+
+ db = tdb_wrap_open(NULL, db_path, 0, tdbflags,
+ O_CREAT | O_RDWR, 0644);
+ if (db == NULL) {
+ DBG_ERR("Failed to open smbd_cleanupd.tdb\n");
+ }
+
+ TALLOC_FREE(db_path);
+ return db;
+}
+
+bool cleanupdb_store_child(const pid_t pid, const bool unclean)
+{
+ struct tdb_wrap *db;
+ struct cleanup_key key = { .pid = pid };
+ struct cleanup_rec rec = { .unclean = unclean };
+ TDB_DATA tdbkey = { .dptr = (uint8_t *)&key, .dsize = sizeof(key) };
+ TDB_DATA tdbdata = { .dptr = (uint8_t *)&rec, .dsize = sizeof(rec) };
+ int result;
+
+ db = cleanup_db();
+ if (db == NULL) {
+ return false;
+ }
+
+ result = tdb_store(db->tdb, tdbkey, tdbdata, TDB_REPLACE);
+ if (result != 0) {
+ DBG_ERR("tdb_store failed for pid %d\n", (int)pid);
+ return false;
+ }
+
+ return true;
+}
+
+bool cleanupdb_delete_child(const pid_t pid)
+{
+ struct tdb_wrap *db;
+ struct cleanup_key key = { .pid = pid };
+ TDB_DATA tdbkey = { .dptr = (uint8_t *)&key, .dsize = sizeof(key) };
+ int result;
+
+ db = cleanup_db();
+ if (db == NULL) {
+ return false;
+ }
+
+ result = tdb_delete(db->tdb, tdbkey);
+ if (result != 0) {
+ DBG_ERR("tdb_delete failed for pid %d\n", (int)pid);
+ return false;
+ }
+
+ return true;
+}
+
+struct cleanup_read_state {
+ int (*fn)(const pid_t pid, const bool cleanup, void *private_data);
+ void *private_data;
+};
+
+static int cleanup_traverse_fn(struct tdb_context *tdb,
+ TDB_DATA key, TDB_DATA value,
+ void *private_data)
+{
+ struct cleanup_read_state *state =
+ (struct cleanup_read_state *)private_data;
+ struct cleanup_key ckey;
+ struct cleanup_rec rec;
+ int result;
+
+ if (key.dsize != sizeof(struct cleanup_key)) {
+ DBG_ERR("Found invalid key length %zu in cleanup.tdb\n",
+ key.dsize);
+ return -1;
+ }
+ memcpy(&ckey, key.dptr, sizeof(struct cleanup_key));
+
+ if (value.dsize != sizeof(struct cleanup_rec)) {
+ DBG_ERR("Found invalid value length %zu in cleanup.tdb\n",
+ value.dsize);
+ return -1;
+ }
+ memcpy(&rec, value.dptr, sizeof(struct cleanup_rec));
+
+ result = state->fn(ckey.pid, rec.unclean, state->private_data);
+ if (result != 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+int cleanupdb_traverse_read(int (*fn)(const pid_t pid,
+ const bool cleanup,
+ void *private_data),
+ void *private_data)
+{
+ struct tdb_wrap *db;
+ struct cleanup_read_state state;
+ int result;
+
+ db = cleanup_db();
+ if (db == NULL) {
+ return -1;
+ }
+
+ state = (struct cleanup_read_state) {
+ .fn = fn,
+ .private_data = private_data
+ };
+
+ result = tdb_traverse_read(db->tdb, cleanup_traverse_fn, &state);
+ if (result < 0) {
+ DBG_ERR("tdb_traverse_read failed\n");
+ return -1;
+ }
+
+ return result;
+}
diff --git a/source3/lib/cleanupdb.h b/source3/lib/cleanupdb.h
new file mode 100644
index 0000000..83f51bb
--- /dev/null
+++ b/source3/lib/cleanupdb.h
@@ -0,0 +1,32 @@
+/*
+ Unix SMB/CIFS implementation.
+ Implementation of reliable cleanup events
+ Copyright (C) Ralph Boehme 2016
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIB_CLEANUPDB_H__
+#define __LIB_CLEANUPDB_H__
+
+#include "replace.h"
+
+bool cleanupdb_store_child(const pid_t pid, const bool unclean);
+bool cleanupdb_delete_child(const pid_t pid);
+int cleanupdb_traverse_read(int (*fn)(const pid_t pid,
+ const bool cleanup,
+ void *private_data),
+ void *private_data);
+
+#endif
diff --git a/source3/lib/cluster_support.c b/source3/lib/cluster_support.c
new file mode 100644
index 0000000..c11b1f7
--- /dev/null
+++ b/source3/lib/cluster_support.c
@@ -0,0 +1,72 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) 2014 Stefan Metzmacher
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include <tdb.h>
+#include "cluster_support.h"
+
+#ifdef CLUSTER_SUPPORT
+#include <ctdb_protocol.h>
+#endif
+
+bool cluster_support_available(void)
+{
+#ifdef CLUSTER_SUPPORT
+ return true;
+#else
+ return false;
+#endif
+}
+
+const char *cluster_support_features(void)
+{
+#define _LINE_DEF(x) " " #x "\n"
+#define _LINE_STR(x) " " #x ": " x "\n"
+#define _LINE_INT(x) " " #x ": " __STRINGSTRING(x) "\n"
+ static const char *v = "Cluster support features:\n"
+#ifdef CLUSTER_SUPPORT
+ _LINE_DEF(CLUSTER_SUPPORT)
+#else
+ " NONE\n"
+#endif
+#ifdef CTDB_SOCKET
+ _LINE_STR(CTDB_SOCKET)
+#endif
+#ifdef CTDB_PROTOCOL
+ _LINE_INT(CTDB_PROTOCOL)
+#endif
+ "";
+
+ return v;
+}
+
+const char *lp_ctdbd_socket(void)
+{
+ const char *ret;
+
+ ret = lp__ctdbd_socket();
+ if (ret != NULL && strlen(ret) > 0) {
+ return ret;
+ }
+
+#ifdef CTDB_SOCKET
+ return CTDB_SOCKET;
+#else
+ return "";
+#endif
+}
diff --git a/source3/lib/cluster_support.h b/source3/lib/cluster_support.h
new file mode 100644
index 0000000..5e040bb
--- /dev/null
+++ b/source3/lib/cluster_support.h
@@ -0,0 +1,21 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) 2014 Stefan Metzmacher
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+bool cluster_support_available(void);
+const char *cluster_support_features(void);
+const char *lp_ctdbd_socket(void);
diff --git a/source3/lib/cmdline_contexts.c b/source3/lib/cmdline_contexts.c
new file mode 100644
index 0000000..627ee4f
--- /dev/null
+++ b/source3/lib/cmdline_contexts.c
@@ -0,0 +1,71 @@
+/*
+ Unix SMB/CIFS implementation.
+ cmdline context wrapper.
+
+ Copyright (C) Christof Schmitt <cs@samba.org> 2018
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "cmdline_contexts.h"
+#include "includes.h"
+#include "messages.h"
+#include "lib/global_contexts.h"
+
+struct messaging_context *cmdline_messaging_context(const char *config_file)
+{
+ struct messaging_context *msg_ctx = NULL;
+
+ /*
+ * Ensure that a config is loaded, in case the underlying
+ * messaging_init needs to create directories or sockets.
+ */
+ if (!lp_loaded()) {
+ if (!lp_load_initial_only(config_file)) {
+ return NULL;
+ }
+ }
+
+ /*
+ * Clustered Samba can only work as root due to required
+ * access to the registry and ctdb, which in turn requires
+ * messaging access as root.
+ */
+ if (lp_clustering() && geteuid() != 0) {
+ fprintf(stderr, "Cluster mode requires running as root.\n");
+ exit(1);
+ }
+
+ msg_ctx = global_messaging_context();
+ if (msg_ctx == NULL) {
+ if (geteuid() == 0) {
+ fprintf(stderr,
+ "Unable to initialize messaging context!\n");
+ exit(1);
+ } else {
+ /*
+ * Non-cluster, non-root: Log error, but leave
+ * it up to the caller how to proceed.
+ */
+ DBG_NOTICE("Unable to initialize messaging context.\n");
+ }
+ }
+
+ return msg_ctx;
+}
+
+void cmdline_messaging_context_free(void)
+{
+ global_messaging_context_free();
+}
diff --git a/source3/lib/cmdline_contexts.h b/source3/lib/cmdline_contexts.h
new file mode 100644
index 0000000..21f81f0
--- /dev/null
+++ b/source3/lib/cmdline_contexts.h
@@ -0,0 +1,27 @@
+/*
+ Unix SMB/CIFS implementation.
+ cmdline context wrapper.
+
+ Copyright (C) Christof Schmitt <cs@samba.org> 2018
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIB_CMDLINE_CONTEXTS_H
+#define _LIB_CMDLINE_CONTEXTS_H
+
+struct messaging_context *cmdline_messaging_context(const char *config_file);
+void cmdline_messaging_context_free(void);
+
+#endif
diff --git a/source3/lib/ctdb_dummy.c b/source3/lib/ctdb_dummy.c
new file mode 100644
index 0000000..f159b7d
--- /dev/null
+++ b/source3/lib/ctdb_dummy.c
@@ -0,0 +1,180 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) 2014 Björn Baumbach
+ Copyright (C) 2014 Stefan Metzmacher
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "messages.h"
+#include "lib/messages_ctdb.h"
+#include "lib/messages_ctdb_ref.h"
+#include "ctdbd_conn.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "lib/dbwrap/dbwrap_ctdb.h"
+#include "torture/proto.h"
+
+int ctdbd_probe(const char *sockname, int timeout)
+{
+ return ENOSYS;
+}
+
+int ctdbd_messaging_send_iov(struct ctdbd_connection *conn,
+ uint32_t dst_vnn, uint64_t dst_srvid,
+ const struct iovec *iov, int iovlen)
+{
+ return ENOSYS;
+}
+
+int register_with_ctdbd(struct ctdbd_connection *conn, uint64_t srvid,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn, uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg, size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ return ENOSYS;
+}
+
+void deregister_from_ctdbd(struct ctdbd_connection *conn,
+ uint64_t srvid,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn,
+ uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg,
+ size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+}
+
+int ctdbd_register_ips(struct ctdbd_connection *conn,
+ const struct sockaddr_storage *_server,
+ const struct sockaddr_storage *_client,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn, uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg, size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ return ENOSYS;
+}
+
+void ctdbd_unregister_ips(struct ctdbd_connection *conn,
+ const struct sockaddr_storage *_server,
+ const struct sockaddr_storage *_client,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn,
+ uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg,
+ size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ return;
+}
+void ctdbd_passed_ips(struct ctdbd_connection *conn,
+ const struct sockaddr_storage *_server,
+ const struct sockaddr_storage *_client,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn,
+ uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg,
+ size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ return;
+}
+
+int ctdbd_public_ip_foreach(struct ctdbd_connection *conn,
+ int (*cb)(uint32_t total_ip_count,
+ const struct sockaddr_storage *ip,
+ bool is_movable_ip,
+ void *private_data),
+ void *private_data)
+{
+ return ENOSYS;
+}
+
+int ctdbd_all_ip_foreach(struct ctdbd_connection *conn,
+ bool include_node_ips,
+ bool include_public_ips,
+ int (*cb)(uint32_t total_ip_count,
+ const struct sockaddr_storage *ip,
+ uint32_t pinned_pnn,
+ uint32_t current_pnn,
+ void *private_data),
+ void *private_data)
+{
+ return ENOSYS;
+}
+
+bool ctdbd_process_exists(struct ctdbd_connection *conn, uint32_t vnn,
+ pid_t pid, uint64_t unique_id)
+{
+ return false;
+}
+
+struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *name,
+ int hash_size, int tdb_flags,
+ int open_flags, mode_t mode,
+ enum dbwrap_lock_order lock_order,
+ uint64_t dbwrap_flags)
+{
+ errno = ENOSYS;
+ return NULL;
+}
+
+int messaging_ctdb_send(uint32_t dst_vnn, uint64_t dst_srvid,
+ const struct iovec *iov, int iovlen)
+{
+ return ENOSYS;
+}
+
+void *messaging_ctdb_ref(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *sockname, int timeout, uint64_t unique_id,
+ void (*recv_cb)(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds,
+ void *private_data),
+ void *private_data,
+ int *err)
+{
+ return NULL;
+}
+
+struct messaging_ctdb_fde *messaging_ctdb_register_tevent_context(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev)
+{
+ return NULL;
+}
+
+struct ctdbd_connection *messaging_ctdb_connection(void)
+{
+ return NULL;
+}
+
+int ctdb_async_ctx_reinit(TALLOC_CTX *mem_ctx, struct tevent_context *ev)
+{
+ return ENOSYS;
+}
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
new file mode 100644
index 0000000..9f8dce6
--- /dev/null
+++ b/source3/lib/ctdbd_conn.c
@@ -0,0 +1,2341 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba internal messaging functions
+ Copyright (C) 2007 by Volker Lendecke
+ Copyright (C) 2007 by Andrew Tridgell
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include <tevent.h>
+#include "util_tdb.h"
+#include "serverid.h"
+#include "ctdbd_conn.h"
+#include "system/select.h"
+#include "lib/util/util_net.h"
+#include "lib/util/sys_rw_data.h"
+#include "lib/util/iov_buf.h"
+#include "lib/util/select.h"
+#include "lib/util/debug.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/genrand.h"
+#include "lib/util/fault.h"
+#include "lib/util/dlinklist.h"
+#include "lib/util/tevent_unix.h"
+#include "lib/util/sys_rw.h"
+#include "lib/util/blocking.h"
+#include "ctdb/include/ctdb_protocol.h"
+#include "lib/async_req/async_sock.h"
+#include "lib/dbwrap/dbwrap.h"
+#include "lib/dbwrap/dbwrap_rbt.h"
+
+/* paths to these include files come from --with-ctdb= in configure */
+
+struct ctdbd_srvid_cb {
+ uint64_t srvid;
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn, uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg, size_t msglen,
+ void *private_data);
+ void *private_data;
+};
+
+struct ctdbd_connection {
+ uint32_t reqid;
+ uint32_t our_vnn;
+ uint64_t rand_srvid;
+ struct ctdbd_srvid_cb *callbacks;
+ int fd;
+ int timeout;
+
+ /*
+ * Outgoing queue for writev_send of asynchronous ctdb requests
+ */
+ struct tevent_queue *outgoing;
+ struct tevent_req **pending;
+ struct tevent_req *read_req;
+};
+
+static bool ctdbd_conn_has_async_reqs(struct ctdbd_connection *conn)
+{
+ size_t len = talloc_array_length(conn->pending);
+ return (len != 0);
+}
+
+static uint32_t ctdbd_next_reqid(struct ctdbd_connection *conn)
+{
+ conn->reqid += 1;
+ if (conn->reqid == 0) {
+ conn->reqid += 1;
+ }
+ return conn->reqid;
+}
+
+static int ctdbd_control(struct ctdbd_connection *conn,
+ uint32_t vnn, uint32_t opcode,
+ uint64_t srvid, uint32_t flags,
+ TDB_DATA data,
+ TALLOC_CTX *mem_ctx, TDB_DATA *outdata,
+ int32_t *cstatus);
+
+/*
+ * exit on fatal communications errors with the ctdbd daemon
+ */
+static void cluster_fatal(const char *why)
+{
+ DEBUG(0,("cluster fatal event: %s - exiting immediately\n", why));
+ /* we don't use smb_panic() as we don't want to delay to write
+ a core file. We need to release this process id immediately
+ so that someone else can take over without getting sharing
+ violations */
+ _exit(1);
+}
+
+/*
+ *
+ */
+static void ctdb_packet_dump(struct ctdb_req_header *hdr)
+{
+ if (DEBUGLEVEL < 11) {
+ return;
+ }
+ DEBUGADD(11, ("len=%"PRIu32", magic=%"PRIu32", vers=%"PRIu32", "
+ "gen=%"PRIu32", op=%"PRIu32", reqid=%"PRIu32"\n",
+ hdr->length,
+ hdr->ctdb_magic,
+ hdr->ctdb_version,
+ hdr->generation,
+ hdr->operation,
+ hdr->reqid));
+}
+
+/*
+ * Register a srvid with ctdbd
+ */
+int register_with_ctdbd(struct ctdbd_connection *conn, uint64_t srvid,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn, uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg, size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ size_t num_callbacks = talloc_array_length(conn->callbacks);
+ struct ctdbd_srvid_cb *tmp;
+ bool need_register = true;
+ size_t i;
+
+ for (i = 0; i < num_callbacks; i++) {
+ struct ctdbd_srvid_cb *c = &conn->callbacks[i];
+
+ if (c->srvid == srvid) {
+ need_register = false;
+ break;
+ }
+ }
+
+ if (need_register) {
+ int ret;
+ int32_t cstatus;
+
+ ret = ctdbd_control_local(conn, CTDB_CONTROL_REGISTER_SRVID,
+ srvid, 0, tdb_null, NULL, NULL,
+ &cstatus);
+ if (ret != 0) {
+ return ret;
+ }
+ }
+
+
+ tmp = talloc_realloc(conn, conn->callbacks, struct ctdbd_srvid_cb,
+ num_callbacks + 1);
+ if (tmp == NULL) {
+ return ENOMEM;
+ }
+ conn->callbacks = tmp;
+
+ conn->callbacks[num_callbacks] = (struct ctdbd_srvid_cb) {
+ .srvid = srvid, .cb = cb, .private_data = private_data
+ };
+
+ return 0;
+}
+
+void deregister_from_ctdbd(struct ctdbd_connection *conn,
+ uint64_t srvid,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn,
+ uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg,
+ size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ struct ctdbd_srvid_cb *cbs = conn->callbacks;
+ size_t i, num_callbacks = talloc_array_length(cbs);
+ bool need_deregister = false;
+ bool keep_registration = false;
+
+ if (num_callbacks == 0) {
+ return;
+ }
+
+ for (i = 0; i < num_callbacks;) {
+ struct ctdbd_srvid_cb *c = &cbs[i];
+
+ if (c->srvid != srvid) {
+ i++;
+ continue;
+ }
+
+ if ((c->cb == cb) && (c->private_data == private_data)) {
+ need_deregister = true;
+ ARRAY_DEL_ELEMENT(cbs, i, num_callbacks);
+ num_callbacks--;
+ continue;
+ }
+
+ keep_registration = true;
+ i++;
+ }
+
+ conn->callbacks = talloc_realloc(conn,
+ cbs,
+ struct ctdbd_srvid_cb,
+ num_callbacks);
+
+ if (keep_registration) {
+ need_deregister = false;
+ }
+
+ if (need_deregister) {
+ int ret;
+ int32_t cstatus;
+
+ ret = ctdbd_control_local(conn, CTDB_CONTROL_DEREGISTER_SRVID,
+ srvid, 0, tdb_null, NULL, NULL,
+ &cstatus);
+ if (ret != 0) {
+ /*
+ * If CTDB_CONTROL_DEREGISTER_SRVID fails we may still
+ * get messages later, but we don't have a callback
+ * anymore, we just ignore these.
+ */
+ }
+ }
+
+ return;
+}
+
+static int ctdbd_msg_call_back(struct tevent_context *ev,
+ struct ctdbd_connection *conn,
+ struct ctdb_req_message_old *msg)
+{
+ uint32_t msg_len;
+ size_t i, num_callbacks;
+
+ msg_len = msg->hdr.length;
+ if (msg_len < offsetof(struct ctdb_req_message_old, data)) {
+ DBG_DEBUG("len %"PRIu32" too small\n", msg_len);
+ return 0;
+ }
+ msg_len -= offsetof(struct ctdb_req_message_old, data);
+
+ if (msg_len < msg->datalen) {
+ DBG_DEBUG("msg_len=%"PRIu32" < msg->datalen=%"PRIu32"\n",
+ msg_len, msg->datalen);
+ return 0;
+ }
+
+ num_callbacks = talloc_array_length(conn->callbacks);
+
+ for (i=0; i<num_callbacks; i++) {
+ struct ctdbd_srvid_cb *cb = &conn->callbacks[i];
+
+ if ((cb->srvid == msg->srvid) && (cb->cb != NULL)) {
+ int ret;
+
+ ret = cb->cb(ev,
+ msg->hdr.srcnode, msg->hdr.destnode,
+ msg->srvid, msg->data, msg->datalen,
+ cb->private_data);
+ if (ret != 0) {
+ return ret;
+ }
+ }
+ }
+ return 0;
+}
+
+/*
+ * get our vnn from the cluster
+ */
+static int get_cluster_vnn(struct ctdbd_connection *conn, uint32_t *vnn)
+{
+ int32_t cstatus=-1;
+ int ret;
+ ret = ctdbd_control_local(conn, CTDB_CONTROL_GET_PNN, 0, 0,
+ tdb_null, NULL, NULL, &cstatus);
+ if (ret != 0) {
+ DEBUG(1, ("ctdbd_control failed: %s\n", strerror(ret)));
+ return ret;
+ }
+ *vnn = (uint32_t)cstatus;
+ return ret;
+}
+
+static int ctdbd_control_get_nodemap(struct ctdbd_connection *conn,
+ TALLOC_CTX *mem_ctx,
+ struct ctdb_node_map_old **_nodemap)
+{
+ int32_t cstatus=-1;
+ TDB_DATA outdata = {0};
+ int ret;
+
+ ret = ctdbd_control_local(conn, CTDB_CONTROL_GET_NODEMAP, 0, 0,
+ tdb_null, mem_ctx, &outdata, &cstatus);
+ if (ret != 0) {
+ DEBUG(1, ("ctdbd_control failed: %s\n", strerror(ret)));
+ return ret;
+ }
+ if ((cstatus != 0) || (outdata.dptr == NULL)) {
+ DEBUG(2, ("Received invalid ctdb data\n"));
+ return EINVAL;
+ }
+
+ *_nodemap = (struct ctdb_node_map_old *)outdata.dptr;
+ return 0;
+}
+
+/*
+ * Are we active (i.e. not banned or stopped?)
+ */
+static bool ctdbd_working(struct ctdbd_connection *conn, uint32_t vnn)
+{
+ struct ctdb_node_map_old *m = NULL;
+ bool ok = false;
+ uint32_t i;
+ int ret;
+
+ ret = ctdbd_control_get_nodemap(conn, talloc_tos(), &m);
+ if (ret != 0) {
+ DEBUG(1, ("ctdbd_control_get_nodemap() failed: %s\n", strerror(ret)));
+ return false;
+ }
+
+ for (i=0; i<m->num; i++) {
+ if (vnn == m->nodes[i].pnn) {
+ break;
+ }
+ }
+
+ if (i == m->num) {
+ DEBUG(2, ("Did not find ourselves (node %d) in nodemap\n",
+ (int)vnn));
+ goto fail;
+ }
+
+ if ((m->nodes[i].flags & NODE_FLAGS_INACTIVE) != 0) {
+ DEBUG(2, ("Node has status %x, not active\n",
+ (int)m->nodes[i].flags));
+ goto fail;
+ }
+
+ ok = true;
+fail:
+ TALLOC_FREE(m);
+ return ok;
+}
+
+uint32_t ctdbd_vnn(const struct ctdbd_connection *conn)
+{
+ return conn->our_vnn;
+}
+
+/*
+ * Get us a ctdb connection
+ */
+
+static int ctdbd_connect(const char *sockname, int *pfd)
+{
+ struct samba_sockaddr addr = {
+ .sa_socklen = sizeof(struct sockaddr_un),
+ .u = {
+ .un = {
+ .sun_family = AF_UNIX,
+ },
+ },
+ };
+ int fd;
+ size_t namelen;
+ int ret;
+
+ fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (fd == -1) {
+ int err = errno;
+ DEBUG(3, ("Could not create socket: %s\n", strerror(err)));
+ return err;
+ }
+
+ namelen = strlcpy(addr.u.un.sun_path,
+ sockname,
+ sizeof(addr.u.un.sun_path));
+ if (namelen >= sizeof(addr.u.un.sun_path)) {
+ DEBUG(3, ("%s: Socket name too long: %s\n", __func__,
+ sockname));
+ close(fd);
+ return ENAMETOOLONG;
+ }
+
+ ret = connect(fd, &addr.u.sa, addr.sa_socklen);
+ if (ret == -1) {
+ int err = errno;
+ DEBUG(1, ("connect(%s) failed: %s\n", sockname,
+ strerror(err)));
+ close(fd);
+ return err;
+ }
+
+ *pfd = fd;
+ return 0;
+}
+
+static int ctdb_read_packet(int fd, int timeout, TALLOC_CTX *mem_ctx,
+ struct ctdb_req_header **result)
+{
+ struct ctdb_req_header *req;
+ uint32_t msglen;
+ ssize_t nread;
+
+ if (timeout != -1) {
+ struct pollfd pfd = { .fd = fd, .events = POLLIN };
+ int ret;
+
+ ret = sys_poll_intr(&pfd, 1, timeout);
+ if (ret == -1) {
+ return errno;
+ }
+ if (ret == 0) {
+ return ETIMEDOUT;
+ }
+ if (ret != 1) {
+ return EIO;
+ }
+ }
+
+ nread = read_data(fd, &msglen, sizeof(msglen));
+ if (nread == -1) {
+ return errno;
+ }
+ if (nread == 0) {
+ return EIO;
+ }
+
+ if (msglen < sizeof(struct ctdb_req_header)) {
+ return EIO;
+ }
+
+ req = talloc_size(mem_ctx, msglen);
+ if (req == NULL) {
+ return ENOMEM;
+ }
+ talloc_set_name_const(req, "struct ctdb_req_header");
+
+ req->length = msglen;
+
+ nread = read_data(fd, ((char *)req) + sizeof(msglen),
+ msglen - sizeof(msglen));
+ if (nread == -1) {
+ TALLOC_FREE(req);
+ return errno;
+ }
+ if (nread == 0) {
+ TALLOC_FREE(req);
+ return EIO;
+ }
+
+ *result = req;
+ return 0;
+}
+
+/*
+ * Read a full ctdbd request. If we have a messaging context, defer incoming
+ * messages that might come in between.
+ */
+
+static int ctdb_read_req(struct ctdbd_connection *conn, uint32_t reqid,
+ TALLOC_CTX *mem_ctx, struct ctdb_req_header **result)
+{
+ struct ctdb_req_header *hdr = NULL;
+ int ret;
+
+ next_pkt:
+
+ ret = ctdb_read_packet(conn->fd, conn->timeout, mem_ctx, &hdr);
+ if (ret != 0) {
+ DBG_ERR("ctdb_read_packet failed: %s\n", strerror(ret));
+ cluster_fatal("failed to read data from ctdbd\n");
+ return -1;
+ }
+ SMB_ASSERT(hdr != NULL);
+
+ DEBUG(11, ("Received ctdb packet\n"));
+ ctdb_packet_dump(hdr);
+
+ if (hdr->operation == CTDB_REQ_MESSAGE) {
+ struct ctdb_req_message_old *msg = (struct ctdb_req_message_old *)hdr;
+
+ ret = ctdbd_msg_call_back(NULL, conn, msg);
+ if (ret != 0) {
+ TALLOC_FREE(hdr);
+ return ret;
+ }
+
+ TALLOC_FREE(hdr);
+ goto next_pkt;
+ }
+
+ if ((reqid != 0) && (hdr->reqid != reqid)) {
+ /* we got the wrong reply */
+ DEBUG(0,("Discarding mismatched ctdb reqid %u should have "
+ "been %u\n", hdr->reqid, reqid));
+ TALLOC_FREE(hdr);
+ goto next_pkt;
+ }
+
+ *result = talloc_move(mem_ctx, &hdr);
+
+ return 0;
+}
+
+static int ctdbd_connection_destructor(struct ctdbd_connection *c);
+
+/*
+ * Get us a ctdbd connection
+ */
+
+static int ctdbd_init_connection_internal(TALLOC_CTX *mem_ctx,
+ const char *sockname, int timeout,
+ struct ctdbd_connection *conn)
+{
+ int ret;
+
+ conn->timeout = timeout;
+ if (conn->timeout == 0) {
+ conn->timeout = -1;
+ }
+
+ ret = ctdbd_connect(sockname, &conn->fd);
+ if (ret != 0) {
+ DEBUG(1, ("ctdbd_connect failed: %s\n", strerror(ret)));
+ return ret;
+ }
+ talloc_set_destructor(conn, ctdbd_connection_destructor);
+
+ ret = get_cluster_vnn(conn, &conn->our_vnn);
+ if (ret != 0) {
+ DEBUG(10, ("get_cluster_vnn failed: %s\n", strerror(ret)));
+ return ret;
+ }
+
+ if (!ctdbd_working(conn, conn->our_vnn)) {
+ DEBUG(2, ("Node is not working, can not connect\n"));
+ return EIO;
+ }
+
+ generate_random_buffer((unsigned char *)&conn->rand_srvid,
+ sizeof(conn->rand_srvid));
+
+ ret = register_with_ctdbd(conn, conn->rand_srvid, NULL, NULL);
+ if (ret != 0) {
+ DEBUG(5, ("Could not register random srvid: %s\n",
+ strerror(ret)));
+ return ret;
+ }
+
+ return 0;
+}
+
+int ctdbd_init_connection(TALLOC_CTX *mem_ctx,
+ const char *sockname, int timeout,
+ struct ctdbd_connection **pconn)
+{
+ struct ctdbd_connection *conn;
+ int ret;
+
+ if (!(conn = talloc_zero(mem_ctx, struct ctdbd_connection))) {
+ DEBUG(0, ("talloc failed\n"));
+ return ENOMEM;
+ }
+
+ ret = ctdbd_init_connection_internal(mem_ctx,
+ sockname,
+ timeout,
+ conn);
+ if (ret != 0) {
+ DBG_ERR("ctdbd_init_connection_internal failed (%s)\n",
+ strerror(ret));
+ goto fail;
+ }
+
+ *pconn = conn;
+ return 0;
+
+ fail:
+ TALLOC_FREE(conn);
+ return ret;
+}
+
+int ctdbd_reinit_connection(TALLOC_CTX *mem_ctx,
+ const char *sockname, int timeout,
+ struct ctdbd_connection *conn)
+{
+ int ret;
+
+ ret = ctdbd_connection_destructor(conn);
+ if (ret != 0) {
+ DBG_ERR("ctdbd_connection_destructor failed\n");
+ return ret;
+ }
+
+ ret = ctdbd_init_connection_internal(mem_ctx,
+ sockname,
+ timeout,
+ conn);
+ if (ret != 0) {
+ DBG_ERR("ctdbd_init_connection_internal failed (%s)\n",
+ strerror(ret));
+ return ret;
+ }
+
+ return 0;
+}
+
+int ctdbd_init_async_connection(
+ TALLOC_CTX *mem_ctx,
+ const char *sockname,
+ int timeout,
+ struct ctdbd_connection **pconn)
+{
+ struct ctdbd_connection *conn = NULL;
+ int ret;
+
+ *pconn = NULL;
+
+ ret = ctdbd_init_connection(mem_ctx, sockname, timeout, &conn);
+ if (ret != 0) {
+ return ret;
+ }
+
+ ret = set_blocking(conn->fd, false);
+ if (ret == -1) {
+ int err = errno;
+ SMB_ASSERT(err != 0);
+ TALLOC_FREE(conn);
+ return err;
+ }
+
+ conn->outgoing = tevent_queue_create(conn, "ctdb async outgoing");
+ if (conn->outgoing == NULL) {
+ TALLOC_FREE(conn);
+ return ENOMEM;
+ }
+
+ *pconn = conn;
+ return 0;
+}
+
+int ctdbd_conn_get_fd(struct ctdbd_connection *conn)
+{
+ return conn->fd;
+}
+
+/*
+ * Packet handler to receive and handle a ctdb message
+ */
+static int ctdb_handle_message(struct tevent_context *ev,
+ struct ctdbd_connection *conn,
+ struct ctdb_req_header *hdr)
+{
+ struct ctdb_req_message_old *msg;
+
+ if (hdr->operation != CTDB_REQ_MESSAGE) {
+ DEBUG(0, ("Received async msg of type %u, discarding\n",
+ hdr->operation));
+ return EINVAL;
+ }
+
+ msg = (struct ctdb_req_message_old *)hdr;
+
+ ctdbd_msg_call_back(ev, conn, msg);
+
+ return 0;
+}
+
+void ctdbd_socket_readable(struct tevent_context *ev,
+ struct ctdbd_connection *conn)
+{
+ struct ctdb_req_header *hdr = NULL;
+ int ret;
+
+ ret = ctdb_read_packet(conn->fd, conn->timeout, talloc_tos(), &hdr);
+ if (ret != 0) {
+ DBG_ERR("ctdb_read_packet failed: %s\n", strerror(ret));
+ cluster_fatal("failed to read data from ctdbd\n");
+ }
+ SMB_ASSERT(hdr != NULL);
+
+ ret = ctdb_handle_message(ev, conn, hdr);
+
+ TALLOC_FREE(hdr);
+
+ if (ret != 0) {
+ DEBUG(10, ("could not handle incoming message: %s\n",
+ strerror(ret)));
+ }
+}
+
+int ctdbd_messaging_send_iov(struct ctdbd_connection *conn,
+ uint32_t dst_vnn, uint64_t dst_srvid,
+ const struct iovec *iov, int iovlen)
+{
+ struct ctdb_req_message_old r;
+ struct iovec iov2[iovlen+1];
+ size_t buflen = iov_buflen(iov, iovlen);
+ ssize_t nwritten;
+
+ r.hdr.length = offsetof(struct ctdb_req_message_old, data) + buflen;
+ r.hdr.ctdb_magic = CTDB_MAGIC;
+ r.hdr.ctdb_version = CTDB_PROTOCOL;
+ r.hdr.generation = 1;
+ r.hdr.operation = CTDB_REQ_MESSAGE;
+ r.hdr.destnode = dst_vnn;
+ r.hdr.srcnode = conn->our_vnn;
+ r.hdr.reqid = 0;
+ r.srvid = dst_srvid;
+ r.datalen = buflen;
+
+ DEBUG(10, ("ctdbd_messaging_send: Sending ctdb packet\n"));
+ ctdb_packet_dump(&r.hdr);
+
+ iov2[0].iov_base = &r;
+ iov2[0].iov_len = offsetof(struct ctdb_req_message_old, data);
+ memcpy(&iov2[1], iov, iovlen * sizeof(struct iovec));
+
+ nwritten = write_data_iov(conn->fd, iov2, iovlen+1);
+ if (nwritten == -1) {
+ DEBUG(3, ("write_data_iov failed: %s\n", strerror(errno)));
+ cluster_fatal("cluster dispatch daemon msg write error\n");
+ }
+
+ return 0;
+}
+
+/*
+ * send/recv a generic ctdb control message
+ */
+static int ctdbd_control(struct ctdbd_connection *conn,
+ uint32_t vnn, uint32_t opcode,
+ uint64_t srvid, uint32_t flags,
+ TDB_DATA data,
+ TALLOC_CTX *mem_ctx, TDB_DATA *outdata,
+ int32_t *cstatus)
+{
+ struct ctdb_req_control_old req;
+ struct ctdb_req_header *hdr;
+ struct ctdb_reply_control_old *reply = NULL;
+ struct iovec iov[2];
+ ssize_t nwritten;
+ int ret;
+
+ if (ctdbd_conn_has_async_reqs(conn)) {
+ /*
+ * Can't use sync call while an async call is in flight. Adding
+ * this check as a safety net. We'll be using different
+ * connections for sync and async requests, so this shouldn't
+ * happen, but who knows...
+ */
+ DBG_ERR("Async ctdb req on sync connection\n");
+ return EINVAL;
+ }
+
+ ZERO_STRUCT(req);
+ req.hdr.length = offsetof(struct ctdb_req_control_old, data) + data.dsize;
+ req.hdr.ctdb_magic = CTDB_MAGIC;
+ req.hdr.ctdb_version = CTDB_PROTOCOL;
+ req.hdr.operation = CTDB_REQ_CONTROL;
+ req.hdr.reqid = ctdbd_next_reqid(conn);
+ req.hdr.destnode = vnn;
+ req.opcode = opcode;
+ req.srvid = srvid;
+ req.datalen = data.dsize;
+ req.flags = flags;
+
+ DBG_DEBUG("Sending ctdb packet reqid=%"PRIu32", vnn=%"PRIu32", "
+ "opcode=%"PRIu32", srvid=%"PRIu64"\n", req.hdr.reqid,
+ req.hdr.destnode, req.opcode, req.srvid);
+ ctdb_packet_dump(&req.hdr);
+
+ iov[0].iov_base = &req;
+ iov[0].iov_len = offsetof(struct ctdb_req_control_old, data);
+ iov[1].iov_base = data.dptr;
+ iov[1].iov_len = data.dsize;
+
+ nwritten = write_data_iov(conn->fd, iov, ARRAY_SIZE(iov));
+ if (nwritten == -1) {
+ DEBUG(3, ("write_data_iov failed: %s\n", strerror(errno)));
+ cluster_fatal("cluster dispatch daemon msg write error\n");
+ }
+
+ if (flags & CTDB_CTRL_FLAG_NOREPLY) {
+ if (cstatus) {
+ *cstatus = 0;
+ }
+ return 0;
+ }
+
+ ret = ctdb_read_req(conn, req.hdr.reqid, NULL, &hdr);
+ if (ret != 0) {
+ DEBUG(10, ("ctdb_read_req failed: %s\n", strerror(ret)));
+ return ret;
+ }
+
+ if (hdr->operation != CTDB_REPLY_CONTROL) {
+ DEBUG(0, ("received invalid reply\n"));
+ TALLOC_FREE(hdr);
+ return EIO;
+ }
+ reply = (struct ctdb_reply_control_old *)hdr;
+
+ if (outdata) {
+ if (!(outdata->dptr = (uint8_t *)talloc_memdup(
+ mem_ctx, reply->data, reply->datalen))) {
+ TALLOC_FREE(reply);
+ return ENOMEM;
+ }
+ outdata->dsize = reply->datalen;
+ }
+ if (cstatus) {
+ (*cstatus) = reply->status;
+ }
+
+ TALLOC_FREE(reply);
+ return ret;
+}
+
+/*
+ * see if a remote process exists
+ */
+bool ctdbd_process_exists(struct ctdbd_connection *conn, uint32_t vnn,
+ pid_t pid, uint64_t unique_id)
+{
+ uint8_t buf[sizeof(pid)+sizeof(unique_id)];
+ int32_t cstatus = 0;
+ int ret;
+
+ if (unique_id == SERVERID_UNIQUE_ID_NOT_TO_VERIFY) {
+ ret = ctdbd_control(conn, vnn, CTDB_CONTROL_PROCESS_EXISTS,
+ 0, 0,
+ (TDB_DATA) { .dptr = (uint8_t *)&pid,
+ .dsize = sizeof(pid) },
+ NULL, NULL, &cstatus);
+ if (ret != 0) {
+ return false;
+ }
+ return (cstatus == 0);
+ }
+
+ memcpy(buf, &pid, sizeof(pid));
+ memcpy(buf+sizeof(pid), &unique_id, sizeof(unique_id));
+
+ ret = ctdbd_control(conn, vnn, CTDB_CONTROL_CHECK_PID_SRVID, 0, 0,
+ (TDB_DATA) { .dptr = buf, .dsize = sizeof(buf) },
+ NULL, NULL, &cstatus);
+ if (ret != 0) {
+ return false;
+ }
+ return (cstatus == 0);
+}
+
+/*
+ * Get a db path
+ */
+char *ctdbd_dbpath(struct ctdbd_connection *conn,
+ TALLOC_CTX *mem_ctx, uint32_t db_id)
+{
+ int ret;
+ TDB_DATA data;
+ TDB_DATA rdata = {0};
+ int32_t cstatus = 0;
+
+ data.dptr = (uint8_t*)&db_id;
+ data.dsize = sizeof(db_id);
+
+ ret = ctdbd_control_local(conn, CTDB_CONTROL_GETDBPATH, 0, 0, data,
+ mem_ctx, &rdata, &cstatus);
+ if ((ret != 0) || cstatus != 0) {
+ DEBUG(0, (__location__ " ctdb_control for getdbpath failed: %s\n",
+ strerror(ret)));
+ TALLOC_FREE(rdata.dptr);
+ }
+
+ return (char *)rdata.dptr;
+}
+
+/*
+ * attach to a ctdb database
+ */
+int ctdbd_db_attach(struct ctdbd_connection *conn,
+ const char *name, uint32_t *db_id, bool persistent)
+{
+ int ret;
+ TDB_DATA data = {0};
+ int32_t cstatus;
+
+ data = string_term_tdb_data(name);
+
+ ret = ctdbd_control_local(conn,
+ persistent
+ ? CTDB_CONTROL_DB_ATTACH_PERSISTENT
+ : CTDB_CONTROL_DB_ATTACH,
+ 0, 0, data, NULL, &data, &cstatus);
+ if (ret != 0) {
+ DEBUG(0, (__location__ " ctdb_control for db_attach "
+ "failed: %s\n", strerror(ret)));
+ return ret;
+ }
+
+ if (cstatus != 0 || data.dsize != sizeof(uint32_t)) {
+ DEBUG(0,(__location__ " ctdb_control for db_attach failed\n"));
+ TALLOC_FREE(data.dptr);
+ return EIO;
+ }
+
+ *db_id = *(uint32_t *)data.dptr;
+ talloc_free(data.dptr);
+
+ return 0;
+}
+
+/*
+ * force the migration of a record to this node
+ */
+int ctdbd_migrate(struct ctdbd_connection *conn, uint32_t db_id, TDB_DATA key)
+{
+ struct ctdb_req_call_old req;
+ struct ctdb_req_header *hdr = NULL;
+ struct iovec iov[2];
+ ssize_t nwritten;
+ int ret;
+
+ if (ctdbd_conn_has_async_reqs(conn)) {
+ /*
+ * Can't use sync call while an async call is in flight. Adding
+ * this check as a safety net. We'll be using different
+ * connections for sync and async requests, so this shouldn't
+ * happen, but who knows...
+ */
+ DBG_ERR("Async ctdb req on sync connection\n");
+ return EINVAL;
+ }
+
+ ZERO_STRUCT(req);
+
+ req.hdr.length = offsetof(struct ctdb_req_call_old, data) + key.dsize;
+ req.hdr.ctdb_magic = CTDB_MAGIC;
+ req.hdr.ctdb_version = CTDB_PROTOCOL;
+ req.hdr.operation = CTDB_REQ_CALL;
+ req.hdr.reqid = ctdbd_next_reqid(conn);
+ req.flags = CTDB_IMMEDIATE_MIGRATION;
+ req.callid = CTDB_NULL_FUNC;
+ req.db_id = db_id;
+ req.keylen = key.dsize;
+
+ DEBUG(10, ("ctdbd_migrate: Sending ctdb packet\n"));
+ ctdb_packet_dump(&req.hdr);
+
+ iov[0].iov_base = &req;
+ iov[0].iov_len = offsetof(struct ctdb_req_call_old, data);
+ iov[1].iov_base = key.dptr;
+ iov[1].iov_len = key.dsize;
+
+ nwritten = write_data_iov(conn->fd, iov, ARRAY_SIZE(iov));
+ if (nwritten == -1) {
+ DEBUG(3, ("write_data_iov failed: %s\n", strerror(errno)));
+ cluster_fatal("cluster dispatch daemon msg write error\n");
+ }
+
+ ret = ctdb_read_req(conn, req.hdr.reqid, NULL, &hdr);
+ if (ret != 0) {
+ DEBUG(10, ("ctdb_read_req failed: %s\n", strerror(ret)));
+ goto fail;
+ }
+
+ if (hdr->operation != CTDB_REPLY_CALL) {
+ if (hdr->operation == CTDB_REPLY_ERROR) {
+ DBG_ERR("received error from ctdb\n");
+ } else {
+ DBG_ERR("received invalid reply\n");
+ }
+ ret = EIO;
+ goto fail;
+ }
+
+ fail:
+
+ TALLOC_FREE(hdr);
+ return ret;
+}
+
+/*
+ * Fetch a record and parse it
+ */
+int ctdbd_parse(struct ctdbd_connection *conn, uint32_t db_id,
+ TDB_DATA key, bool local_copy,
+ void (*parser)(TDB_DATA key, TDB_DATA data,
+ void *private_data),
+ void *private_data)
+{
+ struct ctdb_req_call_old req;
+ struct ctdb_req_header *hdr = NULL;
+ struct ctdb_reply_call_old *reply;
+ struct iovec iov[2];
+ ssize_t nwritten;
+ uint32_t flags;
+ int ret;
+
+ if (ctdbd_conn_has_async_reqs(conn)) {
+ /*
+ * Can't use sync call while an async call is in flight. Adding
+ * this check as a safety net. We'll be using different
+ * connections for sync and async requests, so this shouldn't
+ * happen, but who knows...
+ */
+ DBG_ERR("Async ctdb req on sync connection\n");
+ return EINVAL;
+ }
+
+ flags = local_copy ? CTDB_WANT_READONLY : 0;
+
+ ZERO_STRUCT(req);
+
+ req.hdr.length = offsetof(struct ctdb_req_call_old, data) + key.dsize;
+ req.hdr.ctdb_magic = CTDB_MAGIC;
+ req.hdr.ctdb_version = CTDB_PROTOCOL;
+ req.hdr.operation = CTDB_REQ_CALL;
+ req.hdr.reqid = ctdbd_next_reqid(conn);
+ req.flags = flags;
+ req.callid = CTDB_FETCH_FUNC;
+ req.db_id = db_id;
+ req.keylen = key.dsize;
+
+ iov[0].iov_base = &req;
+ iov[0].iov_len = offsetof(struct ctdb_req_call_old, data);
+ iov[1].iov_base = key.dptr;
+ iov[1].iov_len = key.dsize;
+
+ nwritten = write_data_iov(conn->fd, iov, ARRAY_SIZE(iov));
+ if (nwritten == -1) {
+ DEBUG(3, ("write_data_iov failed: %s\n", strerror(errno)));
+ cluster_fatal("cluster dispatch daemon msg write error\n");
+ }
+
+ ret = ctdb_read_req(conn, req.hdr.reqid, NULL, &hdr);
+ if (ret != 0) {
+ DEBUG(10, ("ctdb_read_req failed: %s\n", strerror(ret)));
+ goto fail;
+ }
+
+ if ((hdr == NULL) || (hdr->operation != CTDB_REPLY_CALL)) {
+ DEBUG(0, ("received invalid reply\n"));
+ ret = EIO;
+ goto fail;
+ }
+ reply = (struct ctdb_reply_call_old *)hdr;
+
+ if (reply->datalen == 0) {
+ /*
+ * Treat an empty record as non-existing
+ */
+ ret = ENOENT;
+ goto fail;
+ }
+
+ parser(key, make_tdb_data(&reply->data[0], reply->datalen),
+ private_data);
+
+ ret = 0;
+ fail:
+ TALLOC_FREE(hdr);
+ return ret;
+}
+
+/*
+ Traverse a ctdb database. "conn" must be an otherwise unused
+ ctdb_connection where no other messages but the traverse ones are
+ expected.
+*/
+
+int ctdbd_traverse(struct ctdbd_connection *conn, uint32_t db_id,
+ void (*fn)(TDB_DATA key, TDB_DATA data,
+ void *private_data),
+ void *private_data)
+{
+ int ret;
+ TDB_DATA key, data;
+ struct ctdb_traverse_start t;
+ int32_t cstatus = 0;
+
+ if (ctdbd_conn_has_async_reqs(conn)) {
+ /*
+ * Can't use sync call while an async call is in flight. Adding
+ * this check as a safety net. We'll be using different
+ * connections for sync and async requests, so this shouldn't
+ * happen, but who knows...
+ */
+ DBG_ERR("Async ctdb req on sync connection\n");
+ return EINVAL;
+ }
+
+ t.db_id = db_id;
+ t.srvid = conn->rand_srvid;
+ t.reqid = ctdbd_next_reqid(conn);
+
+ data.dptr = (uint8_t *)&t;
+ data.dsize = sizeof(t);
+
+ ret = ctdbd_control_local(conn, CTDB_CONTROL_TRAVERSE_START,
+ conn->rand_srvid,
+ 0, data, NULL, NULL, &cstatus);
+
+ if ((ret != 0) || (cstatus != 0)) {
+ DEBUG(0,("ctdbd_control failed: %s, %d\n", strerror(ret),
+ cstatus));
+
+ if (ret == 0) {
+ /*
+ * We need a mapping here
+ */
+ ret = EIO;
+ }
+ return ret;
+ }
+
+ while (true) {
+ struct ctdb_req_header *hdr = NULL;
+ struct ctdb_req_message_old *m;
+ struct ctdb_rec_data_old *d;
+
+ ret = ctdb_read_packet(conn->fd, conn->timeout, conn, &hdr);
+ if (ret != 0) {
+ DBG_ERR("ctdb_read_packet failed: %s\n", strerror(ret));
+ cluster_fatal("failed to read data from ctdbd\n");
+ }
+ SMB_ASSERT(hdr != NULL);
+
+ if (hdr->operation != CTDB_REQ_MESSAGE) {
+ DEBUG(0, ("Got operation %u, expected a message\n",
+ (unsigned)hdr->operation));
+ return EIO;
+ }
+
+ m = (struct ctdb_req_message_old *)hdr;
+ d = (struct ctdb_rec_data_old *)&m->data[0];
+ if (m->datalen < sizeof(uint32_t) || m->datalen != d->length) {
+ DEBUG(0, ("Got invalid traverse data of length %d\n",
+ (int)m->datalen));
+ return EIO;
+ }
+
+ key.dsize = d->keylen;
+ key.dptr = &d->data[0];
+ data.dsize = d->datalen;
+ data.dptr = &d->data[d->keylen];
+
+ if (key.dsize == 0 && data.dsize == 0) {
+ /* end of traverse */
+ return 0;
+ }
+
+ if (data.dsize < sizeof(struct ctdb_ltdb_header)) {
+ DEBUG(0, ("Got invalid ltdb header length %d\n",
+ (int)data.dsize));
+ return EIO;
+ }
+ data.dsize -= sizeof(struct ctdb_ltdb_header);
+ data.dptr += sizeof(struct ctdb_ltdb_header);
+
+ if (fn != NULL) {
+ fn(key, data, private_data);
+ }
+ }
+ return 0;
+}
+
+/*
+ This is used to canonicalize a ctdb_sock_addr structure.
+*/
+static void smbd_ctdb_canonicalize_ip(const struct sockaddr_storage *in,
+ struct sockaddr_storage *out)
+{
+ memcpy(out, in, sizeof (*out));
+
+#ifdef HAVE_IPV6
+ if (in->ss_family == AF_INET6) {
+ const char prefix[12] = { 0,0,0,0,0,0,0,0,0,0,0xff,0xff };
+ const struct sockaddr_in6 *in6 =
+ (const struct sockaddr_in6 *)in;
+ struct sockaddr_in *out4 = (struct sockaddr_in *)out;
+ if (memcmp(&in6->sin6_addr, prefix, 12) == 0) {
+ memset(out, 0, sizeof(*out));
+#ifdef HAVE_SOCK_SIN_LEN
+ out4->sin_len = sizeof(*out);
+#endif
+ out4->sin_family = AF_INET;
+ out4->sin_port = in6->sin6_port;
+ memcpy(&out4->sin_addr, &in6->sin6_addr.s6_addr[12], 4);
+ }
+ }
+#endif
+}
+
+/*
+ * Register us as a server for a particular tcp connection
+ */
+
+int ctdbd_register_ips(struct ctdbd_connection *conn,
+ const struct sockaddr_storage *_server,
+ const struct sockaddr_storage *_client,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn, uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg, size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ struct ctdb_connection p;
+ TDB_DATA data = { .dptr = (uint8_t *)&p, .dsize = sizeof(p) };
+ int ret;
+ struct sockaddr_storage client;
+ struct sockaddr_storage server;
+
+ /*
+ * Only one connection so far
+ */
+
+ smbd_ctdb_canonicalize_ip(_client, &client);
+ smbd_ctdb_canonicalize_ip(_server, &server);
+
+ ZERO_STRUCT(p);
+ switch (client.ss_family) {
+ case AF_INET:
+ memcpy(&p.dst.ip, &server, sizeof(p.dst.ip));
+ memcpy(&p.src.ip, &client, sizeof(p.src.ip));
+ break;
+ case AF_INET6:
+ memcpy(&p.dst.ip6, &server, sizeof(p.dst.ip6));
+ memcpy(&p.src.ip6, &client, sizeof(p.src.ip6));
+ break;
+ default:
+ return EIO;
+ }
+
+ /*
+ * We want to be told about IP releases
+ */
+
+ ret = register_with_ctdbd(conn, CTDB_SRVID_RELEASE_IP,
+ cb, private_data);
+ if (ret != 0) {
+ return ret;
+ }
+
+ /*
+ * inform ctdb of our tcp connection, so if IP takeover happens ctdb
+ * can send an extra ack to trigger a reset for our client, so it
+ * immediately reconnects
+ */
+ ret = ctdbd_control_local(conn,
+ CTDB_CONTROL_TCP_CLIENT, 0,
+ CTDB_CTRL_FLAG_NOREPLY, data, NULL, NULL,
+ NULL);
+ if (ret != 0) {
+ return ret;
+ }
+ return 0;
+}
+
+void ctdbd_unregister_ips(struct ctdbd_connection *conn,
+ const struct sockaddr_storage *_server,
+ const struct sockaddr_storage *_client,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn,
+ uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg,
+ size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ struct ctdb_connection p;
+ TDB_DATA data = { .dptr = (uint8_t *)&p, .dsize = sizeof(p) };
+ int ret;
+ struct sockaddr_storage client;
+ struct sockaddr_storage server;
+
+ /*
+ * Only one connection so far
+ */
+
+ smbd_ctdb_canonicalize_ip(_client, &client);
+ smbd_ctdb_canonicalize_ip(_server, &server);
+
+ ZERO_STRUCT(p);
+ switch (client.ss_family) {
+ case AF_INET:
+ memcpy(&p.dst.ip, &server, sizeof(p.dst.ip));
+ memcpy(&p.src.ip, &client, sizeof(p.src.ip));
+ break;
+ case AF_INET6:
+ memcpy(&p.dst.ip6, &server, sizeof(p.dst.ip6));
+ memcpy(&p.src.ip6, &client, sizeof(p.src.ip6));
+ break;
+ default:
+ return;
+ }
+
+ /*
+ * We no longer want to be told about IP releases
+ * for the given callback/private_data combination
+ */
+ deregister_from_ctdbd(conn, CTDB_SRVID_RELEASE_IP,
+ cb, private_data);
+
+ /*
+ * inform ctdb of our tcp connection is no longer active
+ */
+ ret = ctdbd_control_local(conn,
+ CTDB_CONTROL_TCP_CLIENT_DISCONNECTED, 0,
+ CTDB_CTRL_FLAG_NOREPLY, data, NULL, NULL,
+ NULL);
+ if (ret != 0) {
+ /*
+ * We ignore errors here, as we'll just
+ * no longer have a callback handler
+ * registered and messages may just be ignored
+ */
+ }
+
+ return;
+}
+
+void ctdbd_passed_ips(struct ctdbd_connection *conn,
+ const struct sockaddr_storage *_server,
+ const struct sockaddr_storage *_client,
+ int (*cb)(struct tevent_context *ev,
+ uint32_t src_vnn,
+ uint32_t dst_vnn,
+ uint64_t dst_srvid,
+ const uint8_t *msg,
+ size_t msglen,
+ void *private_data),
+ void *private_data)
+{
+ struct ctdb_connection p;
+ TDB_DATA data = { .dptr = (uint8_t *)&p, .dsize = sizeof(p) };
+ int ret;
+ struct sockaddr_storage client;
+ struct sockaddr_storage server;
+
+ /*
+ * Only one connection so far
+ */
+
+ smbd_ctdb_canonicalize_ip(_client, &client);
+ smbd_ctdb_canonicalize_ip(_server, &server);
+
+ ZERO_STRUCT(p);
+ switch (client.ss_family) {
+ case AF_INET:
+ memcpy(&p.dst.ip, &server, sizeof(p.dst.ip));
+ memcpy(&p.src.ip, &client, sizeof(p.src.ip));
+ break;
+ case AF_INET6:
+ memcpy(&p.dst.ip6, &server, sizeof(p.dst.ip6));
+ memcpy(&p.src.ip6, &client, sizeof(p.src.ip6));
+ break;
+ default:
+ return;
+ }
+
+ /*
+ * We no longer want to be told about IP releases
+ * for the given callback/private_data combination
+ */
+ deregister_from_ctdbd(conn, CTDB_SRVID_RELEASE_IP,
+ cb, private_data);
+
+ /*
+ * inform ctdb of our tcp connection is now passed to
+ * another process.
+ */
+ ret = ctdbd_control_local(conn,
+ CTDB_CONTROL_TCP_CLIENT_PASSED, 0,
+ CTDB_CTRL_FLAG_NOREPLY, data, NULL, NULL,
+ NULL);
+ if (ret != 0) {
+ /*
+ * We ignore errors here, as we'll just
+ * no longer have a callback handler
+ * registered and messages may just be ignored
+ */
+ }
+
+ return;
+}
+
+static int ctdbd_control_get_public_ips(struct ctdbd_connection *conn,
+ uint32_t vnn,
+ uint32_t flags,
+ TALLOC_CTX *mem_ctx,
+ struct ctdb_public_ip_list_old **_ips)
+{
+ struct ctdb_public_ip_list_old *ips = NULL;
+ TDB_DATA outdata;
+ int32_t cstatus = -1;
+ size_t min_dsize;
+ size_t max_ips;
+ int ret;
+
+ *_ips = NULL;
+
+ ret = ctdbd_control(conn,
+ vnn,
+ CTDB_CONTROL_GET_PUBLIC_IPS,
+ 0, /* srvid */
+ flags,
+ tdb_null, /* indata */
+ mem_ctx,
+ &outdata,
+ &cstatus);
+ if (ret != 0 || cstatus != 0) {
+ DBG_ERR("ctdb_control for getpublicips failed ret:%d cstatus:%d\n",
+ ret, (int)cstatus);
+ return -1;
+ }
+
+ min_dsize = offsetof(struct ctdb_public_ip_list_old, ips);
+ if (outdata.dsize < min_dsize) {
+ DBG_ERR("outdata.dsize=%zu < min_dsize=%zu\n",
+ outdata.dsize, min_dsize);
+ return -1;
+ }
+ max_ips = (outdata.dsize - min_dsize)/sizeof(struct ctdb_public_ip);
+ ips = (struct ctdb_public_ip_list_old *)outdata.dptr;
+ if ((size_t)ips->num > max_ips) {
+ DBG_ERR("ips->num=%zu > max_ips=%zu\n",
+ (size_t)ips->num, max_ips);
+ return -1;
+ }
+
+ *_ips = ips;
+ return 0;
+}
+
+static struct samba_sockaddr ctdbd_sock_addr_to_samba(const ctdb_sock_addr *c)
+{
+ struct samba_sockaddr s = {};
+
+ switch (c->sa.sa_family) {
+ case AF_INET:
+ s.u.in = c->ip;
+ break;
+ case AF_INET6:
+ /*
+ * ctdb always requires HAVE_IPV6,
+ * so we don't need an ifdef here.
+ */
+ s.u.in6 = c->ip6;
+ break;
+ default:
+ /*
+ * ctdb_sock_addr only supports ipv4 and ipv6
+ */
+ smb_panic(__location__);
+ break;
+ }
+
+ return s;
+}
+
+int ctdbd_public_ip_foreach(struct ctdbd_connection *conn,
+ int (*cb)(uint32_t total_ip_count,
+ const struct sockaddr_storage *ip,
+ bool is_movable_ip,
+ void *private_data),
+ void *private_data)
+{
+ uint32_t i;
+ struct ctdb_public_ip_list_old *ips = NULL;
+ int ret = ENOMEM;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ret = ctdbd_control_get_public_ips(conn, CTDB_CURRENT_NODE, 0, frame, &ips);
+ if (ret < 0) {
+ ret = EIO;
+ goto out_free;
+ }
+
+ for (i=0; i < ips->num; i++) {
+ const ctdb_sock_addr *addr = &ips->ips[i].addr;
+ struct samba_sockaddr tmp = ctdbd_sock_addr_to_samba(addr);
+
+ ret = cb(ips->num,
+ &tmp.u.ss,
+ true, /* all ctdb public ips are movable */
+ private_data);
+ if (ret != 0) {
+ goto out_free;
+ }
+ }
+
+ ret = 0;
+out_free:
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+static int count_ips(struct db_record *rec, void *private_data)
+{
+ return 0;
+}
+
+static int collect_ips(struct db_record *rec, void *private_data)
+{
+ struct ctdb_public_ip_list_old *ips = talloc_get_type_abort(
+ private_data, struct ctdb_public_ip_list_old);
+ struct ctdb_public_ip *ip;
+ TDB_DATA val = dbwrap_record_get_value(rec);
+
+ SMB_ASSERT(val.dsize == sizeof(*ip));
+
+ ip = (struct ctdb_public_ip *)val.dptr;
+ ips->ips[ips->num] = *ip;
+ ips->num += 1;
+
+ return 0;
+}
+
+static int ctdbd_control_get_all_public_ips(struct ctdbd_connection *conn,
+ const struct ctdb_node_map_old *nodemap,
+ TALLOC_CTX *mem_ctx,
+ struct ctdb_public_ip_list_old **_ips)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ uint32_t ni;
+ struct ctdb_public_ip_list_old *ips = NULL;
+ struct db_context *rbt = NULL;
+ NTSTATUS status;
+ size_t len;
+ int ret;
+ int count;
+
+ rbt = db_open_rbt(frame);
+ if (rbt == NULL) {
+ DBG_WARNING("db_open_rbt() failed\n");
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ for (ni=0; ni < nodemap->num; ni++) {
+ const struct ctdb_node_and_flags *n = &nodemap->nodes[ni];
+ uint32_t j;
+
+ if (n->flags & NODE_FLAGS_INACTIVE) {
+ continue;
+ }
+
+ ret = ctdbd_control_get_public_ips(conn,
+ n->pnn,
+ 0,
+ frame,
+ &ips);
+ if (ret != 0) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ for (j=0; j<ips->num; j++) {
+ struct ctdb_public_ip ip;
+ TDB_DATA key;
+ TDB_DATA val;
+
+ ip.pnn = ips->ips[j].pnn;
+ ip.addr = ips->ips[j].addr;
+
+ key = make_tdb_data((uint8_t *)&ip.addr, sizeof(ip.addr));
+ val = make_tdb_data((uint8_t *)&ip, sizeof(ip));
+
+ if (n->pnn == ip.pnn) {
+ /*
+ * Node claims IP is hosted on it, so
+ * save that information
+ */
+ status = dbwrap_store(rbt, key, val,
+ TDB_REPLACE);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ } else {
+ /*
+ * Node thinks IP is hosted elsewhere,
+ * so overwrite with CTDB_UNKNOWN_PNN
+ * if there's no existing entry
+ */
+ bool exists = dbwrap_exists(rbt, key);
+ if (!exists) {
+ ip.pnn = CTDB_UNKNOWN_PNN;
+ status = dbwrap_store(rbt, key, val,
+ TDB_INSERT);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+ }
+ }
+
+ TALLOC_FREE(ips);
+ }
+
+ status = dbwrap_traverse_read(rbt, count_ips, NULL, &count);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ len = offsetof(struct ctdb_public_ip_list_old, ips) +
+ count*sizeof(struct ctdb_public_ip);
+ ips = talloc_zero_size(mem_ctx, len);
+ if (ips == NULL) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ talloc_set_type(ips, struct ctdb_public_ip_list_old);
+ talloc_reparent(mem_ctx, frame, ips);
+
+ status = dbwrap_traverse_read(rbt, collect_ips, ips, &count);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if ((unsigned int)count != ips->num) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ *_ips = talloc_move(mem_ctx, &ips);
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/*
+ * This includes all node and/or public ips
+ * of the whole cluster.
+ *
+ * node ips have:
+ * - a valid pinned_pnn value.
+ * - current_pnn is valid if the node is healthy
+ *
+ * public ips have:
+ * - pinned_pnn as CTDB_UNKNOWN_PNN
+ * - current_pnn is valid if a node healthy and hosting this ip.
+ */
+int ctdbd_all_ip_foreach(struct ctdbd_connection *conn,
+ bool include_node_ips,
+ bool include_public_ips,
+ int (*cb)(uint32_t total_ip_count,
+ const struct sockaddr_storage *ip,
+ uint32_t pinned_pnn,
+ uint32_t current_pnn,
+ void *private_data),
+ void *private_data)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct ctdb_node_map_old *nodemap = NULL;
+ struct ctdb_public_ip_list_old *ips = NULL;
+ int ret = ENOMEM;
+ uint32_t total_ip_count = 0;
+ uint32_t i;
+
+ ret = ctdbd_control_get_nodemap(conn, frame, &nodemap);
+ if (ret != 0) {
+ DBG_WARNING("ctdbd_control_get_nodemap() failed: %s\n", strerror(ret));
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ for (i=0; include_node_ips && i < nodemap->num; i++) {
+ const struct ctdb_node_and_flags *n = &nodemap->nodes[i];
+
+ if (n->flags & NODE_FLAGS_DELETED) {
+ continue;
+ }
+
+ total_ip_count += 1;
+ }
+
+ if (include_public_ips) {
+ ret = ctdbd_control_get_all_public_ips(conn, nodemap,
+ frame, &ips);
+ if (ret < 0) {
+ ret = EIO;
+ goto out_free;
+ }
+
+ total_ip_count += ips->num;
+ }
+
+ for (i=0; include_node_ips && i < nodemap->num; i++) {
+ const struct ctdb_node_and_flags *n = &nodemap->nodes[i];
+ struct samba_sockaddr tmp = ctdbd_sock_addr_to_samba(&n->addr);
+ uint32_t pinned_pnn = n->pnn;
+ uint32_t current_pnn = n->pnn;
+
+ if (n->flags & NODE_FLAGS_DELETED) {
+ continue;
+ }
+
+ if (n->flags & (NODE_FLAGS_INACTIVE|NODE_FLAGS_DISABLED)) {
+ /*
+ * The ip address is not available
+ * unless the node is up and
+ * healthy.
+ */
+ current_pnn = CTDB_UNKNOWN_PNN;
+ }
+
+ ret = cb(total_ip_count,
+ &tmp.u.ss,
+ pinned_pnn,
+ current_pnn,
+ private_data);
+ if (ret != 0) {
+ goto out_free;
+ }
+ }
+
+ for (i=0; include_public_ips && i < ips->num; i++) {
+ const ctdb_sock_addr *addr = &ips->ips[i].addr;
+ struct samba_sockaddr tmp = ctdbd_sock_addr_to_samba(addr);
+ /* all ctdb public ips are movable and not pinned */
+ uint32_t pinned_pnn = CTDB_UNKNOWN_PNN;
+ uint32_t current_pnn = ips->ips[i].pnn;
+ uint32_t ni;
+
+ for (ni=0; ni < nodemap->num; ni++) {
+ const struct ctdb_node_and_flags *n = &nodemap->nodes[ni];
+
+ if (n->pnn != current_pnn) {
+ continue;
+ }
+
+ if (n->flags & (NODE_FLAGS_INACTIVE|NODE_FLAGS_DISABLED)) {
+ current_pnn = CTDB_UNKNOWN_PNN;
+ }
+ break;
+ }
+
+ ret = cb(total_ip_count,
+ &tmp.u.ss,
+ pinned_pnn,
+ current_pnn,
+ private_data);
+ if (ret != 0) {
+ goto out_free;
+ }
+ }
+
+ ret = 0;
+out_free:
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/*
+ call a control on the local node
+ */
+int ctdbd_control_local(struct ctdbd_connection *conn, uint32_t opcode,
+ uint64_t srvid, uint32_t flags, TDB_DATA data,
+ TALLOC_CTX *mem_ctx, TDB_DATA *outdata,
+ int32_t *cstatus)
+{
+ return ctdbd_control(conn, CTDB_CURRENT_NODE, opcode, srvid, flags, data,
+ mem_ctx, outdata, cstatus);
+}
+
+int ctdb_watch_us(struct ctdbd_connection *conn)
+{
+ struct ctdb_notify_data_old reg_data;
+ size_t struct_len;
+ int ret;
+ int32_t cstatus;
+
+ reg_data.srvid = CTDB_SRVID_SAMBA_NOTIFY;
+ reg_data.len = 1;
+ reg_data.notify_data[0] = 0;
+
+ struct_len = offsetof(struct ctdb_notify_data_old,
+ notify_data) + reg_data.len;
+
+ ret = ctdbd_control_local(
+ conn, CTDB_CONTROL_REGISTER_NOTIFY, conn->rand_srvid, 0,
+ make_tdb_data((uint8_t *)&reg_data, struct_len),
+ NULL, NULL, &cstatus);
+ if (ret != 0) {
+ DEBUG(1, ("ctdbd_control_local failed: %s\n",
+ strerror(ret)));
+ }
+ return ret;
+}
+
+int ctdb_unwatch(struct ctdbd_connection *conn)
+{
+ uint64_t srvid = CTDB_SRVID_SAMBA_NOTIFY;
+ int ret;
+ int32_t cstatus;
+
+ ret = ctdbd_control_local(
+ conn, CTDB_CONTROL_DEREGISTER_NOTIFY, conn->rand_srvid, 0,
+ make_tdb_data((uint8_t *)&srvid, sizeof(srvid)),
+ NULL, NULL, &cstatus);
+ if (ret != 0) {
+ DEBUG(1, ("ctdbd_control_local failed: %s\n",
+ strerror(ret)));
+ }
+ return ret;
+}
+
+int ctdbd_probe(const char *sockname, int timeout)
+{
+ /*
+ * Do a very early check if ctdbd is around to avoid an abort and core
+ * later
+ */
+ struct ctdbd_connection *conn = NULL;
+ int ret;
+
+ ret = ctdbd_init_connection(talloc_tos(), sockname, timeout,
+ &conn);
+
+ /*
+ * We only care if we can connect.
+ */
+ TALLOC_FREE(conn);
+
+ return ret;
+}
+
+static int ctdbd_connection_destructor(struct ctdbd_connection *c)
+{
+ if (c->fd != -1) {
+ close(c->fd);
+ c->fd = -1;
+ }
+ return 0;
+}
+
+void ctdbd_prep_hdr_next_reqid(
+ struct ctdbd_connection *conn, struct ctdb_req_header *hdr)
+{
+ *hdr = (struct ctdb_req_header) {
+ .ctdb_magic = CTDB_MAGIC,
+ .ctdb_version = CTDB_PROTOCOL,
+ .reqid = ctdbd_next_reqid(conn),
+ .destnode = CTDB_CURRENT_NODE,
+ };
+}
+
+struct ctdbd_pkt_read_state {
+ uint8_t *pkt;
+};
+
+static ssize_t ctdbd_pkt_read_more(
+ uint8_t *buf, size_t buflen, void *private_data);
+static void ctdbd_pkt_read_done(struct tevent_req *subreq);
+
+static struct tevent_req *ctdbd_pkt_read_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, int fd)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct ctdbd_pkt_read_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct ctdbd_pkt_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ subreq = read_packet_send(state, ev, fd, 4, ctdbd_pkt_read_more, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, ctdbd_pkt_read_done, req);
+ return req;
+}
+
+static ssize_t ctdbd_pkt_read_more(
+ uint8_t *buf, size_t buflen, void *private_data)
+{
+ uint32_t msglen;
+ if (buflen < 4) {
+ return -1;
+ }
+ if (buflen > 4) {
+ return 0; /* Been here, done */
+ }
+ memcpy(&msglen, buf, 4);
+
+ if (msglen < sizeof(struct ctdb_req_header)) {
+ return -1;
+ }
+ return msglen - sizeof(msglen);
+}
+
+static void ctdbd_pkt_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct ctdbd_pkt_read_state *state = tevent_req_data(
+ req, struct ctdbd_pkt_read_state);
+ ssize_t nread;
+ int err;
+
+ nread = read_packet_recv(subreq, state, &state->pkt, &err);
+ TALLOC_FREE(subreq);
+ if (nread == -1) {
+ tevent_req_error(req, err);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static int ctdbd_pkt_read_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, uint8_t **pkt)
+{
+ struct ctdbd_pkt_read_state *state = tevent_req_data(
+ req, struct ctdbd_pkt_read_state);
+ int err;
+
+ if (tevent_req_is_unix_error(req, &err)) {
+ return err;
+ }
+ *pkt = talloc_move(mem_ctx, &state->pkt);
+ tevent_req_received(req);
+ return 0;
+}
+
+static bool ctdbd_conn_receive_next(struct ctdbd_connection *conn);
+static void ctdbd_conn_received(struct tevent_req *subreq);
+
+struct ctdbd_req_state {
+ struct ctdbd_connection *conn;
+ struct tevent_context *ev;
+ uint32_t reqid;
+ struct ctdb_req_header *reply;
+};
+
+static void ctdbd_req_unset_pending(struct tevent_req *req)
+{
+ struct ctdbd_req_state *state = tevent_req_data(
+ req, struct ctdbd_req_state);
+ struct ctdbd_connection *conn = state->conn;
+ size_t num_pending = talloc_array_length(conn->pending);
+ size_t i, num_after;
+
+ tevent_req_set_cleanup_fn(req, NULL);
+
+ if (num_pending == 1) {
+ /*
+ * conn->read_req is a child of conn->pending
+ */
+ TALLOC_FREE(conn->pending);
+ conn->read_req = NULL;
+ return;
+ }
+
+ for (i=0; i<num_pending; i++) {
+ if (req == conn->pending[i]) {
+ break;
+ }
+ }
+ if (i == num_pending) {
+ /*
+ * Something's seriously broken. Just returning here is the
+ * right thing nevertheless, the point of this routine is to
+ * remove ourselves from conn->pending.
+ */
+ return;
+ }
+
+ num_after = num_pending - i - 1;
+ if (num_after > 0) {
+ memmove(&conn->pending[i],
+ &conn->pending[i] + 1,
+ sizeof(*conn->pending) * num_after);
+ }
+ conn->pending = talloc_realloc(
+ NULL, conn->pending, struct tevent_req *, num_pending - 1);
+}
+
+static void ctdbd_req_cleanup(
+ struct tevent_req *req, enum tevent_req_state req_state)
+{
+ ctdbd_req_unset_pending(req);
+}
+
+static bool ctdbd_req_set_pending(struct tevent_req *req)
+{
+ struct ctdbd_req_state *state = tevent_req_data(
+ req, struct ctdbd_req_state);
+ struct ctdbd_connection *conn = state->conn;
+ struct tevent_req **pending = NULL;
+ size_t num_pending = talloc_array_length(conn->pending);
+ bool ok;
+
+ pending = talloc_realloc(
+ conn, conn->pending, struct tevent_req *, num_pending + 1);
+ if (pending == NULL) {
+ return false;
+ }
+ pending[num_pending] = req;
+ conn->pending = pending;
+
+ tevent_req_set_cleanup_fn(req, ctdbd_req_cleanup);
+
+ ok = ctdbd_conn_receive_next(conn);
+ if (!ok) {
+ ctdbd_req_unset_pending(req);
+ return false;
+ }
+
+ return true;
+}
+
+static bool ctdbd_conn_receive_next(struct ctdbd_connection *conn)
+{
+ size_t num_pending = talloc_array_length(conn->pending);
+ struct tevent_req *req = NULL;
+ struct ctdbd_req_state *state = NULL;
+
+ if (conn->read_req != NULL) {
+ return true;
+ }
+ if (num_pending == 0) {
+ /*
+ * done for now
+ */
+ return true;
+ }
+
+ req = conn->pending[0];
+ state = tevent_req_data(req, struct ctdbd_req_state);
+
+ conn->read_req = ctdbd_pkt_read_send(
+ conn->pending, state->ev, conn->fd);
+ if (conn->read_req == NULL) {
+ return false;
+ }
+ tevent_req_set_callback(conn->read_req, ctdbd_conn_received, conn);
+ return true;
+}
+
+static void ctdbd_conn_received(struct tevent_req *subreq)
+{
+ struct ctdbd_connection *conn = tevent_req_callback_data(
+ subreq, struct ctdbd_connection);
+ TALLOC_CTX *frame = talloc_stackframe();
+ uint8_t *pkt = NULL;
+ int ret;
+ struct ctdb_req_header *hdr = NULL;
+ uint32_t reqid;
+ struct tevent_req *req = NULL;
+ struct ctdbd_req_state *state = NULL;
+ size_t i, num_pending;
+ bool ok;
+
+ SMB_ASSERT(subreq == conn->read_req);
+ conn->read_req = NULL;
+
+ ret = ctdbd_pkt_read_recv(subreq, frame, &pkt);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ cluster_fatal("ctdbd_pkt_read failed\n");
+ }
+
+ hdr = (struct ctdb_req_header *)pkt;
+ reqid = hdr->reqid;
+ num_pending = talloc_array_length(conn->pending);
+
+ for (i=0; i<num_pending; i++) {
+ req = conn->pending[i];
+ state = tevent_req_data(req, struct ctdbd_req_state);
+ if (state->reqid == reqid) {
+ break;
+ }
+ }
+
+ if (i == num_pending) {
+ /* not found */
+ TALLOC_FREE(frame);
+ return;
+ }
+
+ state->reply = talloc_move(state, &hdr);
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_done(req);
+
+ TALLOC_FREE(frame);
+
+ ok = ctdbd_conn_receive_next(conn);
+ if (!ok) {
+ cluster_fatal("ctdbd_conn_receive_next failed\n");
+ }
+}
+
+static void ctdbd_req_written(struct tevent_req *subreq);
+
+struct tevent_req *ctdbd_req_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct ctdbd_connection *conn,
+ struct iovec *iov,
+ size_t num_iov)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct ctdbd_req_state *state = NULL;
+ struct ctdb_req_header *hdr = NULL;
+ bool ok;
+
+ req = tevent_req_create(mem_ctx, &state, struct ctdbd_req_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->conn = conn;
+ state->ev = ev;
+
+ if ((num_iov == 0) ||
+ (iov[0].iov_len < sizeof(struct ctdb_req_header))) {
+ tevent_req_error(req, EINVAL);
+ return tevent_req_post(req, ev);
+ }
+ hdr = iov[0].iov_base;
+ state->reqid = hdr->reqid;
+
+ ok = ctdbd_req_set_pending(req);
+ if (!ok) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = writev_send(
+ state, ev, conn->outgoing, conn->fd, false, iov, num_iov);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, ctdbd_req_written, req);
+
+ return req;
+}
+
+static void ctdbd_req_written(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ ssize_t nwritten;
+ int err;
+
+ nwritten = writev_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (nwritten == -1) {
+ tevent_req_error(req, err);
+ return;
+ }
+}
+
+int ctdbd_req_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct ctdb_req_header **reply)
+{
+ struct ctdbd_req_state *state = tevent_req_data(
+ req, struct ctdbd_req_state);
+ int err;
+
+ if (tevent_req_is_unix_error(req, &err)) {
+ return err;
+ }
+ *reply = talloc_move(mem_ctx, &state->reply);
+ tevent_req_received(req);
+ return 0;
+}
+
+struct ctdbd_parse_state {
+ struct tevent_context *ev;
+ struct ctdbd_connection *conn;
+ uint32_t reqid;
+ TDB_DATA key;
+ uint8_t _keybuf[64];
+ struct ctdb_req_call_old ctdb_req;
+ struct iovec iov[2];
+ void (*parser)(TDB_DATA key,
+ TDB_DATA data,
+ void *private_data);
+ void *private_data;
+};
+
+static void ctdbd_parse_done(struct tevent_req *subreq);
+
+struct tevent_req *ctdbd_parse_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct ctdbd_connection *conn,
+ uint32_t db_id,
+ TDB_DATA key,
+ bool local_copy,
+ void (*parser)(TDB_DATA key,
+ TDB_DATA data,
+ void *private_data),
+ void *private_data,
+ enum dbwrap_req_state *req_state)
+{
+ struct tevent_req *req = NULL;
+ struct ctdbd_parse_state *state = NULL;
+ uint32_t flags;
+ uint32_t packet_length;
+ struct tevent_req *subreq = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct ctdbd_parse_state);
+ if (req == NULL) {
+ *req_state = DBWRAP_REQ_ERROR;
+ return NULL;
+ }
+
+ *req_state = DBWRAP_REQ_DISPATCHED;
+
+ *state = (struct ctdbd_parse_state) {
+ .ev = ev,
+ .conn = conn,
+ .reqid = ctdbd_next_reqid(conn),
+ .parser = parser,
+ .private_data = private_data,
+ };
+
+ flags = local_copy ? CTDB_WANT_READONLY : 0;
+ packet_length = offsetof(struct ctdb_req_call_old, data) + key.dsize;
+
+ /*
+ * Copy the key into our state, as ctdb_pkt_send_cleanup() requires that
+ * all passed iov elements have a lifetime longer that the tevent_req
+ * returned by ctdb_pkt_send_send(). This is required continue sending a
+ * the low level request into the ctdb socket, if a higher level
+ * ('this') request is canceled (or talloc free'd) by the application
+ * layer, without sending invalid packets to ctdb.
+ */
+ if (key.dsize > sizeof(state->_keybuf)) {
+ state->key.dptr = talloc_memdup(state, key.dptr, key.dsize);
+ if (tevent_req_nomem(state->key.dptr, req)) {
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ memcpy(state->_keybuf, key.dptr, key.dsize);
+ state->key.dptr = state->_keybuf;
+ }
+ state->key.dsize = key.dsize;
+
+ state->ctdb_req.hdr.length = packet_length;
+ state->ctdb_req.hdr.ctdb_magic = CTDB_MAGIC;
+ state->ctdb_req.hdr.ctdb_version = CTDB_PROTOCOL;
+ state->ctdb_req.hdr.operation = CTDB_REQ_CALL;
+ state->ctdb_req.hdr.reqid = state->reqid;
+ state->ctdb_req.flags = flags;
+ state->ctdb_req.callid = CTDB_FETCH_FUNC;
+ state->ctdb_req.db_id = db_id;
+ state->ctdb_req.keylen = state->key.dsize;
+
+ state->iov[0].iov_base = &state->ctdb_req;
+ state->iov[0].iov_len = offsetof(struct ctdb_req_call_old, data);
+ state->iov[1].iov_base = state->key.dptr;
+ state->iov[1].iov_len = state->key.dsize;
+
+ subreq = ctdbd_req_send(
+ state, ev, conn, state->iov, ARRAY_SIZE(state->iov));
+ if (tevent_req_nomem(subreq, req)) {
+ *req_state = DBWRAP_REQ_ERROR;
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, ctdbd_parse_done, req);
+
+ return req;
+}
+
+static void ctdbd_parse_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct ctdbd_parse_state *state = tevent_req_data(
+ req, struct ctdbd_parse_state);
+ struct ctdb_req_header *hdr = NULL;
+ struct ctdb_reply_call_old *reply = NULL;
+ int ret;
+
+ ret = ctdbd_req_recv(subreq, state, &hdr);
+ TALLOC_FREE(subreq);
+ if (tevent_req_error(req, ret)) {
+ DBG_DEBUG("ctdb_req_recv failed %s\n", strerror(ret));
+ return;
+ }
+ SMB_ASSERT(hdr != NULL);
+
+ if (hdr->operation != CTDB_REPLY_CALL) {
+ DBG_ERR("received invalid reply\n");
+ ctdb_packet_dump(hdr);
+ tevent_req_error(req, EIO);
+ return;
+ }
+
+ reply = (struct ctdb_reply_call_old *)hdr;
+
+ if (reply->datalen == 0) {
+ /*
+ * Treat an empty record as non-existing
+ */
+ tevent_req_error(req, ENOENT);
+ return;
+ }
+
+ state->parser(state->key,
+ make_tdb_data(&reply->data[0], reply->datalen),
+ state->private_data);
+
+ tevent_req_done(req);
+ return;
+}
+
+int ctdbd_parse_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_unix(req);
+}
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
new file mode 100644
index 0000000..46165e8
--- /dev/null
+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -0,0 +1,1985 @@
+/*
+ Unix SMB/CIFS implementation.
+ Database interface wrapper around ctdbd
+ Copyright (C) Volker Lendecke 2007-2009
+ Copyright (C) Michael Adam 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "util_tdb.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_ctdb.h"
+#include "dbwrap/dbwrap_rbt.h"
+#include "lib/param/param.h"
+
+#include "ctdb/include/ctdb_protocol.h"
+#include "ctdbd_conn.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_private.h"
+#include "dbwrap/dbwrap_ctdb.h"
+#include "g_lock.h"
+#include "messages.h"
+#include "messages_ctdb.h"
+#include "lib/cluster_support.h"
+#include "lib/util/tevent_ntstatus.h"
+
+struct db_ctdb_transaction_handle {
+ struct db_ctdb_ctx *ctx;
+ /*
+ * we store the writes done under a transaction:
+ */
+ struct ctdb_marshall_buffer *m_write;
+ uint32_t nesting;
+ bool nested_cancel;
+ char *lock_name;
+};
+
+struct db_ctdb_ctx {
+ struct db_context *db;
+ struct tdb_wrap *wtdb;
+ uint32_t db_id;
+ struct db_ctdb_transaction_handle *transaction;
+ struct g_lock_ctx *lock_ctx;
+
+ /* thresholds for warning messages */
+ int warn_unlock_msecs;
+ int warn_migrate_msecs;
+ int warn_migrate_attempts;
+ int warn_locktime_msecs;
+};
+
+struct db_ctdb_rec {
+ struct db_ctdb_ctx *ctdb_ctx;
+ struct ctdb_ltdb_header header;
+ struct timeval lock_time;
+};
+
+struct ctdb_async_ctx {
+ bool initialized;
+ struct ctdbd_connection *async_conn;
+};
+
+static struct ctdb_async_ctx ctdb_async_ctx;
+
+static int ctdb_async_ctx_init_internal(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ bool reinit)
+{
+ int ret;
+
+ if (reinit) {
+ TALLOC_FREE(ctdb_async_ctx.async_conn);
+ ctdb_async_ctx.initialized = false;
+ }
+
+ if (ctdb_async_ctx.initialized) {
+ return 0;
+ }
+
+ become_root();
+ ret = ctdbd_init_async_connection(
+ mem_ctx,
+ lp_ctdbd_socket(),
+ lp_ctdb_timeout(),
+ &ctdb_async_ctx.async_conn);
+ unbecome_root();
+
+ if (ret != 0) {
+ DBG_ERR("ctdbd_init_async_connection(%s, timeout=%d) "
+ "failed: ret=%d %s\n",
+ lp_ctdbd_socket(),
+ lp_ctdb_timeout(),
+ ret, strerror(ret));
+ return ret;
+ }
+
+ SMB_ASSERT(ctdb_async_ctx.async_conn != NULL);
+
+ ctdb_async_ctx.initialized = true;
+ return 0;
+}
+
+static int ctdb_async_ctx_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev)
+{
+ return ctdb_async_ctx_init_internal(mem_ctx, ev, false);
+}
+
+int ctdb_async_ctx_reinit(TALLOC_CTX *mem_ctx, struct tevent_context *ev)
+{
+ return ctdb_async_ctx_init_internal(mem_ctx, ev, true);
+}
+
+static NTSTATUS tdb_error_to_ntstatus(struct tdb_context *tdb)
+{
+ enum TDB_ERROR tret = tdb_error(tdb);
+
+ return map_nt_error_from_tdb(tret);
+}
+
+struct db_ctdb_ltdb_parse_state {
+ void (*parser)(TDB_DATA key, struct ctdb_ltdb_header *header,
+ TDB_DATA data, void *private_data);
+ void *private_data;
+};
+
+static int db_ctdb_ltdb_parser(TDB_DATA key, TDB_DATA data,
+ void *private_data)
+{
+ struct db_ctdb_ltdb_parse_state *state =
+ (struct db_ctdb_ltdb_parse_state *)private_data;
+
+ if (data.dsize < sizeof(struct ctdb_ltdb_header)) {
+ return -1;
+ }
+
+ state->parser(
+ key, (struct ctdb_ltdb_header *)data.dptr,
+ make_tdb_data(data.dptr + sizeof(struct ctdb_ltdb_header),
+ data.dsize - sizeof(struct ctdb_ltdb_header)),
+ state->private_data);
+ return 0;
+}
+
+static NTSTATUS db_ctdb_ltdb_parse(
+ struct db_ctdb_ctx *db, TDB_DATA key,
+ void (*parser)(TDB_DATA key, struct ctdb_ltdb_header *header,
+ TDB_DATA data, void *private_data),
+ void *private_data)
+{
+ struct db_ctdb_ltdb_parse_state state;
+ int ret;
+
+ state.parser = parser;
+ state.private_data = private_data;
+
+ ret = tdb_parse_record(db->wtdb->tdb, key, db_ctdb_ltdb_parser,
+ &state);
+ if (ret == -1) {
+ return NT_STATUS_NOT_FOUND;
+ }
+ return NT_STATUS_OK;
+}
+
+/*
+ * Store a record together with the ctdb record header
+ * in the local copy of the database.
+ */
+static NTSTATUS db_ctdb_ltdb_store(struct db_ctdb_ctx *db,
+ TDB_DATA key,
+ struct ctdb_ltdb_header *header,
+ const TDB_DATA *dbufs, int num_dbufs)
+{
+ TDB_DATA recs[num_dbufs+1];
+ int ret;
+
+ recs[0] = (TDB_DATA) { .dptr = (uint8_t *)header,
+ .dsize = sizeof(struct ctdb_ltdb_header) };
+ memcpy(&recs[1], dbufs, sizeof(TDB_DATA) * num_dbufs);
+
+ ret = tdb_storev(db->wtdb->tdb, key, recs, num_dbufs + 1, TDB_REPLACE);
+
+ return (ret == 0) ? NT_STATUS_OK
+ : tdb_error_to_ntstatus(db->wtdb->tdb);
+
+}
+
+/*
+ form a ctdb_rec_data record from a key/data pair
+ */
+static struct ctdb_rec_data_old *db_ctdb_marshall_record(TALLOC_CTX *mem_ctx, uint32_t reqid,
+ TDB_DATA key,
+ struct ctdb_ltdb_header *header,
+ TDB_DATA data)
+{
+ size_t length;
+ struct ctdb_rec_data_old *d;
+
+ length = offsetof(struct ctdb_rec_data_old, data) + key.dsize +
+ data.dsize + sizeof(*header);
+ d = (struct ctdb_rec_data_old *)talloc_size(mem_ctx, length);
+ if (d == NULL) {
+ return NULL;
+ }
+ d->length = length;
+ d->reqid = reqid;
+ d->keylen = key.dsize;
+ memcpy(&d->data[0], key.dptr, key.dsize);
+
+ d->datalen = data.dsize + sizeof(*header);
+ memcpy(&d->data[key.dsize], header, sizeof(*header));
+ memcpy(&d->data[key.dsize+sizeof(*header)], data.dptr, data.dsize);
+ return d;
+}
+
+
+/* helper function for marshalling multiple records */
+static struct ctdb_marshall_buffer *db_ctdb_marshall_add(TALLOC_CTX *mem_ctx,
+ struct ctdb_marshall_buffer *m,
+ uint32_t db_id,
+ uint32_t reqid,
+ TDB_DATA key,
+ struct ctdb_ltdb_header *header,
+ TDB_DATA data)
+{
+ struct ctdb_rec_data_old *r;
+ size_t m_size, r_size;
+ struct ctdb_marshall_buffer *m2 = NULL;
+
+ r = db_ctdb_marshall_record(talloc_tos(), reqid, key, header, data);
+ if (r == NULL) {
+ talloc_free(m);
+ return NULL;
+ }
+
+ if (m == NULL) {
+ m = (struct ctdb_marshall_buffer *)talloc_zero_size(
+ mem_ctx, offsetof(struct ctdb_marshall_buffer, data));
+ if (m == NULL) {
+ goto done;
+ }
+ m->db_id = db_id;
+ }
+
+ m_size = talloc_get_size(m);
+ r_size = talloc_get_size(r);
+
+ m2 = (struct ctdb_marshall_buffer *)talloc_realloc_size(
+ mem_ctx, m, m_size + r_size);
+ if (m2 == NULL) {
+ talloc_free(m);
+ goto done;
+ }
+
+ memcpy(m_size + (uint8_t *)m2, r, r_size);
+
+ m2->count++;
+
+done:
+ talloc_free(r);
+ return m2;
+}
+
+/* we've finished marshalling, return a data blob with the marshalled records */
+static TDB_DATA db_ctdb_marshall_finish(struct ctdb_marshall_buffer *m)
+{
+ TDB_DATA data;
+ data.dptr = (uint8_t *)m;
+ data.dsize = talloc_get_size(m);
+ return data;
+}
+
+/*
+ loop over a marshalling buffer
+
+ - pass r==NULL to start
+ - loop the number of times indicated by m->count
+*/
+static struct ctdb_rec_data_old *db_ctdb_marshall_loop_next_key(
+ struct ctdb_marshall_buffer *m, struct ctdb_rec_data_old *r, TDB_DATA *key)
+{
+ if (r == NULL) {
+ r = (struct ctdb_rec_data_old *)&m->data[0];
+ } else {
+ r = (struct ctdb_rec_data_old *)(r->length + (uint8_t *)r);
+ }
+
+ key->dptr = &r->data[0];
+ key->dsize = r->keylen;
+ return r;
+}
+
+static bool db_ctdb_marshall_buf_parse(
+ struct ctdb_rec_data_old *r, uint32_t *reqid,
+ struct ctdb_ltdb_header **header, TDB_DATA *data)
+{
+ if (r->datalen < sizeof(struct ctdb_ltdb_header)) {
+ return false;
+ }
+
+ *reqid = r->reqid;
+
+ data->dptr = &r->data[r->keylen] + sizeof(struct ctdb_ltdb_header);
+ data->dsize = r->datalen - sizeof(struct ctdb_ltdb_header);
+
+ *header = (struct ctdb_ltdb_header *)&r->data[r->keylen];
+
+ return true;
+}
+
+/**
+ * CTDB transaction destructor
+ */
+static int db_ctdb_transaction_destructor(struct db_ctdb_transaction_handle *h)
+{
+ NTSTATUS status;
+
+ status = g_lock_unlock(h->ctx->lock_ctx,
+ string_term_tdb_data(h->lock_name));
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("g_lock_unlock failed for %s: %s\n", h->lock_name,
+ nt_errstr(status)));
+ return -1;
+ }
+ return 0;
+}
+
+/**
+ * CTDB dbwrap API: transaction_start function
+ * starts a transaction on a persistent database
+ */
+static int db_ctdb_transaction_start(struct db_context *db)
+{
+ struct db_ctdb_transaction_handle *h;
+ NTSTATUS status;
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(db->private_data,
+ struct db_ctdb_ctx);
+
+ if (!db->persistent) {
+ DEBUG(0,("transactions not supported on non-persistent database 0x%08x\n",
+ ctx->db_id));
+ return -1;
+ }
+
+ if (ctx->transaction) {
+ ctx->transaction->nesting++;
+ DEBUG(5, (__location__ " transaction start on db 0x%08x: nesting %d -> %d\n",
+ ctx->db_id, ctx->transaction->nesting - 1, ctx->transaction->nesting));
+ return 0;
+ }
+
+ h = talloc_zero(db, struct db_ctdb_transaction_handle);
+ if (h == NULL) {
+ DEBUG(0,(__location__ " oom for transaction handle\n"));
+ return -1;
+ }
+
+ h->ctx = ctx;
+
+ h->lock_name = talloc_asprintf(h, "transaction_db_0x%08x",
+ (unsigned int)ctx->db_id);
+ if (h->lock_name == NULL) {
+ DEBUG(0, ("talloc_asprintf failed\n"));
+ TALLOC_FREE(h);
+ return -1;
+ }
+
+ /*
+ * Wait a day, i.e. forever...
+ */
+ status = g_lock_lock(ctx->lock_ctx, string_term_tdb_data(h->lock_name),
+ G_LOCK_WRITE, timeval_set(86400, 0), NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("g_lock_lock failed: %s\n", nt_errstr(status)));
+ TALLOC_FREE(h);
+ return -1;
+ }
+
+ talloc_set_destructor(h, db_ctdb_transaction_destructor);
+
+ ctx->transaction = h;
+
+ DEBUG(5,(__location__ " transaction started on db 0x%08x\n", ctx->db_id));
+
+ return 0;
+}
+
+static bool parse_newest_in_marshall_buffer(
+ struct ctdb_marshall_buffer *buf, TDB_DATA key,
+ void (*parser)(TDB_DATA key, struct ctdb_ltdb_header *header,
+ TDB_DATA data, void *private_data),
+ void *private_data)
+{
+ struct ctdb_rec_data_old *rec = NULL;
+ struct ctdb_ltdb_header *h = NULL;
+ TDB_DATA data;
+ uint32_t i;
+
+ if (buf == NULL) {
+ return false;
+ }
+
+ /*
+ * Walk the list of records written during this
+ * transaction. If we want to read one we have already
+ * written, return the last written sample. Thus we do not do
+ * a "break;" for the first hit, this record might have been
+ * overwritten later.
+ */
+
+ for (i=0; i<buf->count; i++) {
+ TDB_DATA tkey;
+ uint32_t reqid;
+
+ rec = db_ctdb_marshall_loop_next_key(buf, rec, &tkey);
+ if (rec == NULL) {
+ return false;
+ }
+
+ if (!tdb_data_equal(key, tkey)) {
+ continue;
+ }
+
+ if (!db_ctdb_marshall_buf_parse(rec, &reqid, &h, &data)) {
+ return false;
+ }
+ }
+
+ if (h == NULL) {
+ return false;
+ }
+
+ parser(key, h, data, private_data);
+
+ return true;
+}
+
+struct pull_newest_from_marshall_buffer_state {
+ struct ctdb_ltdb_header *pheader;
+ TALLOC_CTX *mem_ctx;
+ TDB_DATA *pdata;
+};
+
+static void pull_newest_from_marshall_buffer_parser(
+ TDB_DATA key, struct ctdb_ltdb_header *header,
+ TDB_DATA data, void *private_data)
+{
+ struct pull_newest_from_marshall_buffer_state *state =
+ (struct pull_newest_from_marshall_buffer_state *)private_data;
+
+ if (state->pheader != NULL) {
+ memcpy(state->pheader, header, sizeof(*state->pheader));
+ }
+ if (state->pdata != NULL) {
+ state->pdata->dsize = data.dsize;
+ state->pdata->dptr = (uint8_t *)talloc_memdup(
+ state->mem_ctx, data.dptr, data.dsize);
+ }
+}
+
+static bool pull_newest_from_marshall_buffer(struct ctdb_marshall_buffer *buf,
+ TDB_DATA key,
+ struct ctdb_ltdb_header *pheader,
+ TALLOC_CTX *mem_ctx,
+ TDB_DATA *pdata)
+{
+ struct pull_newest_from_marshall_buffer_state state;
+
+ state.pheader = pheader;
+ state.mem_ctx = mem_ctx;
+ state.pdata = pdata;
+
+ if (!parse_newest_in_marshall_buffer(
+ buf, key, pull_newest_from_marshall_buffer_parser,
+ &state)) {
+ return false;
+ }
+ if ((pdata != NULL) && (pdata->dsize != 0) && (pdata->dptr == NULL)) {
+ /* ENOMEM */
+ return false;
+ }
+ return true;
+}
+
+static NTSTATUS db_ctdb_storev_transaction(struct db_record *rec,
+ const TDB_DATA *dbufs, int num_dbufs,
+ int flag);
+static NTSTATUS db_ctdb_delete_transaction(struct db_record *rec);
+
+static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ctx,
+ TALLOC_CTX *mem_ctx,
+ TDB_DATA key)
+{
+ struct db_record *result;
+ TDB_DATA ctdb_data;
+
+ if (!(result = talloc(mem_ctx, struct db_record))) {
+ DEBUG(0, ("talloc failed\n"));
+ return NULL;
+ }
+
+ result->db = ctx->db;
+ result->private_data = ctx->transaction;
+
+ result->key.dsize = key.dsize;
+ result->key.dptr = (uint8_t *)talloc_memdup(result, key.dptr,
+ key.dsize);
+ if (result->key.dptr == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ result->storev = db_ctdb_storev_transaction;
+ result->delete_rec = db_ctdb_delete_transaction;
+
+ if (ctx->transaction == NULL) {
+ DEBUG(0, ("no transaction available\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ if (pull_newest_from_marshall_buffer(ctx->transaction->m_write, key,
+ NULL, result, &result->value)) {
+ result->value_valid = true;
+ return result;
+ }
+
+ ctdb_data = tdb_fetch(ctx->wtdb->tdb, key);
+ if (ctdb_data.dptr == NULL) {
+ /* create the record */
+ result->value = tdb_null;
+ result->value_valid = true;
+ return result;
+ }
+
+ result->value.dsize = ctdb_data.dsize - sizeof(struct ctdb_ltdb_header);
+ result->value.dptr = NULL;
+
+ if ((result->value.dsize != 0)
+ && !(result->value.dptr = (uint8_t *)talloc_memdup(
+ result, ctdb_data.dptr + sizeof(struct ctdb_ltdb_header),
+ result->value.dsize))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ result->value_valid = true;
+
+ SAFE_FREE(ctdb_data.dptr);
+
+ return result;
+}
+
+static int db_ctdb_record_destructor(struct db_record **recp)
+{
+ struct db_record *rec = talloc_get_type_abort(*recp, struct db_record);
+ struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
+ rec->private_data, struct db_ctdb_transaction_handle);
+ int ret = h->ctx->db->transaction_commit(h->ctx->db);
+ if (ret != 0) {
+ DEBUG(0,(__location__ " transaction_commit failed\n"));
+ }
+ return 0;
+}
+
+/*
+ auto-create a transaction for persistent databases
+ */
+static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx,
+ TALLOC_CTX *mem_ctx,
+ TDB_DATA key)
+{
+ int res;
+ struct db_record *rec, **recp;
+
+ res = db_ctdb_transaction_start(ctx->db);
+ if (res == -1) {
+ return NULL;
+ }
+
+ rec = db_ctdb_fetch_locked_transaction(ctx, mem_ctx, key);
+ if (rec == NULL) {
+ ctx->db->transaction_cancel(ctx->db);
+ return NULL;
+ }
+
+ /* destroy this transaction when we release the lock */
+ recp = talloc(rec, struct db_record *);
+ if (recp == NULL) {
+ ctx->db->transaction_cancel(ctx->db);
+ talloc_free(rec);
+ return NULL;
+ }
+ *recp = rec;
+ talloc_set_destructor(recp, db_ctdb_record_destructor);
+ return rec;
+}
+
+
+/*
+ stores a record inside a transaction
+ */
+static NTSTATUS db_ctdb_transaction_store(struct db_ctdb_transaction_handle *h,
+ TDB_DATA key, TDB_DATA data)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(h);
+ TDB_DATA rec;
+ struct ctdb_ltdb_header header;
+
+ ZERO_STRUCT(header);
+
+ /* we need the header so we can update the RSN */
+
+ if (!pull_newest_from_marshall_buffer(h->m_write, key, &header,
+ NULL, NULL)) {
+
+ rec = tdb_fetch(h->ctx->wtdb->tdb, key);
+
+ if (rec.dptr != NULL) {
+ memcpy(&header, rec.dptr,
+ sizeof(struct ctdb_ltdb_header));
+ rec.dsize -= sizeof(struct ctdb_ltdb_header);
+
+ /*
+ * a special case, we are writing the same
+ * data that is there now
+ */
+ if (data.dsize == rec.dsize &&
+ memcmp(data.dptr,
+ rec.dptr + sizeof(struct ctdb_ltdb_header),
+ data.dsize) == 0) {
+ SAFE_FREE(rec.dptr);
+ talloc_free(tmp_ctx);
+ return NT_STATUS_OK;
+ }
+ }
+ SAFE_FREE(rec.dptr);
+ }
+
+ header.dmaster = get_my_vnn();
+ header.rsn++;
+
+ h->m_write = db_ctdb_marshall_add(h, h->m_write, h->ctx->db_id, 0, key, &header, data);
+ if (h->m_write == NULL) {
+ DEBUG(0,(__location__ " Failed to add to marshalling record\n"));
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ talloc_free(tmp_ctx);
+ return NT_STATUS_OK;
+}
+
+
+/*
+ a record store inside a transaction
+ */
+static NTSTATUS db_ctdb_storev_transaction(
+ struct db_record *rec, const TDB_DATA *dbufs, int num_dbufs, int flag)
+{
+ struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
+ rec->private_data, struct db_ctdb_transaction_handle);
+ NTSTATUS status;
+ TDB_DATA data = {0};
+
+ status = dbwrap_merge_dbufs(&data, rec, dbufs, num_dbufs);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = db_ctdb_transaction_store(h, rec->key, data);
+
+ TALLOC_FREE(data.dptr);
+
+ return status;
+}
+
+/*
+ a record delete inside a transaction
+ */
+static NTSTATUS db_ctdb_delete_transaction(struct db_record *rec)
+{
+ struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
+ rec->private_data, struct db_ctdb_transaction_handle);
+ NTSTATUS status;
+
+ status = db_ctdb_transaction_store(h, rec->key, tdb_null);
+ return status;
+}
+
+static void db_ctdb_fetch_db_seqnum_parser(
+ TDB_DATA key, struct ctdb_ltdb_header *header,
+ TDB_DATA data, void *private_data)
+{
+ uint64_t *seqnum = (uint64_t *)private_data;
+
+ if (data.dsize != sizeof(uint64_t)) {
+ *seqnum = 0;
+ return;
+ }
+ memcpy(seqnum, data.dptr, sizeof(*seqnum));
+}
+
+/**
+ * Fetch the db sequence number of a persistent db directly from the db.
+ */
+static NTSTATUS db_ctdb_fetch_db_seqnum_from_db(struct db_ctdb_ctx *db,
+ uint64_t *seqnum)
+{
+ NTSTATUS status;
+ TDB_DATA key;
+
+ if (seqnum == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ key = string_term_tdb_data(CTDB_DB_SEQNUM_KEY);
+
+ status = db_ctdb_ltdb_parse(
+ db, key, db_ctdb_fetch_db_seqnum_parser, seqnum);
+
+ if (NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_OK;
+ }
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ *seqnum = 0;
+ return NT_STATUS_OK;
+ }
+ return status;
+}
+
+/**
+ * Store the database sequence number inside a transaction.
+ */
+static NTSTATUS db_ctdb_store_db_seqnum(struct db_ctdb_transaction_handle *h,
+ uint64_t seqnum)
+{
+ NTSTATUS status;
+ TDB_DATA key = string_term_tdb_data(CTDB_DB_SEQNUM_KEY);
+ TDB_DATA data = { .dptr=(uint8_t *)&seqnum, .dsize=sizeof(seqnum) };
+
+ status = db_ctdb_transaction_store(h, key, data);
+
+ return status;
+}
+
+/*
+ commit a transaction
+ */
+static int db_ctdb_transaction_commit(struct db_context *db)
+{
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(db->private_data,
+ struct db_ctdb_ctx);
+ NTSTATUS rets;
+ int32_t status;
+ struct db_ctdb_transaction_handle *h = ctx->transaction;
+ uint64_t old_seqnum, new_seqnum;
+ int ret;
+
+ if (h == NULL) {
+ DEBUG(0,(__location__ " transaction commit with no open transaction on db 0x%08x\n", ctx->db_id));
+ return -1;
+ }
+
+ if (h->nested_cancel) {
+ db->transaction_cancel(db);
+ DEBUG(5,(__location__ " Failed transaction commit after nested cancel\n"));
+ return -1;
+ }
+
+ if (h->nesting != 0) {
+ h->nesting--;
+ DEBUG(5, (__location__ " transaction commit on db 0x%08x: nesting %d -> %d\n",
+ ctx->db_id, ctx->transaction->nesting + 1, ctx->transaction->nesting));
+ return 0;
+ }
+
+ if (h->m_write == NULL) {
+ /*
+ * No changes were made, so don't change the seqnum,
+ * don't push to other node, just exit with success.
+ */
+ ret = 0;
+ goto done;
+ }
+
+ DEBUG(5,(__location__ " transaction commit on db 0x%08x\n", ctx->db_id));
+
+ /*
+ * As the last db action before committing, bump the database sequence
+ * number. Note that this undoes all changes to the seqnum records
+ * performed under the transaction. This record is not meant to be
+ * modified by user interaction. It is for internal use only...
+ */
+ rets = db_ctdb_fetch_db_seqnum_from_db(ctx, &old_seqnum);
+ if (!NT_STATUS_IS_OK(rets)) {
+ DEBUG(1, (__location__ " failed to fetch the db sequence number "
+ "in transaction commit on db 0x%08x\n", ctx->db_id));
+ ret = -1;
+ goto done;
+ }
+
+ new_seqnum = old_seqnum + 1;
+
+ rets = db_ctdb_store_db_seqnum(h, new_seqnum);
+ if (!NT_STATUS_IS_OK(rets)) {
+ DEBUG(1, (__location__ "failed to store the db sequence number "
+ " in transaction commit on db 0x%08x\n", ctx->db_id));
+ ret = -1;
+ goto done;
+ }
+
+again:
+ /* tell ctdbd to commit to the other nodes */
+ ret = ctdbd_control_local(messaging_ctdb_connection(),
+ CTDB_CONTROL_TRANS3_COMMIT,
+ h->ctx->db_id, 0,
+ db_ctdb_marshall_finish(h->m_write),
+ NULL, NULL, &status);
+ if ((ret != 0) || status != 0) {
+ /*
+ * The TRANS3_COMMIT control should only possibly fail when a
+ * recovery has been running concurrently. In any case, the db
+ * will be the same on all nodes, either the new copy or the
+ * old copy. This can be detected by comparing the old and new
+ * local sequence numbers.
+ */
+ rets = db_ctdb_fetch_db_seqnum_from_db(ctx, &new_seqnum);
+ if (!NT_STATUS_IS_OK(rets)) {
+ DEBUG(1, (__location__ " failed to refetch db sequence "
+ "number after failed TRANS3_COMMIT\n"));
+ ret = -1;
+ goto done;
+ }
+
+ if (new_seqnum == old_seqnum) {
+ /* Recovery prevented all our changes: retry. */
+ goto again;
+ }
+ if (new_seqnum != (old_seqnum + 1)) {
+ DEBUG(0, (__location__ " ERROR: new_seqnum[%lu] != "
+ "old_seqnum[%lu] + (0 or 1) after failed "
+ "TRANS3_COMMIT - this should not happen!\n",
+ (unsigned long)new_seqnum,
+ (unsigned long)old_seqnum));
+ ret = -1;
+ goto done;
+ }
+ /*
+ * Recovery propagated our changes to all nodes, completing
+ * our commit for us - succeed.
+ */
+ }
+
+ ret = 0;
+
+done:
+ h->ctx->transaction = NULL;
+ talloc_free(h);
+ return ret;
+}
+
+
+/*
+ cancel a transaction
+ */
+static int db_ctdb_transaction_cancel(struct db_context *db)
+{
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(db->private_data,
+ struct db_ctdb_ctx);
+ struct db_ctdb_transaction_handle *h = ctx->transaction;
+
+ if (h == NULL) {
+ DEBUG(0,(__location__ " transaction cancel with no open transaction on db 0x%08x\n", ctx->db_id));
+ return -1;
+ }
+
+ if (h->nesting != 0) {
+ h->nesting--;
+ h->nested_cancel = true;
+ DEBUG(5, (__location__ " transaction cancel on db 0x%08x: nesting %d -> %d\n",
+ ctx->db_id, ctx->transaction->nesting + 1, ctx->transaction->nesting));
+ return 0;
+ }
+
+ DEBUG(5,(__location__ " Cancel transaction on db 0x%08x\n", ctx->db_id));
+
+ ctx->transaction = NULL;
+ talloc_free(h);
+ return 0;
+}
+
+
+static NTSTATUS db_ctdb_storev(struct db_record *rec,
+ const TDB_DATA *dbufs, int num_dbufs, int flag)
+{
+ struct db_ctdb_rec *crec = talloc_get_type_abort(
+ rec->private_data, struct db_ctdb_rec);
+ NTSTATUS status;
+
+ status = db_ctdb_ltdb_store(crec->ctdb_ctx, rec->key, &(crec->header),
+ dbufs, num_dbufs);
+ return status;
+}
+
+
+
+static NTSTATUS db_ctdb_send_schedule_for_deletion(struct db_record *rec)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ int ret;
+ struct ctdb_control_schedule_for_deletion *dd;
+ TDB_DATA indata;
+ int32_t cstatus;
+ struct db_ctdb_rec *crec = talloc_get_type_abort(
+ rec->private_data, struct db_ctdb_rec);
+ struct db_ctdb_ctx *ctx = crec->ctdb_ctx;
+
+ indata.dsize = offsetof(struct ctdb_control_schedule_for_deletion, key) + rec->key.dsize;
+ indata.dptr = talloc_zero_array(crec, uint8_t, indata.dsize);
+ if (indata.dptr == NULL) {
+ DEBUG(0, (__location__ " talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ dd = (struct ctdb_control_schedule_for_deletion *)(void *)indata.dptr;
+ dd->db_id = ctx->db_id;
+ dd->hdr = crec->header;
+ dd->keylen = rec->key.dsize;
+ memcpy(dd->key, rec->key.dptr, rec->key.dsize);
+
+ ret = ctdbd_control_local(messaging_ctdb_connection(),
+ CTDB_CONTROL_SCHEDULE_FOR_DELETION,
+ crec->ctdb_ctx->db_id,
+ CTDB_CTRL_FLAG_NOREPLY, /* flags */
+ indata,
+ NULL, /* mem_ctx */
+ NULL, /* outdata */
+ &cstatus);
+ talloc_free(indata.dptr);
+
+ if ((ret != 0) || cstatus != 0) {
+ DEBUG(1, (__location__ " Error sending local control "
+ "SCHEDULE_FOR_DELETION: %s, cstatus = %"PRIi32"\n",
+ strerror(ret), cstatus));
+ if (ret != 0) {
+ status = map_nt_error_from_unix(ret);
+ } else {
+ status = NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ return status;
+}
+
+static NTSTATUS db_ctdb_delete(struct db_record *rec)
+{
+ NTSTATUS status;
+
+ /*
+ * We have to store the header with empty data. TODO: Fix the
+ * tdb-level cleanup
+ */
+
+ status = db_ctdb_storev(rec, &tdb_null, 1, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = db_ctdb_send_schedule_for_deletion(rec);
+ return status;
+}
+
+static int db_ctdb_record_destr(struct db_record* data)
+{
+ struct db_ctdb_rec *crec = talloc_get_type_abort(
+ data->private_data, struct db_ctdb_rec);
+ int threshold;
+ int ret;
+ struct timeval before;
+ double timediff;
+
+ DEBUG(10, (DEBUGLEVEL > 10
+ ? "Unlocking db %u key %s\n"
+ : "Unlocking db %u key %.20s\n",
+ (int)crec->ctdb_ctx->db_id,
+ hex_encode_talloc(data, (unsigned char *)data->key.dptr,
+ data->key.dsize)));
+
+ before = timeval_current();
+
+ ret = tdb_chainunlock(crec->ctdb_ctx->wtdb->tdb, data->key);
+
+ timediff = timeval_elapsed(&before);
+ timediff *= 1000; /* get us milliseconds */
+
+ if (timediff > crec->ctdb_ctx->warn_unlock_msecs) {
+ char *key;
+ key = hex_encode_talloc(talloc_tos(),
+ (unsigned char *)data->key.dptr,
+ data->key.dsize);
+ DEBUG(0, ("tdb_chainunlock on db %s, key %s took %f milliseconds\n",
+ tdb_name(crec->ctdb_ctx->wtdb->tdb), key,
+ timediff));
+ TALLOC_FREE(key);
+ }
+
+ if (ret != 0) {
+ DEBUG(0, ("tdb_chainunlock failed\n"));
+ return -1;
+ }
+
+ threshold = crec->ctdb_ctx->warn_locktime_msecs;
+ if (threshold != 0) {
+ timediff = timeval_elapsed(&crec->lock_time) * 1000;
+ if (timediff > threshold) {
+ const char *key;
+
+ key = hex_encode_talloc(data,
+ (unsigned char *)data->key.dptr,
+ data->key.dsize);
+ DEBUG(0, ("Held tdb lock on db %s, key %s "
+ "%f milliseconds\n",
+ tdb_name(crec->ctdb_ctx->wtdb->tdb),
+ key, timediff));
+ }
+ }
+
+ return 0;
+}
+
+/**
+ * Check whether we have a valid local copy of the given record,
+ * either for reading or for writing.
+ */
+static bool db_ctdb_can_use_local_hdr(const struct ctdb_ltdb_header *hdr,
+ uint32_t my_vnn, bool read_only)
+{
+ if (hdr->dmaster != my_vnn) {
+ /* If we're not dmaster, it must be r/o copy. */
+ return read_only && (hdr->flags & CTDB_REC_RO_HAVE_READONLY);
+ }
+
+ /*
+ * If we want write access, no one may have r/o copies.
+ */
+ return read_only || !(hdr->flags & CTDB_REC_RO_HAVE_DELEGATIONS);
+}
+
+static bool db_ctdb_can_use_local_copy(TDB_DATA ctdb_data, uint32_t my_vnn,
+ bool read_only)
+{
+ if (ctdb_data.dptr == NULL) {
+ return false;
+ }
+
+ if (ctdb_data.dsize < sizeof(struct ctdb_ltdb_header)) {
+ return false;
+ }
+
+ return db_ctdb_can_use_local_hdr(
+ (struct ctdb_ltdb_header *)ctdb_data.dptr, my_vnn, read_only);
+}
+
+static struct db_record *fetch_locked_internal(struct db_ctdb_ctx *ctx,
+ TALLOC_CTX *mem_ctx,
+ TDB_DATA key)
+{
+ struct db_record *result;
+ struct db_ctdb_rec *crec;
+ TDB_DATA ctdb_data;
+ int migrate_attempts;
+ struct timeval migrate_start;
+ struct timeval chainlock_start;
+ struct timeval ctdb_start_time;
+ double chainlock_time = 0;
+ double ctdb_time = 0;
+ int duration_msecs;
+ int lockret;
+ int ret;
+
+ if (!(result = talloc(mem_ctx, struct db_record))) {
+ DEBUG(0, ("talloc failed\n"));
+ return NULL;
+ }
+
+ if (!(crec = talloc_zero(result, struct db_ctdb_rec))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ result->db = ctx->db;
+ result->private_data = (void *)crec;
+ crec->ctdb_ctx = ctx;
+
+ result->key.dsize = key.dsize;
+ result->key.dptr = (uint8_t *)talloc_memdup(result, key.dptr,
+ key.dsize);
+ if (result->key.dptr == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ migrate_attempts = 0;
+ GetTimeOfDay(&migrate_start);
+
+ /*
+ * Do a blocking lock on the record
+ */
+again:
+
+ if (DEBUGLEVEL >= 10) {
+ char *keystr = hex_encode_talloc(result, key.dptr, key.dsize);
+ DEBUG(10, (DEBUGLEVEL > 10
+ ? "Locking db %u key %s\n"
+ : "Locking db %u key %.20s\n",
+ (int)crec->ctdb_ctx->db_id, keystr));
+ TALLOC_FREE(keystr);
+ }
+
+ GetTimeOfDay(&chainlock_start);
+ lockret = tdb_chainlock(ctx->wtdb->tdb, key);
+ chainlock_time += timeval_elapsed(&chainlock_start);
+
+ if (lockret != 0) {
+ DEBUG(3, ("tdb_chainlock failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ result->storev = db_ctdb_storev;
+ result->delete_rec = db_ctdb_delete;
+ talloc_set_destructor(result, db_ctdb_record_destr);
+
+ ctdb_data = tdb_fetch(ctx->wtdb->tdb, key);
+
+ /*
+ * See if we have a valid record and we are the dmaster. If so, we can
+ * take the shortcut and just return it.
+ */
+
+ if (!db_ctdb_can_use_local_copy(ctdb_data, get_my_vnn(), false)) {
+ SAFE_FREE(ctdb_data.dptr);
+ tdb_chainunlock(ctx->wtdb->tdb, key);
+ talloc_set_destructor(result, NULL);
+
+ migrate_attempts += 1;
+
+ DEBUG(10, ("ctdb_data.dptr = %p, dmaster = %"PRIu32" "
+ "(%"PRIu32") %"PRIu32"\n",
+ ctdb_data.dptr, ctdb_data.dptr ?
+ ((struct ctdb_ltdb_header *)ctdb_data.dptr)->dmaster :
+ UINT32_MAX,
+ get_my_vnn(),
+ ctdb_data.dptr ?
+ ((struct ctdb_ltdb_header *)ctdb_data.dptr)->flags : 0));
+
+ GetTimeOfDay(&ctdb_start_time);
+ ret = ctdbd_migrate(messaging_ctdb_connection(), ctx->db_id,
+ key);
+ ctdb_time += timeval_elapsed(&ctdb_start_time);
+
+ if (ret != 0) {
+ DEBUG(5, ("ctdbd_migrate failed: %s\n",
+ strerror(ret)));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ /* now its migrated, try again */
+ goto again;
+ }
+
+ {
+ double duration;
+ duration = timeval_elapsed(&migrate_start);
+
+ /*
+ * Convert the duration to milliseconds to avoid a
+ * floating-point division of
+ * lp_parm_int("migrate_duration") by 1000.
+ */
+ duration_msecs = duration * 1000;
+ }
+
+ if ((migrate_attempts > ctx->warn_migrate_attempts) ||
+ (duration_msecs > ctx->warn_migrate_msecs)) {
+ int chain = 0;
+
+ if (tdb_get_flags(ctx->wtdb->tdb) & TDB_INCOMPATIBLE_HASH) {
+ chain = tdb_jenkins_hash(&key) %
+ tdb_hash_size(ctx->wtdb->tdb);
+ }
+
+ DEBUG(0, ("db_ctdb_fetch_locked for %s key %s, chain %d "
+ "needed %d attempts, %d milliseconds, "
+ "chainlock: %f ms, CTDB %f ms\n",
+ tdb_name(ctx->wtdb->tdb),
+ hex_encode_talloc(talloc_tos(),
+ (unsigned char *)key.dptr,
+ key.dsize),
+ chain,
+ migrate_attempts, duration_msecs,
+ chainlock_time * 1000.0,
+ ctdb_time * 1000.0));
+ }
+
+ GetTimeOfDay(&crec->lock_time);
+
+ memcpy(&crec->header, ctdb_data.dptr, sizeof(crec->header));
+
+ result->value.dsize = ctdb_data.dsize - sizeof(crec->header);
+ result->value.dptr = NULL;
+
+ if (result->value.dsize != 0) {
+ result->value.dptr = talloc_memdup(
+ result, ctdb_data.dptr + sizeof(crec->header),
+ result->value.dsize);
+ if (result->value.dptr == NULL) {
+ DBG_ERR("talloc failed\n");
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ }
+ result->value_valid = true;
+
+ SAFE_FREE(ctdb_data.dptr);
+
+ return result;
+}
+
+static struct db_record *db_ctdb_fetch_locked(struct db_context *db,
+ TALLOC_CTX *mem_ctx,
+ TDB_DATA key)
+{
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(db->private_data,
+ struct db_ctdb_ctx);
+
+ if (ctx->transaction != NULL) {
+ return db_ctdb_fetch_locked_transaction(ctx, mem_ctx, key);
+ }
+
+ if (db->persistent) {
+ return db_ctdb_fetch_locked_persistent(ctx, mem_ctx, key);
+ }
+
+ return fetch_locked_internal(ctx, mem_ctx, key);
+}
+
+struct db_ctdb_parse_record_state {
+ void (*parser)(TDB_DATA key, TDB_DATA data, void *private_data);
+ void *private_data;
+ uint32_t my_vnn;
+ bool ask_for_readonly_copy;
+ bool done;
+ bool empty_record;
+};
+
+static void db_ctdb_parse_record_parser(
+ TDB_DATA key, struct ctdb_ltdb_header *header,
+ TDB_DATA data, void *private_data)
+{
+ struct db_ctdb_parse_record_state *state =
+ (struct db_ctdb_parse_record_state *)private_data;
+ state->parser(key, data, state->private_data);
+}
+
+static void db_ctdb_parse_record_parser_nonpersistent(
+ TDB_DATA key, struct ctdb_ltdb_header *header,
+ TDB_DATA data, void *private_data)
+{
+ struct db_ctdb_parse_record_state *state =
+ (struct db_ctdb_parse_record_state *)private_data;
+
+ if (db_ctdb_can_use_local_hdr(header, state->my_vnn, true)) {
+ /*
+ * A record consisting only of the ctdb header can be
+ * a validly created empty record or a tombstone
+ * record of a deleted record (not vacuumed yet). Mark
+ * it accordingly.
+ */
+ state->empty_record = (data.dsize == 0);
+ if (!state->empty_record) {
+ state->parser(key, data, state->private_data);
+ }
+ state->done = true;
+ } else {
+ /*
+ * We found something in the db, so it seems that this record,
+ * while not usable locally right now, is popular. Ask for a
+ * R/O copy.
+ */
+ state->ask_for_readonly_copy = true;
+ }
+}
+
+static NTSTATUS db_ctdb_try_parse_local_record(struct db_ctdb_ctx *ctx,
+ TDB_DATA key,
+ struct db_ctdb_parse_record_state *state)
+{
+ NTSTATUS status;
+
+ if (ctx->transaction != NULL) {
+ struct db_ctdb_transaction_handle *h = ctx->transaction;
+ bool found;
+
+ /*
+ * Transactions only happen for persistent db's.
+ */
+
+ found = parse_newest_in_marshall_buffer(
+ h->m_write, key, db_ctdb_parse_record_parser, state);
+
+ if (found) {
+ return NT_STATUS_OK;
+ }
+ }
+
+ if (ctx->db->persistent) {
+ /*
+ * Persistent db, but not found in the transaction buffer
+ */
+ return db_ctdb_ltdb_parse(
+ ctx, key, db_ctdb_parse_record_parser, state);
+ }
+
+ state->done = false;
+ state->ask_for_readonly_copy = false;
+
+ status = db_ctdb_ltdb_parse(
+ ctx, key, db_ctdb_parse_record_parser_nonpersistent, state);
+ if (NT_STATUS_IS_OK(status) && state->done) {
+ if (state->empty_record) {
+ /*
+ * We know authoritatively, that this is an empty
+ * record. Since ctdb does not distinguish between empty
+ * and deleted records, this can be a record stored as
+ * empty or a not-yet-vacuumed tombstone record of a
+ * deleted record. Now Samba right now can live without
+ * empty records, so we can safely report this record
+ * as non-existing.
+ *
+ * See bugs 10008 and 12005.
+ */
+ return NT_STATUS_NOT_FOUND;
+ }
+ return NT_STATUS_OK;
+ }
+
+ return NT_STATUS_MORE_PROCESSING_REQUIRED;
+}
+
+static NTSTATUS db_ctdb_parse_record(struct db_context *db, TDB_DATA key,
+ void (*parser)(TDB_DATA key,
+ TDB_DATA data,
+ void *private_data),
+ void *private_data)
+{
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_ctdb_ctx);
+ struct db_ctdb_parse_record_state state;
+ NTSTATUS status;
+ int ret;
+
+ state.parser = parser;
+ state.private_data = private_data;
+ state.my_vnn = get_my_vnn();
+ state.empty_record = false;
+
+ status = db_ctdb_try_parse_local_record(ctx, key, &state);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ return status;
+ }
+
+ ret = ctdbd_parse(messaging_ctdb_connection(), ctx->db_id, key,
+ state.ask_for_readonly_copy, parser, private_data);
+ if (ret != 0) {
+ if (ret == ENOENT) {
+ /*
+ * This maps to
+ * NT_STATUS_OBJECT_NAME_NOT_FOUND. Our upper
+ * layers expect NT_STATUS_NOT_FOUND for "no
+ * record around". We need to convert dbwrap
+ * to 0/errno away from NTSTATUS ... :-)
+ */
+ return NT_STATUS_NOT_FOUND;
+ }
+ return map_nt_error_from_unix(ret);
+ }
+ return NT_STATUS_OK;
+}
+
+static void db_ctdb_parse_record_done(struct tevent_req *subreq);
+
+static struct tevent_req *db_ctdb_parse_record_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct db_context *db,
+ TDB_DATA key,
+ void (*parser)(TDB_DATA key,
+ TDB_DATA data,
+ void *private_data),
+ void *private_data,
+ enum dbwrap_req_state *req_state)
+{
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_ctdb_ctx);
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct db_ctdb_parse_record_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct db_ctdb_parse_record_state);
+ if (req == NULL) {
+ *req_state = DBWRAP_REQ_ERROR;
+ return NULL;
+
+ }
+
+ *state = (struct db_ctdb_parse_record_state) {
+ .parser = parser,
+ .private_data = private_data,
+ .my_vnn = get_my_vnn(),
+ .empty_record = false,
+ };
+
+ status = db_ctdb_try_parse_local_record(ctx, key, state);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ if (tevent_req_nterror(req, status)) {
+ *req_state = DBWRAP_REQ_ERROR;
+ return tevent_req_post(req, ev);
+ }
+ *req_state = DBWRAP_REQ_DONE;
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = ctdbd_parse_send(state,
+ ev,
+ ctdb_async_ctx.async_conn,
+ ctx->db_id,
+ key,
+ state->ask_for_readonly_copy,
+ parser,
+ private_data,
+ req_state);
+ if (tevent_req_nomem(subreq, req)) {
+ *req_state = DBWRAP_REQ_ERROR;
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, db_ctdb_parse_record_done, req);
+
+ return req;
+}
+
+static void db_ctdb_parse_record_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ int ret;
+
+ ret = ctdbd_parse_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ if (ret == ENOENT) {
+ /*
+ * This maps to NT_STATUS_OBJECT_NAME_NOT_FOUND. Our
+ * upper layers expect NT_STATUS_NOT_FOUND for "no
+ * record around". We need to convert dbwrap to 0/errno
+ * away from NTSTATUS ... :-)
+ */
+ tevent_req_nterror(req, NT_STATUS_NOT_FOUND);
+ return;
+ }
+ tevent_req_nterror(req, map_nt_error_from_unix(ret));
+ return;
+ }
+
+ tevent_req_done(req);
+ return;
+}
+
+static NTSTATUS db_ctdb_parse_record_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct traverse_state {
+ struct db_context *db;
+ int (*fn)(struct db_record *rec, void *private_data);
+ void *private_data;
+ int count;
+};
+
+static void traverse_callback(TDB_DATA key, TDB_DATA data, void *private_data)
+{
+ struct traverse_state *state = (struct traverse_state *)private_data;
+ struct db_record *rec = NULL;
+ TALLOC_CTX *tmp_ctx = NULL;
+
+ tmp_ctx = talloc_new(state->db);
+ if (tmp_ctx == NULL) {
+ DBG_ERR("talloc_new failed\n");
+ return;
+ }
+
+ /* we have to give them a locked record to prevent races */
+ rec = db_ctdb_fetch_locked(state->db, tmp_ctx, key);
+ if (rec != NULL && rec->value.dsize > 0) {
+ state->fn(rec, state->private_data);
+ state->count++;
+ }
+ talloc_free(tmp_ctx);
+}
+
+static int traverse_persistent_callback(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
+ void *private_data)
+{
+ struct traverse_state *state = (struct traverse_state *)private_data;
+ struct db_record *rec;
+ TALLOC_CTX *tmp_ctx = talloc_new(state->db);
+ int ret = 0;
+
+ /*
+ * Skip the __db_sequence_number__ key:
+ * This is used for persistent transactions internally.
+ */
+ if (kbuf.dsize == strlen(CTDB_DB_SEQNUM_KEY) + 1 &&
+ strcmp((const char*)kbuf.dptr, CTDB_DB_SEQNUM_KEY) == 0)
+ {
+ goto done;
+ }
+
+ /* we have to give them a locked record to prevent races */
+ rec = db_ctdb_fetch_locked(state->db, tmp_ctx, kbuf);
+ if (rec && rec->value.dsize > 0) {
+ ret = state->fn(rec, state->private_data);
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+/* wrapper to use traverse_persistent_callback with dbwrap */
+static int traverse_persistent_callback_dbwrap(struct db_record *rec, void* data)
+{
+ return traverse_persistent_callback(NULL, rec->key, rec->value, data);
+}
+
+static int db_ctdbd_traverse(uint32_t db_id,
+ void (*fn)(TDB_DATA key, TDB_DATA data,
+ void *private_data),
+ void *private_data)
+{
+ struct ctdbd_connection *conn;
+ int ret;
+
+ become_root();
+ ret = ctdbd_init_connection(talloc_tos(), lp_ctdbd_socket(),
+ lp_ctdb_timeout(), &conn);
+ unbecome_root();
+ if (ret != 0) {
+ DBG_WARNING("ctdbd_init_connection failed: %s\n",
+ strerror(ret));
+ return ret;
+ }
+
+ ret = ctdbd_traverse(conn, db_id, fn, private_data);
+ TALLOC_FREE(conn);
+
+ if (ret != 0) {
+ DBG_WARNING("ctdbd_traverse failed: %s\n",
+ strerror(ret));
+ return ret;
+ }
+
+ return 0;
+}
+
+
+static int db_ctdb_traverse(struct db_context *db,
+ int (*fn)(struct db_record *rec,
+ void *private_data),
+ void *private_data)
+{
+ int ret;
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(db->private_data,
+ struct db_ctdb_ctx);
+ struct traverse_state state;
+
+ state = (struct traverse_state) {
+ .db = db,
+ .fn = fn,
+ .private_data = private_data,
+ };
+
+ if (db->persistent) {
+ struct tdb_context *ltdb = ctx->wtdb->tdb;
+
+ /* for persistent databases we don't need to do a ctdb traverse,
+ we can do a faster local traverse */
+ ret = tdb_traverse(ltdb, traverse_persistent_callback, &state);
+ if (ret < 0) {
+ return ret;
+ }
+ if (ctx->transaction && ctx->transaction->m_write) {
+ /*
+ * we now have to handle keys not yet
+ * present at transaction start
+ */
+ struct db_context *newkeys = db_open_rbt(talloc_tos());
+ struct ctdb_marshall_buffer *mbuf = ctx->transaction->m_write;
+ struct ctdb_rec_data_old *rec=NULL;
+ uint32_t i;
+ int count = 0;
+ NTSTATUS status;
+
+ if (newkeys == NULL) {
+ return -1;
+ }
+
+ for (i=0; i<mbuf->count; i++) {
+ TDB_DATA key;
+ rec = db_ctdb_marshall_loop_next_key(
+ mbuf, rec, &key);
+ SMB_ASSERT(rec != NULL);
+
+ if (!tdb_exists(ltdb, key)) {
+ dbwrap_store(newkeys, key, tdb_null, 0);
+ }
+ }
+ status = dbwrap_traverse(newkeys,
+ traverse_persistent_callback_dbwrap,
+ &state,
+ &count);
+ talloc_free(newkeys);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+ ret += count;
+ }
+ return ret;
+ }
+
+ ret = db_ctdbd_traverse(ctx->db_id, traverse_callback, &state);
+ if (ret != 0) {
+ return -1;
+ }
+ return state.count;
+}
+
+static NTSTATUS db_ctdb_storev_deny(struct db_record *rec,
+ const TDB_DATA *dbufs, int num_dbufs, int flag)
+{
+ return NT_STATUS_MEDIA_WRITE_PROTECTED;
+}
+
+static NTSTATUS db_ctdb_delete_deny(struct db_record *rec)
+{
+ return NT_STATUS_MEDIA_WRITE_PROTECTED;
+}
+
+static void traverse_read_callback(TDB_DATA key, TDB_DATA data, void *private_data)
+{
+ struct traverse_state *state = (struct traverse_state *)private_data;
+ struct db_record rec;
+
+ ZERO_STRUCT(rec);
+ rec.db = state->db;
+ rec.key = key;
+ rec.value = data;
+ rec.storev = db_ctdb_storev_deny;
+ rec.delete_rec = db_ctdb_delete_deny;
+ rec.private_data = NULL;
+ rec.value_valid = true;
+ state->fn(&rec, state->private_data);
+ state->count++;
+}
+
+static int traverse_persistent_callback_read(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
+ void *private_data)
+{
+ struct traverse_state *state = (struct traverse_state *)private_data;
+ struct db_record rec;
+
+ /*
+ * Skip the __db_sequence_number__ key:
+ * This is used for persistent transactions internally.
+ */
+ if (kbuf.dsize == strlen(CTDB_DB_SEQNUM_KEY) + 1 &&
+ strcmp((const char*)kbuf.dptr, CTDB_DB_SEQNUM_KEY) == 0)
+ {
+ return 0;
+ }
+
+ ZERO_STRUCT(rec);
+ rec.db = state->db;
+ rec.key = kbuf;
+ rec.value = dbuf;
+ rec.value_valid = true;
+ rec.storev = db_ctdb_storev_deny;
+ rec.delete_rec = db_ctdb_delete_deny;
+ rec.private_data = NULL;
+
+ if (rec.value.dsize <= sizeof(struct ctdb_ltdb_header)) {
+ /* a deleted record */
+ return 0;
+ }
+ rec.value.dsize -= sizeof(struct ctdb_ltdb_header);
+ rec.value.dptr += sizeof(struct ctdb_ltdb_header);
+
+ state->count++;
+ return state->fn(&rec, state->private_data);
+}
+
+static int db_ctdb_traverse_read(struct db_context *db,
+ int (*fn)(struct db_record *rec,
+ void *private_data),
+ void *private_data)
+{
+ int ret;
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(db->private_data,
+ struct db_ctdb_ctx);
+ struct traverse_state state;
+
+ state = (struct traverse_state) {
+ .db = db,
+ .fn = fn,
+ .private_data = private_data,
+ };
+
+ if (db->persistent) {
+ /* for persistent databases we don't need to do a ctdb traverse,
+ we can do a faster local traverse */
+ int nrecs;
+
+ nrecs = tdb_traverse_read(ctx->wtdb->tdb,
+ traverse_persistent_callback_read,
+ &state);
+ if (nrecs == -1) {
+ return -1;
+ }
+ return state.count;
+ }
+
+ ret = db_ctdbd_traverse(ctx->db_id, traverse_read_callback, &state);
+ if (ret != 0) {
+ return -1;
+ }
+ return state.count;
+}
+
+static int db_ctdb_get_seqnum(struct db_context *db)
+{
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(db->private_data,
+ struct db_ctdb_ctx);
+ return tdb_get_seqnum(ctx->wtdb->tdb);
+}
+
+static size_t db_ctdb_id(struct db_context *db, uint8_t *id, size_t idlen)
+{
+ struct db_ctdb_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_ctdb_ctx);
+
+ if (idlen >= sizeof(ctx->db_id)) {
+ memcpy(id, &ctx->db_id, sizeof(ctx->db_id));
+ }
+
+ return sizeof(ctx->db_id);
+}
+
+struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *name,
+ int hash_size, int tdb_flags,
+ int open_flags, mode_t mode,
+ enum dbwrap_lock_order lock_order,
+ uint64_t dbwrap_flags)
+{
+ struct db_context *result;
+ struct db_ctdb_ctx *db_ctdb;
+ char *db_path;
+ struct loadparm_context *lp_ctx;
+ TDB_DATA data;
+ TDB_DATA outdata = {0};
+ bool persistent = (tdb_flags & TDB_CLEAR_IF_FIRST) == 0;
+ int32_t cstatus;
+ int ret;
+
+ if (!lp_clustering()) {
+ DEBUG(10, ("Clustering disabled -- no ctdb\n"));
+ return NULL;
+ }
+
+ if (!(result = talloc_zero(mem_ctx, struct db_context))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ if (!(db_ctdb = talloc(result, struct db_ctdb_ctx))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ result->name = talloc_strdup(result, name);
+ if (result->name == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ db_ctdb->transaction = NULL;
+ db_ctdb->db = result;
+
+ ret = ctdbd_db_attach(messaging_ctdb_connection(), name,
+ &db_ctdb->db_id, persistent);
+ if (ret != 0) {
+ DEBUG(0, ("ctdbd_db_attach failed for %s: %s\n", name,
+ strerror(ret)));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ if (tdb_flags & TDB_SEQNUM) {
+ data.dptr = (uint8_t *)&db_ctdb->db_id;
+ data.dsize = sizeof(db_ctdb->db_id);
+
+ ret = ctdbd_control_local(messaging_ctdb_connection(),
+ CTDB_CONTROL_ENABLE_SEQNUM,
+ 0, 0, data,
+ NULL, NULL, &cstatus);
+ if ((ret != 0) || cstatus != 0) {
+ DBG_ERR("ctdb_control for enable seqnum "
+ "failed: %s\n", strerror(ret));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ }
+
+ db_path = ctdbd_dbpath(messaging_ctdb_connection(), db_ctdb,
+ db_ctdb->db_id);
+ if (db_path == NULL) {
+ DBG_ERR("ctdbd_dbpath failed\n");
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ result->persistent = persistent;
+ result->lock_order = lock_order;
+
+ data.dptr = (uint8_t *)&db_ctdb->db_id;
+ data.dsize = sizeof(db_ctdb->db_id);
+
+ ret = ctdbd_control_local(messaging_ctdb_connection(),
+ CTDB_CONTROL_DB_OPEN_FLAGS,
+ 0, 0, data, NULL, &outdata, &cstatus);
+ if (ret != 0) {
+ DBG_ERR(" ctdb control for db_open_flags "
+ "failed: %s\n", strerror(ret));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ if (cstatus != 0 || outdata.dsize != sizeof(int)) {
+ DBG_ERR("ctdb_control for db_open_flags failed\n");
+ TALLOC_FREE(outdata.dptr);
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ tdb_flags = *(int *)outdata.dptr;
+ TALLOC_FREE(outdata.dptr);
+
+ if (!result->persistent) {
+ ret = ctdb_async_ctx_init(NULL, messaging_tevent_context(msg_ctx));
+ if (ret != 0) {
+ DBG_ERR("ctdb_async_ctx_init failed: %s\n", strerror(ret));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ }
+
+ if (!result->persistent &&
+ (dbwrap_flags & DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS))
+ {
+ TDB_DATA indata;
+
+ indata = make_tdb_data((uint8_t *)&db_ctdb->db_id,
+ sizeof(db_ctdb->db_id));
+
+ ret = ctdbd_control_local(
+ messaging_ctdb_connection(),
+ CTDB_CONTROL_SET_DB_READONLY, 0, 0,
+ indata, NULL, NULL, &cstatus);
+ if ((ret != 0) || (cstatus != 0)) {
+ DEBUG(1, ("CTDB_CONTROL_SET_DB_READONLY failed: "
+ "%s, %"PRIi32"\n", strerror(ret), cstatus));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ }
+
+ lp_ctx = loadparm_init_s3(db_path, loadparm_s3_helpers());
+
+ if (hash_size == 0) {
+ hash_size = lpcfg_tdb_hash_size(lp_ctx, db_path);
+ }
+
+ db_ctdb->wtdb = tdb_wrap_open(db_ctdb, db_path, hash_size,
+ lpcfg_tdb_flags(lp_ctx, tdb_flags),
+ O_RDWR, 0);
+ talloc_unlink(db_path, lp_ctx);
+ if (db_ctdb->wtdb == NULL) {
+ DEBUG(0, ("Could not open tdb %s: %s\n", db_path, strerror(errno)));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ talloc_free(db_path);
+
+ /* honor permissions if user has specified O_CREAT */
+ if (open_flags & O_CREAT) {
+ int fd;
+ fd = tdb_fd(db_ctdb->wtdb->tdb);
+ ret = fchmod(fd, mode);
+ if (ret == -1) {
+ DBG_WARNING("fchmod failed: %s\n",
+ strerror(errno));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ }
+
+ if (result->persistent) {
+ db_ctdb->lock_ctx = g_lock_ctx_init(db_ctdb, msg_ctx);
+ if (db_ctdb->lock_ctx == NULL) {
+ DEBUG(0, ("g_lock_ctx_init failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ }
+
+ db_ctdb->warn_unlock_msecs = lp_parm_int(-1, "ctdb",
+ "unlock_warn_threshold", 5);
+ db_ctdb->warn_migrate_attempts = lp_parm_int(-1, "ctdb",
+ "migrate_attempts", 10);
+ db_ctdb->warn_migrate_msecs = lp_parm_int(-1, "ctdb",
+ "migrate_duration", 5000);
+ db_ctdb->warn_locktime_msecs = lp_ctdb_locktime_warn_threshold();
+
+ result->private_data = (void *)db_ctdb;
+ result->fetch_locked = db_ctdb_fetch_locked;
+ result->parse_record = db_ctdb_parse_record;
+ result->parse_record_send = db_ctdb_parse_record_send;
+ result->parse_record_recv = db_ctdb_parse_record_recv;
+ result->traverse = db_ctdb_traverse;
+ result->traverse_read = db_ctdb_traverse_read;
+ result->get_seqnum = db_ctdb_get_seqnum;
+ result->transaction_start = db_ctdb_transaction_start;
+ result->transaction_commit = db_ctdb_transaction_commit;
+ result->transaction_cancel = db_ctdb_transaction_cancel;
+ result->id = db_ctdb_id;
+
+ DEBUG(3,("db_open_ctdb: opened database '%s' with dbid 0x%x\n",
+ name, db_ctdb->db_id));
+
+ return result;
+}
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.h b/source3/lib/dbwrap/dbwrap_ctdb.h
new file mode 100644
index 0000000..0b82479
--- /dev/null
+++ b/source3/lib/dbwrap/dbwrap_ctdb.h
@@ -0,0 +1,40 @@
+/*
+ Unix SMB/CIFS implementation.
+ Database interface wrapper around ctdbd
+ Copyright (C) Volker Lendecke 2007-2009
+ Copyright (C) Michael Adam 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __DBWRAP_CTDB_H__
+#define __DBWRAP_CTDB_H__
+
+#include <talloc.h>
+
+#include "dbwrap/dbwrap_private.h"
+
+struct db_context;
+struct ctdbd_connection;
+
+struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *name,
+ int hash_size, int tdb_flags,
+ int open_flags, mode_t mode,
+ enum dbwrap_lock_order lock_order,
+ uint64_t dbwrap_flags);
+int ctdb_async_ctx_reinit(TALLOC_CTX *mem_ctx, struct tevent_context *ev);
+
+#endif /* __DBWRAP_CTDB_H__ */
diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c
new file mode 100644
index 0000000..52c8a94
--- /dev/null
+++ b/source3/lib/dbwrap/dbwrap_open.c
@@ -0,0 +1,197 @@
+/*
+ Unix SMB/CIFS implementation.
+ Database interface wrapper
+
+ Copyright (C) Volker Lendecke 2005-2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_private.h"
+#include "dbwrap/dbwrap_open.h"
+#include "dbwrap/dbwrap_tdb.h"
+#include "dbwrap/dbwrap_ctdb.h"
+#include "lib/param/param.h"
+#include "lib/cluster_support.h"
+#include "lib/messages_ctdb.h"
+#include "util_tdb.h"
+#include "ctdbd_conn.h"
+#include "global_contexts.h"
+
+bool db_is_local(const char *name)
+{
+ const char *sockname = lp_ctdbd_socket();
+
+ if (lp_clustering() && socket_exist(sockname)) {
+ const char *partname;
+ /* ctdb only wants the file part of the name */
+ partname = strrchr(name, '/');
+ if (partname) {
+ partname++;
+ } else {
+ partname = name;
+ }
+ /* allow ctdb for individual databases to be disabled */
+ if (lp_parm_bool(-1, "ctdb", partname, True)) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+/**
+ * open a database
+ */
+struct db_context *db_open(TALLOC_CTX *mem_ctx,
+ const char *name,
+ int hash_size, int tdb_flags,
+ int open_flags, mode_t mode,
+ enum dbwrap_lock_order lock_order,
+ uint64_t dbwrap_flags)
+{
+ struct db_context *result = NULL;
+ const char *base;
+ struct loadparm_context *lp_ctx = NULL;
+
+ if ((lock_order != DBWRAP_LOCK_ORDER_NONE) &&
+ !DBWRAP_LOCK_ORDER_VALID(lock_order)) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ base = strrchr_m(name, '/');
+ if (base != NULL) {
+ base++;
+ } else {
+ base = name;
+ }
+
+ if (tdb_flags & TDB_CLEAR_IF_FIRST) {
+ bool try_readonly = false;
+
+ if (dbwrap_flags & DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS) {
+ try_readonly = true;
+ }
+
+ try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", "*", try_readonly);
+ try_readonly = lp_parm_bool(-1, "dbwrap_optimize_readonly", base, try_readonly);
+
+ if (try_readonly) {
+ dbwrap_flags |= DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
+ } else {
+ dbwrap_flags &= ~DBWRAP_FLAG_OPTIMIZE_READONLY_ACCESS;
+ }
+ }
+
+ if (tdb_flags & TDB_CLEAR_IF_FIRST) {
+ bool try_mutex = true;
+ bool require_mutex = false;
+
+ try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", "*", try_mutex);
+ try_mutex = lp_parm_bool(-1, "dbwrap_tdb_mutexes", base, try_mutex);
+
+ if (!lp_use_mmap()) {
+ /*
+ * Mutexes require mmap. "use mmap = no" can
+ * be a debugging tool, so let it override the
+ * mutex parameters
+ */
+ try_mutex = false;
+ }
+
+ if (try_mutex && tdb_runtime_check_for_robust_mutexes()) {
+ tdb_flags |= TDB_MUTEX_LOCKING;
+ }
+
+ require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
+ "*", require_mutex);
+ require_mutex = lp_parm_bool(-1, "dbwrap_tdb_require_mutexes",
+ base, require_mutex);
+
+ if (require_mutex) {
+ tdb_flags |= TDB_MUTEX_LOCKING;
+ }
+ }
+
+ if (lp_clustering()) {
+ const char *sockname;
+
+ sockname = lp_ctdbd_socket();
+ if (!socket_exist(sockname)) {
+ DBG_WARNING("ctdb socket does %s not exist - "
+ "is ctdb not running?\n",
+ sockname);
+ return NULL;
+ }
+
+ /* allow ctdb for individual databases to be disabled */
+ if (lp_parm_bool(-1, "ctdb", base, true)) {
+ struct messaging_context *msg_ctx;
+ struct ctdbd_connection *conn;
+
+ /*
+ * Initialize messaging before getting the ctdb
+ * connection, as the ctdb connection requires messaging
+ * to be initialized.
+ */
+ msg_ctx = global_messaging_context();
+ if (msg_ctx == NULL) {
+ DBG_ERR("Failed to initialize messaging\n");
+ return NULL;
+ }
+
+ conn = messaging_ctdb_connection();
+ if (conn == NULL) {
+ DBG_WARNING("No ctdb connection\n");
+ errno = EIO;
+ return NULL;
+ }
+
+ result = db_open_ctdb(mem_ctx, msg_ctx, base,
+ hash_size,
+ tdb_flags, open_flags, mode,
+ lock_order, dbwrap_flags);
+ if (result == NULL) {
+ DBG_ERR("failed to attach to ctdb %s\n", base);
+ if (errno == 0) {
+ errno = EIO;
+ }
+ return NULL;
+ }
+
+ return result;
+ }
+ }
+
+ lp_ctx = loadparm_init_s3(mem_ctx, loadparm_s3_helpers());
+
+ if (hash_size == 0) {
+ hash_size = lpcfg_tdb_hash_size(lp_ctx, name);
+ }
+ tdb_flags = lpcfg_tdb_flags(lp_ctx, tdb_flags);
+
+ result = dbwrap_local_open(mem_ctx,
+ name,
+ hash_size,
+ tdb_flags,
+ open_flags,
+ mode,
+ lock_order,
+ dbwrap_flags);
+ talloc_unlink(mem_ctx, lp_ctx);
+ return result;
+}
diff --git a/source3/lib/dbwrap/dbwrap_open.h b/source3/lib/dbwrap/dbwrap_open.h
new file mode 100644
index 0000000..d14794e
--- /dev/null
+++ b/source3/lib/dbwrap/dbwrap_open.h
@@ -0,0 +1,45 @@
+/*
+ Unix SMB/CIFS implementation.
+ Database interface wrapper around tdb
+
+ Copyright (C) Volker Lendecke 2005-2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __DBWRAP_OPEN_H__
+#define __DBWRAP_OPEN_H__
+
+struct db_context;
+
+/**
+ * Convenience function to check whether a tdb database
+ * is local or clustered (ctdb) in a clustered environment.
+ */
+bool db_is_local(const char *name);
+
+/**
+ * Convenience function that will determine whether to
+ * open a tdb database via the tdb backend or via the ctdb
+ * backend, based on lp_clustering() and a db-specific
+ * settings.
+ */
+struct db_context *db_open(TALLOC_CTX *mem_ctx,
+ const char *name,
+ int hash_size, int tdb_flags,
+ int open_flags, mode_t mode,
+ enum dbwrap_lock_order lock_order,
+ uint64_t dbwrap_flags);
+
+#endif /* __DBWRAP_OPEN_H__ */
diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c
new file mode 100644
index 0000000..df93119
--- /dev/null
+++ b/source3/lib/dbwrap/dbwrap_watch.c
@@ -0,0 +1,1285 @@
+/*
+ Unix SMB/CIFS implementation.
+ Watch dbwrap record changes
+ Copyright (C) Volker Lendecke 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/util/server_id.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap_watch.h"
+#include "dbwrap_open.h"
+#include "lib/util/util_tdb.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "serverid.h"
+#include "server_id_watch.h"
+#include "lib/dbwrap/dbwrap_private.h"
+
+struct dbwrap_watcher {
+ /*
+ * Process watching this record
+ */
+ struct server_id pid;
+ /*
+ * Individual instance inside the waiter, incremented each
+ * time a watcher is created
+ */
+ uint64_t instance;
+};
+
+#define DBWRAP_WATCHER_BUF_LENGTH (SERVER_ID_BUF_LENGTH + sizeof(uint64_t))
+#define DBWRAP_MAX_WATCHERS (INT32_MAX/DBWRAP_WATCHER_BUF_LENGTH)
+
+/*
+ * Watched records contain a header of:
+ *
+ * [uint32] num_records
+ * 0 [DBWRAP_WATCHER_BUF_LENGTH] \
+ * 1 [DBWRAP_WATCHER_BUF_LENGTH] |
+ * .. |- Array of watchers
+ * (num_records-1)[DBWRAP_WATCHER_BUF_LENGTH] /
+ *
+ * [Remainder of record....]
+ *
+ * If this header is absent then this is a
+ * fresh record of length zero (no watchers).
+ */
+
+static bool dbwrap_watch_rec_parse(
+ TDB_DATA data,
+ uint8_t **pwatchers,
+ size_t *pnum_watchers,
+ TDB_DATA *pdata)
+{
+ size_t num_watchers;
+
+ if (data.dsize == 0) {
+ /* Fresh record */
+ if (pwatchers != NULL) {
+ *pwatchers = NULL;
+ }
+ if (pnum_watchers != NULL) {
+ *pnum_watchers = 0;
+ }
+ if (pdata != NULL) {
+ *pdata = (TDB_DATA) { .dptr = NULL };
+ }
+ return true;
+ }
+
+ if (data.dsize < sizeof(uint32_t)) {
+ /* Invalid record */
+ return false;
+ }
+
+ num_watchers = IVAL(data.dptr, 0);
+
+ data.dptr += sizeof(uint32_t);
+ data.dsize -= sizeof(uint32_t);
+
+ if (num_watchers > data.dsize/DBWRAP_WATCHER_BUF_LENGTH) {
+ /* Invalid record */
+ return false;
+ }
+
+ if (pwatchers != NULL) {
+ *pwatchers = data.dptr;
+ }
+ if (pnum_watchers != NULL) {
+ *pnum_watchers = num_watchers;
+ }
+ if (pdata != NULL) {
+ size_t watchers_len = num_watchers * DBWRAP_WATCHER_BUF_LENGTH;
+ *pdata = (TDB_DATA) {
+ .dptr = data.dptr + watchers_len,
+ .dsize = data.dsize - watchers_len
+ };
+ }
+
+ return true;
+}
+
+static void dbwrap_watcher_get(struct dbwrap_watcher *w,
+ const uint8_t buf[DBWRAP_WATCHER_BUF_LENGTH])
+{
+ server_id_get(&w->pid, buf);
+ w->instance = BVAL(buf, SERVER_ID_BUF_LENGTH);
+}
+
+static void dbwrap_watcher_put(uint8_t buf[DBWRAP_WATCHER_BUF_LENGTH],
+ const struct dbwrap_watcher *w)
+{
+ server_id_put(buf, w->pid);
+ SBVAL(buf, SERVER_ID_BUF_LENGTH, w->instance);
+}
+
+static void dbwrap_watch_log_invalid_record(
+ struct db_context *db, TDB_DATA key, TDB_DATA value)
+{
+ DBG_ERR("Found invalid record in %s\n", dbwrap_name(db));
+ dump_data(1, key.dptr, key.dsize);
+ dump_data(1, value.dptr, value.dsize);
+}
+
+struct db_watched_ctx {
+ struct db_context *backend;
+ struct messaging_context *msg;
+};
+
+struct db_watched_record {
+ struct db_record *rec;
+ struct server_id self;
+ struct {
+ struct db_record *rec;
+ TDB_DATA initial_value;
+ bool initial_valid;
+ } backend;
+ bool force_fini_store;
+ struct dbwrap_watcher added;
+ bool removed_first;
+ struct {
+ /*
+ * The is the number of watcher records
+ * parsed from backend.initial_value
+ */
+ size_t count;
+ /*
+ * This is the pointer to
+ * the optentially first watcher record
+ * parsed from backend.initial_value
+ *
+ * The pointer actually points to memory
+ * in backend.initial_value.
+ *
+ * Note it might be NULL, if count is 0.
+ */
+ uint8_t *first;
+ /*
+ * This remembers if we already
+ * notified the watchers.
+ *
+ * As we only need to do that once during:
+ * do_locked
+ * or:
+ * between rec = fetch_locked
+ * and
+ * TALLOC_FREE(rec)
+ */
+ bool alerted;
+ } watchers;
+ struct {
+ struct dbwrap_watcher watcher;
+ } wakeup;
+};
+
+static struct db_watched_record *db_record_get_watched_record(struct db_record *rec)
+{
+ /*
+ * we can't use wrec = talloc_get_type_abort() here!
+ * because wrec is likely a stack variable in
+ * dbwrap_watched_do_locked_fn()
+ *
+ * In order to have a least some protection
+ * we verify the cross reference pointers
+ * between rec and wrec
+ */
+ struct db_watched_record *wrec =
+ (struct db_watched_record *)rec->private_data;
+ SMB_ASSERT(wrec->rec == rec);
+ return wrec;
+}
+
+static NTSTATUS dbwrap_watched_record_storev(
+ struct db_watched_record *wrec,
+ const TDB_DATA *dbufs, int num_dbufs, int flags);
+static NTSTATUS dbwrap_watched_storev(struct db_record *rec,
+ const TDB_DATA *dbufs, int num_dbufs,
+ int flags);
+static NTSTATUS dbwrap_watched_delete(struct db_record *rec);
+static void dbwrap_watched_trigger_wakeup(struct messaging_context *msg_ctx,
+ struct dbwrap_watcher *watcher);
+static int db_watched_record_destructor(struct db_watched_record *wrec);
+
+static void db_watched_record_init(struct db_context *db,
+ struct messaging_context *msg_ctx,
+ struct db_record *rec,
+ struct db_watched_record *wrec,
+ struct db_record *backend_rec,
+ TDB_DATA backend_value)
+{
+ bool ok;
+
+ *rec = (struct db_record) {
+ .db = db,
+ .key = dbwrap_record_get_key(backend_rec),
+ .storev = dbwrap_watched_storev,
+ .delete_rec = dbwrap_watched_delete,
+ .private_data = wrec,
+ };
+
+ *wrec = (struct db_watched_record) {
+ .rec = rec,
+ .self = messaging_server_id(msg_ctx),
+ .backend = {
+ .rec = backend_rec,
+ .initial_value = backend_value,
+ .initial_valid = true,
+ },
+ };
+
+ ok = dbwrap_watch_rec_parse(backend_value,
+ &wrec->watchers.first,
+ &wrec->watchers.count,
+ &rec->value);
+ if (!ok) {
+ dbwrap_watch_log_invalid_record(rec->db, rec->key, backend_value);
+ /* wipe invalid data */
+ rec->value = (TDB_DATA) { .dptr = NULL, .dsize = 0 };
+ }
+}
+
+static struct db_record *dbwrap_watched_fetch_locked(
+ struct db_context *db, TALLOC_CTX *mem_ctx, TDB_DATA key)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ struct db_record *rec = NULL;
+ struct db_watched_record *wrec = NULL;
+ struct db_record *backend_rec = NULL;
+ TDB_DATA backend_value = { .dptr = NULL, };
+
+ rec = talloc_zero(mem_ctx, struct db_record);
+ if (rec == NULL) {
+ return NULL;
+ }
+ wrec = talloc_zero(rec, struct db_watched_record);
+ if (wrec == NULL) {
+ TALLOC_FREE(rec);
+ return NULL;
+ }
+
+ backend_rec = dbwrap_fetch_locked(ctx->backend, wrec, key);
+ if (backend_rec == NULL) {
+ TALLOC_FREE(rec);
+ return NULL;
+ }
+ backend_value = dbwrap_record_get_value(backend_rec);
+
+ db_watched_record_init(db, ctx->msg,
+ rec, wrec,
+ backend_rec, backend_value);
+ rec->value_valid = true;
+ talloc_set_destructor(wrec, db_watched_record_destructor);
+
+ return rec;
+}
+
+struct db_watched_record_fini_state {
+ struct db_watched_record *wrec;
+ TALLOC_CTX *frame;
+ TDB_DATA dbufs[2];
+ int num_dbufs;
+ bool ok;
+};
+
+static void db_watched_record_fini_fetcher(TDB_DATA key,
+ TDB_DATA backend_value,
+ void *private_data)
+{
+ struct db_watched_record_fini_state *state =
+ (struct db_watched_record_fini_state *)private_data;
+ struct db_watched_record *wrec = state->wrec;
+ struct db_record *rec = wrec->rec;
+ TDB_DATA value = {};
+ bool ok;
+ size_t copy_size;
+
+ /*
+ * We're within dbwrap_parse_record()
+ * and backend_value directly points into
+ * the mmap'ed tdb, so we need to copy the
+ * parts we require.
+ */
+
+ ok = dbwrap_watch_rec_parse(backend_value, NULL, NULL, &value);
+ if (!ok) {
+ struct db_context *db = dbwrap_record_get_db(rec);
+
+ dbwrap_watch_log_invalid_record(db, key, backend_value);
+
+ /* wipe invalid data */
+ value = (TDB_DATA) { .dptr = NULL, .dsize = 0 };
+ }
+
+ copy_size = MIN(rec->value.dsize, value.dsize);
+ if (copy_size != 0) {
+ /*
+ * First reuse the buffer we already had
+ * as much as we can.
+ */
+ memcpy(rec->value.dptr, value.dptr, copy_size);
+ state->dbufs[state->num_dbufs++] = rec->value;
+ value.dsize -= copy_size;
+ value.dptr += copy_size;
+ }
+
+ if (value.dsize != 0) {
+ uint8_t *p = NULL;
+
+ /*
+ * There's still new data left
+ * allocate it on callers stackframe
+ */
+ p = talloc_memdup(state->frame, value.dptr, value.dsize);
+ if (p == NULL) {
+ DBG_WARNING("failed to allocate %zu bytes\n",
+ value.dsize);
+ return;
+ }
+
+ state->dbufs[state->num_dbufs++] = (TDB_DATA) {
+ .dptr = p, .dsize = value.dsize,
+ };
+ }
+
+ state->ok = true;
+}
+
+static void db_watched_record_fini(struct db_watched_record *wrec)
+{
+ struct db_watched_record_fini_state state = { .wrec = wrec, };
+ struct db_context *backend = dbwrap_record_get_db(wrec->backend.rec);
+ struct db_record *rec = wrec->rec;
+ TDB_DATA key = dbwrap_record_get_key(wrec->backend.rec);
+ NTSTATUS status;
+
+ if (!wrec->force_fini_store) {
+ return;
+ }
+
+ if (wrec->backend.initial_valid) {
+ if (rec->value.dsize != 0) {
+ state.dbufs[state.num_dbufs++] = rec->value;
+ }
+ } else {
+ /*
+ * We need to fetch the current
+ * value from the backend again,
+ * which may need to allocate memory
+ * on the provided stackframe.
+ */
+
+ state.frame = talloc_stackframe();
+
+ status = dbwrap_parse_record(backend, key,
+ db_watched_record_fini_fetcher, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("dbwrap_parse_record failed: %s\n",
+ nt_errstr(status));
+ TALLOC_FREE(state.frame);
+ return;
+ }
+ if (!state.ok) {
+ TALLOC_FREE(state.frame);
+ return;
+ }
+ }
+
+ /*
+ * We don't want to wake up others just because
+ * we added ourself as new watcher. But if we
+ * removed outself from the first position
+ * we need to alert the next one.
+ */
+ if (!wrec->removed_first) {
+ dbwrap_watched_watch_skip_alerting(rec);
+ }
+
+ status = dbwrap_watched_record_storev(wrec, state.dbufs, state.num_dbufs, 0);
+ TALLOC_FREE(state.frame);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("dbwrap_watched_record_storev failed: %s\n",
+ nt_errstr(status));
+ return;
+ }
+
+ return;
+}
+
+static int db_watched_record_destructor(struct db_watched_record *wrec)
+{
+ struct db_record *rec = wrec->rec;
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ rec->db->private_data, struct db_watched_ctx);
+
+ db_watched_record_fini(wrec);
+ TALLOC_FREE(wrec->backend.rec);
+ dbwrap_watched_trigger_wakeup(ctx->msg, &wrec->wakeup.watcher);
+ return 0;
+}
+
+struct dbwrap_watched_do_locked_state {
+ struct db_context *db;
+ struct messaging_context *msg_ctx;
+ struct db_watched_record *wrec;
+ struct db_record *rec;
+ void (*fn)(struct db_record *rec,
+ TDB_DATA value,
+ void *private_data);
+ void *private_data;
+};
+
+static void dbwrap_watched_do_locked_fn(
+ struct db_record *backend_rec,
+ TDB_DATA backend_value,
+ void *private_data)
+{
+ struct dbwrap_watched_do_locked_state *state =
+ (struct dbwrap_watched_do_locked_state *)private_data;
+
+ db_watched_record_init(state->db, state->msg_ctx,
+ state->rec, state->wrec,
+ backend_rec, backend_value);
+
+ state->fn(state->rec, state->rec->value, state->private_data);
+
+ db_watched_record_fini(state->wrec);
+}
+
+static NTSTATUS dbwrap_watched_do_locked(struct db_context *db, TDB_DATA key,
+ void (*fn)(struct db_record *rec,
+ TDB_DATA value,
+ void *private_data),
+ void *private_data)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ struct db_watched_record wrec;
+ struct db_record rec;
+ struct dbwrap_watched_do_locked_state state = {
+ .db = db, .msg_ctx = ctx->msg,
+ .rec = &rec, .wrec = &wrec,
+ .fn = fn, .private_data = private_data,
+ };
+ NTSTATUS status;
+
+ status = dbwrap_do_locked(
+ ctx->backend, key, dbwrap_watched_do_locked_fn, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("dbwrap_do_locked returned %s\n", nt_errstr(status));
+ return status;
+ }
+
+ DBG_DEBUG("dbwrap_watched_do_locked_fn returned\n");
+
+ dbwrap_watched_trigger_wakeup(state.msg_ctx, &wrec.wakeup.watcher);
+
+ return NT_STATUS_OK;
+}
+
+static void dbwrap_watched_record_prepare_wakeup(
+ struct db_watched_record *wrec)
+{
+ /*
+ * Wakeup only needs to happen once (if at all)
+ */
+ if (wrec->watchers.alerted) {
+ /* already done */
+ return;
+ }
+ wrec->watchers.alerted = true;
+
+ if (wrec->watchers.count == 0) {
+ DBG_DEBUG("No watchers\n");
+ return;
+ }
+
+ while (wrec->watchers.count != 0) {
+ struct server_id_buf tmp;
+ bool exists;
+
+ dbwrap_watcher_get(&wrec->wakeup.watcher, wrec->watchers.first);
+ exists = serverid_exists(&wrec->wakeup.watcher.pid);
+ if (!exists) {
+ DBG_DEBUG("Discard non-existing waiter %s:%"PRIu64"\n",
+ server_id_str_buf(wrec->wakeup.watcher.pid, &tmp),
+ wrec->wakeup.watcher.instance);
+ wrec->watchers.first += DBWRAP_WATCHER_BUF_LENGTH;
+ wrec->watchers.count -= 1;
+ continue;
+ }
+
+ /*
+ * We will only wakeup the first waiter, via
+ * dbwrap_watched_trigger_wakeup(), but keep
+ * all (including the first one) in the list that
+ * will be flushed back to the backend record
+ * again. Waiters are removing their entries
+ * via dbwrap_watched_watch_remove_instance()
+ * when they no longer want to monitor the record.
+ */
+ DBG_DEBUG("Will alert first waiter %s:%"PRIu64"\n",
+ server_id_str_buf(wrec->wakeup.watcher.pid, &tmp),
+ wrec->wakeup.watcher.instance);
+ break;
+ }
+}
+
+static void dbwrap_watched_trigger_wakeup(struct messaging_context *msg_ctx,
+ struct dbwrap_watcher *watcher)
+{
+ struct server_id_buf tmp;
+ uint8_t instance_buf[8];
+ NTSTATUS status;
+
+ if (watcher->instance == 0) {
+ DBG_DEBUG("No one to wakeup\n");
+ return;
+ }
+
+ DBG_DEBUG("Alerting %s:%"PRIu64"\n",
+ server_id_str_buf(watcher->pid, &tmp),
+ watcher->instance);
+
+ SBVAL(instance_buf, 0, watcher->instance);
+
+ status = messaging_send_buf(
+ msg_ctx,
+ watcher->pid,
+ MSG_DBWRAP_MODIFIED,
+ instance_buf,
+ sizeof(instance_buf));
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("messaging_send_buf to %s failed: %s - ignoring...\n",
+ server_id_str_buf(watcher->pid, &tmp),
+ nt_errstr(status));
+ }
+}
+
+static NTSTATUS dbwrap_watched_record_storev(
+ struct db_watched_record *wrec,
+ const TDB_DATA *dbufs, int num_dbufs, int flags)
+{
+ uint8_t num_watchers_buf[4] = { 0 };
+ uint8_t add_buf[DBWRAP_WATCHER_BUF_LENGTH];
+ size_t num_store_watchers;
+ TDB_DATA my_dbufs[num_dbufs+3];
+ int num_my_dbufs = 0;
+ NTSTATUS status;
+ size_t add_count = 0;
+
+ dbwrap_watched_record_prepare_wakeup(wrec);
+
+ wrec->backend.initial_valid = false;
+ wrec->force_fini_store = false;
+
+ if (wrec->added.pid.pid != 0) {
+ dbwrap_watcher_put(add_buf, &wrec->added);
+ add_count = 1;
+ }
+
+ num_store_watchers = wrec->watchers.count + add_count;
+ if (num_store_watchers == 0 && num_dbufs == 0) {
+ status = dbwrap_record_delete(wrec->backend.rec);
+ return status;
+ }
+ if (num_store_watchers >= DBWRAP_MAX_WATCHERS) {
+ DBG_WARNING("Can't handle %zu watchers\n",
+ num_store_watchers);
+ return NT_STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ SIVAL(num_watchers_buf, 0, num_store_watchers);
+
+ my_dbufs[num_my_dbufs++] = (TDB_DATA) {
+ .dptr = num_watchers_buf, .dsize = sizeof(num_watchers_buf),
+ };
+ if (wrec->watchers.count != 0) {
+ my_dbufs[num_my_dbufs++] = (TDB_DATA) {
+ .dptr = wrec->watchers.first, .dsize = wrec->watchers.count * DBWRAP_WATCHER_BUF_LENGTH,
+ };
+ }
+ if (add_count != 0) {
+ my_dbufs[num_my_dbufs++] = (TDB_DATA) {
+ .dptr = add_buf,
+ .dsize = sizeof(add_buf),
+ };
+ }
+ if (num_dbufs != 0) {
+ memcpy(my_dbufs+num_my_dbufs, dbufs, num_dbufs * sizeof(*dbufs));
+ num_my_dbufs += num_dbufs;
+ }
+
+ SMB_ASSERT(num_my_dbufs <= ARRAY_SIZE(my_dbufs));
+
+ status = dbwrap_record_storev(
+ wrec->backend.rec, my_dbufs, num_my_dbufs, flags);
+ return status;
+}
+
+static NTSTATUS dbwrap_watched_storev(struct db_record *rec,
+ const TDB_DATA *dbufs, int num_dbufs,
+ int flags)
+{
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+
+ return dbwrap_watched_record_storev(wrec, dbufs, num_dbufs, flags);
+}
+
+static NTSTATUS dbwrap_watched_delete(struct db_record *rec)
+{
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+
+ /*
+ * dbwrap_watched_record_storev() will figure out
+ * if the record should be deleted or if there are still
+ * watchers to be stored.
+ */
+ return dbwrap_watched_record_storev(wrec, NULL, 0, 0);
+}
+
+struct dbwrap_watched_traverse_state {
+ int (*fn)(struct db_record *rec, void *private_data);
+ void *private_data;
+};
+
+static int dbwrap_watched_traverse_fn(struct db_record *rec,
+ void *private_data)
+{
+ struct dbwrap_watched_traverse_state *state = private_data;
+ struct db_record prec = *rec;
+ bool ok;
+
+ ok = dbwrap_watch_rec_parse(rec->value, NULL, NULL, &prec.value);
+ if (!ok) {
+ return 0;
+ }
+ if (prec.value.dsize == 0) {
+ return 0;
+ }
+ prec.value_valid = true;
+
+ return state->fn(&prec, state->private_data);
+}
+
+static int dbwrap_watched_traverse(struct db_context *db,
+ int (*fn)(struct db_record *rec,
+ void *private_data),
+ void *private_data)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ struct dbwrap_watched_traverse_state state = {
+ .fn = fn, .private_data = private_data };
+ NTSTATUS status;
+ int ret;
+
+ status = dbwrap_traverse(
+ ctx->backend, dbwrap_watched_traverse_fn, &state, &ret);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+ return ret;
+}
+
+static int dbwrap_watched_traverse_read(struct db_context *db,
+ int (*fn)(struct db_record *rec,
+ void *private_data),
+ void *private_data)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ struct dbwrap_watched_traverse_state state = {
+ .fn = fn, .private_data = private_data };
+ NTSTATUS status;
+ int ret;
+
+ status = dbwrap_traverse_read(
+ ctx->backend, dbwrap_watched_traverse_fn, &state, &ret);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+ return ret;
+}
+
+static int dbwrap_watched_get_seqnum(struct db_context *db)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ return dbwrap_get_seqnum(ctx->backend);
+}
+
+static int dbwrap_watched_transaction_start(struct db_context *db)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ return dbwrap_transaction_start(ctx->backend);
+}
+
+static int dbwrap_watched_transaction_commit(struct db_context *db)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ return dbwrap_transaction_commit(ctx->backend);
+}
+
+static int dbwrap_watched_transaction_cancel(struct db_context *db)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ return dbwrap_transaction_cancel(ctx->backend);
+}
+
+struct dbwrap_watched_parse_record_state {
+ struct db_context *db;
+ void (*parser)(TDB_DATA key, TDB_DATA data, void *private_data);
+ void *private_data;
+ bool ok;
+};
+
+static void dbwrap_watched_parse_record_parser(TDB_DATA key, TDB_DATA data,
+ void *private_data)
+{
+ struct dbwrap_watched_parse_record_state *state = private_data;
+ TDB_DATA userdata;
+
+ state->ok = dbwrap_watch_rec_parse(data, NULL, NULL, &userdata);
+ if (!state->ok) {
+ dbwrap_watch_log_invalid_record(state->db, key, data);
+ return;
+ }
+
+ state->parser(key, userdata, state->private_data);
+}
+
+static NTSTATUS dbwrap_watched_parse_record(
+ struct db_context *db, TDB_DATA key,
+ void (*parser)(TDB_DATA key, TDB_DATA data, void *private_data),
+ void *private_data)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ struct dbwrap_watched_parse_record_state state = {
+ .db = db,
+ .parser = parser,
+ .private_data = private_data,
+ };
+ NTSTATUS status;
+
+ status = dbwrap_parse_record(
+ ctx->backend, key, dbwrap_watched_parse_record_parser, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (!state.ok) {
+ return NT_STATUS_NOT_FOUND;
+ }
+ return NT_STATUS_OK;
+}
+
+static void dbwrap_watched_parse_record_done(struct tevent_req *subreq);
+
+static struct tevent_req *dbwrap_watched_parse_record_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct db_context *db,
+ TDB_DATA key,
+ void (*parser)(TDB_DATA key, TDB_DATA data, void *private_data),
+ void *private_data,
+ enum dbwrap_req_state *req_state)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ struct tevent_req *req = NULL;
+ struct tevent_req *subreq = NULL;
+ struct dbwrap_watched_parse_record_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct dbwrap_watched_parse_record_state);
+ if (req == NULL) {
+ *req_state = DBWRAP_REQ_ERROR;
+ return NULL;
+ }
+
+ *state = (struct dbwrap_watched_parse_record_state) {
+ .parser = parser,
+ .private_data = private_data,
+ .ok = true,
+ };
+
+ subreq = dbwrap_parse_record_send(state,
+ ev,
+ ctx->backend,
+ key,
+ dbwrap_watched_parse_record_parser,
+ state,
+ req_state);
+ if (tevent_req_nomem(subreq, req)) {
+ *req_state = DBWRAP_REQ_ERROR;
+ return tevent_req_post(req, ev);
+ }
+
+ tevent_req_set_callback(subreq, dbwrap_watched_parse_record_done, req);
+ return req;
+}
+
+static void dbwrap_watched_parse_record_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct dbwrap_watched_parse_record_state *state = tevent_req_data(
+ req, struct dbwrap_watched_parse_record_state);
+ NTSTATUS status;
+
+ status = dbwrap_parse_record_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (!state->ok) {
+ tevent_req_nterror(req, NT_STATUS_NOT_FOUND);
+ return;
+ }
+
+ tevent_req_done(req);
+ return;
+}
+
+static NTSTATUS dbwrap_watched_parse_record_recv(struct tevent_req *req)
+{
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+static int dbwrap_watched_exists(struct db_context *db, TDB_DATA key)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+
+ return dbwrap_exists(ctx->backend, key);
+}
+
+static size_t dbwrap_watched_id(struct db_context *db, uint8_t *id,
+ size_t idlen)
+{
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+
+ return dbwrap_db_id(ctx->backend, id, idlen);
+}
+
+struct db_context *db_open_watched(TALLOC_CTX *mem_ctx,
+ struct db_context **backend,
+ struct messaging_context *msg)
+{
+ struct db_context *db;
+ struct db_watched_ctx *ctx;
+
+ db = talloc_zero(mem_ctx, struct db_context);
+ if (db == NULL) {
+ return NULL;
+ }
+ ctx = talloc_zero(db, struct db_watched_ctx);
+ if (ctx == NULL) {
+ TALLOC_FREE(db);
+ return NULL;
+ }
+ db->private_data = ctx;
+
+ ctx->msg = msg;
+
+ ctx->backend = talloc_move(ctx, backend);
+ db->lock_order = ctx->backend->lock_order;
+ ctx->backend->lock_order = DBWRAP_LOCK_ORDER_NONE;
+
+ db->fetch_locked = dbwrap_watched_fetch_locked;
+ db->do_locked = dbwrap_watched_do_locked;
+ db->traverse = dbwrap_watched_traverse;
+ db->traverse_read = dbwrap_watched_traverse_read;
+ db->get_seqnum = dbwrap_watched_get_seqnum;
+ db->transaction_start = dbwrap_watched_transaction_start;
+ db->transaction_commit = dbwrap_watched_transaction_commit;
+ db->transaction_cancel = dbwrap_watched_transaction_cancel;
+ db->parse_record = dbwrap_watched_parse_record;
+ db->parse_record_send = dbwrap_watched_parse_record_send;
+ db->parse_record_recv = dbwrap_watched_parse_record_recv;
+ db->exists = dbwrap_watched_exists;
+ db->id = dbwrap_watched_id;
+ db->name = dbwrap_name(ctx->backend);
+
+ return db;
+}
+
+uint64_t dbwrap_watched_watch_add_instance(struct db_record *rec)
+{
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+ static uint64_t global_instance = 1;
+
+ SMB_ASSERT(wrec->added.instance == 0);
+
+ wrec->added = (struct dbwrap_watcher) {
+ .pid = wrec->self,
+ .instance = global_instance++,
+ };
+
+ wrec->force_fini_store = true;
+
+ return wrec->added.instance;
+}
+
+void dbwrap_watched_watch_remove_instance(struct db_record *rec, uint64_t instance)
+{
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+ struct dbwrap_watcher clear_watcher = {
+ .pid = wrec->self,
+ .instance = instance,
+ };
+ size_t i;
+ struct server_id_buf buf;
+
+ if (instance == 0) {
+ return;
+ }
+
+ if (wrec->added.instance == instance) {
+ SMB_ASSERT(server_id_equal(&wrec->added.pid, &wrec->self));
+ DBG_DEBUG("Watcher %s:%"PRIu64" reverted from adding\n",
+ server_id_str_buf(clear_watcher.pid, &buf),
+ clear_watcher.instance);
+ ZERO_STRUCT(wrec->added);
+ }
+
+ for (i=0; i < wrec->watchers.count; i++) {
+ struct dbwrap_watcher watcher;
+ size_t off = i*DBWRAP_WATCHER_BUF_LENGTH;
+ size_t next_off;
+ size_t full_len;
+ size_t move_len;
+
+ dbwrap_watcher_get(&watcher, wrec->watchers.first + off);
+
+ if (clear_watcher.instance != watcher.instance) {
+ continue;
+ }
+ if (!server_id_equal(&clear_watcher.pid, &watcher.pid)) {
+ continue;
+ }
+
+ wrec->force_fini_store = true;
+
+ if (i == 0) {
+ DBG_DEBUG("Watcher %s:%"PRIu64" removed from first position of %zu\n",
+ server_id_str_buf(clear_watcher.pid, &buf),
+ clear_watcher.instance,
+ wrec->watchers.count);
+ wrec->watchers.first += DBWRAP_WATCHER_BUF_LENGTH;
+ wrec->watchers.count -= 1;
+ wrec->removed_first = true;
+ return;
+ }
+ if (i == (wrec->watchers.count-1)) {
+ DBG_DEBUG("Watcher %s:%"PRIu64" removed from last position of %zu\n",
+ server_id_str_buf(clear_watcher.pid, &buf),
+ clear_watcher.instance,
+ wrec->watchers.count);
+ wrec->watchers.count -= 1;
+ return;
+ }
+
+ DBG_DEBUG("Watcher %s:%"PRIu64" cleared at position %zu from %zu\n",
+ server_id_str_buf(clear_watcher.pid, &buf),
+ clear_watcher.instance, i+1,
+ wrec->watchers.count);
+
+ next_off = off + DBWRAP_WATCHER_BUF_LENGTH;
+ full_len = wrec->watchers.count * DBWRAP_WATCHER_BUF_LENGTH;
+ move_len = full_len - next_off;
+ memmove(wrec->watchers.first + off,
+ wrec->watchers.first + next_off,
+ move_len);
+ wrec->watchers.count -= 1;
+ return;
+ }
+
+ DBG_DEBUG("Watcher %s:%"PRIu64" not found in %zu watchers\n",
+ server_id_str_buf(clear_watcher.pid, &buf),
+ clear_watcher.instance,
+ wrec->watchers.count);
+ return;
+}
+
+void dbwrap_watched_watch_skip_alerting(struct db_record *rec)
+{
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+
+ wrec->wakeup.watcher = (struct dbwrap_watcher) { .instance = 0, };
+ wrec->watchers.alerted = true;
+}
+
+void dbwrap_watched_watch_reset_alerting(struct db_record *rec)
+{
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+
+ wrec->wakeup.watcher = (struct dbwrap_watcher) { .instance = 0, };
+ wrec->watchers.alerted = false;
+}
+
+void dbwrap_watched_watch_force_alerting(struct db_record *rec)
+{
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+
+ dbwrap_watched_record_prepare_wakeup(wrec);
+}
+
+struct dbwrap_watched_watch_state {
+ struct db_context *db;
+ TDB_DATA key;
+ struct dbwrap_watcher watcher;
+ struct server_id blocker;
+ bool blockerdead;
+};
+
+static bool dbwrap_watched_msg_filter(struct messaging_rec *rec,
+ void *private_data);
+static void dbwrap_watched_watch_done(struct tevent_req *subreq);
+static void dbwrap_watched_watch_blocker_died(struct tevent_req *subreq);
+static int dbwrap_watched_watch_state_destructor(
+ struct dbwrap_watched_watch_state *state);
+
+struct tevent_req *dbwrap_watched_watch_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct db_record *rec,
+ uint64_t resumed_instance,
+ struct server_id blocker)
+{
+ struct db_context *db = dbwrap_record_get_db(rec);
+ struct db_watched_ctx *ctx = talloc_get_type_abort(
+ db->private_data, struct db_watched_ctx);
+ struct db_watched_record *wrec = db_record_get_watched_record(rec);
+ struct tevent_req *req, *subreq;
+ struct dbwrap_watched_watch_state *state;
+ uint64_t instance;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct dbwrap_watched_watch_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->db = db;
+ state->blocker = blocker;
+
+ if (ctx->msg == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
+ if (resumed_instance == 0 && wrec->added.instance == 0) {
+ /*
+ * Adding a new instance
+ */
+ instance = dbwrap_watched_watch_add_instance(rec);
+ } else if (resumed_instance != 0 && wrec->added.instance == 0) {
+ /*
+ * Resuming an existing instance that was
+ * already present before do_locked started
+ */
+ instance = resumed_instance;
+ } else if (resumed_instance == wrec->added.instance) {
+ /*
+ * The caller used dbwrap_watched_watch_add_instance()
+ * already during this do_locked() invocation.
+ */
+ instance = resumed_instance;
+ } else {
+ tevent_req_nterror(req, NT_STATUS_REQUEST_NOT_ACCEPTED);
+ return tevent_req_post(req, ev);
+ }
+
+ state->watcher = (struct dbwrap_watcher) {
+ .pid = messaging_server_id(ctx->msg),
+ .instance = instance,
+ };
+
+ state->key = tdb_data_talloc_copy(state, rec->key);
+ if (tevent_req_nomem(state->key.dptr, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = messaging_filtered_read_send(
+ state, ev, ctx->msg, dbwrap_watched_msg_filter, state);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, dbwrap_watched_watch_done, req);
+
+ talloc_set_destructor(state, dbwrap_watched_watch_state_destructor);
+
+ if (blocker.pid != 0) {
+ subreq = server_id_watch_send(state, ev, blocker);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, dbwrap_watched_watch_blocker_died, req);
+ }
+
+ return req;
+}
+
+static void dbwrap_watched_watch_blocker_died(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct dbwrap_watched_watch_state *state = tevent_req_data(
+ req, struct dbwrap_watched_watch_state);
+ int ret;
+
+ ret = server_id_watch_recv(subreq, NULL);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ tevent_req_nterror(req, map_nt_error_from_unix(ret));
+ return;
+ }
+ state->blockerdead = true;
+ tevent_req_done(req);
+}
+
+static void dbwrap_watched_watch_state_destructor_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct dbwrap_watched_watch_state *state = talloc_get_type_abort(
+ private_data, struct dbwrap_watched_watch_state);
+
+ /*
+ * Here we just remove ourself from the in memory
+ * watchers array and let db_watched_record_fini()
+ * call dbwrap_watched_record_storev() to do the magic
+ * of writing back the modified in memory copy.
+ */
+ dbwrap_watched_watch_remove_instance(rec, state->watcher.instance);
+ return;
+}
+
+static int dbwrap_watched_watch_state_destructor(
+ struct dbwrap_watched_watch_state *state)
+{
+ NTSTATUS status;
+
+ status = dbwrap_do_locked(
+ state->db,
+ state->key,
+ dbwrap_watched_watch_state_destructor_fn,
+ state);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("dbwrap_do_locked failed: %s\n",
+ nt_errstr(status));
+ }
+ return 0;
+}
+
+static bool dbwrap_watched_msg_filter(struct messaging_rec *rec,
+ void *private_data)
+{
+ struct dbwrap_watched_watch_state *state = talloc_get_type_abort(
+ private_data, struct dbwrap_watched_watch_state);
+ uint64_t instance;
+
+ if (rec->msg_type != MSG_DBWRAP_MODIFIED) {
+ return false;
+ }
+ if (rec->num_fds != 0) {
+ return false;
+ }
+
+ if (rec->buf.length != sizeof(instance)) {
+ DBG_DEBUG("Got size %zu, expected %zu\n",
+ rec->buf.length,
+ sizeof(instance));
+ return false;
+ }
+
+ instance = BVAL(rec->buf.data, 0);
+
+ if (instance != state->watcher.instance) {
+ DBG_DEBUG("Got instance %"PRIu64", expected %"PRIu64"\n",
+ instance,
+ state->watcher.instance);
+ return false;
+ }
+
+ return true;
+}
+
+static void dbwrap_watched_watch_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct dbwrap_watched_watch_state *state = tevent_req_data(
+ req, struct dbwrap_watched_watch_state);
+ struct messaging_rec *rec;
+ int ret;
+
+ ret = messaging_filtered_read_recv(subreq, state, &rec);
+ TALLOC_FREE(subreq);
+ if (ret != 0) {
+ tevent_req_nterror(req, map_nt_error_from_unix(ret));
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS dbwrap_watched_watch_recv(struct tevent_req *req,
+ uint64_t *pkeep_instance,
+ bool *blockerdead,
+ struct server_id *blocker)
+{
+ struct dbwrap_watched_watch_state *state = tevent_req_data(
+ req, struct dbwrap_watched_watch_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ if (pkeep_instance != NULL) {
+ *pkeep_instance = state->watcher.instance;
+ /*
+ * No need to remove ourselves anymore,
+ * the caller will take care of removing itself.
+ */
+ talloc_set_destructor(state, NULL);
+ }
+ if (blockerdead != NULL) {
+ *blockerdead = state->blockerdead;
+ }
+ if (blocker != NULL) {
+ *blocker = state->blocker;
+ }
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
diff --git a/source3/lib/dbwrap/dbwrap_watch.h b/source3/lib/dbwrap/dbwrap_watch.h
new file mode 100644
index 0000000..1b93e13
--- /dev/null
+++ b/source3/lib/dbwrap/dbwrap_watch.h
@@ -0,0 +1,45 @@
+/*
+ Unix SMB/CIFS implementation.
+ Watch dbwrap record changes
+ Copyright (C) Volker Lendecke 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __DBWRAP_WATCH_H__
+#define __DBWRAP_WATCH_H__
+
+#include <tevent.h>
+#include "dbwrap/dbwrap.h"
+#include "messages.h"
+
+struct db_context *db_open_watched(TALLOC_CTX *mem_ctx,
+ struct db_context **backend,
+ struct messaging_context *msg);
+uint64_t dbwrap_watched_watch_add_instance(struct db_record *rec);
+void dbwrap_watched_watch_remove_instance(struct db_record *rec, uint64_t instance);
+void dbwrap_watched_watch_skip_alerting(struct db_record *rec);
+void dbwrap_watched_watch_reset_alerting(struct db_record *rec);
+void dbwrap_watched_watch_force_alerting(struct db_record *rec);
+struct tevent_req *dbwrap_watched_watch_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct db_record *rec,
+ uint64_t resume_instance,
+ struct server_id blocker);
+NTSTATUS dbwrap_watched_watch_recv(struct tevent_req *req,
+ uint64_t *pkeep_instance,
+ bool *blockerdead,
+ struct server_id *blocker);
+
+#endif /* __DBWRAP_WATCH_H__ */
diff --git a/source3/lib/dmallocmsg.c b/source3/lib/dmallocmsg.c
new file mode 100644
index 0000000..889f4ed
--- /dev/null
+++ b/source3/lib/dmallocmsg.c
@@ -0,0 +1,79 @@
+/*
+ samba -- Unix SMB/CIFS implementation.
+ Copyright (C) 2002 by Martin Pool
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "messages.h"
+
+/**
+ * @file dmallocmsg.c
+ *
+ * Glue code to cause dmalloc info to come out when we receive a prod
+ * over samba messaging.
+ **/
+
+#ifdef ENABLE_DMALLOC
+static unsigned long our_dm_mark = 0;
+#endif /* ENABLE_DMALLOC */
+
+
+/**
+ * Respond to a POOL_USAGE message by sending back string form of memory
+ * usage stats.
+ **/
+static void msg_req_dmalloc_mark(struct messaging_context *msg,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data)
+{
+#ifdef ENABLE_DMALLOC
+ our_dm_mark = dmalloc_mark();
+ DEBUG(2,("Got MSG_REQ_DMALLOC_MARK: mark set\n"));
+#else
+ DEBUG(2,("Got MSG_REQ_DMALLOC_MARK but dmalloc not in this process\n"));
+#endif
+}
+
+
+
+static void msg_req_dmalloc_log_changed(struct messaging_context *msg,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data)
+{
+#ifdef ENABLE_DMALLOC
+ dmalloc_log_changed(our_dm_mark, True, True, True);
+ DEBUG(2,("Got MSG_REQ_DMALLOC_LOG_CHANGED: done\n"));
+#else
+ DEBUG(2,("Got MSG_REQ_DMALLOC_LOG_CHANGED but dmalloc not in this process\n"));
+#endif
+}
+
+
+/**
+ * Register handler for MSG_REQ_POOL_USAGE
+ **/
+void register_dmalloc_msgs(struct messaging_context *msg_ctx)
+{
+ messaging_register(msg_ctx, NULL, MSG_REQ_DMALLOC_MARK,
+ msg_req_dmalloc_mark);
+ messaging_register(msg_ctx, NULL, MSG_REQ_DMALLOC_LOG_CHANGED,
+ msg_req_dmalloc_log_changed);
+ DEBUG(2, ("Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED\n"));
+}
diff --git a/source3/lib/dumpcore.c b/source3/lib/dumpcore.c
new file mode 100644
index 0000000..0c91206
--- /dev/null
+++ b/source3/lib/dumpcore.c
@@ -0,0 +1,343 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+
+ Copyright (C) Andrew Tridgell 1992-2011
+
+ based on old fault.c code, which had:
+
+ Copyright (C) Jeremy Allison 2001-2007
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) James Peach 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
+
+static char *corepath;
+static bool using_helper_binary = false;
+
+/**
+ * Build up the default corepath as "<logbase>/cores/<progname>"
+ */
+static char *get_default_corepath(const char *logbase, const char *progname)
+{
+ const mode_t mode = 0700;
+ const uid_t uid = getuid();
+ char *tmp_corepath;
+
+ /* Setup core dir in logbase. */
+ tmp_corepath = talloc_asprintf(NULL, "%s/cores", logbase);
+ if (!tmp_corepath) {
+ DEBUG(0, ("Out of memory\n"));
+ return NULL;
+ }
+
+ if (!directory_create_or_exist_strict(tmp_corepath, uid, mode)) {
+ DEBUG(0, ("Failed to create %s for user %d with mode 0%o\n",
+ tmp_corepath, (int)uid, (int)mode));
+ goto err_out;
+ }
+
+ /* Setup progname-specific core subdir */
+ tmp_corepath = talloc_asprintf_append(tmp_corepath, "/%s", progname);
+ if (!tmp_corepath) {
+ DEBUG(0, ("Out of memory\n"));
+ goto err_out;
+ }
+
+ if (!directory_create_or_exist(tmp_corepath, mode)) {
+ DEBUG(0, ("Failed to create %s for user %d with mode 0%o\n",
+ tmp_corepath, (int)uid, (int)mode));
+ goto err_out;
+ }
+
+ return tmp_corepath;
+
+ err_out:
+ talloc_free(tmp_corepath);
+ return NULL;
+}
+
+
+/**
+ * Get the FreeBSD corepath.
+ *
+ * On FreeBSD the current working directory is ignored when creating a core
+ * file. Instead the core directory is controlled via sysctl. This consults
+ * the value of "kern.corefile" so the correct corepath can be printed out
+ * before dump_core() calls abort.
+ */
+#if (defined(FREEBSD) && defined(HAVE_SYSCTLBYNAME))
+static char *get_freebsd_corepath(void)
+{
+ char *tmp_corepath = NULL;
+ char *end = NULL;
+ size_t len = 128;
+ int ret;
+
+ /* Loop with increasing sizes so we don't allocate too much. */
+ do {
+ if (len > 1024) {
+ goto err_out;
+ }
+
+ tmp_corepath = (char *)talloc_realloc(NULL, tmp_corepath,
+ char, len);
+ if (!tmp_corepath) {
+ return NULL;
+ }
+
+ ret = sysctlbyname("kern.corefile", tmp_corepath, &len, NULL,
+ 0);
+ if (ret == -1) {
+ if (errno != ENOMEM) {
+ DEBUG(0, ("sysctlbyname failed getting "
+ "kern.corefile %s\n",
+ strerror(errno)));
+ goto err_out;
+ }
+
+ /* Not a large enough array, try a bigger one. */
+ len = len << 1;
+ }
+ } while (ret == -1);
+
+ /* Strip off the common filename expansion */
+ if ((end = strrchr_m(tmp_corepath, '/'))) {
+ *end = '\0';
+ }
+
+ return tmp_corepath;
+
+ err_out:
+ if (tmp_corepath) {
+ talloc_free(tmp_corepath);
+ }
+ return NULL;
+}
+#endif
+
+#if defined(HAVE_SYS_KERNEL_PROC_CORE_PATTERN)
+
+/**
+ * Get the Linux corepath.
+ *
+ * On Linux the contents of /proc/sys/kernel/core_pattern indicates the
+ * location of the core path.
+ */
+static char *get_linux_corepath(void)
+{
+ char *end;
+ int fd;
+ char *result;
+
+ fd = open("/proc/sys/kernel/core_pattern", O_RDONLY, 0);
+ if (fd == -1) {
+ return NULL;
+ }
+
+ result = afdgets(fd, NULL, 0);
+ close(fd);
+
+ if (result == NULL) {
+ return NULL;
+ }
+
+ if (result[0] != '/') {
+ /*
+ * No absolute path, use the default (cwd)
+ */
+ if (result[0] == '|') {
+ /*
+ * Core dump handled by helper binaries
+ */
+ using_helper_binary = true;
+ }
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ /* Strip off the common filename expansion */
+
+ end = strrchr_m(result, '/');
+
+ if ((end != result) /* this would be the only / */
+ && (end != NULL)) {
+ *end = '\0';
+ }
+ return result;
+}
+#endif
+
+
+/**
+ * Try getting system-specific corepath if one exists.
+ *
+ * If the system doesn't define a corepath, then the default is used.
+ */
+static char *get_corepath(const char *logbase, const char *progname)
+{
+#if (defined(FREEBSD) && defined(HAVE_SYSCTLBYNAME))
+ char *tmp_corepath = NULL;
+ tmp_corepath = get_freebsd_corepath();
+
+ /* If this has been set correctly, we're done. */
+ if (tmp_corepath) {
+ return tmp_corepath;
+ }
+#endif
+
+#if defined(HAVE_SYS_KERNEL_PROC_CORE_PATTERN)
+ char *tmp_corepath = NULL;
+ tmp_corepath = get_linux_corepath();
+
+ /* If this has been set correctly, we're done. */
+ if (tmp_corepath) {
+ return tmp_corepath;
+ }
+#endif
+
+ /* Fall back to the default. */
+ return get_default_corepath(logbase, progname);
+}
+
+/*******************************************************************
+make all the preparations to safely dump a core file
+********************************************************************/
+
+void dump_core_setup(const char *progname, const char *log_file)
+{
+ char *logbase = NULL;
+ char *end = NULL;
+
+ if (log_file && *log_file) {
+ if (asprintf(&logbase, "%s", log_file) < 0) {
+ return;
+ }
+ if ((end = strrchr_m(logbase, '/'))) {
+ *end = '\0';
+ }
+ } else {
+ /* We will end up here if the log file is given on the command
+ * line by the -l option but the "log file" option is not set
+ * in smb.conf.
+ */
+ if (asprintf(&logbase, "%s", get_dyn_LOGFILEBASE()) < 0) {
+ return;
+ }
+ }
+
+ SMB_ASSERT(progname != NULL);
+
+ corepath = get_corepath(logbase, progname);
+ if (!corepath) {
+ DEBUG(0, ("Unable to setup corepath for %s: %s\n", progname,
+ strerror(errno)));
+ goto out;
+ }
+
+ /* FIXME: if we have a core-plus-pid facility, configurably set
+ * this up here.
+ */
+ out:
+ SAFE_FREE(logbase);
+}
+
+ void dump_core(void)
+{
+ static bool called;
+
+ if (called) {
+ DEBUG(0, ("dump_core() called recursive\n"));
+ exit(1);
+ }
+ called = true;
+
+ /* Note that even if core dumping has been disabled, we still set up
+ * the core path. This is to handle the case where core dumping is
+ * turned on in smb.conf and the relevant daemon is not restarted.
+ */
+ if (!lp_enable_core_files()) {
+ DEBUG(0, ("Exiting on internal error (core file administratively disabled)\n"));
+ exit(1);
+ }
+
+#if DUMP_CORE
+ /* If we're running as non root we might not be able to dump the core
+ * file to the corepath. There must not be an unbecome_root() before
+ * we call abort(). */
+ if (geteuid() != sec_initial_uid()) {
+ become_root();
+ }
+
+ if (corepath == NULL) {
+ DEBUG(0, ("Can not dump core: corepath not set up\n"));
+ exit(1);
+ }
+
+ if (*corepath != '\0') {
+ /*
+ * Check whether coredump is handled by helper binaries or not.
+ * If so skip chdir().
+ */
+ if (!using_helper_binary) {
+ /* The chdir might fail if we dump core before we finish
+ * processing the config file.
+ */
+ if (chdir(corepath) != 0) {
+ DEBUG(0, ("unable to change to %s\n", corepath));
+ DEBUGADD(0, ("refusing to dump core\n"));
+ exit(1);
+ }
+
+ DEBUG(0,("dumping core in %s\n", corepath));
+ } else {
+ DEBUG(0,("coredump is handled by helper binary "
+ "specified at /proc/sys/kernel/core_pattern\n"));
+ }
+ }
+
+ umask(~(0700));
+ dbgflush();
+
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ /* On Linux we lose the ability to dump core when we change our user
+ * ID. We know how to dump core safely, so let's make sure we have our
+ * dumpable flag set.
+ */
+ prctl(PR_SET_DUMPABLE, 1);
+#endif
+
+ /* Ensure we don't have a signal handler for abort. */
+#ifdef SIGABRT
+ CatchSignal(SIGABRT, SIG_DFL);
+#endif
+
+ abort();
+
+#else /* DUMP_CORE */
+ exit(1);
+#endif /* DUMP_CORE */
+}
diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c
new file mode 100644
index 0000000..3aa2cd1
--- /dev/null
+++ b/source3/lib/errmap_unix.c
@@ -0,0 +1,158 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * map unix to NT errors, an excerpt of libsmb/errormap.c
+ * Copyright (C) Andrew Tridgell 2001
+ * Copyright (C) Andrew Bartlett 2001
+ * Copyright (C) Tim Potter 2000
+ * Copyright (C) Jeremy Allison 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+/* Mapping from Unix, to NT error numbers */
+
+static const struct {
+ int unix_error;
+ NTSTATUS nt_error;
+} unix_nt_errmap[] = {
+ { EAGAIN, NT_STATUS_NETWORK_BUSY },
+ { EINTR, NT_STATUS_RETRY },
+#ifdef ENOBUFS
+ { ENOBUFS, NT_STATUS_INSUFFICIENT_RESOURCES },
+#endif
+#ifdef EWOULDBLOCK
+ { EWOULDBLOCK, NT_STATUS_NETWORK_BUSY },
+#endif
+ { EPERM, NT_STATUS_ACCESS_DENIED },
+ { EACCES, NT_STATUS_ACCESS_DENIED },
+ { ENOENT, NT_STATUS_OBJECT_NAME_NOT_FOUND },
+ { ENOTDIR, NT_STATUS_NOT_A_DIRECTORY },
+ { EIO, NT_STATUS_IO_DEVICE_ERROR },
+ { EBADF, NT_STATUS_INVALID_HANDLE },
+ { EINVAL, NT_STATUS_INVALID_PARAMETER },
+ { EEXIST, NT_STATUS_OBJECT_NAME_COLLISION},
+ { ENFILE, NT_STATUS_TOO_MANY_OPENED_FILES },
+ { EMFILE, NT_STATUS_TOO_MANY_OPENED_FILES },
+ { ENOSPC, NT_STATUS_DISK_FULL },
+ { ENOMEM, NT_STATUS_NO_MEMORY },
+ { EISDIR, NT_STATUS_FILE_IS_A_DIRECTORY},
+ { EMSGSIZE, NT_STATUS_PORT_MESSAGE_TOO_LONG },
+#ifdef EPIPE
+ { EPIPE, NT_STATUS_CONNECTION_DISCONNECTED},
+#endif
+ { EMLINK, NT_STATUS_TOO_MANY_LINKS },
+ { ENOSYS, NT_STATUS_NOT_SUPPORTED },
+#ifdef ELOOP
+ { ELOOP, NT_STATUS_OBJECT_PATH_NOT_FOUND },
+#endif
+#ifdef EFTYPE
+ { EFTYPE, NT_STATUS_OBJECT_PATH_NOT_FOUND },
+#endif
+#ifdef EDQUOT
+ { EDQUOT, NT_STATUS_DISK_FULL }, /* Windows apps need this, not NT_STATUS_QUOTA_EXCEEDED */
+#endif
+#ifdef ENOTEMPTY
+ { ENOTEMPTY, NT_STATUS_DIRECTORY_NOT_EMPTY },
+#endif
+#ifdef EXDEV
+ { EXDEV, NT_STATUS_NOT_SAME_DEVICE },
+#endif
+#ifdef EROFS
+ { EROFS, NT_STATUS_MEDIA_WRITE_PROTECTED },
+#endif
+#ifdef ENAMETOOLONG
+ { ENAMETOOLONG, NT_STATUS_OBJECT_NAME_INVALID },
+#endif
+#ifdef EFBIG
+ { EFBIG, NT_STATUS_DISK_FULL },
+#endif
+#ifdef EADDRINUSE
+ { EADDRINUSE, NT_STATUS_ADDRESS_ALREADY_ASSOCIATED},
+#endif
+#ifdef ENETUNREACH
+ { ENETUNREACH, NT_STATUS_NETWORK_UNREACHABLE},
+#endif
+#ifdef EHOSTUNREACH
+ { EHOSTUNREACH, NT_STATUS_HOST_UNREACHABLE},
+#endif
+#ifdef ECONNREFUSED
+ { ECONNREFUSED, NT_STATUS_CONNECTION_REFUSED},
+#endif
+#ifdef ETIMEDOUT
+ { ETIMEDOUT, NT_STATUS_IO_TIMEOUT},
+#endif
+#ifdef ECONNABORTED
+ { ECONNABORTED, NT_STATUS_CONNECTION_ABORTED},
+#endif
+#ifdef ECONNRESET
+ { ECONNRESET, NT_STATUS_CONNECTION_RESET},
+#endif
+#ifdef ENODEV
+ { ENODEV, NT_STATUS_DEVICE_DOES_NOT_EXIST},
+#endif
+#ifdef ENOATTR
+ { ENOATTR, NT_STATUS_NOT_FOUND },
+#endif
+#ifdef ECANCELED
+ { ECANCELED, NT_STATUS_CANCELLED},
+#endif
+#ifdef ENOTSUP
+ { ENOTSUP, NT_STATUS_NOT_SUPPORTED},
+#endif
+#ifdef ETXTBSY
+ { ETXTBSY, NT_STATUS_SHARING_VIOLATION },
+#endif
+#ifdef EOVERFLOW
+ { EOVERFLOW, NT_STATUS_ALLOTTED_SPACE_EXCEEDED },
+#endif
+ { EINPROGRESS, NT_STATUS_MORE_PROCESSING_REQUIRED },
+#ifdef ERANGE
+ { ERANGE, NT_STATUS_INTEGER_OVERFLOW },
+#endif
+#ifdef ENXIO
+ { ENXIO, NT_STATUS_ILLEGAL_FUNCTION },
+#endif
+};
+
+/*********************************************************************
+ Map an NT error code from a Unix error code.
+*********************************************************************/
+
+NTSTATUS map_nt_error_from_unix(int unix_error)
+{
+ size_t i = 0;
+
+ if (unix_error == 0) {
+ /* we map this to an error, not success, as this
+ function is only called in an error path. Lots of
+ our virtualised functions may fail without making a
+ unix system call that fails (such as when they are
+ checking for some handle existing), so unix_error
+ may be unset
+ */
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /* Look through list */
+ for (i=0;i<ARRAY_SIZE(unix_nt_errmap);i++) {
+ if (unix_nt_errmap[i].unix_error == unix_error) {
+ return unix_nt_errmap[i].nt_error;
+ }
+ }
+
+ /* Default return */
+ return NT_STATUS_ACCESS_DENIED;
+}
diff --git a/source3/lib/eventlog/eventlog.c b/source3/lib/eventlog/eventlog.c
new file mode 100644
index 0000000..031c749
--- /dev/null
+++ b/source3/lib/eventlog/eventlog.c
@@ -0,0 +1,1066 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Eventlog utility routines
+ * Copyright (C) Marcin Krzysztof Porwit 2005,
+ * Copyright (C) Brian Moran 2005.
+ * Copyright (C) Gerald (Jerry) Carter 2005.
+ * Copyright (C) Guenther Deschner 2009.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/eventlog/eventlog.h"
+#include "../libcli/security/security.h"
+#include "util_tdb.h"
+
+/* maintain a list of open eventlog tdbs with reference counts */
+
+static ELOG_TDB *open_elog_list;
+
+/********************************************************************
+ Init an Eventlog TDB, and return it. If null, something bad
+ happened.
+********************************************************************/
+
+TDB_CONTEXT *elog_init_tdb( char *tdbfilename )
+{
+ TDB_CONTEXT *tdb;
+
+ DEBUG(10,("elog_init_tdb: Initializing eventlog tdb (%s)\n",
+ tdbfilename));
+
+ tdb = tdb_open_log( tdbfilename, 0, TDB_DEFAULT,
+ O_RDWR|O_CREAT|O_TRUNC, 0660 );
+
+ if ( !tdb ) {
+ DEBUG( 0, ( "Can't open tdb for [%s]\n", tdbfilename ) );
+ return NULL;
+ }
+
+ /* initialize with defaults, copy real values in here from registry */
+
+ tdb_store_int32( tdb, EVT_OLDEST_ENTRY, 1 );
+ tdb_store_int32( tdb, EVT_NEXT_RECORD, 1 );
+ tdb_store_int32( tdb, EVT_MAXSIZE, 0x80000 );
+ tdb_store_int32( tdb, EVT_RETENTION, 0x93A80 );
+
+ tdb_store_int32( tdb, EVT_VERSION, EVENTLOG_DATABASE_VERSION_V1 );
+
+ return tdb;
+}
+
+/********************************************************************
+ make the tdb file name for an event log, given destination buffer
+ and size. Caller must free memory.
+********************************************************************/
+
+char *elog_tdbname(TALLOC_CTX *ctx, const char *name )
+{
+ char *path;
+ char *file;
+ char *tdbname;
+
+ path = state_path(talloc_tos(), "eventlog");
+ if (!path) {
+ return NULL;
+ }
+
+ file = talloc_asprintf_strlower_m(path, "%s.tdb", name);
+ if (!file) {
+ talloc_free(path);
+ return NULL;
+ }
+
+ tdbname = talloc_asprintf(ctx, "%s/%s", path, file);
+ if (!tdbname) {
+ talloc_free(path);
+ return NULL;
+ }
+
+ talloc_free(path);
+ return tdbname;
+}
+
+
+/********************************************************************
+ this function is used to count up the number of bytes in a
+ particular TDB
+********************************************************************/
+
+struct trav_size_struct {
+ int size;
+ int rec_count;
+};
+
+static int eventlog_tdb_size_fn( TDB_CONTEXT * tdb, TDB_DATA key, TDB_DATA data,
+ void *state )
+{
+ struct trav_size_struct *tsize = (struct trav_size_struct *)state;
+
+ tsize->size += data.dsize;
+ tsize->rec_count++;
+
+ return 0;
+}
+
+/********************************************************************
+ returns the size of the eventlog, and if MaxSize is a non-null
+ ptr, puts the MaxSize there. This is purely a way not to have yet
+ another function that solely reads the maxsize of the eventlog.
+ Yeah, that's it.
+********************************************************************/
+
+int elog_tdb_size( TDB_CONTEXT * tdb, int *MaxSize, int *Retention )
+{
+ struct trav_size_struct tsize;
+
+ if ( !tdb )
+ return 0;
+
+ ZERO_STRUCT( tsize );
+
+ tdb_traverse( tdb, eventlog_tdb_size_fn, &tsize );
+
+ if ( MaxSize != NULL ) {
+ *MaxSize = tdb_fetch_int32( tdb, EVT_MAXSIZE );
+ }
+
+ if ( Retention != NULL ) {
+ *Retention = tdb_fetch_int32( tdb, EVT_RETENTION );
+ }
+
+ DEBUG( 1,
+ ( "eventlog size: [%d] for [%d] records\n", tsize.size,
+ tsize.rec_count ) );
+ return tsize.size;
+}
+
+/********************************************************************
+ Discard early event logs until we have enough for 'needed' bytes...
+ NO checking done beforehand to see that we actually need to do
+ this, and it's going to pluck records one-by-one. So, it's best
+ to determine that this needs to be done before doing it.
+
+ Setting whack_by_date to True indicates that eventlogs falling
+ outside of the retention range need to go...
+
+ return True if we made enough room to accommodate needed bytes
+********************************************************************/
+
+static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32_t needed,
+ bool whack_by_date )
+{
+ int32_t start_record, i, new_start;
+ int32_t end_record;
+ int32_t reclen, tresv1, trecnum, timegen, timewr;
+ int nbytes, len, Retention, MaxSize;
+ TDB_DATA key, ret;
+ time_t current_time, exp_time;
+
+ /* discard some eventlogs */
+
+ /* read eventlogs from oldest_entry -- there can't be any discontinuity in recnos,
+ although records not necessarily guaranteed to have successive times */
+ /* */
+
+ /* lock */
+ tdb_lock_bystring_with_timeout( the_tdb, EVT_NEXT_RECORD, 1 );
+ /* read */
+ end_record = tdb_fetch_int32( the_tdb, EVT_NEXT_RECORD );
+ start_record = tdb_fetch_int32( the_tdb, EVT_OLDEST_ENTRY );
+ Retention = tdb_fetch_int32( the_tdb, EVT_RETENTION );
+ MaxSize = tdb_fetch_int32( the_tdb, EVT_MAXSIZE );
+
+ time( &current_time );
+
+ /* calculate ... */
+ exp_time = current_time - Retention; /* discard older than exp_time */
+
+ /* todo - check for sanity in next_record */
+ nbytes = 0;
+
+ DEBUG( 3,
+ ( "MaxSize [%d] Retention [%d] Current Time [%u] exp_time [%u]\n",
+ MaxSize, Retention, (unsigned int)current_time, (unsigned int)exp_time ) );
+ DEBUG( 3,
+ ( "Start Record [%u] End Record [%u]\n",
+ (unsigned int)start_record,
+ (unsigned int)end_record ));
+
+ for ( i = start_record; i < end_record; i++ ) {
+ /* read a record, add the amt to nbytes */
+ key.dsize = sizeof(int32_t);
+ key.dptr = (unsigned char *)&i;
+ ret = tdb_fetch( the_tdb, key );
+ if ( ret.dsize == 0 ) {
+ DEBUG( 8,
+ ( "Can't find a record for the key, record [%d]\n",
+ i ) );
+ tdb_unlock_bystring( the_tdb, EVT_NEXT_RECORD );
+ return False;
+ }
+ nbytes += ret.dsize; /* note this includes overhead */
+
+ len = tdb_unpack( ret.dptr, ret.dsize, "ddddd", &reclen,
+ &tresv1, &trecnum, &timegen, &timewr );
+ if (len == -1) {
+ DEBUG( 10,("make_way_for_eventlogs: tdb_unpack failed.\n"));
+ tdb_unlock_bystring( the_tdb, EVT_NEXT_RECORD );
+ SAFE_FREE( ret.dptr );
+ return False;
+ }
+
+ DEBUG( 8,
+ ( "read record %u, record size is [%d], total so far [%d]\n",
+ (unsigned int)i, reclen, nbytes ) );
+
+ SAFE_FREE( ret.dptr );
+
+ /* note that other servers may just stop writing records when the size limit
+ is reached, and there are no records older than 'retention'. This doesn't
+ like a very useful thing to do, so instead we whack (as in sleeps with the
+ fishes) just enough records to fit the what we need. This behavior could
+ be changed to 'match', if the need arises. */
+
+ if ( !whack_by_date && ( nbytes >= needed ) )
+ break; /* done */
+ if ( whack_by_date && ( timegen >= exp_time ) )
+ break; /* done */
+ }
+
+ DEBUG( 3,
+ ( "nbytes [%d] needed [%d] start_record is [%u], should be set to [%u]\n",
+ nbytes, needed, (unsigned int)start_record, (unsigned int)i ) );
+ /* todo - remove eventlog entries here and set starting record to start_record... */
+ new_start = i;
+ if ( start_record != new_start ) {
+ for ( i = start_record; i < new_start; i++ ) {
+ key.dsize = sizeof(int32_t);
+ key.dptr = (unsigned char *)&i;
+ tdb_delete( the_tdb, key );
+ }
+
+ tdb_store_int32( the_tdb, EVT_OLDEST_ENTRY, new_start );
+ }
+ tdb_unlock_bystring( the_tdb, EVT_NEXT_RECORD );
+ return True;
+}
+
+/********************************************************************
+ some hygiene for an eventlog - see how big it is, and then
+ calculate how many bytes we need to remove
+********************************************************************/
+
+bool prune_eventlog( TDB_CONTEXT * tdb )
+{
+ int MaxSize, Retention, CalcdSize;
+
+ if ( !tdb ) {
+ DEBUG( 4, ( "No eventlog tdb handle\n" ) );
+ return False;
+ }
+
+ CalcdSize = elog_tdb_size( tdb, &MaxSize, &Retention );
+ DEBUG( 3,
+ ( "Calculated size [%d] MaxSize [%d]\n", CalcdSize,
+ MaxSize ) );
+
+ if ( CalcdSize > MaxSize ) {
+ return make_way_for_eventlogs( tdb, CalcdSize - MaxSize,
+ False );
+ }
+
+ return make_way_for_eventlogs( tdb, 0, True );
+}
+
+/********************************************************************
+********************************************************************/
+
+static bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32_t needed )
+{
+ int calcd_size;
+ int MaxSize, Retention;
+
+ /* see if we can write to the eventlog -- do a policy enforcement */
+ if ( !tdb )
+ return False; /* tdb is null, so we can't write to it */
+
+
+ if ( needed < 0 )
+ return False;
+ MaxSize = 0;
+ Retention = 0;
+
+ calcd_size = elog_tdb_size( tdb, &MaxSize, &Retention );
+
+ if ( calcd_size <= MaxSize )
+ return True; /* you betcha */
+ if ( calcd_size + needed < MaxSize )
+ return True;
+
+ if ( Retention == 0xffffffff ) {
+ return False; /* see msdn - we can't write no room, discard */
+ }
+ /*
+ note don't have to test, but always good to show intent, in case changes needed
+ later
+ */
+
+ if ( Retention == 0x00000000 ) {
+ /* discard record(s) */
+ /* todo - decide when to remove a bunch vs. just what we need... */
+ return make_way_for_eventlogs( tdb, calcd_size - MaxSize,
+ True );
+ }
+
+ return make_way_for_eventlogs( tdb, calcd_size - MaxSize, False );
+}
+
+/*******************************************************************
+*******************************************************************/
+
+ELOG_TDB *elog_open_tdb( const char *logname, bool force_clear, bool read_only )
+{
+ TDB_CONTEXT *tdb = NULL;
+ uint32_t vers_id;
+ ELOG_TDB *ptr;
+ char *tdbpath = NULL;
+ ELOG_TDB *tdb_node = NULL;
+ char *eventlogdir;
+ TALLOC_CTX *ctx = talloc_tos();
+ bool ok;
+
+ /* check for invalid options */
+
+ if (force_clear && read_only) {
+ DEBUG(1,("elog_open_tdb: Invalid flags\n"));
+ return NULL;
+ }
+
+ /* first see if we have an open context */
+
+ for ( ptr=open_elog_list; ptr; ptr=ptr->next ) {
+ if ( strequal( ptr->name, logname ) ) {
+ ptr->ref_count++;
+
+ /* trick to allow clearing of the eventlog tdb.
+ The force_clear flag should imply that someone
+ has done a force close. So make sure the tdb
+ is NULL. If this is a normal open, then just
+ return the existing reference */
+
+ if ( force_clear ) {
+ SMB_ASSERT( ptr->tdb == NULL );
+ break;
+ }
+ else
+ return ptr;
+ }
+ }
+
+ /* make sure that the eventlog dir exists */
+
+ eventlogdir = state_path(talloc_tos(), "eventlog");
+ if (eventlogdir == NULL) {
+ return NULL;
+ }
+ ok = directory_create_or_exist(eventlogdir, 0755);
+ TALLOC_FREE(eventlogdir);
+ if (!ok) {
+ return NULL;
+ }
+
+ /* get the path on disk */
+
+ tdbpath = elog_tdbname(ctx, logname);
+ if (!tdbpath) {
+ return NULL;
+ }
+
+ DEBUG(7,("elog_open_tdb: Opening %s...(force_clear == %s)\n",
+ tdbpath, force_clear?"True":"False" ));
+
+ /* the tdb wasn't already open or this is a forced clear open */
+
+ if ( !force_clear ) {
+
+ tdb = tdb_open_log( tdbpath, 0, TDB_DEFAULT, read_only ? O_RDONLY : O_RDWR , 0 );
+ if ( tdb ) {
+ vers_id = tdb_fetch_int32( tdb, EVT_VERSION );
+
+ if ( vers_id != EVENTLOG_DATABASE_VERSION_V1 ) {
+ DEBUG(1,("elog_open_tdb: Invalid version [%d] on file [%s].\n",
+ vers_id, tdbpath));
+ tdb_close( tdb );
+ tdb = elog_init_tdb( tdbpath );
+ }
+ }
+ }
+
+ if ( !tdb )
+ tdb = elog_init_tdb( tdbpath );
+
+ /* if we got a valid context, then add it to the list */
+
+ if ( tdb ) {
+ /* on a forced clear, just reset the tdb context if we already
+ have an open entry in the list */
+
+ if ( ptr ) {
+ ptr->tdb = tdb;
+ return ptr;
+ }
+
+ if ( !(tdb_node = talloc_zero( NULL, ELOG_TDB)) ) {
+ DEBUG(0,("elog_open_tdb: talloc() failure!\n"));
+ tdb_close( tdb );
+ return NULL;
+ }
+
+ tdb_node->name = talloc_strdup( tdb_node, logname );
+ tdb_node->tdb = tdb;
+ tdb_node->ref_count = 1;
+
+ DLIST_ADD( open_elog_list, tdb_node );
+ }
+
+ return tdb_node;
+}
+
+/*******************************************************************
+ Wrapper to handle reference counts to the tdb
+*******************************************************************/
+
+int elog_close_tdb( ELOG_TDB *etdb, bool force_close )
+{
+ TDB_CONTEXT *tdb;
+
+ if ( !etdb )
+ return 0;
+
+ etdb->ref_count--;
+
+ SMB_ASSERT( etdb->ref_count >= 0 );
+
+ if ( etdb->ref_count == 0 ) {
+ tdb = etdb->tdb;
+ DLIST_REMOVE( open_elog_list, etdb );
+ TALLOC_FREE( etdb );
+ return tdb_close( tdb );
+ }
+
+ if ( force_close ) {
+ tdb = etdb->tdb;
+ etdb->tdb = NULL;
+ return tdb_close( tdb );
+ }
+
+ return 0;
+}
+
+/********************************************************************
+ Note that it's a pretty good idea to initialize the Eventlog_entry
+ structure to zero's before calling parse_logentry on an batch of
+ lines that may resolve to a record. ALSO, it's a good idea to
+ remove any linefeeds (that's EOL to you and me) on the lines
+ going in.
+********************************************************************/
+
+bool parse_logentry( TALLOC_CTX *mem_ctx, char *line, struct eventlog_Record_tdb *entry, bool * eor )
+{
+ char *start = NULL, *stop = NULL;
+
+ start = line;
+
+ /* empty line signifying record delimiter, or we're at the end of the buffer */
+ if ( start == NULL || strlen( start ) == 0 ) {
+ DEBUG( 6,
+ ( "parse_logentry: found end-of-record indicator.\n" ) );
+ *eor = True;
+ return True;
+ }
+ if ( !( stop = strchr( line, ':' ) ) ) {
+ return False;
+ }
+
+ DEBUG( 6, ( "parse_logentry: trying to parse [%s].\n", line ) );
+
+ if ( 0 == strncmp( start, "LEN", stop - start ) ) {
+ /* This will get recomputed later anyway -- probably not necessary */
+ entry->size = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "RS1", stop - start ) ) {
+ /* For now all these reserved entries seem to have the same value,
+ which can be hardcoded to int(1699505740) for now */
+ entry->reserved = talloc_strdup(mem_ctx, "eLfL");
+ } else if ( 0 == strncmp( start, "RCN", stop - start ) ) {
+ entry->record_number = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "TMG", stop - start ) ) {
+ entry->time_generated = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "TMW", stop - start ) ) {
+ entry->time_written = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "EID", stop - start ) ) {
+ entry->event_id = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "ETP", stop - start ) ) {
+ if ( strstr( start, "ERROR" ) ) {
+ entry->event_type = EVENTLOG_ERROR_TYPE;
+ } else if ( strstr( start, "WARNING" ) ) {
+ entry->event_type = EVENTLOG_WARNING_TYPE;
+ } else if ( strstr( start, "INFO" ) ) {
+ entry->event_type = EVENTLOG_INFORMATION_TYPE;
+ } else if ( strstr( start, "AUDIT_SUCCESS" ) ) {
+ entry->event_type = EVENTLOG_AUDIT_SUCCESS;
+ } else if ( strstr( start, "AUDIT_FAILURE" ) ) {
+ entry->event_type = EVENTLOG_AUDIT_FAILURE;
+ } else if ( strstr( start, "SUCCESS" ) ) {
+ entry->event_type = EVENTLOG_SUCCESS;
+ } else {
+ /* some other eventlog type -- currently not defined in MSDN docs, so error out */
+ return False;
+ }
+ }
+
+/*
+ else if(0 == strncmp(start, "NST", stop - start))
+ {
+ entry->num_of_strings = atoi(stop + 1);
+ }
+*/
+ else if ( 0 == strncmp( start, "ECT", stop - start ) ) {
+ entry->event_category = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "RS2", stop - start ) ) {
+ entry->reserved_flags = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "CRN", stop - start ) ) {
+ entry->closing_record_number = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "USL", stop - start ) ) {
+ entry->sid_length = atoi( stop + 1 );
+ } else if ( 0 == strncmp( start, "SRC", stop - start ) ) {
+ stop++;
+ while ( isspace( stop[0] ) ) {
+ stop++;
+ }
+ entry->source_name_len = strlen_m_term(stop);
+ entry->source_name = talloc_strdup(mem_ctx, stop);
+ if (entry->source_name_len == (uint32_t)-1 ||
+ entry->source_name == NULL) {
+ return false;
+ }
+ } else if ( 0 == strncmp( start, "SRN", stop - start ) ) {
+ stop++;
+ while ( isspace( stop[0] ) ) {
+ stop++;
+ }
+ entry->computer_name_len = strlen_m_term(stop);
+ entry->computer_name = talloc_strdup(mem_ctx, stop);
+ if (entry->computer_name_len == (uint32_t)-1 ||
+ entry->computer_name == NULL) {
+ return false;
+ }
+ } else if ( 0 == strncmp( start, "SID", stop - start ) ) {
+ smb_ucs2_t *dummy = NULL;
+ stop++;
+ while ( isspace( stop[0] ) ) {
+ stop++;
+ }
+ entry->sid_length = rpcstr_push_talloc(mem_ctx,
+ &dummy,
+ stop);
+ if (entry->sid_length == (uint32_t)-1) {
+ return false;
+ }
+ entry->sid = data_blob_talloc(mem_ctx, dummy, entry->sid_length);
+ if (entry->sid.data == NULL) {
+ return false;
+ }
+ } else if ( 0 == strncmp( start, "STR", stop - start ) ) {
+ size_t tmp_len;
+ size_t num_of_strings;
+ /* skip past initial ":" */
+ stop++;
+ /* now skip any other leading whitespace */
+ while ( isspace(stop[0])) {
+ stop++;
+ }
+ tmp_len = strlen_m_term(stop);
+ if (tmp_len == (size_t)-1) {
+ return false;
+ }
+ num_of_strings = entry->num_of_strings;
+ if (!add_string_to_array(mem_ctx, stop, &entry->strings,
+ &num_of_strings)) {
+ return false;
+ }
+ if (num_of_strings > 0xffff) {
+ return false;
+ }
+ entry->num_of_strings = num_of_strings;
+ entry->strings_len += tmp_len;
+ } else if ( 0 == strncmp( start, "DAT", stop - start ) ) {
+ /* skip past initial ":" */
+ stop++;
+ /* now skip any other leading whitespace */
+ while ( isspace( stop[0] ) ) {
+ stop++;
+ }
+ entry->data_length = strlen_m(stop);
+ entry->data = data_blob_talloc(mem_ctx, stop, entry->data_length);
+ if (!entry->data.data) {
+ return false;
+ }
+ } else {
+ /* some other eventlog entry -- not implemented, so dropping on the floor */
+ DEBUG( 10, ( "Unknown entry [%s]. Ignoring.\n", line ) );
+ /* For now return true so that we can keep on parsing this mess. Eventually
+ we will return False here. */
+ return true;
+ }
+ return true;
+}
+
+/*******************************************************************
+ calculate the correct fields etc for an eventlog entry
+*******************************************************************/
+
+size_t fixup_eventlog_record_tdb(struct eventlog_Record_tdb *r)
+{
+ size_t size = 56; /* static size of integers before buffers start */
+
+ r->source_name_len = strlen_m_term(r->source_name) * 2;
+ r->computer_name_len = strlen_m_term(r->computer_name) * 2;
+ r->strings_len = ndr_size_string_array(r->strings,
+ r->num_of_strings, LIBNDR_FLAG_STR_NULLTERM) * 2;
+
+ /* fix up the eventlog entry structure as necessary */
+ r->sid_padding = ( ( 4 - ( ( r->source_name_len + r->computer_name_len ) % 4 ) ) % 4 );
+ r->padding = ( 4 - ( ( r->strings_len + r->data_length ) % 4 ) ) % 4;
+
+ if (r->sid_length == 0) {
+ /* Should not pad to a DWORD boundary for writing out the sid if there is
+ no SID, so just propagate the padding to pad the data */
+ r->padding += r->sid_padding;
+ r->sid_padding = 0;
+ }
+
+ size += r->source_name_len;
+ size += r->computer_name_len;
+ size += r->sid_padding;
+ size += r->sid_length;
+ size += r->strings_len;
+ size += r->data_length;
+ size += r->padding;
+ /* need another copy of length at the end of the data */
+ size += sizeof(r->size);
+
+ r->size = size;
+
+ return size;
+}
+
+
+/********************************************************************
+ ********************************************************************/
+
+struct eventlog_Record_tdb *evlog_pull_record_tdb(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ uint32_t record_number)
+{
+ struct eventlog_Record_tdb *r;
+ TDB_DATA data, key;
+
+ int32_t srecno;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+
+ srecno = record_number;
+ key.dptr = (unsigned char *)&srecno;
+ key.dsize = sizeof(int32_t);
+
+ data = tdb_fetch(tdb, key);
+ if (data.dsize == 0) {
+ DEBUG(8,("evlog_pull_record_tdb: "
+ "Can't find a record for the key, record %d\n",
+ record_number));
+ return NULL;
+ }
+
+ r = talloc_zero(mem_ctx, struct eventlog_Record_tdb);
+ if (!r) {
+ goto done;
+ }
+
+ blob = data_blob_const(data.dptr, data.dsize);
+
+ ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, r,
+ (ndr_pull_flags_fn_t)ndr_pull_eventlog_Record_tdb);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(10,("evlog_pull_record_tdb: failed to decode record %d\n",
+ record_number));
+ TALLOC_FREE(r);
+ goto done;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(eventlog_Record_tdb, r);
+ }
+
+ DEBUG(10,("evlog_pull_record_tdb: retrieved entry for record %d\n",
+ record_number));
+ done:
+ SAFE_FREE(data.dptr);
+
+ return r;
+}
+
+/********************************************************************
+ ********************************************************************/
+
+struct EVENTLOGRECORD *evlog_pull_record(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ uint32_t record_number)
+{
+ struct eventlog_Record_tdb *t;
+ struct EVENTLOGRECORD *r;
+ NTSTATUS status;
+
+ r = talloc_zero(mem_ctx, struct EVENTLOGRECORD);
+ if (!r) {
+ return NULL;
+ }
+
+ t = evlog_pull_record_tdb(r, tdb, record_number);
+ if (!t) {
+ talloc_free(r);
+ return NULL;
+ }
+
+ status = evlog_tdb_entry_to_evt_entry(r, t, r);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(r);
+ return NULL;
+ }
+
+ r->Length = r->Length2 = ndr_size_EVENTLOGRECORD(r, 0);
+
+ return r;
+}
+
+/********************************************************************
+ write an eventlog entry. Note that we have to lock, read next
+ eventlog, increment, write, write the record, unlock
+
+ coming into this, ee has the eventlog record, and the auxiliary date
+ (computer name, etc.) filled into the other structure. Before packing
+ into a record, this routine will calc the appropriate padding, etc.,
+ and then blast out the record in a form that can be read back in
+ ********************************************************************/
+
+NTSTATUS evlog_push_record_tdb(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ struct eventlog_Record_tdb *r,
+ uint32_t *record_number)
+{
+ TDB_DATA kbuf, ebuf;
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+ int ret;
+
+ if (!r) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!can_write_to_eventlog(tdb, r->size)) {
+ return NT_STATUS_EVENTLOG_CANT_START;
+ }
+
+ /* need to read the record number and insert it into the entry here */
+
+ /* lock */
+ ret = tdb_lock_bystring_with_timeout(tdb, EVT_NEXT_RECORD, 1);
+ if (ret != 0) {
+ return NT_STATUS_LOCK_NOT_GRANTED;
+ }
+
+ /* read */
+ r->record_number = tdb_fetch_int32(tdb, EVT_NEXT_RECORD);
+
+ ndr_err = ndr_push_struct_blob(&blob, mem_ctx, r,
+ (ndr_push_flags_fn_t)ndr_push_eventlog_Record_tdb);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ tdb_unlock_bystring(tdb, EVT_NEXT_RECORD);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ /* increment the record count */
+
+ kbuf.dsize = sizeof(int32_t);
+ kbuf.dptr = (uint8_t *)&r->record_number;
+
+ ebuf.dsize = blob.length;
+ ebuf.dptr = blob.data;
+
+ ret = tdb_store(tdb, kbuf, ebuf, 0);
+ if (ret != 0) {
+ tdb_unlock_bystring(tdb, EVT_NEXT_RECORD);
+ return NT_STATUS_EVENTLOG_FILE_CORRUPT;
+ }
+
+ ret = tdb_store_int32(tdb, EVT_NEXT_RECORD, r->record_number + 1);
+ if (ret != 0) {
+ tdb_unlock_bystring(tdb, EVT_NEXT_RECORD);
+ return NT_STATUS_EVENTLOG_FILE_CORRUPT;
+ }
+ tdb_unlock_bystring(tdb, EVT_NEXT_RECORD);
+
+ if (record_number) {
+ *record_number = r->record_number;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ ********************************************************************/
+
+NTSTATUS evlog_push_record(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ struct EVENTLOGRECORD *r,
+ uint32_t *record_number)
+{
+ struct eventlog_Record_tdb *t;
+ NTSTATUS status;
+
+ t = talloc_zero(mem_ctx, struct eventlog_Record_tdb);
+ if (!t) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = evlog_evt_entry_to_tdb_entry(t, r, t);
+ if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(t);
+ return status;
+ }
+
+ status = evlog_push_record_tdb(mem_ctx, tdb, t, record_number);
+ talloc_free(t);
+
+ return status;
+}
+
+/********************************************************************
+ ********************************************************************/
+
+NTSTATUS evlog_evt_entry_to_tdb_entry(TALLOC_CTX *mem_ctx,
+ const struct EVENTLOGRECORD *e,
+ struct eventlog_Record_tdb *t)
+{
+ uint32_t i;
+
+ ZERO_STRUCTP(t);
+
+ t->size = e->Length;
+ t->reserved = e->Reserved;
+ t->record_number = e->RecordNumber;
+ t->time_generated = e->TimeGenerated;
+ t->time_written = e->TimeWritten;
+ t->event_id = e->EventID;
+ t->event_type = e->EventType;
+ t->num_of_strings = e->NumStrings;
+ t->event_category = e->EventCategory;
+ t->reserved_flags = e->ReservedFlags;
+ t->closing_record_number = e->ClosingRecordNumber;
+
+ t->stringoffset = e->StringOffset;
+ t->sid_length = e->UserSidLength;
+ t->sid_offset = e->UserSidOffset;
+ t->data_length = e->DataLength;
+ t->data_offset = e->DataOffset;
+
+ t->source_name_len = 2 * strlen_m_term(e->SourceName);
+ t->source_name = talloc_strdup(mem_ctx, e->SourceName);
+ NT_STATUS_HAVE_NO_MEMORY(t->source_name);
+
+ t->computer_name_len = 2 * strlen_m_term(e->Computername);
+ t->computer_name = talloc_strdup(mem_ctx, e->Computername);
+ NT_STATUS_HAVE_NO_MEMORY(t->computer_name);
+
+ /* t->sid_padding; */
+ if (e->UserSidLength > 0) {
+ struct dom_sid_buf sid_str;
+ smb_ucs2_t *dummy = NULL;
+ t->sid_length = rpcstr_push_talloc(
+ mem_ctx,
+ &dummy,
+ dom_sid_str_buf(&e->UserSid, &sid_str));
+ if (t->sid_length == -1) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ t->sid = data_blob_talloc(mem_ctx, (uint8_t *)dummy, t->sid_length);
+ NT_STATUS_HAVE_NO_MEMORY(t->sid.data);
+ }
+
+ t->strings = talloc_array(mem_ctx, const char *, e->NumStrings);
+ for (i=0; i < e->NumStrings; i++) {
+ t->strings[i] = talloc_strdup(t->strings, e->Strings[i]);
+ NT_STATUS_HAVE_NO_MEMORY(t->strings[i]);
+ }
+
+ t->strings_len = 2 * ndr_size_string_array(t->strings, t->num_of_strings, LIBNDR_FLAG_STR_NULLTERM);
+ t->data = data_blob_talloc(mem_ctx, e->Data, e->DataLength);
+ /* t->padding = r->Pad; */
+
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ ********************************************************************/
+
+NTSTATUS evlog_tdb_entry_to_evt_entry(TALLOC_CTX *mem_ctx,
+ const struct eventlog_Record_tdb *t,
+ struct EVENTLOGRECORD *e)
+{
+ uint32_t i;
+
+ ZERO_STRUCTP(e);
+
+ e->Length = t->size;
+ e->Reserved = t->reserved;
+ e->RecordNumber = t->record_number;
+ e->TimeGenerated = t->time_generated;
+ e->TimeWritten = t->time_written;
+ e->EventID = t->event_id;
+ e->EventType = t->event_type;
+ e->NumStrings = t->num_of_strings;
+ e->EventCategory = t->event_category;
+ e->ReservedFlags = t->reserved_flags;
+ e->ClosingRecordNumber = t->closing_record_number;
+
+ e->StringOffset = t->stringoffset;
+ e->UserSidLength = t->sid_length;
+ e->UserSidOffset = t->sid_offset;
+ e->DataLength = t->data_length;
+ e->DataOffset = t->data_offset;
+
+ e->SourceName = talloc_strdup(mem_ctx, t->source_name);
+ NT_STATUS_HAVE_NO_MEMORY(e->SourceName);
+
+ e->Computername = talloc_strdup(mem_ctx, t->computer_name);
+ NT_STATUS_HAVE_NO_MEMORY(e->Computername);
+
+ if (t->sid_length > 0) {
+ char *sid_str = NULL;
+ size_t len;
+ if (!convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX,
+ t->sid.data, t->sid.length,
+ (void *)&sid_str, &len)) {
+ return NT_STATUS_INVALID_SID;
+ }
+ if (len > 0) {
+ bool ok = string_to_sid(&e->UserSid, sid_str);
+ if (!ok) {
+ return NT_STATUS_INVALID_SID;
+ }
+ }
+ TALLOC_FREE(sid_str);
+ }
+
+ e->Strings = talloc_array(mem_ctx, const char *, t->num_of_strings);
+ for (i=0; i < t->num_of_strings; i++) {
+ e->Strings[i] = talloc_strdup(e->Strings, t->strings[i]);
+ NT_STATUS_HAVE_NO_MEMORY(e->Strings[i]);
+ }
+
+ e->Data = (uint8_t *)talloc_memdup(mem_ctx, t->data.data, t->data_length);
+ e->Pad = talloc_strdup(mem_ctx, "");
+ NT_STATUS_HAVE_NO_MEMORY(e->Pad);
+
+ e->Length2 = t->size;
+
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ ********************************************************************/
+
+NTSTATUS evlog_convert_tdb_to_evt(TALLOC_CTX *mem_ctx,
+ ELOG_TDB *etdb,
+ DATA_BLOB *blob_p,
+ uint32_t *num_records_p)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ uint32_t num_records = 0;
+ struct EVENTLOG_EVT_FILE evt;
+ uint32_t count = 1;
+ size_t endoffset = 0;
+
+ ZERO_STRUCT(evt);
+
+ while (1) {
+
+ struct eventlog_Record_tdb *r;
+ struct EVENTLOGRECORD e;
+
+ r = evlog_pull_record_tdb(mem_ctx, etdb->tdb, count);
+ if (!r) {
+ break;
+ }
+
+ status = evlog_tdb_entry_to_evt_entry(mem_ctx, r, &e);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ endoffset += ndr_size_EVENTLOGRECORD(&e, 0);
+
+ ADD_TO_ARRAY(mem_ctx, struct EVENTLOGRECORD, e, &evt.records, &num_records);
+ count++;
+ }
+
+ evt.hdr.StartOffset = 0x30;
+ evt.hdr.EndOffset = evt.hdr.StartOffset + endoffset;
+ evt.hdr.CurrentRecordNumber = count;
+ evt.hdr.OldestRecordNumber = 1;
+ evt.hdr.MaxSize = tdb_fetch_int32(etdb->tdb, EVT_MAXSIZE);
+ evt.hdr.Flags = 0;
+ evt.hdr.Retention = tdb_fetch_int32(etdb->tdb, EVT_RETENTION);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(EVENTLOGHEADER, &evt.hdr);
+ }
+
+ evt.eof.BeginRecord = 0x30;
+ evt.eof.EndRecord = evt.hdr.StartOffset + endoffset;
+ evt.eof.CurrentRecordNumber = evt.hdr.CurrentRecordNumber;
+ evt.eof.OldestRecordNumber = evt.hdr.OldestRecordNumber;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(EVENTLOGEOF, &evt.eof);
+ }
+
+ ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &evt,
+ (ndr_push_flags_fn_t)ndr_push_EVENTLOG_EVT_FILE);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ goto done;
+ }
+
+ *blob_p = blob;
+ *num_records_p = num_records;
+
+ done:
+ return status;
+}
diff --git a/source3/lib/eventlog/eventlog.h b/source3/lib/eventlog/eventlog.h
new file mode 100644
index 0000000..b485bfe
--- /dev/null
+++ b/source3/lib/eventlog/eventlog.h
@@ -0,0 +1,45 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * RPC Pipe client / server routines
+ * Copyright (C) Marcin Krzysztof Porwit 2005.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <tdb.h>
+
+/* Defines for TDB keys */
+#define EVT_OLDEST_ENTRY "INFO/oldest_entry"
+#define EVT_NEXT_RECORD "INFO/next_record"
+#define EVT_VERSION "INFO/version"
+#define EVT_MAXSIZE "INFO/maxsize"
+#define EVT_RETENTION "INFO/retention"
+
+#define ELOG_APPL "Application"
+#define ELOG_SYS "System"
+#define ELOG_SEC "Security"
+
+typedef struct elog_tdb {
+ struct elog_tdb *prev, *next;
+ char *name;
+ TDB_CONTEXT *tdb;
+ int ref_count;
+} ELOG_TDB;
+
+#define ELOG_TDB_CTX(x) ((x)->tdb)
+
+#define EVENTLOG_DATABASE_VERSION_V1 1
+
+#include "../librpc/gen_ndr/ndr_eventlog.h"
+#include "lib/eventlog/proto.h"
diff --git a/source3/lib/eventlog/proto.h b/source3/lib/eventlog/proto.h
new file mode 100644
index 0000000..d3341ce
--- /dev/null
+++ b/source3/lib/eventlog/proto.h
@@ -0,0 +1,62 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Eventlog utility routines
+ *
+ * Copyright (C) Marcin Krzysztof Porwit 2005
+ * Copyright (C) Brian Moran 2005
+ * Copyright (C) Gerald (Jerry) Carter 2005
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIB_EVENTLOG_PROTO_H_
+#define _LIB_EVENTLOG_PROTO_H_
+
+/* The following definitions come from lib/eventlog/eventlog.c */
+
+TDB_CONTEXT *elog_init_tdb( char *tdbfilename );
+char *elog_tdbname(TALLOC_CTX *ctx, const char *name );
+int elog_tdb_size( TDB_CONTEXT * tdb, int *MaxSize, int *Retention );
+bool prune_eventlog( TDB_CONTEXT * tdb );
+ELOG_TDB *elog_open_tdb( const char *logname, bool force_clear, bool read_only );
+int elog_close_tdb( ELOG_TDB *etdb, bool force_close );
+bool parse_logentry( TALLOC_CTX *mem_ctx, char *line, struct eventlog_Record_tdb *entry, bool * eor );
+size_t fixup_eventlog_record_tdb(struct eventlog_Record_tdb *r);
+struct eventlog_Record_tdb *evlog_pull_record_tdb(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ uint32_t record_number);
+NTSTATUS evlog_push_record_tdb(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ struct eventlog_Record_tdb *r,
+ uint32_t *record_number);
+NTSTATUS evlog_push_record(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ struct EVENTLOGRECORD *r,
+ uint32_t *record_number);
+struct EVENTLOGRECORD *evlog_pull_record(TALLOC_CTX *mem_ctx,
+ TDB_CONTEXT *tdb,
+ uint32_t record_number);
+NTSTATUS evlog_evt_entry_to_tdb_entry(TALLOC_CTX *mem_ctx,
+ const struct EVENTLOGRECORD *e,
+ struct eventlog_Record_tdb *t);
+NTSTATUS evlog_tdb_entry_to_evt_entry(TALLOC_CTX *mem_ctx,
+ const struct eventlog_Record_tdb *t,
+ struct EVENTLOGRECORD *e);
+NTSTATUS evlog_convert_tdb_to_evt(TALLOC_CTX *mem_ctx,
+ ELOG_TDB *etdb,
+ DATA_BLOB *blob_p,
+ uint32_t *num_records_p);
+
+#endif /* _LIB_EVENTLOG_PROTO_H_ */
diff --git a/source3/lib/file_id.c b/source3/lib/file_id.c
new file mode 100644
index 0000000..545437a
--- /dev/null
+++ b/source3/lib/file_id.c
@@ -0,0 +1,82 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ file_id structure handling
+
+ Copyright (C) Andrew Tridgell 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/file_id.h"
+
+/*
+ return True if two file_id structures are equal
+ */
+bool file_id_equal(const struct file_id *id1, const struct file_id *id2)
+{
+ return id1->inode == id2->inode && id1->devid == id2->devid &&
+ id1->extid == id2->extid;
+}
+
+char *file_id_str_buf(struct file_id fid, struct file_id_buf *dst)
+{
+ snprintf(dst->buf,
+ sizeof(dst->buf),
+ "%"PRIu64":%"PRIu64":%"PRIu64,
+ fid.devid,
+ fid.inode,
+ fid.extid);
+ return dst->buf;
+}
+
+/*
+ push a 16 byte version of a file id into a buffer. This ignores the extid
+ and is needed when dev/inodes are stored in persistent storage (tdbs).
+ */
+void push_file_id_16(char *buf, const struct file_id *id)
+{
+ SIVAL(buf, 0, id->devid&0xFFFFFFFF);
+ SIVAL(buf, 4, id->devid>>32);
+ SIVAL(buf, 8, id->inode&0xFFFFFFFF);
+ SIVAL(buf, 12, id->inode>>32);
+}
+
+/*
+ push a 24 byte version of a file id into a buffer
+ */
+void push_file_id_24(char *buf, const struct file_id *id)
+{
+ SIVAL(buf, 0, id->devid&0xFFFFFFFF);
+ SIVAL(buf, 4, id->devid>>32);
+ SIVAL(buf, 8, id->inode&0xFFFFFFFF);
+ SIVAL(buf, 12, id->inode>>32);
+ SIVAL(buf, 16, id->extid&0xFFFFFFFF);
+ SIVAL(buf, 20, id->extid>>32);
+}
+
+/*
+ pull a 24 byte version of a file id from a buffer
+ */
+void pull_file_id_24(const char *buf, struct file_id *id)
+{
+ ZERO_STRUCTP(id);
+ id->devid = IVAL(buf, 0);
+ id->devid |= ((uint64_t)IVAL(buf,4))<<32;
+ id->inode = IVAL(buf, 8);
+ id->inode |= ((uint64_t)IVAL(buf,12))<<32;
+ id->extid = IVAL(buf, 16);
+ id->extid |= ((uint64_t)IVAL(buf,20))<<32;
+}
diff --git a/source3/lib/file_id.h b/source3/lib/file_id.h
new file mode 100644
index 0000000..255b1dd
--- /dev/null
+++ b/source3/lib/file_id.h
@@ -0,0 +1,44 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ file_id structure handling
+
+ Copyright (C) Andrew Tridgell 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIB_FILE_ID_H__
+#define __LIB_FILE_ID_H__
+
+#include "librpc/gen_ndr/file_id.h"
+
+/* The following definitions come from lib/file_id.c */
+
+bool file_id_equal(const struct file_id *id1, const struct file_id *id2);
+
+/*
+ * strlen("18446744073709551615")=20 times 3 plus 2 colons plus trailing 0
+ */
+struct file_id_buf { char buf[63]; };
+char *file_id_str_buf(struct file_id fid, struct file_id_buf *dst);
+
+/*
+ an allocated string for a file_id structure
+ */
+void push_file_id_16(char *buf, const struct file_id *id);
+void push_file_id_24(char *buf, const struct file_id *id);
+void pull_file_id_24(const char *buf, struct file_id *id);
+
+#endif
diff --git a/source3/lib/filename_util.c b/source3/lib/filename_util.c
new file mode 100644
index 0000000..3f8e903
--- /dev/null
+++ b/source3/lib/filename_util.c
@@ -0,0 +1,406 @@
+/*
+ Unix SMB/CIFS implementation.
+ Filename utility functions.
+ Copyright (C) Tim Prouty 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#include "includes.h"
+
+/**
+ * XXX: This is temporary and there should be no callers of this outside of
+ * this file once smb_filename is plumbed through all path based operations.
+ * The one legitimate caller currently is smb_fname_str_dbg(), which this
+ * could be made static for.
+ */
+NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx,
+ const struct smb_filename *smb_fname,
+ char **full_name)
+{
+ if (smb_fname->stream_name) {
+ /* stream_name must always be NULL if there is no stream. */
+ SMB_ASSERT(smb_fname->stream_name[0] != '\0');
+
+ *full_name = talloc_asprintf(ctx, "%s%s", smb_fname->base_name,
+ smb_fname->stream_name);
+ } else {
+ *full_name = talloc_strdup(ctx, smb_fname->base_name);
+ }
+
+ if (!*full_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/**
+ * There are actually legitimate callers of this such as functions that
+ * enumerate streams using the vfs_streaminfo interface and then want to
+ * operate on each stream.
+ */
+struct smb_filename *synthetic_smb_fname(TALLOC_CTX *mem_ctx,
+ const char *base_name,
+ const char *stream_name,
+ const SMB_STRUCT_STAT *psbuf,
+ NTTIME twrp,
+ uint32_t flags)
+{
+ /* Setup the base_name/stream_name. */
+
+ struct smb_filename smb_fname_loc = {
+ .base_name = discard_const_p(char, base_name),
+ .stream_name = discard_const_p(char, stream_name),
+ .flags = flags,
+ .twrp = twrp,
+ };
+
+ /* Copy the psbuf if one was given. */
+ if (psbuf)
+ smb_fname_loc.st = *psbuf;
+
+ /* Let cp_smb_filename() do the heavy lifting. */
+ return cp_smb_filename(mem_ctx, &smb_fname_loc);
+}
+
+/**
+ * Utility function used by VFS calls that must *NOT* operate
+ * on a stream filename, only the base_name.
+ */
+struct smb_filename *cp_smb_filename_nostream(TALLOC_CTX *mem_ctx,
+ const struct smb_filename *smb_fname_in)
+{
+ struct smb_filename smb_fname_loc = *smb_fname_in;
+ struct smb_filename *smb_fname = NULL;
+
+ smb_fname_loc.stream_name = NULL;
+
+ smb_fname = cp_smb_filename(mem_ctx, &smb_fname_loc);
+ return smb_fname;
+}
+
+/**
+ * There are a few legitimate users of this.
+ */
+struct smb_filename *synthetic_smb_fname_split(TALLOC_CTX *ctx,
+ const char *fname,
+ bool posix_path)
+{
+ char *stream_name = NULL;
+ char *base_name = NULL;
+ struct smb_filename *ret;
+ bool ok;
+
+ if (posix_path) {
+ /* No stream name looked for. */
+ return synthetic_smb_fname(ctx,
+ fname,
+ NULL,
+ NULL,
+ 0,
+ SMB_FILENAME_POSIX_PATH);
+ }
+
+ ok = split_stream_filename(ctx,
+ fname,
+ &base_name,
+ &stream_name);
+ if (!ok) {
+ return NULL;
+ }
+
+ ret = synthetic_smb_fname(ctx,
+ base_name,
+ stream_name,
+ NULL,
+ 0,
+ 0);
+ TALLOC_FREE(base_name);
+ TALLOC_FREE(stream_name);
+ return ret;
+}
+
+/**
+ * Return a string using the talloc_tos()
+ */
+const char *smb_fname_str_dbg(const struct smb_filename *smb_fname)
+{
+ char *fname = NULL;
+ time_t t;
+ struct tm tm;
+ struct tm *ptm = NULL;
+ fstring tstr;
+ ssize_t slen;
+ NTSTATUS status;
+
+ if (smb_fname == NULL) {
+ return "";
+ }
+ status = get_full_smb_filename(talloc_tos(), smb_fname, &fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ return "";
+ }
+ if (smb_fname->twrp == 0) {
+ return fname;
+ }
+
+ t = nt_time_to_unix(smb_fname->twrp);
+ ptm = gmtime_r(&t, &tm);
+ if (ptm == NULL) {
+ return "";
+ }
+
+ slen = strftime(tstr, sizeof(tstr), GMT_FORMAT, &tm);
+ if (slen == 0) {
+ return "";
+ }
+
+ fname = talloc_asprintf_append_buffer(
+ fname, " {%s}", tstr);
+ if (fname == NULL) {
+ return "";
+ }
+ return fname;
+}
+
+/**
+ * Return a debug string of the path name of an fsp using the talloc_tos().
+ */
+const char *fsp_str_dbg(const struct files_struct *fsp)
+{
+ const char *name = NULL;
+
+ name = smb_fname_str_dbg(fsp->fsp_name);
+ if (name == NULL) {
+ return "";
+ }
+
+ return name;
+}
+
+/**
+ * Create a debug string for the fnum of an fsp.
+ *
+ * This is allocated to talloc_tos() or a string constant
+ * in certain corner cases. The returned string should
+ * hence not be free'd directly but only via the talloc stack.
+ */
+const char *fsp_fnum_dbg(const struct files_struct *fsp)
+{
+ char *str;
+
+ if (fsp == NULL) {
+ return "fnum [fsp is NULL]";
+ }
+
+ if (fsp->fnum == FNUM_FIELD_INVALID) {
+ return "fnum [invalid value]";
+ }
+
+ str = talloc_asprintf(talloc_tos(), "fnum %"PRIu64, fsp->fnum);
+ if (str == NULL) {
+ DEBUG(1, ("%s: talloc_asprintf failed\n", __FUNCTION__));
+ return "fnum [talloc failed!]";
+ }
+
+ return str;
+}
+
+struct smb_filename *cp_smb_filename(TALLOC_CTX *mem_ctx,
+ const struct smb_filename *in)
+{
+ struct smb_filename *out;
+ size_t base_len = 0;
+ size_t stream_len = 0;
+ int num = 0;
+
+ /* stream_name must always be NULL if there is no stream. */
+ if (in->stream_name) {
+ SMB_ASSERT(in->stream_name[0] != '\0');
+ }
+
+ if (in->base_name != NULL) {
+ base_len = strlen(in->base_name) + 1;
+ num += 1;
+ }
+ if (in->stream_name != NULL) {
+ stream_len = strlen(in->stream_name) + 1;
+ num += 1;
+ }
+
+ out = talloc_pooled_object(mem_ctx, struct smb_filename,
+ num, stream_len + base_len);
+ if (out == NULL) {
+ return NULL;
+ }
+ ZERO_STRUCTP(out);
+
+ /*
+ * The following allocations cannot fail as we
+ * pre-allocated space for them in the out pooled
+ * object.
+ */
+ if (in->base_name != NULL) {
+ out->base_name = talloc_memdup(
+ out, in->base_name, base_len);
+ talloc_set_name_const(out->base_name,
+ out->base_name);
+ }
+ if (in->stream_name != NULL) {
+ out->stream_name = talloc_memdup(
+ out, in->stream_name, stream_len);
+ talloc_set_name_const(out->stream_name,
+ out->stream_name);
+ }
+ out->flags = in->flags;
+ out->st = in->st;
+ out->twrp = in->twrp;
+ return out;
+}
+
+static void assert_valid_stream_smb_fname(const struct smb_filename *smb_fname)
+{
+ /* stream_name must always be NULL if there is no stream. */
+ if (smb_fname->stream_name) {
+ SMB_ASSERT(smb_fname->stream_name[0] != '\0');
+ }
+
+ if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
+ SMB_ASSERT(smb_fname->stream_name == NULL);
+ }
+}
+
+/****************************************************************************
+ Simple check to determine if a smb_fname is a real named stream or the
+ default stream.
+ ***************************************************************************/
+
+bool is_ntfs_stream_smb_fname(const struct smb_filename *smb_fname)
+{
+ assert_valid_stream_smb_fname(smb_fname);
+
+ return (smb_fname->stream_name != NULL);
+}
+
+/****************************************************************************
+ Simple check to determine if a smb_fname is pointing to a normal file or
+ a named stream that is not the default stream "::$DATA".
+
+ foo -> false
+ foo::$DATA -> false
+ foo:bar -> true
+ foo:bar:$DATA -> true
+
+ ***************************************************************************/
+
+bool is_named_stream(const struct smb_filename *smb_fname)
+{
+ assert_valid_stream_smb_fname(smb_fname);
+
+ if (smb_fname->stream_name == NULL) {
+ return false;
+ }
+
+ if (strequal_m(smb_fname->stream_name, "::$DATA")) {
+ return false;
+ }
+
+ return true;
+}
+
+/****************************************************************************
+ Returns true if the filename's stream == "::$DATA"
+ ***************************************************************************/
+bool is_ntfs_default_stream_smb_fname(const struct smb_filename *smb_fname)
+{
+ assert_valid_stream_smb_fname(smb_fname);
+
+ if (smb_fname->stream_name == NULL) {
+ return false;
+ }
+
+ return strequal_m(smb_fname->stream_name, "::$DATA");
+}
+
+/****************************************************************************
+ Filter out Windows invalid EA names (list probed from Windows 2012).
+****************************************************************************/
+
+static const char bad_ea_name_chars[] = "\"*+,/:;<=>?[\\]|";
+
+bool is_invalid_windows_ea_name(const char *name)
+{
+ int i;
+ /* EA name is pulled as ascii so we can examine
+ individual bytes here. */
+ for (i = 0; name[i] != 0; i++) {
+ int val = (name[i] & 0xff);
+ if (val < ' ' || strchr(bad_ea_name_chars, val)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool ea_list_has_invalid_name(struct ea_list *ea_list)
+{
+ for (;ea_list; ea_list = ea_list->next) {
+ if (is_invalid_windows_ea_name(ea_list->ea.name)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+/****************************************************************************
+ Split an incoming name into tallocd filename and stream components.
+ Returns true on success, false on out of memory.
+****************************************************************************/
+
+bool split_stream_filename(TALLOC_CTX *ctx,
+ const char *filename_in,
+ char **filename_out,
+ char **streamname_out)
+{
+ const char *stream_name = NULL;
+ char *stream_out = NULL;
+ char *file_out = NULL;
+
+ stream_name = strchr_m(filename_in, ':');
+
+ if (stream_name) {
+ stream_out = talloc_strdup(ctx, stream_name);
+ if (stream_out == NULL) {
+ return false;
+ }
+ file_out = talloc_strndup(ctx,
+ filename_in,
+ PTR_DIFF(stream_name, filename_in));
+ } else {
+ file_out = talloc_strdup(ctx, filename_in);
+ }
+
+ if (file_out == NULL) {
+ TALLOC_FREE(stream_out);
+ return false;
+ }
+
+ if (filename_out) {
+ *filename_out = file_out;
+ }
+ if (streamname_out) {
+ *streamname_out = stream_out;
+ }
+ return true;
+}
diff --git a/source3/lib/fstring.c b/source3/lib/fstring.c
new file mode 100644
index 0000000..3ed1db1
--- /dev/null
+++ b/source3/lib/fstring.c
@@ -0,0 +1,67 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ fixed string functions
+
+ Copyright (C) Igor Vergeichik <iverg@mail.ru> 2001
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Martin Pool 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+
+size_t push_ascii_fstring(void *dest, const char *src)
+{
+ return push_ascii(dest, src, sizeof(fstring), STR_TERMINATE);
+}
+
+/********************************************************************
+ Push an nstring (a netbios string)
+ this function uses convert_string_error() to avoid common debug
+ warnings where is unable to convert strings to CH_DOS. The target
+ string is truncated at the first character that cannot be converted
+ The target is always null terminated.
+********************************************************************/
+
+size_t push_ascii_nstring(void *dest, const char *src)
+{
+ size_t converted_size = 0;
+ bool ret;
+
+ errno = 0;
+ ret = convert_string_error(CH_UNIX, CH_DOS, src, -1, dest, sizeof(nstring), &converted_size);
+ if (ret || errno == E2BIG) {
+ SCVAL(dest, sizeof(nstring)-1, 0);
+ } else {
+ SCVAL(dest, 0, 0);
+ }
+ return ret ? converted_size : (size_t)-1;
+}
+
+size_t pull_ascii_fstring(char *dest, const void *src)
+{
+ return pull_ascii(dest, src, sizeof(fstring), -1, STR_TERMINATE);
+}
+
+/* When pulling an nstring it can expand into a larger size (dos cp -> utf8). Cope with this. */
+
+size_t pull_ascii_nstring(char *dest, size_t dest_len, const void *src)
+{
+ return pull_ascii(dest, src, dest_len, sizeof(nstring), STR_TERMINATE);
+}
+
diff --git a/source3/lib/g_lock.c b/source3/lib/g_lock.c
new file mode 100644
index 0000000..33f088b
--- /dev/null
+++ b/source3/lib/g_lock.c
@@ -0,0 +1,1984 @@
+/*
+ Unix SMB/CIFS implementation.
+ global locks based on dbwrap and messaging
+ Copyright (C) 2009 by Volker Lendecke
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "system/filesys.h"
+#include "lib/util/server_id.h"
+#include "lib/util/debug.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/samba_util.h"
+#include "lib/util_path.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_open.h"
+#include "dbwrap/dbwrap_watch.h"
+#include "g_lock.h"
+#include "util_tdb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "messages.h"
+#include "serverid.h"
+
+struct g_lock_ctx {
+ struct db_context *db;
+ struct messaging_context *msg;
+ enum dbwrap_lock_order lock_order;
+ bool busy;
+};
+
+struct g_lock {
+ struct server_id exclusive;
+ size_t num_shared;
+ uint8_t *shared;
+ uint64_t unique_lock_epoch;
+ uint64_t unique_data_epoch;
+ size_t datalen;
+ uint8_t *data;
+};
+
+static bool g_lock_parse(uint8_t *buf, size_t buflen, struct g_lock *lck)
+{
+ struct server_id exclusive;
+ size_t num_shared, shared_len;
+ uint64_t unique_lock_epoch;
+ uint64_t unique_data_epoch;
+
+ if (buflen < (SERVER_ID_BUF_LENGTH + /* exclusive */
+ sizeof(uint64_t) + /* seqnum */
+ sizeof(uint32_t))) { /* num_shared */
+ struct g_lock ret = {
+ .exclusive.pid = 0,
+ .unique_lock_epoch = generate_unique_u64(0),
+ .unique_data_epoch = generate_unique_u64(0),
+ };
+ *lck = ret;
+ return true;
+ }
+
+ server_id_get(&exclusive, buf);
+ buf += SERVER_ID_BUF_LENGTH;
+ buflen -= SERVER_ID_BUF_LENGTH;
+
+ unique_lock_epoch = BVAL(buf, 0);
+ buf += sizeof(uint64_t);
+ buflen -= sizeof(uint64_t);
+
+ unique_data_epoch = BVAL(buf, 0);
+ buf += sizeof(uint64_t);
+ buflen -= sizeof(uint64_t);
+
+ num_shared = IVAL(buf, 0);
+ buf += sizeof(uint32_t);
+ buflen -= sizeof(uint32_t);
+
+ if (num_shared > buflen/SERVER_ID_BUF_LENGTH) {
+ DBG_DEBUG("num_shared=%zu, buflen=%zu\n",
+ num_shared,
+ buflen);
+ return false;
+ }
+
+ shared_len = num_shared * SERVER_ID_BUF_LENGTH;
+
+ *lck = (struct g_lock) {
+ .exclusive = exclusive,
+ .num_shared = num_shared,
+ .shared = buf,
+ .unique_lock_epoch = unique_lock_epoch,
+ .unique_data_epoch = unique_data_epoch,
+ .datalen = buflen-shared_len,
+ .data = buf+shared_len,
+ };
+
+ return true;
+}
+
+static void g_lock_get_shared(const struct g_lock *lck,
+ size_t i,
+ struct server_id *shared)
+{
+ if (i >= lck->num_shared) {
+ abort();
+ }
+ server_id_get(shared, lck->shared + i*SERVER_ID_BUF_LENGTH);
+}
+
+static void g_lock_del_shared(struct g_lock *lck, size_t i)
+{
+ if (i >= lck->num_shared) {
+ abort();
+ }
+ lck->num_shared -= 1;
+ if (i < lck->num_shared) {
+ memcpy(lck->shared + i*SERVER_ID_BUF_LENGTH,
+ lck->shared + lck->num_shared*SERVER_ID_BUF_LENGTH,
+ SERVER_ID_BUF_LENGTH);
+ }
+}
+
+static NTSTATUS g_lock_store(
+ struct db_record *rec,
+ struct g_lock *lck,
+ struct server_id *new_shared,
+ const TDB_DATA *new_dbufs,
+ size_t num_new_dbufs)
+{
+ uint8_t exclusive[SERVER_ID_BUF_LENGTH];
+ uint8_t seqnum_buf[sizeof(uint64_t)*2];
+ uint8_t sizebuf[sizeof(uint32_t)];
+ uint8_t new_shared_buf[SERVER_ID_BUF_LENGTH];
+
+ struct TDB_DATA dbufs[6 + num_new_dbufs];
+
+ dbufs[0] = (TDB_DATA) {
+ .dptr = exclusive, .dsize = sizeof(exclusive),
+ };
+ dbufs[1] = (TDB_DATA) {
+ .dptr = seqnum_buf, .dsize = sizeof(seqnum_buf),
+ };
+ dbufs[2] = (TDB_DATA) {
+ .dptr = sizebuf, .dsize = sizeof(sizebuf),
+ };
+ dbufs[3] = (TDB_DATA) {
+ .dptr = lck->shared,
+ .dsize = lck->num_shared * SERVER_ID_BUF_LENGTH,
+ };
+ dbufs[4] = (TDB_DATA) { 0 };
+ dbufs[5] = (TDB_DATA) {
+ .dptr = lck->data, .dsize = lck->datalen,
+ };
+
+ if (num_new_dbufs != 0) {
+ memcpy(&dbufs[6],
+ new_dbufs,
+ num_new_dbufs * sizeof(TDB_DATA));
+ }
+
+ server_id_put(exclusive, lck->exclusive);
+ SBVAL(seqnum_buf, 0, lck->unique_lock_epoch);
+ SBVAL(seqnum_buf, 8, lck->unique_data_epoch);
+
+ if (new_shared != NULL) {
+ if (lck->num_shared >= UINT32_MAX) {
+ return NT_STATUS_BUFFER_OVERFLOW;
+ }
+
+ server_id_put(new_shared_buf, *new_shared);
+
+ dbufs[4] = (TDB_DATA) {
+ .dptr = new_shared_buf,
+ .dsize = sizeof(new_shared_buf),
+ };
+
+ lck->num_shared += 1;
+ }
+
+ SIVAL(sizebuf, 0, lck->num_shared);
+
+ return dbwrap_record_storev(rec, dbufs, ARRAY_SIZE(dbufs), 0);
+}
+
+struct g_lock_ctx *g_lock_ctx_init_backend(
+ TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg,
+ struct db_context **backend)
+{
+ struct g_lock_ctx *result;
+
+ result = talloc_zero(mem_ctx, struct g_lock_ctx);
+ if (result == NULL) {
+ return NULL;
+ }
+ result->msg = msg;
+ result->lock_order = DBWRAP_LOCK_ORDER_NONE;
+
+ result->db = db_open_watched(result, backend, msg);
+ if (result->db == NULL) {
+ DBG_WARNING("db_open_watched failed\n");
+ TALLOC_FREE(result);
+ return NULL;
+ }
+ return result;
+}
+
+void g_lock_set_lock_order(struct g_lock_ctx *ctx,
+ enum dbwrap_lock_order lock_order)
+{
+ ctx->lock_order = lock_order;
+}
+
+struct g_lock_ctx *g_lock_ctx_init(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg)
+{
+ char *db_path = NULL;
+ struct db_context *backend = NULL;
+ struct g_lock_ctx *ctx = NULL;
+
+ db_path = lock_path(mem_ctx, "g_lock.tdb");
+ if (db_path == NULL) {
+ return NULL;
+ }
+
+ backend = db_open(
+ mem_ctx,
+ db_path,
+ 0,
+ TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH|TDB_VOLATILE,
+ O_RDWR|O_CREAT,
+ 0600,
+ DBWRAP_LOCK_ORDER_3,
+ DBWRAP_FLAG_NONE);
+ TALLOC_FREE(db_path);
+ if (backend == NULL) {
+ DBG_WARNING("Could not open g_lock.tdb\n");
+ return NULL;
+ }
+
+ ctx = g_lock_ctx_init_backend(mem_ctx, msg, &backend);
+ return ctx;
+}
+
+static void g_lock_cleanup_dead(
+ struct g_lock *lck,
+ struct server_id *dead_blocker)
+{
+ bool exclusive_died;
+ struct server_id_buf tmp;
+
+ if (dead_blocker == NULL) {
+ return;
+ }
+
+ exclusive_died = server_id_equal(dead_blocker, &lck->exclusive);
+
+ if (exclusive_died) {
+ DBG_DEBUG("Exclusive holder %s died\n",
+ server_id_str_buf(lck->exclusive, &tmp));
+ lck->exclusive.pid = 0;
+ }
+
+ if (lck->num_shared != 0) {
+ bool shared_died;
+ struct server_id shared;
+
+ g_lock_get_shared(lck, 0, &shared);
+ shared_died = server_id_equal(dead_blocker, &shared);
+
+ if (shared_died) {
+ DBG_DEBUG("Shared holder %s died\n",
+ server_id_str_buf(shared, &tmp));
+ g_lock_del_shared(lck, 0);
+ }
+ }
+}
+
+static ssize_t g_lock_find_shared(
+ struct g_lock *lck,
+ const struct server_id *self)
+{
+ size_t i;
+
+ for (i=0; i<lck->num_shared; i++) {
+ struct server_id shared;
+ bool same;
+
+ g_lock_get_shared(lck, i, &shared);
+
+ same = server_id_equal(self, &shared);
+ if (same) {
+ return i;
+ }
+ }
+
+ return -1;
+}
+
+static void g_lock_cleanup_shared(struct g_lock *lck)
+{
+ size_t i;
+ struct server_id check;
+ bool exists;
+
+ if (lck->num_shared == 0) {
+ return;
+ }
+
+ /*
+ * Read locks can stay around forever if the process dies. Do
+ * a heuristic check for process existence: Check one random
+ * process for existence. Hopefully this will keep runaway
+ * read locks under control.
+ */
+ i = generate_random() % lck->num_shared;
+ g_lock_get_shared(lck, i, &check);
+
+ exists = serverid_exists(&check);
+ if (!exists) {
+ struct server_id_buf tmp;
+ DBG_DEBUG("Shared locker %s died -- removing\n",
+ server_id_str_buf(check, &tmp));
+ g_lock_del_shared(lck, i);
+ }
+}
+
+struct g_lock_lock_cb_state {
+ struct g_lock_ctx *ctx;
+ struct db_record *rec;
+ struct g_lock *lck;
+ struct server_id *new_shared;
+ g_lock_lock_cb_fn_t cb_fn;
+ void *cb_private;
+ TALLOC_CTX *update_mem_ctx;
+ TDB_DATA updated_data;
+ bool existed;
+ bool modified;
+ bool unlock;
+};
+
+NTSTATUS g_lock_lock_cb_dump(struct g_lock_lock_cb_state *cb_state,
+ void (*fn)(struct server_id exclusive,
+ size_t num_shared,
+ const struct server_id *shared,
+ const uint8_t *data,
+ size_t datalen,
+ void *private_data),
+ void *private_data)
+{
+ struct g_lock *lck = cb_state->lck;
+
+ /* We allow a cn_fn only for G_LOCK_WRITE for now... */
+ SMB_ASSERT(lck->num_shared == 0);
+
+ fn(lck->exclusive,
+ 0, /* num_shared */
+ NULL, /* shared */
+ lck->data,
+ lck->datalen,
+ private_data);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS g_lock_lock_cb_writev(struct g_lock_lock_cb_state *cb_state,
+ const TDB_DATA *dbufs,
+ size_t num_dbufs)
+{
+ NTSTATUS status;
+
+ status = dbwrap_merge_dbufs(&cb_state->updated_data,
+ cb_state->update_mem_ctx,
+ dbufs, num_dbufs);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ cb_state->modified = true;
+ cb_state->lck->data = cb_state->updated_data.dptr;
+ cb_state->lck->datalen = cb_state->updated_data.dsize;
+
+ return NT_STATUS_OK;
+}
+
+void g_lock_lock_cb_unlock(struct g_lock_lock_cb_state *cb_state)
+{
+ cb_state->unlock = true;
+}
+
+struct g_lock_lock_cb_watch_data_state {
+ struct tevent_context *ev;
+ struct g_lock_ctx *ctx;
+ TDB_DATA key;
+ struct server_id blocker;
+ bool blockerdead;
+ uint64_t unique_lock_epoch;
+ uint64_t unique_data_epoch;
+ uint64_t watch_instance;
+ NTSTATUS status;
+};
+
+static void g_lock_lock_cb_watch_data_done(struct tevent_req *subreq);
+
+struct tevent_req *g_lock_lock_cb_watch_data_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct g_lock_lock_cb_state *cb_state,
+ struct server_id blocker)
+{
+ struct tevent_req *req = NULL;
+ struct g_lock_lock_cb_watch_data_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+ TDB_DATA key = dbwrap_record_get_key(cb_state->rec);
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct g_lock_lock_cb_watch_data_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ctx = cb_state->ctx;
+ state->blocker = blocker;
+
+ state->key = tdb_data_talloc_copy(state, key);
+ if (tevent_req_nomem(state->key.dptr, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->unique_lock_epoch = cb_state->lck->unique_lock_epoch;
+ state->unique_data_epoch = cb_state->lck->unique_data_epoch;
+
+ DBG_DEBUG("state->unique_data_epoch=%"PRIu64"\n", state->unique_data_epoch);
+
+ subreq = dbwrap_watched_watch_send(
+ state, state->ev, cb_state->rec, 0, state->blocker);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, g_lock_lock_cb_watch_data_done, req);
+
+ return req;
+}
+
+static void g_lock_lock_cb_watch_data_done_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct tevent_req *req = talloc_get_type_abort(
+ private_data, struct tevent_req);
+ struct g_lock_lock_cb_watch_data_state *state = tevent_req_data(
+ req, struct g_lock_lock_cb_watch_data_state);
+ struct tevent_req *subreq = NULL;
+ struct g_lock lck;
+ bool ok;
+
+ ok = g_lock_parse(value.dptr, value.dsize, &lck);
+ if (!ok) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+
+ if (lck.unique_data_epoch != state->unique_data_epoch) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ DBG_DEBUG("lck.unique_data_epoch=%"PRIu64", "
+ "state->unique_data_epoch=%"PRIu64"\n",
+ lck.unique_data_epoch,
+ state->unique_data_epoch);
+ state->status = NT_STATUS_OK;
+ return;
+ }
+
+ /*
+ * The lock epoch changed, so we better
+ * remove ourself from the waiter list
+ * (most likely the first position)
+ * and re-add us at the end of the list.
+ *
+ * This gives other lock waiters a change
+ * to make progress.
+ *
+ * Otherwise we'll keep our waiter instance alive,
+ * keep waiting (most likely at first position).
+ */
+ if (lck.unique_lock_epoch != state->unique_lock_epoch) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ state->watch_instance = dbwrap_watched_watch_add_instance(rec);
+ state->unique_lock_epoch = lck.unique_lock_epoch;
+ }
+
+ subreq = dbwrap_watched_watch_send(
+ state, state->ev, rec, state->watch_instance, state->blocker);
+ if (subreq == NULL) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ state->status = NT_STATUS_NO_MEMORY;
+ return;
+ }
+ tevent_req_set_callback(subreq, g_lock_lock_cb_watch_data_done, req);
+
+ state->status = NT_STATUS_EVENT_PENDING;
+}
+
+static void g_lock_lock_cb_watch_data_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct g_lock_lock_cb_watch_data_state *state = tevent_req_data(
+ req, struct g_lock_lock_cb_watch_data_state);
+ NTSTATUS status;
+ uint64_t instance = 0;
+
+ status = dbwrap_watched_watch_recv(
+ subreq, &instance, &state->blockerdead, &state->blocker);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ DBG_DEBUG("dbwrap_watched_watch_recv returned %s\n",
+ nt_errstr(status));
+ return;
+ }
+
+ state->watch_instance = instance;
+
+ status = dbwrap_do_locked(
+ state->ctx->db, state->key, g_lock_lock_cb_watch_data_done_fn, req);
+ if (tevent_req_nterror(req, status)) {
+ DBG_DEBUG("dbwrap_do_locked returned %s\n", nt_errstr(status));
+ return;
+ }
+ if (NT_STATUS_EQUAL(state->status, NT_STATUS_EVENT_PENDING)) {
+ return;
+ }
+ if (tevent_req_nterror(req, state->status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS g_lock_lock_cb_watch_data_recv(
+ struct tevent_req *req,
+ bool *blockerdead,
+ struct server_id *blocker)
+{
+ struct g_lock_lock_cb_watch_data_state *state = tevent_req_data(
+ req, struct g_lock_lock_cb_watch_data_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (blockerdead != NULL) {
+ *blockerdead = state->blockerdead;
+ }
+ if (blocker != NULL) {
+ *blocker = state->blocker;
+ }
+
+ return NT_STATUS_OK;
+}
+
+void g_lock_lock_cb_wake_watchers(struct g_lock_lock_cb_state *cb_state)
+{
+ struct g_lock *lck = cb_state->lck;
+
+ lck->unique_data_epoch = generate_unique_u64(lck->unique_data_epoch);
+ cb_state->modified = true;
+}
+
+static NTSTATUS g_lock_lock_cb_run_and_store(struct g_lock_lock_cb_state *cb_state)
+{
+ struct g_lock *lck = cb_state->lck;
+ NTSTATUS success_status = NT_STATUS_OK;
+ NTSTATUS status;
+
+ if (cb_state->cb_fn != NULL) {
+
+ SMB_ASSERT(lck->num_shared == 0);
+ SMB_ASSERT(cb_state->new_shared == NULL);
+
+ if (cb_state->ctx->lock_order != DBWRAP_LOCK_ORDER_NONE) {
+ const char *name = dbwrap_name(cb_state->ctx->db);
+ dbwrap_lock_order_lock(name, cb_state->ctx->lock_order);
+ }
+
+ cb_state->ctx->busy = true;
+ cb_state->cb_fn(cb_state, cb_state->cb_private);
+ cb_state->ctx->busy = false;
+
+ if (cb_state->ctx->lock_order != DBWRAP_LOCK_ORDER_NONE) {
+ const char *name = dbwrap_name(cb_state->ctx->db);
+ dbwrap_lock_order_unlock(name, cb_state->ctx->lock_order);
+ }
+ }
+
+ if (cb_state->unlock) {
+ /*
+ * Unlocked should wake up watchers.
+ *
+ * We no longer need the lock, so
+ * force a wakeup of the next watchers,
+ * even if we don't do any update.
+ */
+ dbwrap_watched_watch_reset_alerting(cb_state->rec);
+ dbwrap_watched_watch_force_alerting(cb_state->rec);
+ if (!cb_state->modified) {
+ /*
+ * The record was not changed at
+ * all, so we can also avoid
+ * storing the lck.unique_lock_epoch
+ * change
+ */
+ return NT_STATUS_WAS_UNLOCKED;
+ }
+ lck->exclusive = (struct server_id) { .pid = 0 };
+ cb_state->new_shared = NULL;
+
+ if (lck->datalen == 0) {
+ if (!cb_state->existed) {
+ return NT_STATUS_WAS_UNLOCKED;
+ }
+
+ status = dbwrap_record_delete(cb_state->rec);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("dbwrap_record_delete() failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+ return NT_STATUS_WAS_UNLOCKED;
+ }
+
+ success_status = NT_STATUS_WAS_UNLOCKED;
+ }
+
+ status = g_lock_store(cb_state->rec,
+ cb_state->lck,
+ cb_state->new_shared,
+ NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("g_lock_store() failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ return success_status;
+}
+
+struct g_lock_lock_state {
+ struct tevent_context *ev;
+ struct g_lock_ctx *ctx;
+ TDB_DATA key;
+ enum g_lock_type type;
+ bool retry;
+ g_lock_lock_cb_fn_t cb_fn;
+ void *cb_private;
+};
+
+struct g_lock_lock_fn_state {
+ struct g_lock_lock_state *req_state;
+ struct server_id *dead_blocker;
+
+ struct tevent_req *watch_req;
+ uint64_t watch_instance;
+ NTSTATUS status;
+};
+
+static int g_lock_lock_state_destructor(struct g_lock_lock_state *s);
+
+static NTSTATUS g_lock_trylock(
+ struct db_record *rec,
+ struct g_lock_lock_fn_state *state,
+ TDB_DATA data,
+ struct server_id *blocker)
+{
+ struct g_lock_lock_state *req_state = state->req_state;
+ struct server_id self = messaging_server_id(req_state->ctx->msg);
+ enum g_lock_type type = req_state->type;
+ bool retry = req_state->retry;
+ struct g_lock lck = { .exclusive.pid = 0 };
+ struct g_lock_lock_cb_state cb_state = {
+ .ctx = req_state->ctx,
+ .rec = rec,
+ .lck = &lck,
+ .cb_fn = req_state->cb_fn,
+ .cb_private = req_state->cb_private,
+ .existed = data.dsize != 0,
+ .update_mem_ctx = talloc_tos(),
+ };
+ struct server_id_buf tmp;
+ NTSTATUS status;
+ bool ok;
+
+ ok = g_lock_parse(data.dptr, data.dsize, &lck);
+ if (!ok) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ DBG_DEBUG("g_lock_parse failed\n");
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ g_lock_cleanup_dead(&lck, state->dead_blocker);
+
+ lck.unique_lock_epoch = generate_unique_u64(lck.unique_lock_epoch);
+
+ if (lck.exclusive.pid != 0) {
+ bool self_exclusive = server_id_equal(&self, &lck.exclusive);
+
+ if (!self_exclusive) {
+ bool exists = serverid_exists(&lck.exclusive);
+ if (!exists) {
+ lck.exclusive = (struct server_id) { .pid=0 };
+ goto noexclusive;
+ }
+
+ DBG_DEBUG("%s has an exclusive lock\n",
+ server_id_str_buf(lck.exclusive, &tmp));
+
+ if (type == G_LOCK_DOWNGRADE) {
+ struct server_id_buf tmp2;
+
+ dbwrap_watched_watch_remove_instance(rec,
+ state->watch_instance);
+
+ DBG_DEBUG("%s: Trying to downgrade %s\n",
+ server_id_str_buf(self, &tmp),
+ server_id_str_buf(
+ lck.exclusive, &tmp2));
+ return NT_STATUS_NOT_LOCKED;
+ }
+
+ if (type == G_LOCK_UPGRADE) {
+ ssize_t shared_idx;
+
+ dbwrap_watched_watch_remove_instance(rec,
+ state->watch_instance);
+
+ shared_idx = g_lock_find_shared(&lck, &self);
+
+ if (shared_idx == -1) {
+ DBG_DEBUG("Trying to upgrade %s "
+ "without "
+ "existing shared lock\n",
+ server_id_str_buf(
+ self, &tmp));
+ return NT_STATUS_NOT_LOCKED;
+ }
+
+ /*
+ * We're trying to upgrade, and the
+ * exclusive lock is taken by someone
+ * else. This means that someone else
+ * is waiting for us to give up our
+ * shared lock. If we now also wait
+ * for someone to give their shared
+ * lock, we will deadlock.
+ */
+
+ DBG_DEBUG("Trying to upgrade %s while "
+ "someone else is also "
+ "trying to upgrade\n",
+ server_id_str_buf(self, &tmp));
+ return NT_STATUS_POSSIBLE_DEADLOCK;
+ }
+
+ DBG_DEBUG("Waiting for lck.exclusive=%s\n",
+ server_id_str_buf(lck.exclusive, &tmp));
+
+ /*
+ * We will return NT_STATUS_LOCK_NOT_GRANTED
+ * and need to monitor the record.
+ *
+ * If we don't have a watcher instance yet,
+ * we should add one.
+ */
+ if (state->watch_instance == 0) {
+ state->watch_instance =
+ dbwrap_watched_watch_add_instance(rec);
+ }
+
+ *blocker = lck.exclusive;
+ return NT_STATUS_LOCK_NOT_GRANTED;
+ }
+
+ if (type == G_LOCK_DOWNGRADE) {
+ DBG_DEBUG("Downgrading %s from WRITE to READ\n",
+ server_id_str_buf(self, &tmp));
+
+ lck.exclusive = (struct server_id) { .pid = 0 };
+ goto do_shared;
+ }
+
+ if (!retry) {
+ dbwrap_watched_watch_remove_instance(rec,
+ state->watch_instance);
+
+ DBG_DEBUG("%s already locked by self\n",
+ server_id_str_buf(self, &tmp));
+ return NT_STATUS_WAS_LOCKED;
+ }
+
+ g_lock_cleanup_shared(&lck);
+
+ if (lck.num_shared != 0) {
+ g_lock_get_shared(&lck, 0, blocker);
+
+ DBG_DEBUG("Continue waiting for shared lock %s\n",
+ server_id_str_buf(*blocker, &tmp));
+
+ /*
+ * We will return NT_STATUS_LOCK_NOT_GRANTED
+ * and need to monitor the record.
+ *
+ * If we don't have a watcher instance yet,
+ * we should add one.
+ */
+ if (state->watch_instance == 0) {
+ state->watch_instance =
+ dbwrap_watched_watch_add_instance(rec);
+ }
+
+ return NT_STATUS_LOCK_NOT_GRANTED;
+ }
+
+ /*
+ * Retry after a conflicting lock was released..
+ * All pending readers are gone so we got the lock...
+ */
+ goto got_lock;
+ }
+
+noexclusive:
+
+ if (type == G_LOCK_UPGRADE) {
+ ssize_t shared_idx = g_lock_find_shared(&lck, &self);
+
+ if (shared_idx == -1) {
+ dbwrap_watched_watch_remove_instance(rec,
+ state->watch_instance);
+
+ DBG_DEBUG("Trying to upgrade %s without "
+ "existing shared lock\n",
+ server_id_str_buf(self, &tmp));
+ return NT_STATUS_NOT_LOCKED;
+ }
+
+ g_lock_del_shared(&lck, shared_idx);
+ type = G_LOCK_WRITE;
+ }
+
+ if (type == G_LOCK_WRITE) {
+ ssize_t shared_idx = g_lock_find_shared(&lck, &self);
+
+ if (shared_idx != -1) {
+ dbwrap_watched_watch_remove_instance(rec,
+ state->watch_instance);
+ DBG_DEBUG("Trying to writelock existing shared %s\n",
+ server_id_str_buf(self, &tmp));
+ return NT_STATUS_WAS_LOCKED;
+ }
+
+ lck.exclusive = self;
+
+ g_lock_cleanup_shared(&lck);
+
+ if (lck.num_shared == 0) {
+ /*
+ * If we store ourself as exclusive writer,
+ * without any pending readers ...
+ */
+ goto got_lock;
+ }
+
+ if (state->watch_instance == 0) {
+ /*
+ * Here we have lck.num_shared != 0.
+ *
+ * We will return NT_STATUS_LOCK_NOT_GRANTED
+ * below.
+ *
+ * And don't have a watcher instance yet!
+ *
+ * We add it here before g_lock_store()
+ * in order to trigger just one
+ * low level dbwrap_do_locked() call.
+ */
+ state->watch_instance =
+ dbwrap_watched_watch_add_instance(rec);
+ }
+
+ status = g_lock_store(rec, &lck, NULL, NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("g_lock_store() failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ talloc_set_destructor(
+ req_state, g_lock_lock_state_destructor);
+
+ g_lock_get_shared(&lck, 0, blocker);
+
+ DBG_DEBUG("Waiting for %zu shared locks, "
+ "picking blocker %s\n",
+ lck.num_shared,
+ server_id_str_buf(*blocker, &tmp));
+
+ return NT_STATUS_LOCK_NOT_GRANTED;
+ }
+
+do_shared:
+
+ g_lock_cleanup_shared(&lck);
+ cb_state.new_shared = &self;
+ goto got_lock;
+
+got_lock:
+ /*
+ * We got the lock we asked for, so we no
+ * longer need to monitor the record.
+ */
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+
+ status = g_lock_lock_cb_run_and_store(&cb_state);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_WAS_UNLOCKED))
+ {
+ DBG_WARNING("g_lock_lock_cb_run_and_store() failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ talloc_set_destructor(req_state, NULL);
+ return status;
+}
+
+static void g_lock_lock_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct g_lock_lock_fn_state *state = private_data;
+ struct server_id blocker = {0};
+
+ /*
+ * We're trying to get a lock and if we are
+ * successful in doing that, we should not
+ * wakeup any other waiters, all they would
+ * find is that we're holding a lock they
+ * are conflicting with.
+ */
+ dbwrap_watched_watch_skip_alerting(rec);
+
+ state->status = g_lock_trylock(rec, state, value, &blocker);
+ if (!NT_STATUS_IS_OK(state->status)) {
+ DBG_DEBUG("g_lock_trylock returned %s\n",
+ nt_errstr(state->status));
+ }
+ if (!NT_STATUS_EQUAL(state->status, NT_STATUS_LOCK_NOT_GRANTED)) {
+ return;
+ }
+
+ state->watch_req = dbwrap_watched_watch_send(
+ state->req_state, state->req_state->ev, rec, state->watch_instance, blocker);
+ if (state->watch_req == NULL) {
+ state->status = NT_STATUS_NO_MEMORY;
+ }
+}
+
+static int g_lock_lock_state_destructor(struct g_lock_lock_state *s)
+{
+ NTSTATUS status = g_lock_unlock(s->ctx, s->key);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("g_lock_unlock failed: %s\n", nt_errstr(status));
+ }
+ return 0;
+}
+
+static void g_lock_lock_retry(struct tevent_req *subreq);
+
+struct tevent_req *g_lock_lock_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct g_lock_ctx *ctx,
+ TDB_DATA key,
+ enum g_lock_type type,
+ g_lock_lock_cb_fn_t cb_fn,
+ void *cb_private)
+{
+ struct tevent_req *req;
+ struct g_lock_lock_state *state;
+ struct g_lock_lock_fn_state fn_state;
+ NTSTATUS status;
+ bool ok;
+
+ SMB_ASSERT(!ctx->busy);
+
+ req = tevent_req_create(mem_ctx, &state, struct g_lock_lock_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ctx = ctx;
+ state->key = key;
+ state->type = type;
+ state->cb_fn = cb_fn;
+ state->cb_private = cb_private;
+
+ fn_state = (struct g_lock_lock_fn_state) {
+ .req_state = state,
+ };
+
+ /*
+ * We allow a cn_fn only for G_LOCK_WRITE for now.
+ *
+ * It's all we currently need and it makes a few things
+ * easier to implement.
+ */
+ if (unlikely(cb_fn != NULL && type != G_LOCK_WRITE)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_6);
+ return tevent_req_post(req, ev);
+ }
+
+ status = dbwrap_do_locked(ctx->db, key, g_lock_lock_fn, &fn_state);
+ if (tevent_req_nterror(req, status)) {
+ DBG_DEBUG("dbwrap_do_locked failed: %s\n",
+ nt_errstr(status));
+ return tevent_req_post(req, ev);
+ }
+
+ if (NT_STATUS_IS_OK(fn_state.status)) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+ if (!NT_STATUS_EQUAL(fn_state.status, NT_STATUS_LOCK_NOT_GRANTED)) {
+ tevent_req_nterror(req, fn_state.status);
+ return tevent_req_post(req, ev);
+ }
+
+ if (tevent_req_nomem(fn_state.watch_req, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ ok = tevent_req_set_endtime(
+ fn_state.watch_req,
+ state->ev,
+ timeval_current_ofs(5 + generate_random() % 5, 0));
+ if (!ok) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(fn_state.watch_req, g_lock_lock_retry, req);
+
+ return req;
+}
+
+static void g_lock_lock_retry(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct g_lock_lock_state *state = tevent_req_data(
+ req, struct g_lock_lock_state);
+ struct g_lock_lock_fn_state fn_state;
+ struct server_id blocker = { .pid = 0 };
+ bool blockerdead = false;
+ NTSTATUS status;
+ uint64_t instance = 0;
+
+ status = dbwrap_watched_watch_recv(subreq, &instance, &blockerdead, &blocker);
+ DBG_DEBUG("watch_recv returned %s\n", nt_errstr(status));
+ TALLOC_FREE(subreq);
+
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ state->retry = true;
+
+ fn_state = (struct g_lock_lock_fn_state) {
+ .req_state = state,
+ .dead_blocker = blockerdead ? &blocker : NULL,
+ .watch_instance = instance,
+ };
+
+ status = dbwrap_do_locked(state->ctx->db, state->key,
+ g_lock_lock_fn, &fn_state);
+ if (tevent_req_nterror(req, status)) {
+ DBG_DEBUG("dbwrap_do_locked failed: %s\n",
+ nt_errstr(status));
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(fn_state.status)) {
+ tevent_req_done(req);
+ return;
+ }
+ if (!NT_STATUS_EQUAL(fn_state.status, NT_STATUS_LOCK_NOT_GRANTED)) {
+ tevent_req_nterror(req, fn_state.status);
+ return;
+ }
+
+ if (tevent_req_nomem(fn_state.watch_req, req)) {
+ return;
+ }
+
+ if (!tevent_req_set_endtime(
+ fn_state.watch_req, state->ev,
+ timeval_current_ofs(5 + generate_random() % 5, 0))) {
+ return;
+ }
+ tevent_req_set_callback(fn_state.watch_req, g_lock_lock_retry, req);
+}
+
+NTSTATUS g_lock_lock_recv(struct tevent_req *req)
+{
+ struct g_lock_lock_state *state = tevent_req_data(
+ req, struct g_lock_lock_state);
+ struct g_lock_ctx *ctx = state->ctx;
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_WAS_UNLOCKED)) {
+ return NT_STATUS_OK;
+ }
+ return status;
+ }
+
+ if ((ctx->lock_order != DBWRAP_LOCK_ORDER_NONE) &&
+ ((state->type == G_LOCK_READ) ||
+ (state->type == G_LOCK_WRITE))) {
+ const char *name = dbwrap_name(ctx->db);
+ dbwrap_lock_order_lock(name, ctx->lock_order);
+ }
+
+ return NT_STATUS_OK;
+}
+
+struct g_lock_lock_simple_state {
+ struct g_lock_ctx *ctx;
+ struct server_id me;
+ enum g_lock_type type;
+ NTSTATUS status;
+ g_lock_lock_cb_fn_t cb_fn;
+ void *cb_private;
+};
+
+static void g_lock_lock_simple_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct g_lock_lock_simple_state *state = private_data;
+ struct server_id_buf buf;
+ struct g_lock lck = { .exclusive.pid = 0 };
+ struct g_lock_lock_cb_state cb_state = {
+ .ctx = state->ctx,
+ .rec = rec,
+ .lck = &lck,
+ .cb_fn = state->cb_fn,
+ .cb_private = state->cb_private,
+ .existed = value.dsize != 0,
+ .update_mem_ctx = talloc_tos(),
+ };
+ bool ok;
+
+ ok = g_lock_parse(value.dptr, value.dsize, &lck);
+ if (!ok) {
+ DBG_DEBUG("g_lock_parse failed\n");
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+
+ if (lck.exclusive.pid != 0) {
+ DBG_DEBUG("locked by %s\n",
+ server_id_str_buf(lck.exclusive, &buf));
+ goto not_granted;
+ }
+
+ if (state->type == G_LOCK_WRITE) {
+ if (lck.num_shared != 0) {
+ DBG_DEBUG("num_shared=%zu\n", lck.num_shared);
+ goto not_granted;
+ }
+ lck.exclusive = state->me;
+ } else if (state->type == G_LOCK_READ) {
+ g_lock_cleanup_shared(&lck);
+ cb_state.new_shared = &state->me;
+ } else {
+ smb_panic(__location__);
+ }
+
+ lck.unique_lock_epoch = generate_unique_u64(lck.unique_lock_epoch);
+
+ /*
+ * We are going to store us as owner,
+ * so we got what we were waiting for.
+ *
+ * So we no longer need to monitor the
+ * record.
+ */
+ dbwrap_watched_watch_skip_alerting(rec);
+
+ state->status = g_lock_lock_cb_run_and_store(&cb_state);
+ if (!NT_STATUS_IS_OK(state->status) &&
+ !NT_STATUS_EQUAL(state->status, NT_STATUS_WAS_UNLOCKED))
+ {
+ DBG_WARNING("g_lock_lock_cb_run_and_store() failed: %s\n",
+ nt_errstr(state->status));
+ return;
+ }
+
+ return;
+
+not_granted:
+ state->status = NT_STATUS_LOCK_NOT_GRANTED;
+}
+
+NTSTATUS g_lock_lock(struct g_lock_ctx *ctx, TDB_DATA key,
+ enum g_lock_type type, struct timeval timeout,
+ g_lock_lock_cb_fn_t cb_fn,
+ void *cb_private)
+{
+ TALLOC_CTX *frame;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ struct timeval end;
+ NTSTATUS status;
+
+ SMB_ASSERT(!ctx->busy);
+
+ /*
+ * We allow a cn_fn only for G_LOCK_WRITE for now.
+ *
+ * It's all we currently need and it makes a few things
+ * easier to implement.
+ */
+ if (unlikely(cb_fn != NULL && type != G_LOCK_WRITE)) {
+ return NT_STATUS_INVALID_PARAMETER_5;
+ }
+
+ if ((type == G_LOCK_READ) || (type == G_LOCK_WRITE)) {
+ /*
+ * This is an abstraction violation: Normally we do
+ * the sync wrappers around async functions with full
+ * nested event contexts. However, this is used in
+ * very hot code paths, so avoid the event context
+ * creation for the good path where there's no lock
+ * contention. My benchmark gave a factor of 2
+ * improvement for lock/unlock.
+ */
+ struct g_lock_lock_simple_state state = {
+ .ctx = ctx,
+ .me = messaging_server_id(ctx->msg),
+ .type = type,
+ .cb_fn = cb_fn,
+ .cb_private = cb_private,
+ };
+ status = dbwrap_do_locked(
+ ctx->db, key, g_lock_lock_simple_fn, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("dbwrap_do_locked() failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ DBG_DEBUG("status=%s, state.status=%s\n",
+ nt_errstr(status),
+ nt_errstr(state.status));
+
+ if (NT_STATUS_IS_OK(state.status)) {
+ if (ctx->lock_order != DBWRAP_LOCK_ORDER_NONE) {
+ const char *name = dbwrap_name(ctx->db);
+ dbwrap_lock_order_lock(name, ctx->lock_order);
+ }
+ return NT_STATUS_OK;
+ }
+ if (NT_STATUS_EQUAL(state.status, NT_STATUS_WAS_UNLOCKED)) {
+ /* without dbwrap_lock_order_lock() */
+ return NT_STATUS_OK;
+ }
+ if (!NT_STATUS_EQUAL(
+ state.status, NT_STATUS_LOCK_NOT_GRANTED)) {
+ return state.status;
+ }
+
+ if (timeval_is_zero(&timeout)) {
+ return NT_STATUS_LOCK_NOT_GRANTED;
+ }
+
+ /*
+ * Fall back to the full g_lock_trylock logic,
+ * g_lock_lock_simple_fn() called above only covers
+ * the uncontended path.
+ */
+ }
+
+ frame = talloc_stackframe();
+ status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = g_lock_lock_send(frame, ev, ctx, key, type, cb_fn, cb_private);
+ if (req == NULL) {
+ goto fail;
+ }
+ end = timeval_current_ofs(timeout.tv_sec, timeout.tv_usec);
+ if (!tevent_req_set_endtime(req, ev, end)) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = g_lock_lock_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct g_lock_unlock_state {
+ struct server_id self;
+ NTSTATUS status;
+};
+
+static void g_lock_unlock_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct g_lock_unlock_state *state = private_data;
+ struct server_id_buf tmp1, tmp2;
+ struct g_lock lck;
+ size_t i;
+ bool ok, exclusive;
+
+ ok = g_lock_parse(value.dptr, value.dsize, &lck);
+ if (!ok) {
+ DBG_DEBUG("g_lock_parse() failed\n");
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+
+ exclusive = server_id_equal(&state->self, &lck.exclusive);
+
+ for (i=0; i<lck.num_shared; i++) {
+ struct server_id shared;
+ g_lock_get_shared(&lck, i, &shared);
+ if (server_id_equal(&state->self, &shared)) {
+ break;
+ }
+ }
+
+ if (i < lck.num_shared) {
+ if (exclusive) {
+ DBG_DEBUG("%s both exclusive and shared (%zu)\n",
+ server_id_str_buf(state->self, &tmp1),
+ i);
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+ g_lock_del_shared(&lck, i);
+ } else {
+ if (!exclusive) {
+ DBG_DEBUG("Lock not found, self=%s, lck.exclusive=%s, "
+ "num_shared=%zu\n",
+ server_id_str_buf(state->self, &tmp1),
+ server_id_str_buf(lck.exclusive, &tmp2),
+ lck.num_shared);
+ state->status = NT_STATUS_NOT_FOUND;
+ return;
+ }
+ lck.exclusive = (struct server_id) { .pid = 0 };
+ }
+
+ if ((lck.exclusive.pid == 0) &&
+ (lck.num_shared == 0) &&
+ (lck.datalen == 0)) {
+ state->status = dbwrap_record_delete(rec);
+ return;
+ }
+
+ if (!exclusive && lck.exclusive.pid != 0) {
+ /*
+ * We only had a read lock and there's
+ * someone waiting for an exclusive lock.
+ *
+ * Don't alert the exclusive lock waiter
+ * if there are still other read lock holders.
+ */
+ g_lock_cleanup_shared(&lck);
+ if (lck.num_shared != 0) {
+ dbwrap_watched_watch_skip_alerting(rec);
+ }
+ }
+
+ lck.unique_lock_epoch = generate_unique_u64(lck.unique_lock_epoch);
+
+ state->status = g_lock_store(rec, &lck, NULL, NULL, 0);
+}
+
+NTSTATUS g_lock_unlock(struct g_lock_ctx *ctx, TDB_DATA key)
+{
+ struct g_lock_unlock_state state = {
+ .self = messaging_server_id(ctx->msg),
+ };
+ NTSTATUS status;
+
+ SMB_ASSERT(!ctx->busy);
+
+ status = dbwrap_do_locked(ctx->db, key, g_lock_unlock_fn, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("dbwrap_do_locked failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(state.status)) {
+ DBG_WARNING("g_lock_unlock_fn failed: %s\n",
+ nt_errstr(state.status));
+ return state.status;
+ }
+
+ if (ctx->lock_order != DBWRAP_LOCK_ORDER_NONE) {
+ const char *name = dbwrap_name(ctx->db);
+ dbwrap_lock_order_unlock(name, ctx->lock_order);
+ }
+
+ return NT_STATUS_OK;
+}
+
+struct g_lock_writev_data_state {
+ TDB_DATA key;
+ struct server_id self;
+ const TDB_DATA *dbufs;
+ size_t num_dbufs;
+ NTSTATUS status;
+};
+
+static void g_lock_writev_data_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct g_lock_writev_data_state *state = private_data;
+ struct g_lock lck;
+ bool exclusive;
+ bool ok;
+
+ /*
+ * We're holding an exclusive write lock.
+ *
+ * Now we're updating the content of the record.
+ *
+ * We should not wakeup any other waiters, all they
+ * would find is that we're still holding a lock they
+ * are conflicting with.
+ */
+ dbwrap_watched_watch_skip_alerting(rec);
+
+ ok = g_lock_parse(value.dptr, value.dsize, &lck);
+ if (!ok) {
+ DBG_DEBUG("g_lock_parse for %s failed\n",
+ tdb_data_dbg(state->key));
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+
+ exclusive = server_id_equal(&state->self, &lck.exclusive);
+
+ /*
+ * Make sure we're really exclusive. We are marked as
+ * exclusive when we are waiting for an exclusive lock
+ */
+ exclusive &= (lck.num_shared == 0);
+
+ if (!exclusive) {
+ struct server_id_buf buf1, buf2;
+ DBG_DEBUG("Not locked by us: self=%s, lck.exclusive=%s, "
+ "lck.num_shared=%zu\n",
+ server_id_str_buf(state->self, &buf1),
+ server_id_str_buf(lck.exclusive, &buf2),
+ lck.num_shared);
+ state->status = NT_STATUS_NOT_LOCKED;
+ return;
+ }
+
+ lck.unique_data_epoch = generate_unique_u64(lck.unique_data_epoch);
+ lck.data = NULL;
+ lck.datalen = 0;
+ state->status = g_lock_store(
+ rec, &lck, NULL, state->dbufs, state->num_dbufs);
+}
+
+NTSTATUS g_lock_writev_data(
+ struct g_lock_ctx *ctx,
+ TDB_DATA key,
+ const TDB_DATA *dbufs,
+ size_t num_dbufs)
+{
+ struct g_lock_writev_data_state state = {
+ .key = key,
+ .self = messaging_server_id(ctx->msg),
+ .dbufs = dbufs,
+ .num_dbufs = num_dbufs,
+ };
+ NTSTATUS status;
+
+ SMB_ASSERT(!ctx->busy);
+
+ status = dbwrap_do_locked(
+ ctx->db, key, g_lock_writev_data_fn, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("dbwrap_do_locked failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(state.status)) {
+ DBG_WARNING("g_lock_writev_data_fn failed: %s\n",
+ nt_errstr(state.status));
+ return state.status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS g_lock_write_data(struct g_lock_ctx *ctx, TDB_DATA key,
+ const uint8_t *buf, size_t buflen)
+{
+ TDB_DATA dbuf = {
+ .dptr = discard_const_p(uint8_t, buf),
+ .dsize = buflen,
+ };
+ return g_lock_writev_data(ctx, key, &dbuf, 1);
+}
+
+struct g_lock_locks_state {
+ int (*fn)(TDB_DATA key, void *private_data);
+ void *private_data;
+};
+
+static int g_lock_locks_fn(struct db_record *rec, void *priv)
+{
+ TDB_DATA key;
+ struct g_lock_locks_state *state = (struct g_lock_locks_state *)priv;
+
+ key = dbwrap_record_get_key(rec);
+ return state->fn(key, state->private_data);
+}
+
+int g_lock_locks(struct g_lock_ctx *ctx,
+ int (*fn)(TDB_DATA key, void *private_data),
+ void *private_data)
+{
+ struct g_lock_locks_state state;
+ NTSTATUS status;
+ int count;
+
+ SMB_ASSERT(!ctx->busy);
+
+ state.fn = fn;
+ state.private_data = private_data;
+
+ status = dbwrap_traverse_read(ctx->db, g_lock_locks_fn, &state, &count);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+ return count;
+}
+
+struct g_lock_dump_state {
+ TALLOC_CTX *mem_ctx;
+ TDB_DATA key;
+ void (*fn)(struct server_id exclusive,
+ size_t num_shared,
+ const struct server_id *shared,
+ const uint8_t *data,
+ size_t datalen,
+ void *private_data);
+ void *private_data;
+ NTSTATUS status;
+ enum dbwrap_req_state req_state;
+};
+
+static void g_lock_dump_fn(TDB_DATA key, TDB_DATA data,
+ void *private_data)
+{
+ struct g_lock_dump_state *state = private_data;
+ struct g_lock lck = (struct g_lock) { .exclusive.pid = 0 };
+ struct server_id *shared = NULL;
+ size_t i;
+ bool ok;
+
+ ok = g_lock_parse(data.dptr, data.dsize, &lck);
+ if (!ok) {
+ DBG_DEBUG("g_lock_parse failed for %s\n",
+ tdb_data_dbg(state->key));
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+
+ if (lck.num_shared > 0) {
+ shared = talloc_array(
+ state->mem_ctx, struct server_id, lck.num_shared);
+ if (shared == NULL) {
+ DBG_DEBUG("talloc failed\n");
+ state->status = NT_STATUS_NO_MEMORY;
+ return;
+ }
+ }
+
+ for (i=0; i<lck.num_shared; i++) {
+ g_lock_get_shared(&lck, i, &shared[i]);
+ }
+
+ state->fn(lck.exclusive,
+ lck.num_shared,
+ shared,
+ lck.data,
+ lck.datalen,
+ state->private_data);
+
+ TALLOC_FREE(shared);
+
+ state->status = NT_STATUS_OK;
+}
+
+NTSTATUS g_lock_dump(struct g_lock_ctx *ctx, TDB_DATA key,
+ void (*fn)(struct server_id exclusive,
+ size_t num_shared,
+ const struct server_id *shared,
+ const uint8_t *data,
+ size_t datalen,
+ void *private_data),
+ void *private_data)
+{
+ struct g_lock_dump_state state = {
+ .mem_ctx = ctx, .key = key,
+ .fn = fn, .private_data = private_data
+ };
+ NTSTATUS status;
+
+ SMB_ASSERT(!ctx->busy);
+
+ status = dbwrap_parse_record(ctx->db, key, g_lock_dump_fn, &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("dbwrap_parse_record returned %s\n",
+ nt_errstr(status));
+ return status;
+ }
+ if (!NT_STATUS_IS_OK(state.status)) {
+ DBG_DEBUG("g_lock_dump_fn returned %s\n",
+ nt_errstr(state.status));
+ return state.status;
+ }
+ return NT_STATUS_OK;
+}
+
+static void g_lock_dump_done(struct tevent_req *subreq);
+
+struct tevent_req *g_lock_dump_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct g_lock_ctx *ctx,
+ TDB_DATA key,
+ void (*fn)(struct server_id exclusive,
+ size_t num_shared,
+ const struct server_id *shared,
+ const uint8_t *data,
+ size_t datalen,
+ void *private_data),
+ void *private_data)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct g_lock_dump_state *state = NULL;
+
+ SMB_ASSERT(!ctx->busy);
+
+ req = tevent_req_create(mem_ctx, &state, struct g_lock_dump_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->mem_ctx = state;
+ state->key = key;
+ state->fn = fn;
+ state->private_data = private_data;
+
+ SMB_ASSERT(!ctx->busy);
+
+ subreq = dbwrap_parse_record_send(
+ state,
+ ev,
+ ctx->db,
+ key,
+ g_lock_dump_fn,
+ state,
+ &state->req_state);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, g_lock_dump_done, req);
+ return req;
+}
+
+static void g_lock_dump_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct g_lock_dump_state *state = tevent_req_data(
+ req, struct g_lock_dump_state);
+ NTSTATUS status;
+
+ status = dbwrap_parse_record_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status) ||
+ tevent_req_nterror(req, state->status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS g_lock_dump_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+int g_lock_seqnum(struct g_lock_ctx *ctx)
+{
+ return dbwrap_get_seqnum(ctx->db);
+}
+
+struct g_lock_watch_data_state {
+ struct tevent_context *ev;
+ struct g_lock_ctx *ctx;
+ TDB_DATA key;
+ struct server_id blocker;
+ bool blockerdead;
+ uint64_t unique_lock_epoch;
+ uint64_t unique_data_epoch;
+ uint64_t watch_instance;
+ NTSTATUS status;
+};
+
+static void g_lock_watch_data_done(struct tevent_req *subreq);
+
+static void g_lock_watch_data_send_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct tevent_req *req = talloc_get_type_abort(
+ private_data, struct tevent_req);
+ struct g_lock_watch_data_state *state = tevent_req_data(
+ req, struct g_lock_watch_data_state);
+ struct tevent_req *subreq = NULL;
+ struct g_lock lck;
+ bool ok;
+
+ ok = g_lock_parse(value.dptr, value.dsize, &lck);
+ if (!ok) {
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+ state->unique_lock_epoch = lck.unique_lock_epoch;
+ state->unique_data_epoch = lck.unique_data_epoch;
+
+ DBG_DEBUG("state->unique_data_epoch=%"PRIu64"\n", state->unique_data_epoch);
+
+ subreq = dbwrap_watched_watch_send(
+ state, state->ev, rec, 0, state->blocker);
+ if (subreq == NULL) {
+ state->status = NT_STATUS_NO_MEMORY;
+ return;
+ }
+ tevent_req_set_callback(subreq, g_lock_watch_data_done, req);
+
+ state->status = NT_STATUS_EVENT_PENDING;
+}
+
+struct tevent_req *g_lock_watch_data_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct g_lock_ctx *ctx,
+ TDB_DATA key,
+ struct server_id blocker)
+{
+ struct tevent_req *req = NULL;
+ struct g_lock_watch_data_state *state = NULL;
+ NTSTATUS status;
+
+ SMB_ASSERT(!ctx->busy);
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct g_lock_watch_data_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ctx = ctx;
+ state->blocker = blocker;
+
+ state->key = tdb_data_talloc_copy(state, key);
+ if (tevent_req_nomem(state->key.dptr, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = dbwrap_do_locked(
+ ctx->db, key, g_lock_watch_data_send_fn, req);
+ if (tevent_req_nterror(req, status)) {
+ DBG_DEBUG("dbwrap_do_locked returned %s\n", nt_errstr(status));
+ return tevent_req_post(req, ev);
+ }
+
+ if (NT_STATUS_EQUAL(state->status, NT_STATUS_EVENT_PENDING)) {
+ return req;
+ }
+ if (tevent_req_nterror(req, state->status)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+}
+
+static void g_lock_watch_data_done_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct tevent_req *req = talloc_get_type_abort(
+ private_data, struct tevent_req);
+ struct g_lock_watch_data_state *state = tevent_req_data(
+ req, struct g_lock_watch_data_state);
+ struct tevent_req *subreq = NULL;
+ struct g_lock lck;
+ bool ok;
+
+ ok = g_lock_parse(value.dptr, value.dsize, &lck);
+ if (!ok) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ state->status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return;
+ }
+
+ if (lck.unique_data_epoch != state->unique_data_epoch) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ DBG_DEBUG("lck.unique_data_epoch=%"PRIu64", "
+ "state->unique_data_epoch=%"PRIu64"\n",
+ lck.unique_data_epoch,
+ state->unique_data_epoch);
+ state->status = NT_STATUS_OK;
+ return;
+ }
+
+ /*
+ * The lock epoch changed, so we better
+ * remove ourself from the waiter list
+ * (most likely the first position)
+ * and re-add us at the end of the list.
+ *
+ * This gives other lock waiters a change
+ * to make progress.
+ *
+ * Otherwise we'll keep our waiter instance alive,
+ * keep waiting (most likely at first position).
+ */
+ if (lck.unique_lock_epoch != state->unique_lock_epoch) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ state->watch_instance = dbwrap_watched_watch_add_instance(rec);
+ state->unique_lock_epoch = lck.unique_lock_epoch;
+ }
+
+ subreq = dbwrap_watched_watch_send(
+ state, state->ev, rec, state->watch_instance, state->blocker);
+ if (subreq == NULL) {
+ dbwrap_watched_watch_remove_instance(rec, state->watch_instance);
+ state->status = NT_STATUS_NO_MEMORY;
+ return;
+ }
+ tevent_req_set_callback(subreq, g_lock_watch_data_done, req);
+
+ state->status = NT_STATUS_EVENT_PENDING;
+}
+
+static void g_lock_watch_data_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct g_lock_watch_data_state *state = tevent_req_data(
+ req, struct g_lock_watch_data_state);
+ NTSTATUS status;
+ uint64_t instance = 0;
+
+ status = dbwrap_watched_watch_recv(
+ subreq, &instance, &state->blockerdead, &state->blocker);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ DBG_DEBUG("dbwrap_watched_watch_recv returned %s\n",
+ nt_errstr(status));
+ return;
+ }
+
+ state->watch_instance = instance;
+
+ status = dbwrap_do_locked(
+ state->ctx->db, state->key, g_lock_watch_data_done_fn, req);
+ if (tevent_req_nterror(req, status)) {
+ DBG_DEBUG("dbwrap_do_locked returned %s\n", nt_errstr(status));
+ return;
+ }
+ if (NT_STATUS_EQUAL(state->status, NT_STATUS_EVENT_PENDING)) {
+ return;
+ }
+ if (tevent_req_nterror(req, state->status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS g_lock_watch_data_recv(
+ struct tevent_req *req,
+ bool *blockerdead,
+ struct server_id *blocker)
+{
+ struct g_lock_watch_data_state *state = tevent_req_data(
+ req, struct g_lock_watch_data_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (blockerdead != NULL) {
+ *blockerdead = state->blockerdead;
+ }
+ if (blocker != NULL) {
+ *blocker = state->blocker;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static void g_lock_wake_watchers_fn(
+ struct db_record *rec,
+ TDB_DATA value,
+ void *private_data)
+{
+ struct g_lock lck = { .exclusive.pid = 0 };
+ NTSTATUS status;
+ bool ok;
+
+ ok = g_lock_parse(value.dptr, value.dsize, &lck);
+ if (!ok) {
+ DBG_WARNING("g_lock_parse failed\n");
+ return;
+ }
+
+ lck.unique_data_epoch = generate_unique_u64(lck.unique_data_epoch);
+
+ status = g_lock_store(rec, &lck, NULL, NULL, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("g_lock_store failed: %s\n", nt_errstr(status));
+ return;
+ }
+}
+
+void g_lock_wake_watchers(struct g_lock_ctx *ctx, TDB_DATA key)
+{
+ NTSTATUS status;
+
+ SMB_ASSERT(!ctx->busy);
+
+ status = dbwrap_do_locked(ctx->db, key, g_lock_wake_watchers_fn, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("dbwrap_do_locked returned %s\n",
+ nt_errstr(status));
+ }
+}
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
new file mode 100644
index 0000000..07a08fa
--- /dev/null
+++ b/source3/lib/gencache.c
@@ -0,0 +1,742 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Generic, persistent and shared between processes cache mechanism for use
+ by various parts of the Samba code
+
+ Copyright (C) Rafal Szczesniak 2002
+ Copyright (C) Volker Lendecke 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/gencache.h"
+#include "system/filesys.h"
+#include "system/glob.h"
+#include "util_tdb.h"
+#include "tdb_wrap/tdb_wrap.h"
+#include "zlib.h"
+#include "lib/util/strv.h"
+#include "lib/util/util_paths.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_TDB
+
+#define GENCACHE_USER_PATH "~/.cache/samba/gencache.tdb"
+
+static struct tdb_wrap *cache;
+
+/**
+ * @file gencache.c
+ * @brief Generic, persistent and shared between processes cache mechanism
+ * for use by various parts of the Samba code
+ *
+ **/
+
+static bool gencache_pull_timeout(TDB_DATA key,
+ TDB_DATA data,
+ time_t *pres,
+ DATA_BLOB *payload);
+
+struct gencache_timeout {
+ time_t timeout;
+};
+
+bool gencache_timeout_expired(const struct gencache_timeout *t)
+{
+ return t->timeout <= time(NULL);
+}
+
+/**
+ * Cache initialisation function. Opens cache tdb file or creates
+ * it if does not exist.
+ *
+ * @return true on successful initialisation of the cache or
+ * false on failure
+ **/
+
+static bool gencache_init(void)
+{
+ char* cache_fname = NULL;
+ int open_flags = O_RDWR|O_CREAT;
+ int tdb_flags = TDB_INCOMPATIBLE_HASH|TDB_NOSYNC|TDB_MUTEX_LOCKING;
+ int hash_size;
+
+ /* skip file open if it's already opened */
+ if (cache) {
+ return true;
+ }
+
+ hash_size = lp_parm_int(-1, "gencache", "hash_size", 10000);
+
+ cache_fname = lock_path(talloc_tos(), "gencache.tdb");
+ if (cache_fname == NULL) {
+ return false;
+ }
+
+ DEBUG(5, ("Opening cache file at %s\n", cache_fname));
+
+ cache = tdb_wrap_open(NULL, cache_fname, hash_size,
+ tdb_flags,
+ open_flags, 0644);
+ /*
+ * Allow client tools to create a gencache in the home directory
+ * as a normal user.
+ */
+ if (cache == NULL && errno == EACCES && geteuid() != 0) {
+ char *cache_dname = NULL, *tmp = NULL;
+ bool ok;
+
+ TALLOC_FREE(cache_fname);
+
+ cache_fname = path_expand_tilde(talloc_tos(),
+ GENCACHE_USER_PATH);
+ if (cache_fname == NULL) {
+ DBG_ERR("Failed to expand path: %s\n",
+ GENCACHE_USER_PATH);
+ return false;
+ }
+
+ tmp = talloc_strdup(talloc_tos(), cache_fname);
+ if (tmp == NULL) {
+ DBG_ERR("No memory!\n");
+ TALLOC_FREE(cache_fname);
+ return false;
+ }
+
+ cache_dname = dirname(tmp);
+ if (cache_dname == NULL) {
+ DBG_ERR("Invalid path: %s\n", cache_fname);
+ TALLOC_FREE(tmp);
+ TALLOC_FREE(cache_fname);
+ return false;
+ }
+
+ ok = directory_create_or_exists_recursive(cache_dname, 0700);
+ if (!ok) {
+ DBG_ERR("Failed to create directory: %s - %s\n",
+ cache_dname, strerror(errno));
+ TALLOC_FREE(tmp);
+ TALLOC_FREE(cache_fname);
+ return false;
+ }
+ TALLOC_FREE(tmp);
+
+ cache = tdb_wrap_open(NULL,
+ cache_fname,
+ hash_size,
+ tdb_flags,
+ open_flags,
+ 0644);
+ if (cache != NULL) {
+ DBG_INFO("Opening user cache file %s.\n",
+ cache_fname);
+ }
+ }
+
+ if (cache == NULL) {
+ DEBUG(5, ("Opening %s failed: %s\n", cache_fname,
+ strerror(errno)));
+ TALLOC_FREE(cache_fname);
+ return false;
+ }
+ TALLOC_FREE(cache_fname);
+
+ return true;
+}
+
+/*
+ * Walk the hash chain for "key", deleting all expired entries for
+ * that hash chain
+ */
+struct gencache_prune_expired_state {
+ TALLOC_CTX *mem_ctx;
+ char *keys;
+};
+
+static int gencache_prune_expired_fn(struct tdb_context *tdb,
+ TDB_DATA key,
+ TDB_DATA data,
+ void *private_data)
+{
+ struct gencache_prune_expired_state *state = private_data;
+ struct gencache_timeout t;
+ bool ok = false;
+ bool expired = false;
+
+ if ((key.dsize == 0) || (key.dptr[key.dsize-1] != '\0')) {
+ /* not a valid record, should never happen */
+ return 0;
+ }
+
+ ok = gencache_pull_timeout(key, data, &t.timeout, NULL);
+ if (ok) {
+ expired = gencache_timeout_expired(&t);
+ }
+
+ if (!ok || expired) {
+ int ret;
+
+ ret = strv_add(state->mem_ctx, &state->keys, (char *)key.dptr);
+ if (ret != 0) {
+ /*
+ * Exit the loop. It's unlikely that it will
+ * succeed next time.
+ */
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+static void gencache_prune_expired(struct tdb_context *tdb,
+ TDB_DATA chain_key)
+{
+ struct gencache_prune_expired_state state = {
+ .mem_ctx = talloc_tos(),
+ };
+ char *keystr = NULL;
+ int ret;
+
+ ret = tdb_traverse_key_chain(
+ tdb, chain_key, gencache_prune_expired_fn, &state);
+ if (ret == -1) {
+ DBG_DEBUG("tdb_traverse_key_chain failed: %s\n",
+ tdb_errorstr(tdb));
+ return;
+ }
+
+ while ((keystr = strv_next(state.keys, keystr)) != NULL) {
+ TDB_DATA key = string_term_tdb_data(keystr);
+
+ /*
+ * We expect the hash chain of "chain_key" to be
+ * locked. So between gencache_prune_expired_fn
+ * figuring out "keystr" is expired and the
+ * tdb_delete, nobody can have reset the timeout.
+ */
+ tdb_delete(tdb, key);
+ }
+
+ TALLOC_FREE(state.keys);
+}
+
+/**
+ * Set an entry in the cache file. If there's no such
+ * one, then add it.
+ *
+ * @param keystr string that represents a key of this entry
+ * @param blob DATA_BLOB value being cached
+ * @param timeout time when the value is expired
+ *
+ * @retval true when entry is successfully stored
+ * @retval false on failure
+ **/
+
+bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob,
+ time_t timeout)
+{
+ TDB_DATA key;
+ int ret;
+ TDB_DATA dbufs[3];
+ uint32_t crc;
+
+ if ((keystr == NULL) || (blob.data == NULL)) {
+ return false;
+ }
+
+ key = string_term_tdb_data(keystr);
+
+ if (!gencache_init()) {
+ return false;
+ }
+
+ dbufs[0] = (TDB_DATA) { .dptr = (uint8_t *)&timeout,
+ .dsize = sizeof(time_t) };
+ dbufs[1] = (TDB_DATA) { .dptr = blob.data, .dsize = blob.length };
+
+ crc = crc32(0, Z_NULL, 0);
+ crc = crc32(crc, key.dptr, key.dsize);
+ crc = crc32(crc, dbufs[0].dptr, dbufs[0].dsize);
+ crc = crc32(crc, dbufs[1].dptr, dbufs[1].dsize);
+
+ dbufs[2] = (TDB_DATA) { .dptr = (uint8_t *)&crc,
+ .dsize = sizeof(crc) };
+
+ DBG_DEBUG("Adding cache entry with key=[%s] and timeout="
+ "[%s] (%ld seconds %s)\n", keystr,
+ timestring(talloc_tos(), timeout),
+ ((long int)timeout) - time(NULL),
+ timeout > time(NULL) ? "ahead" : "in the past");
+
+ ret = tdb_chainlock(cache->tdb, key);
+ if (ret == -1) {
+ DBG_WARNING("tdb_chainlock for key [%s] failed: %s\n",
+ keystr, tdb_errorstr(cache->tdb));
+ return false;
+ }
+
+ gencache_prune_expired(cache->tdb, key);
+
+ ret = tdb_storev(cache->tdb, key, dbufs, ARRAY_SIZE(dbufs), 0);
+
+ tdb_chainunlock(cache->tdb, key);
+
+ if (ret == 0) {
+ return true;
+ }
+ if (tdb_error(cache->tdb) != TDB_ERR_CORRUPT) {
+ return false;
+ }
+
+ ret = tdb_wipe_all(cache->tdb);
+ SMB_ASSERT(ret == 0);
+
+ return false;
+}
+
+/**
+ * Delete one entry from the cache file.
+ *
+ * @param keystr string that represents a key of this entry
+ *
+ * @retval true upon successful deletion
+ * @retval false in case of failure
+ **/
+
+bool gencache_del(const char *keystr)
+{
+ TDB_DATA key = string_term_tdb_data(keystr);
+ int ret;
+
+ if (keystr == NULL) {
+ return false;
+ }
+
+ if (!gencache_init()) {
+ return false;
+ }
+
+ DEBUG(10, ("Deleting cache entry (key=[%s])\n", keystr));
+
+ ret = tdb_delete(cache->tdb, key);
+
+ if (ret == 0) {
+ return true;
+ }
+ if (tdb_error(cache->tdb) != TDB_ERR_CORRUPT) {
+ return false;
+ }
+
+ ret = tdb_wipe_all(cache->tdb);
+ SMB_ASSERT(ret == 0);
+
+ return true; /* We've deleted a bit more... */
+}
+
+static bool gencache_pull_timeout(TDB_DATA key,
+ TDB_DATA data,
+ time_t *pres,
+ DATA_BLOB *payload)
+{
+ size_t crc_ofs;
+ uint32_t crc, stored_crc;
+
+ if ((data.dptr == NULL) ||
+ (data.dsize < (sizeof(time_t) + sizeof(uint32_t)))) {
+ return false;
+ }
+
+ crc_ofs = data.dsize - sizeof(uint32_t);
+
+ crc = crc32(0, Z_NULL, 0);
+ crc = crc32(crc, key.dptr, key.dsize);
+ crc = crc32(crc, data.dptr, crc_ofs);
+
+ memcpy(&stored_crc, data.dptr + crc_ofs, sizeof(uint32_t));
+
+ if (stored_crc != crc) {
+ return false;
+ }
+
+ if (pres != NULL) {
+ memcpy(pres, data.dptr, sizeof(time_t));
+ }
+ if (payload != NULL) {
+ *payload = (DATA_BLOB) {
+ .data = data.dptr+sizeof(time_t),
+ .length = data.dsize-sizeof(time_t)-sizeof(uint32_t),
+ };
+ }
+ return true;
+}
+
+struct gencache_parse_state {
+ void (*parser)(const struct gencache_timeout *timeout,
+ DATA_BLOB blob,
+ void *private_data);
+ void *private_data;
+ bool format_error;
+};
+
+static int gencache_parse_fn(TDB_DATA key, TDB_DATA data, void *private_data)
+{
+ struct gencache_parse_state *state = private_data;
+ struct gencache_timeout t;
+ DATA_BLOB payload;
+ bool ret;
+
+ ret = gencache_pull_timeout(key, data, &t.timeout, &payload);
+ if (!ret) {
+ state->format_error = true;
+ return 0;
+ }
+ state->parser(&t, payload, state->private_data);
+
+ return 0;
+}
+
+bool gencache_parse(const char *keystr,
+ void (*parser)(const struct gencache_timeout *timeout,
+ DATA_BLOB blob,
+ void *private_data),
+ void *private_data)
+{
+ struct gencache_parse_state state = {
+ .parser = parser, .private_data = private_data
+ };
+ TDB_DATA key = string_term_tdb_data(keystr);
+ int ret;
+
+ if (keystr == NULL) {
+ return false;
+ }
+ if (!gencache_init()) {
+ return false;
+ }
+
+ ret = tdb_parse_record(cache->tdb, key,
+ gencache_parse_fn, &state);
+ if ((ret == -1) && (tdb_error(cache->tdb) == TDB_ERR_CORRUPT)) {
+ goto wipe;
+ }
+ if (ret == -1) {
+ return false;
+ }
+ if (state.format_error) {
+ ret = tdb_delete(cache->tdb, key);
+ if (ret == -1) {
+ goto wipe;
+ }
+ return false;
+ }
+ return true;
+
+wipe:
+ ret = tdb_wipe_all(cache->tdb);
+ SMB_ASSERT(ret == 0);
+ return false;
+}
+
+struct gencache_get_data_blob_state {
+ TALLOC_CTX *mem_ctx;
+ DATA_BLOB *blob;
+ time_t timeout;
+ bool result;
+};
+
+static void gencache_get_data_blob_parser(const struct gencache_timeout *t,
+ DATA_BLOB blob,
+ void *private_data)
+{
+ struct gencache_get_data_blob_state *state =
+ (struct gencache_get_data_blob_state *)private_data;
+
+ if (t->timeout == 0) {
+ state->result = false;
+ return;
+ }
+ state->timeout = t->timeout;
+
+ if (state->blob == NULL) {
+ state->result = true;
+ return;
+ }
+
+ *state->blob = data_blob_talloc(state->mem_ctx, blob.data,
+ blob.length);
+ if (state->blob->data == NULL) {
+ state->result = false;
+ return;
+ }
+ state->result = true;
+}
+
+/**
+ * Get existing entry from the cache file.
+ *
+ * @param keystr string that represents a key of this entry
+ * @param blob DATA_BLOB that is filled with entry's blob
+ * @param timeout pointer to a time_t that is filled with entry's
+ * timeout
+ *
+ * @retval true when entry is successfully fetched
+ * @retval false for failure
+ **/
+
+bool gencache_get_data_blob(const char *keystr, TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob,
+ time_t *timeout, bool *was_expired)
+{
+ struct gencache_get_data_blob_state state;
+ bool expired = false;
+
+ state.result = false;
+ state.mem_ctx = mem_ctx;
+ state.blob = blob;
+
+ if (!gencache_parse(keystr, gencache_get_data_blob_parser, &state)) {
+ goto fail;
+ }
+ if (!state.result) {
+ goto fail;
+ }
+ if (state.timeout <= time(NULL)) {
+ /*
+ * We're expired, delete the entry. We can't use gencache_del
+ * here, because that uses gencache_get_data_blob for checking
+ * the existence of a record. We know the thing exists and
+ * directly store an empty value with 0 timeout.
+ */
+ gencache_set(keystr, "", 0);
+ expired = true;
+ goto fail;
+ }
+ if (timeout) {
+ *timeout = state.timeout;
+ }
+
+ return true;
+
+fail:
+ if (was_expired != NULL) {
+ *was_expired = expired;
+ }
+ if (state.result && state.blob) {
+ data_blob_free(state.blob);
+ }
+ return false;
+}
+
+/**
+ * Get existing entry from the cache file.
+ *
+ * @param keystr string that represents a key of this entry
+ * @param valstr buffer that is allocated and filled with the entry value
+ * buffer's disposing must be done outside
+ * @param timeout pointer to a time_t that is filled with entry's
+ * timeout
+ *
+ * @retval true when entry is successfully fetched
+ * @retval false for failure
+ **/
+
+bool gencache_get(const char *keystr, TALLOC_CTX *mem_ctx, char **value,
+ time_t *ptimeout)
+{
+ DATA_BLOB blob;
+ bool ret = false;
+
+ ret = gencache_get_data_blob(keystr, mem_ctx, &blob, ptimeout, NULL);
+ if (!ret) {
+ return false;
+ }
+ if ((blob.data == NULL) || (blob.length == 0)) {
+ data_blob_free(&blob);
+ return false;
+ }
+ if (blob.data[blob.length-1] != '\0') {
+ /* Not NULL terminated, can't be a string */
+ data_blob_free(&blob);
+ return false;
+ }
+ if (value) {
+ /*
+ * talloc_move generates a type-punned warning here. As we
+ * leave the function immediately, do a simple talloc_steal.
+ */
+ *value = (char *)talloc_steal(mem_ctx, blob.data);
+ return true;
+ }
+ data_blob_free(&blob);
+ return true;
+}
+
+/**
+ * Set an entry in the cache file. If there's no such
+ * one, then add it.
+ *
+ * @param keystr string that represents a key of this entry
+ * @param value text representation value being cached
+ * @param timeout time when the value is expired
+ *
+ * @retval true when entry is successfully stored
+ * @retval false on failure
+ **/
+
+bool gencache_set(const char *keystr, const char *value, time_t timeout)
+{
+ DATA_BLOB blob = data_blob_const(value, strlen(value)+1);
+ return gencache_set_data_blob(keystr, blob, timeout);
+}
+
+struct gencache_iterate_blobs_state {
+ void (*fn)(const char *key, DATA_BLOB value,
+ time_t timeout, void *private_data);
+ const char *pattern;
+ void *private_data;
+};
+
+static int gencache_iterate_blobs_fn(struct tdb_context *tdb, TDB_DATA key,
+ TDB_DATA data, void *priv)
+{
+ struct gencache_iterate_blobs_state *state =
+ (struct gencache_iterate_blobs_state *)priv;
+ char *keystr;
+ char *free_key = NULL;
+ time_t timeout;
+ DATA_BLOB payload;
+
+ if (key.dptr[key.dsize-1] == '\0') {
+ keystr = (char *)key.dptr;
+ } else {
+ /* ensure 0-termination */
+ keystr = talloc_strndup(talloc_tos(), (char *)key.dptr, key.dsize);
+ free_key = keystr;
+ if (keystr == NULL) {
+ goto done;
+ }
+ }
+
+ if (!gencache_pull_timeout(key, data, &timeout, &payload)) {
+ goto done;
+ }
+
+ if (timeout == 0) {
+ /* delete marker */
+ goto done;
+ }
+
+ if (fnmatch(state->pattern, keystr, 0) != 0) {
+ goto done;
+ }
+
+ DEBUG(10, ("Calling function with arguments "
+ "(key=[%s], timeout=[%s])\n",
+ keystr, timestring(talloc_tos(), timeout)));
+
+ state->fn(keystr, payload, timeout, state->private_data);
+
+ done:
+ TALLOC_FREE(free_key);
+ return 0;
+}
+
+void gencache_iterate_blobs(void (*fn)(const char *key, DATA_BLOB value,
+ time_t timeout, void *private_data),
+ void *private_data, const char *pattern)
+{
+ struct gencache_iterate_blobs_state state;
+ int ret;
+
+ if ((fn == NULL) || (pattern == NULL) || !gencache_init()) {
+ return;
+ }
+
+ DEBUG(5, ("Searching cache keys with pattern %s\n", pattern));
+
+ state.fn = fn;
+ state.pattern = pattern;
+ state.private_data = private_data;
+
+ ret = tdb_traverse(cache->tdb, gencache_iterate_blobs_fn, &state);
+
+ if ((ret == -1) && (tdb_error(cache->tdb) == TDB_ERR_CORRUPT)) {
+ ret = tdb_wipe_all(cache->tdb);
+ SMB_ASSERT(ret == 0);
+ }
+}
+
+/**
+ * Iterate through all entries which key matches to specified pattern
+ *
+ * @param fn pointer to the function that will be supplied with each single
+ * matching cache entry (key, value and timeout) as an arguments
+ * @param data void pointer to an arbitrary data that is passed directly to the fn
+ * function on each call
+ * @param keystr_pattern pattern the existing entries' keys are matched to
+ *
+ **/
+
+struct gencache_iterate_state {
+ void (*fn)(const char *key, const char *value, time_t timeout,
+ void *priv);
+ void *private_data;
+};
+
+static void gencache_iterate_fn(const char *key, DATA_BLOB value,
+ time_t timeout, void *private_data)
+{
+ struct gencache_iterate_state *state =
+ (struct gencache_iterate_state *)private_data;
+ char *valstr;
+ char *free_val = NULL;
+
+ if (value.data[value.length-1] == '\0') {
+ valstr = (char *)value.data;
+ } else {
+ /* ensure 0-termination */
+ valstr = talloc_strndup(talloc_tos(), (char *)value.data, value.length);
+ free_val = valstr;
+ if (valstr == NULL) {
+ goto done;
+ }
+ }
+
+ DEBUG(10, ("Calling function with arguments "
+ "(key=[%s], value=[%s], timeout=[%s])\n",
+ key, valstr, timestring(talloc_tos(), timeout)));
+
+ state->fn(key, valstr, timeout, state->private_data);
+
+ done:
+
+ TALLOC_FREE(free_val);
+}
+
+void gencache_iterate(void (*fn)(const char *key, const char *value,
+ time_t timeout, void *dptr),
+ void *private_data, const char *pattern)
+{
+ struct gencache_iterate_state state;
+
+ if (fn == NULL) {
+ return;
+ }
+ state.fn = fn;
+ state.private_data = private_data;
+ gencache_iterate_blobs(gencache_iterate_fn, &state, pattern);
+}
diff --git a/source3/lib/gencache.h b/source3/lib/gencache.h
new file mode 100644
index 0000000..ccf16e9
--- /dev/null
+++ b/source3/lib/gencache.h
@@ -0,0 +1,60 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Generic, persistent and shared between processes cache mechanism for use
+ * by various parts of the Samba code
+ *
+ * Copyright (C) Rafal Szczesniak 2002
+ * Copyright (C) Volker Lendecke 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_GENCACHE_H__
+#define __LIB_GENCACHE_H__
+
+#include "replace.h"
+#include "system/time.h"
+#include "lib/util/data_blob.h"
+
+bool gencache_set(const char *keystr, const char *value, time_t timeout);
+bool gencache_del(const char *keystr);
+bool gencache_get(const char *keystr, TALLOC_CTX *mem_ctx, char **value,
+ time_t *ptimeout);
+
+/*
+ * This might look like overkill, but namemap_cache.c shows it's
+ * necessary :-)
+ */
+struct gencache_timeout;
+bool gencache_timeout_expired(const struct gencache_timeout *t);
+
+bool gencache_parse(const char *keystr,
+ void (*parser)(const struct gencache_timeout *timeout,
+ DATA_BLOB blob,
+ void *private_data),
+ void *private_data);
+bool gencache_get_data_blob(const char *keystr, TALLOC_CTX *mem_ctx,
+ DATA_BLOB *blob,
+ time_t *timeout, bool *was_expired);
+bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob,
+ time_t timeout);
+void gencache_iterate_blobs(void (*fn)(const char *key, DATA_BLOB value,
+ time_t timeout, void *private_data),
+ void *private_data, const char *pattern);
+void gencache_iterate(void (*fn)(const char* key, const char *value,
+ time_t timeout, void* dptr),
+ void* data, const char* keystr_pattern);
+
+#endif
diff --git a/source3/lib/global_contexts.c b/source3/lib/global_contexts.c
new file mode 100644
index 0000000..4e3bbab
--- /dev/null
+++ b/source3/lib/global_contexts.c
@@ -0,0 +1,71 @@
+/*
+ Unix SMB/CIFS implementation.
+ Global contexts
+
+ Copyright (C) Simo Sorce <idra@samba.org> 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "replace.h"
+#include "global_contexts.h"
+#include <tevent.h>
+#include "lib/util/fault.h"
+#include "lib/util/samba_util.h"
+#include "messages.h"
+
+static struct tevent_context *global_event_ctx = NULL;
+
+struct tevent_context *global_event_context(void)
+{
+ if (!global_event_ctx) {
+ /*
+ * Note we MUST use the NULL context here, not the
+ * autofree context, to avoid side effects in forked
+ * children exiting.
+ */
+ global_event_ctx = samba_tevent_context_init(NULL);
+ }
+ if (!global_event_ctx) {
+ smb_panic("Could not init global event context");
+ }
+ return global_event_ctx;
+}
+
+void global_event_context_free(void)
+{
+ TALLOC_FREE(global_event_ctx);
+}
+
+static struct messaging_context *global_msg_ctx = NULL;
+
+struct messaging_context *global_messaging_context(void)
+{
+ if (global_msg_ctx == NULL) {
+ /*
+ * Note we MUST use the NULL context here, not the
+ * autofree context, to avoid side effects in forked
+ * children exiting.
+ */
+ global_msg_ctx = messaging_init(NULL,
+ global_event_context());
+ }
+ return global_msg_ctx;
+}
+
+void global_messaging_context_free(void)
+{
+ TALLOC_FREE(global_msg_ctx);
+}
diff --git a/source3/lib/global_contexts.h b/source3/lib/global_contexts.h
new file mode 100644
index 0000000..8c5cd09
--- /dev/null
+++ b/source3/lib/global_contexts.h
@@ -0,0 +1,31 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Global contexts
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __GLOBAL_CONTEXTS_H__
+#define __GLOBAL_CONTEXTS_H__
+
+struct tevent_context;
+
+struct tevent_context *global_event_context(void);
+void global_event_context_free(void);
+
+struct messaging_context;
+struct messaging_context *global_messaging_context(void);
+void global_messaging_context_free(void);
+
+#endif
diff --git a/source3/lib/id_cache.c b/source3/lib/id_cache.c
new file mode 100644
index 0000000..adf6ccd
--- /dev/null
+++ b/source3/lib/id_cache.c
@@ -0,0 +1,116 @@
+/*
+ * Samba Unix/Linux SMB client library
+ *
+ * Copyright (C) Gregor Beck 2011
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @brief Notify smbd about idmap changes
+ * @file msg_idmap.c
+ * @author Gregor Beck <gb@sernet.de>
+ * @date Feb 2011
+ *
+ */
+
+#include "includes.h"
+#include "messages.h"
+#include "lib/id_cache.h"
+#include "../lib/util/memcache.h"
+#include "idmap_cache.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "../libcli/security/dom_sid.h"
+
+bool id_cache_ref_parse(const char* str, struct id_cache_ref* id)
+{
+ struct dom_sid sid;
+ unsigned long ul;
+ char c, trash;
+
+ if (sscanf(str, "%cID %lu%c", &c, &ul, &trash) == 2) {
+ switch(c) {
+ case 'G':
+ id->id.gid = ul;
+ id->type = GID;
+ return true;
+ case 'U':
+ id->id.uid = ul;
+ id->type = UID;
+ return true;
+ default:
+ break;
+ }
+ } else if (string_to_sid(&sid, str)) {
+ id->id.sid = sid;
+ id->type = SID;
+ return true;
+ } else if (strncmp(str, "USER ", 5) == 0) {
+ id->id.name = str + 5;
+ id->type = USERNAME;
+ return true;
+ }
+ return false;
+}
+
+static bool delete_getpwnam_cache(const char *username)
+{
+ DATA_BLOB name = data_blob_string_const_null(username);
+ DEBUG(6, ("Delete passwd struct for %s from memcache\n",
+ username));
+ memcache_delete(NULL, GETPWNAM_CACHE, name);
+ return true;
+}
+
+void id_cache_delete_from_cache(const struct id_cache_ref* id)
+{
+ switch(id->type) {
+ case UID:
+ idmap_cache_del_uid(id->id.uid);
+ break;
+ case GID:
+ idmap_cache_del_gid(id->id.gid);
+ break;
+ case SID:
+ idmap_cache_del_sid(&id->id.sid);
+ break;
+ case USERNAME:
+ delete_getpwnam_cache(id->id.name);
+ break;
+ default:
+ break;
+ }
+}
+
+void id_cache_delete_message(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB* data)
+{
+ const char *msg = (data && data->data) ? (const char *)data->data : "<NULL>";
+ struct id_cache_ref id;
+
+ if (!id_cache_ref_parse(msg, &id)) {
+ DEBUG(0, ("Invalid ?ID: %s\n", msg));
+ return;
+ }
+
+ id_cache_delete_from_cache(&id);
+}
+
+void id_cache_register_msgs(struct messaging_context *ctx)
+{
+ messaging_register(ctx, NULL, ID_CACHE_DELETE, id_cache_delete_message);
+}
diff --git a/source3/lib/id_cache.h b/source3/lib/id_cache.h
new file mode 100644
index 0000000..e77486e
--- /dev/null
+++ b/source3/lib/id_cache.h
@@ -0,0 +1,40 @@
+/*
+ * Samba Unix/Linux SMB client library
+ *
+ * Copyright (C) Gregor Beck 2011
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+struct id_cache_ref {
+ union {
+ uid_t uid;
+ gid_t gid;
+ struct dom_sid sid;
+ const char *name;
+ } id;
+ enum {UID, GID, SID, USERNAME} type;
+};
+
+bool id_cache_ref_parse(const char* str, struct id_cache_ref* id);
+
+void id_cache_delete_from_cache(const struct id_cache_ref* id);
+
+void id_cache_register_msgs(struct messaging_context *ctx);
+
+void id_cache_delete_message(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB* data);
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
new file mode 100644
index 0000000..a4b8861
--- /dev/null
+++ b/source3/lib/idmap_cache.c
@@ -0,0 +1,442 @@
+/*
+ Unix SMB/CIFS implementation.
+ ID Mapping Cache
+
+ Copyright (C) Volker Lendecke 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.*/
+
+#include "includes.h"
+#include "idmap_cache.h"
+#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/idmap.h"
+#include "lib/gencache.h"
+#include "lib/util/string_wrappers.h"
+
+/**
+ * Find a sid2xid mapping
+ * @param[in] sid the sid to map
+ * @param[out] id where to put the result
+ * @param[out] expired is the cache entry expired?
+ * @retval Was anything in the cache at all?
+ *
+ * If id->id == -1 this was a negative mapping.
+ */
+
+bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
+ bool *expired)
+{
+ struct dom_sid_buf sidstr;
+ char *key;
+ char *value = NULL;
+ char *endptr;
+ time_t timeout;
+ bool ret;
+ struct unixid tmp_id;
+
+ key = talloc_asprintf(talloc_tos(), "IDMAP/SID2XID/%s",
+ dom_sid_str_buf(sid, &sidstr));
+ if (key == NULL) {
+ return false;
+ }
+ ret = gencache_get(key, talloc_tos(), &value, &timeout);
+ if (!ret) {
+ goto done;
+ }
+
+ DEBUG(10, ("Parsing value for key [%s]: value=[%s]\n", key, value));
+
+ if (value[0] == '\0') {
+ DEBUG(0, ("Failed to parse value for key [%s]: "
+ "value is empty\n", key));
+ ret = false;
+ goto done;
+ }
+
+ tmp_id.id = strtol(value, &endptr, 10);
+
+ if ((value == endptr) && (tmp_id.id == 0)) {
+ DEBUG(0, ("Failed to parse value for key [%s]: value[%s] does "
+ "not start with a number\n", key, value));
+ ret = false;
+ goto done;
+ }
+
+ DEBUG(10, ("Parsing value for key [%s]: id=[%llu], endptr=[%s]\n",
+ key, (unsigned long long)tmp_id.id, endptr));
+
+ ret = (*endptr == ':');
+ if (ret) {
+ switch (endptr[1]) {
+ case 'U':
+ tmp_id.type = ID_TYPE_UID;
+ break;
+
+ case 'G':
+ tmp_id.type = ID_TYPE_GID;
+ break;
+
+ case 'B':
+ tmp_id.type = ID_TYPE_BOTH;
+ break;
+
+ case 'N':
+ tmp_id.type = ID_TYPE_NOT_SPECIFIED;
+ break;
+
+ case '\0':
+ DEBUG(0, ("FAILED to parse value for key [%s] "
+ "(id=[%llu], endptr=[%s]): "
+ "no type character after colon\n",
+ key, (unsigned long long)tmp_id.id, endptr));
+ ret = false;
+ goto done;
+ default:
+ DEBUG(0, ("FAILED to parse value for key [%s] "
+ "(id=[%llu], endptr=[%s]): "
+ "illegal type character '%c'\n",
+ key, (unsigned long long)tmp_id.id, endptr,
+ endptr[1]));
+ ret = false;
+ goto done;
+ }
+ if (endptr[2] != '\0') {
+ DEBUG(0, ("FAILED to parse value for key [%s] "
+ "(id=[%llu], endptr=[%s]): "
+ "more than 1 type character after colon\n",
+ key, (unsigned long long)tmp_id.id, endptr));
+ ret = false;
+ goto done;
+ }
+
+ *id = tmp_id;
+ *expired = (timeout <= time(NULL));
+ } else {
+ DEBUG(0, ("FAILED to parse value for key [%s] (value=[%s]): "
+ "colon missing after id=[%llu]\n",
+ key, value, (unsigned long long)tmp_id.id));
+ }
+
+done:
+ TALLOC_FREE(key);
+ TALLOC_FREE(value);
+ return ret;
+}
+
+/**
+ * Find a sid2uid mapping
+ * @param[in] sid the sid to map
+ * @param[out] puid where to put the result
+ * @param[out] expired is the cache entry expired?
+ * @retval Was anything in the cache at all?
+ *
+ * If *puid == -1 this was a negative mapping.
+ */
+
+bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
+ bool *expired)
+{
+ bool ret;
+ struct unixid id;
+ ret = idmap_cache_find_sid2unixid(sid, &id, expired);
+ if (!ret) {
+ return false;
+ }
+
+ if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_UID) {
+ *puid = id.id;
+ } else {
+ *puid = -1;
+ }
+ return true;
+}
+
+/**
+ * Find a sid2gid mapping
+ * @param[in] sid the sid to map
+ * @param[out] pgid where to put the result
+ * @param[out] expired is the cache entry expired?
+ * @retval Was anything in the cache at all?
+ *
+ * If *pgid == -1 this was a negative mapping.
+ */
+
+bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
+ bool *expired)
+{
+ bool ret;
+ struct unixid id;
+ ret = idmap_cache_find_sid2unixid(sid, &id, expired);
+ if (!ret) {
+ return false;
+ }
+
+ if (id.type == ID_TYPE_BOTH || id.type == ID_TYPE_GID) {
+ *pgid = id.id;
+ } else {
+ *pgid = -1;
+ }
+ return true;
+}
+
+struct idmap_cache_xid2sid_state {
+ struct dom_sid *sid;
+ bool *expired;
+ bool ret;
+};
+
+static void idmap_cache_xid2sid_parser(const struct gencache_timeout *timeout,
+ DATA_BLOB blob,
+ void *private_data)
+{
+ struct idmap_cache_xid2sid_state *state =
+ (struct idmap_cache_xid2sid_state *)private_data;
+ char *value;
+
+ if ((blob.length == 0) || (blob.data[blob.length-1] != 0)) {
+ /*
+ * Not a string, can't be a valid mapping
+ */
+ state->ret = false;
+ return;
+ }
+
+ value = (char *)blob.data;
+
+ if ((value[0] == '-') && (value[1] == '\0')) {
+ /*
+ * Return NULL SID, see comment to uid2sid
+ */
+ *state->sid = (struct dom_sid) {0};
+ state->ret = true;
+ } else {
+ state->ret = string_to_sid(state->sid, value);
+ }
+ if (state->ret) {
+ *state->expired = gencache_timeout_expired(timeout);
+ }
+}
+
+/**
+ * Find a xid2sid mapping
+ * @param[in] id the unix id to map
+ * @param[out] sid where to put the result
+ * @param[out] expired is the cache entry expired?
+ * @retval Was anything in the cache at all?
+ *
+ * If "is_null_sid(sid)", this was a negative mapping.
+ */
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired)
+{
+ struct idmap_cache_xid2sid_state state = {
+ .sid = sid, .expired = expired
+ };
+ fstring key;
+ char c;
+
+ switch (id->type) {
+ case ID_TYPE_UID:
+ c = 'U';
+ break;
+ case ID_TYPE_GID:
+ c = 'G';
+ break;
+ default:
+ return false;
+ }
+
+ fstr_sprintf(key, "IDMAP/%cID2SID/%d", c, (int)id->id);
+
+ gencache_parse(key, idmap_cache_xid2sid_parser, &state);
+ return state.ret;
+}
+
+
+/**
+ * Store a mapping in the idmap cache
+ * @param[in] sid the sid to map
+ * @param[in] unix_id the unix_id to map
+ *
+ * If both parameters are valid values, then a positive mapping in both
+ * directions is stored. If "is_null_sid(sid)" is true, then this will be a
+ * negative mapping of xid, we want to cache that for this xid we could not
+ * find anything. Likewise if "xid==-1", then we want to cache that we did not
+ * find a mapping for the sid passed here.
+ */
+
+void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id)
+{
+ time_t now = time(NULL);
+ time_t timeout;
+ fstring key, value;
+
+ if (!is_null_sid(sid)) {
+ struct dom_sid_buf sidstr;
+ fstr_sprintf(key, "IDMAP/SID2XID/%s",
+ dom_sid_str_buf(sid, &sidstr));
+ switch (unix_id->type) {
+ case ID_TYPE_UID:
+ fstr_sprintf(value, "%d:U", (int)unix_id->id);
+ break;
+ case ID_TYPE_GID:
+ fstr_sprintf(value, "%d:G", (int)unix_id->id);
+ break;
+ case ID_TYPE_BOTH:
+ fstr_sprintf(value, "%d:B", (int)unix_id->id);
+ break;
+ case ID_TYPE_NOT_SPECIFIED:
+ fstr_sprintf(value, "%d:N", (int)unix_id->id);
+ break;
+ default:
+ return;
+ }
+ timeout = (unix_id->id == -1)
+ ? lp_idmap_negative_cache_time()
+ : lp_idmap_cache_time();
+ gencache_set(key, value, now + timeout);
+ }
+ if (unix_id->id != -1) {
+ if (is_null_sid(sid)) {
+ /* negative xid mapping */
+ fstrcpy(value, "-");
+ timeout = lp_idmap_negative_cache_time();
+ }
+ else {
+ sid_to_fstring(value, sid);
+ timeout = lp_idmap_cache_time();
+ }
+ switch (unix_id->type) {
+ case ID_TYPE_BOTH:
+ fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
+ gencache_set(key, value, now + timeout);
+ fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
+ gencache_set(key, value, now + timeout);
+ return;
+
+ case ID_TYPE_UID:
+ fstr_sprintf(key, "IDMAP/UID2SID/%d", (int)unix_id->id);
+ break;
+
+ case ID_TYPE_GID:
+ fstr_sprintf(key, "IDMAP/GID2SID/%d", (int)unix_id->id);
+ break;
+
+ default:
+ return;
+ }
+ gencache_set(key, value, now + timeout);
+ }
+}
+
+static char* key_xid2sid_str(TALLOC_CTX* mem_ctx, char t, const char* id) {
+ return talloc_asprintf(mem_ctx, "IDMAP/%cID2SID/%s", t, id);
+}
+
+static char* key_xid2sid(TALLOC_CTX* mem_ctx, char t, int id) {
+ char str[32];
+ snprintf(str, sizeof(str), "%d", id);
+ return key_xid2sid_str(mem_ctx, t, str);
+}
+
+static char* key_sid2xid_str(TALLOC_CTX* mem_ctx, const char* id) {
+ return talloc_asprintf(mem_ctx, "IDMAP/SID2XID/%s", id);
+}
+
+static bool idmap_cache_del_xid(char t, int xid)
+{
+ TALLOC_CTX* mem_ctx = talloc_stackframe();
+ const char* key = key_xid2sid(mem_ctx, t, xid);
+ char* sid_str = NULL;
+ time_t timeout;
+ bool ret = true;
+
+ if (!gencache_get(key, mem_ctx, &sid_str, &timeout)) {
+ DEBUG(3, ("no entry: %s\n", key));
+ ret = false;
+ goto done;
+ }
+
+ if (sid_str[0] != '-') {
+ const char* sid_key = key_sid2xid_str(mem_ctx, sid_str);
+ if (!gencache_del(sid_key)) {
+ DEBUG(2, ("failed to delete: %s\n", sid_key));
+ ret = false;
+ } else {
+ DEBUG(5, ("delete: %s\n", sid_key));
+ }
+
+ }
+
+ if (!gencache_del(key)) {
+ DEBUG(1, ("failed to delete: %s\n", key));
+ ret = false;
+ } else {
+ DEBUG(5, ("delete: %s\n", key));
+ }
+
+done:
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+bool idmap_cache_del_uid(uid_t uid) {
+ return idmap_cache_del_xid('U', uid);
+}
+
+bool idmap_cache_del_gid(gid_t gid) {
+ return idmap_cache_del_xid('G', gid);
+}
+
+bool idmap_cache_del_sid(const struct dom_sid *sid)
+{
+ TALLOC_CTX* mem_ctx = talloc_stackframe();
+ bool ret = true;
+ bool expired;
+ struct unixid id;
+ struct dom_sid_buf sidbuf;
+ const char *sid_key;
+
+ if (!idmap_cache_find_sid2unixid(sid, &id, &expired)) {
+ ret = false;
+ goto done;
+ }
+
+ if (id.id != -1) {
+ switch (id.type) {
+ case ID_TYPE_BOTH:
+ idmap_cache_del_xid('U', id.id);
+ idmap_cache_del_xid('G', id.id);
+ break;
+ case ID_TYPE_UID:
+ idmap_cache_del_xid('U', id.id);
+ break;
+ case ID_TYPE_GID:
+ idmap_cache_del_xid('G', id.id);
+ break;
+ default:
+ break;
+ }
+ }
+
+ sid_key = key_sid2xid_str(mem_ctx, dom_sid_str_buf(sid, &sidbuf));
+ if (sid_key == NULL) {
+ return false;
+ }
+ /* If the mapping was symmetric, then this should fail */
+ gencache_del(sid_key);
+done:
+ talloc_free(mem_ctx);
+ return ret;
+}
diff --git a/source3/lib/idmap_cache.h b/source3/lib/idmap_cache.h
new file mode 100644
index 0000000..5a90902
--- /dev/null
+++ b/source3/lib/idmap_cache.h
@@ -0,0 +1,40 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * ID Mapping Cache
+ *
+ * Copyright (C) Volker Lendecke 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIB_IDMAP_CACHE_H_
+#define _LIB_IDMAP_CACHE_H_
+
+/* The following definitions come from lib/idmap_cache.c */
+struct unixid;
+bool idmap_cache_find_sid2unixid(const struct dom_sid *sid, struct unixid *id,
+ bool *expired);
+bool idmap_cache_find_sid2uid(const struct dom_sid *sid, uid_t *puid,
+ bool *expired);
+bool idmap_cache_find_sid2gid(const struct dom_sid *sid, gid_t *pgid,
+ bool *expired);
+bool idmap_cache_find_xid2sid(
+ const struct unixid *id, struct dom_sid *sid, bool *expired);
+void idmap_cache_set_sid2unixid(const struct dom_sid *sid, struct unixid *unix_id);
+
+bool idmap_cache_del_uid(uid_t uid);
+bool idmap_cache_del_gid(gid_t gid);
+bool idmap_cache_del_sid(const struct dom_sid *sid);
+
+#endif /* _LIB_IDMAP_CACHE_H_ */
diff --git a/source3/lib/interface.c b/source3/lib/interface.c
new file mode 100644
index 0000000..beb1003
--- /dev/null
+++ b/source3/lib/interface.c
@@ -0,0 +1,721 @@
+/*
+ Unix SMB/CIFS implementation.
+ multiple interface handling
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Jeremy Allison 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/socket/interfaces.h"
+#include "librpc/gen_ndr/ioctl.h"
+#include "lib/util/smb_strtox.h"
+
+static struct iface_struct *probed_ifaces;
+static int total_probed;
+
+static struct interface *local_interfaces;
+
+/****************************************************************************
+ Check if an IP is one of mine.
+**************************************************************************/
+
+bool ismyaddr(const struct sockaddr *ip)
+{
+ struct interface *i;
+ for (i=local_interfaces;i;i=i->next) {
+ if (sockaddr_equal((struct sockaddr *)&i->ip,ip)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool ismyip_v4(struct in_addr ip)
+{
+ struct sockaddr_storage ss;
+ in_addr_to_sockaddr_storage(&ss, ip);
+ return ismyaddr((struct sockaddr *)&ss);
+}
+
+/****************************************************************************
+ Try and find an interface that matches an ip. If we cannot, return NULL.
+**************************************************************************/
+
+static struct interface *iface_find(const struct sockaddr *ip,
+ bool check_mask)
+{
+ struct interface *i;
+
+ if (is_address_any(ip)) {
+ return local_interfaces;
+ }
+
+ for (i=local_interfaces;i;i=i->next) {
+ if (check_mask) {
+ if (same_net(ip, (struct sockaddr *)&i->ip, (struct sockaddr *)&i->netmask)) {
+ return i;
+ }
+ } else if (sockaddr_equal((struct sockaddr *)&i->ip, ip)) {
+ return i;
+ }
+ }
+
+ return NULL;
+}
+
+/****************************************************************************
+ Check if a packet is from a local (known) net.
+**************************************************************************/
+
+bool is_local_net(const struct sockaddr *from)
+{
+ struct interface *i;
+ for (i=local_interfaces;i;i=i->next) {
+ if (same_net(from, (struct sockaddr *)&i->ip, (struct sockaddr *)&i->netmask)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+#if defined(HAVE_IPV6)
+void setup_linklocal_scope_id(struct sockaddr *pss)
+{
+ struct interface *i;
+ for (i=local_interfaces;i;i=i->next) {
+ if (sockaddr_equal((struct sockaddr *)&i->ip,pss)) {
+ struct sockaddr_in6 *psa6 =
+ (struct sockaddr_in6 *)pss;
+ psa6->sin6_scope_id = if_nametoindex(i->name);
+ return;
+ }
+ }
+}
+#endif
+
+/****************************************************************************
+ Check if a packet is from a local (known) net.
+**************************************************************************/
+
+bool is_local_net_v4(struct in_addr from)
+{
+ struct sockaddr_storage ss;
+
+ in_addr_to_sockaddr_storage(&ss, from);
+ return is_local_net((struct sockaddr *)&ss);
+}
+
+/****************************************************************************
+ How many interfaces do we have ?
+**************************************************************************/
+
+int iface_count(void)
+{
+ int ret = 0;
+ struct interface *i;
+
+ for (i=local_interfaces;i;i=i->next) {
+ ret++;
+ }
+ return ret;
+}
+
+/****************************************************************************
+ How many non-loopback IPv4 interfaces do we have ?
+**************************************************************************/
+
+int iface_count_v4_nl(void)
+{
+ int ret = 0;
+ struct interface *i;
+
+ for (i=local_interfaces;i;i=i->next) {
+ if (is_loopback_addr((struct sockaddr *)&i->ip)) {
+ continue;
+ }
+ if (i->ip.ss_family == AF_INET) {
+ ret++;
+ }
+ }
+ return ret;
+}
+
+/****************************************************************************
+ Return a pointer to the in_addr of the first IPv4 interface that's
+ not 0.0.0.0.
+**************************************************************************/
+
+const struct in_addr *first_ipv4_iface(void)
+{
+ struct interface *i;
+
+ for (i=local_interfaces;i ;i=i->next) {
+ if ((i->ip.ss_family == AF_INET) &&
+ (!is_zero_ip_v4(((struct sockaddr_in *)&i->ip)->sin_addr)))
+ {
+ break;
+ }
+ }
+
+ if (!i) {
+ return NULL;
+ }
+ return &((const struct sockaddr_in *)&i->ip)->sin_addr;
+}
+
+/****************************************************************************
+ Return the Nth interface.
+**************************************************************************/
+
+struct interface *get_interface(int n)
+{
+ struct interface *i;
+
+ for (i=local_interfaces;i && n;i=i->next) {
+ n--;
+ }
+
+ if (i) {
+ return i;
+ }
+ return NULL;
+}
+
+/****************************************************************************
+ Return IP sockaddr_storage of the Nth interface.
+**************************************************************************/
+
+const struct sockaddr_storage *iface_n_sockaddr_storage(int n)
+{
+ struct interface *i;
+
+ for (i=local_interfaces;i && n;i=i->next) {
+ n--;
+ }
+
+ if (i) {
+ return &i->ip;
+ }
+ return NULL;
+}
+
+/****************************************************************************
+ Return IPv4 of the Nth interface (if a v4 address). NULL otherwise.
+**************************************************************************/
+
+const struct in_addr *iface_n_ip_v4(int n)
+{
+ struct interface *i;
+
+ for (i=local_interfaces;i && n;i=i->next) {
+ n--;
+ }
+
+ if (i && i->ip.ss_family == AF_INET) {
+ return &((const struct sockaddr_in *)&i->ip)->sin_addr;
+ }
+ return NULL;
+}
+
+/****************************************************************************
+ Return IPv4 bcast of the Nth interface (if a v4 address). NULL otherwise.
+**************************************************************************/
+
+const struct in_addr *iface_n_bcast_v4(int n)
+{
+ struct interface *i;
+
+ for (i=local_interfaces;i && n;i=i->next) {
+ n--;
+ }
+
+ if (i && i->ip.ss_family == AF_INET) {
+ return &((const struct sockaddr_in *)&i->bcast)->sin_addr;
+ }
+ return NULL;
+}
+
+/****************************************************************************
+ Return bcast of the Nth interface.
+**************************************************************************/
+
+const struct sockaddr_storage *iface_n_bcast(int n)
+{
+ struct interface *i;
+
+ for (i=local_interfaces;i && n;i=i->next) {
+ n--;
+ }
+
+ if (i) {
+ return &i->bcast;
+ }
+ return NULL;
+}
+
+/* these 3 functions return the ip/bcast/nmask for the interface
+ most appropriate for the given ip address. If they can't find
+ an appropriate interface they return the requested field of the
+ first known interface. */
+
+const struct sockaddr_storage *iface_ip(const struct sockaddr *ip)
+{
+ struct interface *i = iface_find(ip, true);
+ if (i) {
+ return &i->ip;
+ }
+
+ /* Search for the first interface with
+ * matching address family. */
+
+ for (i=local_interfaces;i;i=i->next) {
+ if (i->ip.ss_family == ip->sa_family) {
+ return &i->ip;
+ }
+ }
+ return NULL;
+}
+
+/*
+ return True if a IP is directly reachable on one of our interfaces
+*/
+
+bool iface_local(const struct sockaddr *ip)
+{
+ return iface_find(ip, true) ? true : false;
+}
+
+/****************************************************************************
+ Add an interface to the linked list of interfaces.
+****************************************************************************/
+
+static void add_interface(const struct iface_struct *ifs)
+{
+ char addr[INET6_ADDRSTRLEN];
+ struct interface *iface;
+
+ if (iface_find((const struct sockaddr *)&ifs->ip, False)) {
+ DEBUG(3,("add_interface: not adding duplicate interface %s\n",
+ print_sockaddr(addr, sizeof(addr), &ifs->ip) ));
+ return;
+ }
+
+ if (!(ifs->flags & (IFF_BROADCAST|IFF_LOOPBACK))) {
+ DEBUG(3,("not adding non-broadcast interface %s\n",
+ ifs->name ));
+ return;
+ }
+
+ iface = SMB_MALLOC_P(struct interface);
+ if (!iface) {
+ return;
+ }
+
+ ZERO_STRUCTPN(iface);
+
+ iface->name = SMB_STRDUP(ifs->name);
+ if (!iface->name) {
+ SAFE_FREE(iface);
+ return;
+ }
+ iface->flags = ifs->flags;
+ iface->ip = ifs->ip;
+ iface->netmask = ifs->netmask;
+ iface->bcast = ifs->bcast;
+ iface->linkspeed = ifs->linkspeed;
+ iface->capability = ifs->capability;
+ iface->if_index = ifs->if_index;
+
+ DLIST_ADD(local_interfaces, iface);
+
+ DEBUG(2,("added interface %s ip=%s ",
+ iface->name,
+ print_sockaddr(addr, sizeof(addr), &iface->ip) ));
+ DEBUG(2,("bcast=%s ",
+ print_sockaddr(addr, sizeof(addr),
+ &iface->bcast) ));
+ DEBUG(2,("netmask=%s\n",
+ print_sockaddr(addr, sizeof(addr),
+ &iface->netmask) ));
+}
+
+
+static void parse_extra_info(char *key, uint64_t *speed, uint32_t *cap,
+ uint32_t *if_index)
+{
+ while (key != NULL && *key != '\0') {
+ char *next_key;
+ char *val;
+ int error = 0;
+
+ next_key = strchr_m(key, ',');
+ if (next_key != NULL) {
+ *next_key++ = 0;
+ }
+
+ val = strchr_m(key, '=');
+ if (val != NULL) {
+ *val++ = 0;
+
+ if (strequal_m(key, "speed")) {
+ *speed = (uint64_t)smb_strtoull(val,
+ NULL,
+ 0,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_DEBUG("Invalid speed value (%s)\n", val);
+ }
+ } else if (strequal_m(key, "capability")) {
+ if (strequal_m(val, "RSS")) {
+ *cap |= FSCTL_NET_IFACE_RSS_CAPABLE;
+ } else if (strequal(val, "RDMA")) {
+ *cap |= FSCTL_NET_IFACE_RDMA_CAPABLE;
+ } else {
+ DBG_WARNING("Capability unknown: "
+ "'%s'\n", val);
+ }
+ } else if (strequal_m(key, "if_index")) {
+ *if_index = (uint32_t)smb_strtoul(val,
+ NULL,
+ 0,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_DEBUG("Invalid key value (%s)\n", val);
+ }
+ } else {
+ DBG_DEBUG("Key unknown: '%s'\n", key);
+ }
+ }
+
+ key = next_key;
+ }
+}
+
+/****************************************************************************
+ Interpret a single element from a interfaces= config line.
+
+ This handles the following different forms:
+
+ 1) wildcard interface name
+ 2) DNS name
+ 3) IP/masklen
+ 4) ip/mask
+ 5) bcast/mask
+
+ Additional information for an interface can be specified with
+ this extended syntax:
+
+ "interface[;key1=value1[,key2=value2[...]]]"
+
+ Note: The double quoting is important for the
+ smb.conf parser! Otherwise the ';' and ',' separates
+ two interfaces.
+
+ where
+ - keys known: 'speed', 'capability', 'if_index'
+ - speed is in bits per second
+ - capabilities known: 'RSS', 'RDMA'
+ - if_index should be used with care, because
+ these indexes should not conicide with indexes
+ the kernel sets...
+
+ Note: The specified values overwrite the autodetected values!
+
+****************************************************************************/
+
+static void interpret_interface(char *token)
+{
+ struct sockaddr_storage ss;
+ struct sockaddr_storage ss_mask;
+ struct sockaddr_storage ss_net;
+ struct sockaddr_storage ss_bcast;
+ struct iface_struct ifs;
+ char *p;
+ int i;
+ bool added=false;
+ bool goodaddr = false;
+ uint64_t speed = 0;
+ uint32_t cap = FSCTL_NET_IFACE_NONE_CAPABLE;
+ uint32_t if_index = 0;
+ bool speed_set = false;
+ bool cap_set = false;
+ bool if_index_set = false;
+
+ /*
+ * extract speed / capability information if present
+ */
+ p = strchr_m(token, ';');
+ if (p != NULL) {
+ *p++ = 0;
+ parse_extra_info(p, &speed, &cap, &if_index);
+ if (speed != 0) {
+ speed_set = true;
+ }
+ if (cap != FSCTL_NET_IFACE_NONE_CAPABLE) {
+ cap_set = true;
+ }
+ if (if_index != 0) {
+ if_index_set = true;
+ }
+ }
+
+ /* first check if it is an interface name */
+ for (i=0;i<total_probed;i++) {
+ if (gen_fnmatch(token, probed_ifaces[i].name) == 0) {
+ if (speed_set) {
+ probed_ifaces[i].linkspeed = speed;
+ }
+ if (cap_set) {
+ probed_ifaces[i].capability = cap;
+ }
+ if (if_index_set) {
+ probed_ifaces[i].if_index = if_index;
+ }
+ add_interface(&probed_ifaces[i]);
+ added = true;
+ }
+ }
+ if (added) {
+ return;
+ }
+
+ p = strchr_m(token,'/');
+ if (p == NULL) {
+ if (!interpret_string_addr(&ss, token, 0)) {
+ DEBUG(2, ("interpret_interface: Can't find address "
+ "for %s\n", token));
+ return;
+ }
+
+ for (i=0;i<total_probed;i++) {
+ if (sockaddr_equal((struct sockaddr *)&ss,
+ (struct sockaddr *)&probed_ifaces[i].ip))
+ {
+ if (speed_set) {
+ probed_ifaces[i].linkspeed = speed;
+ }
+ if (cap_set) {
+ probed_ifaces[i].capability = cap;
+ }
+ if (if_index_set) {
+ probed_ifaces[i].if_index = if_index;
+ }
+ add_interface(&probed_ifaces[i]);
+ return;
+ }
+ }
+ DEBUG(2,("interpret_interface: "
+ "can't determine interface for %s\n",
+ token));
+ return;
+ }
+
+ /* parse it into an IP address/netmasklength pair */
+ *p = 0;
+ goodaddr = interpret_string_addr(&ss, token, 0);
+ *p++ = '/';
+
+ if (!goodaddr) {
+ DEBUG(2,("interpret_interface: "
+ "can't determine interface for %s\n",
+ token));
+ return;
+ }
+
+ if (strlen(p) > 2) {
+ goodaddr = interpret_string_addr(&ss_mask, p, 0);
+ if (!goodaddr) {
+ DEBUG(2,("interpret_interface: "
+ "can't determine netmask from %s\n",
+ p));
+ return;
+ }
+ } else {
+ int error = 0;
+ unsigned long val;
+
+ val = smb_strtoul(p, NULL, 0, &error, SMB_STR_FULL_STR_CONV);
+ if (error != 0) {
+ DEBUG(2,("interpret_interface: "
+ "can't determine netmask value from %s\n",
+ p));
+ return;
+ }
+ if (!make_netmask(&ss_mask, &ss, val)) {
+ DEBUG(2,("interpret_interface: "
+ "can't apply netmask value %lu from %s\n",
+ val,
+ p));
+ return;
+ }
+ }
+
+ make_bcast(&ss_bcast, &ss, &ss_mask);
+ make_net(&ss_net, &ss, &ss_mask);
+
+ /* Maybe the first component was a broadcast address. */
+ if (sockaddr_equal((struct sockaddr *)&ss_bcast, (struct sockaddr *)&ss) ||
+ sockaddr_equal((struct sockaddr *)&ss_net, (struct sockaddr *)&ss)) {
+ for (i=0;i<total_probed;i++) {
+ if (same_net((struct sockaddr *)&ss,
+ (struct sockaddr *)&probed_ifaces[i].ip,
+ (struct sockaddr *)&ss_mask)) {
+ /* Temporarily replace netmask on
+ * the detected interface - user knows
+ * best.... */
+ struct sockaddr_storage saved_mask =
+ probed_ifaces[i].netmask;
+ probed_ifaces[i].netmask = ss_mask;
+ DEBUG(2,("interpret_interface: "
+ "using netmask value %s from "
+ "config file on interface %s\n",
+ p,
+ probed_ifaces[i].name));
+ if (speed_set) {
+ probed_ifaces[i].linkspeed = speed;
+ }
+ if (cap_set) {
+ probed_ifaces[i].capability = cap;
+ }
+ if (if_index_set) {
+ probed_ifaces[i].if_index = if_index;
+ }
+ add_interface(&probed_ifaces[i]);
+ probed_ifaces[i].netmask = saved_mask;
+ return;
+ }
+ }
+ DEBUG(2,("interpret_interface: Can't determine ip for "
+ "broadcast address %s\n",
+ token));
+ return;
+ }
+
+ /* Just fake up the interface definition. User knows best. */
+
+ DEBUG(2,("interpret_interface: Adding interface %s\n",
+ token));
+
+ ZERO_STRUCT(ifs);
+ (void)strlcpy(ifs.name, token, sizeof(ifs.name));
+ ifs.flags = IFF_BROADCAST;
+ ifs.ip = ss;
+ ifs.netmask = ss_mask;
+ ifs.bcast = ss_bcast;
+ if (if_index_set) {
+ ifs.if_index = if_index;
+ }
+ if (speed_set) {
+ ifs.linkspeed = speed;
+ } else {
+ ifs.linkspeed = 1000 * 1000 * 1000;
+ }
+ ifs.capability = cap;
+ add_interface(&ifs);
+}
+
+/****************************************************************************
+ Load the list of network interfaces.
+****************************************************************************/
+
+void load_interfaces(void)
+{
+ struct iface_struct *ifaces = NULL;
+ const char **ptr = lp_interfaces();
+ int i;
+
+ gfree_interfaces();
+
+ /* Probe the kernel for interfaces */
+ total_probed = get_interfaces(talloc_tos(), &ifaces);
+
+ if (total_probed > 0) {
+ probed_ifaces = (struct iface_struct *)smb_memdup(ifaces,
+ sizeof(ifaces[0])*total_probed);
+ if (!probed_ifaces) {
+ DEBUG(0,("ERROR: smb_memdup failed\n"));
+ exit(1);
+ }
+ }
+ TALLOC_FREE(ifaces);
+
+ /* if we don't have a interfaces line then use all broadcast capable
+ interfaces except loopback */
+ if (!ptr || !*ptr || !**ptr) {
+ if (total_probed <= 0) {
+ DEBUG(0,("ERROR: Could not determine network "
+ "interfaces, you must use a interfaces config line\n"));
+ exit(1);
+ }
+ for (i=0;i<total_probed;i++) {
+ if (probed_ifaces[i].flags & IFF_BROADCAST) {
+ add_interface(&probed_ifaces[i]);
+ }
+ }
+ return;
+ }
+
+ if (ptr) {
+ while (*ptr) {
+ char *ptr_cpy = SMB_STRDUP(*ptr);
+ if (ptr_cpy) {
+ interpret_interface(ptr_cpy);
+ free(ptr_cpy);
+ }
+ ptr++;
+ }
+ }
+
+ if (!local_interfaces) {
+ DEBUG(0,("WARNING: no network interfaces found\n"));
+ }
+}
+
+
+void gfree_interfaces(void)
+{
+ while (local_interfaces) {
+ struct interface *iface = local_interfaces;
+ DLIST_REMOVE(local_interfaces, local_interfaces);
+ SAFE_FREE(iface->name);
+ SAFE_FREE(iface);
+ }
+
+ SAFE_FREE(probed_ifaces);
+}
+
+/****************************************************************************
+ Return True if the list of probed interfaces has changed.
+****************************************************************************/
+
+bool interfaces_changed(void)
+{
+ bool ret = false;
+ int n;
+ struct iface_struct *ifaces = NULL;
+
+ n = get_interfaces(talloc_tos(), &ifaces);
+
+ if ((n > 0 )&& (n != total_probed ||
+ memcmp(ifaces, probed_ifaces, sizeof(ifaces[0])*n))) {
+ ret = true;
+ }
+
+ TALLOC_FREE(ifaces);
+ return ret;
+}
diff --git a/source3/lib/interface.h b/source3/lib/interface.h
new file mode 100644
index 0000000..f45435b
--- /dev/null
+++ b/source3/lib/interface.h
@@ -0,0 +1,46 @@
+/*
+ *
+ * Unix SMB/CIFS implementation.
+ *
+ * Type definitions for interfaces
+ *
+ * Copyright (c) 2020 Andreas Schneider <asn@samba.org>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _INTERFACE_H
+#define _INTERFACE_H
+
+#include <system/network.h>
+
+bool ismyaddr(const struct sockaddr *ip);
+bool ismyip_v4(struct in_addr ip);
+bool is_local_net(const struct sockaddr *from);
+void setup_linklocal_scope_id(struct sockaddr *pss);
+bool is_local_net_v4(struct in_addr from);
+int iface_count(void);
+int iface_count_v4_nl(void);
+const struct in_addr *first_ipv4_iface(void);
+struct interface *get_interface(int n);
+const struct sockaddr_storage *iface_n_sockaddr_storage(int n);
+const struct in_addr *iface_n_ip_v4(int n);
+const struct in_addr *iface_n_bcast_v4(int n);
+const struct sockaddr_storage *iface_n_bcast(int n);
+const struct sockaddr_storage *iface_ip(const struct sockaddr *ip);
+bool iface_local(const struct sockaddr *ip);
+void load_interfaces(void);
+void gfree_interfaces(void);
+bool interfaces_changed(void);
+
+#endif /* _INTERFACE_H */
diff --git a/source3/lib/ldap_debug_handler.c b/source3/lib/ldap_debug_handler.c
new file mode 100644
index 0000000..27d9a20
--- /dev/null
+++ b/source3/lib/ldap_debug_handler.c
@@ -0,0 +1,51 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Intercept libldap debug output.
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "smb_ldap.h"
+
+#if defined(HAVE_LDAP) && defined(HAVE_LBER_LOG_PRINT_FN)
+static void samba_ldap_log_print_fn(LDAP_CONST char *data)
+{
+ DEBUG(lp_ldap_debug_threshold(), ("[LDAP] %s", data));
+}
+#endif
+
+void init_ldap_debugging(void)
+{
+#if defined(HAVE_LDAP) && defined(HAVE_LBER_LOG_PRINT_FN)
+ int ret;
+ int ldap_debug_level = lp_ldap_debug_level();
+
+ ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug_level);
+ if (ret != LDAP_OPT_SUCCESS) {
+ DEBUG(10, ("Error setting LDAP debug level.\n"));
+ }
+
+ if (ldap_debug_level == 0) {
+ return;
+ }
+
+ ret = ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN,
+ (void *)samba_ldap_log_print_fn);
+ if (ret != LBER_OPT_SUCCESS) {
+ DEBUG(10, ("Error setting LBER log print function.\n"));
+ }
+#endif /* HAVE_LDAP && HAVE_LBER_LOG_PRINT_FN */
+}
diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c
new file mode 100644
index 0000000..b44662c
--- /dev/null
+++ b/source3/lib/ldap_escape.c
@@ -0,0 +1,137 @@
+/*
+ Unix SMB/CIFS implementation.
+ ldap filter argument escaping
+
+ Copyright (C) 1998, 1999, 2000 Luke Howard <lukeh@padl.com>,
+ Copyright (C) 2003 Andrew Bartlett <abartlet@samba.org>
+
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+/**
+ * Escape a parameter to an LDAP filter string, so they cannot contain
+ * embedded ( ) * or \ chars which may cause it not to parse correctly.
+ *
+ * @param s The input string
+ *
+ * @return A string allocated with talloc(), containing the escaped string,
+ * and to be talloc_free()ed by the caller.
+ **/
+
+char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s)
+{
+ size_t len = strlen(s)+1;
+ char *output = talloc_array(mem_ctx, char, len);
+ const char *sub;
+ int i = 0;
+ char *p = output;
+
+ if (output == NULL) {
+ return NULL;
+ }
+
+ while (*s)
+ {
+ switch (*s)
+ {
+ case '*':
+ sub = "\\2a";
+ break;
+ case '(':
+ sub = "\\28";
+ break;
+ case ')':
+ sub = "\\29";
+ break;
+ case '\\':
+ sub = "\\5c";
+ break;
+ default:
+ sub = NULL;
+ break;
+ }
+
+ if (sub) {
+ char *tmp;
+ len = len + 3;
+ tmp = talloc_realloc(mem_ctx, output, char, len);
+ if (tmp == NULL) {
+ TALLOC_FREE(output);
+ return NULL;
+ }
+ output = tmp;
+
+ p = &output[i];
+ memcpy(p, sub, 3);
+ p += 3;
+ i += 3;
+
+ } else {
+ *p = *s;
+ p++;
+ i++;
+ }
+ s++;
+ }
+
+ *p = '\0';
+ return output;
+}
+
+char *escape_rdn_val_string_alloc(const char *s)
+{
+ char *output, *p;
+
+ /* The maximum size of the escaped string can be twice the actual size */
+ output = (char *)SMB_MALLOC(2*strlen(s) + 1);
+
+ if (output == NULL) {
+ return NULL;
+ }
+
+ p = output;
+
+ while (*s)
+ {
+ switch (*s)
+ {
+ case ',':
+ case '=':
+ case '+':
+ case '<':
+ case '>':
+ case '#':
+ case ';':
+ case '\\':
+ case '\"':
+ *p++ = '\\';
+ *p++ = *s;
+ break;
+ default:
+ *p = *s;
+ p++;
+ }
+
+ s++;
+ }
+
+ *p = '\0';
+
+ /* resize the string to the actual final size */
+ output = (char *)SMB_REALLOC(output, strlen(output) + 1);
+ return output;
+}
diff --git a/source3/lib/lsa.c b/source3/lib/lsa.c
new file mode 100644
index 0000000..1c24a42
--- /dev/null
+++ b/source3/lib/lsa.c
@@ -0,0 +1,73 @@
+/*
+ * Helper functions related to the LSA server
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/***************************************************************************
+ init_lsa_ref_domain_list - adds a domain if it's not already in, returns index.
+***************************************************************************/
+
+#include "replace.h"
+#include "lib/util/data_blob.h"
+#include "lib/util/time.h"
+#include "libcli/security/dom_sid.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "lsa.h"
+
+int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
+ struct lsa_RefDomainList *ref,
+ const char *dom_name,
+ struct dom_sid *dom_sid)
+{
+ int num = 0;
+
+ if (dom_name != NULL) {
+ for (num = 0; num < ref->count; num++) {
+ if (dom_sid_equal(dom_sid, ref->domains[num].sid)) {
+ return num;
+ }
+ }
+ } else {
+ num = ref->count;
+ }
+
+ if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
+ /* index not found, already at maximum domain limit */
+ return -1;
+ }
+
+ ref->count = num + 1;
+ ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
+
+ ref->domains = talloc_realloc(mem_ctx, ref->domains,
+ struct lsa_DomainInfo, ref->count);
+ if (!ref->domains) {
+ return -1;
+ }
+
+ ZERO_STRUCT(ref->domains[num]);
+
+ ref->domains[num].name.string = talloc_strdup(mem_ctx, dom_name);
+ if (!ref->domains[num].name.string) {
+ return -1;
+ }
+
+ ref->domains[num].sid = dom_sid_dup(mem_ctx, dom_sid);
+ if (!ref->domains[num].sid) {
+ return -1;
+ }
+
+ return num;
+}
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
new file mode 100644
index 0000000..7d3d469
--- /dev/null
+++ b/source3/lib/messages.c
@@ -0,0 +1,1480 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba internal messaging functions
+ Copyright (C) Andrew Tridgell 2000
+ Copyright (C) 2001 by Martin Pool
+ Copyright (C) 2002 by Jeremy Allison
+ Copyright (C) 2007 by Volker Lendecke
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ @defgroup messages Internal messaging framework
+ @{
+ @file messages.c
+
+ @brief Module for internal messaging between Samba daemons.
+
+ The idea is that if a part of Samba wants to do communication with
+ another Samba process then it will do a message_register() of a
+ dispatch function, and use message_send_pid() to send messages to
+ that process.
+
+ The dispatch function is given the pid of the sender, and it can
+ use that to reply by message_send_pid(). See ping_message() for a
+ simple example.
+
+ @caution Dispatch functions must be able to cope with incoming
+ messages on an *odd* byte boundary.
+
+ This system doesn't have any inherent size limitations but is not
+ very efficient for large messages or when messages are sent in very
+ quick succession.
+
+*/
+
+#include "includes.h"
+#include "lib/util/server_id.h"
+#include "dbwrap/dbwrap.h"
+#include "serverid.h"
+#include "messages.h"
+#include "lib/util/tevent_unix.h"
+#include "lib/background.h"
+#include "lib/messaging/messages_dgm.h"
+#include "lib/util/iov_buf.h"
+#include "lib/util/server_id_db.h"
+#include "lib/messaging/messages_dgm_ref.h"
+#include "lib/messages_ctdb.h"
+#include "lib/messages_ctdb_ref.h"
+#include "lib/messages_util.h"
+#include "cluster_support.h"
+#include "ctdbd_conn.h"
+#include "ctdb_srvids.h"
+
+#ifdef CLUSTER_SUPPORT
+#include "ctdb_protocol.h"
+#endif
+
+struct messaging_callback {
+ struct messaging_callback *prev, *next;
+ uint32_t msg_type;
+ void (*fn)(struct messaging_context *msg, void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id, DATA_BLOB *data);
+ void *private_data;
+};
+
+struct messaging_registered_ev {
+ struct tevent_context *ev;
+ struct tevent_immediate *im;
+ size_t refcount;
+};
+
+struct messaging_context {
+ struct server_id id;
+ struct tevent_context *event_ctx;
+ struct messaging_callback *callbacks;
+
+ struct messaging_rec *posted_msgs;
+
+ struct messaging_registered_ev *event_contexts;
+
+ struct tevent_req **new_waiters;
+ size_t num_new_waiters;
+
+ struct tevent_req **waiters;
+ size_t num_waiters;
+
+ struct server_id_db *names_db;
+
+ TALLOC_CTX *per_process_talloc_ctx;
+};
+
+static struct messaging_rec *messaging_rec_dup(TALLOC_CTX *mem_ctx,
+ struct messaging_rec *rec);
+static bool messaging_dispatch_classic(struct messaging_context *msg_ctx,
+ struct messaging_rec *rec);
+static bool messaging_dispatch_waiters(struct messaging_context *msg_ctx,
+ struct tevent_context *ev,
+ struct messaging_rec *rec);
+static void messaging_dispatch_rec(struct messaging_context *msg_ctx,
+ struct tevent_context *ev,
+ struct messaging_rec *rec);
+
+/****************************************************************************
+ A useful function for testing the message system.
+****************************************************************************/
+
+static void ping_message(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id src,
+ DATA_BLOB *data)
+{
+ struct server_id_buf idbuf;
+
+ DEBUG(1, ("INFO: Received PING message from PID %s [%.*s]\n",
+ server_id_str_buf(src, &idbuf), (int)data->length,
+ data->data ? (char *)data->data : ""));
+
+ messaging_send(msg_ctx, src, MSG_PONG, data);
+}
+
+struct messaging_rec *messaging_rec_create(
+ TALLOC_CTX *mem_ctx, struct server_id src, struct server_id dst,
+ uint32_t msg_type, const struct iovec *iov, int iovlen,
+ const int *fds, size_t num_fds)
+{
+ ssize_t buflen;
+ uint8_t *buf;
+ struct messaging_rec *result;
+
+ if (num_fds > INT8_MAX) {
+ return NULL;
+ }
+
+ buflen = iov_buflen(iov, iovlen);
+ if (buflen == -1) {
+ return NULL;
+ }
+ buf = talloc_array(mem_ctx, uint8_t, buflen);
+ if (buf == NULL) {
+ return NULL;
+ }
+ iov_buf(iov, iovlen, buf, buflen);
+
+ {
+ struct messaging_rec rec;
+ int64_t fds64[MAX(1, num_fds)];
+ size_t i;
+
+ for (i=0; i<num_fds; i++) {
+ fds64[i] = fds[i];
+ }
+
+ rec = (struct messaging_rec) {
+ .msg_version = MESSAGE_VERSION, .msg_type = msg_type,
+ .src = src, .dest = dst,
+ .buf.data = buf, .buf.length = buflen,
+ .num_fds = num_fds, .fds = fds64,
+ };
+
+ result = messaging_rec_dup(mem_ctx, &rec);
+ }
+
+ TALLOC_FREE(buf);
+
+ return result;
+}
+
+static bool messaging_register_event_context(struct messaging_context *ctx,
+ struct tevent_context *ev)
+{
+ size_t i, num_event_contexts;
+ struct messaging_registered_ev *free_reg = NULL;
+ struct messaging_registered_ev *tmp;
+
+ num_event_contexts = talloc_array_length(ctx->event_contexts);
+
+ for (i=0; i<num_event_contexts; i++) {
+ struct messaging_registered_ev *reg = &ctx->event_contexts[i];
+
+ if (reg->refcount == 0) {
+ if (reg->ev != NULL) {
+ abort();
+ }
+ free_reg = reg;
+ /*
+ * We continue here and may find another
+ * free_req, but the important thing is
+ * that we continue to search for an
+ * existing registration in the loop.
+ */
+ continue;
+ }
+
+ if (reg->ev == ev) {
+ reg->refcount += 1;
+ return true;
+ }
+ }
+
+ if (free_reg == NULL) {
+ struct tevent_immediate *im = NULL;
+
+ im = tevent_create_immediate(ctx);
+ if (im == NULL) {
+ return false;
+ }
+
+ tmp = talloc_realloc(ctx, ctx->event_contexts,
+ struct messaging_registered_ev,
+ num_event_contexts+1);
+ if (tmp == NULL) {
+ return false;
+ }
+ ctx->event_contexts = tmp;
+
+ free_reg = &ctx->event_contexts[num_event_contexts];
+ free_reg->im = talloc_move(ctx->event_contexts, &im);
+ }
+
+ /*
+ * free_reg->im might be cached
+ */
+ free_reg->ev = ev;
+ free_reg->refcount = 1;
+
+ return true;
+}
+
+static bool messaging_deregister_event_context(struct messaging_context *ctx,
+ struct tevent_context *ev)
+{
+ size_t i, num_event_contexts;
+
+ num_event_contexts = talloc_array_length(ctx->event_contexts);
+
+ for (i=0; i<num_event_contexts; i++) {
+ struct messaging_registered_ev *reg = &ctx->event_contexts[i];
+
+ if (reg->refcount == 0) {
+ continue;
+ }
+
+ if (reg->ev == ev) {
+ reg->refcount -= 1;
+
+ if (reg->refcount == 0) {
+ /*
+ * The primary event context
+ * is never unregistered using
+ * messaging_deregister_event_context()
+ * it's only registered using
+ * messaging_register_event_context().
+ */
+ SMB_ASSERT(ev != ctx->event_ctx);
+ SMB_ASSERT(reg->ev != ctx->event_ctx);
+
+ /*
+ * Not strictly necessary, just
+ * paranoia
+ */
+ reg->ev = NULL;
+
+ /*
+ * Do not talloc_free(reg->im),
+ * recycle immediates events.
+ *
+ * We just invalidate it using
+ * the primary event context,
+ * which is never unregistered.
+ */
+ tevent_schedule_immediate(reg->im,
+ ctx->event_ctx,
+ NULL, NULL);
+ }
+ return true;
+ }
+ }
+ return false;
+}
+
+static void messaging_post_main_event_context(struct tevent_context *ev,
+ struct tevent_immediate *im,
+ void *private_data)
+{
+ struct messaging_context *ctx = talloc_get_type_abort(
+ private_data, struct messaging_context);
+
+ while (ctx->posted_msgs != NULL) {
+ struct messaging_rec *rec = ctx->posted_msgs;
+ bool consumed;
+
+ DLIST_REMOVE(ctx->posted_msgs, rec);
+
+ consumed = messaging_dispatch_classic(ctx, rec);
+ if (!consumed) {
+ consumed = messaging_dispatch_waiters(
+ ctx, ctx->event_ctx, rec);
+ }
+
+ if (!consumed) {
+ uint8_t i;
+
+ for (i=0; i<rec->num_fds; i++) {
+ close(rec->fds[i]);
+ }
+ }
+
+ TALLOC_FREE(rec);
+ }
+}
+
+static void messaging_post_sub_event_context(struct tevent_context *ev,
+ struct tevent_immediate *im,
+ void *private_data)
+{
+ struct messaging_context *ctx = talloc_get_type_abort(
+ private_data, struct messaging_context);
+ struct messaging_rec *rec, *next;
+
+ for (rec = ctx->posted_msgs; rec != NULL; rec = next) {
+ bool consumed;
+
+ next = rec->next;
+
+ consumed = messaging_dispatch_waiters(ctx, ev, rec);
+ if (consumed) {
+ DLIST_REMOVE(ctx->posted_msgs, rec);
+ TALLOC_FREE(rec);
+ }
+ }
+}
+
+static bool messaging_alert_event_contexts(struct messaging_context *ctx)
+{
+ size_t i, num_event_contexts;
+
+ num_event_contexts = talloc_array_length(ctx->event_contexts);
+
+ for (i=0; i<num_event_contexts; i++) {
+ struct messaging_registered_ev *reg = &ctx->event_contexts[i];
+
+ if (reg->refcount == 0) {
+ continue;
+ }
+
+ /*
+ * We depend on schedule_immediate to work
+ * multiple times. Might be a bit inefficient,
+ * but this needs to be proven in tests. The
+ * alternatively would be to track whether the
+ * immediate has already been scheduled. For
+ * now, avoid that complexity here.
+ */
+
+ if (reg->ev == ctx->event_ctx) {
+ tevent_schedule_immediate(
+ reg->im, reg->ev,
+ messaging_post_main_event_context,
+ ctx);
+ } else {
+ tevent_schedule_immediate(
+ reg->im, reg->ev,
+ messaging_post_sub_event_context,
+ ctx);
+ }
+
+ }
+ return true;
+}
+
+static void messaging_recv_cb(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds,
+ void *private_data)
+{
+ struct messaging_context *msg_ctx = talloc_get_type_abort(
+ private_data, struct messaging_context);
+ struct server_id_buf idbuf;
+ struct messaging_rec rec;
+ int64_t fds64[MAX(1, MIN(num_fds, INT8_MAX))];
+ size_t i;
+
+ if (msg_len < MESSAGE_HDR_LENGTH) {
+ DBG_WARNING("message too short: %zu\n", msg_len);
+ return;
+ }
+
+ if (num_fds > INT8_MAX) {
+ DBG_WARNING("too many fds: %zu\n", num_fds);
+ return;
+ }
+
+ for (i=0; i < num_fds; i++) {
+ fds64[i] = fds[i];
+ }
+
+ rec = (struct messaging_rec) {
+ .msg_version = MESSAGE_VERSION,
+ .buf.data = discard_const_p(uint8_t, msg) + MESSAGE_HDR_LENGTH,
+ .buf.length = msg_len - MESSAGE_HDR_LENGTH,
+ .num_fds = num_fds,
+ .fds = fds64,
+ };
+
+ message_hdr_get(&rec.msg_type, &rec.src, &rec.dest, msg);
+
+ DBG_DEBUG("Received message 0x%x len %zu (num_fds:%zu) from %s\n",
+ (unsigned)rec.msg_type, rec.buf.length, num_fds,
+ server_id_str_buf(rec.src, &idbuf));
+
+ if (server_id_same_process(&rec.src, &msg_ctx->id)) {
+ DBG_DEBUG("Ignoring self-send\n");
+ return;
+ }
+
+ messaging_dispatch_rec(msg_ctx, ev, &rec);
+
+ for (i=0; i<num_fds; i++) {
+ fds[i] = fds64[i];
+ }
+}
+
+static int messaging_context_destructor(struct messaging_context *ctx)
+{
+ size_t i;
+
+ for (i=0; i<ctx->num_new_waiters; i++) {
+ if (ctx->new_waiters[i] != NULL) {
+ tevent_req_set_cleanup_fn(ctx->new_waiters[i], NULL);
+ ctx->new_waiters[i] = NULL;
+ }
+ }
+ for (i=0; i<ctx->num_waiters; i++) {
+ if (ctx->waiters[i] != NULL) {
+ tevent_req_set_cleanup_fn(ctx->waiters[i], NULL);
+ ctx->waiters[i] = NULL;
+ }
+ }
+
+ /*
+ * The immediates from messaging_alert_event_contexts
+ * reference "ctx". Don't let them outlive the
+ * messaging_context we're destroying here.
+ */
+ TALLOC_FREE(ctx->event_contexts);
+
+ return 0;
+}
+
+static const char *private_path(const char *name)
+{
+ return talloc_asprintf(talloc_tos(), "%s/%s", lp_private_dir(), name);
+}
+
+static NTSTATUS messaging_init_internal(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context **pmsg_ctx)
+{
+ TALLOC_CTX *frame;
+ struct messaging_context *ctx;
+ NTSTATUS status;
+ int ret;
+ const char *lck_path;
+ const char *priv_path;
+ void *ref;
+ bool ok;
+
+ /*
+ * sec_init() *must* be called before any other
+ * functions that use sec_XXX(). e.g. sec_initial_uid().
+ */
+
+ sec_init();
+
+ lck_path = lock_path(talloc_tos(), "msg.lock");
+ if (lck_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ok = directory_create_or_exist_strict(lck_path,
+ sec_initial_uid(),
+ 0755);
+ if (!ok) {
+ DBG_DEBUG("Could not create lock directory: %s\n",
+ strerror(errno));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ priv_path = private_path("msg.sock");
+ if (priv_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ok = directory_create_or_exist_strict(priv_path, sec_initial_uid(),
+ 0700);
+ if (!ok) {
+ DBG_DEBUG("Could not create msg directory: %s\n",
+ strerror(errno));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ frame = talloc_stackframe();
+ if (frame == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ctx = talloc_zero(frame, struct messaging_context);
+ if (ctx == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ ctx->id = (struct server_id) {
+ .pid = tevent_cached_getpid(), .vnn = NONCLUSTER_VNN
+ };
+
+ ctx->event_ctx = ev;
+
+ ctx->per_process_talloc_ctx = talloc_new(ctx);
+ if (ctx->per_process_talloc_ctx == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ ok = messaging_register_event_context(ctx, ev);
+ if (!ok) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ ref = messaging_dgm_ref(
+ ctx->per_process_talloc_ctx,
+ ctx->event_ctx,
+ &ctx->id.unique_id,
+ priv_path,
+ lck_path,
+ messaging_recv_cb,
+ ctx,
+ &ret);
+ if (ref == NULL) {
+ DEBUG(2, ("messaging_dgm_ref failed: %s\n", strerror(ret)));
+ status = map_nt_error_from_unix(ret);
+ goto done;
+ }
+ talloc_set_destructor(ctx, messaging_context_destructor);
+
+#ifdef CLUSTER_SUPPORT
+ if (lp_clustering()) {
+ ref = messaging_ctdb_ref(
+ ctx->per_process_talloc_ctx,
+ ctx->event_ctx,
+ lp_ctdbd_socket(),
+ lp_ctdb_timeout(),
+ ctx->id.unique_id,
+ messaging_recv_cb,
+ ctx,
+ &ret);
+ if (ref == NULL) {
+ DBG_NOTICE("messaging_ctdb_ref failed: %s\n",
+ strerror(ret));
+ status = map_nt_error_from_unix(ret);
+ goto done;
+ }
+ }
+#endif
+
+ ctx->id.vnn = get_my_vnn();
+
+ ctx->names_db = server_id_db_init(ctx,
+ ctx->id,
+ lp_lock_directory(),
+ 0,
+ TDB_INCOMPATIBLE_HASH|TDB_CLEAR_IF_FIRST);
+ if (ctx->names_db == NULL) {
+ DBG_DEBUG("server_id_db_init failed\n");
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ messaging_register(ctx, NULL, MSG_PING, ping_message);
+
+ /* Register some debugging related messages */
+
+ register_msg_pool_usage(ctx->per_process_talloc_ctx, ctx);
+ register_dmalloc_msgs(ctx);
+ debug_register_msgs(ctx);
+
+ {
+ struct server_id_buf tmp;
+ DBG_DEBUG("my id: %s\n", server_id_str_buf(ctx->id, &tmp));
+ }
+
+ *pmsg_ctx = talloc_steal(mem_ctx, ctx);
+
+ status = NT_STATUS_OK;
+done:
+ TALLOC_FREE(frame);
+
+ return status;
+}
+
+struct messaging_context *messaging_init(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev)
+{
+ struct messaging_context *ctx = NULL;
+ NTSTATUS status;
+
+ status = messaging_init_internal(mem_ctx,
+ ev,
+ &ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
+ }
+
+ return ctx;
+}
+
+struct server_id messaging_server_id(const struct messaging_context *msg_ctx)
+{
+ return msg_ctx->id;
+}
+
+/*
+ * re-init after a fork
+ */
+NTSTATUS messaging_reinit(struct messaging_context *msg_ctx)
+{
+ int ret;
+ char *lck_path;
+ void *ref;
+
+ TALLOC_FREE(msg_ctx->per_process_talloc_ctx);
+
+ msg_ctx->per_process_talloc_ctx = talloc_new(msg_ctx);
+ if (msg_ctx->per_process_talloc_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ msg_ctx->id = (struct server_id) {
+ .pid = tevent_cached_getpid(), .vnn = msg_ctx->id.vnn
+ };
+
+ lck_path = lock_path(talloc_tos(), "msg.lock");
+ if (lck_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ref = messaging_dgm_ref(
+ msg_ctx->per_process_talloc_ctx,
+ msg_ctx->event_ctx,
+ &msg_ctx->id.unique_id,
+ private_path("msg.sock"),
+ lck_path,
+ messaging_recv_cb,
+ msg_ctx,
+ &ret);
+
+ if (ref == NULL) {
+ DEBUG(2, ("messaging_dgm_ref failed: %s\n", strerror(ret)));
+ return map_nt_error_from_unix(ret);
+ }
+
+ if (lp_clustering()) {
+ ref = messaging_ctdb_ref(
+ msg_ctx->per_process_talloc_ctx,
+ msg_ctx->event_ctx,
+ lp_ctdbd_socket(),
+ lp_ctdb_timeout(),
+ msg_ctx->id.unique_id,
+ messaging_recv_cb,
+ msg_ctx,
+ &ret);
+ if (ref == NULL) {
+ DBG_NOTICE("messaging_ctdb_ref failed: %s\n",
+ strerror(ret));
+ return map_nt_error_from_unix(ret);
+ }
+ }
+
+ server_id_db_reinit(msg_ctx->names_db, msg_ctx->id);
+ register_msg_pool_usage(msg_ctx->per_process_talloc_ctx, msg_ctx);
+
+ return NT_STATUS_OK;
+}
+
+
+/*
+ * Register a dispatch function for a particular message type. Allow multiple
+ * registrants
+*/
+NTSTATUS messaging_register(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ void (*fn)(struct messaging_context *msg,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data))
+{
+ struct messaging_callback *cb;
+
+ DEBUG(5, ("Registering messaging pointer for type %u - "
+ "private_data=%p\n",
+ (unsigned)msg_type, private_data));
+
+ /*
+ * Only one callback per type
+ */
+
+ for (cb = msg_ctx->callbacks; cb != NULL; cb = cb->next) {
+ /* we allow a second registration of the same message
+ type if it has a different private pointer. This is
+ needed in, for example, the internal notify code,
+ which creates a new notify context for each tree
+ connect, and expects to receive messages to each of
+ them. */
+ if (cb->msg_type == msg_type && private_data == cb->private_data) {
+ DEBUG(5,("Overriding messaging pointer for type %u - private_data=%p\n",
+ (unsigned)msg_type, private_data));
+ cb->fn = fn;
+ cb->private_data = private_data;
+ return NT_STATUS_OK;
+ }
+ }
+
+ if (!(cb = talloc(msg_ctx, struct messaging_callback))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cb->msg_type = msg_type;
+ cb->fn = fn;
+ cb->private_data = private_data;
+
+ DLIST_ADD(msg_ctx->callbacks, cb);
+ return NT_STATUS_OK;
+}
+
+/*
+ De-register the function for a particular message type.
+*/
+void messaging_deregister(struct messaging_context *ctx, uint32_t msg_type,
+ void *private_data)
+{
+ struct messaging_callback *cb, *next;
+
+ for (cb = ctx->callbacks; cb; cb = next) {
+ next = cb->next;
+ if ((cb->msg_type == msg_type)
+ && (cb->private_data == private_data)) {
+ DEBUG(5,("Deregistering messaging pointer for type %u - private_data=%p\n",
+ (unsigned)msg_type, private_data));
+ DLIST_REMOVE(ctx->callbacks, cb);
+ TALLOC_FREE(cb);
+ }
+ }
+}
+
+/*
+ Send a message to a particular server
+*/
+NTSTATUS messaging_send(struct messaging_context *msg_ctx,
+ struct server_id server, uint32_t msg_type,
+ const DATA_BLOB *data)
+{
+ struct iovec iov = {0};
+
+ if (data != NULL) {
+ iov.iov_base = data->data;
+ iov.iov_len = data->length;
+ };
+
+ return messaging_send_iov(msg_ctx, server, msg_type, &iov, 1, NULL, 0);
+}
+
+NTSTATUS messaging_send_buf(struct messaging_context *msg_ctx,
+ struct server_id server, uint32_t msg_type,
+ const uint8_t *buf, size_t len)
+{
+ DATA_BLOB blob = data_blob_const(buf, len);
+ return messaging_send(msg_ctx, server, msg_type, &blob);
+}
+
+static int messaging_post_self(struct messaging_context *msg_ctx,
+ struct server_id src, struct server_id dst,
+ uint32_t msg_type,
+ const struct iovec *iov, int iovlen,
+ const int *fds, size_t num_fds)
+{
+ struct messaging_rec *rec;
+ bool ok;
+
+ rec = messaging_rec_create(
+ msg_ctx, src, dst, msg_type, iov, iovlen, fds, num_fds);
+ if (rec == NULL) {
+ return ENOMEM;
+ }
+
+ ok = messaging_alert_event_contexts(msg_ctx);
+ if (!ok) {
+ TALLOC_FREE(rec);
+ return ENOMEM;
+ }
+
+ DLIST_ADD_END(msg_ctx->posted_msgs, rec);
+
+ return 0;
+}
+
+int messaging_send_iov_from(struct messaging_context *msg_ctx,
+ struct server_id src, struct server_id dst,
+ uint32_t msg_type,
+ const struct iovec *iov, int iovlen,
+ const int *fds, size_t num_fds)
+{
+ int ret;
+ uint8_t hdr[MESSAGE_HDR_LENGTH];
+ struct iovec iov2[iovlen+1];
+
+ if (server_id_is_disconnected(&dst)) {
+ return EINVAL;
+ }
+
+ if (num_fds > INT8_MAX) {
+ return EINVAL;
+ }
+
+ if (server_id_equal(&dst, &msg_ctx->id)) {
+ ret = messaging_post_self(msg_ctx, src, dst, msg_type,
+ iov, iovlen, fds, num_fds);
+ return ret;
+ }
+
+ message_hdr_put(hdr, msg_type, src, dst);
+ iov2[0] = (struct iovec){ .iov_base = hdr, .iov_len = sizeof(hdr) };
+ memcpy(&iov2[1], iov, iovlen * sizeof(*iov));
+
+ if (dst.vnn != msg_ctx->id.vnn) {
+ if (num_fds > 0) {
+ return ENOSYS;
+ }
+
+ ret = messaging_ctdb_send(dst.vnn, dst.pid, iov2, iovlen+1);
+ return ret;
+ }
+
+ ret = messaging_dgm_send(dst.pid, iov2, iovlen+1, fds, num_fds);
+
+ if (ret == EACCES) {
+ become_root();
+ ret = messaging_dgm_send(dst.pid, iov2, iovlen+1,
+ fds, num_fds);
+ unbecome_root();
+ }
+
+ if (ret == ECONNREFUSED) {
+ /*
+ * Linux returns this when a socket exists in the file
+ * system without a listening process. This is not
+ * documented in susv4 or the linux manpages, but it's
+ * easily testable. For the higher levels this is the
+ * same as "destination does not exist"
+ */
+ ret = ENOENT;
+ }
+
+ return ret;
+}
+
+NTSTATUS messaging_send_iov(struct messaging_context *msg_ctx,
+ struct server_id dst, uint32_t msg_type,
+ const struct iovec *iov, int iovlen,
+ const int *fds, size_t num_fds)
+{
+ int ret;
+
+ ret = messaging_send_iov_from(msg_ctx, msg_ctx->id, dst, msg_type,
+ iov, iovlen, fds, num_fds);
+ if (ret != 0) {
+ return map_nt_error_from_unix(ret);
+ }
+ return NT_STATUS_OK;
+}
+
+struct send_all_state {
+ struct messaging_context *msg_ctx;
+ int msg_type;
+ const void *buf;
+ size_t len;
+};
+
+static int send_all_fn(pid_t pid, void *private_data)
+{
+ struct send_all_state *state = private_data;
+ NTSTATUS status;
+
+ if (pid == tevent_cached_getpid()) {
+ DBG_DEBUG("Skip ourselves in messaging_send_all\n");
+ return 0;
+ }
+
+ status = messaging_send_buf(state->msg_ctx, pid_to_procid(pid),
+ state->msg_type, state->buf, state->len);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_NOTICE("messaging_send_buf to %ju failed: %s\n",
+ (uintmax_t)pid, nt_errstr(status));
+ }
+
+ return 0;
+}
+
+void messaging_send_all(struct messaging_context *msg_ctx,
+ int msg_type, const void *buf, size_t len)
+{
+ struct send_all_state state = {
+ .msg_ctx = msg_ctx, .msg_type = msg_type,
+ .buf = buf, .len = len
+ };
+ int ret;
+
+#ifdef CLUSTER_SUPPORT
+ if (lp_clustering()) {
+ struct ctdbd_connection *conn = messaging_ctdb_connection();
+ uint8_t msghdr[MESSAGE_HDR_LENGTH];
+ struct iovec iov[] = {
+ { .iov_base = msghdr,
+ .iov_len = sizeof(msghdr) },
+ { .iov_base = discard_const_p(void, buf),
+ .iov_len = len }
+ };
+
+ message_hdr_put(msghdr, msg_type, messaging_server_id(msg_ctx),
+ (struct server_id) {0});
+
+ ret = ctdbd_messaging_send_iov(
+ conn, CTDB_BROADCAST_CONNECTED,
+ CTDB_SRVID_SAMBA_PROCESS,
+ iov, ARRAY_SIZE(iov));
+ if (ret != 0) {
+ DBG_WARNING("ctdbd_messaging_send_iov failed: %s\n",
+ strerror(ret));
+ }
+
+ return;
+ }
+#endif
+
+ ret = messaging_dgm_forall(send_all_fn, &state);
+ if (ret != 0) {
+ DBG_WARNING("messaging_dgm_forall failed: %s\n",
+ strerror(ret));
+ }
+}
+
+static struct messaging_rec *messaging_rec_dup(TALLOC_CTX *mem_ctx,
+ struct messaging_rec *rec)
+{
+ struct messaging_rec *result;
+ size_t fds_size = sizeof(int64_t) * rec->num_fds;
+ size_t payload_len;
+
+ payload_len = rec->buf.length + fds_size;
+ if (payload_len < rec->buf.length) {
+ /* overflow */
+ return NULL;
+ }
+
+ result = talloc_pooled_object(mem_ctx, struct messaging_rec, 2,
+ payload_len);
+ if (result == NULL) {
+ return NULL;
+ }
+ *result = *rec;
+
+ /* Doesn't fail, see talloc_pooled_object */
+
+ result->buf.data = talloc_memdup(result, rec->buf.data,
+ rec->buf.length);
+
+ result->fds = NULL;
+ if (result->num_fds > 0) {
+ size_t i;
+
+ result->fds = talloc_memdup(result, rec->fds, fds_size);
+
+ for (i=0; i<rec->num_fds; i++) {
+ /*
+ * fd's can only exist once
+ */
+ rec->fds[i] = -1;
+ }
+ }
+
+ return result;
+}
+
+struct messaging_filtered_read_state {
+ struct tevent_context *ev;
+ struct messaging_context *msg_ctx;
+ struct messaging_dgm_fde *fde;
+ struct messaging_ctdb_fde *cluster_fde;
+
+ bool (*filter)(struct messaging_rec *rec, void *private_data);
+ void *private_data;
+
+ struct messaging_rec *rec;
+};
+
+static void messaging_filtered_read_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state);
+
+struct tevent_req *messaging_filtered_read_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct messaging_context *msg_ctx,
+ bool (*filter)(struct messaging_rec *rec, void *private_data),
+ void *private_data)
+{
+ struct tevent_req *req;
+ struct messaging_filtered_read_state *state;
+ size_t new_waiters_len;
+ bool ok;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct messaging_filtered_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->msg_ctx = msg_ctx;
+ state->filter = filter;
+ state->private_data = private_data;
+
+ /*
+ * We have to defer the callback here, as we might be called from
+ * within a different tevent_context than state->ev
+ */
+ tevent_req_defer_callback(req, state->ev);
+
+ state->fde = messaging_dgm_register_tevent_context(state, ev);
+ if (tevent_req_nomem(state->fde, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (lp_clustering()) {
+ state->cluster_fde =
+ messaging_ctdb_register_tevent_context(state, ev);
+ if (tevent_req_nomem(state->cluster_fde, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ /*
+ * We add ourselves to the "new_waiters" array, not the "waiters"
+ * array. If we are called from within messaging_read_done,
+ * messaging_dispatch_rec will be in an active for-loop on
+ * "waiters". We must be careful not to mess with this array, because
+ * it could mean that a single event is being delivered twice.
+ */
+
+ new_waiters_len = talloc_array_length(msg_ctx->new_waiters);
+
+ if (new_waiters_len == msg_ctx->num_new_waiters) {
+ struct tevent_req **tmp;
+
+ tmp = talloc_realloc(msg_ctx, msg_ctx->new_waiters,
+ struct tevent_req *, new_waiters_len+1);
+ if (tevent_req_nomem(tmp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ msg_ctx->new_waiters = tmp;
+ }
+
+ msg_ctx->new_waiters[msg_ctx->num_new_waiters] = req;
+ msg_ctx->num_new_waiters += 1;
+ tevent_req_set_cleanup_fn(req, messaging_filtered_read_cleanup);
+
+ ok = messaging_register_event_context(msg_ctx, ev);
+ if (!ok) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
+
+ return req;
+}
+
+static void messaging_filtered_read_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state)
+{
+ struct messaging_filtered_read_state *state = tevent_req_data(
+ req, struct messaging_filtered_read_state);
+ struct messaging_context *msg_ctx = state->msg_ctx;
+ size_t i;
+ bool ok;
+
+ tevent_req_set_cleanup_fn(req, NULL);
+
+ TALLOC_FREE(state->fde);
+ TALLOC_FREE(state->cluster_fde);
+
+ ok = messaging_deregister_event_context(msg_ctx, state->ev);
+ if (!ok) {
+ abort();
+ }
+
+ /*
+ * Just set the [new_]waiters entry to NULL, be careful not to mess
+ * with the other "waiters" array contents. We are often called from
+ * within "messaging_dispatch_rec", which loops over
+ * "waiters". Messing with the "waiters" array will mess up that
+ * for-loop.
+ */
+
+ for (i=0; i<msg_ctx->num_waiters; i++) {
+ if (msg_ctx->waiters[i] == req) {
+ msg_ctx->waiters[i] = NULL;
+ return;
+ }
+ }
+
+ for (i=0; i<msg_ctx->num_new_waiters; i++) {
+ if (msg_ctx->new_waiters[i] == req) {
+ msg_ctx->new_waiters[i] = NULL;
+ return;
+ }
+ }
+}
+
+static void messaging_filtered_read_done(struct tevent_req *req,
+ struct messaging_rec *rec)
+{
+ struct messaging_filtered_read_state *state = tevent_req_data(
+ req, struct messaging_filtered_read_state);
+
+ state->rec = messaging_rec_dup(state, rec);
+ if (tevent_req_nomem(state->rec, req)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+int messaging_filtered_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct messaging_rec **presult)
+{
+ struct messaging_filtered_read_state *state = tevent_req_data(
+ req, struct messaging_filtered_read_state);
+ int err;
+
+ if (tevent_req_is_unix_error(req, &err)) {
+ tevent_req_received(req);
+ return err;
+ }
+ if (presult != NULL) {
+ *presult = talloc_move(mem_ctx, &state->rec);
+ }
+ tevent_req_received(req);
+ return 0;
+}
+
+struct messaging_read_state {
+ uint32_t msg_type;
+ struct messaging_rec *rec;
+};
+
+static bool messaging_read_filter(struct messaging_rec *rec,
+ void *private_data);
+static void messaging_read_done(struct tevent_req *subreq);
+
+struct tevent_req *messaging_read_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg,
+ uint32_t msg_type)
+{
+ struct tevent_req *req, *subreq;
+ struct messaging_read_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct messaging_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->msg_type = msg_type;
+
+ subreq = messaging_filtered_read_send(state, ev, msg,
+ messaging_read_filter, state);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, messaging_read_done, req);
+ return req;
+}
+
+static bool messaging_read_filter(struct messaging_rec *rec,
+ void *private_data)
+{
+ struct messaging_read_state *state = talloc_get_type_abort(
+ private_data, struct messaging_read_state);
+
+ if (rec->num_fds != 0) {
+ return false;
+ }
+
+ return rec->msg_type == state->msg_type;
+}
+
+static void messaging_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct messaging_read_state *state = tevent_req_data(
+ req, struct messaging_read_state);
+ int ret;
+
+ ret = messaging_filtered_read_recv(subreq, state, &state->rec);
+ TALLOC_FREE(subreq);
+ if (tevent_req_error(req, ret)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+int messaging_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct messaging_rec **presult)
+{
+ struct messaging_read_state *state = tevent_req_data(
+ req, struct messaging_read_state);
+ int err;
+
+ if (tevent_req_is_unix_error(req, &err)) {
+ return err;
+ }
+ if (presult != NULL) {
+ *presult = talloc_move(mem_ctx, &state->rec);
+ }
+ return 0;
+}
+
+static bool messaging_append_new_waiters(struct messaging_context *msg_ctx)
+{
+ if (msg_ctx->num_new_waiters == 0) {
+ return true;
+ }
+
+ if (talloc_array_length(msg_ctx->waiters) <
+ (msg_ctx->num_waiters + msg_ctx->num_new_waiters)) {
+ struct tevent_req **tmp;
+ tmp = talloc_realloc(
+ msg_ctx, msg_ctx->waiters, struct tevent_req *,
+ msg_ctx->num_waiters + msg_ctx->num_new_waiters);
+ if (tmp == NULL) {
+ DEBUG(1, ("%s: talloc failed\n", __func__));
+ return false;
+ }
+ msg_ctx->waiters = tmp;
+ }
+
+ memcpy(&msg_ctx->waiters[msg_ctx->num_waiters], msg_ctx->new_waiters,
+ sizeof(struct tevent_req *) * msg_ctx->num_new_waiters);
+
+ msg_ctx->num_waiters += msg_ctx->num_new_waiters;
+ msg_ctx->num_new_waiters = 0;
+
+ return true;
+}
+
+static bool messaging_dispatch_classic(struct messaging_context *msg_ctx,
+ struct messaging_rec *rec)
+{
+ struct messaging_callback *cb, *next;
+
+ for (cb = msg_ctx->callbacks; cb != NULL; cb = next) {
+ size_t j;
+
+ next = cb->next;
+ if (cb->msg_type != rec->msg_type) {
+ continue;
+ }
+
+ /*
+ * the old style callbacks don't support fd passing
+ */
+ for (j=0; j < rec->num_fds; j++) {
+ int fd = rec->fds[j];
+ close(fd);
+ }
+ rec->num_fds = 0;
+ rec->fds = NULL;
+
+ cb->fn(msg_ctx, cb->private_data, rec->msg_type,
+ rec->src, &rec->buf);
+
+ return true;
+ }
+
+ return false;
+}
+
+static bool messaging_dispatch_waiters(struct messaging_context *msg_ctx,
+ struct tevent_context *ev,
+ struct messaging_rec *rec)
+{
+ size_t i;
+
+ if (!messaging_append_new_waiters(msg_ctx)) {
+ return false;
+ }
+
+ i = 0;
+ while (i < msg_ctx->num_waiters) {
+ struct tevent_req *req;
+ struct messaging_filtered_read_state *state;
+
+ req = msg_ctx->waiters[i];
+ if (req == NULL) {
+ /*
+ * This got cleaned up. In the meantime,
+ * move everything down one. We need
+ * to keep the order of waiters, as
+ * other code may depend on this.
+ */
+ ARRAY_DEL_ELEMENT(
+ msg_ctx->waiters, i, msg_ctx->num_waiters);
+ msg_ctx->num_waiters -= 1;
+ continue;
+ }
+
+ state = tevent_req_data(
+ req, struct messaging_filtered_read_state);
+ if ((ev == state->ev) &&
+ state->filter(rec, state->private_data)) {
+ messaging_filtered_read_done(req, rec);
+ return true;
+ }
+
+ i += 1;
+ }
+
+ return false;
+}
+
+/*
+ Dispatch one messaging_rec
+*/
+static void messaging_dispatch_rec(struct messaging_context *msg_ctx,
+ struct tevent_context *ev,
+ struct messaging_rec *rec)
+{
+ bool consumed;
+ size_t i;
+
+ if (ev == msg_ctx->event_ctx) {
+ consumed = messaging_dispatch_classic(msg_ctx, rec);
+ if (consumed) {
+ return;
+ }
+ }
+
+ consumed = messaging_dispatch_waiters(msg_ctx, ev, rec);
+ if (consumed) {
+ return;
+ }
+
+ if (ev != msg_ctx->event_ctx) {
+ struct iovec iov;
+ int fds[MAX(1, rec->num_fds)];
+ int ret;
+
+ /*
+ * We've been listening on a nested event
+ * context. Messages need to be handled in the main
+ * event context, so post to ourselves
+ */
+
+ iov.iov_base = rec->buf.data;
+ iov.iov_len = rec->buf.length;
+
+ for (i=0; i<rec->num_fds; i++) {
+ fds[i] = rec->fds[i];
+ }
+
+ ret = messaging_post_self(
+ msg_ctx, rec->src, rec->dest, rec->msg_type,
+ &iov, 1, fds, rec->num_fds);
+ if (ret == 0) {
+ return;
+ }
+ }
+}
+
+static int mess_parent_dgm_cleanup(void *private_data);
+static void mess_parent_dgm_cleanup_done(struct tevent_req *req);
+
+bool messaging_parent_dgm_cleanup_init(struct messaging_context *msg)
+{
+ struct tevent_req *req;
+
+ req = background_job_send(
+ msg, msg->event_ctx, msg, NULL, 0,
+ lp_parm_int(-1, "messaging", "messaging dgm cleanup interval",
+ 60*15),
+ mess_parent_dgm_cleanup, msg);
+ if (req == NULL) {
+ DBG_WARNING("background_job_send failed\n");
+ return false;
+ }
+ tevent_req_set_callback(req, mess_parent_dgm_cleanup_done, msg);
+ return true;
+}
+
+static int mess_parent_dgm_cleanup(void *private_data)
+{
+ int ret;
+
+ ret = messaging_dgm_wipe();
+ DEBUG(10, ("messaging_dgm_wipe returned %s\n",
+ ret ? strerror(ret) : "ok"));
+ return lp_parm_int(-1, "messaging", "messaging dgm cleanup interval",
+ 60*15);
+}
+
+static void mess_parent_dgm_cleanup_done(struct tevent_req *req)
+{
+ struct messaging_context *msg = tevent_req_callback_data(
+ req, struct messaging_context);
+ NTSTATUS status;
+
+ status = background_job_recv(req);
+ TALLOC_FREE(req);
+ DEBUG(1, ("messaging dgm cleanup job ended with %s\n",
+ nt_errstr(status)));
+
+ req = background_job_send(
+ msg, msg->event_ctx, msg, NULL, 0,
+ lp_parm_int(-1, "messaging", "messaging dgm cleanup interval",
+ 60*15),
+ mess_parent_dgm_cleanup, msg);
+ if (req == NULL) {
+ DEBUG(1, ("background_job_send failed\n"));
+ return;
+ }
+ tevent_req_set_callback(req, mess_parent_dgm_cleanup_done, msg);
+}
+
+int messaging_cleanup(struct messaging_context *msg_ctx, pid_t pid)
+{
+ int ret;
+
+ if (pid == 0) {
+ ret = messaging_dgm_wipe();
+ } else {
+ ret = messaging_dgm_cleanup(pid);
+ }
+
+ return ret;
+}
+
+struct tevent_context *messaging_tevent_context(
+ struct messaging_context *msg_ctx)
+{
+ return msg_ctx->event_ctx;
+}
+
+struct server_id_db *messaging_names_db(struct messaging_context *msg_ctx)
+{
+ return msg_ctx->names_db;
+}
+
+/** @} **/
diff --git a/source3/lib/messages_ctdb.c b/source3/lib/messages_ctdb.c
new file mode 100644
index 0000000..d55b53b
--- /dev/null
+++ b/source3/lib/messages_ctdb.c
@@ -0,0 +1,306 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba internal messaging functions
+ * Copyright (C) 2017 by Volker Lendecke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/messages_ctdb.h"
+#include "lib/util/server_id.h"
+#include "messages.h"
+#include "util_tdb.h"
+#include "lib/util/iov_buf.h"
+#include "lib/messages_util.h"
+#include "ctdbd_conn.h"
+#include "lib/cluster_support.h"
+#include "ctdb_srvids.h"
+
+struct messaging_ctdb_context;
+
+/*
+ * We can only have one tevent_fd per ctdb_context and per
+ * tevent_context. Maintain a list of registered tevent_contexts per
+ * ctdb_context.
+ */
+struct messaging_ctdb_fde_ev {
+ struct messaging_ctdb_fde_ev *prev, *next;
+
+ /*
+ * Backreference to enable DLIST_REMOVE from our
+ * destructor. Also, set to NULL when the ctdb_context dies
+ * before the messaging_ctdb_fde_ev.
+ */
+ struct messaging_ctdb_context *ctx;
+
+ struct tevent_context *ev;
+ struct tevent_fd *fde;
+};
+
+struct messaging_ctdb_context {
+ struct ctdbd_connection *conn;
+
+ void (*recv_cb)(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds,
+ void *private_data);
+ void *recv_cb_private_data;
+
+ struct messaging_ctdb_fde_ev *fde_evs;
+};
+
+static int messaging_ctdb_recv(
+ struct tevent_context *ev,
+ uint32_t src_vnn, uint32_t dst_vnn, uint64_t dst_srvid,
+ const uint8_t *msg, size_t msg_len, void *private_data)
+{
+ struct messaging_ctdb_context *state = talloc_get_type_abort(
+ private_data, struct messaging_ctdb_context);
+
+ state->recv_cb(ev, msg, msg_len, NULL, 0, state->recv_cb_private_data);
+
+ return 0;
+}
+
+struct messaging_ctdb_context *global_ctdb_context;
+
+static int global_ctdb_ctx_destructor(struct messaging_ctdb_context *ctx)
+{
+ if (ctx != NULL) {
+ struct messaging_ctdb_fde_ev *fde_ev = NULL;
+ for (fde_ev = ctx->fde_evs;
+ fde_ev != NULL;
+ fde_ev = fde_ev->next) {
+ if (fde_ev->ctx == ctx) {
+ fde_ev->ctx = NULL;
+ }
+ }
+ }
+ return 0;
+}
+
+int messaging_ctdb_init(const char *sockname, int timeout, uint64_t unique_id,
+ void (*recv_cb)(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds,
+ void *private_data),
+ void *private_data)
+{
+ struct messaging_ctdb_context *ctx;
+ int ret;
+
+ if (global_ctdb_context != NULL) {
+ return EBUSY;
+ }
+
+ ctx = talloc_zero(NULL, struct messaging_ctdb_context);
+ if (ctx == NULL) {
+ return ENOMEM;
+ }
+
+ talloc_set_destructor(ctx,
+ global_ctdb_ctx_destructor);
+
+ ctx->recv_cb = recv_cb;
+ ctx->recv_cb_private_data = private_data;
+
+ ret = ctdbd_init_connection(ctx, sockname, timeout, &ctx->conn);
+ if (ret != 0) {
+ DBG_DEBUG("ctdbd_init_connection returned %s\n",
+ strerror(ret));
+ goto fail;
+ }
+
+ ret = register_with_ctdbd(ctx->conn, tevent_cached_getpid(), messaging_ctdb_recv,
+ ctx);
+ if (ret != 0) {
+ DBG_DEBUG("register_with_ctdbd returned %s (%d)\n",
+ strerror(ret), ret);
+ goto fail;
+ }
+
+ ret = register_with_ctdbd(ctx->conn, CTDB_SRVID_SAMBA_PROCESS,
+ messaging_ctdb_recv, ctx);
+ if (ret != 0) {
+ DBG_DEBUG("register_with_ctdbd returned %s (%d)\n",
+ strerror(ret), ret);
+ goto fail;
+ }
+
+ ret = register_with_ctdbd(ctx->conn, unique_id, NULL, NULL);
+ if (ret != 0) {
+ DBG_DEBUG("register_with_ctdbd returned %s (%d)\n",
+ strerror(ret), ret);
+ goto fail;
+ }
+
+ set_my_vnn(ctdbd_vnn(ctx->conn));
+
+ global_ctdb_context = ctx;
+ return 0;
+fail:
+ TALLOC_FREE(ctx);
+ return ret;
+}
+
+void messaging_ctdb_destroy(void)
+{
+ TALLOC_FREE(global_ctdb_context);
+}
+
+int messaging_ctdb_send(uint32_t dst_vnn, uint64_t dst_srvid,
+ const struct iovec *iov, int iovlen)
+{
+ struct messaging_ctdb_context *ctx = global_ctdb_context;
+ int ret;
+
+ if (ctx == NULL) {
+ return ENOTCONN;
+ }
+
+ ret = ctdbd_messaging_send_iov(ctx->conn, dst_vnn, dst_srvid,
+ iov, iovlen);
+ return ret;
+}
+
+static void messaging_ctdb_read_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data)
+{
+ struct messaging_ctdb_context *ctx = talloc_get_type_abort(
+ private_data, struct messaging_ctdb_context);
+
+ if ((flags & TEVENT_FD_READ) == 0) {
+ return;
+ }
+ ctdbd_socket_readable(ev, ctx->conn);
+}
+
+struct messaging_ctdb_fde {
+ struct tevent_fd *fde;
+};
+
+static int messaging_ctdb_fde_ev_destructor(
+ struct messaging_ctdb_fde_ev *fde_ev)
+{
+ if (fde_ev->ctx != NULL) {
+ DLIST_REMOVE(fde_ev->ctx->fde_evs, fde_ev);
+ fde_ev->ctx = NULL;
+ }
+ return 0;
+}
+
+/*
+ * Reference counter for a struct tevent_fd messaging read event
+ * (with callback function) on a struct tevent_context registered
+ * on a messaging context.
+ *
+ * If we've already registered this struct tevent_context before
+ * (so already have a read event), just increase the reference count.
+ *
+ * Otherwise create a new struct tevent_fd messaging read event on the
+ * previously unseen struct tevent_context - this is what drives
+ * the message receive processing.
+ *
+ */
+
+struct messaging_ctdb_fde *messaging_ctdb_register_tevent_context(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev)
+{
+ struct messaging_ctdb_context *ctx = global_ctdb_context;
+ struct messaging_ctdb_fde_ev *fde_ev;
+ struct messaging_ctdb_fde *fde;
+
+ if (ctx == NULL) {
+ return NULL;
+ }
+
+ fde = talloc(mem_ctx, struct messaging_ctdb_fde);
+ if (fde == NULL) {
+ return NULL;
+ }
+
+ for (fde_ev = ctx->fde_evs; fde_ev != NULL; fde_ev = fde_ev->next) {
+ if (tevent_fd_get_flags(fde_ev->fde) == 0) {
+ /*
+ * If the event context got deleted,
+ * tevent_fd_get_flags() will return 0
+ * for the stale fde.
+ *
+ * In that case we should not
+ * use fde_ev->ev anymore.
+ */
+ continue;
+ }
+ if (fde_ev->ev == ev) {
+ break;
+ }
+ }
+
+ if (fde_ev == NULL) {
+ int sock = ctdbd_conn_get_fd(ctx->conn);
+
+ fde_ev = talloc(fde, struct messaging_ctdb_fde_ev);
+ if (fde_ev == NULL) {
+ return NULL;
+ }
+ fde_ev->fde = tevent_add_fd(
+ ev, fde_ev, sock, TEVENT_FD_READ,
+ messaging_ctdb_read_handler, ctx);
+ if (fde_ev->fde == NULL) {
+ TALLOC_FREE(fde);
+ return NULL;
+ }
+ fde_ev->ev = ev;
+ fde_ev->ctx = ctx;
+ DLIST_ADD(ctx->fde_evs, fde_ev);
+ talloc_set_destructor(
+ fde_ev, messaging_ctdb_fde_ev_destructor);
+ } else {
+ /*
+ * Same trick as with tdb_wrap: The caller will never
+ * see the talloc_referenced object, the
+ * messaging_ctdb_fde_ev, so problems with
+ * talloc_unlink will not happen.
+ */
+ if (talloc_reference(fde, fde_ev) == NULL) {
+ TALLOC_FREE(fde);
+ return NULL;
+ }
+ }
+
+ fde->fde = fde_ev->fde;
+ return fde;
+}
+
+bool messaging_ctdb_fde_active(struct messaging_ctdb_fde *fde)
+{
+ uint16_t flags;
+
+ if (fde == NULL) {
+ return false;
+ }
+ flags = tevent_fd_get_flags(fde->fde);
+ return (flags != 0);
+}
+
+struct ctdbd_connection *messaging_ctdb_connection(void)
+{
+ if (global_ctdb_context == NULL) {
+ smb_panic("messaging not initialized\n");
+ }
+ return global_ctdb_context->conn;
+}
diff --git a/source3/lib/messages_ctdb.h b/source3/lib/messages_ctdb.h
new file mode 100644
index 0000000..9d56343
--- /dev/null
+++ b/source3/lib/messages_ctdb.h
@@ -0,0 +1,44 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba internal messaging functions
+ * Copyright (C) 2017 by Volker Lendecke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __MESSAGES_CTDB_H__
+#define __MESSAGES_CTDB_H__
+
+#include "replace.h"
+#include "system/filesys.h"
+#include <tevent.h>
+
+int messaging_ctdb_init(const char *sockname, int timeout, uint64_t unique_id,
+ void (*recv_cb)(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds,
+ void *private_data),
+ void *private_data);
+void messaging_ctdb_destroy(void);
+int messaging_ctdb_send(uint32_t dst_vnn, uint64_t dst_srvid,
+ const struct iovec *iov, int iovlen);
+
+struct messaging_ctdb_fde;
+struct messaging_ctdb_fde *messaging_ctdb_register_tevent_context(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev);
+bool messaging_ctdb_fde_active(struct messaging_ctdb_fde *fde);
+
+struct ctdbd_connection *messaging_ctdb_connection(void);
+
+#endif
diff --git a/source3/lib/messages_ctdb_ref.c b/source3/lib/messages_ctdb_ref.c
new file mode 100644
index 0000000..ed6285f
--- /dev/null
+++ b/source3/lib/messages_ctdb_ref.c
@@ -0,0 +1,145 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba internal messaging functions
+ * Copyright (C) 2017 by Volker Lendecke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include <talloc.h>
+#include "messages_ctdb.h"
+#include "messages_ctdb_ref.h"
+#include "lib/util/debug.h"
+#include "lib/util/dlinklist.h"
+
+struct msg_ctdb_ref {
+ struct msg_ctdb_ref *prev, *next;
+ struct messaging_ctdb_fde *fde;
+ void (*recv_cb)(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds, void *private_data);
+ void *recv_cb_private_data;
+};
+
+static pid_t ctdb_pid = 0;
+static struct msg_ctdb_ref *refs = NULL;
+
+static int msg_ctdb_ref_destructor(struct msg_ctdb_ref *r);
+static void msg_ctdb_ref_recv(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds, void *private_data);
+
+void *messaging_ctdb_ref(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *sockname, int timeout, uint64_t unique_id,
+ void (*recv_cb)(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds,
+ void *private_data),
+ void *recv_cb_private_data,
+ int *err)
+{
+ struct msg_ctdb_ref *result, *tmp_refs;
+
+ result = talloc(mem_ctx, struct msg_ctdb_ref);
+ if (result == NULL) {
+ *err = ENOMEM;
+ return NULL;
+ }
+ result->fde = NULL;
+
+ tmp_refs = refs;
+
+ if ((refs != NULL) && (ctdb_pid != tevent_cached_getpid())) {
+ /*
+ * Have to reinit after fork
+ */
+ messaging_ctdb_destroy();
+ refs = NULL;
+ }
+
+ if (refs == NULL) {
+ int ret;
+
+ ret = messaging_ctdb_init(sockname, timeout, unique_id,
+ msg_ctdb_ref_recv, NULL);
+ DBG_DEBUG("messaging_ctdb_init returned %s\n", strerror(ret));
+ if (ret != 0) {
+ DEBUG(10, ("messaging_ctdb_init failed: %s\n",
+ strerror(ret)));
+ TALLOC_FREE(result);
+ *err = ret;
+ return NULL;
+ }
+ ctdb_pid = tevent_cached_getpid();
+ }
+
+ result->fde = messaging_ctdb_register_tevent_context(result, ev);
+ if (result->fde == NULL) {
+ TALLOC_FREE(result);
+ *err = ENOMEM;
+ return NULL;
+ }
+
+ refs = tmp_refs;
+
+ result->recv_cb = recv_cb;
+ result->recv_cb_private_data = recv_cb_private_data;
+ DLIST_ADD(refs, result);
+ talloc_set_destructor(result, msg_ctdb_ref_destructor);
+
+ return result;
+}
+
+static void msg_ctdb_ref_recv(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds, void *private_data)
+{
+ struct msg_ctdb_ref *r, *next;
+
+ for (r = refs; r != NULL; r = next) {
+ bool active;
+
+ next = r->next;
+
+ active = messaging_ctdb_fde_active(r->fde);
+ if (!active) {
+ /*
+ * r's tevent_context has died.
+ */
+ continue;
+ }
+
+ r->recv_cb(ev, msg, msg_len, fds, num_fds,
+ r->recv_cb_private_data);
+ break;
+ }
+}
+
+static int msg_ctdb_ref_destructor(struct msg_ctdb_ref *r)
+{
+ if (refs == NULL) {
+ abort();
+ }
+ DLIST_REMOVE(refs, r);
+
+ TALLOC_FREE(r->fde);
+
+ DBG_DEBUG("refs=%p\n", refs);
+
+ if (refs == NULL) {
+ messaging_ctdb_destroy();
+ }
+ return 0;
+}
diff --git a/source3/lib/messages_ctdb_ref.h b/source3/lib/messages_ctdb_ref.h
new file mode 100644
index 0000000..44541d8
--- /dev/null
+++ b/source3/lib/messages_ctdb_ref.h
@@ -0,0 +1,35 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba internal messaging functions
+ * Copyright (C) 2017 by Volker Lendecke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __MESSAGES_CTDB_REF_H__
+#define __MESSAGES_CTDB_REF_H__
+
+#include "replace.h"
+#include <tevent.h>
+
+void *messaging_ctdb_ref(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *sockname, int timeout, uint64_t unique_id,
+ void (*recv_cb)(struct tevent_context *ev,
+ const uint8_t *msg, size_t msg_len,
+ int *fds, size_t num_fds,
+ void *private_data),
+ void *private_data,
+ int *err);
+
+#endif
diff --git a/source3/lib/messages_util.c b/source3/lib/messages_util.c
new file mode 100644
index 0000000..d712dfe
--- /dev/null
+++ b/source3/lib/messages_util.c
@@ -0,0 +1,42 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba internal messaging functions
+ * Copyright (C) 2013 by Volker Lendecke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include "lib/util/server_id.h"
+#include "lib/util/samba_util.h"
+#include "librpc/gen_ndr/server_id.h"
+#include "lib/util/byteorder.h"
+#include "messages_util.h"
+
+void message_hdr_put(uint8_t buf[MESSAGE_HDR_LENGTH], uint32_t msg_type,
+ struct server_id src, struct server_id dst)
+{
+ server_id_put(buf, dst);
+ server_id_put(buf + SERVER_ID_BUF_LENGTH, src);
+ SIVAL(buf, 2 * SERVER_ID_BUF_LENGTH, msg_type);
+}
+
+void message_hdr_get(uint32_t *msg_type, struct server_id *src,
+ struct server_id *dst,
+ const uint8_t buf[MESSAGE_HDR_LENGTH])
+{
+ server_id_get(dst, buf);
+ server_id_get(src, buf + SERVER_ID_BUF_LENGTH);
+ *msg_type = IVAL(buf, 2 * SERVER_ID_BUF_LENGTH);
+}
diff --git a/source3/lib/messages_util.h b/source3/lib/messages_util.h
new file mode 100644
index 0000000..5b22f5e
--- /dev/null
+++ b/source3/lib/messages_util.h
@@ -0,0 +1,33 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba internal messaging functions
+ * Copyright (C) 2013 by Volker Lendecke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _MESSAGES_UTIL_H_
+#define _MESSAGES_UTIL_H_
+
+struct message_hdr;
+
+#define MESSAGE_HDR_LENGTH 52
+
+void message_hdr_put(uint8_t buf[MESSAGE_HDR_LENGTH], uint32_t msg_type,
+ struct server_id src, struct server_id dst);
+void message_hdr_get(uint32_t *msg_type, struct server_id *src,
+ struct server_id *dst,
+ const uint8_t buf[MESSAGE_HDR_LENGTH]);
+
+#endif
diff --git a/source3/lib/ms_fnmatch.c b/source3/lib/ms_fnmatch.c
new file mode 100644
index 0000000..4fbed58
--- /dev/null
+++ b/source3/lib/ms_fnmatch.c
@@ -0,0 +1,232 @@
+/*
+ Unix SMB/CIFS implementation.
+ filename matching routine
+ Copyright (C) Andrew Tridgell 1992-2004
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ This module was originally based on fnmatch.c copyright by the Free
+ Software Foundation. It bears little (if any) resemblance to that
+ code now
+*/
+
+
+#include "includes.h"
+
+static int null_match(const smb_ucs2_t *p)
+{
+ for (;*p;p++) {
+ if (*p != UCS2_CHAR('*') &&
+ *p != UCS2_CHAR('<') &&
+ *p != UCS2_CHAR('"') &&
+ *p != UCS2_CHAR('>')) return -1;
+ }
+ return 0;
+}
+
+/*
+ the max_n structure is purely for efficiency, it doesn't contribute
+ to the matching algorithm except by ensuring that the algorithm does
+ not grow exponentially
+*/
+struct max_n {
+ const smb_ucs2_t *predot;
+ const smb_ucs2_t *postdot;
+};
+
+
+/*
+ p and n are the pattern and string being matched. The max_n array is
+ an optimisation only. The ldot pointer is NULL if the string does
+ not contain a '.', otherwise it points at the last dot in 'n'.
+*/
+static int ms_fnmatch_core(const smb_ucs2_t *p, const smb_ucs2_t *n,
+ struct max_n *max_n, const smb_ucs2_t *ldot,
+ bool is_case_sensitive)
+{
+ smb_ucs2_t c;
+ int i;
+
+ while ((c = *p++)) {
+ switch (c) {
+ /* a '*' matches zero or more characters of any type */
+ case UCS2_CHAR('*'):
+ if (max_n->predot && max_n->predot <= n) {
+ return null_match(p);
+ }
+ for (i=0; n[i]; i++) {
+ if (ms_fnmatch_core(p, n+i, max_n+1, ldot, is_case_sensitive) == 0) {
+ return 0;
+ }
+ }
+ if (!max_n->predot || max_n->predot > n) max_n->predot = n;
+ return null_match(p);
+
+ /* a '<' matches zero or more characters of
+ any type, but stops matching at the last
+ '.' in the string. */
+ case UCS2_CHAR('<'):
+ if (max_n->predot && max_n->predot <= n) {
+ return null_match(p);
+ }
+ if (max_n->postdot && max_n->postdot <= n && n <= ldot) {
+ return -1;
+ }
+ for (i=0; n[i]; i++) {
+ if (ms_fnmatch_core(p, n+i, max_n+1, ldot, is_case_sensitive) == 0) return 0;
+ if (n+i == ldot) {
+ if (ms_fnmatch_core(p, n+i+1, max_n+1, ldot, is_case_sensitive) == 0) return 0;
+ if (!max_n->postdot || max_n->postdot > n) max_n->postdot = n;
+ return -1;
+ }
+ }
+ if (!max_n->predot || max_n->predot > n) max_n->predot = n;
+ return null_match(p);
+
+ /* a '?' matches any single character */
+ case UCS2_CHAR('?'):
+ if (! *n) {
+ return -1;
+ }
+ n++;
+ break;
+
+ /* a '?' matches any single character */
+ case UCS2_CHAR('>'):
+ if (n[0] == UCS2_CHAR('.')) {
+ if (! n[1] && null_match(p) == 0) {
+ return 0;
+ }
+ break;
+ }
+ if (! *n) return null_match(p);
+ n++;
+ break;
+
+ case UCS2_CHAR('"'):
+ if (*n == 0 && null_match(p) == 0) {
+ return 0;
+ }
+ if (*n != UCS2_CHAR('.')) return -1;
+ n++;
+ break;
+
+ default:
+ if (c != *n) {
+ if (is_case_sensitive) {
+ return -1;
+ }
+ if (toupper_w(c) != toupper_w(*n)) {
+ return -1;
+ }
+ }
+ n++;
+ break;
+ }
+ }
+
+ if (! *n) {
+ return 0;
+ }
+
+ return -1;
+}
+
+int ms_fnmatch(const char *pattern, const char *string, bool translate_pattern,
+ bool is_case_sensitive)
+{
+ smb_ucs2_t *p = NULL;
+ smb_ucs2_t *s = NULL;
+ int ret;
+ size_t count, i;
+ struct max_n *max_n = NULL;
+ struct max_n *max_n_free = NULL;
+ struct max_n one_max_n;
+ size_t converted_size;
+
+ if (ISDOTDOT(string)) {
+ string = ".";
+ }
+
+ if (strpbrk(pattern, "<>*?\"") == NULL) {
+ /* this is not just an optimisation - it is essential
+ for LANMAN1 correctness */
+ if (is_case_sensitive) {
+ return strcmp(pattern, string);
+ } else {
+ return strcasecmp_m(pattern, string);
+ }
+ }
+
+ if (!push_ucs2_talloc(talloc_tos(), &p, pattern, &converted_size)) {
+ return -1;
+ }
+
+ if (!push_ucs2_talloc(talloc_tos(), &s, string, &converted_size)) {
+ TALLOC_FREE(p);
+ return -1;
+ }
+
+ if (translate_pattern) {
+ /*
+ for older negotiated protocols it is possible to
+ translate the pattern to produce a "new style"
+ pattern that exactly matches w2k behaviour
+ */
+ for (i=0;p[i];i++) {
+ if (p[i] == UCS2_CHAR('?')) {
+ p[i] = UCS2_CHAR('>');
+ } else if (p[i] == UCS2_CHAR('.') &&
+ (p[i+1] == UCS2_CHAR('?') ||
+ p[i+1] == UCS2_CHAR('*') ||
+ p[i+1] == 0)) {
+ p[i] = UCS2_CHAR('"');
+ } else if (p[i] == UCS2_CHAR('*') && p[i+1] == UCS2_CHAR('.')) {
+ p[i] = UCS2_CHAR('<');
+ }
+ }
+ }
+
+ for (count=i=0;p[i];i++) {
+ if (p[i] == UCS2_CHAR('*') || p[i] == UCS2_CHAR('<')) count++;
+ }
+
+ if (count != 0) {
+ if (count == 1) {
+ /*
+ * We're doing this a LOT, so save the effort to allocate
+ */
+ ZERO_STRUCT(one_max_n);
+ max_n = &one_max_n;
+ }
+ else {
+ max_n = SMB_CALLOC_ARRAY(struct max_n, count);
+ if (!max_n) {
+ TALLOC_FREE(p);
+ TALLOC_FREE(s);
+ return -1;
+ }
+ max_n_free = max_n;
+ }
+ }
+
+ ret = ms_fnmatch_core(p, s, max_n, strrchr_w(s, UCS2_CHAR('.')), is_case_sensitive);
+
+ SAFE_FREE(max_n_free);
+ TALLOC_FREE(p);
+ TALLOC_FREE(s);
+ return ret;
+}
diff --git a/source3/lib/namearray.c b/source3/lib/namearray.c
new file mode 100644
index 0000000..e5c3bd9
--- /dev/null
+++ b/source3/lib/namearray.c
@@ -0,0 +1,39 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Jeremy Allison 2001-2007
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) James Peach 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+/****************************************************************************
+ Routine to free a namearray.
+****************************************************************************/
+
+void free_namearray(name_compare_entry *name_array)
+{
+ int i;
+
+ if(name_array == NULL)
+ return;
+
+ for(i=0; name_array[i].name!=NULL; i++)
+ SAFE_FREE(name_array[i].name);
+ SAFE_FREE(name_array);
+}
diff --git a/source3/lib/namemap_cache.c b/source3/lib/namemap_cache.c
new file mode 100644
index 0000000..2e8d298
--- /dev/null
+++ b/source3/lib/namemap_cache.c
@@ -0,0 +1,333 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Utils for caching sid2name and name2sid
+ * Copyright (C) Volker Lendecke 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include "namemap_cache.h"
+#include "source3/lib/gencache.h"
+#include "lib/util/debug.h"
+#include "lib/util/strv.h"
+#include "lib/util/util.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/charset/charset.h"
+#include "libcli/security/dom_sid.h"
+#include "lib/util/smb_strtox.h"
+
+bool namemap_cache_set_sid2name(const struct dom_sid *sid,
+ const char *domain, const char *name,
+ enum lsa_SidType type, time_t timeout)
+{
+ char typebuf[16];
+ struct dom_sid_buf sidbuf;
+ char keybuf[sizeof(sidbuf.buf)+10];
+ char *val = NULL;
+ DATA_BLOB data;
+ int ret;
+ bool ok = false;
+
+ if ((sid == NULL) || is_null_sid(sid)) {
+ return true;
+ }
+ if (domain == NULL) {
+ domain = "";
+ }
+ if (name == NULL) {
+ name = "";
+ }
+ if (type == SID_NAME_UNKNOWN) {
+ domain = "";
+ name = "";
+ }
+
+ snprintf(typebuf, sizeof(typebuf), "%d", (int)type);
+
+ ret = strv_add(talloc_tos(), &val, domain);
+ if (ret != 0) {
+ DBG_DEBUG("strv_add failed: %s\n", strerror(ret));
+ goto fail;
+ }
+ ret = strv_add(NULL, &val, name);
+ if (ret != 0) {
+ DBG_DEBUG("strv_add failed: %s\n", strerror(ret));
+ goto fail;
+ }
+ ret = strv_add(NULL, &val, typebuf);
+ if (ret != 0) {
+ DBG_DEBUG("strv_add failed: %s\n", strerror(ret));
+ goto fail;
+ }
+
+ dom_sid_str_buf(sid, &sidbuf);
+ snprintf(keybuf, sizeof(keybuf), "SID2NAME/%s", sidbuf.buf);
+
+ data = data_blob_const(val, talloc_get_size(val));
+
+ ok = gencache_set_data_blob(keybuf, data, timeout);
+ if (!ok) {
+ DBG_DEBUG("gencache_set_data_blob failed\n");
+ }
+fail:
+ TALLOC_FREE(val);
+ return ok;
+}
+
+struct namemap_cache_find_sid_state {
+ void (*fn)(const char *domain,
+ const char *name,
+ enum lsa_SidType type,
+ bool expired,
+ void *private_data);
+ void *private_data;
+ bool ok;
+};
+
+static void namemap_cache_find_sid_parser(
+ const struct gencache_timeout *timeout,
+ DATA_BLOB blob,
+ void *private_data)
+{
+ struct namemap_cache_find_sid_state *state = private_data;
+ const char *strv = (const char *)blob.data;
+ size_t strv_len = blob.length;
+ const char *domain;
+ const char *name;
+ const char *typebuf;
+ int error = 0;
+ unsigned long type;
+
+ state->ok = false;
+
+ domain = strv_len_next(strv, strv_len, NULL);
+ if (domain == NULL) {
+ return;
+ }
+ name = strv_len_next(strv, strv_len, domain);
+ if (name == NULL) {
+ return;
+ }
+ typebuf = strv_len_next(strv, strv_len, name);
+ if (typebuf == NULL) {
+ return;
+ }
+
+ type = smb_strtoul(typebuf, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
+ if (error != 0) {
+ return;
+ }
+
+ state->fn(domain,
+ name,
+ (enum lsa_SidType)type,
+ gencache_timeout_expired(timeout),
+ state->private_data);
+
+ state->ok = true;
+}
+
+bool namemap_cache_find_sid(const struct dom_sid *sid,
+ void (*fn)(const char *domain,
+ const char *name,
+ enum lsa_SidType type,
+ bool expired,
+ void *private_data),
+ void *private_data)
+{
+ struct namemap_cache_find_sid_state state = {
+ .fn = fn, .private_data = private_data
+ };
+ struct dom_sid_buf sidbuf;
+ char keybuf[sizeof(sidbuf.buf)+10];
+ bool ok;
+
+ dom_sid_str_buf(sid, &sidbuf);
+ snprintf(keybuf, sizeof(keybuf), "SID2NAME/%s", sidbuf.buf);
+
+ ok = gencache_parse(keybuf, namemap_cache_find_sid_parser, &state);
+ if (!ok) {
+ DBG_DEBUG("gencache_parse(%s) failed\n", keybuf);
+ return false;
+ }
+
+ if (!state.ok) {
+ DBG_DEBUG("Could not parse %s, deleting\n", keybuf);
+ gencache_del(keybuf);
+ return false;
+ }
+
+ return true;
+}
+
+bool namemap_cache_set_name2sid(const char *domain, const char *name,
+ const struct dom_sid *sid,
+ enum lsa_SidType type,
+ time_t timeout)
+{
+ char typebuf[16];
+ struct dom_sid_buf sidbuf = {{0}};
+ char *key;
+ char *key_upper;
+ char *val = NULL;
+ DATA_BLOB data;
+ int ret;
+ bool ok = false;
+
+ if (domain == NULL) {
+ domain = "";
+ }
+ if (name == NULL) {
+ name = "";
+ }
+ if (type != SID_NAME_UNKNOWN) {
+ dom_sid_str_buf(sid, &sidbuf);
+ }
+
+ snprintf(typebuf, sizeof(typebuf), "%d", (int)type);
+
+ key = talloc_asprintf(talloc_tos(), "NAME2SID/%s\\%s", domain, name);
+ if (key == NULL) {
+ DBG_DEBUG("talloc_asprintf failed\n");
+ goto fail;
+ }
+ key_upper = strupper_talloc(key, key);
+ if (key_upper == NULL) {
+ DBG_DEBUG("strupper_talloc failed\n");
+ goto fail;
+ }
+
+ ret = strv_add(key, &val, sidbuf.buf);
+ if (ret != 0) {
+ DBG_DEBUG("strv_add failed: %s\n", strerror(ret));
+ goto fail;
+ }
+ ret = strv_add(NULL, &val, typebuf);
+ if (ret != 0) {
+ DBG_DEBUG("strv_add failed: %s\n", strerror(ret));
+ goto fail;
+ }
+
+ data = data_blob_const(val, talloc_get_size(val));
+
+ ok = gencache_set_data_blob(key_upper, data, timeout);
+ if (!ok) {
+ DBG_DEBUG("gencache_set_data_blob failed\n");
+ }
+fail:
+ TALLOC_FREE(key);
+ return ok;
+}
+
+struct namemap_cache_find_name_state {
+ void (*fn)(const struct dom_sid *sid,
+ enum lsa_SidType type,
+ bool expired,
+ void *private_data);
+ void *private_data;
+ bool ok;
+};
+
+static void namemap_cache_find_name_parser(
+ const struct gencache_timeout *timeout,
+ DATA_BLOB blob,
+ void *private_data)
+{
+ struct namemap_cache_find_name_state *state = private_data;
+ const char *strv = (const char *)blob.data;
+ size_t strv_len = blob.length;
+ const char *sidbuf;
+ const char *sid_endptr;
+ const char *typebuf;
+ int error = 0;
+ struct dom_sid sid;
+ unsigned long type;
+ bool ok;
+
+ state->ok = false;
+
+ sidbuf = strv_len_next(strv, strv_len, NULL);
+ if (sidbuf == NULL) {
+ return;
+ }
+ typebuf = strv_len_next(strv, strv_len, sidbuf);
+ if (typebuf == NULL) {
+ return;
+ }
+
+ ok = dom_sid_parse_endp(sidbuf, &sid, &sid_endptr);
+ if (!ok) {
+ return;
+ }
+ if (*sid_endptr != '\0') {
+ return;
+ }
+
+ type = smb_strtoul(typebuf, NULL, 10, &error, SMB_STR_FULL_STR_CONV);
+ if (error != 0) {
+ return;
+ }
+
+ state->fn(&sid,
+ (enum lsa_SidType)type,
+ gencache_timeout_expired(timeout),
+ state->private_data);
+
+ state->ok = true;
+}
+
+bool namemap_cache_find_name(const char *domain,
+ const char *name,
+ void (*fn)(const struct dom_sid *sid,
+ enum lsa_SidType type,
+ bool expired,
+ void *private_data),
+ void *private_data)
+{
+ struct namemap_cache_find_name_state state = {
+ .fn = fn, .private_data = private_data
+ };
+ char *key;
+ char *key_upper;
+ bool ret = false;
+ bool ok;
+
+ key = talloc_asprintf(talloc_tos(), "NAME2SID/%s\\%s", domain, name);
+ if (key == NULL) {
+ DBG_DEBUG("talloc_asprintf failed\n");
+ return false;
+ }
+ key_upper = strupper_talloc(key, key);
+ if (key_upper == NULL) {
+ DBG_DEBUG("strupper_talloc failed\n");
+ goto fail;
+ }
+
+ ok = gencache_parse(key_upper, namemap_cache_find_name_parser, &state);
+ if (!ok) {
+ DBG_DEBUG("gencache_parse(%s) failed\n", key_upper);
+ goto fail;
+ }
+
+ if (!state.ok) {
+ DBG_DEBUG("Could not parse %s, deleting\n", key_upper);
+ goto fail;
+ }
+
+ ret = true;
+fail:
+ TALLOC_FREE(key);
+ return ret;
+}
diff --git a/source3/lib/namemap_cache.h b/source3/lib/namemap_cache.h
new file mode 100644
index 0000000..5de8ce4
--- /dev/null
+++ b/source3/lib/namemap_cache.h
@@ -0,0 +1,49 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Utils for caching sid2name and name2sid
+ * Copyright (C) Volker Lendecke 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_NAMEMAP_CACHE_H__
+#define __LIB_NAMEMAP_CACHE_H__
+
+#include "lib/util/time.h"
+#include "lib/util/data_blob.h"
+#include "librpc/gen_ndr/lsa.h"
+
+bool namemap_cache_set_sid2name(const struct dom_sid *sid,
+ const char *domain, const char *name,
+ enum lsa_SidType type, time_t timeout);
+bool namemap_cache_set_name2sid(const char *domain, const char *name,
+ const struct dom_sid *sid,
+ enum lsa_SidType type,
+ time_t timeout);
+bool namemap_cache_find_sid(const struct dom_sid *sid,
+ void (*fn)(const char *domain,
+ const char *name,
+ enum lsa_SidType type,
+ bool expired,
+ void *private_data),
+ void *private_data);
+bool namemap_cache_find_name(const char *domain,
+ const char *name,
+ void (*fn)(const struct dom_sid *sid,
+ enum lsa_SidType type,
+ bool expired,
+ void *private_data),
+ void *private_data);
+
+#endif
diff --git a/source3/lib/netapi/Doxyfile b/source3/lib/netapi/Doxyfile
new file mode 100644
index 0000000..44bf78b
--- /dev/null
+++ b/source3/lib/netapi/Doxyfile
@@ -0,0 +1,1362 @@
+# Doxyfile 1.5.5
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# For lists items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file
+# that follow. The default is UTF-8 which is also the encoding used for all
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the
+# iconv built into libc) for the transcoding. See
+# http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+DOXYFILE_ENCODING = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = Samba
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER = 3.2.0pre3
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY = dox
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
+# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek,
+# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages),
+# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish,
+# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish,
+# and Ukrainian.
+
+OUTPUT_LANGUAGE = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is
+# used as the annotated text. Otherwise, the brief description is used as-is.
+# If left blank, the following values are used ("$name" is automatically
+# replaced with the name of the entity): "The $name class" "The $name widget"
+# "The $name file" "is" "provides" "specifies" "contains"
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES = YES
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH = $(PWD)/
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
+# the path mentioned in the documentation of a class, which tells
+# the reader which header file to include in order to use a class.
+# If left blank only the name of the header file containing the class
+# definition is used. Otherwise one should specify the include paths that
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like regular Qt-style comments
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF = YES
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
+# interpret the first line (until the first dot) of a Qt-style
+# comment as the brief description. If set to NO, the comments
+# will behave just like regular Qt-style comments (thus requiring
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member
+# documentation.
+
+DETAILS_AT_TOP = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
+# a new page for each member. If set to NO, the documentation of a member will
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE = 8
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
+# sources only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
+# sources only. Doxygen will then generate output that is more tailored for
+# Java. For instance, namespaces will be presented as packages, qualified
+# scopes will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources only. Doxygen will then generate output that is more tailored for
+# Fortran.
+
+OPTIMIZE_FOR_FORTRAN = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for
+# VHDL.
+
+OPTIMIZE_OUTPUT_VHDL = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should
+# set this tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
+# func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
+# Doxygen will parse them like normal C++ but will assume all classes use public
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING = YES
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
+# is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically
+# be useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+
+TYPEDEF_HIDES_STRUCT = NO
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE = YES
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC = YES
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES = YES
+
+# This flag is only useful for Objective-C code. When set to YES local
+# methods, which are defined in the implementation section but not in
+# the interface are included in the documentation.
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base
+# name of the file that contains the anonymous namespace. By default
+# anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS = YES
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES = YES
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS = NO
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
+# hierarchy of group names into alphabetical order. If set to NO (the default)
+# the group names will appear in their defined order.
+
+SORT_GROUP_NAMES = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES = YES
+
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES = NO
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command <command> <input-file>, where <command> is the value of
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
+# provided by doxygen. Whatever the program writes to standard output
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER =
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET = YES
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS = NO
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED = NO
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for
+# functions that are documented, but have no documentation for their parameters
+# or return value. If set to NO (the default) doxygen will only warn about
+# wrong or incomplete parameter documentation, but not about the absence of
+# documentation.
+
+WARN_NO_PARAMDOC = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text. Optionally the format may contain
+# $version, which will be replaced by the version of the file (if it could
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT = netapi.h
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
+# also the default input encoding. Doxygen uses libiconv (or the iconv built
+# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
+# the list of possible encodings.
+
+INPUT_ENCODING = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
+
+FILE_PATTERNS = *.c \
+ *.h \
+ *.idl
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE = YES
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE = include/includes.h \
+ include/proto.h \
+ libnetapi.c \
+ libnetapi.h \
+ netapi.c
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
+# directories that are symbolic links (a Unix filesystem feature) are excluded
+# from the input.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories. Note that the wildcards are matched
+# against the file with absolute path, so to exclude all test directories
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS =
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH = examples
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output. If FILTER_PATTERNS is specified, this tag will be
+# ignored.
+
+INPUT_FILTER =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis. Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match. The filters are a list of the form:
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
+# is applied to all files.
+
+FILTER_PATTERNS =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER = YES
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES = YES
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS = NO
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default)
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default)
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION = NO
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code. Otherwise they will link to the documentstion.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code
+# will point to the HTML generated by the htags(1) tool instead of doxygen
+# built-in source browser. The htags tool is part of GNU's global source
+# tagging system (see http://www.gnu.org/software/global/global.html). You
+# will need version 4.8.6 or higher.
+
+USE_HTAGS = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX = YES
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX = 1
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT = .
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP = NO
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files
+# will be generated that can be used as input for Apple's Xcode 3
+# integrated development environment, introduced with OSX 10.5 (Leopard).
+# To create a documentation set, doxygen will generate a Makefile in the
+# HTML output directory. Running make will produce the docset in that
+# directory and running "make install" will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
+# it at startup.
+
+GENERATE_DOCSET = NO
+
+# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
+# feed. A documentation feed provides an umbrella under which multiple
+# documentation sets from a single provider (such as a company or product suite)
+# can be grouped.
+
+DOCSET_FEEDNAME = "Doxygen generated docs"
+
+# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
+# should uniquely identify the documentation set bundle. This should be a
+# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
+# will append .docset to the name.
+
+DOCSET_BUNDLE_ID = org.doxygen.Project
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded. For this to work a browser that supports
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE = 3
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW = NO
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS = YES
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE = YES
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN = YES
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader. This is useful
+# if you want to understand what is going on. On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING = NO
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed. To prevent a macro definition from being
+# undefined via #undef or recursively expanded use the := operator
+# instead of the = operator.
+
+PREDEFINED =
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
+# or super classes. Setting the tag to NO turns the diagrams off. Note that
+# this option is superseded by the HAVE_DOT option below. This is only a
+# fallback. It is recommended to install and use dot, since it yields more
+# powerful graphs.
+
+CLASS_DIAGRAMS = YES
+
+# You can define message sequence charts within doxygen comments using the \msc
+# command. Doxygen will then run the mscgen tool (see
+# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where
+# the mscgen tool resides. If left empty the tool is assumed to be found in the
+# default search path.
+
+MSCGEN_PATH =
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT = NO
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH = YES
+
+# If the CALL_GRAPH and HAVE_DOT options are set to YES then
+# doxygen will generate a call dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable call graphs
+# for selected functions only using the \callgraph command.
+
+CALL_GRAPH = NO
+
+# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
+# doxygen will generate a caller dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable caller
+# graphs for selected functions only using the \callergraph command.
+
+CALLER_GRAPH = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
+# then doxygen will show the dependencies a directory has on other directories
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS =
+
+# The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
+# nodes that will be shown in the graph. If the number of nodes in a graph
+# becomes larger than this value, doxygen will truncate the graph, which is
+# visualized by representing a node as a red box. Note that doxygen if the
+# number of direct children of the root node in a graph is already larger than
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes
+# that lay further from the root node will be omitted. Note that setting this
+# option to 1 or 2 may greatly reduce the computation time needed for large
+# code bases. Also note that the size of a graph can be further restricted by
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is enabled by default, which results in a transparent
+# background. Warning: Depending on the platform used, enabling this option
+# may lead to badly anti-aliased labels on the edges of a graph (i.e. they
+# become hard to read).
+
+DOT_TRANSPARENT = YES
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10)
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE = NO
diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
new file mode 100644
index 0000000..c54f955
--- /dev/null
+++ b/source3/lib/netapi/cm.c
@@ -0,0 +1,284 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "libsmb/libsmb.h"
+#include "rpc_client/cli_pipe.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/********************************************************************
+********************************************************************/
+
+struct client_ipc_connection {
+ struct client_ipc_connection *prev, *next;
+ struct cli_state *cli;
+ struct client_pipe_connection *pipe_connections;
+};
+
+struct client_pipe_connection {
+ struct client_pipe_connection *prev, *next;
+ struct rpc_pipe_client *pipe;
+};
+
+/********************************************************************
+********************************************************************/
+
+static struct client_ipc_connection *ipc_cm_find(
+ struct libnetapi_private_ctx *priv_ctx, const char *server_name)
+{
+ struct client_ipc_connection *p;
+
+ for (p = priv_ctx->ipc_connections; p; p = p->next) {
+ const char *remote_name = smbXcli_conn_remote_name(p->cli->conn);
+
+ if (strequal(remote_name, server_name)) {
+ return p;
+ }
+ }
+
+ return NULL;
+}
+
+/********************************************************************
+********************************************************************/
+
+static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
+ const char *server_name,
+ struct client_ipc_connection **pp)
+{
+ struct libnetapi_private_ctx *priv_ctx;
+ struct cli_state *cli_ipc = NULL;
+ struct client_ipc_connection *p;
+ NTSTATUS status;
+ const char *username = NULL;
+ const char *password = NULL;
+ NET_API_STATUS rc;
+ enum credentials_use_kerberos krb5_state;
+
+ if (!ctx || !pp || !server_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ priv_ctx = (struct libnetapi_private_ctx *)ctx->private_data;
+
+ p = ipc_cm_find(priv_ctx, server_name);
+ if (p) {
+ *pp = p;
+ return WERR_OK;
+ }
+
+ rc = libnetapi_get_username(ctx, &username);
+ if (rc != 0) {
+ return WERR_INTERNAL_ERROR;
+ }
+
+ rc = libnetapi_get_password(ctx, &password);
+ if (rc != 0) {
+ return WERR_INTERNAL_ERROR;
+ }
+
+ if (password == NULL) {
+ cli_credentials_set_cmdline_callbacks(ctx->creds);
+ }
+
+ krb5_state = cli_credentials_get_kerberos_state(ctx->creds);
+
+ if (username != NULL && username[0] != '\0' &&
+ password != NULL && password[0] != '\0' &&
+ krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+ cli_credentials_set_kerberos_state(ctx->creds,
+ CRED_USE_KERBEROS_DESIRED,
+ CRED_SPECIFIED);
+ }
+
+ status = cli_cm_open(ctx, NULL,
+ server_name, "IPC$",
+ ctx->creds,
+ NULL, 0, 0x20, &cli_ipc);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_ipc = NULL;
+ }
+
+ if (!cli_ipc) {
+ libnetapi_set_error_string(ctx,
+ "Failed to connect to IPC$ share on %s", server_name);
+ return WERR_CAN_NOT_COMPLETE;
+ }
+
+ p = talloc_zero(ctx, struct client_ipc_connection);
+ if (p == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ p->cli = cli_ipc;
+ DLIST_ADD(priv_ctx->ipc_connections, p);
+
+ *pp = p;
+
+ return WERR_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx)
+{
+ struct libnetapi_private_ctx *priv_ctx =
+ (struct libnetapi_private_ctx *)ctx->private_data;
+ struct client_ipc_connection *p;
+
+ for (p = priv_ctx->ipc_connections; p; p = p->next) {
+ cli_shutdown(p->cli);
+ }
+
+ return WERR_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
+ const struct ndr_interface_table *table,
+ struct rpc_pipe_client **presult)
+{
+ struct client_pipe_connection *p;
+
+ for (p = ipc->pipe_connections; p; p = p->next) {
+ const char *ipc_remote_name;
+
+ if (!rpccli_is_connected(p->pipe)) {
+ return NT_STATUS_PIPE_EMPTY;
+ }
+
+ ipc_remote_name = smbXcli_conn_remote_name(ipc->cli->conn);
+
+ if (strequal(ipc_remote_name, p->pipe->desthost)
+ && ndr_syntax_id_equal(&p->pipe->abstract_syntax,
+ &table->syntax_id)) {
+ *presult = p->pipe;
+ return NT_STATUS_OK;
+ }
+ }
+
+ return NT_STATUS_PIPE_NOT_AVAILABLE;
+}
+
+/********************************************************************
+********************************************************************/
+
+static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
+ struct client_ipc_connection *ipc,
+ const struct ndr_interface_table *table,
+ struct rpc_pipe_client **presult)
+{
+ struct client_pipe_connection *p;
+ NTSTATUS status;
+
+ p = talloc_zero_array(mem_ctx, struct client_pipe_connection, 1);
+ if (!p) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = cli_rpc_pipe_open_noauth(ipc->cli, table, &p->pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(p);
+ return status;
+ }
+
+ DLIST_ADD(ipc->pipe_connections, p);
+
+ *presult = p->pipe;
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx,
+ struct client_ipc_connection *ipc,
+ const struct ndr_interface_table *table,
+ struct rpc_pipe_client **presult)
+{
+ if (NT_STATUS_IS_OK(pipe_cm_find(ipc, table, presult))) {
+ return NT_STATUS_OK;
+ }
+
+ return pipe_cm_connect(ctx, ipc, table, presult);
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
+ const char *server_name,
+ const struct ndr_interface_table *table,
+ struct rpc_pipe_client **presult)
+{
+ struct rpc_pipe_client *result = NULL;
+ NTSTATUS status;
+ WERROR werr;
+ struct client_ipc_connection *ipc = NULL;
+
+ if (!presult) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnetapi_open_ipc_connection(ctx, server_name, &ipc);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ status = pipe_cm_open(ctx, ipc, table, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s",
+ table->name,
+ get_friendly_nt_error_msg(status));
+ return WERR_NERR_DESTNOTFOUND;
+ }
+
+ *presult = result;
+
+ return WERR_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
+ const char *server_name,
+ const struct ndr_interface_table *table,
+ struct dcerpc_binding_handle **binding_handle)
+{
+ struct rpc_pipe_client *pipe_cli;
+ WERROR result;
+
+ *binding_handle = NULL;
+
+ result = libnetapi_open_pipe(ctx, server_name, table, &pipe_cli);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+
+ *binding_handle = pipe_cli->binding_handle;
+
+ return WERR_OK;
+}
diff --git a/source3/lib/netapi/examples/common.c b/source3/lib/netapi/examples/common.c
new file mode 100644
index 0000000..72d7150
--- /dev/null
+++ b/source3/lib/netapi/examples/common.c
@@ -0,0 +1,249 @@
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <inttypes.h>
+
+#include <popt.h>
+#include <netapi.h>
+
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <iconv.h>
+
+#ifndef MIN
+#define MIN(a,b) ((a)<(b)?(a):(b))
+#endif
+
+#include "common.h"
+
+void popt_common_callback(poptContext con,
+ enum poptCallbackReason reason,
+ const struct poptOption *opt,
+ const char *arg, const void *data)
+{
+ struct libnetapi_ctx *ctx = NULL;
+
+ libnetapi_getctx(&ctx);
+
+ if (reason == POPT_CALLBACK_REASON_PRE) {
+ }
+
+ if (reason == POPT_CALLBACK_REASON_POST) {
+ }
+
+ if (!opt) {
+ return;
+ }
+ switch (opt->val) {
+ case 'U': {
+ char *puser = strdup(arg);
+ char *p = NULL;
+
+ if ((p = strchr(puser,'%'))) {
+ size_t len;
+ *p = 0;
+ libnetapi_set_username(ctx, puser);
+ libnetapi_set_password(ctx, p+1);
+ len = strlen(p+1);
+ memset(strchr(arg,'%')+1,'X',len);
+ } else {
+ libnetapi_set_username(ctx, puser);
+ }
+ free(puser);
+ break;
+ }
+ case 'd':
+ libnetapi_set_debuglevel(ctx, arg);
+ break;
+ case 'p':
+ libnetapi_set_password(ctx, arg);
+ break;
+ case 'k':
+ libnetapi_set_use_kerberos(ctx);
+ break;
+ }
+}
+
+struct poptOption popt_common_netapi_examples[] = {
+ {
+ .argInfo = POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST,
+ .arg = (void *)popt_common_callback,
+ },
+ {
+ .longName = "user",
+ .shortName = 'U',
+ .argInfo = POPT_ARG_STRING,
+ .val = 'U',
+ .descrip = "Username used for connection",
+ .argDescrip = "USERNAME",
+ },
+ {
+ .longName = "password",
+ .shortName = 'p',
+ .argInfo = POPT_ARG_STRING,
+ .val = 'p',
+ .descrip = "Password used for connection",
+ .argDescrip = "PASSWORD",
+ },
+ {
+ .longName = "debuglevel",
+ .shortName = 'd',
+ .argInfo = POPT_ARG_STRING,
+ .val = 'd',
+ .descrip = "Debuglevel",
+ .argDescrip = "DEBUGLEVEL",
+ },
+ {
+ .longName = "kerberos",
+ .shortName = 'k',
+ .argInfo = POPT_ARG_NONE,
+ .val = 'k',
+ .descrip = "Use Kerberos",
+ },
+ POPT_TABLEEND
+};
+
+char *netapi_read_file(const char *filename, uint32_t *psize)
+{
+ int fd;
+ FILE *file = NULL;
+ char *p = NULL;
+ size_t size = 0;
+ size_t chunk = 1024;
+ size_t maxsize = SIZE_MAX;
+ int err;
+
+ fd = open(filename, O_RDONLY);
+ if (fd == -1) {
+ goto fail;
+ }
+
+ file = fdopen(fd, "r");
+ if (file == NULL) {
+ goto fail;
+ }
+
+ while (size < maxsize) {
+ char *tmp = NULL;
+ size_t newbufsize;
+ size_t nread;
+
+ chunk = MIN(chunk, (maxsize - size));
+
+ newbufsize = size + (chunk+1); /* chunk+1 can't overflow */
+ if (newbufsize < size) {
+ goto fail; /* overflow */
+ }
+
+ tmp = realloc(p, sizeof(char) * newbufsize);
+ if (tmp == NULL) {
+ free(p);
+ p = NULL;
+ goto fail;
+ }
+ p = tmp;
+
+ nread = fread(p+size, 1, chunk, file);
+ size += nread;
+
+ if (nread != chunk) {
+ break;
+ }
+ }
+
+ err = ferror(file);
+ if (err != 0) {
+ free(p);
+ goto fail;
+ }
+
+ p[size] = '\0';
+
+ if (psize != NULL) {
+ *psize = size;
+ }
+ fail:
+ if (file != NULL) {
+ fclose(file);
+ }
+ if (fd >= 0) {
+ close(fd);
+ }
+
+ return p;
+}
+
+int netapi_save_file(const char *fname, void *ppacket, size_t length)
+{
+ int fd;
+ fd = open(fname, O_WRONLY|O_CREAT|O_TRUNC, 0644);
+ if (fd == -1) {
+ perror(fname);
+ return -1;
+ }
+ if (write(fd, ppacket, length) != length) {
+ fprintf(stderr,"Failed to write %s\n", fname);
+ close(fd);
+ return -1;
+ }
+ close(fd);
+ return 0;
+}
+
+int netapi_save_file_ucs2(const char *fname, const char *str)
+{
+ char *str_p = NULL;
+ char *ucs2_str = NULL;
+ size_t str_len = 0;
+ size_t ucs2_str_len = 0;
+ iconv_t cd;
+ int ret;
+ char *start;
+ size_t start_len;
+ char *p;
+
+ str_len = strlen(str) + 1;
+ ucs2_str_len = 2 * str_len; /* room for ucs2 */
+ ucs2_str_len += 2;
+
+ ucs2_str = calloc(ucs2_str_len, sizeof(char));
+ if (ucs2_str == NULL) {
+ return -1;
+ }
+ p = ucs2_str; /* store for free */
+
+ ucs2_str[0] = 0xff;
+ ucs2_str[1] = 0xfe;
+
+ start = ucs2_str;
+ start_len = ucs2_str_len;
+
+ ucs2_str += 2;
+ ucs2_str_len -= 2;
+
+ cd = iconv_open("UTF-16LE", "ASCII");
+ if (cd == (iconv_t)-1) {
+ free(p);
+ return -1;
+ }
+
+ str_p = (void *)((uintptr_t)str);
+
+ ret = iconv(cd,
+ &str_p,
+ &str_len,
+ &ucs2_str,
+ &ucs2_str_len);
+ if (ret == -1) {
+ free(p);
+ return -1;
+ }
+ iconv_close(cd);
+
+ ret = netapi_save_file(fname, start, start_len);
+ free(p);
+
+ return ret;
+}
diff --git a/source3/lib/netapi/examples/common.h b/source3/lib/netapi/examples/common.h
new file mode 100644
index 0000000..df7f176
--- /dev/null
+++ b/source3/lib/netapi/examples/common.h
@@ -0,0 +1,18 @@
+#include <popt.h>
+
+void popt_common_callback(poptContext con,
+ enum poptCallbackReason reason,
+ const struct poptOption *opt,
+ const char *arg, const void *data);
+
+extern struct poptOption popt_common_netapi_examples[];
+
+#ifndef POPT_TABLEEND
+#define POPT_TABLEEND { NULL, '\0', 0, 0, 0, NULL, NULL }
+#endif
+
+#define POPT_COMMON_LIBNETAPI_EXAMPLES { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_netapi_examples, 0, "Common samba netapi example options:", NULL },
+
+char *netapi_read_file(const char *filename, uint32_t *psize);
+int netapi_save_file(const char *fname, void *ppacket, size_t length);
+int netapi_save_file_ucs2(const char *fname, const char *str);
diff --git a/source3/lib/netapi/examples/dsgetdc/dsgetdc.c b/source3/lib/netapi/examples/dsgetdc/dsgetdc.c
new file mode 100644
index 0000000..6265e66
--- /dev/null
+++ b/source3/lib/netapi/examples/dsgetdc/dsgetdc.c
@@ -0,0 +1,101 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * DsGetDcName query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+
+ const char *hostname = NULL;
+ const char *domain = NULL;
+ uint32_t flags = 0;
+ struct DOMAIN_CONTROLLER_INFO *info = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ { "flags", 0, POPT_ARG_INT, NULL, 'f', "Query flags", "FLAGS" },
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("dsgetdc", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname domainname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch (opt) {
+ case 'f':
+ sscanf(poptGetOptArg(pc), "%x", &flags);
+ }
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ domain = poptGetArg(pc);
+
+ /* DsGetDcName */
+
+ status = DsGetDcName(hostname, domain, NULL, NULL, flags, &info);
+ if (status != 0) {
+ printf("DsGetDcName failed with: %s\n",
+ libnetapi_errstr(status));
+ return status;
+ }
+
+ printf("DC Name:\t\t%s\n", info->domain_controller_name);
+ printf("DC Address:\t\t%s\n", info->domain_controller_address);
+ printf("DC Address Type:\t%d\n", info->domain_controller_address_type);
+ printf("Domain Name:\t\t%s\n", info->domain_name);
+ printf("DNS Forest Name:\t%s\n", info->dns_forest_name);
+ printf("DC flags:\t\t0x%08x\n", info->flags);
+ printf("DC Sitename:\t\t%s\n", info->dc_site_name);
+ printf("Client Sitename:\t%s\n", info->client_site_name);
+
+ out:
+ NetApiBufferFree(info);
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/file/file_close.c b/source3/lib/netapi/examples/file/file_close.c
new file mode 100644
index 0000000..759173a
--- /dev/null
+++ b/source3/lib/netapi/examples/file/file_close.c
@@ -0,0 +1,83 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetFileClose query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t fileid = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("file_close", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname fileid");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ fileid = atoi(poptGetArg(pc));
+
+ /* NetFileClose */
+
+ status = NetFileClose(hostname, fileid);
+ if (status != 0) {
+ printf("NetFileClose failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/file/file_enum.c b/source3/lib/netapi/examples/file/file_enum.c
new file mode 100644
index 0000000..5fbb285
--- /dev/null
+++ b/source3/lib/netapi/examples/file/file_enum.c
@@ -0,0 +1,146 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetFileEnum query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *basepath = NULL;
+ const char *username = NULL;
+ uint32_t level = 3;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int i;
+
+ struct FILE_INFO_2 *i2 = NULL;
+ struct FILE_INFO_3 *i3 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("file_enum", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname basepath username level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ basepath = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetFileEnum */
+
+ do {
+
+ status = NetFileEnum(hostname,
+ basepath,
+ username,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ printf("total entries: %d\n", total_entries);
+ switch (level) {
+ case 2:
+ i2 = (struct FILE_INFO_2 *)buffer;
+ break;
+ case 3:
+ i3 = (struct FILE_INFO_3 *)buffer;
+ break;
+ default:
+ break;
+ }
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 2:
+ printf("file_id: %d\n", i2->fi2_id);
+ i2++;
+ break;
+ case 3:
+ printf("file_id: %d\n", i3->fi3_id);
+ printf("permissions: %d\n", i3->fi3_permissions);
+ printf("num_locks: %d\n", i3->fi3_num_locks);
+ printf("pathname: %s\n", i3->fi3_pathname);
+ printf("username: %s\n", i3->fi3_username);
+ i3++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetFileEnum failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/file/file_getinfo.c b/source3/lib/netapi/examples/file/file_getinfo.c
new file mode 100644
index 0000000..9ad8305
--- /dev/null
+++ b/source3/lib/netapi/examples/file/file_getinfo.c
@@ -0,0 +1,112 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetFileGetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t fileid = 0;
+ uint32_t level = 3;
+ uint8_t *buffer = NULL;
+
+ struct FILE_INFO_2 *i2 = NULL;
+ struct FILE_INFO_3 *i3 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("file_getinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname fileid");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ fileid = atoi(poptGetArg(pc));
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetFileGetInfo */
+
+ status = NetFileGetInfo(hostname,
+ fileid,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("NetFileGetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ switch (level) {
+ case 2:
+ i2 = (struct FILE_INFO_2 *)buffer;
+ printf("file_id: %d\n", i2->fi2_id);
+ break;
+ case 3:
+ i3 = (struct FILE_INFO_3 *)buffer;
+ printf("file_id: %d\n", i3->fi3_id);
+ printf("permissions: %d\n", i3->fi3_permissions);
+ printf("num_locks: %d\n", i3->fi3_num_locks);
+ printf("pathname: %s\n", i3->fi3_pathname);
+ printf("username: %s\n", i3->fi3_username);
+ break;
+ default:
+ break;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/getdc/getdc.c b/source3/lib/netapi/examples/getdc/getdc.c
new file mode 100644
index 0000000..98bb6a1
--- /dev/null
+++ b/source3/lib/netapi/examples/getdc/getdc.c
@@ -0,0 +1,86 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * GetDCName query
+ * Copyright (C) Guenther Deschner 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+
+ const char *hostname = NULL;
+ const char *domain = NULL;
+ uint8_t *buffer = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("getdc", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname domainname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ domain = poptGetArg(pc);
+
+ /* NetGetDCName */
+
+ status = NetGetDCName(hostname, domain, &buffer);
+ if (status != 0) {
+ printf("GetDcName failed with: %s\n", libnetapi_errstr(status));
+ } else {
+ printf("%s\n", (char *)buffer);
+ }
+
+ out:
+ NetApiBufferFree(buffer);
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_add.c b/source3/lib/netapi/examples/group/group_add.c
new file mode 100644
index 0000000..4da97c5
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_add.c
@@ -0,0 +1,90 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupAdd query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ struct GROUP_INFO_1 g1;
+ uint32_t parm_error = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_add", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ /* NetGroupAdd */
+
+ g1.grpi1_name = groupname;
+ g1.grpi1_comment = "Domain Group created using NetApi example code";
+
+ status = NetGroupAdd(hostname,
+ 1,
+ (uint8_t *)&g1,
+ &parm_error);
+ if (status != 0) {
+ printf("NetGroupAdd failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_adduser.c b/source3/lib/netapi/examples/group/group_adduser.c
new file mode 100644
index 0000000..253b3c5
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_adduser.c
@@ -0,0 +1,91 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupAddUser query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ const char *username = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_adduser", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname username");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ /* NetGroupAddUser */
+
+ status = NetGroupAddUser(hostname,
+ groupname,
+ username);
+ if (status != 0) {
+ printf("NetGroupAddUser failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_del.c b/source3/lib/netapi/examples/group/group_del.c
new file mode 100644
index 0000000..789e429
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_del.c
@@ -0,0 +1,82 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupDel query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_del", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ /* NetGroupDel */
+
+ status = NetGroupDel(hostname, groupname);
+ if (status != 0) {
+ printf("NetGroupDel failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_deluser.c b/source3/lib/netapi/examples/group/group_deluser.c
new file mode 100644
index 0000000..751ab5c
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_deluser.c
@@ -0,0 +1,91 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupDelUser query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ const char *username = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_deluser", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname username");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ /* NetGroupDelUser */
+
+ status = NetGroupDelUser(hostname,
+ groupname,
+ username);
+ if (status != 0) {
+ printf("NetGroupDelUser failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_enum.c b/source3/lib/netapi/examples/group/group_enum.c
new file mode 100644
index 0000000..fe2aee1
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_enum.c
@@ -0,0 +1,153 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupEnum query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int i;
+ char *sid_str = NULL;
+
+ struct GROUP_INFO_0 *info0 = NULL;
+ struct GROUP_INFO_1 *info1 = NULL;
+ struct GROUP_INFO_2 *info2 = NULL;
+ struct GROUP_INFO_3 *info3 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_enum", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetGroupEnum */
+
+ do {
+ status = NetGroupEnum(hostname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ printf("total entries: %d\n", total_entries);
+ switch (level) {
+ case 0:
+ info0 = (struct GROUP_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct GROUP_INFO_1 *)buffer;
+ break;
+ case 2:
+ info2 = (struct GROUP_INFO_2 *)buffer;
+ break;
+ case 3:
+ info3 = (struct GROUP_INFO_3 *)buffer;
+ break;
+ default:
+ break;
+ }
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ printf("#%d group: %s\n", i, info0->grpi0_name);
+ info0++;
+ break;
+ case 1:
+ printf("#%d group: %s\n", i, info1->grpi1_name);
+ printf("#%d comment: %s\n", i, info1->grpi1_comment);
+ info1++;
+ break;
+ case 2:
+ printf("#%d group: %s\n", i, info2->grpi2_name);
+ printf("#%d comment: %s\n", i, info2->grpi2_comment);
+ printf("#%d rid: %d\n", i, info2->grpi2_group_id);
+ printf("#%d attributes: 0x%08x\n", i, info2->grpi2_attributes);
+ info2++;
+ break;
+ case 3:
+ printf("#%d group: %s\n", i, info3->grpi3_name);
+ printf("#%d comment: %s\n", i, info3->grpi3_comment);
+ if (ConvertSidToStringSid(info3->grpi3_group_sid,
+ &sid_str)) {
+ printf("#%d group_sid: %s\n", i, sid_str);
+ free(sid_str);
+ }
+ printf("#%d attributes: 0x%08x\n", i, info3->grpi3_attributes);
+ info3++;
+ break;
+
+
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetGroupEnum failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_getinfo.c b/source3/lib/netapi/examples/group/group_getinfo.c
new file mode 100644
index 0000000..2e5b793
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_getinfo.c
@@ -0,0 +1,127 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupGetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 0;
+ struct GROUP_INFO_0 *g0;
+ struct GROUP_INFO_1 *g1;
+ struct GROUP_INFO_2 *g2;
+ struct GROUP_INFO_3 *g3;
+ char *sid_str = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_getinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetGroupGetInfo */
+
+ status = NetGroupGetInfo(hostname,
+ groupname,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("NetGroupGetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ switch (level) {
+ case 0:
+ g0 = (struct GROUP_INFO_0 *)buffer;
+ printf("name: %s\n", g0->grpi0_name);
+ break;
+ case 1:
+ g1 = (struct GROUP_INFO_1 *)buffer;
+ printf("name: %s\n", g1->grpi1_name);
+ printf("comment: %s\n", g1->grpi1_comment);
+ break;
+ case 2:
+ g2 = (struct GROUP_INFO_2 *)buffer;
+ printf("name: %s\n", g2->grpi2_name);
+ printf("comment: %s\n", g2->grpi2_comment);
+ printf("group_id: %d\n", g2->grpi2_group_id);
+ printf("attributes: %d\n", g2->grpi2_attributes);
+ break;
+ case 3:
+ g3 = (struct GROUP_INFO_3 *)buffer;
+ printf("name: %s\n", g3->grpi3_name);
+ printf("comment: %s\n", g3->grpi3_comment);
+ if (ConvertSidToStringSid(g3->grpi3_group_sid,
+ &sid_str)) {
+ printf("group_sid: %s\n", sid_str);
+ free(sid_str);
+ }
+ printf("attributes: %d\n", g3->grpi3_attributes);
+ break;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_getusers.c b/source3/lib/netapi/examples/group/group_getusers.c
new file mode 100644
index 0000000..72e79ec
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_getusers.c
@@ -0,0 +1,132 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupGetUsers query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int i;
+
+ struct GROUP_USERS_INFO_0 *info0 = NULL;
+ struct GROUP_USERS_INFO_1 *info1 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_getusers", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetGroupGetUsers */
+
+ do {
+ status = NetGroupGetUsers(hostname,
+ groupname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ printf("total entries: %d\n", total_entries);
+ switch (level) {
+ case 0:
+ info0 = (struct GROUP_USERS_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct GROUP_USERS_INFO_1 *)buffer;
+ break;
+ default:
+ break;
+ }
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ printf("#%d member: %s\n", i, info0->grui0_name);
+ info0++;
+ break;
+ case 1:
+ printf("#%d member: %s\n", i, info1->grui1_name);
+ printf("#%d attributes: %d\n", i, info1->grui1_attributes);
+ info1++;
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetGroupGetUsers failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_setinfo.c b/source3/lib/netapi/examples/group/group_setinfo.c
new file mode 100644
index 0000000..cd30d8b
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_setinfo.c
@@ -0,0 +1,142 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupSetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ const char *option = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 0;
+ uint32_t parm_err = 0;
+ struct GROUP_INFO_0 g0;
+ struct GROUP_INFO_1 g1;
+ struct GROUP_INFO_2 g2;
+ struct GROUP_INFO_3 g3;
+ struct GROUP_INFO_1002 g1002;
+ struct GROUP_INFO_1005 g1005;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_setinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname level option");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ level = atoi(poptGetArg(pc));
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ option = poptGetArg(pc);
+
+ /* NetGroupSetInfo */
+
+ switch (level) {
+ case 0:
+ g0.grpi0_name = option;
+ buffer = (uint8_t *)&g0;
+ break;
+ case 1:
+ g1.grpi1_name = option; /* this one will be ignored */
+ g1.grpi1_comment = option;
+ buffer = (uint8_t *)&g1;
+ break;
+ case 2:
+ g2.grpi2_name = option; /* this one will be ignored */
+ g2.grpi2_comment = option;
+ g2.grpi2_group_id = 4711; /* this one will be ignored */
+ g2.grpi2_attributes = 7;
+ buffer = (uint8_t *)&g2;
+ break;
+ case 3:
+ g3.grpi3_name = option; /* this one will be ignored */
+ g3.grpi3_comment = option;
+ g2.grpi2_attributes = 7;
+ buffer = (uint8_t *)&g3;
+ break;
+ case 1002:
+ g1002.grpi1002_comment = option;
+ buffer = (uint8_t *)&g1002;
+ break;
+ case 1005:
+ g1005.grpi1005_attributes = atoi(option);
+ buffer = (uint8_t *)&g1005;
+ break;
+ }
+
+ status = NetGroupSetInfo(hostname,
+ groupname,
+ level,
+ buffer,
+ &parm_err);
+ if (status != 0) {
+ printf("NetGroupSetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/group/group_setusers.c b/source3/lib/netapi/examples/group/group_setusers.c
new file mode 100644
index 0000000..70cf105
--- /dev/null
+++ b/source3/lib/netapi/examples/group/group_setusers.c
@@ -0,0 +1,142 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroupSetUsers query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t num_entries = 0;
+ const char **names = NULL;
+ int i = 0;
+ size_t buf_size = 0;
+
+ struct GROUP_USERS_INFO_0 *g0 = NULL;
+ struct GROUP_USERS_INFO_1 *g1 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("group_setusers", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+
+ names = poptGetArgs(pc);
+ for (i=0; names[i] != NULL; i++) {
+ num_entries++;
+ }
+
+ switch (level) {
+ case 0:
+ buf_size = sizeof(struct GROUP_USERS_INFO_0) * num_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g0);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<num_entries; i++) {
+ g0[i].grui0_name = names[i];
+ }
+
+ buffer = (uint8_t *)g0;
+ break;
+ case 1:
+ buf_size = sizeof(struct GROUP_USERS_INFO_1) * num_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g1);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<num_entries; i++) {
+ g1[i].grui1_name = names[i];
+ }
+
+ buffer = (uint8_t *)g1;
+ break;
+ default:
+ break;
+ }
+
+ /* NetGroupSetUsers */
+
+ status = NetGroupSetUsers(hostname,
+ groupname,
+ level,
+ buffer,
+ num_entries);
+ if (status != 0) {
+ printf("NetGroupSetUsers failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/join/djoin.c b/source3/lib/netapi/examples/join/djoin.c
new file mode 100644
index 0000000..737f330
--- /dev/null
+++ b/source3/lib/netapi/examples/join/djoin.c
@@ -0,0 +1,166 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Offline Domain Join utility
+ * Copyright (C) Guenther Deschner 2021
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdlib.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ const char *domain = NULL;
+ const char *machine_name = NULL;
+ const char *windows_path = NULL;
+ const char *dcname = NULL;
+ const char *loadfile = NULL;
+ const char *savefile = NULL;
+ const char *machine_account_ou = NULL;
+ uint32_t options = 0;
+ uint8_t *provision_bin_data = NULL;
+ uint32_t provision_bin_data_size = 0;
+ const char *provision_text_data = NULL;
+ int provision = 0;
+ int requestodj = 0;
+ int default_password = 0;
+ int print_blob = 0;
+ int localos = 0;
+ int reuse = 0;
+
+ struct libnetapi_ctx *ctx = NULL;
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "provision", 0, POPT_ARG_NONE, &provision, 'D', "Create computer account in AD", NULL },
+ { "dcname", 0, POPT_ARG_STRING, &dcname, 'D', "Domain Controller Name", "DCNAME" },
+ { "machine_account_ou", 0, POPT_ARG_STRING, &machine_account_ou, 'D', "LDAP DN for Machine Account OU", "MACHINE_ACCOUNT_OU" },
+ { "domain", 0, POPT_ARG_STRING, &domain, 'D', "Domain name", "DOMAIN" },
+ { "machine_name", 0, POPT_ARG_STRING, &machine_name, 'D', "Computer Account Name", "MACHINENAME" },
+ { "defpwd", 0, POPT_ARG_NONE, &default_password, 'D', "Use default password for machine account (not recommended)", "" },
+ { "printblob", 0, POPT_ARG_NONE, &print_blob, 'D', "Print base64 encoded ODJ blob (for Windows answer files)", "" },
+ { "savefile", 0, POPT_ARG_STRING, &savefile, 'D', "Save ODJ blob to file (for Windows answer files)", "FILENAME" },
+ { "reuse", 0, POPT_ARG_NONE, &reuse, 'D', "Reuse machine account", "" },
+ { "requestodj", 0, POPT_ARG_NONE, &requestodj, 'D', "Load offline join data", NULL },
+ { "loadfile", 0, POPT_ARG_STRING, &loadfile, 'D', "Load file from previous provision", "FILENAME" },
+ { "localos", 0, POPT_ARG_NONE, &localos, 'D', "Request local OS to load offline join information", "" },
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("djoin", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "[provision|requestodj]");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (provision) {
+
+ if (domain == NULL) {
+ printf("domain must be defined\n");
+ goto out;
+ }
+
+ if (machine_name == NULL) {
+ printf("machine_name must be defined\n");
+ goto out;
+ }
+
+ if (default_password) {
+ options |= NETSETUP_PROVISION_USE_DEFAULT_PASSWORD;
+ }
+
+ if (reuse) {
+ options |= NETSETUP_PROVISION_REUSE_ACCOUNT;
+ }
+
+ status = NetProvisionComputerAccount(domain,
+ machine_name,
+ machine_account_ou,
+ dcname,
+ options,
+ NULL,
+ 0,
+ &provision_text_data);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ if (print_blob) {
+ printf("Provision Text Data: %s\n", provision_text_data);
+ }
+
+ if (savefile != NULL) {
+ status = netapi_save_file_ucs2(savefile, provision_text_data);
+ if (status != 0) {
+ goto out;
+ }
+ }
+ }
+
+ if (requestodj) {
+
+ if (loadfile == NULL) {
+ printf("--loadfile <FILENAME> is required\n");
+ goto out;
+ }
+ provision_bin_data = (uint8_t *)netapi_read_file(loadfile,
+ &provision_bin_data_size);
+ if (provision_bin_data == NULL) {
+ printf("failed to read loadfile: %s\n", loadfile);
+ goto out;
+ }
+
+ if (localos) {
+ options |= NETSETUP_PROVISION_ONLINE_CALLER;
+ }
+
+ status = NetRequestOfflineDomainJoin(provision_bin_data,
+ provision_bin_data_size,
+ options,
+ windows_path);
+ free(provision_bin_data);
+
+ if (status != 0 && status != 0x00000a99) {
+ /* NERR_JoinPerformedMustRestart */
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/join/getjoinableous.c b/source3/lib/netapi/examples/join/getjoinableous.c
new file mode 100644
index 0000000..c0fba57
--- /dev/null
+++ b/source3/lib/netapi/examples/join/getjoinableous.c
@@ -0,0 +1,110 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Join Support (cmdline + netapi)
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <inttypes.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ const char *host_name = NULL;
+ const char *domain_name = NULL;
+ const char **ous = NULL;
+ uint32_t num_ous = 0;
+ struct libnetapi_ctx *ctx = NULL;
+ int i;
+ const char *username = NULL;
+ const char *password = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "domain", 0, POPT_ARG_STRING, NULL, 'D', "Domain name", "DOMAIN" },
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("getjoinableous", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname domainname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch (opt) {
+ case 'D':
+ domain_name = poptGetOptArg(pc);
+ break;
+ }
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ host_name = poptGetArg(pc);
+
+ /* NetGetJoinableOUs */
+
+ status = libnetapi_get_username(ctx, &username);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+ status = libnetapi_get_password(ctx, &password);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ status = NetGetJoinableOUs(host_name,
+ domain_name,
+ username,
+ password,
+ &num_ous,
+ &ous);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ } else {
+ printf("Successfully queried joinable ous:\n");
+ for (i=0; i<num_ous; i++) {
+ printf("ou: %s\n", ous[i]);
+ }
+ }
+
+ out:
+ NetApiBufferFree(ous);
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/join/getjoininformation.c b/source3/lib/netapi/examples/join/getjoininformation.c
new file mode 100644
index 0000000..7dac456
--- /dev/null
+++ b/source3/lib/netapi/examples/join/getjoininformation.c
@@ -0,0 +1,105 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Join Support (cmdline + netapi)
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <inttypes.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ const char *host_name = NULL;
+ char *name_buffer = NULL;
+ const char *p = NULL;
+ uint16_t name_type = 0;
+ struct libnetapi_ctx *ctx = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("getjoininformation", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ host_name = poptGetArg(pc);
+
+ /* NetGetJoinInformation */
+
+ status = NetGetJoinInformation(host_name, &p, &name_type);
+ name_buffer = discard_const_p(char, p);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ } else {
+ printf("Successfully queried join information:\n");
+
+ switch (name_type) {
+ case NetSetupUnknownStatus:
+ printf("%s's join status unknown (name: %s)\n",
+ host_name, name_buffer);
+ break;
+ case NetSetupUnjoined:
+ printf("%s is not joined (name: %s)\n",
+ host_name, name_buffer);
+ break;
+ case NetSetupWorkgroupName:
+ printf("%s is joined to workgroup %s\n",
+ host_name, name_buffer);
+ break;
+ case NetSetupDomainName:
+ printf("%s is joined to domain %s\n",
+ host_name, name_buffer);
+ break;
+ default:
+ printf("%s is in unknown status %d (name: %s)\n",
+ host_name, name_type, name_buffer);
+ break;
+ }
+ }
+
+ out:
+ NetApiBufferFree(name_buffer);
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/join/netdomjoin.c b/source3/lib/netapi/examples/join/netdomjoin.c
new file mode 100644
index 0000000..08ce71b
--- /dev/null
+++ b/source3/lib/netapi/examples/join/netdomjoin.c
@@ -0,0 +1,104 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Join Support (cmdline + netapi)
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+enum {
+ OPT_OU = 1000
+};
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ const char *host_name = NULL;
+ const char *domain_name = NULL;
+ const char *account_ou = NULL;
+ const char *account = NULL;
+ const char *password = NULL;
+ uint32_t join_flags = NETSETUP_JOIN_DOMAIN |
+ NETSETUP_ACCT_CREATE |
+ NETSETUP_DOMAIN_JOIN_IF_JOINED;
+ struct libnetapi_ctx *ctx = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "ou", 0, POPT_ARG_STRING, &account_ou, 'U', "Account ou", "ACCOUNT_OU" },
+ { "domain", 0, POPT_ARG_STRING, &domain_name, 'U', "Domain name (required)", "DOMAIN" },
+ { "userd", 0, POPT_ARG_STRING, &account, 'U', "Domain admin account", "USERNAME" },
+ { "passwordd", 0, POPT_ARG_STRING, &password, 'U', "Domain admin password", "PASSWORD" },
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("netdomjoin", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ host_name = poptGetArg(pc);
+
+ if (!domain_name) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+
+ /* NetJoinDomain */
+
+ status = NetJoinDomain(host_name,
+ domain_name,
+ account_ou,
+ account,
+ password,
+ join_flags);
+ if (status != 0) {
+ const char *errstr = NULL;
+ errstr = libnetapi_get_error_string(ctx, status);
+ printf("Join failed with: %s\n", errstr);
+ } else {
+ printf("Successfully joined\n");
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/join/provision_computer_account.c b/source3/lib/netapi/examples/join/provision_computer_account.c
new file mode 100644
index 0000000..cc2dde5
--- /dev/null
+++ b/source3/lib/netapi/examples/join/provision_computer_account.c
@@ -0,0 +1,122 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetProvisionComputerAccount query
+ * Copyright (C) Guenther Deschner 2021
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <inttypes.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ const char *domain = NULL;
+ const char *machine_name = NULL;
+ const char *machine_account_ou = NULL;
+ const char *dcname = NULL;
+ uint32_t options = 0;
+ const char *provision_text_data = NULL;
+ int default_password = 0;
+ int print_blob = 0;
+ const char *savefile = NULL;
+ int reuse = 0;
+
+ struct libnetapi_ctx *ctx = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "dcname", 0, POPT_ARG_STRING, &dcname, 'D', "Domain Controller Name", "DCNAME" },
+ { "machine_account_ou", 0, POPT_ARG_STRING, &machine_account_ou, 'D', "LDAP DN for Machine Account OU", "MACHINE_ACCOUNT_OU" },
+ { "defpwd", 0, POPT_ARG_NONE, &default_password, 'D', "Use default password for machine account (not recommended)", "" },
+ { "printblob", 0, POPT_ARG_NONE, &print_blob, 'D', "Print base64 encoded ODJ blob (for Windows answer files)", "" },
+ { "savefile", 0, POPT_ARG_STRING, &savefile, 'D', "Save ODJ blob to file (for Windows answer files)", "FILENAME" },
+ { "reuse", 0, POPT_ARG_NONE, &reuse, 'D', "Reuse machine account", "" },
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("provision_computer_account", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "domain machine_name");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ domain = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ machine_name = poptGetArg(pc);
+
+ if (default_password) {
+ options |= NETSETUP_PROVISION_USE_DEFAULT_PASSWORD;
+ }
+ if (reuse) {
+ options |= NETSETUP_PROVISION_REUSE_ACCOUNT;
+ }
+
+ /* NetProvisionComputerAccount */
+
+ status = NetProvisionComputerAccount(domain,
+ machine_name,
+ machine_account_ou,
+ dcname,
+ options,
+ NULL,
+ 0,
+ &provision_text_data);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ if (print_blob) {
+ printf("Provision data: %s\n", provision_text_data);
+ }
+
+ if (savefile != NULL) {
+ status = netapi_save_file_ucs2(savefile, provision_text_data);
+ if (status != 0) {
+ goto out;
+ }
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/join/rename_machine.c b/source3/lib/netapi/examples/join/rename_machine.c
new file mode 100644
index 0000000..7be6dc2
--- /dev/null
+++ b/source3/lib/netapi/examples/join/rename_machine.c
@@ -0,0 +1,101 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetRenameMachineInDomain query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <inttypes.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ const char *host_name = NULL;
+ const char *new_machine_name = NULL;
+ uint32_t rename_opt = 0;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *username = NULL;
+ const char *password = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("rename_machine", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname newmachinename");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ host_name = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ new_machine_name = poptGetArg(pc);
+
+ /* NetRenameMachineInDomain */
+
+ status = libnetapi_get_username(ctx, &username);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+ status = libnetapi_get_password(ctx, &password);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ status = NetRenameMachineInDomain(host_name,
+ new_machine_name,
+ username,
+ password,
+ rename_opt);
+ if (status != 0) {
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/join/request_offline_domain_join.c b/source3/lib/netapi/examples/join/request_offline_domain_join.c
new file mode 100644
index 0000000..96bbe0b
--- /dev/null
+++ b/source3/lib/netapi/examples/join/request_offline_domain_join.c
@@ -0,0 +1,97 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetRequestOfflineDomainJoin
+ * Copyright (C) Guenther Deschner 2021
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdlib.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ const char *windows_path = NULL;
+ uint32_t options = 0;
+ uint8_t *provision_bin_data = NULL;
+ uint32_t provision_bin_data_size = 0;
+ const char *loadfile = NULL;
+ struct libnetapi_ctx *ctx = NULL;
+ int localos = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "loadfile", 0, POPT_ARG_STRING, &loadfile, 'D', "Load file from previous provision", "FILENAME" },
+ { "localos", 0, POPT_ARG_NONE, &localos, 'D', "Request local OS to load offline join information", "" },
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("request_offline_domain_join", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (loadfile == NULL) {
+ printf("--loadfile <FILENAME> is required\n");
+ goto out;
+ }
+ provision_bin_data = (uint8_t *)netapi_read_file(loadfile,
+ &provision_bin_data_size);
+ if (provision_bin_data == NULL) {
+ printf("failed to read loadfile: %s\n", loadfile);
+ goto out;
+ }
+
+ if (localos) {
+ options |= NETSETUP_PROVISION_ONLINE_CALLER;
+ }
+
+ /* NetRequestOfflineDomainJoin */
+
+ status = NetRequestOfflineDomainJoin(provision_bin_data,
+ provision_bin_data_size,
+ options,
+ windows_path);
+ free(provision_bin_data);
+ if (status != 0 && status != 0x00000a99) {
+ /* NERR_JoinPerformedMustRestart */
+ printf("failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_add.c b/source3/lib/netapi/examples/localgroup/localgroup_add.c
new file mode 100644
index 0000000..7f23c99
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_add.c
@@ -0,0 +1,106 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupAdd query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ const char *comment = NULL;
+ struct LOCALGROUP_INFO_0 g0;
+ struct LOCALGROUP_INFO_1 g1;
+ uint32_t parm_error = 0;
+ uint8_t *buf = NULL;
+ uint32_t level = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_add", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname comment");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ comment = poptGetArg(pc);
+ }
+
+ /* NetLocalGroupAdd */
+
+ if (comment) {
+ level = 1;
+ g1.lgrpi1_name = groupname;
+ g1.lgrpi1_comment = comment;
+ buf = (uint8_t *)&g1;
+ } else {
+ level = 0;
+ g0.lgrpi0_name = groupname;
+ buf = (uint8_t *)&g0;
+ }
+
+ status = NetLocalGroupAdd(hostname,
+ level,
+ buf,
+ &parm_error);
+ if (status != 0) {
+ printf("NetLocalGroupAdd failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_addmembers.c b/source3/lib/netapi/examples/localgroup/localgroup_addmembers.c
new file mode 100644
index 0000000..aa4a9b5
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_addmembers.c
@@ -0,0 +1,141 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupAddMembers query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ struct LOCALGROUP_MEMBERS_INFO_0 *g0;
+ struct LOCALGROUP_MEMBERS_INFO_3 *g3;
+ uint32_t total_entries = 0;
+ uint8_t *buffer = NULL;
+ uint32_t level = 3;
+ const char **names = NULL;
+ int i = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_addmembers", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname member1 member2 ...");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+
+ names = poptGetArgs(pc);
+ for (i=0; names[i] != NULL; i++) {
+ total_entries++;
+ }
+
+ switch (level) {
+ case 0:
+ status = NetApiBufferAllocate(sizeof(struct LOCALGROUP_MEMBERS_INFO_0) * total_entries,
+ (void **)&g0);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<total_entries; i++) {
+ if (!ConvertStringSidToSid(names[i], &g0[i].lgrmi0_sid)) {
+ printf("could not convert sid\n");
+ goto out;
+ }
+ }
+
+ buffer = (uint8_t *)g0;
+ break;
+ case 3:
+ status = NetApiBufferAllocate(sizeof(struct LOCALGROUP_MEMBERS_INFO_3) * total_entries,
+ (void **)&g3);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<total_entries; i++) {
+ g3[i].lgrmi3_domainandname = names[i];
+ }
+
+ buffer = (uint8_t *)g3;
+ break;
+ default:
+ break;
+ }
+
+ /* NetLocalGroupAddMembers */
+
+ status = NetLocalGroupAddMembers(hostname,
+ groupname,
+ level,
+ buffer,
+ total_entries);
+ if (status != 0) {
+ printf("NetLocalGroupAddMembers failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_del.c b/source3/lib/netapi/examples/localgroup/localgroup_del.c
new file mode 100644
index 0000000..a2515df
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_del.c
@@ -0,0 +1,83 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupDel query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_del", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ /* NetLocalGroupDel */
+
+ status = NetLocalGroupDel(hostname,
+ groupname);
+ if (status != 0) {
+ printf("NetLocalGroupDel failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_delmembers.c b/source3/lib/netapi/examples/localgroup/localgroup_delmembers.c
new file mode 100644
index 0000000..7bd3ec0
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_delmembers.c
@@ -0,0 +1,141 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupDelMembers query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ struct LOCALGROUP_MEMBERS_INFO_0 *g0;
+ struct LOCALGROUP_MEMBERS_INFO_3 *g3;
+ uint32_t total_entries = 0;
+ uint8_t *buffer = NULL;
+ uint32_t level = 3;
+ const char **names = NULL;
+ int i = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_delmembers", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname member1 member2 ...");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+
+ names = poptGetArgs(pc);
+ for (i=0; names[i] != NULL; i++) {
+ total_entries++;
+ }
+
+ switch (level) {
+ case 0:
+ status = NetApiBufferAllocate(sizeof(struct LOCALGROUP_MEMBERS_INFO_0) * total_entries,
+ (void **)&g0);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<total_entries; i++) {
+ if (!ConvertStringSidToSid(names[i], &g0[i].lgrmi0_sid)) {
+ printf("could not convert sid\n");
+ goto out;
+ }
+ }
+
+ buffer = (uint8_t *)g0;
+ break;
+ case 3:
+ status = NetApiBufferAllocate(sizeof(struct LOCALGROUP_MEMBERS_INFO_3) * total_entries,
+ (void **)&g3);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<total_entries; i++) {
+ g3[i].lgrmi3_domainandname = names[i];
+ }
+
+ buffer = (uint8_t *)g3;
+ break;
+ default:
+ break;
+ }
+
+ /* NetLocalGroupDelMembers */
+
+ status = NetLocalGroupDelMembers(hostname,
+ groupname,
+ level,
+ buffer,
+ total_entries);
+ if (status != 0) {
+ printf("NetLocalGroupDelMembers failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_enum.c b/source3/lib/netapi/examples/localgroup/localgroup_enum.c
new file mode 100644
index 0000000..6fe0cf4
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_enum.c
@@ -0,0 +1,126 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupEnum query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int i;
+
+ struct LOCALGROUP_INFO_0 *info0 = NULL;
+ struct LOCALGROUP_INFO_1 *info1 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_enum", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetLocalGroupEnum */
+
+ do {
+ status = NetLocalGroupEnum(hostname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ printf("total entries: %d\n", total_entries);
+ switch (level) {
+ case 0:
+ info0 = (struct LOCALGROUP_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct LOCALGROUP_INFO_1 *)buffer;
+ break;
+ default:
+ break;
+ }
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ printf("#%d group: %s\n", i, info0->lgrpi0_name);
+ info0++;
+ break;
+ case 1:
+ printf("#%d group: %s\n", i, info1->lgrpi1_name);
+ printf("#%d comment: %s\n", i, info1->lgrpi1_comment);
+ info1++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetLocalGroupEnum failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_getinfo.c b/source3/lib/netapi/examples/localgroup/localgroup_getinfo.c
new file mode 100644
index 0000000..cd8fa8c
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_getinfo.c
@@ -0,0 +1,112 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupGetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 0;
+ struct LOCALGROUP_INFO_0 *g0;
+ struct LOCALGROUP_INFO_1 *g1;
+ struct LOCALGROUP_INFO_1002 *g1002;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_getinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetLocalGroupGetInfo */
+
+ status = NetLocalGroupGetInfo(hostname,
+ groupname,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("NetLocalGroupGetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ switch (level) {
+ case 0:
+ g0 = (struct LOCALGROUP_INFO_0 *)buffer;
+ printf("name: %s\n", g0->lgrpi0_name);
+ break;
+ case 1:
+ g1 = (struct LOCALGROUP_INFO_1 *)buffer;
+ printf("name: %s\n", g1->lgrpi1_name);
+ printf("comment: %s\n", g1->lgrpi1_comment);
+ break;
+ case 1002:
+ g1002 = (struct LOCALGROUP_INFO_1002 *)buffer;
+ printf("comment: %s\n", g1002->lgrpi1002_comment);
+ break;
+ }
+ NetApiBufferFree(buffer);
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_getmembers.c b/source3/lib/netapi/examples/localgroup/localgroup_getmembers.c
new file mode 100644
index 0000000..0589870
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_getmembers.c
@@ -0,0 +1,165 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupGetMembers query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ char *sid_str = NULL;
+ int i;
+
+ struct LOCALGROUP_MEMBERS_INFO_0 *info0 = NULL;
+ struct LOCALGROUP_MEMBERS_INFO_1 *info1 = NULL;
+ struct LOCALGROUP_MEMBERS_INFO_2 *info2 = NULL;
+ struct LOCALGROUP_MEMBERS_INFO_3 *info3 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_getmembers", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetLocalGroupGetMembers */
+
+ do {
+ status = NetLocalGroupGetMembers(hostname,
+ groupname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ printf("total entries: %d\n", total_entries);
+ switch (level) {
+ case 0:
+ info0 = (struct LOCALGROUP_MEMBERS_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct LOCALGROUP_MEMBERS_INFO_1 *)buffer;
+ break;
+ case 2:
+ info2 = (struct LOCALGROUP_MEMBERS_INFO_2 *)buffer;
+ break;
+ case 3:
+ info3 = (struct LOCALGROUP_MEMBERS_INFO_3 *)buffer;
+ break;
+ default:
+ break;
+ }
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ if (ConvertSidToStringSid(info0->lgrmi0_sid,
+ &sid_str)) {
+ printf("#%d member sid: %s\n", i, sid_str);
+ free(sid_str);
+ }
+ info0++;
+ break;
+ case 1:
+ if (ConvertSidToStringSid(info1->lgrmi1_sid,
+ &sid_str)) {
+ printf("#%d member sid: %s\n", i, sid_str);
+ free(sid_str);
+ }
+ printf("#%d sid type: %d\n", i, info1->lgrmi1_sidusage);
+ printf("#%d name: %s\n", i, info1->lgrmi1_name);
+ info1++;
+ break;
+ case 2:
+ if (ConvertSidToStringSid(info2->lgrmi2_sid,
+ &sid_str)) {
+ printf("#%d member sid: %s\n", i, sid_str);
+ free(sid_str);
+ }
+ printf("#%d sid type: %d\n", i, info2->lgrmi2_sidusage);
+ printf("#%d full name: %s\n", i, info2->lgrmi2_domainandname);
+ info2++;
+ break;
+ case 3:
+ printf("#%d full name: %s\n", i, info3->lgrmi3_domainandname);
+ info3++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetLocalGroupGetMembers failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_setinfo.c b/source3/lib/netapi/examples/localgroup/localgroup_setinfo.c
new file mode 100644
index 0000000..efcec76
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_setinfo.c
@@ -0,0 +1,128 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupSetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 0;
+ struct LOCALGROUP_INFO_0 g0;
+ struct LOCALGROUP_INFO_1 g1;
+ struct LOCALGROUP_INFO_1002 g1002;
+ const char *newname = NULL;
+ const char *newcomment = NULL;
+ uint32_t parm_err = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ { "newname", 0, POPT_ARG_STRING, NULL, 'n', "New Local Group Name", "NEWNAME" },
+ { "newcomment", 0, POPT_ARG_STRING, NULL, 'c', "New Local Group Comment", "NETCOMMENT" },
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_setinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ switch (opt) {
+ case 'n':
+ newname = poptGetOptArg(pc);
+ break;
+ case 'c':
+ newcomment = poptGetOptArg(pc);
+ break;
+ }
+
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ if (newname && !newcomment) {
+ g0.lgrpi0_name = newname;
+ buffer = (uint8_t *)&g0;
+ level = 0;
+ } else if (newcomment && !newname) {
+ g1002.lgrpi1002_comment = newcomment;
+ buffer = (uint8_t *)&g1002;
+ level = 1002;
+ } else if (newname && newcomment) {
+ g1.lgrpi1_name = newname;
+ g1.lgrpi1_comment = newcomment;
+ buffer = (uint8_t *)&g1;
+ level = 1;
+ } else {
+ printf("not enough input\n");
+ goto out;
+ }
+
+ /* NetLocalGroupSetInfo */
+
+ status = NetLocalGroupSetInfo(hostname,
+ groupname,
+ level,
+ buffer,
+ &parm_err);
+ if (status != 0) {
+ printf("NetLocalGroupSetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/localgroup/localgroup_setmembers.c b/source3/lib/netapi/examples/localgroup/localgroup_setmembers.c
new file mode 100644
index 0000000..c35f2bb
--- /dev/null
+++ b/source3/lib/netapi/examples/localgroup/localgroup_setmembers.c
@@ -0,0 +1,146 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroupSetMembers query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *groupname = NULL;
+ struct LOCALGROUP_MEMBERS_INFO_0 *g0;
+ struct LOCALGROUP_MEMBERS_INFO_3 *g3;
+ uint32_t total_entries = 0;
+ uint8_t *buffer = NULL;
+ uint32_t level = 3;
+ const char **names = NULL;
+ int i = 0;
+ size_t buf_size = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("localgroup_setmembers", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname groupname member1 member2 ...");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ groupname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+
+ names = poptGetArgs(pc);
+ for (i=0; names[i] != NULL; i++) {
+ total_entries++;
+ }
+
+ switch (level) {
+ case 0:
+ buf_size = sizeof(struct LOCALGROUP_MEMBERS_INFO_0) * total_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g0);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<total_entries; i++) {
+ if (!ConvertStringSidToSid(names[i], &g0[i].lgrmi0_sid)) {
+ printf("could not convert sid\n");
+ goto out;
+ }
+ }
+
+ buffer = (uint8_t *)g0;
+ break;
+ case 3:
+ buf_size = sizeof(struct LOCALGROUP_MEMBERS_INFO_3) * total_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g3);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<total_entries; i++) {
+ g3[i].lgrmi3_domainandname = names[i];
+ }
+
+ buffer = (uint8_t *)g3;
+ break;
+ default:
+ break;
+ }
+
+ /* NetLocalGroupSetMembers */
+
+ status = NetLocalGroupSetMembers(hostname,
+ groupname,
+ level,
+ buffer,
+ total_entries);
+ if (status != 0) {
+ printf("NetLocalGroupSetMembers failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ NetApiBufferFree(buffer);
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/netdomjoin-gui/logo-small.png b/source3/lib/netapi/examples/netdomjoin-gui/logo-small.png
new file mode 100644
index 0000000..f041198
--- /dev/null
+++ b/source3/lib/netapi/examples/netdomjoin-gui/logo-small.png
Binary files differ
diff --git a/source3/lib/netapi/examples/netdomjoin-gui/logo.png b/source3/lib/netapi/examples/netdomjoin-gui/logo.png
new file mode 100644
index 0000000..6df4ace
--- /dev/null
+++ b/source3/lib/netapi/examples/netdomjoin-gui/logo.png
Binary files differ
diff --git a/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c b/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c
new file mode 100644
index 0000000..6fd584a
--- /dev/null
+++ b/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c
@@ -0,0 +1,1888 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Join Support (gtk + netapi)
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <netdb.h>
+
+#include <gtk/gtk.h>
+#include <glib/gprintf.h>
+
+#include <netapi.h>
+
+#define MAX_CRED_LEN 256
+#define MAX_NETBIOS_NAME_LEN 15
+
+#define SAMBA_ICON_PATH "/usr/share/pixmaps/samba/samba.ico"
+#define SAMBA_IMAGE_PATH "/usr/share/pixmaps/samba/logo.png"
+#define SAMBA_IMAGE_PATH_SMALL "/usr/share/pixmaps/samba/logo-small.png"
+
+#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)
+
+static gboolean verbose = FALSE;
+
+typedef struct join_state {
+ struct libnetapi_ctx *ctx;
+ GtkWidget *window_main;
+ GtkWidget *window_parent;
+ GtkWidget *window_do_change;
+ GtkWidget *window_creds_prompt;
+ GtkWidget *entry_account;
+ GtkWidget *entry_password;
+ GtkWidget *entry_domain;
+ GtkWidget *entry_ou_list;
+ GtkWidget *entry_workgroup;
+ GtkWidget *button_ok;
+ GtkWidget *button_apply;
+ GtkWidget *button_ok_creds;
+ GtkWidget *button_get_ous;
+ GtkWidget *label_reboot;
+ GtkWidget *label_current_name_buffer;
+ GtkWidget *label_current_name_type;
+ GtkWidget *label_full_computer_name;
+ GtkWidget *label_winbind;
+ uint16_t name_type_initial;
+ uint16_t name_type_new;
+ char *name_buffer_initial;
+ char *name_buffer_new;
+ char *password;
+ char *account;
+ char *comment;
+ char *comment_new;
+ char *my_fqdn;
+ char *my_dnsdomain;
+ char *my_hostname;
+ uint16_t server_role;
+ gboolean settings_changed;
+ gboolean hostname_changed;
+ uint32_t stored_num_ous;
+ char *target_hostname;
+ uid_t uid;
+} join_state;
+
+static void callback_creds_prompt(GtkWidget *widget,
+ gpointer data,
+ const char *label_string,
+ gpointer cont_fn);
+
+
+static void debug(const char *format, ...)
+{
+ va_list args;
+
+ if (!verbose) {
+ return;
+ }
+
+ va_start(args, format);
+ g_vprintf(format, args);
+ va_end(args);
+}
+
+static gboolean callback_delete_event(GtkWidget *widget,
+ GdkEvent *event,
+ gpointer data)
+{
+ gtk_main_quit();
+ return FALSE;
+}
+
+static void callback_do_close_data(GtkWidget *widget,
+ gpointer data)
+{
+ debug("callback_do_close_data called\n");
+
+ if (data) {
+ gtk_widget_destroy(GTK_WIDGET(data));
+ }
+}
+
+static void callback_do_close_widget(GtkWidget *widget,
+ gpointer data)
+{
+ debug("callback_do_close_widget called\n");
+
+ if (widget) {
+ gtk_widget_destroy(widget);
+ }
+}
+
+static void callback_do_freeauth(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+
+ debug("callback_do_freeauth called\n");
+
+ SAFE_FREE(state->account);
+ SAFE_FREE(state->password);
+
+ if (state->window_creds_prompt) {
+ gtk_widget_destroy(GTK_WIDGET(state->window_creds_prompt));
+ state->window_creds_prompt = NULL;
+ }
+}
+
+static void callback_do_freeauth_and_close(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+
+ debug("callback_do_freeauth_and_close called\n");
+
+ SAFE_FREE(state->account);
+ SAFE_FREE(state->password);
+
+ if (state->window_creds_prompt) {
+ gtk_widget_destroy(GTK_WIDGET(state->window_creds_prompt));
+ state->window_creds_prompt = NULL;
+ }
+ if (state->window_do_change) {
+ gtk_widget_destroy(GTK_WIDGET(state->window_do_change));
+ state->window_do_change = NULL;
+ }
+}
+
+static void free_join_state(struct join_state *s)
+{
+ SAFE_FREE(s->name_buffer_initial);
+ SAFE_FREE(s->name_buffer_new);
+ SAFE_FREE(s->password);
+ SAFE_FREE(s->account);
+ SAFE_FREE(s->comment);
+ SAFE_FREE(s->comment_new);
+ SAFE_FREE(s->my_fqdn);
+ SAFE_FREE(s->my_dnsdomain);
+ SAFE_FREE(s->my_hostname);
+}
+
+static void do_cleanup(struct join_state *state)
+{
+ libnetapi_free(state->ctx);
+ free_join_state(state);
+}
+
+static void callback_apply_description_change(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+ NET_API_STATUS status = 0;
+ uint32_t parm_err = 0;
+ struct SERVER_INFO_1005 info1005;
+ GtkWidget *dialog;
+
+ info1005.sv1005_comment = state->comment_new;
+
+ status = NetServerSetInfo(state->target_hostname,
+ 1005,
+ (uint8_t *)&info1005,
+ &parm_err);
+ if (status) {
+ debug("NetServerSetInfo failed with: %s\n",
+ libnetapi_errstr(status));
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_main),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_OK,
+ "Failed to change computer description: %s.",
+ libnetapi_get_error_string(state->ctx, status));
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_main));
+
+ g_signal_connect_swapped(dialog, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ dialog);
+
+ gtk_widget_show(dialog);
+ return;
+ }
+
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_apply), FALSE);
+}
+
+static void callback_do_exit(GtkWidget *widget,
+ gpointer data)
+{
+#if 0
+ GtkWidget *dialog;
+ gint result;
+#endif
+ struct join_state *state = (struct join_state *)data;
+
+ if (!state->settings_changed) {
+ callback_delete_event(NULL, NULL, NULL);
+ return;
+ }
+
+#if 0
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_main),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_QUESTION,
+ GTK_BUTTONS_YES_NO,
+ "You must restart your computer before the new settings will take effect.");
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ result = gtk_dialog_run(GTK_DIALOG(dialog));
+ switch (result) {
+ case GTK_RESPONSE_YES:
+ g_print("would reboot here\n");
+ break;
+ case GTK_RESPONSE_NO:
+ default:
+ break;
+ }
+ if (dialog) {
+ gtk_widget_destroy(GTK_WIDGET(dialog));
+ }
+#endif
+ if (state->window_main) {
+ gtk_widget_destroy(GTK_WIDGET(state->window_main));
+ state->window_main = NULL;
+ }
+ do_cleanup(state);
+ exit(0);
+}
+
+
+static void callback_do_reboot(GtkWidget *widget,
+ gpointer data,
+ gpointer data2)
+{
+ GtkWidget *dialog;
+ struct join_state *state = (struct join_state *)data2;
+
+ debug("callback_do_reboot\n");
+
+ state->settings_changed = TRUE;
+ dialog = gtk_message_dialog_new(GTK_WINDOW(data),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_INFO,
+ GTK_BUTTONS_OK,
+ "You must restart this computer for the changes to take effect.");
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_do_change));
+#if 0
+ g_signal_connect_swapped(dialog, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ dialog);
+
+ debug("showing dialog\n");
+ gtk_widget_show(dialog);
+#else
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(GTK_WIDGET(dialog));
+#endif
+
+ gtk_label_set_text(GTK_LABEL(state->label_reboot),
+ "Changes will take effect after you restart this computer");
+
+ debug("destroying do_change window\n");
+ gtk_widget_destroy(GTK_WIDGET(state->window_do_change));
+
+ {
+ uint32_t status;
+ const char *buffer;
+ uint16_t type;
+
+ status = NetGetJoinInformation(state->target_hostname,
+ &buffer,
+ &type);
+ if (status != 0) {
+ g_print("failed to query status\n");
+ return;
+ }
+
+ debug("got new status: %s\n", buffer);
+
+ SAFE_FREE(state->name_buffer_new);
+ state->name_buffer_new = strdup(buffer);
+ state->name_type_new = type;
+ state->name_buffer_initial = strdup(buffer);
+ state->name_type_initial = type;
+ NetApiBufferFree((void *)buffer);
+
+ gtk_label_set_text(GTK_LABEL(state->label_current_name_buffer),
+ state->name_buffer_new);
+ if (state->name_type_new == NetSetupDomainName) {
+ gtk_label_set_text(GTK_LABEL(state->label_current_name_type),
+ "Domain:");
+ } else {
+ gtk_label_set_text(GTK_LABEL(state->label_current_name_type),
+ "Workgroup:");
+ }
+ }
+}
+
+static void callback_return_username(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text;
+ struct join_state *state = (struct join_state *)data;
+ debug("callback_return_username called\n");
+ if (!widget) {
+ return;
+ }
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ if (!entry_text) {
+ return;
+ }
+ debug("callback_return_username: %s\n", entry_text);
+ SAFE_FREE(state->account);
+ state->account = strdup(entry_text);
+}
+
+static void callback_return_username_and_enter(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text;
+ struct join_state *state = (struct join_state *)data;
+ if (!widget) {
+ return;
+ }
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ if (!entry_text) {
+ return;
+ }
+ debug("callback_return_username_and_enter: %s\n", entry_text);
+ SAFE_FREE(state->account);
+ state->account = strdup(entry_text);
+ g_signal_emit_by_name(state->button_ok_creds, "clicked");
+}
+
+static void callback_return_password(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text;
+ struct join_state *state = (struct join_state *)data;
+ debug("callback_return_password called\n");
+ if (!widget) {
+ return;
+ }
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ if (!entry_text) {
+ return;
+ }
+#ifdef DEBUG_PASSWORD
+ debug("callback_return_password: %s\n", entry_text);
+#else
+ debug("callback_return_password: (not printed)\n");
+#endif
+ SAFE_FREE(state->password);
+ state->password = strdup(entry_text);
+}
+
+static void callback_return_password_and_enter(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text;
+ struct join_state *state = (struct join_state *)data;
+ if (!widget) {
+ return;
+ }
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ if (!entry_text) {
+ return;
+ }
+#ifdef DEBUG_PASSWORD
+ debug("callback_return_password_and_enter: %s\n", entry_text);
+#else
+ debug("callback_return_password_and_enter: (not printed)\n");
+#endif
+ SAFE_FREE(state->password);
+ state->password = strdup(entry_text);
+ g_signal_emit_by_name(state->button_ok_creds, "clicked");
+}
+
+static void callback_do_storeauth(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+
+ debug("callback_do_storeauth called\n");
+
+ SAFE_FREE(state->account);
+ SAFE_FREE(state->password);
+
+ callback_return_username(state->entry_account, (gpointer)state);
+ callback_return_password(state->entry_password, (gpointer)state);
+
+ if (state->window_creds_prompt) {
+ gtk_widget_destroy(GTK_WIDGET(state->window_creds_prompt));
+ state->window_creds_prompt = NULL;
+ }
+}
+
+static void callback_continue(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+
+ gtk_widget_grab_focus(GTK_WIDGET(state->button_ok));
+ g_signal_emit_by_name(state->button_ok, "clicked");
+}
+
+static void callback_do_storeauth_and_continue(GtkWidget *widget,
+ gpointer data)
+{
+ callback_do_storeauth(widget, data);
+ callback_continue(NULL, data);
+}
+
+static void callback_do_storeauth_and_scan(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+ callback_do_storeauth(widget, data);
+ g_signal_emit_by_name(state->button_get_ous, "clicked");
+}
+
+static void callback_do_hostname_change(GtkWidget *widget,
+ gpointer data)
+{
+ GtkWidget *dialog;
+ const char *str = NULL;
+
+ struct join_state *state = (struct join_state *)data;
+
+ switch (state->name_type_initial) {
+ case NetSetupDomainName: {
+#if 0
+ NET_API_STATUS status;
+ const char *newname;
+ char *p = NULL;
+
+ newname = strdup(gtk_label_get_text(GTK_LABEL(state->label_full_computer_name)));
+ if (!newname) {
+ return;
+ }
+
+ p = strchr(newname, '.');
+ if (p) {
+ *p = '\0';
+ }
+
+ if (!state->account || !state->password) {
+ debug("callback_do_hostname_change: no creds yet\n");
+ callback_creds_prompt(NULL, state,
+ "Enter the name and password of an account with permission to change a computer name in the domain.",
+ callback_do_storeauth_and_continue);
+ }
+
+ if (!state->account || !state->password) {
+ debug("callback_do_hostname_change: still no creds???\n");
+ return;
+ }
+
+ status = NetRenameMachineInDomain(state->target_hostname,
+ newname,
+ state->account,
+ state->password,
+ NETSETUP_ACCT_CREATE);
+ SAFE_FREE(newname);
+ /* we renamed the machine in the domain */
+ if (status == 0) {
+ return;
+ }
+ str = libnetapi_get_error_string(state->ctx, status);
+#else
+ str = "To be implemented: call NetRenameMachineInDomain\n";
+#endif
+ break;
+ }
+ case NetSetupWorkgroupName:
+ str = "To be implemented: call SetComputerNameEx\n";
+ break;
+ default:
+ break;
+ }
+
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_parent),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ "%s",str);
+
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_main));
+ g_signal_connect_swapped(dialog, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ dialog);
+ gtk_widget_show(dialog);
+}
+
+static void callback_creds_prompt(GtkWidget *widget,
+ gpointer data,
+ const char *label_string,
+ gpointer cont_fn)
+{
+ GtkWidget *window;
+ GtkWidget *box1;
+ GtkWidget *bbox;
+ GtkWidget *button;
+ GtkWidget *label;
+
+ struct join_state *state = (struct join_state *)data;
+
+ debug("callback_creds_prompt\n");
+
+ window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+ gtk_window_set_modal(GTK_WINDOW(window), TRUE);
+
+ gtk_window_set_title(GTK_WINDOW(window), "Computer Name Changes");
+ gtk_window_set_resizable(GTK_WINDOW(window), FALSE);
+ gtk_window_set_position(GTK_WINDOW(window), GTK_WIN_POS_CENTER);
+ gtk_widget_set_size_request(GTK_WIDGET(window), 380, 280);
+ gtk_window_set_icon_from_file(GTK_WINDOW(window), SAMBA_ICON_PATH, NULL);
+ gtk_window_set_transient_for(GTK_WINDOW(window), GTK_WINDOW(state->window_do_change));
+ gtk_window_set_position(GTK_WINDOW(window), GTK_WIN_POS_CENTER_ALWAYS);
+
+ g_signal_connect(G_OBJECT(window), "delete_event",
+ G_CALLBACK(callback_do_close_widget), NULL);
+
+ state->window_creds_prompt = window;
+ gtk_container_set_border_width(GTK_CONTAINER(window), 10);
+
+ box1 = gtk_vbox_new(FALSE, 0);
+
+ gtk_container_add(GTK_CONTAINER(window), box1);
+
+ label = gtk_label_new(label_string);
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_label_set_line_wrap(GTK_LABEL(label), TRUE);
+
+ gtk_box_pack_start(GTK_BOX(box1), label, FALSE, FALSE, 0);
+
+ gtk_widget_show(label);
+
+ /* USER NAME */
+ label = gtk_label_new("User name:");
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_box_pack_start(GTK_BOX(box1), label, FALSE, FALSE, 0);
+ gtk_widget_show(label);
+
+ state->entry_account = gtk_entry_new();
+ gtk_entry_set_max_length(GTK_ENTRY(state->entry_account), MAX_CRED_LEN);
+ g_signal_connect(G_OBJECT(state->entry_account), "activate",
+ G_CALLBACK(callback_return_username_and_enter),
+ (gpointer)state);
+ gtk_editable_select_region(GTK_EDITABLE(state->entry_account),
+ 0, GTK_ENTRY(state->entry_account)->text_length);
+ gtk_box_pack_start(GTK_BOX(box1), state->entry_account, TRUE, TRUE, 0);
+ gtk_widget_show(state->entry_account);
+
+ /* PASSWORD */
+ label = gtk_label_new("Password:");
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_box_pack_start(GTK_BOX(box1), label, FALSE, FALSE, 0);
+ gtk_widget_show(label);
+
+ state->entry_password = gtk_entry_new();
+ gtk_entry_set_max_length(GTK_ENTRY(state->entry_password), MAX_CRED_LEN);
+ gtk_entry_set_visibility(GTK_ENTRY(state->entry_password), FALSE);
+ g_signal_connect(G_OBJECT(state->entry_password), "activate",
+ G_CALLBACK(callback_return_password_and_enter),
+ (gpointer)state);
+ gtk_editable_set_editable(GTK_EDITABLE(state->entry_password), TRUE);
+ gtk_editable_select_region(GTK_EDITABLE(state->entry_password),
+ 0, GTK_ENTRY(state->entry_password)->text_length);
+ gtk_box_pack_start(GTK_BOX(box1), state->entry_password, TRUE, TRUE, 0);
+ gtk_widget_show(state->entry_password);
+
+ /* BUTTONS */
+ bbox = gtk_hbutton_box_new();
+ gtk_container_set_border_width(GTK_CONTAINER(bbox), 5);
+ gtk_container_add(GTK_CONTAINER(box1), bbox);
+ gtk_button_box_set_layout(GTK_BUTTON_BOX(bbox), GTK_BUTTONBOX_END);
+ gtk_box_set_spacing(GTK_BOX(bbox), 10);
+
+ state->button_ok_creds = gtk_button_new_from_stock(GTK_STOCK_OK);
+ gtk_widget_grab_focus(GTK_WIDGET(state->button_ok_creds));
+ gtk_container_add(GTK_CONTAINER(bbox), state->button_ok_creds);
+ g_signal_connect(G_OBJECT(state->button_ok_creds), "clicked",
+ G_CALLBACK(cont_fn),
+ (gpointer)state);
+ gtk_widget_show(state->button_ok_creds);
+
+ button = gtk_button_new_from_stock(GTK_STOCK_CANCEL);
+ gtk_container_add(GTK_CONTAINER(bbox), button);
+ g_signal_connect(G_OBJECT(button), "clicked",
+ G_CALLBACK(callback_do_freeauth),
+ (gpointer)state);
+ gtk_widget_show_all(window);
+}
+
+static void callback_do_join(GtkWidget *widget,
+ gpointer data)
+{
+ GtkWidget *dialog;
+
+ NET_API_STATUS status;
+ const char *err_str = NULL;
+ uint32_t join_flags = 0;
+ uint32_t unjoin_flags = 0;
+ gboolean domain_join = FALSE;
+ gboolean try_unjoin = FALSE;
+ gboolean join_creds_required = TRUE;
+ gboolean unjoin_creds_required = TRUE;
+ const char *new_workgroup_type = NULL;
+ const char *initial_workgroup_type = NULL;
+ const char *account_ou = NULL;
+
+ struct join_state *state = (struct join_state *)data;
+
+ if (state->hostname_changed) {
+ callback_do_hostname_change(NULL, state);
+ return;
+ }
+
+ switch (state->name_type_initial) {
+ case NetSetupWorkgroupName:
+ initial_workgroup_type = "workgroup";
+ break;
+ case NetSetupDomainName:
+ initial_workgroup_type = "domain";
+ break;
+ default:
+ break;
+ }
+
+ switch (state->name_type_new) {
+ case NetSetupWorkgroupName:
+ new_workgroup_type = "workgroup";
+ break;
+ case NetSetupDomainName:
+ new_workgroup_type = "domain";
+ break;
+ default:
+ break;
+ }
+
+ account_ou = gtk_combo_box_get_active_text(GTK_COMBO_BOX(state->entry_ou_list));
+ if (account_ou && strlen(account_ou) == 0) {
+ account_ou = NULL;
+ }
+
+ if ((state->name_type_initial != NetSetupDomainName) &&
+ (state->name_type_new != NetSetupDomainName)) {
+ join_creds_required = FALSE;
+ unjoin_creds_required = FALSE;
+ }
+
+ if (state->name_type_new == NetSetupDomainName) {
+ domain_join = TRUE;
+ join_creds_required = TRUE;
+ join_flags = NETSETUP_JOIN_DOMAIN |
+ NETSETUP_ACCT_CREATE |
+ NETSETUP_DOMAIN_JOIN_IF_JOINED; /* for testing */
+ }
+
+ if ((state->name_type_initial == NetSetupDomainName) &&
+ (state->name_type_new == NetSetupWorkgroupName)) {
+ try_unjoin = TRUE;
+ unjoin_creds_required = TRUE;
+ join_creds_required = FALSE;
+ unjoin_flags = NETSETUP_JOIN_DOMAIN |
+ NETSETUP_ACCT_DELETE |
+ NETSETUP_IGNORE_UNSUPPORTED_FLAGS;
+ }
+
+ if (try_unjoin) {
+
+ debug("callback_do_join: Unjoining\n");
+
+ if (unjoin_creds_required) {
+ if (!state->account || !state->password) {
+ debug("callback_do_join: no creds yet\n");
+ callback_creds_prompt(NULL, state,
+ "Enter the name and password of an account with permission to leave the domain.",
+ callback_do_storeauth_and_continue);
+ }
+
+ if (!state->account || !state->password) {
+ debug("callback_do_join: still no creds???\n");
+ return;
+ }
+ }
+
+ status = NetUnjoinDomain(state->target_hostname,
+ state->account,
+ state->password,
+ unjoin_flags);
+ if (status != 0) {
+ callback_do_freeauth(NULL, state);
+ err_str = libnetapi_get_error_string(state->ctx, status);
+ g_print("callback_do_join: failed to unjoin (%s)\n",
+ err_str);
+#if 0
+
+ /* in fact we shouldn't annoy the user with an error message here */
+
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_parent),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ "The following error occurred attempting to unjoin the %s: \"%s\": %s",
+ initial_workgroup_type,
+ state->name_buffer_initial,
+ err_str);
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+#endif
+ }
+
+ }
+
+ /* before prompting for creds, make sure we can find a dc */
+
+ if (domain_join) {
+
+ struct DOMAIN_CONTROLLER_INFO *dc_info = NULL;
+
+ status = DsGetDcName(NULL,
+ state->name_buffer_new,
+ NULL,
+ NULL,
+ 0,
+ &dc_info);
+ if (status != 0) {
+ err_str = libnetapi_get_error_string(state->ctx, status);
+ g_print("callback_do_join: failed find dc (%s)\n", err_str);
+
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_parent),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ "Failed to find a domain controller for domain: \"%s\": %s",
+ state->name_buffer_new,
+ err_str);
+
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_do_change));
+ g_signal_connect_swapped(dialog, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ dialog);
+
+ gtk_widget_show(dialog);
+
+ return;
+ }
+ }
+
+ if (join_creds_required) {
+ if (!state->account || !state->password) {
+ debug("callback_do_join: no creds yet\n");
+ callback_creds_prompt(NULL, state,
+ "Enter the name and password of an account with permission to join the domain.",
+ callback_do_storeauth_and_continue);
+ }
+
+ if (!state->account || !state->password) {
+ debug("callback_do_join: still no creds???\n");
+ return;
+ }
+ }
+
+ debug("callback_do_join: Joining a %s named %s using join_flags 0x%08x ",
+ new_workgroup_type,
+ state->name_buffer_new,
+ join_flags);
+ if (domain_join) {
+ debug("as %s ", state->account);
+#ifdef DEBUG_PASSWORD
+ debug("with %s ", state->password);
+#endif
+ }
+ debug("\n");
+
+ status = NetJoinDomain(state->target_hostname,
+ state->name_buffer_new,
+ account_ou,
+ state->account,
+ state->password,
+ join_flags);
+ if (status != 0) {
+ callback_do_freeauth(NULL, state);
+ err_str = libnetapi_get_error_string(state->ctx, status);
+ g_print("callback_do_join: failed to join (%s)\n", err_str);
+
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_parent),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ "The following error occurred attempting to join the %s: \"%s\": %s",
+ new_workgroup_type,
+ state->name_buffer_new,
+ err_str);
+
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_do_change));
+ g_signal_connect_swapped(dialog, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ dialog);
+
+ gtk_widget_show(dialog);
+
+ return;
+ }
+
+ debug("callback_do_join: Successfully joined %s\n",
+ new_workgroup_type);
+
+ callback_do_freeauth(NULL, state);
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_parent),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_INFO,
+ GTK_BUTTONS_OK,
+ "Welcome to the %s %s.",
+ state->name_buffer_new,
+ new_workgroup_type);
+
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_do_change));
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+
+ callback_do_reboot(NULL, state->window_parent, state);
+}
+
+static void callback_enter_hostname_and_unlock(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text = NULL;
+ char *str = NULL;
+ struct join_state *state = (struct join_state *)data;
+
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ debug("callback_enter_hostname_and_unlock: %s\n", entry_text);
+ if (!entry_text || entry_text[0] == 0) {
+ state->hostname_changed = FALSE;
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), FALSE);
+ gtk_label_set_text(GTK_LABEL(state->label_full_computer_name), "");
+ return;
+ }
+ if (strcasecmp(state->my_hostname, entry_text) == 0) {
+ state->hostname_changed = FALSE;
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), FALSE);
+ /* return; */
+ } else {
+ state->hostname_changed = TRUE;
+ }
+
+ if (state->name_type_initial == NetSetupDomainName) {
+ if (asprintf(&str, "%s.%s", entry_text, state->my_dnsdomain) == -1) {
+ return;
+ }
+ } else {
+ if (asprintf(&str, "%s.", entry_text) == -1) {
+ return;
+ }
+ }
+ gtk_label_set_text(GTK_LABEL(state->label_full_computer_name), str);
+ free(str);
+
+ if (state->hostname_changed && entry_text && entry_text[0] != 0 && entry_text[0] != '.') {
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), TRUE);
+ }
+}
+
+static void callback_enter_computer_description_and_unlock(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text = NULL;
+ struct join_state *state = (struct join_state *)data;
+ int string_unchanged = FALSE;
+
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ debug("callback_enter_computer_description_and_unlock: %s\n",
+ entry_text);
+#if 0
+ if (!entry_text || entry_text[0] == 0) {
+ string_unchanged = 1;
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_apply),
+ FALSE);
+ return;
+ }
+#endif
+ if (entry_text && state->comment && strcasecmp(state->comment, entry_text) == 0) {
+ string_unchanged = TRUE;
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_apply),
+ FALSE);
+ return;
+ }
+
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_apply), TRUE);
+ SAFE_FREE(state->comment_new);
+ state->comment_new = strdup(entry_text);
+
+}
+
+
+static void callback_enter_workgroup_and_unlock(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text = NULL;
+ struct join_state *state = (struct join_state *)data;
+
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ debug("callback_enter_workgroup_and_unlock: %s\n", entry_text);
+ if (!entry_text || entry_text[0] == 0) {
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), FALSE);
+ return;
+ }
+ if ((strcasecmp(state->name_buffer_initial, entry_text) == 0) &&
+ (state->name_type_initial == NetSetupWorkgroupName)) {
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), FALSE);
+ return;
+ }
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), TRUE);
+ SAFE_FREE(state->name_buffer_new);
+ state->name_buffer_new = strdup(entry_text);
+ state->name_type_new = NetSetupWorkgroupName;
+}
+
+static void callback_enter_domain_and_unlock(GtkWidget *widget,
+ gpointer data)
+{
+ const gchar *entry_text = NULL;
+ struct join_state *state = (struct join_state *)data;
+
+ entry_text = gtk_entry_get_text(GTK_ENTRY(widget));
+ debug("callback_enter_domain_and_unlock: %s\n", entry_text);
+ if (!entry_text || entry_text[0] == 0) {
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), FALSE);
+ return;
+ }
+ if ((strcasecmp(state->name_buffer_initial, entry_text) == 0) &&
+ (state->name_type_initial == NetSetupDomainName)) {
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), FALSE);
+ return;
+ }
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), TRUE);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_ou_list), TRUE);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_get_ous), TRUE);
+ SAFE_FREE(state->name_buffer_new);
+ state->name_buffer_new = strdup(entry_text);
+ state->name_type_new = NetSetupDomainName;
+}
+
+static void callback_apply_continue(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+
+ gtk_widget_grab_focus(GTK_WIDGET(state->button_apply));
+ g_signal_emit_by_name(state->button_apply, "clicked");
+}
+
+static void callback_do_join_workgroup(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+ debug("callback_do_join_workgroup chosen\n");
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_workgroup), TRUE);
+ gtk_widget_grab_focus(GTK_WIDGET(state->entry_workgroup));
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_domain), FALSE);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_ou_list), FALSE);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_get_ous), FALSE);
+ callback_enter_workgroup_and_unlock(state->entry_workgroup, state); /* TEST */
+}
+
+static void callback_do_join_domain(GtkWidget *widget,
+ gpointer data)
+{
+ struct join_state *state = (struct join_state *)data;
+ debug("callback_do_join_domain chosen\n");
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_domain), TRUE);
+ gtk_widget_grab_focus(GTK_WIDGET(state->entry_domain));
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_workgroup), FALSE);
+ callback_enter_domain_and_unlock(state->entry_domain, state); /* TEST */
+}
+
+static void callback_do_getous(GtkWidget *widget,
+ gpointer data)
+{
+ NET_API_STATUS status;
+ uint32_t num_ous = 0;
+ const char **ous = NULL;
+ int i;
+ const char *domain = NULL;
+ struct DOMAIN_CONTROLLER_INFO *dc_info = NULL;
+ const char *err_str = NULL;
+ GtkWidget *dialog;
+
+ struct join_state *state = (struct join_state *)data;
+
+ debug("callback_do_getous called\n");
+
+ domain = state->name_buffer_new ? state->name_buffer_new : state->name_buffer_initial;
+
+ status = DsGetDcName(NULL,
+ domain,
+ NULL,
+ NULL,
+ 0,
+ &dc_info);
+ if (status != 0) {
+ err_str = libnetapi_get_error_string(state->ctx, status);
+ g_print("callback_do_getous: failed find dc (%s)\n", err_str);
+
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_parent),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_CLOSE,
+ "Failed to find a domain controller for domain: \"%s\": %s",
+ domain,
+ err_str);
+
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_do_change));
+ g_signal_connect_swapped(dialog, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ dialog);
+
+ gtk_widget_show(dialog);
+
+ return;
+ }
+
+ if (!state->account || !state->password) {
+ debug("callback_do_getous: no creds yet\n");
+ callback_creds_prompt(NULL, state,
+ "Enter the name and password of an account with permission to join the domain.",
+ callback_do_storeauth_and_scan);
+ }
+
+ if (!state->account || !state->password) {
+ debug("callback_do_getous: still no creds ???\n");
+ return;
+ }
+
+ status = NetGetJoinableOUs(state->target_hostname,
+ domain,
+ state->account,
+ state->password,
+ &num_ous, &ous);
+ if (status != NET_API_STATUS_SUCCESS) {
+ callback_do_freeauth(NULL, state);
+ debug("failed to call NetGetJoinableOUs: %s\n",
+ libnetapi_get_error_string(state->ctx, status));
+ dialog = gtk_message_dialog_new(NULL,
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_INFO,
+ GTK_BUTTONS_OK,
+ "Failed to query joinable OUs: %s",
+ libnetapi_get_error_string(state->ctx, status));
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(dialog), GTK_WINDOW(state->window_do_change));
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+ return;
+ }
+
+ for (i=0; i<state->stored_num_ous; i++) {
+ gtk_combo_box_remove_text(GTK_COMBO_BOX(state->entry_ou_list), 0);
+ }
+ for (i=0; i<num_ous && ous[i] != NULL; i++) {
+ gtk_combo_box_append_text(GTK_COMBO_BOX(state->entry_ou_list),
+ ous[i]);
+ }
+ NetApiBufferFree(ous);
+ state->stored_num_ous = num_ous;
+ gtk_combo_box_set_active(GTK_COMBO_BOX(state->entry_ou_list), num_ous-1);
+}
+
+static void callback_do_change(GtkWidget *widget,
+ gpointer data)
+{
+ GtkWidget *window;
+ GtkWidget *box1;
+ GtkWidget *bbox;
+ GtkWidget *button_workgroup;
+ GtkWidget *button_domain;
+ GtkWidget *button;
+ GtkWidget *label;
+ GtkWidget *frame_horz;
+ GtkWidget *vbox;
+ GtkWidget *entry;
+ GSList *group;
+
+ struct join_state *state = (struct join_state *)data;
+
+ debug("callback_do_change called\n");
+
+#if 0
+ /* FIXME: add proper warnings for Samba as a DC */
+ if (state->server_role == 3) {
+ GtkWidget *dialog;
+ callback_do_freeauth(NULL, state);
+ dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_main),
+ GTK_DIALOG_DESTROY_WITH_PARENT,
+ GTK_MESSAGE_ERROR,
+ GTK_BUTTONS_OK,
+ "Domain controller cannot be moved from one domain to another, they must first be demoted. Renaming this domain controller may cause it to become temporarily unavailable to users and computers. For information on renaming domain controllers, including alternate renaming methods, see Help and Support. To continue renaming this domain controller, click OK.");
+ gtk_window_set_modal(GTK_WINDOW(dialog), TRUE);
+ g_signal_connect_swapped(dialog, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ dialog);
+
+ gtk_widget_show(dialog);
+ return;
+ }
+#endif
+
+ state->button_ok = gtk_button_new_from_stock(GTK_STOCK_OK);
+ state->button_get_ous = gtk_button_new_with_label("Scan for joinable OUs");
+ window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+ gtk_window_set_modal(GTK_WINDOW(window), TRUE);
+
+ gtk_window_set_title(GTK_WINDOW(window), "Computer Name Changes");
+ gtk_window_set_resizable(GTK_WINDOW(window), FALSE);
+ gtk_widget_set_size_request(GTK_WIDGET(window), 480, 650);
+ gtk_window_set_icon_from_file(GTK_WINDOW(window), SAMBA_ICON_PATH, NULL);
+ gtk_window_set_transient_for(GTK_WINDOW(window), GTK_WINDOW(state->window_main));
+ gtk_window_set_position(GTK_WINDOW(window), GTK_WIN_POS_CENTER_ALWAYS);
+
+ g_signal_connect(G_OBJECT(window), "delete_event",
+ G_CALLBACK(callback_do_close_widget), NULL);
+
+ gtk_container_set_border_width(GTK_CONTAINER(window), 10);
+
+ box1 = gtk_vbox_new(FALSE, 0);
+ gtk_container_add(GTK_CONTAINER(window), box1);
+
+ label = gtk_label_new("You can change the name and membership of this computer. Changes may affect access to network resources.");
+ gtk_label_set_line_wrap(GTK_LABEL(label), TRUE);
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_box_pack_start(GTK_BOX(box1), label, TRUE, TRUE, 0);
+ gtk_widget_show(label);
+
+ /* COMPUTER NAME */
+ label = gtk_label_new("Computer name:");
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_box_pack_start(GTK_BOX(box1), label, TRUE, TRUE, 0);
+ gtk_widget_show(label);
+
+ state->label_full_computer_name = gtk_label_new(NULL);
+ {
+ entry = gtk_entry_new();
+ gtk_entry_set_max_length(GTK_ENTRY(entry), MAX_NETBIOS_NAME_LEN);
+ g_signal_connect(G_OBJECT(entry), "changed",
+ G_CALLBACK(callback_enter_hostname_and_unlock),
+ (gpointer)state);
+ gtk_entry_set_text(GTK_ENTRY(entry), state->my_hostname);
+ gtk_editable_select_region(GTK_EDITABLE(entry),
+ 0, GTK_ENTRY(entry)->text_length);
+
+ gtk_editable_set_editable(GTK_EDITABLE(entry), TRUE); /* ! */
+ gtk_box_pack_start(GTK_BOX(box1), entry, TRUE, TRUE, 0);
+ gtk_widget_show(entry);
+ }
+
+ /* FULL COMPUTER NAME */
+ label = gtk_label_new("Full computer name:");
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_box_pack_start(GTK_BOX(box1), label, TRUE, TRUE, 0);
+ gtk_widget_show(label);
+
+ {
+ const gchar *entry_text;
+ char *str = NULL;
+ entry_text = gtk_entry_get_text(GTK_ENTRY(entry));
+ if (state->name_type_initial == NetSetupDomainName) {
+ if (asprintf(&str, "%s.%s", entry_text,
+ state->my_dnsdomain) == -1) {
+ return;
+ }
+ } else {
+ if (asprintf(&str, "%s.", entry_text) == -1) {
+ return;
+ }
+ }
+ gtk_label_set_text(GTK_LABEL(state->label_full_computer_name),
+ str);
+ free(str);
+ gtk_misc_set_alignment(GTK_MISC(state->label_full_computer_name), 0, 0);
+ gtk_box_pack_start(GTK_BOX(box1),
+ state->label_full_computer_name, TRUE, TRUE, 0);
+ gtk_widget_show(state->label_full_computer_name);
+ }
+
+ /* BOX */
+ frame_horz = gtk_frame_new ("Member Of");
+ gtk_box_pack_start(GTK_BOX(box1), frame_horz, TRUE, TRUE, 10);
+
+ vbox = gtk_vbox_new(FALSE, 0);
+ gtk_container_set_border_width(GTK_CONTAINER(vbox), 10);
+ gtk_container_add(GTK_CONTAINER(frame_horz), vbox);
+
+ /* TWO ENTRIES */
+ state->entry_workgroup = gtk_entry_new();
+ state->entry_domain = gtk_entry_new();
+
+ /* DOMAIN */
+ button_domain = gtk_radio_button_new_with_label(NULL, "Domain");
+ if (state->name_type_initial == NetSetupDomainName) {
+ gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(button_domain), TRUE);
+ }
+ gtk_box_pack_start(GTK_BOX(vbox), button_domain, TRUE, TRUE, 0);
+ g_signal_connect(G_OBJECT(button_domain), "clicked",
+ G_CALLBACK(callback_do_join_domain),
+ (gpointer)state);
+
+ {
+ gtk_entry_set_max_length(GTK_ENTRY(state->entry_domain), 50);
+ g_signal_connect(G_OBJECT(state->entry_domain), "changed",
+ G_CALLBACK(callback_enter_domain_and_unlock),
+ (gpointer)state);
+ g_signal_connect(G_OBJECT(state->entry_domain), "activate",
+ G_CALLBACK(callback_continue),
+ (gpointer)state);
+ if (state->name_type_initial == NetSetupDomainName) {
+ gtk_entry_set_text(GTK_ENTRY(state->entry_domain),
+ state->name_buffer_initial);
+ gtk_widget_set_sensitive(state->entry_workgroup, FALSE);
+ gtk_widget_set_sensitive(state->entry_domain, TRUE);
+ }
+ gtk_editable_set_editable(GTK_EDITABLE(state->entry_domain), TRUE);
+ gtk_box_pack_start(GTK_BOX(vbox), state->entry_domain, TRUE, TRUE, 0);
+ gtk_widget_show(state->entry_domain);
+ }
+ gtk_widget_show(button_domain);
+
+ /* WORKGROUP */
+ group = gtk_radio_button_get_group(GTK_RADIO_BUTTON(button_domain));
+ button_workgroup = gtk_radio_button_new_with_label(group, "Workgroup");
+ if (state->name_type_initial == NetSetupWorkgroupName) {
+ gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(button_workgroup), TRUE);
+ }
+ gtk_box_pack_start(GTK_BOX(vbox), button_workgroup, TRUE, TRUE, 0);
+ g_signal_connect(G_OBJECT(button_workgroup), "clicked",
+ G_CALLBACK(callback_do_join_workgroup),
+ (gpointer)state);
+ {
+ gtk_entry_set_max_length(GTK_ENTRY(state->entry_workgroup),
+ MAX_NETBIOS_NAME_LEN);
+ g_signal_connect(G_OBJECT(state->entry_workgroup), "changed",
+ G_CALLBACK(callback_enter_workgroup_and_unlock),
+ (gpointer)state);
+ g_signal_connect(G_OBJECT(state->entry_workgroup), "activate",
+ G_CALLBACK(callback_continue),
+ (gpointer)state);
+
+ if (state->name_type_initial == NetSetupWorkgroupName) {
+ gtk_entry_set_text(GTK_ENTRY(state->entry_workgroup),
+ state->name_buffer_initial);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_domain), FALSE);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->entry_workgroup), TRUE);
+ }
+ gtk_box_pack_start(GTK_BOX(vbox), state->entry_workgroup, TRUE, TRUE, 0);
+ gtk_widget_show(state->entry_workgroup);
+ }
+ gtk_widget_show(button_workgroup);
+
+ /* Advanced Options */
+ frame_horz = gtk_frame_new("Advanced Options");
+ gtk_box_pack_start(GTK_BOX(box1), frame_horz, TRUE, TRUE, 10);
+
+ vbox = gtk_vbox_new(FALSE, 0);
+ gtk_container_set_border_width(GTK_CONTAINER(vbox), 10);
+ gtk_container_add(GTK_CONTAINER(frame_horz), vbox);
+
+ /* OUs */
+ gtk_container_add(GTK_CONTAINER(vbox), state->button_get_ous);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_get_ous), FALSE);
+ g_signal_connect(G_OBJECT(state->button_get_ous), "clicked",
+ G_CALLBACK(callback_do_getous),
+ (gpointer)state);
+
+ state->entry_ou_list = gtk_combo_box_entry_new_text();
+ gtk_widget_set_sensitive(state->entry_ou_list, FALSE);
+ if (state->name_type_initial == NetSetupWorkgroupName) {
+ gtk_widget_set_sensitive(state->entry_ou_list, FALSE);
+ gtk_widget_set_sensitive(state->button_get_ous, FALSE);
+ }
+ gtk_box_pack_start(GTK_BOX(vbox), state->entry_ou_list, TRUE, TRUE, 0);
+ gtk_widget_show(state->entry_ou_list);
+
+ {
+ state->label_winbind = gtk_check_button_new_with_label("Modify winbind configuration");
+ gtk_box_pack_start(GTK_BOX(vbox), state->label_winbind, TRUE, TRUE, 0);
+ gtk_widget_set_sensitive(state->label_winbind, FALSE);
+ }
+
+
+ /* BUTTONS */
+ bbox = gtk_hbutton_box_new();
+ gtk_container_set_border_width(GTK_CONTAINER(bbox), 5);
+ gtk_container_add(GTK_CONTAINER(box1), bbox);
+ gtk_button_box_set_layout(GTK_BUTTON_BOX(bbox), GTK_BUTTONBOX_END);
+ gtk_box_set_spacing(GTK_BOX(bbox), 10);
+
+ state->window_do_change = window;
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_ok), FALSE);
+ gtk_container_add(GTK_CONTAINER(bbox), state->button_ok);
+ g_signal_connect(G_OBJECT(state->button_ok), "clicked",
+ G_CALLBACK(callback_do_join),
+ (gpointer)state);
+
+ button = gtk_button_new_from_stock(GTK_STOCK_CANCEL);
+ gtk_container_add(GTK_CONTAINER(bbox), button);
+ g_signal_connect(G_OBJECT(button), "clicked",
+ G_CALLBACK(callback_do_freeauth_and_close),
+ (gpointer)state);
+
+ gtk_widget_show_all(window);
+}
+
+static void callback_do_about(GtkWidget *widget,
+ gpointer data)
+{
+ GdkPixbuf *logo;
+ GError *error = NULL;
+ GtkWidget *about;
+
+ struct join_state *state = (struct join_state *)data;
+
+ debug("callback_do_about called\n");
+
+ logo = gdk_pixbuf_new_from_file(SAMBA_IMAGE_PATH,
+ &error);
+ if (logo == NULL) {
+ g_print("failed to load logo from %s: %s\n",
+ SAMBA_IMAGE_PATH, error->message);
+ }
+
+ about = gtk_about_dialog_new();
+ gtk_about_dialog_set_name(GTK_ABOUT_DIALOG(about), "Samba");
+ gtk_about_dialog_set_version(GTK_ABOUT_DIALOG(about), "3.2.0pre3");
+ gtk_about_dialog_set_copyright(GTK_ABOUT_DIALOG(about),
+ "Copyright Andrew Tridgell and the Samba Team 1992-2008\n"
+ "Copyright Günther Deschner 2007-2008");
+ gtk_about_dialog_set_license(GTK_ABOUT_DIALOG(about), "GPLv3");
+ gtk_about_dialog_set_website(GTK_ABOUT_DIALOG(about), "http://www.samba.org");
+ gtk_about_dialog_set_website_label(GTK_ABOUT_DIALOG(about), "http://www.samba.org");
+ if (logo) {
+ gtk_about_dialog_set_logo(GTK_ABOUT_DIALOG(about), logo);
+ }
+ gtk_about_dialog_set_comments(GTK_ABOUT_DIALOG(about), "Samba gtk domain join utility");
+ gtk_window_set_modal(GTK_WINDOW(about), TRUE);
+ gtk_window_set_transient_for(GTK_WINDOW(about), GTK_WINDOW(state->window_main));
+ g_signal_connect_swapped(about, "response",
+ G_CALLBACK(gtk_widget_destroy),
+ about);
+
+ gtk_widget_show(about);
+}
+
+static int draw_main_window(struct join_state *state)
+{
+ GtkWidget *window;
+ GtkWidget *button;
+ GtkWidget *label;
+ GtkWidget *main_vbox;
+ GtkWidget *vbox;
+ GtkWidget *hbox;
+ GtkWidget *bbox;
+ GtkWidget *image;
+ GtkWidget *table;
+ GtkWidget *entry;
+ GdkPixbuf *icon;
+ GError *error = NULL;
+
+ icon = gdk_pixbuf_new_from_file(SAMBA_ICON_PATH,
+ &error);
+ if (icon == NULL) {
+ g_print("failed to load icon from %s : %s\n",
+ SAMBA_ICON_PATH, error->message);
+ }
+
+#if 1
+ image = gtk_image_new_from_file(SAMBA_IMAGE_PATH_SMALL);
+#else
+ image = gtk_image_new_from_file("/usr/share/pixmaps/redhat-system_settings.png");
+#endif
+ if (image == NULL) {
+ g_print("failed to load logo from %s : %s\n",
+ SAMBA_IMAGE_PATH_SMALL, error->message);
+ }
+
+ window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+ state->window_main = window;
+
+ gtk_window_set_title(GTK_WINDOW(window), "Samba - Join Domain dialogue");
+ gtk_widget_set_size_request(GTK_WIDGET(window), 600, 600);
+ gtk_window_set_resizable(GTK_WINDOW(window), FALSE);
+ gtk_window_set_icon_from_file(GTK_WINDOW(window), SAMBA_ICON_PATH, NULL);
+ gtk_window_set_position(GTK_WINDOW(window), GTK_WIN_POS_CENTER_ALWAYS);
+
+ g_signal_connect(G_OBJECT(window), "delete_event",
+ G_CALLBACK(callback_delete_event), NULL);
+
+ gtk_container_set_border_width(GTK_CONTAINER(window), 10);
+
+ main_vbox = gtk_vbox_new(FALSE, 10);
+ gtk_container_add(GTK_CONTAINER(window), main_vbox);
+
+#if 0
+ gtk_box_pack_start(GTK_BOX(main_vbox), image, TRUE, TRUE, 10);
+ gtk_widget_show(image);
+#endif
+ /* Hbox */
+ hbox = gtk_hbox_new(FALSE, 10);
+ gtk_container_add(GTK_CONTAINER(main_vbox), hbox);
+
+ {
+/* gtk_box_pack_start(GTK_BOX(main_vbox), image, TRUE, TRUE, 10); */
+/* gtk_misc_set_alignment(GTK_MISC(image), 0, 0); */
+ gtk_widget_set_size_request(GTK_WIDGET(image), 150, 40);
+ gtk_box_pack_start(GTK_BOX(hbox), image, FALSE, FALSE, 10);
+ gtk_widget_show(image);
+
+ /* Label */
+ label = gtk_label_new("Samba uses the following information to identify your computer on the network.");
+/* gtk_misc_set_alignment(GTK_MISC(label), 0, 0); */
+ gtk_widget_set_size_request(GTK_WIDGET(label), 400, 40);
+ gtk_label_set_line_wrap(GTK_LABEL(label), TRUE);
+ gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0);
+ gtk_widget_show(label);
+ }
+
+ gtk_widget_show(hbox);
+
+ vbox = gtk_vbox_new(FALSE, 0);
+ gtk_container_set_border_width(GTK_CONTAINER(vbox), 10);
+ gtk_container_add(GTK_CONTAINER(main_vbox), vbox);
+
+ /* Table */
+ table = gtk_table_new(6, 3, TRUE);
+ gtk_table_set_row_spacings(GTK_TABLE(table), 5);
+ gtk_table_set_col_spacings(GTK_TABLE(table), 5);
+ gtk_container_add(GTK_CONTAINER(vbox), table);
+
+ {
+ /* Label */
+ label = gtk_label_new("Computer description:");
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 0, 1, 0, 1);
+ gtk_widget_show(label);
+
+ state->button_apply = gtk_button_new_from_stock(GTK_STOCK_APPLY);
+
+ /* Entry */
+ entry = gtk_entry_new();
+ gtk_entry_set_max_length(GTK_ENTRY(entry), 256);
+
+ if (!state->target_hostname && state->uid != 0) {
+ gtk_widget_set_sensitive(GTK_WIDGET(entry), FALSE);
+ }
+ g_signal_connect(G_OBJECT(entry), "changed",
+ G_CALLBACK(callback_enter_computer_description_and_unlock),
+ state);
+ g_signal_connect(G_OBJECT(entry), "activate",
+ G_CALLBACK(callback_apply_continue),
+ (gpointer)state);
+
+ gtk_entry_set_text(GTK_ENTRY(entry), (char *)state->comment);
+ gtk_editable_set_editable(GTK_EDITABLE(entry), TRUE); /* ! */
+ gtk_table_attach_defaults(GTK_TABLE(table), entry, 1, 3, 0, 1);
+ gtk_widget_show(entry);
+ }
+
+ /* Label */
+ label = gtk_label_new("For example: \"Samba \%v\".");
+ gtk_label_set_line_wrap(GTK_LABEL(label), TRUE);
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 3, 1, 2);
+ gtk_widget_show(label);
+
+ /* Label */
+ label = gtk_label_new("Full computer name:");
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 0, 1, 2, 3);
+ gtk_widget_show(label);
+
+ {
+ /* Label */
+ char *str = NULL;
+ if (state->name_type_initial == NetSetupDomainName) {
+ if (asprintf(&str, "%s.%s", state->my_hostname,
+ state->my_dnsdomain) == -1) {
+ return -1;
+ }
+ } else {
+ if (asprintf(&str, "%s.", state->my_hostname) == -1) {
+ return -1;
+ }
+ }
+
+ label = gtk_label_new(str);
+ SAFE_FREE(str);
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 3, 2, 3);
+ gtk_widget_show(label);
+ }
+
+ /* Label */
+ if (state->name_type_initial == NetSetupDomainName) {
+ label = gtk_label_new("Domain:");
+ } else {
+ label = gtk_label_new("Workgroup:");
+ }
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 0, 1, 3, 4);
+ gtk_widget_show(label);
+ state->label_current_name_type = label;
+
+ /* Label */
+ label = gtk_label_new(state->name_buffer_initial);
+ gtk_misc_set_alignment(GTK_MISC(label), 0, 0);
+ gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 3, 3, 4);
+ gtk_widget_show(label);
+ state->label_current_name_buffer = label;
+
+ {
+ hbox = gtk_hbox_new(FALSE, 0);
+ gtk_container_add(GTK_CONTAINER(vbox), hbox);
+ label = gtk_label_new("To rename this computer or join a domain, click Change.");
+ gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0);
+
+
+ }
+
+ /* bbox */
+ bbox = gtk_hbutton_box_new();
+ gtk_container_set_border_width(GTK_CONTAINER(bbox), 5);
+ gtk_container_add(GTK_CONTAINER(hbox), bbox);
+ gtk_button_box_set_layout(GTK_BUTTON_BOX(bbox), GTK_BUTTONBOX_END);
+ gtk_box_set_spacing(GTK_BOX(bbox), 10);
+
+ button = gtk_button_new_with_mnemonic("Ch_ange");
+ g_signal_connect(G_OBJECT(button), "clicked",
+ G_CALLBACK(callback_do_change),
+ (gpointer)state);
+ gtk_box_pack_start(GTK_BOX(bbox), button, TRUE, TRUE, 0);
+ if (!state->target_hostname && state->uid != 0) {
+ gtk_widget_set_sensitive(GTK_WIDGET(button), FALSE);
+ }
+ gtk_widget_show(button);
+
+ /* Label (hidden) */
+ state->label_reboot = gtk_label_new(NULL);
+ gtk_label_set_line_wrap(GTK_LABEL(state->label_reboot), TRUE);
+ gtk_misc_set_alignment(GTK_MISC(state->label_reboot), 0, 0);
+ gtk_box_pack_start(GTK_BOX(vbox), state->label_reboot, TRUE, TRUE, 0);
+ if (!state->target_hostname && state->uid != 0) {
+ gtk_label_set_text(GTK_LABEL(state->label_reboot),
+ "You cannot change computer description as you're not running with root permissions");
+ }
+
+ gtk_widget_show(state->label_reboot);
+
+#if 0
+ gtk_box_pack_start(GTK_BOX(vbox),
+ create_bbox(window, TRUE, NULL, 10, 85, 20, GTK_BUTTONBOX_END),
+ TRUE, TRUE, 5);
+#endif
+ {
+
+ GtkWidget *frame;
+ GtkWidget *bbox2;
+ GtkWidget *button2;
+
+ frame = gtk_frame_new(NULL);
+ bbox2 = gtk_hbutton_box_new();
+
+ gtk_container_set_border_width(GTK_CONTAINER(bbox2), 5);
+ gtk_container_add(GTK_CONTAINER(frame), bbox2);
+
+ /* Set the appearance of the Button Box */
+ gtk_button_box_set_layout(GTK_BUTTON_BOX(bbox2), GTK_BUTTONBOX_END);
+ gtk_box_set_spacing(GTK_BOX(bbox2), 10);
+ /*gtk_button_box_set_child_size(GTK_BUTTON_BOX(bbox2), child_w, child_h);*/
+
+ button2 = gtk_button_new_from_stock(GTK_STOCK_OK);
+ gtk_container_add(GTK_CONTAINER(bbox2), button2);
+ g_signal_connect(G_OBJECT(button2), "clicked", G_CALLBACK(callback_do_exit), state);
+
+ button2 = gtk_button_new_from_stock(GTK_STOCK_CANCEL);
+ gtk_container_add(GTK_CONTAINER(bbox2), button2);
+ g_signal_connect(G_OBJECT(button2), "clicked",
+ G_CALLBACK(callback_delete_event),
+ window);
+
+ gtk_container_add(GTK_CONTAINER(bbox2), state->button_apply);
+ g_signal_connect(G_OBJECT(state->button_apply), "clicked",
+ G_CALLBACK(callback_apply_description_change),
+ state);
+ gtk_widget_set_sensitive(GTK_WIDGET(state->button_apply), FALSE);
+
+ button2 = gtk_button_new_from_stock(GTK_STOCK_ABOUT);
+ gtk_container_add(GTK_CONTAINER(bbox2), button2);
+ g_signal_connect(G_OBJECT(button2), "clicked",
+ G_CALLBACK(callback_do_about),
+ state);
+#if 0
+ button2 = gtk_button_new_from_stock(GTK_STOCK_HELP);
+ gtk_container_add(GTK_CONTAINER(bbox2), button2);
+ g_signal_connect(G_OBJECT(button2), "clicked",
+ G_CALLBACK(callback_do_about),
+ window);
+#endif
+ gtk_box_pack_start(GTK_BOX(vbox), frame, TRUE, TRUE, 5);
+ }
+
+ gtk_widget_show_all(window);
+
+ return 0;
+}
+
+static int init_join_state(struct join_state **state)
+{
+ struct join_state *s;
+
+ s = (struct join_state *)malloc(sizeof(struct join_state));
+ if (!s) {
+ return -1;
+ }
+
+ memset(s, '\0', sizeof(struct join_state));
+
+ *state = s;
+
+ return 0;
+}
+
+static NET_API_STATUS get_server_properties(struct join_state *state)
+{
+ struct SERVER_INFO_101 *info101 = NULL;
+ struct SERVER_INFO_1005 *info1005 = NULL;
+ NET_API_STATUS status;
+
+ status = NetServerGetInfo(state->target_hostname,
+ 101,
+ (uint8_t **)&info101);
+ if (status == 0) {
+ state->comment = strdup(info101->sv101_comment);
+ if (!state->comment) {
+ return -1;
+ }
+ SAFE_FREE(state->my_hostname);
+ state->my_hostname = strdup(info101->sv101_name);
+ if (!state->my_hostname) {
+ return -1;
+ }
+ NetApiBufferFree(info101);
+ return NET_API_STATUS_SUCCESS;
+ }
+
+ switch (status) {
+ case 124: /* WERR_INVALID_LEVEL */
+ case 50: /* WERR_NOT_SUPPORTED */
+ break;
+ default:
+ goto failed;
+ }
+
+ status = NetServerGetInfo(state->target_hostname,
+ 1005,
+ (uint8_t **)&info1005);
+ if (status == 0) {
+ state->comment = strdup(info1005->sv1005_comment);
+ if (!state->comment) {
+ return -1;
+ }
+ NetApiBufferFree(info1005);
+ return NET_API_STATUS_SUCCESS;
+ }
+
+ failed:
+ printf("NetServerGetInfo failed with: %s\n",
+ libnetapi_get_error_string(state->ctx, status));
+
+ return status;
+}
+
+static int initialize_join_state(struct join_state *state,
+ const char *debug_level,
+ const char *target_hostname,
+ const char *target_username)
+{
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status = 0;
+
+ status = libnetapi_init(&ctx);
+ if (status) {
+ return status;
+ }
+
+ if (debug_level) {
+ libnetapi_set_debuglevel(ctx, debug_level);
+ }
+
+ if (target_hostname) {
+ state->target_hostname = strdup(target_hostname);
+ if (!state->target_hostname) {
+ return -1;
+ }
+ }
+
+ if (target_username) {
+ char *puser = strdup(target_username);
+ char *p = NULL;
+
+ if ((p = strchr(puser,'%'))) {
+ size_t len;
+ *p = 0;
+ libnetapi_set_username(ctx, puser);
+ libnetapi_set_password(ctx, p+1);
+ len = strlen(p+1);
+ memset(strchr(target_username,'%')+1,'X',len);
+ } else {
+ libnetapi_set_username(ctx, puser);
+ }
+ free(puser);
+ }
+
+ {
+ char my_hostname[HOST_NAME_MAX];
+ const char *p = NULL;
+ struct hostent *hp = NULL;
+
+ if (gethostname(my_hostname, sizeof(my_hostname)) == -1) {
+ return -1;
+ }
+
+ p = strchr(my_hostname, '.');
+ if (p) {
+ my_hostname[strlen(my_hostname)-strlen(p)] = '\0';
+ }
+ state->my_hostname = strdup(my_hostname);
+ if (!state->my_hostname) {
+ return -1;
+ }
+ debug("state->my_hostname: %s\n", state->my_hostname);
+
+ hp = gethostbyname(my_hostname);
+ if (!hp || !hp->h_name || !*hp->h_name) {
+ return -1;
+ }
+
+ state->my_fqdn = strdup(hp->h_name);
+ if (!state->my_fqdn) {
+ return -1;
+ }
+ debug("state->my_fqdn: %s\n", state->my_fqdn);
+
+ p = strchr(state->my_fqdn, '.');
+ if (p) {
+ p++;
+ state->my_dnsdomain = strdup(p);
+ } else {
+ state->my_dnsdomain = strdup("");
+ }
+ if (!state->my_dnsdomain) {
+ return -1;
+ }
+ debug("state->my_dnsdomain: %s\n", state->my_dnsdomain);
+ }
+
+ {
+ const char *buffer = NULL;
+ uint16_t type = 0;
+ status = NetGetJoinInformation(state->target_hostname,
+ &buffer,
+ &type);
+ if (status != 0) {
+ printf("NetGetJoinInformation failed with: %s\n",
+ libnetapi_get_error_string(state->ctx, status));
+ return status;
+ }
+ debug("NetGetJoinInformation gave: %s and %d\n", buffer, type);
+ state->name_buffer_initial = strdup(buffer);
+ if (!state->name_buffer_initial) {
+ return -1;
+ }
+ state->name_type_initial = type;
+ NetApiBufferFree((void *)buffer);
+ }
+
+ status = get_server_properties(state);
+ if (status != 0) {
+ return -1;
+ }
+
+ state->uid = geteuid();
+
+ state->ctx = ctx;
+
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ GOptionContext *context = NULL;
+ static const char *debug_level = NULL;
+ static const char *target_hostname = NULL;
+ static const char *target_username = NULL;
+ struct join_state *state = NULL;
+ GError *error = NULL;
+ int ret = 0;
+
+ static GOptionEntry entries[] = {
+ { "debug", 'd', 0, G_OPTION_ARG_STRING, &debug_level, "Debug level (for samba)", "N" },
+ { "verbose", 'v', 0, G_OPTION_ARG_NONE, &verbose, "Verbose output", 0 },
+ { "target", 'S', 0, G_OPTION_ARG_STRING, &target_hostname, "Target hostname", 0 },
+ { "username", 'U', 0, G_OPTION_ARG_STRING, &target_username, "Target hostname", 0 },
+ { NULL }
+ };
+
+ context = g_option_context_new("- Samba domain join utility");
+ g_option_context_add_main_entries(context, entries, NULL);
+/* g_option_context_add_main_entries(context, entries, GETTEXT_PACKAGE); */
+ g_option_context_add_group(context, gtk_get_option_group(TRUE));
+ g_option_context_parse(context, &argc, &argv, &error);
+
+ gtk_init(&argc, &argv);
+ g_set_application_name("Samba");
+
+ ret = init_join_state(&state);
+ if (ret) {
+ return ret;
+ }
+
+ ret = initialize_join_state(state, debug_level,
+ target_hostname,
+ target_username);
+ if (ret) {
+ return ret;
+ }
+
+ draw_main_window(state);
+
+ gtk_main();
+
+ do_cleanup(state);
+
+ return 0;
+}
diff --git a/source3/lib/netapi/examples/netdomjoin-gui/samba.ico b/source3/lib/netapi/examples/netdomjoin-gui/samba.ico
new file mode 100755
index 0000000..b70c959
--- /dev/null
+++ b/source3/lib/netapi/examples/netdomjoin-gui/samba.ico
Binary files differ
diff --git a/source3/lib/netapi/examples/netlogon/netlogon_control.c b/source3/lib/netapi/examples/netlogon/netlogon_control.c
new file mode 100644
index 0000000..34361cd
--- /dev/null
+++ b/source3/lib/netapi/examples/netlogon/netlogon_control.c
@@ -0,0 +1,143 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * I_NetLogonControl query
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t function_code = NETLOGON_CONTROL_QUERY;
+ uint32_t level = 1;
+ uint8_t *buffer = NULL;
+ struct NETLOGON_INFO_1 *i1 = NULL;
+ struct NETLOGON_INFO_2 *i2 = NULL;
+ struct NETLOGON_INFO_3 *i3 = NULL;
+ struct NETLOGON_INFO_4 *i4 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("netlogon_control", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ function_code = atoi(poptGetArg(pc));
+ }
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* I_NetLogonControl */
+
+ status = I_NetLogonControl(hostname,
+ function_code,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("I_NetLogonControl failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ if (!buffer) {
+ goto out;
+ }
+
+ switch (level) {
+ case 1:
+ i1 = (struct NETLOGON_INFO_1 *)buffer;
+
+ printf("Flags: %x\n", i1->netlog1_flags);
+ printf("Connection Status Status = %d 0x%x %s\n",
+ i1->netlog1_pdc_connection_status,
+ i1->netlog1_pdc_connection_status,
+ libnetapi_errstr(i1->netlog1_pdc_connection_status));
+
+ break;
+ case 2:
+ i2 = (struct NETLOGON_INFO_2 *)buffer;
+
+ printf("Flags: %x\n", i2->netlog2_flags);
+ printf("Trusted DC Name %s\n", i2->netlog2_trusted_dc_name);
+ printf("Trusted DC Connection Status Status = %d 0x%x %s\n",
+ i2->netlog2_tc_connection_status,
+ i2->netlog2_tc_connection_status,
+ libnetapi_errstr(i2->netlog2_tc_connection_status));
+ printf("Trust Verification Status Status = %d 0x%x %s\n",
+ i2->netlog2_pdc_connection_status,
+ i2->netlog2_pdc_connection_status,
+ libnetapi_errstr(i2->netlog2_pdc_connection_status));
+
+ break;
+ case 3:
+ i3 = (struct NETLOGON_INFO_3 *)buffer;
+
+ printf("Flags: %x\n", i3->netlog1_flags);
+ printf("Logon Attempts: %d\n", i3->netlog3_logon_attempts);
+
+ break;
+ case 4:
+ i4 = (struct NETLOGON_INFO_4 *)buffer;
+
+ printf("Trusted DC Name %s\n", i4->netlog4_trusted_dc_name);
+ printf("Trusted Domain Name %s\n", i4->netlog4_trusted_domain_name);
+
+ break;
+ default:
+ break;
+ }
+
+ out:
+ NetApiBufferFree(buffer);
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/netlogon/netlogon_control2.c b/source3/lib/netapi/examples/netlogon/netlogon_control2.c
new file mode 100644
index 0000000..72315c9
--- /dev/null
+++ b/source3/lib/netapi/examples/netlogon/netlogon_control2.c
@@ -0,0 +1,147 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * I_NetLogonControl2 query
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t function_code = NETLOGON_CONTROL_QUERY;
+ uint32_t level = 1;
+ uint8_t *buffer = NULL;
+ struct NETLOGON_INFO_1 *i1 = NULL;
+ struct NETLOGON_INFO_2 *i2 = NULL;
+ struct NETLOGON_INFO_3 *i3 = NULL;
+ struct NETLOGON_INFO_4 *i4 = NULL;
+ char *domain = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("netlogon_control", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ function_code = atoi(poptGetArg(pc));
+ }
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ domain = strdup("TEST");
+
+ /* I_NetLogonControl2 */
+
+ status = I_NetLogonControl2(hostname,
+ function_code,
+ level,
+ (uint8_t *)domain,
+ &buffer);
+ if (status != 0) {
+ printf("I_NetLogonControl2 failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ if (!buffer) {
+ goto out;
+ }
+
+ switch (level) {
+ case 1:
+ i1 = (struct NETLOGON_INFO_1 *)buffer;
+
+ printf("Flags: %x\n", i1->netlog1_flags);
+ printf("Connection Status Status = %d 0x%x %s\n",
+ i1->netlog1_pdc_connection_status,
+ i1->netlog1_pdc_connection_status,
+ libnetapi_errstr(i1->netlog1_pdc_connection_status));
+
+ break;
+ case 2:
+ i2 = (struct NETLOGON_INFO_2 *)buffer;
+
+ printf("Flags: %x\n", i2->netlog2_flags);
+ printf("Trusted DC Name %s\n", i2->netlog2_trusted_dc_name);
+ printf("Trusted DC Connection Status Status = %d 0x%x %s\n",
+ i2->netlog2_tc_connection_status,
+ i2->netlog2_tc_connection_status,
+ libnetapi_errstr(i2->netlog2_tc_connection_status));
+ printf("Trust Verification Status Status = %d 0x%x %s\n",
+ i2->netlog2_pdc_connection_status,
+ i2->netlog2_pdc_connection_status,
+ libnetapi_errstr(i2->netlog2_pdc_connection_status));
+
+ break;
+ case 3:
+ i3 = (struct NETLOGON_INFO_3 *)buffer;
+
+ printf("Flags: %x\n", i3->netlog1_flags);
+ printf("Logon Attempts: %d\n", i3->netlog3_logon_attempts);
+
+ break;
+ case 4:
+ i4 = (struct NETLOGON_INFO_4 *)buffer;
+
+ printf("Trusted DC Name %s\n", i4->netlog4_trusted_dc_name);
+ printf("Trusted Domain Name %s\n", i4->netlog4_trusted_domain_name);
+
+ break;
+ default:
+ break;
+ }
+
+ out:
+ NetApiBufferFree(buffer);
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/netlogon/nltest.c b/source3/lib/netapi/examples/netlogon/nltest.c
new file mode 100644
index 0000000..2dd368f
--- /dev/null
+++ b/source3/lib/netapi/examples/netlogon/nltest.c
@@ -0,0 +1,677 @@
+/*
+ * Samba Unix/Linux SMB client library
+ * Distributed SMB/CIFS Server Management Utility
+ * Nltest netlogon testing tool
+ *
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+enum {
+ OPT_SERVER = 1,
+ OPT_DBFLAG,
+ OPT_SC_QUERY,
+ OPT_SC_RESET,
+ OPT_SC_VERIFY,
+ OPT_SC_CHANGE_PWD,
+ OPT_DSGETDC,
+ OPT_PDC,
+ OPT_DS,
+ OPT_DSP,
+ OPT_GC,
+ OPT_KDC,
+ OPT_TIMESERV,
+ OPT_GTIMESERV,
+ OPT_WS,
+ OPT_NETBIOS,
+ OPT_DNS,
+ OPT_IP,
+ OPT_FORCE,
+ OPT_WRITABLE,
+ OPT_AVOIDSELF,
+ OPT_LDAPONLY,
+ OPT_BACKG,
+ OPT_DS_6,
+ OPT_TRY_NEXT_CLOSEST_SITE,
+ OPT_SITE,
+ OPT_ACCOUNT,
+ OPT_RET_DNS,
+ OPT_RET_NETBIOS,
+ OPT_DSREGDNS
+};
+
+/****************************************************************
+****************************************************************/
+
+static void print_netlogon_info_result(uint32_t level,
+ uint8_t *buffer)
+{
+ struct NETLOGON_INFO_1 *i1 = NULL;
+ struct NETLOGON_INFO_2 *i2 = NULL;
+ struct NETLOGON_INFO_3 *i3 = NULL;
+ struct NETLOGON_INFO_4 *i4 = NULL;
+
+ if (!buffer) {
+ return;
+ }
+
+ switch (level) {
+ case 1:
+ i1 = (struct NETLOGON_INFO_1 *)buffer;
+
+ printf("Flags: %x\n", i1->netlog1_flags);
+ printf("Connection Status Status = %d 0x%x %s\n",
+ i1->netlog1_pdc_connection_status,
+ i1->netlog1_pdc_connection_status,
+ libnetapi_errstr(i1->netlog1_pdc_connection_status));
+
+ break;
+ case 2:
+ i2 = (struct NETLOGON_INFO_2 *)buffer;
+
+ printf("Flags: %x\n", i2->netlog2_flags);
+ printf("Trusted DC Name %s\n", i2->netlog2_trusted_dc_name);
+ printf("Trusted DC Connection Status Status = %d 0x%x %s\n",
+ i2->netlog2_tc_connection_status,
+ i2->netlog2_tc_connection_status,
+ libnetapi_errstr(i2->netlog2_tc_connection_status));
+ printf("Trust Verification Status Status = %d 0x%x %s\n",
+ i2->netlog2_pdc_connection_status,
+ i2->netlog2_pdc_connection_status,
+ libnetapi_errstr(i2->netlog2_pdc_connection_status));
+
+ break;
+ case 3:
+ i3 = (struct NETLOGON_INFO_3 *)buffer;
+
+ printf("Flags: %x\n", i3->netlog1_flags);
+ printf("Logon Attempts: %d\n", i3->netlog3_logon_attempts);
+
+ break;
+ case 4:
+ i4 = (struct NETLOGON_INFO_4 *)buffer;
+
+ printf("Trusted DC Name %s\n", i4->netlog4_trusted_dc_name);
+ printf("Trusted Domain Name %s\n", i4->netlog4_trusted_domain_name);
+
+ break;
+ default:
+ break;
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+static void print_dc_info_flags(uint32_t flags)
+{
+ if (flags & DS_PDC_FLAG)
+ printf("PDC ");
+ if (flags & DS_GC_FLAG)
+ printf("GC ");
+ if (flags & DS_DS_FLAG)
+ printf("DS ");
+ if (flags & DS_LDAP_FLAG)
+ printf("LDAP ");
+ if (flags & DS_KDC_FLAG)
+ printf("KDC ");
+ if (flags & DS_TIMESERV_FLAG)
+ printf("TIMESERV ");
+ if (flags & DS_GOOD_TIMESERV_FLAG)
+ printf("GTIMESERV ");
+ if (flags & DS_WRITABLE_FLAG)
+ printf("WRITABLE ");
+ if (flags & DS_DNS_FOREST_FLAG)
+ printf("DNS_FOREST ");
+ if (flags & DS_CLOSEST_FLAG)
+ printf("CLOSE_SITE ");
+ if (flags & DS_FULL_SECRET_DOMAIN_6_FLAG)
+ printf("FULL_SECRET ");
+ if (flags & DS_WS_FLAG)
+ printf("WS ");
+ if (flags & DS_DS_8_FLAG)
+ printf("DS_8 ");
+ printf("\n");
+}
+
+/****************************************************************
+****************************************************************/
+
+static void print_dc_info(struct DOMAIN_CONTROLLER_INFO *dc_info)
+{
+ if (dc_info->flags) {
+ printf(" DC: %s\n", dc_info->domain_controller_name);
+ printf(" Address: %s\n", dc_info->domain_controller_address);
+/* printf(" Dom Guid: %s\n", X(domain_guid)); */
+ printf(" Dom Name: %s\n", dc_info->domain_name);
+ printf(" Forest Name: %s\n", dc_info->dns_forest_name);
+ printf(" Dc Site Name: %s\n", dc_info->dc_site_name);
+ printf("Our Site Name: %s\n", dc_info->client_site_name);
+ printf(" Flags: ");
+ print_dc_info_flags(dc_info->flags);
+ } else {
+ printf(" DC: %s\n", dc_info->domain_controller_name);
+ printf(" Address: %s\n", dc_info->domain_controller_address);
+ printf(" Dom Name: %s\n", dc_info->domain_name);
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+int main(int argc, const char **argv)
+{
+ int opt;
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ char *opt_server = NULL;
+ char *opt_domain = NULL;
+ int opt_dbflag = 0;
+ int opt_pdc = 0;
+ int opt_ds = 0;
+ int opt_dsp = 0;
+ int opt_gc = 0;
+ int opt_kdc = 0;
+ int opt_timeserv = 0;
+ int opt_gtimeserv = 0;
+ int opt_ws = 0;
+ int opt_netbios = 0;
+ int opt_dns = 0;
+ int opt_ip = 0;
+ int opt_force = 0;
+ int opt_writable = 0;
+ int opt_avoidself = 0;
+ int opt_ldaponly = 0;
+ int opt_backg = 0;
+ int opt_ds_6 = 0;
+ int opt_try_next_closest_site = 0;
+ char *opt_site = NULL;
+ char *opt_account = NULL;
+ int opt_ret_dns = 0;
+ int opt_ret_netbios = 0;
+ int opt_dsregdns = 0;
+ uint32_t query_level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t flags = 0;
+ struct DOMAIN_CONTROLLER_INFO *dc_info = NULL;
+
+ poptContext pc;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ {
+ .longName = "server",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_server,
+ .val = OPT_SERVER,
+ .descrip = "Servername",
+ .argDescrip = "SERVER",
+ },
+ {
+ .longName = "dbflag",
+ .shortName = 0,
+ .argInfo = POPT_ARG_INT,
+ .arg = &opt_dbflag,
+ .val = OPT_DBFLAG,
+ .descrip = "New Debug Flag",
+ .argDescrip = "HEXFLAGS",
+ },
+ {
+ .longName = "sc_query",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_domain,
+ .val = OPT_SC_QUERY,
+ .descrip = "Query secure channel for domain on server",
+ .argDescrip = "DOMAIN",
+ },
+ {
+ .longName = "sc_reset",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_domain,
+ .val = OPT_SC_RESET,
+ .descrip = "Reset secure channel for domain on server to dcname",
+ .argDescrip = "DOMAIN",
+ },
+ {
+ .longName = "sc_verify",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_domain,
+ .val = OPT_SC_VERIFY,
+ .descrip = "Verify secure channel for domain on server",
+ .argDescrip = "DOMAIN",
+ },
+ {
+ .longName = "sc_change_pwd",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_domain,
+ .val = OPT_SC_CHANGE_PWD,
+ .descrip = "Change a secure channel password for domain on server",
+ .argDescrip = "DOMAIN",
+ },
+ {
+ .longName = "dsgetdc",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_domain,
+ .val = OPT_DSGETDC,
+ .descrip = "Call DsGetDcName",
+ .argDescrip = "DOMAIN",
+ },
+ {
+ .longName = "pdc",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_pdc,
+ .val = OPT_PDC,
+ .descrip = NULL,
+ },
+ {
+ .longName = "ds",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_ds,
+ .val = OPT_DS,
+ .descrip = NULL,
+ },
+ {
+ .longName = "dsp",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_dsp,
+ .val = OPT_DSP,
+ .descrip = NULL,
+ },
+ {
+ .longName = "gc",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_gc,
+ .val = OPT_GC,
+ .descrip = NULL,
+ },
+ {
+ .longName = "kdc",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_kdc,
+ .val = OPT_KDC,
+ .descrip = NULL,
+ },
+ {
+ .longName = "timeserv",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_timeserv,
+ .val = OPT_TIMESERV,
+ .descrip = NULL,
+ },
+ {
+ .longName = "gtimeserv",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_gtimeserv,
+ .val = OPT_GTIMESERV,
+ .descrip = NULL,
+ },
+ {
+ .longName = "ws",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_ws,
+ .val = OPT_WS,
+ .descrip = NULL,
+ },
+ {
+ .longName = "netbios",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_netbios,
+ .val = OPT_NETBIOS,
+ .descrip = NULL,
+ },
+ {
+ .longName = "dns",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_dns,
+ .val = OPT_DNS,
+ .descrip = NULL,
+ },
+ {
+ .longName = "ip",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_ip,
+ .val = OPT_IP,
+ .descrip = NULL,
+ },
+ {
+ .longName = "force",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_force,
+ .val = OPT_FORCE,
+ .descrip = NULL,
+ },
+ {
+ .longName = "writable",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_writable,
+ .val = OPT_WRITABLE,
+ .descrip = NULL,
+ },
+ {
+ .longName = "avoidself",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_avoidself,
+ .val = OPT_AVOIDSELF,
+ .descrip = NULL,
+ },
+ {
+ .longName = "ldaponly",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_ldaponly,
+ .val = OPT_LDAPONLY,
+ .descrip = NULL,
+ },
+ {
+ .longName = "backg",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_backg,
+ .val = OPT_BACKG,
+ .descrip = NULL,
+ },
+ {
+ .longName = "ds_6",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_ds_6,
+ .val = OPT_DS_6,
+ .descrip = NULL,
+ },
+ {
+ .longName = "try_next_closest_site",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_try_next_closest_site,
+ .val = OPT_TRY_NEXT_CLOSEST_SITE,
+ .descrip = NULL,
+ },
+ {
+ .longName = "site",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_site,
+ .val = OPT_SITE,
+ .descrip = "SITE",
+ },
+ {
+ .longName = "account",
+ .shortName = 0,
+ .argInfo = POPT_ARG_STRING,
+ .arg = &opt_account,
+ .val = OPT_ACCOUNT,
+ .descrip = "ACCOUNT",
+ },
+ {
+ .longName = "ret_dns",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_ret_dns,
+ .val = OPT_RET_DNS,
+ .descrip = NULL,
+ },
+ {
+ .longName = "ret_netbios",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_ret_netbios,
+ .val = OPT_RET_NETBIOS,
+ .descrip = NULL,
+ },
+ {
+ .longName = "dsregdns",
+ .shortName = 0,
+ .argInfo = POPT_ARG_NONE,
+ .arg = &opt_dsregdns,
+ .val = OPT_DSREGDNS,
+ .descrip = "Force registration of all DC-specific DNS records",
+ },
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("nltest", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "<options>");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (argc == 1) {
+ poptPrintHelp(pc, stderr, 0);
+ goto done;
+ }
+
+ poptResetContext(pc);
+
+ while ((opt = poptGetNextOpt(pc)) != -1) {
+ switch (opt) {
+
+ case OPT_SERVER:
+
+ if ((opt_server[0] == '/' && opt_server[1] == '/') ||
+ (opt_server[0] == '\\' && opt_server[1] == '\\')) {
+ opt_server += 2;
+ }
+
+ break;
+
+ case OPT_DBFLAG:
+ query_level = 1;
+ status = I_NetLogonControl2(opt_server,
+ NETLOGON_CONTROL_SET_DBFLAG,
+ query_level,
+ (uint8_t *)&opt_dbflag,
+ &buffer);
+ if (status != 0) {
+ fprintf(stderr, "I_NetlogonControl failed: Status = %d 0x%x %s\n",
+ status, status,
+ libnetapi_get_error_string(ctx, status));
+ goto done;
+ }
+
+ print_netlogon_info_result(query_level, buffer);
+
+ break;
+ case OPT_SC_QUERY:
+ query_level = 2;
+ status = I_NetLogonControl2(opt_server,
+ NETLOGON_CONTROL_TC_QUERY,
+ query_level,
+ (uint8_t *)opt_domain,
+ &buffer);
+ if (status != 0) {
+ fprintf(stderr, "I_NetlogonControl failed: Status = %d 0x%x %s\n",
+ status, status,
+ libnetapi_get_error_string(ctx, status));
+ goto done;
+ }
+
+ print_netlogon_info_result(query_level, buffer);
+
+ break;
+ case OPT_SC_VERIFY:
+ query_level = 2;
+ status = I_NetLogonControl2(opt_server,
+ NETLOGON_CONTROL_TC_VERIFY,
+ query_level,
+ (uint8_t *)opt_domain,
+ &buffer);
+ if (status != 0) {
+ fprintf(stderr, "I_NetlogonControl failed: Status = %d 0x%x %s\n",
+ status, status,
+ libnetapi_get_error_string(ctx, status));
+ goto done;
+ }
+
+ print_netlogon_info_result(query_level, buffer);
+
+ break;
+ case OPT_SC_RESET:
+ query_level = 2;
+ status = I_NetLogonControl2(opt_server,
+ NETLOGON_CONTROL_REDISCOVER,
+ query_level,
+ (uint8_t *)opt_domain,
+ &buffer);
+ if (status != 0) {
+ fprintf(stderr, "I_NetlogonControl failed: Status = %d 0x%x %s\n",
+ status, status,
+ libnetapi_get_error_string(ctx, status));
+ goto done;
+ }
+
+ print_netlogon_info_result(query_level, buffer);
+
+ break;
+ case OPT_SC_CHANGE_PWD:
+ query_level = 1;
+ status = I_NetLogonControl2(opt_server,
+ NETLOGON_CONTROL_CHANGE_PASSWORD,
+ query_level,
+ (uint8_t *)opt_domain,
+ &buffer);
+ if (status != 0) {
+ fprintf(stderr, "I_NetlogonControl failed: Status = %d 0x%x %s\n",
+ status, status,
+ libnetapi_get_error_string(ctx, status));
+ goto done;
+ }
+
+ print_netlogon_info_result(query_level, buffer);
+
+ break;
+ case OPT_DSREGDNS:
+ query_level = 1;
+ status = I_NetLogonControl2(opt_server,
+ NETLOGON_CONTROL_FORCE_DNS_REG,
+ query_level,
+ NULL,
+ &buffer);
+ if (status != 0) {
+ fprintf(stderr, "I_NetlogonControl failed: Status = %d 0x%x %s\n",
+ status, status,
+ libnetapi_get_error_string(ctx, status));
+ goto done;
+ }
+
+ print_netlogon_info_result(query_level, buffer);
+
+ break;
+ case OPT_DSGETDC:
+ if (opt_pdc)
+ flags |= DS_PDC_REQUIRED;
+ if (opt_ds)
+ flags |= DS_DIRECTORY_SERVICE_REQUIRED;
+ if (opt_dsp)
+ flags |= DS_DIRECTORY_SERVICE_PREFERRED;
+ if (opt_kdc)
+ flags |= DS_KDC_REQUIRED;
+ if (opt_timeserv)
+ flags |= DS_TIMESERV_REQUIRED;
+ if (opt_gtimeserv)
+ flags |= DS_GOOD_TIMESERV_PREFERRED;
+ if (opt_ws)
+ flags |= DS_WEB_SERVICE_REQUIRED;
+ if (opt_netbios)
+ flags |= DS_IS_FLAT_NAME;
+ if (opt_dns)
+ flags |= DS_IS_DNS_NAME;
+ if (opt_ip)
+ flags |= DS_IP_REQUIRED;
+ if (opt_force)
+ flags |= DS_FORCE_REDISCOVERY;
+ if (opt_writable)
+ flags |= DS_WRITABLE_REQUIRED;
+ if (opt_avoidself)
+ flags |= DS_AVOID_SELF;
+ if (opt_ldaponly)
+ flags |= DS_ONLY_LDAP_NEEDED;
+ if (opt_backg)
+ flags |= DS_BACKGROUND_ONLY;
+ if (opt_ds_6)
+ flags |= DS_DIRECTORY_SERVICE_6_REQUIRED;
+ if (opt_try_next_closest_site)
+ flags |= DS_TRY_NEXTCLOSEST_SITE;
+ if (opt_ret_dns)
+ flags |= DS_RETURN_DNS_NAME;
+ if (opt_ret_netbios)
+ flags |= DS_RETURN_FLAT_NAME;
+
+ status = DsGetDcName(opt_server,
+ opt_domain,
+ NULL, /* domain_guid */
+ opt_site,
+ flags,
+ &dc_info);
+ if (status != 0) {
+ fprintf(stderr, "DsGetDcName failed: Status = %d 0x%x %s\n",
+ status, status,
+ libnetapi_get_error_string(ctx, status));
+ goto done;
+ }
+
+ print_dc_info(dc_info);
+
+ break;
+ default:
+ continue;
+ }
+ }
+
+ printf("The command completed successfully\n");
+ status = 0;
+
+ done:
+
+ printf("\n");
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/server/remote_tod.c b/source3/lib/netapi/examples/server/remote_tod.c
new file mode 100644
index 0000000..7636f6a
--- /dev/null
+++ b/source3/lib/netapi/examples/server/remote_tod.c
@@ -0,0 +1,83 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetRemoteTOD query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ struct TIME_OF_DAY_INFO *tod = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("tod", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+
+ /* NetRemoteTOD */
+
+ status = NetRemoteTOD(hostname,
+ (uint8_t **)&tod);
+ if (status != 0) {
+ printf("NetRemoteTOD failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ } else {
+ printf("%d-%d-%d %d:%d:%d\n",
+ tod->tod_day, tod->tod_month, tod->tod_year,
+ tod->tod_hours, tod->tod_mins, tod->tod_secs);
+ NetApiBufferFree(tod);
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/server/server_getinfo.c b/source3/lib/netapi/examples/server/server_getinfo.c
new file mode 100644
index 0000000..7836faa
--- /dev/null
+++ b/source3/lib/netapi/examples/server/server_getinfo.c
@@ -0,0 +1,136 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetServerGetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 100;
+
+ struct SERVER_INFO_100 *i100;
+ struct SERVER_INFO_101 *i101;
+ struct SERVER_INFO_102 *i102;
+ struct SERVER_INFO_1005 *i1005;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("server_getinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetServerGetInfo */
+
+ status = NetServerGetInfo(hostname,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("NetServerGetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ switch (level) {
+ case 100:
+ i100 = (struct SERVER_INFO_100 *)buffer;
+ printf("platform id: %d\n", i100->sv100_platform_id);
+ printf("name: %s\n", i100->sv100_name);
+ break;
+ case 101:
+ i101 = (struct SERVER_INFO_101 *)buffer;
+ printf("platform id: %d\n", i101->sv101_platform_id);
+ printf("name: %s\n", i101->sv101_name);
+ printf("version major: %d\n", i101->sv101_version_major);
+ printf("version minor: %d\n", i101->sv101_version_minor);
+ printf("type: 0x%08x\n", i101->sv101_type);
+ printf("comment: %s\n", i101->sv101_comment);
+ break;
+ case 102:
+ i102 = (struct SERVER_INFO_102 *)buffer;
+ printf("platform id: %d\n", i102->sv102_platform_id);
+ printf("name: %s\n", i102->sv102_name);
+ printf("version major: %d\n", i102->sv102_version_major);
+ printf("version minor: %d\n", i102->sv102_version_minor);
+ printf("type: 0x%08x\n", i102->sv102_type);
+ printf("comment: %s\n", i102->sv102_comment);
+ printf("users: %d\n", i102->sv102_users);
+ printf("disc: %d\n", i102->sv102_disc);
+ printf("hidden: %d\n", i102->sv102_hidden);
+ printf("announce: %d\n", i102->sv102_announce);
+ printf("anndelta: %d\n", i102->sv102_anndelta);
+ printf("licenses: %d\n", i102->sv102_licenses);
+ printf("userpath: %s\n", i102->sv102_userpath);
+ break;
+ case 402:
+ break;
+ case 403:
+ break;
+ case 502:
+ break;
+ case 503:
+ break;
+ case 1005:
+ i1005 = (struct SERVER_INFO_1005 *)buffer;
+ printf("comment: %s\n", i1005->sv1005_comment);
+ break;
+ default:
+ break;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/share/share_add.c b/source3/lib/netapi/examples/share/share_add.c
new file mode 100644
index 0000000..760381a
--- /dev/null
+++ b/source3/lib/netapi/examples/share/share_add.c
@@ -0,0 +1,105 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShareAdd query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *sharename = NULL;
+ const char *path = NULL;
+ uint32_t parm_err = 0;
+
+ struct SHARE_INFO_2 i2;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("share_add", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname sharename path");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ sharename = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ path = poptGetArg(pc);
+
+ /* NetShareAdd */
+
+ i2.shi2_netname = sharename;
+ i2.shi2_type = 0;
+ i2.shi2_remark = "Test share created via NetApi";
+ i2.shi2_permissions = 0;
+ i2.shi2_max_uses = (uint32_t)-1;
+ i2.shi2_current_uses = 0;
+ i2.shi2_path = path;
+ i2.shi2_passwd = NULL;
+
+ status = NetShareAdd(hostname,
+ 2,
+ (uint8_t *)&i2,
+ &parm_err);
+ if (status != 0) {
+ printf("NetShareAdd failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/share/share_del.c b/source3/lib/netapi/examples/share/share_del.c
new file mode 100644
index 0000000..20e3ce5
--- /dev/null
+++ b/source3/lib/netapi/examples/share/share_del.c
@@ -0,0 +1,85 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShareDel query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *sharename = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("share_del", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname sharename");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ sharename = poptGetArg(pc);
+
+ /* NetShareDel */
+
+ status = NetShareDel(hostname,
+ sharename,
+ 0);
+ if (status != 0) {
+ printf("NetShareDel failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/share/share_enum.c b/source3/lib/netapi/examples/share/share_enum.c
new file mode 100644
index 0000000..b1f4043
--- /dev/null
+++ b/source3/lib/netapi/examples/share/share_enum.c
@@ -0,0 +1,142 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShareEnum query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int i;
+
+ struct SHARE_INFO_0 *i0 = NULL;
+ struct SHARE_INFO_1 *i1 = NULL;
+ struct SHARE_INFO_2 *i2 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("share_enum", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetShareEnum */
+
+ do {
+ status = NetShareEnum(hostname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ printf("total entries: %d\n", total_entries);
+ switch (level) {
+ case 0:
+ i0 = (struct SHARE_INFO_0 *)buffer;
+ break;
+ case 1:
+ i1 = (struct SHARE_INFO_1 *)buffer;
+ break;
+ case 2:
+ i2 = (struct SHARE_INFO_2 *)buffer;
+ break;
+ default:
+ break;
+ }
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ printf("#%d netname: %s\n", i, i0->shi0_netname);
+ i0++;
+ break;
+ case 1:
+ printf("#%d netname: %s\n", i, i1->shi1_netname);
+ printf("#%d type: %d\n", i, i1->shi1_type);
+ printf("#%d remark: %s\n", i, i1->shi1_remark);
+ i1++;
+ break;
+ case 2:
+ printf("#%d netname: %s\n", i, i2->shi2_netname);
+ printf("#%d type: %d\n", i, i2->shi2_type);
+ printf("#%d remark: %s\n", i, i2->shi2_remark);
+ printf("#%d permissions: %d\n", i, i2->shi2_permissions);
+ printf("#%d max users: %d\n", i, i2->shi2_max_uses);
+ printf("#%d current users: %d\n", i, i2->shi2_current_uses);
+ printf("#%d path: %s\n", i, i2->shi2_path);
+ printf("#%d password: %s\n", i, i2->shi2_passwd);
+ i2++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetShareEnum failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/share/share_getinfo.c b/source3/lib/netapi/examples/share/share_getinfo.c
new file mode 100644
index 0000000..479da5c
--- /dev/null
+++ b/source3/lib/netapi/examples/share/share_getinfo.c
@@ -0,0 +1,152 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShareGetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *sharename = NULL;
+ uint32_t level = 2;
+ uint8_t *buffer = NULL;
+
+ struct SHARE_INFO_0 *i0 = NULL;
+ struct SHARE_INFO_1 *i1 = NULL;
+ struct SHARE_INFO_2 *i2 = NULL;
+ struct SHARE_INFO_501 *i501 = NULL;
+ struct SHARE_INFO_1005 *i1005 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("share_getinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname sharename level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ sharename = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetShareGetInfo */
+
+ status = NetShareGetInfo(hostname,
+ sharename,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("NetShareGetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ switch (level) {
+ case 0:
+ i0 = (struct SHARE_INFO_0 *)buffer;
+ break;
+ case 1:
+ i1 = (struct SHARE_INFO_1 *)buffer;
+ break;
+ case 2:
+ i2 = (struct SHARE_INFO_2 *)buffer;
+ break;
+ case 501:
+ i501 = (struct SHARE_INFO_501 *)buffer;
+ break;
+ case 1005:
+ i1005 = (struct SHARE_INFO_1005 *)buffer;
+ break;
+
+ default:
+ break;
+ }
+
+ switch (level) {
+ case 0:
+ printf("netname: %s\n", i0->shi0_netname);
+ break;
+ case 1:
+ printf("netname: %s\n", i1->shi1_netname);
+ printf("type: %d\n", i1->shi1_type);
+ printf("remark: %s\n", i1->shi1_remark);
+ break;
+ case 2:
+ printf("netname: %s\n", i2->shi2_netname);
+ printf("type: %d\n", i2->shi2_type);
+ printf("remark: %s\n", i2->shi2_remark);
+ printf("permissions: %d\n", i2->shi2_permissions);
+ printf("max users: %d\n", i2->shi2_max_uses);
+ printf("current users: %d\n", i2->shi2_current_uses);
+ printf("path: %s\n", i2->shi2_path);
+ printf("password: %s\n", i2->shi2_passwd);
+ break;
+ case 501:
+ printf("netname: %s\n", i501->shi501_netname);
+ printf("type: %d\n", i501->shi501_type);
+ printf("remark: %s\n", i501->shi501_remark);
+ printf("flags: %d\n", i501->shi501_flags);
+ break;
+ case 1005:
+ printf("flags: %d\n", i1005->shi1005_flags);
+ break;
+ default:
+ break;
+ }
+ NetApiBufferFree(buffer);
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/share/share_setinfo.c b/source3/lib/netapi/examples/share/share_setinfo.c
new file mode 100644
index 0000000..f4748f4
--- /dev/null
+++ b/source3/lib/netapi/examples/share/share_setinfo.c
@@ -0,0 +1,105 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShareSetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *sharename = NULL;
+ const char *comment = "NetApi generated Share comment";
+ uint32_t level = 1004;
+ uint8_t *buffer = NULL;
+ uint32_t parm_err = 0;
+
+ struct SHARE_INFO_1004 i1004;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("share_setinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname sharename comment");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ sharename = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ comment = poptGetArg(pc);
+ }
+
+ /* NetShareSetInfo */
+ switch (level) {
+ case 1004:
+ i1004.shi1004_remark = comment;
+ buffer = (uint8_t *)&i1004;
+ break;
+ default:
+ break;
+ }
+
+ status = NetShareSetInfo(hostname,
+ sharename,
+ level,
+ buffer,
+ &parm_err);
+ if (status != 0) {
+ printf("NetShareSetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/shutdown/shutdown_abort.c b/source3/lib/netapi/examples/shutdown/shutdown_abort.c
new file mode 100644
index 0000000..8f24a7a
--- /dev/null
+++ b/source3/lib/netapi/examples/shutdown/shutdown_abort.c
@@ -0,0 +1,76 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShutdownAbort query
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("shutdown_abort", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ /* NetShutdownAbort */
+
+ status = NetShutdownAbort(hostname);
+ if (status != 0) {
+ printf("NetShutdownAbort failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/shutdown/shutdown_init.c b/source3/lib/netapi/examples/shutdown/shutdown_init.c
new file mode 100644
index 0000000..73d23bb
--- /dev/null
+++ b/source3/lib/netapi/examples/shutdown/shutdown_init.c
@@ -0,0 +1,94 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShutdownInit query
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *message = NULL;
+ uint32_t timeout = 30;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("shutdown_init", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname message timeout");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ message = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ timeout = atoi(poptGetArg(pc));
+
+ /* NetShutdownInit */
+
+ status = NetShutdownInit(hostname,
+ message,
+ timeout,
+ 1, /* close apps */
+ 1); /* reboot */
+ if (status != 0) {
+ printf("NetShutdownInit failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_add.c b/source3/lib/netapi/examples/user/user_add.c
new file mode 100644
index 0000000..5452f77
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_add.c
@@ -0,0 +1,103 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserAdd query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+ const char *password = NULL;
+ struct USER_INFO_1 info1;
+ uint32_t parm_error = 0;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_add", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username password");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ password = poptGetArg(pc);
+
+ /* NetUserAdd */
+
+ info1.usri1_name = username;
+ info1.usri1_password = password;
+ info1.usri1_password_age = 0;
+ info1.usri1_priv = 0;
+ info1.usri1_home_dir = NULL;
+ info1.usri1_comment = "User created using Samba NetApi Example code";
+ info1.usri1_flags = 0;
+ info1.usri1_script_path = NULL;
+
+ status = NetUserAdd(hostname,
+ 1,
+ (uint8_t *)&info1,
+ &parm_error);
+ if (status != 0) {
+ printf("NetUserAdd failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_chgpwd.c b/source3/lib/netapi/examples/user/user_chgpwd.c
new file mode 100644
index 0000000..8b37ec2
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_chgpwd.c
@@ -0,0 +1,99 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserChangePassword query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+ const char *old_password = NULL;
+ const char *new_password = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_chgpwd", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username old_password new_password");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ old_password = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ new_password = poptGetArg(pc);
+
+ /* NetUserChangePassword */
+
+ status = NetUserChangePassword(hostname,
+ username,
+ old_password,
+ new_password);
+ if (status != 0) {
+ printf("NetUserChangePassword failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_del.c b/source3/lib/netapi/examples/user/user_del.c
new file mode 100644
index 0000000..9cf28a9
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_del.c
@@ -0,0 +1,82 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserDel query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_del", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ /* NetUserDel */
+
+ status = NetUserDel(hostname, username);
+ if (status != 0) {
+ printf("NetUserDel failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_dispinfo.c b/source3/lib/netapi/examples/user/user_dispinfo.c
new file mode 100644
index 0000000..23024fe
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_dispinfo.c
@@ -0,0 +1,100 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetQueryDisplayInformation query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ void *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t idx = 0;
+ int i;
+
+ struct NET_DISPLAY_USER *user;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_dispinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ /* NetQueryDisplayInformation */
+
+ do {
+ status = NetQueryDisplayInformation(hostname,
+ 1,
+ idx,
+ 1000,
+ (uint32_t)-1,
+ &entries_read,
+ &buffer);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ user = (struct NET_DISPLAY_USER *)buffer;
+ for (i=0; i<entries_read; i++) {
+ printf("user %d: %s\n", i + idx,
+ user->usri1_name);
+ user++;
+ }
+ NetApiBufferFree(buffer);
+ }
+ idx += entries_read;
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetQueryDisplayInformation failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_enum.c b/source3/lib/netapi/examples/user/user_enum.c
new file mode 100644
index 0000000..cf77bf2
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_enum.c
@@ -0,0 +1,157 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserEnum query
+ * Copyright (C) Guenther Deschner 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ char *sid_str = NULL;
+ int i;
+
+ struct USER_INFO_0 *info0 = NULL;
+ struct USER_INFO_10 *info10 = NULL;
+ struct USER_INFO_20 *info20 = NULL;
+ struct USER_INFO_23 *info23 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_enum", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetUserEnum */
+
+ do {
+ status = NetUserEnum(hostname,
+ level,
+ FILTER_NORMAL_ACCOUNT,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+
+ switch (level) {
+ case 0:
+ info0 = (struct USER_INFO_0 *)buffer;
+ break;
+ case 10:
+ info10 = (struct USER_INFO_10 *)buffer;
+ break;
+ case 20:
+ info20 = (struct USER_INFO_20 *)buffer;
+ break;
+ case 23:
+ info23 = (struct USER_INFO_23 *)buffer;
+ break;
+ default:
+ break;
+ }
+
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ printf("#%d user: %s\n", i, info0->usri0_name);
+ info0++;
+ break;
+ case 10:
+ printf("#%d user: %s\n", i, info10->usri10_name);
+ printf("#%d comment: %s\n", i, info10->usri10_comment);
+ printf("#%d usr_comment: %s\n", i, info10->usri10_usr_comment);
+ printf("#%d full_name: %s\n", i, info10->usri10_full_name);
+ info10++;
+ break;
+ case 20:
+ printf("#%d user: %s\n", i, info20->usri20_name);
+ printf("#%d comment: %s\n", i, info20->usri20_comment);
+ printf("#%d flags: 0x%08x\n", i, info20->usri20_flags);
+ printf("#%d rid: %d\n", i, info20->usri20_user_id);
+ info20++;
+ break;
+ case 23:
+ printf("#%d user: %s\n", i, info23->usri23_name);
+ printf("#%d comment: %s\n", i, info23->usri23_comment);
+ printf("#%d flags: 0x%08x\n", i, info23->usri23_flags);
+ if (ConvertSidToStringSid(info23->usri23_user_sid,
+ &sid_str)) {
+ printf("#%d sid: %s\n", i, sid_str);
+ free(sid_str);
+ }
+ info23++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetUserEnum failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_getgroups.c b/source3/lib/netapi/examples/user/user_getgroups.c
new file mode 100644
index 0000000..939415e
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_getgroups.c
@@ -0,0 +1,133 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserGetGroups query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ int i;
+
+ struct GROUP_USERS_INFO_0 *info0 = NULL;
+ struct GROUP_USERS_INFO_1 *info1 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_getgroups", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetUserGetGroups */
+
+ do {
+ status = NetUserGetGroups(hostname,
+ username,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+
+ switch (level) {
+ case 0:
+ info0 = (struct GROUP_USERS_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct GROUP_USERS_INFO_1 *)buffer;
+ break;
+ default:
+ break;
+ }
+
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ printf("#%d group: %s\n", i, info0->grui0_name);
+ info0++;
+ break;
+ case 1:
+ printf("#%d group: %s\n", i, info1->grui1_name);
+ printf("#%d attributes: %d\n", i, info1->grui1_attributes);
+ info1++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetUserGetGroups failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_getinfo.c b/source3/lib/netapi/examples/user/user_getinfo.c
new file mode 100644
index 0000000..9e95260
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_getinfo.c
@@ -0,0 +1,293 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserGetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 0;
+ char *sid_str = NULL;
+ int i;
+
+ struct USER_INFO_0 *u0;
+ struct USER_INFO_1 *u1;
+ struct USER_INFO_2 *u2;
+ struct USER_INFO_3 *u3;
+ struct USER_INFO_4 *u4;
+ struct USER_INFO_10 *u10;
+ struct USER_INFO_11 *u11;
+ struct USER_INFO_20 *u20;
+ struct USER_INFO_23 *u23;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_getinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetUserGetInfo */
+
+ status = NetUserGetInfo(hostname,
+ username,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("NetUserGetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ switch (level) {
+ case 0:
+ u0 = (struct USER_INFO_0 *)buffer;
+ printf("name: %s\n", u0->usri0_name);
+ break;
+ case 1:
+ u1 = (struct USER_INFO_1 *)buffer;
+ printf("name: %s\n", u1->usri1_name);
+ printf("password: %s\n", u1->usri1_password);
+ printf("password_age: %d\n", u1->usri1_password_age);
+ printf("priv: %d\n", u1->usri1_priv);
+ printf("homedir: %s\n", u1->usri1_home_dir);
+ printf("comment: %s\n", u1->usri1_comment);
+ printf("flags: 0x%08x\n", u1->usri1_flags);
+ printf("script: %s\n", u1->usri1_script_path);
+ break;
+ case 2:
+ u2 = (struct USER_INFO_2 *)buffer;
+ printf("name: %s\n", u2->usri2_name);
+ printf("password: %s\n", u2->usri2_password);
+ printf("password_age: %d\n", u2->usri2_password_age);
+ printf("priv: %d\n", u2->usri2_priv);
+ printf("homedir: %s\n", u2->usri2_home_dir);
+ printf("comment: %s\n", u2->usri2_comment);
+ printf("flags: 0x%08x\n", u2->usri2_flags);
+ printf("script: %s\n", u2->usri2_script_path);
+ printf("auth flags: 0x%08x\n", u2->usri2_auth_flags);
+ printf("full name: %s\n", u2->usri2_full_name);
+ printf("user comment: %s\n", u2->usri2_usr_comment);
+ printf("user parameters: %s\n", u2->usri2_parms);
+ printf("workstations: %s\n", u2->usri2_workstations);
+ printf("last logon (seconds since jan. 1, 1970 GMT): %d\n",
+ u2->usri2_last_logon);
+ printf("last logoff (seconds since jan. 1, 1970 GMT): %d\n",
+ u2->usri2_last_logoff);
+ printf("account expires (seconds since jan. 1, 1970 GMT): %d\n",
+ u2->usri2_acct_expires);
+ printf("max storage: %d\n", u2->usri2_max_storage);
+ printf("units per week: %d\n", u2->usri2_units_per_week);
+ printf("logon hours:");
+ for (i=0; i<21; i++) {
+ printf(" %x", (uint8_t)u2->usri2_logon_hours[i]);
+ }
+ printf("\n");
+ printf("bad password count: %d\n", u2->usri2_bad_pw_count);
+ printf("logon count: %d\n", u2->usri2_num_logons);
+ printf("logon server: %s\n", u2->usri2_logon_server);
+ printf("country code: %d\n", u2->usri2_country_code);
+ printf("code page: %d\n", u2->usri2_code_page);
+ break;
+ case 3:
+ u3 = (struct USER_INFO_3 *)buffer;
+ printf("name: %s\n", u3->usri3_name);
+ printf("password_age: %d\n", u3->usri3_password_age);
+ printf("priv: %d\n", u3->usri3_priv);
+ printf("homedir: %s\n", u3->usri3_home_dir);
+ printf("comment: %s\n", u3->usri3_comment);
+ printf("flags: 0x%08x\n", u3->usri3_flags);
+ printf("script: %s\n", u3->usri3_script_path);
+ printf("auth flags: 0x%08x\n", u3->usri3_auth_flags);
+ printf("full name: %s\n", u3->usri3_full_name);
+ printf("user comment: %s\n", u3->usri3_usr_comment);
+ printf("user parameters: %s\n", u3->usri3_parms);
+ printf("workstations: %s\n", u3->usri3_workstations);
+ printf("last logon (seconds since jan. 1, 1970 GMT): %d\n",
+ u3->usri3_last_logon);
+ printf("last logoff (seconds since jan. 1, 1970 GMT): %d\n",
+ u3->usri3_last_logoff);
+ printf("account expires (seconds since jan. 1, 1970 GMT): %d\n",
+ u3->usri3_acct_expires);
+ printf("max storage: %d\n", u3->usri3_max_storage);
+ printf("units per week: %d\n", u3->usri3_units_per_week);
+ printf("logon hours:");
+ for (i=0; i<21; i++) {
+ printf(" %x", (uint8_t)u3->usri3_logon_hours[i]);
+ }
+ printf("\n");
+ printf("bad password count: %d\n", u3->usri3_bad_pw_count);
+ printf("logon count: %d\n", u3->usri3_num_logons);
+ printf("logon server: %s\n", u3->usri3_logon_server);
+ printf("country code: %d\n", u3->usri3_country_code);
+ printf("code page: %d\n", u3->usri3_code_page);
+ printf("user id: %d\n", u3->usri3_user_id);
+ printf("primary group id: %d\n", u3->usri3_primary_group_id);
+ printf("profile: %s\n", u3->usri3_profile);
+ printf("home dir drive: %s\n", u3->usri3_home_dir_drive);
+ printf("password expired: %d\n", u3->usri3_password_expired);
+ break;
+ case 4:
+ u4 = (struct USER_INFO_4 *)buffer;
+ printf("name: %s\n", u4->usri4_name);
+ printf("password: %s\n", u4->usri4_password);
+ printf("password_age: %d\n", u4->usri4_password_age);
+ printf("priv: %d\n", u4->usri4_priv);
+ printf("homedir: %s\n", u4->usri4_home_dir);
+ printf("comment: %s\n", u4->usri4_comment);
+ printf("flags: 0x%08x\n", u4->usri4_flags);
+ printf("script: %s\n", u4->usri4_script_path);
+ printf("auth flags: 0x%08x\n", u4->usri4_auth_flags);
+ printf("full name: %s\n", u4->usri4_full_name);
+ printf("user comment: %s\n", u4->usri4_usr_comment);
+ printf("user parameters: %s\n", u4->usri4_parms);
+ printf("workstations: %s\n", u4->usri4_workstations);
+ printf("last logon (seconds since jan. 1, 1970 GMT): %d\n",
+ u4->usri4_last_logon);
+ printf("last logoff (seconds since jan. 1, 1970 GMT): %d\n",
+ u4->usri4_last_logoff);
+ printf("account expires (seconds since jan. 1, 1970 GMT): %d\n",
+ u4->usri4_acct_expires);
+ printf("max storage: %d\n", u4->usri4_max_storage);
+ printf("units per week: %d\n", u4->usri4_units_per_week);
+ printf("logon hours:");
+ for (i=0; i<21; i++) {
+ printf(" %x", (uint8_t)u4->usri4_logon_hours[i]);
+ }
+ printf("\n");
+ printf("bad password count: %d\n", u4->usri4_bad_pw_count);
+ printf("logon count: %d\n", u4->usri4_num_logons);
+ printf("logon server: %s\n", u4->usri4_logon_server);
+ printf("country code: %d\n", u4->usri4_country_code);
+ printf("code page: %d\n", u4->usri4_code_page);
+ if (ConvertSidToStringSid(u4->usri4_user_sid,
+ &sid_str)) {
+ printf("user_sid: %s\n", sid_str);
+ free(sid_str);
+ }
+ printf("primary group id: %d\n", u4->usri4_primary_group_id);
+ printf("profile: %s\n", u4->usri4_profile);
+ printf("home dir drive: %s\n", u4->usri4_home_dir_drive);
+ printf("password expired: %d\n", u4->usri4_password_expired);
+ break;
+ case 10:
+ u10 = (struct USER_INFO_10 *)buffer;
+ printf("name: %s\n", u10->usri10_name);
+ printf("comment: %s\n", u10->usri10_comment);
+ printf("usr_comment: %s\n", u10->usri10_usr_comment);
+ printf("full_name: %s\n", u10->usri10_full_name);
+ break;
+ case 11:
+ u11 = (struct USER_INFO_11 *)buffer;
+ printf("name: %s\n", u11->usri11_name);
+ printf("comment: %s\n", u11->usri11_comment);
+ printf("user comment: %s\n", u11->usri11_usr_comment);
+ printf("full name: %s\n", u11->usri11_full_name);
+ printf("priv: %d\n", u11->usri11_priv);
+ printf("auth flags: 0x%08x\n", u11->usri11_auth_flags);
+ printf("password_age: %d\n", u11->usri11_password_age);
+ printf("homedir: %s\n", u11->usri11_home_dir);
+ printf("user parameters: %s\n", u11->usri11_parms);
+ printf("last logon (seconds since jan. 1, 1970 GMT): %d\n",
+ u11->usri11_last_logon);
+ printf("last logoff (seconds since jan. 1, 1970 GMT): %d\n",
+ u11->usri11_last_logoff);
+ printf("bad password count: %d\n", u11->usri11_bad_pw_count);
+ printf("logon count: %d\n", u11->usri11_num_logons);
+ printf("logon server: %s\n", u11->usri11_logon_server);
+ printf("country code: %d\n", u11->usri11_country_code);
+ printf("workstations: %s\n", u11->usri11_workstations);
+ printf("max storage: %d\n", u11->usri11_max_storage);
+ printf("units per week: %d\n", u11->usri11_units_per_week);
+ printf("logon hours:");
+ for (i=0; i<21; i++) {
+ printf(" %x", (uint8_t)u11->usri11_logon_hours[i]);
+ }
+ printf("\n");
+ printf("code page: %d\n", u11->usri11_code_page);
+ break;
+ case 20:
+ u20 = (struct USER_INFO_20 *)buffer;
+ printf("name: %s\n", u20->usri20_name);
+ printf("comment: %s\n", u20->usri20_comment);
+ printf("flags: 0x%08x\n", u20->usri20_flags);
+ printf("rid: %d\n", u20->usri20_user_id);
+ break;
+ case 23:
+ u23 = (struct USER_INFO_23 *)buffer;
+ printf("name: %s\n", u23->usri23_name);
+ printf("comment: %s\n", u23->usri23_comment);
+ printf("flags: 0x%08x\n", u23->usri23_flags);
+ if (ConvertSidToStringSid(u23->usri23_user_sid,
+ &sid_str)) {
+ printf("user_sid: %s\n", sid_str);
+ free(sid_str);
+ }
+ break;
+ default:
+ break;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_getlocalgroups.c b/source3/lib/netapi/examples/user/user_getlocalgroups.c
new file mode 100644
index 0000000..133104d
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_getlocalgroups.c
@@ -0,0 +1,122 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserGetLocalGroups query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t flags = 0;
+ int i;
+
+ struct LOCALGROUP_USERS_INFO_0 *info0 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_getlocalgroups", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ /* NetUserGetLocalGroups */
+
+ do {
+ status = NetUserGetLocalGroups(hostname,
+ username,
+ level,
+ flags,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+
+ switch (level) {
+ case 0:
+ info0 = (struct LOCALGROUP_USERS_INFO_0 *)buffer;
+ break;
+ default:
+ break;
+ }
+
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ printf("#%d group: %s\n", i, info0->lgrui0_name);
+ info0++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status != 0) {
+ printf("NetUserGetLocalGroups failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_modalsget.c b/source3/lib/netapi/examples/user/user_modalsget.c
new file mode 100644
index 0000000..4dcb41b
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_modalsget.c
@@ -0,0 +1,131 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserModalsGet query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 0;
+ char *sid_str = NULL;
+
+ struct USER_MODALS_INFO_0 *u0;
+ struct USER_MODALS_INFO_1 *u1;
+ struct USER_MODALS_INFO_2 *u2;
+ struct USER_MODALS_INFO_3 *u3;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_modalsget", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ /* NetUserModalsGet */
+
+ status = NetUserModalsGet(hostname,
+ level,
+ &buffer);
+ if (status != 0) {
+ printf("NetUserModalsGet failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ switch (level) {
+ case 0:
+ u0 = (struct USER_MODALS_INFO_0 *)buffer;
+ printf("min passwd len: %d character\n",
+ u0->usrmod0_min_passwd_len);
+ printf("max passwd age: %d (days)\n",
+ u0->usrmod0_max_passwd_age/86400);
+ printf("min passwd age: %d (days)\n",
+ u0->usrmod0_min_passwd_age/86400);
+ printf("force logoff: %d (seconds)\n",
+ u0->usrmod0_force_logoff);
+ printf("password history length: %d entries\n",
+ u0->usrmod0_password_hist_len);
+ break;
+ case 1:
+ u1 = (struct USER_MODALS_INFO_1 *)buffer;
+ printf("role: %d\n", u1->usrmod1_role);
+ printf("primary: %s\n", u1->usrmod1_primary);
+ break;
+ case 2:
+ u2 = (struct USER_MODALS_INFO_2 *)buffer;
+ printf("domain name: %s\n", u2->usrmod2_domain_name);
+ if (ConvertSidToStringSid(u2->usrmod2_domain_id,
+ &sid_str)) {
+ printf("domain sid: %s\n", sid_str);
+ free(sid_str);
+ }
+ break;
+ case 3:
+ u3 = (struct USER_MODALS_INFO_3 *)buffer;
+ printf("lockout duration: %d (seconds)\n",
+ u3->usrmod3_lockout_duration);
+ printf("lockout observation window: %d (seconds)\n",
+ u3->usrmod3_lockout_observation_window);
+ printf("lockout threshold: %d entries\n",
+ u3->usrmod3_lockout_threshold);
+ break;
+ default:
+ break;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_modalsset.c b/source3/lib/netapi/examples/user/user_modalsset.c
new file mode 100644
index 0000000..a5cdc44
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_modalsset.c
@@ -0,0 +1,132 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserModalsSet query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t level = 0;
+ uint32_t parm_err = 0;
+
+ struct USER_MODALS_INFO_0 u0;
+ struct USER_MODALS_INFO_1001 u1001;
+ struct USER_MODALS_INFO_1002 u1002;
+ struct USER_MODALS_INFO_1003 u1003;
+ struct USER_MODALS_INFO_1004 u1004;
+ struct USER_MODALS_INFO_1005 u1005;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_modalsset", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname level value");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (poptPeekArg(pc)) {
+ level = atoi(poptGetArg(pc));
+ }
+
+ switch (level) {
+ case 0:
+ u0.usrmod0_min_passwd_len = 0;
+ u0.usrmod0_max_passwd_age = (86400 * 30); /* once a month */
+ u0.usrmod0_min_passwd_age = 0;
+ u0.usrmod0_force_logoff = TIMEQ_FOREVER;
+ u0.usrmod0_password_hist_len = 0;
+ buffer = (uint8_t *)&u0;
+ break;
+ case 1:
+ case 2:
+ case 3:
+ break;
+ case 1001:
+ u1001.usrmod1001_min_passwd_len = 0;
+ buffer = (uint8_t *)&u1001;
+ break;
+ case 1002:
+ u1002.usrmod1002_max_passwd_age = 0;
+ buffer = (uint8_t *)&u1002;
+ break;
+ case 1003:
+ u1003.usrmod1003_min_passwd_age = (86400 * 30); /* once a month */
+ buffer = (uint8_t *)&u1003;
+ break;
+ case 1004:
+ u1004.usrmod1004_force_logoff = TIMEQ_FOREVER;
+ buffer = (uint8_t *)&u1004;
+ break;
+ case 1005:
+ u1005.usrmod1005_password_hist_len = 0;
+ buffer = (uint8_t *)&u1005;
+ break;
+ case 1006:
+ case 1007:
+ default:
+ break;
+ }
+
+ /* NetUserModalsSet */
+
+ status = NetUserModalsSet(hostname,
+ level,
+ buffer,
+ &parm_err);
+ if (status != 0) {
+ printf("NetUserModalsSet failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_setgroups.c b/source3/lib/netapi/examples/user/user_setgroups.c
new file mode 100644
index 0000000..de3ff22
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_setgroups.c
@@ -0,0 +1,144 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserSetGroups query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+ uint32_t level = 0;
+ uint8_t *buffer = NULL;
+ uint32_t num_entries = 0;
+ const char **names = NULL;
+ int i = 0;
+ size_t buf_size = 0;
+
+ struct GROUP_USERS_INFO_0 *g0 = NULL;
+ struct GROUP_USERS_INFO_1 *g1 = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_setgroups", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username group1 group2 ...");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+
+ names = poptGetArgs(pc);
+ for (i=0; names[i] != NULL; i++) {
+ num_entries++;
+ }
+
+ switch (level) {
+ case 0:
+ buf_size = sizeof(struct GROUP_USERS_INFO_0) * num_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g0);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<num_entries; i++) {
+ g0[i].grui0_name = names[i];
+ }
+
+ buffer = (uint8_t *)g0;
+ break;
+ case 1:
+ buf_size = sizeof(struct GROUP_USERS_INFO_1) * num_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g1);
+ if (status) {
+ printf("NetApiBufferAllocate failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ for (i=0; i<num_entries; i++) {
+ g1[i].grui1_name = names[i];
+ g1[i].grui1_attributes = 0; /* ? */
+ }
+
+ buffer = (uint8_t *)g1;
+ break;
+ default:
+ break;
+ }
+
+ /* NetUserSetGroups */
+
+ status = NetUserSetGroups(hostname,
+ username,
+ level,
+ buffer,
+ num_entries);
+ if (status != 0) {
+ printf("NetUserSetGroups failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ out:
+ NetApiBufferFree(buffer);
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/user/user_setinfo.c b/source3/lib/netapi/examples/user/user_setinfo.c
new file mode 100644
index 0000000..56c9822
--- /dev/null
+++ b/source3/lib/netapi/examples/user/user_setinfo.c
@@ -0,0 +1,200 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUserSetInfo query
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+ const char *username = NULL;
+ uint32_t level = 0;
+ uint32_t parm_err = 0;
+ uint8_t *buffer = NULL;
+ const char *val = NULL;
+
+ struct USER_INFO_0 u0;
+ struct USER_INFO_1003 u1003;
+ struct USER_INFO_1005 u1005;
+ struct USER_INFO_1006 u1006;
+ struct USER_INFO_1007 u1007;
+ struct USER_INFO_1008 u1008;
+ struct USER_INFO_1009 u1009;
+ struct USER_INFO_1010 u1010;
+ struct USER_INFO_1011 u1011;
+ struct USER_INFO_1012 u1012;
+ struct USER_INFO_1014 u1014;
+ struct USER_INFO_1017 u1017;
+ struct USER_INFO_1024 u1024;
+ struct USER_INFO_1051 u1051;
+ struct USER_INFO_1052 u1052;
+ struct USER_INFO_1053 u1053;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("user_setinfo", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname username level");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ username = poptGetArg(pc);
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ level = atoi(poptGetArg(pc));
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ val = poptGetArg(pc);
+
+ /* NetUserSetInfo */
+
+ switch (level) {
+ case 0:
+ u0.usri0_name = val;
+ buffer = (uint8_t *)&u0;
+ break;
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ break;
+ case 21:
+ break;
+ case 22:
+ break;
+ case 1003:
+ u1003.usri1003_password = val;
+ buffer = (uint8_t *)&u1003;
+ break;
+ case 1005:
+ u1005.usri1005_priv = atoi(val);
+ buffer = (uint8_t *)&u1005;
+ break;
+ case 1006:
+ u1006.usri1006_home_dir = val;
+ buffer = (uint8_t *)&u1006;
+ break;
+ case 1007:
+ u1007.usri1007_comment = val;
+ buffer = (uint8_t *)&u1007;
+ break;
+ case 1008:
+ u1008.usri1008_flags = atoi(val);
+ buffer = (uint8_t *)&u1008;
+ break;
+ case 1009:
+ u1009.usri1009_script_path = val;
+ buffer = (uint8_t *)&u1009;
+ break;
+ case 1010:
+ u1010.usri1010_auth_flags = atoi(val);
+ buffer = (uint8_t *)&u1010;
+ break;
+ case 1011:
+ u1011.usri1011_full_name = val;
+ buffer = (uint8_t *)&u1011;
+ break;
+ case 1012:
+ u1012.usri1012_usr_comment = val;
+ buffer = (uint8_t *)&u1012;
+ break;
+ case 1014:
+ u1014.usri1014_workstations = val;
+ buffer = (uint8_t *)&u1014;
+ break;
+ case 1017:
+ u1017.usri1017_acct_expires = atoi(val);
+ buffer = (uint8_t *)&u1017;
+ break;
+ case 1020:
+ break;
+ case 1024:
+ u1024.usri1024_country_code = atoi(val);
+ buffer = (uint8_t *)&u1024;
+ break;
+ case 1051:
+ u1051.usri1051_primary_group_id = atoi(val);
+ buffer = (uint8_t *)&u1051;
+ break;
+ case 1052:
+ u1052.usri1052_profile = val;
+ buffer = (uint8_t *)&u1052;
+ break;
+ case 1053:
+ u1053.usri1053_home_dir_drive = val;
+ buffer = (uint8_t *)&u1053;
+ break;
+ default:
+ break;
+ }
+
+ status = NetUserSetInfo(hostname,
+ username,
+ level,
+ buffer,
+ &parm_err);
+ if (status != 0) {
+ printf("NetUserSetInfo failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ goto out;
+ }
+
+ out:
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/examples/wscript_build b/source3/lib/netapi/examples/wscript_build
new file mode 100644
index 0000000..1d56840
--- /dev/null
+++ b/source3/lib/netapi/examples/wscript_build
@@ -0,0 +1,72 @@
+#!/usr/bin/env python
+
+# The remaining task is to build the gtk example, but we first need to find the gtk libs
+# netdomjoin-gui/netdomjoin-gui.c
+
+names = [
+ ("getdc", "getdc"),
+ ("dsgetdc", "dsgetdc"),
+ ("join", "netdomjoin"),
+ ("join", "getjoinableous"),
+ ("join", "getjoininformation"),
+ ("join", "rename_machine"),
+ ("join", "provision_computer_account"),
+ ("join", "request_offline_domain_join"),
+ ("join", "djoin"),
+ ("user", "user_add"),
+ ("user", "user_del"),
+ ("user", "user_enum"),
+ ("user", "user_dispinfo"),
+ ("user", "user_chgpwd"),
+ ("user", "user_getinfo"),
+ ("user", "user_setinfo"),
+ ("user", "user_modalsget"),
+ ("user", "user_modalsset"),
+ ("user", "user_getgroups"),
+ ("user", "user_setgroups"),
+ ("user", "user_getlocalgroups"),
+ ("group", "group_add"),
+ ("group", "group_del"),
+ ("group", "group_enum"),
+ ("group", "group_setinfo"),
+ ("group", "group_getinfo"),
+ ("group", "group_adduser"),
+ ("group", "group_deluser"),
+ ("group", "group_getusers"),
+ ("group", "group_setusers"),
+ ("localgroup", "localgroup_add"),
+ ("localgroup", "localgroup_del"),
+ ("localgroup", "localgroup_getinfo"),
+ ("localgroup", "localgroup_setinfo"),
+ ("localgroup", "localgroup_enum"),
+ ("localgroup", "localgroup_addmembers"),
+ ("localgroup", "localgroup_delmembers"),
+ ("localgroup", "localgroup_setmembers"),
+ ("localgroup", "localgroup_getmembers"),
+ ("server", "remote_tod"),
+ ("server", "server_getinfo"),
+ ("share", "share_add"),
+ ("share", "share_del"),
+ ("share", "share_enum"),
+ ("share", "share_getinfo"),
+ ("share", "share_setinfo"),
+ ("file", "file_close"),
+ ("file", "file_getinfo"),
+ ("file", "file_enum"),
+ ("shutdown", "shutdown_init"),
+ ("shutdown", "shutdown_abort"),
+ ("netlogon", "netlogon_control"),
+ ("netlogon", "netlogon_control2"),
+ ("netlogon", "nltest")]
+
+
+bld.SAMBA_SUBSYSTEM('LIBNETAPI_EXAMPLES_COMMON',
+ source='common.c',
+ deps='netapi popt')
+
+for pattern in names:
+ (subdir, name) = pattern
+ bld.SAMBA_BINARY('%s/%s' % (subdir, name),
+ source='%s/%s.c' % (subdir, name),
+ deps='netapi popt LIBNETAPI_EXAMPLES_COMMON',
+ install=False)
diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c
new file mode 100644
index 0000000..411747a
--- /dev/null
+++ b/source3/lib/netapi/file.c
@@ -0,0 +1,283 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi File Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "../librpc/gen_ndr/ndr_srvsvc_c.h"
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
+ struct NetFileClose *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetFileClose(b, talloc_tos(),
+ r->in.server_name,
+ r->in.fileid,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetFileClose_l(struct libnetapi_ctx *ctx,
+ struct NetFileClose *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetFileClose);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS map_srvsvc_FileInfo_to_FILE_INFO_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ union srvsvc_NetFileInfo *info,
+ uint8_t **buffer,
+ uint32_t *num_entries)
+{
+ struct FILE_INFO_2 i2;
+ struct FILE_INFO_3 i3;
+
+ switch (level) {
+ case 2:
+ i2.fi2_id = info->info2->fid;
+
+ ADD_TO_ARRAY(mem_ctx, struct FILE_INFO_2, i2,
+ (struct FILE_INFO_2 **)buffer,
+ num_entries);
+ break;
+ case 3:
+ i3.fi3_id = info->info3->fid;
+ i3.fi3_permissions = info->info3->permissions;
+ i3.fi3_num_locks = info->info3->num_locks;
+ i3.fi3_pathname = talloc_strdup(mem_ctx, info->info3->path);
+ i3.fi3_username = talloc_strdup(mem_ctx, info->info3->user);
+
+ NT_STATUS_HAVE_NO_MEMORY(i3.fi3_pathname);
+ NT_STATUS_HAVE_NO_MEMORY(i3.fi3_username);
+
+ ADD_TO_ARRAY(mem_ctx, struct FILE_INFO_3, i3,
+ (struct FILE_INFO_3 **)buffer,
+ num_entries);
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetFileGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetFileGetInfo *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ union srvsvc_NetFileInfo info;
+ uint32_t num_entries = 0;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 2:
+ case 3:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetFileGetInfo(b, talloc_tos(),
+ r->in.server_name,
+ r->in.fileid,
+ r->in.level,
+ &info,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = map_srvsvc_FileInfo_to_FILE_INFO_buffer(ctx,
+ r->in.level,
+ &info,
+ r->out.buffer,
+ &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetFileGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetFileGetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetFileGetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetFileEnum_r(struct libnetapi_ctx *ctx,
+ struct NetFileEnum *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ struct srvsvc_NetFileInfoCtr info_ctr;
+ struct srvsvc_NetFileCtr2 ctr2;
+ struct srvsvc_NetFileCtr3 ctr3;
+ uint32_t num_entries = 0;
+ uint32_t i;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 2:
+ case 3:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ ZERO_STRUCT(info_ctr);
+
+ info_ctr.level = r->in.level;
+ switch (r->in.level) {
+ case 2:
+ ZERO_STRUCT(ctr2);
+ info_ctr.ctr.ctr2 = &ctr2;
+ break;
+ case 3:
+ ZERO_STRUCT(ctr3);
+ info_ctr.ctr.ctr3 = &ctr3;
+ break;
+ }
+
+ status = dcerpc_srvsvc_NetFileEnum(b, talloc_tos(),
+ r->in.server_name,
+ r->in.base_path,
+ r->in.user_name,
+ &info_ctr,
+ r->in.prefmaxlen,
+ r->out.total_entries,
+ r->out.resume_handle,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr) && !W_ERROR_EQUAL(werr, WERR_MORE_DATA)) {
+ goto done;
+ }
+
+ for (i=0; i < info_ctr.ctr.ctr2->count; i++) {
+ union srvsvc_NetFileInfo _i = {0};
+ switch (r->in.level) {
+ case 2:
+ _i.info2 = &info_ctr.ctr.ctr2->array[i];
+ break;
+ case 3:
+ _i.info3 = &info_ctr.ctr.ctr3->array[i];
+ break;
+ }
+
+ status = map_srvsvc_FileInfo_to_FILE_INFO_buffer(ctx,
+ r->in.level,
+ &_i,
+ r->out.buffer,
+ &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ if (r->out.entries_read) {
+ *r->out.entries_read = num_entries;
+ }
+
+ if (r->out.total_entries) {
+ *r->out.total_entries = num_entries;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetFileEnum_l(struct libnetapi_ctx *ctx,
+ struct NetFileEnum *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetFileEnum);
+}
diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
new file mode 100644
index 0000000..7e5fab3
--- /dev/null
+++ b/source3/lib/netapi/getdc.c
@@ -0,0 +1,212 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi GetDC Support
+ * Copyright (C) Guenther Deschner 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "../librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "libsmb/dsgetdcname.h"
+
+/********************************************************************
+********************************************************************/
+
+WERROR NetGetDCName_l(struct libnetapi_ctx *ctx,
+ struct NetGetDCName *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGetDCName);
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
+ struct NetGetDCName *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ struct dcerpc_binding_handle *b;
+ const char *dcname;
+ void *buffer;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_netlogon,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_netr_GetDcName(b, talloc_tos(),
+ r->in.server_name,
+ r->in.domain_name,
+ &dcname,
+ &werr);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ if (NetApiBufferAllocate(strlen_m_term(dcname), &buffer)) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+ memcpy(buffer, dcname, strlen_m_term(dcname));
+ *r->out.buffer = buffer;
+ done:
+
+ return werr;
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR NetGetAnyDCName_l(struct libnetapi_ctx *ctx,
+ struct NetGetAnyDCName *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGetAnyDCName);
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx,
+ struct NetGetAnyDCName *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ struct dcerpc_binding_handle *b;
+ const char *dcname;
+ void *buffer;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_netlogon,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_netr_GetAnyDCName(b, talloc_tos(),
+ r->in.server_name,
+ r->in.domain_name,
+ &dcname,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ if (NetApiBufferAllocate(strlen_m_term(dcname), &buffer)) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+ memcpy(buffer, dcname, strlen_m_term(dcname));
+ *r->out.buffer = buffer;
+
+ done:
+
+ return werr;
+
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR DsGetDcName_l(struct libnetapi_ctx *ctx,
+ struct DsGetDcName *r)
+{
+ NTSTATUS status;
+ struct libnetapi_private_ctx *priv;
+
+ priv = talloc_get_type_abort(ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ status = dsgetdcname(ctx,
+ priv->msg_ctx,
+ r->in.domain_name,
+ r->in.domain_guid,
+ r->in.site_name,
+ r->in.flags,
+ (struct netr_DsRGetDCNameInfo **)r->out.dc_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnetapi_set_error_string(ctx,
+ "failed to find DC: %s",
+ get_friendly_nt_error_msg(status));
+ }
+
+ return ntstatus_to_werror(status);
+}
+
+/********************************************************************
+********************************************************************/
+
+WERROR DsGetDcName_r(struct libnetapi_ctx *ctx,
+ struct DsGetDcName *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_netlogon,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_netr_DsRGetDCNameEx(b,
+ ctx,
+ r->in.server_name,
+ r->in.domain_name,
+ r->in.domain_guid,
+ r->in.site_name,
+ r->in.flags,
+ (struct netr_DsRGetDCNameInfo **)r->out.dc_info,
+ &werr);
+ if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_netr_DsRGetDCName(b,
+ ctx,
+ r->in.server_name,
+ r->in.domain_name,
+ r->in.domain_guid,
+ NULL,
+ r->in.flags,
+ (struct netr_DsRGetDCNameInfo **)r->out.dc_info,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
new file mode 100644
index 0000000..5258549
--- /dev/null
+++ b/source3/lib/netapi/group.c
@@ -0,0 +1,1848 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Group Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "rpc_client/rpc_client.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
+#include "rpc_client/init_lsa.h"
+#include "../libcli/security/security.h"
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
+ struct NetGroupAdd *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_group_name;
+ struct dom_sid2 *domain_sid = NULL;
+ uint32_t rid = 0;
+ struct dcerpc_binding_handle *b = NULL;
+
+ struct GROUP_INFO_0 *info0 = NULL;
+ struct GROUP_INFO_1 *info1 = NULL;
+ struct GROUP_INFO_2 *info2 = NULL;
+ struct GROUP_INFO_3 *info3 = NULL;
+ union samr_GroupInfo info;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ info0 = (struct GROUP_INFO_0 *)r->in.buffer;
+ break;
+ case 1:
+ info1 = (struct GROUP_INFO_1 *)r->in.buffer;
+ break;
+ case 2:
+ info2 = (struct GROUP_INFO_2 *)r->in.buffer;
+ break;
+ case 3:
+ info3 = (struct GROUP_INFO_3 *)r->in.buffer;
+ break;
+ default:
+ werr = WERR_INVALID_LEVEL;
+ goto done;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_CREATE_GROUP |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ init_lsa_String(&lsa_group_name, info0->grpi0_name);
+ break;
+ case 1:
+ init_lsa_String(&lsa_group_name, info1->grpi1_name);
+ break;
+ case 2:
+ init_lsa_String(&lsa_group_name, info2->grpi2_name);
+ break;
+ case 3:
+ init_lsa_String(&lsa_group_name, info3->grpi3_name);
+ break;
+ }
+
+ status = dcerpc_samr_CreateDomainGroup(b, talloc_tos(),
+ &domain_handle,
+ &lsa_group_name,
+ SEC_STD_DELETE |
+ SAMR_GROUP_ACCESS_SET_INFO,
+ &group_handle,
+ &rid,
+ &result);
+
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ switch (r->in.level) {
+ case 1:
+ if (info1->grpi1_comment) {
+ init_lsa_String(&info.description,
+ info1->grpi1_comment);
+
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFODESCRIPTION,
+ &info,
+ &result);
+ }
+ break;
+ case 2:
+ if (info2->grpi2_comment) {
+ init_lsa_String(&info.description,
+ info2->grpi2_comment);
+
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFODESCRIPTION,
+ &info,
+ &result);
+ if (any_nt_status_not_ok(
+ status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto failed;
+ }
+ }
+
+ if (info2->grpi2_attributes != 0) {
+ info.attributes.attributes = info2->grpi2_attributes;
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOATTRIBUTES,
+ &info,
+ &result);
+
+ }
+ break;
+ case 3:
+ if (info3->grpi3_comment) {
+ init_lsa_String(&info.description,
+ info3->grpi3_comment);
+
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFODESCRIPTION,
+ &info,
+ &result);
+ if (any_nt_status_not_ok(
+ status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto failed;
+ }
+ }
+
+ if (info3->grpi3_attributes != 0) {
+ info.attributes.attributes = info3->grpi3_attributes;
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOATTRIBUTES,
+ &info,
+ &result);
+ }
+ break;
+ default:
+ break;
+ }
+
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto failed;
+ }
+
+ werr = WERR_OK;
+ goto done;
+
+ failed:
+ dcerpc_samr_DeleteDomainGroup(b, talloc_tos(),
+ &group_handle, &result);
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupAdd_l(struct libnetapi_ctx *ctx,
+ struct NetGroupAdd *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupAdd);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
+ struct NetGroupDel *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_group_name;
+ struct dom_sid2 *domain_sid = NULL;
+ int i = 0;
+ struct dcerpc_binding_handle *b = NULL;
+
+ struct samr_Ids rids;
+ struct samr_Ids types;
+ union samr_GroupInfo *info = NULL;
+ struct samr_RidAttrArray *rid_array = NULL;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_group_name, r->in.group_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_group_name,
+ &rids,
+ &types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_INVALID_DATATYPE;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SEC_STD_DELETE |
+ SAMR_GROUP_ACCESS_GET_MEMBERS |
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER |
+ SAMR_GROUP_ACCESS_ADD_MEMBER |
+ SAMR_GROUP_ACCESS_LOOKUP_INFO,
+ rids.ids[0],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOATTRIBUTES,
+ &info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+#if 0
+ /* breaks against NT4 */
+ if (!(info->attributes.attributes & SE_GROUP_ENABLED)) {
+ werr = WERR_ACCESS_DENIED;
+ goto done;
+ }
+#endif
+ status = dcerpc_samr_QueryGroupMember(b, talloc_tos(),
+ &group_handle,
+ &rid_array,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ {
+ struct lsa_Strings names;
+ struct samr_Ids member_types;
+
+ status = dcerpc_samr_LookupRids(b, talloc_tos(),
+ &domain_handle,
+ rid_array->count,
+ rid_array->rids,
+ &names,
+ &member_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (names.count != rid_array->count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (member_types.count != rid_array->count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ }
+
+ for (i=0; i < rid_array->count; i++) {
+
+ status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
+ &group_handle,
+ rid_array->rids[i],
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ status = dcerpc_samr_DeleteDomainGroup(b, talloc_tos(),
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ ZERO_STRUCT(group_handle);
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupDel_l(struct libnetapi_ctx *ctx,
+ struct NetGroupDel *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupDel);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetGroupSetInfo *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_group_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ struct samr_Ids rids;
+ struct samr_Ids types;
+ union samr_GroupInfo info;
+ struct GROUP_INFO_0 *g0;
+ struct GROUP_INFO_1 *g1;
+ struct GROUP_INFO_2 *g2;
+ struct GROUP_INFO_3 *g3;
+ struct GROUP_INFO_1002 *g1002;
+ struct GROUP_INFO_1005 *g1005;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_group_name, r->in.group_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_group_name,
+ &rids,
+ &types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_INVALID_DATATYPE;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_SET_INFO |
+ SAMR_GROUP_ACCESS_LOOKUP_INFO,
+ rids.ids[0],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ g0 = (struct GROUP_INFO_0 *)r->in.buffer;
+ init_lsa_String(&info.name, g0->grpi0_name);
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFONAME,
+ &info,
+ &result);
+ break;
+ case 1:
+ g1 = (struct GROUP_INFO_1 *)r->in.buffer;
+ init_lsa_String(&info.description, g1->grpi1_comment);
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFODESCRIPTION,
+ &info,
+ &result);
+ break;
+ case 2:
+ g2 = (struct GROUP_INFO_2 *)r->in.buffer;
+ init_lsa_String(&info.description, g2->grpi2_comment);
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFODESCRIPTION,
+ &info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ info.attributes.attributes = g2->grpi2_attributes;
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOATTRIBUTES,
+ &info,
+ &result);
+ break;
+ case 3:
+ g3 = (struct GROUP_INFO_3 *)r->in.buffer;
+ init_lsa_String(&info.description, g3->grpi3_comment);
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFODESCRIPTION,
+ &info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ info.attributes.attributes = g3->grpi3_attributes;
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOATTRIBUTES,
+ &info,
+ &result);
+ break;
+ case 1002:
+ g1002 = (struct GROUP_INFO_1002 *)r->in.buffer;
+ init_lsa_String(&info.description, g1002->grpi1002_comment);
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFODESCRIPTION,
+ &info,
+ &result);
+ break;
+ case 1005:
+ g1005 = (struct GROUP_INFO_1005 *)r->in.buffer;
+ info.attributes.attributes = g1005->grpi1005_attributes;
+ status = dcerpc_samr_SetGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOATTRIBUTES,
+ &info,
+ &result);
+ break;
+ default:
+ status = NT_STATUS_INVALID_LEVEL;
+ break;
+ }
+
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetGroupSetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupSetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR map_group_info_to_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ struct samr_GroupInfoAll *info,
+ struct dom_sid2 *domain_sid,
+ uint32_t rid,
+ uint8_t **buffer)
+{
+ struct GROUP_INFO_0 info0;
+ struct GROUP_INFO_1 info1;
+ struct GROUP_INFO_2 info2;
+ struct GROUP_INFO_3 info3;
+ struct dom_sid sid;
+
+ switch (level) {
+ case 0:
+ info0.grpi0_name = info->name.string;
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info0, sizeof(info0));
+
+ break;
+ case 1:
+ info1.grpi1_name = info->name.string;
+ info1.grpi1_comment = info->description.string;
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info1, sizeof(info1));
+
+ break;
+ case 2:
+ info2.grpi2_name = info->name.string;
+ info2.grpi2_comment = info->description.string;
+ info2.grpi2_group_id = rid;
+ info2.grpi2_attributes = info->attributes;
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info2, sizeof(info2));
+
+ break;
+ case 3:
+ if (!sid_compose(&sid, domain_sid, rid)) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ info3.grpi3_name = info->name.string;
+ info3.grpi3_comment = info->description.string;
+ info3.grpi3_attributes = info->attributes;
+ info3.grpi3_group_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info3, sizeof(info3));
+
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetGroupGetInfo *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_group_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ struct samr_Ids rids;
+ struct samr_Ids types;
+ union samr_GroupInfo *info = NULL;
+ bool group_info_all = false;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_group_name, r->in.group_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_group_name,
+ &rids,
+ &types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_INVALID_DATATYPE;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_LOOKUP_INFO,
+ rids.ids[0],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOALL2,
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (NT_STATUS_EQUAL(result, NT_STATUS_INVALID_INFO_CLASS)) {
+ status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOALL,
+ &info,
+ &result);
+ group_info_all = true;
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ if (!NT_STATUS_IS_OK(result)) {
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
+
+ werr = map_group_info_to_buffer(ctx, r->in.level,
+ group_info_all ? &info->all : &info->all2,
+ domain_sid, rids.ids[0],
+ r->out.buffer);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetGroupGetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupGetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
+ struct NetGroupAddUser *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_group_name, lsa_user_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ struct samr_Ids rids;
+ struct samr_Ids types;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_group_name, r->in.group_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_group_name,
+ &rids,
+ &types,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ werr = WERR_NERR_GROUPNOTFOUND;
+ goto done;
+ }
+ if (rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_NERR_GROUPNOTFOUND;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_ADD_MEMBER,
+ rids.ids[0],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ init_lsa_String(&lsa_user_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_user_name,
+ &rids,
+ &types,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ werr = WERR_NERR_USERNOTFOUND;
+ goto done;
+ }
+ if (rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ if (types.ids[0] != SID_NAME_USER) {
+ werr = WERR_NERR_USERNOTFOUND;
+ goto done;
+ }
+
+ status = dcerpc_samr_AddGroupMember(b, talloc_tos(),
+ &group_handle,
+ rids.ids[0],
+ 7, /* why ? */
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupAddUser_l(struct libnetapi_ctx *ctx,
+ struct NetGroupAddUser *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupAddUser);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
+ struct NetGroupDelUser *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_group_name, lsa_user_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ struct samr_Ids rids;
+ struct samr_Ids types;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_group_name, r->in.group_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_group_name,
+ &rids,
+ &types,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ werr = WERR_NERR_GROUPNOTFOUND;
+ goto done;
+ }
+ if (rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_NERR_GROUPNOTFOUND;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER,
+ rids.ids[0],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ init_lsa_String(&lsa_user_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_user_name,
+ &rids,
+ &types,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!NT_STATUS_IS_OK(result)) {
+ werr = WERR_NERR_USERNOTFOUND;
+ goto done;
+ }
+ if (rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ if (types.ids[0] != SID_NAME_USER) {
+ werr = WERR_NERR_USERNOTFOUND;
+ goto done;
+ }
+
+ status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
+ &group_handle,
+ rids.ids[0],
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupDelUser_l(struct libnetapi_ctx *ctx,
+ struct NetGroupDelUser *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupDelUser);
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_disp_groups_to_GROUP_INFO_0_buffer(TALLOC_CTX *mem_ctx,
+ struct samr_DispInfoFullGroups *groups,
+ uint8_t **buffer)
+{
+ struct GROUP_INFO_0 *g0;
+ int i;
+
+ g0 = talloc_zero_array(mem_ctx, struct GROUP_INFO_0, groups->count);
+ W_ERROR_HAVE_NO_MEMORY(g0);
+
+ for (i=0; i<groups->count; i++) {
+ g0[i].grpi0_name = talloc_strdup(mem_ctx,
+ groups->entries[i].account_name.string);
+ W_ERROR_HAVE_NO_MEMORY(g0[i].grpi0_name);
+ }
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, g0,
+ sizeof(struct GROUP_INFO_0) * groups->count);
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_disp_groups_to_GROUP_INFO_1_buffer(TALLOC_CTX *mem_ctx,
+ struct samr_DispInfoFullGroups *groups,
+ uint8_t **buffer)
+{
+ struct GROUP_INFO_1 *g1;
+ int i;
+
+ g1 = talloc_zero_array(mem_ctx, struct GROUP_INFO_1, groups->count);
+ W_ERROR_HAVE_NO_MEMORY(g1);
+
+ for (i=0; i<groups->count; i++) {
+ g1[i].grpi1_name = talloc_strdup(mem_ctx,
+ groups->entries[i].account_name.string);
+ g1[i].grpi1_comment = talloc_strdup(mem_ctx,
+ groups->entries[i].description.string);
+ W_ERROR_HAVE_NO_MEMORY(g1[i].grpi1_name);
+ }
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, g1,
+ sizeof(struct GROUP_INFO_1) * groups->count);
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_disp_groups_to_GROUP_INFO_2_buffer(TALLOC_CTX *mem_ctx,
+ struct samr_DispInfoFullGroups *groups,
+ uint8_t **buffer)
+{
+ struct GROUP_INFO_2 *g2;
+ int i;
+
+ g2 = talloc_zero_array(mem_ctx, struct GROUP_INFO_2, groups->count);
+ W_ERROR_HAVE_NO_MEMORY(g2);
+
+ for (i=0; i<groups->count; i++) {
+ g2[i].grpi2_name = talloc_strdup(mem_ctx,
+ groups->entries[i].account_name.string);
+ g2[i].grpi2_comment = talloc_strdup(mem_ctx,
+ groups->entries[i].description.string);
+ g2[i].grpi2_group_id = groups->entries[i].rid;
+ g2[i].grpi2_attributes = groups->entries[i].acct_flags;
+ W_ERROR_HAVE_NO_MEMORY(g2[i].grpi2_name);
+ }
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, g2,
+ sizeof(struct GROUP_INFO_2) * groups->count);
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_disp_groups_to_GROUP_INFO_3_buffer(TALLOC_CTX *mem_ctx,
+ struct samr_DispInfoFullGroups *groups,
+ const struct dom_sid *domain_sid,
+ uint8_t **buffer)
+{
+ struct GROUP_INFO_3 *g3;
+ int i;
+
+ g3 = talloc_zero_array(mem_ctx, struct GROUP_INFO_3, groups->count);
+ W_ERROR_HAVE_NO_MEMORY(g3);
+
+ for (i=0; i<groups->count; i++) {
+
+ struct dom_sid sid;
+
+ if (!sid_compose(&sid, domain_sid, groups->entries[i].rid)) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ g3[i].grpi3_name = talloc_strdup(mem_ctx,
+ groups->entries[i].account_name.string);
+ g3[i].grpi3_comment = talloc_strdup(mem_ctx,
+ groups->entries[i].description.string);
+ g3[i].grpi3_group_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
+ g3[i].grpi3_attributes = groups->entries[i].acct_flags;
+ W_ERROR_HAVE_NO_MEMORY(g3[i].grpi3_name);
+ }
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, g3,
+ sizeof(struct GROUP_INFO_3) * groups->count);
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_disp_groups_to_GROUP_INFO_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ struct samr_DispInfoFullGroups *groups,
+ const struct dom_sid *domain_sid,
+ uint32_t *entries_read,
+ uint8_t **buffer)
+{
+ if (entries_read) {
+ *entries_read = groups->count;
+ }
+
+ switch (level) {
+ case 0:
+ return convert_samr_disp_groups_to_GROUP_INFO_0_buffer(mem_ctx, groups, buffer);
+ case 1:
+ return convert_samr_disp_groups_to_GROUP_INFO_1_buffer(mem_ctx, groups, buffer);
+ case 2:
+ return convert_samr_disp_groups_to_GROUP_INFO_2_buffer(mem_ctx, groups, buffer);
+ case 3:
+ return convert_samr_disp_groups_to_GROUP_INFO_3_buffer(mem_ctx, groups, domain_sid, buffer);
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx,
+ struct NetGroupEnum *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ struct policy_handle domain_handle;
+ union samr_DispInfo info;
+ union samr_DomainInfo *domain_info = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ uint32_t total_size = 0;
+ uint32_t returned_size = 0;
+
+ NTSTATUS result = NT_STATUS_OK;
+ NTSTATUS status;
+ WERROR werr, tmp_werr;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ case 2:
+ case 3:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryDomainInfo(b, talloc_tos(),
+ &domain_handle,
+ 2,
+ &domain_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (r->out.total_entries) {
+ *r->out.total_entries = domain_info->general.num_groups;
+ }
+
+ status = dcerpc_samr_QueryDisplayInfo2(b,
+ ctx,
+ &domain_handle,
+ 3,
+ r->in.resume_handle ?
+ *r->in.resume_handle : 0,
+ (uint32_t)-1,
+ r->in.prefmaxlen,
+ &total_size,
+ &returned_size,
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = ntstatus_to_werror(result);
+ if (NT_STATUS_IS_ERR(result)) {
+ goto done;
+ }
+
+ if (r->out.resume_handle && info.info3.count > 0) {
+ *r->out.resume_handle =
+ info.info3.entries[info.info3.count-1].idx;
+ }
+
+ tmp_werr = convert_samr_disp_groups_to_GROUP_INFO_buffer(ctx,
+ r->in.level,
+ &info.info3,
+ domain_sid,
+ r->out.entries_read,
+ r->out.buffer);
+ if (!W_ERROR_IS_OK(tmp_werr)) {
+ werr = tmp_werr;
+ goto done;
+ }
+
+ done:
+ /* if last query */
+ if (NT_STATUS_IS_OK(result) ||
+ NT_STATUS_IS_ERR(result)) {
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupEnum_l(struct libnetapi_ctx *ctx,
+ struct NetGroupEnum *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupEnum);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
+ struct NetGroupGetUsers *r)
+{
+ /* FIXME: this call needs to cope with large replies */
+
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct samr_Ids group_rids, name_types;
+ struct samr_RidAttrArray *rid_array = NULL;
+ struct lsa_Strings names;
+ struct samr_Ids member_types;
+ struct dcerpc_binding_handle *b = NULL;
+
+ int i;
+ uint32_t entries_read = 0;
+
+ NTSTATUS status;
+ NTSTATUS result = NT_STATUS_OK;
+ WERROR werr;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ *r->out.buffer = NULL;
+ *r->out.entries_read = 0;
+ *r->out.total_entries = 0;
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.group_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &group_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (group_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_GET_MEMBERS,
+ group_rids.ids[0],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryGroupMember(b, talloc_tos(),
+ &group_handle,
+ &rid_array,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_LookupRids(b, talloc_tos(),
+ &domain_handle,
+ rid_array->count,
+ rid_array->rids,
+ &names,
+ &member_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (names.count != rid_array->count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (member_types.count != rid_array->count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ for (i=0; i < names.count; i++) {
+
+ if (member_types.ids[i] != SID_NAME_USER) {
+ continue;
+ }
+
+ status = add_GROUP_USERS_INFO_X_buffer(ctx,
+ r->in.level,
+ names.names[i].string,
+ 7,
+ r->out.buffer,
+ &entries_read);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ *r->out.entries_read = entries_read;
+ *r->out.total_entries = entries_read;
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupGetUsers_l(struct libnetapi_ctx *ctx,
+ struct NetGroupGetUsers *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupGetUsers);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
+ struct NetGroupSetUsers *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle, domain_handle, group_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ union samr_GroupInfo *group_info = NULL;
+ struct samr_Ids user_rids, name_types;
+ struct samr_Ids group_rids, group_types;
+ struct samr_RidAttrArray *rid_array = NULL;
+ struct lsa_String *lsa_names = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ uint32_t *add_rids = NULL;
+ uint32_t *del_rids = NULL;
+ size_t num_add_rids = 0;
+ size_t num_del_rids = 0;
+
+ uint32_t *member_rids = NULL;
+
+ struct GROUP_USERS_INFO_0 *i0 = NULL;
+ struct GROUP_USERS_INFO_1 *i1 = NULL;
+
+ int i, k;
+
+ NTSTATUS status;
+ NTSTATUS result = NT_STATUS_OK;
+ WERROR werr;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.group_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &group_rids,
+ &group_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (group_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (group_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_GET_MEMBERS |
+ SAMR_GROUP_ACCESS_ADD_MEMBER |
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER |
+ SAMR_GROUP_ACCESS_LOOKUP_INFO,
+ group_rids.ids[0],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryGroupInfo(b, talloc_tos(),
+ &group_handle,
+ GROUPINFOATTRIBUTES,
+ &group_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ i0 = (struct GROUP_USERS_INFO_0 *)r->in.buffer;
+ break;
+ case 1:
+ i1 = (struct GROUP_USERS_INFO_1 *)r->in.buffer;
+ break;
+ }
+
+ lsa_names = talloc_array(ctx, struct lsa_String, r->in.num_entries);
+ if (!lsa_names) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+
+ for (i=0; i < r->in.num_entries; i++) {
+
+ switch (r->in.level) {
+ case 0:
+ init_lsa_String(&lsa_names[i], i0->grui0_name);
+ i0++;
+ break;
+ case 1:
+ init_lsa_String(&lsa_names[i], i1->grui1_name);
+ i1++;
+ break;
+ }
+ }
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ r->in.num_entries,
+ lsa_names,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (r->in.num_entries != user_rids.count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (r->in.num_entries != name_types.count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ member_rids = user_rids.ids;
+
+ status = dcerpc_samr_QueryGroupMember(b, talloc_tos(),
+ &group_handle,
+ &rid_array,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ /* add list */
+
+ for (i=0; i < r->in.num_entries; i++) {
+ bool already_member = false;
+ for (k=0; k < rid_array->count; k++) {
+ if (member_rids[i] == rid_array->rids[k]) {
+ already_member = true;
+ break;
+ }
+ }
+ if (!already_member) {
+ if (!add_rid_to_array_unique(ctx,
+ member_rids[i],
+ &add_rids, &num_add_rids)) {
+ werr = WERR_GEN_FAILURE;
+ goto done;
+ }
+ }
+ }
+
+ /* del list */
+
+ for (k=0; k < rid_array->count; k++) {
+ bool keep_member = false;
+ for (i=0; i < r->in.num_entries; i++) {
+ if (member_rids[i] == rid_array->rids[k]) {
+ keep_member = true;
+ break;
+ }
+ }
+ if (!keep_member) {
+ if (!add_rid_to_array_unique(ctx,
+ rid_array->rids[k],
+ &del_rids, &num_del_rids)) {
+ werr = WERR_GEN_FAILURE;
+ goto done;
+ }
+ }
+ }
+
+ /* add list */
+
+ for (i=0; i < num_add_rids; i++) {
+ status = dcerpc_samr_AddGroupMember(b, talloc_tos(),
+ &group_handle,
+ add_rids[i],
+ 7 /* ? */,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ /* del list */
+
+ for (i=0; i < num_del_rids; i++) {
+ status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
+ &group_handle,
+ del_rids[i],
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGroupSetUsers_l(struct libnetapi_ctx *ctx,
+ struct NetGroupSetUsers *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetGroupSetUsers);
+}
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
new file mode 100644
index 0000000..04fc423
--- /dev/null
+++ b/source3/lib/netapi/joindomain.c
@@ -0,0 +1,1145 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Join Support
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "ads.h"
+#include "librpc/gen_ndr/libnetapi.h"
+#include "libcli/auth/libcli_auth.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "librpc/gen_ndr/libnet_join.h"
+#include "libnet/libnet_join.h"
+#include "../librpc/gen_ndr/ndr_wkssvc_c.h"
+#include "rpc_client/cli_pipe.h"
+#include "secrets.h"
+#include "libsmb/dsgetdcname.h"
+#include "../librpc/gen_ndr/ndr_ODJ.h"
+#include "lib/util/base64.h"
+#include "libnet/libnet_join_offline.h"
+#include "libcli/security/dom_sid.h"
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetJoinDomain_l(struct libnetapi_ctx *mem_ctx,
+ struct NetJoinDomain *r)
+{
+ struct libnet_JoinCtx *j = NULL;
+ struct libnetapi_private_ctx *priv;
+ WERROR werr;
+
+ priv = talloc_get_type_abort(mem_ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ if (!r->in.domain) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnet_init_JoinCtx(mem_ctx, &j);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ j->in.domain_name = talloc_strdup(mem_ctx, r->in.domain);
+ W_ERROR_HAVE_NO_MEMORY(j->in.domain_name);
+
+ if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
+ NTSTATUS status;
+ struct netr_DsRGetDCNameInfo *info = NULL;
+ const char *dc = NULL;
+ uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_RETURN_DNS_NAME;
+ status = dsgetdcname(mem_ctx, priv->msg_ctx, r->in.domain,
+ NULL, NULL, flags, &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnetapi_set_error_string(mem_ctx,
+ "%s", get_friendly_nt_error_msg(status));
+ return ntstatus_to_werror(status);
+ }
+
+ dc = strip_hostname(info->dc_unc);
+ j->in.dc_name = talloc_strdup(mem_ctx, dc);
+ W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
+ }
+
+ if (r->in.account_ou) {
+ j->in.account_ou = talloc_strdup(mem_ctx, r->in.account_ou);
+ W_ERROR_HAVE_NO_MEMORY(j->in.account_ou);
+ }
+
+ if (r->in.account) {
+ j->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
+ W_ERROR_HAVE_NO_MEMORY(j->in.admin_account);
+ }
+
+ if (r->in.password) {
+ j->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
+ W_ERROR_HAVE_NO_MEMORY(j->in.admin_password);
+ }
+
+ j->in.join_flags = r->in.join_flags;
+ j->in.modify_config = true;
+ j->in.debug = true;
+
+ werr = libnet_Join(mem_ctx, j);
+ if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
+ libnetapi_set_error_string(mem_ctx, "%s", j->out.error_string);
+ }
+ TALLOC_FREE(j);
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
+ struct NetJoinDomain *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct wkssvc_PasswordBuffer *encrypted_password = NULL;
+ NTSTATUS status;
+ WERROR werr;
+ unsigned int old_timeout = 0;
+ struct dcerpc_binding_handle *b;
+ DATA_BLOB session_key;
+
+ if (IS_DC) {
+ return WERR_NERR_SETUPDOMAINCONTROLLER;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server,
+ &ndr_table_wkssvc,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ if (r->in.password) {
+
+ status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = encode_wkssvc_join_password_buffer(ctx,
+ r->in.password,
+ &session_key,
+ &encrypted_password);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+ }
+
+ old_timeout = rpccli_set_timeout(pipe_cli, 600000);
+
+ status = dcerpc_wkssvc_NetrJoinDomain2(b, talloc_tos(),
+ r->in.server,
+ r->in.domain,
+ r->in.account_ou,
+ r->in.account,
+ encrypted_password,
+ r->in.join_flags,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ if (pipe_cli && old_timeout) {
+ rpccli_set_timeout(pipe_cli, old_timeout);
+ }
+
+ return werr;
+}
+/****************************************************************
+****************************************************************/
+
+WERROR NetUnjoinDomain_l(struct libnetapi_ctx *mem_ctx,
+ struct NetUnjoinDomain *r)
+{
+ struct libnet_UnjoinCtx *u = NULL;
+ struct dom_sid domain_sid;
+ const char *domain = NULL;
+ WERROR werr;
+ struct libnetapi_private_ctx *priv;
+ const char *realm = lp_realm();
+
+ priv = talloc_get_type_abort(mem_ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) {
+ return WERR_NERR_SETUPNOTJOINED;
+ }
+
+ werr = libnet_init_UnjoinCtx(mem_ctx, &u);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ if (realm[0] != '\0') {
+ domain = realm;
+ } else {
+ domain = lp_workgroup();
+ }
+
+ if (r->in.server_name) {
+ u->in.dc_name = talloc_strdup(mem_ctx, r->in.server_name);
+ W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
+ } else {
+ NTSTATUS status;
+ struct netr_DsRGetDCNameInfo *info = NULL;
+ const char *dc = NULL;
+ uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_RETURN_DNS_NAME;
+ status = dsgetdcname(mem_ctx, priv->msg_ctx, domain,
+ NULL, NULL, flags, &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnetapi_set_error_string(mem_ctx,
+ "failed to find DC for domain %s: %s",
+ domain,
+ get_friendly_nt_error_msg(status));
+ return ntstatus_to_werror(status);
+ }
+
+ dc = strip_hostname(info->dc_unc);
+ u->in.dc_name = talloc_strdup(mem_ctx, dc);
+ W_ERROR_HAVE_NO_MEMORY(u->in.dc_name);
+
+ u->in.domain_name = domain;
+ }
+
+ if (r->in.account) {
+ u->in.admin_account = talloc_strdup(mem_ctx, r->in.account);
+ W_ERROR_HAVE_NO_MEMORY(u->in.admin_account);
+ }
+
+ if (r->in.password) {
+ u->in.admin_password = talloc_strdup(mem_ctx, r->in.password);
+ W_ERROR_HAVE_NO_MEMORY(u->in.admin_password);
+ }
+
+ u->in.domain_name = domain;
+ u->in.unjoin_flags = r->in.unjoin_flags;
+ u->in.delete_machine_account = false;
+ u->in.modify_config = true;
+ u->in.debug = true;
+
+ u->in.domain_sid = &domain_sid;
+
+ werr = libnet_Unjoin(mem_ctx, u);
+ if (!W_ERROR_IS_OK(werr) && u->out.error_string) {
+ libnetapi_set_error_string(mem_ctx, "%s", u->out.error_string);
+ }
+ TALLOC_FREE(u);
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
+ struct NetUnjoinDomain *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct wkssvc_PasswordBuffer *encrypted_password = NULL;
+ NTSTATUS status;
+ WERROR werr;
+ unsigned int old_timeout = 0;
+ struct dcerpc_binding_handle *b;
+ DATA_BLOB session_key;
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_wkssvc,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ if (r->in.password) {
+
+ status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = encode_wkssvc_join_password_buffer(ctx,
+ r->in.password,
+ &session_key,
+ &encrypted_password);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+ }
+
+ old_timeout = rpccli_set_timeout(pipe_cli, 60000);
+
+ status = dcerpc_wkssvc_NetrUnjoinDomain2(b, talloc_tos(),
+ r->in.server_name,
+ r->in.account,
+ encrypted_password,
+ r->in.unjoin_flags,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ if (pipe_cli && old_timeout) {
+ rpccli_set_timeout(pipe_cli, old_timeout);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx,
+ struct NetGetJoinInformation *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status;
+ WERROR werr;
+ const char *buffer = NULL;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_wkssvc,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ status = dcerpc_wkssvc_NetrGetJoinInformation(b, talloc_tos(),
+ r->in.server_name,
+ &buffer,
+ (enum wkssvc_NetJoinStatus *)r->out.name_type,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ *r->out.name_buffer = talloc_strdup(ctx, buffer);
+ W_ERROR_HAVE_NO_MEMORY(*r->out.name_buffer);
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGetJoinInformation_l(struct libnetapi_ctx *ctx,
+ struct NetGetJoinInformation *r)
+{
+ const char *realm = lp_realm();
+
+ if ((lp_security() == SEC_ADS) && realm[0] != '\0') {
+ *r->out.name_buffer = talloc_strdup(ctx, realm);
+ } else {
+ *r->out.name_buffer = talloc_strdup(ctx, lp_workgroup());
+ }
+ if (!*r->out.name_buffer) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ switch (lp_server_role()) {
+ case ROLE_DOMAIN_MEMBER:
+ case ROLE_DOMAIN_PDC:
+ case ROLE_DOMAIN_BDC:
+ case ROLE_IPA_DC:
+ *r->out.name_type = NetSetupDomainName;
+ break;
+ case ROLE_STANDALONE:
+ default:
+ *r->out.name_type = NetSetupWorkgroupName;
+ break;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
+ struct NetGetJoinableOUs *r)
+{
+#ifdef HAVE_ADS
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ WERROR ret;
+ NTSTATUS status;
+ ADS_STATUS ads_status;
+ ADS_STRUCT *ads = NULL;
+ struct netr_DsRGetDCNameInfo *info = NULL;
+ const char *dc = NULL;
+ uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_RETURN_DNS_NAME;
+ struct libnetapi_private_ctx *priv;
+ char **p;
+ size_t s;
+
+ priv = talloc_get_type_abort(ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ status = dsgetdcname(tmp_ctx, priv->msg_ctx, r->in.domain,
+ NULL, NULL, flags, &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnetapi_set_error_string(ctx, "%s",
+ get_friendly_nt_error_msg(status));
+ ret = ntstatus_to_werror(status);
+ goto out;
+ }
+
+ dc = strip_hostname(info->dc_unc);
+
+ ads = ads_init(tmp_ctx,
+ info->domain_name,
+ info->domain_name,
+ dc,
+ ADS_SASL_PLAIN);
+ if (!ads) {
+ ret = WERR_GEN_FAILURE;
+ goto out;
+ }
+
+ ADS_TALLOC_CONST_FREE(ads->auth.user_name);
+ if (r->in.account) {
+ ads->auth.user_name = talloc_strdup(ads, r->in.account);
+ if (ads->auth.user_name == NULL) {
+ ret = WERR_NOT_ENOUGH_MEMORY;
+ goto out;
+ }
+ } else {
+ const char *username = NULL;
+
+ libnetapi_get_username(ctx, &username);
+ if (username != NULL) {
+ ads->auth.user_name = talloc_strdup(ads, username);
+ if (ads->auth.user_name == NULL) {
+ ret = WERR_NOT_ENOUGH_MEMORY;
+ goto out;
+ }
+ }
+ }
+
+ ADS_TALLOC_CONST_FREE(ads->auth.password);
+ if (r->in.password) {
+ ads->auth.password = talloc_strdup(ads, r->in.password);
+ if (ads->auth.password == NULL) {
+ ret = WERR_NOT_ENOUGH_MEMORY;
+ goto out;
+ }
+ } else {
+ const char *password = NULL;
+
+ libnetapi_get_password(ctx, &password);
+ if (password != NULL) {
+ ads->auth.password = talloc_strdup(ads, password);
+ if (ads->auth.password == NULL) {
+ ret = WERR_NOT_ENOUGH_MEMORY;
+ goto out;
+ }
+ }
+ }
+
+ ads_status = ads_connect_user_creds(ads);
+ if (!ADS_ERR_OK(ads_status)) {
+ ret = WERR_NERR_DEFAULTJOINREQUIRED;
+ goto out;
+ }
+
+ ads_status = ads_get_joinable_ous(ads, ctx, &p, &s);
+ if (!ADS_ERR_OK(ads_status)) {
+ ret = WERR_NERR_DEFAULTJOINREQUIRED;
+ goto out;
+ }
+ *r->out.ous = discard_const_p(const char *, p);
+ *r->out.ou_count = s;
+
+ ret = WERR_OK;
+out:
+ TALLOC_FREE(tmp_ctx);
+
+ return ret;
+#else
+ return WERR_NOT_SUPPORTED;
+#endif
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
+ struct NetGetJoinableOUs *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct wkssvc_PasswordBuffer *encrypted_password = NULL;
+ NTSTATUS status;
+ WERROR werr;
+ struct dcerpc_binding_handle *b;
+ DATA_BLOB session_key;
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_wkssvc,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ if (r->in.password) {
+
+ status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = encode_wkssvc_join_password_buffer(ctx,
+ r->in.password,
+ &session_key,
+ &encrypted_password);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+ }
+
+ status = dcerpc_wkssvc_NetrGetJoinableOus2(b, talloc_tos(),
+ r->in.server_name,
+ r->in.domain,
+ r->in.account,
+ encrypted_password,
+ r->out.ou_count,
+ r->out.ous,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
+ struct NetRenameMachineInDomain *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct wkssvc_PasswordBuffer *encrypted_password = NULL;
+ NTSTATUS status;
+ WERROR werr;
+ struct dcerpc_binding_handle *b;
+ DATA_BLOB session_key;
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_wkssvc,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ if (r->in.password) {
+
+ status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = encode_wkssvc_join_password_buffer(ctx,
+ r->in.password,
+ &session_key,
+ &encrypted_password);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+ }
+
+ status = dcerpc_wkssvc_NetrRenameMachineInDomain2(b, talloc_tos(),
+ r->in.server_name,
+ r->in.new_machine_name,
+ r->in.account,
+ encrypted_password,
+ r->in.rename_options,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetRenameMachineInDomain_l(struct libnetapi_ctx *ctx,
+ struct NetRenameMachineInDomain *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetRenameMachineInDomain);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetProvisionComputerAccount_r(struct libnetapi_ctx *ctx,
+ struct NetProvisionComputerAccount *r)
+{
+ return NetProvisionComputerAccount_l(ctx, r);
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetProvisionComputerAccount_backend(struct libnetapi_ctx *ctx,
+ struct NetProvisionComputerAccount *r,
+ TALLOC_CTX *mem_ctx,
+ struct ODJ_PROVISION_DATA **p)
+{
+ WERROR werr;
+ struct libnet_JoinCtx *j = NULL;
+ int use_kerberos = 0;
+ const char *username = NULL;
+
+ werr = libnet_init_JoinCtx(mem_ctx, &j);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ j->in.domain_name = talloc_strdup(j, r->in.domain);
+ if (j->in.domain_name == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ talloc_free(discard_const_p(char *, j->in.machine_name));
+ j->in.machine_name = talloc_strdup(j, r->in.machine_name);
+ if (j->in.machine_name == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ if (r->in.dcname) {
+ j->in.dc_name = talloc_strdup(j, r->in.dcname);
+ if (j->in.dc_name == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ }
+
+ if (r->in.machine_account_ou) {
+ j->in.account_ou = talloc_strdup(j, r->in.machine_account_ou);
+ if (j->in.account_ou == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ }
+
+ libnetapi_get_username(ctx, &username);
+ if (username == NULL) {
+ talloc_free(j);
+ return WERR_NERR_BADUSERNAME;
+ }
+
+ j->in.admin_account = talloc_strdup(j, username);
+ if (j->in.admin_account == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ libnetapi_get_use_kerberos(ctx, &use_kerberos);
+ if (!use_kerberos) {
+ const char *password = NULL;
+
+ libnetapi_get_password(ctx, &password);
+ if (password == NULL) {
+ talloc_free(j);
+ return WERR_NERR_BADPASSWORD;
+ }
+ j->in.admin_password = talloc_strdup(j, password);
+ if (j->in.admin_password == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ }
+
+ j->in.use_kerberos = use_kerberos;
+ j->in.debug = true;
+ j->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
+ WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE;
+
+ if (r->in.options & NETSETUP_PROVISION_REUSE_ACCOUNT) {
+ j->in.join_flags |= WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
+ }
+
+ if (r->in.options & NETSETUP_PROVISION_USE_DEFAULT_PASSWORD) {
+ j->in.join_flags |= WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED;
+ j->in.machine_password = talloc_strdup(j, r->in.machine_name);
+ if (j->in.machine_password == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ }
+
+ j->in.provision_computer_account_only = true;
+
+ werr = libnet_Join(mem_ctx, j);
+ if (!W_ERROR_IS_OK(werr) && j->out.error_string) {
+ libnetapi_set_error_string(ctx, "%s", j->out.error_string);
+ talloc_free(j);
+ return werr;
+ }
+
+ werr = libnet_odj_compose_ODJ_PROVISION_DATA(mem_ctx, j, p);
+ if (!W_ERROR_IS_OK(werr)) {
+ talloc_free(j);
+ return werr;
+ }
+
+ TALLOC_FREE(j);
+
+ return WERR_OK;
+}
+
+WERROR NetProvisionComputerAccount_l(struct libnetapi_ctx *ctx,
+ struct NetProvisionComputerAccount *r)
+{
+ WERROR werr;
+ enum ndr_err_code ndr_err;
+ const char *b64_bin_data_str;
+ DATA_BLOB blob;
+ struct ODJ_PROVISION_DATA_serialized_ptr odj_provision_data;
+ struct ODJ_PROVISION_DATA *p;
+ TALLOC_CTX *mem_ctx = talloc_new(ctx);
+
+ if (r->in.provision_bin_data == NULL &&
+ r->in.provision_text_data == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+ if (r->in.provision_bin_data != NULL &&
+ r->in.provision_text_data != NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+ if (r->in.provision_bin_data == NULL &&
+ r->in.provision_bin_data_size != NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+ if (r->in.provision_bin_data != NULL &&
+ r->in.provision_bin_data_size == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (r->in.domain == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (r->in.machine_name == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = NetProvisionComputerAccount_backend(ctx, r, mem_ctx, &p);
+ if (!W_ERROR_IS_OK(werr)) {
+ talloc_free(mem_ctx);
+ return werr;
+ }
+
+ ZERO_STRUCT(odj_provision_data);
+
+ odj_provision_data.s.p = p;
+
+ ndr_err = ndr_push_struct_blob(&blob, ctx, &odj_provision_data,
+ (ndr_push_flags_fn_t)ndr_push_ODJ_PROVISION_DATA_serialized_ptr);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ talloc_free(mem_ctx);
+ return W_ERROR(NERR_BadOfflineJoinInfo);
+ }
+
+ talloc_free(mem_ctx);
+
+ if (r->out.provision_text_data != NULL) {
+ b64_bin_data_str = base64_encode_data_blob(ctx, blob);
+ if (b64_bin_data_str == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ *r->out.provision_text_data = b64_bin_data_str;
+ }
+
+ if (r->out.provision_bin_data != NULL &&
+ r->out.provision_bin_data_size != NULL) {
+ *r->out.provision_bin_data = blob.data;
+ *r->out.provision_bin_data_size = blob.length;
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetRequestOfflineDomainJoin_r(struct libnetapi_ctx *ctx,
+ struct NetRequestOfflineDomainJoin *r)
+{
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetRequestOfflineDomainJoin_backend(struct libnetapi_ctx *ctx,
+ const struct ODJ_WIN7BLOB *win7blob,
+ const struct ODJ_PROVISION_DATA *odj_provision_data)
+{
+ struct libnet_JoinCtx *j = NULL;
+ WERROR werr;
+
+ werr = libnet_init_JoinCtx(ctx, &j);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ j->in.domain_name = talloc_strdup(j, win7blob->lpDomain);
+ if (j->in.domain_name == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ talloc_free(discard_const_p(char *, j->in.machine_name));
+ j->in.machine_name = talloc_strdup(j, win7blob->lpMachineName);
+ if (j->in.machine_name == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ j->in.machine_password = talloc_strdup(j, win7blob->lpMachinePassword);
+ if (j->in.machine_password == NULL) {
+ talloc_free(j);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ j->in.request_offline_join = true;
+ j->in.odj_provision_data = discard_const(odj_provision_data);
+ j->in.debug = true;
+ j->in.join_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
+ WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED;
+
+ werr = libnet_Join(j, j);
+ if (!W_ERROR_IS_OK(werr)) {
+ if (j->out.error_string != NULL) {
+ libnetapi_set_error_string(ctx, "%s", j->out.error_string);
+ }
+ talloc_free(j);
+ return werr;
+ }
+
+ TALLOC_FREE(j);
+
+ return WERR_OK;
+}
+
+WERROR NetRequestOfflineDomainJoin_l(struct libnetapi_ctx *ctx,
+ struct NetRequestOfflineDomainJoin *r)
+{
+ DATA_BLOB blob, blob_base64;
+ enum ndr_err_code ndr_err;
+ struct ODJ_PROVISION_DATA_serialized_ptr odj_provision_data;
+ bool ok;
+ struct ODJ_WIN7BLOB win7blob = { 0 };
+ WERROR werr;
+
+ if (r->in.provision_bin_data == NULL ||
+ r->in.provision_bin_data_size == 0) {
+ return W_ERROR(NERR_NoOfflineJoinInfo);
+ }
+
+ if (r->in.provision_bin_data_size < 2) {
+ return W_ERROR(NERR_BadOfflineJoinInfo);
+ }
+
+ /*
+ * Windows produces and consumes UTF16/UCS2 encoded blobs. Check for the
+ * unicode BOM mark and convert back to UNIX charset if necessary.
+ */
+ if (r->in.provision_bin_data[0] == 0xff &&
+ r->in.provision_bin_data[1] == 0xfe) {
+ ok = convert_string_talloc(ctx, CH_UTF16LE, CH_UNIX,
+ r->in.provision_bin_data+2,
+ r->in.provision_bin_data_size-2,
+ &blob_base64.data,
+ &blob_base64.length);
+ if (!ok) {
+ return W_ERROR(NERR_BadOfflineJoinInfo);
+ }
+ } else {
+ blob_base64 = data_blob(r->in.provision_bin_data,
+ r->in.provision_bin_data_size);
+ }
+
+ blob = base64_decode_data_blob_talloc(ctx, (const char *)blob_base64.data);
+
+ ndr_err = ndr_pull_struct_blob(&blob, ctx, &odj_provision_data,
+ (ndr_pull_flags_fn_t)ndr_pull_ODJ_PROVISION_DATA_serialized_ptr);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return W_ERROR(NERR_BadOfflineJoinInfo);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(ODJ_PROVISION_DATA_serialized_ptr, &odj_provision_data);
+ }
+
+ if (odj_provision_data.s.p->ulVersion != 1) {
+ return W_ERROR(NERR_ProvisioningBlobUnsupported);
+ }
+
+ werr = libnet_odj_find_win7blob(odj_provision_data.s.p, &win7blob);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ if (!(r->in.options & NETSETUP_PROVISION_ONLINE_CALLER)) {
+ return WERR_NERR_SETUPNOTJOINED;
+ }
+
+ werr = NetRequestOfflineDomainJoin_backend(ctx,
+ &win7blob,
+ odj_provision_data.s.p);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ return W_ERROR(NERR_JoinPerformedMustRestart);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetComposeOfflineDomainJoin_r(struct libnetapi_ctx *ctx,
+ struct NetComposeOfflineDomainJoin *r)
+{
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetComposeOfflineDomainJoin_backend(struct libnetapi_ctx *ctx,
+ struct NetComposeOfflineDomainJoin *r,
+ TALLOC_CTX *mem_ctx,
+ struct ODJ_PROVISION_DATA **p)
+{
+ struct libnet_JoinCtx *j = NULL;
+ WERROR werr;
+
+ werr = libnet_init_JoinCtx(ctx, &j);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ j->in.domain_name = talloc_strdup(j, r->in.dns_domain_name);
+ if (j->in.domain_name == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ j->in.dc_name = talloc_strdup(j, r->in.dc_name);
+ W_ERROR_HAVE_NO_MEMORY(j->in.dc_name);
+
+ j->in.machine_password = talloc_strdup(j, r->in.machine_account_password);
+ W_ERROR_HAVE_NO_MEMORY(j->in.machine_password);
+
+ j->out.account_name = talloc_strdup(j, r->in.machine_account_name);
+ W_ERROR_HAVE_NO_MEMORY(j->out.account_name);
+
+ j->out.dns_domain_name = talloc_strdup(j, r->in.dns_domain_name);
+ W_ERROR_HAVE_NO_MEMORY(j->out.dns_domain_name);
+
+ j->out.netbios_domain_name = talloc_strdup(j, r->in.netbios_domain_name);
+ W_ERROR_HAVE_NO_MEMORY(j->out.netbios_domain_name);
+
+ j->out.domain_sid = dom_sid_dup(j, (struct dom_sid *)r->in.domain_sid);
+ W_ERROR_HAVE_NO_MEMORY(j->out.domain_sid);
+
+ j->out.domain_guid = *r->in.domain_guid;
+
+ j->out.forest_name = talloc_strdup(j, r->in.forest_name);
+ W_ERROR_HAVE_NO_MEMORY(j->out.forest_name);
+
+ j->out.domain_is_ad = r->in.domain_is_ad;
+
+ j->out.dcinfo = talloc_zero(j, struct netr_DsRGetDCNameInfo);
+ W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo);
+
+ j->out.dcinfo->dc_unc = talloc_asprintf(j->out.dcinfo, "\\\\%s", r->in.dc_name);
+ W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->dc_unc);
+
+ j->out.dcinfo->dc_address = talloc_asprintf(j->out.dcinfo, "\\\\%s", r->in.dc_address);
+ W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->dc_address);
+
+ j->out.dcinfo->dc_address_type = DS_ADDRESS_TYPE_INET;
+
+ j->out.dcinfo->domain_guid = *r->in.domain_guid;
+
+ j->out.dcinfo->domain_name = talloc_strdup(j->out.dcinfo, r->in.dns_domain_name);
+ W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->domain_name);
+
+ j->out.dcinfo->forest_name = talloc_strdup(j->out.dcinfo, r->in.forest_name);
+ W_ERROR_HAVE_NO_MEMORY(j->out.dcinfo->forest_name);
+
+ werr = libnet_odj_compose_ODJ_PROVISION_DATA(mem_ctx, j, p);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ return WERR_OK;
+}
+
+WERROR NetComposeOfflineDomainJoin_l(struct libnetapi_ctx *ctx,
+ struct NetComposeOfflineDomainJoin *r)
+{
+ WERROR werr;
+ enum ndr_err_code ndr_err;
+ const char *b64_bin_data_str;
+ DATA_BLOB blob;
+ struct ODJ_PROVISION_DATA_serialized_ptr odj_compose_data;
+ struct ODJ_PROVISION_DATA *p;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ if (r->in.compose_bin_data == NULL &&
+ r->in.compose_text_data == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+ if (r->in.compose_bin_data != NULL &&
+ r->in.compose_text_data != NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+ if (r->in.compose_bin_data == NULL &&
+ r->in.compose_bin_data_size != NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+ if (r->in.compose_bin_data != NULL &&
+ r->in.compose_bin_data_size == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.dns_domain_name == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.netbios_domain_name == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.domain_sid == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.domain_guid == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.forest_name == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.machine_account_name == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.machine_account_password == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.dc_name == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r->in.dc_address == NULL) {
+ werr = WERR_INVALID_PARAMETER;
+ goto out;
+ }
+
+ werr = NetComposeOfflineDomainJoin_backend(ctx, r, tmp_ctx, &p);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto out;
+ }
+
+ ZERO_STRUCT(odj_compose_data);
+
+ odj_compose_data.s.p = p;
+
+ ndr_err = ndr_push_struct_blob(&blob, ctx, &odj_compose_data,
+ (ndr_push_flags_fn_t)ndr_push_ODJ_PROVISION_DATA_serialized_ptr);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ werr = W_ERROR(NERR_BadOfflineJoinInfo);
+ goto out;
+ }
+
+ if (r->out.compose_text_data != NULL) {
+ b64_bin_data_str = base64_encode_data_blob(ctx, blob);
+ if (b64_bin_data_str == NULL) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ }
+ *r->out.compose_text_data = b64_bin_data_str;
+ }
+
+ if (r->out.compose_bin_data != NULL &&
+ r->out.compose_bin_data_size != NULL) {
+ *r->out.compose_bin_data = blob.data;
+ *r->out.compose_bin_data_size = blob.length;
+ }
+
+ werr = WERR_OK;
+out:
+ talloc_free(tmp_ctx);
+ return werr;
+}
diff --git a/source3/lib/netapi/libnetapi.c b/source3/lib/netapi/libnetapi.c
new file mode 100644
index 0000000..2907316
--- /dev/null
+++ b/source3/lib/netapi/libnetapi.c
@@ -0,0 +1,3019 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "librpc/gen_ndr/ndr_libnetapi.h"
+
+/****************************************************************
+ NetJoinDomain
+****************************************************************/
+
+NET_API_STATUS NetJoinDomain(const char * server /* [in] [unique] */,
+ const char * domain /* [in] [ref] */,
+ const char * account_ou /* [in] [unique] */,
+ const char * account /* [in] [unique] */,
+ const char * password /* [in] [unique] */,
+ uint32_t join_flags /* [in] */)
+{
+ struct NetJoinDomain r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server = server;
+ r.in.domain = domain;
+ r.in.account_ou = account_ou;
+ r.in.account = account;
+ r.in.password = password;
+ r.in.join_flags = join_flags;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetJoinDomain, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server)) {
+ werr = NetJoinDomain_l(ctx, &r);
+ } else {
+ werr = NetJoinDomain_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetJoinDomain, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUnjoinDomain
+****************************************************************/
+
+NET_API_STATUS NetUnjoinDomain(const char * server_name /* [in] [unique] */,
+ const char * account /* [in] [unique] */,
+ const char * password /* [in] [unique] */,
+ uint32_t unjoin_flags /* [in] */)
+{
+ struct NetUnjoinDomain r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.account = account;
+ r.in.password = password;
+ r.in.unjoin_flags = unjoin_flags;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUnjoinDomain, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUnjoinDomain_l(ctx, &r);
+ } else {
+ werr = NetUnjoinDomain_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUnjoinDomain, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGetJoinInformation
+****************************************************************/
+
+NET_API_STATUS NetGetJoinInformation(const char * server_name /* [in] [unique] */,
+ const char * *name_buffer /* [out] [ref] */,
+ uint16_t *name_type /* [out] [ref] */)
+{
+ struct NetGetJoinInformation r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+
+ /* Out parameters */
+ r.out.name_buffer = name_buffer;
+ r.out.name_type = name_type;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGetJoinInformation, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGetJoinInformation_l(ctx, &r);
+ } else {
+ werr = NetGetJoinInformation_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGetJoinInformation, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGetJoinableOUs
+****************************************************************/
+
+NET_API_STATUS NetGetJoinableOUs(const char * server_name /* [in] [unique] */,
+ const char * domain /* [in] [ref] */,
+ const char * account /* [in] [unique] */,
+ const char * password /* [in] [unique] */,
+ uint32_t *ou_count /* [out] [ref] */,
+ const char * **ous /* [out] [ref] */)
+{
+ struct NetGetJoinableOUs r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.domain = domain;
+ r.in.account = account;
+ r.in.password = password;
+
+ /* Out parameters */
+ r.out.ou_count = ou_count;
+ r.out.ous = ous;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGetJoinableOUs, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGetJoinableOUs_l(ctx, &r);
+ } else {
+ werr = NetGetJoinableOUs_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGetJoinableOUs, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetRenameMachineInDomain
+****************************************************************/
+
+NET_API_STATUS NetRenameMachineInDomain(const char * server_name /* [in] */,
+ const char * new_machine_name /* [in] */,
+ const char * account /* [in] */,
+ const char * password /* [in] */,
+ uint32_t rename_options /* [in] */)
+{
+ struct NetRenameMachineInDomain r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.new_machine_name = new_machine_name;
+ r.in.account = account;
+ r.in.password = password;
+ r.in.rename_options = rename_options;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetRenameMachineInDomain, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetRenameMachineInDomain_l(ctx, &r);
+ } else {
+ werr = NetRenameMachineInDomain_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetRenameMachineInDomain, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetProvisionComputerAccount
+****************************************************************/
+
+NET_API_STATUS NetProvisionComputerAccount(const char * domain /* [in] [ref] */,
+ const char * machine_name /* [in] [ref] */,
+ const char * machine_account_ou /* [in] [unique] */,
+ const char * dcname /* [in] [unique] */,
+ uint32_t options /* [in] */,
+ uint8_t **provision_bin_data /* [in,out] [unique] */,
+ uint32_t *provision_bin_data_size /* [in,out] [unique] */,
+ const char * *provision_text_data /* [in,out] [unique] */)
+{
+ struct NetProvisionComputerAccount r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.domain = domain;
+ r.in.machine_name = machine_name;
+ r.in.machine_account_ou = machine_account_ou;
+ r.in.dcname = dcname;
+ r.in.options = options;
+ r.in.provision_bin_data = provision_bin_data;
+ r.in.provision_bin_data_size = provision_bin_data_size;
+ r.in.provision_text_data = provision_text_data;
+
+ /* Out parameters */
+ r.out.provision_bin_data = provision_bin_data;
+ r.out.provision_bin_data_size = provision_bin_data_size;
+ r.out.provision_text_data = provision_text_data;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetProvisionComputerAccount, &r);
+ }
+
+ werr = NetProvisionComputerAccount_l(ctx, &r);
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetProvisionComputerAccount, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetRequestOfflineDomainJoin
+****************************************************************/
+
+NET_API_STATUS NetRequestOfflineDomainJoin(uint8_t *provision_bin_data /* [in] [unique] */,
+ uint32_t provision_bin_data_size /* [in] */,
+ uint32_t options /* [in] */,
+ const char * windows_path /* [in] [unique] */)
+{
+ struct NetRequestOfflineDomainJoin r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.provision_bin_data = provision_bin_data;
+ r.in.provision_bin_data_size = provision_bin_data_size;
+ r.in.options = options;
+ r.in.windows_path = windows_path;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetRequestOfflineDomainJoin, &r);
+ }
+
+ werr = NetRequestOfflineDomainJoin_l(ctx, &r);
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetRequestOfflineDomainJoin, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetComposeOfflineDomainJoin
+****************************************************************/
+NET_API_STATUS NetComposeOfflineDomainJoin(const char *dns_domain_name /* [in] [ref] */,
+ const char *netbios_domain_name /* [in] [ref] */,
+ struct domsid *domain_sid /* [in] [ref] */,
+ struct GUID *domain_guid /* [in] [ref] */,
+ const char *forest_name /* [in] [ref] */,
+ const char *machine_account_name /* [in] [ref] */,
+ const char *machine_account_password /* [in] [ref] */,
+ const char *dc_name /* [in] [unique] */,
+ const char *dc_address /* [in] [unique] */,
+ int domain_is_ad /* [in] */,
+ uint8_t **compose_bin_data /* [in,out] [unique] */,
+ uint32_t *compose_bin_data_size /* [in,out] [unique] */,
+ const char * *compose_text_data /* [in,out] [unique] */)
+{
+ struct NetComposeOfflineDomainJoin r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.dns_domain_name = dns_domain_name;
+ r.in.netbios_domain_name = netbios_domain_name;
+ r.in.domain_sid = domain_sid;
+ r.in.domain_guid = domain_guid;
+ r.in.forest_name = forest_name;
+ r.in.machine_account_name = machine_account_name;
+ r.in.machine_account_password = machine_account_password;
+ r.in.dc_name = dc_name;
+ r.in.dc_address = dc_address;
+ r.in.domain_is_ad = domain_is_ad;
+ r.in.compose_bin_data = compose_bin_data;
+ r.in.compose_bin_data_size = compose_bin_data_size;
+ r.in.compose_text_data = compose_text_data;
+
+ /* Out parameters */
+ r.out.compose_bin_data = compose_bin_data;
+ r.out.compose_bin_data_size = compose_bin_data_size;
+ r.out.compose_text_data = compose_text_data;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetComposeOfflineDomainJoin, &r);
+ }
+
+ werr = NetComposeOfflineDomainJoin_l(ctx, &r);
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetComposeOfflineDomainJoin, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetServerGetInfo
+****************************************************************/
+
+NET_API_STATUS NetServerGetInfo(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetServerGetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetServerGetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetServerGetInfo_l(ctx, &r);
+ } else {
+ werr = NetServerGetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetServerGetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetServerSetInfo
+****************************************************************/
+
+NET_API_STATUS NetServerSetInfo(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_error /* [out] [ref] */)
+{
+ struct NetServerSetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_error = parm_error;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetServerSetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetServerSetInfo_l(ctx, &r);
+ } else {
+ werr = NetServerSetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetServerSetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetWkstaGetInfo
+****************************************************************/
+
+NET_API_STATUS NetWkstaGetInfo(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetWkstaGetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetWkstaGetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetWkstaGetInfo_l(ctx, &r);
+ } else {
+ werr = NetWkstaGetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetWkstaGetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGetDCName
+****************************************************************/
+
+NET_API_STATUS NetGetDCName(const char * server_name /* [in] [unique] */,
+ const char * domain_name /* [in] [unique] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetGetDCName r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.domain_name = domain_name;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGetDCName, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGetDCName_l(ctx, &r);
+ } else {
+ werr = NetGetDCName_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGetDCName, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGetAnyDCName
+****************************************************************/
+
+NET_API_STATUS NetGetAnyDCName(const char * server_name /* [in] [unique] */,
+ const char * domain_name /* [in] [unique] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetGetAnyDCName r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.domain_name = domain_name;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGetAnyDCName, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGetAnyDCName_l(ctx, &r);
+ } else {
+ werr = NetGetAnyDCName_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGetAnyDCName, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ DsGetDcName
+****************************************************************/
+
+NET_API_STATUS DsGetDcName(const char * server_name /* [in] [unique] */,
+ const char * domain_name /* [in] [ref] */,
+ struct GUID *domain_guid /* [in] [unique] */,
+ const char * site_name /* [in] [unique] */,
+ uint32_t flags /* [in] */,
+ struct DOMAIN_CONTROLLER_INFO **dc_info /* [out] [ref] */)
+{
+ struct DsGetDcName r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.domain_name = domain_name;
+ r.in.domain_guid = domain_guid;
+ r.in.site_name = site_name;
+ r.in.flags = flags;
+
+ /* Out parameters */
+ r.out.dc_info = dc_info;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(DsGetDcName, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = DsGetDcName_l(ctx, &r);
+ } else {
+ werr = DsGetDcName_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(DsGetDcName, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserAdd
+****************************************************************/
+
+NET_API_STATUS NetUserAdd(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_error /* [out] [ref] */)
+{
+ struct NetUserAdd r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_error = parm_error;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserAdd, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserAdd_l(ctx, &r);
+ } else {
+ werr = NetUserAdd_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserAdd, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserDel
+****************************************************************/
+
+NET_API_STATUS NetUserDel(const char * server_name /* [in] [unique] */,
+ const char * user_name /* [in] [ref] */)
+{
+ struct NetUserDel r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.user_name = user_name;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserDel, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserDel_l(ctx, &r);
+ } else {
+ werr = NetUserDel_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserDel, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserEnum
+****************************************************************/
+
+NET_API_STATUS NetUserEnum(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint32_t filter /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */)
+{
+ struct NetUserEnum r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.filter = filter;
+ r.in.prefmaxlen = prefmaxlen;
+ r.in.resume_handle = resume_handle;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+ r.out.resume_handle = resume_handle;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserEnum, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserEnum_l(ctx, &r);
+ } else {
+ werr = NetUserEnum_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserEnum, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserChangePassword
+****************************************************************/
+
+NET_API_STATUS NetUserChangePassword(const char * domain_name /* [in] */,
+ const char * user_name /* [in] */,
+ const char * old_password /* [in] */,
+ const char * new_password /* [in] */)
+{
+ struct NetUserChangePassword r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.domain_name = domain_name;
+ r.in.user_name = user_name;
+ r.in.old_password = old_password;
+ r.in.new_password = new_password;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserChangePassword, &r);
+ }
+
+ werr = NetUserChangePassword_l(ctx, &r);
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserChangePassword, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserGetInfo
+****************************************************************/
+
+NET_API_STATUS NetUserGetInfo(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetUserGetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.user_name = user_name;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserGetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserGetInfo_l(ctx, &r);
+ } else {
+ werr = NetUserGetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserGetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserSetInfo
+****************************************************************/
+
+NET_API_STATUS NetUserSetInfo(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetUserSetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.user_name = user_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserSetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserSetInfo_l(ctx, &r);
+ } else {
+ werr = NetUserSetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserSetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserGetGroups
+****************************************************************/
+
+NET_API_STATUS NetUserGetGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */)
+{
+ struct NetUserGetGroups r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.user_name = user_name;
+ r.in.level = level;
+ r.in.prefmaxlen = prefmaxlen;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserGetGroups, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserGetGroups_l(ctx, &r);
+ } else {
+ werr = NetUserGetGroups_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserGetGroups, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserSetGroups
+****************************************************************/
+
+NET_API_STATUS NetUserSetGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t num_entries /* [in] */)
+{
+ struct NetUserSetGroups r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.user_name = user_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+ r.in.num_entries = num_entries;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserSetGroups, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserSetGroups_l(ctx, &r);
+ } else {
+ werr = NetUserSetGroups_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserSetGroups, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserGetLocalGroups
+****************************************************************/
+
+NET_API_STATUS NetUserGetLocalGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint32_t flags /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */)
+{
+ struct NetUserGetLocalGroups r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.user_name = user_name;
+ r.in.level = level;
+ r.in.flags = flags;
+ r.in.prefmaxlen = prefmaxlen;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserGetLocalGroups, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserGetLocalGroups_l(ctx, &r);
+ } else {
+ werr = NetUserGetLocalGroups_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserGetLocalGroups, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserModalsGet
+****************************************************************/
+
+NET_API_STATUS NetUserModalsGet(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetUserModalsGet r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserModalsGet, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserModalsGet_l(ctx, &r);
+ } else {
+ werr = NetUserModalsGet_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserModalsGet, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetUserModalsSet
+****************************************************************/
+
+NET_API_STATUS NetUserModalsSet(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetUserModalsSet r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetUserModalsSet, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetUserModalsSet_l(ctx, &r);
+ } else {
+ werr = NetUserModalsSet_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetUserModalsSet, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetQueryDisplayInformation
+****************************************************************/
+
+NET_API_STATUS NetQueryDisplayInformation(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint32_t idx /* [in] */,
+ uint32_t entries_requested /* [in] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ void **buffer /* [out] [noprint,ref] */)
+{
+ struct NetQueryDisplayInformation r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.idx = idx;
+ r.in.entries_requested = entries_requested;
+ r.in.prefmaxlen = prefmaxlen;
+
+ /* Out parameters */
+ r.out.entries_read = entries_read;
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetQueryDisplayInformation, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetQueryDisplayInformation_l(ctx, &r);
+ } else {
+ werr = NetQueryDisplayInformation_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetQueryDisplayInformation, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupAdd
+****************************************************************/
+
+NET_API_STATUS NetGroupAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetGroupAdd r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupAdd, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupAdd_l(ctx, &r);
+ } else {
+ werr = NetGroupAdd_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupAdd, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupDel
+****************************************************************/
+
+NET_API_STATUS NetGroupDel(const char * server_name /* [in] */,
+ const char * group_name /* [in] */)
+{
+ struct NetGroupDel r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupDel, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupDel_l(ctx, &r);
+ } else {
+ werr = NetGroupDel_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupDel, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupEnum
+****************************************************************/
+
+NET_API_STATUS NetGroupEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */)
+{
+ struct NetGroupEnum r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.prefmaxlen = prefmaxlen;
+ r.in.resume_handle = resume_handle;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+ r.out.resume_handle = resume_handle;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupEnum, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupEnum_l(ctx, &r);
+ } else {
+ werr = NetGroupEnum_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupEnum, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupSetInfo
+****************************************************************/
+
+NET_API_STATUS NetGroupSetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetGroupSetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupSetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupSetInfo_l(ctx, &r);
+ } else {
+ werr = NetGroupSetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupSetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupGetInfo
+****************************************************************/
+
+NET_API_STATUS NetGroupGetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetGroupGetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupGetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupGetInfo_l(ctx, &r);
+ } else {
+ werr = NetGroupGetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupGetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupAddUser
+****************************************************************/
+
+NET_API_STATUS NetGroupAddUser(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ const char * user_name /* [in] */)
+{
+ struct NetGroupAddUser r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.user_name = user_name;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupAddUser, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupAddUser_l(ctx, &r);
+ } else {
+ werr = NetGroupAddUser_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupAddUser, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupDelUser
+****************************************************************/
+
+NET_API_STATUS NetGroupDelUser(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ const char * user_name /* [in] */)
+{
+ struct NetGroupDelUser r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.user_name = user_name;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupDelUser, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupDelUser_l(ctx, &r);
+ } else {
+ werr = NetGroupDelUser_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupDelUser, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupGetUsers
+****************************************************************/
+
+NET_API_STATUS NetGroupGetUsers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */)
+{
+ struct NetGroupGetUsers r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+ r.in.prefmaxlen = prefmaxlen;
+ r.in.resume_handle = resume_handle;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+ r.out.resume_handle = resume_handle;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupGetUsers, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupGetUsers_l(ctx, &r);
+ } else {
+ werr = NetGroupGetUsers_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupGetUsers, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetGroupSetUsers
+****************************************************************/
+
+NET_API_STATUS NetGroupSetUsers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t num_entries /* [in] */)
+{
+ struct NetGroupSetUsers r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+ r.in.num_entries = num_entries;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetGroupSetUsers, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetGroupSetUsers_l(ctx, &r);
+ } else {
+ werr = NetGroupSetUsers_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetGroupSetUsers, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupAdd
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetLocalGroupAdd r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupAdd, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupAdd_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupAdd_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupAdd, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupDel
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupDel(const char * server_name /* [in] */,
+ const char * group_name /* [in] */)
+{
+ struct NetLocalGroupDel r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupDel, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupDel_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupDel_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupDel, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupGetInfo
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupGetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetLocalGroupGetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupGetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupGetInfo_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupGetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupGetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupSetInfo
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupSetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetLocalGroupSetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupSetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupSetInfo_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupSetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupSetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupEnum
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */)
+{
+ struct NetLocalGroupEnum r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.prefmaxlen = prefmaxlen;
+ r.in.resume_handle = resume_handle;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+ r.out.resume_handle = resume_handle;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupEnum, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupEnum_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupEnum_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupEnum, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupAddMembers
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupAddMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */)
+{
+ struct NetLocalGroupAddMembers r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+ r.in.total_entries = total_entries;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupAddMembers, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupAddMembers_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupAddMembers_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupAddMembers, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupDelMembers
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupDelMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */)
+{
+ struct NetLocalGroupDelMembers r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+ r.in.total_entries = total_entries;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupDelMembers, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupDelMembers_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupDelMembers_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupDelMembers, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupGetMembers
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupGetMembers(const char * server_name /* [in] */,
+ const char * local_group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */)
+{
+ struct NetLocalGroupGetMembers r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.local_group_name = local_group_name;
+ r.in.level = level;
+ r.in.prefmaxlen = prefmaxlen;
+ r.in.resume_handle = resume_handle;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+ r.out.resume_handle = resume_handle;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupGetMembers, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupGetMembers_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupGetMembers_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupGetMembers, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetLocalGroupSetMembers
+****************************************************************/
+
+NET_API_STATUS NetLocalGroupSetMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */)
+{
+ struct NetLocalGroupSetMembers r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.group_name = group_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+ r.in.total_entries = total_entries;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetLocalGroupSetMembers, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetLocalGroupSetMembers_l(ctx, &r);
+ } else {
+ werr = NetLocalGroupSetMembers_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetLocalGroupSetMembers, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetRemoteTOD
+****************************************************************/
+
+NET_API_STATUS NetRemoteTOD(const char * server_name /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetRemoteTOD r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetRemoteTOD, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetRemoteTOD_l(ctx, &r);
+ } else {
+ werr = NetRemoteTOD_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetRemoteTOD, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetShareAdd
+****************************************************************/
+
+NET_API_STATUS NetShareAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetShareAdd r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetShareAdd, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetShareAdd_l(ctx, &r);
+ } else {
+ werr = NetShareAdd_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetShareAdd, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetShareDel
+****************************************************************/
+
+NET_API_STATUS NetShareDel(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t reserved /* [in] */)
+{
+ struct NetShareDel r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.net_name = net_name;
+ r.in.reserved = reserved;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetShareDel, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetShareDel_l(ctx, &r);
+ } else {
+ werr = NetShareDel_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetShareDel, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetShareEnum
+****************************************************************/
+
+NET_API_STATUS NetShareEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */)
+{
+ struct NetShareEnum r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.level = level;
+ r.in.prefmaxlen = prefmaxlen;
+ r.in.resume_handle = resume_handle;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+ r.out.resume_handle = resume_handle;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetShareEnum, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetShareEnum_l(ctx, &r);
+ } else {
+ werr = NetShareEnum_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetShareEnum, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetShareGetInfo
+****************************************************************/
+
+NET_API_STATUS NetShareGetInfo(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetShareGetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.net_name = net_name;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetShareGetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetShareGetInfo_l(ctx, &r);
+ } else {
+ werr = NetShareGetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetShareGetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetShareSetInfo
+****************************************************************/
+
+NET_API_STATUS NetShareSetInfo(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */)
+{
+ struct NetShareSetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.net_name = net_name;
+ r.in.level = level;
+ r.in.buffer = buffer;
+
+ /* Out parameters */
+ r.out.parm_err = parm_err;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetShareSetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetShareSetInfo_l(ctx, &r);
+ } else {
+ werr = NetShareSetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetShareSetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetFileClose
+****************************************************************/
+
+NET_API_STATUS NetFileClose(const char * server_name /* [in] */,
+ uint32_t fileid /* [in] */)
+{
+ struct NetFileClose r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.fileid = fileid;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetFileClose, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetFileClose_l(ctx, &r);
+ } else {
+ werr = NetFileClose_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetFileClose, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetFileGetInfo
+****************************************************************/
+
+NET_API_STATUS NetFileGetInfo(const char * server_name /* [in] */,
+ uint32_t fileid /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct NetFileGetInfo r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.fileid = fileid;
+ r.in.level = level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetFileGetInfo, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetFileGetInfo_l(ctx, &r);
+ } else {
+ werr = NetFileGetInfo_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetFileGetInfo, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetFileEnum
+****************************************************************/
+
+NET_API_STATUS NetFileEnum(const char * server_name /* [in] */,
+ const char * base_path /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */)
+{
+ struct NetFileEnum r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.base_path = base_path;
+ r.in.user_name = user_name;
+ r.in.level = level;
+ r.in.prefmaxlen = prefmaxlen;
+ r.in.resume_handle = resume_handle;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+ r.out.entries_read = entries_read;
+ r.out.total_entries = total_entries;
+ r.out.resume_handle = resume_handle;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetFileEnum, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetFileEnum_l(ctx, &r);
+ } else {
+ werr = NetFileEnum_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetFileEnum, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetShutdownInit
+****************************************************************/
+
+NET_API_STATUS NetShutdownInit(const char * server_name /* [in] */,
+ const char * message /* [in] */,
+ uint32_t timeout /* [in] */,
+ uint8_t force_apps /* [in] */,
+ uint8_t do_reboot /* [in] */)
+{
+ struct NetShutdownInit r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.message = message;
+ r.in.timeout = timeout;
+ r.in.force_apps = force_apps;
+ r.in.do_reboot = do_reboot;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetShutdownInit, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetShutdownInit_l(ctx, &r);
+ } else {
+ werr = NetShutdownInit_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetShutdownInit, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ NetShutdownAbort
+****************************************************************/
+
+NET_API_STATUS NetShutdownAbort(const char * server_name /* [in] */)
+{
+ struct NetShutdownAbort r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+
+ /* Out parameters */
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(NetShutdownAbort, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = NetShutdownAbort_l(ctx, &r);
+ } else {
+ werr = NetShutdownAbort_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(NetShutdownAbort, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ I_NetLogonControl
+****************************************************************/
+
+NET_API_STATUS I_NetLogonControl(const char * server_name /* [in] */,
+ uint32_t function_code /* [in] */,
+ uint32_t query_level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct I_NetLogonControl r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.function_code = function_code;
+ r.in.query_level = query_level;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(I_NetLogonControl, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = I_NetLogonControl_l(ctx, &r);
+ } else {
+ werr = I_NetLogonControl_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(I_NetLogonControl, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
+/****************************************************************
+ I_NetLogonControl2
+****************************************************************/
+
+NET_API_STATUS I_NetLogonControl2(const char * server_name /* [in] */,
+ uint32_t function_code /* [in] */,
+ uint32_t query_level /* [in] */,
+ uint8_t *data /* [in] [unique] */,
+ uint8_t **buffer /* [out] [ref] */)
+{
+ struct I_NetLogonControl2 r;
+ struct libnetapi_ctx *ctx = NULL;
+ NET_API_STATUS status;
+ WERROR werr;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ ZERO_STRUCT(r);
+
+ status = libnetapi_getctx(&ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* In parameters */
+ r.in.server_name = server_name;
+ r.in.function_code = function_code;
+ r.in.query_level = query_level;
+ r.in.data = data;
+
+ /* Out parameters */
+ r.out.buffer = buffer;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(I_NetLogonControl2, &r);
+ }
+
+ if (LIBNETAPI_LOCAL_SERVER(server_name)) {
+ werr = I_NetLogonControl2_l(ctx, &r);
+ } else {
+ werr = I_NetLogonControl2_r(ctx, &r);
+ }
+
+ r.out.result = W_ERROR_V(werr);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(I_NetLogonControl2, &r);
+ }
+
+ TALLOC_FREE(frame);
+ return (NET_API_STATUS)r.out.result;
+}
+
diff --git a/source3/lib/netapi/libnetapi.h b/source3/lib/netapi/libnetapi.h
new file mode 100644
index 0000000..784d467
--- /dev/null
+++ b/source3/lib/netapi/libnetapi.h
@@ -0,0 +1,523 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBNETAPI_LIBNETAPI__
+#define __LIBNETAPI_LIBNETAPI__
+NET_API_STATUS NetJoinDomain(const char * server /* [in] [unique] */,
+ const char * domain /* [in] [ref] */,
+ const char * account_ou /* [in] [unique] */,
+ const char * account /* [in] [unique] */,
+ const char * password /* [in] [unique] */,
+ uint32_t join_flags /* [in] */);
+WERROR NetJoinDomain_r(struct libnetapi_ctx *ctx,
+ struct NetJoinDomain *r);
+WERROR NetJoinDomain_l(struct libnetapi_ctx *ctx,
+ struct NetJoinDomain *r);
+NET_API_STATUS NetUnjoinDomain(const char * server_name /* [in] [unique] */,
+ const char * account /* [in] [unique] */,
+ const char * password /* [in] [unique] */,
+ uint32_t unjoin_flags /* [in] */);
+WERROR NetUnjoinDomain_r(struct libnetapi_ctx *ctx,
+ struct NetUnjoinDomain *r);
+WERROR NetUnjoinDomain_l(struct libnetapi_ctx *ctx,
+ struct NetUnjoinDomain *r);
+NET_API_STATUS NetGetJoinInformation(const char * server_name /* [in] [unique] */,
+ const char * *name_buffer /* [out] [ref] */,
+ uint16_t *name_type /* [out] [ref] */);
+WERROR NetGetJoinInformation_r(struct libnetapi_ctx *ctx,
+ struct NetGetJoinInformation *r);
+WERROR NetGetJoinInformation_l(struct libnetapi_ctx *ctx,
+ struct NetGetJoinInformation *r);
+NET_API_STATUS NetGetJoinableOUs(const char * server_name /* [in] [unique] */,
+ const char * domain /* [in] [ref] */,
+ const char * account /* [in] [unique] */,
+ const char * password /* [in] [unique] */,
+ uint32_t *ou_count /* [out] [ref] */,
+ const char * **ous /* [out] [ref] */);
+WERROR NetGetJoinableOUs_r(struct libnetapi_ctx *ctx,
+ struct NetGetJoinableOUs *r);
+WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
+ struct NetGetJoinableOUs *r);
+NET_API_STATUS NetRenameMachineInDomain(const char * server_name /* [in] */,
+ const char * new_machine_name /* [in] */,
+ const char * account /* [in] */,
+ const char * password /* [in] */,
+ uint32_t rename_options /* [in] */);
+WERROR NetRenameMachineInDomain_r(struct libnetapi_ctx *ctx,
+ struct NetRenameMachineInDomain *r);
+WERROR NetRenameMachineInDomain_l(struct libnetapi_ctx *ctx,
+ struct NetRenameMachineInDomain *r);
+NET_API_STATUS NetProvisionComputerAccount(const char * domain /* [in] [ref] */,
+ const char * machine_name /* [in] [ref] */,
+ const char * machine_account_ou /* [in] [unique] */,
+ const char * dcname /* [in] [unique] */,
+ uint32_t options /* [in] */,
+ uint8_t **provision_bin_data /* [in,out] [unique] */,
+ uint32_t *provision_bin_data_size /* [in,out] [unique] */,
+ const char * *provision_text_data /* [in,out] [unique] */);
+WERROR NetProvisionComputerAccount_r(struct libnetapi_ctx *ctx,
+ struct NetProvisionComputerAccount *r);
+WERROR NetProvisionComputerAccount_l(struct libnetapi_ctx *ctx,
+ struct NetProvisionComputerAccount *r);
+NET_API_STATUS NetRequestOfflineDomainJoin(uint8_t *provision_bin_data /* [in] [unique] */,
+ uint32_t provision_bin_data_size /* [in] */,
+ uint32_t options /* [in] */,
+ const char * windows_path /* [in] [unique] */);
+WERROR NetRequestOfflineDomainJoin_r(struct libnetapi_ctx *ctx,
+ struct NetRequestOfflineDomainJoin *r);
+WERROR NetRequestOfflineDomainJoin_l(struct libnetapi_ctx *ctx,
+ struct NetRequestOfflineDomainJoin *r);
+NET_API_STATUS NetComposeOfflineDomainJoin(const char *dns_domain_name /* [in] [ref] */,
+ const char *netbios_domain_name /* [in] [ref] */,
+ struct domsid *domain_sid /* [in] [ref] */,
+ struct GUID *domain_guid /* [in] [ref] */,
+ const char *forest_name /* [in] [ref] */,
+ const char *machine_account_name /* [in] [ref] */,
+ const char *machine_account_password /* [in] [ref] */,
+ const char *dc_name /* [in] [unique] */,
+ const char *dc_address /* [in] [unique] */,
+ int domain_is_ad /* [in] */,
+ uint8_t **provision_bin_data /* [in,out] [unique] */,
+ uint32_t *provision_bin_data_size /* [in,out] [unique] */,
+ const char * *provision_text_data /* [in,out] [unique] */);
+WERROR NetComposeOfflineDomainJoin_r(struct libnetapi_ctx *ctx,
+ struct NetComposeOfflineDomainJoin *r);
+WERROR NetComposeOfflineDomainJoin_l(struct libnetapi_ctx *ctx,
+ struct NetComposeOfflineDomainJoin *r);
+NET_API_STATUS NetServerGetInfo(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetServerGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetServerGetInfo *r);
+WERROR NetServerGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetServerGetInfo *r);
+NET_API_STATUS NetServerSetInfo(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_error /* [out] [ref] */);
+WERROR NetServerSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetServerSetInfo *r);
+WERROR NetServerSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetServerSetInfo *r);
+NET_API_STATUS NetWkstaGetInfo(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetWkstaGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetWkstaGetInfo *r);
+WERROR NetWkstaGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetWkstaGetInfo *r);
+NET_API_STATUS NetGetDCName(const char * server_name /* [in] [unique] */,
+ const char * domain_name /* [in] [unique] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
+ struct NetGetDCName *r);
+WERROR NetGetDCName_l(struct libnetapi_ctx *ctx,
+ struct NetGetDCName *r);
+NET_API_STATUS NetGetAnyDCName(const char * server_name /* [in] [unique] */,
+ const char * domain_name /* [in] [unique] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx,
+ struct NetGetAnyDCName *r);
+WERROR NetGetAnyDCName_l(struct libnetapi_ctx *ctx,
+ struct NetGetAnyDCName *r);
+NET_API_STATUS DsGetDcName(const char * server_name /* [in] [unique] */,
+ const char * domain_name /* [in] [ref] */,
+ struct GUID *domain_guid /* [in] [unique] */,
+ const char * site_name /* [in] [unique] */,
+ uint32_t flags /* [in] */,
+ struct DOMAIN_CONTROLLER_INFO **dc_info /* [out] [ref] */);
+WERROR DsGetDcName_r(struct libnetapi_ctx *ctx,
+ struct DsGetDcName *r);
+WERROR DsGetDcName_l(struct libnetapi_ctx *ctx,
+ struct DsGetDcName *r);
+NET_API_STATUS NetUserAdd(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_error /* [out] [ref] */);
+WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
+ struct NetUserAdd *r);
+WERROR NetUserAdd_l(struct libnetapi_ctx *ctx,
+ struct NetUserAdd *r);
+NET_API_STATUS NetUserDel(const char * server_name /* [in] [unique] */,
+ const char * user_name /* [in] [ref] */);
+WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
+ struct NetUserDel *r);
+WERROR NetUserDel_l(struct libnetapi_ctx *ctx,
+ struct NetUserDel *r);
+NET_API_STATUS NetUserEnum(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint32_t filter /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
+ struct NetUserEnum *r);
+WERROR NetUserEnum_l(struct libnetapi_ctx *ctx,
+ struct NetUserEnum *r);
+NET_API_STATUS NetUserChangePassword(const char * domain_name /* [in] */,
+ const char * user_name /* [in] */,
+ const char * old_password /* [in] */,
+ const char * new_password /* [in] */);
+WERROR NetUserChangePassword_r(struct libnetapi_ctx *ctx,
+ struct NetUserChangePassword *r);
+WERROR NetUserChangePassword_l(struct libnetapi_ctx *ctx,
+ struct NetUserChangePassword *r);
+NET_API_STATUS NetUserGetInfo(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetUserGetInfo *r);
+WERROR NetUserGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetUserGetInfo *r);
+NET_API_STATUS NetUserSetInfo(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetUserSetInfo *r);
+WERROR NetUserSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetUserSetInfo *r);
+NET_API_STATUS NetUserGetGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */);
+WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
+ struct NetUserGetGroups *r);
+WERROR NetUserGetGroups_l(struct libnetapi_ctx *ctx,
+ struct NetUserGetGroups *r);
+NET_API_STATUS NetUserSetGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t num_entries /* [in] */);
+WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
+ struct NetUserSetGroups *r);
+WERROR NetUserSetGroups_l(struct libnetapi_ctx *ctx,
+ struct NetUserSetGroups *r);
+NET_API_STATUS NetUserGetLocalGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint32_t flags /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */);
+WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
+ struct NetUserGetLocalGroups *r);
+WERROR NetUserGetLocalGroups_l(struct libnetapi_ctx *ctx,
+ struct NetUserGetLocalGroups *r);
+NET_API_STATUS NetUserModalsGet(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx,
+ struct NetUserModalsGet *r);
+WERROR NetUserModalsGet_l(struct libnetapi_ctx *ctx,
+ struct NetUserModalsGet *r);
+NET_API_STATUS NetUserModalsSet(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx,
+ struct NetUserModalsSet *r);
+WERROR NetUserModalsSet_l(struct libnetapi_ctx *ctx,
+ struct NetUserModalsSet *r);
+NET_API_STATUS NetQueryDisplayInformation(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint32_t idx /* [in] */,
+ uint32_t entries_requested /* [in] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ void **buffer /* [out] [noprint,ref] */);
+WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
+ struct NetQueryDisplayInformation *r);
+WERROR NetQueryDisplayInformation_l(struct libnetapi_ctx *ctx,
+ struct NetQueryDisplayInformation *r);
+NET_API_STATUS NetGroupAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
+ struct NetGroupAdd *r);
+WERROR NetGroupAdd_l(struct libnetapi_ctx *ctx,
+ struct NetGroupAdd *r);
+NET_API_STATUS NetGroupDel(const char * server_name /* [in] */,
+ const char * group_name /* [in] */);
+WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
+ struct NetGroupDel *r);
+WERROR NetGroupDel_l(struct libnetapi_ctx *ctx,
+ struct NetGroupDel *r);
+NET_API_STATUS NetGroupEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+WERROR NetGroupEnum_r(struct libnetapi_ctx *ctx,
+ struct NetGroupEnum *r);
+WERROR NetGroupEnum_l(struct libnetapi_ctx *ctx,
+ struct NetGroupEnum *r);
+NET_API_STATUS NetGroupSetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetGroupSetInfo *r);
+WERROR NetGroupSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetGroupSetInfo *r);
+NET_API_STATUS NetGroupGetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetGroupGetInfo *r);
+WERROR NetGroupGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetGroupGetInfo *r);
+NET_API_STATUS NetGroupAddUser(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ const char * user_name /* [in] */);
+WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
+ struct NetGroupAddUser *r);
+WERROR NetGroupAddUser_l(struct libnetapi_ctx *ctx,
+ struct NetGroupAddUser *r);
+NET_API_STATUS NetGroupDelUser(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ const char * user_name /* [in] */);
+WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
+ struct NetGroupDelUser *r);
+WERROR NetGroupDelUser_l(struct libnetapi_ctx *ctx,
+ struct NetGroupDelUser *r);
+NET_API_STATUS NetGroupGetUsers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
+ struct NetGroupGetUsers *r);
+WERROR NetGroupGetUsers_l(struct libnetapi_ctx *ctx,
+ struct NetGroupGetUsers *r);
+NET_API_STATUS NetGroupSetUsers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t num_entries /* [in] */);
+WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
+ struct NetGroupSetUsers *r);
+WERROR NetGroupSetUsers_l(struct libnetapi_ctx *ctx,
+ struct NetGroupSetUsers *r);
+NET_API_STATUS NetLocalGroupAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAdd *r);
+WERROR NetLocalGroupAdd_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAdd *r);
+NET_API_STATUS NetLocalGroupDel(const char * server_name /* [in] */,
+ const char * group_name /* [in] */);
+WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDel *r);
+WERROR NetLocalGroupDel_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDel *r);
+NET_API_STATUS NetLocalGroupGetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetInfo *r);
+WERROR NetLocalGroupGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetInfo *r);
+NET_API_STATUS NetLocalGroupSetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetInfo *r);
+WERROR NetLocalGroupSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetInfo *r);
+NET_API_STATUS NetLocalGroupEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupEnum *r);
+WERROR NetLocalGroupEnum_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupEnum *r);
+NET_API_STATUS NetLocalGroupAddMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */);
+WERROR NetLocalGroupAddMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAddMembers *r);
+WERROR NetLocalGroupAddMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAddMembers *r);
+NET_API_STATUS NetLocalGroupDelMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */);
+WERROR NetLocalGroupDelMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDelMembers *r);
+WERROR NetLocalGroupDelMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDelMembers *r);
+NET_API_STATUS NetLocalGroupGetMembers(const char * server_name /* [in] */,
+ const char * local_group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+WERROR NetLocalGroupGetMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetMembers *r);
+WERROR NetLocalGroupGetMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetMembers *r);
+NET_API_STATUS NetLocalGroupSetMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */);
+WERROR NetLocalGroupSetMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetMembers *r);
+WERROR NetLocalGroupSetMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetMembers *r);
+NET_API_STATUS NetRemoteTOD(const char * server_name /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetRemoteTOD_r(struct libnetapi_ctx *ctx,
+ struct NetRemoteTOD *r);
+WERROR NetRemoteTOD_l(struct libnetapi_ctx *ctx,
+ struct NetRemoteTOD *r);
+NET_API_STATUS NetShareAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetShareAdd_r(struct libnetapi_ctx *ctx,
+ struct NetShareAdd *r);
+WERROR NetShareAdd_l(struct libnetapi_ctx *ctx,
+ struct NetShareAdd *r);
+NET_API_STATUS NetShareDel(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t reserved /* [in] */);
+WERROR NetShareDel_r(struct libnetapi_ctx *ctx,
+ struct NetShareDel *r);
+WERROR NetShareDel_l(struct libnetapi_ctx *ctx,
+ struct NetShareDel *r);
+NET_API_STATUS NetShareEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+WERROR NetShareEnum_r(struct libnetapi_ctx *ctx,
+ struct NetShareEnum *r);
+WERROR NetShareEnum_l(struct libnetapi_ctx *ctx,
+ struct NetShareEnum *r);
+NET_API_STATUS NetShareGetInfo(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetShareGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetShareGetInfo *r);
+WERROR NetShareGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetShareGetInfo *r);
+NET_API_STATUS NetShareSetInfo(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+WERROR NetShareSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetShareSetInfo *r);
+WERROR NetShareSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetShareSetInfo *r);
+NET_API_STATUS NetFileClose(const char * server_name /* [in] */,
+ uint32_t fileid /* [in] */);
+WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
+ struct NetFileClose *r);
+WERROR NetFileClose_l(struct libnetapi_ctx *ctx,
+ struct NetFileClose *r);
+NET_API_STATUS NetFileGetInfo(const char * server_name /* [in] */,
+ uint32_t fileid /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR NetFileGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetFileGetInfo *r);
+WERROR NetFileGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetFileGetInfo *r);
+NET_API_STATUS NetFileEnum(const char * server_name /* [in] */,
+ const char * base_path /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+WERROR NetFileEnum_r(struct libnetapi_ctx *ctx,
+ struct NetFileEnum *r);
+WERROR NetFileEnum_l(struct libnetapi_ctx *ctx,
+ struct NetFileEnum *r);
+NET_API_STATUS NetShutdownInit(const char * server_name /* [in] */,
+ const char * message /* [in] */,
+ uint32_t timeout /* [in] */,
+ uint8_t force_apps /* [in] */,
+ uint8_t do_reboot /* [in] */);
+WERROR NetShutdownInit_r(struct libnetapi_ctx *ctx,
+ struct NetShutdownInit *r);
+WERROR NetShutdownInit_l(struct libnetapi_ctx *ctx,
+ struct NetShutdownInit *r);
+NET_API_STATUS NetShutdownAbort(const char * server_name /* [in] */);
+WERROR NetShutdownAbort_r(struct libnetapi_ctx *ctx,
+ struct NetShutdownAbort *r);
+WERROR NetShutdownAbort_l(struct libnetapi_ctx *ctx,
+ struct NetShutdownAbort *r);
+NET_API_STATUS I_NetLogonControl(const char * server_name /* [in] */,
+ uint32_t function_code /* [in] */,
+ uint32_t query_level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR I_NetLogonControl_r(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl *r);
+WERROR I_NetLogonControl_l(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl *r);
+NET_API_STATUS I_NetLogonControl2(const char * server_name /* [in] */,
+ uint32_t function_code /* [in] */,
+ uint32_t query_level /* [in] */,
+ uint8_t *data /* [in] [unique] */,
+ uint8_t **buffer /* [out] [ref] */);
+WERROR I_NetLogonControl2_r(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl2 *r);
+WERROR I_NetLogonControl2_l(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl2 *r);
+#endif /* __LIBNETAPI_LIBNETAPI__ */
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
new file mode 100644
index 0000000..a63fca4
--- /dev/null
+++ b/source3/lib/netapi/localgroup.c
@@ -0,0 +1,1390 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi LocalGroup Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "rpc_client/rpc_client.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
+#include "rpc_client/cli_lsarpc.h"
+#include "rpc_client/init_lsa.h"
+#include "../libcli/security/security.h"
+
+static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ const char *group_name,
+ uint32_t access_rights,
+ struct policy_handle *alias_handle)
+{
+ NTSTATUS status, result;
+
+ struct lsa_String lsa_account_name;
+ struct samr_Ids user_rids, name_types;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ init_lsa_String(&lsa_account_name, group_name);
+
+ status = dcerpc_samr_LookupNames(b, mem_ctx,
+ domain_handle,
+ 1,
+ &lsa_account_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ return status;
+ }
+ if (user_rids.count != 1) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (name_types.count != 1) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ switch (name_types.ids[0]) {
+ case SID_NAME_ALIAS:
+ case SID_NAME_WKN_GRP:
+ break;
+ default:
+ return NT_STATUS_INVALID_SID;
+ }
+
+ status = dcerpc_samr_OpenAlias(b, mem_ctx,
+ domain_handle,
+ access_rights,
+ user_rids.ids[0],
+ alias_handle,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return result;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnetapi_samr_open_alias_queryinfo(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *handle,
+ uint32_t rid,
+ uint32_t access_rights,
+ enum samr_AliasInfoEnum level,
+ union samr_AliasInfo **alias_info)
+{
+ NTSTATUS status, result;
+ struct policy_handle alias_handle;
+ union samr_AliasInfo *_alias_info = NULL;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ ZERO_STRUCT(alias_handle);
+
+ status = dcerpc_samr_OpenAlias(b, mem_ctx,
+ handle,
+ access_rights,
+ rid,
+ &alias_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryAliasInfo(b, mem_ctx,
+ &alias_handle,
+ level,
+ &_alias_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ goto done;
+ }
+
+ *alias_info = _alias_info;
+
+ done:
+ if (is_valid_policy_hnd(&alias_handle)) {
+ dcerpc_samr_Close(b, mem_ctx, &alias_handle, &result);
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAdd *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct lsa_String lsa_account_name;
+ struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ uint32_t rid;
+ struct dcerpc_binding_handle *b = NULL;
+
+ struct LOCALGROUP_INFO_0 *info0 = NULL;
+ struct LOCALGROUP_INFO_1 *info1 = NULL;
+
+ const char *alias_name = NULL;
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(alias_handle);
+
+ switch (r->in.level) {
+ case 0:
+ info0 = (struct LOCALGROUP_INFO_0 *)r->in.buffer;
+ alias_name = info0->lgrpi0_name;
+ break;
+ case 1:
+ info1 = (struct LOCALGROUP_INFO_1 *)r->in.buffer;
+ alias_name = info1->lgrpi1_name;
+ break;
+ default:
+ werr = WERR_INVALID_LEVEL;
+ goto done;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_LOOKUP_DOMAIN |
+ SAMR_ACCESS_ENUM_DOMAINS,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &builtin_handle,
+ alias_name,
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ &alias_handle);
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ werr = WERR_ALIAS_EXISTS;
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, alias_name);
+
+ status = dcerpc_samr_CreateDomAlias(b, talloc_tos(),
+ &domain_handle,
+ &lsa_account_name,
+ SEC_STD_DELETE |
+ SAMR_ALIAS_ACCESS_SET_INFO,
+ &alias_handle,
+ &rid,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (r->in.level == 1 && info1->lgrpi1_comment) {
+
+ union samr_AliasInfo alias_info;
+
+ init_lsa_String(&alias_info.description, info1->lgrpi1_comment);
+
+ status = dcerpc_samr_SetAliasInfo(b, talloc_tos(),
+ &alias_handle,
+ ALIASINFODESCRIPTION,
+ &alias_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&alias_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupAdd_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAdd *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupAdd);
+}
+
+/****************************************************************
+****************************************************************/
+
+
+WERROR NetLocalGroupDel_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDel *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(alias_handle);
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_LOOKUP_DOMAIN |
+ SAMR_ACCESS_ENUM_DOMAINS,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &builtin_handle,
+ r->in.group_name,
+ SEC_STD_DELETE,
+ &alias_handle);
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ goto delete_alias;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &domain_handle,
+ r->in.group_name,
+ SEC_STD_DELETE,
+ &alias_handle);
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+
+ delete_alias:
+ status = dcerpc_samr_DeleteDomAlias(b, talloc_tos(),
+ &alias_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ ZERO_STRUCT(alias_handle);
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&alias_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupDel_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDel *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupDel);
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR map_alias_info_to_buffer(TALLOC_CTX *mem_ctx,
+ const char *alias_name,
+ struct samr_AliasInfoAll *info,
+ uint32_t level,
+ uint32_t *entries_read,
+ uint8_t **buffer)
+{
+ struct LOCALGROUP_INFO_0 g0;
+ struct LOCALGROUP_INFO_1 g1;
+ struct LOCALGROUP_INFO_1002 g1002;
+
+ switch (level) {
+ case 0:
+ g0.lgrpi0_name = talloc_strdup(mem_ctx, alias_name);
+ W_ERROR_HAVE_NO_MEMORY(g0.lgrpi0_name);
+
+ ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_0, g0,
+ (struct LOCALGROUP_INFO_0 **)buffer, entries_read);
+
+ break;
+ case 1:
+ g1.lgrpi1_name = talloc_strdup(mem_ctx, alias_name);
+ g1.lgrpi1_comment = talloc_strdup(mem_ctx, info->description.string);
+ W_ERROR_HAVE_NO_MEMORY(g1.lgrpi1_name);
+
+ ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_1, g1,
+ (struct LOCALGROUP_INFO_1 **)buffer, entries_read);
+
+ break;
+ case 1002:
+ g1002.lgrpi1002_comment = talloc_strdup(mem_ctx, info->description.string);
+
+ ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_INFO_1002, g1002,
+ (struct LOCALGROUP_INFO_1002 **)buffer, entries_read);
+
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetInfo *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ union samr_AliasInfo *alias_info = NULL;
+ uint32_t entries_read = 0;
+ struct dcerpc_binding_handle *b = NULL;
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ case 1002:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(alias_handle);
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_LOOKUP_DOMAIN |
+ SAMR_ACCESS_ENUM_DOMAINS,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &builtin_handle,
+ r->in.group_name,
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ &alias_handle);
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ goto query_alias;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_CREATE_ALIAS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &domain_handle,
+ r->in.group_name,
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ &alias_handle);
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ query_alias:
+ status = dcerpc_samr_QueryAliasInfo(b, talloc_tos(),
+ &alias_handle,
+ ALIASINFOALL,
+ &alias_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = map_alias_info_to_buffer(ctx,
+ r->in.group_name,
+ &alias_info->all,
+ r->in.level, &entries_read,
+ r->out.buffer);
+
+ done:
+ if (is_valid_policy_hnd(&alias_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupGetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR map_buffer_to_alias_info(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ uint8_t *buffer,
+ enum samr_AliasInfoEnum *alias_level,
+ union samr_AliasInfo **alias_info)
+{
+ struct LOCALGROUP_INFO_0 *info0;
+ struct LOCALGROUP_INFO_1 *info1;
+ struct LOCALGROUP_INFO_1002 *info1002;
+ union samr_AliasInfo *info = NULL;
+
+ info = talloc_zero(mem_ctx, union samr_AliasInfo);
+ W_ERROR_HAVE_NO_MEMORY(info);
+
+ switch (level) {
+ case 0:
+ info0 = (struct LOCALGROUP_INFO_0 *)buffer;
+ init_lsa_String(&info->name, info0->lgrpi0_name);
+ *alias_level = ALIASINFONAME;
+ break;
+ case 1:
+ info1 = (struct LOCALGROUP_INFO_1 *)buffer;
+ /* group name will be ignored */
+ init_lsa_String(&info->description, info1->lgrpi1_comment);
+ *alias_level = ALIASINFODESCRIPTION;
+ break;
+ case 1002:
+ info1002 = (struct LOCALGROUP_INFO_1002 *)buffer;
+ init_lsa_String(&info->description, info1002->lgrpi1002_comment);
+ *alias_level = ALIASINFODESCRIPTION;
+ break;
+ }
+
+ *alias_info = info;
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetInfo *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct lsa_String lsa_account_name;
+ struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ enum samr_AliasInfoEnum alias_level = 0;
+ union samr_AliasInfo *alias_info = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ if (!r->in.group_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ case 1002:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(alias_handle);
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_LOOKUP_DOMAIN |
+ SAMR_ACCESS_ENUM_DOMAINS,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.group_name);
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &builtin_handle,
+ r->in.group_name,
+ SAMR_ALIAS_ACCESS_SET_INFO,
+ &alias_handle);
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ goto set_alias;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &domain_handle,
+ r->in.group_name,
+ SAMR_ALIAS_ACCESS_SET_INFO,
+ &alias_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ }
+
+ set_alias:
+
+ werr = map_buffer_to_alias_info(ctx, r->in.level, r->in.buffer,
+ &alias_level, &alias_info);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_SetAliasInfo(b, talloc_tos(),
+ &alias_handle,
+ alias_level,
+ alias_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&alias_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupEnum *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ uint32_t entries_read = 0;
+ union samr_DomainInfo *domain_info = NULL;
+ union samr_DomainInfo *builtin_info = NULL;
+ struct samr_SamArray *domain_sam_array = NULL;
+ struct samr_SamArray *builtin_sam_array = NULL;
+ int i;
+ struct dcerpc_binding_handle *b = NULL;
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ if (r->out.total_entries) {
+ *r->out.total_entries = 0;
+ }
+ if (r->out.entries_read) {
+ *r->out.entries_read = 0;
+ }
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(alias_handle);
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_LOOKUP_DOMAIN |
+ SAMR_ACCESS_ENUM_DOMAINS,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_LOOKUP_DOMAIN |
+ SAMR_ACCESS_ENUM_DOMAINS,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryDomainInfo(b, talloc_tos(),
+ &builtin_handle,
+ 2,
+ &builtin_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (r->out.total_entries) {
+ *r->out.total_entries += builtin_info->general.num_aliases;
+ }
+
+ status = dcerpc_samr_QueryDomainInfo(b, talloc_tos(),
+ &domain_handle,
+ 2,
+ &domain_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (r->out.total_entries) {
+ *r->out.total_entries += domain_info->general.num_aliases;
+ }
+
+ status = dcerpc_samr_EnumDomainAliases(b, talloc_tos(),
+ &builtin_handle,
+ r->in.resume_handle,
+ &builtin_sam_array,
+ r->in.prefmaxlen,
+ &entries_read,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ for (i=0; i<builtin_sam_array->count; i++) {
+ union samr_AliasInfo *alias_info = NULL;
+
+ if (r->in.level == 1) {
+
+ status = libnetapi_samr_open_alias_queryinfo(ctx, pipe_cli,
+ &builtin_handle,
+ builtin_sam_array->entries[i].idx,
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ ALIASINFOALL,
+ &alias_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ werr = map_alias_info_to_buffer(ctx,
+ builtin_sam_array->entries[i].name.string,
+ alias_info ? &alias_info->all : NULL,
+ r->in.level,
+ r->out.entries_read,
+ r->out.buffer);
+ }
+
+ status = dcerpc_samr_EnumDomainAliases(b, talloc_tos(),
+ &domain_handle,
+ r->in.resume_handle,
+ &domain_sam_array,
+ r->in.prefmaxlen,
+ &entries_read,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ for (i=0; i<domain_sam_array->count; i++) {
+
+ union samr_AliasInfo *alias_info = NULL;
+
+ if (r->in.level == 1) {
+ status = libnetapi_samr_open_alias_queryinfo(ctx, pipe_cli,
+ &domain_handle,
+ domain_sam_array->entries[i].idx,
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ ALIASINFOALL,
+ &alias_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ werr = map_alias_info_to_buffer(ctx,
+ domain_sam_array->entries[i].name.string,
+ alias_info ? &alias_info->all : NULL,
+ r->in.level,
+ r->out.entries_read,
+ r->out.buffer);
+ }
+
+ done:
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupEnum_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupEnum *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupEnum);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *lsa_pipe,
+ const char *name,
+ struct dom_sid *sid)
+{
+ NTSTATUS status, result;
+ struct policy_handle lsa_handle;
+ struct dcerpc_binding_handle *b = lsa_pipe->binding_handle;
+
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransSidArray3 sids;
+ uint32_t count = 0;
+
+ struct lsa_String names;
+ uint32_t num_names = 1;
+ union lsa_revision_info out_revision_info = {
+ .info1 = {
+ .revision = 0,
+ },
+ };
+ uint32_t out_version = 0;
+
+ if (!sid || !name) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ ZERO_STRUCT(sids);
+
+ init_lsa_String(&names, name);
+
+ status = dcerpc_lsa_open_policy_fallback(
+ b,
+ mem_ctx,
+ lsa_pipe->srv_name_slash,
+ false,
+ SEC_STD_READ_CONTROL |
+ LSA_POLICY_VIEW_LOCAL_INFORMATION |
+ LSA_POLICY_LOOKUP_NAMES,
+ &out_version,
+ &out_revision_info,
+ &lsa_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ return status;
+ }
+
+ status = dcerpc_lsa_LookupNames3(b, mem_ctx,
+ &lsa_handle,
+ num_names,
+ &names,
+ &domains,
+ &sids,
+ LSA_LOOKUP_NAMES_ALL, /* sure ? */
+ &count,
+ 0, 0,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ if (count != 1 || sids.count != 1) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ sid_copy(sid, sids.sids[0].sid);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAddMembers *add,
+ struct NetLocalGroupDelMembers *del,
+ struct NetLocalGroupSetMembers *set)
+{
+ struct NetLocalGroupAddMembers *r = NULL;
+
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct rpc_pipe_client *lsa_pipe = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct lsa_String lsa_account_name;
+ struct policy_handle connect_handle, domain_handle, builtin_handle, alias_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ struct dom_sid *member_sids = NULL;
+ int i = 0, k = 0;
+
+ struct LOCALGROUP_MEMBERS_INFO_0 *info0 = NULL;
+ struct LOCALGROUP_MEMBERS_INFO_3 *info3 = NULL;
+
+ struct dom_sid *add_sids = NULL;
+ struct dom_sid *del_sids = NULL;
+ uint32_t num_add_sids = 0;
+ uint32_t num_del_sids = 0;
+ struct dcerpc_binding_handle *b = NULL;
+
+ if ((!add && !del && !set) || (add && del && set)) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (add) {
+ r = add;
+ }
+
+ if (del) {
+ r = (struct NetLocalGroupAddMembers *)del;
+ }
+
+ if (set) {
+ r = (struct NetLocalGroupAddMembers *)set;
+ }
+
+ if (r==NULL || r->in.group_name == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 3:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ if (r->in.total_entries == 0 || !r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(alias_handle);
+
+ member_sids = talloc_zero_array(ctx, struct dom_sid,
+ r->in.total_entries);
+ W_ERROR_HAVE_NO_MEMORY(member_sids);
+
+ switch (r->in.level) {
+ case 0:
+ info0 = (struct LOCALGROUP_MEMBERS_INFO_0 *)r->in.buffer;
+ for (i=0; i < r->in.total_entries; i++) {
+ sid_copy(&member_sids[i], (struct dom_sid *)info0[i].lgrmi0_sid);
+ }
+ break;
+ case 3:
+ info3 = (struct LOCALGROUP_MEMBERS_INFO_3 *)r->in.buffer;
+ break;
+ default:
+ break;
+ }
+
+ if (r->in.level == 3) {
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_lsarpc,
+ &lsa_pipe);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ for (i=0; i < r->in.total_entries; i++) {
+ status = libnetapi_lsa_lookup_names3(ctx, lsa_pipe,
+ info3[i].lgrmi3_domainandname,
+ &member_sids[i]);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+ TALLOC_FREE(lsa_pipe);
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_LOOKUP_DOMAIN |
+ SAMR_ACCESS_ENUM_DOMAINS,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.group_name);
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &builtin_handle,
+ r->in.group_name,
+ SAMR_ALIAS_ACCESS_ADD_MEMBER |
+ SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
+ SAMR_ALIAS_ACCESS_GET_MEMBERS |
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ &alias_handle);
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ goto modify_membership;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_and_open_alias(ctx, pipe_cli,
+ &domain_handle,
+ r->in.group_name,
+ SAMR_ALIAS_ACCESS_ADD_MEMBER |
+ SAMR_ALIAS_ACCESS_REMOVE_MEMBER |
+ SAMR_ALIAS_ACCESS_GET_MEMBERS |
+ SAMR_ALIAS_ACCESS_LOOKUP_INFO,
+ &alias_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ }
+
+ modify_membership:
+
+ if (add) {
+ for (i=0; i < r->in.total_entries; i++) {
+ status = add_sid_to_array_unique(ctx, &member_sids[i],
+ &add_sids,
+ &num_add_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+ }
+
+ if (del) {
+ for (i=0; i < r->in.total_entries; i++) {
+ status = add_sid_to_array_unique(ctx, &member_sids[i],
+ &del_sids,
+ &num_del_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+ }
+
+ if (set) {
+
+ struct lsa_SidArray current_sids;
+
+ status = dcerpc_samr_GetMembersInAlias(b, talloc_tos(),
+ &alias_handle,
+ &current_sids,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ /* add list */
+
+ for (i=0; i < r->in.total_entries; i++) {
+ bool already_member = false;
+ for (k=0; k < current_sids.num_sids; k++) {
+ if (dom_sid_equal(&member_sids[i],
+ current_sids.sids[k].sid)) {
+ already_member = true;
+ break;
+ }
+ }
+ if (!already_member) {
+ status = add_sid_to_array_unique(ctx,
+ &member_sids[i],
+ &add_sids, &num_add_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+ }
+
+ /* del list */
+
+ for (k=0; k < current_sids.num_sids; k++) {
+ bool keep_member = false;
+ for (i=0; i < r->in.total_entries; i++) {
+ if (dom_sid_equal(&member_sids[i],
+ current_sids.sids[k].sid)) {
+ keep_member = true;
+ break;
+ }
+ }
+ if (!keep_member) {
+ status = add_sid_to_array_unique(ctx,
+ current_sids.sids[k].sid,
+ &del_sids, &num_del_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+ }
+ }
+
+ /* add list */
+
+ for (i=0; i < num_add_sids; i++) {
+ status = dcerpc_samr_AddAliasMember(b, talloc_tos(),
+ &alias_handle,
+ &add_sids[i],
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ /* del list */
+
+ for (i=0; i < num_del_sids; i++) {
+ status = dcerpc_samr_DeleteAliasMember(b, talloc_tos(),
+ &alias_handle,
+ &del_sids[i],
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (b && is_valid_policy_hnd(&alias_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &alias_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupAddMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAddMembers *r)
+{
+ return NetLocalGroupModifyMembers_r(ctx, r, NULL, NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupAddMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupAddMembers *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupAddMembers);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupDelMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDelMembers *r)
+{
+ return NetLocalGroupModifyMembers_r(ctx, NULL, r, NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupDelMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupDelMembers *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupDelMembers);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupGetMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetMembers *r)
+{
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupGetMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupGetMembers *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupGetMembers);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupSetMembers_r(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetMembers *r)
+{
+ return NetLocalGroupModifyMembers_r(ctx, NULL, NULL, r);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetLocalGroupSetMembers_l(struct libnetapi_ctx *ctx,
+ struct NetLocalGroupSetMembers *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetLocalGroupSetMembers);
+}
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
new file mode 100644
index 0000000..9c049a8
--- /dev/null
+++ b/source3/lib/netapi/netapi.c
@@ -0,0 +1,523 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "secrets.h"
+#include "krb5_env.h"
+#include "source3/param/loadparm.h"
+#include "lib/param/param.h"
+#include "auth/gensec/gensec.h"
+
+struct libnetapi_ctx *stat_ctx = NULL;
+static bool libnetapi_initialized = false;
+
+/****************************************************************
+****************************************************************/
+
+static NET_API_STATUS libnetapi_init_private_context(struct libnetapi_ctx *ctx)
+{
+ struct libnetapi_private_ctx *priv;
+
+ if (!ctx) {
+ return W_ERROR_V(WERR_INVALID_PARAMETER);
+ }
+
+ priv = talloc_zero(ctx, struct libnetapi_private_ctx);
+ if (!priv) {
+ return W_ERROR_V(WERR_NOT_ENOUGH_MEMORY);
+ }
+
+ ctx->private_data = priv;
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+Create a libnetapi context, for use in non-Samba applications. This
+loads the smb.conf file and sets the debug level to 0, so that
+applications are not flooded with debug logs at level 10, when they
+were not expecting it.
+****************************************************************/
+
+NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context)
+{
+ NET_API_STATUS ret;
+ TALLOC_CTX *frame;
+ struct loadparm_context *lp_ctx = NULL;
+
+ if (stat_ctx && libnetapi_initialized) {
+ *context = stat_ctx;
+ return NET_API_STATUS_SUCCESS;
+ }
+
+#if 0
+ talloc_enable_leak_report();
+#endif
+ frame = talloc_stackframe();
+
+ lp_ctx = loadparm_init_s3(frame, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ TALLOC_FREE(frame);
+ return W_ERROR_V(WERR_NOT_ENOUGH_MEMORY);
+ }
+
+ /* When libnetapi is invoked from an application, it does not
+ * want to be swamped with level 10 debug messages, even if
+ * this has been set for the server in smb.conf */
+ lpcfg_set_cmdline(lp_ctx, "log level", "0");
+ setup_logging("libnetapi", DEBUG_STDERR);
+
+ if (!lp_load_global(get_dyn_CONFIGFILE())) {
+ TALLOC_FREE(frame);
+ fprintf(stderr, "error loading %s\n", get_dyn_CONFIGFILE() );
+ return W_ERROR_V(WERR_GEN_FAILURE);
+ }
+
+ load_interfaces();
+ reopen_logs();
+
+ BlockSignals(True, SIGPIPE);
+
+ ret = libnetapi_net_init(context, lp_ctx, NULL);
+ if (ret == NET_API_STATUS_SUCCESS) {
+ talloc_steal(*context, lp_ctx);
+ }
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/****************************************************************
+Create a libnetapi context, for use inside the 'net' binary.
+
+As we know net has already loaded the smb.conf file, and set the debug
+level etc, this avoids doing so again (which causes trouble with -d on
+the command line).
+****************************************************************/
+
+NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context,
+ struct loadparm_context *lp_ctx,
+ struct cli_credentials *creds)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *ctx = NULL;
+ TALLOC_CTX *frame = NULL;
+
+ if (stat_ctx != NULL && libnetapi_initialized) {
+ *context = stat_ctx;
+ return NET_API_STATUS_SUCCESS;
+ }
+
+ frame = talloc_stackframe();
+ ctx = talloc_zero(frame, struct libnetapi_ctx);
+ if (!ctx) {
+ TALLOC_FREE(frame);
+ return W_ERROR_V(WERR_NOT_ENOUGH_MEMORY);
+ }
+
+ ctx->lp_ctx = lp_ctx;
+
+ ctx->creds = creds;
+ if (ctx->creds == NULL) {
+ ctx->creds = cli_credentials_init(ctx);
+ if (ctx->creds == NULL) {
+ TALLOC_FREE(frame);
+ return W_ERROR_V(WERR_NOT_ENOUGH_MEMORY);
+ }
+ /* Ignore return code, as we might not have a smb.conf */
+ (void)cli_credentials_guess(ctx->creds, lp_ctx);
+ }
+
+ BlockSignals(True, SIGPIPE);
+
+ status = libnetapi_init_private_context(ctx);
+ if (status != 0) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ libnetapi_initialized = true;
+
+ talloc_steal(NULL, ctx);
+ *context = stat_ctx = ctx;
+
+ TALLOC_FREE(frame);
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+ Return the static libnetapi context
+****************************************************************/
+
+NET_API_STATUS libnetapi_getctx(struct libnetapi_ctx **ctx)
+{
+ if (stat_ctx) {
+ *ctx = stat_ctx;
+ return NET_API_STATUS_SUCCESS;
+ }
+
+ return libnetapi_init(ctx);
+}
+
+/****************************************************************
+ Free the static libnetapi context
+****************************************************************/
+
+NET_API_STATUS libnetapi_free(struct libnetapi_ctx *ctx)
+{
+ TALLOC_CTX *frame;
+
+ if (!ctx) {
+ return NET_API_STATUS_SUCCESS;
+ }
+
+ frame = talloc_stackframe();
+ libnetapi_samr_free(ctx);
+
+ libnetapi_shutdown_cm(ctx);
+
+ gfree_loadparm();
+ gfree_charcnv();
+ gfree_interfaces();
+
+ secrets_shutdown();
+
+ netlogon_creds_cli_close_global_db();
+
+ if (ctx == stat_ctx) {
+ stat_ctx = NULL;
+ }
+ TALLOC_FREE(ctx);
+
+ gfree_debugsyms();
+ talloc_free(frame);
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+ Override the current log level for libnetapi
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_debuglevel(struct libnetapi_ctx *ctx,
+ const char *debuglevel)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ ctx->debuglevel = talloc_strdup(ctx, debuglevel);
+
+ if (!lpcfg_set_cmdline(ctx->lp_ctx, "log level", debuglevel)) {
+ TALLOC_FREE(frame);
+ return W_ERROR_V(WERR_GEN_FAILURE);
+ }
+ TALLOC_FREE(frame);
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_logfile(struct libnetapi_ctx *ctx,
+ const char *logfile)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ ctx->logfile = talloc_strdup(ctx, logfile);
+
+ if (!lpcfg_set_cmdline(ctx->lp_ctx, "log file", logfile)) {
+ TALLOC_FREE(frame);
+ return W_ERROR_V(WERR_GEN_FAILURE);
+ }
+ debug_set_logfile(logfile);
+ setup_logging("libnetapi", DEBUG_FILE);
+ TALLOC_FREE(frame);
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_get_debuglevel(struct libnetapi_ctx *ctx,
+ char **debuglevel)
+{
+ *debuglevel = ctx->debuglevel;
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+/**
+ * @brief Get the username of the libnet context
+ *
+ * @param[in] ctx The netapi context
+ *
+ * @param[in] username A pointer to hold the username.
+ *
+ * @return 0 on success, an werror code otherwise.
+ */
+NET_API_STATUS libnetapi_get_username(struct libnetapi_ctx *ctx,
+ const char **username)
+{
+ if (ctx == NULL) {
+ return W_ERROR_V(WERR_INVALID_PARAMETER);
+ }
+
+ if (username != NULL) {
+ *username = cli_credentials_get_username(ctx->creds);
+ }
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/**
+ * @brief Get the password of the libnet context
+ *
+ * @param[in] ctx The netapi context
+ *
+ * @param[in] password A pointer to hold the password.
+ *
+ * @return 0 on success, an werror code otherwise.
+ */
+NET_API_STATUS libnetapi_get_password(struct libnetapi_ctx *ctx,
+ const char **password)
+{
+ if (ctx == NULL) {
+ return W_ERROR_V(WERR_INVALID_PARAMETER);
+ }
+
+ if (password != NULL) {
+ *password = cli_credentials_get_password(ctx->creds);
+ }
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+NET_API_STATUS libnetapi_set_username(struct libnetapi_ctx *ctx,
+ const char *username)
+{
+ if (ctx == NULL || username == NULL) {
+ return W_ERROR_V(WERR_INVALID_PARAMETER);
+ }
+
+ cli_credentials_parse_string(ctx->creds, username, CRED_SPECIFIED);
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+NET_API_STATUS libnetapi_set_password(struct libnetapi_ctx *ctx,
+ const char *password)
+{
+ bool ok;
+
+ if (ctx == NULL || password == NULL) {
+ return W_ERROR_V(WERR_INVALID_PARAMETER);
+ }
+
+ ok = cli_credentials_set_password(ctx->creds, password, CRED_SPECIFIED);
+ if (!ok) {
+ return W_ERROR_V(WERR_INTERNAL_ERROR);
+ }
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+NET_API_STATUS libnetapi_set_workgroup(struct libnetapi_ctx *ctx,
+ const char *workgroup)
+{
+ bool ok;
+
+ ok = cli_credentials_set_domain(ctx->creds, workgroup, CRED_SPECIFIED);
+ if (!ok) {
+ return W_ERROR_V(WERR_INTERNAL_ERROR);
+ }
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/**
+ * @brief Set the cli_credentials to be used in the netapi context
+ *
+ * @param[in] ctx The netapi context
+ *
+ * @param[in] creds The cli_credentials which should be used by netapi.
+ *
+ * @return 0 on success, an werror code otherwise.
+ */
+NET_API_STATUS libnetapi_set_creds(struct libnetapi_ctx *ctx,
+ struct cli_credentials *creds)
+{
+ if (ctx == NULL || creds == NULL) {
+ return W_ERROR_V(WERR_INVALID_PARAMETER);
+ }
+
+ ctx->creds = creds;
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx)
+{
+ cli_credentials_set_kerberos_state(ctx->creds,
+ CRED_USE_KERBEROS_REQUIRED,
+ CRED_SPECIFIED);
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_get_use_kerberos(struct libnetapi_ctx *ctx,
+ int *use_kerberos)
+{
+ enum credentials_use_kerberos creds_use_kerberos;
+
+ *use_kerberos = 0;
+
+ creds_use_kerberos = cli_credentials_get_kerberos_state(ctx->creds);
+ if (creds_use_kerberos > CRED_USE_KERBEROS_DESIRED) {
+ *use_kerberos = 1;
+ }
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx)
+{
+ uint32_t gensec_features;
+
+ gensec_features = cli_credentials_get_gensec_features(ctx->creds);
+ gensec_features |= GENSEC_FEATURE_NTLM_CCACHE;
+ cli_credentials_set_gensec_features(ctx->creds,
+ gensec_features,
+ CRED_SPECIFIED);
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+Return a libnetapi error as a string, caller must free with NetApiBufferFree
+****************************************************************/
+
+char *libnetapi_errstr(NET_API_STATUS status)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ char *ret;
+ if (status & 0xc0000000) {
+ ret = talloc_strdup(NULL,
+ get_friendly_nt_error_msg(NT_STATUS(status)));
+ } else {
+ ret = talloc_strdup(NULL,
+ get_friendly_werror_msg(W_ERROR(status)));
+ }
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_error_string(struct libnetapi_ctx *ctx,
+ const char *format, ...)
+{
+ va_list args;
+
+ TALLOC_FREE(ctx->error_string);
+
+ va_start(args, format);
+ ctx->error_string = talloc_vasprintf(ctx, format, args);
+ va_end(args);
+
+ if (!ctx->error_string) {
+ return W_ERROR_V(WERR_NOT_ENOUGH_MEMORY);
+ }
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+Return a libnetapi_errstr(), caller must free with NetApiBufferFree
+****************************************************************/
+
+char *libnetapi_get_error_string(struct libnetapi_ctx *ctx,
+ NET_API_STATUS status_in)
+{
+ NET_API_STATUS status;
+ struct libnetapi_ctx *tmp_ctx = ctx;
+
+ if (!tmp_ctx) {
+ status = libnetapi_getctx(&tmp_ctx);
+ if (status != 0) {
+ return NULL;
+ }
+ }
+
+ if (tmp_ctx->error_string) {
+ return talloc_strdup(NULL, tmp_ctx->error_string);
+ }
+
+ return libnetapi_errstr(status_in);
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS NetApiBufferAllocate(uint32_t byte_count,
+ void **buffer)
+{
+ void *buf = NULL;
+
+ if (!buffer) {
+ return W_ERROR_V(WERR_INSUFFICIENT_BUFFER);
+ }
+
+ if (byte_count == 0) {
+ goto done;
+ }
+
+ buf = talloc_size(NULL, byte_count);
+ if (!buf) {
+ return W_ERROR_V(WERR_NOT_ENOUGH_MEMORY);
+ }
+
+ done:
+ *buffer = buf;
+
+ return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS NetApiBufferFree(void *buffer)
+{
+ if (!buffer) {
+ return W_ERROR_V(WERR_INSUFFICIENT_BUFFER);
+ }
+
+ talloc_free(buffer);
+
+ return NET_API_STATUS_SUCCESS;
+}
diff --git a/source3/lib/netapi/netapi.h b/source3/lib/netapi/netapi.h
new file mode 100644
index 0000000..660a776
--- /dev/null
+++ b/source3/lib/netapi/netapi.h
@@ -0,0 +1,2778 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Guenther Deschner 2007-2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_NETAPI_H__
+#define __LIB_NETAPI_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+struct cli_credentials;
+
+/****************************************************************
+ NET_API_STATUS
+****************************************************************/
+typedef enum {
+ NET_API_STATUS_SUCCESS = 0
+} NET_API_STATUS;
+
+#define ERROR_MORE_DATA ( 234L )
+
+#define ENCRYPTED_PWLEN ( 16 )
+
+/****************************************************************
+****************************************************************/
+
+#ifndef _HEADER_misc
+
+struct GUID {
+ uint32_t time_low;
+ uint16_t time_mid;
+ uint16_t time_hi_and_version;
+ uint8_t clock_seq[2];
+ uint8_t node[6];
+};
+
+#endif /* _HEADER_misc */
+
+#ifndef _HEADER_libnetapi
+
+#ifndef MAXSUBAUTHS
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
+struct domsid {
+ uint8_t sid_rev_num;
+ uint8_t num_auths;
+ uint8_t id_auth[6];
+ uint32_t sub_auths[MAXSUBAUTHS];
+};
+
+struct DOMAIN_CONTROLLER_INFO {
+ const char * domain_controller_name;
+ const char * domain_controller_address;
+ uint32_t domain_controller_address_type;
+ struct GUID domain_guid;
+ const char * domain_name;
+ const char * dns_forest_name;
+ uint32_t flags;
+ const char * dc_site_name;
+ const char * client_site_name;
+};
+
+/* bitmap NetJoinFlags */
+#define NETSETUP_JOIN_DOMAIN ( 0x00000001 )
+#define NETSETUP_ACCT_CREATE ( 0x00000002 )
+#define NETSETUP_ACCT_DELETE ( 0x00000004 )
+#define NETSETUP_WIN9X_UPGRADE ( 0x00000010 )
+#define NETSETUP_DOMAIN_JOIN_IF_JOINED ( 0x00000020 )
+#define NETSETUP_JOIN_UNSECURE ( 0x00000040 )
+#define NETSETUP_MACHINE_PWD_PASSED ( 0x00000080 )
+#define NETSETUP_DEFER_SPN_SET ( 0x00000100 )
+#define NETSETUP_JOIN_DC_ACCOUNT ( 0x00000200 )
+#define NETSETUP_JOIN_WITH_NEW_NAME ( 0x00000400 )
+#define NETSETUP_JOIN_READONLY ( 0x00000800 )
+#define NETSETUP_AMBIGUOUS_DC ( 0x00001000 )
+#define NETSETUP_NO_NETLOGON_CACHE ( 0x00002000 )
+#define NETSETUP_DONT_CONTROL_SERVICES ( 0x00004000 )
+#define NETSETUP_SET_MACHINE_NAME ( 0x00008000 )
+#define NETSETUP_FORCE_SPN_SET ( 0x00010000 )
+#define NETSETUP_NO_ACCT_REUSE ( 0x00020000 )
+#define NETSETUP_INSTALL_INVOCATION ( 0x00040000 )
+#define NETSETUP_IGNORE_UNSUPPORTED_FLAGS ( 0x10000000 )
+
+/* bitmap NetProvisionFlags */
+#define NETSETUP_PROVISION_DOWNLEVEL_PRIV_SUPPORT ( 0x00000001 )
+#define NETSETUP_PROVISION_REUSE_ACCOUNT ( 0x00000002 )
+#define NETSETUP_PROVISION_USE_DEFAULT_PASSWORD ( 0x00000004 )
+#define NETSETUP_PROVISION_SKIP_ACCOUNT_SEARCH ( 0x00000008 )
+#define NETSETUP_PROVISION_ROOT_CA_CERTS ( 0x00000010 )
+
+/* bitmap NetProvisionJoinFlags */
+#define NETSETUP_PROVISION_ONLINE_CALLER ( 0x40000000 )
+
+#define FILTER_TEMP_DUPLICATE_ACCOUNT ( 0x0001 )
+#define FILTER_NORMAL_ACCOUNT ( 0x0002 )
+#define FILTER_INTERDOMAIN_TRUST_ACCOUNT ( 0x0008 )
+#define FILTER_WORKSTATION_TRUST_ACCOUNT ( 0x0010 )
+#define FILTER_SERVER_TRUST_ACCOUNT ( 0x0020 )
+
+#define TIMEQ_FOREVER ( (uint32_t)-1L )
+
+enum NETSETUP_JOIN_STATUS {
+ NetSetupUnknownStatus=0,
+ NetSetupUnjoined=1,
+ NetSetupWorkgroupName=2,
+ NetSetupDomainName=3
+};
+
+struct SERVER_INFO_100 {
+ uint32_t sv100_platform_id;
+ const char * sv100_name;
+};
+
+struct SERVER_INFO_101 {
+ uint32_t sv101_platform_id;
+ const char * sv101_name;
+ uint32_t sv101_version_major;
+ uint32_t sv101_version_minor;
+ uint32_t sv101_type;
+ const char * sv101_comment;
+};
+
+struct SERVER_INFO_102 {
+ uint32_t sv102_platform_id;
+ const char * sv102_name;
+ uint32_t sv102_version_major;
+ uint32_t sv102_version_minor;
+ uint32_t sv102_type;
+ const char * sv102_comment;
+ uint32_t sv102_users;
+ uint32_t sv102_disc;
+ uint8_t sv102_hidden;
+ uint32_t sv102_announce;
+ uint32_t sv102_anndelta;
+ uint32_t sv102_licenses;
+ const char * sv102_userpath;
+};
+
+struct SERVER_INFO_402 {
+ uint32_t sv402_ulist_mtime;
+ uint32_t sv402_glist_mtime;
+ uint32_t sv402_alist_mtime;
+ const char * sv402_alerts;
+ uint32_t sv402_security;
+ uint32_t sv402_numadmin;
+ uint32_t sv402_lanmask;
+ const char * sv402_guestacct;
+ uint32_t sv402_chdevs;
+ uint32_t sv402_chdevq;
+ uint32_t sv402_chdevjobs;
+ uint32_t sv402_connections;
+ uint32_t sv402_shares;
+ uint32_t sv402_openfiles;
+ uint32_t sv402_sessopens;
+ uint32_t sv402_sessvcs;
+ uint32_t sv402_sessreqs;
+ uint32_t sv402_opensearch;
+ uint32_t sv402_activelocks;
+ uint32_t sv402_numreqbuf;
+ uint32_t sv402_sizreqbuf;
+ uint32_t sv402_numbigbuf;
+ uint32_t sv402_numfiletasks;
+ uint32_t sv402_alertsched;
+ uint32_t sv402_erroralert;
+ uint32_t sv402_logonalert;
+ uint32_t sv402_accessalert;
+ uint32_t sv402_diskalert;
+ uint32_t sv402_netioalert;
+ uint32_t sv402_maxauditsz;
+ const char * sv402_srvheuristics;
+};
+
+struct SERVER_INFO_403 {
+ uint32_t sv403_ulist_mtime;
+ uint32_t sv403_glist_mtime;
+ uint32_t sv403_alist_mtime;
+ const char * sv403_alerts;
+ uint32_t sv403_security;
+ uint32_t sv403_numadmin;
+ uint32_t sv403_lanmask;
+ const char * sv403_guestacct;
+ uint32_t sv403_chdevs;
+ uint32_t sv403_chdevq;
+ uint32_t sv403_chdevjobs;
+ uint32_t sv403_connections;
+ uint32_t sv403_shares;
+ uint32_t sv403_openfiles;
+ uint32_t sv403_sessopens;
+ uint32_t sv403_sessvcs;
+ uint32_t sv403_sessreqs;
+ uint32_t sv403_opensearch;
+ uint32_t sv403_activelocks;
+ uint32_t sv403_numreqbuf;
+ uint32_t sv403_sizreqbuf;
+ uint32_t sv403_numbigbuf;
+ uint32_t sv403_numfiletasks;
+ uint32_t sv403_alertsched;
+ uint32_t sv403_erroralert;
+ uint32_t sv403_logonalert;
+ uint32_t sv403_accessalert;
+ uint32_t sv403_diskalert;
+ uint32_t sv403_netioalert;
+ uint32_t sv403_maxauditsz;
+ const char * sv403_srvheuristics;
+ uint32_t sv403_auditedevents;
+ uint32_t sv403_autoprofile;
+ const char * sv403_autopath;
+};
+
+struct SERVER_INFO_502 {
+ uint32_t sv502_sessopens;
+ uint32_t sv502_sessvcs;
+ uint32_t sv502_opensearch;
+ uint32_t sv502_sizreqbuf;
+ uint32_t sv502_initworkitems;
+ uint32_t sv502_maxworkitems;
+ uint32_t sv502_rawworkitems;
+ uint32_t sv502_irpstacksize;
+ uint32_t sv502_maxrawbuflen;
+ uint32_t sv502_sessusers;
+ uint32_t sv502_sessconns;
+ uint32_t sv502_maxpagedmemoryusage;
+ uint32_t sv502_maxnonpagedmemoryusage;
+ uint8_t sv502_enablesoftcompat;
+ uint8_t sv502_enableforcedlogoff;
+ uint8_t sv502_timesource;
+ uint8_t sv502_acceptdownlevelapis;
+ uint8_t sv502_lmannounce;
+};
+
+struct SERVER_INFO_503 {
+ uint32_t sv503_sessopens;
+ uint32_t sv503_sessvcs;
+ uint32_t sv503_opensearch;
+ uint32_t sv503_sizreqbuf;
+ uint32_t sv503_initworkitems;
+ uint32_t sv503_maxworkitems;
+ uint32_t sv503_rawworkitems;
+ uint32_t sv503_irpstacksize;
+ uint32_t sv503_maxrawbuflen;
+ uint32_t sv503_sessusers;
+ uint32_t sv503_sessconns;
+ uint32_t sv503_maxpagedmemoryusage;
+ uint32_t sv503_maxnonpagedmemoryusage;
+ uint8_t sv503_enablesoftcompat;
+ uint8_t sv503_enableforcedlogoff;
+ uint8_t sv503_timesource;
+ uint8_t sv503_acceptdownlevelapis;
+ uint8_t sv503_lmannounce;
+ const char * sv503_domain;
+ uint32_t sv503_maxcopyreadlen;
+ uint32_t sv503_maxcopywritelen;
+ uint32_t sv503_minkeepsearch;
+ uint32_t sv503_maxkeepsearch;
+ uint32_t sv503_minkeepcomplsearch;
+ uint32_t sv503_maxkeepcomplsearch;
+ uint32_t sv503_threadcountadd;
+ uint32_t sv503_numblockthreads;
+ uint32_t sv503_scavtimeout;
+ uint32_t sv503_minrcvqueue;
+ uint32_t sv503_minfreeworkitems;
+ uint32_t sv503_xactmemsize;
+ uint32_t sv503_threadpriority;
+ uint32_t sv503_maxmpxct;
+ uint32_t sv503_oplockbreakwait;
+ uint32_t sv503_oplockbreakresponsewait;
+ uint8_t sv503_enableoplocks;
+ uint8_t sv503_enableoplockforceclose;
+ uint8_t sv503_enablefcbopens;
+ uint8_t sv503_enableraw;
+ uint8_t sv503_enablesharednetdrives;
+ uint32_t sv503_minfreeconnections;
+ uint32_t sv503_maxfreeconnections;
+};
+
+struct SERVER_INFO_599 {
+ uint32_t sv599_sessopens;
+ uint32_t sv599_sessvcs;
+ uint32_t sv599_opensearch;
+ uint32_t sv599_sizreqbuf;
+ uint32_t sv599_initworkitems;
+ uint32_t sv599_maxworkitems;
+ uint32_t sv599_rawworkitems;
+ uint32_t sv599_irpstacksize;
+ uint32_t sv599_maxrawbuflen;
+ uint32_t sv599_sessusers;
+ uint32_t sv599_sessconns;
+ uint32_t sv599_maxpagedmemoryusage;
+ uint32_t sv599_maxnonpagedmemoryusage;
+ uint8_t sv599_enablesoftcompat;
+ uint8_t sv599_enableforcedlogoff;
+ uint8_t sv599_timesource;
+ uint8_t sv599_acceptdownlevelapis;
+ uint8_t sv599_lmannounce;
+ const char * sv599_domain;
+ uint32_t sv599_maxcopyreadlen;
+ uint32_t sv599_maxcopywritelen;
+ uint32_t sv599_minkeepsearch;
+ uint32_t sv599_maxkeepsearch;
+ uint32_t sv599_minkeepcomplsearch;
+ uint32_t sv599_maxkeepcomplsearch;
+ uint32_t sv599_threadcountadd;
+ uint32_t sv599_numblockthreads;
+ uint32_t sv599_scavtimeout;
+ uint32_t sv599_minrcvqueue;
+ uint32_t sv599_minfreeworkitems;
+ uint32_t sv599_xactmemsize;
+ uint32_t sv599_threadpriority;
+ uint32_t sv599_maxmpxct;
+ uint32_t sv599_oplockbreakwait;
+ uint32_t sv599_oplockbreakresponsewait;
+ uint8_t sv599_enableoplocks;
+ uint8_t sv599_enableoplockforceclose;
+ uint8_t sv599_enablefcbopens;
+ uint8_t sv599_enableraw;
+ uint8_t sv599_enablesharednetdrives;
+ uint32_t sv599_minfreeconnections;
+ uint32_t sv599_maxfreeconnections;
+ uint32_t sv599_initsesstable;
+ uint32_t sv599_initconntable;
+ uint32_t sv599_initfiletable;
+ uint32_t sv599_initsearchtable;
+ uint32_t sv599_alertschedule;
+ uint32_t sv599_errorthreshold;
+ uint32_t sv599_networkerrorthreshold;
+ uint32_t sv599_diskspacethreshold;
+ uint32_t sv599_reserved;
+ uint32_t sv599_maxlinkdelay;
+ uint32_t sv599_minlinkthroughput;
+ uint32_t sv599_linkinfovalidtime;
+ uint32_t sv599_scavqosinfoupdatetime;
+ uint32_t sv599_maxworkitemidletime;
+};
+
+struct SERVER_INFO_598 {
+ uint32_t sv598_maxrawworkitems;
+ uint32_t sv598_maxthreadsperqueue;
+ uint32_t sv598_producttype;
+ uint32_t sv598_serversize;
+ uint32_t sv598_connectionlessautodisc;
+ uint32_t sv598_sharingviolationretries;
+ uint32_t sv598_sharingviolationdelay;
+ uint32_t sv598_maxglobalopensearch;
+ uint32_t sv598_removeduplicatesearches;
+ uint32_t sv598_lockviolationoffset;
+ uint32_t sv598_lockviolationdelay;
+ uint32_t sv598_mdlreadswitchover;
+ uint32_t sv598_cachedopenlimit;
+ uint32_t sv598_otherqueueaffinity;
+ uint8_t sv598_restrictnullsessaccess;
+ uint8_t sv598_enablewfw311directipx;
+ uint32_t sv598_queuesamplesecs;
+ uint32_t sv598_balancecount;
+ uint32_t sv598_preferredaffinity;
+ uint32_t sv598_maxfreerfcbs;
+ uint32_t sv598_maxfreemfcbs;
+ uint32_t sv598_maxfreelfcbs;
+ uint32_t sv598_maxfreepagedpoolchunks;
+ uint32_t sv598_minpagedpoolchunksize;
+ uint32_t sv598_maxpagedpoolchunksize;
+ uint8_t sv598_sendsfrompreferredprocessor;
+ uint32_t sv598_cacheddirectorylimit;
+ uint32_t sv598_maxcopylength;
+ uint8_t sv598_enablecompression;
+ uint8_t sv598_autosharewks;
+ uint8_t sv598_autoshareserver;
+ uint8_t sv598_enablesecuritysignature;
+ uint8_t sv598_requiresecuritysignature;
+ uint32_t sv598_minclientbuffersize;
+ struct GUID sv598_serverguid;
+ uint32_t sv598_ConnectionNoSessionsTimeout;
+ uint32_t sv598_IdleThreadTimeOut;
+ uint8_t sv598_enableW9xsecuritysignature;
+ uint8_t sv598_enforcekerberosreauthentication;
+ uint8_t sv598_disabledos;
+ uint32_t sv598_lowdiskspaceminimum;
+ uint8_t sv598_disablestrictnamechecking;
+};
+
+struct SERVER_INFO_1005 {
+ const char * sv1005_comment;
+};
+
+struct SERVER_INFO_1107 {
+ uint32_t sv1107_users;
+};
+
+struct SERVER_INFO_1010 {
+ int32_t sv1010_disc;
+};
+
+struct SERVER_INFO_1016 {
+ uint8_t sv1016_hidden;
+};
+
+struct SERVER_INFO_1017 {
+ uint32_t sv1017_announce;
+};
+
+struct SERVER_INFO_1018 {
+ uint32_t sv1018_anndelta;
+};
+
+struct SERVER_INFO_1501 {
+ uint32_t sv1501_sessopens;
+};
+
+struct SERVER_INFO_1502 {
+ uint32_t sv1502_sessvcs;
+};
+
+struct SERVER_INFO_1503 {
+ uint32_t sv1503_opensearch;
+};
+
+struct SERVER_INFO_1506 {
+ uint32_t sv1506_maxworkitems;
+};
+
+struct SERVER_INFO_1509 {
+ uint32_t sv1509_maxrawbuflen;
+};
+
+struct SERVER_INFO_1510 {
+ uint32_t sv1510_sessusers;
+};
+
+struct SERVER_INFO_1511 {
+ uint32_t sv1511_sessconns;
+};
+
+struct SERVER_INFO_1512 {
+ uint32_t sv1512_maxnonpagedmemoryusage;
+};
+
+struct SERVER_INFO_1513 {
+ uint32_t sv1513_maxpagedmemoryusage;
+};
+
+struct SERVER_INFO_1514 {
+ uint8_t sv1514_enablesoftcompat;
+};
+
+struct SERVER_INFO_1515 {
+ uint8_t sv1515_enableforcedlogoff;
+};
+
+struct SERVER_INFO_1516 {
+ uint8_t sv1516_timesource;
+};
+
+struct SERVER_INFO_1518 {
+ uint8_t sv1518_lmannounce;
+};
+
+struct SERVER_INFO_1520 {
+ uint32_t sv1520_maxcopyreadlen;
+};
+
+struct SERVER_INFO_1521 {
+ uint32_t sv1521_maxcopywritelen;
+};
+
+struct SERVER_INFO_1522 {
+ uint32_t sv1522_minkeepsearch;
+};
+
+struct SERVER_INFO_1523 {
+ uint32_t sv1523_maxkeepsearch;
+};
+
+struct SERVER_INFO_1524 {
+ uint32_t sv1524_minkeepcomplsearch;
+};
+
+struct SERVER_INFO_1525 {
+ uint32_t sv1525_maxkeepcomplsearch;
+};
+
+struct SERVER_INFO_1528 {
+ uint32_t sv1528_scavtimeout;
+};
+
+struct SERVER_INFO_1529 {
+ uint32_t sv1529_minrcvqueue;
+};
+
+struct SERVER_INFO_1530 {
+ uint32_t sv1530_minfreeworkitems;
+};
+
+struct SERVER_INFO_1533 {
+ uint32_t sv1533_maxmpxct;
+};
+
+struct SERVER_INFO_1534 {
+ uint32_t sv1534_oplockbreakwait;
+};
+
+struct SERVER_INFO_1535 {
+ uint32_t sv1535_oplockbreakresponsewait;
+};
+
+struct SERVER_INFO_1536 {
+ uint8_t sv1536_enableoplocks;
+};
+
+struct SERVER_INFO_1537 {
+ uint8_t sv1537_enableoplockforceclose;
+};
+
+struct SERVER_INFO_1538 {
+ uint8_t sv1538_enablefcbopens;
+};
+
+struct SERVER_INFO_1539 {
+ uint8_t sv1539_enableraw;
+};
+
+struct SERVER_INFO_1540 {
+ uint8_t sv1540_enablesharednetdrives;
+};
+
+struct SERVER_INFO_1541 {
+ uint8_t sv1541_minfreeconnections;
+};
+
+struct SERVER_INFO_1542 {
+ uint8_t sv1542_maxfreeconnections;
+};
+
+struct SERVER_INFO_1543 {
+ uint32_t sv1543_initsesstable;
+};
+
+struct SERVER_INFO_1544 {
+ uint32_t sv1544_initconntable;
+};
+
+struct SERVER_INFO_1545 {
+ uint32_t sv1545_initfiletable;
+};
+
+struct SERVER_INFO_1546 {
+ uint32_t sv1546_initsearchtable;
+};
+
+struct SERVER_INFO_1547 {
+ uint32_t sv1547_alertschedule;
+};
+
+struct SERVER_INFO_1548 {
+ uint32_t sv1548_errorthreshold;
+};
+
+struct SERVER_INFO_1549 {
+ uint32_t sv1549_networkerrorthreshold;
+};
+
+struct SERVER_INFO_1550 {
+ uint32_t sv1550_diskspacethreshold;
+};
+
+struct SERVER_INFO_1552 {
+ uint32_t sv1552_maxlinkdelay;
+};
+
+struct SERVER_INFO_1553 {
+ uint32_t sv1553_minlinkthroughput;
+};
+
+struct SERVER_INFO_1554 {
+ uint32_t sv1554_linkinfovalidtime;
+};
+
+struct SERVER_INFO_1555 {
+ uint32_t sv1555_scavqosinfoupdatetime;
+};
+
+struct SERVER_INFO_1556 {
+ uint32_t sv1556_maxworkitemidletime;
+};
+
+struct SERVER_INFO_1557 {
+ uint32_t sv1557_maxrawworkitems;
+};
+
+struct SERVER_INFO_1560 {
+ uint32_t sv1560_producttype;
+};
+
+struct SERVER_INFO_1561 {
+ uint32_t sv1561_serversize;
+};
+
+struct SERVER_INFO_1562 {
+ uint32_t sv1562_connectionlessautodisc;
+};
+
+struct SERVER_INFO_1563 {
+ uint32_t sv1563_sharingviolationretries;
+};
+
+struct SERVER_INFO_1564 {
+ uint32_t sv1564_sharingviolationdelay;
+};
+
+struct SERVER_INFO_1565 {
+ uint32_t sv1565_maxglobalopensearch;
+};
+
+struct SERVER_INFO_1566 {
+ uint8_t sv1566_removeduplicatesearches;
+};
+
+struct SERVER_INFO_1567 {
+ uint32_t sv1567_lockviolationretries;
+};
+
+struct SERVER_INFO_1568 {
+ uint32_t sv1568_lockviolationoffset;
+};
+
+struct SERVER_INFO_1569 {
+ uint32_t sv1569_lockviolationdelay;
+};
+
+struct SERVER_INFO_1570 {
+ uint32_t sv1570_mdlreadswitchover;
+};
+
+struct SERVER_INFO_1571 {
+ uint32_t sv1571_cachedopenlimit;
+};
+
+struct SERVER_INFO_1572 {
+ uint32_t sv1572_criticalthreads;
+};
+
+struct SERVER_INFO_1573 {
+ uint32_t sv1573_restrictnullsessaccess;
+};
+
+struct SERVER_INFO_1574 {
+ uint32_t sv1574_enablewfw311directipx;
+};
+
+struct SERVER_INFO_1575 {
+ uint32_t sv1575_otherqueueaffinity;
+};
+
+struct SERVER_INFO_1576 {
+ uint32_t sv1576_queuesamplesecs;
+};
+
+struct SERVER_INFO_1577 {
+ uint32_t sv1577_balancecount;
+};
+
+struct SERVER_INFO_1578 {
+ uint32_t sv1578_preferredaffinity;
+};
+
+struct SERVER_INFO_1579 {
+ uint32_t sv1579_maxfreerfcbs;
+};
+
+struct SERVER_INFO_1580 {
+ uint32_t sv1580_maxfreemfcbs;
+};
+
+struct SERVER_INFO_1581 {
+ uint32_t sv1581_maxfreemlcbs;
+};
+
+struct SERVER_INFO_1582 {
+ uint32_t sv1582_maxfreepagedpoolchunks;
+};
+
+struct SERVER_INFO_1583 {
+ uint32_t sv1583_minpagedpoolchunksize;
+};
+
+struct SERVER_INFO_1584 {
+ uint32_t sv1584_maxpagedpoolchunksize;
+};
+
+struct SERVER_INFO_1585 {
+ uint8_t sv1585_sendsfrompreferredprocessor;
+};
+
+struct SERVER_INFO_1586 {
+ uint32_t sv1586_maxthreadsperqueue;
+};
+
+struct SERVER_INFO_1587 {
+ uint32_t sv1587_cacheddirectorylimit;
+};
+
+struct SERVER_INFO_1588 {
+ uint32_t sv1588_maxcopylength;
+};
+
+struct SERVER_INFO_1590 {
+ uint32_t sv1590_enablecompression;
+};
+
+struct SERVER_INFO_1591 {
+ uint32_t sv1591_autosharewks;
+};
+
+struct SERVER_INFO_1592 {
+ uint32_t sv1592_autosharewks;
+};
+
+struct SERVER_INFO_1593 {
+ uint32_t sv1593_enablesecuritysignature;
+};
+
+struct SERVER_INFO_1594 {
+ uint32_t sv1594_requiresecuritysignature;
+};
+
+struct SERVER_INFO_1595 {
+ uint32_t sv1595_minclientbuffersize;
+};
+
+struct SERVER_INFO_1596 {
+ uint32_t sv1596_ConnectionNoSessionsTimeout;
+};
+
+struct SERVER_INFO_1597 {
+ uint32_t sv1597_IdleThreadTimeOut;
+};
+
+struct SERVER_INFO_1598 {
+ uint32_t sv1598_enableW9xsecuritysignature;
+};
+
+struct SERVER_INFO_1599 {
+ uint8_t sv1598_enforcekerberosreauthentication;
+};
+
+struct SERVER_INFO_1600 {
+ uint8_t sv1598_disabledos;
+};
+
+struct SERVER_INFO_1601 {
+ uint32_t sv1598_lowdiskspaceminimum;
+};
+
+struct SERVER_INFO_1602 {
+ uint8_t sv_1598_disablestrictnamechecking;
+};
+
+struct USER_INFO_0 {
+ const char * usri0_name;
+};
+
+#define USER_PRIV_GUEST ( 0 )
+#define USER_PRIV_USER ( 1 )
+#define USER_PRIV_ADMIN ( 2 )
+
+struct USER_INFO_1 {
+ const char * usri1_name;
+ const char * usri1_password;
+ uint32_t usri1_password_age;
+ uint32_t usri1_priv;
+ const char * usri1_home_dir;
+ const char * usri1_comment;
+ uint32_t usri1_flags;
+ const char * usri1_script_path;
+};
+
+#define AF_OP_PRINT ( 0x1 )
+#define AF_OP_COMM ( 0x2 )
+#define AF_OP_SERVER ( 0x4 )
+#define AF_OP_ACCOUNTS ( 0x8 )
+
+struct USER_INFO_2 {
+ const char * usri2_name;
+ const char * usri2_password;
+ uint32_t usri2_password_age;
+ uint32_t usri2_priv;
+ const char * usri2_home_dir;
+ const char * usri2_comment;
+ uint32_t usri2_flags;
+ const char * usri2_script_path;
+ uint32_t usri2_auth_flags;
+ const char * usri2_full_name;
+ const char * usri2_usr_comment;
+ const char * usri2_parms;
+ const char * usri2_workstations;
+ uint32_t usri2_last_logon;
+ uint32_t usri2_last_logoff;
+ uint32_t usri2_acct_expires;
+ uint32_t usri2_max_storage;
+ uint32_t usri2_units_per_week;
+ uint8_t *usri2_logon_hours;/* [unique] */
+ uint32_t usri2_bad_pw_count;
+ uint32_t usri2_num_logons;
+ const char * usri2_logon_server;
+ uint32_t usri2_country_code;
+ uint32_t usri2_code_page;
+};
+
+struct USER_INFO_3 {
+ const char * usri3_name;
+ uint32_t usri3_password_age;
+ uint32_t usri3_priv;
+ const char * usri3_home_dir;
+ const char * usri3_comment;
+ uint32_t usri3_flags;
+ const char * usri3_script_path;
+ uint32_t usri3_auth_flags;
+ const char * usri3_full_name;
+ const char * usri3_usr_comment;
+ const char * usri3_parms;
+ const char * usri3_workstations;
+ uint32_t usri3_last_logon;
+ uint32_t usri3_last_logoff;
+ uint32_t usri3_acct_expires;
+ uint32_t usri3_max_storage;
+ uint32_t usri3_units_per_week;
+ uint8_t *usri3_logon_hours;/* [unique] */
+ uint32_t usri3_bad_pw_count;
+ uint32_t usri3_num_logons;
+ const char * usri3_logon_server;
+ uint32_t usri3_country_code;
+ uint32_t usri3_code_page;
+ uint32_t usri3_user_id;
+ uint32_t usri3_primary_group_id;
+ const char * usri3_profile;
+ const char * usri3_home_dir_drive;
+ uint32_t usri3_password_expired;
+};
+
+struct USER_INFO_4 {
+ const char * usri4_name;
+ const char * usri4_password;
+ uint32_t usri4_password_age;
+ uint32_t usri4_priv;
+ const char * usri4_home_dir;
+ const char * usri4_comment;
+ uint32_t usri4_flags;
+ const char * usri4_script_path;
+ uint32_t usri4_auth_flags;
+ const char * usri4_full_name;
+ const char * usri4_usr_comment;
+ const char * usri4_parms;
+ const char * usri4_workstations;
+ uint32_t usri4_last_logon;
+ uint32_t usri4_last_logoff;
+ uint32_t usri4_acct_expires;
+ uint32_t usri4_max_storage;
+ uint32_t usri4_units_per_week;
+ uint8_t *usri4_logon_hours;/* [unique] */
+ uint32_t usri4_bad_pw_count;
+ uint32_t usri4_num_logons;
+ const char * usri4_logon_server;
+ uint32_t usri4_country_code;
+ uint32_t usri4_code_page;
+ struct domsid *usri4_user_sid;/* [unique] */
+ uint32_t usri4_primary_group_id;
+ const char * usri4_profile;
+ const char * usri4_home_dir_drive;
+ uint32_t usri4_password_expired;
+};
+
+struct USER_INFO_10 {
+ const char * usri10_name;
+ const char * usri10_comment;
+ const char * usri10_usr_comment;
+ const char * usri10_full_name;
+};
+
+struct USER_INFO_11 {
+ const char * usri11_name;
+ const char * usri11_comment;
+ const char * usri11_usr_comment;
+ const char * usri11_full_name;
+ uint32_t usri11_priv;
+ uint32_t usri11_auth_flags;
+ uint32_t usri11_password_age;
+ const char * usri11_home_dir;
+ const char * usri11_parms;
+ uint32_t usri11_last_logon;
+ uint32_t usri11_last_logoff;
+ uint32_t usri11_bad_pw_count;
+ uint32_t usri11_num_logons;
+ const char * usri11_logon_server;
+ uint32_t usri11_country_code;
+ const char * usri11_workstations;
+ uint32_t usri11_max_storage;
+ uint32_t usri11_units_per_week;
+ uint8_t *usri11_logon_hours;/* [unique] */
+ uint32_t usri11_code_page;
+};
+
+struct USER_INFO_20 {
+ const char * usri20_name;
+ const char * usri20_full_name;
+ const char * usri20_comment;
+ uint32_t usri20_flags;
+ uint32_t usri20_user_id;
+};
+
+struct USER_INFO_21 {
+ uint8_t *usri21_password;
+};
+
+struct USER_INFO_22 {
+ const char * usri22_name;
+ uint8_t *usri22_password;
+ uint32_t usri22_password_age;
+ uint32_t usri22_priv;
+ const char * usri22_home_dir;
+ const char * usri22_comment;
+ uint32_t usri22_flags;
+ uint32_t usri22_script_path;
+ uint32_t usri22_auth_flags;
+ const char * usri22_full_name;
+ const char * usri22_usr_comment;
+ const char * usri22_parms;
+ const char * usri22_workstations;
+ uint32_t usri22_last_logon;
+ uint32_t usri22_last_logoff;
+ uint32_t usri22_acct_expires;
+ uint32_t usri22_max_storage;
+ uint32_t usri22_units_per_week;
+ uint8_t *usri22_logon_hours;/* [unique] */
+ uint32_t usri22_bad_pw_count;
+ uint32_t usri22_num_logons;
+ const char * usri22_logon_server;
+ uint32_t usri22_country_code;
+ uint32_t usri22_code_page;
+};
+
+struct USER_INFO_23 {
+ const char * usri23_name;
+ const char * usri23_full_name;
+ const char * usri23_comment;
+ uint32_t usri23_flags;
+ struct domsid *usri23_user_sid;/* [unique] */
+};
+
+struct USER_INFO_1003 {
+ const char * usri1003_password;
+};
+
+struct USER_INFO_1005 {
+ uint32_t usri1005_priv;
+};
+
+struct USER_INFO_1006 {
+ const char * usri1006_home_dir;
+};
+
+struct USER_INFO_1007 {
+ const char * usri1007_comment;
+};
+
+struct USER_INFO_1008 {
+ uint32_t usri1008_flags;
+};
+
+struct USER_INFO_1009 {
+ const char * usri1009_script_path;
+};
+
+struct USER_INFO_1010 {
+ uint32_t usri1010_auth_flags;
+};
+
+struct USER_INFO_1011 {
+ const char * usri1011_full_name;
+};
+
+struct USER_INFO_1012 {
+ const char * usri1012_usr_comment;
+};
+
+struct USER_INFO_1013 {
+ const char * usri1013_parms;
+};
+
+struct USER_INFO_1014 {
+ const char * usri1014_workstations;
+};
+
+struct USER_INFO_1017 {
+ uint32_t usri1017_acct_expires;
+};
+
+struct USER_INFO_1018 {
+ uint32_t usri1018_max_storage;
+};
+
+struct USER_INFO_1020 {
+ uint32_t usri1020_units_per_week;
+ uint8_t *usri1020_logon_hours;/* [unique] */
+};
+
+struct USER_INFO_1023 {
+ const char * usri1023_logon_server;
+};
+
+struct USER_INFO_1024 {
+ uint32_t usri1024_country_code;
+};
+
+struct USER_INFO_1025 {
+ uint32_t usri1025_code_page;
+};
+
+struct USER_INFO_1051 {
+ uint32_t usri1051_primary_group_id;
+};
+
+struct USER_INFO_1052 {
+ const char * usri1052_profile;
+};
+
+struct USER_INFO_1053 {
+ const char * usri1053_home_dir_drive;
+};
+
+struct USER_MODALS_INFO_0 {
+ uint32_t usrmod0_min_passwd_len;
+ uint32_t usrmod0_max_passwd_age;
+ uint32_t usrmod0_min_passwd_age;
+ uint32_t usrmod0_force_logoff;
+ uint32_t usrmod0_password_hist_len;
+};
+
+struct USER_MODALS_INFO_1 {
+ uint32_t usrmod1_role;
+ const char * usrmod1_primary;
+};
+
+struct USER_MODALS_INFO_2 {
+ const char * usrmod2_domain_name;
+ struct domsid *usrmod2_domain_id;/* [unique] */
+};
+
+struct USER_MODALS_INFO_3 {
+ uint32_t usrmod3_lockout_duration;
+ uint32_t usrmod3_lockout_observation_window;
+ uint32_t usrmod3_lockout_threshold;
+};
+
+struct USER_MODALS_INFO_1001 {
+ uint32_t usrmod1001_min_passwd_len;
+};
+
+struct USER_MODALS_INFO_1002 {
+ uint32_t usrmod1002_max_passwd_age;
+};
+
+struct USER_MODALS_INFO_1003 {
+ uint32_t usrmod1003_min_passwd_age;
+};
+
+struct USER_MODALS_INFO_1004 {
+ uint32_t usrmod1004_force_logoff;
+};
+
+struct USER_MODALS_INFO_1005 {
+ uint32_t usrmod1005_password_hist_len;
+};
+
+struct USER_MODALS_INFO_1006 {
+ uint32_t usrmod1006_role;
+};
+
+struct USER_MODALS_INFO_1007 {
+ const char * usrmod1007_primary;
+};
+
+struct NET_DISPLAY_USER {
+ const char * usri1_name;
+ const char * usri1_comment;
+ uint32_t usri1_flags;
+ const char * usri1_full_name;
+ uint32_t usri1_user_id;
+ uint32_t usri1_next_index;
+};
+
+struct NET_DISPLAY_MACHINE {
+ const char * usri2_name;
+ const char * usri2_comment;
+ uint32_t usri2_flags;
+ uint32_t usri2_user_id;
+ uint32_t usri2_next_index;
+};
+
+struct NET_DISPLAY_GROUP {
+ const char * grpi3_name;
+ const char * grpi3_comment;
+ uint32_t grpi3_group_id;
+ uint32_t grpi3_attributes;
+ uint32_t grpi3_next_index;
+};
+
+struct GROUP_INFO_0 {
+ const char * grpi0_name;
+};
+
+struct GROUP_INFO_1 {
+ const char * grpi1_name;
+ const char * grpi1_comment;
+};
+
+struct GROUP_INFO_2 {
+ const char * grpi2_name;
+ const char * grpi2_comment;
+ uint32_t grpi2_group_id;
+ uint32_t grpi2_attributes;
+};
+
+struct GROUP_INFO_3 {
+ const char * grpi3_name;
+ const char * grpi3_comment;
+ struct domsid * grpi3_group_sid;
+ uint32_t grpi3_attributes;
+};
+
+struct GROUP_INFO_1002 {
+ const char * grpi1002_comment;
+};
+
+struct GROUP_INFO_1005 {
+ uint32_t grpi1005_attributes;
+};
+
+struct GROUP_USERS_INFO_0 {
+ const char * grui0_name;
+};
+
+struct GROUP_USERS_INFO_1 {
+ const char * grui1_name;
+ uint32_t grui1_attributes;
+};
+
+struct LOCALGROUP_INFO_0 {
+ const char * lgrpi0_name;
+};
+
+struct LOCALGROUP_INFO_1 {
+ const char * lgrpi1_name;
+ const char * lgrpi1_comment;
+};
+
+struct LOCALGROUP_INFO_1002 {
+ const char * lgrpi1002_comment;
+};
+
+enum SID_NAME_USE {
+ SidTypeUser=1,
+ SidTypeGroup=2,
+ SidTypeDomain=3,
+ SidTypeAlias=4,
+ SidTypeWellKnownGroup=5,
+ SidTypeDeletedAccount=6,
+ SidTypeInvalid=7,
+ SidTypeUnknown=8,
+ SidTypeComputer=9,
+ SidTypeLabel=10
+};
+
+struct LOCALGROUP_MEMBERS_INFO_0 {
+ struct domsid *lgrmi0_sid;/* [unique] */
+};
+
+struct LOCALGROUP_MEMBERS_INFO_1 {
+ struct domsid *lgrmi1_sid;/* [unique] */
+ enum SID_NAME_USE lgrmi1_sidusage;
+ const char * lgrmi1_name;
+};
+
+struct LOCALGROUP_MEMBERS_INFO_2 {
+ struct domsid *lgrmi2_sid;/* [unique] */
+ enum SID_NAME_USE lgrmi2_sidusage;
+ const char * lgrmi2_domainandname;
+};
+
+struct LOCALGROUP_MEMBERS_INFO_3 {
+ const char * lgrmi3_domainandname;
+};
+
+struct LOCALGROUP_USERS_INFO_0 {
+ const char * lgrui0_name;
+};
+
+struct TIME_OF_DAY_INFO {
+ uint32_t tod_elapsedt;
+ uint32_t tod_msecs;
+ uint32_t tod_hours;
+ uint32_t tod_mins;
+ uint32_t tod_secs;
+ uint32_t tod_hunds;
+ int32_t tod_timezone;
+ uint32_t tod_tinterval;
+ uint32_t tod_day;
+ uint32_t tod_month;
+ uint32_t tod_year;
+ uint32_t tod_weekday;
+};
+
+struct SHARE_INFO_0 {
+ const char * shi0_netname;
+};
+
+struct SHARE_INFO_1 {
+ const char * shi1_netname;
+ uint32_t shi1_type;
+ const char * shi1_remark;
+};
+
+struct SHARE_INFO_2 {
+ const char * shi2_netname;
+ uint32_t shi2_type;
+ const char * shi2_remark;
+ uint32_t shi2_permissions;
+ uint32_t shi2_max_uses;
+ uint32_t shi2_current_uses;
+ const char * shi2_path;
+ const char * shi2_passwd;
+};
+
+struct SHARE_INFO_501 {
+ const char * shi501_netname;
+ uint32_t shi501_type;
+ const char * shi501_remark;
+ uint32_t shi501_flags;
+};
+
+struct SHARE_INFO_502 {
+ const char * shi502_netname;
+ uint32_t shi502_type;
+ const char * shi502_remark;
+ uint32_t shi502_permissions;
+ uint32_t shi502_max_uses;
+ uint32_t shi502_current_uses;
+ const char * shi502_path;
+ const char * shi502_passwd;
+ uint32_t shi502_reserved;
+ struct security_descriptor * shi502_security_descriptor;
+};
+
+struct SHARE_INFO_1004 {
+ const char * shi1004_remark;
+};
+
+struct SHARE_INFO_1005 {
+ uint32_t shi1005_flags;
+};
+
+struct SHARE_INFO_1006 {
+ uint32_t shi1006_max_uses;
+};
+
+struct FILE_INFO_2 {
+ uint32_t fi2_id;
+};
+
+struct FILE_INFO_3 {
+ uint32_t fi3_id;
+ uint32_t fi3_permissions;
+ uint32_t fi3_num_locks;
+ const char * fi3_pathname;
+ const char * fi3_username;
+};
+
+struct NETLOGON_INFO_1 {
+ uint32_t netlog1_flags;
+ NET_API_STATUS netlog1_pdc_connection_status;
+};
+
+struct NETLOGON_INFO_2 {
+ uint32_t netlog2_flags;
+ NET_API_STATUS netlog2_pdc_connection_status;
+ const char * netlog2_trusted_dc_name;
+ NET_API_STATUS netlog2_tc_connection_status;
+};
+
+struct NETLOGON_INFO_3 {
+ uint32_t netlog1_flags;
+ uint32_t netlog3_logon_attempts;
+ uint32_t netlog3_reserved1;
+ uint32_t netlog3_reserved2;
+ uint32_t netlog3_reserved3;
+ uint32_t netlog3_reserved4;
+ uint32_t netlog3_reserved5;
+};
+
+struct NETLOGON_INFO_4 {
+ const char * netlog4_trusted_dc_name;
+ const char * netlog4_trusted_domain_name;
+};
+
+#define DS_PDC_FLAG ( 0x00000001 )
+#define DS_GC_FLAG ( 0x00000004 )
+#define DS_LDAP_FLAG ( 0x00000008 )
+#define DS_DS_FLAG ( 0x00000010 )
+#define DS_KDC_FLAG ( 0x00000020 )
+#define DS_TIMESERV_FLAG ( 0x00000040 )
+#define DS_CLOSEST_FLAG ( 0x00000080 )
+#define DS_WRITABLE_FLAG ( 0x00000100 )
+#define DS_GOOD_TIMESERV_FLAG ( 0x00000200 )
+#define DS_NDNC_FLAG ( 0x00000400 )
+#define DS_SELECT_SECRET_DOMAIN_6_FLAG ( 0x00000800 )
+#define DS_FULL_SECRET_DOMAIN_6_FLAG ( 0x00001000 )
+#define DS_WS_FLAG ( 0x00002000 )
+#define DS_DS_8_FLAG ( 0x00004000 )
+#define DS_DNS_CONTROLLER_FLAG ( 0x20000000 )
+#define DS_DNS_DOMAIN_FLAG ( 0x40000000 )
+#define DS_DNS_FOREST_FLAG ( 0x80000000 )
+
+#endif /* _HEADER_libnetapi */
+
+#ifndef _HEADER_netlogon
+
+#define NETLOGON_CONTROL_QUERY ( 0x00000001 )
+#define NETLOGON_CONTROL_REPLICATE ( 0x00000002 )
+#define NETLOGON_CONTROL_SYNCHRONIZE ( 0x00000003 )
+#define NETLOGON_CONTROL_PDC_REPLICATE ( 0x00000004 )
+#define NETLOGON_CONTROL_REDISCOVER ( 0x00000005 )
+#define NETLOGON_CONTROL_TC_QUERY ( 0x00000006 )
+#define NETLOGON_CONTROL_TRANSPORT_NOTIFY ( 0x00000007 )
+#define NETLOGON_CONTROL_FIND_USER ( 0x00000008 )
+#define NETLOGON_CONTROL_CHANGE_PASSWORD ( 0x00000009 )
+#define NETLOGON_CONTROL_TC_VERIFY ( 0x0000000A )
+#define NETLOGON_CONTROL_FORCE_DNS_REG ( 0x0000000B )
+#define NETLOGON_CONTROL_QUERY_DNS_REG ( 0x0000000C )
+#define NETLOGON_CONTROL_BACKUP_CHANGE_LOG ( 0x0000FFFC )
+#define NETLOGON_CONTROL_TRUNCATE_LOG ( 0x0000FFFD )
+#define NETLOGON_CONTROL_SET_DBFLAG ( 0x0000FFFE )
+#define NETLOGON_CONTROL_BREAKPOINT ( 0x0000FFFF )
+
+#define DS_FORCE_REDISCOVERY ( 0x00000001 )
+#define DS_DIRECTORY_SERVICE_REQUIRED ( 0x00000010 )
+#define DS_DIRECTORY_SERVICE_PREFERRED ( 0x00000020 )
+#define DS_GC_SERVER_REQUIRED ( 0x00000040 )
+#define DS_PDC_REQUIRED ( 0x00000080 )
+#define DS_BACKGROUND_ONLY ( 0x00000100 )
+#define DS_IP_REQUIRED ( 0x00000200 )
+#define DS_KDC_REQUIRED ( 0x00000400 )
+#define DS_TIMESERV_REQUIRED ( 0x00000800 )
+#define DS_WRITABLE_REQUIRED ( 0x00001000 )
+#define DS_GOOD_TIMESERV_PREFERRED ( 0x00002000 )
+#define DS_AVOID_SELF ( 0x00004000 )
+#define DS_ONLY_LDAP_NEEDED ( 0x00008000 )
+#define DS_IS_FLAT_NAME ( 0x00010000 )
+#define DS_IS_DNS_NAME ( 0x00020000 )
+#define DS_TRY_NEXTCLOSEST_SITE ( 0x00040000 )
+#define DS_DIRECTORY_SERVICE_6_REQUIRED ( 0x00080000 )
+#define DS_WEB_SERVICE_REQUIRED ( 0x00100000 )
+#define DS_RETURN_DNS_NAME ( 0x40000000 )
+#define DS_RETURN_FLAT_NAME ( 0x80000000 )
+
+#endif /* _HEADER_netlogon */
+
+/****************************************************************
+****************************************************************/
+
+struct libnetapi_ctx;
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_init(struct libnetapi_ctx **ctx);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_free(struct libnetapi_ctx *ctx);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_getctx(struct libnetapi_ctx **ctx);
+
+NET_API_STATUS libnetapi_get_username(struct libnetapi_ctx *ctx,
+ const char **username);
+
+NET_API_STATUS libnetapi_get_password(struct libnetapi_ctx *ctx,
+ const char **password);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_debuglevel(struct libnetapi_ctx *ctx,
+ const char *debuglevel);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_creds(struct libnetapi_ctx *ctx,
+ struct cli_credentials *creds);
+
+
+NET_API_STATUS libnetapi_set_username(struct libnetapi_ctx *ctx,
+ const char *username);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_password(struct libnetapi_ctx *ctx,
+ const char *password);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_workgroup(struct libnetapi_ctx *ctx,
+ const char *workgroup);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_use_kerberos(struct libnetapi_ctx *ctx);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_get_use_kerberos(struct libnetapi_ctx *ctx,
+ int *use_kerberos);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_logfile(struct libnetapi_ctx *ctx,
+ const char *logfile);
+
+/****************************************************************
+****************************************************************/
+
+NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx);
+
+/****************************************************************
+Return a specific libnetapi error as a string, caller must free with NetApiBufferFree
+****************************************************************/
+
+char *libnetapi_errstr(NET_API_STATUS status);
+
+/****************************************************************
+Return the last libnetapi error as a string, caller must free with NetApiBufferFree
+ctx is optional
+****************************************************************/
+
+char *libnetapi_get_error_string(struct libnetapi_ctx *ctx,
+ NET_API_STATUS status);
+
+/****************************************************************
+ NetApiBufferAllocate
+****************************************************************/
+
+NET_API_STATUS NetApiBufferAllocate(uint32_t byte_count,
+ void **buffer);
+
+/****************************************************************
+ NetApiBufferFree
+****************************************************************/
+
+NET_API_STATUS NetApiBufferFree(void *buffer);
+
+/************************************************************//**
+ *
+ * ConvertSidToStringSid
+ *
+ * @brief Convert a domain sid into a string
+ *
+ * @param[in] sid A pointer to a sid structure
+ * @param[in,out] sid_string A pointer that holds a pointer to a sid string. Caller
+ * needs to free with free(3)
+ * @return bool
+ ***************************************************************/
+
+int ConvertSidToStringSid(const struct domsid *sid,
+ char **sid_string);
+
+/************************************************************//**
+ *
+ * ConvertStringSidToSid
+ *
+ * @brief Convert a string into a domain sid
+ *
+ * @param[in] sid_string A pointer to a sid string.
+ * @param[in,out] sid A pointer that holds a pointer to a sid structure.
+ * Caller needs to free with free(3)
+ * @return bool
+ ***************************************************************/
+
+int ConvertStringSidToSid(const char *sid_string,
+ struct domsid **sid);
+
+/************************************************************//**
+ *
+ * NetJoinDomain
+ *
+ * @brief Join a computer to a domain or workgroup
+ *
+ * @param[in] server The server name to connect to
+ * @param[in] domain The domain or workgroup to join
+ * @param[in] account_ou The organizational Unit to create the computer account
+ * in (AD only)
+ * @param[in] account The domain account used for joining a domain
+ * @param[in] password The domain account's password used for joining a domain
+ * @param[in] join_flags Bitmask field to define specific join features
+ * @return NET_API_STATUS
+ *
+ * example netdomjoin/netdomjoin.c
+ ***************************************************************/
+
+NET_API_STATUS NetJoinDomain(const char * server /* [in] */,
+ const char * domain /* [in] [ref] */,
+ const char * account_ou /* [in] */,
+ const char * account /* [in] */,
+ const char * password /* [in] */,
+ uint32_t join_flags /* [in] */);
+
+/************************************************************//**
+ *
+ * NetUnjoinDomain
+ *
+ * @brief Unjoin a computer from a domain or workgroup
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] account The domain account used for unjoining a domain
+ * @param[in] password The domain account's password used for unjoining a domain
+ * @param[in] unjoin_flags Bitmask field to define specific unjoin features
+ * @return NET_API_STATUS
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetUnjoinDomain(const char * server_name /* [in] */,
+ const char * account /* [in] */,
+ const char * password /* [in] */,
+ uint32_t unjoin_flags /* [in] */);
+
+/************************************************************//**
+ *
+ * NetGetJoinInformation
+ *
+ * @brief Unjoin a computer from a domain or workgroup
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[out] name_buffer Returns the name of the workgroup or domain
+ * @param[out] name_type Returns the type of that name
+ * @return NET_API_STATUS
+ *
+ * example netdomjoin-gui/netdomjoin-gui.c
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetGetJoinInformation(const char * server_name /* [in] */,
+ const char * *name_buffer /* [out] [ref] */,
+ uint16_t *name_type /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGetJoinableOUs
+ *
+ * @brief Query for the list of joinable organizational Units that can be used
+ * for joining AD
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] domain The AD domain to query
+ * @param[in] account The domain account used for the query
+ * @param[in] password The domain account's password used for the query
+ * @param[out] ou_count The number of ous returned
+ * @param[out] ous Returned string array containing the ous
+ * @return NET_API_STATUS
+ *
+ * example netdomjoin-gui/netdomjoin-gui.c
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetGetJoinableOUs(const char * server_name /* [in] */,
+ const char * domain /* [in] [ref] */,
+ const char * account /* [in] */,
+ const char * password /* [in] */,
+ uint32_t *ou_count /* [out] [ref] */,
+ const char * **ous /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetRenameMachineInDomain
+ *
+ * @brief Rename a machine in a domain
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] new_machine_name The new machine name
+ * @param[in] account The domain account used for the query
+ * @param[in] password The domain account's password used for the query
+ * @param[in] rename_options Options used for the rename operation
+ * @return NET_API_STATUS
+ *
+ * example join/rename_machine.c
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetRenameMachineInDomain(const char * server_name /* [in] */,
+ const char * new_machine_name /* [in] */,
+ const char * account /* [in] */,
+ const char * password /* [in] */,
+ uint32_t rename_options /* [in] */);
+
+/************************************************************//**
+ *
+ * NetProvisionComputerAccount
+ *
+ * @brief Provision a machine for offline join
+ *
+ * @param[in] domain The domain to provision for
+ * @param[in] machine_name The machine account name
+ * @param[in] machine_account_ou The machine account ou to create the account in
+ * @param[in] dcname A specific domain controller to use for account creation
+ * @param[in] options The options used for account creation
+ * @param[in,out] provision_bin_data The generated binary buffer
+ * @param[in,out] provision_bin_data_size The generated binary buffer size
+ * @param[in,out] provision_text_data The generated text data blob
+ * @return NET_API_STATUS
+ *
+ * example join/provision_computer_account.c
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetProvisionComputerAccount(const char * domain /* [in] [ref] */,
+ const char * machine_name /* [in] [ref] */,
+ const char * machine_account_ou /* [in] [unique] */,
+ const char * dcname /* [in] [unique] */,
+ uint32_t options /* [in] */,
+ uint8_t **provision_bin_data /* [in,out] [unique] */,
+ uint32_t *provision_bin_data_size /* [in,out] [unique] */,
+ const char * *provision_text_data /* [in,out] [unique] */);
+
+/************************************************************//**
+ *
+ * NetRequestOfflineDomainJoin
+ *
+ * @brief Request an offline domain join
+ *
+ * @param[in] provision_bin_data The provided binary buffer
+ * @param[in] provision_bin_data_size The provided binary buffer size
+ * @param[in] options The options used for account creation
+ * @param[in] windows_path The path for the joined image
+ * @return NET_API_STATUS
+ *
+ * example join/request_offline_domain_join.c
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetRequestOfflineDomainJoin(uint8_t *provision_bin_data /* [in] [unique] */,
+ uint32_t provision_bin_data_size /* [in] */,
+ uint32_t options /* [in] */,
+ const char * windows_path /* [in] [unique] */);
+
+/************************************************************//**
+ *
+ * NetComposeOfflineDomainJoin
+ *
+ * @brief Compose an offline domain join blob
+ *
+ * Intended to be used by external applications who provision the computer
+ * acconut on their own.
+ *
+ *
+ * @param[in] dns_domain_name The domain DNS name
+ * @param[in] netbios_domain_name The domain NETBIOS name
+ * @param[in] domain_sid The domain SID
+ * @param[in] domain_guid The domain GUID
+ * @param[in] forest_name The forest name
+ * @param[in] machine_account_name The machine account name
+ * @param[in] machine_account_password The machine account password
+ * @param[in] dc_name The domain controller name used to provision the account
+ * @param[in] dc_address The domain controller address used to provision the account
+ * @param[in] domain_is_ad True if the domain is AD
+ * @param[in,out] compose_bin_data The generated binary buffer
+ * @param[in,out] compose_bin_data_size The generated binary buffer size
+ * @param[in,out] compose_text_data The generated text data blob
+ * @return NET_API_STATUS
+ *
+ * example join/compose_offline_domain_join.c
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetComposeOfflineDomainJoin(const char *dns_domain_name /* [in] [ref] */,
+ const char *netbios_domain_name /* [in] [ref] */,
+ struct domsid *domain_sid /* [in] [ref] */,
+ struct GUID *domain_guid /* [in] [ref] */,
+ const char *forest_name /* [in] [ref] */,
+ const char *machine_account_name /* [in] [ref] */,
+ const char *machine_account_password /* [in] [ref] */,
+ const char *dc_name /* [in] [unique] */,
+ const char *dc_address /* [in] [unique] */,
+ int domain_is_ad /* [in] */,
+ uint8_t **provision_bin_data /* [in,out] [unique] */,
+ uint32_t *provision_bin_data_size /* [in,out] [unique] */,
+ const char * *provision_text_data /* [in,out] [unique] */);
+
+/************************************************************//**
+ *
+ * NetServerGetInfo
+ *
+ * @brief Get Information on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level to define which information is requested
+ * @param[out] buffer The returned buffer carrying the SERVER_INFO structure
+ * @return NET_API_STATUS
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetServerGetInfo(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetServerSetInfo
+ *
+ * @brief Get Information on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level to define which information is set
+ * @param[in] buffer The buffer carrying the SERVER_INFO structure
+ * @param[out] parm_error On failure returns the invalid SERVER_INFO member
+ * @return NET_API_STATUS
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetServerSetInfo(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_error /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetWkstaGetInfo
+ *
+ * @brief Get Information on a workstation
+ *
+ * @param[in] wksta_name The workstation name to connect to
+ * @param[in] level The level to define which information is requested
+ * @param[out] buffer The returned buffer carrying the WKSTA_INFO structure
+ * @return NET_API_STATUS
+ *
+ ***************************************************************/
+
+NET_API_STATUS NetWkstaGetInfo(const char * wksta_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGetDCName
+ *
+ * @brief Query for the PDC for a given domain
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] domain_name The name of the domain to lookup
+ * @param[out] buffer The name of the domain to lookup
+ * @return NET_API_STATUS
+ *
+ * example getdc/getdc.c
+ ***************************************************************/
+
+NET_API_STATUS NetGetDCName(const char * server_name /* [in] */,
+ const char * domain_name /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGetAnyDCName
+ *
+ * @brief Query for any DC for a given domain
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] domain_name The name of the domain to lookup
+ * @param[out] buffer The name of the domain to lookup
+ * @return NET_API_STATUS
+ *
+ * example getdc/getdc.c
+ ***************************************************************/
+
+NET_API_STATUS NetGetAnyDCName(const char * server_name /* [in] */,
+ const char * domain_name /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+
+/************************************************************//**
+ *
+ * DsGetDcName
+ *
+ * @brief Lookup a DC for a given domain and return information structure
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] domain_name The name of the domain to lookup (cannot be NULL)
+ * @param[in] domain_guid The GUID of the domain to lookup (optional)
+ * @param[in] site_name The name of the site the DC should reside in
+ * @param[in] flags A bitmask to request specific features supported by the DC
+ * @param[out] dc_info Pointer to a DOMAIN_CONTROLLER_INFO structure
+ * @return NET_API_STATUS
+ *
+ * example dsgetdc/dsgetdc.c
+ ***************************************************************/
+
+NET_API_STATUS DsGetDcName(const char * server_name /* [in] [unique] */,
+ const char * domain_name /* [in] [ref] */,
+ struct GUID *domain_guid /* [in] [unique] */,
+ const char * site_name /* [in] [unique] */,
+ uint32_t flags /* [in] */,
+ struct DOMAIN_CONTROLLER_INFO **dc_info /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserAdd
+ *
+ * @brief Create a user on a given server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level of the USER_INFO structure passed in (Currently
+ * only level 1 is supported)
+ * @param[in] buffer The buffer carrying the USER_INFO structure
+ * @param[out] parm_error In case of error returns the failing member of the
+ * structure
+ * @return NET_API_STATUS
+ *
+ * example user/user_add.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_error /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserDel
+ *
+ * @brief Delete a user on a given server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] user_name The user account to delete
+ * @return NET_API_STATUS
+ *
+ * example user/user_del.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserDel(const char * server_name /* [in] */,
+ const char * user_name /* [in] */);
+
+/************************************************************//**
+ *
+ * NetUserEnum
+ *
+ * @brief Enumerate accounts on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The enumeration level used for the query (Currently only
+ * level 0 is supported)
+ * @param[in] filter The account flags filter used for the query
+ * @param[out] buffer The returned enumeration buffer
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of returned entries
+ * @param[out] total_entries The number of total entries
+ * @param[in,out] resume_handle A handle passed in and returned for resuming
+ * operations
+ * @return NET_API_STATUS
+ *
+ * example user/user_enum.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint32_t filter /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserChangePassword
+ *
+ * @brief Change the password for a user on a given server or in a given domain
+ *
+ * @param[in] domain_name The server or domain name to connect to
+ * @param[in] user_name The user account to change the password for
+ * @param[in] old_password The user account's old password
+ * @param[in] new_password The user account's new password
+ * @return NET_API_STATUS
+ *
+ * example user/user_chgpwd.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserChangePassword(const char * domain_name /* [in] */,
+ const char * user_name /* [in] */,
+ const char * old_password /* [in] */,
+ const char * new_password /* [in] */);
+
+/************************************************************//**
+ *
+ * NetUserGetInfo
+ *
+ * @brief Get User Information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] user_name The name of the user that is going to be queried
+ * @param[in] level The level defining the requested USER_INFO_X structure
+ * @param[out] buffer The buffer containing a USER_INFO_X structure
+ * @return NET_API_STATUS
+ *
+ * example user/user_getinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserGetInfo(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserSetInfo
+ *
+ * @brief Set User Information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] user_name The name of the user that is going to be modified
+ * @param[in] level The level defining the requested USER_INFO_X structure
+ * @param[in] buffer The buffer containing a USER_INFO_X structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example user/user_setinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserSetInfo(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserModalsGet
+ *
+ * @brief Get SAM domain and password information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level defining which USER_MODALS_INFO_X buffer to query
+ * @param[out] buffer The returned USER_MODALS_INFO_X buffer
+ * @return NET_API_STATUS
+ *
+ * example user/user_modalsget.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserModalsGet(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserModalsSet
+ *
+ * @brief Set SAM domain and password information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level defining which USER_MODALS_INFO_X buffer to query
+ * @param[out] buffer The buffer conntaing a USER_MODALS_INFO_X structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example user/user_modalsset.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserModalsSet(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserGetGroups
+ *
+ * @brief Enumerate grouplist of a user on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] user_name The user name to query
+ * @param[in] level The enumeration level used for the query (Currently only
+ * level 0 is supported)
+ * @param[out] buffer The returned enumeration buffer
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of returned entries
+ * @param[out] total_entries The number of total entries
+ * @return NET_API_STATUS
+ *
+ * example user/user_getgroups.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserGetGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetUserSetGroups
+ *
+ * @brief Set grouplist of a user on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] user_name The user name to query
+ * @param[in] level The level defining the GROUP_USERS_INFO_X structures in the buffer
+ * @param[in] buffer The buffer containing GROUP_USERS_INFO_X structures
+ * @param[in] num_entries The number of X structures in the buffer
+ * @return NET_API_STATUS
+ *
+ * example user/user_setgroups.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserSetGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t num_entries /* [in] */);
+
+/************************************************************//**
+ *
+ * NetUserGetLocalGroups
+ *
+ * @brief Enumerate local grouplist of a user on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] user_name The user name to query
+ * @param[in] level The enumeration level used for the query
+ * @param[in] flags The flags used for the query
+ * @param[out] buffer The returned enumeration buffer
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of returned entries
+ * @param[out] total_entries The number of total entries
+ * @return NET_API_STATUS
+ *
+ * example user/user_getlocalgroups.c
+ ***************************************************************/
+
+NET_API_STATUS NetUserGetLocalGroups(const char * server_name /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint32_t flags /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetQueryDisplayInformation
+ *
+ * @brief Enumerate accounts on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The enumeration level used for the query
+ * @param[in] idx The index to start the the display enumeration at
+ * @param[in] entries_requested The number of entries requested
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of returned entries
+ * @param[out] buffer The returned display information buffer
+ * @return NET_API_STATUS
+ *
+ * example user/user_dispinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetQueryDisplayInformation(const char * server_name /* [in] [unique] */,
+ uint32_t level /* [in] */,
+ uint32_t idx /* [in] */,
+ uint32_t entries_requested /* [in] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ void **buffer /* [out] [noprint,ref] */);
+
+/************************************************************//**
+ *
+ * NetGroupAdd
+ *
+ * @brief Create Domain Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level used for the new group creation
+ * @param[in] buf The buffer containing the group structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example group/group_add.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buf /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGroupDel
+ *
+ * @brief Delete Domain Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be deleted
+ * @return NET_API_STATUS
+ *
+ * example group/group_del.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupDel(const char * server_name /* [in] */,
+ const char * group_name /* [in] */);
+
+/************************************************************//**
+ *
+ * NetGroupEnum
+ *
+ * @brief Enumerate groups on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The enumeration level used for the query (Currently only
+ * level 0 is supported)
+ * @param[out] buffer The returned enumeration buffer
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of returned entries
+ * @param[out] total_entries The number of total entries
+ * @param[in,out] resume_handle A handle passed in and returned for resuming
+ * operations
+ * @return NET_API_STATUS
+ *
+ * example group/group_enum.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGroupSetInfo
+ *
+ * @brief Set Domain Group Information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be modified
+ * @param[in] level The level defining the structure type in buf
+ * @param[in] buf The buffer containing a GROUP_INFO_X structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example group/group_setinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupSetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buf /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGroupGetInfo
+ *
+ * @brief Get Domain Group Information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be queried
+ * @param[in] level The level defining the requested GROUP_INFO_X structure
+ * @param[out] buf The buffer containing a GROUP_INFO_X structure
+ * @return NET_API_STATUS
+ *
+ * example group/group_getinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupGetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buf /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGroupAddUser
+ *
+ * @brief Add existing User to existing Domain Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be modified
+ * @param[in] user_name The name of the user that is going to be added to the
+ * group
+ * @return NET_API_STATUS
+ *
+ * example group/group_adduser.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupAddUser(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ const char * user_name /* [in] */);
+
+/************************************************************//**
+ *
+ * NetGroupDelUser
+ *
+ * @brief Remove User from Domain Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be modified
+ * @param[in] user_name The name of the user that is going to be removed from
+ * the group
+ * @return NET_API_STATUS
+ *
+ * example group/group_deluser.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupDelUser(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ const char * user_name /* [in] */);
+
+/************************************************************//**
+ *
+ * NetGroupGetUsers
+ *
+ * @brief Get Users for a group on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The group name to enumerate users for
+ * @param[in] level The enumeration level used for the query
+ * @param[out] buffer The returned enumeration buffer
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of returned entries
+ * @param[out] total_entries The number of total entries
+ * @param[in,out] resume_handle A handle passed in and returned for resuming
+ * operations
+ * @return NET_API_STATUS
+ *
+ * example group/group_getusers.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupGetUsers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetGroupSetUsers
+ *
+ * @brief Set Users for a group on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The group name to enumerate users for
+ * @param[in] level The enumeration level used for the query
+ * @param[in] buffer The buffer containing a X structure
+ * @param[in] num_entries The number of X entries in the buffer
+ * @return NET_API_STATUS
+ *
+ * example group/group_setusers.c
+ ***************************************************************/
+
+NET_API_STATUS NetGroupSetUsers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t num_entries /* [in] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupAdd
+ *
+ * @brief Create Local Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level used for the new group creation
+ * @param[in] buf The buffer containing the group structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_add.c
+ ***************************************************************/
+
+NET_API_STATUS NetLocalGroupAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buf /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupDel
+ *
+ * @brief Delete Local Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be deleted
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_del.c
+ ***************************************************************/
+
+
+NET_API_STATUS NetLocalGroupDel(const char * server_name /* [in] */,
+ const char * group_name /* [in] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupGetInfo
+ *
+ * @brief Get Local Group Information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be queried
+ * @param[in] level The level defining the requested LOCALGROUP_INFO_X structure
+ * @param[out] buf The buffer containing a LOCALGROUP_INFO_X structure
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_getinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetLocalGroupGetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buf /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupSetInfo
+ *
+ * @brief Set Local Group Information
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to be modified
+ * @param[in] level The level defining the requested LOCALGROUP_INFO_X structure
+ * @param[in] buf The buffer containing a LOCALGROUP_INFO_X structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_setinfo.c
+ ***************************************************************/
+
+
+NET_API_STATUS NetLocalGroupSetInfo(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buf /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupEnum
+ *
+ * @brief Enumerate local groups on a server
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The enumeration level used for the query (Currently only
+ * level 0 is supported)
+ * @param[out] buffer The returned enumeration buffer
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of returned entries
+ * @param[out] total_entries The number of total entries
+ * @param[in,out] resume_handle A handle passed in and returned for resuming
+ * operations
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_enum.c
+ ***************************************************************/
+
+NET_API_STATUS NetLocalGroupEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupAddMembers
+ *
+ * @brief Add Members to a Local Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to modified
+ * @param[in] level The level defining the LOCALGROUP_MEMBERS_INFO_X structure
+ * @param[in] buffer The buffer containing a LOCALGROUP_MEMBERS_INFO_X structure
+ * @param[in] total_entries The number of LOCALGROUP_MEMBERS_INFO_X entries in
+ * the buffer
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_addmembers.c
+ ***************************************************************/
+
+NET_API_STATUS NetLocalGroupAddMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupDelMembers
+ *
+ * @brief Delete Members from a Local Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to modified
+ * @param[in] level The level defining the LOCALGROUP_MEMBERS_INFO_X structure
+ * @param[in] buffer The buffer containing a LOCALGROUP_MEMBERS_INFO_X structure
+ * @param[in] total_entries The number of LOCALGROUP_MEMBERS_INFO_X entries in
+ * the buffer
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_delmembers.c
+ ***************************************************************/
+
+NET_API_STATUS NetLocalGroupDelMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupGetMembers
+ *
+ * @brief Enumerate Members in a local group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] local_group_name The localgroup that is going to be queried
+ * @param[in] level The level defining the LOCALGROUP_MEMBERS_INFO_X structure
+ * @param[out] buffer The buffer containing a LOCALGROUP_MEMBERS_INFO_X
+ * structure
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of LOCALGROUP_MEMBERS_INFO_X entries in the buffer
+ * @param[out] total_entries The total number of LOCALGROUP_MEMBERS_INFO_X entries for that group
+ * @param[in,out] resume_handle A handle passed in and returned for resuming
+ * operations
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_getmembers.c
+ ***************************************************************/
+
+NET_API_STATUS NetLocalGroupGetMembers(const char * server_name /* [in] */,
+ const char * local_group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetLocalGroupSetMembers
+ *
+ * @brief Set Members in a Local Group
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] group_name The name of the group that is going to modified
+ * @param[in] level The level defining the LOCALGROUP_MEMBERS_INFO_X structure
+ * @param[in] buffer The buffer containing a LOCALGROUP_MEMBERS_INFO_X structure
+ * @param[in] total_entries The number of LOCALGROUP_MEMBERS_INFO_X entries in
+ * the buffer
+ * @return NET_API_STATUS
+ *
+ * example localgroup/localgroup_setmembers.c
+ ***************************************************************/
+
+NET_API_STATUS NetLocalGroupSetMembers(const char * server_name /* [in] */,
+ const char * group_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t total_entries /* [in] */);
+
+/************************************************************//**
+ *
+ * NetRemoteTOD
+ *
+ * @brief Query remote Time of Day
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[out] buf The buffer containing a TIME_OF_DAY_INFO structure
+ * @return NET_API_STATUS
+ *
+ * example server/remote_tod.c
+ ***************************************************************/
+
+NET_API_STATUS NetRemoteTOD(const char * server_name /* [in] */,
+ uint8_t **buf /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetShareAdd
+ *
+ * @brief Add Share
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level defining the requested SHARE_INFO_X structure
+ * @param[in] buffer The buffer containing a SHARE_INFO_X structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example share/share_add.c
+ ***************************************************************/
+
+NET_API_STATUS NetShareAdd(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetShareDel
+ *
+ * @brief Delete Share
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] net_name The name of the share to delete
+ * @param[in] reserved
+ * @return NET_API_STATUS
+ *
+ * example share/share_del.c
+ ***************************************************************/
+
+NET_API_STATUS NetShareDel(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t reserved /* [in] */);
+
+/************************************************************//**
+ *
+ * NetShareEnum
+ *
+ * @brief Enumerate Shares
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] level The level defining the SHARE_INFO_X structure
+ * @param[out] buffer The buffer containing a SHARE_INFO_X structure
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of SHARE_INFO_X entries in the buffer
+ * @param[out] total_entries The total number of SHARE_INFO_X entries
+ * @param[in,out] resume_handle A handle passed in and returned for resuming
+ * operations
+ * @return NET_API_STATUS
+ *
+ * example share/share_enum.c
+ ***************************************************************/
+
+NET_API_STATUS NetShareEnum(const char * server_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetShareGetInfo
+ *
+ * @brief Get Share Info
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] net_name The name of the share to query
+ * @param[in] level The level defining the SHARE_INFO_X structure
+ * @param[out] buffer The buffer containing a SHARE_INFO_X structure
+ * @return NET_API_STATUS
+ *
+ * example share/share_getinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetShareGetInfo(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetShareSetInfo
+ *
+ * @brief Set Share Info
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] net_name The name of the share to query
+ * @param[in] level The level defining the SHARE_INFO_X structure
+ * @param[in] buffer The buffer containing a SHARE_INFO_X structure
+ * @param[out] parm_err The returned parameter error number if any
+ * @return NET_API_STATUS
+ *
+ * example share/share_setinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetShareSetInfo(const char * server_name /* [in] */,
+ const char * net_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t *buffer /* [in] [ref] */,
+ uint32_t *parm_err /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetFileClose
+ *
+ * @brief Close a file
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] fileid The fileid of the file that is going to be closed
+ * @return NET_API_STATUS
+ *
+ * example file/file_close.c
+ ***************************************************************/
+
+NET_API_STATUS NetFileClose(const char * server_name /* [in] */,
+ uint32_t fileid /* [in] */);
+
+/************************************************************//**
+ *
+ * NetFileGetInfo
+ *
+ * @brief Close a file
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] fileid The fileid of the file that is going to be closed
+ * @param[in] level The level of the FILE_INFO_X buffer
+ * @param[out] buffer The buffer containing a FILE_INFO_X structure
+ * @return NET_API_STATUS
+ *
+ * example file/file_getinfo.c
+ ***************************************************************/
+
+NET_API_STATUS NetFileGetInfo(const char * server_name /* [in] */,
+ uint32_t fileid /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetFileEnum
+ *
+ * @brief Enumerate Files
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] base_path The
+ * @param[in] user_name The
+ * @param[in] level The level defining the FILE_INFO_X structure
+ * @param[out] buffer The buffer containing a FILE_INFO_X structure
+ * @param[in] prefmaxlen The requested maximal buffer size
+ * @param[out] entries_read The number of FILE_INFO_X entries in the buffer
+ * @param[out] total_entries The total number of FILE_INFO_X entries
+ * @param[in,out] resume_handle A handle passed in and returned for resuming
+ * operations
+ * @return NET_API_STATUS
+ *
+ * example file/file_enum.c
+ ***************************************************************/
+
+NET_API_STATUS NetFileEnum(const char * server_name /* [in] */,
+ const char * base_path /* [in] */,
+ const char * user_name /* [in] */,
+ uint32_t level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */,
+ uint32_t prefmaxlen /* [in] */,
+ uint32_t *entries_read /* [out] [ref] */,
+ uint32_t *total_entries /* [out] [ref] */,
+ uint32_t *resume_handle /* [in,out] [ref] */);
+
+/************************************************************//**
+ *
+ * NetShutdownInit
+ *
+ * @brief Start a machine shutdown
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] message The message that is displayed before the shutdown
+ * @param[in] timeout The amount of seconds to wait until shutting down
+ * @param[in] force_apps Whether to close all applications before the shutdown
+ * @param[in] do_reboot Whether to reboot after the shutdown
+ * @return NET_API_STATUS
+ *
+ * example shutdown/shutdown_init.c
+ ***************************************************************/
+
+NET_API_STATUS NetShutdownInit(const char * server_name /* [in] */,
+ const char * message /* [in] */,
+ uint32_t timeout /* [in] */,
+ uint8_t force_apps /* [in] */,
+ uint8_t do_reboot /* [in] */);
+
+/************************************************************//**
+ *
+ * NetShutdownAbort
+ *
+ * @brief Abort an initiated machine shutdown
+ *
+ * @param[in] server_name The server name to connect to
+ * @return NET_API_STATUS
+ *
+ * example shutdown/shutdown_abort.c
+ ***************************************************************/
+
+NET_API_STATUS NetShutdownAbort(const char * server_name /* [in] */);
+
+/************************************************************//**
+ *
+ * I_NetLogonControl
+ *
+ * @brief Control various aspects of the NETLOGON service
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] function_code The function code to call on the server
+ * @param[in] query_level The level of the NETLOGON_INFO structure returned
+ * @param[out] buffer The returned buffer containing the NETLOGON_INFO structure
+ * @return NET_API_STATUS
+ *
+ * example netlogon/netlogon_control.c
+ ***************************************************************/
+
+NET_API_STATUS I_NetLogonControl(const char * server_name /* [in] */,
+ uint32_t function_code /* [in] */,
+ uint32_t query_level /* [in] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+/************************************************************//**
+ *
+ * I_NetLogonControl2
+ *
+ * @brief Control various aspects of the NETLOGON service
+ *
+ * @param[in] server_name The server name to connect to
+ * @param[in] function_code The function code to call on the server
+ * @param[in] query_level The level of the NETLOGON_INFO structure returned
+ * @param[in] data The buffer containing information related to the function code
+ * @param[out] buffer The returned buffer containing the NETLOGON_INFO structure
+ * @return NET_API_STATUS
+ *
+ * example netlogon/netlogon_control2.c
+ ***************************************************************/
+
+NET_API_STATUS I_NetLogonControl2(const char * server_name /* [in] */,
+ uint32_t function_code /* [in] */,
+ uint32_t query_level /* [in] */,
+ uint8_t *data /* [in] [ref] */,
+ uint8_t **buffer /* [out] [ref] */);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __LIB_NETAPI_H__ */
diff --git a/source3/lib/netapi/netapi_net.h b/source3/lib/netapi/netapi_net.h
new file mode 100644
index 0000000..8febc2a
--- /dev/null
+++ b/source3/lib/netapi/netapi_net.h
@@ -0,0 +1,26 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Andrew Bartlett 2010
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This API header is private between the 'net' binary and and libnet */
+
+/* This function is to init the libnetapi subsystem, without
+ * re-reading config files or setting debug levels etc */
+NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **ctx,
+ struct loadparm_context *lp_ctx,
+ struct cli_credentials *creds);
diff --git a/source3/lib/netapi/netapi_private.h b/source3/lib/netapi/netapi_private.h
new file mode 100644
index 0000000..c0d0ea0
--- /dev/null
+++ b/source3/lib/netapi/netapi_private.h
@@ -0,0 +1,114 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_NETAPI_PRIVATE_H__
+#define __LIB_NETAPI_PRIVATE_H__
+
+#include "lib/netapi/netapi_net.h"
+#include "auth/credentials/credentials.h"
+
+#define LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, fn) \
+ DEBUG(10,("redirecting call %s to localhost\n", #fn)); \
+ if (!r->in.server_name) { \
+ r->in.server_name = "localhost"; \
+ } \
+ return fn ## _r(ctx, r);
+
+struct dcerpc_binding_handle;
+struct ndr_interface_table;
+
+struct libnetapi_private_ctx {
+ struct {
+ const char *domain_name;
+ struct dom_sid *domain_sid;
+ struct rpc_pipe_client *cli;
+
+ uint32_t connect_mask;
+ struct policy_handle connect_handle;
+
+ uint32_t domain_mask;
+ struct policy_handle domain_handle;
+
+ uint32_t builtin_mask;
+ struct policy_handle builtin_handle;
+ } samr;
+
+ struct client_ipc_connection *ipc_connections;
+
+ struct messaging_context *msg_ctx;
+};
+
+struct libnetapi_ctx {
+ char *debuglevel;
+ char *logfile;
+ char *error_string;
+ int disable_policy_handle_cache;
+
+ struct cli_credentials *creds;
+
+ void *private_data;
+ struct loadparm_context *lp_ctx;
+};
+
+
+NET_API_STATUS libnetapi_set_error_string(struct libnetapi_ctx *ctx,
+ const char *format, ...)
+ PRINTF_ATTRIBUTE(2,3);
+NET_API_STATUS libnetapi_get_debuglevel(struct libnetapi_ctx *ctx, char **debuglevel);
+NET_API_STATUS libnetapi_set_logfile(struct libnetapi_ctx *ctx,
+ const char *logfile);
+
+WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx);
+WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
+ const char *server_name,
+ const struct ndr_interface_table *table,
+ struct rpc_pipe_client **presult);
+WERROR libnetapi_get_binding_handle(struct libnetapi_ctx *ctx,
+ const char *server_name,
+ const struct ndr_interface_table *table,
+ struct dcerpc_binding_handle **binding_handle);
+WERROR libnetapi_samr_open_domain(struct libnetapi_ctx *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ uint32_t connect_mask,
+ uint32_t domain_mask,
+ struct policy_handle *connect_handle,
+ struct policy_handle *domain_handle,
+ struct dom_sid2 **domain_sid);
+WERROR libnetapi_samr_open_builtin_domain(struct libnetapi_ctx *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ uint32_t connect_mask,
+ uint32_t builtin_mask,
+ struct policy_handle *connect_handle,
+ struct policy_handle *builtin_handle);
+void libnetapi_samr_close_domain_handle(struct libnetapi_ctx *ctx,
+ struct policy_handle *handle);
+void libnetapi_samr_close_builtin_handle(struct libnetapi_ctx *ctx,
+ struct policy_handle *handle);
+void libnetapi_samr_close_connect_handle(struct libnetapi_ctx *ctx,
+ struct policy_handle *handle);
+void libnetapi_samr_free(struct libnetapi_ctx *ctx);
+
+NTSTATUS add_GROUP_USERS_INFO_X_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ const char *group_name,
+ uint32_t attributes,
+ uint8_t **buffer,
+ uint32_t *num_entries);
+
+#endif
diff --git a/source3/lib/netapi/netlogon.c b/source3/lib/netapi/netlogon.c
new file mode 100644
index 0000000..717dd17
--- /dev/null
+++ b/source3/lib/netapi/netlogon.c
@@ -0,0 +1,248 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi LogonControl Support
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "../librpc/gen_ndr/ndr_netlogon_c.h"
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+
+static WERROR construct_data(enum netr_LogonControlCode function_code,
+ const uint8_t *data_in,
+ union netr_CONTROL_DATA_INFORMATION *data_out)
+{
+ switch (function_code) {
+ case NETLOGON_CONTROL_QUERY:
+ case NETLOGON_CONTROL_REDISCOVER:
+ case NETLOGON_CONTROL_TC_QUERY:
+ case NETLOGON_CONTROL_CHANGE_PASSWORD:
+ case NETLOGON_CONTROL_TC_VERIFY:
+ data_out->domain = (const char *)data_in;
+ break;
+ case NETLOGON_CONTROL_FIND_USER:
+ data_out->user = (const char *)data_in;
+ break;
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ data_out->debug_level = atoi((const char *)data_in);
+ break;
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ ZERO_STRUCTP(data_out);
+ break;
+ default:
+ return WERR_INVALID_PARAMETER;
+ }
+
+ return WERR_OK;
+}
+
+static WERROR construct_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ union netr_CONTROL_QUERY_INFORMATION *q,
+ uint8_t **buffer)
+{
+ struct NETLOGON_INFO_1 *i1;
+ struct NETLOGON_INFO_2 *i2;
+ struct NETLOGON_INFO_3 *i3;
+ struct NETLOGON_INFO_4 *i4;
+
+ if (!q) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (level) {
+ case 1:
+ i1 = talloc(mem_ctx, struct NETLOGON_INFO_1);
+ W_ERROR_HAVE_NO_MEMORY(i1);
+
+ i1->netlog1_flags = q->info1->flags;
+ i1->netlog1_pdc_connection_status = W_ERROR_V(q->info1->pdc_connection_status);
+
+ *buffer = (uint8_t *)i1;
+
+ break;
+ case 2:
+ i2 = talloc(mem_ctx, struct NETLOGON_INFO_2);
+ W_ERROR_HAVE_NO_MEMORY(i2);
+
+ i2->netlog2_flags = q->info2->flags;
+ i2->netlog2_pdc_connection_status = W_ERROR_V(q->info2->pdc_connection_status);
+ i2->netlog2_trusted_dc_name = talloc_strdup(mem_ctx, q->info2->trusted_dc_name);
+ i2->netlog2_tc_connection_status = W_ERROR_V(q->info2->tc_connection_status);
+
+ *buffer = (uint8_t *)i2;
+
+ break;
+ case 3:
+ i3 = talloc(mem_ctx, struct NETLOGON_INFO_3);
+ W_ERROR_HAVE_NO_MEMORY(i3);
+
+ i3->netlog1_flags = q->info3->flags;
+ i3->netlog3_logon_attempts = q->info3->logon_attempts;
+ i3->netlog3_reserved1 = q->info3->unknown1;
+ i3->netlog3_reserved2 = q->info3->unknown2;
+ i3->netlog3_reserved3 = q->info3->unknown3;
+ i3->netlog3_reserved4 = q->info3->unknown4;
+ i3->netlog3_reserved5 = q->info3->unknown5;
+
+ *buffer = (uint8_t *)i3;
+
+ break;
+ case 4:
+ i4 = talloc(mem_ctx, struct NETLOGON_INFO_4);
+ W_ERROR_HAVE_NO_MEMORY(i4);
+
+ i4->netlog4_trusted_dc_name = talloc_strdup(mem_ctx, q->info4->trusted_dc_name);
+ i4->netlog4_trusted_domain_name = talloc_strdup(mem_ctx, q->info4->trusted_domain_name);
+
+ *buffer = (uint8_t *)i4;
+
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR I_NetLogonControl_r(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ union netr_CONTROL_QUERY_INFORMATION query;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_netlogon,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_netr_LogonControl(b, talloc_tos(),
+ r->in.server_name,
+ r->in.function_code,
+ r->in.query_level,
+ &query,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = construct_buffer(ctx, r->in.query_level, &query,
+ r->out.buffer);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR I_NetLogonControl_l(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, I_NetLogonControl);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR I_NetLogonControl2_r(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl2 *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ union netr_CONTROL_DATA_INFORMATION data;
+ union netr_CONTROL_QUERY_INFORMATION query;
+ struct dcerpc_binding_handle *b;
+
+ werr = construct_data(r->in.function_code, r->in.data, &data);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_netlogon,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ switch (r->in.function_code) {
+ case NETLOGON_CONTROL_TC_VERIFY:
+ case NETLOGON_CONTROL_SET_DBFLAG:
+ case NETLOGON_CONTROL_FORCE_DNS_REG:
+ status = dcerpc_netr_LogonControl2Ex(b, talloc_tos(),
+ r->in.server_name,
+ r->in.function_code,
+ r->in.query_level,
+ &data,
+ &query,
+ &werr);
+ break;
+ default:
+ status = dcerpc_netr_LogonControl2(b, talloc_tos(),
+ r->in.server_name,
+ r->in.function_code,
+ r->in.query_level,
+ &data,
+ &query,
+ &werr);
+ break;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = construct_buffer(ctx, r->in.query_level, &query,
+ r->out.buffer);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR I_NetLogonControl2_l(struct libnetapi_ctx *ctx,
+ struct I_NetLogonControl2 *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, I_NetLogonControl2);
+}
diff --git a/source3/lib/netapi/samr.c b/source3/lib/netapi/samr.c
new file mode 100644
index 0000000..c1b7cfa
--- /dev/null
+++ b/source3/lib/netapi/samr.c
@@ -0,0 +1,346 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Samr Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "rpc_client/rpc_client.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
+#include "rpc_client/cli_samr.h"
+#include "rpc_client/init_lsa.h"
+#include "../libcli/security/security.h"
+
+/****************************************************************
+****************************************************************/
+
+WERROR libnetapi_samr_open_domain(struct libnetapi_ctx *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ uint32_t connect_mask,
+ uint32_t domain_mask,
+ struct policy_handle *connect_handle,
+ struct policy_handle *domain_handle,
+ struct dom_sid2 **domain_sid)
+{
+ NTSTATUS status, result;
+ WERROR werr;
+ struct libnetapi_private_ctx *priv;
+ uint32_t resume_handle = 0;
+ uint32_t num_entries = 0;
+ struct samr_SamArray *sam = NULL;
+ const char *domain_name = NULL;
+ struct lsa_String lsa_domain_name;
+ bool domain_found = false;
+ int i;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ priv = talloc_get_type_abort(mem_ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ if (is_valid_policy_hnd(&priv->samr.connect_handle)) {
+ if ((priv->samr.connect_mask & connect_mask) == connect_mask) {
+ *connect_handle = priv->samr.connect_handle;
+ } else {
+ libnetapi_samr_close_connect_handle(mem_ctx,
+ &priv->samr.connect_handle);
+ }
+ }
+
+ if (is_valid_policy_hnd(&priv->samr.domain_handle)) {
+ if ((priv->samr.domain_mask & domain_mask) == domain_mask) {
+ *domain_handle = priv->samr.domain_handle;
+ } else {
+ libnetapi_samr_close_domain_handle(mem_ctx,
+ &priv->samr.domain_handle);
+ }
+ }
+
+ if (priv->samr.domain_sid) {
+ *domain_sid = priv->samr.domain_sid;
+ }
+
+ if (is_valid_policy_hnd(&priv->samr.connect_handle) &&
+ ((priv->samr.connect_mask & connect_mask) == connect_mask) &&
+ is_valid_policy_hnd(&priv->samr.domain_handle) &&
+ (priv->samr.domain_mask & domain_mask) == domain_mask) {
+ return WERR_OK;
+ }
+
+ if (!is_valid_policy_hnd(connect_handle)) {
+ status = dcerpc_try_samr_connects(pipe_cli->binding_handle, mem_ctx,
+ pipe_cli->srv_name_slash,
+ connect_mask,
+ connect_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ status = dcerpc_samr_EnumDomains(b, mem_ctx,
+ connect_handle,
+ &resume_handle,
+ &sam,
+ 0xffffffff,
+ &num_entries,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ for (i=0; i<num_entries; i++) {
+
+ domain_name = sam->entries[i].name.string;
+
+ if (strequal(domain_name, builtin_domain_name())) {
+ continue;
+ }
+
+ domain_found = true;
+ break;
+ }
+
+ if (!domain_found) {
+ werr = WERR_NO_SUCH_DOMAIN;
+ goto done;
+ }
+
+ init_lsa_String(&lsa_domain_name, domain_name);
+
+ status = dcerpc_samr_LookupDomain(b, mem_ctx,
+ connect_handle,
+ &lsa_domain_name,
+ domain_sid,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ connect_handle,
+ domain_mask,
+ *domain_sid,
+ domain_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ priv->samr.cli = pipe_cli;
+
+ priv->samr.domain_name = domain_name;
+ priv->samr.domain_sid = *domain_sid;
+
+ priv->samr.connect_mask = connect_mask;
+ priv->samr.connect_handle = *connect_handle;
+
+ priv->samr.domain_mask = domain_mask;
+ priv->samr.domain_handle = *domain_handle;
+
+ werr = WERR_OK;
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR libnetapi_samr_open_builtin_domain(struct libnetapi_ctx *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ uint32_t connect_mask,
+ uint32_t builtin_mask,
+ struct policy_handle *connect_handle,
+ struct policy_handle *builtin_handle)
+{
+ NTSTATUS status, result;
+ WERROR werr;
+ struct libnetapi_private_ctx *priv;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ priv = talloc_get_type_abort(mem_ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ if (is_valid_policy_hnd(&priv->samr.connect_handle)) {
+ if ((priv->samr.connect_mask & connect_mask) == connect_mask) {
+ *connect_handle = priv->samr.connect_handle;
+ } else {
+ libnetapi_samr_close_connect_handle(mem_ctx,
+ &priv->samr.connect_handle);
+ }
+ }
+
+ if (is_valid_policy_hnd(&priv->samr.builtin_handle)) {
+ if ((priv->samr.builtin_mask & builtin_mask) == builtin_mask) {
+ *builtin_handle = priv->samr.builtin_handle;
+ } else {
+ libnetapi_samr_close_builtin_handle(mem_ctx,
+ &priv->samr.builtin_handle);
+ }
+ }
+
+ if (is_valid_policy_hnd(&priv->samr.connect_handle) &&
+ ((priv->samr.connect_mask & connect_mask) == connect_mask) &&
+ is_valid_policy_hnd(&priv->samr.builtin_handle) &&
+ (priv->samr.builtin_mask & builtin_mask) == builtin_mask) {
+ return WERR_OK;
+ }
+
+ if (!is_valid_policy_hnd(connect_handle)) {
+ status = dcerpc_try_samr_connects(pipe_cli->binding_handle, mem_ctx,
+ pipe_cli->srv_name_slash,
+ connect_mask,
+ connect_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ connect_handle,
+ builtin_mask,
+ discard_const_p(struct dom_sid, &global_sid_Builtin),
+ builtin_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ priv->samr.cli = pipe_cli;
+
+ priv->samr.connect_mask = connect_mask;
+ priv->samr.connect_handle = *connect_handle;
+
+ priv->samr.builtin_mask = builtin_mask;
+ priv->samr.builtin_handle = *builtin_handle;
+
+ werr = WERR_OK;
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+void libnetapi_samr_close_domain_handle(struct libnetapi_ctx *ctx,
+ struct policy_handle *handle)
+{
+ struct libnetapi_private_ctx *priv;
+ struct dcerpc_binding_handle *b;
+ NTSTATUS result;
+
+ if (!is_valid_policy_hnd(handle)) {
+ return;
+ }
+
+ priv = talloc_get_type_abort(ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ if (!ndr_policy_handle_equal(handle, &priv->samr.domain_handle)) {
+ return;
+ }
+
+ b = priv->samr.cli->binding_handle;
+
+ dcerpc_samr_Close(b, ctx, handle, &result);
+
+ ZERO_STRUCT(priv->samr.domain_handle);
+}
+
+/****************************************************************
+****************************************************************/
+
+void libnetapi_samr_close_builtin_handle(struct libnetapi_ctx *ctx,
+ struct policy_handle *handle)
+{
+ struct libnetapi_private_ctx *priv;
+ struct dcerpc_binding_handle *b;
+ NTSTATUS result;
+
+ if (!is_valid_policy_hnd(handle)) {
+ return;
+ }
+
+ priv = talloc_get_type_abort(ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ if (!ndr_policy_handle_equal(handle, &priv->samr.builtin_handle)) {
+ return;
+ }
+
+ b = priv->samr.cli->binding_handle;
+
+ dcerpc_samr_Close(b, ctx, handle, &result);
+
+ ZERO_STRUCT(priv->samr.builtin_handle);
+}
+
+/****************************************************************
+****************************************************************/
+
+void libnetapi_samr_close_connect_handle(struct libnetapi_ctx *ctx,
+ struct policy_handle *handle)
+{
+ struct libnetapi_private_ctx *priv;
+ struct dcerpc_binding_handle *b;
+ NTSTATUS result;
+
+ if (!is_valid_policy_hnd(handle)) {
+ return;
+ }
+
+ priv = talloc_get_type_abort(ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ if (!ndr_policy_handle_equal(handle, &priv->samr.connect_handle)) {
+ return;
+ }
+
+ b = priv->samr.cli->binding_handle;
+
+ dcerpc_samr_Close(b, ctx, handle, &result);
+
+ ZERO_STRUCT(priv->samr.connect_handle);
+}
+
+/****************************************************************
+****************************************************************/
+
+void libnetapi_samr_free(struct libnetapi_ctx *ctx)
+{
+ struct libnetapi_private_ctx *priv;
+
+ if (!ctx->private_data) {
+ return;
+ }
+
+ priv = talloc_get_type_abort(ctx->private_data,
+ struct libnetapi_private_ctx);
+
+ libnetapi_samr_close_domain_handle(ctx, &priv->samr.domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &priv->samr.builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &priv->samr.connect_handle);
+}
diff --git a/source3/lib/netapi/serverinfo.c b/source3/lib/netapi/serverinfo.c
new file mode 100644
index 0000000..cb5d9a2
--- /dev/null
+++ b/source3/lib/netapi/serverinfo.c
@@ -0,0 +1,701 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Server Support
+ * Copyright (C) Guenther Deschner 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "../librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "lib/smbconf/smbconf.h"
+#include "lib/smbconf/smbconf_reg.h"
+#include "libsmb/dsgetdcname.h"
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetServerGetInfo_l_101(struct libnetapi_ctx *ctx,
+ uint8_t **buffer)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ struct SERVER_INFO_101 i;
+
+ i.sv101_platform_id = PLATFORM_ID_NT;
+ i.sv101_name = lp_netbios_name();
+ i.sv101_version_major = SAMBA_MAJOR_NBT_ANNOUNCE_VERSION;
+ i.sv101_version_minor = SAMBA_MINOR_NBT_ANNOUNCE_VERSION;
+ i.sv101_type = lp_default_server_announce();
+ i.sv101_comment = lp_server_string(ctx, lp_sub);
+
+ *buffer = (uint8_t *)talloc_memdup(ctx, &i, sizeof(i));
+ if (!*buffer) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetServerGetInfo_l_1005(struct libnetapi_ctx *ctx,
+ uint8_t **buffer)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ struct SERVER_INFO_1005 info1005;
+
+ info1005.sv1005_comment = lp_server_string(ctx, lp_sub);
+ *buffer = (uint8_t *)talloc_memdup(ctx, &info1005, sizeof(info1005));
+ if (!*buffer) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetServerGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetServerGetInfo *r)
+{
+ switch (r->in.level) {
+ case 101:
+ return NetServerGetInfo_l_101(ctx, r->out.buffer);
+ case 1005:
+ return NetServerGetInfo_l_1005(ctx, r->out.buffer);
+ default:
+ break;
+ }
+
+ return WERR_INVALID_LEVEL;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS map_server_info_to_SERVER_INFO_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ union srvsvc_NetSrvInfo *i,
+ uint8_t **buffer)
+{
+ struct SERVER_INFO_100 i100;
+ struct SERVER_INFO_101 i101;
+ struct SERVER_INFO_102 i102;
+ struct SERVER_INFO_402 i402;
+ struct SERVER_INFO_403 i403;
+ struct SERVER_INFO_502 i502;
+ struct SERVER_INFO_503 i503;
+ struct SERVER_INFO_599 i599;
+ struct SERVER_INFO_1005 i1005;
+#if 0
+ struct SERVER_INFO_1010 i1010;
+ struct SERVER_INFO_1016 i1016;
+ struct SERVER_INFO_1017 i1017;
+ struct SERVER_INFO_1018 i1018;
+ struct SERVER_INFO_1107 i1107;
+ struct SERVER_INFO_1501 i1501;
+ struct SERVER_INFO_1502 i1502;
+ struct SERVER_INFO_1503 i1503;
+ struct SERVER_INFO_1506 i1506;
+ struct SERVER_INFO_1509 i1509;
+ struct SERVER_INFO_1510 i1510;
+ struct SERVER_INFO_1511 i1511;
+ struct SERVER_INFO_1512 i1512;
+ struct SERVER_INFO_1513 i1513;
+ struct SERVER_INFO_1514 i1514;
+ struct SERVER_INFO_1515 i1515;
+ struct SERVER_INFO_1516 i1516;
+ struct SERVER_INFO_1518 i1518;
+ struct SERVER_INFO_1520 i1520;
+ struct SERVER_INFO_1521 i1521;
+ struct SERVER_INFO_1522 i1522;
+ struct SERVER_INFO_1523 i1523;
+ struct SERVER_INFO_1524 i1524;
+ struct SERVER_INFO_1525 i1525;
+ struct SERVER_INFO_1528 i1528;
+ struct SERVER_INFO_1529 i1529;
+ struct SERVER_INFO_1530 i1530;
+ struct SERVER_INFO_1533 i1533;
+ struct SERVER_INFO_1534 i1534;
+ struct SERVER_INFO_1535 i1535;
+ struct SERVER_INFO_1536 i1536;
+ struct SERVER_INFO_1537 i1537;
+ struct SERVER_INFO_1538 i1538;
+ struct SERVER_INFO_1539 i1539;
+ struct SERVER_INFO_1540 i1540;
+ struct SERVER_INFO_1541 i1541;
+ struct SERVER_INFO_1542 i1542;
+ struct SERVER_INFO_1543 i1543;
+ struct SERVER_INFO_1544 i1544;
+ struct SERVER_INFO_1545 i1545;
+ struct SERVER_INFO_1546 i1546;
+ struct SERVER_INFO_1547 i1547;
+ struct SERVER_INFO_1548 i1548;
+ struct SERVER_INFO_1549 i1549;
+ struct SERVER_INFO_1550 i1550;
+ struct SERVER_INFO_1552 i1552;
+ struct SERVER_INFO_1553 i1553;
+ struct SERVER_INFO_1554 i1554;
+ struct SERVER_INFO_1555 i1555;
+ struct SERVER_INFO_1556 i1556;
+ struct SERVER_INFO_1557 i1557;
+ struct SERVER_INFO_1560 i1560;
+ struct SERVER_INFO_1561 i1561;
+ struct SERVER_INFO_1562 i1562;
+ struct SERVER_INFO_1563 i1563;
+ struct SERVER_INFO_1564 i1564;
+ struct SERVER_INFO_1565 i1565;
+ struct SERVER_INFO_1566 i1566;
+ struct SERVER_INFO_1567 i1567;
+ struct SERVER_INFO_1568 i1568;
+ struct SERVER_INFO_1569 i1569;
+ struct SERVER_INFO_1570 i1570;
+ struct SERVER_INFO_1571 i1571;
+ struct SERVER_INFO_1572 i1572;
+ struct SERVER_INFO_1573 i1573;
+ struct SERVER_INFO_1574 i1574;
+ struct SERVER_INFO_1575 i1575;
+ struct SERVER_INFO_1576 i1576;
+ struct SERVER_INFO_1577 i1577;
+ struct SERVER_INFO_1578 i1578;
+ struct SERVER_INFO_1579 i1579;
+ struct SERVER_INFO_1580 i1580;
+ struct SERVER_INFO_1581 i1581;
+ struct SERVER_INFO_1582 i1582;
+ struct SERVER_INFO_1583 i1583;
+ struct SERVER_INFO_1584 i1584;
+ struct SERVER_INFO_1585 i1585;
+ struct SERVER_INFO_1586 i1586;
+ struct SERVER_INFO_1587 i1587;
+ struct SERVER_INFO_1588 i1588;
+ struct SERVER_INFO_1590 i1590;
+ struct SERVER_INFO_1591 i1591;
+ struct SERVER_INFO_1592 i1592;
+ struct SERVER_INFO_1593 i1593;
+ struct SERVER_INFO_1594 i1594;
+ struct SERVER_INFO_1595 i1595;
+ struct SERVER_INFO_1596 i1596;
+ struct SERVER_INFO_1597 i1597;
+ struct SERVER_INFO_1598 i1598;
+ struct SERVER_INFO_1599 i1599;
+ struct SERVER_INFO_1600 i1600;
+ struct SERVER_INFO_1601 i1601;
+ struct SERVER_INFO_1602 i1602;
+#endif
+ uint32_t num_info = 0;
+
+ switch (level) {
+ case 100:
+ i100.sv100_platform_id = i->info100->platform_id;
+ i100.sv100_name = talloc_strdup(mem_ctx, i->info100->server_name);
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_100, i100,
+ (struct SERVER_INFO_100 **)buffer,
+ &num_info);
+ break;
+
+ case 101:
+ i101.sv101_platform_id = i->info101->platform_id;
+ i101.sv101_name = talloc_strdup(mem_ctx, i->info101->server_name);
+ i101.sv101_version_major = i->info101->version_major;
+ i101.sv101_version_minor = i->info101->version_minor;
+ i101.sv101_type = i->info101->server_type;
+ i101.sv101_comment = talloc_strdup(mem_ctx, i->info101->comment);
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_101, i101,
+ (struct SERVER_INFO_101 **)buffer,
+ &num_info);
+ break;
+
+ case 102:
+ i102.sv102_platform_id = i->info102->platform_id;
+ i102.sv102_name = talloc_strdup(mem_ctx, i->info102->server_name);
+ i102.sv102_version_major = i->info102->version_major;
+ i102.sv102_version_minor = i->info102->version_minor;
+ i102.sv102_type = i->info102->server_type;
+ i102.sv102_comment = talloc_strdup(mem_ctx, i->info102->comment);
+ i102.sv102_users = i->info102->users;
+ i102.sv102_disc = i->info102->disc;
+ i102.sv102_hidden = i->info102->hidden;
+ i102.sv102_announce = i->info102->announce;
+ i102.sv102_anndelta = i->info102->anndelta;
+ i102.sv102_licenses = i->info102->licenses;
+ i102.sv102_userpath = talloc_strdup(mem_ctx, i->info102->userpath);
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_102, i102,
+ (struct SERVER_INFO_102 **)buffer,
+ &num_info);
+ break;
+
+ case 402:
+
+ i402.sv402_ulist_mtime = i->info402->ulist_mtime;
+ i402.sv402_glist_mtime = i->info402->glist_mtime;
+ i402.sv402_alist_mtime = i->info402->alist_mtime;
+ i402.sv402_alerts = talloc_strdup(mem_ctx, i->info402->alerts);
+ i402.sv402_security = i->info402->security;
+ i402.sv402_numadmin = i->info402->numadmin;
+ i402.sv402_lanmask = i->info402->lanmask;
+ i402.sv402_guestacct = talloc_strdup(mem_ctx, i->info402->guestaccount);
+ i402.sv402_chdevs = i->info402->chdevs;
+ i402.sv402_chdevq = i->info402->chdevqs;
+ i402.sv402_chdevjobs = i->info402->chdevjobs;
+ i402.sv402_connections = i->info402->connections;
+ i402.sv402_shares = i->info402->shares;
+ i402.sv402_openfiles = i->info402->openfiles;
+ i402.sv402_sessopens = i->info402->sessopen;
+ i402.sv402_sessvcs = i->info402->sesssvc;
+ i402.sv402_sessreqs = i->info402->sessreqs;
+ i402.sv402_opensearch = i->info402->opensearch;
+ i402.sv402_activelocks = i->info402->activelocks;
+ i402.sv402_numreqbuf = i->info402->numreqbufs;
+ i402.sv402_sizreqbuf = i->info402->sizereqbufs;
+ i402.sv402_numbigbuf = i->info402->numbigbufs;
+ i402.sv402_numfiletasks = i->info402->numfiletasks;
+ i402.sv402_alertsched = i->info402->alertsched;
+ i402.sv402_erroralert = i->info402->erroralert;
+ i402.sv402_logonalert = i->info402->logonalert;
+ i402.sv402_accessalert = i->info402->accessalert;
+ i402.sv402_diskalert = i->info402->diskalert;
+ i402.sv402_netioalert = i->info402->netioalert;
+ i402.sv402_maxauditsz = i->info402->maxaudits;
+ i402.sv402_srvheuristics = i->info402->srvheuristics;
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_402, i402,
+ (struct SERVER_INFO_402 **)buffer,
+ &num_info);
+ break;
+
+ case 403:
+
+ i403.sv403_ulist_mtime = i->info403->ulist_mtime;
+ i403.sv403_glist_mtime = i->info403->glist_mtime;
+ i403.sv403_alist_mtime = i->info403->alist_mtime;
+ i403.sv403_alerts = talloc_strdup(mem_ctx, i->info403->alerts);
+ i403.sv403_security = i->info403->security;
+ i403.sv403_numadmin = i->info403->numadmin;
+ i403.sv403_lanmask = i->info403->lanmask;
+ i403.sv403_guestacct = talloc_strdup(mem_ctx, i->info403->guestaccount);
+ i403.sv403_chdevs = i->info403->chdevs;
+ i403.sv403_chdevq = i->info403->chdevqs;
+ i403.sv403_chdevjobs = i->info403->chdevjobs;
+ i403.sv403_connections = i->info403->connections;
+ i403.sv403_shares = i->info403->shares;
+ i403.sv403_openfiles = i->info403->openfiles;
+ i403.sv403_sessopens = i->info403->sessopen;
+ i403.sv403_sessvcs = i->info403->sesssvc;
+ i403.sv403_sessreqs = i->info403->sessreqs;
+ i403.sv403_opensearch = i->info403->opensearch;
+ i403.sv403_activelocks = i->info403->activelocks;
+ i403.sv403_numreqbuf = i->info403->numreqbufs;
+ i403.sv403_sizreqbuf = i->info403->sizereqbufs;
+ i403.sv403_numbigbuf = i->info403->numbigbufs;
+ i403.sv403_numfiletasks = i->info403->numfiletasks;
+ i403.sv403_alertsched = i->info403->alertsched;
+ i403.sv403_erroralert = i->info403->erroralert;
+ i403.sv403_logonalert = i->info403->logonalert;
+ i403.sv403_accessalert = i->info403->accessalert;
+ i403.sv403_diskalert = i->info403->diskalert;
+ i403.sv403_netioalert = i->info403->netioalert;
+ i403.sv403_maxauditsz = i->info403->maxaudits;
+ i403.sv403_srvheuristics = i->info403->srvheuristics;
+ i403.sv403_auditedevents = i->info403->auditedevents;
+ i403.sv403_autoprofile = i->info403->auditprofile;
+ i403.sv403_autopath = talloc_strdup(mem_ctx, i->info403->autopath);
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_403, i403,
+ (struct SERVER_INFO_403 **)buffer,
+ &num_info);
+ break;
+
+ case 502:
+ i502.sv502_sessopens = i->info502->sessopen;
+ i502.sv502_sessvcs = i->info502->sesssvc;
+ i502.sv502_opensearch = i->info502->opensearch;
+ i502.sv502_sizreqbuf = i->info502->sizereqbufs;
+ i502.sv502_initworkitems = i->info502->initworkitems;
+ i502.sv502_maxworkitems = i->info502->maxworkitems;
+ i502.sv502_rawworkitems = i->info502->rawworkitems;
+ i502.sv502_irpstacksize = i->info502->irpstacksize;
+ i502.sv502_maxrawbuflen = i->info502->maxrawbuflen;
+ i502.sv502_sessusers = i->info502->sessusers;
+ i502.sv502_sessconns = i->info502->sessconns;
+ i502.sv502_maxpagedmemoryusage = i->info502->maxpagedmemoryusage;
+ i502.sv502_maxnonpagedmemoryusage = i->info502->maxnonpagedmemoryusage;
+ i502.sv502_enablesoftcompat = i->info502->enablesoftcompat;
+ i502.sv502_enableforcedlogoff = i->info502->enableforcedlogoff;
+ i502.sv502_timesource = i->info502->timesource;
+ i502.sv502_acceptdownlevelapis = i->info502->acceptdownlevelapis;
+ i502.sv502_lmannounce = i->info502->lmannounce;
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_502, i502,
+ (struct SERVER_INFO_502 **)buffer,
+ &num_info);
+ break;
+
+ case 503:
+ i503.sv503_sessopens = i->info503->sessopen;
+ i503.sv503_sessvcs = i->info503->sesssvc;
+ i503.sv503_opensearch = i->info503->opensearch;
+ i503.sv503_sizreqbuf = i->info503->sizereqbufs;
+ i503.sv503_initworkitems = i->info503->initworkitems;
+ i503.sv503_maxworkitems = i->info503->maxworkitems;
+ i503.sv503_rawworkitems = i->info503->rawworkitems;
+ i503.sv503_irpstacksize = i->info503->irpstacksize;
+ i503.sv503_maxrawbuflen = i->info503->maxrawbuflen;
+ i503.sv503_sessusers = i->info503->sessusers;
+ i503.sv503_sessconns = i->info503->sessconns;
+ i503.sv503_maxpagedmemoryusage = i->info503->maxpagedmemoryusage;
+ i503.sv503_maxnonpagedmemoryusage = i->info503->maxnonpagedmemoryusage;
+ i503.sv503_enablesoftcompat = i->info503->enablesoftcompat;
+ i503.sv503_enableforcedlogoff = i->info503->enableforcedlogoff;
+ i503.sv503_timesource = i->info503->timesource;
+ i503.sv503_acceptdownlevelapis = i->info503->acceptdownlevelapis;
+ i503.sv503_lmannounce = i->info503->lmannounce;
+ i503.sv503_domain = talloc_strdup(mem_ctx, i->info503->domain);
+ i503.sv503_maxcopyreadlen = i->info503->maxcopyreadlen;
+ i503.sv503_maxcopywritelen = i->info503->maxcopywritelen;
+ i503.sv503_minkeepsearch = i->info503->minkeepsearch;
+ i503.sv503_maxkeepsearch = i->info503->maxkeepsearch;
+ i503.sv503_minkeepcomplsearch = i->info503->minkeepcomplsearch;
+ i503.sv503_maxkeepcomplsearch = i->info503->maxkeepcomplsearch;
+ i503.sv503_threadcountadd = i->info503->threadcountadd;
+ i503.sv503_numblockthreads = i->info503->numlockthreads;
+ i503.sv503_scavtimeout = i->info503->scavtimeout;
+ i503.sv503_minrcvqueue = i->info503->minrcvqueue;
+ i503.sv503_minfreeworkitems = i->info503->minfreeworkitems;
+ i503.sv503_xactmemsize = i->info503->xactmemsize;
+ i503.sv503_threadpriority = i->info503->threadpriority;
+ i503.sv503_maxmpxct = i->info503->maxmpxct;
+ i503.sv503_oplockbreakwait = i->info503->oplockbreakwait;
+ i503.sv503_oplockbreakresponsewait = i->info503->oplockbreakresponsewait;
+ i503.sv503_enableoplocks = i->info503->enableoplocks;
+ i503.sv503_enableoplockforceclose = i->info503->enableoplockforceclose;
+ i503.sv503_enablefcbopens = i->info503->enablefcbopens;
+ i503.sv503_enableraw = i->info503->enableraw;
+ i503.sv503_enablesharednetdrives = i->info503->enablesharednetdrives;
+ i503.sv503_minfreeconnections = i->info503->minfreeconnections;
+ i503.sv503_maxfreeconnections = i->info503->maxfreeconnections;
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_503, i503,
+ (struct SERVER_INFO_503 **)buffer,
+ &num_info);
+ break;
+
+ case 599:
+ i599.sv599_sessopens = i->info599->sessopen;
+ i599.sv599_sessvcs = i->info599->sesssvc;
+ i599.sv599_opensearch = i->info599->opensearch;
+ i599.sv599_sizreqbuf = i->info599->sizereqbufs;
+ i599.sv599_initworkitems = i->info599->initworkitems;
+ i599.sv599_maxworkitems = i->info599->maxworkitems;
+ i599.sv599_rawworkitems = i->info599->rawworkitems;
+ i599.sv599_irpstacksize = i->info599->irpstacksize;
+ i599.sv599_maxrawbuflen = i->info599->maxrawbuflen;
+ i599.sv599_sessusers = i->info599->sessusers;
+ i599.sv599_sessconns = i->info599->sessconns;
+ i599.sv599_maxpagedmemoryusage = i->info599->maxpagedmemoryusage;
+ i599.sv599_maxnonpagedmemoryusage = i->info599->maxnonpagedmemoryusage;
+ i599.sv599_enablesoftcompat = i->info599->enablesoftcompat;
+ i599.sv599_enableforcedlogoff = i->info599->enableforcedlogoff;
+ i599.sv599_timesource = i->info599->timesource;
+ i599.sv599_acceptdownlevelapis = i->info599->acceptdownlevelapis;
+ i599.sv599_lmannounce = i->info599->lmannounce;
+ i599.sv599_domain = talloc_strdup(mem_ctx, i->info599->domain);
+ i599.sv599_maxcopyreadlen = i->info599->maxcopyreadlen;
+ i599.sv599_maxcopywritelen = i->info599->maxcopywritelen;
+ i599.sv599_minkeepsearch = i->info599->minkeepsearch;
+ i599.sv599_maxkeepsearch = 0; /* ?? */
+ i599.sv599_minkeepcomplsearch = i->info599->minkeepcomplsearch;
+ i599.sv599_maxkeepcomplsearch = i->info599->maxkeepcomplsearch;
+ i599.sv599_threadcountadd = i->info599->threadcountadd;
+ i599.sv599_numblockthreads = i->info599->numlockthreads; /* typo ? */
+ i599.sv599_scavtimeout = i->info599->scavtimeout;
+ i599.sv599_minrcvqueue = i->info599->minrcvqueue;
+ i599.sv599_minfreeworkitems = i->info599->minfreeworkitems;
+ i599.sv599_xactmemsize = i->info599->xactmemsize;
+ i599.sv599_threadpriority = i->info599->threadpriority;
+ i599.sv599_maxmpxct = i->info599->maxmpxct;
+ i599.sv599_oplockbreakwait = i->info599->oplockbreakwait;
+ i599.sv599_oplockbreakresponsewait = i->info599->oplockbreakresponsewait;
+ i599.sv599_enableoplocks = i->info599->enableoplocks;
+ i599.sv599_enableoplockforceclose = i->info599->enableoplockforceclose;
+ i599.sv599_enablefcbopens = i->info599->enablefcbopens;
+ i599.sv599_enableraw = i->info599->enableraw;
+ i599.sv599_enablesharednetdrives = i->info599->enablesharednetdrives;
+ i599.sv599_minfreeconnections = i->info599->minfreeconnections;
+ i599.sv599_maxfreeconnections = i->info599->maxfreeconnections;
+ i599.sv599_initsesstable = i->info599->initsesstable;
+ i599.sv599_initconntable = i->info599->initconntable;
+ i599.sv599_initfiletable = i->info599->initfiletable;
+ i599.sv599_initsearchtable = i->info599->initsearchtable;
+ i599.sv599_alertschedule = i->info599->alertsched;
+ i599.sv599_errorthreshold = i->info599->errortreshold;
+ i599.sv599_networkerrorthreshold = i->info599->networkerrortreshold;
+ i599.sv599_diskspacethreshold = i->info599->diskspacetreshold;
+ i599.sv599_reserved = i->info599->reserved;
+ i599.sv599_maxlinkdelay = i->info599->maxlinkdelay;
+ i599.sv599_minlinkthroughput = i->info599->minlinkthroughput;
+ i599.sv599_linkinfovalidtime = i->info599->linkinfovalidtime;
+ i599.sv599_scavqosinfoupdatetime = i->info599->scavqosinfoupdatetime;
+ i599.sv599_maxworkitemidletime = i->info599->maxworkitemidletime;
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_599, i599,
+ (struct SERVER_INFO_599 **)buffer,
+ &num_info);
+ break;
+
+ case 1005:
+ i1005.sv1005_comment = talloc_strdup(mem_ctx, i->info1005->comment);
+
+ ADD_TO_ARRAY(mem_ctx, struct SERVER_INFO_1005, i1005,
+ (struct SERVER_INFO_1005 **)buffer,
+ &num_info);
+ break;
+ default:
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetServerGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetServerGetInfo *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ union srvsvc_NetSrvInfo info;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 100:
+ case 101:
+ case 102:
+ case 402:
+ case 502:
+ case 503:
+ case 1005:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetSrvGetInfo(b, talloc_tos(),
+ r->in.server_name,
+ r->in.level,
+ &info,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = map_server_info_to_SERVER_INFO_buffer(ctx, r->in.level, &info,
+ r->out.buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetServerSetInfo_l_1005(struct libnetapi_ctx *ctx,
+ struct NetServerSetInfo *r)
+{
+ WERROR werr = WERR_OK;
+ sbcErr err;
+ struct smbconf_ctx *conf_ctx;
+ struct srvsvc_NetSrvInfo1005 *info1005;
+
+ if (!r->in.buffer) {
+ *r->out.parm_error = 1005; /* sure here ? */
+ return WERR_INVALID_PARAMETER;
+ }
+
+ info1005 = (struct srvsvc_NetSrvInfo1005 *)r->in.buffer;
+
+ if (!info1005->comment) {
+ *r->out.parm_error = 1005;
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (!lp_config_backend_is_registry()) {
+ libnetapi_set_error_string(ctx,
+ "Configuration manipulation requested but not "
+ "supported by backend");
+ return WERR_NOT_SUPPORTED;
+ }
+
+ err = smbconf_init_reg(ctx, &conf_ctx, NULL);
+ if (!SBC_ERROR_IS_OK(err)) {
+ libnetapi_set_error_string(ctx,
+ "Could not initialize backend: %s",
+ sbcErrorString(err));
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ err = smbconf_set_global_parameter(conf_ctx, "server string",
+ info1005->comment);
+ if (!SBC_ERROR_IS_OK(err)) {
+ libnetapi_set_error_string(ctx,
+ "Could not set global parameter: %s",
+ sbcErrorString(err));
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ done:
+ smbconf_shutdown(conf_ctx);
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetServerSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetServerSetInfo *r)
+{
+ switch (r->in.level) {
+ case 1005:
+ return NetServerSetInfo_l_1005(ctx, r);
+ default:
+ break;
+ }
+
+ return WERR_INVALID_LEVEL;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetServerSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetServerSetInfo *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ union srvsvc_NetSrvInfo info;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ switch (r->in.level) {
+ case 1005:
+ info.info1005 = (struct srvsvc_NetSrvInfo1005 *)r->in.buffer;
+ break;
+ default:
+ werr = WERR_NOT_SUPPORTED;
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetSrvSetInfo(b, talloc_tos(),
+ r->in.server_name,
+ r->in.level,
+ &info,
+ r->out.parm_error,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetRemoteTOD_r(struct libnetapi_ctx *ctx,
+ struct NetRemoteTOD *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ struct srvsvc_NetRemoteTODInfo *info = NULL;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetRemoteTOD(b, talloc_tos(),
+ r->in.server_name,
+ &info,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ *r->out.buffer = (uint8_t *)talloc_memdup(ctx, info,
+ sizeof(struct srvsvc_NetRemoteTODInfo));
+ W_ERROR_HAVE_NO_MEMORY(*r->out.buffer);
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetRemoteTOD_l(struct libnetapi_ctx *ctx,
+ struct NetRemoteTOD *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetRemoteTOD);
+}
+
diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c
new file mode 100644
index 0000000..7f142fc
--- /dev/null
+++ b/source3/lib/netapi/share.c
@@ -0,0 +1,573 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Share Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "../librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS map_srvsvc_share_info_to_SHARE_INFO_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ union srvsvc_NetShareInfo *info,
+ uint8_t **buffer,
+ uint32_t *num_shares)
+{
+ struct SHARE_INFO_0 i0;
+ struct SHARE_INFO_1 i1;
+ struct SHARE_INFO_2 i2;
+ struct SHARE_INFO_501 i501;
+ struct SHARE_INFO_1005 i1005;
+
+ struct srvsvc_NetShareInfo0 *s0;
+ struct srvsvc_NetShareInfo1 *s1;
+ struct srvsvc_NetShareInfo2 *s2;
+ struct srvsvc_NetShareInfo501 *s501;
+ struct srvsvc_NetShareInfo1005 *s1005;
+
+ if (!buffer) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (level) {
+ case 0:
+ s0 = info->info0;
+
+ i0.shi0_netname = talloc_strdup(mem_ctx, s0->name);
+
+ ADD_TO_ARRAY(mem_ctx, struct SHARE_INFO_0, i0,
+ (struct SHARE_INFO_0 **)buffer,
+ num_shares);
+ break;
+
+ case 1:
+ s1 = info->info1;
+
+ i1.shi1_netname = talloc_strdup(mem_ctx, s1->name);
+ i1.shi1_type = s1->type;
+ i1.shi1_remark = talloc_strdup(mem_ctx, s1->comment);
+
+ ADD_TO_ARRAY(mem_ctx, struct SHARE_INFO_1, i1,
+ (struct SHARE_INFO_1 **)buffer,
+ num_shares);
+ break;
+
+ case 2:
+ s2 = info->info2;
+
+ i2.shi2_netname = talloc_strdup(mem_ctx, s2->name);
+ i2.shi2_type = s2->type;
+ i2.shi2_remark = talloc_strdup(mem_ctx, s2->comment);
+ i2.shi2_permissions = s2->permissions;
+ i2.shi2_max_uses = s2->max_users;
+ i2.shi2_current_uses = s2->current_users;
+ i2.shi2_path = talloc_strdup(mem_ctx, s2->path);
+ i2.shi2_passwd = talloc_strdup(mem_ctx, s2->password);
+
+ ADD_TO_ARRAY(mem_ctx, struct SHARE_INFO_2, i2,
+ (struct SHARE_INFO_2 **)buffer,
+ num_shares);
+ break;
+
+ case 501:
+ s501 = info->info501;
+
+ i501.shi501_netname = talloc_strdup(mem_ctx, s501->name);
+ i501.shi501_type = s501->type;
+ i501.shi501_remark = talloc_strdup(mem_ctx, s501->comment);
+ i501.shi501_flags = s501->csc_policy;
+
+ ADD_TO_ARRAY(mem_ctx, struct SHARE_INFO_501, i501,
+ (struct SHARE_INFO_501 **)buffer,
+ num_shares);
+ break;
+
+ case 1005:
+ s1005 = info->info1005;
+
+ i1005.shi1005_flags = s1005->dfs_flags;
+
+ ADD_TO_ARRAY(mem_ctx, struct SHARE_INFO_1005, i1005,
+ (struct SHARE_INFO_1005 **)buffer,
+ num_shares);
+ break;
+
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS map_SHARE_INFO_buffer_to_srvsvc_share_info(TALLOC_CTX *mem_ctx,
+ uint8_t *buffer,
+ uint32_t level,
+ union srvsvc_NetShareInfo *info)
+{
+ struct SHARE_INFO_2 *i2 = NULL;
+ struct SHARE_INFO_502 *i502 = NULL;
+ struct SHARE_INFO_1004 *i1004 = NULL;
+ struct srvsvc_NetShareInfo2 *s2 = NULL;
+ struct srvsvc_NetShareInfo502 *s502 = NULL;
+ struct srvsvc_NetShareInfo1004 *s1004 = NULL;
+
+ if (!buffer) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (level) {
+ case 2:
+ i2 = (struct SHARE_INFO_2 *)buffer;
+
+ s2 = talloc(mem_ctx, struct srvsvc_NetShareInfo2);
+ NT_STATUS_HAVE_NO_MEMORY(s2);
+
+ s2->name = i2->shi2_netname;
+ s2->type = i2->shi2_type;
+ s2->comment = i2->shi2_remark;
+ s2->permissions = i2->shi2_permissions;
+ s2->max_users = i2->shi2_max_uses;
+ s2->current_users = i2->shi2_current_uses;
+ s2->path = i2->shi2_path;
+ s2->password = i2->shi2_passwd;
+
+ info->info2 = s2;
+
+ break;
+
+ case 502:
+ i502 = (struct SHARE_INFO_502 *)buffer;
+
+ s502 = talloc(mem_ctx, struct srvsvc_NetShareInfo502);
+ NT_STATUS_HAVE_NO_MEMORY(s502);
+
+ s502->name = i502->shi502_netname;
+ s502->type = i502->shi502_type;
+ s502->comment = i502->shi502_remark;
+ s502->permissions = i502->shi502_permissions;
+ s502->max_users = i502->shi502_max_uses;
+ s502->current_users = i502->shi502_current_uses;
+ s502->path = i502->shi502_path;
+ s502->password = i502->shi502_passwd;
+ s502->sd_buf.sd_size =
+ ndr_size_security_descriptor(i502->shi502_security_descriptor, 0);
+ s502->sd_buf.sd = i502->shi502_security_descriptor;
+
+ info->info502 = s502;
+
+ break;
+
+ case 1004:
+ i1004 = (struct SHARE_INFO_1004 *)buffer;
+
+ s1004 = talloc(mem_ctx, struct srvsvc_NetShareInfo1004);
+ NT_STATUS_HAVE_NO_MEMORY(s1004);
+
+ s1004->comment = i1004->shi1004_remark;
+
+ info->info1004 = s1004;
+
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareAdd_r(struct libnetapi_ctx *ctx,
+ struct NetShareAdd *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ union srvsvc_NetShareInfo info;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 2:
+ case 502:
+ break;
+ case 503:
+ return WERR_NOT_SUPPORTED;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = map_SHARE_INFO_buffer_to_srvsvc_share_info(ctx,
+ r->in.buffer,
+ r->in.level,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetShareAdd(b, talloc_tos(),
+ r->in.server_name,
+ r->in.level,
+ &info,
+ r->out.parm_err,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareAdd_l(struct libnetapi_ctx *ctx,
+ struct NetShareAdd *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetShareAdd);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareDel_r(struct libnetapi_ctx *ctx,
+ struct NetShareDel *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->in.net_name) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetShareDel(b, talloc_tos(),
+ r->in.server_name,
+ r->in.net_name,
+ r->in.reserved,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareDel_l(struct libnetapi_ctx *ctx,
+ struct NetShareDel *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetShareDel);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareEnum_r(struct libnetapi_ctx *ctx,
+ struct NetShareEnum *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ struct srvsvc_NetShareInfoCtr info_ctr;
+ struct srvsvc_NetShareCtr0 ctr0;
+ struct srvsvc_NetShareCtr1 ctr1;
+ struct srvsvc_NetShareCtr2 ctr2;
+ uint32_t i;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ case 2:
+ break;
+ case 502:
+ case 503:
+ return WERR_NOT_SUPPORTED;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ ZERO_STRUCT(info_ctr);
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ info_ctr.level = r->in.level;
+ switch (r->in.level) {
+ case 0:
+ ZERO_STRUCT(ctr0);
+ info_ctr.ctr.ctr0 = &ctr0;
+ break;
+ case 1:
+ ZERO_STRUCT(ctr1);
+ info_ctr.ctr.ctr1 = &ctr1;
+ break;
+ case 2:
+ ZERO_STRUCT(ctr2);
+ info_ctr.ctr.ctr2 = &ctr2;
+ break;
+ }
+
+ status = dcerpc_srvsvc_NetShareEnumAll(b, talloc_tos(),
+ r->in.server_name,
+ &info_ctr,
+ r->in.prefmaxlen,
+ r->out.total_entries,
+ r->out.resume_handle,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr) && !W_ERROR_EQUAL(werr, WERR_MORE_DATA)) {
+ goto done;
+ }
+
+ for (i=0; i < info_ctr.ctr.ctr1->count; i++) {
+ union srvsvc_NetShareInfo _i = {0};
+ switch (r->in.level) {
+ case 0:
+ _i.info0 = &info_ctr.ctr.ctr0->array[i];
+ break;
+ case 1:
+ _i.info1 = &info_ctr.ctr.ctr1->array[i];
+ break;
+ case 2:
+ _i.info2 = &info_ctr.ctr.ctr2->array[i];
+ break;
+ }
+
+ status = map_srvsvc_share_info_to_SHARE_INFO_buffer(ctx,
+ r->in.level,
+ &_i,
+ r->out.buffer,
+ r->out.entries_read);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareEnum_l(struct libnetapi_ctx *ctx,
+ struct NetShareEnum *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetShareEnum);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetShareGetInfo *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ union srvsvc_NetShareInfo info;
+ uint32_t num_entries = 0;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->in.net_name || !r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ case 2:
+ case 501:
+ case 1005:
+ break;
+ case 502:
+ case 503:
+ return WERR_NOT_SUPPORTED;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetShareGetInfo(b, talloc_tos(),
+ r->in.server_name,
+ r->in.net_name,
+ r->in.level,
+ &info,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = map_srvsvc_share_info_to_SHARE_INFO_buffer(ctx,
+ r->in.level,
+ &info,
+ r->out.buffer,
+ &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetShareGetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetShareGetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetShareSetInfo *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ union srvsvc_NetShareInfo info;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 2:
+ case 1004:
+ break;
+ case 1:
+ case 502:
+ case 503:
+ case 1005:
+ case 1006:
+ case 1501:
+ return WERR_NOT_SUPPORTED;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_srvsvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = map_SHARE_INFO_buffer_to_srvsvc_share_info(ctx,
+ r->in.buffer,
+ r->in.level,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_srvsvc_NetShareSetInfo(b, talloc_tos(),
+ r->in.server_name,
+ r->in.net_name,
+ r->in.level,
+ &info,
+ r->out.parm_err,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShareSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetShareSetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetShareSetInfo);
+}
diff --git a/source3/lib/netapi/shutdown.c b/source3/lib/netapi/shutdown.c
new file mode 100644
index 0000000..9e1e8e1
--- /dev/null
+++ b/source3/lib/netapi/shutdown.c
@@ -0,0 +1,110 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Shutdown Support
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "../librpc/gen_ndr/ndr_initshutdown_c.h"
+#include "rpc_client/init_lsa.h"
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShutdownInit_r(struct libnetapi_ctx *ctx,
+ struct NetShutdownInit *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ struct lsa_StringLarge message;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_initshutdown,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_StringLarge(&message, r->in.message);
+
+ status = dcerpc_initshutdown_Init(b, talloc_tos(),
+ NULL,
+ &message,
+ r->in.timeout,
+ r->in.force_apps,
+ r->in.do_reboot,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShutdownInit_l(struct libnetapi_ctx *ctx,
+ struct NetShutdownInit *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetShutdownInit);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShutdownAbort_r(struct libnetapi_ctx *ctx,
+ struct NetShutdownAbort *r)
+{
+ WERROR werr;
+ NTSTATUS status;
+ struct dcerpc_binding_handle *b;
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_initshutdown,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_initshutdown_Abort(b, talloc_tos(),
+ NULL,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetShutdownAbort_l(struct libnetapi_ctx *ctx,
+ struct NetShutdownAbort *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetShutdownAbort);
+}
diff --git a/source3/lib/netapi/sid.c b/source3/lib/netapi/sid.c
new file mode 100644
index 0000000..ba22374
--- /dev/null
+++ b/source3/lib/netapi/sid.c
@@ -0,0 +1,71 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "lib/netapi/netapi.h"
+#include "../libcli/security/security.h"
+
+/****************************************************************
+****************************************************************/
+
+int ConvertSidToStringSid(const struct domsid *sid,
+ char **sid_string)
+{
+ struct dom_sid_buf buf;
+
+ if (!sid || !sid_string) {
+ return false;
+ }
+
+ *sid_string = SMB_STRDUP(
+ dom_sid_str_buf((const struct dom_sid *)sid, &buf));
+
+ if (!*sid_string) {
+ return false;
+ }
+
+ return true;
+}
+
+/****************************************************************
+****************************************************************/
+
+int ConvertStringSidToSid(const char *sid_string,
+ struct domsid **sid)
+{
+ struct dom_sid _sid;
+
+ if (!sid_string || !sid) {
+ return false;
+ }
+
+ if (!string_to_sid(&_sid, sid_string)) {
+ return false;
+ }
+
+ *sid = (struct domsid *)SMB_MALLOC(sizeof(struct domsid));
+ if (!*sid) {
+ return false;
+ }
+
+ sid_copy((struct dom_sid*)*sid, &_sid);
+
+ return true;
+}
diff --git a/source3/lib/netapi/tests/common.c b/source3/lib/netapi/tests/common.c
new file mode 100644
index 0000000..a01a870
--- /dev/null
+++ b/source3/lib/netapi/tests/common.c
@@ -0,0 +1,116 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <inttypes.h>
+
+#include <popt.h>
+#include <netapi.h>
+
+#include "common.h"
+
+void popt_common_callback(poptContext con,
+ enum poptCallbackReason reason,
+ const struct poptOption *opt,
+ const char *arg, const void *data)
+{
+ struct libnetapi_ctx *ctx = NULL;
+
+ libnetapi_getctx(&ctx);
+
+ if (reason == POPT_CALLBACK_REASON_PRE) {
+ }
+
+ if (reason == POPT_CALLBACK_REASON_POST) {
+ }
+
+ if (!opt) {
+ return;
+ }
+ switch (opt->val) {
+ case 'U': {
+ char *puser = strdup(arg);
+ char *p = NULL;
+
+ if ((p = strchr(puser,'%'))) {
+ size_t len;
+ *p = 0;
+ libnetapi_set_username(ctx, puser);
+ libnetapi_set_password(ctx, p+1);
+ len = strlen(p+1);
+ memset(strchr(arg,'%')+1,'X',len);
+ } else {
+ libnetapi_set_username(ctx, puser);
+ }
+ free(puser);
+ break;
+ }
+ case 'd':
+ libnetapi_set_debuglevel(ctx, arg);
+ break;
+ case 'p':
+ libnetapi_set_password(ctx, arg);
+ break;
+ case 'k':
+ libnetapi_set_use_kerberos(ctx);
+ break;
+ }
+}
+
+struct poptOption popt_common_netapi_examples[] = {
+ {
+ .argInfo = POPT_ARG_CALLBACK|POPT_CBFLAG_PRE|POPT_CBFLAG_POST,
+ .arg = (void *)popt_common_callback,
+ },
+ {
+ .longName = "user",
+ .shortName = 'U',
+ .argInfo = POPT_ARG_STRING,
+ .val = 'U',
+ .descrip = "Username used for connection",
+ .argDescrip = "USERNAME",
+ },
+ {
+ .longName = "password",
+ .shortName = 'p',
+ .argInfo = POPT_ARG_STRING,
+ .val = 'p',
+ .descrip = "Password used for connection",
+ .argDescrip = "PASSWORD",
+ },
+ {
+ .longName = "debuglevel",
+ .shortName = 'd',
+ .argInfo = POPT_ARG_STRING,
+ .val = 'd',
+ .descrip = "Debuglevel",
+ .argDescrip = "DEBUGLEVEL",
+ },
+ {
+ .longName = "kerberos",
+ .shortName = 'k',
+ .argInfo = POPT_ARG_NONE,
+ .val = 'k',
+ .descrip = "Use Kerberos",
+ },
+ POPT_TABLEEND
+};
+
diff --git a/source3/lib/netapi/tests/common.h b/source3/lib/netapi/tests/common.h
new file mode 100644
index 0000000..be1a2e4
--- /dev/null
+++ b/source3/lib/netapi/tests/common.h
@@ -0,0 +1,67 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <popt.h>
+
+void popt_common_callback(poptContext con,
+ enum poptCallbackReason reason,
+ const struct poptOption *opt,
+ const char *arg, const void *data);
+
+extern struct poptOption popt_common_netapi_examples[];
+
+#define POPT_COMMON_LIBNETAPI_EXAMPLES { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_netapi_examples, 0, "Common samba netapi example options:", NULL },
+
+#ifndef POPT_TABLEEND
+#define POPT_TABLEEND { NULL, '\0', 0, 0, 0, NULL, NULL }
+#endif
+
+NET_API_STATUS test_netuseradd(const char *hostname,
+ const char *username);
+
+NET_API_STATUS netapitest_localgroup(struct libnetapi_ctx *ctx,
+ const char *hostname);
+NET_API_STATUS netapitest_user(struct libnetapi_ctx *ctx,
+ const char *hostname);
+NET_API_STATUS netapitest_group(struct libnetapi_ctx *ctx,
+ const char *hostname);
+NET_API_STATUS netapitest_display(struct libnetapi_ctx *ctx,
+ const char *hostname);
+NET_API_STATUS netapitest_share(struct libnetapi_ctx *ctx,
+ const char *hostname);
+NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx,
+ const char *hostname);
+NET_API_STATUS netapitest_server(struct libnetapi_ctx *ctx,
+ const char *hostname);
+NET_API_STATUS netapitest_wksta(struct libnetapi_ctx *ctx,
+ const char *hostname);
+
+#ifndef ARRAY_SIZE
+#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
+#endif
+
+#define NETAPI_STATUS(x,y,fn) \
+ printf("FAILURE: line %d: %s failed with status: %s (%d)\n", \
+ __LINE__, fn, libnetapi_get_error_string(x,y), y);
+
+#define NETAPI_STATUS_MSG(x,y,fn,z) \
+ printf("FAILURE: line %d: %s failed with status: %s (%d), %s\n", \
+ __LINE__, fn, libnetapi_get_error_string(x,y), y, z);
+
+#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
diff --git a/source3/lib/netapi/tests/netapitest.c b/source3/lib/netapi/tests/netapitest.c
new file mode 100644
index 0000000..fd367bd
--- /dev/null
+++ b/source3/lib/netapi/tests/netapitest.c
@@ -0,0 +1,112 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+int main(int argc, const char **argv)
+{
+ NET_API_STATUS status = 0;
+ struct libnetapi_ctx *ctx = NULL;
+ const char *hostname = NULL;
+
+ poptContext pc;
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ POPT_COMMON_LIBNETAPI_EXAMPLES
+ POPT_TABLEEND
+ };
+
+ status = libnetapi_init(&ctx);
+ if (status != 0) {
+ return status;
+ }
+
+ pc = poptGetContext("netapitest", argc, argv, long_options, 0);
+
+ poptSetOtherOptionHelp(pc, "hostname");
+ while((opt = poptGetNextOpt(pc)) != -1) {
+ }
+
+ if (!poptPeekArg(pc)) {
+ poptPrintHelp(pc, stderr, 0);
+ goto out;
+ }
+ hostname = poptGetArg(pc);
+
+ status = netapitest_localgroup(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = netapitest_user(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = netapitest_group(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = netapitest_display(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = netapitest_share(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = netapitest_file(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = netapitest_server(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = netapitest_wksta(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ out:
+ if (status != 0) {
+ printf("testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ libnetapi_free(ctx);
+ poptFreeContext(pc);
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netdisplay.c b/source3/lib/netapi/tests/netdisplay.c
new file mode 100644
index 0000000..d7967fa
--- /dev/null
+++ b/source3/lib/netapi/tests/netdisplay.c
@@ -0,0 +1,150 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroup testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+static NET_API_STATUS test_netquerydisplayinformation(const char *hostname,
+ uint32_t level,
+ const char *name)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ int found_name = 0;
+ const char *current_name;
+ uint8_t *buffer = NULL;
+ uint32_t idx = 0;
+ int i;
+
+ struct NET_DISPLAY_USER *user = NULL;
+ struct NET_DISPLAY_GROUP *group = NULL;
+ struct NET_DISPLAY_MACHINE *machine = NULL;
+
+ printf("testing NetQueryDisplayInformation level %d\n", level);
+
+ do {
+ status = NetQueryDisplayInformation(hostname,
+ level,
+ idx,
+ 1000,
+ (uint32_t)-1,
+ &entries_read,
+ (void **)&buffer);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ switch (level) {
+ case 1:
+ user = (struct NET_DISPLAY_USER *)buffer;
+ break;
+ case 2:
+ machine = (struct NET_DISPLAY_MACHINE *)buffer;
+ break;
+ case 3:
+ group = (struct NET_DISPLAY_GROUP *)buffer;
+ break;
+ default:
+ return -1;
+ }
+
+ for (i=0; i<entries_read; i++) {
+
+ switch (level) {
+ case 1:
+ current_name = user->usri1_name;
+ break;
+ case 2:
+ current_name = machine->usri2_name;
+ break;
+ case 3:
+ current_name = group->grpi3_name;
+ break;
+ default:
+ break;
+ }
+
+ if (name && strcasecmp(current_name, name) == 0) {
+ found_name = 1;
+ }
+
+ switch (level) {
+ case 1:
+ user++;
+ break;
+ case 2:
+ machine++;
+ break;
+ case 3:
+ group++;
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ idx += entries_read;
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ if (name && !found_name) {
+ printf("failed to get name\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+NET_API_STATUS netapitest_display(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ uint32_t levels[] = { 1, 2, 3};
+ int i;
+
+ printf("NetDisplay tests\n");
+
+ /* test enum */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+ status = test_netquerydisplayinformation(hostname, levels[i], NULL);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetQueryDisplayInformation");
+ goto out;
+ }
+ }
+
+ status = 0;
+
+ printf("NetDisplay tests succeeded\n");
+ out:
+ if (status != 0) {
+ printf("NetDisplay testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netfile.c b/source3/lib/netapi/tests/netfile.c
new file mode 100644
index 0000000..87aff02
--- /dev/null
+++ b/source3/lib/netapi/tests/netfile.c
@@ -0,0 +1,138 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetFile testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+static NET_API_STATUS test_netfileenum(const char *hostname,
+ uint32_t level)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ uint8_t *buffer = NULL;
+ int i;
+
+ printf("testing NetFileEnum level %d\n", level);
+
+ do {
+ status = NetFileEnum(hostname,
+ NULL,
+ NULL,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ switch (level) {
+ case 2:
+ break;
+ case 3:
+ break;
+ default:
+ return -1;
+ }
+
+ for (i=0; i<entries_read; i++) {
+
+ switch (level) {
+ case 2:
+ case 3:
+ break;
+ default:
+ break;
+ }
+
+ switch (level) {
+ case 2:
+ break;
+ case 3:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ return 0;
+}
+
+NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ uint32_t enum_levels[] = { 2, 3 };
+ int i;
+
+ printf("NetFile tests\n");
+
+ /* test enum */
+
+ for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+ status = test_netfileenum(hostname, enum_levels[i]);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetFileEnum");
+ goto out;
+ }
+ }
+
+ /* basic queries */
+#if 0
+ {
+ uint32_t levels[] = { 2, 3 };
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+ uint8_t *buffer = NULL;
+
+ printf("testing NetFileGetInfo level %d\n", levels[i]);
+
+ status = NetFileGetInfo(hostname, fid, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetFileGetInfo");
+ goto out;
+ }
+ }
+ }
+#endif
+
+ status = 0;
+
+ printf("NetFile tests succeeded\n");
+ out:
+ if (status != 0) {
+ printf("NetFile testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netgroup.c b/source3/lib/netapi/tests/netgroup.c
new file mode 100644
index 0000000..5180c49
--- /dev/null
+++ b/source3/lib/netapi/tests/netgroup.c
@@ -0,0 +1,503 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetGroup testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+static NET_API_STATUS test_netgroupenum(const char *hostname,
+ uint32_t level,
+ const char *groupname)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int found_group = 0;
+ const char *current_name = NULL;
+ uint8_t *buffer = NULL;
+ int i;
+
+ struct GROUP_INFO_0 *info0 = NULL;
+ struct GROUP_INFO_1 *info1 = NULL;
+ struct GROUP_INFO_2 *info2 = NULL;
+ struct GROUP_INFO_3 *info3 = NULL;
+
+ printf("testing NetGroupEnum level %d\n", level);
+
+ do {
+ status = NetGroupEnum(hostname,
+ level,
+ &buffer,
+ 120, /*(uint32_t)-1, */
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ switch (level) {
+ case 0:
+ info0 = (struct GROUP_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct GROUP_INFO_1 *)buffer;
+ break;
+ case 2:
+ info2 = (struct GROUP_INFO_2 *)buffer;
+ break;
+ case 3:
+ info3 = (struct GROUP_INFO_3 *)buffer;
+ break;
+ default:
+ return -1;
+ }
+
+ for (i=0; i<entries_read; i++) {
+
+ switch (level) {
+ case 0:
+ current_name = info0->grpi0_name;
+ break;
+ case 1:
+ current_name = info1->grpi1_name;
+ break;
+ case 2:
+ current_name = info2->grpi2_name;
+ break;
+ case 3:
+ current_name = info3->grpi3_name;
+ break;
+ default:
+ break;
+ }
+
+ if (strcasecmp(current_name, groupname) == 0) {
+ found_group = 1;
+ }
+
+ switch (level) {
+ case 0:
+ info0++;
+ break;
+ case 1:
+ info1++;
+ break;
+ case 2:
+ info2++;
+ break;
+ case 3:
+ info3++;
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ if (!found_group) {
+ printf("failed to get group\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static NET_API_STATUS test_netgroupgetusers(const char *hostname,
+ uint32_t level,
+ const char *groupname,
+ const char *username)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int found_user = 0;
+ const char *current_name = NULL;
+ uint8_t *buffer = NULL;
+ int i;
+
+ struct GROUP_USERS_INFO_0 *info0 = NULL;
+ struct GROUP_USERS_INFO_1 *info1 = NULL;
+
+ printf("testing NetGroupGetUsers level %d\n", level);
+
+ do {
+ status = NetGroupGetUsers(hostname,
+ groupname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+
+ switch (level) {
+ case 0:
+ info0 = (struct GROUP_USERS_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct GROUP_USERS_INFO_1 *)buffer;
+ break;
+ default:
+ break;
+ }
+ for (i=0; i<entries_read; i++) {
+ switch (level) {
+ case 0:
+ current_name = info0->grui0_name;
+ break;
+ case 1:
+ current_name = info1->grui1_name;
+ break;
+ default:
+ break;
+ }
+
+ if (username && strcasecmp(current_name, username) == 0) {
+ found_user = 1;
+ }
+
+ switch (level) {
+ case 0:
+ info0++;
+ break;
+ case 1:
+ info1++;
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ if (username && !found_user) {
+ printf("failed to get user\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static NET_API_STATUS test_netgroupsetusers(const char *hostname,
+ const char *groupname,
+ uint32_t level,
+ size_t num_entries,
+ const char **names)
+{
+ NET_API_STATUS status;
+ uint8_t *buffer = NULL;
+ int i = 0;
+ size_t buf_size = 0;
+
+ struct GROUP_USERS_INFO_0 *g0 = NULL;
+ struct GROUP_USERS_INFO_1 *g1 = NULL;
+
+ printf("testing NetGroupSetUsers level %d\n", level);
+
+ switch (level) {
+ case 0:
+ buf_size = sizeof(struct GROUP_USERS_INFO_0) * num_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g0);
+ if (status) {
+ goto out;
+ }
+
+ for (i=0; i<num_entries; i++) {
+ g0[i].grui0_name = names[i];
+ }
+
+ buffer = (uint8_t *)g0;
+ break;
+ case 1:
+ buf_size = sizeof(struct GROUP_USERS_INFO_1) * num_entries;
+
+ status = NetApiBufferAllocate(buf_size, (void **)&g1);
+ if (status) {
+ goto out;
+ }
+
+ for (i=0; i<num_entries; i++) {
+ g1[i].grui1_name = names[i];
+ }
+
+ buffer = (uint8_t *)g1;
+ break;
+ default:
+ break;
+ }
+
+ /* NetGroupSetUsers */
+
+ status = NetGroupSetUsers(hostname,
+ groupname,
+ level,
+ buffer,
+ num_entries);
+ if (status) {
+ goto out;
+ }
+
+ out:
+ NetApiBufferFree(buffer);
+ return status;
+}
+
+NET_API_STATUS netapitest_group(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ const char *username, *groupname, *groupname2;
+ uint8_t *buffer = NULL;
+ struct GROUP_INFO_0 g0;
+ uint32_t parm_err = 0;
+ uint32_t levels[] = { 0, 1, 2, 3};
+ uint32_t enum_levels[] = { 0, 1, 2, 3};
+ uint32_t getmem_levels[] = { 0, 1};
+ int i;
+
+ printf("NetGroup tests\n");
+
+ username = "torture_test_user";
+ groupname = "torture_test_group";
+ groupname2 = "torture_test_group2";
+
+ /* cleanup */
+ NetGroupDel(hostname, groupname);
+ NetGroupDel(hostname, groupname2);
+ NetUserDel(hostname, username);
+
+ /* add a group */
+
+ g0.grpi0_name = groupname;
+
+ printf("testing NetGroupAdd\n");
+
+ status = NetGroupAdd(hostname, 0, (uint8_t *)&g0, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupAdd");
+ goto out;
+ }
+
+ /* 2nd add must fail */
+
+ status = NetGroupAdd(hostname, 0, (uint8_t *)&g0, &parm_err);
+ if (status == 0) {
+ NETAPI_STATUS(ctx, status, "NetGroupAdd");
+ goto out;
+ }
+
+ /* test enum */
+
+ for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+ status = test_netgroupenum(hostname, enum_levels[i], groupname);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupEnum");
+ goto out;
+ }
+ }
+
+ /* basic queries */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+ printf("testing NetGroupGetInfo level %d\n", levels[i]);
+
+ status = NetGroupGetInfo(hostname, groupname, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetGroupGetInfo");
+ goto out;
+ }
+ }
+
+ /* group rename */
+
+ g0.grpi0_name = groupname2;
+
+ printf("testing NetGroupSetInfo level 0\n");
+
+ status = NetGroupSetInfo(hostname, groupname, 0, (uint8_t *)&g0, &parm_err);
+ switch ((int)status) {
+ case 0:
+ break;
+ case 50: /* not supported */
+ case 124: /* not implemented */
+ groupname2 = groupname;
+ goto skip_rename;
+ default:
+ NETAPI_STATUS(ctx, status, "NetGroupSetInfo");
+ goto out;
+ }
+
+ /* should not exist anymore */
+
+ status = NetGroupDel(hostname, groupname);
+ if (status == 0) {
+ NETAPI_STATUS(ctx, status, "NetGroupDel");
+ goto out;
+ }
+
+ skip_rename:
+ /* query info */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+ status = NetGroupGetInfo(hostname, groupname2, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetGroupGetInfo");
+ goto out;
+ }
+ }
+
+ /* add user to group */
+
+ status = test_netuseradd(hostname, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserAdd");
+ goto out;
+ }
+
+ /* should not be member */
+
+ for (i=0; i<ARRAY_SIZE(getmem_levels); i++) {
+
+ status = test_netgroupgetusers(hostname, getmem_levels[i], groupname2, NULL);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupGetUsers");
+ goto out;
+ }
+ }
+
+ printf("testing NetGroupAddUser\n");
+
+ status = NetGroupAddUser(hostname, groupname2, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupAddUser");
+ goto out;
+ }
+
+ /* should be member */
+
+ for (i=0; i<ARRAY_SIZE(getmem_levels); i++) {
+
+ status = test_netgroupgetusers(hostname, getmem_levels[i], groupname2, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupGetUsers");
+ goto out;
+ }
+ }
+
+ printf("testing NetGroupDelUser\n");
+
+ status = NetGroupDelUser(hostname, groupname2, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupDelUser");
+ goto out;
+ }
+
+ /* should not be member */
+
+ status = test_netgroupgetusers(hostname, 0, groupname2, NULL);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupGetUsers");
+ goto out;
+ }
+
+ /* set it again via explicit member set */
+
+ status = test_netgroupsetusers(hostname, groupname2, 0, 1, &username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupSetUsers");
+ goto out;
+ }
+
+ /* should be member */
+
+ status = test_netgroupgetusers(hostname, 0, groupname2, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupGetUsers");
+ goto out;
+ }
+#if 0
+ /* wipe out member list */
+
+ status = test_netgroupsetusers(hostname, groupname2, 0, 0, NULL);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupSetUsers");
+ goto out;
+ }
+
+ /* should not be member */
+
+ status = test_netgroupgetusers(hostname, 0, groupname2, NULL);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupGetUsers");
+ goto out;
+ }
+#endif
+ status = NetUserDel(hostname, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserDel");
+ goto out;
+ }
+
+ /* delete */
+
+ printf("testing NetGroupDel\n");
+
+ status = NetGroupDel(hostname, groupname2);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetGroupDel");
+ goto out;
+ };
+
+ /* should not exist anymore */
+
+ status = NetGroupGetInfo(hostname, groupname2, 0, &buffer);
+ if (status == 0) {
+ NETAPI_STATUS_MSG(ctx, status, "NetGroupGetInfo", "expected failure and error code");
+ goto out;
+ };
+
+ status = 0;
+
+ printf("NetGroup tests succeeded\n");
+ out:
+ if (status != 0) {
+ printf("NetGroup testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netlocalgroup.c b/source3/lib/netapi/tests/netlocalgroup.c
new file mode 100644
index 0000000..76c59c8
--- /dev/null
+++ b/source3/lib/netapi/tests/netlocalgroup.c
@@ -0,0 +1,226 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetLocalGroup testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+static NET_API_STATUS test_netlocalgroupenum(const char *hostname,
+ uint32_t level,
+ const char *groupname)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int found_group = 0;
+ const char *current_name = NULL;
+ uint8_t *buffer = NULL;
+ int i;
+
+ struct LOCALGROUP_INFO_0 *info0 = NULL;
+ struct LOCALGROUP_INFO_1 *info1 = NULL;
+
+ printf("testing NetLocalGroupEnum level %d\n", level);
+
+ do {
+ status = NetLocalGroupEnum(hostname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ switch (level) {
+ case 0:
+ info0 = (struct LOCALGROUP_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct LOCALGROUP_INFO_1 *)buffer;
+ break;
+ default:
+ return -1;
+ }
+
+ for (i=0; i<entries_read; i++) {
+
+ switch (level) {
+ case 0:
+ current_name = info0->lgrpi0_name;
+ break;
+ case 1:
+ current_name = info1->lgrpi1_name;
+ break;
+ default:
+ break;
+ }
+
+ if (strcasecmp(current_name, groupname) == 0) {
+ found_group = 1;
+ }
+
+ switch (level) {
+ case 0:
+ info0++;
+ break;
+ case 1:
+ info1++;
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ if (!found_group) {
+ printf("failed to get group\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+NET_API_STATUS netapitest_localgroup(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ const char *groupname, *groupname2;
+ uint8_t *buffer = NULL;
+ struct LOCALGROUP_INFO_0 g0;
+ uint32_t parm_err = 0;
+ uint32_t levels[] = { 0, 1, 1002 };
+ uint32_t enum_levels[] = { 0, 1 };
+ int i;
+
+ printf("NetLocalgroup tests\n");
+
+ groupname = "torture_test_localgroup";
+ groupname2 = "torture_test_localgroup2";
+
+ /* cleanup */
+ NetLocalGroupDel(hostname, groupname);
+ NetLocalGroupDel(hostname, groupname2);
+
+ /* add a localgroup */
+
+ printf("testing NetLocalGroupAdd\n");
+
+ g0.lgrpi0_name = groupname;
+
+ status = NetLocalGroupAdd(hostname, 0, (uint8_t *)&g0, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupAdd");
+ goto out;
+ };
+
+ /* test enum */
+
+ for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+ status = test_netlocalgroupenum(hostname, enum_levels[i], groupname);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupEnum");
+ goto out;
+ }
+ }
+
+
+ /* basic queries */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+ printf("testing NetLocalGroupGetInfo level %d\n", levels[i]);
+
+ status = NetLocalGroupGetInfo(hostname, groupname, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupGetInfo");
+ goto out;
+ };
+ }
+
+ /* alias rename */
+
+ printf("testing NetLocalGroupSetInfo level 0\n");
+
+ g0.lgrpi0_name = groupname2;
+
+ status = NetLocalGroupSetInfo(hostname, groupname, 0, (uint8_t *)&g0, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupSetInfo");
+ goto out;
+ };
+
+ /* should not exist anymore */
+
+ status = NetLocalGroupDel(hostname, groupname);
+ if (status == 0) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupDel");
+ goto out;
+ };
+
+ /* query info */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+ status = NetLocalGroupGetInfo(hostname, groupname2, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupGetInfo");
+ goto out;
+ };
+ }
+
+ /* delete */
+
+ printf("testing NetLocalGroupDel\n");
+
+ status = NetLocalGroupDel(hostname, groupname2);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupDel");
+ goto out;
+ };
+
+ /* should not exist anymore */
+
+ status = NetLocalGroupGetInfo(hostname, groupname2, 0, &buffer);
+ if (status == 0) {
+ NETAPI_STATUS(ctx, status, "NetLocalGroupGetInfo");
+ goto out;
+ };
+
+ status = 0;
+
+ printf("NetLocalgroup tests succeeded\n");
+ out:
+ if (status != 0) {
+ printf("NetLocalGroup testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netserver.c b/source3/lib/netapi/tests/netserver.c
new file mode 100644
index 0000000..f7b9286
--- /dev/null
+++ b/source3/lib/netapi/tests/netserver.c
@@ -0,0 +1,61 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetServer testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+NET_API_STATUS netapitest_server(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ uint32_t levels[] = { 100, 101, 102, 402, 403, 502, 503, 1005 };
+ int i;
+
+ printf("NetServer tests\n");
+
+ /* basic queries */
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+ uint8_t *buffer = NULL;
+ printf("testing NetServerGetInfo level %d\n", levels[i]);
+
+ status = NetServerGetInfo(hostname, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetServerGetInfo");
+ goto out;
+ }
+ }
+
+ status = 0;
+
+ printf("NetServer tests succeeded\n");
+ out:
+ if (status != 0) {
+ printf("NetServer testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netshare.c b/source3/lib/netapi/tests/netshare.c
new file mode 100644
index 0000000..a518ce9
--- /dev/null
+++ b/source3/lib/netapi/tests/netshare.c
@@ -0,0 +1,250 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetShare testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+static NET_API_STATUS test_netshareenum(const char *hostname,
+ uint32_t level,
+ const char *sharename)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ int found_share = 0;
+ const char *current_name = NULL;
+ uint8_t *buffer = NULL;
+ int i;
+
+ struct SHARE_INFO_0 *i0 = NULL;
+ struct SHARE_INFO_1 *i1 = NULL;
+ struct SHARE_INFO_2 *i2 = NULL;
+
+ printf("testing NetShareEnum level %d\n", level);
+
+ do {
+ status = NetShareEnum(hostname,
+ level,
+ &buffer,
+ (uint32_t)-1,
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ switch (level) {
+ case 0:
+ i0 = (struct SHARE_INFO_0 *)buffer;
+ break;
+ case 1:
+ i1 = (struct SHARE_INFO_1 *)buffer;
+ break;
+ case 2:
+ i2 = (struct SHARE_INFO_2 *)buffer;
+ break;
+ default:
+ return -1;
+ }
+
+ for (i=0; i<entries_read; i++) {
+
+ switch (level) {
+ case 0:
+ current_name = i0->shi0_netname;
+ break;
+ case 1:
+ current_name = i1->shi1_netname;
+ break;
+ case 2:
+ current_name = i2->shi2_netname;
+ break;
+ default:
+ break;
+ }
+
+ if (strcasecmp(current_name, sharename) == 0) {
+ found_share = 1;
+ }
+
+ switch (level) {
+ case 0:
+ i0++;
+ break;
+ case 1:
+ i1++;
+ break;
+ case 2:
+ i2++;
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ if (!found_share) {
+ printf("failed to get share\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+NET_API_STATUS netapitest_share(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ const char *sharename, *comment;
+ uint8_t *buffer = NULL;
+ struct SHARE_INFO_2 i2;
+ struct SHARE_INFO_502 i502;
+ struct SHARE_INFO_1004 i1004;
+ struct SHARE_INFO_501 *i501 = NULL;
+ uint32_t parm_err = 0;
+ uint32_t levels[] = { 0, 1, 2, 501, 1005 };
+ uint32_t enum_levels[] = { 0, 1, 2 };
+ int i;
+
+ printf("NetShare tests\n");
+
+ sharename = "torture_test_share";
+
+ /* cleanup */
+ NetShareDel(hostname, sharename, 0);
+
+ /* add a share */
+
+ printf("testing NetShareAdd\n");
+
+ ZERO_STRUCT(i502);
+
+ i502.shi502_netname = sharename;
+ i502.shi502_path = "c:\\";
+
+ status = NetShareAdd(hostname, 502, (uint8_t *)&i502, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetShareAdd");
+ goto out;
+ };
+
+ status = NetShareDel(hostname, sharename, 0);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetShareDel");
+ goto out;
+ };
+
+ ZERO_STRUCT(i2);
+
+ i2.shi2_netname = sharename;
+ i2.shi2_path = "c:\\";
+
+ status = NetShareAdd(hostname, 2, (uint8_t *)&i2, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetShareAdd");
+ goto out;
+ };
+
+ /* test enum */
+
+ for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+ status = test_netshareenum(hostname, enum_levels[i], sharename);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetShareEnum");
+ goto out;
+ }
+ }
+
+ /* basic queries */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+ printf("testing NetShareGetInfo level %d\n", levels[i]);
+
+ status = NetShareGetInfo(hostname, sharename, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetShareGetInfo");
+ goto out;
+ }
+ }
+
+
+ comment = "NetApi generated comment";
+
+ i1004.shi1004_remark = comment;
+
+ printf("testing NetShareSetInfo level 1004\n");
+
+ status = NetShareSetInfo(hostname, sharename, 1004, (uint8_t *)&i1004, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetShareSetInfo");
+ goto out;
+ }
+
+ status = NetShareGetInfo(hostname, sharename, 501, (uint8_t **)&i501);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetShareGetInfo");
+ goto out;
+ }
+
+ if (strcasecmp(i501->shi501_remark, comment) != 0) {
+ NETAPI_STATUS(ctx, status, "NetShareGetInfo");
+ goto out;
+ }
+
+ /* delete */
+
+ printf("testing NetShareDel\n");
+
+ status = NetShareDel(hostname, sharename, 0);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetShareDel");
+ goto out;
+ };
+
+ /* should not exist anymore */
+
+ status = NetShareGetInfo(hostname, sharename, 0, &buffer);
+ if (status == 0) {
+ NETAPI_STATUS(ctx, status, "NetShareGetInfo");
+ goto out;
+ };
+
+ status = 0;
+
+ printf("NetShare tests succeeded\n");
+ out:
+ if (status != 0) {
+ printf("NetShare testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netuser.c b/source3/lib/netapi/tests/netuser.c
new file mode 100644
index 0000000..ad2bb53
--- /dev/null
+++ b/source3/lib/netapi/tests/netuser.c
@@ -0,0 +1,462 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetUser testsuite
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+static NET_API_STATUS test_netuserenum(const char *hostname,
+ uint32_t level,
+ const char *username)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ uint32_t resume_handle = 0;
+ const char *current_name = NULL;
+ int found_user = 0;
+ uint8_t *buffer = NULL;
+ int i;
+
+ struct USER_INFO_0 *info0 = NULL;
+ struct USER_INFO_1 *info1 = NULL;
+ struct USER_INFO_2 *info2 = NULL;
+ struct USER_INFO_3 *info3 = NULL;
+ struct USER_INFO_4 *info4 = NULL;
+ struct USER_INFO_10 *info10 = NULL;
+ struct USER_INFO_11 *info11 = NULL;
+ struct USER_INFO_20 *info20 = NULL;
+ struct USER_INFO_23 *info23 = NULL;
+
+ printf("testing NetUserEnum level %d\n", level);
+
+ do {
+ status = NetUserEnum(hostname,
+ level,
+ FILTER_NORMAL_ACCOUNT,
+ &buffer,
+ 120, /*(uint32_t)-1, */
+ &entries_read,
+ &total_entries,
+ &resume_handle);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ switch (level) {
+ case 0:
+ info0 = (struct USER_INFO_0 *)buffer;
+ break;
+ case 1:
+ info1 = (struct USER_INFO_1 *)buffer;
+ break;
+ case 2:
+ info2 = (struct USER_INFO_2 *)buffer;
+ break;
+ case 3:
+ info3 = (struct USER_INFO_3 *)buffer;
+ break;
+ case 4:
+ info4 = (struct USER_INFO_4 *)buffer;
+ break;
+ case 10:
+ info10 = (struct USER_INFO_10 *)buffer;
+ break;
+ case 11:
+ info11 = (struct USER_INFO_11 *)buffer;
+ break;
+ case 20:
+ info20 = (struct USER_INFO_20 *)buffer;
+ break;
+ case 23:
+ info23 = (struct USER_INFO_23 *)buffer;
+ break;
+ default:
+ return -1;
+ }
+
+ for (i=0; i<entries_read; i++) {
+
+ switch (level) {
+ case 0:
+ current_name = info0->usri0_name;
+ break;
+ case 1:
+ current_name = info1->usri1_name;
+ break;
+ case 2:
+ current_name = info2->usri2_name;
+ break;
+ case 3:
+ current_name = info3->usri3_name;
+ break;
+ case 4:
+ current_name = info4->usri4_name;
+ break;
+ case 10:
+ current_name = info10->usri10_name;
+ break;
+ case 11:
+ current_name = info11->usri11_name;
+ break;
+ case 20:
+ current_name = info20->usri20_name;
+ break;
+ case 23:
+ current_name = info23->usri23_name;
+ break;
+ default:
+ return -1;
+ }
+
+ if (strcasecmp(current_name, username) == 0) {
+ found_user = 1;
+ }
+
+ switch (level) {
+ case 0:
+ info0++;
+ break;
+ case 1:
+ info1++;
+ break;
+ case 2:
+ info2++;
+ break;
+ case 3:
+ info3++;
+ break;
+ case 4:
+ info4++;
+ break;
+ case 10:
+ info10++;
+ break;
+ case 11:
+ info11++;
+ break;
+ case 20:
+ info20++;
+ break;
+ case 23:
+ info23++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ if (!found_user) {
+ printf("failed to get user\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+NET_API_STATUS test_netuseradd(const char *hostname,
+ const char *username)
+{
+ struct USER_INFO_1 u1;
+ uint32_t parm_err = 0;
+
+ ZERO_STRUCT(u1);
+
+ printf("testing NetUserAdd\n");
+
+ u1.usri1_name = username;
+ u1.usri1_password = "W297!832jD8J";
+ u1.usri1_password_age = 0;
+ u1.usri1_priv = 0;
+ u1.usri1_home_dir = NULL;
+ u1.usri1_comment = "User created using Samba NetApi Example code";
+ u1.usri1_flags = 0;
+ u1.usri1_script_path = NULL;
+
+ return NetUserAdd(hostname, 1, (uint8_t *)&u1, &parm_err);
+}
+
+static NET_API_STATUS test_netusermodals(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status;
+ struct USER_MODALS_INFO_0 *u0 = NULL;
+ struct USER_MODALS_INFO_0 *_u0 = NULL;
+ uint8_t *buffer = NULL;
+ uint32_t parm_err = 0;
+ uint32_t levels[] = { 0, 1, 2, 3 };
+ int i = 0;
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+ printf("testing NetUserModalsGet level %d\n", levels[i]);
+
+ status = NetUserModalsGet(hostname, levels[i], &buffer);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserModalsGet");
+ return status;
+ }
+ }
+
+ status = NetUserModalsGet(hostname, 0, (uint8_t **)&u0);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserModalsGet");
+ return status;
+ }
+
+ printf("testing NetUserModalsSet\n");
+
+ status = NetUserModalsSet(hostname, 0, (uint8_t *)u0, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserModalsSet");
+ return status;
+ }
+
+ status = NetUserModalsGet(hostname, 0, (uint8_t **)&_u0);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserModalsGet");
+ return status;
+ }
+
+ if (memcmp(u0, _u0, sizeof(*u0)) != 0) {
+ printf("USER_MODALS_INFO_0 struct has changed!!!!\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+static NET_API_STATUS test_netusergetgroups(const char *hostname,
+ uint32_t level,
+ const char *username,
+ const char *groupname)
+{
+ NET_API_STATUS status;
+ uint32_t entries_read = 0;
+ uint32_t total_entries = 0;
+ const char *current_name;
+ int found_group = 0;
+ uint8_t *buffer = NULL;
+ int i;
+
+ struct GROUP_USERS_INFO_0 *i0 = NULL;
+ struct GROUP_USERS_INFO_1 *i1 = NULL;
+
+ printf("testing NetUserGetGroups level %d\n", level);
+
+ do {
+ status = NetUserGetGroups(hostname,
+ username,
+ level,
+ &buffer,
+ 120, /*(uint32_t)-1, */
+ &entries_read,
+ &total_entries);
+ if (status == 0 || status == ERROR_MORE_DATA) {
+ switch (level) {
+ case 0:
+ i0 = (struct GROUP_USERS_INFO_0 *)buffer;
+ break;
+ case 1:
+ i1 = (struct GROUP_USERS_INFO_1 *)buffer;
+ break;
+ default:
+ return -1;
+ }
+
+ for (i=0; i<entries_read; i++) {
+
+ switch (level) {
+ case 0:
+ current_name = i0->grui0_name;
+ break;
+ case 1:
+ current_name = i1->grui1_name;
+ break;
+ default:
+ return -1;
+ }
+
+ if (groupname && strcasecmp(current_name, groupname) == 0) {
+ found_group = 1;
+ }
+
+ switch (level) {
+ case 0:
+ i0++;
+ break;
+ case 1:
+ i1++;
+ break;
+ default:
+ break;
+ }
+ }
+ NetApiBufferFree(buffer);
+ }
+ } while (status == ERROR_MORE_DATA);
+
+ if (status) {
+ return status;
+ }
+
+ if (groupname && !found_group) {
+ printf("failed to get membership\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+NET_API_STATUS netapitest_user(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ const char *username, *username2;
+ uint8_t *buffer = NULL;
+ uint32_t levels[] = { 0, 1, 2, 3, 4, 10, 11, 20, 23 };
+ uint32_t enum_levels[] = { 0, 1, 2, 3, 4, 10, 11, 20, 23 };
+ uint32_t getgr_levels[] = { 0, 1 };
+ int i;
+
+ struct USER_INFO_1007 u1007;
+ uint32_t parm_err = 0;
+
+ printf("NetUser tests\n");
+
+ username = "torture_test_user";
+ username2 = "torture_test_user2";
+
+ /* cleanup */
+ NetUserDel(hostname, username);
+ NetUserDel(hostname, username2);
+
+ /* add a user */
+
+ status = test_netuseradd(hostname, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserAdd");
+ goto out;
+ }
+
+ /* enum the new user */
+
+ for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+ status = test_netuserenum(hostname, enum_levels[i], username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserEnum");
+ goto out;
+ }
+ }
+
+ /* basic queries */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+ printf("testing NetUserGetInfo level %d\n", levels[i]);
+
+ status = NetUserGetInfo(hostname, username, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetUserGetInfo");
+ goto out;
+ }
+ }
+
+ /* testing getgroups */
+
+ for (i=0; i<ARRAY_SIZE(getgr_levels); i++) {
+
+ status = test_netusergetgroups(hostname, getgr_levels[i], username, NULL);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserGetGroups");
+ goto out;
+ }
+ }
+
+ /* modify description */
+
+ printf("testing NetUserSetInfo level %d\n", 1007);
+
+ u1007.usri1007_comment = "NetApi modified user";
+
+ status = NetUserSetInfo(hostname, username, 1007, (uint8_t *)&u1007, &parm_err);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserSetInfo");
+ goto out;
+ }
+
+ /* query info */
+
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+ status = NetUserGetInfo(hostname, username, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetUserGetInfo");
+ goto out;
+ }
+ }
+
+ /* delete */
+
+ printf("testing NetUserDel\n");
+
+ status = NetUserDel(hostname, username);
+ if (status) {
+ NETAPI_STATUS(ctx, status, "NetUserDel");
+ goto out;
+ }
+
+ /* should not exist anymore */
+
+ status = NetUserGetInfo(hostname, username, 0, &buffer);
+ if (status == 0) {
+ NETAPI_STATUS(ctx, status, "NetUserGetInfo");
+ goto out;
+ }
+
+ status = test_netusermodals(ctx, hostname);
+ if (status) {
+ goto out;
+ }
+
+ status = 0;
+
+ printf("NetUser tests succeeded\n");
+ out:
+ /* cleanup */
+ NetUserDel(hostname, username);
+ NetUserDel(hostname, username2);
+
+ if (status != 0) {
+ printf("NetUser testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/netwksta.c b/source3/lib/netapi/tests/netwksta.c
new file mode 100644
index 0000000..2c3f57f
--- /dev/null
+++ b/source3/lib/netapi/tests/netwksta.c
@@ -0,0 +1,62 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetWorkstation testsuite
+ * Copyright (C) Guenther Deschner 2008
+ * Copyright (C) Hans Leidekker 2013
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+NET_API_STATUS netapitest_wksta(struct libnetapi_ctx *ctx,
+ const char *hostname)
+{
+ NET_API_STATUS status = 0;
+ uint32_t levels[] = { 100, 101, 102 };
+ int i;
+
+ printf("NetWorkstation tests\n");
+
+ /* basic queries */
+ for (i=0; i<ARRAY_SIZE(levels); i++) {
+ uint8_t *buffer = NULL;
+ printf("testing NetWkstaGetInfo level %d\n", levels[i]);
+
+ status = NetWkstaGetInfo(hostname, levels[i], &buffer);
+ if (status && status != 124) {
+ NETAPI_STATUS(ctx, status, "NetWkstaGetInfo");
+ goto out;
+ }
+ }
+
+ status = 0;
+
+ printf("NetWorkstation tests succeeded\n");
+ out:
+ if (status != 0) {
+ printf("NetWorkstation testsuite failed with: %s\n",
+ libnetapi_get_error_string(ctx, status));
+ }
+
+ return status;
+}
diff --git a/source3/lib/netapi/tests/wscript_build b/source3/lib/netapi/tests/wscript_build
new file mode 100644
index 0000000..5e37297
--- /dev/null
+++ b/source3/lib/netapi/tests/wscript_build
@@ -0,0 +1,6 @@
+#!/usr/bin/env python
+
+bld.SAMBA_BINARY('netapitest',
+ source='netapitest.c netlocalgroup.c netuser.c netgroup.c netdisplay.c netshare.c netfile.c netserver.c netwksta.c common.c',
+ deps='netapi popt',
+ install=False)
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
new file mode 100644
index 0000000..a7f4c9d
--- /dev/null
+++ b/source3/lib/netapi/user.c
@@ -0,0 +1,3638 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi User Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
+#include "rpc_client/init_samr.h"
+#include "../libds/common/flags.h"
+#include "rpc_client/init_lsa.h"
+#include "../libcli/security/security.h"
+#include "../libds/common/flag_mapping.h"
+#include "rpc_client/cli_pipe.h"
+
+/****************************************************************
+****************************************************************/
+
+static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX,
+ struct samr_UserInfo21 *info21)
+{
+ uint32_t fields_present = 0;
+ struct samr_LogonHours zero_logon_hours;
+ struct lsa_BinaryString zero_parameters;
+ NTTIME password_age;
+
+ ZERO_STRUCTP(info21);
+ ZERO_STRUCT(zero_logon_hours);
+ ZERO_STRUCT(zero_parameters);
+
+ if (infoX->usriX_flags) {
+ fields_present |= SAMR_FIELD_ACCT_FLAGS;
+ }
+ if (infoX->usriX_name) {
+ fields_present |= SAMR_FIELD_ACCOUNT_NAME;
+ }
+ if (infoX->usriX_password) {
+ fields_present |= SAMR_FIELD_NT_PASSWORD_PRESENT;
+ }
+ if (infoX->usriX_flags) {
+ fields_present |= SAMR_FIELD_ACCT_FLAGS;
+ }
+ if (infoX->usriX_home_dir) {
+ fields_present |= SAMR_FIELD_HOME_DIRECTORY;
+ }
+ if (infoX->usriX_script_path) {
+ fields_present |= SAMR_FIELD_LOGON_SCRIPT;
+ }
+ if (infoX->usriX_comment) {
+ fields_present |= SAMR_FIELD_DESCRIPTION;
+ }
+ if (infoX->usriX_password_age) {
+ fields_present |= SAMR_FIELD_EXPIRED_FLAG;
+ }
+ if (infoX->usriX_full_name) {
+ fields_present |= SAMR_FIELD_FULL_NAME;
+ }
+ if (infoX->usriX_usr_comment) {
+ fields_present |= SAMR_FIELD_COMMENT;
+ }
+ if (infoX->usriX_profile) {
+ fields_present |= SAMR_FIELD_PROFILE_PATH;
+ }
+ if (infoX->usriX_home_dir_drive) {
+ fields_present |= SAMR_FIELD_HOME_DRIVE;
+ }
+ if (infoX->usriX_primary_group_id) {
+ fields_present |= SAMR_FIELD_PRIMARY_GID;
+ }
+ if (infoX->usriX_country_code) {
+ fields_present |= SAMR_FIELD_COUNTRY_CODE;
+ }
+ if (infoX->usriX_workstations) {
+ fields_present |= SAMR_FIELD_WORKSTATIONS;
+ }
+
+ unix_to_nt_time_abs(&password_age, infoX->usriX_password_age);
+
+ /* TODO: infoX->usriX_priv */
+
+ info21->last_logon = 0;
+ info21->last_logoff = 0;
+ info21->last_password_change = 0;
+ info21->acct_expiry = 0;
+ info21->allow_password_change = 0;
+ info21->force_password_change = 0;
+ info21->account_name.string = infoX->usriX_name;
+ info21->full_name.string = infoX->usriX_full_name;
+ info21->home_directory.string = infoX->usriX_home_dir;
+ info21->home_drive.string = infoX->usriX_home_dir_drive;
+ info21->logon_script.string = infoX->usriX_script_path;
+ info21->profile_path.string = infoX->usriX_profile;
+ info21->description.string = infoX->usriX_comment;
+ info21->workstations.string = infoX->usriX_workstations;
+ info21->comment.string = infoX->usriX_usr_comment;
+ info21->parameters = zero_parameters;
+ info21->lm_owf_password = zero_parameters;
+ info21->nt_owf_password = zero_parameters;
+ info21->private_data.string = NULL;
+ info21->buf_count = 0;
+ info21->buffer = NULL;
+ info21->rid = infoX->usriX_user_id;
+ info21->primary_gid = infoX->usriX_primary_group_id;
+ info21->acct_flags = infoX->usriX_flags;
+ info21->fields_present = fields_present;
+ info21->logon_hours = zero_logon_hours;
+ info21->bad_password_count = infoX->usriX_bad_pw_count;
+ info21->logon_count = infoX->usriX_num_logons;
+ info21->country_code = infoX->usriX_country_code;
+ info21->code_page = infoX->usriX_code_page;
+ info21->lm_password_set = 0;
+ info21->nt_password_set = 0;
+ info21->password_expired = infoX->usriX_password_expired;
+ info21->private_data_sensitive = 0;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS construct_USER_INFO_X(uint32_t level,
+ uint8_t *buffer,
+ struct USER_INFO_X *uX)
+{
+ struct USER_INFO_0 *u0 = NULL;
+ struct USER_INFO_1 *u1 = NULL;
+ struct USER_INFO_2 *u2 = NULL;
+ struct USER_INFO_3 *u3 = NULL;
+ struct USER_INFO_1003 *u1003 = NULL;
+ struct USER_INFO_1006 *u1006 = NULL;
+ struct USER_INFO_1007 *u1007 = NULL;
+ struct USER_INFO_1009 *u1009 = NULL;
+ struct USER_INFO_1011 *u1011 = NULL;
+ struct USER_INFO_1012 *u1012 = NULL;
+ struct USER_INFO_1014 *u1014 = NULL;
+ struct USER_INFO_1024 *u1024 = NULL;
+ struct USER_INFO_1051 *u1051 = NULL;
+ struct USER_INFO_1052 *u1052 = NULL;
+ struct USER_INFO_1053 *u1053 = NULL;
+
+ if (!buffer || !uX) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ ZERO_STRUCTP(uX);
+
+ switch (level) {
+ case 0:
+ u0 = (struct USER_INFO_0 *)buffer;
+ uX->usriX_name = u0->usri0_name;
+ break;
+ case 1:
+ u1 = (struct USER_INFO_1 *)buffer;
+ uX->usriX_name = u1->usri1_name;
+ uX->usriX_password = u1->usri1_password;
+ uX->usriX_password_age = u1->usri1_password_age;
+ uX->usriX_priv = u1->usri1_priv;
+ uX->usriX_home_dir = u1->usri1_home_dir;
+ uX->usriX_comment = u1->usri1_comment;
+ uX->usriX_flags = u1->usri1_flags;
+ uX->usriX_script_path = u1->usri1_script_path;
+ break;
+ case 2:
+ u2 = (struct USER_INFO_2 *)buffer;
+ uX->usriX_name = u2->usri2_name;
+ uX->usriX_password = u2->usri2_password;
+ uX->usriX_password_age = u2->usri2_password_age;
+ uX->usriX_priv = u2->usri2_priv;
+ uX->usriX_home_dir = u2->usri2_home_dir;
+ uX->usriX_comment = u2->usri2_comment;
+ uX->usriX_flags = u2->usri2_flags;
+ uX->usriX_script_path = u2->usri2_script_path;
+ uX->usriX_auth_flags = u2->usri2_auth_flags;
+ uX->usriX_full_name = u2->usri2_full_name;
+ uX->usriX_usr_comment = u2->usri2_usr_comment;
+ uX->usriX_parms = u2->usri2_parms;
+ uX->usriX_workstations = u2->usri2_workstations;
+ uX->usriX_last_logon = u2->usri2_last_logon;
+ uX->usriX_last_logoff = u2->usri2_last_logoff;
+ uX->usriX_acct_expires = u2->usri2_acct_expires;
+ uX->usriX_max_storage = u2->usri2_max_storage;
+ uX->usriX_units_per_week= u2->usri2_units_per_week;
+ uX->usriX_logon_hours = u2->usri2_logon_hours;
+ uX->usriX_bad_pw_count = u2->usri2_bad_pw_count;
+ uX->usriX_num_logons = u2->usri2_num_logons;
+ uX->usriX_logon_server = u2->usri2_logon_server;
+ uX->usriX_country_code = u2->usri2_country_code;
+ uX->usriX_code_page = u2->usri2_code_page;
+ break;
+ case 3:
+ u3 = (struct USER_INFO_3 *)buffer;
+ uX->usriX_name = u3->usri3_name;
+ uX->usriX_password_age = u3->usri3_password_age;
+ uX->usriX_priv = u3->usri3_priv;
+ uX->usriX_home_dir = u3->usri3_home_dir;
+ uX->usriX_comment = u3->usri3_comment;
+ uX->usriX_flags = u3->usri3_flags;
+ uX->usriX_script_path = u3->usri3_script_path;
+ uX->usriX_auth_flags = u3->usri3_auth_flags;
+ uX->usriX_full_name = u3->usri3_full_name;
+ uX->usriX_usr_comment = u3->usri3_usr_comment;
+ uX->usriX_parms = u3->usri3_parms;
+ uX->usriX_workstations = u3->usri3_workstations;
+ uX->usriX_last_logon = u3->usri3_last_logon;
+ uX->usriX_last_logoff = u3->usri3_last_logoff;
+ uX->usriX_acct_expires = u3->usri3_acct_expires;
+ uX->usriX_max_storage = u3->usri3_max_storage;
+ uX->usriX_units_per_week= u3->usri3_units_per_week;
+ uX->usriX_logon_hours = u3->usri3_logon_hours;
+ uX->usriX_bad_pw_count = u3->usri3_bad_pw_count;
+ uX->usriX_num_logons = u3->usri3_num_logons;
+ uX->usriX_logon_server = u3->usri3_logon_server;
+ uX->usriX_country_code = u3->usri3_country_code;
+ uX->usriX_code_page = u3->usri3_code_page;
+ uX->usriX_user_id = u3->usri3_user_id;
+ uX->usriX_primary_group_id = u3->usri3_primary_group_id;
+ uX->usriX_profile = u3->usri3_profile;
+ uX->usriX_home_dir_drive = u3->usri3_home_dir_drive;
+ uX->usriX_password_expired = u3->usri3_password_expired;
+ break;
+ case 1003:
+ u1003 = (struct USER_INFO_1003 *)buffer;
+ uX->usriX_password = u1003->usri1003_password;
+ break;
+ case 1006:
+ u1006 = (struct USER_INFO_1006 *)buffer;
+ uX->usriX_home_dir = u1006->usri1006_home_dir;
+ break;
+ case 1007:
+ u1007 = (struct USER_INFO_1007 *)buffer;
+ uX->usriX_comment = u1007->usri1007_comment;
+ break;
+ case 1009:
+ u1009 = (struct USER_INFO_1009 *)buffer;
+ uX->usriX_script_path = u1009->usri1009_script_path;
+ break;
+ case 1011:
+ u1011 = (struct USER_INFO_1011 *)buffer;
+ uX->usriX_full_name = u1011->usri1011_full_name;
+ break;
+ case 1012:
+ u1012 = (struct USER_INFO_1012 *)buffer;
+ uX->usriX_usr_comment = u1012->usri1012_usr_comment;
+ break;
+ case 1014:
+ u1014 = (struct USER_INFO_1014 *)buffer;
+ uX->usriX_workstations = u1014->usri1014_workstations;
+ break;
+ case 1024:
+ u1024 = (struct USER_INFO_1024 *)buffer;
+ uX->usriX_country_code = u1024->usri1024_country_code;
+ break;
+ case 1051:
+ u1051 = (struct USER_INFO_1051 *)buffer;
+ uX->usriX_primary_group_id = u1051->usri1051_primary_group_id;
+ break;
+ case 1052:
+ u1052 = (struct USER_INFO_1052 *)buffer;
+ uX->usriX_profile = u1052->usri1052_profile;
+ break;
+ case 1053:
+ u1053 = (struct USER_INFO_1053 *)buffer;
+ uX->usriX_home_dir_drive = u1053->usri1053_home_dir_drive;
+ break;
+ case 4:
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_user_info_USER_INFO_X(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ DATA_BLOB *session_key,
+ struct policy_handle *user_handle,
+ struct USER_INFO_X *uX)
+{
+ union samr_UserInfo user_info;
+ struct samr_UserInfo21 info21;
+ NTSTATUS status, result;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ if (!uX) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ convert_USER_INFO_X_to_samr_user_info21(uX, &info21);
+
+ ZERO_STRUCT(user_info);
+
+ if (uX->usriX_password) {
+
+ user_info.info25.info = info21;
+
+ status = init_samr_CryptPasswordEx(uX->usriX_password,
+ session_key,
+ &user_info.info25.password);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ user_handle,
+ 25,
+ &user_info,
+ &result);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
+
+ user_info.info23.info = info21;
+
+ status = init_samr_CryptPassword(uX->usriX_password,
+ session_key,
+ &user_info.info23.password);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ user_handle,
+ 23,
+ &user_info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else {
+
+ user_info.info21 = info21;
+
+ status = dcerpc_samr_SetUserInfo(b, mem_ctx,
+ user_handle,
+ 21,
+ &user_info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ return result;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
+ struct NetUserAdd *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, domain_handle, user_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ union samr_UserInfo *user_info = NULL;
+ struct samr_PwInfo pw_info;
+ uint32_t access_granted = 0;
+ uint32_t rid = 0;
+ struct USER_INFO_X uX;
+ struct dcerpc_binding_handle *b = NULL;
+ DATA_BLOB session_key;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(user_handle);
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 1:
+ break;
+ case 2:
+ case 3:
+ case 4:
+ default:
+ werr = WERR_NOT_SUPPORTED;
+ goto done;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ status = construct_USER_INFO_X(r->in.level, r->in.buffer, &uX);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
+ SAMR_DOMAIN_ACCESS_CREATE_USER |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, uX.usriX_name);
+
+ status = dcerpc_samr_CreateUser2(b, talloc_tos(),
+ &domain_handle,
+ &lsa_account_name,
+ ACB_NORMAL,
+ SEC_STD_WRITE_DAC |
+ SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES,
+ &user_handle,
+ &access_granted,
+ &rid,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryUserInfo(b, talloc_tos(),
+ &user_handle,
+ 16,
+ &user_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!(user_info->info16.acct_flags & ACB_NORMAL)) {
+ werr = WERR_INVALID_PARAMETER;
+ goto done;
+ }
+
+ status = dcerpc_samr_GetUserPwInfo(b, talloc_tos(),
+ &user_handle,
+ &pw_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ uX.usriX_flags |= ACB_NORMAL;
+
+ status = set_user_info_USER_INFO_X(ctx, pipe_cli,
+ &session_key,
+ &user_handle,
+ &uX);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto failed;
+ }
+
+ werr = WERR_OK;
+ goto done;
+
+ failed:
+ dcerpc_samr_DeleteUser(b, talloc_tos(),
+ &user_handle,
+ &result);
+
+ done:
+ if (is_valid_policy_hnd(&user_handle) && b) {
+ dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserAdd_l(struct libnetapi_ctx *ctx,
+ struct NetUserAdd *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserAdd);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
+ struct NetUserDel *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+ struct policy_handle connect_handle, builtin_handle, domain_handle, user_handle;
+ struct lsa_String lsa_account_name;
+ struct samr_Ids user_rids, name_types;
+ struct dom_sid2 *domain_sid = NULL;
+ struct dom_sid2 user_sid;
+ struct dcerpc_binding_handle *b = NULL;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(user_handle);
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenDomain(b, talloc_tos(),
+ &connect_handle,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ discard_const_p(struct dom_sid, &global_sid_Builtin),
+ &builtin_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+ SEC_STD_DELETE,
+ user_rids.ids[0],
+ &user_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ sid_compose(&user_sid, domain_sid, user_rids.ids[0]);
+
+ status = dcerpc_samr_RemoveMemberFromForeignDomain(b, talloc_tos(),
+ &builtin_handle,
+ &user_sid,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_DeleteUser(b, talloc_tos(),
+ &user_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&user_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserDel_l(struct libnetapi_ctx *ctx,
+ struct NetUserDel *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserDel);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnetapi_samr_lookup_user(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct policy_handle *builtin_handle,
+ const char *user_name,
+ const struct dom_sid *domain_sid,
+ uint32_t rid,
+ uint32_t level,
+ struct samr_UserInfo21 **info21,
+ struct sec_desc_buf **sec_desc,
+ uint32_t *auth_flag_p)
+{
+ NTSTATUS status, result;
+
+ struct policy_handle user_handle;
+ union samr_UserInfo *user_info = NULL;
+ struct samr_RidWithAttributeArray *rid_array = NULL;
+ uint32_t access_mask = SEC_STD_READ_CONTROL |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_NAME_ETC;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ ZERO_STRUCT(user_handle);
+
+ switch (level) {
+ case 0:
+ break;
+ case 1:
+ access_mask |= SAMR_USER_ACCESS_GET_LOGONINFO |
+ SAMR_USER_ACCESS_GET_GROUPS;
+ break;
+ case 2:
+ case 3:
+ case 4:
+ case 11:
+ access_mask |= SAMR_USER_ACCESS_GET_LOGONINFO |
+ SAMR_USER_ACCESS_GET_GROUPS |
+ SAMR_USER_ACCESS_GET_LOCALE;
+ break;
+ case 10:
+ case 20:
+ case 23:
+ break;
+ default:
+ return NT_STATUS_INVALID_LEVEL;
+ }
+
+ if (level == 0) {
+ return NT_STATUS_OK;
+ }
+
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ domain_handle,
+ access_mask,
+ rid,
+ &user_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
+ &user_handle,
+ 21,
+ &user_info,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_QuerySecurity(b, mem_ctx,
+ &user_handle,
+ SECINFO_DACL,
+ sec_desc,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ goto done;
+ }
+
+ if (access_mask & SAMR_USER_ACCESS_GET_GROUPS) {
+
+ struct lsa_SidArray sid_array;
+ struct samr_Ids alias_rids;
+ int i;
+ uint32_t auth_flag = 0;
+ struct dom_sid sid;
+
+ status = dcerpc_samr_GetGroupsForUser(b, mem_ctx,
+ &user_handle,
+ &rid_array,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ goto done;
+ }
+
+ sid_array.num_sids = rid_array->count + 1;
+ sid_array.sids = talloc_array(mem_ctx, struct lsa_SidPtr,
+ sid_array.num_sids);
+ NT_STATUS_HAVE_NO_MEMORY(sid_array.sids);
+
+ for (i=0; i<rid_array->count; i++) {
+ sid_compose(&sid, domain_sid, rid_array->rids[i].rid);
+ sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid);
+ NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid);
+ }
+
+ sid_compose(&sid, domain_sid, rid);
+ sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid);
+ NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid);
+
+ status = dcerpc_samr_GetAliasMembership(b, mem_ctx,
+ builtin_handle,
+ &sid_array,
+ &alias_rids,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ goto done;
+ }
+
+ for (i=0; i<alias_rids.count; i++) {
+ switch (alias_rids.ids[i]) {
+ case 550: /* Print Operators */
+ auth_flag |= AF_OP_PRINT;
+ break;
+ case 549: /* Server Operators */
+ auth_flag |= AF_OP_SERVER;
+ break;
+ case 548: /* Account Operators */
+ auth_flag |= AF_OP_ACCOUNTS;
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (auth_flag_p) {
+ *auth_flag_p = auth_flag;
+ }
+ }
+
+ *info21 = &user_info->info21;
+
+ done:
+ if (is_valid_policy_hnd(&user_handle)) {
+ dcerpc_samr_Close(b, mem_ctx, &user_handle, &result);
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static uint32_t samr_rid_to_priv_level(uint32_t rid)
+{
+ switch (rid) {
+ case DOMAIN_RID_ADMINISTRATOR:
+ return USER_PRIV_ADMIN;
+ case DOMAIN_RID_GUEST:
+ return USER_PRIV_GUEST;
+ default:
+ return USER_PRIV_USER;
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+static uint32_t samr_acb_flags_to_netapi_flags(uint32_t acb)
+{
+ uint32_t fl = UF_SCRIPT; /* god knows why */
+
+ fl |= ds_acb2uf(acb);
+
+ return fl;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_1(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ struct USER_INFO_1 *i)
+{
+ ZERO_STRUCTP(i);
+ i->usri1_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri1_name);
+ i->usri1_password = NULL;
+ i->usri1_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
+ i->usri1_priv = samr_rid_to_priv_level(i21->rid);
+ i->usri1_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
+ i->usri1_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri1_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
+ i->usri1_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_2(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ uint32_t auth_flag,
+ struct USER_INFO_2 *i)
+{
+ ZERO_STRUCTP(i);
+
+ i->usri2_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri2_name);
+ i->usri2_password = NULL;
+ i->usri2_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
+ i->usri2_priv = samr_rid_to_priv_level(i21->rid);
+ i->usri2_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
+ i->usri2_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri2_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
+ i->usri2_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
+ i->usri2_auth_flags = auth_flag;
+ i->usri2_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
+ i->usri2_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
+ i->usri2_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
+ i->usri2_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
+ i->usri2_last_logon = nt_time_to_unix(i21->last_logon);
+ i->usri2_last_logoff = nt_time_to_unix(i21->last_logoff);
+ i->usri2_acct_expires = nt_time_to_unix(i21->acct_expiry);
+ i->usri2_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
+ i->usri2_units_per_week = i21->logon_hours.units_per_week;
+ i->usri2_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
+ i->usri2_bad_pw_count = i21->bad_password_count;
+ i->usri2_num_logons = i21->logon_count;
+ i->usri2_logon_server = talloc_strdup(mem_ctx, "\\\\*");
+ i->usri2_country_code = i21->country_code;
+ i->usri2_code_page = i21->code_page;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_3(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ uint32_t auth_flag,
+ struct USER_INFO_3 *i)
+{
+ ZERO_STRUCTP(i);
+
+ i->usri3_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri3_name);
+ i->usri3_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
+ i->usri3_priv = samr_rid_to_priv_level(i21->rid);
+ i->usri3_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
+ i->usri3_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri3_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
+ i->usri3_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
+ i->usri3_auth_flags = auth_flag;
+ i->usri3_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
+ i->usri3_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
+ i->usri3_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
+ i->usri3_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
+ i->usri3_last_logon = nt_time_to_unix(i21->last_logon);
+ i->usri3_last_logoff = nt_time_to_unix(i21->last_logoff);
+ i->usri3_acct_expires = nt_time_to_unix(i21->acct_expiry);
+ i->usri3_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
+ i->usri3_units_per_week = i21->logon_hours.units_per_week;
+ i->usri3_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
+ i->usri3_bad_pw_count = i21->bad_password_count;
+ i->usri3_num_logons = i21->logon_count;
+ i->usri3_logon_server = talloc_strdup(mem_ctx, "\\\\*");
+ i->usri3_country_code = i21->country_code;
+ i->usri3_code_page = i21->code_page;
+ i->usri3_user_id = i21->rid;
+ i->usri3_primary_group_id = i21->primary_gid;
+ i->usri3_profile = talloc_strdup(mem_ctx, i21->profile_path.string);
+ i->usri3_home_dir_drive = talloc_strdup(mem_ctx, i21->home_drive.string);
+ i->usri3_password_expired = i21->password_expired;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_4(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ uint32_t auth_flag,
+ struct dom_sid *domain_sid,
+ struct USER_INFO_4 *i)
+{
+ struct dom_sid sid;
+
+ ZERO_STRUCTP(i);
+
+ i->usri4_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri4_name);
+ i->usri4_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
+ i->usri4_password = NULL;
+ i->usri4_priv = samr_rid_to_priv_level(i21->rid);
+ i->usri4_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
+ i->usri4_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri4_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
+ i->usri4_script_path = talloc_strdup(mem_ctx, i21->logon_script.string);
+ i->usri4_auth_flags = auth_flag;
+ i->usri4_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
+ i->usri4_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
+ i->usri4_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
+ i->usri4_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
+ i->usri4_last_logon = nt_time_to_unix(i21->last_logon);
+ i->usri4_last_logoff = nt_time_to_unix(i21->last_logoff);
+ i->usri4_acct_expires = nt_time_to_unix(i21->acct_expiry);
+ i->usri4_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
+ i->usri4_units_per_week = i21->logon_hours.units_per_week;
+ i->usri4_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
+ i->usri4_bad_pw_count = i21->bad_password_count;
+ i->usri4_num_logons = i21->logon_count;
+ i->usri4_logon_server = talloc_strdup(mem_ctx, "\\\\*");
+ i->usri4_country_code = i21->country_code;
+ i->usri4_code_page = i21->code_page;
+ if (!sid_compose(&sid, domain_sid, i21->rid)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ i->usri4_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
+ i->usri4_primary_group_id = i21->primary_gid;
+ i->usri4_profile = talloc_strdup(mem_ctx, i21->profile_path.string);
+ i->usri4_home_dir_drive = talloc_strdup(mem_ctx, i21->home_drive.string);
+ i->usri4_password_expired = i21->password_expired;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_10(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ struct USER_INFO_10 *i)
+{
+ ZERO_STRUCTP(i);
+
+ i->usri10_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri10_name);
+ i->usri10_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri10_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
+ i->usri10_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_11(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ uint32_t auth_flag,
+ struct USER_INFO_11 *i)
+{
+ ZERO_STRUCTP(i);
+
+ i->usri11_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri11_name);
+ i->usri11_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri11_usr_comment = talloc_strdup(mem_ctx, i21->comment.string);
+ i->usri11_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
+ i->usri11_priv = samr_rid_to_priv_level(i21->rid);
+ i->usri11_auth_flags = auth_flag;
+ i->usri11_password_age = time(NULL) - nt_time_to_unix(i21->last_password_change);
+ i->usri11_home_dir = talloc_strdup(mem_ctx, i21->home_directory.string);
+ i->usri11_parms = talloc_strndup(mem_ctx, (const char *)i21->parameters.array, i21->parameters.size/2);
+ i->usri11_last_logon = nt_time_to_unix(i21->last_logon);
+ i->usri11_last_logoff = nt_time_to_unix(i21->last_logoff);
+ i->usri11_bad_pw_count = i21->bad_password_count;
+ i->usri11_num_logons = i21->logon_count;
+ i->usri11_logon_server = talloc_strdup(mem_ctx, "\\\\*");
+ i->usri11_country_code = i21->country_code;
+ i->usri11_workstations = talloc_strdup(mem_ctx, i21->workstations.string);
+ i->usri11_max_storage = USER_MAXSTORAGE_UNLIMITED; /* FIXME */
+ i->usri11_units_per_week = i21->logon_hours.units_per_week;
+ i->usri11_logon_hours = (uint8_t *)talloc_memdup(mem_ctx, i21->logon_hours.bits, 21);
+ i->usri11_code_page = i21->code_page;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_20(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ struct USER_INFO_20 *i)
+{
+ ZERO_STRUCTP(i);
+
+ i->usri20_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri20_name);
+ i->usri20_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri20_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
+ i->usri20_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
+ i->usri20_user_id = i21->rid;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS info21_to_USER_INFO_23(TALLOC_CTX *mem_ctx,
+ const struct samr_UserInfo21 *i21,
+ struct dom_sid *domain_sid,
+ struct USER_INFO_23 *i)
+{
+ struct dom_sid sid;
+
+ ZERO_STRUCTP(i);
+
+ i->usri23_name = talloc_strdup(mem_ctx, i21->account_name.string);
+ NT_STATUS_HAVE_NO_MEMORY(i->usri23_name);
+ i->usri23_comment = talloc_strdup(mem_ctx, i21->description.string);
+ i->usri23_full_name = talloc_strdup(mem_ctx, i21->full_name.string);
+ i->usri23_flags = samr_acb_flags_to_netapi_flags(i21->acct_flags);
+ if (!sid_compose(&sid, domain_sid, i21->rid)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ i->usri23_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnetapi_samr_lookup_user_map_USER_INFO(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct dom_sid *domain_sid,
+ struct policy_handle *domain_handle,
+ struct policy_handle *builtin_handle,
+ const char *user_name,
+ uint32_t rid,
+ uint32_t level,
+ uint8_t **buffer,
+ uint32_t *num_entries)
+{
+ NTSTATUS status;
+
+ struct samr_UserInfo21 *info21 = NULL;
+ struct sec_desc_buf *sec_desc = NULL;
+ uint32_t auth_flag = 0;
+
+ struct USER_INFO_0 info0;
+ struct USER_INFO_1 info1;
+ struct USER_INFO_2 info2;
+ struct USER_INFO_3 info3;
+ struct USER_INFO_4 info4;
+ struct USER_INFO_10 info10;
+ struct USER_INFO_11 info11;
+ struct USER_INFO_20 info20;
+ struct USER_INFO_23 info23;
+
+ switch (level) {
+ case 0:
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ case 10:
+ case 11:
+ case 20:
+ case 23:
+ break;
+ default:
+ return NT_STATUS_INVALID_LEVEL;
+ }
+
+ if (level == 0) {
+ info0.usri0_name = talloc_strdup(mem_ctx, user_name);
+ NT_STATUS_HAVE_NO_MEMORY(info0.usri0_name);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_0, info0,
+ (struct USER_INFO_0 **)buffer, num_entries);
+
+ return NT_STATUS_OK;
+ }
+
+ status = libnetapi_samr_lookup_user(mem_ctx, pipe_cli,
+ domain_handle,
+ builtin_handle,
+ user_name,
+ domain_sid,
+ rid,
+ level,
+ &info21,
+ &sec_desc,
+ &auth_flag);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ switch (level) {
+ case 1:
+ status = info21_to_USER_INFO_1(mem_ctx, info21, &info1);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_1, info1,
+ (struct USER_INFO_1 **)buffer, num_entries);
+
+ break;
+ case 2:
+ status = info21_to_USER_INFO_2(mem_ctx, info21, auth_flag, &info2);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_2, info2,
+ (struct USER_INFO_2 **)buffer, num_entries);
+
+ break;
+ case 3:
+ status = info21_to_USER_INFO_3(mem_ctx, info21, auth_flag, &info3);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_3, info3,
+ (struct USER_INFO_3 **)buffer, num_entries);
+
+ break;
+ case 4:
+ status = info21_to_USER_INFO_4(mem_ctx, info21, auth_flag, domain_sid, &info4);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_4, info4,
+ (struct USER_INFO_4 **)buffer, num_entries);
+
+ break;
+ case 10:
+ status = info21_to_USER_INFO_10(mem_ctx, info21, &info10);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_10, info10,
+ (struct USER_INFO_10 **)buffer, num_entries);
+
+ break;
+ case 11:
+ status = info21_to_USER_INFO_11(mem_ctx, info21, auth_flag, &info11);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_11, info11,
+ (struct USER_INFO_11 **)buffer, num_entries);
+
+ break;
+ case 20:
+ status = info21_to_USER_INFO_20(mem_ctx, info21, &info20);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_20, info20,
+ (struct USER_INFO_20 **)buffer, num_entries);
+
+ break;
+ case 23:
+ status = info21_to_USER_INFO_23(mem_ctx, info21, domain_sid, &info23);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ ADD_TO_ARRAY(mem_ctx, struct USER_INFO_23, info23,
+ (struct USER_INFO_23 **)buffer, num_entries);
+ break;
+ default:
+ return NT_STATUS_INVALID_LEVEL;
+ }
+
+ done:
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserEnum_r(struct libnetapi_ctx *ctx,
+ struct NetUserEnum *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ struct policy_handle domain_handle, builtin_handle;
+ struct samr_SamArray *sam = NULL;
+ uint32_t filter = ACB_NORMAL;
+ int i;
+ uint32_t entries_read = 0;
+
+ NTSTATUS status;
+ NTSTATUS result = NT_STATUS_OK;
+ WERROR werr;
+ struct dcerpc_binding_handle *b = NULL;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(builtin_handle);
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ *r->out.buffer = NULL;
+ *r->out.entries_read = 0;
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ case 10:
+ case 11:
+ case 20:
+ case 23:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ switch (r->in.filter) {
+ case FILTER_NORMAL_ACCOUNT:
+ filter = ACB_NORMAL;
+ break;
+ case FILTER_TEMP_DUPLICATE_ACCOUNT:
+ filter = ACB_TEMPDUP;
+ break;
+ case FILTER_INTERDOMAIN_TRUST_ACCOUNT:
+ filter = ACB_DOMTRUST;
+ break;
+ case FILTER_WORKSTATION_TRUST_ACCOUNT:
+ filter = ACB_WSTRUST;
+ break;
+ case FILTER_SERVER_TRUST_ACCOUNT:
+ filter = ACB_SVRTRUST;
+ break;
+ default:
+ break;
+ }
+
+ status = dcerpc_samr_EnumDomainUsers(b,
+ ctx,
+ &domain_handle,
+ r->in.resume_handle,
+ filter,
+ &sam,
+ r->in.prefmaxlen,
+ &entries_read,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ werr = ntstatus_to_werror(result);
+ if (NT_STATUS_IS_ERR(result)) {
+ goto done;
+ }
+
+ for (i=0; i < sam->count; i++) {
+
+ status = libnetapi_samr_lookup_user_map_USER_INFO(ctx, pipe_cli,
+ domain_sid,
+ &domain_handle,
+ &builtin_handle,
+ sam->entries[i].name.string,
+ sam->entries[i].idx,
+ r->in.level,
+ r->out.buffer,
+ r->out.entries_read);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ done:
+ /* if last query */
+ if (NT_STATUS_IS_OK(result) ||
+ NT_STATUS_IS_ERR(result)) {
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserEnum_l(struct libnetapi_ctx *ctx,
+ struct NetUserEnum *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserEnum);
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_dispinfo_to_NET_DISPLAY_USER(TALLOC_CTX *mem_ctx,
+ struct samr_DispInfoGeneral *info,
+ uint32_t *entries_read,
+ void **buffer)
+{
+ struct NET_DISPLAY_USER *user = NULL;
+ int i;
+
+ user = talloc_zero_array(mem_ctx,
+ struct NET_DISPLAY_USER,
+ info->count);
+ W_ERROR_HAVE_NO_MEMORY(user);
+
+ for (i = 0; i < info->count; i++) {
+ user[i].usri1_name = talloc_strdup(mem_ctx,
+ info->entries[i].account_name.string);
+ user[i].usri1_comment = talloc_strdup(mem_ctx,
+ info->entries[i].description.string);
+ user[i].usri1_flags =
+ info->entries[i].acct_flags;
+ user[i].usri1_full_name = talloc_strdup(mem_ctx,
+ info->entries[i].full_name.string);
+ user[i].usri1_user_id =
+ info->entries[i].rid;
+ user[i].usri1_next_index =
+ info->entries[i].idx;
+
+ if (!user[i].usri1_name) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ }
+
+ *buffer = talloc_memdup(mem_ctx, user,
+ sizeof(struct NET_DISPLAY_USER) * info->count);
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ *entries_read = info->count;
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(TALLOC_CTX *mem_ctx,
+ struct samr_DispInfoFull *info,
+ uint32_t *entries_read,
+ void **buffer)
+{
+ struct NET_DISPLAY_MACHINE *machine = NULL;
+ int i;
+
+ machine = talloc_zero_array(mem_ctx,
+ struct NET_DISPLAY_MACHINE,
+ info->count);
+ W_ERROR_HAVE_NO_MEMORY(machine);
+
+ for (i = 0; i < info->count; i++) {
+ machine[i].usri2_name = talloc_strdup(mem_ctx,
+ info->entries[i].account_name.string);
+ machine[i].usri2_comment = talloc_strdup(mem_ctx,
+ info->entries[i].description.string);
+ machine[i].usri2_flags =
+ info->entries[i].acct_flags;
+ machine[i].usri2_user_id =
+ info->entries[i].rid;
+ machine[i].usri2_next_index =
+ info->entries[i].idx;
+
+ if (!machine[i].usri2_name) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ }
+
+ *buffer = talloc_memdup(mem_ctx, machine,
+ sizeof(struct NET_DISPLAY_MACHINE) * info->count);
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ *entries_read = info->count;
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_dispinfo_to_NET_DISPLAY_GROUP(TALLOC_CTX *mem_ctx,
+ struct samr_DispInfoFullGroups *info,
+ uint32_t *entries_read,
+ void **buffer)
+{
+ struct NET_DISPLAY_GROUP *group = NULL;
+ int i;
+
+ group = talloc_zero_array(mem_ctx,
+ struct NET_DISPLAY_GROUP,
+ info->count);
+ W_ERROR_HAVE_NO_MEMORY(group);
+
+ for (i = 0; i < info->count; i++) {
+ group[i].grpi3_name = talloc_strdup(mem_ctx,
+ info->entries[i].account_name.string);
+ group[i].grpi3_comment = talloc_strdup(mem_ctx,
+ info->entries[i].description.string);
+ group[i].grpi3_group_id =
+ info->entries[i].rid;
+ group[i].grpi3_attributes =
+ info->entries[i].acct_flags;
+ group[i].grpi3_next_index =
+ info->entries[i].idx;
+
+ if (!group[i].grpi3_name) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ }
+
+ *buffer = talloc_memdup(mem_ctx, group,
+ sizeof(struct NET_DISPLAY_GROUP) * info->count);
+ W_ERROR_HAVE_NO_MEMORY(*buffer);
+
+ *entries_read = info->count;
+
+ return WERR_OK;
+
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR convert_samr_dispinfo_to_NET_DISPLAY(TALLOC_CTX *mem_ctx,
+ union samr_DispInfo *info,
+ uint32_t level,
+ uint32_t *entries_read,
+ void **buffer)
+{
+ switch (level) {
+ case 1:
+ return convert_samr_dispinfo_to_NET_DISPLAY_USER(mem_ctx,
+ &info->info1,
+ entries_read,
+ buffer);
+ case 2:
+ return convert_samr_dispinfo_to_NET_DISPLAY_MACHINE(mem_ctx,
+ &info->info2,
+ entries_read,
+ buffer);
+ case 3:
+ return convert_samr_dispinfo_to_NET_DISPLAY_GROUP(mem_ctx,
+ &info->info3,
+ entries_read,
+ buffer);
+ default:
+ break;
+ }
+
+ return WERR_INVALID_LEVEL;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetQueryDisplayInformation_r(struct libnetapi_ctx *ctx,
+ struct NetQueryDisplayInformation *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ struct policy_handle domain_handle;
+ union samr_DispInfo info;
+ struct dcerpc_binding_handle *b = NULL;
+
+ uint32_t total_size = 0;
+ uint32_t returned_size = 0;
+
+ NTSTATUS status;
+ NTSTATUS result = NT_STATUS_OK;
+ WERROR werr;
+ WERROR werr_tmp;
+
+ *r->out.entries_read = 0;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+
+ switch (r->in.level) {
+ case 1:
+ case 2:
+ case 3:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_samr_QueryDisplayInfo2(b,
+ ctx,
+ &domain_handle,
+ r->in.level,
+ r->in.idx,
+ r->in.entries_requested,
+ r->in.prefmaxlen,
+ &total_size,
+ &returned_size,
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ werr = ntstatus_to_werror(result);
+ if (NT_STATUS_IS_ERR(result)) {
+ goto done;
+ }
+
+ werr_tmp = convert_samr_dispinfo_to_NET_DISPLAY(ctx, &info,
+ r->in.level,
+ r->out.entries_read,
+ r->out.buffer);
+ if (!W_ERROR_IS_OK(werr_tmp)) {
+ werr = werr_tmp;
+ }
+ done:
+ /* if last query */
+ if (NT_STATUS_IS_OK(result) ||
+ NT_STATUS_IS_ERR(result)) {
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+ }
+
+ return werr;
+
+}
+
+/****************************************************************
+****************************************************************/
+
+
+WERROR NetQueryDisplayInformation_l(struct libnetapi_ctx *ctx,
+ struct NetQueryDisplayInformation *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetQueryDisplayInformation);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserChangePassword_r(struct libnetapi_ctx *ctx,
+ struct NetUserChangePassword *r)
+{
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserChangePassword_l(struct libnetapi_ctx *ctx,
+ struct NetUserChangePassword *r)
+{
+ return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetUserGetInfo *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+
+ struct policy_handle connect_handle, domain_handle, builtin_handle, user_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct samr_Ids user_rids, name_types;
+ uint32_t num_entries = 0;
+ struct dcerpc_binding_handle *b = NULL;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(user_handle);
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ case 2:
+ case 3:
+ case 4:
+ case 10:
+ case 11:
+ case 20:
+ case 23:
+ break;
+ default:
+ werr = WERR_INVALID_LEVEL;
+ goto done;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = libnetapi_samr_lookup_user_map_USER_INFO(ctx, pipe_cli,
+ domain_sid,
+ &domain_handle,
+ &builtin_handle,
+ r->in.user_name,
+ user_rids.ids[0],
+ r->in.level,
+ r->out.buffer,
+ &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ if (is_valid_policy_hnd(&user_handle) && b) {
+ dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetUserGetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserGetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetUserSetInfo *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status, result;
+ WERROR werr;
+
+ struct policy_handle connect_handle, domain_handle, builtin_handle, user_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct samr_Ids user_rids, name_types;
+ uint32_t user_mask = 0;
+
+ struct USER_INFO_X uX;
+ struct dcerpc_binding_handle *b = NULL;
+ DATA_BLOB session_key;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(user_handle);
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES;
+ break;
+ case 1003:
+ user_mask = SAMR_USER_ACCESS_SET_PASSWORD;
+ break;
+ case 1006:
+ case 1007:
+ case 1009:
+ case 1011:
+ case 1014:
+ case 1052:
+ case 1053:
+ user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES;
+ break;
+ case 1012:
+ case 1024:
+ user_mask = SAMR_USER_ACCESS_SET_LOC_COM;
+ break;
+ case 1051:
+ user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_GROUPS;
+ break;
+ case 3:
+ user_mask = SEC_STD_READ_CONTROL |
+ SEC_STD_WRITE_DAC |
+ SAMR_USER_ACCESS_GET_GROUPS |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_LOC_COM;
+ break;
+ case 1:
+ case 2:
+ case 4:
+ case 21:
+ case 22:
+ case 1005:
+ case 1008:
+ case 1010:
+ case 1017:
+ case 1020:
+ werr = WERR_NOT_SUPPORTED;
+ goto done;
+ default:
+ werr = WERR_INVALID_LEVEL;
+ goto done;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+ user_mask,
+ user_rids.ids[0],
+ &user_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = construct_USER_INFO_X(r->in.level, r->in.buffer, &uX);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = cli_get_session_key(talloc_tos(), pipe_cli, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = set_user_info_USER_INFO_X(ctx, pipe_cli,
+ &session_key,
+ &user_handle,
+ &uX);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&user_handle) && b) {
+ dcerpc_samr_Close(b, talloc_tos(), &user_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_builtin_handle(ctx, &builtin_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserSetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetUserSetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserSetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS query_USER_MODALS_INFO_rpc(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct samr_DomInfo1 *info1,
+ struct samr_DomInfo3 *info3,
+ struct samr_DomInfo5 *info5,
+ struct samr_DomInfo6 *info6,
+ struct samr_DomInfo7 *info7,
+ struct samr_DomInfo12 *info12)
+{
+ NTSTATUS status, result;
+ union samr_DomainInfo *dom_info = NULL;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ if (info1) {
+ status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
+ domain_handle,
+ 1,
+ &dom_info,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ *info1 = dom_info->info1;
+ }
+
+ if (info3) {
+ status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
+ domain_handle,
+ 3,
+ &dom_info,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ *info3 = dom_info->info3;
+ }
+
+ if (info5) {
+ status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
+ domain_handle,
+ 5,
+ &dom_info,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ *info5 = dom_info->info5;
+ }
+
+ if (info6) {
+ status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
+ domain_handle,
+ 6,
+ &dom_info,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ *info6 = dom_info->info6;
+ }
+
+ if (info7) {
+ status = dcerpc_samr_QueryDomainInfo(b, mem_ctx,
+ domain_handle,
+ 7,
+ &dom_info,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ *info7 = dom_info->info7;
+ }
+
+ if (info12) {
+ status = dcerpc_samr_QueryDomainInfo2(b, mem_ctx,
+ domain_handle,
+ 12,
+ &dom_info,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ *info12 = dom_info->info12;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS query_USER_MODALS_INFO_0(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_0 *info0)
+{
+ NTSTATUS status;
+ struct samr_DomInfo1 dom_info1;
+ struct samr_DomInfo3 dom_info3;
+
+ ZERO_STRUCTP(info0);
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info1,
+ &dom_info3,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ info0->usrmod0_min_passwd_len =
+ dom_info1.min_password_length;
+ info0->usrmod0_max_passwd_age =
+ nt_time_to_unix_abs((NTTIME *)&dom_info1.max_password_age);
+ info0->usrmod0_min_passwd_age =
+ nt_time_to_unix_abs((NTTIME *)&dom_info1.min_password_age);
+ info0->usrmod0_password_hist_len =
+ dom_info1.password_history_length;
+
+ info0->usrmod0_force_logoff =
+ nt_time_to_unix_abs(&dom_info3.force_logoff_time);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS query_USER_MODALS_INFO_1(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_1 *info1)
+{
+ NTSTATUS status;
+ struct samr_DomInfo6 dom_info6;
+ struct samr_DomInfo7 dom_info7;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ NULL,
+ NULL,
+ NULL,
+ &dom_info6,
+ &dom_info7,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ info1->usrmod1_primary =
+ talloc_strdup(mem_ctx, dom_info6.primary.string);
+
+ info1->usrmod1_role = dom_info7.role;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS query_USER_MODALS_INFO_2(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct dom_sid *domain_sid,
+ struct USER_MODALS_INFO_2 *info2)
+{
+ NTSTATUS status;
+ struct samr_DomInfo5 dom_info5;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ NULL,
+ NULL,
+ &dom_info5,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ info2->usrmod2_domain_name =
+ talloc_strdup(mem_ctx, dom_info5.domain_name.string);
+ info2->usrmod2_domain_id =
+ (struct domsid *)dom_sid_dup(mem_ctx, domain_sid);
+
+ NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_id);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS query_USER_MODALS_INFO_3(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_3 *info3)
+{
+ NTSTATUS status;
+ struct samr_DomInfo12 dom_info12;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &dom_info12);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ info3->usrmod3_lockout_duration =
+ nt_time_to_unix_abs(&dom_info12.lockout_duration);
+ info3->usrmod3_lockout_observation_window =
+ nt_time_to_unix_abs(&dom_info12.lockout_window);
+ info3->usrmod3_lockout_threshold =
+ dom_info12.lockout_threshold;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS query_USER_MODALS_INFO_to_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ uint32_t level,
+ struct policy_handle *domain_handle,
+ struct dom_sid *domain_sid,
+ uint8_t **buffer)
+{
+ NTSTATUS status;
+
+ struct USER_MODALS_INFO_0 info0;
+ struct USER_MODALS_INFO_1 info1;
+ struct USER_MODALS_INFO_2 info2;
+ struct USER_MODALS_INFO_3 info3;
+
+ if (!buffer) {
+ return ERROR_INSUFFICIENT_BUFFER;
+ }
+
+ switch (level) {
+ case 0:
+ status = query_USER_MODALS_INFO_0(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &info0);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info0,
+ sizeof(info0));
+ break;
+
+ case 1:
+ status = query_USER_MODALS_INFO_1(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &info1);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info1,
+ sizeof(info1));
+ break;
+ case 2:
+ status = query_USER_MODALS_INFO_2(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ domain_sid,
+ &info2);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info2,
+ sizeof(info2));
+ break;
+ case 3:
+ status = query_USER_MODALS_INFO_3(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &info3);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info3,
+ sizeof(info3));
+ break;
+ default:
+ break;
+ }
+
+ NT_STATUS_HAVE_NO_MEMORY(*buffer);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserModalsGet_r(struct libnetapi_ctx *ctx,
+ struct NetUserModalsGet *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status;
+ WERROR werr;
+
+ struct policy_handle connect_handle, domain_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ uint32_t access_mask = SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2;
+ break;
+ case 1:
+ case 2:
+ access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2;
+ break;
+ case 3:
+ access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1;
+ break;
+ default:
+ werr = WERR_INVALID_LEVEL;
+ goto done;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ access_mask,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ /* 0: 1 + 3 */
+ /* 1: 6 + 7 */
+ /* 2: 5 */
+ /* 3: 12 (DomainInfo2) */
+
+ status = query_USER_MODALS_INFO_to_buffer(ctx,
+ pipe_cli,
+ r->in.level,
+ &domain_handle,
+ domain_sid,
+ r->out.buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserModalsGet_l(struct libnetapi_ctx *ctx,
+ struct NetUserModalsGet *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserModalsGet);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_rpc(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct samr_DomInfo1 *info1,
+ struct samr_DomInfo3 *info3,
+ struct samr_DomInfo12 *info12)
+{
+ NTSTATUS status, result;
+ union samr_DomainInfo dom_info;
+ struct dcerpc_binding_handle *b = pipe_cli->binding_handle;
+
+ if (info1) {
+
+ ZERO_STRUCT(dom_info);
+
+ dom_info.info1 = *info1;
+
+ status = dcerpc_samr_SetDomainInfo(b, mem_ctx,
+ domain_handle,
+ 1,
+ &dom_info,
+ &result);
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+ }
+
+ if (info3) {
+
+ ZERO_STRUCT(dom_info);
+
+ dom_info.info3 = *info3;
+
+ status = dcerpc_samr_SetDomainInfo(b, mem_ctx,
+ domain_handle,
+ 3,
+ &dom_info,
+ &result);
+
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+ }
+
+ if (info12) {
+
+ ZERO_STRUCT(dom_info);
+
+ dom_info.info12 = *info12;
+
+ status = dcerpc_samr_SetDomainInfo(b, mem_ctx,
+ domain_handle,
+ 12,
+ &dom_info,
+ &result);
+
+ NT_STATUS_NOT_OK_RETURN(status);
+ NT_STATUS_NOT_OK_RETURN(result);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_0_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_0 *info0)
+{
+ NTSTATUS status;
+ struct samr_DomInfo1 dom_info_1;
+ struct samr_DomInfo3 dom_info_3;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ &dom_info_3,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ dom_info_1.min_password_length =
+ info0->usrmod0_min_passwd_len;
+ dom_info_1.password_history_length =
+ info0->usrmod0_password_hist_len;
+
+ unix_to_nt_time_abs((NTTIME *)&dom_info_1.max_password_age,
+ info0->usrmod0_max_passwd_age);
+ unix_to_nt_time_abs((NTTIME *)&dom_info_1.min_password_age,
+ info0->usrmod0_min_passwd_age);
+
+ unix_to_nt_time_abs(&dom_info_3.force_logoff_time,
+ info0->usrmod0_force_logoff);
+
+ return set_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ &dom_info_3,
+ NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_3_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_3 *info3)
+{
+ NTSTATUS status;
+ struct samr_DomInfo12 dom_info_12;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ &dom_info_12);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ unix_to_nt_time_abs((NTTIME *)&dom_info_12.lockout_duration,
+ info3->usrmod3_lockout_duration);
+ unix_to_nt_time_abs((NTTIME *)&dom_info_12.lockout_window,
+ info3->usrmod3_lockout_observation_window);
+ dom_info_12.lockout_threshold = info3->usrmod3_lockout_threshold;
+
+ return set_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ NULL,
+ NULL,
+ &dom_info_12);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_1001_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_1001 *info1001)
+{
+ NTSTATUS status;
+ struct samr_DomInfo1 dom_info_1;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ dom_info_1.min_password_length =
+ info1001->usrmod1001_min_passwd_len;
+
+ return set_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_1002_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_1002 *info1002)
+{
+ NTSTATUS status;
+ struct samr_DomInfo1 dom_info_1;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ unix_to_nt_time_abs((NTTIME *)&dom_info_1.max_password_age,
+ info1002->usrmod1002_max_passwd_age);
+
+ return set_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_1003_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_1003 *info1003)
+{
+ NTSTATUS status;
+ struct samr_DomInfo1 dom_info_1;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ unix_to_nt_time_abs((NTTIME *)&dom_info_1.min_password_age,
+ info1003->usrmod1003_min_passwd_age);
+
+ return set_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_1004_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_1004 *info1004)
+{
+ NTSTATUS status;
+ struct samr_DomInfo3 dom_info_3;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ NULL,
+ &dom_info_3,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ unix_to_nt_time_abs(&dom_info_3.force_logoff_time,
+ info1004->usrmod1004_force_logoff);
+
+ return set_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ NULL,
+ &dom_info_3,
+ NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_1005_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ struct policy_handle *domain_handle,
+ struct USER_MODALS_INFO_1005 *info1005)
+{
+ NTSTATUS status;
+ struct samr_DomInfo1 dom_info_1;
+
+ status = query_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ dom_info_1.password_history_length =
+ info1005->usrmod1005_password_hist_len;
+
+ return set_USER_MODALS_INFO_rpc(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ &dom_info_1,
+ NULL,
+ NULL);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS set_USER_MODALS_INFO_buffer(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *pipe_cli,
+ uint32_t level,
+ struct policy_handle *domain_handle,
+ struct dom_sid *domain_sid,
+ uint8_t *buffer)
+{
+ struct USER_MODALS_INFO_0 *info0;
+ struct USER_MODALS_INFO_3 *info3;
+ struct USER_MODALS_INFO_1001 *info1001;
+ struct USER_MODALS_INFO_1002 *info1002;
+ struct USER_MODALS_INFO_1003 *info1003;
+ struct USER_MODALS_INFO_1004 *info1004;
+ struct USER_MODALS_INFO_1005 *info1005;
+
+ if (!buffer) {
+ return ERROR_INSUFFICIENT_BUFFER;
+ }
+
+ switch (level) {
+ case 0:
+ info0 = (struct USER_MODALS_INFO_0 *)buffer;
+ return set_USER_MODALS_INFO_0_buffer(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ info0);
+ case 3:
+ info3 = (struct USER_MODALS_INFO_3 *)buffer;
+ return set_USER_MODALS_INFO_3_buffer(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ info3);
+ case 1001:
+ info1001 = (struct USER_MODALS_INFO_1001 *)buffer;
+ return set_USER_MODALS_INFO_1001_buffer(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ info1001);
+ case 1002:
+ info1002 = (struct USER_MODALS_INFO_1002 *)buffer;
+ return set_USER_MODALS_INFO_1002_buffer(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ info1002);
+ case 1003:
+ info1003 = (struct USER_MODALS_INFO_1003 *)buffer;
+ return set_USER_MODALS_INFO_1003_buffer(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ info1003);
+ case 1004:
+ info1004 = (struct USER_MODALS_INFO_1004 *)buffer;
+ return set_USER_MODALS_INFO_1004_buffer(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ info1004);
+ case 1005:
+ info1005 = (struct USER_MODALS_INFO_1005 *)buffer;
+ return set_USER_MODALS_INFO_1005_buffer(mem_ctx,
+ pipe_cli,
+ domain_handle,
+ info1005);
+
+ default:
+ break;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserModalsSet_r(struct libnetapi_ctx *ctx,
+ struct NetUserModalsSet *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ NTSTATUS status;
+ WERROR werr;
+
+ struct policy_handle connect_handle, domain_handle;
+ struct dom_sid2 *domain_sid = NULL;
+ uint32_t access_mask = SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_1 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_2;
+ break;
+ case 3:
+ case 1001:
+ case 1002:
+ case 1003:
+ case 1005:
+ access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_1;
+ break;
+ case 1004:
+ access_mask |= SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 |
+ SAMR_DOMAIN_ACCESS_SET_INFO_2;
+ break;
+ case 1:
+ case 2:
+ case 1006:
+ case 1007:
+ werr = WERR_NOT_SUPPORTED;
+ break;
+ default:
+ werr = WERR_INVALID_LEVEL;
+ goto done;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ access_mask,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = set_USER_MODALS_INFO_buffer(ctx,
+ pipe_cli,
+ r->in.level,
+ &domain_handle,
+ domain_sid,
+ r->in.buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserModalsSet_l(struct libnetapi_ctx *ctx,
+ struct NetUserModalsSet *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserModalsSet);
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS add_GROUP_USERS_INFO_X_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ const char *group_name,
+ uint32_t attributes,
+ uint8_t **buffer,
+ uint32_t *num_entries)
+{
+ struct GROUP_USERS_INFO_0 u0;
+ struct GROUP_USERS_INFO_1 u1;
+
+ switch (level) {
+ case 0:
+ if (group_name) {
+ u0.grui0_name = talloc_strdup(mem_ctx, group_name);
+ NT_STATUS_HAVE_NO_MEMORY(u0.grui0_name);
+ } else {
+ u0.grui0_name = NULL;
+ }
+
+ ADD_TO_ARRAY(mem_ctx, struct GROUP_USERS_INFO_0, u0,
+ (struct GROUP_USERS_INFO_0 **)buffer, num_entries);
+ break;
+ case 1:
+ if (group_name) {
+ u1.grui1_name = talloc_strdup(mem_ctx, group_name);
+ NT_STATUS_HAVE_NO_MEMORY(u1.grui1_name);
+ } else {
+ u1.grui1_name = NULL;
+ }
+
+ u1.grui1_attributes = attributes;
+
+ ADD_TO_ARRAY(mem_ctx, struct GROUP_USERS_INFO_1, u1,
+ (struct GROUP_USERS_INFO_1 **)buffer, num_entries);
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
+ struct NetUserGetGroups *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle, domain_handle, user_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct samr_Ids user_rids, name_types;
+ struct samr_RidWithAttributeArray *rid_array = NULL;
+ struct lsa_Strings names;
+ struct samr_Ids types;
+ uint32_t *rids = NULL;
+
+ int i;
+ uint32_t entries_read = 0;
+
+ NTSTATUS status;
+ NTSTATUS result = NT_STATUS_OK;
+ WERROR werr;
+ struct dcerpc_binding_handle *b = NULL;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ *r->out.buffer = NULL;
+ *r->out.entries_read = 0;
+ *r->out.total_entries = 0;
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+ SAMR_USER_ACCESS_GET_GROUPS,
+ user_rids.ids[0],
+ &user_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_GetGroupsForUser(b, talloc_tos(),
+ &user_handle,
+ &rid_array,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ rids = talloc_array(ctx, uint32_t, rid_array->count);
+ if (!rids) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+
+ for (i=0; i < rid_array->count; i++) {
+ rids[i] = rid_array->rids[i].rid;
+ }
+
+ status = dcerpc_samr_LookupRids(b, talloc_tos(),
+ &domain_handle,
+ rid_array->count,
+ rids,
+ &names,
+ &types,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result) &&
+ !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
+ if (names.count != rid_array->count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != rid_array->count) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ for (i=0; i < names.count; i++) {
+ status = add_GROUP_USERS_INFO_X_buffer(ctx,
+ r->in.level,
+ names.names[i].string,
+ rid_array->rids[i].attributes,
+ r->out.buffer,
+ &entries_read);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ *r->out.entries_read = entries_read;
+ *r->out.total_entries = entries_read;
+
+ done:
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserGetGroups_l(struct libnetapi_ctx *ctx,
+ struct NetUserGetGroups *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserGetGroups);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
+ struct NetUserSetGroups *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle, domain_handle, user_handle, group_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct samr_Ids user_rids, name_types;
+ struct samr_Ids group_rids;
+ struct samr_RidWithAttributeArray *rid_array = NULL;
+ struct lsa_String *lsa_names = NULL;
+
+ uint32_t *add_rids = NULL;
+ uint32_t *del_rids = NULL;
+ size_t num_add_rids = 0;
+ size_t num_del_rids = 0;
+
+ uint32_t *member_rids = NULL;
+
+ struct GROUP_USERS_INFO_0 *i0 = NULL;
+ struct GROUP_USERS_INFO_1 *i1 = NULL;
+
+ int i, k;
+
+ NTSTATUS status;
+ NTSTATUS result = NT_STATUS_OK;
+ WERROR werr;
+ struct dcerpc_binding_handle *b = NULL;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
+
+ if (!r->in.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+ SAMR_USER_ACCESS_GET_GROUPS,
+ user_rids.ids[0],
+ &user_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ switch (r->in.level) {
+ case 0:
+ i0 = (struct GROUP_USERS_INFO_0 *)r->in.buffer;
+ break;
+ case 1:
+ i1 = (struct GROUP_USERS_INFO_1 *)r->in.buffer;
+ break;
+ }
+
+ lsa_names = talloc_array(ctx, struct lsa_String, r->in.num_entries);
+ if (!lsa_names) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+
+ for (i=0; i < r->in.num_entries; i++) {
+
+ switch (r->in.level) {
+ case 0:
+ init_lsa_String(&lsa_names[i], i0->grui0_name);
+ i0++;
+ break;
+ case 1:
+ init_lsa_String(&lsa_names[i], i1->grui1_name);
+ i1++;
+ break;
+ }
+ }
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ r->in.num_entries,
+ lsa_names,
+ &group_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (group_rids.count != r->in.num_entries) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != r->in.num_entries) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ member_rids = group_rids.ids;
+
+ status = dcerpc_samr_GetGroupsForUser(b, talloc_tos(),
+ &user_handle,
+ &rid_array,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ /* add list */
+
+ for (i=0; i < r->in.num_entries; i++) {
+ bool already_member = false;
+ for (k=0; k < rid_array->count; k++) {
+ if (member_rids[i] == rid_array->rids[k].rid) {
+ already_member = true;
+ break;
+ }
+ }
+ if (!already_member) {
+ if (!add_rid_to_array_unique(ctx,
+ member_rids[i],
+ &add_rids, &num_add_rids)) {
+ werr = WERR_GEN_FAILURE;
+ goto done;
+ }
+ }
+ }
+
+ /* del list */
+
+ for (k=0; k < rid_array->count; k++) {
+ bool keep_member = false;
+ for (i=0; i < r->in.num_entries; i++) {
+ if (member_rids[i] == rid_array->rids[k].rid) {
+ keep_member = true;
+ break;
+ }
+ }
+ if (!keep_member) {
+ if (!add_rid_to_array_unique(ctx,
+ rid_array->rids[k].rid,
+ &del_rids, &num_del_rids)) {
+ werr = WERR_GEN_FAILURE;
+ goto done;
+ }
+ }
+ }
+
+ /* add list */
+
+ for (i=0; i < num_add_rids; i++) {
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_ADD_MEMBER,
+ add_rids[i],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_AddGroupMember(b, talloc_tos(),
+ &group_handle,
+ user_rids.ids[0],
+ 7 /* ? */,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+ }
+
+ /* del list */
+
+ for (i=0; i < num_del_rids; i++) {
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+ SAMR_GROUP_ACCESS_REMOVE_MEMBER,
+ del_rids[i],
+ &group_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_DeleteGroupMember(b, talloc_tos(),
+ &group_handle,
+ user_rids.ids[0],
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (is_valid_policy_hnd(&group_handle)) {
+ dcerpc_samr_Close(b, talloc_tos(), &group_handle, &result);
+ }
+
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserSetGroups_l(struct libnetapi_ctx *ctx,
+ struct NetUserSetGroups *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserSetGroups);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS add_LOCALGROUP_USERS_INFO_X_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ const char *group_name,
+ uint8_t **buffer,
+ uint32_t *num_entries)
+{
+ struct LOCALGROUP_USERS_INFO_0 u0;
+
+ switch (level) {
+ case 0:
+ u0.lgrui0_name = talloc_strdup(mem_ctx, group_name);
+ NT_STATUS_HAVE_NO_MEMORY(u0.lgrui0_name);
+
+ ADD_TO_ARRAY(mem_ctx, struct LOCALGROUP_USERS_INFO_0, u0,
+ (struct LOCALGROUP_USERS_INFO_0 **)buffer, num_entries);
+ break;
+ default:
+ return NT_STATUS_INVALID_INFO_CLASS;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
+ struct NetUserGetLocalGroups *r)
+{
+ struct rpc_pipe_client *pipe_cli = NULL;
+ struct policy_handle connect_handle, domain_handle, user_handle,
+ builtin_handle;
+ struct lsa_String lsa_account_name;
+ struct dom_sid2 *domain_sid = NULL;
+ struct samr_Ids user_rids, name_types;
+ struct samr_RidWithAttributeArray *rid_array = NULL;
+ struct lsa_Strings names;
+ struct samr_Ids types;
+ uint32_t *rids = NULL;
+ size_t num_rids = 0;
+ struct dom_sid user_sid;
+ struct lsa_SidArray sid_array;
+ struct samr_Ids domain_rids;
+ struct samr_Ids builtin_rids;
+
+ int i;
+ uint32_t entries_read = 0;
+
+ NTSTATUS status;
+ NTSTATUS result = NT_STATUS_OK;
+ WERROR werr;
+ struct dcerpc_binding_handle *b = NULL;
+
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(domain_handle);
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ *r->out.buffer = NULL;
+ *r->out.entries_read = 0;
+ *r->out.total_entries = 0;
+
+ switch (r->in.level) {
+ case 0:
+ case 1:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_open_pipe(ctx, r->in.server_name,
+ &ndr_table_samr,
+ &pipe_cli);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ b = pipe_cli->binding_handle;
+
+ werr = libnetapi_samr_open_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
+ &connect_handle,
+ &domain_handle,
+ &domain_sid);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = libnetapi_samr_open_builtin_domain(ctx, pipe_cli,
+ SAMR_ACCESS_ENUM_DOMAINS |
+ SAMR_ACCESS_LOOKUP_DOMAIN,
+ SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT |
+ SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS,
+ &connect_handle,
+ &builtin_handle);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ init_lsa_String(&lsa_account_name, r->in.user_name);
+
+ status = dcerpc_samr_LookupNames(b, talloc_tos(),
+ &domain_handle,
+ 1,
+ &lsa_account_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+ SAMR_USER_ACCESS_GET_GROUPS,
+ user_rids.ids[0],
+ &user_handle,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ status = dcerpc_samr_GetGroupsForUser(b, talloc_tos(),
+ &user_handle,
+ &rid_array,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!sid_compose(&user_sid, domain_sid, user_rids.ids[0])) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+
+ sid_array.num_sids = rid_array->count + 1;
+ sid_array.sids = talloc_array(ctx, struct lsa_SidPtr, sid_array.num_sids);
+ if (!sid_array.sids) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+
+ sid_array.sids[0].sid = dom_sid_dup(ctx, &user_sid);
+ if (!sid_array.sids[0].sid) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+
+ for (i=0; i < rid_array->count; i++) {
+ struct dom_sid sid;
+
+ if (!sid_compose(&sid, domain_sid, rid_array->rids[i].rid)) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+
+ sid_array.sids[i+1].sid = dom_sid_dup(ctx, &sid);
+ if (!sid_array.sids[i+1].sid) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+ }
+
+ status = dcerpc_samr_GetAliasMembership(b, talloc_tos(),
+ &domain_handle,
+ &sid_array,
+ &domain_rids,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ for (i=0; i < domain_rids.count; i++) {
+ if (!add_rid_to_array_unique(ctx, domain_rids.ids[i],
+ &rids, &num_rids)) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+ }
+
+ status = dcerpc_samr_GetAliasMembership(b, talloc_tos(),
+ &builtin_handle,
+ &sid_array,
+ &builtin_rids,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ for (i=0; i < builtin_rids.count; i++) {
+ if (!add_rid_to_array_unique(ctx, builtin_rids.ids[i],
+ &rids, &num_rids)) {
+ werr = WERR_NOT_ENOUGH_MEMORY;
+ goto done;
+ }
+ }
+
+ status = dcerpc_samr_LookupRids(b, talloc_tos(),
+ &builtin_handle,
+ num_rids,
+ rids,
+ &names,
+ &types,
+ &result);
+ if (any_nt_status_not_ok(status, result, &status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ if (names.count != num_rids) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+ if (types.count != num_rids) {
+ werr = WERR_BAD_NET_RESP;
+ goto done;
+ }
+
+ for (i=0; i < names.count; i++) {
+ status = add_LOCALGROUP_USERS_INFO_X_buffer(ctx,
+ r->in.level,
+ names.names[i].string,
+ r->out.buffer,
+ &entries_read);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+ }
+
+ *r->out.entries_read = entries_read;
+ *r->out.total_entries = entries_read;
+
+ done:
+ if (ctx->disable_policy_handle_cache) {
+ libnetapi_samr_close_domain_handle(ctx, &domain_handle);
+ libnetapi_samr_close_connect_handle(ctx, &connect_handle);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetUserGetLocalGroups_l(struct libnetapi_ctx *ctx,
+ struct NetUserGetLocalGroups *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetUserGetLocalGroups);
+}
diff --git a/source3/lib/netapi/wkstainfo.c b/source3/lib/netapi/wkstainfo.c
new file mode 100644
index 0000000..9cfcff4
--- /dev/null
+++ b/source3/lib/netapi/wkstainfo.c
@@ -0,0 +1,154 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * NetApi Workstation Support
+ * Copyright (C) Guenther Deschner 2007
+ * Copyright (C) Hans Leidekker 2013
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/libnetapi.h"
+#include "lib/netapi/netapi.h"
+#include "lib/netapi/netapi_private.h"
+#include "lib/netapi/libnetapi.h"
+#include "../librpc/gen_ndr/ndr_wkssvc_c.h"
+#include "lib/smbconf/smbconf.h"
+#include "lib/smbconf/smbconf_reg.h"
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetWkstaGetInfo_l(struct libnetapi_ctx *ctx,
+ struct NetWkstaGetInfo *r)
+{
+ LIBNETAPI_REDIRECT_TO_LOCALHOST(ctx, r, NetWkstaGetInfo);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS map_wksta_info_to_WKSTA_INFO_buffer(TALLOC_CTX *mem_ctx,
+ uint32_t level,
+ union wkssvc_NetWkstaInfo *i,
+ uint8_t **buffer)
+{
+ struct WKSTA_INFO_100 i100;
+ struct WKSTA_INFO_101 i101;
+ struct WKSTA_INFO_102 i102;
+ uint32_t num_info = 0;
+
+ switch (level) {
+ case 100:
+ i100.wki100_platform_id = i->info100->platform_id;
+ i100.wki100_computername = talloc_strdup(mem_ctx, i->info100->server_name);
+ i100.wki100_langroup = talloc_strdup(mem_ctx, i->info100->domain_name);
+ i100.wki100_ver_major = i->info100->version_major;
+ i100.wki100_ver_minor = i->info100->version_minor;
+
+ ADD_TO_ARRAY(mem_ctx, struct WKSTA_INFO_100, i100,
+ (struct WKSTA_INFO_100 **)buffer,
+ &num_info);
+ break;
+
+ case 101:
+ i101.wki101_platform_id = i->info101->platform_id;
+ i101.wki101_computername = talloc_strdup(mem_ctx, i->info101->server_name);
+ i101.wki101_langroup = talloc_strdup(mem_ctx, i->info101->domain_name);
+ i101.wki101_ver_major = i->info101->version_major;
+ i101.wki101_ver_minor = i->info101->version_minor;
+ i101.wki101_lanroot = talloc_strdup(mem_ctx, i->info101->lan_root);
+
+ ADD_TO_ARRAY(mem_ctx, struct WKSTA_INFO_101, i101,
+ (struct WKSTA_INFO_101 **)buffer,
+ &num_info);
+ break;
+
+ case 102:
+ i102.wki102_platform_id = i->info102->platform_id;
+ i102.wki102_computername = talloc_strdup(mem_ctx, i->info102->server_name);
+ i102.wki102_langroup = talloc_strdup(mem_ctx, i->info102->domain_name);
+ i102.wki102_ver_major = i->info102->version_major;
+ i102.wki102_ver_minor = i->info102->version_minor;
+ i102.wki102_lanroot = talloc_strdup(mem_ctx, i->info102->lan_root);
+ i102.wki102_logged_on_users = i->info102->logged_on_users;
+
+ ADD_TO_ARRAY(mem_ctx, struct WKSTA_INFO_102, i102,
+ (struct WKSTA_INFO_102 **)buffer,
+ &num_info);
+ break;
+
+ default:
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR NetWkstaGetInfo_r(struct libnetapi_ctx *ctx,
+ struct NetWkstaGetInfo *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ union wkssvc_NetWkstaInfo info;
+ struct dcerpc_binding_handle *b;
+
+ if (!r->out.buffer) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ switch (r->in.level) {
+ case 100:
+ case 101:
+ case 102:
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ werr = libnetapi_get_binding_handle(ctx, r->in.server_name,
+ &ndr_table_wkssvc,
+ &b);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = dcerpc_wkssvc_NetWkstaGetInfo(b, talloc_tos(),
+ r->in.server_name,
+ r->in.level,
+ &info,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ status = map_wksta_info_to_WKSTA_INFO_buffer(ctx, r->in.level, &info,
+ r->out.buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ done:
+ return werr;
+}
diff --git a/source3/lib/per_thread_cwd.c b/source3/lib/per_thread_cwd.c
new file mode 100644
index 0000000..b71d4c6
--- /dev/null
+++ b/source3/lib/per_thread_cwd.c
@@ -0,0 +1,156 @@
+/*
+ Unix SMB/Netbios implementation.
+
+ Copyright (C) Ralph Boehme 2019
+ Copyright (C) Stefan Metzmacher 2019
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "system/threads.h"
+#ifdef HAVE_UNSHARE_CLONE_FS
+#include <sched.h>
+#endif /* HAVE_UNSHARE_CLONE_FS */
+
+static bool _per_thread_cwd_checked;
+static bool _per_thread_cwd_supported;
+#ifdef HAVE_UNSHARE_CLONE_FS
+static __thread bool _per_thread_cwd_disabled;
+static __thread bool _per_thread_cwd_activated;
+#endif /* HAVE_UNSHARE_CLONE_FS */
+
+/*
+ * This is the first function to be called!
+ * Typically in the main() function before
+ * any threads are created.
+ *
+ * This can be called multiple times
+ * as the result is cached the first time.
+ */
+void per_thread_cwd_check(void)
+{
+ if (_per_thread_cwd_checked) {
+ return;
+ }
+
+#ifdef HAVE_UNSHARE_CLONE_FS
+ /*
+ * While unshare(CLONE_FS) is available on
+ * Linux for ages, unshare() is also
+ * used to implement containers with various
+ * per container namespaces.
+ *
+ * It's possible that the whole unshare()
+ * is blocked in order to disallow nested
+ * containers.
+ *
+ * That's why we sadly need a runtime check
+ * for this.
+ */
+ {
+ int res;
+
+ res = unshare(CLONE_FS);
+ if (res == 0) {
+ _per_thread_cwd_supported = true;
+ }
+ }
+
+ /*
+ * We're in the main thread, so we should disallow
+ * per_thread_cwd_activate() here.
+ */
+ _per_thread_cwd_disabled = true;
+#endif /* HAVE_UNSHARE_CLONE_FS */
+
+ _per_thread_cwd_checked = true;
+}
+
+/*
+ * In order to use per_thread_cwd_supported()
+ * per_thread_cwd_check() needs to be called first!
+ * Otherwise an assert will be triggered!
+ */
+bool per_thread_cwd_supported(void)
+{
+ SMB_ASSERT(_per_thread_cwd_checked);
+ return _per_thread_cwd_supported;
+}
+
+/*
+ * In order to use per_thread_cwd_disable()
+ * should be called after any fork() in order
+ * to mark the main thread of the process,
+ * which should disallow per_thread_cwd_activate().
+ *
+ * This can be called without calling
+ * per_thread_cwd_check() first.
+ *
+ * And it can't be called after calling
+ * per_thread_cwd_activate()!
+ * Otherwise an assert will be triggered!
+ *
+ * This can be called multiple times
+ * as the result is cached the first time.
+ */
+void per_thread_cwd_disable(void)
+{
+#ifdef HAVE_UNSHARE_CLONE_FS
+ SMB_ASSERT(!_per_thread_cwd_activated);
+ if (_per_thread_cwd_disabled) {
+ return;
+ }
+ _per_thread_cwd_disabled = true;
+#endif /* HAVE_UNSHARE_CLONE_FS */
+}
+
+/*
+ * In order to use per_thread_cwd_activate()
+ * per_thread_cwd_supported() needs to be checked first!
+ * Otherwise an assert will be triggered!
+ *
+ * This MUST only be called within helper threads!
+ *
+ * That means it can't be called after calling
+ * per_thread_cwd_disable()!
+ * Otherwise an assert will be triggered!
+ *
+ * This can be called multiple times
+ * as the result is cached the first time.
+ */
+void per_thread_cwd_activate(void)
+{
+ SMB_ASSERT(_per_thread_cwd_checked);
+ SMB_ASSERT(_per_thread_cwd_supported);
+
+#ifdef HAVE_UNSHARE_CLONE_FS
+ if (_per_thread_cwd_activated) {
+ return;
+ }
+
+ SMB_ASSERT(!_per_thread_cwd_disabled);
+
+ {
+ int ret;
+ ret = unshare(CLONE_FS);
+ SMB_ASSERT(ret == 0);
+ }
+
+ _per_thread_cwd_activated = true;
+#else /* not HAVE_UNSHARE_CLONE_FS */
+ smb_panic(__location__);
+#endif /* not HAVE_UNSHARE_CLONE_FS */
+}
diff --git a/source3/lib/privileges.c b/source3/lib/privileges.c
new file mode 100644
index 0000000..05a4c9a
--- /dev/null
+++ b/source3/lib/privileges.c
@@ -0,0 +1,514 @@
+/*
+ Unix SMB/CIFS implementation.
+ Privileges handling functions
+ Copyright (C) Jean François Micouleau 1998-2001
+ Copyright (C) Simo Sorce 2002-2003
+ Copyright (C) Gerald (Jerry) Carter 2005
+ Copyright (C) Michael Adam 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "lib/privileges.h"
+#include "dbwrap/dbwrap.h"
+#include "libcli/security/privileges_private.h"
+#include "../libcli/security/security.h"
+#include "passdb.h"
+#include "lib/util/string_wrappers.h"
+
+#define PRIVPREFIX "PRIV_"
+
+typedef struct {
+ uint32_t count;
+ struct dom_sid *list;
+} SID_LIST;
+
+typedef struct {
+ TALLOC_CTX *mem_ctx;
+ uint64_t privilege;
+ SID_LIST sids;
+} PRIV_SID_LIST;
+
+/*
+ interpret an old style SE_PRIV structure
+ */
+static uint64_t map_old_SE_PRIV(unsigned char *dptr)
+{
+ uint32_t *old_masks = (uint32_t *)dptr;
+ /*
+ * the old privileges code only ever used up to 0x800, except
+ * for a special case of 'SE_ALL_PRIVS' which was 0xFFFFFFFF
+ */
+ if (old_masks[0] == 0xFFFFFFFF) {
+ /* they set all privileges */
+ return SE_ALL_PRIVS;
+ }
+
+ /* the old code used the machine byte order, but we don't know
+ * the byte order of the machine that wrote it. However we can
+ * tell what byte order it was by taking advantage of the fact
+ * that it only ever use up to 0x800
+ */
+ if (dptr[0] || dptr[1]) {
+ /* it was little endian */
+ return IVAL(dptr, 0);
+ }
+
+ /* it was either zero or big-endian */
+ return RIVAL(dptr, 0);
+}
+
+
+static bool get_privileges( const struct dom_sid *sid, uint64_t *mask )
+{
+ struct db_context *db = get_account_pol_db();
+ struct dom_sid_buf tmp;
+ fstring keystr;
+ TDB_DATA data;
+ NTSTATUS status;
+
+ /* Fail if the admin has not enable privileges */
+
+ if ( !lp_enable_privileges() ) {
+ return False;
+ }
+
+ if ( db == NULL )
+ return False;
+
+ /* PRIV_<SID> (NULL terminated) as the key */
+
+ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, dom_sid_str_buf(sid, &tmp));
+
+ status = dbwrap_fetch_bystring(db, talloc_tos(), keystr, &data);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(4, ("get_privileges: No privileges assigned to SID "
+ "[%s]\n", tmp.buf));
+ return False;
+ }
+
+ if (data.dsize == 4*4) {
+ /* it's an old style SE_PRIV structure. */
+ *mask = map_old_SE_PRIV(data.dptr);
+ } else {
+ if (data.dsize != sizeof( uint64_t ) ) {
+ DEBUG(3, ("get_privileges: Invalid privileges record assigned to SID "
+ "[%s]\n", tmp.buf));
+ return False;
+ }
+
+ *mask = BVAL(data.dptr, 0);
+ }
+
+ TALLOC_FREE(data.dptr);
+
+ return True;
+}
+
+/***************************************************************************
+ Store the privilege mask (set) for a given SID
+****************************************************************************/
+
+static bool set_privileges( const struct dom_sid *sid, uint64_t mask )
+{
+ struct db_context *db = get_account_pol_db();
+ uint8_t privbuf[8];
+ struct dom_sid_buf tmp;
+ fstring keystr;
+ TDB_DATA data = { .dptr = privbuf, .dsize = sizeof(privbuf), };
+
+ if ( !lp_enable_privileges() )
+ return False;
+
+ if ( db == NULL )
+ return False;
+
+ if ( !sid || (sid->num_auths == 0) ) {
+ DEBUG(0,("set_privileges: Refusing to store empty SID!\n"));
+ return False;
+ }
+
+ /* PRIV_<SID> (NULL terminated) as the key */
+
+ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, dom_sid_str_buf(sid, &tmp));
+
+ /* This writes the 64 bit bitmask out in little endian format */
+ SBVAL(privbuf,0,mask);
+
+ return NT_STATUS_IS_OK(dbwrap_store_bystring(db, keystr, data,
+ TDB_REPLACE));
+}
+
+/*********************************************************************
+ get a list of all privileges for all sids in the list
+*********************************************************************/
+
+bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount)
+{
+ uint64_t mask;
+ int i;
+ bool found = False;
+
+ *privileges = 0;
+
+ for ( i=0; i<scount; i++ ) {
+ struct dom_sid_buf buf;
+
+ /* don't add unless we actually have a privilege assigned */
+
+ if ( !get_privileges( &slist[i], &mask ) )
+ continue;
+
+ DBG_INFO("sid = %s\nPrivilege set: 0x%"PRIx64"\n",
+ dom_sid_str_buf(&slist[i], &buf),
+ mask);
+
+ *privileges |= mask;
+ found = True;
+ }
+
+ return found;
+}
+
+NTSTATUS get_privileges_for_sid_as_set(TALLOC_CTX *mem_ctx, PRIVILEGE_SET **privileges, struct dom_sid *sid)
+{
+ uint64_t mask;
+ if (!get_privileges(sid, &mask)) {
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ *privileges = talloc_zero(mem_ctx, PRIVILEGE_SET);
+ if (!*privileges) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!se_priv_to_privilege_set(*privileges, mask)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ traversal functions for privilege_enumerate_accounts
+*********************************************************************/
+
+static int priv_traverse_fn(struct db_record *rec, void *state)
+{
+ PRIV_SID_LIST *priv = (PRIV_SID_LIST *)state;
+ int prefixlen = strlen(PRIVPREFIX);
+ struct dom_sid sid;
+ fstring sid_string;
+ TDB_DATA key;
+
+ key = dbwrap_record_get_key(rec);
+
+ /* check we have a PRIV_+SID entry */
+
+ if (strncmp((char *)key.dptr, PRIVPREFIX, prefixlen) != 0)
+ return 0;
+
+ /* check to see if we are looking for a particular privilege */
+
+ fstrcpy( sid_string, (char *)&(key.dptr[strlen(PRIVPREFIX)]) );
+
+ if (priv->privilege != 0) {
+ uint64_t mask;
+ TDB_DATA value;
+
+ value = dbwrap_record_get_value(rec);
+
+ if (value.dsize == 4*4) {
+ mask = map_old_SE_PRIV(value.dptr);
+ } else {
+ if (value.dsize != sizeof( uint64_t ) ) {
+ DEBUG(3, ("get_privileges: Invalid privileges record assigned to SID "
+ "[%s]\n", sid_string));
+ return 0;
+ }
+ mask = BVAL(value.dptr, 0);
+ }
+
+ /* if the SID does not have the specified privilege
+ then just return */
+
+ if ((mask & priv->privilege) == 0) {
+ return 0;
+ }
+ }
+
+ /* this is a last ditch safety check to preventing returning
+ and invalid SID (i've somehow run into this on development branches) */
+
+ if ( strcmp( "S-0-0", sid_string ) == 0 )
+ return 0;
+
+ if ( !string_to_sid(&sid, sid_string) ) {
+ DBG_WARNING("Could not convert SID [%s]\n", sid_string);
+ return 0;
+ }
+
+ if (!NT_STATUS_IS_OK(add_sid_to_array(priv->mem_ctx, &sid,
+ &priv->sids.list,
+ &priv->sids.count)))
+ {
+ return 0;
+ }
+
+ return 0;
+}
+
+/*********************************************************************
+ Retrieve list of privileged SIDs (for _lsa_enumerate_accounts()
+*********************************************************************/
+
+NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids)
+{
+ struct db_context *db = get_account_pol_db();
+ PRIV_SID_LIST priv;
+ NTSTATUS status;
+
+ if (db == NULL) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ ZERO_STRUCT(priv);
+
+ status = dbwrap_traverse_read(db, priv_traverse_fn, &priv, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* give the memory away; caller will free */
+
+ *sids = priv.sids.list;
+ *num_sids = priv.sids.count;
+
+ return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Retrieve list of SIDs granted a particular privilege
+*********************************************************************/
+
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
+ struct dom_sid **sids, int *num_sids)
+{
+ struct db_context *db = get_account_pol_db();
+ PRIV_SID_LIST priv;
+ NTSTATUS status;
+
+ if (db == NULL) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ ZERO_STRUCT(priv);
+
+ priv.privilege = sec_privilege_mask(privilege);
+ priv.mem_ctx = mem_ctx;
+
+ status = dbwrap_traverse_read(db, priv_traverse_fn, &priv, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* give the memory away; caller will free */
+
+ *sids = priv.sids.list;
+ *num_sids = priv.sids.count;
+
+ return NT_STATUS_OK;
+}
+
+/***************************************************************************
+ Add privilege to sid
+****************************************************************************/
+
+static bool grant_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
+{
+ uint64_t old_mask = 0, new_mask = 0;
+ struct dom_sid_buf buf;
+
+ if ( get_privileges( sid, &old_mask ) ) {
+ new_mask = old_mask;
+ }
+
+ new_mask |= priv_mask;
+
+ DBG_DEBUG("%s\n"
+ "original privilege mask: 0x%"PRIx64"\n"
+ "new privilege mask: 0x%"PRIx64"\n",
+ dom_sid_str_buf(sid, &buf),
+ old_mask,
+ new_mask);
+
+ return set_privileges( sid, new_mask );
+}
+
+/*********************************************************************
+ Add a privilege based on its name
+*********************************************************************/
+
+bool grant_privilege_by_name(const struct dom_sid *sid, const char *name)
+{
+ uint64_t mask;
+
+ if (! se_priv_from_name(name, &mask)) {
+ DEBUG(3, ("grant_privilege_by_name: "
+ "No Such Privilege Found (%s)\n", name));
+ return False;
+ }
+
+ return grant_privilege_bitmap( sid, mask );
+}
+
+/***************************************************************************
+ Grant a privilege set (list of LUID values) from a sid
+****************************************************************************/
+
+bool grant_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set)
+{
+ uint64_t privilege_mask;
+ if (!privilege_set_to_se_priv(&privilege_mask, set)) {
+ return false;
+ }
+ return grant_privilege_bitmap(sid, privilege_mask);
+}
+
+/***************************************************************************
+ Remove privilege from sid
+****************************************************************************/
+
+static bool revoke_privilege_bitmap(const struct dom_sid *sid, const uint64_t priv_mask)
+{
+ uint64_t mask;
+ struct dom_sid_buf buf;
+
+ /* if the user has no privileges, then we can't revoke any */
+
+ if ( !get_privileges( sid, &mask ) )
+ return True;
+
+ DEBUG(10,("revoke_privilege: %s\n", dom_sid_str_buf(sid, &buf)));
+
+ DEBUGADD( 10, ("original privilege mask: 0x%llx\n", (unsigned long long)mask));
+
+ mask &= ~priv_mask;
+
+ DEBUGADD( 10, ("new privilege mask: 0x%llx\n", (unsigned long long)mask));
+
+ return set_privileges( sid, mask );
+}
+
+/***************************************************************************
+ Remove a privilege set (list of LUID values) from a sid
+****************************************************************************/
+
+bool revoke_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set)
+{
+ uint64_t privilege_mask;
+ if (!privilege_set_to_se_priv(&privilege_mask, set)) {
+ return false;
+ }
+ return revoke_privilege_bitmap(sid, privilege_mask);
+}
+
+/*********************************************************************
+ Revoke all privileges
+*********************************************************************/
+
+bool revoke_all_privileges( const struct dom_sid *sid )
+{
+ return revoke_privilege_bitmap( sid, SE_ALL_PRIVS);
+}
+
+/*********************************************************************
+ Add a privilege based on its name
+*********************************************************************/
+
+bool revoke_privilege_by_name(const struct dom_sid *sid, const char *name)
+{
+ uint64_t mask;
+
+ if (! se_priv_from_name(name, &mask)) {
+ DEBUG(3, ("revoke_privilege_by_name: "
+ "No Such Privilege Found (%s)\n", name));
+ return False;
+ }
+
+ return revoke_privilege_bitmap(sid, mask);
+
+}
+
+/***************************************************************************
+ Retrieve the SIDs assigned to a given privilege
+****************************************************************************/
+
+NTSTATUS privilege_create_account(const struct dom_sid *sid )
+{
+ return ( grant_privilege_bitmap(sid, 0) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL);
+}
+
+/***************************************************************************
+ Delete a privileged account
+****************************************************************************/
+
+NTSTATUS privilege_delete_account(const struct dom_sid *sid)
+{
+ struct db_context *db = get_account_pol_db();
+ struct dom_sid_buf tmp;
+ fstring keystr;
+
+ if (!lp_enable_privileges()) {
+ return NT_STATUS_OK;
+ }
+
+ if (!db) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+
+ if (!sid || (sid->num_auths == 0)) {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ /* PRIV_<SID> (NULL terminated) as the key */
+
+ fstr_sprintf(keystr, "%s%s", PRIVPREFIX, dom_sid_str_buf(sid, &tmp));
+
+ return dbwrap_delete_bystring(db, keystr);
+}
+
+/*******************************************************************
+*******************************************************************/
+
+bool is_privileged_sid( const struct dom_sid *sid )
+{
+ uint64_t mask;
+
+ return get_privileges( sid, &mask );
+}
+
+/*******************************************************************
+*******************************************************************/
+
+bool grant_all_privileges( const struct dom_sid *sid )
+{
+ uint64_t mask;
+
+ se_priv_put_all_privileges(&mask);
+
+ return grant_privilege_bitmap( sid, mask );
+}
diff --git a/source3/lib/privileges.h b/source3/lib/privileges.h
new file mode 100644
index 0000000..ca2a7c9
--- /dev/null
+++ b/source3/lib/privileges.h
@@ -0,0 +1,45 @@
+/*
+ Unix SMB/CIFS implementation.
+ Privileges handling functions
+ Copyright (C) Jean François Micouleau 1998-2001
+ Copyright (C) Simo Sorce 2002-2003
+ Copyright (C) Gerald (Jerry) Carter 2005
+ Copyright (C) Michael Adam 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIB_PRIVILEGES_H_
+#define _LIB_PRIVILEGES_H_
+
+#include "../libcli/security/privileges.h"
+
+/* The following definitions come from lib/privileges.c */
+
+bool get_privileges_for_sids(uint64_t *privileges, struct dom_sid *slist, int scount);
+NTSTATUS get_privileges_for_sid_as_set(TALLOC_CTX *mem_ctx, PRIVILEGE_SET **privileges, struct dom_sid *sid);
+NTSTATUS privilege_enumerate_accounts(struct dom_sid **sids, int *num_sids);
+NTSTATUS privilege_enum_sids(enum sec_privilege privilege, TALLOC_CTX *mem_ctx,
+ struct dom_sid **sids, int *num_sids);
+bool grant_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set);
+bool grant_privilege_by_name( const struct dom_sid *sid, const char *name);
+bool revoke_all_privileges( const struct dom_sid *sid );
+bool revoke_privilege_set(const struct dom_sid *sid, struct lsa_PrivilegeSet *set);
+bool revoke_privilege_by_name(const struct dom_sid *sid, const char *name);
+NTSTATUS privilege_create_account(const struct dom_sid *sid );
+NTSTATUS privilege_delete_account(const struct dom_sid *sid);
+bool is_privileged_sid( const struct dom_sid *sid );
+bool grant_all_privileges( const struct dom_sid *sid );
+
+#endif /* _LIB_PRIVILEGES_H_ */
diff --git a/source3/lib/readdir_attr.h b/source3/lib/readdir_attr.h
new file mode 100644
index 0000000..d2a814d
--- /dev/null
+++ b/source3/lib/readdir_attr.h
@@ -0,0 +1,37 @@
+/*
+ * Fetch filesystem metadata in readdir/marshall context
+ *
+ * Copyright (C) Ralph Boehme 2014
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _READDIR_ATTR_H
+#define _READDIR_ATTR_H
+
+enum readdir_attr_type {RDATTR_NONE, RDATTR_AAPL};
+
+struct readdir_attr_data {
+ enum readdir_attr_type type;
+ union attr_data {
+ struct aapl {
+ uint64_t rfork_size;
+ char finder_info[16];
+ uint32_t max_access;
+ mode_t unix_mode;
+ } aapl;
+ } attr_data;
+};
+
+#endif /* _READDIR_ATTR_H */
diff --git a/source3/lib/recvfile.c b/source3/lib/recvfile.c
new file mode 100644
index 0000000..e1eb241
--- /dev/null
+++ b/source3/lib/recvfile.c
@@ -0,0 +1,310 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 3.2.x
+ recvfile implementations.
+ Copyright (C) Jeremy Allison 2007.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * This file handles the OS dependent recvfile implementations.
+ * The API is such that it returns -1 on error, else returns the
+ * number of bytes written.
+ */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/util/sys_rw.h"
+
+/* Do this on our own in TRANSFER_BUF_SIZE chunks.
+ * It's safe to make direct syscalls to lseek/write here
+ * as we're below the Samba vfs layer.
+ *
+ * Returns -1 on short reads from fromfd (read error)
+ * and sets errno.
+ *
+ * Returns number of bytes written to 'tofd'
+ * return != count then sets errno.
+ * Returns count if complete success.
+ */
+
+#ifndef TRANSFER_BUF_SIZE
+#define TRANSFER_BUF_SIZE (128*1024)
+#endif
+
+static ssize_t default_sys_recvfile(int fromfd,
+ int tofd,
+ off_t offset,
+ size_t count)
+{
+ int saved_errno = 0;
+ size_t total = 0;
+ size_t bufsize = MIN(TRANSFER_BUF_SIZE,count);
+ size_t total_written = 0;
+ char buffer[bufsize];
+
+ DEBUG(10,("default_sys_recvfile: from = %d, to = %d, "
+ "offset=%.0f, count = %lu\n",
+ fromfd, tofd, (double)offset,
+ (unsigned long)count));
+
+ if (count == 0) {
+ return 0;
+ }
+
+ if (tofd != -1 && offset != (off_t)-1) {
+ if (lseek(tofd, offset, SEEK_SET) == -1) {
+ if (errno != ESPIPE) {
+ return -1;
+ }
+ }
+ }
+
+ while (total < count) {
+ size_t num_written = 0;
+ ssize_t read_ret;
+ size_t toread = MIN(bufsize,count - total);
+
+ /*
+ * Read from socket - ignore EINTR.
+ * Can't use sys_read() as that also
+ * ignores EAGAIN and EWOULDBLOCK.
+ */
+ do {
+ read_ret = read(fromfd, buffer, toread);
+ } while (read_ret == -1 && errno == EINTR);
+
+ if (read_ret == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) {
+ /*
+ * fromfd socket is in non-blocking mode.
+ * If we already read some and wrote
+ * it successfully, return that.
+ * Only return -1 if this is the first read
+ * attempt. Caller will handle both cases.
+ */
+ if (total_written != 0) {
+ return total_written;
+ }
+ return -1;
+ }
+
+ if (read_ret <= 0) {
+ /* EOF or socket error. */
+ return -1;
+ }
+
+ num_written = 0;
+
+ /* Don't write any more after a write error. */
+ while (tofd != -1 && (num_written < read_ret)) {
+ ssize_t write_ret;
+
+ /* Write to file - ignore EINTR. */
+ write_ret = sys_write(tofd,
+ buffer + num_written,
+ read_ret - num_written);
+
+ if (write_ret <= 0) {
+ /* write error - stop writing. */
+ tofd = -1;
+ if (total_written == 0) {
+ /* Ensure we return
+ -1 if the first
+ write failed. */
+ total_written = -1;
+ }
+ saved_errno = errno;
+ break;
+ }
+
+ num_written += (size_t)write_ret;
+ total_written += (size_t)write_ret;
+ }
+
+ total += read_ret;
+ }
+
+ if (saved_errno) {
+ /* Return the correct write error. */
+ errno = saved_errno;
+ }
+ return (ssize_t)total_written;
+}
+
+#if defined(HAVE_LINUX_SPLICE)
+
+/*
+ * Try and use the Linux system call to do this.
+ * Remember we only return -1 if the socket read
+ * failed. Else we return the number of bytes
+ * actually written. We always read count bytes
+ * from the network in the case of return != -1.
+ */
+
+
+ssize_t sys_recvfile(int fromfd,
+ int tofd,
+ off_t offset,
+ size_t count)
+{
+ static int pipefd[2] = { -1, -1 };
+ static bool try_splice_call = false;
+ size_t total_written = 0;
+ loff_t splice_offset = offset;
+
+ DEBUG(10,("sys_recvfile: from = %d, to = %d, "
+ "offset=%.0f, count = %lu\n",
+ fromfd, tofd, (double)offset,
+ (unsigned long)count));
+
+ if (count == 0) {
+ return 0;
+ }
+
+ /*
+ * Older Linux kernels have splice for sendfile,
+ * but it fails for recvfile. Ensure we only try
+ * this once and always fall back to the userspace
+ * implementation if recvfile splice fails. JRA.
+ */
+
+ if (!try_splice_call) {
+ return default_sys_recvfile(fromfd,
+ tofd,
+ offset,
+ count);
+ }
+
+ if ((pipefd[0] == -1) && (pipe(pipefd) == -1)) {
+ try_splice_call = false;
+ return default_sys_recvfile(fromfd, tofd, offset, count);
+ }
+
+ while (count > 0) {
+ int nread, to_write;
+
+ nread = splice(fromfd, NULL, pipefd[1], NULL,
+ MIN(count, 16384), SPLICE_F_MOVE);
+ if (nread == -1) {
+ if (errno == EINTR) {
+ continue;
+ }
+ if (total_written == 0 &&
+ (errno == EBADF || errno == EINVAL)) {
+ try_splice_call = false;
+ return default_sys_recvfile(fromfd, tofd,
+ offset, count);
+ }
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * fromfd socket is in non-blocking mode.
+ * If we already read some and wrote
+ * it successfully, return that.
+ * Only return -1 if this is the first read
+ * attempt. Caller will handle both cases.
+ */
+ if (total_written != 0) {
+ return total_written;
+ }
+ return -1;
+ }
+ break;
+ }
+
+ to_write = nread;
+ while (to_write > 0) {
+ int thistime;
+ thistime = splice(pipefd[0], NULL, tofd,
+ &splice_offset, to_write,
+ SPLICE_F_MOVE);
+ if (thistime == -1) {
+ goto done;
+ }
+ to_write -= thistime;
+ }
+
+ total_written += nread;
+ count -= nread;
+ }
+
+ done:
+ if (count) {
+ int saved_errno = errno;
+ if (drain_socket(fromfd, count) != count) {
+ /* socket is dead. */
+ return -1;
+ }
+ errno = saved_errno;
+ }
+
+ return total_written;
+}
+#else
+
+/*****************************************************************
+ No recvfile system call - use the default 128 chunk implementation.
+*****************************************************************/
+
+ssize_t sys_recvfile(int fromfd,
+ int tofd,
+ off_t offset,
+ size_t count)
+{
+ return default_sys_recvfile(fromfd, tofd, offset, count);
+}
+#endif
+
+/*****************************************************************
+ Throw away "count" bytes from the client socket.
+ Returns count or -1 on error.
+ Must only operate on a blocking socket.
+*****************************************************************/
+
+ssize_t drain_socket(int sockfd, size_t count)
+{
+ size_t total = 0;
+ size_t bufsize = MIN(TRANSFER_BUF_SIZE,count);
+ char buffer[bufsize];
+ int old_flags = 0;
+
+ if (count == 0) {
+ return 0;
+ }
+
+ old_flags = fcntl(sockfd, F_GETFL, 0);
+ if (set_blocking(sockfd, true) == -1) {
+ return -1;
+ }
+
+ while (total < count) {
+ ssize_t read_ret;
+ size_t toread = MIN(bufsize,count - total);
+
+ /* Read from socket - ignore EINTR. */
+ read_ret = sys_read(sockfd, buffer, toread);
+ if (read_ret <= 0) {
+ /* EOF or socket error. */
+ count = (size_t)-1;
+ goto out;
+ }
+ total += read_ret;
+ }
+
+ out:
+
+ if (fcntl(sockfd, F_SETFL, old_flags) == -1) {
+ return -1;
+ }
+ return count;
+}
diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
new file mode 100644
index 0000000..69c89d2
--- /dev/null
+++ b/source3/lib/sendfile.c
@@ -0,0 +1,602 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.2.x / 3.0.x
+ sendfile implementations.
+ Copyright (C) Jeremy Allison 2002.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * This file handles the OS dependent sendfile implementations.
+ * The API is such that it returns -1 on error, else returns the
+ * number of bytes written.
+ */
+
+#include "includes.h"
+#include "system/filesys.h"
+
+#if defined(LINUX_SENDFILE_API)
+
+#include <sys/sendfile.h>
+
+#ifndef MSG_MORE
+#define MSG_MORE 0x8000
+#endif
+
+ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
+{
+ size_t total=0;
+ ssize_t ret = -1;
+ size_t hdr_len = 0;
+ int old_flags = 0;
+ bool socket_flags_changed = false;
+
+ /*
+ * Send the header first.
+ * Use MSG_MORE to cork the TCP output until sendfile is called.
+ */
+
+ if (header) {
+ hdr_len = header->length;
+ while (total < hdr_len) {
+ ret = sys_send(tofd, header->data + total,hdr_len - total, MSG_MORE);
+ if (ret == -1) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * send() must complete before we can
+ * send any other outgoing data on the
+ * socket. Ensure socket is in blocking
+ * mode. For SMB2 by default the socket
+ * is in non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+ goto out;
+ }
+ total += ret;
+ }
+ }
+
+ total = count;
+ while (total) {
+ ssize_t nwritten;
+ do {
+ nwritten = sendfile(tofd, fromfd, &offset, total);
+ } while (nwritten == -1 && errno == EINTR);
+ if (nwritten == -1) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ if (socket_flags_changed) {
+ /*
+ * We're already in blocking
+ * mode. This is an error.
+ */
+ ret = -1;
+ goto out;
+ }
+
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in
+ * non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+
+ if (errno == ENOSYS || errno == EINVAL) {
+ /* Ok - we're in a world of pain here. We just sent
+ * the header, but the sendfile failed. We have to
+ * emulate the sendfile at an upper layer before we
+ * disable it's use. So we do something really ugly.
+ * We set the errno to a strange value so we can detect
+ * this at the upper level and take care of it without
+ * layer violation. JRA.
+ */
+ errno = EINTR; /* Normally we can never return this. */
+ }
+ ret = -1;
+ goto out;
+ }
+ if (nwritten == 0) {
+ /*
+ * EOF, return a short read
+ */
+ ret = hdr_len + (count - total);
+ goto out;
+ }
+ total -= nwritten;
+ }
+
+ ret = count + hdr_len;
+
+ out:
+
+ if (socket_flags_changed) {
+ int saved_errno = errno;
+ int err;
+
+ /* Restore the old state of the socket. */
+ err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+ }
+
+ return ret;
+}
+
+#elif defined(SOLARIS_SENDFILE_API)
+
+/*
+ * Solaris sendfile code written by Pierre Belanger <belanger@pobox.com>.
+ */
+
+#include <sys/sendfile.h>
+
+ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
+{
+ int sfvcnt;
+ size_t total, xferred;
+ struct sendfilevec vec[2];
+ ssize_t hdr_len = 0;
+ int old_flags = 0;
+ ssize_t ret = -1;
+ bool socket_flags_changed = false;
+
+ if (header) {
+ sfvcnt = 2;
+
+ vec[0].sfv_fd = SFV_FD_SELF;
+ vec[0].sfv_flag = 0;
+ vec[0].sfv_off = (off_t)header->data;
+ vec[0].sfv_len = hdr_len = header->length;
+
+ vec[1].sfv_fd = fromfd;
+ vec[1].sfv_flag = 0;
+ vec[1].sfv_off = offset;
+ vec[1].sfv_len = count;
+
+ } else {
+ sfvcnt = 1;
+
+ vec[0].sfv_fd = fromfd;
+ vec[0].sfv_flag = 0;
+ vec[0].sfv_off = offset;
+ vec[0].sfv_len = count;
+ }
+
+ total = count + hdr_len;
+
+ while (total) {
+ ssize_t nwritten;
+
+ /*
+ * Although not listed in the API error returns, this is almost certainly
+ * a slow system call and will be interrupted by a signal with EINTR. JRA.
+ */
+
+ xferred = 0;
+
+ nwritten = sendfilev(tofd, vec, sfvcnt, &xferred);
+ if (nwritten == -1 && errno == EINTR) {
+ if (xferred == 0)
+ continue; /* Nothing written yet. */
+ else
+ nwritten = xferred;
+ }
+
+ if (nwritten == -1) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in
+ * non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+ ret = -1;
+ goto out;
+ }
+ if (nwritten == 0) {
+ ret = -1;
+ goto out; /* I think we're at EOF here... */
+ }
+
+ /*
+ * If this was a short (signal interrupted) write we may need
+ * to subtract it from the header data, or null out the header
+ * data altogether if we wrote more than vec[0].sfv_len bytes.
+ * We move vec[1].* to vec[0].* and set sfvcnt to 1
+ */
+
+ if (sfvcnt == 2 && nwritten >= vec[0].sfv_len) {
+ vec[1].sfv_off += nwritten - vec[0].sfv_len;
+ vec[1].sfv_len -= nwritten - vec[0].sfv_len;
+
+ /* Move vec[1].* to vec[0].* and set sfvcnt to 1 */
+ vec[0] = vec[1];
+ sfvcnt = 1;
+ } else {
+ vec[0].sfv_off += nwritten;
+ vec[0].sfv_len -= nwritten;
+ }
+ total -= nwritten;
+ }
+ ret = count + hdr_len;
+
+ out:
+
+ if (socket_flags_changed) {
+ int saved_errno;
+ int err;
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+ /* Restore the old state of the socket. */
+ err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+ }
+
+ return ret;
+}
+
+#elif defined(HPUX_SENDFILE_API)
+
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
+{
+ size_t total=0;
+ struct iovec hdtrl[2];
+ size_t hdr_len = 0;
+ int old_flags = 0;
+ ssize_t ret = -1;
+ bool socket_flags_changed = false;
+
+ if (header) {
+ /* Set up the header/trailer iovec. */
+ hdtrl[0].iov_base = (void *)header->data;
+ hdtrl[0].iov_len = hdr_len = header->length;
+ } else {
+ hdtrl[0].iov_base = NULL;
+ hdtrl[0].iov_len = hdr_len = 0;
+ }
+ hdtrl[1].iov_base = NULL;
+ hdtrl[1].iov_len = 0;
+
+ total = count;
+ while (total + hdtrl[0].iov_len) {
+ ssize_t nwritten;
+
+ /*
+ * HPUX guarantees that if any data was written before
+ * a signal interrupt then sendfile returns the number of
+ * bytes written (which may be less than requested) not -1.
+ * nwritten includes the header data sent.
+ */
+
+ do {
+ nwritten = sendfile(tofd, fromfd, offset, total, &hdtrl[0], 0);
+ } while (nwritten == -1 && errno == EINTR);
+ if (nwritten == -1) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in
+ * non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+ ret = -1;
+ goto out;
+ }
+ if (nwritten == 0) {
+ ret = -1; /* I think we're at EOF here... */
+ goto out;
+ }
+
+ /*
+ * If this was a short (signal interrupted) write we may need
+ * to subtract it from the header data, or null out the header
+ * data altogether if we wrote more than hdtrl[0].iov_len bytes.
+ * We change nwritten to be the number of file bytes written.
+ */
+
+ if (hdtrl[0].iov_base && hdtrl[0].iov_len) {
+ if (nwritten >= hdtrl[0].iov_len) {
+ nwritten -= hdtrl[0].iov_len;
+ hdtrl[0].iov_base = NULL;
+ hdtrl[0].iov_len = 0;
+ } else {
+ /* iov_base is defined as a void *... */
+ hdtrl[0].iov_base = (void *)(((char *)hdtrl[0].iov_base) + nwritten);
+ hdtrl[0].iov_len -= nwritten;
+ nwritten = 0;
+ }
+ }
+ total -= nwritten;
+ offset += nwritten;
+ }
+ ret = count + hdr_len;
+
+ out:
+
+ if (socket_flags_changed) {
+ int saved_errno;
+ int err;
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+ /* Restore the old state of the socket. */
+ err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+ }
+
+ return ret;
+}
+
+#elif defined(FREEBSD_SENDFILE_API) || defined(DARWIN_SENDFILE_API)
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
+
+ssize_t sys_sendfile(int tofd, int fromfd,
+ const DATA_BLOB *header, off_t offset, size_t count)
+{
+ struct sf_hdtr sf_header = {0};
+ struct iovec io_header = {0};
+ int old_flags = 0;
+
+ off_t nwritten;
+ ssize_t ret = -1;
+ bool socket_flags_changed = false;
+
+ if (header) {
+ sf_header.headers = &io_header;
+ sf_header.hdr_cnt = 1;
+ io_header.iov_base = header->data;
+ io_header.iov_len = header->length;
+ sf_header.trailers = NULL;
+ sf_header.trl_cnt = 0;
+ }
+
+ while (count != 0) {
+
+ nwritten = count;
+#if defined(DARWIN_SENDFILE_API)
+ /* Darwin recycles nwritten as a value-result parameter, apart from that this
+ sendfile implementation is quite the same as the FreeBSD one */
+ ret = sendfile(fromfd, tofd, offset, &nwritten, &sf_header, 0);
+#else
+ ret = sendfile(fromfd, tofd, offset, count, &sf_header, &nwritten, 0);
+#endif
+ if (ret == -1 && errno != EINTR) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in
+ * non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+ /* Send failed, we are toast. */
+ ret = -1;
+ goto out;
+ }
+
+ if (nwritten == 0) {
+ /* EOF of offset is after EOF. */
+ break;
+ }
+
+ if (sf_header.hdr_cnt) {
+ if (io_header.iov_len <= nwritten) {
+ /* Entire header was sent. */
+ sf_header.headers = NULL;
+ sf_header.hdr_cnt = 0;
+ nwritten -= io_header.iov_len;
+ } else {
+ /* Partial header was sent. */
+ io_header.iov_len -= nwritten;
+ io_header.iov_base =
+ ((uint8_t *)io_header.iov_base) + nwritten;
+ nwritten = 0;
+ }
+ }
+
+ offset += nwritten;
+ count -= nwritten;
+ }
+
+ ret = nwritten;
+
+ out:
+
+ if (socket_flags_changed) {
+ int saved_errno;
+ int err;
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+ /* Restore the old state of the socket. */
+ err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+ }
+
+ return ret;
+}
+
+#elif defined(AIX_SENDFILE_API)
+
+/* BEGIN AIX SEND_FILE */
+
+/* Contributed by William Jojo <jojowil@hvcc.edu> */
+#include <sys/socket.h>
+
+ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
+{
+ struct sf_parms hdtrl;
+ int old_flags = 0;
+ ssize_t ret = -1;
+ bool socket_flags_changed = false;
+
+ /* Set up the header/trailer struct params. */
+ if (header) {
+ hdtrl.header_data = header->data;
+ hdtrl.header_length = header->length;
+ } else {
+ hdtrl.header_data = NULL;
+ hdtrl.header_length = 0;
+ }
+ hdtrl.trailer_data = NULL;
+ hdtrl.trailer_length = 0;
+
+ hdtrl.file_descriptor = fromfd;
+ hdtrl.file_offset = offset;
+ hdtrl.file_bytes = count;
+
+ while ( hdtrl.file_bytes + hdtrl.header_length ) {
+ /*
+ Return Value
+
+ There are three possible return values from send_file:
+
+ Value Description
+
+ -1 an error has occurred, errno contains the error code.
+
+ 0 the command has completed successfully.
+
+ 1 the command was completed partially, some data has been
+ transmitted but the command has to return for some reason,
+ for example, the command was interrupted by signals.
+ */
+ do {
+ ret = send_file(&tofd, &hdtrl, 0);
+ } while ((ret == 1) || (ret == -1 && errno == EINTR));
+ if ( ret == -1 ) {
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ /*
+ * Sendfile must complete before we can
+ * send any other outgoing data on the socket.
+ * Ensure socket is in blocking mode.
+ * For SMB2 by default the socket is in
+ * non-blocking mode.
+ */
+ old_flags = fcntl(tofd, F_GETFL, 0);
+ ret = set_blocking(tofd, true);
+ if (ret == -1) {
+ goto out;
+ }
+ socket_flags_changed = true;
+ continue;
+ }
+ goto out;
+ }
+ }
+
+ ret = count + header->length;
+
+ out:
+
+ if (socket_flags_changed) {
+ int saved_errno;
+ int err;
+
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+ /* Restore the old state of the socket. */
+ err = fcntl(tofd, F_SETFL, old_flags);
+ if (err == -1) {
+ return -1;
+ }
+ if (ret == -1) {
+ errno = saved_errno;
+ }
+ }
+
+ return ret;
+}
+/* END AIX SEND_FILE */
+
+#else /* No sendfile implementation. Return error. */
+
+ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
+{
+ /* No sendfile syscall. */
+ errno = ENOSYS;
+ return -1;
+}
+#endif
diff --git a/source3/lib/server_id_db_util.c b/source3/lib/server_id_db_util.c
new file mode 100644
index 0000000..e73af24
--- /dev/null
+++ b/source3/lib/server_id_db_util.c
@@ -0,0 +1,99 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Utils around server_id_db with more dependencies
+ * Copyright (C) Volker Lendecke 2014
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include "server_id_db_util.h"
+#include "lib/util/server_id.h"
+#include "serverid.h"
+#include "lib/util/samba_util.h"
+
+static int server_id_db_check_exclusive(
+ struct server_id_db *db, const char *name,
+ unsigned num_servers, struct server_id *servers);
+
+int server_id_db_set_exclusive(struct server_id_db *db, const char *name)
+{
+ int ret;
+ unsigned num_servers;
+ struct server_id *servers;
+
+ ret = server_id_db_add(db, name);
+ if (ret != 0) {
+ return ret;
+ }
+
+ ret = server_id_db_lookup(db, name, talloc_tos(),
+ &num_servers, &servers);
+ if (ret != 0) {
+ goto done;
+ }
+
+ /*
+ * Remove entries from the server_id_db for processes that have died
+ * and could not clean up. This is racy, as two processes could
+ * simultaneously try to register a name. Both would succeed in the
+ * server_id_db_add call, and both would see their peer active during
+ * the check_exclusive call. Both would get an EEXIST, and nobody
+ * would be able to register itself. But this is okay, as this is
+ * meant to be a cleanup routine, and normally only one daemon should
+ * start up at a time anyway. Getting this "right" would mean we would
+ * have to add locking to server_id_db, or add a dependency on
+ * serverids_exist to server_id_db. Both are too heavy-weight for my
+ * taste.
+ */
+
+ ret = server_id_db_check_exclusive(db, name, num_servers, servers);
+ TALLOC_FREE(servers);
+
+done:
+ if (ret != 0) {
+ server_id_db_remove(db, name);
+ }
+ return ret;
+}
+
+static int server_id_db_check_exclusive(
+ struct server_id_db *db, const char *name,
+ unsigned num_servers, struct server_id *servers)
+{
+ struct server_id me = server_id_db_pid(db);
+ unsigned i;
+
+ for (i=0; i<num_servers; i++) {
+ int ret;
+
+ if (server_id_same_process(&me, &servers[i])) {
+ /*
+ * I am always around ... :-)
+ */
+ continue;
+ }
+
+ if (serverid_exists(&servers[i])) {
+ return EEXIST;
+ }
+
+ ret = server_id_db_prune_name(db, name, servers[i]);
+ if (ret != 0) {
+ return ret;
+ }
+ }
+
+ return 0;
+}
diff --git a/source3/lib/server_id_db_util.h b/source3/lib/server_id_db_util.h
new file mode 100644
index 0000000..5fdd078
--- /dev/null
+++ b/source3/lib/server_id_db_util.h
@@ -0,0 +1,22 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Utils around server_id_db with more dependencies
+ * Copyright (C) Volker Lendecke 2014
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "lib/util/server_id_db.h"
+
+int server_id_db_set_exclusive(struct server_id_db *db, const char *name);
diff --git a/source3/lib/server_id_watch.c b/source3/lib/server_id_watch.c
new file mode 100644
index 0000000..f0189e0
--- /dev/null
+++ b/source3/lib/server_id_watch.c
@@ -0,0 +1,104 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Wait for process death
+ * Copyright (C) Volker Lendecke 2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include <tevent.h>
+#include <talloc.h>
+#include "serverid.h"
+#include "server_id_watch.h"
+#include "lib/util/tevent_unix.h"
+
+struct server_id_watch_state {
+ struct tevent_context *ev;
+ struct server_id pid;
+};
+
+static void server_id_watch_waited(struct tevent_req *subreq);
+
+struct tevent_req *server_id_watch_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct server_id pid)
+{
+ struct tevent_req *req, *subreq;
+ struct server_id_watch_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct server_id_watch_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->pid = pid;
+
+ if (!serverid_exists(&state->pid)) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = tevent_wakeup_send(
+ state, ev, tevent_timeval_current_ofs(0, 500000));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, server_id_watch_waited, req);
+
+ return req;
+}
+
+static void server_id_watch_waited(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct server_id_watch_state *state = tevent_req_data(
+ req, struct server_id_watch_state);
+ bool ok;
+
+ ok = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ok) {
+ tevent_req_oom(req);
+ return;
+ }
+
+ if (!serverid_exists(&state->pid)) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = tevent_wakeup_send(
+ state, state->ev, tevent_timeval_current_ofs(0, 500000));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, server_id_watch_waited, req);
+}
+
+int server_id_watch_recv(struct tevent_req *req, struct server_id *pid)
+{
+ struct server_id_watch_state *state = tevent_req_data(
+ req, struct server_id_watch_state);
+ int err;
+
+ if (tevent_req_is_unix_error(req, &err)) {
+ return err;
+ }
+ if (pid) {
+ *pid = state->pid;
+ }
+ return 0;
+}
diff --git a/source3/lib/server_id_watch.h b/source3/lib/server_id_watch.h
new file mode 100644
index 0000000..7e88cb4
--- /dev/null
+++ b/source3/lib/server_id_watch.h
@@ -0,0 +1,33 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Wait for process death
+ * Copyright (C) Volker Lendecke 2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_SERVER_ID_WATCH_H__
+#define __LIB_SERVER_ID_WATCH_H__
+
+#include "replace.h"
+#include <tevent.h>
+#include <talloc.h>
+#include "librpc/gen_ndr/server_id.h"
+
+struct tevent_req *server_id_watch_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct server_id pid);
+int server_id_watch_recv(struct tevent_req *req, struct server_id *pid);
+
+#endif
diff --git a/source3/lib/server_mutex.c b/source3/lib/server_mutex.c
new file mode 100644
index 0000000..cbb8357
--- /dev/null
+++ b/source3/lib/server_mutex.c
@@ -0,0 +1,104 @@
+/*
+ Unix SMB/CIFS implementation.
+ Authenticate against a remote domain
+ Copyright (C) Andrew Tridgell 1992-2002
+ Copyright (C) Andrew Bartlett 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "lib/tdb_wrap/tdb_wrap.h"
+#include "util_tdb.h"
+#include "lib/param/param.h"
+
+/* For reasons known only to MS, many of their NT/Win2k versions
+ need serialised access only. Two connections at the same time
+ may (in certain situations) cause connections to be reset,
+ or access to be denied.
+
+ This locking allows smbd's multithread architecture to look
+ like the single-connection that NT makes. */
+
+struct named_mutex {
+ struct tdb_wrap *tdb;
+ char *name;
+};
+
+static int unlock_named_mutex(struct named_mutex *mutex)
+{
+ tdb_unlock_bystring(mutex->tdb->tdb, mutex->name);
+ return 0;
+}
+
+struct named_mutex *grab_named_mutex(TALLOC_CTX *mem_ctx, const char *name,
+ int timeout)
+{
+ struct named_mutex *result;
+ struct loadparm_context *lp_ctx;
+ char *fname;
+
+ result = talloc(mem_ctx, struct named_mutex);
+ if (result == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return NULL;
+ }
+
+ lp_ctx = loadparm_init_s3(result, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(0, ("loadparm_init_s3 failed\n"));
+ talloc_free(result);
+ return NULL;
+ }
+
+ result->name = talloc_strdup(result, name);
+ if (result->name == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ fname = lock_path(talloc_tos(), "mutex.tdb");
+ if (fname == NULL) {
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ result->tdb = tdb_wrap_open(result, fname,
+ lpcfg_tdb_hash_size(lp_ctx, fname),
+ lpcfg_tdb_flags(lp_ctx,
+ TDB_DEFAULT |
+ TDB_CLEAR_IF_FIRST |
+ TDB_INCOMPATIBLE_HASH),
+ O_RDWR|O_CREAT, 0600);
+ TALLOC_FREE(fname);
+ talloc_unlink(result, lp_ctx);
+ if (result->tdb == NULL) {
+ DEBUG(1, ("Could not open mutex.tdb: %s\n",
+ strerror(errno)));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ if (tdb_lock_bystring_with_timeout(result->tdb->tdb, name,
+ timeout) != 0) {
+ DEBUG(1, ("Could not get the lock for %s\n", name));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ talloc_set_destructor(result, unlock_named_mutex);
+ return result;
+}
diff --git a/source3/lib/serverid.c b/source3/lib/serverid.c
new file mode 100644
index 0000000..70739c7
--- /dev/null
+++ b/source3/lib/serverid.c
@@ -0,0 +1,62 @@
+/*
+ Unix SMB/CIFS implementation.
+ Implementation of a reliable server_exists()
+ Copyright (C) Volker Lendecke 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util/server_id.h"
+#include "serverid.h"
+#include "lib/param/param.h"
+#include "ctdbd_conn.h"
+#include "lib/messages_ctdb.h"
+#include "lib/messaging/messages_dgm.h"
+
+static bool serverid_exists_local(const struct server_id *id)
+{
+ bool exists = process_exists_by_pid(id->pid);
+ uint64_t unique;
+ int ret;
+
+ if (!exists) {
+ return false;
+ }
+
+ if (id->unique_id == SERVERID_UNIQUE_ID_NOT_TO_VERIFY) {
+ return true;
+ }
+
+ ret = messaging_dgm_get_unique(id->pid, &unique);
+ if (ret != 0) {
+ return false;
+ }
+
+ return (unique == id->unique_id);
+}
+
+bool serverid_exists(const struct server_id *id)
+{
+ if (procid_is_local(id)) {
+ return serverid_exists_local(id);
+ }
+
+ if (lp_clustering()) {
+ return ctdbd_process_exists(messaging_ctdb_connection(),
+ id->vnn, id->pid, id->unique_id);
+ }
+
+ return false;
+}
diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
new file mode 100644
index 0000000..2376fd4
--- /dev/null
+++ b/source3/lib/sessionid_tdb.c
@@ -0,0 +1,95 @@
+/*
+ Unix SMB/CIFS implementation.
+ Low-level sessionid.tdb access functions
+ Copyright (C) Volker Lendecke 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_open.h"
+#include "session.h"
+#include "util_tdb.h"
+#include "smbd/globals.h"
+
+struct sessionid_traverse_read_state {
+ int (*fn)(const char *key, struct sessionid *session,
+ void *private_data);
+ void *private_data;
+};
+
+static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
+ void *private_data)
+{
+ struct sessionid_traverse_read_state *state =
+ (struct sessionid_traverse_read_state *)private_data;
+ struct auth_session_info *session_info = global->auth_session_info;
+ struct sessionid session = {
+ .uid = -1,
+ .gid = -1,
+ .id_num = global->session_global_id,
+ .connect_start = nt_time_to_unix(global->creation_time),
+ .pid = global->channels[0].server_id,
+ .connection_dialect = global->connection_dialect,
+ .global = global,
+ };
+
+ if (session_info != NULL) {
+ session.uid = session_info->unix_token->uid;
+ session.gid = session_info->unix_token->gid;
+ strncpy(session.username,
+ session_info->unix_info->unix_name,
+ sizeof(fstring)-1);
+ }
+
+ strncpy(session.remote_machine,
+ global->channels[0].remote_name,
+ sizeof(fstring)-1);
+ strncpy(session.hostname,
+ global->channels[0].remote_address,
+ sizeof(fstring)-1);
+ strncpy(session.netbios_name,
+ global->channels[0].remote_name,
+ sizeof(fstring)-1);
+ snprintf(session.id_str, sizeof(fstring)-1,
+ "smb/%u", global->session_global_id);
+ strncpy(session.ip_addr_str,
+ global->channels[0].remote_address,
+ sizeof(fstring)-1);
+
+ session.encryption_flags = global->encryption_flags;
+ session.cipher = global->channels[0].encryption_cipher;
+ session.signing_flags = global->signing_flags;
+ session.signing = global->channels[0].signing_algo;
+
+ return state->fn(NULL, &session, state->private_data);
+}
+
+NTSTATUS sessionid_traverse_read(int (*fn)(const char *key,
+ struct sessionid *session,
+ void *private_data),
+ void *private_data)
+{
+ struct sessionid_traverse_read_state state;
+ NTSTATUS status;
+
+ state.fn = fn;
+ state.private_data = private_data;
+ status = smbXsrv_session_global_traverse(sessionid_traverse_read_fn,
+ &state);
+
+ return status;
+}
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
new file mode 100644
index 0000000..fbb2d47
--- /dev/null
+++ b/source3/lib/sharesec.c
@@ -0,0 +1,588 @@
+/*
+ * Unix SMB/Netbios implementation.
+ * SEC_DESC handling functions
+ * Copyright (C) Jeremy R. Allison 1995-2003.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_open.h"
+#include "util_tdb.h"
+#include "libcli/util/ntstatus.h"
+
+/*******************************************************************
+ Create the share security tdb.
+ ********************************************************************/
+
+static struct db_context *share_db; /* used for share security descriptors */
+#define SHARE_DATABASE_VERSION_V1 1
+#define SHARE_DATABASE_VERSION_V2 2 /* version id in little endian. */
+#define SHARE_DATABASE_VERSION_V3 3 /* canonicalized sharenames as lower case */
+
+#define SHARE_SECURITY_DB_KEY_PREFIX_STR "SECDESC/"
+/* Map generic permissions to file object specific permissions */
+
+extern const struct generic_mapping file_generic_mapping;
+
+static int delete_fn(struct db_record *rec, void *priv)
+{
+ dbwrap_record_delete(rec);
+ return 0;
+}
+
+/*****************************************************
+ Looking for keys of the form: SHARE_SECURITY_DB_KEY_PREFIX_STR + "non lower case str".
+ If we find one re-write it into a canonical case form.
+*****************************************************/
+
+static int upgrade_v2_to_v3(struct db_record *rec, void *priv)
+{
+ size_t prefix_len = strlen(SHARE_SECURITY_DB_KEY_PREFIX_STR);
+ const char *servicename = NULL;
+ char *c_servicename = NULL;
+ char *newkey = NULL;
+ bool *p_upgrade_ok = (bool *)priv;
+ NTSTATUS status;
+ TDB_DATA key;
+ TDB_DATA value;
+
+ key = dbwrap_record_get_key(rec);
+
+ /* Is there space for a one character sharename ? */
+ if (key.dsize <= prefix_len+2) {
+ return 0;
+ }
+
+ /* Does it start with the share key prefix ? */
+ if (memcmp(key.dptr, SHARE_SECURITY_DB_KEY_PREFIX_STR,
+ prefix_len) != 0) {
+ return 0;
+ }
+
+ /* Is it a null terminated string as a key ? */
+ if (key.dptr[key.dsize-1] != '\0') {
+ return 0;
+ }
+
+ /* Bytes after the prefix are the sharename string. */
+ servicename = (char *)&key.dptr[prefix_len];
+ c_servicename = canonicalize_servicename(talloc_tos(), servicename);
+ if (!c_servicename) {
+ smb_panic("out of memory upgrading share security db from v2 -> v3");
+ }
+
+ if (strcmp(servicename, c_servicename) == 0) {
+ /* Old and new names match. No canonicalization needed. */
+ TALLOC_FREE(c_servicename);
+ return 0;
+ }
+
+ /* Oops. Need to canonicalize name, delete old then store new. */
+ status = dbwrap_record_delete(rec);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("upgrade_v2_to_v3: Failed to delete secdesc for "
+ "%s: %s\n", (const char *)key.dptr,
+ nt_errstr(status)));
+ TALLOC_FREE(c_servicename);
+ *p_upgrade_ok = false;
+ return -1;
+ } else {
+ DEBUG(10, ("upgrade_v2_to_v3: deleted secdesc for "
+ "%s\n", (const char *)key.dptr));
+ }
+
+ if (!(newkey = talloc_asprintf(talloc_tos(),
+ SHARE_SECURITY_DB_KEY_PREFIX_STR "%s",
+ c_servicename))) {
+ smb_panic("out of memory upgrading share security db from v2 -> v3");
+ }
+
+ value = dbwrap_record_get_value(rec);
+ status = dbwrap_store(share_db,
+ string_term_tdb_data(newkey),
+ value,
+ TDB_REPLACE);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("upgrade_v2_to_v3: Failed to store secdesc for "
+ "%s: %s\n", c_servicename, nt_errstr(status)));
+ TALLOC_FREE(c_servicename);
+ TALLOC_FREE(newkey);
+ *p_upgrade_ok = false;
+ return -1;
+ } else {
+ DEBUG(10, ("upgrade_v2_to_v3: stored secdesc for "
+ "%s\n", newkey ));
+ }
+
+ TALLOC_FREE(newkey);
+ TALLOC_FREE(c_servicename);
+
+ return 0;
+}
+
+NTSTATUS share_info_db_init(void)
+{
+ const char *vstring = "INFO/version";
+ int32_t vers_id = 0;
+ bool upgrade_ok = true;
+ NTSTATUS status;
+ char *db_path;
+
+ if (share_db != NULL) {
+ return NT_STATUS_OK;
+ }
+
+ db_path = state_path(talloc_tos(), "share_info.tdb");
+ if (db_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ share_db = db_open(NULL, db_path, 0,
+ TDB_DEFAULT, O_RDWR|O_CREAT, 0600,
+ DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
+ if (share_db == NULL) {
+ DEBUG(0,("Failed to open share info database %s (%s)\n",
+ db_path, strerror(errno)));
+ TALLOC_FREE(db_path);
+ return map_nt_error_from_unix_common(errno);
+ }
+ TALLOC_FREE(db_path);
+
+ status = dbwrap_fetch_int32_bystring(share_db, vstring, &vers_id);
+ if (!NT_STATUS_IS_OK(status)) {
+ vers_id = 0;
+ }
+
+ if (vers_id == SHARE_DATABASE_VERSION_V3) {
+ return NT_STATUS_OK;
+ }
+
+ if (dbwrap_transaction_start(share_db) != 0) {
+ DEBUG(0, ("transaction_start failed\n"));
+ TALLOC_FREE(share_db);
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+
+ status = dbwrap_fetch_int32_bystring(share_db, vstring, &vers_id);
+ if (!NT_STATUS_IS_OK(status)) {
+ vers_id = 0;
+ }
+
+ if (vers_id == SHARE_DATABASE_VERSION_V3) {
+ /*
+ * Race condition
+ */
+ if (dbwrap_transaction_cancel(share_db)) {
+ smb_panic("transaction_cancel failed");
+ }
+ return NT_STATUS_OK;
+ }
+
+ /* Move to at least V2. */
+
+ /* Cope with byte-reversed older versions of the db. */
+ if ((vers_id == SHARE_DATABASE_VERSION_V1) || (IREV(vers_id) == SHARE_DATABASE_VERSION_V1)) {
+ /* Written on a bigendian machine with old fetch_int code. Save as le. */
+
+ status = dbwrap_store_int32_bystring(
+ share_db, vstring, SHARE_DATABASE_VERSION_V2);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("dbwrap_store_int32 failed: %s\n",
+ nt_errstr(status)));
+ goto cancel;
+ }
+ vers_id = SHARE_DATABASE_VERSION_V2;
+ }
+
+ if (vers_id != SHARE_DATABASE_VERSION_V2) {
+ status = dbwrap_traverse(share_db, delete_fn, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("traverse failed\n"));
+ goto cancel;
+ }
+ status = dbwrap_store_int32_bystring(
+ share_db, vstring, SHARE_DATABASE_VERSION_V2);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("dbwrap_store_int32 failed: %s\n",
+ nt_errstr(status)));
+ goto cancel;
+ }
+ }
+
+ /* Finally upgrade to version 3, with canonicalized sharenames. */
+
+ status = dbwrap_traverse(share_db, upgrade_v2_to_v3, &upgrade_ok, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("traverse failed\n"));
+ goto cancel;
+ }
+ if (!upgrade_ok) {
+ DBG_ERR("upgrade failed.\n");
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto cancel;
+ }
+
+ status = dbwrap_store_int32_bystring(
+ share_db, vstring, SHARE_DATABASE_VERSION_V3);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("dbwrap_store_int32 failed: %s\n",
+ nt_errstr(status)));
+ goto cancel;
+ }
+
+ if (dbwrap_transaction_commit(share_db) != 0) {
+ DEBUG(0, ("transaction_commit failed\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ return NT_STATUS_OK;
+
+ cancel:
+ if (dbwrap_transaction_cancel(share_db)) {
+ smb_panic("transaction_cancel failed");
+ }
+
+ return status;
+}
+
+/*******************************************************************
+ Fake up a Everyone, default access as a default.
+ def_access is a GENERIC_XXX access mode.
+ ********************************************************************/
+
+static struct security_descriptor *get_share_security_default(TALLOC_CTX *ctx,
+ size_t *psize,
+ uint32_t def_access)
+{
+ uint32_t sa;
+ struct security_ace ace;
+ struct security_acl *psa = NULL;
+ struct security_descriptor *psd = NULL;
+ uint32_t spec_access = def_access;
+
+ se_map_generic(&spec_access, &file_generic_mapping);
+
+ sa = (def_access | spec_access );
+ init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
+
+ if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
+ psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
+ SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
+ psa, psize);
+ }
+
+ if (!psd) {
+ DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
+ return NULL;
+ }
+
+ return psd;
+}
+
+/*******************************************************************
+ Pull a security descriptor from the share tdb.
+ ********************************************************************/
+
+struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *servicename,
+ size_t *psize)
+{
+ char *key;
+ struct security_descriptor *psd = NULL;
+ TDB_DATA data;
+ char *c_servicename = canonicalize_servicename(talloc_tos(), servicename);
+ NTSTATUS status;
+
+ if (!c_servicename) {
+ return NULL;
+ }
+
+ status = share_info_db_init();
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(c_servicename);
+ return NULL;
+ }
+
+ if (!(key = talloc_asprintf(ctx, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_servicename))) {
+ TALLOC_FREE(c_servicename);
+ DEBUG(0, ("talloc_asprintf failed\n"));
+ return NULL;
+ }
+
+ TALLOC_FREE(c_servicename);
+
+ status = dbwrap_fetch_bystring(share_db, talloc_tos(), key, &data);
+
+ TALLOC_FREE(key);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return get_share_security_default(ctx, psize,
+ SEC_RIGHTS_DIR_ALL);
+ }
+
+ status = unmarshall_sec_desc(ctx, data.dptr, data.dsize, &psd);
+
+ TALLOC_FREE(data.dptr);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return get_share_security_default(ctx, psize,
+ SEC_RIGHTS_DIR_ALL);
+ }
+
+ if (psd) {
+ *psize = ndr_size_security_descriptor(psd, 0);
+ } else {
+ return get_share_security_default(ctx, psize,
+ SEC_RIGHTS_DIR_ALL);
+ }
+
+ return psd;
+}
+
+/*******************************************************************
+ Store a security descriptor in the share db.
+ ********************************************************************/
+
+NTSTATUS set_share_security(const char *share_name,
+ struct security_descriptor *psd)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ char *key;
+ TDB_DATA blob;
+ NTSTATUS status;
+ char *c_share_name = canonicalize_servicename(frame, share_name);
+
+ if (c_share_name == NULL) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+ status = share_info_db_init();
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ status = marshall_sec_desc(frame, psd, &blob.dptr, &blob.dsize);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("marshall_sec_desc failed: %s\n",
+ nt_errstr(status)));
+ goto out;
+ }
+
+ if (!(key = talloc_asprintf(frame, SHARE_SECURITY_DB_KEY_PREFIX_STR "%s", c_share_name))) {
+ DEBUG(0, ("talloc_asprintf failed\n"));
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ status = dbwrap_trans_store(share_db, string_term_tdb_data(key), blob,
+ TDB_REPLACE);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("set_share_security: Failed to store secdesc for "
+ "%s: %s\n", share_name, nt_errstr(status)));
+ goto out;
+ }
+
+ DEBUG(5,("set_share_security: stored secdesc for %s\n", share_name ));
+ status = NT_STATUS_OK;
+
+ out:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/*******************************************************************
+ Delete a security descriptor.
+********************************************************************/
+
+NTSTATUS delete_share_security(const char *servicename)
+{
+ TDB_DATA kbuf;
+ char *key;
+ NTSTATUS status;
+ char *c_servicename = canonicalize_servicename(talloc_tos(), servicename);
+
+ if (c_servicename == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = share_info_db_init();
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(c_servicename);
+ return status;
+ }
+
+ if (!(key = talloc_asprintf(talloc_tos(), SHARE_SECURITY_DB_KEY_PREFIX_STR "%s",
+ c_servicename))) {
+ TALLOC_FREE(c_servicename);
+ return NT_STATUS_NO_MEMORY;
+ }
+ kbuf = string_term_tdb_data(key);
+
+ status = dbwrap_trans_delete(share_db, kbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("delete_share_security: Failed to delete entry for "
+ "share %s: %s\n", c_servicename, nt_errstr(status)));
+ TALLOC_FREE(c_servicename);
+ return status;
+ }
+
+ TALLOC_FREE(c_servicename);
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Can this user access with share with the required permissions ?
+********************************************************************/
+
+bool share_access_check(const struct security_token *token,
+ const char *sharename,
+ uint32_t desired_access,
+ uint32_t *pgranted)
+{
+ uint32_t granted;
+ NTSTATUS status;
+ struct security_descriptor *psd = NULL;
+ size_t sd_size;
+
+ psd = get_share_security(talloc_tos(), sharename, &sd_size);
+
+ if (!psd) {
+ if (pgranted != NULL) {
+ *pgranted = desired_access;
+ }
+ return false;
+ }
+
+ status = se_file_access_check(psd, token, true, desired_access, &granted);
+
+ TALLOC_FREE(psd);
+
+ if (pgranted != NULL) {
+ *pgranted = granted;
+ }
+
+ return NT_STATUS_IS_OK(status);
+}
+
+/***************************************************************************
+ Parse the contents of an acl string from a usershare file.
+***************************************************************************/
+
+bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd)
+{
+ size_t s_size = 0;
+ const char *pacl = acl_str;
+ int num_aces = 0;
+ struct security_ace *ace_list = NULL;
+ struct security_acl *psa = NULL;
+ struct security_descriptor *psd = NULL;
+ size_t sd_size = 0;
+ int i;
+
+ *ppsd = NULL;
+
+ /* If the acl string is blank return "Everyone:R" */
+ if (!*acl_str) {
+ struct security_descriptor *default_psd = get_share_security_default(ctx, &s_size, GENERIC_READ_ACCESS);
+ if (!default_psd) {
+ return False;
+ }
+ *ppsd = default_psd;
+ return True;
+ }
+
+ num_aces = 1;
+
+ /* Add the number of ',' characters to get the number of aces. */
+ num_aces += count_chars(pacl,',');
+
+ ace_list = talloc_array(ctx, struct security_ace, num_aces);
+ if (!ace_list) {
+ return False;
+ }
+
+ for (i = 0; i < num_aces; i++) {
+ uint32_t sa;
+ uint32_t g_access;
+ uint32_t s_access;
+ struct dom_sid sid;
+ char *sidstr;
+ enum security_ace_type type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+
+ if (!next_token_talloc(ctx, &pacl, &sidstr, ":")) {
+ DEBUG(0,("parse_usershare_acl: malformed usershare acl looking "
+ "for ':' in string '%s'\n", pacl));
+ return False;
+ }
+
+ if (!string_to_sid(&sid, sidstr)) {
+ DEBUG(0,("parse_usershare_acl: failed to convert %s to sid.\n",
+ sidstr ));
+ return False;
+ }
+
+ switch (*pacl) {
+ case 'F': /* Full Control, ie. R+W */
+ case 'f': /* Full Control, ie. R+W */
+ s_access = g_access = GENERIC_ALL_ACCESS;
+ break;
+ case 'R': /* Read only. */
+ case 'r': /* Read only. */
+ s_access = g_access = GENERIC_READ_ACCESS;
+ break;
+ case 'D': /* Deny all to this SID. */
+ case 'd': /* Deny all to this SID. */
+ type = SEC_ACE_TYPE_ACCESS_DENIED;
+ s_access = g_access = GENERIC_ALL_ACCESS;
+ break;
+ default:
+ DEBUG(0,("parse_usershare_acl: unknown acl type at %s.\n",
+ pacl ));
+ return False;
+ }
+
+ pacl++;
+ if (*pacl && *pacl != ',') {
+ DEBUG(0,("parse_usershare_acl: bad acl string at %s.\n",
+ pacl ));
+ return False;
+ }
+ pacl++; /* Go past any ',' */
+
+ se_map_generic(&s_access, &file_generic_mapping);
+ sa = (g_access | s_access);
+ init_sec_ace(&ace_list[i], &sid, type, sa, 0);
+ }
+
+ if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) {
+ psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
+ SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
+ psa, &sd_size);
+ }
+
+ if (!psd) {
+ DEBUG(0,("parse_usershare_acl: Failed to make SEC_DESC.\n"));
+ return False;
+ }
+
+ *ppsd = psd;
+ return True;
+}
diff --git a/source3/lib/smbconf/pys3smbconf.c b/source3/lib/smbconf/pys3smbconf.c
new file mode 100644
index 0000000..09d4881
--- /dev/null
+++ b/source3/lib/smbconf/pys3smbconf.c
@@ -0,0 +1,212 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libsmbconf - Samba configuration library - Python bindings
+ *
+ * Copyright (C) John Mulligan <phlogistonjohn@asynchrono.us> 2022
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "lib/replace/system/python.h"
+#include "includes.h"
+#include "python/py3compat.h"
+
+#include "lib/smbconf/smbconf.h"
+#include "source3/lib/smbconf/smbconf_reg.h"
+#include "source3/lib/smbconf/smbconf_init.h"
+#include "lib/smbconf/pysmbconf.h"
+
+/*
+ * The name of the other, general, smbconf module that implements
+ * the common type. We import this module by name to access
+ * its methods by the python API.
+ */
+#define SMBCONF_MOD "samba.smbconf"
+
+/*
+ * Return a new but uninitialized SMBConf python object via
+ * the python API of the (other) smbconf module.
+ */
+static PyObject *py_new_SMBConf(PyObject * smbconf_mod)
+{
+ PyObject *obj = NULL;
+ PyObject *method = PyObject_GetAttrString(smbconf_mod, "SMBConf");
+ if (method == NULL) {
+ return NULL;
+ }
+
+ obj = PyObject_CallObject(method, NULL);
+ Py_CLEAR(method);
+ return obj;
+}
+
+/*
+ * Raise a new SMBConfError python exception given a error code.
+ * This uses the python API of the (other) smbconf module.
+ */
+static PyObject *py_raise_SMBConfError(PyObject * smbconf_mod, sbcErr err)
+{
+ PyObject *obj = NULL;
+ PyObject *method =
+ PyObject_GetAttrString(smbconf_mod, "_smbconf_error");
+ if (method == NULL) {
+ return NULL;
+ }
+
+ obj = PyObject_CallFunction(method, "i", err);
+ Py_CLEAR(method);
+ return obj;
+}
+
+static PyObject *py_init_reg(PyObject * module, PyObject * args)
+{
+ PyObject *obj = NULL;
+ PyObject *smbconf_mod = NULL;
+ char *path = NULL;
+ struct smbconf_ctx *conf_ctx = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ sbcErr err;
+
+ /*
+ * The path here is _NOT_ the path to a file in the file
+ * system. It's a special HK registry thingy. But passing
+ * a null string to smbconf_init_reg populates it with
+ * a functional default value. So we allow the python
+ * caller to pass None and convert to NULL.
+ */
+ if (!PyArg_ParseTuple(args, "z", &path)) {
+ return NULL;
+ }
+
+ smbconf_mod = PyImport_ImportModule(SMBCONF_MOD);
+ if (smbconf_mod == NULL) {
+ return NULL;
+ }
+
+ obj = py_new_SMBConf(smbconf_mod);
+ if (obj == NULL) {
+ Py_CLEAR(smbconf_mod);
+ return NULL;
+ }
+
+ mem_ctx = ((py_SMBConf_Object *) obj)->mem_ctx;
+ err = smbconf_init_reg(mem_ctx, &conf_ctx, path);
+ if (err != SBC_ERR_OK) {
+ py_raise_SMBConfError(smbconf_mod, err);
+ Py_CLEAR(obj);
+ Py_CLEAR(smbconf_mod);
+ return NULL;
+ }
+ ((py_SMBConf_Object *) obj)->conf_ctx = conf_ctx;
+
+ Py_DECREF(smbconf_mod);
+ return obj;
+}
+
+static PyObject *py_init_str(PyObject * module, PyObject * args)
+{
+ PyObject *obj = NULL;
+ PyObject *smbconf_mod = NULL;
+ char *path = NULL;
+ struct smbconf_ctx *conf_ctx = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ sbcErr err;
+
+ if (!PyArg_ParseTuple(args, "s", &path)) {
+ return NULL;
+ }
+
+ smbconf_mod = PyImport_ImportModule(SMBCONF_MOD);
+ if (smbconf_mod == NULL) {
+ return NULL;
+ }
+
+ obj = py_new_SMBConf(smbconf_mod);
+ if (obj == NULL) {
+ Py_CLEAR(smbconf_mod);
+ return NULL;
+ }
+
+ mem_ctx = ((py_SMBConf_Object *) obj)->mem_ctx;
+ err = smbconf_init(mem_ctx, &conf_ctx, path);
+ if (err != SBC_ERR_OK) {
+ py_raise_SMBConfError(smbconf_mod, err);
+ Py_CLEAR(obj);
+ Py_CLEAR(smbconf_mod);
+ return NULL;
+ }
+ ((py_SMBConf_Object *) obj)->conf_ctx = conf_ctx;
+
+ Py_DECREF(smbconf_mod);
+ return obj;
+}
+
+PyDoc_STRVAR(py_init_reg_doc,
+"Return an SMBConf object using the registry based configuration.\n"
+"The path argument provided must either be None to use the\n"
+"default path or a path within the registry. It must start with\n"
+"the characters 'HK' if provided. It is *not* a path to a\n"
+"file or database in the file system.\n");
+
+PyDoc_STRVAR(py_init_str_doc,
+"Return an SMBConf object opened using one of the backends\n"
+"supported by Samba.\n"
+"The provided string argument must be in the form \"backend:path\".\n"
+"The backend portion is to be the name of a supported backend\n"
+"such as 'file', or 'registry'. The path following the colon is\n"
+"backend specific. In the case of the file backend this is the path\n"
+"to a configuration file.\n"
+"Examples:\n"
+" c1 = samba.samba3.smbconfig.init(\"file:/tmp/smb.conf\")\n"
+" c2 = samba.samba3.smbconfig.init(\"registry:\")\n");
+/*
+ * The major advantage of having this `init` function in the
+ * python wrapper is that if a backend is added without
+ * explicit changes to the python wrapper libs, it should still
+ * be able to access that backend through the general init
+ * function. The value add is not huge but more like insurance.
+ */
+
+static PyMethodDef pys3smbconf_methods[] = {
+ { "init_reg", (PyCFunction) py_init_reg, METH_VARARGS,
+ py_init_reg_doc },
+ { "init", (PyCFunction) py_init_str, METH_VARARGS,
+ py_init_str_doc },
+ { 0 },
+};
+
+PyDoc_STRVAR(py_s3smbconf_doc,
+"The s3smbconf module is a wrapper for Samba's 'source3' smbconf library.\n"
+"This library provides functions to use configuration backends that are\n"
+"specific to the file server suite of components within Samba.\n"
+"This includes functions to access the registry backend of the\n"
+"smbconf subsystem. This backend is read-write.\n");
+
+static struct PyModuleDef moduledef = {
+ PyModuleDef_HEAD_INIT,
+ .m_name = "smbconf",
+ .m_doc = py_s3smbconf_doc,
+ .m_size = -1,
+ .m_methods = pys3smbconf_methods,
+};
+
+MODULE_INIT_FUNC(smbconf)
+{
+ PyObject *m = PyModule_Create(&moduledef);
+ if (m == NULL) {
+ return NULL;
+ }
+
+ return m;
+}
diff --git a/source3/lib/smbconf/smbconf_init.c b/source3/lib/smbconf/smbconf_init.c
new file mode 100644
index 0000000..e6bf6d8
--- /dev/null
+++ b/source3/lib/smbconf/smbconf_init.c
@@ -0,0 +1,96 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libsmbconf - Samba configuration library, init dispatcher
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/smbconf/smbconf_private.h"
+#include "lib/smbconf/smbconf_txt.h"
+#include "lib/smbconf/smbconf_reg.h"
+#include "lib/smbconf/smbconf_init.h"
+
+/**
+ * smbconf initialization dispatcher
+ *
+ * this takes a configuration source in the form of
+ * backend:path and calls the appropriate backend
+ * init function with the path argument
+ *
+ * known backends:
+ * - "registry" or "reg"
+ * - "txt" or "file"
+ */
+sbcErr smbconf_init(TALLOC_CTX *mem_ctx, struct smbconf_ctx **conf_ctx,
+ const char *source)
+{
+ sbcErr err;
+ char *backend = NULL;
+ char *path = NULL;
+ char *sep;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ if (conf_ctx == NULL) {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ if ((source == NULL) || (*source == '\0')) {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ backend = talloc_strdup(tmp_ctx, source);
+ if (backend == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ sep = strchr(backend, ':');
+ if (sep != NULL) {
+ *sep = '\0';
+ path = sep + 1;
+ if (strlen(path) == 0) {
+ path = NULL;
+ }
+ }
+
+ if (strequal(backend, "registry") || strequal(backend, "reg")) {
+ err = smbconf_init_reg(mem_ctx, conf_ctx, path);
+ } else if (strequal(backend, "file") || strequal(backend, "txt")) {
+ err = smbconf_init_txt(mem_ctx, conf_ctx, path);
+ } else if (sep == NULL) {
+ /*
+ * If no separator was given in the source, and the string is
+ * not a known backend, assume file backend and use the source
+ * string as a path argument.
+ */
+ err = smbconf_init_txt(mem_ctx, conf_ctx, backend);
+ } else {
+ /*
+ * Separator was specified but this is not a known backend.
+ * As a last resort, try to interpret the original source
+ * string as a file name that contains a ":" sign.
+ * This may occur with an include directive like this:
+ * 'include = /path/to/file.%T'
+ */
+ err = smbconf_init_txt(mem_ctx, conf_ctx, source);
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
diff --git a/source3/lib/smbconf/smbconf_init.h b/source3/lib/smbconf/smbconf_init.h
new file mode 100644
index 0000000..11ddb0c
--- /dev/null
+++ b/source3/lib/smbconf/smbconf_init.h
@@ -0,0 +1,32 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libsmbconf - Samba configuration library
+ * Copyright (C) Michael Adam 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBSMBCONF_INIT_H__
+#define __LIBSMBCONF_INIT_H__
+
+struct smbconf_ctx;
+
+/**
+ * initialization dispatcher function.
+ * takes source string in the form of "backend:path"
+ */
+sbcErr smbconf_init(TALLOC_CTX *mem_ctx, struct smbconf_ctx **conf_ctx,
+ const char *source);
+
+#endif /* _LIBSMBCONF_INIT_H_ */
diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c
new file mode 100644
index 0000000..fc8aa62
--- /dev/null
+++ b/source3/lib/smbconf/smbconf_reg.c
@@ -0,0 +1,1246 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libsmbconf - Samba configuration library, registry backend
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/smbconf/smbconf_private.h"
+#include "registry.h"
+#include "registry/reg_api.h"
+#include "registry/reg_backend_db.h"
+#include "registry/reg_util_token.h"
+#include "registry/reg_api_util.h"
+#include "registry/reg_init_smbconf.h"
+#include "lib/smbconf/smbconf_init.h"
+#include "lib/smbconf/smbconf_reg.h"
+#include "../libcli/registry/util_reg.h"
+
+#define INCLUDES_VALNAME "includes"
+
+struct reg_private_data {
+ struct registry_key *base_key;
+ bool open; /* did _we_ open the registry? */
+};
+
+/**********************************************************************
+ *
+ * helper functions
+ *
+ **********************************************************************/
+
+/**
+ * a convenience helper to cast the private data structure
+ */
+static struct reg_private_data *rpd(struct smbconf_ctx *ctx)
+{
+ return (struct reg_private_data *)(ctx->data);
+}
+
+/**
+ * Check whether a given parameter name is valid in the
+ * smbconf registry backend.
+ */
+bool smbconf_reg_parameter_is_valid(const char *param_name)
+{
+ /* hard code the list of forbidden names here for now */
+ const char *forbidden_names[] = {
+ "state directory",
+ "lock directory",
+ "lock dir",
+ "config backend",
+ "include",
+ /*
+ * "includes" has a special meaning internally.
+ * It is currently not necessary to list it here since it is
+ * not a valid parameter. But for clarity and safety, we keep
+ * it for now.
+ */
+ INCLUDES_VALNAME,
+ NULL
+ };
+ const char **forbidden = NULL;
+
+ if (!lp_parameter_is_valid(param_name)) {
+ return false;
+ }
+
+ for (forbidden = forbidden_names; *forbidden != NULL; forbidden++) {
+ if (strwicmp(param_name, *forbidden) == 0) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+/**
+ * Open a subkey of the base key (i.e a service)
+ */
+static sbcErr smbconf_reg_open_service_key(TALLOC_CTX *mem_ctx,
+ struct smbconf_ctx *ctx,
+ const char *servicename,
+ uint32_t desired_access,
+ struct registry_key **key)
+{
+ WERROR werr;
+
+ if (servicename == NULL) {
+ *key = rpd(ctx)->base_key;
+ return SBC_ERR_OK;
+ }
+ werr = reg_openkey(mem_ctx, rpd(ctx)->base_key, servicename,
+ desired_access, key);
+ if (W_ERROR_EQUAL(werr, WERR_FILE_NOT_FOUND)) {
+ return SBC_ERR_NO_SUCH_SERVICE;
+ }
+ if (!W_ERROR_IS_OK(werr)) {
+ return SBC_ERR_NOMEM;
+ }
+
+ return SBC_ERR_OK;
+}
+
+/**
+ * check if a value exists in a given registry key
+ */
+static bool smbconf_value_exists(struct registry_key *key, const char *param)
+{
+ bool ret = false;
+ WERROR werr;
+ TALLOC_CTX *ctx = talloc_stackframe();
+ struct registry_value *value = NULL;
+
+ werr = reg_queryvalue(ctx, key, param, &value);
+ if (W_ERROR_IS_OK(werr)) {
+ ret = true;
+ }
+
+ talloc_free(ctx);
+ return ret;
+}
+
+/**
+ * create a subkey of the base key (i.e. a service...)
+ */
+static sbcErr smbconf_reg_create_service_key(TALLOC_CTX *mem_ctx,
+ struct smbconf_ctx *ctx,
+ const char * subkeyname,
+ struct registry_key **newkey)
+{
+ WERROR werr;
+ sbcErr err = SBC_ERR_OK;
+ TALLOC_CTX *create_ctx;
+ enum winreg_CreateAction action = REG_ACTION_NONE;
+
+ /* create a new talloc ctx for creation. it will hold
+ * the intermediate parent key (SMBCONF) for creation
+ * and will be destroyed when leaving this function... */
+ create_ctx = talloc_stackframe();
+
+ werr = reg_createkey(mem_ctx, rpd(ctx)->base_key, subkeyname,
+ REG_KEY_WRITE, newkey, &action);
+ if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) {
+ DEBUG(10, ("Key '%s' already exists.\n", subkeyname));
+ err = SBC_ERR_FILE_EXISTS;
+ }
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(5, ("Error creating key %s: %s\n",
+ subkeyname, win_errstr(werr)));
+ err = SBC_ERR_UNKNOWN_FAILURE;
+ }
+
+ talloc_free(create_ctx);
+ return err;
+}
+
+/**
+ * add a value to a key.
+ */
+static sbcErr smbconf_reg_set_value(struct registry_key *key,
+ const char *valname,
+ const char *valstr)
+{
+ struct registry_value val;
+ WERROR werr;
+ sbcErr err;
+ char *subkeyname;
+ const char *canon_valname;
+ const char *canon_valstr;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ if (!lp_parameter_is_valid(valname)) {
+ DEBUG(5, ("Invalid parameter '%s' given.\n", valname));
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ if (!smbconf_reg_parameter_is_valid(valname)) {
+ DEBUG(5, ("Parameter '%s' not allowed in registry.\n",
+ valname));
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ subkeyname = strrchr_m(key->key->name, '\\');
+ if ((subkeyname == NULL) || (*(subkeyname +1) == '\0')) {
+ DEBUG(5, ("Invalid registry key '%s' given as "
+ "smbconf section.\n", key->key->name));
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+ subkeyname++;
+ if (!strequal(subkeyname, GLOBAL_NAME) &&
+ lp_parameter_is_global(valname))
+ {
+ DEBUG(5, ("Global parameter '%s' not allowed in "
+ "service definition ('%s').\n", valname,
+ subkeyname));
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ if (!lp_canonicalize_parameter_with_value(valname, valstr,
+ &canon_valname,
+ &canon_valstr))
+ {
+ /*
+ * We already know the parameter name is valid.
+ * So the value must be invalid.
+ */
+ DEBUG(5, ("invalid value '%s' given for parameter '%s'\n",
+ valstr, valname));
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ ZERO_STRUCT(val);
+
+ val.type = REG_SZ;
+ if (!push_reg_sz(tmp_ctx, &val.data, canon_valstr)) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ werr = reg_setvalue(key, canon_valname, &val);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(5, ("Error adding value '%s' to "
+ "key '%s': %s\n",
+ canon_valname, key->key->name, win_errstr(werr)));
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ err = SBC_ERR_OK;
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+static sbcErr smbconf_reg_set_multi_sz_value(struct registry_key *key,
+ const char *valname,
+ const uint32_t num_strings,
+ const char **strings)
+{
+ WERROR werr;
+ sbcErr err = SBC_ERR_OK;
+ struct registry_value *value;
+ uint32_t count;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ const char **array;
+
+ if (strings == NULL) {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ array = talloc_zero_array(tmp_ctx, const char *, num_strings + 1);
+ if (array == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ value = talloc_zero(tmp_ctx, struct registry_value);
+ if (value == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ value->type = REG_MULTI_SZ;
+
+ for (count = 0; count < num_strings; count++) {
+ array[count] = talloc_strdup(value, strings[count]);
+ if (array[count] == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+ }
+
+ if (!push_reg_multi_sz(value, &value->data, array)) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ werr = reg_setvalue(key, valname, value);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(5, ("Error adding value '%s' to key '%s': %s\n",
+ valname, key->key->name, win_errstr(werr)));
+ err = SBC_ERR_ACCESS_DENIED;
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+/**
+ * format a registry_value into a string.
+ *
+ * This is intended to be used for smbconf registry values,
+ * which are ar stored as REG_SZ values, so the incomplete
+ * handling should be ok.
+ */
+static char *smbconf_format_registry_value(TALLOC_CTX *mem_ctx,
+ struct registry_value *value)
+{
+ char *result = NULL;
+
+ /* alternatively, create a new talloc context? */
+ if (mem_ctx == NULL) {
+ return result;
+ }
+
+ switch (value->type) {
+ case REG_DWORD:
+ if (value->data.length >= 4) {
+ uint32_t v = IVAL(value->data.data, 0);
+ result = talloc_asprintf(mem_ctx, "%d", v);
+ }
+ break;
+ case REG_SZ:
+ case REG_EXPAND_SZ: {
+ const char *s;
+ if (!pull_reg_sz(mem_ctx, &value->data, &s)) {
+ break;
+ }
+ result = talloc_strdup(mem_ctx, s);
+ break;
+ }
+ case REG_MULTI_SZ: {
+ uint32_t j;
+ const char **a = NULL;
+ if (!pull_reg_multi_sz(mem_ctx, &value->data, &a)) {
+ break;
+ }
+ for (j = 0; a[j] != NULL; j++) {
+ result = talloc_asprintf(mem_ctx, "%s\"%s\" ",
+ result ? result : "" ,
+ a[j]);
+ if (result == NULL) {
+ break;
+ }
+ }
+ break;
+ }
+ case REG_BINARY:
+ result = talloc_asprintf(mem_ctx, "binary (%d bytes)",
+ (int)value->data.length);
+ break;
+ default:
+ result = talloc_asprintf(mem_ctx, "<unprintable>");
+ break;
+ }
+ return result;
+}
+
+static sbcErr smbconf_reg_get_includes_internal(TALLOC_CTX *mem_ctx,
+ struct registry_key *key,
+ uint32_t *num_includes,
+ char ***includes)
+{
+ WERROR werr;
+ sbcErr err;
+ uint32_t count;
+ struct registry_value *value = NULL;
+ char **tmp_includes = NULL;
+ const char **array = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ if (!smbconf_value_exists(key, INCLUDES_VALNAME)) {
+ /* no includes */
+ *num_includes = 0;
+ *includes = NULL;
+ err = SBC_ERR_OK;
+ goto done;
+ }
+
+ werr = reg_queryvalue(tmp_ctx, key, INCLUDES_VALNAME, &value);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_ACCESS_DENIED;
+ goto done;
+ }
+
+ if (value->type != REG_MULTI_SZ) {
+ /* wrong type -- ignore */
+ err = SBC_ERR_OK;
+ goto done;
+ }
+
+ if (!pull_reg_multi_sz(tmp_ctx, &value->data, &array)) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ for (count = 0; array[count] != NULL; count++) {
+ err = smbconf_add_string_to_array(tmp_ctx,
+ &tmp_includes,
+ count,
+ array[count]);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+ }
+
+ if (count > 0) {
+ *includes = talloc_move(mem_ctx, &tmp_includes);
+ if (*includes == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+ *num_includes = count;
+ } else {
+ *num_includes = 0;
+ *includes = NULL;
+ }
+
+ err = SBC_ERR_OK;
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+/**
+ * Get the values of a key as a list of value names
+ * and a list of value strings (ordered)
+ */
+static sbcErr smbconf_reg_get_values(TALLOC_CTX *mem_ctx,
+ struct registry_key *key,
+ uint32_t *num_values,
+ char ***value_names,
+ char ***value_strings)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ WERROR werr;
+ sbcErr err;
+ uint32_t count;
+ struct registry_value *valvalue = NULL;
+ char *valname = NULL;
+ uint32_t tmp_num_values = 0;
+ char **tmp_valnames = NULL;
+ char **tmp_valstrings = NULL;
+ uint32_t num_includes = 0;
+ char **includes = NULL;
+
+ if ((num_values == NULL) || (value_names == NULL) ||
+ (value_strings == NULL))
+ {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ tmp_ctx = talloc_stackframe();
+
+ for (count = 0;
+ werr = reg_enumvalue(tmp_ctx, key, count, &valname, &valvalue),
+ W_ERROR_IS_OK(werr);
+ count++)
+ {
+ char *valstring;
+
+ if (!smbconf_reg_parameter_is_valid(valname)) {
+ continue;
+ }
+
+ err = smbconf_add_string_to_array(tmp_ctx,
+ &tmp_valnames,
+ tmp_num_values, valname);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ valstring = smbconf_format_registry_value(tmp_ctx, valvalue);
+ err = smbconf_add_string_to_array(tmp_ctx, &tmp_valstrings,
+ tmp_num_values, valstring);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+ tmp_num_values++;
+ }
+ if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ /* now add the includes at the end */
+ err = smbconf_reg_get_includes_internal(tmp_ctx, key, &num_includes,
+ &includes);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ for (count = 0; count < num_includes; count++) {
+ err = smbconf_add_string_to_array(tmp_ctx, &tmp_valnames,
+ tmp_num_values, "include");
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ err = smbconf_add_string_to_array(tmp_ctx, &tmp_valstrings,
+ tmp_num_values,
+ includes[count]);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ tmp_num_values++;
+ }
+
+ *num_values = tmp_num_values;
+ if (tmp_num_values > 0) {
+ *value_names = talloc_move(mem_ctx, &tmp_valnames);
+ *value_strings = talloc_move(mem_ctx, &tmp_valstrings);
+ } else {
+ *value_names = NULL;
+ *value_strings = NULL;
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+/**
+ * delete all values from a key
+ */
+static sbcErr smbconf_reg_delete_values(struct registry_key *key)
+{
+ WERROR werr;
+ sbcErr err;
+ char *valname;
+ struct registry_value *valvalue;
+ uint32_t count;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ for (count = 0;
+ werr = reg_enumvalue(mem_ctx, key, count, &valname, &valvalue),
+ W_ERROR_IS_OK(werr);
+ count++)
+ {
+ werr = reg_deletevalue(key, valname);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_ACCESS_DENIED;
+ goto done;
+ }
+ }
+ if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) {
+ DEBUG(1, ("smbconf_reg_delete_values: "
+ "Error enumerating values of %s: %s\n",
+ key->key->name,
+ win_errstr(werr)));
+ err = SBC_ERR_ACCESS_DENIED;
+ goto done;
+ }
+
+ err = SBC_ERR_OK;
+
+done:
+ talloc_free(mem_ctx);
+ return err;
+}
+
+/**********************************************************************
+ *
+ * smbconf operations: registry implementations
+ *
+ **********************************************************************/
+
+/**
+ * initialize the registry smbconf backend
+ */
+static sbcErr smbconf_reg_init(struct smbconf_ctx *ctx, const char *path)
+{
+ WERROR werr;
+ sbcErr err;
+ struct security_token *token;
+
+ if (path == NULL) {
+ path = KEY_SMBCONF;
+ }
+ ctx->path = talloc_strdup(ctx, path);
+ if (ctx->path == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ ctx->data = talloc_zero(ctx, struct reg_private_data);
+
+ werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token));
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(1, ("Error creating admin token\n"));
+ err = SBC_ERR_UNKNOWN_FAILURE;
+ goto done;
+ }
+ rpd(ctx)->open = false;
+
+ werr = registry_init_smbconf(path);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_BADFILE;
+ goto done;
+ }
+
+ err = ctx->ops->open_conf(ctx);
+ if (!SBC_ERROR_IS_OK(err)) {
+ DEBUG(1, ("Error opening the registry.\n"));
+ goto done;
+ }
+
+ werr = reg_open_path(ctx, ctx->path,
+ KEY_ENUMERATE_SUB_KEYS | REG_KEY_WRITE,
+ token, &rpd(ctx)->base_key);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_UNKNOWN_FAILURE;
+ goto done;
+ }
+
+done:
+ return err;
+}
+
+static int smbconf_reg_shutdown(struct smbconf_ctx *ctx)
+{
+ return ctx->ops->close_conf(ctx);
+}
+
+static bool smbconf_reg_requires_messaging(struct smbconf_ctx *ctx)
+{
+ if (lp_clustering() && lp_parm_bool(-1, "ctdb", "registry.tdb", true)) {
+ return true;
+ }
+
+ return false;
+}
+
+static bool smbconf_reg_is_writeable(struct smbconf_ctx *ctx)
+{
+ /*
+ * The backend has write support.
+ *
+ * TODO: add access checks whether the concrete
+ * config source is really writeable by the calling user.
+ */
+ return true;
+}
+
+static sbcErr smbconf_reg_open(struct smbconf_ctx *ctx)
+{
+ WERROR werr;
+
+ if (rpd(ctx)->open) {
+ return SBC_ERR_OK;
+ }
+
+ werr = regdb_open();
+ if (!W_ERROR_IS_OK(werr)) {
+ return SBC_ERR_BADFILE;
+ }
+
+ rpd(ctx)->open = true;
+ return SBC_ERR_OK;
+}
+
+static int smbconf_reg_close(struct smbconf_ctx *ctx)
+{
+ int ret;
+
+ if (!rpd(ctx)->open) {
+ return 0;
+ }
+
+ ret = regdb_close();
+ if (ret == 0) {
+ rpd(ctx)->open = false;
+ }
+ return ret;
+}
+
+/**
+ * Get the change sequence number of the given service/parameter.
+ * service and parameter strings may be NULL.
+ */
+static void smbconf_reg_get_csn(struct smbconf_ctx *ctx,
+ struct smbconf_csn *csn,
+ const char *service, const char *param)
+{
+ if (csn == NULL) {
+ return;
+ }
+
+ if (!SBC_ERROR_IS_OK(ctx->ops->open_conf(ctx))) {
+ return;
+ }
+
+ csn->csn = (uint64_t)regdb_get_seqnum();
+}
+
+/**
+ * Drop the whole configuration (restarting empty) - registry version
+ */
+static sbcErr smbconf_reg_drop(struct smbconf_ctx *ctx)
+{
+ char *path, *p;
+ WERROR werr;
+ sbcErr err = SBC_ERR_OK;
+ struct registry_key *parent_key = NULL;
+ struct registry_key *new_key = NULL;
+ TALLOC_CTX* mem_ctx = talloc_stackframe();
+ enum winreg_CreateAction action;
+ struct security_token *token;
+
+ werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token));
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(1, ("Error creating admin token\n"));
+ err = SBC_ERR_UNKNOWN_FAILURE;
+ goto done;
+ }
+
+ path = talloc_strdup(mem_ctx, ctx->path);
+ if (path == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+ p = strrchr(path, '\\');
+ if (p == NULL) {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+ *p = '\0';
+ werr = reg_open_path(mem_ctx, path, REG_KEY_WRITE, token,
+ &parent_key);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_IO_FAILURE;
+ goto done;
+ }
+
+ werr = reg_deletesubkeys_recursive(parent_key, p+1);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_IO_FAILURE;
+ goto done;
+ }
+
+ werr = reg_createkey(mem_ctx, parent_key, p+1, REG_KEY_WRITE,
+ &new_key, &action);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_IO_FAILURE;
+ goto done;
+ }
+
+done:
+ talloc_free(mem_ctx);
+ return err;
+}
+
+/**
+ * get the list of share names defined in the configuration.
+ * registry version.
+ */
+static sbcErr smbconf_reg_get_share_names(struct smbconf_ctx *ctx,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_shares,
+ char ***share_names)
+{
+ uint32_t count;
+ uint32_t added_count = 0;
+ TALLOC_CTX *tmp_ctx = NULL;
+ WERROR werr;
+ sbcErr err = SBC_ERR_OK;
+ char *subkey_name = NULL;
+ char **tmp_share_names = NULL;
+
+ if ((num_shares == NULL) || (share_names == NULL)) {
+ return SBC_ERR_INVALID_PARAM;
+ }
+
+ tmp_ctx = talloc_stackframe();
+
+ /* make sure "global" is always listed first */
+ if (smbconf_share_exists(ctx, GLOBAL_NAME)) {
+ err = smbconf_add_string_to_array(tmp_ctx, &tmp_share_names,
+ added_count, GLOBAL_NAME);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+ added_count++;
+ }
+
+ for (count = 0;
+ werr = reg_enumkey(tmp_ctx, rpd(ctx)->base_key, count,
+ &subkey_name, NULL),
+ W_ERROR_IS_OK(werr);
+ count++)
+ {
+ if (strequal(subkey_name, GLOBAL_NAME)) {
+ continue;
+ }
+
+ err = smbconf_add_string_to_array(tmp_ctx,
+ &tmp_share_names,
+ added_count,
+ subkey_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+ added_count++;
+ }
+ if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) {
+ err = SBC_ERR_NO_MORE_ITEMS;
+ goto done;
+ }
+ err = SBC_ERR_OK;
+
+ *num_shares = added_count;
+ if (added_count > 0) {
+ *share_names = talloc_move(mem_ctx, &tmp_share_names);
+ } else {
+ *share_names = NULL;
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+/**
+ * check if a share/service of a given name exists - registry version
+ */
+static bool smbconf_reg_share_exists(struct smbconf_ctx *ctx,
+ const char *servicename)
+{
+ bool ret = false;
+ sbcErr err;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+ struct registry_key *key = NULL;
+
+ err = smbconf_reg_open_service_key(mem_ctx, ctx, servicename,
+ REG_KEY_READ, &key);
+ if (SBC_ERROR_IS_OK(err)) {
+ ret = true;
+ }
+
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+/**
+ * Add a service if it does not already exist - registry version
+ */
+static sbcErr smbconf_reg_create_share(struct smbconf_ctx *ctx,
+ const char *servicename)
+{
+ sbcErr err;
+ struct registry_key *key = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ if (servicename == NULL) {
+ return SBC_ERR_OK;
+ }
+
+ err = smbconf_reg_create_service_key(tmp_ctx, ctx,
+ servicename, &key);
+
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+/**
+ * get a definition of a share (service) from configuration.
+ */
+static sbcErr smbconf_reg_get_share(struct smbconf_ctx *ctx,
+ TALLOC_CTX *mem_ctx,
+ const char *servicename,
+ struct smbconf_service **service)
+{
+ sbcErr err;
+ struct registry_key *key = NULL;
+ struct smbconf_service *tmp_service = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ err = smbconf_reg_open_service_key(tmp_ctx, ctx, servicename,
+ REG_KEY_READ, &key);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ tmp_service = talloc_zero(tmp_ctx, struct smbconf_service);
+ if (tmp_service == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ if (servicename != NULL) {
+ WERROR werr;
+ uint32_t count = 0;
+ char *name = NULL;
+
+ /*
+ * Determine correct upper/lowercase.
+ */
+ for (count = 0;
+ werr = reg_enumkey(tmp_ctx, rpd(ctx)->base_key, count,
+ &name, NULL),
+ W_ERROR_IS_OK(werr);
+ count++) {
+ if (!strequal(name, servicename)) {
+ continue;
+ }
+
+ tmp_service->name = talloc_strdup(tmp_service, name);
+ if (tmp_service->name == NULL) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+ break;
+ }
+ }
+
+ err = smbconf_reg_get_values(tmp_service, key,
+ &(tmp_service->num_params),
+ &(tmp_service->param_names),
+ &(tmp_service->param_values));
+ if (SBC_ERROR_IS_OK(err)) {
+ *service = talloc_move(mem_ctx, &tmp_service);
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+/**
+ * delete a service from configuration
+ */
+static sbcErr smbconf_reg_delete_share(struct smbconf_ctx *ctx,
+ const char *servicename)
+{
+ WERROR werr;
+ sbcErr err = SBC_ERR_OK;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ if (servicename != NULL) {
+ werr = reg_deletekey_recursive(rpd(ctx)->base_key, servicename);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_ACCESS_DENIED;
+ }
+ } else {
+ err = smbconf_reg_delete_values(rpd(ctx)->base_key);
+ }
+
+ talloc_free(mem_ctx);
+ return err;
+}
+
+/**
+ * set a configuration parameter to the value provided.
+ */
+static sbcErr smbconf_reg_set_parameter(struct smbconf_ctx *ctx,
+ const char *service,
+ const char *param,
+ const char *valstr)
+{
+ sbcErr err;
+ struct registry_key *key = NULL;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ err = smbconf_reg_open_service_key(mem_ctx, ctx, service,
+ REG_KEY_WRITE, &key);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ err = smbconf_reg_set_value(key, param, valstr);
+
+done:
+ talloc_free(mem_ctx);
+ return err;
+}
+
+/**
+ * get the value of a configuration parameter as a string
+ */
+static sbcErr smbconf_reg_get_parameter(struct smbconf_ctx *ctx,
+ TALLOC_CTX *mem_ctx,
+ const char *service,
+ const char *param,
+ char **valstr)
+{
+ WERROR werr;
+ sbcErr err;
+ struct registry_key *key = NULL;
+ struct registry_value *value = NULL;
+
+ err = smbconf_reg_open_service_key(mem_ctx, ctx, service,
+ REG_KEY_READ, &key);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ if (!smbconf_reg_parameter_is_valid(param)) {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ if (!smbconf_value_exists(key, param)) {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ werr = reg_queryvalue(mem_ctx, key, param, &value);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_NOMEM;
+ goto done;
+ }
+
+ *valstr = smbconf_format_registry_value(mem_ctx, value);
+ if (*valstr == NULL) {
+ err = SBC_ERR_NOMEM;
+ }
+
+done:
+ talloc_free(key);
+ talloc_free(value);
+ return err;
+}
+
+/**
+ * delete a parameter from configuration
+ */
+static sbcErr smbconf_reg_delete_parameter(struct smbconf_ctx *ctx,
+ const char *service,
+ const char *param)
+{
+ struct registry_key *key = NULL;
+ WERROR werr;
+ sbcErr err;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ err = smbconf_reg_open_service_key(mem_ctx, ctx, service,
+ REG_KEY_ALL, &key);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ if (!smbconf_reg_parameter_is_valid(param)) {
+ err = SBC_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ if (!smbconf_value_exists(key, param)) {
+ err = SBC_ERR_OK;
+ goto done;
+ }
+
+ werr = reg_deletevalue(key, param);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_ACCESS_DENIED;
+ }
+
+done:
+ talloc_free(mem_ctx);
+ return err;
+}
+
+static sbcErr smbconf_reg_get_includes(struct smbconf_ctx *ctx,
+ TALLOC_CTX *mem_ctx,
+ const char *service,
+ uint32_t *num_includes,
+ char ***includes)
+{
+ sbcErr err;
+ struct registry_key *key = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ err = smbconf_reg_open_service_key(tmp_ctx, ctx, service,
+ REG_KEY_READ, &key);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ err = smbconf_reg_get_includes_internal(mem_ctx, key, num_includes,
+ includes);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+static sbcErr smbconf_reg_set_includes(struct smbconf_ctx *ctx,
+ const char *service,
+ uint32_t num_includes,
+ const char **includes)
+{
+ sbcErr err;
+ struct registry_key *key = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ err = smbconf_reg_open_service_key(tmp_ctx, ctx, service,
+ REG_KEY_ALL, &key);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ if (num_includes == 0) {
+ WERROR werr;
+ if (!smbconf_value_exists(key, INCLUDES_VALNAME)) {
+ err = SBC_ERR_OK;
+ goto done;
+ }
+ werr = reg_deletevalue(key, INCLUDES_VALNAME);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_ACCESS_DENIED;
+ goto done;
+ }
+ } else {
+ err = smbconf_reg_set_multi_sz_value(key, INCLUDES_VALNAME,
+ num_includes, includes);
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+static sbcErr smbconf_reg_delete_includes(struct smbconf_ctx *ctx,
+ const char *service)
+{
+ WERROR werr;
+ sbcErr err;
+ struct registry_key *key = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+
+ err = smbconf_reg_open_service_key(tmp_ctx, ctx, service,
+ REG_KEY_ALL, &key);
+ if (!SBC_ERROR_IS_OK(err)) {
+ goto done;
+ }
+
+ if (!smbconf_value_exists(key, INCLUDES_VALNAME)) {
+ err = SBC_ERR_OK;
+ goto done;
+ }
+
+ werr = reg_deletevalue(key, INCLUDES_VALNAME);
+ if (!W_ERROR_IS_OK(werr)) {
+ err = SBC_ERR_ACCESS_DENIED;
+ goto done;
+ }
+
+ err = SBC_ERR_OK;
+done:
+ talloc_free(tmp_ctx);
+ return err;
+}
+
+static sbcErr smbconf_reg_transaction_start(struct smbconf_ctx *ctx)
+{
+ WERROR werr;
+
+ werr = regdb_transaction_start();
+ if (!W_ERROR_IS_OK(werr)) {
+ return SBC_ERR_IO_FAILURE;
+ }
+
+ return SBC_ERR_OK;
+}
+
+static sbcErr smbconf_reg_transaction_commit(struct smbconf_ctx *ctx)
+{
+ WERROR werr;
+
+ werr = regdb_transaction_commit();
+ if (!W_ERROR_IS_OK(werr)) {
+ return SBC_ERR_IO_FAILURE;
+ }
+
+ return SBC_ERR_OK;
+}
+
+static sbcErr smbconf_reg_transaction_cancel(struct smbconf_ctx *ctx)
+{
+ WERROR werr;
+
+ werr = regdb_transaction_cancel();
+ if (!W_ERROR_IS_OK(werr)) {
+ return SBC_ERR_IO_FAILURE;
+ }
+
+ return SBC_ERR_OK;
+}
+
+struct smbconf_ops smbconf_ops_reg = {
+ .init = smbconf_reg_init,
+ .shutdown = smbconf_reg_shutdown,
+ .requires_messaging = smbconf_reg_requires_messaging,
+ .is_writeable = smbconf_reg_is_writeable,
+ .open_conf = smbconf_reg_open,
+ .close_conf = smbconf_reg_close,
+ .get_csn = smbconf_reg_get_csn,
+ .drop = smbconf_reg_drop,
+ .get_share_names = smbconf_reg_get_share_names,
+ .share_exists = smbconf_reg_share_exists,
+ .create_share = smbconf_reg_create_share,
+ .get_share = smbconf_reg_get_share,
+ .delete_share = smbconf_reg_delete_share,
+ .set_parameter = smbconf_reg_set_parameter,
+ .get_parameter = smbconf_reg_get_parameter,
+ .delete_parameter = smbconf_reg_delete_parameter,
+ .get_includes = smbconf_reg_get_includes,
+ .set_includes = smbconf_reg_set_includes,
+ .delete_includes = smbconf_reg_delete_includes,
+ .transaction_start = smbconf_reg_transaction_start,
+ .transaction_commit = smbconf_reg_transaction_commit,
+ .transaction_cancel = smbconf_reg_transaction_cancel,
+};
+
+
+/**
+ * initialize the smbconf registry backend
+ * the only function that is exported from this module
+ */
+sbcErr smbconf_init_reg(TALLOC_CTX *mem_ctx, struct smbconf_ctx **conf_ctx,
+ const char *path)
+{
+ /*
+ * this tmp_ctx stackframe is required to initialize the registry backend.
+ * Without it, the calls panics due to the use of talloc_tos in the
+ * source3/registry code.
+ */
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ sbcErr err = smbconf_init_internal(mem_ctx, conf_ctx, path, &smbconf_ops_reg);
+ talloc_free(tmp_ctx);
+ return err;
+}
diff --git a/source3/lib/smbconf/smbconf_reg.h b/source3/lib/smbconf/smbconf_reg.h
new file mode 100644
index 0000000..a3f343f
--- /dev/null
+++ b/source3/lib/smbconf/smbconf_reg.h
@@ -0,0 +1,38 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libsmbconf - Samba configuration library
+ * Copyright (C) Michael Adam 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBSMBCONF_REG_H__
+#define __LIBSMBCONF_REG_H__
+
+struct smbconf_ctx;
+
+/**
+ * initialization functions for the registry backend modules
+ */
+
+sbcErr smbconf_init_reg(TALLOC_CTX *mem_ctx, struct smbconf_ctx **conf_ctx,
+ const char *path);
+
+/**
+ * Check whether a given parameter name is valid in the
+ * smbconf registry backend.
+ */
+bool smbconf_reg_parameter_is_valid(const char *param_name);
+
+#endif /* _LIBSMBCONF_REG_H_ */
diff --git a/source3/lib/smbconf/testsuite.c b/source3/lib/smbconf/testsuite.c
new file mode 100644
index 0000000..1dd7eec
--- /dev/null
+++ b/source3/lib/smbconf/testsuite.c
@@ -0,0 +1,338 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libsmbconf - Samba configuration library: testsuite
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/cmdline/cmdline.h"
+#include "lib/smbconf/smbconf.h"
+#include "lib/smbconf/smbconf_init.h"
+#include "lib/smbconf/smbconf_reg.h"
+#include "lib/smbconf/smbconf_txt.h"
+
+static void print_strings(const char *prefix,
+ uint32_t num_strings,
+ const char * const *strings)
+{
+ uint32_t count;
+
+ if (prefix == NULL) {
+ prefix = "";
+ }
+
+ for (count = 0; count < num_strings; count++) {
+ printf("%s%s\n", prefix, strings[count]);
+ }
+}
+
+static bool test_get_includes(struct smbconf_ctx *ctx)
+{
+ sbcErr err;
+ bool ret = false;
+ uint32_t num_includes = 0;
+ char **includes = NULL;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ printf("TEST: get_includes\n");
+ err = smbconf_get_global_includes(ctx, mem_ctx,
+ &num_includes, &includes);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: get_includes - %s\n", sbcErrorString(err));
+ goto done;
+ }
+
+ printf("got %u includes%s\n", num_includes,
+ (num_includes > 0) ? ":" : ".");
+ print_strings("", num_includes, (const char * const *)includes);
+
+ printf("OK: get_includes\n");
+ ret = true;
+
+done:
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+static bool test_set_get_includes(struct smbconf_ctx *ctx)
+{
+ sbcErr err;
+ uint32_t count;
+ bool ret = false;
+ const char *set_includes[] = {
+ "/path/to/include1",
+ "/path/to/include2"
+ };
+ uint32_t set_num_includes = 2;
+ char **get_includes = NULL;
+ uint32_t get_num_includes = 0;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ printf("TEST: set_get_includes\n");
+
+ err = smbconf_set_global_includes(ctx, set_num_includes, set_includes);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: get_set_includes (setting includes) - %s\n",
+ sbcErrorString(err));
+ goto done;
+ }
+
+ err = smbconf_get_global_includes(ctx, mem_ctx, &get_num_includes,
+ &get_includes);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: get_set_includes (getting includes) - %s\n",
+ sbcErrorString(err));
+ goto done;
+ }
+
+ if (get_num_includes != set_num_includes) {
+ printf("FAIL: get_set_includes - set %d includes, got %d\n",
+ set_num_includes, get_num_includes);
+ goto done;
+ }
+
+ for (count = 0; count < get_num_includes; count++) {
+ if (!strequal(set_includes[count], get_includes[count])) {
+ printf("expected: \n");
+ print_strings("* ", set_num_includes,
+ (const char * const *)set_includes);
+ printf("got: \n");
+ print_strings("* ", get_num_includes,
+ (const char * const *)get_includes);
+ printf("FAIL: get_set_includes - data mismatch:\n");
+ goto done;
+ }
+ }
+
+ printf("OK: set_includes\n");
+ ret = true;
+
+done:
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+static bool test_delete_includes(struct smbconf_ctx *ctx)
+{
+ sbcErr err;
+ bool ret = false;
+ const char *set_includes[] = {
+ "/path/to/include",
+ };
+ uint32_t set_num_includes = 1;
+ char **get_includes = NULL;
+ uint32_t get_num_includes = 0;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ printf("TEST: delete_includes\n");
+
+ err = smbconf_set_global_includes(ctx, set_num_includes, set_includes);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: delete_includes (setting includes) - %s\n",
+ sbcErrorString(err));
+ goto done;
+ }
+
+ err = smbconf_delete_global_includes(ctx);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: delete_includes (deleting includes) - %s\n",
+ sbcErrorString(err));
+ goto done;
+ }
+
+ err = smbconf_get_global_includes(ctx, mem_ctx, &get_num_includes,
+ &get_includes);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: delete_includes (getting includes) - %s\n",
+ sbcErrorString(err));
+ goto done;
+ }
+
+ if (get_num_includes != 0) {
+ printf("FAIL: delete_includes (not empty after delete)\n");
+ goto done;
+ }
+
+ err = smbconf_delete_global_includes(ctx);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: delete_includes (delete empty includes) - "
+ "%s\n", sbcErrorString(err));
+ goto done;
+ }
+
+ printf("OK: delete_includes\n");
+ ret = true;
+
+done:
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+static bool create_conf_file(const char *filename)
+{
+ FILE *f;
+
+ printf("TEST: creating file\n");
+ f = fopen(filename, "w");
+ if (!f) {
+ printf("failure: failed to open %s for writing: %s\n",
+ filename, strerror(errno));
+ return false;
+ }
+
+ fprintf(f, "[global]\n");
+ fprintf(f, "\tserver string = smbconf testsuite\n");
+ fprintf(f, "\tworkgroup = SAMBA\n");
+ fprintf(f, "\tsecurity = user\n");
+
+ fclose(f);
+
+ printf("OK: create file\n");
+ return true;
+}
+
+static bool torture_smbconf_txt(void)
+{
+ sbcErr err;
+ bool ret = true;
+ const char *filename = "/tmp/smb.conf.smbconf_testsuite";
+ struct smbconf_ctx *conf_ctx = NULL;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ printf("test: text backend\n");
+
+ if (!create_conf_file(filename)) {
+ ret = false;
+ goto done;
+ }
+
+ printf("TEST: init\n");
+ err = smbconf_init_txt(mem_ctx, &conf_ctx, filename);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: text backend failed: %s\n", sbcErrorString(err));
+ ret = false;
+ goto done;
+ }
+ printf("OK: init\n");
+
+ ret &= test_get_includes(conf_ctx);
+
+ smbconf_shutdown(conf_ctx);
+
+ printf("TEST: unlink file\n");
+ if (unlink(filename) != 0) {
+ printf("OK: unlink failed: %s\n", strerror(errno));
+ ret = false;
+ goto done;
+ }
+ printf("OK: unlink file\n");
+
+done:
+ printf("%s: text backend\n", ret ? "success" : "failure");
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+static bool torture_smbconf_reg(void)
+{
+ sbcErr err;
+ bool ret = true;
+ struct smbconf_ctx *conf_ctx = NULL;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+
+ printf("test: registry backend\n");
+
+ printf("TEST: init\n");
+ err = smbconf_init_reg(mem_ctx, &conf_ctx, NULL);
+ if (!SBC_ERROR_IS_OK(err)) {
+ printf("FAIL: init failed: %s\n", sbcErrorString(err));
+ ret = false;
+ goto done;
+ }
+ printf("OK: init\n");
+
+ ret &= test_get_includes(conf_ctx);
+ ret &= test_set_get_includes(conf_ctx);
+ ret &= test_delete_includes(conf_ctx);
+
+ smbconf_shutdown(conf_ctx);
+
+done:
+ printf("%s: registry backend\n", ret ? "success" : "failure");
+ talloc_free(mem_ctx);
+ return ret;
+}
+
+static bool torture_smbconf(void)
+{
+ bool ret = true;
+ ret &= torture_smbconf_txt();
+ printf("\n");
+ ret &= torture_smbconf_reg();
+ return ret;
+}
+
+int main(int argc, const char **argv)
+{
+ bool ret;
+ poptContext pc;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+ int opt;
+
+ struct poptOption long_options[] = {
+ POPT_COMMON_SAMBA
+ POPT_COMMON_VERSION
+ POPT_TABLEEND
+ };
+
+ smb_init_locale();
+
+ ret = samba_cmdline_init(mem_ctx,
+ SAMBA_CMDLINE_CONFIG_CLIENT,
+ true /* require_smbconf */);
+ if (!ret) {
+ goto done;
+ }
+
+ /* parse options */
+ pc = samba_popt_get_context(getprogname(),
+ argc,
+ (const char **)argv,
+ long_options,
+ 0);
+ if (pc == NULL) {
+ ret = false;
+ goto done;
+ }
+
+ while ((opt = poptGetNextOpt(pc)) != -1) {
+ switch (opt) {
+ case POPT_ERROR_BADOPT:
+ fprintf(stderr, "\nInvalid option %s: %s\n\n",
+ poptBadOption(pc, 0), poptStrerror(opt));
+ poptPrintUsage(pc, stderr, 0);
+ exit(1);
+ }
+ }
+
+ poptFreeContext(pc);
+
+ ret = torture_smbconf();
+
+done:
+ talloc_free(mem_ctx);
+ return ret ? 0 : -1;
+}
diff --git a/source3/lib/smbd_shim.c b/source3/lib/smbd_shim.c
new file mode 100644
index 0000000..c7c64f7
--- /dev/null
+++ b/source3/lib/smbd_shim.c
@@ -0,0 +1,116 @@
+/*
+ Unix SMB/CIFS implementation.
+ Runtime plugin adapter for various "smbd"-functions.
+
+ Copyright (C) Gerald (Jerry) Carter 2004.
+ Copyright (C) Andrew Bartlett 2011.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Shim functions required due to the horrible dependency mess
+ in Samba. */
+
+#include "includes.h"
+#include "smbd_shim.h"
+
+static struct smbd_shim shim;
+
+void set_smbd_shim(const struct smbd_shim *shim_functions)
+{
+ shim = *shim_functions;
+}
+
+bool change_to_root_user(void)
+{
+ if (shim.change_to_root_user) {
+ return shim.change_to_root_user();
+ }
+ return false;
+}
+
+bool become_authenticated_pipe_user(struct auth_session_info *session_info)
+{
+ if (shim.become_authenticated_pipe_user) {
+ return shim.become_authenticated_pipe_user(session_info);
+ }
+
+ return false;
+}
+
+bool unbecome_authenticated_pipe_user(void)
+{
+ if (shim.unbecome_authenticated_pipe_user) {
+ return shim.unbecome_authenticated_pipe_user();
+ }
+
+ return false;
+}
+
+/**
+ * The following two functions need to be called from inside the low-level BRL
+ * code for oplocks correctness in smbd. Since other utility binaries also
+ * link in some of the brl code directly, these dummy functions are necessary
+ * to avoid needing to link in the oplocks code and its dependencies to all of
+ * the utility binaries.
+ */
+void contend_level2_oplocks_begin(files_struct *fsp,
+ enum level2_contention_type type)
+{
+ if (shim.contend_level2_oplocks_begin) {
+ shim.contend_level2_oplocks_begin(fsp, type);
+ }
+ return;
+}
+
+void contend_level2_oplocks_end(files_struct *fsp,
+ enum level2_contention_type type)
+{
+ if (shim.contend_level2_oplocks_end) {
+ shim.contend_level2_oplocks_end(fsp, type);
+ }
+ return;
+}
+
+void become_root(void)
+{
+ if (shim.become_root) {
+ shim.become_root();
+ }
+ return;
+}
+
+void unbecome_root(void)
+{
+ if (shim.unbecome_root) {
+ shim.unbecome_root();
+ }
+ return;
+}
+
+void exit_server(const char *reason)
+{
+ if (shim.exit_server) {
+ shim.exit_server(reason);
+ }
+ exit(1);
+}
+
+void exit_server_cleanly(const char *const reason)
+{
+ if (shim.exit_server_cleanly) {
+ shim.exit_server_cleanly(reason);
+ }
+ exit(0);
+}
diff --git a/source3/lib/smbd_shim.h b/source3/lib/smbd_shim.h
new file mode 100644
index 0000000..c4bf330
--- /dev/null
+++ b/source3/lib/smbd_shim.h
@@ -0,0 +1,53 @@
+/*
+ Unix SMB/CIFS implementation.
+ Runtime plugin adapter for various "smbd"-functions.
+
+ Copyright (C) Gerald (Jerry) Carter 2004.
+ Copyright (C) Andrew Bartlett 2011.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ shim functions are used required to allow library code to have
+ references to smbd specific code. The smbd daemon sets up the set
+ of function calls that it wants used by calling
+ set_smbd_shim(). Other executables don't make this call, and get
+ default (dummy) versions of these functions.
+*/
+
+struct smbd_shim
+{
+ bool (*change_to_root_user)(void);
+ bool (*become_authenticated_pipe_user)(struct auth_session_info *session_info);
+ bool (*unbecome_authenticated_pipe_user)(void);
+
+ void (*contend_level2_oplocks_begin)(files_struct *fsp,
+ enum level2_contention_type type);
+
+ void (*contend_level2_oplocks_end)(files_struct *fsp,
+ enum level2_contention_type type);
+
+ void (*become_root)(void);
+
+ void (*unbecome_root)(void);
+
+ void (*exit_server)(const char *const explanation) _NORETURN_;
+
+ void (*exit_server_cleanly)(const char *const explanation) _NORETURN_;
+};
+
+void set_smbd_shim(const struct smbd_shim *shim_functions);
+
+
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
new file mode 100644
index 0000000..c0d6884
--- /dev/null
+++ b/source3/lib/smbldap.c
@@ -0,0 +1,1941 @@
+/*
+ Unix SMB/CIFS implementation.
+ LDAP protocol helper functions for SAMBA
+ Copyright (C) Jean François Micouleau 1998
+ Copyright (C) Gerald Carter 2001-2003
+ Copyright (C) Shahms King 2001
+ Copyright (C) Andrew Bartlett 2002-2003
+ Copyright (C) Stefan (metze) Metzmacher 2002-2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "smbldap.h"
+#include "../libcli/security/security.h"
+#include <tevent.h>
+#include "lib/param/loadparm.h"
+
+/* Try not to hit the up or down server forever */
+
+#define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */
+#define SMBLDAP_NUM_RETRIES 8 /* retry only 8 times */
+
+#define SMBLDAP_IDLE_TIME 150 /* After 2.5 minutes disconnect */
+
+struct smbldap_state {
+ LDAP *ldap_struct;
+ pid_t pid;
+ time_t last_ping; /* monotonic */
+ /* retrieve-once info */
+ const char *uri;
+
+ /* credentials */
+ bool anonymous;
+ char *bind_dn;
+ char *bind_secret;
+ smbldap_bind_callback_fn bind_callback;
+ void *bind_callback_data;
+
+ bool paged_results;
+
+ unsigned int num_failures;
+
+ time_t last_use; /* monotonic */
+ struct tevent_context *tevent_context;
+ struct tevent_timer *idle_event;
+
+ struct timeval last_rebind; /* monotonic */
+};
+
+LDAP *smbldap_get_ldap(struct smbldap_state *state)
+{
+ return state->ldap_struct;
+}
+
+bool smbldap_get_paged_results(struct smbldap_state *state)
+{
+ return state->paged_results;
+}
+
+void smbldap_set_paged_results(struct smbldap_state *state,
+ bool paged_results)
+{
+ state->paged_results = paged_results;
+}
+
+void smbldap_set_bind_callback(struct smbldap_state *state,
+ smbldap_bind_callback_fn callback,
+ void *callback_data)
+{
+ state->bind_callback = callback;
+ state->bind_callback_data = callback_data;
+}
+/*******************************************************************
+ Search an attribute and return the first value found.
+******************************************************************/
+
+ bool smbldap_get_single_attribute (LDAP * ldap_struct, LDAPMessage * entry,
+ const char *attribute, char *value,
+ int max_len)
+{
+ char **values;
+ size_t size = 0;
+
+ if ( !attribute )
+ return False;
+
+ value[0] = '\0';
+
+ if ((values = ldap_get_values (ldap_struct, entry, attribute)) == NULL) {
+ DEBUG (10, ("smbldap_get_single_attribute: [%s] = [<does not exist>]\n", attribute));
+
+ return False;
+ }
+
+ if (!convert_string(CH_UTF8, CH_UNIX,values[0], -1, value, max_len, &size)) {
+ DEBUG(1, ("smbldap_get_single_attribute: string conversion of [%s] = [%s] failed!\n",
+ attribute, values[0]));
+ ldap_value_free(values);
+ return False;
+ }
+
+ ldap_value_free(values);
+#ifdef DEBUG_PASSWORDS
+ DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n", attribute, value));
+#endif
+ return True;
+}
+
+ char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+ const char *attribute,
+ TALLOC_CTX *mem_ctx)
+{
+ char **values;
+ char *result;
+ size_t converted_size;
+
+ if (attribute == NULL) {
+ return NULL;
+ }
+
+ values = ldap_get_values(ldap_struct, entry, attribute);
+
+ if (values == NULL) {
+ DEBUG(10, ("attribute %s does not exist\n", attribute));
+ return NULL;
+ }
+
+ if (ldap_count_values(values) != 1) {
+ DEBUG(10, ("attribute %s has %d values, expected only one\n",
+ attribute, ldap_count_values(values)));
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
+ DEBUG(10, ("pull_utf8_talloc failed\n"));
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ ldap_value_free(values);
+
+#ifdef DEBUG_PASSWORDS
+ DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
+ attribute, result));
+#endif
+ return result;
+}
+
+ char * smbldap_talloc_first_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+ const char *attribute,
+ TALLOC_CTX *mem_ctx)
+{
+ char **values;
+ char *result;
+ size_t converted_size;
+
+ if (attribute == NULL) {
+ return NULL;
+ }
+
+ values = ldap_get_values(ldap_struct, entry, attribute);
+
+ if (values == NULL) {
+ DEBUG(10, ("attribute %s does not exist\n", attribute));
+ return NULL;
+ }
+
+ if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
+ DEBUG(10, ("pull_utf8_talloc failed\n"));
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ ldap_value_free(values);
+
+#ifdef DEBUG_PASSWORDS
+ DEBUG (100, ("smbldap_get_first_attribute: [%s] = [%s]\n",
+ attribute, result));
+#endif
+ return result;
+}
+
+ char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+ const char *attribute,
+ TALLOC_CTX *mem_ctx)
+{
+ char **values;
+ char *result;
+ size_t converted_size;
+ int i, num_values;
+
+ if (attribute == NULL) {
+ return NULL;
+ }
+
+ values = ldap_get_values(ldap_struct, entry, attribute);
+
+ if (values == NULL) {
+ DEBUG(10, ("attribute %s does not exist\n", attribute));
+ return NULL;
+ }
+
+ if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
+ DEBUG(10, ("pull_utf8_talloc failed\n"));
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ num_values = ldap_count_values(values);
+
+ for (i=1; i<num_values; i++) {
+ char *tmp;
+
+ if (!pull_utf8_talloc(mem_ctx, &tmp, values[i],
+ &converted_size)) {
+ DEBUG(10, ("pull_utf8_talloc failed\n"));
+ TALLOC_FREE(result);
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ if (strcasecmp_m(tmp, result) < 0) {
+ TALLOC_FREE(result);
+ result = tmp;
+ } else {
+ TALLOC_FREE(tmp);
+ }
+ }
+
+ ldap_value_free(values);
+
+#ifdef DEBUG_PASSWORDS
+ DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
+ attribute, result));
+#endif
+ return result;
+}
+
+ bool smbldap_talloc_single_blob(TALLOC_CTX *mem_ctx, LDAP *ld,
+ LDAPMessage *msg, const char *attrib,
+ DATA_BLOB *blob)
+{
+ struct berval **values;
+
+ values = ldap_get_values_len(ld, msg, attrib);
+ if (!values) {
+ return false;
+ }
+
+ if (ldap_count_values_len(values) != 1) {
+ DEBUG(10, ("Expected one value for %s, got %d\n", attrib,
+ ldap_count_values_len(values)));
+ return false;
+ }
+
+ *blob = data_blob_talloc(mem_ctx, values[0]->bv_val,
+ values[0]->bv_len);
+ ldap_value_free_len(values);
+
+ return (blob->data != NULL);
+}
+
+ bool smbldap_pull_sid(LDAP *ld, LDAPMessage *msg, const char *attrib,
+ struct dom_sid *sid)
+{
+ DATA_BLOB blob;
+ ssize_t ret;
+
+ if (!smbldap_talloc_single_blob(talloc_tos(), ld, msg, attrib,
+ &blob)) {
+ return false;
+ }
+ ret = sid_parse(blob.data, blob.length, sid);
+ TALLOC_FREE(blob.data);
+ return (ret != -1);
+}
+
+ static int ldapmsg_destructor(LDAPMessage **result) {
+ ldap_msgfree(*result);
+ return 0;
+}
+
+ void smbldap_talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result)
+{
+ LDAPMessage **handle;
+
+ if (result == NULL) {
+ return;
+ }
+
+ handle = talloc(mem_ctx, LDAPMessage *);
+ SMB_ASSERT(handle != NULL);
+
+ *handle = result;
+ talloc_set_destructor(handle, ldapmsg_destructor);
+}
+
+ static int ldapmod_destructor(LDAPMod ***mod) {
+ ldap_mods_free(*mod, True);
+ return 0;
+}
+
+ void smbldap_talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod)
+{
+ LDAPMod ***handle;
+
+ if (mod == NULL) {
+ return;
+ }
+
+ handle = talloc(mem_ctx, LDAPMod **);
+ SMB_ASSERT(handle != NULL);
+
+ *handle = mod;
+ talloc_set_destructor(handle, ldapmod_destructor);
+}
+
+/************************************************************************
+ Routine to manage the LDAPMod structure array
+ manage memory used by the array, by each struct, and values
+ ***********************************************************************/
+
+static void smbldap_set_mod_internal(LDAPMod *** modlist, int modop, const char *attribute, const char *value, const DATA_BLOB *blob)
+{
+ LDAPMod **mods;
+ int i;
+ int j;
+
+ mods = *modlist;
+
+ /* sanity checks on the mod values */
+
+ if (attribute == NULL || *attribute == '\0') {
+ return;
+ }
+
+#if 0 /* commented out after discussion with abartlet. Do not re-enable.
+ left here so other do not re-add similar code --jerry */
+ if (value == NULL || *value == '\0')
+ return;
+#endif
+
+ if (mods == NULL) {
+ mods = SMB_MALLOC_P(LDAPMod *);
+ if (mods == NULL) {
+ smb_panic("smbldap_set_mod: out of memory!");
+ /* notreached. */
+ }
+ mods[0] = NULL;
+ }
+
+ for (i = 0; mods[i] != NULL; ++i) {
+ if (mods[i]->mod_op == modop && strequal(mods[i]->mod_type, attribute))
+ break;
+ }
+
+ if (mods[i] == NULL) {
+ mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2);
+ if (mods == NULL) {
+ smb_panic("smbldap_set_mod: out of memory!");
+ /* notreached. */
+ }
+ mods[i] = SMB_MALLOC_P(LDAPMod);
+ if (mods[i] == NULL) {
+ smb_panic("smbldap_set_mod: out of memory!");
+ /* notreached. */
+ }
+ mods[i]->mod_op = modop;
+ mods[i]->mod_values = NULL;
+ mods[i]->mod_type = SMB_STRDUP(attribute);
+ mods[i + 1] = NULL;
+ }
+
+ if (blob && (modop & LDAP_MOD_BVALUES)) {
+ j = 0;
+ if (mods[i]->mod_bvalues != NULL) {
+ for (; mods[i]->mod_bvalues[j] != NULL; j++);
+ }
+ mods[i]->mod_bvalues = SMB_REALLOC_ARRAY(mods[i]->mod_bvalues, struct berval *, j + 2);
+
+ if (mods[i]->mod_bvalues == NULL) {
+ smb_panic("smbldap_set_mod: out of memory!");
+ /* notreached. */
+ }
+
+ mods[i]->mod_bvalues[j] = SMB_MALLOC_P(struct berval);
+ SMB_ASSERT(mods[i]->mod_bvalues[j] != NULL);
+
+ mods[i]->mod_bvalues[j]->bv_val = (char *)smb_memdup(blob->data, blob->length);
+ SMB_ASSERT(mods[i]->mod_bvalues[j]->bv_val != NULL);
+ mods[i]->mod_bvalues[j]->bv_len = blob->length;
+
+ mods[i]->mod_bvalues[j + 1] = NULL;
+ } else if (value != NULL) {
+ char *utf8_value = NULL;
+ size_t converted_size;
+
+ j = 0;
+ if (mods[i]->mod_values != NULL) {
+ for (; mods[i]->mod_values[j] != NULL; j++);
+ }
+ mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2);
+
+ if (mods[i]->mod_values == NULL) {
+ smb_panic("smbldap_set_mod: out of memory!");
+ /* notreached. */
+ }
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_value, value, &converted_size)) {
+ smb_panic("smbldap_set_mod: String conversion failure!");
+ /* notreached. */
+ }
+
+ mods[i]->mod_values[j] = SMB_STRDUP(utf8_value);
+ TALLOC_FREE(utf8_value);
+ SMB_ASSERT(mods[i]->mod_values[j] != NULL);
+
+ mods[i]->mod_values[j + 1] = NULL;
+ }
+ *modlist = mods;
+}
+
+ void smbldap_set_mod (LDAPMod *** modlist, int modop, const char *attribute, const char *value)
+{
+ smbldap_set_mod_internal(modlist, modop, attribute, value, NULL);
+}
+
+ void smbldap_set_mod_blob(LDAPMod *** modlist, int modop, const char *attribute, const DATA_BLOB *value)
+{
+ smbldap_set_mod_internal(modlist, modop | LDAP_MOD_BVALUES, attribute, NULL, value);
+}
+
+/**********************************************************************
+ Set attribute to newval in LDAP, regardless of what value the
+ attribute had in LDAP before.
+*********************************************************************/
+
+static void smbldap_make_mod_internal(LDAP *ldap_struct, LDAPMessage *existing,
+ LDAPMod ***mods,
+ const char *attribute, int op,
+ const char *newval,
+ const DATA_BLOB *newblob)
+{
+ char oldval[2048]; /* current largest allowed value is mungeddial */
+ bool existed;
+ DATA_BLOB oldblob = data_blob_null;
+
+ if (existing != NULL) {
+ if (op & LDAP_MOD_BVALUES) {
+ existed = smbldap_talloc_single_blob(talloc_tos(), ldap_struct, existing, attribute, &oldblob);
+ } else {
+ existed = smbldap_get_single_attribute(ldap_struct, existing, attribute, oldval, sizeof(oldval));
+ }
+ } else {
+ existed = False;
+ *oldval = '\0';
+ }
+
+ if (existed) {
+ bool equal = false;
+ if (op & LDAP_MOD_BVALUES) {
+ equal = (newblob && (data_blob_cmp(&oldblob, newblob) == 0));
+ } else {
+ /* all of our string attributes are case insensitive */
+ equal = (newval && (strcasecmp_m(oldval, newval) == 0));
+ }
+
+ if (equal) {
+ /* Believe it or not, but LDAP will deny a delete and
+ an add at the same time if the values are the
+ same... */
+ DEBUG(10,("smbldap_make_mod: attribute |%s| not changed.\n", attribute));
+ return;
+ }
+
+ /* There has been no value before, so don't delete it.
+ * Here's a possible race: We might end up with
+ * duplicate attributes */
+ /* By deleting exactly the value we found in the entry this
+ * should be race-free in the sense that the LDAP-Server will
+ * deny the complete operation if somebody changed the
+ * attribute behind our back. */
+ /* This will also allow modifying single valued attributes
+ * in Novell NDS. In NDS you have to first remove attribute and then
+ * you could add new value */
+
+ if (op & LDAP_MOD_BVALUES) {
+ DEBUG(10,("smbldap_make_mod: deleting attribute |%s| blob\n", attribute));
+ smbldap_set_mod_blob(mods, LDAP_MOD_DELETE, attribute, &oldblob);
+ } else {
+ DEBUG(10,("smbldap_make_mod: deleting attribute |%s| values |%s|\n", attribute, oldval));
+ smbldap_set_mod(mods, LDAP_MOD_DELETE, attribute, oldval);
+ }
+ }
+
+ /* Regardless of the real operation (add or modify)
+ we add the new value here. We rely on deleting
+ the old value, should it exist. */
+
+ if (op & LDAP_MOD_BVALUES) {
+ if (newblob && newblob->length) {
+ DEBUG(10,("smbldap_make_mod: adding attribute |%s| blob\n", attribute));
+ smbldap_set_mod_blob(mods, LDAP_MOD_ADD, attribute, newblob);
+ }
+ } else {
+ if ((newval != NULL) && (strlen(newval) > 0)) {
+ DEBUG(10,("smbldap_make_mod: adding attribute |%s| value |%s|\n", attribute, newval));
+ smbldap_set_mod(mods, LDAP_MOD_ADD, attribute, newval);
+ }
+ }
+}
+
+ void smbldap_make_mod(LDAP *ldap_struct, LDAPMessage *existing,
+ LDAPMod ***mods,
+ const char *attribute, const char *newval)
+{
+ smbldap_make_mod_internal(ldap_struct, existing, mods, attribute,
+ 0, newval, NULL);
+}
+
+ void smbldap_make_mod_blob(LDAP *ldap_struct, LDAPMessage *existing,
+ LDAPMod ***mods,
+ const char *attribute, const DATA_BLOB *newblob)
+{
+ smbldap_make_mod_internal(ldap_struct, existing, mods, attribute,
+ LDAP_MOD_BVALUES, NULL, newblob);
+}
+
+/**********************************************************************
+ Some variants of the LDAP rebind code do not pass in the third 'arg'
+ pointer to a void*, so we try and work around it by assuming that the
+ value of the 'LDAP *' pointer is the same as the one we had passed in
+ **********************************************************************/
+
+struct smbldap_state_lookup {
+ LDAP *ld;
+ struct smbldap_state *smbldap_state;
+ struct smbldap_state_lookup *prev, *next;
+};
+
+static struct smbldap_state_lookup *smbldap_state_lookup_list;
+
+static struct smbldap_state *smbldap_find_state(LDAP *ld)
+{
+ struct smbldap_state_lookup *t;
+
+ for (t = smbldap_state_lookup_list; t; t = t->next) {
+ if (t->ld == ld) {
+ return t->smbldap_state;
+ }
+ }
+ return NULL;
+}
+
+static void smbldap_delete_state(struct smbldap_state *smbldap_state)
+{
+ struct smbldap_state_lookup *t;
+
+ for (t = smbldap_state_lookup_list; t; t = t->next) {
+ if (t->smbldap_state == smbldap_state) {
+ DLIST_REMOVE(smbldap_state_lookup_list, t);
+ SAFE_FREE(t);
+ return;
+ }
+ }
+}
+
+static void smbldap_store_state(LDAP *ld, struct smbldap_state *smbldap_state)
+{
+ struct smbldap_state *tmp_ldap_state;
+ struct smbldap_state_lookup *t;
+
+ if ((tmp_ldap_state = smbldap_find_state(ld))) {
+ SMB_ASSERT(tmp_ldap_state == smbldap_state);
+ return;
+ }
+
+ t = SMB_XMALLOC_P(struct smbldap_state_lookup);
+ ZERO_STRUCTP(t);
+
+ DLIST_ADD_END(smbldap_state_lookup_list, t);
+ t->ld = ld;
+ t->smbldap_state = smbldap_state;
+}
+
+/********************************************************************
+ start TLS on an existing LDAP connection per config
+*******************************************************************/
+
+int smbldap_start_tls(LDAP *ldap_struct, int version)
+{
+ if (lp_ldap_ssl() != LDAP_SSL_START_TLS) {
+ return LDAP_SUCCESS;
+ }
+
+ return smbldap_start_tls_start(ldap_struct, version);
+}
+
+/********************************************************************
+ start TLS on an existing LDAP connection unconditionally
+*******************************************************************/
+
+int smbldap_start_tls_start(LDAP *ldap_struct, int version)
+{
+#ifdef LDAP_OPT_X_TLS
+ int rc,tls;
+
+ /* check if we use ldaps already */
+ ldap_get_option(ldap_struct, LDAP_OPT_X_TLS, &tls);
+ if (tls == LDAP_OPT_X_TLS_HARD) {
+ return LDAP_SUCCESS;
+ }
+
+ if (version != LDAP_VERSION3) {
+ DEBUG(0, ("Need LDAPv3 for Start TLS\n"));
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ if ((rc = ldap_start_tls_s (ldap_struct, NULL, NULL)) != LDAP_SUCCESS) {
+ DEBUG(0,("Failed to issue the StartTLS instruction: %s\n",
+ ldap_err2string(rc)));
+ return rc;
+ }
+
+ DEBUG (3, ("StartTLS issued: using a TLS connection\n"));
+ return LDAP_SUCCESS;
+#else
+ DEBUG(0,("StartTLS not supported by LDAP client libraries!\n"));
+ return LDAP_OPERATIONS_ERROR;
+#endif
+}
+
+/********************************************************************
+ setup a connection to the LDAP server based on a uri
+*******************************************************************/
+
+static int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
+{
+ int rc;
+
+ DEBUG(10, ("smb_ldap_setup_connection: %s\n", uri));
+
+#ifdef HAVE_LDAP_INITIALIZE
+
+ rc = ldap_initialize(ldap_struct, uri);
+ if (rc) {
+ DEBUG(0, ("ldap_initialize: %s\n", ldap_err2string(rc)));
+ return rc;
+ }
+
+ if (lp_ldap_follow_referral() != Auto) {
+ rc = ldap_set_option(*ldap_struct, LDAP_OPT_REFERRALS,
+ lp_ldap_follow_referral() ? LDAP_OPT_ON : LDAP_OPT_OFF);
+ if (rc != LDAP_SUCCESS)
+ DEBUG(0, ("Failed to set LDAP_OPT_REFERRALS: %s\n",
+ ldap_err2string(rc)));
+ }
+
+#else
+
+ /* Parse the string manually */
+
+ {
+ int port = 0;
+ fstring protocol;
+ fstring host;
+ SMB_ASSERT(sizeof(protocol)>10 && sizeof(host)>254);
+
+
+ /* skip leading "URL:" (if any) */
+ if ( strnequal( uri, "URL:", 4 ) ) {
+ uri += 4;
+ }
+
+ sscanf(uri, "%10[^:]://%254[^:/]:%d", protocol, host, &port);
+
+ if (port == 0) {
+ if (strequal(protocol, "ldap")) {
+ port = LDAP_PORT;
+ } else if (strequal(protocol, "ldaps")) {
+ port = LDAPS_PORT;
+ } else {
+ DEBUG(0, ("unrecognised protocol (%s)!\n", protocol));
+ }
+ }
+
+ if ((*ldap_struct = ldap_init(host, port)) == NULL) {
+ DEBUG(0, ("ldap_init failed !\n"));
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ if (strequal(protocol, "ldaps")) {
+#ifdef LDAP_OPT_X_TLS
+ int tls = LDAP_OPT_X_TLS_HARD;
+ if (ldap_set_option (*ldap_struct, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
+ {
+ DEBUG(0, ("Failed to setup a TLS session\n"));
+ }
+
+ DEBUG(3,("LDAPS option set...!\n"));
+#else
+ DEBUG(0,("smbldap_open_connection: Secure connection not supported by LDAP client libraries!\n"));
+ return LDAP_OPERATIONS_ERROR;
+#endif /* LDAP_OPT_X_TLS */
+ }
+ }
+
+ /* now set connection timeout */
+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
+ {
+ int ct = lp_ldap_connection_timeout()*1000;
+ rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+ ct, ldap_err2string(rc)));
+ }
+ }
+#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */
+ {
+ struct timeval ct;
+ ct.tv_usec = 0;
+ ct.tv_sec = lp_ldap_connection_timeout();
+ rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+ (int)ct.tv_sec, ldap_err2string(rc)));
+ }
+ }
+#endif
+
+#endif /* HAVE_LDAP_INITIALIZE */
+ return LDAP_SUCCESS;
+}
+
+/********************************************************************
+ try to upgrade to Version 3 LDAP if not already, in either case return current
+ version
+ *******************************************************************/
+
+static int smb_ldap_upgrade_conn(LDAP *ldap_struct, int *new_version)
+{
+ int version;
+ int rc;
+
+ /* assume the worst */
+ *new_version = LDAP_VERSION2;
+
+ rc = ldap_get_option(ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+ if (rc) {
+ return rc;
+ }
+
+ if (version == LDAP_VERSION3) {
+ *new_version = LDAP_VERSION3;
+ return LDAP_SUCCESS;
+ }
+
+ /* try upgrade */
+ version = LDAP_VERSION3;
+ rc = ldap_set_option (ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version);
+ if (rc) {
+ return rc;
+ }
+
+ *new_version = LDAP_VERSION3;
+ return LDAP_SUCCESS;
+}
+
+/*******************************************************************
+ open a connection to the ldap server (just until the bind)
+ ******************************************************************/
+
+int smbldap_setup_full_conn(LDAP **ldap_struct, const char *uri)
+{
+ int rc, version;
+
+ rc = smb_ldap_setup_conn(ldap_struct, uri);
+ if (rc) {
+ return rc;
+ }
+
+ rc = smb_ldap_upgrade_conn(*ldap_struct, &version);
+ if (rc) {
+ return rc;
+ }
+
+ rc = smbldap_start_tls(*ldap_struct, version);
+ if (rc) {
+ return rc;
+ }
+
+ return LDAP_SUCCESS;
+}
+
+/*******************************************************************
+ open a connection to the ldap server.
+******************************************************************/
+static int smbldap_open_connection (struct smbldap_state *ldap_state)
+
+{
+ int rc = LDAP_SUCCESS;
+ int version;
+ int deref;
+ LDAP **ldap_struct = &ldap_state->ldap_struct;
+
+ rc = smb_ldap_setup_conn(ldap_struct, ldap_state->uri);
+ if (rc) {
+ return rc;
+ }
+
+ /* Store the LDAP pointer in a lookup list */
+
+ smbldap_store_state(*ldap_struct, ldap_state);
+
+ /* Upgrade to LDAPv3 if possible */
+
+ rc = smb_ldap_upgrade_conn(*ldap_struct, &version);
+ if (rc) {
+ return rc;
+ }
+
+ /* Start TLS if required */
+
+ rc = smbldap_start_tls(*ldap_struct, version);
+ if (rc) {
+ return rc;
+ }
+
+ /* Set alias dereferencing method */
+ deref = lp_ldap_deref();
+ if (deref != -1) {
+ if (ldap_set_option (*ldap_struct, LDAP_OPT_DEREF, &deref) != LDAP_OPT_SUCCESS) {
+ DEBUG(1,("smbldap_open_connection: Failed to set dereferencing method: %d\n", deref));
+ } else {
+ DEBUG(5,("Set dereferencing method: %d\n", deref));
+ }
+ }
+
+ DEBUG(2, ("smbldap_open_connection: connection opened\n"));
+ return rc;
+}
+
+/*******************************************************************
+ a rebind function for authenticated referrals
+ This version takes a void* that we can shove useful stuff in :-)
+******************************************************************/
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+#else
+static int rebindproc_with_state (LDAP * ld, char **whop, char **credp,
+ int *methodp, int freeit, void *arg)
+{
+ struct smbldap_state *ldap_state = arg;
+ struct timespec ts;
+
+ /** @TODO Should we be doing something to check what servers we rebind to?
+ Could we get a referral to a machine that we don't want to give our
+ username and password to? */
+
+ if (freeit) {
+ SAFE_FREE(*whop);
+ if (*credp) {
+ memset(*credp, '\0', strlen(*credp));
+ }
+ SAFE_FREE(*credp);
+ } else {
+ DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n",
+ ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]"));
+
+ if (ldap_state->anonymous) {
+ *whop = NULL;
+ *credp = NULL;
+ } else {
+ *whop = SMB_STRDUP(ldap_state->bind_dn);
+ if (!*whop) {
+ return LDAP_NO_MEMORY;
+ }
+ *credp = SMB_STRDUP(ldap_state->bind_secret);
+ if (!*credp) {
+ SAFE_FREE(*whop);
+ return LDAP_NO_MEMORY;
+ }
+ }
+ *methodp = LDAP_AUTH_SIMPLE;
+ }
+
+ clock_gettime_mono(&ts);
+ ldap_state->last_rebind = convert_timespec_to_timeval(ts);
+
+ return 0;
+}
+#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
+
+/*******************************************************************
+ a rebind function for authenticated referrals
+ This version takes a void* that we can shove useful stuff in :-)
+ and actually does the connection.
+******************************************************************/
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+static int rebindproc_connect_with_state (LDAP *ldap_struct,
+ LDAP_CONST char *url,
+ ber_tag_t request,
+ ber_int_t msgid, void *arg)
+{
+ struct smbldap_state *ldap_state =
+ (struct smbldap_state *)arg;
+ int rc;
+ struct timespec ts;
+ int version;
+
+ DEBUG(5,("rebindproc_connect_with_state: Rebinding to %s as \"%s\"\n",
+ url, ldap_state->bind_dn?ldap_state->bind_dn:"[Anonymous bind]"));
+
+ /* call START_TLS again (ldaps:// is handled by the OpenLDAP library
+ * itself) before rebinding to another LDAP server to avoid to expose
+ * our credentials. At least *try* to secure the connection - Guenther */
+
+ smb_ldap_upgrade_conn(ldap_struct, &version);
+ smbldap_start_tls(ldap_struct, version);
+
+ /** @TODO Should we be doing something to check what servers we rebind to?
+ Could we get a referral to a machine that we don't want to give our
+ username and password to? */
+
+ rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret);
+
+ /* only set the last rebind timestamp when we did rebind after a
+ * non-read LDAP operation. That way we avoid the replication sleep
+ * after a simple redirected search operation - Guenther */
+
+ switch (request) {
+
+ case LDAP_REQ_MODIFY:
+ case LDAP_REQ_ADD:
+ case LDAP_REQ_DELETE:
+ case LDAP_REQ_MODDN:
+ case LDAP_REQ_EXTENDED:
+ DEBUG(10,("rebindproc_connect_with_state: "
+ "setting last_rebind timestamp "
+ "(req: 0x%02x)\n", (unsigned int)request));
+ clock_gettime_mono(&ts);
+ ldap_state->last_rebind = convert_timespec_to_timeval(ts);
+ break;
+ default:
+ ZERO_STRUCT(ldap_state->last_rebind);
+ break;
+ }
+
+ return rc;
+}
+#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
+
+/*******************************************************************
+ Add a rebind function for authenticated referrals
+******************************************************************/
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+#else
+# if LDAP_SET_REBIND_PROC_ARGS == 2
+static int rebindproc (LDAP *ldap_struct, char **whop, char **credp,
+ int *method, int freeit )
+{
+ struct smbldap_state *ldap_state = smbldap_find_state(ldap_struct);
+
+ return rebindproc_with_state(ldap_struct, whop, credp,
+ method, freeit, ldap_state);
+}
+# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/
+#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
+
+/*******************************************************************
+ a rebind function for authenticated referrals
+ this also does the connection, but no void*.
+******************************************************************/
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+# if LDAP_SET_REBIND_PROC_ARGS == 2
+static int rebindproc_connect (LDAP * ld, LDAP_CONST char *url, int request,
+ ber_int_t msgid)
+{
+ struct smbldap_state *ldap_state = smbldap_find_state(ld);
+
+ return rebindproc_connect_with_state(ld, url, (ber_tag_t)request, msgid,
+ ldap_state);
+}
+# endif /*LDAP_SET_REBIND_PROC_ARGS == 2*/
+#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
+
+/*******************************************************************
+ connect to the ldap server under system privilege.
+******************************************************************/
+static int smbldap_connect_system(struct smbldap_state *ldap_state)
+{
+ LDAP *ldap_struct = smbldap_get_ldap(ldap_state);
+ int rc;
+ int version;
+
+ /* removed the sasl_bind_s "EXTERNAL" stuff, as my testsuite
+ (OpenLDAP) doesn't seem to support it */
+
+ DEBUG(10,("ldap_connect_system: Binding to ldap server %s as \"%s\"\n",
+ ldap_state->uri, ldap_state->bind_dn));
+
+#ifdef HAVE_LDAP_SET_REBIND_PROC
+#if defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)
+# if LDAP_SET_REBIND_PROC_ARGS == 2
+ ldap_set_rebind_proc(ldap_struct, &rebindproc_connect);
+# endif
+# if LDAP_SET_REBIND_PROC_ARGS == 3
+ ldap_set_rebind_proc(ldap_struct, &rebindproc_connect_with_state, (void *)ldap_state);
+# endif
+#else /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
+# if LDAP_SET_REBIND_PROC_ARGS == 2
+ ldap_set_rebind_proc(ldap_struct, &rebindproc);
+# endif
+# if LDAP_SET_REBIND_PROC_ARGS == 3
+ ldap_set_rebind_proc(ldap_struct, &rebindproc_with_state, (void *)ldap_state);
+# endif
+#endif /*defined(LDAP_API_FEATURE_X_OPENLDAP) && (LDAP_API_VERSION > 2000)*/
+#endif
+
+ /* When there is an alternative bind callback is set,
+ attempt to use it to perform the bind */
+ if (ldap_state->bind_callback != NULL) {
+ /* We have to allow bind callback to be run under become_root/unbecome_root
+ to make sure within smbd the callback has proper write access to its resources,
+ like credential cache. This is similar to passdb case where this callback is supposed
+ to be used. When used outside smbd, become_root()/unbecome_root() are no-op.
+ */
+ become_root();
+ rc = ldap_state->bind_callback(ldap_struct, ldap_state, ldap_state->bind_callback_data);
+ unbecome_root();
+ } else {
+ rc = ldap_simple_bind_s(ldap_struct, ldap_state->bind_dn, ldap_state->bind_secret);
+ }
+
+ if (rc != LDAP_SUCCESS) {
+ char *ld_error = NULL;
+ ldap_get_option(smbldap_get_ldap(ldap_state),
+ LDAP_OPT_ERROR_STRING,
+ &ld_error);
+ DEBUG(ldap_state->num_failures ? 2 : 0,
+ ("failed to bind to server %s with dn=\"%s\" Error: %s\n\t%s\n",
+ ldap_state->uri,
+ ldap_state->bind_dn ? ldap_state->bind_dn : "[Anonymous bind]",
+ ldap_err2string(rc),
+ ld_error ? ld_error : "(unknown)"));
+ SAFE_FREE(ld_error);
+ ldap_state->num_failures++;
+ goto done;
+ }
+
+ ldap_state->num_failures = 0;
+ ldap_state->paged_results = False;
+
+ ldap_get_option(smbldap_get_ldap(ldap_state),
+ LDAP_OPT_PROTOCOL_VERSION, &version);
+
+ if (smbldap_has_control(smbldap_get_ldap(ldap_state), ADS_PAGE_CTL_OID)
+ && version == 3) {
+ ldap_state->paged_results = True;
+ }
+
+ DEBUG(3, ("ldap_connect_system: successful connection to the LDAP server\n"));
+ DEBUGADD(10, ("ldap_connect_system: LDAP server %s support paged results\n",
+ ldap_state->paged_results ? "does" : "does not"));
+done:
+ if (rc != 0) {
+ ldap_unbind(ldap_struct);
+ ldap_state->ldap_struct = NULL;
+ }
+ return rc;
+}
+
+static void smbldap_idle_fn(struct tevent_context *tevent_ctx,
+ struct tevent_timer *te,
+ struct timeval now_abs,
+ void *private_data);
+
+/**********************************************************************
+ Connect to LDAP server (called before every ldap operation)
+*********************************************************************/
+static int smbldap_open(struct smbldap_state *ldap_state)
+{
+ int rc, opt_rc;
+ bool reopen = False;
+ SMB_ASSERT(ldap_state);
+
+ if ((smbldap_get_ldap(ldap_state) != NULL) &&
+ ((ldap_state->last_ping + SMBLDAP_DONT_PING_TIME) <
+ time_mono(NULL))) {
+
+#ifdef HAVE_UNIXSOCKET
+ struct sockaddr_un addr;
+#else
+ struct sockaddr_storage addr;
+#endif
+ socklen_t len = sizeof(addr);
+ int sd;
+
+ opt_rc = ldap_get_option(smbldap_get_ldap(ldap_state),
+ LDAP_OPT_DESC, &sd);
+ if (opt_rc == 0 && (getpeername(sd, (struct sockaddr *) &addr, &len)) < 0 )
+ reopen = True;
+
+#ifdef HAVE_UNIXSOCKET
+ if (opt_rc == 0 && addr.sun_family == AF_UNIX)
+ reopen = True;
+#endif
+ if (reopen) {
+ /* the other end has died. reopen. */
+ ldap_unbind(smbldap_get_ldap(ldap_state));
+ ldap_state->ldap_struct = NULL;
+ ldap_state->last_ping = (time_t)0;
+ } else {
+ ldap_state->last_ping = time_mono(NULL);
+ }
+ }
+
+ if (smbldap_get_ldap(ldap_state) != NULL) {
+ DEBUG(11,("smbldap_open: already connected to the LDAP server\n"));
+ return LDAP_SUCCESS;
+ }
+
+ if ((rc = smbldap_open_connection(ldap_state))) {
+ return rc;
+ }
+
+ if ((rc = smbldap_connect_system(ldap_state))) {
+ return rc;
+ }
+
+
+ ldap_state->last_ping = time_mono(NULL);
+ ldap_state->pid = getpid();
+
+ TALLOC_FREE(ldap_state->idle_event);
+
+ if (ldap_state->tevent_context != NULL) {
+ ldap_state->idle_event = tevent_add_timer(
+ ldap_state->tevent_context, ldap_state,
+ timeval_current_ofs(SMBLDAP_IDLE_TIME, 0),
+ smbldap_idle_fn, ldap_state);
+ }
+
+ DEBUG(4,("The LDAP server is successfully connected\n"));
+
+ return LDAP_SUCCESS;
+}
+
+/**********************************************************************
+Disconnect from LDAP server
+*********************************************************************/
+static NTSTATUS smbldap_close(struct smbldap_state *ldap_state)
+{
+ if (!ldap_state)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (smbldap_get_ldap(ldap_state) != NULL) {
+ ldap_unbind(smbldap_get_ldap(ldap_state));
+ ldap_state->ldap_struct = NULL;
+ }
+
+ smbldap_delete_state(ldap_state);
+
+ TALLOC_FREE(ldap_state->idle_event);
+
+ DEBUG(5,("The connection to the LDAP server was closed\n"));
+ /* maybe free the results here --metze */
+
+ return NT_STATUS_OK;
+}
+
+static SIG_ATOMIC_T got_alarm;
+
+static void gotalarm_sig(int dummy)
+{
+ got_alarm = 1;
+}
+
+static time_t calc_ldap_abs_endtime(int ldap_to)
+{
+ if (ldap_to == 0) {
+ /* No timeout - don't
+ return a value for
+ the alarm. */
+ return (time_t)0;
+ }
+
+ /* Make the alarm time one second beyond
+ the timeout we're setting for the
+ remote search timeout, to allow that
+ to fire in preference. */
+
+ return time_mono(NULL)+ldap_to+1;
+}
+
+static int end_ldap_local_alarm(time_t absolute_endtime, int rc)
+{
+ if (absolute_endtime) {
+ alarm(0);
+ CatchSignal(SIGALRM, SIG_IGN);
+ if (got_alarm) {
+ /* Client timeout error code. */
+ got_alarm = 0;
+ return LDAP_TIMEOUT;
+ }
+ }
+ return rc;
+}
+
+static void setup_ldap_local_alarm(struct smbldap_state *ldap_state, time_t absolute_endtime)
+{
+ time_t now = time_mono(NULL);
+
+ if (absolute_endtime) {
+ got_alarm = 0;
+ CatchSignal(SIGALRM, gotalarm_sig);
+ alarm(absolute_endtime - now);
+ }
+
+ if (ldap_state->pid != getpid()) {
+ smbldap_close(ldap_state);
+ }
+}
+
+static void get_ldap_errs(struct smbldap_state *ldap_state, char **pp_ld_error, int *p_ld_errno)
+{
+ ldap_get_option(smbldap_get_ldap(ldap_state),
+ LDAP_OPT_ERROR_NUMBER, p_ld_errno);
+
+ ldap_get_option(smbldap_get_ldap(ldap_state),
+ LDAP_OPT_ERROR_STRING, pp_ld_error);
+}
+
+static int get_cached_ldap_connect(struct smbldap_state *ldap_state, time_t abs_endtime)
+{
+ int attempts = 0;
+
+ while (1) {
+ int rc;
+ time_t now;
+
+ now = time_mono(NULL);
+ ldap_state->last_use = now;
+
+ if (abs_endtime && now > abs_endtime) {
+ smbldap_close(ldap_state);
+ return LDAP_TIMEOUT;
+ }
+
+ rc = smbldap_open(ldap_state);
+
+ if (rc == LDAP_SUCCESS) {
+ return LDAP_SUCCESS;
+ }
+
+ attempts++;
+ DEBUG(1, ("Connection to LDAP server failed for the "
+ "%d try!\n", attempts));
+
+ if (rc == LDAP_INSUFFICIENT_ACCESS) {
+ /* The fact that we are non-root or any other
+ * access-denied condition will not change in the next
+ * round of trying */
+ return rc;
+ }
+
+ if (got_alarm) {
+ smbldap_close(ldap_state);
+ return LDAP_TIMEOUT;
+ }
+
+ smb_msleep(1000);
+
+ if (got_alarm) {
+ smbldap_close(ldap_state);
+ return LDAP_TIMEOUT;
+ }
+ }
+}
+
+/*********************************************************************
+ ********************************************************************/
+
+static int smbldap_search_ext(struct smbldap_state *ldap_state,
+ const char *base, int scope, const char *filter,
+ const char *attrs[], int attrsonly,
+ LDAPControl **sctrls, LDAPControl **cctrls,
+ int sizelimit, LDAPMessage **res)
+{
+ int rc = LDAP_SERVER_DOWN;
+ char *utf8_filter;
+ int to = lp_ldap_timeout();
+ time_t abs_endtime = calc_ldap_abs_endtime(to);
+ struct timeval timeout;
+ struct timeval *timeout_ptr = NULL;
+ size_t converted_size;
+
+ SMB_ASSERT(ldap_state);
+
+ DEBUG(5,("smbldap_search_ext: base => [%s], filter => [%s], "
+ "scope => [%d]\n", base, filter, scope));
+
+ if (ldap_state->last_rebind.tv_sec > 0) {
+ struct timeval tval;
+ struct timespec ts;
+ int64_t tdiff = 0;
+ int sleep_time = 0;
+
+ clock_gettime_mono(&ts);
+ tval = convert_timespec_to_timeval(ts);
+
+ tdiff = usec_time_diff(&tval, &ldap_state->last_rebind);
+ tdiff /= 1000; /* Convert to milliseconds. */
+
+ sleep_time = lp_ldap_replication_sleep()-(int)tdiff;
+ sleep_time = MIN(sleep_time, MAX_LDAP_REPLICATION_SLEEP_TIME);
+
+ if (sleep_time > 0) {
+ /* we wait for the LDAP replication */
+ DEBUG(5,("smbldap_search_ext: waiting %d milliseconds "
+ "for LDAP replication.\n",sleep_time));
+ smb_msleep(sleep_time);
+ DEBUG(5,("smbldap_search_ext: go on!\n"));
+ }
+ ZERO_STRUCT(ldap_state->last_rebind);
+ }
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_filter, filter, &converted_size)) {
+ return LDAP_NO_MEMORY;
+ }
+
+ /* Setup remote timeout for the ldap_search_ext_s call. */
+ if (to) {
+ timeout.tv_sec = to;
+ timeout.tv_usec = 0;
+ timeout_ptr = &timeout;
+ }
+
+ setup_ldap_local_alarm(ldap_state, abs_endtime);
+
+ while (1) {
+ char *ld_error = NULL;
+ int ld_errno;
+
+ rc = get_cached_ldap_connect(ldap_state, abs_endtime);
+ if (rc != LDAP_SUCCESS) {
+ break;
+ }
+
+ rc = ldap_search_ext_s(smbldap_get_ldap(ldap_state),
+ base, scope,
+ utf8_filter,
+ discard_const_p(char *, attrs),
+ attrsonly, sctrls, cctrls, timeout_ptr,
+ sizelimit, res);
+ if (rc == LDAP_SUCCESS) {
+ break;
+ }
+
+ get_ldap_errs(ldap_state, &ld_error, &ld_errno);
+
+ DEBUG(10, ("Failed search for base: %s, error: %d (%s) "
+ "(%s)\n", base, ld_errno,
+ ldap_err2string(rc),
+ ld_error ? ld_error : "unknown"));
+ SAFE_FREE(ld_error);
+
+ if (ld_errno != LDAP_SERVER_DOWN) {
+ break;
+ }
+ ldap_unbind(smbldap_get_ldap(ldap_state));
+ ldap_state->ldap_struct = NULL;
+ }
+
+ TALLOC_FREE(utf8_filter);
+ return end_ldap_local_alarm(abs_endtime, rc);
+}
+
+int smbldap_search(struct smbldap_state *ldap_state,
+ const char *base, int scope, const char *filter,
+ const char *attrs[], int attrsonly,
+ LDAPMessage **res)
+{
+ return smbldap_search_ext(ldap_state, base, scope, filter, attrs,
+ attrsonly, NULL, NULL, LDAP_NO_LIMIT, res);
+}
+
+int smbldap_search_paged(struct smbldap_state *ldap_state,
+ const char *base, int scope, const char *filter,
+ const char **attrs, int attrsonly, int pagesize,
+ LDAPMessage **res, void **cookie)
+{
+ LDAPControl pr;
+ LDAPControl **rcontrols;
+ LDAPControl *controls[2] = { NULL, NULL};
+ BerElement *cookie_be = NULL;
+ struct berval *cookie_bv = NULL;
+ int tmp = 0, i, rc;
+ bool critical = True;
+
+ *res = NULL;
+
+ DEBUG(3,("smbldap_search_paged: base => [%s], filter => [%s],"
+ "scope => [%d], pagesize => [%d]\n",
+ base, filter, scope, pagesize));
+
+ cookie_be = ber_alloc_t(LBER_USE_DER);
+ if (cookie_be == NULL) {
+ DEBUG(0,("smbldap_create_page_control: ber_alloc_t returns "
+ "NULL\n"));
+ return LDAP_NO_MEMORY;
+ }
+
+ /* construct cookie */
+ if (*cookie != NULL) {
+ ber_printf(cookie_be, "{iO}", (ber_int_t) pagesize, *cookie);
+ ber_bvfree((struct berval *)*cookie); /* don't need it from last time */
+ *cookie = NULL;
+ } else {
+ ber_printf(cookie_be, "{io}", (ber_int_t) pagesize, "", 0);
+ }
+ ber_flatten(cookie_be, &cookie_bv);
+
+ pr.ldctl_oid = discard_const_p(char, ADS_PAGE_CTL_OID);
+ pr.ldctl_iscritical = (char) critical;
+ pr.ldctl_value.bv_len = cookie_bv->bv_len;
+ pr.ldctl_value.bv_val = cookie_bv->bv_val;
+
+ controls[0] = &pr;
+ controls[1] = NULL;
+
+ rc = smbldap_search_ext(ldap_state, base, scope, filter, attrs,
+ 0, controls, NULL, LDAP_NO_LIMIT, res);
+
+ ber_free(cookie_be, 1);
+ ber_bvfree(cookie_bv);
+
+ if (rc != 0) {
+ DEBUG(3,("smbldap_search_paged: smbldap_search_ext(%s) "
+ "failed with [%s]\n", filter, ldap_err2string(rc)));
+ goto done;
+ }
+
+ DEBUG(3,("smbldap_search_paged: search was successful\n"));
+
+ rc = ldap_parse_result(smbldap_get_ldap(ldap_state), *res, NULL, NULL,
+ NULL, NULL, &rcontrols, 0);
+ if (rc != 0) {
+ DEBUG(3,("smbldap_search_paged: ldap_parse_result failed " \
+ "with [%s]\n", ldap_err2string(rc)));
+ goto done;
+ }
+
+ if (rcontrols == NULL)
+ goto done;
+
+ for (i=0; rcontrols[i]; i++) {
+
+ if (strcmp(ADS_PAGE_CTL_OID, rcontrols[i]->ldctl_oid) != 0)
+ continue;
+
+ cookie_be = ber_init(&rcontrols[i]->ldctl_value);
+ ber_scanf(cookie_be,"{iO}", &tmp, &cookie_bv);
+ /* the berval is the cookie, but must be freed when it is all
+ done */
+ if (cookie_bv->bv_len)
+ *cookie=ber_bvdup(cookie_bv);
+ else
+ *cookie=NULL;
+ ber_bvfree(cookie_bv);
+ ber_free(cookie_be, 1);
+ break;
+ }
+ ldap_controls_free(rcontrols);
+done:
+ return rc;
+}
+
+int smbldap_modify(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[])
+{
+ int rc = LDAP_SERVER_DOWN;
+ char *utf8_dn;
+ time_t abs_endtime = calc_ldap_abs_endtime(lp_ldap_timeout());
+ size_t converted_size;
+
+ SMB_ASSERT(ldap_state);
+
+ DEBUG(5,("smbldap_modify: dn => [%s]\n", dn ));
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
+ return LDAP_NO_MEMORY;
+ }
+
+ setup_ldap_local_alarm(ldap_state, abs_endtime);
+
+ while (1) {
+ char *ld_error = NULL;
+ int ld_errno;
+
+ rc = get_cached_ldap_connect(ldap_state, abs_endtime);
+ if (rc != LDAP_SUCCESS) {
+ break;
+ }
+
+ rc = ldap_modify_s(smbldap_get_ldap(ldap_state), utf8_dn,
+ attrs);
+ if (rc == LDAP_SUCCESS) {
+ break;
+ }
+
+ get_ldap_errs(ldap_state, &ld_error, &ld_errno);
+
+ DEBUG(10, ("Failed to modify dn: %s, error: %d (%s) "
+ "(%s)\n", dn, ld_errno,
+ ldap_err2string(rc),
+ ld_error ? ld_error : "unknown"));
+ SAFE_FREE(ld_error);
+
+ if (ld_errno != LDAP_SERVER_DOWN) {
+ break;
+ }
+ ldap_unbind(smbldap_get_ldap(ldap_state));
+ ldap_state->ldap_struct = NULL;
+ }
+
+ TALLOC_FREE(utf8_dn);
+ return end_ldap_local_alarm(abs_endtime, rc);
+}
+
+int smbldap_add(struct smbldap_state *ldap_state, const char *dn, LDAPMod *attrs[])
+{
+ int rc = LDAP_SERVER_DOWN;
+ char *utf8_dn;
+ time_t abs_endtime = calc_ldap_abs_endtime(lp_ldap_timeout());
+ size_t converted_size;
+
+ SMB_ASSERT(ldap_state);
+
+ DEBUG(5,("smbldap_add: dn => [%s]\n", dn ));
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
+ return LDAP_NO_MEMORY;
+ }
+
+ setup_ldap_local_alarm(ldap_state, abs_endtime);
+
+ while (1) {
+ char *ld_error = NULL;
+ int ld_errno;
+
+ rc = get_cached_ldap_connect(ldap_state, abs_endtime);
+ if (rc != LDAP_SUCCESS) {
+ break;
+ }
+
+ rc = ldap_add_s(smbldap_get_ldap(ldap_state), utf8_dn, attrs);
+ if (rc == LDAP_SUCCESS) {
+ break;
+ }
+
+ get_ldap_errs(ldap_state, &ld_error, &ld_errno);
+
+ DEBUG(10, ("Failed to add dn: %s, error: %d (%s) "
+ "(%s)\n", dn, ld_errno,
+ ldap_err2string(rc),
+ ld_error ? ld_error : "unknown"));
+ SAFE_FREE(ld_error);
+
+ if (ld_errno != LDAP_SERVER_DOWN) {
+ break;
+ }
+ ldap_unbind(smbldap_get_ldap(ldap_state));
+ ldap_state->ldap_struct = NULL;
+ }
+
+ TALLOC_FREE(utf8_dn);
+ return end_ldap_local_alarm(abs_endtime, rc);
+}
+
+int smbldap_delete(struct smbldap_state *ldap_state, const char *dn)
+{
+ int rc = LDAP_SERVER_DOWN;
+ char *utf8_dn;
+ time_t abs_endtime = calc_ldap_abs_endtime(lp_ldap_timeout());
+ size_t converted_size;
+
+ SMB_ASSERT(ldap_state);
+
+ DEBUG(5,("smbldap_delete: dn => [%s]\n", dn ));
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, dn, &converted_size)) {
+ return LDAP_NO_MEMORY;
+ }
+
+ setup_ldap_local_alarm(ldap_state, abs_endtime);
+
+ while (1) {
+ char *ld_error = NULL;
+ int ld_errno;
+
+ rc = get_cached_ldap_connect(ldap_state, abs_endtime);
+ if (rc != LDAP_SUCCESS) {
+ break;
+ }
+
+ rc = ldap_delete_s(smbldap_get_ldap(ldap_state), utf8_dn);
+ if (rc == LDAP_SUCCESS) {
+ break;
+ }
+
+ get_ldap_errs(ldap_state, &ld_error, &ld_errno);
+
+ DEBUG(10, ("Failed to delete dn: %s, error: %d (%s) "
+ "(%s)\n", dn, ld_errno,
+ ldap_err2string(rc),
+ ld_error ? ld_error : "unknown"));
+ SAFE_FREE(ld_error);
+
+ if (ld_errno != LDAP_SERVER_DOWN) {
+ break;
+ }
+ ldap_unbind(smbldap_get_ldap(ldap_state));
+ ldap_state->ldap_struct = NULL;
+ }
+
+ TALLOC_FREE(utf8_dn);
+ return end_ldap_local_alarm(abs_endtime, rc);
+}
+
+int smbldap_extended_operation(struct smbldap_state *ldap_state,
+ LDAP_CONST char *reqoid, struct berval *reqdata,
+ LDAPControl **serverctrls, LDAPControl **clientctrls,
+ char **retoidp, struct berval **retdatap)
+{
+ int rc = LDAP_SERVER_DOWN;
+ time_t abs_endtime = calc_ldap_abs_endtime(lp_ldap_timeout());
+
+ if (!ldap_state)
+ return (-1);
+
+ setup_ldap_local_alarm(ldap_state, abs_endtime);
+
+ while (1) {
+ char *ld_error = NULL;
+ int ld_errno;
+
+ rc = get_cached_ldap_connect(ldap_state, abs_endtime);
+ if (rc != LDAP_SUCCESS) {
+ break;
+ }
+
+ rc = ldap_extended_operation_s(smbldap_get_ldap(ldap_state),
+ reqoid,
+ reqdata, serverctrls,
+ clientctrls, retoidp, retdatap);
+ if (rc == LDAP_SUCCESS) {
+ break;
+ }
+
+ get_ldap_errs(ldap_state, &ld_error, &ld_errno);
+
+ DEBUG(10, ("Extended operation failed with error: "
+ "%d (%s) (%s)\n", ld_errno,
+ ldap_err2string(rc),
+ ld_error ? ld_error : "unknown"));
+ SAFE_FREE(ld_error);
+
+ if (ld_errno != LDAP_SERVER_DOWN) {
+ break;
+ }
+ ldap_unbind(smbldap_get_ldap(ldap_state));
+ ldap_state->ldap_struct = NULL;
+ }
+
+ return end_ldap_local_alarm(abs_endtime, rc);
+}
+
+/*******************************************************************
+ run the search by name.
+******************************************************************/
+int smbldap_search_suffix (struct smbldap_state *ldap_state,
+ const char *filter, const char **search_attr,
+ LDAPMessage ** result)
+{
+ return smbldap_search(ldap_state, lp_ldap_suffix(),
+ LDAP_SCOPE_SUBTREE,
+ filter, search_attr, 0, result);
+}
+
+static void smbldap_idle_fn(struct tevent_context *tevent_ctx,
+ struct tevent_timer *te,
+ struct timeval now_abs,
+ void *private_data)
+{
+ struct smbldap_state *state = (struct smbldap_state *)private_data;
+
+ TALLOC_FREE(state->idle_event);
+
+ if (smbldap_get_ldap(state) == NULL) {
+ DEBUG(10,("ldap connection not connected...\n"));
+ return;
+ }
+
+ if ((state->last_use+SMBLDAP_IDLE_TIME) > time_mono(NULL)) {
+ DEBUG(10,("ldap connection not idle...\n"));
+
+ /* this needs to be made monotonic clock aware inside tevent: */
+ state->idle_event = tevent_add_timer(
+ tevent_ctx, state,
+ timeval_add(&now_abs, SMBLDAP_IDLE_TIME, 0),
+ smbldap_idle_fn,
+ private_data);
+ return;
+ }
+
+ DEBUG(7,("ldap connection idle...closing connection\n"));
+ smbldap_close(state);
+}
+
+/**********************************************************************
+ Housekeeping
+ *********************************************************************/
+
+void smbldap_free_struct(struct smbldap_state **ldap_state)
+{
+ smbldap_close(*ldap_state);
+
+ if ((*ldap_state)->bind_secret) {
+ memset((*ldap_state)->bind_secret, '\0', strlen((*ldap_state)->bind_secret));
+ }
+
+ SAFE_FREE((*ldap_state)->bind_dn);
+ BURN_FREE_STR((*ldap_state)->bind_secret);
+ smbldap_set_bind_callback(*ldap_state, NULL, NULL);
+
+ TALLOC_FREE(*ldap_state);
+
+ /* No need to free any further, as it is talloc()ed */
+}
+
+static int smbldap_state_destructor(struct smbldap_state *state)
+{
+ smbldap_free_struct(&state);
+ return 0;
+}
+
+
+/**********************************************************************
+ Initialise the 'general' ldap structures, on which ldap operations may be conducted
+ *********************************************************************/
+
+NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct tevent_context *tevent_ctx,
+ const char *location,
+ bool anon,
+ const char *bind_dn,
+ const char *bind_secret,
+ struct smbldap_state **smbldap_state)
+{
+ *smbldap_state = talloc_zero(mem_ctx, struct smbldap_state);
+ if (!*smbldap_state) {
+ DEBUG(0, ("talloc() failed for ldapsam private_data!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (location) {
+ (*smbldap_state)->uri = talloc_strdup(mem_ctx, location);
+ } else {
+ (*smbldap_state)->uri = "ldap://localhost";
+ }
+
+ (*smbldap_state)->tevent_context = tevent_ctx;
+
+ if (bind_dn && bind_secret) {
+ smbldap_set_creds(*smbldap_state, anon, bind_dn, bind_secret);
+ }
+
+ talloc_set_destructor(*smbldap_state, smbldap_state_destructor);
+ return NT_STATUS_OK;
+}
+
+ char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,
+ LDAPMessage *entry)
+{
+ char *utf8_dn, *unix_dn;
+ size_t converted_size;
+
+ utf8_dn = ldap_get_dn(ld, entry);
+ if (!utf8_dn) {
+ DEBUG (5, ("smbldap_talloc_dn: ldap_get_dn failed\n"));
+ return NULL;
+ }
+ if (!pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn, &converted_size)) {
+ DEBUG (0, ("smbldap_talloc_dn: String conversion failure utf8 "
+ "[%s]\n", utf8_dn));
+ return NULL;
+ }
+ ldap_memfree(utf8_dn);
+ return unix_dn;
+}
+
+/*******************************************************************
+ Check if root-dse has a certain Control or Extension
+********************************************************************/
+
+static bool smbldap_check_root_dse(LDAP *ld, const char **attrs, const char *value)
+{
+ LDAPMessage *msg = NULL;
+ LDAPMessage *entry = NULL;
+ char **values = NULL;
+ int rc, num_result, num_values, i;
+ bool result = False;
+
+ if (!attrs[0]) {
+ DEBUG(3,("smbldap_check_root_dse: nothing to look for\n"));
+ return False;
+ }
+
+ if (!strequal(attrs[0], "supportedExtension") &&
+ !strequal(attrs[0], "supportedControl") &&
+ !strequal(attrs[0], "namingContexts")) {
+ DEBUG(3,("smbldap_check_root_dse: no idea what to query root-dse for: %s ?\n", attrs[0]));
+ return False;
+ }
+
+ rc = ldap_search_s(ld, "", LDAP_SCOPE_BASE,
+ "(objectclass=*)", discard_const_p(char *, attrs), 0 , &msg);
+
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(3,("smbldap_check_root_dse: Could not search rootDSE\n"));
+ return False;
+ }
+
+ num_result = ldap_count_entries(ld, msg);
+
+ if (num_result != 1) {
+ DEBUG(3,("smbldap_check_root_dse: Expected one rootDSE, got %d\n", num_result));
+ goto done;
+ }
+
+ entry = ldap_first_entry(ld, msg);
+
+ if (entry == NULL) {
+ DEBUG(3,("smbldap_check_root_dse: Could not retrieve rootDSE\n"));
+ goto done;
+ }
+
+ values = ldap_get_values(ld, entry, attrs[0]);
+
+ if (values == NULL) {
+ DEBUG(5,("smbldap_check_root_dse: LDAP Server does not support any %s\n", attrs[0]));
+ goto done;
+ }
+
+ num_values = ldap_count_values(values);
+
+ if (num_values == 0) {
+ DEBUG(5,("smbldap_check_root_dse: LDAP Server does not have any %s\n", attrs[0]));
+ goto done;
+ }
+
+ for (i=0; i<num_values; i++) {
+ if (strcmp(values[i], value) == 0)
+ result = True;
+ }
+
+
+ done:
+ if (values != NULL)
+ ldap_value_free(values);
+ if (msg != NULL)
+ ldap_msgfree(msg);
+
+ return result;
+
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Control (OID in string format)
+********************************************************************/
+
+bool smbldap_has_control(LDAP *ld, const char *control)
+{
+ const char *attrs[] = { "supportedControl", NULL };
+ return smbldap_check_root_dse(ld, attrs, control);
+}
+
+/*******************************************************************
+ Check if LDAP-Server supports a certain Extension (OID in string format)
+********************************************************************/
+
+bool smbldap_has_extension(LDAP *ld, const char *extension)
+{
+ const char *attrs[] = { "supportedExtension", NULL };
+ return smbldap_check_root_dse(ld, attrs, extension);
+}
+
+/*******************************************************************
+ Check if LDAP-Server holds a given namingContext
+********************************************************************/
+
+bool smbldap_has_naming_context(LDAP *ld, const char *naming_context)
+{
+ const char *attrs[] = { "namingContexts", NULL };
+ return smbldap_check_root_dse(ld, attrs, naming_context);
+}
+
+bool smbldap_set_creds(struct smbldap_state *ldap_state, bool anon, const char *dn, const char *secret)
+{
+ ldap_state->anonymous = anon;
+
+ /* free any previously set credential */
+
+ SAFE_FREE(ldap_state->bind_dn);
+ smbldap_set_bind_callback(ldap_state, NULL, NULL);
+
+ if (ldap_state->bind_secret) {
+ /* make sure secrets are zeroed out of memory */
+ memset(ldap_state->bind_secret, '\0', strlen(ldap_state->bind_secret));
+ SAFE_FREE(ldap_state->bind_secret);
+ }
+
+ if ( ! anon) {
+ ldap_state->bind_dn = SMB_STRDUP(dn);
+ ldap_state->bind_secret = SMB_STRDUP(secret);
+ }
+
+ return True;
+}
diff --git a/source3/lib/smbrun.c b/source3/lib/smbrun.c
new file mode 100644
index 0000000..8e3675f
--- /dev/null
+++ b/source3/lib/smbrun.c
@@ -0,0 +1,354 @@
+/*
+ Unix SMB/CIFS implementation.
+ run a command as a specified user
+ Copyright (C) Andrew Tridgell 1992-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+
+/* need to move this from here!! need some sleep ... */
+struct current_user current_user;
+
+/****************************************************************************
+This is a utility function of smbrun().
+****************************************************************************/
+
+static int setup_out_fd(void)
+{
+ int fd;
+ TALLOC_CTX *ctx = talloc_stackframe();
+ char *path = NULL;
+ mode_t mask;
+
+ path = talloc_asprintf(ctx,
+ "%s/smb.XXXXXX",
+ tmpdir());
+ if (!path) {
+ TALLOC_FREE(ctx);
+ errno = ENOMEM;
+ return -1;
+ }
+
+ /* now create the file */
+ mask = umask(S_IRWXO | S_IRWXG);
+ fd = mkstemp(path);
+ umask(mask);
+
+ if (fd == -1) {
+ DEBUG(0,("setup_out_fd: Failed to create file %s. (%s)\n",
+ path, strerror(errno) ));
+ TALLOC_FREE(ctx);
+ return -1;
+ }
+
+ DEBUG(10,("setup_out_fd: Created tmp file %s\n", path ));
+
+ /* Ensure file only kept around by open fd. */
+ unlink(path);
+ TALLOC_FREE(ctx);
+ return fd;
+}
+
+/****************************************************************************
+run a command being careful about uid/gid handling and putting the output in
+outfd (or discard it if outfd is NULL).
+****************************************************************************/
+
+static int smbrun_internal(const char *cmd, int *outfd, bool sanitize,
+ char * const *env)
+{
+ pid_t pid;
+ uid_t uid = current_user.ut.uid;
+ gid_t gid = current_user.ut.gid;
+ void (*saved_handler)(int);
+
+ /*
+ * Lose any elevated privileges.
+ */
+ drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
+ drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
+
+ /* point our stdout at the file we want output to go into */
+
+ if (outfd && ((*outfd = setup_out_fd()) == -1)) {
+ return -1;
+ }
+
+ /* in this method we will exec /bin/sh with the correct
+ arguments, after first setting stdout to point at the file */
+
+ /*
+ * We need to temporarily stop CatchChild from eating
+ * SIGCLD signals as it also eats the exit status code. JRA.
+ */
+
+ saved_handler = CatchChildLeaveStatus();
+
+ if ((pid=fork()) < 0) {
+ DEBUG(0,("smbrun: fork failed with error %s\n", strerror(errno) ));
+ (void)CatchSignal(SIGCLD, saved_handler);
+ if (outfd) {
+ close(*outfd);
+ *outfd = -1;
+ }
+ return errno;
+ }
+
+ if (pid) {
+ /*
+ * Parent.
+ */
+ int status=0;
+ pid_t wpid;
+
+
+ /* the parent just waits for the child to exit */
+ while((wpid = waitpid(pid,&status,0)) < 0) {
+ if(errno == EINTR) {
+ errno = 0;
+ continue;
+ }
+ break;
+ }
+
+ (void)CatchSignal(SIGCLD, saved_handler);
+
+ if (wpid != pid) {
+ DEBUG(2,("waitpid(%d) : %s\n",(int)pid,strerror(errno)));
+ if (outfd) {
+ close(*outfd);
+ *outfd = -1;
+ }
+ return -1;
+ }
+
+ /* Reset the seek pointer. */
+ if (outfd) {
+ lseek(*outfd, 0, SEEK_SET);
+ }
+
+#if defined(WIFEXITED) && defined(WEXITSTATUS)
+ if (WIFEXITED(status)) {
+ return WEXITSTATUS(status);
+ }
+#endif
+
+ return status;
+ }
+
+ (void)CatchChild();
+
+ /* we are in the child. we exec /bin/sh to do the work for us. we
+ don't directly exec the command we want because it may be a
+ pipeline or anything else the config file specifies */
+
+ /* point our stdout at the file we want output to go into */
+ if (outfd) {
+ close(1);
+ if (dup2(*outfd,1) != 1) {
+ DEBUG(2,("Failed to create stdout file descriptor\n"));
+ close(*outfd);
+ exit(80);
+ }
+ }
+
+ /* now completely lose our privileges. This is a fairly paranoid
+ way of doing it, but it does work on all systems that I know of */
+
+ become_user_permanently(uid, gid);
+
+ if (!non_root_mode()) {
+ if (getuid() != uid || geteuid() != uid ||
+ getgid() != gid || getegid() != gid) {
+ /* we failed to lose our privileges - do not execute
+ the command */
+ exit(81); /* we can't print stuff at this stage,
+ instead use exit codes for debugging */
+ }
+ }
+
+ /* close all other file descriptors, leaving only 0, 1 and 2. 0 and
+ 2 point to /dev/null from the startup code */
+ closefrom(3);
+
+ {
+ char *newcmd = NULL;
+ if (sanitize) {
+ newcmd = escape_shell_string(cmd);
+ if (!newcmd)
+ exit(82);
+ }
+
+ if (env != NULL) {
+ execle("/bin/sh","sh","-c",
+ newcmd ? (const char *)newcmd : cmd, NULL,
+ env);
+ } else {
+ execl("/bin/sh","sh","-c",
+ newcmd ? (const char *)newcmd : cmd, NULL);
+ }
+
+ SAFE_FREE(newcmd);
+ }
+
+ /* not reached */
+ exit(83);
+ return 1;
+}
+
+/****************************************************************************
+ Use only in known safe shell calls (printing).
+****************************************************************************/
+
+int smbrun_no_sanitize(const char *cmd, int *outfd, char * const *env)
+{
+ return smbrun_internal(cmd, outfd, false, env);
+}
+
+/****************************************************************************
+ By default this now sanitizes shell expansion.
+****************************************************************************/
+
+int smbrun(const char *cmd, int *outfd, char * const *env)
+{
+ return smbrun_internal(cmd, outfd, true, env);
+}
+
+/****************************************************************************
+run a command being careful about uid/gid handling and putting the output in
+outfd (or discard it if outfd is NULL).
+sends the provided secret to the child stdin.
+****************************************************************************/
+
+int smbrunsecret(const char *cmd, const char *secret)
+{
+ pid_t pid;
+ uid_t uid = current_user.ut.uid;
+ gid_t gid = current_user.ut.gid;
+ int ifd[2];
+ void (*saved_handler)(int);
+
+ /*
+ * Lose any elevated privileges.
+ */
+ drop_effective_capability(KERNEL_OPLOCK_CAPABILITY);
+ drop_effective_capability(DMAPI_ACCESS_CAPABILITY);
+
+ /* build up an input pipe */
+ if(pipe(ifd)) {
+ return -1;
+ }
+
+ /* in this method we will exec /bin/sh with the correct
+ arguments, after first setting stdout to point at the file */
+
+ /*
+ * We need to temporarily stop CatchChild from eating
+ * SIGCLD signals as it also eats the exit status code. JRA.
+ */
+
+ saved_handler = CatchChildLeaveStatus();
+
+ if ((pid=fork()) < 0) {
+ DEBUG(0, ("smbrunsecret: fork failed with error %s\n", strerror(errno)));
+ (void)CatchSignal(SIGCLD, saved_handler);
+ return errno;
+ }
+
+ if (pid) {
+ /*
+ * Parent.
+ */
+ int status = 0;
+ pid_t wpid;
+ size_t towrite;
+ ssize_t wrote;
+
+ close(ifd[0]);
+ /* send the secret */
+ towrite = strlen(secret);
+ wrote = write(ifd[1], secret, towrite);
+ if ( wrote != towrite ) {
+ DEBUG(0,("smbrunsecret: wrote %ld of %lu bytes\n",(long)wrote,(unsigned long)towrite));
+ }
+ fsync(ifd[1]);
+ close(ifd[1]);
+
+ /* the parent just waits for the child to exit */
+ while((wpid = waitpid(pid, &status, 0)) < 0) {
+ if(errno == EINTR) {
+ errno = 0;
+ continue;
+ }
+ break;
+ }
+
+ (void)CatchSignal(SIGCLD, saved_handler);
+
+ if (wpid != pid) {
+ DEBUG(2, ("waitpid(%d) : %s\n", (int)pid, strerror(errno)));
+ return -1;
+ }
+
+#if defined(WIFEXITED) && defined(WEXITSTATUS)
+ if (WIFEXITED(status)) {
+ return WEXITSTATUS(status);
+ }
+#endif
+
+ return status;
+ }
+
+ (void)CatchChild();
+
+ /* we are in the child. we exec /bin/sh to do the work for us. we
+ don't directly exec the command we want because it may be a
+ pipeline or anything else the config file specifies */
+
+ close(ifd[1]);
+ close(0);
+ if (dup2(ifd[0], 0) != 0) {
+ DEBUG(2,("Failed to create stdin file descriptor\n"));
+ close(ifd[0]);
+ exit(80);
+ }
+
+ /* now completely lose our privileges. This is a fairly paranoid
+ way of doing it, but it does work on all systems that I know of */
+
+ become_user_permanently(uid, gid);
+
+ if (!non_root_mode()) {
+ if (getuid() != uid || geteuid() != uid ||
+ getgid() != gid || getegid() != gid) {
+ /* we failed to lose our privileges - do not execute
+ the command */
+ exit(81); /* we can't print stuff at this stage,
+ instead use exit codes for debugging */
+ }
+ }
+
+ /* close all other file descriptors, leaving only 0, 1 and 2. 0 and
+ 2 point to /dev/null from the startup code */
+ closefrom(3);
+
+ execl("/bin/sh", "sh", "-c", cmd, NULL);
+
+ /* not reached */
+ exit(82);
+ return 1;
+}
diff --git a/source3/lib/srprs.c b/source3/lib/srprs.c
new file mode 100644
index 0000000..67ada37
--- /dev/null
+++ b/source3/lib/srprs.c
@@ -0,0 +1,228 @@
+/*
+ * Samba Unix/Linux SMB client library
+ *
+ * Copyright (C) Gregor Beck 2010
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file srprs.c
+ * @author Gregor Beck <gb@sernet.de>
+ * @date Aug 2010
+ * @brief A simple recursive parser.
+ */
+
+#include "replace.h"
+#include "system/locale.h"
+#include "srprs.h"
+#include "cbuf.h"
+#include <assert.h>
+
+bool srprs_skipws(const char** ptr) {
+ while (isspace(**ptr))
+ ++(*ptr);
+ return true;
+}
+
+bool srprs_char(const char** ptr, char c) {
+ if (**ptr == c) {
+ ++(*ptr);
+ return true;
+ }
+ return false;
+}
+
+bool srprs_str(const char** ptr, const char* str, ssize_t len)
+{
+ /* By definition *ptr must be null terminated. */
+ size_t ptr_len = strlen(*ptr);
+
+ if (len == -1)
+ len = strlen(str);
+
+ /* Don't memcmp read past end of buffer. */
+ if (len > ptr_len) {
+ return false;
+ }
+
+ if (memcmp(*ptr, str, len) == 0) {
+ *ptr += len;
+ return true;
+ }
+ return false;
+}
+
+bool srprs_charset(const char** ptr, const char* set, cbuf* oss)
+{
+ const char* p = strchr(set, **ptr);
+ if (p != NULL && *p != '\0') {
+ cbuf_putc(oss, **ptr);
+ ++(*ptr);
+ return true;
+ }
+ return false;
+}
+
+bool srprs_charsetinv(const char** ptr, const char* set, cbuf* oss)
+{
+ if ((**ptr != '\0') && (strchr(set, **ptr) == NULL)) {
+ cbuf_putc(oss, **ptr);
+ ++(*ptr);
+ return true;
+ }
+ return false;
+}
+
+
+
+bool srprs_quoted_string(const char** ptr, cbuf* str, bool* cont)
+{
+ const char* pos = *ptr;
+ const size_t spos = cbuf_getpos(str);
+
+ if (cont == NULL || *cont == false) {
+ if (!srprs_char(&pos, '\"'))
+ goto fail;
+ }
+
+ while (true) {
+ while (srprs_charsetinv(&pos, "\\\"", str))
+ ;
+
+ switch (*pos) {
+ case '\0':
+ if (cont == NULL) {
+ goto fail;
+ } else {
+ *ptr = pos;
+ *cont = true;
+ return true;
+ }
+ case '\"':
+ *ptr = pos+1;
+ if (cont != NULL) {
+ *cont = false;
+ }
+ return true;
+
+ case '\\':
+ pos++;
+ if (!srprs_charset(&pos, "\\\"", str))
+ goto fail;
+ break;
+
+ default:
+ assert(false);
+ }
+ }
+
+fail:
+ cbuf_setpos(str, spos);
+ return false;
+}
+
+bool srprs_hex(const char** ptr, size_t len, unsigned* u)
+{
+ const char *str = *ptr;
+ const char *pos = *ptr;
+ int ret;
+ size_t i;
+ char buf[8+1] = {};
+
+ assert((len >= 1) && (len <= 8));
+
+ for (i=0; i<len; i++) {
+ if (!srprs_charset(&pos, "0123456789abcdefABCDEF", NULL)) {
+ break;
+ }
+ buf[i] = str[i];
+ }
+
+ ret = sscanf(buf, "%8x", u);
+
+ if ( ret != 1 ) {
+ return false;
+ }
+
+ *ptr = pos;
+ return true;
+}
+
+bool srprs_nl(const char** ptr, cbuf* nl)
+{
+ static const char CRLF[] = "\r\n";
+ if (srprs_str(ptr, CRLF, sizeof(CRLF) - 1)) {
+ cbuf_puts(nl, CRLF, sizeof(CRLF) - 1);
+ return true;
+ }
+ return srprs_charset(ptr, "\n\r", nl);
+}
+
+bool srprs_eos(const char** ptr)
+{
+ return (**ptr == '\0');
+}
+
+bool srprs_eol(const char** ptr, cbuf* nl)
+{
+ return srprs_eos(ptr) || srprs_nl(ptr, nl);
+}
+
+bool srprs_line(const char** ptr, cbuf* str)
+{
+ while (srprs_charsetinv(ptr, "\n\r", str))
+ ;
+ return true;
+}
+
+bool srprs_quoted(const char** ptr, cbuf* str)
+{
+ const char* pos = *ptr;
+ const size_t spos = cbuf_getpos(str);
+
+ if (!srprs_char(&pos, '"')) {
+ goto fail;
+ }
+
+ while (true) {
+ while (srprs_charsetinv(&pos, "\\\"", str))
+ ;
+
+ switch (*pos) {
+ case '\0':
+ goto fail;
+ case '"':
+ *ptr = pos+1;
+ return true;
+
+ case '\\':
+ pos++;
+ if (!srprs_charset(&pos, "\\\"", str)) {
+ unsigned u;
+ if (!srprs_hex(&pos, 2, &u)) {
+ goto fail;
+ }
+ cbuf_putc(str, u);
+ }
+ break;
+ default:
+ assert(false);
+ }
+ }
+
+fail:
+ cbuf_setpos(str, spos);
+ return false;
+}
diff --git a/source3/lib/srprs.h b/source3/lib/srprs.h
new file mode 100644
index 0000000..fb3ca1b
--- /dev/null
+++ b/source3/lib/srprs.h
@@ -0,0 +1,189 @@
+/*
+ * Samba Unix/Linux SMB client library
+ *
+ * Copyright (C) Gregor Beck 2010
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file srprs.h
+ * @author Gregor Beck <gb@sernet.de>
+ * @date Aug 2010
+ *
+ * @brief A simple recursive parser.
+ *
+ * This file contains functions which may be used to build a simple recursive
+ * parser. They all take the parse position as their first argument. If they
+ * match the parse position and the output arguments are updated accordingly and
+ * true is returned else no argument is altered. For arguments of type @ref cbuf
+ * this may hold only up to the current write position.
+ */
+
+#ifndef __SRPRS_H
+#define __SRPRS_H
+
+struct cbuf;
+
+/**
+ * Matches any amount of whitespace.
+ *
+ * @see isspace
+ * @param ptr parse position
+ *
+ * @return true
+ */
+bool srprs_skipws(const char** ptr);
+
+/**
+ * Match a single character.
+ *
+ * @param[in,out] ptr parse position
+ * @param c the character to match
+ *
+ * @return true if matched
+ */
+bool srprs_char(const char** ptr, char c);
+
+/**
+ * Match a string.
+ *
+ * @param[in,out] ptr parse position
+ * @param str string to match
+ * @param len number of bytes to compare, -1 means strlen(str)
+ *
+ * @return true if matched
+ */
+bool srprs_str(const char** ptr, const char* str, ssize_t len);
+
+/**
+ * Match a single character from a set.
+ * Didn't match '\\0'
+ *
+ * @param[in,out] ptr parse position
+ * @param[in] set the character set to look for
+ * @param[out] oss output buffer where to put the match, may be NULL
+ *
+ * @return true if matched
+ */
+bool srprs_charset(const char** ptr, const char* set, struct cbuf* oss);
+
+/**
+ * Match a single character not in set.
+ * Didn't match '\\0'
+ *
+ * @param[in,out] ptr parse position
+ * @param[in] set the character set to look for
+ * @param[out] oss output buffer where to put the match, may be NULL
+ *
+ * @return true if matched
+ */
+bool srprs_charsetinv(const char** ptr, const char* set, struct cbuf* oss);
+
+/**
+ * Match a quoted string.
+ *
+ *
+ * If cont is not NULL the match may span multiple invocations.
+ * @code
+ * const char* start = "\"start...";
+ * const char* cont = "continued...";
+ * const char* end = "end\"";
+ * bool cont = false;
+ * cbuf* out = cbuf_new(talloc_tos());
+ * srprs_quoted_string(&start, out, &cont);
+ * assert(*cont == true);
+ * srprs_quoted_string(&cont, out, &cont);
+ * assert(*cont == true);
+ * srprs_quoted_string(&end, out, &cont);
+ * assert(*cont == false);
+ * assert(strcmp(cbuf_gets(out, 0), "start...continued...end")==0);
+ * @endcode
+ * @see cbuf_print_quoted_string
+ *
+ * @param[in,out] ptr parse position
+ * @param[out] str output buffer where to put the match
+ * @param[in,out] cont
+ *
+ * @return true if matched
+ */
+bool srprs_quoted_string(const char** ptr, struct cbuf* str, bool* cont);
+
+/**
+ * Match a hex string.
+ *
+ * @param[in,out] ptr parse position
+ * @param len maximum number of digits to match
+ * @param[out] u value of the match
+ *
+ * @return true if matched
+ */
+bool srprs_hex(const char** ptr, size_t len, unsigned* u);
+
+/**
+ * Match the empty string at End Of String.
+ * It doesn't consume the '\\0' unlike
+ * @code
+ * srprs_char(ptr, '\0', NULL);
+ * @endcode
+ *
+ * @param[in,out] ptr parse position
+ *
+ * @return true if **ptr == '\\0'
+ */
+bool srprs_eos(const char** ptr);
+
+/**
+ * Match a newline.
+ * A newline is either '\\n' (LF), '\\r' (CR), or "\r\n" (CRLF)
+ *
+ * @param[in,out] ptr parse position
+ * @param[out] nl output buffer where to put the match, may be NULL
+ *
+ * @return true if matched
+ */
+bool srprs_nl(const char** ptr, struct cbuf* nl);
+
+/**
+ * Match a newline or eos.
+ *
+ * @param ptr parse position
+ * @param nl output buffer where to put the match, may be NULL
+ *
+ * @return true if matched
+ */
+bool srprs_eol(const char** ptr, struct cbuf* nl);
+
+/**
+ * Match a line up to but not including the newline.
+ *
+ * @param[in,out] ptr parse position
+ * @param[out] str output buffer where to put the match, may be NULL
+ *
+ * @return true
+ */
+bool srprs_line(const char** ptr, struct cbuf* str);
+
+/**
+ * Match a quoted string with escaped characters.
+ * @see cbuf_print_quoted
+ *
+ * @param[in,out] ptr parse position
+ * @param[out] str output buffer where to put the match
+ *
+ * @return true if matched
+ */
+bool srprs_quoted(const char** ptr, struct cbuf* str);
+
+#endif /* __SRPRS_H */
diff --git a/source3/lib/string_replace.c b/source3/lib/string_replace.c
new file mode 100644
index 0000000..f66f548
--- /dev/null
+++ b/source3/lib/string_replace.c
@@ -0,0 +1,192 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) Volker Lendecke, 2005
+ * Copyright (C) Aravind Srinivasan, 2009
+ * Copyright (C) Guenter Kukkukk, 2013
+ * Copyright (C) Ralph Boehme, 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "smbd/smbd.h"
+#include "string_replace.h"
+#include "lib/util/string_wrappers.h"
+
+#define MAP_SIZE 0xFF
+#define MAP_NUM 0x101 /* max unicode charval / MAP_SIZE */
+#define T_OFFSET(_v_) ((_v_ % MAP_SIZE))
+#define T_START(_v_) (((_v_ / MAP_SIZE) * MAP_SIZE))
+#define T_PICK(_v_) ((_v_ / MAP_SIZE))
+
+struct char_mappings {
+ smb_ucs2_t entry[MAP_SIZE][2];
+};
+
+static bool build_table(struct char_mappings **cmaps, int value)
+{
+ int i;
+ int start = T_START(value);
+
+ (*cmaps) = talloc_zero(NULL, struct char_mappings);
+
+ if (!*cmaps)
+ return False;
+
+ for (i = 0; i < MAP_SIZE;i++) {
+ (*cmaps)->entry[i][vfs_translate_to_unix] = start + i;
+ (*cmaps)->entry[i][vfs_translate_to_windows] = start + i;
+ }
+
+ return True;
+}
+
+static void set_tables(struct char_mappings **cmaps,
+ long unix_map,
+ long windows_map)
+{
+ int i;
+
+ /* set unix -> windows */
+ i = T_OFFSET(unix_map);
+ cmaps[T_PICK(unix_map)]->entry[i][vfs_translate_to_windows] = windows_map;
+
+ /* set windows -> unix */
+ i = T_OFFSET(windows_map);
+ cmaps[T_PICK(windows_map)]->entry[i][vfs_translate_to_unix] = unix_map;
+}
+
+static bool build_ranges(struct char_mappings **cmaps,
+ long unix_map,
+ long windows_map)
+{
+
+ if (!cmaps[T_PICK(unix_map)]) {
+ if (!build_table(&cmaps[T_PICK(unix_map)], unix_map))
+ return False;
+ }
+
+ if (!cmaps[T_PICK(windows_map)]) {
+ if (!build_table(&cmaps[T_PICK(windows_map)], windows_map))
+ return False;
+ }
+
+ set_tables(cmaps, unix_map, windows_map);
+
+ return True;
+}
+
+struct char_mappings **string_replace_init_map(TALLOC_CTX *mem_ctx,
+ const char **mappings)
+{
+ int i;
+ char *tmp;
+ fstring mapping;
+ long unix_map, windows_map;
+ struct char_mappings **cmaps = NULL;
+
+ if (mappings == NULL) {
+ return NULL;
+ }
+
+ cmaps = talloc_zero_array(mem_ctx, struct char_mappings *, MAP_NUM);
+ if (cmaps == NULL) {
+ return NULL;
+ }
+
+ /*
+ * catia mappings are of the form :
+ * UNIX char (in 0xnn hex) : WINDOWS char (in 0xnn hex)
+ *
+ * multiple mappings are comma separated in smb.conf
+ */
+
+ for (i = 0; mappings[i]; i++) {
+ fstrcpy(mapping, mappings[i]);
+ unix_map = strtol(mapping, &tmp, 16);
+ if (unix_map == 0 && errno == EINVAL) {
+ DEBUG(0, ("INVALID CATIA MAPPINGS - %s\n", mapping));
+ continue;
+ }
+ windows_map = strtol(++tmp, NULL, 16);
+ if (windows_map == 0 && errno == EINVAL) {
+ DEBUG(0, ("INVALID CATIA MAPPINGS - %s\n", mapping));
+ continue;
+ }
+
+ if (!build_ranges(cmaps, unix_map, windows_map)) {
+ DEBUG(0, ("TABLE ERROR - CATIA MAPPINGS - %s\n", mapping));
+ continue;
+ }
+ }
+
+ return cmaps;
+}
+
+NTSTATUS string_replace_allocate(connection_struct *conn,
+ const char *name_in,
+ struct char_mappings **cmaps,
+ TALLOC_CTX *mem_ctx,
+ char **mapped_name,
+ enum vfs_translate_direction direction)
+{
+ static smb_ucs2_t *tmpbuf = NULL;
+ smb_ucs2_t *ptr = NULL;
+ struct char_mappings *map = NULL;
+ size_t converted_size;
+ bool ok;
+
+ ok = push_ucs2_talloc(talloc_tos(), &tmpbuf, name_in,
+ &converted_size);
+ if (!ok) {
+ return map_nt_error_from_unix(errno);
+ }
+
+ for (ptr = tmpbuf; *ptr; ptr++) {
+ if (*ptr == 0) {
+ break;
+ }
+ if (cmaps == NULL) {
+ continue;
+ }
+ map = cmaps[T_PICK((*ptr))];
+ if (map == NULL) {
+ /* nothing to do */
+ continue;
+ }
+
+ *ptr = map->entry[T_OFFSET((*ptr))][direction];
+ }
+
+ ok = pull_ucs2_talloc(mem_ctx, mapped_name, tmpbuf,
+ &converted_size);
+ TALLOC_FREE(tmpbuf);
+ if (!ok) {
+ return map_nt_error_from_unix(errno);
+ }
+ return NT_STATUS_OK;
+}
+
+const char *macos_string_replace_map =
+ "0x01:0xf001,0x02:0xf002,0x03:0xf003,0x04:0xf004,"
+ "0x05:0xf005,0x06:0xf006,0x07:0xf007,0x08:0xf008,"
+ "0x09:0xf009,0x0a:0xf00a,0x0b:0xf00b,0x0c:0xf00c,"
+ "0x0d:0xf00d,0x0e:0xf00e,0x0f:0xf00f,0x10:0xf010,"
+ "0x11:0xf011,0x12:0xf012,0x13:0xf013,0x14:0xf014,"
+ "0x15:0xf015,0x16:0xf016,0x17:0xf017,0x18:0xf018,"
+ "0x19:0xf019,0x1a:0xf01a,0x1b:0xf01b,0x1c:0xf01c,"
+ "0x1d:0xf01d,0x1e:0xf01e,0x1f:0xf01f,"
+ "0x22:0xf020,0x2a:0xf021,0x3a:0xf022,0x3c:0xf023,"
+ "0x3e:0xf024,0x3f:0xf025,0x5c:0xf026,0x7c:0xf027";
diff --git a/source3/lib/string_replace.h b/source3/lib/string_replace.h
new file mode 100644
index 0000000..012b1aa
--- /dev/null
+++ b/source3/lib/string_replace.h
@@ -0,0 +1,35 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) Volker Lendecke, 2005
+ * Copyright (C) Aravind Srinivasan, 2009
+ * Copyright (C) Guenter Kukkukk, 2013
+ * Copyright (C) Ralph Boehme, 2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+struct char_mappings;
+
+struct char_mappings **string_replace_init_map(TALLOC_CTX *mem_ctx,
+ const char **mappings);
+
+NTSTATUS string_replace_allocate(connection_struct *conn,
+ const char *name_in,
+ struct char_mappings **cmaps,
+ TALLOC_CTX *mem_ctx,
+ char **mapped_name,
+ enum vfs_translate_direction direction);
+
+extern const char *macos_string_replace_map;
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
new file mode 100644
index 0000000..40eb15a
--- /dev/null
+++ b/source3/lib/substitute.c
@@ -0,0 +1,675 @@
+/*
+ Unix SMB/CIFS implementation.
+ string substitution functions
+ Copyright (C) Andrew Tridgell 1992-2000
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "substitute.h"
+#include "system/passwd.h"
+#include "secrets.h"
+#include "auth.h"
+#include "lib/util/string_wrappers.h"
+
+/* Max DNS name is 253 + '\0' */
+#define MACHINE_NAME_SIZE 254
+
+static char local_machine[MACHINE_NAME_SIZE];
+static char remote_machine[MACHINE_NAME_SIZE];
+
+userdom_struct current_user_info;
+static fstring remote_proto="UNKNOWN";
+
+void set_remote_proto(const char *proto)
+{
+ fstrcpy(remote_proto, proto);
+}
+
+/**
+ * Set the 'local' machine name
+ * @param local_name the name we are being called
+ * @param if this is the 'final' name for us, not be be changed again
+ */
+bool set_local_machine_name(const char *local_name, bool perm)
+{
+ static bool already_perm = false;
+ char tmp[MACHINE_NAME_SIZE];
+
+ if (already_perm) {
+ return true;
+ }
+
+ strlcpy(tmp, local_name, sizeof(tmp));
+ trim_char(tmp, ' ', ' ');
+
+ alpha_strcpy(local_machine,
+ tmp,
+ SAFE_NETBIOS_CHARS,
+ sizeof(local_machine) - 1);
+ if (!strlower_m(local_machine)) {
+ return false;
+ }
+
+ already_perm = perm;
+
+ return true;
+}
+
+const char *get_local_machine_name(void)
+{
+ if (local_machine[0] == '\0') {
+ return lp_netbios_name();
+ }
+
+ return local_machine;
+}
+
+/**
+ * Set the 'remote' machine name
+ *
+ * @param remote_name the name our client wants to be called by
+ * @param if this is the 'final' name for them, not be be changed again
+ */
+bool set_remote_machine_name(const char *remote_name, bool perm)
+{
+ static bool already_perm = False;
+ char tmp[MACHINE_NAME_SIZE];
+
+ if (already_perm) {
+ return true;
+ }
+
+ strlcpy(tmp, remote_name, sizeof(tmp));
+ trim_char(tmp, ' ', ' ');
+
+ alpha_strcpy(remote_machine,
+ tmp,
+ SAFE_NETBIOS_CHARS,
+ sizeof(remote_machine) - 1);
+ if (!strlower_m(remote_machine)) {
+ return false;
+ }
+
+ already_perm = perm;
+
+ return true;
+}
+
+const char *get_remote_machine_name(void)
+{
+ return remote_machine;
+}
+
+static char sub_peeraddr[INET6_ADDRSTRLEN];
+static const char *sub_peername = NULL;
+static char sub_sockaddr[INET6_ADDRSTRLEN];
+
+void sub_set_socket_ids(const char *peeraddr, const char *peername,
+ const char *sockaddr)
+{
+ const char *addr = peeraddr;
+
+ if (strnequal(addr, "::ffff:", 7)) {
+ addr += 7;
+ }
+ strlcpy(sub_peeraddr, addr, sizeof(sub_peeraddr));
+
+ if (sub_peername != NULL &&
+ sub_peername != sub_peeraddr) {
+ talloc_free(discard_const_p(char,sub_peername));
+ sub_peername = NULL;
+ }
+ sub_peername = talloc_strdup(NULL, peername);
+ if (sub_peername == NULL) {
+ sub_peername = sub_peeraddr;
+ }
+
+ /*
+ * Shouldn't we do the ::ffff: cancellation here as well? The
+ * original code in talloc_sub_basic() did not do it, so I'm
+ * leaving it out here as well for compatibility.
+ */
+ strlcpy(sub_sockaddr, sockaddr, sizeof(sub_sockaddr));
+}
+
+/*******************************************************************
+ Setup the strings used by substitutions. Called per packet. Ensure
+ %U name is set correctly also.
+
+ smb_name must be sanitized by alpha_strcpy
+********************************************************************/
+
+void set_current_user_info(const char *smb_name, const char *unix_name,
+ const char *domain)
+{
+ static const void *last_smb_name;
+ static const void *last_unix_name;
+ static const void *last_domain;
+
+ if (likely(last_smb_name == smb_name &&
+ last_unix_name == unix_name &&
+ last_domain == domain))
+ {
+ return;
+ }
+
+ fstrcpy(current_user_info.smb_name, smb_name);
+ fstrcpy(current_user_info.unix_name, unix_name);
+ fstrcpy(current_user_info.domain, domain);
+
+ last_smb_name = smb_name;
+ last_unix_name = unix_name;
+ last_domain = domain;
+}
+
+/*******************************************************************
+ Return the current active user name.
+*******************************************************************/
+
+const char *get_current_username(void)
+{
+ return current_user_info.smb_name;
+}
+
+const char *get_current_user_info_domain(void)
+{
+ return current_user_info.domain;
+}
+
+/*******************************************************************
+ Given a pointer to a %$(NAME) in p and the whole string in str
+ expand it as an environment variable.
+ str must be a talloced string.
+ Return a new allocated and expanded string.
+ Based on code by Branko Cibej <branko.cibej@hermes.si>
+ When this is called p points at the '%' character.
+ May substitute multiple occurrences of the same env var.
+********************************************************************/
+
+static char *realloc_expand_env_var(char *str, char *p)
+{
+ char *envname;
+ char *envval;
+ char *q, *r;
+ int copylen;
+
+ if (p[0] != '%' || p[1] != '$' || p[2] != '(') {
+ return str;
+ }
+
+ /*
+ * Look for the terminating ')'.
+ */
+
+ if ((q = strchr_m(p,')')) == NULL) {
+ DEBUG(0,("expand_env_var: Unterminated environment variable [%s]\n", p));
+ return str;
+ }
+
+ /*
+ * Extract the name from within the %$(NAME) string.
+ */
+
+ r = p + 3;
+ copylen = q - r;
+
+ /* reserve space for use later add %$() chars */
+ if ( (envname = talloc_array(talloc_tos(), char, copylen + 1 + 4)) == NULL ) {
+ return NULL;
+ }
+
+ strncpy(envname,r,copylen);
+ envname[copylen] = '\0';
+
+ if ((envval = getenv(envname)) == NULL) {
+ DEBUG(0,("expand_env_var: Environment variable [%s] not set\n", envname));
+ TALLOC_FREE(envname);
+ return str;
+ }
+
+ /*
+ * Copy the full %$(NAME) into envname so it
+ * can be replaced.
+ */
+
+ copylen = q + 1 - p;
+ strncpy(envname,p,copylen);
+ envname[copylen] = '\0';
+ r = realloc_string_sub(str, envname, envval);
+ TALLOC_FREE(envname);
+
+ return r;
+}
+
+/****************************************************************************
+ Do some standard substitutions in a string.
+ len is the length in bytes of the space allowed in string str. If zero means
+ don't allow expansions.
+****************************************************************************/
+
+void standard_sub_basic(const char *smb_name, const char *domain_name,
+ char *str, size_t len)
+{
+ char *s;
+
+ if ( (s = talloc_sub_basic(talloc_tos(), smb_name, domain_name, str )) != NULL ) {
+ strncpy( str, s, len );
+ }
+
+ TALLOC_FREE( s );
+}
+
+/*
+ * Limit addresses to hexalpha characters and underscore, safe for path
+ * components for Windows clients.
+ */
+static void make_address_pathsafe(char *addr)
+{
+ while(addr && *addr) {
+ if(!isxdigit(*addr)) {
+ *addr = '_';
+ }
+ ++addr;
+ }
+}
+
+/****************************************************************************
+ Do some standard substitutions in a string.
+ This function will return a talloced string that has to be freed.
+****************************************************************************/
+
+char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str)
+{
+ char *b, *p, *s, *r, *a_string;
+ fstring pidstr, vnnstr;
+ const char *local_machine_name = get_local_machine_name();
+ TALLOC_CTX *tmp_ctx = NULL;
+
+ /* workaround to prevent a crash while looking at bug #687 */
+
+ if (!str) {
+ DEBUG(0,("talloc_sub_basic: NULL source string! This should not happen\n"));
+ return NULL;
+ }
+
+ a_string = talloc_strdup(mem_ctx, str);
+ if (a_string == NULL) {
+ DEBUG(0, ("talloc_sub_basic: Out of memory!\n"));
+ return NULL;
+ }
+
+ tmp_ctx = talloc_stackframe();
+
+ for (s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) {
+
+ r = NULL;
+ b = a_string;
+
+ switch (*(p+1)) {
+ case 'U' :
+ r = strlower_talloc(tmp_ctx, smb_name);
+ if (r == NULL) {
+ goto error;
+ }
+ a_string = realloc_string_sub(a_string, "%U", r);
+ break;
+ case 'G' : {
+ struct passwd *pass;
+ bool is_domain_name = false;
+ const char *sep = lp_winbind_separator();
+
+ if (domain_name != NULL && domain_name[0] != '\0' &&
+ (lp_security() == SEC_ADS ||
+ lp_security() == SEC_DOMAIN)) {
+ r = talloc_asprintf(tmp_ctx,
+ "%s%c%s",
+ domain_name,
+ *sep,
+ smb_name);
+ is_domain_name = true;
+ } else {
+ r = talloc_strdup(tmp_ctx, smb_name);
+ }
+ if (r == NULL) {
+ goto error;
+ }
+
+ pass = Get_Pwnam_alloc(tmp_ctx, r);
+ if (pass != NULL) {
+ char *group_name;
+
+ group_name = gidtoname(pass->pw_gid);
+ if (is_domain_name) {
+ char *group_sep;
+ group_sep = strchr_m(group_name, *sep);
+ if (group_sep != NULL) {
+ group_name = group_sep + 1;
+ }
+ }
+ a_string = realloc_string_sub(a_string,
+ "%G",
+ group_name);
+ }
+ TALLOC_FREE(pass);
+ break;
+ }
+ case 'D' :
+ r = strupper_talloc(tmp_ctx, domain_name);
+ if (r == NULL) {
+ goto error;
+ }
+ a_string = realloc_string_sub(a_string, "%D", r);
+ break;
+ case 'I' : {
+ a_string = realloc_string_sub(
+ a_string, "%I",
+ sub_peeraddr[0] ? sub_peeraddr : "0.0.0.0");
+ break;
+ }
+ case 'J' : {
+ r = talloc_strdup(tmp_ctx,
+ sub_peeraddr[0] ? sub_peeraddr : "0.0.0.0");
+ make_address_pathsafe(r);
+ a_string = realloc_string_sub(a_string, "%J", r);
+ break;
+ }
+ case 'i':
+ a_string = realloc_string_sub(
+ a_string, "%i",
+ sub_sockaddr[0] ? sub_sockaddr : "0.0.0.0");
+ break;
+ case 'j' : {
+ r = talloc_strdup(tmp_ctx,
+ sub_sockaddr[0] ? sub_sockaddr : "0.0.0.0");
+ make_address_pathsafe(r);
+ a_string = realloc_string_sub(a_string, "%j", r);
+ break;
+ }
+ case 'L' :
+ if ( strncasecmp_m(p, "%LOGONSERVER%", strlen("%LOGONSERVER%")) == 0 ) {
+ break;
+ }
+ if (local_machine_name && *local_machine_name) {
+ a_string = realloc_string_sub(a_string, "%L", local_machine_name);
+ } else {
+ a_string = realloc_string_sub(a_string, "%L", lp_netbios_name());
+ }
+ break;
+ case 'N' :
+ a_string = realloc_string_sub(a_string,
+ "%N",
+ lp_netbios_name());
+ break;
+ case 'M' :
+ a_string = realloc_string_sub(a_string, "%M",
+ sub_peername ? sub_peername : "");
+ break;
+ case 'R' :
+ a_string = realloc_string_sub(a_string, "%R", remote_proto);
+ break;
+ case 'T' :
+ a_string = realloc_string_sub(a_string, "%T", current_timestring(tmp_ctx, False));
+ break;
+ case 't' :
+ a_string = realloc_string_sub(a_string, "%t",
+ current_minimal_timestring(tmp_ctx, False));
+ break;
+ case 'a' :
+ a_string = realloc_string_sub(a_string, "%a",
+ get_remote_arch_str());
+ break;
+ case 'd' :
+ slprintf(pidstr,sizeof(pidstr)-1, "%d",(int)getpid());
+ a_string = realloc_string_sub(a_string, "%d", pidstr);
+ break;
+ case 'h' :
+ a_string = realloc_string_sub(a_string, "%h", myhostname());
+ break;
+ case 'm' :
+ a_string = realloc_string_sub(a_string, "%m",
+ remote_machine);
+ break;
+ case 'v' :
+ a_string = realloc_string_sub(a_string, "%v", samba_version_string());
+ break;
+ case 'w' :
+ a_string = realloc_string_sub(a_string, "%w", lp_winbind_separator());
+ break;
+ case '$' :
+ a_string = realloc_expand_env_var(a_string, p); /* Expand environment variables */
+ break;
+ case 'V' :
+ slprintf(vnnstr,sizeof(vnnstr)-1, "%u", get_my_vnn());
+ a_string = realloc_string_sub(a_string, "%V", vnnstr);
+ break;
+ default:
+ break;
+ }
+
+ p++;
+ TALLOC_FREE(r);
+
+ if (a_string == NULL) {
+ goto done;
+ }
+ }
+
+ goto done;
+
+error:
+ TALLOC_FREE(a_string);
+
+done:
+ TALLOC_FREE(tmp_ctx);
+ return a_string;
+}
+
+/****************************************************************************
+ Do some specific substitutions in a string.
+ This function will return an allocated string that have to be freed.
+****************************************************************************/
+
+char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ const char *input_string,
+ const char *username,
+ const char *grpname,
+ const char *domain,
+ uid_t uid,
+ gid_t gid)
+{
+ char *a_string;
+ char *ret_string = NULL;
+ char *b, *p, *s;
+ TALLOC_CTX *tmp_ctx;
+
+ if (!(tmp_ctx = talloc_new(mem_ctx))) {
+ DEBUG(0, ("talloc_new failed\n"));
+ return NULL;
+ }
+
+ a_string = talloc_strdup(tmp_ctx, input_string);
+ if (a_string == NULL) {
+ DEBUG(0, ("talloc_sub_specified: Out of memory!\n"));
+ goto done;
+ }
+
+ for (s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) {
+
+ b = a_string;
+
+ switch (*(p+1)) {
+ case 'U' :
+ a_string = talloc_string_sub(
+ tmp_ctx, a_string, "%U", username);
+ break;
+ case 'u' :
+ a_string = talloc_string_sub(
+ tmp_ctx, a_string, "%u", username);
+ break;
+ case 'G' :
+ if (gid != -1) {
+ const char *name;
+
+ if (grpname != NULL) {
+ name = grpname;
+ } else {
+ name = gidtoname(gid);
+ }
+
+ a_string = talloc_string_sub(tmp_ctx,
+ a_string,
+ "%G",
+ name);
+ } else {
+ a_string = talloc_string_sub(
+ tmp_ctx, a_string,
+ "%G", "NO_GROUP");
+ }
+ break;
+ case 'g' :
+ if (gid != -1) {
+ const char *name;
+
+ if (grpname != NULL) {
+ name = grpname;
+ } else {
+ name = gidtoname(gid);
+ }
+
+ a_string = talloc_string_sub(tmp_ctx,
+ a_string,
+ "%g",
+ name);
+ } else {
+ a_string = talloc_string_sub(
+ tmp_ctx, a_string, "%g", "NO_GROUP");
+ }
+ break;
+ case 'D' :
+ a_string = talloc_string_sub(tmp_ctx, a_string,
+ "%D", domain);
+ break;
+ case 'N' :
+ a_string = talloc_string_sub(tmp_ctx, a_string,
+ "%N", lp_netbios_name());
+ break;
+ default:
+ break;
+ }
+
+ p++;
+ if (a_string == NULL) {
+ goto done;
+ }
+ }
+
+ /* Watch out, using "mem_ctx" here, so all intermediate stuff goes
+ * away with the TALLOC_FREE(tmp_ctx) further down. */
+
+ ret_string = talloc_sub_basic(mem_ctx, username, domain, a_string);
+
+ done:
+ TALLOC_FREE(tmp_ctx);
+ return ret_string;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+char *talloc_sub_advanced(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *str)
+{
+ char *a_string;
+ char *b, *p, *s;
+
+ a_string = talloc_strdup(talloc_tos(), str);
+ if (a_string == NULL) {
+ DEBUG(0, ("talloc_sub_advanced_only: Out of memory!\n"));
+ return NULL;
+ }
+
+ for (s = a_string; (p = strchr_m(s, '%')); s = a_string + (p - b)) {
+
+ b = a_string;
+
+ switch (*(p+1)) {
+ case 'N':
+ a_string = realloc_string_sub(a_string,
+ "%N",
+ lp_netbios_name());
+ break;
+ case 'H': {
+ char *h;
+ if ((h = get_user_home_dir(talloc_tos(), user)))
+ a_string = realloc_string_sub(a_string, "%H", h);
+ TALLOC_FREE(h);
+ break;
+ }
+ case 'P':
+ a_string = realloc_string_sub(a_string, "%P", connectpath);
+ break;
+ case 'S':
+ a_string = realloc_string_sub(a_string, "%S", servicename);
+ break;
+ case 'g':
+ a_string = realloc_string_sub(a_string, "%g", gidtoname(gid));
+ break;
+ case 'u':
+ a_string = realloc_string_sub(a_string, "%u", user);
+ break;
+ default:
+ break;
+ }
+
+ p++;
+ if (a_string == NULL) {
+ return NULL;
+ }
+ }
+
+ return a_string;
+}
+
+char *talloc_sub_full(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str)
+{
+ char *a_string, *ret_string;
+
+ a_string = talloc_sub_advanced(ctx, servicename, user, connectpath,
+ gid, str);
+ if (a_string == NULL) {
+ return NULL;
+ }
+
+ ret_string = talloc_sub_basic(ctx, smb_name, domain_name, a_string);
+ TALLOC_FREE(a_string);
+ return ret_string;
+}
diff --git a/source3/lib/substitute.h b/source3/lib/substitute.h
new file mode 100644
index 0000000..6596ffd
--- /dev/null
+++ b/source3/lib/substitute.h
@@ -0,0 +1,65 @@
+/*
+ Unix SMB/CIFS implementation.
+ string substitution functions
+ Copyright (C) Andrew Tridgell 1992-2000
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef SUBSTITUTE_H
+#define SUBSTITUTE_H
+
+void set_remote_proto(const char *proto);
+bool set_local_machine_name(const char *local_name, bool perm);
+const char *get_local_machine_name(void);
+bool set_remote_machine_name(const char *remote_name, bool perm);
+const char *get_remote_machine_name(void);
+void sub_set_socket_ids(const char *peeraddr, const char *peername,
+ const char *sockaddr);
+void set_current_user_info(const char *smb_name,
+ const char *unix_name,
+ const char *domain);
+const char *get_current_username(void);
+const char *get_current_user_info_domain(void);
+void standard_sub_basic(const char *smb_name,
+ const char *domain_name,
+ char *str,
+ size_t len);
+char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ const char *input_string,
+ const char *username,
+ const char *grpname,
+ const char *domain,
+ uid_t uid,
+ gid_t gid);
+char *talloc_sub_advanced(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *str);
+char *talloc_sub_full(TALLOC_CTX *ctx,
+ const char *servicename,
+ const char *user,
+ const char *connectpath,
+ gid_t gid,
+ const char *smb_name,
+ const char *domain_name,
+ const char *str);
+#endif
diff --git a/source3/lib/substitute_generic.c b/source3/lib/substitute_generic.c
new file mode 100644
index 0000000..26c5ee7
--- /dev/null
+++ b/source3/lib/substitute_generic.c
@@ -0,0 +1,113 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+
+ Copyright (C) Andrew Tridgell 1992-2001
+ Copyright (C) Simo Sorce 2001-2002
+ Copyright (C) Martin Pool 2003
+ Copyright (C) James Peach 2006
+ Copyright (C) Jeremy Allison 1992-2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+/**
+ Similar to string_sub2, but it will accept only allocated strings
+ and may realloc them so pay attention at what you pass on no
+ pointers inside strings, no const may be passed
+ as string.
+**/
+
+char *realloc_string_sub2(char *string,
+ const char *pattern,
+ const char *insert,
+ bool remove_unsafe_characters,
+ bool allow_trailing_dollar)
+{
+ char *p, *in;
+ char *s;
+ ssize_t ls,lp,li,ld, i;
+
+ if (!insert || !pattern || !*pattern || !string || !*string)
+ return NULL;
+
+ s = string;
+
+ in = talloc_strdup(talloc_tos(), insert);
+ if (!in) {
+ DEBUG(0, ("realloc_string_sub: out of memory!\n"));
+ return NULL;
+ }
+ ls = (ssize_t)strlen(s);
+ lp = (ssize_t)strlen(pattern);
+ li = (ssize_t)strlen(insert);
+ ld = li - lp;
+ for (i=0;i<li;i++) {
+ switch (in[i]) {
+ case '$':
+ /* allow a trailing $
+ * (as in machine accounts) */
+ if (allow_trailing_dollar && (i == li - 1 )) {
+ break;
+ }
+ FALL_THROUGH;
+ case '`':
+ case '"':
+ case '\'':
+ case ';':
+ case '%':
+ case '\r':
+ case '\n':
+ if ( remove_unsafe_characters ) {
+ in[i] = '_';
+ break;
+ }
+ FALL_THROUGH;
+ default:
+ /* ok */
+ break;
+ }
+ }
+
+ while ((p = strstr_m(s,pattern))) {
+ if (ld > 0) {
+ int offset = PTR_DIFF(s,string);
+ string = talloc_realloc(NULL, string, char, ls + ld + 1);
+ if (!string) {
+ DEBUG(0, ("realloc_string_sub: "
+ "out of memory!\n"));
+ talloc_free(in);
+ return NULL;
+ }
+ p = string + offset + (p - s);
+ }
+ if (li != lp) {
+ memmove(p+li,p+lp,strlen(p+lp)+1);
+ }
+ memcpy(p, in, li);
+ s = p + li;
+ ls += ld;
+ }
+ talloc_free(in);
+ return string;
+}
+
+char *realloc_string_sub(char *string,
+ const char *pattern,
+ const char *insert)
+{
+ return realloc_string_sub2(string, pattern, insert, true, false);
+}
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
new file mode 100644
index 0000000..234094a
--- /dev/null
+++ b/source3/lib/sysacls.c
@@ -0,0 +1,518 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba system utilities for ACL support.
+ Copyright (C) Jeremy Allison 2000.
+ Copyright (C) Volker Lendecke 2006
+ Copyright (C) Michael Adam 2006,2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/passwd.h"
+
+#if defined(HAVE_POSIX_ACLS)
+#include "modules/vfs_posixacl.h"
+#endif
+
+#if defined(HAVE_SOLARIS_UNIXWARE_ACLS)
+#include "modules/vfs_solarisacl.h"
+#endif
+
+#if defined(HAVE_HPUX_ACLS)
+#include "modules/vfs_hpuxacl.h"
+#endif
+
+#if defined(HAVE_AIX_ACLS)
+#include "modules/vfs_aixacl.h"
+#endif
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_ACLS
+
+/*
+ * Note that while this code implements sufficient functionality
+ * to support the sys_acl_* interfaces it does not provide all
+ * of the semantics of the POSIX ACL interfaces.
+ *
+ * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
+ * from a call to sys_acl_get_entry() should not be assumed to be
+ * valid after calling any of the following functions, which may
+ * reorder the entries in the ACL.
+ *
+ * sys_acl_valid()
+ * sys_acl_set_fd()
+ */
+
+int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+ if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (entry_p == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (entry_id == SMB_ACL_FIRST_ENTRY) {
+ acl_d->next = 0;
+ }
+
+ if (acl_d->next < 0) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (acl_d->next >= acl_d->count) {
+ return 0;
+ }
+
+ *entry_p = &acl_d->acl[acl_d->next++];
+
+ return 1;
+}
+
+int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
+{
+ *type_p = entry_d->a_type;
+
+ return 0;
+}
+
+int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+ *permset_p = &entry_d->a_perm;
+
+ return 0;
+}
+
+void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
+{
+ if (entry_d->a_type == SMB_ACL_USER) {
+ return &entry_d->info.user.uid;
+ }
+
+ if (entry_d->a_type == SMB_ACL_GROUP) {
+ return &entry_d->info.group.gid;
+ }
+
+ errno = EINVAL;
+ return NULL;
+}
+
+int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
+{
+ *permset_d = 0;
+
+ return 0;
+}
+
+int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
+ && perm != SMB_ACL_EXECUTE) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (permset_d == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ *permset_d |= perm;
+
+ return 0;
+}
+
+int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
+{
+ return *permset_d & perm;
+}
+
+char *sys_acl_to_text(const struct smb_acl_t *acl_d, ssize_t *len_p)
+{
+ int i;
+ int len, maxlen;
+ char *text;
+
+ /*
+ * use an initial estimate of 20 bytes per ACL entry
+ * when allocating memory for the text representation
+ * of the ACL
+ */
+ len = 0;
+ maxlen = 20 * acl_d->count;
+ if ((text = (char *)SMB_MALLOC(maxlen)) == NULL) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ for (i = 0; i < acl_d->count; i++) {
+ struct smb_acl_entry *ap = &acl_d->acl[i];
+ struct group *gr;
+ char tagbuf[12];
+ char idbuf[12];
+ const char *tag;
+ const char *id = "";
+ char perms[4];
+ int nbytes;
+
+ switch (ap->a_type) {
+ /*
+ * for debugging purposes it's probably more
+ * useful to dump unknown tag types rather
+ * than just returning an error
+ */
+ default:
+ slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
+ ap->a_type);
+ tag = tagbuf;
+ break;
+
+ case SMB_ACL_USER:
+ id = uidtoname(ap->info.user.uid);
+
+ FALL_THROUGH;
+ case SMB_ACL_USER_OBJ:
+ tag = "user";
+ break;
+
+ case SMB_ACL_GROUP:
+ if ((gr = getgrgid(ap->info.group.gid)) == NULL) {
+ slprintf(idbuf, sizeof(idbuf)-1, "%ld",
+ (long)ap->info.group.gid);
+ id = idbuf;
+ } else {
+ id = gr->gr_name;
+ }
+
+ FALL_THROUGH;
+ case SMB_ACL_GROUP_OBJ:
+ tag = "group";
+ break;
+
+ case SMB_ACL_OTHER:
+ tag = "other";
+ break;
+
+ case SMB_ACL_MASK:
+ tag = "mask";
+ break;
+
+ }
+
+ perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
+ perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
+ perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
+ perms[3] = '\0';
+
+ /* <tag> : <qualifier> : rwx \n \0 */
+ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
+
+ /*
+ * If this entry would overflow the buffer
+ * allocate enough additional memory for this
+ * entry and an estimate of another 20 bytes
+ * for each entry still to be processed
+ */
+ if ((len + nbytes) > maxlen) {
+ maxlen += nbytes + 20 * (acl_d->count - i);
+ if ((text = (char *)SMB_REALLOC(text, maxlen)) == NULL) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
+
+
+ slprintf(&text[len], nbytes, "%s:%s:%s\n", tag, id, perms);
+ len += (nbytes - 1);
+ }
+
+ if (len_p)
+ *len_p = len;
+
+ return text;
+}
+
+SMB_ACL_T sys_acl_init(TALLOC_CTX *mem_ctx)
+{
+ SMB_ACL_T a;
+
+ if ((a = talloc(mem_ctx, struct smb_acl_t)) == NULL) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ a->count = 0;
+ a->next = -1;
+
+ a->acl = talloc_array(a, struct smb_acl_entry, 0);
+ if (!a->acl) {
+ TALLOC_FREE(a);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ return a;
+}
+
+int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
+{
+ SMB_ACL_T acl_d;
+ SMB_ACL_ENTRY_T entry_d;
+ struct smb_acl_entry *acl;
+
+ if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ acl = talloc_realloc(acl_d, acl_d->acl, struct smb_acl_entry, acl_d->count+1);
+ if (!acl) {
+ errno = ENOMEM;
+ return -1;
+ }
+ acl_d->acl = acl;
+ entry_d = &acl_d->acl[acl_d->count];
+ entry_d->a_type = SMB_ACL_TAG_INVALID;
+ entry_d->a_perm = 0;
+ *entry_p = entry_d;
+
+ acl_d->count++;
+ return 0;
+}
+
+int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
+{
+ switch (tag_type) {
+ case SMB_ACL_USER:
+ case SMB_ACL_USER_OBJ:
+ case SMB_ACL_GROUP:
+ case SMB_ACL_GROUP_OBJ:
+ case SMB_ACL_OTHER:
+ case SMB_ACL_MASK:
+ entry_d->a_type = tag_type;
+ break;
+ default:
+ errno = EINVAL;
+ return -1;
+ }
+
+ return 0;
+}
+
+int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
+{
+ if (entry_d->a_type == SMB_ACL_USER) {
+ entry_d->info.user.uid = *((uid_t *)qual_p);
+ return 0;
+ }
+ if (entry_d->a_type == SMB_ACL_GROUP) {
+ entry_d->info.group.gid = *((gid_t *)qual_p);
+ return 0;
+ }
+
+ errno = EINVAL;
+ return -1;
+}
+
+int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
+{
+ if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ entry_d->a_perm = *permset_d;
+
+ return 0;
+}
+
+int sys_acl_free_text(char *text)
+{
+ SAFE_FREE(text);
+ return 0;
+}
+
+int sys_acl_valid(SMB_ACL_T acl_d)
+{
+ errno = EINVAL;
+ return -1;
+}
+
+/*
+ * acl_get_file, acl_get_fd, acl_set_file, acl_set_fd and
+ * sys_acl_delete_def_fd are to be redirected to the default
+ * statically-bound acl vfs module, but they are replaceable.
+ */
+
+#if defined(HAVE_POSIX_ACLS)
+
+SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
+{
+ return posixacl_sys_acl_get_fd(handle, fsp, type, mem_ctx);
+}
+
+int sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T acl_d)
+{
+ return posixacl_sys_acl_set_fd(handle, fsp, type, acl_d);
+}
+
+int sys_acl_delete_def_fd(vfs_handle_struct *handle,
+ files_struct *fsp)
+{
+ return posixacl_sys_acl_delete_def_fd(handle, fsp);
+}
+
+#elif defined(HAVE_AIX_ACLS)
+
+SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
+{
+ return aixacl_sys_acl_get_fd(handle, fsp, type, mem_ctx);
+}
+
+int sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T acl_d)
+{
+ return aixacl_sys_acl_set_fd(handle, fsp, type, acl_d);
+}
+
+int sys_acl_delete_def_fd(vfs_handle_struct *handle,
+ files_struct *fsp)
+{
+ return aixacl_sys_acl_delete_def_fd(handle, fsp);
+}
+#elif defined(HAVE_SOLARIS_UNIXWARE_ACLS)
+
+SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
+{
+ return solarisacl_sys_acl_get_fd(handle, fsp, type,
+ mem_ctx);
+}
+
+int sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T acl_d)
+{
+ return solarisacl_sys_acl_set_fd(handle,
+ fsp,
+ type,
+ acl_d);
+}
+
+int sys_acl_delete_def_fd(vfs_handle_struct *handle,
+ files_struct *fsp)
+{
+ return solarisacl_sys_acl_delete_def_fd(handle, fsp);
+}
+#elif defined(HAVE_HPUX_ACLS)
+
+SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
+{
+ return hpuxacl_sys_acl_get_fd(handle, fsp, mem_ctx);
+}
+
+int sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T acl_d)
+{
+ return hpuxacl_sys_acl_set_file(handle, fsp->fsp_name, type, acl_d);
+}
+
+int sys_acl_delete_def_fd(vfs_handle_struct *handle,
+ files_struct *fsp)
+{
+ return hpuxacl_sys_acl_delete_def_fd(handle, fsp);
+}
+#else /* No ACLs. */
+
+SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
+{
+#ifdef ENOTSUP
+ errno = ENOTSUP;
+#else
+ errno = ENOSYS;
+#endif
+ return NULL;
+}
+
+int sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T acl_d)
+{
+#ifdef ENOTSUP
+ errno = ENOTSUP;
+#else
+ errno = ENOSYS;
+#endif
+ return -1;
+}
+
+int sys_acl_delete_def_fd(vfs_handle_struct *handle,
+ files_struct *fsp)
+{
+#ifdef ENOTSUP
+ errno = ENOTSUP;
+#else
+ errno = ENOSYS;
+#endif
+ return -1;
+}
+#endif
+
+/************************************************************************
+ Deliberately outside the ACL defines. Return 1 if this is a "no acls"
+ errno, 0 if not.
+************************************************************************/
+
+int no_acl_syscall_error(int err)
+{
+#if defined(ENOSYS)
+ if (err == ENOSYS) {
+ return 1;
+ }
+#endif
+#if defined(ENOTSUP)
+ if (err == ENOTSUP) {
+ return 1;
+ }
+#endif
+ return 0;
+}
diff --git a/source3/lib/sysquotas.c b/source3/lib/sysquotas.c
new file mode 100644
index 0000000..b7eedcd
--- /dev/null
+++ b/source3/lib/sysquotas.c
@@ -0,0 +1,619 @@
+/*
+ Unix SMB/CIFS implementation.
+ System QUOTA function wrappers
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "lib/util_file.h"
+#include "lib/util/smb_strtox.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_QUOTA
+
+#ifdef HAVE_SYS_QUOTAS
+
+#if defined(HAVE_QUOTACTL_4A)
+
+/*#endif HAVE_QUOTACTL_4A */
+#elif defined(HAVE_QUOTACTL_4B)
+
+/*#endif HAVE_QUOTACTL_4B */
+#elif defined(HAVE_QUOTACTL_3)
+
+#error HAVE_QUOTACTL_3 not implemented
+
+/* #endif HAVE_QUOTACTL_3 */
+#else /* NO_QUOTACTL_USED */
+
+#endif /* NO_QUOTACTL_USED */
+
+#if defined(HAVE_MNTENT) && defined(HAVE_REALPATH)
+static int sys_path_to_bdev(const char *path, char **mntpath, char **bdev, char **fs)
+{
+ int ret = -1;
+ SMB_STRUCT_STAT S;
+ FILE *fp;
+ struct mntent *mnt = NULL;
+ SMB_DEV_T devno;
+ char *stat_mntpath = NULL;
+ char *p;
+
+ /* find the block device file */
+ (*mntpath) = NULL;
+ (*bdev) = NULL;
+ (*fs) = NULL;
+
+ if (sys_stat(path, &S, false) != 0) {
+ return -1;
+ }
+
+ devno = S.st_ex_dev ;
+
+ stat_mntpath = sys_realpath(path);
+ if (stat_mntpath == NULL) {
+ DBG_WARNING("realpath(%s) failed - %s\n", path,
+ strerror(errno));
+ goto out;
+ }
+
+ if (sys_stat(stat_mntpath, &S, false) != 0) {
+ DBG_WARNING("cannot stat real path %s - %s\n", stat_mntpath,
+ strerror(errno));
+ goto out;
+ }
+
+ if (S.st_ex_dev != devno) {
+ DBG_WARNING("device on real path has changed\n");
+ goto out;
+ }
+
+ while (true) {
+ char save_ch;
+
+ p = strrchr(stat_mntpath, '/');
+ if (p == NULL) {
+ DBG_ERR("realpath for %s does not begin with a '/'\n",
+ path);
+ goto out;
+ }
+
+ if (p == stat_mntpath) {
+ ++p;
+ }
+
+ save_ch = *p;
+ *p = 0;
+ if (sys_stat(stat_mntpath, &S, false) != 0) {
+ DBG_WARNING("cannot stat real path component %s - %s\n",
+ stat_mntpath, strerror(errno));
+ goto out;
+ }
+ if (S.st_ex_dev != devno) {
+ *p = save_ch;
+ break;
+ }
+
+ if (p <= stat_mntpath + 1) {
+ break;
+ }
+ }
+
+ fp = setmntent(MOUNTED,"r");
+ if (fp == NULL) {
+ goto out;
+ }
+
+ while ((mnt = getmntent(fp))) {
+ if (!strequal(mnt->mnt_dir, stat_mntpath)) {
+ continue;
+ }
+
+ if ( sys_stat(mnt->mnt_dir, &S, false) == -1 )
+ continue ;
+
+ if (S.st_ex_dev == devno) {
+ (*mntpath) = SMB_STRDUP(mnt->mnt_dir);
+ (*bdev) = SMB_STRDUP(mnt->mnt_fsname);
+ (*fs) = SMB_STRDUP(mnt->mnt_type);
+ if ((*mntpath)&&(*bdev)&&(*fs)) {
+ ret = 0;
+ } else {
+ SAFE_FREE(*mntpath);
+ SAFE_FREE(*bdev);
+ SAFE_FREE(*fs);
+ ret = -1;
+ }
+
+ break;
+ }
+ }
+
+ endmntent(fp) ;
+
+out:
+ SAFE_FREE(stat_mntpath);
+ return ret;
+}
+/* #endif HAVE_MNTENT */
+#elif defined(HAVE_DEVNM)
+
+/* we have this on HPUX, ... */
+static int sys_path_to_bdev(const char *path, char **mntpath, char **bdev, char **fs)
+{
+ int ret = -1;
+ char dev_disk[256];
+ SMB_STRUCT_STAT S;
+
+ if (!path||!mntpath||!bdev||!fs)
+ smb_panic("sys_path_to_bdev: called with NULL pointer");
+
+ (*mntpath) = NULL;
+ (*bdev) = NULL;
+ (*fs) = NULL;
+
+ /* find the block device file */
+
+ if ((ret=sys_stat(path, &S, false))!=0) {
+ return ret;
+ }
+
+ if ((ret=devnm(S_IFBLK, S.st_ex_dev, dev_disk, 256, 1))!=0) {
+ return ret;
+ }
+
+ /* we should get the mntpath right...
+ * but I don't know how
+ * --metze
+ */
+ (*mntpath) = SMB_STRDUP(path);
+ (*bdev) = SMB_STRDUP(dev_disk);
+ if ((*mntpath)&&(*bdev)) {
+ ret = 0;
+ } else {
+ SAFE_FREE(*mntpath);
+ SAFE_FREE(*bdev);
+ ret = -1;
+ }
+
+
+ return ret;
+}
+
+/* #endif HAVE_DEVNM */
+#else
+/* we should fake this up...*/
+static int sys_path_to_bdev(const char *path, char **mntpath, char **bdev, char **fs)
+{
+ int ret = -1;
+
+ if (!path||!mntpath||!bdev||!fs)
+ smb_panic("sys_path_to_bdev: called with NULL pointer");
+
+ (*mntpath) = NULL;
+ (*bdev) = NULL;
+ (*fs) = NULL;
+
+ (*mntpath) = SMB_STRDUP(path);
+ if (*mntpath) {
+ ret = 0;
+ } else {
+ SAFE_FREE(*mntpath);
+ ret = -1;
+ }
+
+ return ret;
+}
+#endif
+
+/*********************************************************************
+ Now the list of all filesystem specific quota systems we have found
+**********************************************************************/
+static struct {
+ const char *name;
+ int (*get_quota)(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
+ int (*set_quota)(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp);
+} sys_quota_backends[] = {
+#ifdef HAVE_JFS_QUOTA_H
+ {"jfs2", sys_get_jfs2_quota, sys_set_jfs2_quota},
+#endif
+#if defined HAVE_XFS_QUOTAS
+ {"xfs", sys_get_xfs_quota, sys_set_xfs_quota},
+ {"gfs", sys_get_xfs_quota, sys_set_xfs_quota},
+ {"gfs2", sys_get_xfs_quota, sys_set_xfs_quota},
+#endif /* HAVE_XFS_QUOTAS */
+#ifdef HAVE_NFS_QUOTAS
+ {"nfs", sys_get_nfs_quota, sys_set_nfs_quota},
+ {"nfs4", sys_get_nfs_quota, sys_set_nfs_quota},
+#endif /* HAVE_NFS_QUOTAS */
+ {NULL, NULL, NULL}
+};
+
+static int command_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ const char *get_quota_command;
+ char **lines = NULL;
+
+ get_quota_command = lp_get_quota_command(talloc_tos(), lp_sub);
+ if (get_quota_command && *get_quota_command) {
+ const char *p;
+ char *p2;
+ int _id = -1;
+ int error = 0;
+ char **argl = NULL;
+
+ switch(qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ case SMB_USER_FS_QUOTA_TYPE:
+ _id = id.uid;
+ break;
+ case SMB_GROUP_QUOTA_TYPE:
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ _id = id.gid;
+ break;
+ default:
+ DEBUG(0,("invalid quota type.\n"));
+ return -1;
+ }
+
+ argl = str_list_make_empty(talloc_tos());
+ str_list_add_printf(&argl, "%s", get_quota_command);
+ str_list_add_printf(&argl, "%s", path);
+ str_list_add_printf(&argl, "%d", qtype);
+ str_list_add_printf(&argl, "%d", _id);
+ if (argl == NULL) {
+ return -1;
+ }
+
+ DBG_NOTICE("Running command %s %s %d %d\n",
+ get_quota_command,
+ path,
+ qtype,
+ _id);
+
+ lines = file_lines_ploadv(talloc_tos(), argl, NULL);
+ TALLOC_FREE(argl);
+
+ if (lines) {
+ char *line = lines[0];
+
+ DEBUG (3, ("Read output from get_quota, \"%s\"\n", line));
+
+ /* we need to deal with long long unsigned here, if supported */
+
+ dp->qflags = smb_strtoul(line,
+ &p2,
+ 10,
+ &error,
+ SMB_STR_STANDARD);
+ if (error != 0) {
+ goto invalid_param;
+ }
+
+ p = p2;
+ while (p && *p && isspace(*p)) {
+ p++;
+ }
+
+ if (p && *p) {
+ dp->curblocks = STR_TO_SMB_BIG_UINT(p, &p);
+ } else {
+ goto invalid_param;
+ }
+
+ while (p && *p && isspace(*p)) {
+ p++;
+ }
+
+ if (p && *p) {
+ dp->softlimit = STR_TO_SMB_BIG_UINT(p, &p);
+ } else {
+ goto invalid_param;
+ }
+
+ while (p && *p && isspace(*p)) {
+ p++;
+ }
+
+ if (p && *p) {
+ dp->hardlimit = STR_TO_SMB_BIG_UINT(p, &p);
+ } else {
+ goto invalid_param;
+ }
+
+ while (p && *p && isspace(*p)) {
+ p++;
+ }
+
+ if (p && *p) {
+ dp->curinodes = STR_TO_SMB_BIG_UINT(p, &p);
+ } else {
+ goto invalid_param;
+ }
+
+ while (p && *p && isspace(*p)) {
+ p++;
+ }
+
+ if (p && *p) {
+ dp->isoftlimit = STR_TO_SMB_BIG_UINT(p, &p);
+ } else {
+ goto invalid_param;
+ }
+
+ while (p && *p && isspace(*p)) {
+ p++;
+ }
+
+ if (p && *p) {
+ dp->ihardlimit = STR_TO_SMB_BIG_UINT(p, &p);
+ } else {
+ goto invalid_param;
+ }
+
+ while (p && *p && isspace(*p)) {
+ p++;
+ }
+
+ if (p && *p) {
+ dp->bsize = STR_TO_SMB_BIG_UINT(p, NULL);
+ } else {
+ dp->bsize = 1024;
+ }
+
+ TALLOC_FREE(lines);
+ lines = NULL;
+
+ DEBUG (3, ("Parsed output of get_quota, ...\n"));
+
+ DEBUGADD (5,(
+ "qflags:%"PRIu32" curblocks:%"PRIu64" softlimit:%"PRIu64" hardlimit:%"PRIu64"\n"
+ "curinodes:%"PRIu64" isoftlimit:%"PRIu64" ihardlimit:%"PRIu64" bsize:%"PRIu64"\n",
+ dp->qflags,dp->curblocks,
+ dp->softlimit,dp->hardlimit,
+ dp->curinodes,
+ dp->isoftlimit,dp->ihardlimit,
+ dp->bsize));
+ return 0;
+ }
+
+ DEBUG (0, ("get_quota_command failed!\n"));
+ return -1;
+ }
+
+ errno = ENOSYS;
+ return -1;
+
+invalid_param:
+
+ TALLOC_FREE(lines);
+ DEBUG(0,("The output of get_quota_command is invalid!\n"));
+ return -1;
+}
+
+static int command_set_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ const char *set_quota_command;
+
+ set_quota_command = lp_set_quota_command(talloc_tos(), lp_sub);
+ if (set_quota_command && *set_quota_command) {
+ char **lines = NULL;
+ int _id = -1;
+ char **argl = NULL;
+
+ switch(qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ case SMB_USER_FS_QUOTA_TYPE:
+ _id = id.uid;
+ break;
+ case SMB_GROUP_QUOTA_TYPE:
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ _id = id.gid;
+ break;
+ default:
+ return -1;
+ }
+
+ argl = str_list_make_empty(talloc_tos());
+ str_list_add_printf(&argl, "%s", set_quota_command);
+ str_list_add_printf(&argl, "%s", path);
+ str_list_add_printf(&argl, "%d", qtype);
+ str_list_add_printf(&argl, "%d", _id);
+ str_list_add_printf(&argl, "%u", dp->qflags);
+ str_list_add_printf(
+ &argl, "%"PRIu64, dp->softlimit);
+ str_list_add_printf(
+ &argl, "%"PRIu64, dp->hardlimit);
+ str_list_add_printf(
+ &argl, "%"PRIu64, dp->isoftlimit);
+ str_list_add_printf(
+ &argl, "%"PRIu64, dp->ihardlimit);
+ str_list_add_printf(
+ &argl, "%"PRIu64, dp->bsize);
+ if (argl == NULL) {
+ return -1;
+ }
+
+ DBG_NOTICE("Running command "
+ "%s %s %d %d "
+ "%"PRIu32" %"PRIu64" %"PRIu64" "
+ "%"PRIu64" %"PRIu64" %"PRIu64"\n",
+ set_quota_command,
+ path,
+ qtype,
+ _id,
+ dp->qflags,
+ dp->softlimit,
+ dp->hardlimit,
+ dp->isoftlimit,
+ dp->ihardlimit,
+ dp->bsize);
+
+ lines = file_lines_ploadv(talloc_tos(), argl, NULL);
+ TALLOC_FREE(argl);
+ if (lines) {
+ char *line = lines[0];
+
+ DEBUG (3, ("Read output from set_quota, \"%s\"\n", line));
+
+ TALLOC_FREE(lines);
+
+ return 0;
+ }
+ DEBUG (0, ("set_quota_command failed!\n"));
+ return -1;
+ }
+
+ errno = ENOSYS;
+ return -1;
+}
+
+int sys_get_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ int i;
+ bool ready = False;
+ char *mntpath = NULL;
+ char *bdev = NULL;
+ char *fs = NULL;
+
+ if (!path||!dp)
+ smb_panic("sys_get_quota: called with NULL pointer");
+
+ if (command_get_quota(path, qtype, id, dp)==0) {
+ return 0;
+ } else if (errno != ENOSYS) {
+ return -1;
+ }
+
+ if ((ret=sys_path_to_bdev(path,&mntpath,&bdev,&fs))!=0) {
+ DEBUG(0,("sys_path_to_bdev() failed for path [%s]!\n",path));
+ return ret;
+ }
+
+ errno = 0;
+ DEBUG(10,("sys_get_quota() uid(%u, %u), fs(%s)\n", (unsigned)getuid(), (unsigned)geteuid(), fs));
+
+ for (i=0;(fs && sys_quota_backends[i].name && sys_quota_backends[i].get_quota);i++) {
+ if (strcmp(fs,sys_quota_backends[i].name)==0) {
+ ret = sys_quota_backends[i].get_quota(mntpath, bdev, qtype, id, dp);
+ if (ret!=0) {
+ DEBUG(3,("sys_get_%s_quota() failed for mntpath[%s] bdev[%s] qtype[%d] id[%d]: %s.\n",
+ fs,mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid),strerror(errno)));
+ } else {
+ DEBUG(10,("sys_get_%s_quota() called for mntpath[%s] bdev[%s] qtype[%d] id[%d].\n",
+ fs,mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid)));
+ }
+ ready = True;
+ break;
+ }
+ }
+
+ if (!ready) {
+ /* use the default vfs quota functions */
+ ret=sys_get_vfs_quota(mntpath, bdev, qtype, id, dp);
+ if (ret!=0) {
+ DEBUG(3,("sys_get_%s_quota() failed for mntpath[%s] bdev[%s] qtype[%d] id[%d]: %s\n",
+ "vfs",mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid),strerror(errno)));
+ } else {
+ DEBUG(10,("sys_get_%s_quota() called for mntpath[%s] bdev[%s] qtype[%d] id[%d].\n",
+ "vfs",mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid)));
+ }
+ }
+
+ SAFE_FREE(mntpath);
+ SAFE_FREE(bdev);
+ SAFE_FREE(fs);
+
+ return ret;
+}
+
+int sys_set_quota(const char *path, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ int i;
+ bool ready = False;
+ char *mntpath = NULL;
+ char *bdev = NULL;
+ char *fs = NULL;
+
+ /* find the block device file */
+
+ if (!path||!dp)
+ smb_panic("get_smb_quota: called with NULL pointer");
+
+ if (command_set_quota(path, qtype, id, dp)==0) {
+ return 0;
+ } else if (errno != ENOSYS) {
+ return -1;
+ }
+
+ if ((ret=sys_path_to_bdev(path,&mntpath,&bdev,&fs))!=0) {
+ DEBUG(0,("sys_path_to_bdev() failed for path [%s]!\n",path));
+ return ret;
+ }
+
+ errno = 0;
+ DEBUG(10,("sys_set_quota() uid(%u, %u)\n", (unsigned)getuid(), (unsigned)geteuid()));
+
+ for (i=0;(fs && sys_quota_backends[i].name && sys_quota_backends[i].set_quota);i++) {
+ if (strcmp(fs,sys_quota_backends[i].name)==0) {
+ ret = sys_quota_backends[i].set_quota(mntpath, bdev, qtype, id, dp);
+ if (ret!=0) {
+ DEBUG(3,("sys_set_%s_quota() failed for mntpath[%s] bdev[%s] qtype[%d] id[%d]: %s.\n",
+ fs,mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid),strerror(errno)));
+ } else {
+ DEBUG(10,("sys_set_%s_quota() called for mntpath[%s] bdev[%s] qtype[%d] id[%d].\n",
+ fs,mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid)));
+ }
+ ready = True;
+ break;
+ }
+ }
+
+ if (!ready) {
+ /* use the default vfs quota functions */
+ ret=sys_set_vfs_quota(mntpath, bdev, qtype, id, dp);
+ if (ret!=0) {
+ DEBUG(3,("sys_set_%s_quota() failed for mntpath[%s] bdev[%s] qtype[%d] id[%d]: %s.\n",
+ "vfs",mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid),strerror(errno)));
+ } else {
+ DEBUG(10,("sys_set_%s_quota() called for mntpath[%s] bdev[%s] qtype[%d] id[%d].\n",
+ "vfs",mntpath,bdev,qtype,(qtype==SMB_GROUP_QUOTA_TYPE?id.gid:id.uid)));
+ }
+ }
+
+ SAFE_FREE(mntpath);
+ SAFE_FREE(bdev);
+ SAFE_FREE(fs);
+
+ return ret;
+}
+
+#else /* HAVE_SYS_QUOTAS */
+ void dummy_sysquotas_c(void);
+
+ void dummy_sysquotas_c(void)
+{
+ return;
+}
+#endif /* HAVE_SYS_QUOTAS */
+
diff --git a/source3/lib/sysquotas_4A.c b/source3/lib/sysquotas_4A.c
new file mode 100644
index 0000000..674c4ee
--- /dev/null
+++ b/source3/lib/sysquotas_4A.c
@@ -0,0 +1,334 @@
+/*
+ Unix SMB/CIFS implementation.
+ System QUOTA function wrappers for QUOTACTL_4A
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_QUOTA
+
+#ifndef HAVE_SYS_QUOTAS
+#ifdef HAVE_QUOTACTL_4A
+#undef HAVE_QUOTACTL_4A
+#endif
+#endif
+
+#ifdef HAVE_QUOTACTL_4A
+/* long quotactl(int cmd, char *special, qid_t id, caddr_t addr) */
+/* this is used by: HPUX,IRIX */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_ASM_TYPES_H
+#include <asm/types.h>
+#endif
+
+#ifdef HAVE_SYS_QUOTA_H
+#include <sys/quota.h>
+#endif
+
+#ifndef Q_SETQLIM
+#define Q_SETQLIM Q_SETQUOTA
+#endif
+
+#ifndef QCMD
+#define QCMD(x,y) x
+#endif
+
+#ifndef QCMD
+#define QCMD(x,y) x
+#endif
+
+#ifdef GRPQUOTA
+#define HAVE_GROUP_QUOTA
+#endif
+
+#ifndef QUOTABLOCK_SIZE
+#define QUOTABLOCK_SIZE DEV_BSIZE
+#endif
+
+#ifdef HAVE_DQB_FSOFTLIMIT
+#define dqb_isoftlimit dqb_fsoftlimit
+#define dqb_ihardlimit dqb_fhardlimit
+#define dqb_curinodes dqb_curfiles
+#endif
+
+#ifdef INITQFNAMES
+#define USERQUOTAFILE_EXTENSION ".user"
+#else
+#define USERQUOTAFILE_EXTENSION ""
+#endif
+
+#if !defined(QUOTAFILENAME) && defined(QFILENAME)
+#define QUOTAFILENAME QFILENAME
+#endif
+
+/****************************************************************************
+ Abstract out the quotactl_4A get calls.
+****************************************************************************/
+int sys_get_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ uint32_t qflags = 0;
+ struct dqblk D;
+ uint64_t bsize = (uint64_t)QUOTABLOCK_SIZE;
+
+ ZERO_STRUCT(D);
+ ZERO_STRUCT(*dp);
+ dp->qtype = qtype;
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ DEBUG(10,("sys_get_vfs_quota: path[%s] bdev[%s] SMB_USER_QUOTA_TYPE uid[%u]\n",
+ path, bdev, (unsigned)id.uid));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), (caddr_t)bdev, id.uid, (void *)&D))&&errno != EDQUOT) {
+ return ret;
+ }
+
+ ret = 0;
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_QUOTA_TYPE:
+ DEBUG(10,("sys_get_vfs_quota: path[%s] bdev[%s] SMB_GROUP_QUOTA_TYPE gid[%u]\n",
+ path, bdev, (unsigned)id.gid));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA,GRPQUOTA), (caddr_t)bdev, id.gid, (void *)&D))&&errno != EDQUOT) {
+ return ret;
+ }
+
+ ret = 0;
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ case SMB_USER_FS_QUOTA_TYPE:
+ id.uid = getuid();
+
+ DEBUG(10,("sys_get_vfs_quota: path[%s] bdev[%s] SMB_USER_FS_QUOTA_TYPE (uid[%u])\n",
+ path, (caddr_t)bdev, (unsigned)id.uid));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), (caddr_t)bdev, id.uid, (void *)&D))==0) {
+ qflags |= QUOTAS_DENY_DISK;
+ }
+
+ ret = 0;
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ id.gid = getgid();
+
+ DEBUG(10,("sys_get_vfs_quota: path[%s] bdev[%s] SMB_GROUP_FS_QUOTA_TYPE (gid[%u])\n",
+ path, bdev, (unsigned)id.gid));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA,GRPQUOTA), (caddr_t)bdev, id.gid, (void *)&D))==0) {
+ qflags |= QUOTAS_DENY_DISK;
+ }
+
+ ret = 0;
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ default:
+ errno = ENOSYS;
+ return -1;
+ }
+
+ dp->bsize = bsize;
+ dp->softlimit = (uint64_t)D.dqb_bsoftlimit;
+ dp->hardlimit = (uint64_t)D.dqb_bhardlimit;
+ dp->ihardlimit = (uint64_t)D.dqb_ihardlimit;
+ dp->isoftlimit = (uint64_t)D.dqb_isoftlimit;
+ dp->curinodes = (uint64_t)D.dqb_curinodes;
+ dp->curblocks = (uint64_t)D.dqb_curblocks;
+
+
+ dp->qflags = qflags;
+
+ return ret;
+}
+
+/****************************************************************************
+ Abstract out the quotactl_4A set calls.
+****************************************************************************/
+int sys_set_vfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ uint32_t qflags = 0;
+ uint32_t oldqflags = 0;
+ struct dqblk D;
+ uint64_t bsize = (uint64_t)QUOTABLOCK_SIZE;
+
+ ZERO_STRUCT(D);
+
+ if (bsize == dp->bsize) {
+ D.dqb_bsoftlimit = dp->softlimit;
+ D.dqb_bhardlimit = dp->hardlimit;
+ D.dqb_ihardlimit = dp->ihardlimit;
+ D.dqb_isoftlimit = dp->isoftlimit;
+ } else {
+ D.dqb_bsoftlimit = (dp->softlimit*dp->bsize)/bsize;
+ D.dqb_bhardlimit = (dp->hardlimit*dp->bsize)/bsize;
+ D.dqb_ihardlimit = (dp->ihardlimit*dp->bsize)/bsize;
+ D.dqb_isoftlimit = (dp->isoftlimit*dp->bsize)/bsize;
+ }
+
+ qflags = dp->qflags;
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ DEBUG(10,("sys_set_vfs_quota: path[%s] bdev[%s] SMB_USER_QUOTA_TYPE uid[%u]\n",
+ path, bdev, (unsigned)id.uid));
+
+ ret = quotactl(QCMD(Q_SETQLIM,USRQUOTA), (caddr_t)bdev, id.uid, (void *)&D);
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_QUOTA_TYPE:
+ DEBUG(10,("sys_set_vfs_quota: path[%s] bdev[%s] SMB_GROUP_QUOTA_TYPE gid[%u]\n",
+ path, bdev, (unsigned)id.gid));
+
+ ret = quotactl(QCMD(Q_SETQLIM,GRPQUOTA), (caddr_t)bdev, id.gid, (void *)&D);
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ case SMB_USER_FS_QUOTA_TYPE:
+ /* this stuff didn't work as it should:
+ * switching on/off quota via quotactl()
+ * didn't work!
+ * So we just return 0
+ * --metze
+ *
+ * On HPUX we didn't have the mount path,
+ * we need to fix sys_path_to_bdev()
+ *
+ */
+ id.uid = getuid();
+ DEBUG(10,("sys_set_vfs_quota: path[%s] bdev[%s] SMB_USER_FS_QUOTA_TYPE (uid[%u])\n",
+ path, bdev, (unsigned)id.uid));
+
+#if 0
+ ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), (caddr_t)bdev, id.uid, (void *)&D);
+
+ if ((qflags&QUOTAS_DENY_DISK)||(qflags&QUOTAS_ENABLED)) {
+ if (ret == 0) {
+ char *quota_file = NULL;
+
+ asprintf(&quota_file,"/%s/%s%s",path, QUOTAFILENAME,USERQUOTAFILE_EXTENSION);
+ if (quota_file == NULL) {
+ DEBUG(0,("asprintf() failed!\n"));
+ errno = ENOMEM;
+ return -1;
+ }
+
+ ret = quotactl(QCMD(Q_QUOTAON,USRQUOTA), (caddr_t)bdev, -1,(void *)quota_file);
+ } else {
+ ret = 0;
+ }
+ } else {
+ if (ret != 0) {
+ /* turn off */
+ ret = quotactl(QCMD(Q_QUOTAOFF,USRQUOTA), (caddr_t)bdev, -1, (void *)0);
+ } else {
+ ret = 0;
+ }
+ }
+
+ DEBUG(0,("sys_set_vfs_quota: ret(%d) errno(%d)[%s] uid(%d) bdev[%s]\n",
+ ret,errno,strerror(errno),id.uid,bdev));
+#else
+ if ((ret = quotactl(QCMD(Q_GETQUOTA,USRQUOTA), (caddr_t)bdev, id.uid, (void *)&D))==0) {
+ oldqflags |= QUOTAS_DENY_DISK;
+ }
+
+ if (oldqflags == qflags) {
+ ret = 0;
+ } else {
+ ret = -1;
+ }
+#endif
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ /* this stuff didn't work as it should:
+ * switching on/off quota via quotactl()
+ * didn't work!
+ * So we just return 0
+ * --metze
+ *
+ * On HPUX we didn't have the mount path,
+ * we need to fix sys_path_to_bdev()
+ *
+ */
+ id.gid = getgid();
+ DEBUG(10,("sys_set_vfs_quota: path[%s] bdev[%s] SMB_GROUP_FS_QUOTA_TYPE (gid[%u])\n",
+ path, bdev, (unsigned)id.gid));
+
+#if 0
+ ret = quotactl(QCMD(Q_GETQUOTA,GRPQUOTA), bdev, id, (void *)&D);
+
+ if ((qflags&QUOTAS_DENY_DISK)||(qflags&QUOTAS_ENABLED)) {
+ if (ret == 0) {
+ char *quota_file = NULL;
+
+ asprintf(&quota_file,"/%s/%s%s",path, QUOTAFILENAME,GROUPQUOTAFILE_EXTENSION);
+ if (quota_file == NULL) {
+ DEBUG(0,("asprintf() failed!\n"));
+ errno = ENOMEM;
+ return -1;
+ }
+
+ ret = quotactl(QCMD(Q_QUOTAON,GRPQUOTA), (caddr_t)bdev, -1,(void *)quota_file);
+ } else {
+ ret = 0;
+ }
+ } else {
+ if (ret != 0) {
+ /* turn off */
+ ret = quotactl(QCMD(Q_QUOTAOFF,GRPQUOTA), (caddr_t)bdev, -1, (void *)0);
+ } else {
+ ret = 0;
+ }
+ }
+
+ DEBUG(0,("sys_set_vfs_quota: ret(%d) errno(%d)[%s] uid(%d) bdev[%s]\n",
+ ret,errno,strerror(errno),id.gid,bdev));
+#else
+ if ((ret = quotactl(QCMD(Q_GETQUOTA,GRPQUOTA), (caddr_t)bdev, id.gid, (void *)&D))==0) {
+ oldqflags |= QUOTAS_DENY_DISK;
+ }
+
+ if (oldqflags == qflags) {
+ ret = 0;
+ } else {
+ ret = -1;
+ }
+#endif
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ default:
+ errno = ENOSYS;
+ return -1;
+ }
+
+ return ret;
+}
+
+#else /* HAVE_QUOTACTL_4A */
+ void dummy_sysquotas_4A(void);
+
+ void dummy_sysquotas_4A(void){}
+#endif /* HAVE_QUOTACTL_4A */
diff --git a/source3/lib/sysquotas_4B.c b/source3/lib/sysquotas_4B.c
new file mode 100644
index 0000000..d9beb92
--- /dev/null
+++ b/source3/lib/sysquotas_4B.c
@@ -0,0 +1,243 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * System QUOTA function wrappers for QUOTACTL_4B
+
+ * Copyright (C) 2011 James Peach.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_QUOTA
+
+#ifndef HAVE_SYS_QUOTAS
+#undef HAVE_QUOTACTL_4B
+#endif
+
+#ifdef HAVE_QUOTACTL_4B
+/* int quotactl(const char *path, int cmd, int id, char *addr)
+ *
+ * This is used by many (all?) BSD-derived systems. This implementation has
+ * been developed and tested on Darwin, but may also work on other BSD systems.
+ */
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_SYS_QUOTA_H
+#include <sys/quota.h>
+#endif
+
+#ifdef HAVE_UFS_UFS_QUOTA_H
+#include <ufs/ufs/quota.h>
+#endif
+
+#ifdef HAVE_JFS_QUOTA_H
+#include <jfs/quota.h>
+#endif
+
+#if defined(DARWINOS)
+/* WorkARound broken HFS access checks in hfs_quotactl. Darwin only(?) */
+#define HFS_QUOTACTL_WAR 1
+#endif
+
+#ifdef HAVE_STRUCT_DQBLK_DQB_CURBYTES
+/* we handle the byte vs. block count dynamically via QUOTABLOCK_SIZE 1 */
+#define dqb_curblocks dqb_curbytes
+#endif
+
+static void xlate_qblk_to_smb(const struct dqblk * const qblk,
+ SMB_DISK_QUOTA *dp)
+{
+ ZERO_STRUCTP(dp);
+
+ DEBUG(10, ("unix softlimit=%u hardlimit=%u curblock=%u\n",
+ (unsigned)qblk->dqb_bsoftlimit, (unsigned)qblk->dqb_bhardlimit,
+ (unsigned)qblk->dqb_curblocks));
+
+ DEBUGADD(10, ("unix softinodes=%u hardinodes=%u curinodes=%u\n",
+ (unsigned)qblk->dqb_isoftlimit, (unsigned)qblk->dqb_ihardlimit,
+ (unsigned)qblk->dqb_curinodes));
+
+ dp->bsize = QUOTABLOCK_SIZE;
+
+ dp->softlimit = qblk->dqb_bsoftlimit;
+ dp->hardlimit = qblk->dqb_bhardlimit;
+ dp->curblocks = qblk->dqb_curblocks;
+/* our Darwin quotas used to never return 0byte usage but this is probably not needed,
+ * let's comment this out for now
+#ifdef HAVE_STRUCT_DQBLK_DQB_CURBYTES
+ if (dp->curblocks == 0) {
+ dp->curblocks = 1;
+ }
+#endif
+ */
+
+ dp->ihardlimit = qblk->dqb_ihardlimit;
+ dp->isoftlimit = qblk->dqb_isoftlimit;
+ dp->curinodes = qblk->dqb_curinodes;
+
+ dp->qflags = QUOTAS_ENABLED | QUOTAS_DENY_DISK;
+
+ DEBUG(10, ("softlimit=%u hardlimit=%u curblock=%u\n",
+ (unsigned)dp->softlimit, (unsigned)dp->hardlimit,
+ (unsigned)dp->curblocks));
+
+ DEBUGADD(10, ("softinodes=%u hardinodes=%u curinodes=%u\n",
+ (unsigned)dp->isoftlimit, (unsigned)dp->ihardlimit,
+ (unsigned)dp->curinodes));
+
+}
+
+static void xlate_smb_to_qblk(const SMB_DISK_QUOTA * const dp,
+ struct dqblk *qblk)
+{
+ ZERO_STRUCTP(qblk);
+
+ if (dp->bsize == QUOTABLOCK_SIZE) {
+ qblk->dqb_bsoftlimit = dp->softlimit;
+ qblk->dqb_bhardlimit = dp->hardlimit;
+ } else {
+ qblk->dqb_bsoftlimit = dp->softlimit * dp->bsize / QUOTABLOCK_SIZE;
+ qblk->dqb_bhardlimit = dp->hardlimit * dp->bsize / QUOTABLOCK_SIZE;
+ }
+ qblk->dqb_ihardlimit = dp->ihardlimit;
+ qblk->dqb_isoftlimit = dp->isoftlimit;
+}
+
+static int sys_quotactl_4B(const char * path, int cmd,
+ int id, struct dqblk *qblk)
+{
+ int ret;
+
+ /* NB: We must test GRPQUOTA here, because USRQUOTA is 0. */
+ DEBUG(10, ("%s quota for %s ID %u on %s\n",
+ (cmd & QCMD(Q_GETQUOTA, 0)) ? "getting" : "setting",
+ (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
+ (unsigned)id, path));
+
+#ifdef HFS_QUOTACTL_WAR
+ become_root();
+#endif /* HFS_QUOTACTL_WAR */
+
+ ret = quotactl(path, cmd, id, qblk);
+ if (ret == -1) {
+ /* ENOTSUP means quota support is not compiled in. EINVAL
+ * means that quotas are not configured (commonly).
+ */
+ if (errno != ENOTSUP && errno != EINVAL) {
+ DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n",
+ (cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set",
+ (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
+ (unsigned)id, path, strerror(errno)));
+ }
+
+#ifdef HFS_QUOTACTL_WAR
+ unbecome_root();
+#endif /* HFS_QUOTACTL_WAR */
+
+
+ return -1;
+ }
+
+#ifdef HFS_QUOTACTL_WAR
+ unbecome_root();
+#endif /* HFS_QUOTACTL_WAR */
+
+ return 0;
+}
+
+int sys_get_vfs_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret;
+ struct dqblk qblk;
+
+ ZERO_STRUCT(qblk);
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ /* Get quota for provided UID. */
+ ret = sys_quotactl_4B(path, QCMD(Q_GETQUOTA, USRQUOTA),
+ id.uid, &qblk);
+ break;
+ case SMB_USER_FS_QUOTA_TYPE:
+ /* Get quota for current UID. */
+ ret = sys_quotactl_4B(path, QCMD(Q_GETQUOTA, USRQUOTA),
+ geteuid(), &qblk);
+ break;
+ case SMB_GROUP_QUOTA_TYPE:
+ /* Get quota for provided GID. */
+ ret = sys_quotactl_4B(path, QCMD(Q_GETQUOTA, GRPQUOTA),
+ id.gid, &qblk);
+ break;
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ /* Get quota for current GID. */
+ ret = sys_quotactl_4B(path, QCMD(Q_GETQUOTA, GRPQUOTA),
+ getegid(), &qblk);
+ break;
+ default:
+ DEBUG(0, ("cannot get unsupported quota type: %u\n",
+ (unsigned)qtype));
+ errno = ENOSYS;
+ return -1;
+ }
+
+ if (ret == -1) {
+ return -1;
+ }
+
+ xlate_qblk_to_smb(&qblk, dp);
+ dp->qtype = qtype;
+
+ return ret;
+}
+
+int sys_set_vfs_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ struct dqblk qblk;
+
+ xlate_smb_to_qblk(dp, &qblk);
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ /* Set quota for provided UID. */
+ return sys_quotactl_4B(path, QCMD(Q_SETQUOTA, USRQUOTA),
+ id.uid, &qblk);
+ case SMB_USER_FS_QUOTA_TYPE:
+ /* Set quota for current UID. */
+ return sys_quotactl_4B(path, QCMD(Q_SETQUOTA, USRQUOTA),
+ geteuid(), &qblk);
+ case SMB_GROUP_QUOTA_TYPE:
+ /* Set quota for provided GID. */
+ return sys_quotactl_4B(path, QCMD(Q_SETQUOTA, GRPQUOTA),
+ id.gid, &qblk);
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ /* Set quota for current GID. */
+ return sys_quotactl_4B(path, QCMD(Q_SETQUOTA, GRPQUOTA),
+ getegid(), &qblk);
+ default:
+ DEBUG(0, ("cannot set unsupported quota type: %u\n",
+ (unsigned)qtype));
+ errno = ENOSYS;
+ return -1;
+ }
+}
+
+#endif /* HAVE_QUOTACTL_4B */
diff --git a/source3/lib/sysquotas_jfs2.c b/source3/lib/sysquotas_jfs2.c
new file mode 100644
index 0000000..999b7e0
--- /dev/null
+++ b/source3/lib/sysquotas_jfs2.c
@@ -0,0 +1,150 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * System QUOTA function wrappers for JFS2 on AIX
+
+ * Copyright (C) 2019 Bjoern Jacke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_QUOTA
+
+#if defined(HAVE_JFS_QUOTA_H)
+#include <jfs/quota.h>
+
+#if defined(Q_J2GETQUOTA) /* when have JFS2 */
+
+/* int quotactl(const char *path, int cmd, int id, char *addr)
+ *
+ * This is very similar to sysquotas_4B but JFS2 has different quota cmds
+ * (why?) and for some reason wants root even for querying your own quota,
+ * which seems to be an AIX bug because the docs say root is only
+ * required for querying other users' quota
+ */
+
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_JFS_QUOTA_H
+#include <jfs/quota.h>
+#endif
+
+
+static int sys_quotactl_JFS2(const char * path, int cmd,
+ int id, quota64_t *quota)
+{
+ int ret;
+
+ /* NB: We must test GRPQUOTA here, because USRQUOTA is 0. */
+ DEBUG(10, ("%s quota for %s ID %u on %s\n",
+ (cmd & QCMD(Q_J2GETQUOTA, 0)) ? "getting" : "setting",
+ (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
+ (unsigned)id, path));
+
+ become_root();
+
+ ret = quotactl((char *) path, cmd, id, (char *) quota);
+ if (ret == -1) {
+ /* ENOTSUP means quota support is not compiled in. EINVAL
+ * means that quotas are not configured (commonly).
+ */
+ if (errno != ENOTSUP && errno != EINVAL) {
+ DEBUG(0, ("failed to %s quota for %s ID %u on %s: %s\n",
+ (cmd & QCMD(Q_J2GETQUOTA, 0)) ? "get" : "set",
+ (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
+ (unsigned)id, path, strerror(errno)));
+ }
+ }
+
+ unbecome_root();
+
+ return ret;
+}
+
+
+int sys_get_jfs2_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret;
+ quota64_t quota;
+
+ ZERO_STRUCT(quota);
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ /* Get quota for provided UID. */
+ ret = sys_quotactl_JFS2(path, QCMD(Q_J2GETQUOTA, USRQUOTA),
+ id.uid, &quota);
+ break;
+ case SMB_USER_FS_QUOTA_TYPE:
+ /* Get quota for current UID. */
+ ret = sys_quotactl_JFS2(path, QCMD(Q_J2GETQUOTA, USRQUOTA),
+ geteuid(), &quota);
+ break;
+ case SMB_GROUP_QUOTA_TYPE:
+ /* Get quota for provided GID. */
+ ret = sys_quotactl_JFS2(path, QCMD(Q_J2GETQUOTA, GRPQUOTA),
+ id.gid, &quota);
+ break;
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ /* Get quota for current GID. */
+ ret = sys_quotactl_JFS2(path, QCMD(Q_J2GETQUOTA, GRPQUOTA),
+ getegid(), &quota);
+ break;
+ default:
+ DEBUG(0, ("cannot get unsupported quota type: %u\n",
+ (unsigned)qtype));
+ errno = ENOSYS;
+ return -1;
+ }
+
+ if (ret == -1) {
+ return -1;
+ }
+
+ dp->softlimit = quota.bsoft;
+ dp->hardlimit = quota.bhard;
+ dp->ihardlimit = quota.ihard;
+ dp->isoftlimit = quota.isoft;
+ dp->curinodes = quota.iused;
+ dp->curblocks = quota.bused;
+
+ dp->qflags = QUOTAS_ENABLED | QUOTAS_DENY_DISK;
+ dp->qtype = qtype;
+ dp->bsize = QUOTABLOCK_SIZE;
+
+ return ret;
+}
+
+int sys_set_jfs2_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ /* JFS2 supports fancy quota limit classes for setting user quota.
+ * Unfortunately, this makes them quite unmanagable for Samba.
+ */
+ DEBUG(1, ("cannot set quota on JFS2!\n"));
+ errno = ENOSYS;
+ return -1;
+}
+
+
+#endif /* JFS2 */
+#endif /* AIX quotas */
diff --git a/source3/lib/sysquotas_linux.c b/source3/lib/sysquotas_linux.c
new file mode 100644
index 0000000..4415f51
--- /dev/null
+++ b/source3/lib/sysquotas_linux.c
@@ -0,0 +1,220 @@
+/*
+ Unix SMB/CIFS implementation.
+ System QUOTA function wrappers for LINUX
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_QUOTA
+
+#ifndef HAVE_SYS_QUOTAS
+#ifdef HAVE_QUOTACTL_LINUX
+#undef HAVE_QUOTACTL_LINUX
+#endif
+#endif
+
+#ifdef HAVE_QUOTACTL_LINUX
+
+#include <sys/quota.h>
+
+/****************************************************************************
+ Linux quota get calls.
+****************************************************************************/
+int sys_get_vfs_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ uint32_t qflags = 0;
+ struct dqblk D;
+ uint64_t bsize = (uint64_t)QUOTABLOCK_SIZE;
+
+ if (!path || !bdev || !dp) {
+ smb_panic("sys_get_vfs_quota: called with NULL pointer");
+ }
+
+ ZERO_STRUCT(*dp);
+ dp->qtype = qtype;
+
+ ZERO_STRUCT(D);
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ DEBUG(10, ("sys_get_vfs_quota: path[%s] bdev[%s] "
+ "SMB_USER_QUOTA_TYPE uid[%u]\n",
+ path, bdev, (unsigned)id.uid));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA, USRQUOTA), bdev,
+ id.uid, (caddr_t)&D))) {
+ return ret;
+ }
+
+ break;
+ case SMB_GROUP_QUOTA_TYPE:
+ DEBUG(10, ("sys_get_vfs_quota: path[%s] bdev[%s] "
+ "SMB_GROUP_QUOTA_TYPE gid[%u]\n",
+ path, bdev, (unsigned)id.gid));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA, GRPQUOTA), bdev,
+ id.gid, (caddr_t)&D))) {
+ return ret;
+ }
+
+ break;
+ case SMB_USER_FS_QUOTA_TYPE:
+ DEBUG(10, ("sys_get_vfs_quota: path[%s] bdev[%s] "
+ "SMB_USER_FS_QUOTA_TYPE (uid[%u])\n",
+ path, bdev, (unsigned)geteuid()));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA, USRQUOTA), bdev,
+ geteuid(), (caddr_t)&D)) == 0) {
+ qflags |= QUOTAS_DENY_DISK;
+ }
+
+ ret = 0;
+
+ break;
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ DEBUG(10, ("sys_get_vfs_quota: path[%s] bdev[%s] "
+ "SMB_GROUP_FS_QUOTA_TYPE (gid[%u])\n",
+ path, bdev, (unsigned)getegid()));
+
+ if ((ret = quotactl(QCMD(Q_GETQUOTA, GRPQUOTA), bdev,
+ getegid(), (caddr_t)&D)) == 0) {
+ qflags |= QUOTAS_DENY_DISK;
+ }
+
+ ret = 0;
+ break;
+ default:
+ errno = ENOSYS;
+ return -1;
+ }
+
+ dp->bsize = bsize;
+ dp->softlimit = (uint64_t)D.dqb_bsoftlimit;
+ dp->hardlimit = (uint64_t)D.dqb_bhardlimit;
+ dp->ihardlimit = (uint64_t)D.dqb_ihardlimit;
+ dp->isoftlimit = (uint64_t)D.dqb_isoftlimit;
+ dp->curinodes = (uint64_t)D.dqb_curinodes;
+ dp->curblocks = (uint64_t)D.dqb_curspace/bsize;
+
+
+ dp->qflags = qflags;
+
+ return ret;
+}
+
+/****************************************************************************
+ Linux quota set calls.
+****************************************************************************/
+int sys_set_vfs_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ struct dqblk D;
+ uint64_t bsize = (uint64_t)QUOTABLOCK_SIZE;
+ bool cur_enf, new_enf;
+
+ if (!path || !bdev || !dp) {
+ smb_panic("sys_set_vfs_quota: called with NULL pointer");
+ }
+
+ ZERO_STRUCT(D);
+
+ if (bsize == dp->bsize) {
+ D.dqb_bsoftlimit = dp->softlimit;
+ D.dqb_bhardlimit = dp->hardlimit;
+ } else {
+ D.dqb_bsoftlimit = (dp->softlimit*dp->bsize)/bsize;
+ D.dqb_bhardlimit = (dp->hardlimit*dp->bsize)/bsize;
+ }
+ D.dqb_ihardlimit = dp->ihardlimit;
+ D.dqb_isoftlimit = dp->isoftlimit;
+ D.dqb_valid = QIF_LIMITS;
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ DEBUG(10, ("sys_set_vfs_quota: path[%s] bdev[%s] "
+ "SMB_USER_QUOTA_TYPE uid[%u]\n",
+ path, bdev, (unsigned)id.uid));
+
+ ret = quotactl(QCMD(Q_SETQUOTA,USRQUOTA), bdev, id.uid, (caddr_t)&D);
+ break;
+ case SMB_GROUP_QUOTA_TYPE:
+ DEBUG(10, ("sys_set_vfs_quota: path[%s] bdev[%s] "
+ "SMB_GROUP_QUOTA_TYPE gid[%u]\n",
+ path, bdev, (unsigned)id.gid));
+
+ ret = quotactl(QCMD(Q_SETQUOTA,GRPQUOTA), bdev, id.gid, (caddr_t)&D);
+ break;
+ case SMB_USER_FS_QUOTA_TYPE:
+ DEBUG(10, ("sys_set_vfs_quota: path[%s] bdev[%s] "
+ "SMB_USER_FS_QUOTA_TYPE (uid[%u])\n",
+ path, bdev, (unsigned)geteuid()));
+
+ ret = quotactl(QCMD(Q_GETQUOTA, USRQUOTA), bdev,
+ geteuid(), (caddr_t)&D);
+ cur_enf = (ret == 0);
+ new_enf = ((dp->qflags & QUOTAS_DENY_DISK) != 0);
+ /* We're not changing quota enforcement, so return
+ * success
+ * IFF the wanted state is identical to the current
+ * state */
+ if (cur_enf == new_enf) {
+ ret = 0;
+ } else {
+ errno = EPERM;
+ ret = -1;
+ }
+
+ break;
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ DEBUG(10, ("sys_set_vfs_quota: path[%s] bdev[%s] "
+ "SMB_GROUP_FS_QUOTA_TYPE (gid[%u])\n",
+ path, bdev, (unsigned)getegid()));
+
+ ret = quotactl(QCMD(Q_GETQUOTA, GRPQUOTA), bdev,
+ getegid(), (caddr_t)&D);
+ cur_enf = (ret == 0);
+ new_enf = ((dp->qflags & QUOTAS_DENY_DISK) != 0);
+ /* We're not changing quota enforcement, so return
+ * success
+ * IFF the wanted state is identical to the current
+ * state */
+ if (cur_enf == new_enf) {
+ ret = 0;
+ } else {
+ errno = EPERM;
+ ret = -1;
+ }
+
+ break;
+ default:
+ errno = ENOSYS;
+ return -1;
+ }
+
+ return ret;
+}
+
+#else /* HAVE_QUOTACTL_LINUX */
+ void dummy_sysquotas_linux(void);
+
+ void dummy_sysquotas_linux(void){}
+#endif /* HAVE_QUOTACTL_LINUX */
diff --git a/source3/lib/sysquotas_nfs.c b/source3/lib/sysquotas_nfs.c
new file mode 100644
index 0000000..14dcb02
--- /dev/null
+++ b/source3/lib/sysquotas_nfs.c
@@ -0,0 +1,303 @@
+/*
+ Unix SMB/CIFS implementation.
+ System QUOTA function wrappers for NFS
+ Copyright (C) Michael Adam 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_QUOTA
+
+#ifndef HAVE_SYS_QUOTAS
+#ifdef HAVE_NFS_QUOTAS
+#undef HAVE_NFS_QUOTAS
+#endif
+#endif
+
+#ifdef HAVE_NFS_QUOTAS
+
+/*
+ * nfs quota support
+ * This is based on the FreeBSD / SUNOS5 section of quotas.c
+ */
+
+/* <rpc/xdr.h> uses TRUE and FALSE */
+#ifdef TRUE
+#undef TRUE
+#endif
+
+#ifdef FALSE
+#undef FALSE
+#endif
+
+#include <rpc/rpc.h>
+#include <rpc/types.h>
+#include <rpc/xdr.h>
+#include <rpcsvc/rquota.h>
+#ifdef HAVE_RPC_NETTYPE_H
+#include <rpc/nettype.h>
+#endif
+
+#ifndef RQ_PATHLEN
+#define RQ_PATHLEN 1024
+#endif
+
+#ifdef HAVE_GETQUOTA_RSLT_GETQUOTA_RSLT_U
+#define GQR_RQUOTA getquota_rslt_u.gqr_rquota
+#define GQR_STATUS status
+#else
+#define GQR_RQUOTA gqr_rquota
+#define GQR_STATUS gqr_status
+#endif
+
+static int my_xdr_getquota_args(XDR *xdrsp, struct getquota_args *args)
+{
+ if (!xdr_string(xdrsp, &args->gqa_pathp, RQ_PATHLEN ))
+ return(0);
+ if (!xdr_int(xdrsp, &args->gqa_uid))
+ return(0);
+ return (1);
+}
+
+static int my_xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr)
+{
+ int quotastat;
+
+ if (!xdr_int(xdrsp, &quotastat)) {
+ DEBUG(6,("nfs_quotas: Status bad or zero\n"));
+ return 0;
+ }
+ gqr->GQR_STATUS = quotastat;
+
+ if (!xdr_int(xdrsp, &gqr->GQR_RQUOTA.rq_bsize)) {
+ DEBUG(6,("nfs_quotas: Block size bad or zero\n"));
+ return 0;
+ }
+ if (!xdr_bool(xdrsp, &gqr->GQR_RQUOTA.rq_active)) {
+ DEBUG(6,("nfs_quotas: Active bad or zero\n"));
+ return 0;
+ }
+ if (!xdr_int(xdrsp, (int *)&gqr->GQR_RQUOTA.rq_bhardlimit)) {
+ DEBUG(6,("nfs_quotas: Hardlimit bad or zero\n"));
+ return 0;
+ }
+ if (!xdr_int(xdrsp, (int *)&gqr->GQR_RQUOTA.rq_bsoftlimit)) {
+ DEBUG(6,("nfs_quotas: Softlimit bad or zero\n"));
+ return 0;
+ }
+ if (!xdr_int(xdrsp, (int *)&gqr->GQR_RQUOTA.rq_curblocks)) {
+ DEBUG(6,("nfs_quotas: Currentblocks bad or zero\n"));
+ return 0;
+ }
+ return (1);
+}
+
+
+int sys_get_nfs_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype,
+ unid_t id, SMB_DISK_QUOTA *dp)
+{
+ CLIENT *clnt = NULL;
+ struct getquota_rslt gq_rslt;
+ struct getquota_args gq_args;
+ const char *mnttype;
+ char *cutstr, *host, *testpath;
+ int len;
+ static struct timeval timeout = {2,0};
+ enum clnt_stat clnt_stat;
+
+ int ret = -1;
+ uint32_t qflags = 0;
+
+ if (!path || !bdev || !dp) {
+ smb_panic("sys_get_nfs_quota: called with NULL pointer");
+ }
+
+ DEBUG(10, ("sys_get_nfs_quota: path[%s] bdev[%s] qtype[%d]\n",
+ path, bdev, qtype));
+
+ ZERO_STRUCT(*dp);
+
+ dp->qtype = qtype;
+
+ if (qtype != SMB_USER_QUOTA_TYPE) {
+ DEBUG(3, ("sys_get_nfs_quota: got unsupported quota type '%d', "
+ "only supported type is '%d' (SMB_USER_QUOTA_TYPE)\n",
+ qtype, SMB_USER_QUOTA_TYPE));
+ errno = ENOSYS;
+ return -1;
+ }
+
+ mnttype = bdev;
+ len = strcspn(mnttype, ":");
+ cutstr = (char *) SMB_MALLOC(len+1);
+ if (cutstr == NULL) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ memset(cutstr, '\0', len+1);
+ host = strncat(cutstr, mnttype, sizeof(char) * len);
+ testpath = strchr_m(mnttype, ':');
+ if (testpath == NULL) {
+ errno = EINVAL;
+ goto out;
+ }
+ testpath++;
+ gq_args.gqa_pathp = testpath;
+ gq_args.gqa_uid = id.uid;
+
+ DEBUG(10, ("sys_get_nfs_quotas: Asking for quota of path '%s' on "
+ "host '%s', rpcprog '%i', rpcvers '%i', network '%s'\n",
+ host, testpath+1, (int)RQUOTAPROG, (int)RQUOTAVERS, "udp"));
+
+ clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp");
+ if (clnt == NULL) {
+ ret = -1;
+ goto out;
+ }
+
+ clnt->cl_auth = authunix_create_default();
+ if (clnt->cl_auth == NULL) {
+ DEBUG(3, ("sys_get_nfs_quotas: authunix_create_default "
+ "failed\n"));
+ ret = -1;
+ goto out;
+ }
+
+ clnt_stat = clnt_call(clnt,
+ RQUOTAPROC_GETQUOTA,
+ (const xdrproc_t) my_xdr_getquota_args,
+ (caddr_t)&gq_args,
+ (const xdrproc_t) my_xdr_getquota_rslt,
+ (caddr_t)&gq_rslt,
+ timeout);
+
+ if (clnt_stat != RPC_SUCCESS) {
+ if (errno == ECONNREFUSED) {
+ /* If we cannot connect with rpc.quotad, it may
+ * simply be because there's no quota on the remote
+ * system
+ */
+ DBG_INFO("clnt_call failed with ECONNREFUSED - "
+ "assuming no quotas on server\n");
+ ret = 0;
+ } else {
+ int save_errno = errno;
+ DBG_NOTICE("clnt_call failed - %s\n", strerror(errno));
+ errno = save_errno;
+ ret = -1;
+ }
+ goto out;
+ }
+
+ DEBUG(10, ("sys_get_nfs_quotas: getquota_rslt:\n"
+ "status : '%i'\n"
+ "bsize : '%i'\n"
+ "active : '%s'\n"
+ "bhardlimit : '%u'\n"
+ "bsoftlimit : '%u'\n"
+ "curblocks : '%u'\n"
+ "fhardlimit : '%u'\n"
+ "fsoftlimit : '%u'\n"
+ "curfiles : '%u'\n"
+ "btimeleft : '%u'\n"
+ "ftimeleft : '%u'\n",
+ gq_rslt.GQR_STATUS,
+ gq_rslt.GQR_RQUOTA.rq_bsize,
+ gq_rslt.GQR_RQUOTA.rq_active?"yes":"no",
+ gq_rslt.GQR_RQUOTA.rq_bhardlimit,
+ gq_rslt.GQR_RQUOTA.rq_bsoftlimit,
+ gq_rslt.GQR_RQUOTA.rq_curblocks,
+ gq_rslt.GQR_RQUOTA.rq_fhardlimit,
+ gq_rslt.GQR_RQUOTA.rq_fsoftlimit,
+ gq_rslt.GQR_RQUOTA.rq_curfiles,
+ gq_rslt.GQR_RQUOTA.rq_btimeleft,
+ gq_rslt.GQR_RQUOTA.rq_ftimeleft));
+
+ /*
+ * gqr.status returns
+ * 1 if quotas exist,
+ * 2 if there is no quota set, and
+ * 3 if no permission to get the quota.
+ */
+
+ switch (gq_rslt.GQR_STATUS) {
+ case 1:
+ DEBUG(10, ("sys_get_nfs_quotas: Good quota data\n"));
+ dp->bsize = (uint64_t)gq_rslt.GQR_RQUOTA.rq_bsize;
+ dp->softlimit = gq_rslt.GQR_RQUOTA.rq_bsoftlimit;
+ dp->hardlimit = gq_rslt.GQR_RQUOTA.rq_bhardlimit;
+ dp->curblocks = gq_rslt.GQR_RQUOTA.rq_curblocks;
+ dp->isoftlimit = gq_rslt.GQR_RQUOTA.rq_fsoftlimit;
+ dp->ihardlimit = gq_rslt.GQR_RQUOTA.rq_fhardlimit;
+ dp->curinodes = gq_rslt.GQR_RQUOTA.rq_curfiles;
+ break;
+
+ case 2:
+ DEBUG(5, ("sys_get_nfs_quotas: No quota set\n"));
+ SMB_QUOTAS_SET_NO_LIMIT(dp);
+ break;
+
+ case 3:
+ DEBUG(3, ("sys_get_nfs_quotas: no permission to get quota\n"));
+ errno = EPERM;
+ ret = -1;
+ goto out;
+
+ default:
+ DEBUG(5, ("sys_get_nfs_quotas: Unknown remote quota status "
+ "code '%i'\n", gq_rslt.GQR_STATUS));
+ ret = -1;
+ goto out;
+ break;
+ }
+
+ dp->qflags = qflags;
+
+ ret = 0;
+
+out:
+ if (clnt) {
+ if (clnt->cl_auth) {
+ auth_destroy(clnt->cl_auth);
+ }
+ clnt_destroy(clnt);
+ }
+
+ SAFE_FREE(cutstr);
+
+ DEBUG(10, ("sys_get_nfs_quotas: finished\n" ));
+ return ret;
+}
+
+int sys_set_nfs_quota(const char *path, const char *bdev,
+ enum SMB_QUOTA_TYPE qtype,
+ unid_t id, SMB_DISK_QUOTA *dp)
+{
+ DEBUG(1, ("sys_set_nfs_quota : not supported\n"));
+ errno = ENOSYS;
+ return -1;
+}
+
+#else /* HAVE_NFS_QUOTAS */
+
+void dummy_sysquotas_nfs(void);
+void dummy_sysquotas_nfs(void) {}
+
+#endif /* HAVE_NFS_QUOTAS */
diff --git a/source3/lib/sysquotas_xfs.c b/source3/lib/sysquotas_xfs.c
new file mode 100644
index 0000000..6b18487
--- /dev/null
+++ b/source3/lib/sysquotas_xfs.c
@@ -0,0 +1,345 @@
+/*
+ Unix SMB/CIFS implementation.
+ System QUOTA function wrappers for XFS
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_QUOTA
+
+#if defined(HAVE_SYS_QUOTAS) && defined(HAVE_XFS_QUOTAS)
+
+#ifdef HAVE_SYS_QUOTA_H
+#include <sys/quota.h>
+#endif
+
+/* this one should actually come from glibc: */
+/* #include "samba_linux_quota.h" */
+
+#ifdef HAVE_XFS_XQM_H
+#include <xfs/xqm.h>
+#endif
+
+#define HAVE_GROUP_QUOTA
+
+/* on IRIX */
+#ifndef Q_XQUOTAON
+#define Q_XQUOTAON Q_QUOTAON
+#endif /* Q_XQUOTAON */
+#ifndef Q_XQUOTAOFF
+#define Q_XQUOTAOFF Q_QUOTAOFF
+#endif /* Q_XQUOTAOFF */
+#ifndef Q_XGETQSTAT
+#define Q_XGETQSTAT Q_GETQSTAT
+#endif /* Q_XGETQSTAT */
+
+/* currently doesn't support Group and Project quotas on IRIX
+ */
+
+#ifndef QCMD
+#define QCMD(x,y) x
+#endif
+
+/*
+ * IRIX has BBSIZE in <sys/param.h>
+ */
+#ifndef BBSHIFT
+#define BBSHIFT 9
+#endif /* BBSHIFT */
+#ifndef BBSIZE
+#define BBSIZE (1<<BBSHIFT)
+#endif /* BBSIZE */
+
+/****************************************************************************
+ Abstract out the XFS Quota Manager quota get call.
+****************************************************************************/
+int sys_get_xfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ uint32_t qflags = 0;
+ uint64_t bsize = (uint64_t)BBSIZE;
+ struct fs_disk_quota D;
+ struct fs_quota_stat F;
+ ZERO_STRUCT(D);
+ ZERO_STRUCT(F);
+
+ if (!bdev||!dp)
+ smb_panic("sys_get_xfs_quota: called with NULL pointer");
+
+ ZERO_STRUCT(*dp);
+ dp->qtype = qtype;
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ DEBUG(10,("sys_get_xfs_quota: path[%s] bdev[%s] SMB_USER_QUOTA_TYPE uid[%u]\n",
+ path, bdev, (unsigned)id.uid));
+
+ ret=quotactl(QCMD(Q_XGETQUOTA,USRQUOTA), bdev, id.uid, (caddr_t)&D);
+ /* XFS fails with ENOENT if the user has no
+ * quota. Our protocol in that case is to
+ * succeed and return 0 as quota.
+ */
+ if (ret != 0 && errno != ENOENT) {
+ return ret;
+ }
+
+ ret = 0;
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_QUOTA_TYPE:
+ DEBUG(10,("sys_get_xfs_quota: path[%s] bdev[%s] SMB_GROUP_QUOTA_TYPE gid[%u]\n",
+ path, bdev, (unsigned)id.gid));
+
+ ret=quotactl(QCMD(Q_XGETQUOTA,GRPQUOTA), bdev, id.gid, (caddr_t)&D);
+ /* XFS fails with ENOENT if the user has no
+ * quota. Our protocol in that case is to
+ * succeed and return 0 as quota.
+ */
+ if (ret != 0 && errno != ENOENT) {
+ return ret;
+ }
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ case SMB_USER_FS_QUOTA_TYPE:
+ DEBUG(10,("sys_get_xfs_quota: path[%s] bdev[%s] SMB_USER_FS_QUOTA_TYPE (uid[%u])\n",
+ path, bdev, (unsigned)id.uid));
+
+ quotactl(QCMD(Q_XGETQSTAT,USRQUOTA), bdev, -1, (caddr_t)&F);
+
+ if (F.qs_flags & XFS_QUOTA_UDQ_ENFD) {
+ qflags |= QUOTAS_DENY_DISK;
+ }
+ else if (F.qs_flags & XFS_QUOTA_UDQ_ACCT) {
+ qflags |= QUOTAS_ENABLED;
+ }
+
+ ret = 0;
+
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ DEBUG(10,("sys_get_xfs_quota: path[%s] bdev[%s] SMB_GROUP_FS_QUOTA_TYPE (gid[%u])\n",
+ path, bdev, (unsigned)id.gid));
+
+ quotactl(QCMD(Q_XGETQSTAT,GRPQUOTA), bdev, -1, (caddr_t)&F);
+
+ if (F.qs_flags & XFS_QUOTA_GDQ_ENFD) {
+ qflags |= QUOTAS_DENY_DISK;
+ }
+ else if (F.qs_flags & XFS_QUOTA_GDQ_ACCT) {
+ qflags |= QUOTAS_ENABLED;
+ }
+
+ ret = 0;
+
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ default:
+ errno = ENOSYS;
+ return -1;
+ }
+
+ dp->bsize = bsize;
+ dp->softlimit = (uint64_t)D.d_blk_softlimit;
+ dp->hardlimit = (uint64_t)D.d_blk_hardlimit;
+ dp->ihardlimit = (uint64_t)D.d_ino_hardlimit;
+ dp->isoftlimit = (uint64_t)D.d_ino_softlimit;
+ dp->curinodes = (uint64_t)D.d_icount;
+ dp->curblocks = (uint64_t)D.d_bcount;
+ dp->qflags = qflags;
+
+ return ret;
+}
+
+/****************************************************************************
+ Abstract out the XFS Quota Manager quota set call.
+****************************************************************************/
+int sys_set_xfs_quota(const char *path, const char *bdev, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *dp)
+{
+ int ret = -1;
+ uint32_t qflags = 0;
+ uint64_t bsize = (uint64_t)BBSIZE;
+ struct fs_disk_quota D;
+ struct fs_quota_stat F;
+ int q_on = 0;
+ int q_off = 0;
+ ZERO_STRUCT(D);
+ ZERO_STRUCT(F);
+
+ if (!bdev||!dp)
+ smb_panic("sys_set_xfs_quota: called with NULL pointer");
+
+ if (bsize == dp->bsize) {
+ D.d_blk_softlimit = dp->softlimit;
+ D.d_blk_hardlimit = dp->hardlimit;
+ } else {
+ D.d_blk_softlimit = (dp->softlimit*dp->bsize)/bsize;
+ D.d_blk_hardlimit = (dp->hardlimit*dp->bsize)/bsize;
+ }
+ D.d_ino_hardlimit = dp->ihardlimit;
+ D.d_ino_softlimit = dp->isoftlimit;
+
+ qflags = dp->qflags;
+
+ switch (qtype) {
+ case SMB_USER_QUOTA_TYPE:
+ DEBUG(10,("sys_set_xfs_quota: path[%s] bdev[%s] SMB_USER_QUOTA_TYPE uid[%u]\n",
+ path, bdev, (unsigned)id.uid));
+
+ D.d_fieldmask |= FS_DQ_LIMIT_MASK;
+ ret = quotactl(QCMD(Q_XSETQLIM,USRQUOTA), bdev, id.uid, (caddr_t)&D);
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_QUOTA_TYPE:
+ DEBUG(10,("sys_set_xfs_quota: path[%s] bdev[%s] SMB_GROUP_QUOTA_TYPE gid[%u]\n",
+ path, bdev, (unsigned)id.gid));
+
+ D.d_fieldmask |= FS_DQ_LIMIT_MASK;
+ ret = quotactl(QCMD(Q_XSETQLIM,GRPQUOTA), bdev, id.gid, (caddr_t)&D);
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ case SMB_USER_FS_QUOTA_TYPE:
+ DEBUG(10,("sys_set_xfs_quota: path[%s] bdev[%s] SMB_USER_FS_QUOTA_TYPE (uid[%u])\n",
+ path, bdev, (unsigned)id.uid));
+
+ quotactl(QCMD(Q_XGETQSTAT,USRQUOTA), bdev, -1, (caddr_t)&F);
+
+ if (qflags & QUOTAS_DENY_DISK) {
+ if (!(F.qs_flags & XFS_QUOTA_UDQ_ENFD))
+ q_on |= XFS_QUOTA_UDQ_ENFD;
+ if (!(F.qs_flags & XFS_QUOTA_UDQ_ACCT))
+ q_on |= XFS_QUOTA_UDQ_ACCT;
+
+ if (q_on != 0) {
+ ret = quotactl(QCMD(Q_XQUOTAON,USRQUOTA),bdev, -1, (caddr_t)&q_on);
+ } else {
+ ret = 0;
+ }
+
+ } else if (qflags & QUOTAS_ENABLED) {
+ if (F.qs_flags & XFS_QUOTA_UDQ_ENFD)
+ q_off |= XFS_QUOTA_UDQ_ENFD;
+
+ if (q_off != 0) {
+ ret = quotactl(QCMD(Q_XQUOTAOFF,USRQUOTA),bdev, -1, (caddr_t)&q_off);
+ } else {
+ ret = 0;
+ }
+
+ if (!(F.qs_flags & XFS_QUOTA_UDQ_ACCT))
+ q_on |= XFS_QUOTA_UDQ_ACCT;
+
+ if (q_on != 0) {
+ ret = quotactl(QCMD(Q_XQUOTAON,USRQUOTA),bdev, -1, (caddr_t)&q_on);
+ } else {
+ ret = 0;
+ }
+ } else {
+#if 0
+ /* Switch on XFS_QUOTA_UDQ_ACCT didn't work!
+ * only swittching off XFS_QUOTA_UDQ_ACCT work
+ */
+ if (F.qs_flags & XFS_QUOTA_UDQ_ENFD)
+ q_off |= XFS_QUOTA_UDQ_ENFD;
+ if (F.qs_flags & XFS_QUOTA_UDQ_ACCT)
+ q_off |= XFS_QUOTA_UDQ_ACCT;
+
+ if (q_off !=0) {
+ ret = quotactl(QCMD(Q_XQUOTAOFF,USRQUOTA),bdev, -1, (caddr_t)&q_off);
+ } else {
+ ret = 0;
+ }
+#else
+ ret = -1;
+#endif
+ }
+
+ break;
+#ifdef HAVE_GROUP_QUOTA
+ case SMB_GROUP_FS_QUOTA_TYPE:
+ DEBUG(10,("sys_set_xfs_quota: path[%s] bdev[%s] SMB_GROUP_FS_QUOTA_TYPE (gid[%u])\n",
+ path, bdev, (unsigned)id.gid));
+
+ quotactl(QCMD(Q_XGETQSTAT,GRPQUOTA), bdev, -1, (caddr_t)&F);
+
+ if (qflags & QUOTAS_DENY_DISK) {
+ if (!(F.qs_flags & XFS_QUOTA_GDQ_ENFD))
+ q_on |= XFS_QUOTA_GDQ_ENFD;
+ if (!(F.qs_flags & XFS_QUOTA_GDQ_ACCT))
+ q_on |= XFS_QUOTA_GDQ_ACCT;
+
+ if (q_on != 0) {
+ ret = quotactl(QCMD(Q_XQUOTAON,GRPQUOTA),bdev, -1, (caddr_t)&q_on);
+ } else {
+ ret = 0;
+ }
+
+ } else if (qflags & QUOTAS_ENABLED) {
+ if (F.qs_flags & XFS_QUOTA_GDQ_ENFD)
+ q_off |= XFS_QUOTA_GDQ_ENFD;
+
+ if (q_off != 0) {
+ ret = quotactl(QCMD(Q_XQUOTAOFF,GRPQUOTA),bdev, -1, (caddr_t)&q_off);
+ } else {
+ ret = 0;
+ }
+
+ if (!(F.qs_flags & XFS_QUOTA_GDQ_ACCT))
+ q_on |= XFS_QUOTA_GDQ_ACCT;
+
+ if (q_on != 0) {
+ ret = quotactl(QCMD(Q_XQUOTAON,GRPQUOTA),bdev, -1, (caddr_t)&q_on);
+ } else {
+ ret = 0;
+ }
+ } else {
+#if 0
+ /* Switch on XFS_QUOTA_UDQ_ACCT didn't work!
+ * only swittching off XFS_QUOTA_UDQ_ACCT work
+ */
+ if (F.qs_flags & XFS_QUOTA_GDQ_ENFD)
+ q_off |= XFS_QUOTA_GDQ_ENFD;
+ if (F.qs_flags & XFS_QUOTA_GDQ_ACCT)
+ q_off |= XFS_QUOTA_GDQ_ACCT;
+
+ if (q_off !=0) {
+ ret = quotactl(QCMD(Q_XQUOTAOFF,GRPQUOTA),bdev, -1, (caddr_t)&q_off);
+ } else {
+ ret = 0;
+ }
+#else
+ ret = -1;
+#endif
+ }
+
+ break;
+#endif /* HAVE_GROUP_QUOTA */
+ default:
+ errno = ENOSYS;
+ return -1;
+ }
+
+ return ret;
+}
+
+#else /* HAVE_XFS_QUOTAS */
+ void dummy_sysquotas_xfs(void);
+
+ void dummy_sysquotas_xfs(void){}
+#endif /* HAVE_XFS_QUOTAS */
diff --git a/source3/lib/system.c b/source3/lib/system.c
new file mode 100644
index 0000000..1ec0ae9
--- /dev/null
+++ b/source3/lib/system.c
@@ -0,0 +1,1076 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba system utilities
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Jeremy Allison 1998-2005
+ Copyright (C) Timur Bakeyev 2005
+ Copyright (C) Bjoern Jacke 2006-2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/syslog.h"
+#include "system/capability.h"
+#include "system/passwd.h"
+#include "system/filesys.h"
+#include "lib/util/setid.h"
+#include "lib/util/time.h"
+
+#ifdef HAVE_SYS_SYSCTL_H
+#include <sys/sysctl.h>
+#endif
+
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
+
+/*
+ The idea is that this file will eventually have wrappers around all
+ important system calls in samba. The aims are:
+
+ - to enable easier porting by putting OS dependent stuff in here
+
+ - to allow for hooks into other "pseudo-filesystems"
+
+ - to allow easier integration of things like the japanese extensions
+
+ - to support the philosophy of Samba to expose the features of
+ the OS within the SMB model. In general whatever file/printer/variable
+ expansions/etc make sense to the OS should be acceptable to Samba.
+*/
+
+/*******************************************************************
+A send wrapper that will deal with EINTR or EAGAIN or EWOULDBLOCK.
+********************************************************************/
+
+ssize_t sys_send(int s, const void *msg, size_t len, int flags)
+{
+ ssize_t ret;
+
+ do {
+ ret = send(s, msg, len, flags);
+ } while (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
+
+ return ret;
+}
+
+/*******************************************************************
+A recvfrom wrapper that will deal with EINTR.
+NB. As used with non-blocking sockets, return on EAGAIN/EWOULDBLOCK
+********************************************************************/
+
+ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen)
+{
+ ssize_t ret;
+
+ do {
+ ret = recvfrom(s, buf, len, flags, from, fromlen);
+ } while (ret == -1 && (errno == EINTR));
+ return ret;
+}
+
+/*******************************************************************
+A fcntl wrapper that will deal with EINTR.
+********************************************************************/
+
+int sys_fcntl_ptr(int fd, int cmd, void *arg)
+{
+ int ret;
+
+ do {
+ ret = fcntl(fd, cmd, arg);
+ } while (ret == -1 && errno == EINTR);
+ return ret;
+}
+
+/*******************************************************************
+A fcntl wrapper that will deal with EINTR.
+********************************************************************/
+
+int sys_fcntl_long(int fd, int cmd, long arg)
+{
+ int ret;
+
+ do {
+ ret = fcntl(fd, cmd, arg);
+ } while (ret == -1 && errno == EINTR);
+ return ret;
+}
+
+/*******************************************************************
+A fcntl wrapper that will deal with EINTR.
+********************************************************************/
+
+int sys_fcntl_int(int fd, int cmd, int arg)
+{
+ int ret;
+
+ do {
+ ret = fcntl(fd, cmd, arg);
+ } while (ret == -1 && errno == EINTR);
+ return ret;
+}
+
+/****************************************************************************
+ Return the best approximation to a 'create time' under UNIX from a stat
+ structure.
+****************************************************************************/
+
+static struct timespec calc_create_time_stat(const struct stat *st)
+{
+ struct timespec ret, ret1;
+ struct timespec c_time = get_ctimespec(st);
+ struct timespec m_time = get_mtimespec(st);
+ struct timespec a_time = get_atimespec(st);
+
+ ret = timespec_compare(&c_time, &m_time) < 0 ? c_time : m_time;
+ ret1 = timespec_compare(&ret, &a_time) < 0 ? ret : a_time;
+
+ if(!null_timespec(ret1)) {
+ return ret1;
+ }
+
+ /*
+ * One of ctime, mtime or atime was zero (probably atime).
+ * Just return MIN(ctime, mtime).
+ */
+ return ret;
+}
+
+/****************************************************************************
+ Return the best approximation to a 'create time' under UNIX from a stat_ex
+ structure.
+****************************************************************************/
+
+static struct timespec calc_create_time_stat_ex(const struct stat_ex *st)
+{
+ struct timespec ret, ret1;
+ struct timespec c_time = st->st_ex_ctime;
+ struct timespec m_time = st->st_ex_mtime;
+ struct timespec a_time = st->st_ex_atime;
+
+ ret = timespec_compare(&c_time, &m_time) < 0 ? c_time : m_time;
+ ret1 = timespec_compare(&ret, &a_time) < 0 ? ret : a_time;
+
+ if(!null_timespec(ret1)) {
+ return ret1;
+ }
+
+ /*
+ * One of ctime, mtime or atime was zero (probably atime).
+ * Just return MIN(ctime, mtime).
+ */
+ return ret;
+}
+
+/****************************************************************************
+ Return the 'create time' from a stat struct if it exists (birthtime) or else
+ use the best approximation.
+****************************************************************************/
+
+static void make_create_timespec(const struct stat *pst, struct stat_ex *dst,
+ bool fake_dir_create_times)
+{
+ if (S_ISDIR(pst->st_mode) && fake_dir_create_times) {
+ dst->st_ex_btime.tv_sec = 315493200L; /* 1/1/1980 */
+ dst->st_ex_btime.tv_nsec = 0;
+ return;
+ }
+
+ dst->st_ex_iflags &= ~ST_EX_IFLAG_CALCULATED_BTIME;
+
+#if defined(HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC)
+ dst->st_ex_btime = pst->st_birthtimespec;
+#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC)
+ dst->st_ex_btime.tv_sec = pst->st_birthtime;
+ dst->st_ex_btime.tv_nsec = pst->st_birthtimenspec;
+#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIME)
+ dst->st_ex_btime.tv_sec = pst->st_birthtime;
+ dst->st_ex_btime.tv_nsec = 0;
+#else
+ dst->st_ex_btime = calc_create_time_stat(pst);
+ dst->st_ex_iflags |= ST_EX_IFLAG_CALCULATED_BTIME;
+#endif
+
+ /* Deal with systems that don't initialize birthtime correctly.
+ * Pointed out by SATOH Fumiyasu <fumiyas@osstech.jp>.
+ */
+ if (null_timespec(dst->st_ex_btime)) {
+ dst->st_ex_btime = calc_create_time_stat(pst);
+ dst->st_ex_iflags |= ST_EX_IFLAG_CALCULATED_BTIME;
+ }
+}
+
+/****************************************************************************
+ If we update a timestamp in a stat_ex struct we may have to recalculate
+ the birthtime. For now only implement this for write time, but we may
+ also need to do it for atime and ctime. JRA.
+****************************************************************************/
+
+void update_stat_ex_mtime(struct stat_ex *dst,
+ struct timespec write_ts)
+{
+ dst->st_ex_mtime = write_ts;
+
+ /* We may have to recalculate btime. */
+ if (dst->st_ex_iflags & ST_EX_IFLAG_CALCULATED_BTIME) {
+ dst->st_ex_btime = calc_create_time_stat_ex(dst);
+ }
+}
+
+void update_stat_ex_create_time(struct stat_ex *dst,
+ struct timespec create_time)
+{
+ dst->st_ex_btime = create_time;
+ dst->st_ex_iflags &= ~ST_EX_IFLAG_CALCULATED_BTIME;
+}
+
+void update_stat_ex_from_saved_stat(struct stat_ex *dst,
+ const struct stat_ex *src)
+{
+ if (!VALID_STAT(*src)) {
+ return;
+ }
+
+ if (!(src->st_ex_iflags & ST_EX_IFLAG_CALCULATED_BTIME)) {
+ update_stat_ex_create_time(dst, src->st_ex_btime);
+ }
+}
+
+void init_stat_ex_from_stat (struct stat_ex *dst,
+ const struct stat *src,
+ bool fake_dir_create_times)
+{
+ dst->st_ex_dev = src->st_dev;
+ dst->st_ex_ino = src->st_ino;
+ dst->st_ex_mode = src->st_mode;
+ dst->st_ex_nlink = src->st_nlink;
+ dst->st_ex_uid = src->st_uid;
+ dst->st_ex_gid = src->st_gid;
+ dst->st_ex_rdev = src->st_rdev;
+ dst->st_ex_size = src->st_size;
+ dst->st_ex_atime = get_atimespec(src);
+ dst->st_ex_mtime = get_mtimespec(src);
+ dst->st_ex_ctime = get_ctimespec(src);
+ dst->st_ex_iflags = 0;
+ make_create_timespec(src, dst, fake_dir_create_times);
+#ifdef HAVE_STAT_ST_BLKSIZE
+ dst->st_ex_blksize = src->st_blksize;
+#else
+ dst->st_ex_blksize = STAT_ST_BLOCKSIZE;
+#endif
+
+#ifdef HAVE_STAT_ST_BLOCKS
+ dst->st_ex_blocks = src->st_blocks;
+#else
+ dst->st_ex_blocks = src->st_size / dst->st_ex_blksize + 1;
+#endif
+
+#ifdef HAVE_STAT_ST_FLAGS
+ dst->st_ex_flags = src->st_flags;
+#else
+ dst->st_ex_flags = 0;
+#endif
+}
+
+/*******************************************************************
+A stat() wrapper.
+********************************************************************/
+
+int sys_stat(const char *fname, SMB_STRUCT_STAT *sbuf,
+ bool fake_dir_create_times)
+{
+ int ret;
+ struct stat statbuf;
+ ret = stat(fname, &statbuf);
+ if (ret == 0) {
+ /* we always want directories to appear zero size */
+ if (S_ISDIR(statbuf.st_mode)) {
+ statbuf.st_size = 0;
+ }
+ init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
+ }
+ return ret;
+}
+
+/*******************************************************************
+ An fstat() wrapper.
+********************************************************************/
+
+int sys_fstat(int fd, SMB_STRUCT_STAT *sbuf, bool fake_dir_create_times)
+{
+ int ret;
+ struct stat statbuf;
+ ret = fstat(fd, &statbuf);
+ if (ret == 0) {
+ /* we always want directories to appear zero size */
+ if (S_ISDIR(statbuf.st_mode)) {
+ statbuf.st_size = 0;
+ }
+ init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
+ }
+ return ret;
+}
+
+/*******************************************************************
+ An lstat() wrapper.
+********************************************************************/
+
+int sys_lstat(const char *fname,SMB_STRUCT_STAT *sbuf,
+ bool fake_dir_create_times)
+{
+ int ret;
+ struct stat statbuf;
+ ret = lstat(fname, &statbuf);
+ if (ret == 0) {
+ /* we always want directories to appear zero size */
+ if (S_ISDIR(statbuf.st_mode)) {
+ statbuf.st_size = 0;
+ }
+ init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
+ }
+ return ret;
+}
+
+/*******************************************************************
+ An fstatat() wrapper.
+********************************************************************/
+
+int sys_fstatat(int fd,
+ const char *pathname,
+ SMB_STRUCT_STAT *sbuf,
+ int flags,
+ bool fake_dir_create_times)
+{
+ int ret;
+ struct stat statbuf;
+
+ ret = fstatat(fd, pathname, &statbuf, flags);
+ if (ret != 0) {
+ return -1;
+ }
+
+ /* we always want directories to appear zero size */
+ if (S_ISDIR(statbuf.st_mode)) {
+ statbuf.st_size = 0;
+ }
+ init_stat_ex_from_stat(sbuf, &statbuf, fake_dir_create_times);
+ return 0;
+}
+
+/*******************************************************************
+ An posix_fallocate() wrapper.
+********************************************************************/
+int sys_posix_fallocate(int fd, off_t offset, off_t len)
+{
+#if defined(HAVE_POSIX_FALLOCATE)
+ return posix_fallocate(fd, offset, len);
+#elif defined(F_RESVSP64)
+ /* this handles XFS on IRIX */
+ struct flock64 fl;
+ off_t new_len = offset + len;
+ int ret;
+ struct stat64 sbuf;
+
+ /* unlikely to get a too large file on a 64bit system but ... */
+ if (new_len < 0)
+ return EFBIG;
+
+ fl.l_whence = SEEK_SET;
+ fl.l_start = offset;
+ fl.l_len = len;
+
+ ret=fcntl(fd, F_RESVSP64, &fl);
+
+ if (ret != 0)
+ return errno;
+
+ /* Make sure the file gets enlarged after we allocated space: */
+ fstat64(fd, &sbuf);
+ if (new_len > sbuf.st_size)
+ ftruncate64(fd, new_len);
+ return 0;
+#else
+ return ENOSYS;
+#endif
+}
+
+/*******************************************************************
+ An fallocate() function that matches the semantics of the Linux one.
+********************************************************************/
+
+#ifdef HAVE_LINUX_FALLOC_H
+#include <linux/falloc.h>
+#endif
+
+int sys_fallocate(int fd, uint32_t mode, off_t offset, off_t len)
+{
+#if defined(HAVE_LINUX_FALLOCATE)
+ int lmode = 0;
+
+ if (mode & VFS_FALLOCATE_FL_KEEP_SIZE) {
+ lmode |= FALLOC_FL_KEEP_SIZE;
+ mode &= ~VFS_FALLOCATE_FL_KEEP_SIZE;
+ }
+
+#if defined(HAVE_FALLOC_FL_PUNCH_HOLE)
+ if (mode & VFS_FALLOCATE_FL_PUNCH_HOLE) {
+ lmode |= FALLOC_FL_PUNCH_HOLE;
+ mode &= ~VFS_FALLOCATE_FL_PUNCH_HOLE;
+ }
+#endif /* HAVE_FALLOC_FL_PUNCH_HOLE */
+
+ if (mode != 0) {
+ DEBUG(2, ("unmapped fallocate flags: %lx\n",
+ (unsigned long)mode));
+ errno = EINVAL;
+ return -1;
+ }
+ return fallocate(fd, lmode, offset, len);
+#else /* HAVE_LINUX_FALLOCATE */
+ /* TODO - plumb in fallocate from other filesysetms like VXFS etc. JRA. */
+ errno = ENOSYS;
+ return -1;
+#endif /* HAVE_LINUX_FALLOCATE */
+}
+
+/*******************************************************************
+ An fdopendir wrapper.
+********************************************************************/
+
+DIR *sys_fdopendir(int fd)
+{
+#if defined(HAVE_FDOPENDIR)
+ return fdopendir(fd);
+#else
+ errno = ENOSYS;
+ return NULL;
+#endif
+}
+
+/*******************************************************************
+ An mknod() wrapper.
+********************************************************************/
+
+int sys_mknod(const char *path, mode_t mode, SMB_DEV_T dev)
+{
+#if defined(HAVE_MKNOD)
+ return mknod(path, mode, dev);
+#else
+ /* No mknod system call. */
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+/*******************************************************************
+ A mknodat() wrapper.
+********************************************************************/
+
+int sys_mknodat(int dirfd, const char *path, mode_t mode, SMB_DEV_T dev)
+{
+#if defined(HAVE_MKNODAT)
+ return mknodat(dirfd, path, mode, dev);
+#else
+ /* No mknod system call. */
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+/*******************************************************************
+ System wrapper for getwd. Always returns MALLOC'ed memory, or NULL
+ on error (malloc fail usually).
+********************************************************************/
+
+char *sys_getwd(void)
+{
+#ifdef GETCWD_TAKES_NULL
+ return getcwd(NULL, 0);
+#elif defined(HAVE_GETCWD)
+ char *wd = NULL, *s = NULL;
+ size_t allocated = PATH_MAX;
+
+ while (1) {
+ s = SMB_REALLOC_ARRAY(s, char, allocated);
+ if (s == NULL) {
+ return NULL;
+ }
+ wd = getcwd(s, allocated);
+ if (wd) {
+ break;
+ }
+ if (errno != ERANGE) {
+ int saved_errno = errno;
+ SAFE_FREE(s);
+ errno = saved_errno;
+ break;
+ }
+ allocated *= 2;
+ if (allocated < PATH_MAX) {
+ SAFE_FREE(s);
+ break;
+ }
+ }
+ return wd;
+#else
+ char *wd = NULL;
+ char *s = SMB_MALLOC_ARRAY(char, PATH_MAX);
+ if (s == NULL) {
+ return NULL;
+ }
+ wd = getwd(s);
+ if (wd == NULL) {
+ int saved_errno = errno;
+ SAFE_FREE(s);
+ errno = saved_errno;
+ }
+ return wd;
+#endif
+}
+
+#if defined(HAVE_POSIX_CAPABILITIES)
+
+/**************************************************************************
+ Try and abstract process capabilities (for systems that have them).
+****************************************************************************/
+
+/* Set the POSIX capabilities needed for the given purpose into the effective
+ * capability set of the current process. Make sure they are always removed
+ * from the inheritable set, because there is no circumstance in which our
+ * children should inherit our elevated privileges.
+ */
+static bool set_process_capability(enum smbd_capability capability,
+ bool enable)
+{
+ /* "5" is the number of "num_cap_vals++" below */
+ cap_value_t cap_vals[5] = {0};
+ size_t num_cap_vals = 0;
+
+ cap_t cap;
+
+#if defined(HAVE_PRCTL) && defined(PR_GET_KEEPCAPS) && defined(PR_SET_KEEPCAPS)
+ /* On Linux, make sure that any capabilities we grab are sticky
+ * across UID changes. We expect that this would allow us to keep both
+ * the effective and permitted capability sets, but as of circa 2.6.16,
+ * only the permitted set is kept. It is a bug (which we work around)
+ * that the effective set is lost, but we still require the effective
+ * set to be kept.
+ */
+ if (!prctl(PR_GET_KEEPCAPS)) {
+ prctl(PR_SET_KEEPCAPS, 1);
+ }
+#endif
+
+ cap = cap_get_proc();
+ if (cap == NULL) {
+ DEBUG(0,("set_process_capability: cap_get_proc failed: %s\n",
+ strerror(errno)));
+ return False;
+ }
+
+ switch (capability) {
+ /*
+ * WARNING: If you add any #ifdef for a fresh
+ * capability, bump up the array size in the
+ * declaration of cap_vals[] above just to be
+ * trivially safe to never overwrite cap_vals[].
+ */
+ case KERNEL_OPLOCK_CAPABILITY:
+#ifdef CAP_NETWORK_MGT
+ /* IRIX has CAP_NETWORK_MGT for oplocks. */
+ cap_vals[num_cap_vals++] = CAP_NETWORK_MGT;
+#endif
+ break;
+ case DMAPI_ACCESS_CAPABILITY:
+#ifdef CAP_DEVICE_MGT
+ /* IRIX has CAP_DEVICE_MGT for DMAPI access. */
+ cap_vals[num_cap_vals++] = CAP_DEVICE_MGT;
+#elif CAP_MKNOD
+ /* Linux has CAP_MKNOD for DMAPI access. */
+ cap_vals[num_cap_vals++] = CAP_MKNOD;
+#endif
+ break;
+ case LEASE_CAPABILITY:
+#ifdef CAP_LEASE
+ cap_vals[num_cap_vals++] = CAP_LEASE;
+#endif
+ break;
+ case DAC_OVERRIDE_CAPABILITY:
+#ifdef CAP_DAC_OVERRIDE
+ cap_vals[num_cap_vals++] = CAP_DAC_OVERRIDE;
+#endif
+ }
+
+ if (num_cap_vals == 0) {
+ cap_free(cap);
+ return True;
+ }
+
+ cap_set_flag(cap, CAP_EFFECTIVE, num_cap_vals, cap_vals,
+ enable ? CAP_SET : CAP_CLEAR);
+
+ /* We never want to pass capabilities down to our children, so make
+ * sure they are not inherited.
+ */
+ cap_set_flag(cap, CAP_INHERITABLE, num_cap_vals, cap_vals, CAP_CLEAR);
+
+ if (cap_set_proc(cap) == -1) {
+ DBG_ERR("%s capability %d: cap_set_proc failed: %s\n",
+ enable ? "adding" : "dropping",
+ capability, strerror(errno));
+ cap_free(cap);
+ return False;
+ }
+ DBG_INFO("%s capability %d\n",
+ enable ? "added" : "dropped", capability);
+
+ cap_free(cap);
+ return True;
+}
+
+#endif /* HAVE_POSIX_CAPABILITIES */
+
+/****************************************************************************
+ Gain the oplock capability from the kernel if possible.
+****************************************************************************/
+
+#if defined(HAVE_POSIX_CAPABILITIES) && defined(CAP_DAC_OVERRIDE)
+static bool have_cap_dac_override = true;
+#else
+static bool have_cap_dac_override = false;
+#endif
+
+void set_effective_capability(enum smbd_capability capability)
+{
+ bool ret = false;
+
+ if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
+#if defined(HAVE_POSIX_CAPABILITIES)
+ ret = set_process_capability(capability, True);
+#endif /* HAVE_POSIX_CAPABILITIES */
+ }
+
+ /*
+ * Fallback to become_root() if CAP_DAC_OVERRIDE is not
+ * available.
+ */
+ if (capability == DAC_OVERRIDE_CAPABILITY) {
+ if (!ret) {
+ have_cap_dac_override = false;
+ }
+ if (!have_cap_dac_override) {
+ become_root();
+ }
+ }
+}
+
+void drop_effective_capability(enum smbd_capability capability)
+{
+ if (capability != DAC_OVERRIDE_CAPABILITY || have_cap_dac_override) {
+#if defined(HAVE_POSIX_CAPABILITIES)
+ set_process_capability(capability, False);
+#endif /* HAVE_POSIX_CAPABILITIES */
+ } else {
+ unbecome_root();
+ }
+}
+
+/**************************************************************************
+ Wrapper for random().
+****************************************************************************/
+
+long sys_random(void)
+{
+#if defined(HAVE_RANDOM)
+ return (long)random();
+#elif defined(HAVE_RAND)
+ return (long)rand();
+#else
+ DEBUG(0,("Error - no random function available !\n"));
+ exit(1);
+#endif
+}
+
+/**************************************************************************
+ Wrapper for srandom().
+****************************************************************************/
+
+void sys_srandom(unsigned int seed)
+{
+#if defined(HAVE_SRANDOM)
+ srandom(seed);
+#elif defined(HAVE_SRAND)
+ srand(seed);
+#else
+ DEBUG(0,("Error - no srandom function available !\n"));
+ exit(1);
+#endif
+}
+
+#ifndef NGROUPS_MAX
+#define NGROUPS_MAX 32 /* Guess... */
+#endif
+
+/**************************************************************************
+ Returns equivalent to NGROUPS_MAX - using sysconf if needed.
+****************************************************************************/
+
+int setgroups_max(void)
+{
+#if defined(SYSCONF_SC_NGROUPS_MAX)
+ int ret = sysconf(_SC_NGROUPS_MAX);
+ return (ret == -1) ? NGROUPS_MAX : ret;
+#else
+ return NGROUPS_MAX;
+#endif
+}
+
+int getgroups_max(void)
+{
+#if defined(DARWINOS)
+ /*
+ * On MacOS sysconf(_SC_NGROUPS_MAX) returns 16 due to MacOS's group
+ * nesting. However, The initgroups() manpage states the following:
+ * "Note that OS X supports group membership in an unlimited number
+ * of groups. The OS X kernel uses the group list stored in the process
+ * credentials only as an initial cache. Additional group memberships
+ * are determined by communication between the operating system and the
+ * opendirectoryd daemon."
+ */
+ return INT_MAX;
+#else
+ return setgroups_max();
+#endif
+}
+
+/**************************************************************************
+ Wrap setgroups and getgroups for systems that declare getgroups() as
+ returning an array of gid_t, but actually return an array of int.
+****************************************************************************/
+
+#if defined(HAVE_BROKEN_GETGROUPS)
+
+#ifdef HAVE_BROKEN_GETGROUPS
+#define GID_T int
+#else
+#define GID_T gid_t
+#endif
+
+static int sys_broken_getgroups(int setlen, gid_t *gidset)
+{
+ GID_T *group_list;
+ int i, ngroups;
+
+ if(setlen == 0) {
+ return getgroups(0, NULL);
+ }
+
+ /*
+ * Broken case. We need to allocate a
+ * GID_T array of size setlen.
+ */
+
+ if(setlen < 0) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
+ DEBUG(0,("sys_getgroups: Malloc fail.\n"));
+ return -1;
+ }
+
+ if((ngroups = getgroups(setlen, group_list)) < 0) {
+ int saved_errno = errno;
+ SAFE_FREE(group_list);
+ errno = saved_errno;
+ return -1;
+ }
+
+ /*
+ * We're safe here as if ngroups > setlen then
+ * getgroups *must* return EINVAL.
+ * pubs.opengroup.org/onlinepubs/009695399/functions/getgroups.html
+ */
+
+ for(i = 0; i < ngroups; i++)
+ gidset[i] = (gid_t)group_list[i];
+
+ SAFE_FREE(group_list);
+ return ngroups;
+}
+
+static int sys_broken_setgroups(int setlen, gid_t *gidset)
+{
+ GID_T *group_list;
+ int i ;
+
+ if (setlen == 0)
+ return 0 ;
+
+ if (setlen < 0 || setlen > setgroups_max()) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /*
+ * Broken case. We need to allocate a
+ * GID_T array of size setlen.
+ */
+
+ if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
+ DEBUG(0,("sys_setgroups: Malloc fail.\n"));
+ return -1;
+ }
+
+ for(i = 0; i < setlen; i++)
+ group_list[i] = (GID_T) gidset[i];
+
+ if(samba_setgroups(setlen, group_list) != 0) {
+ int saved_errno = errno;
+ SAFE_FREE(group_list);
+ errno = saved_errno;
+ return -1;
+ }
+
+ SAFE_FREE(group_list);
+ return 0 ;
+}
+
+#endif /* HAVE_BROKEN_GETGROUPS */
+
+/* This is a list of systems that require the first GID passed to setgroups(2)
+ * to be the effective GID. If your system is one of these, add it here.
+ */
+#if defined (FREEBSD) || defined (DARWINOS)
+#define USE_BSD_SETGROUPS
+#endif
+
+#if defined(USE_BSD_SETGROUPS)
+/* Depending on the particular BSD implementation, the first GID that is
+ * passed to setgroups(2) will either be ignored or will set the credential's
+ * effective GID. In either case, the right thing to do is to guarantee that
+ * gidset[0] is the effective GID.
+ */
+static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset)
+{
+ gid_t *new_gidset = NULL;
+ int max;
+ int ret;
+
+ /* setgroups(2) will fail with EINVAL if we pass too many groups. */
+ max = setgroups_max();
+
+ /* No group list, just make sure we are setting the effective GID. */
+ if (setlen == 0) {
+ return samba_setgroups(1, &primary_gid);
+ }
+
+ /* If the primary gid is not the first array element, grow the array
+ * and insert it at the front.
+ */
+ if (gidset[0] != primary_gid) {
+ new_gidset = SMB_MALLOC_ARRAY(gid_t, setlen + 1);
+ if (new_gidset == NULL) {
+ return -1;
+ }
+
+ memcpy(new_gidset + 1, gidset, (setlen * sizeof(gid_t)));
+ new_gidset[0] = primary_gid;
+ setlen++;
+ }
+
+ if (setlen > max) {
+ DEBUG(3, ("forced to truncate group list from %d to %d\n",
+ setlen, max));
+ setlen = max;
+ }
+
+#if defined(HAVE_BROKEN_GETGROUPS)
+ ret = sys_broken_setgroups(setlen, new_gidset ? new_gidset : gidset);
+#else
+ ret = samba_setgroups(setlen, new_gidset ? new_gidset : gidset);
+#endif
+
+ if (new_gidset) {
+ int errsav = errno;
+ SAFE_FREE(new_gidset);
+ errno = errsav;
+ }
+
+ return ret;
+}
+
+#endif /* USE_BSD_SETGROUPS */
+
+/**************************************************************************
+ Wrapper for getgroups. Deals with broken (int) case.
+****************************************************************************/
+
+int sys_getgroups(int setlen, gid_t *gidset)
+{
+#if defined(HAVE_BROKEN_GETGROUPS)
+ return sys_broken_getgroups(setlen, gidset);
+#else
+ return getgroups(setlen, gidset);
+#endif
+}
+
+/**************************************************************************
+ Wrapper for setgroups. Deals with broken (int) case and BSD case.
+****************************************************************************/
+
+int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset)
+{
+#if !defined(HAVE_SETGROUPS)
+ errno = ENOSYS;
+ return -1;
+#endif /* HAVE_SETGROUPS */
+
+#if defined(USE_BSD_SETGROUPS)
+ return sys_bsd_setgroups(primary_gid, setlen, gidset);
+#elif defined(HAVE_BROKEN_GETGROUPS)
+ return sys_broken_setgroups(setlen, gidset);
+#else
+ return samba_setgroups(setlen, gidset);
+#endif
+}
+
+/****************************************************************************
+ Return the major devicenumber for UNIX extensions.
+****************************************************************************/
+
+uint32_t unix_dev_major(SMB_DEV_T dev)
+{
+#if defined(HAVE_DEVICE_MAJOR_FN)
+ return (uint32_t)major(dev);
+#else
+ return (uint32_t)(dev >> 8);
+#endif
+}
+
+/****************************************************************************
+ Return the minor devicenumber for UNIX extensions.
+****************************************************************************/
+
+uint32_t unix_dev_minor(SMB_DEV_T dev)
+{
+#if defined(HAVE_DEVICE_MINOR_FN)
+ return (uint32_t)minor(dev);
+#else
+ return (uint32_t)(dev & 0xff);
+#endif
+}
+
+/**************************************************************************
+ Wrapper for realpath.
+****************************************************************************/
+
+char *sys_realpath(const char *path)
+{
+ char *result;
+
+#ifdef REALPATH_TAKES_NULL
+ result = realpath(path, NULL);
+#else
+ result = SMB_MALLOC_ARRAY(char, PATH_MAX + 1);
+ if (result) {
+ char *resolved_path = realpath(path, result);
+ if (!resolved_path) {
+ SAFE_FREE(result);
+ } else {
+ /* SMB_ASSERT(result == resolved_path) ? */
+ result = resolved_path;
+ }
+ }
+#endif
+ return result;
+}
+
+#if 0
+/*******************************************************************
+ Return the number of CPUs.
+********************************************************************/
+
+int sys_get_number_of_cores(void)
+{
+ int ret = -1;
+
+#if defined(HAVE_SYSCONF)
+#if defined(_SC_NPROCESSORS_ONLN)
+ ret = (int)sysconf(_SC_NPROCESSORS_ONLN);
+#endif
+#if defined(_SC_NPROCESSORS_CONF)
+ if (ret < 1) {
+ ret = (int)sysconf(_SC_NPROCESSORS_CONF);
+ }
+#endif
+#elif defined(HAVE_SYSCTL) && defined(CTL_HW)
+ int name[2];
+ unsigned int len = sizeof(ret);
+
+ name[0] = CTL_HW;
+#if defined(HW_AVAILCPU)
+ name[1] = HW_AVAILCPU;
+
+ if (sysctl(name, 2, &ret, &len, NULL, 0) == -1) {
+ ret = -1;
+ }
+#endif
+#if defined(HW_NCPU)
+ if(ret < 1) {
+ name[0] = CTL_HW;
+ name[1] = HW_NCPU;
+ if (sysctl(nm, 2, &count, &len, NULL, 0) == -1) {
+ ret = -1;
+ }
+ }
+#endif
+#endif
+ if (ret < 1) {
+ ret = 1;
+ }
+ return ret;
+}
+#endif
+
+bool sys_have_proc_fds(void)
+{
+ static bool checked = false;
+ static bool have_proc_fds = false;
+ struct stat sb;
+ int ret;
+
+ if (checked) {
+ return have_proc_fds;
+ }
+
+ ret = stat("/proc/self/fd/0", &sb);
+ have_proc_fds = (ret == 0);
+ checked = true;
+
+ return have_proc_fds;
+}
+
+char *sys_proc_fd_path(int fd, struct sys_proc_fd_path_buf *buf)
+{
+ int written =
+ snprintf(buf->buf, sizeof(buf->buf), "/proc/self/fd/%d", fd);
+
+ SMB_ASSERT(sys_have_proc_fds() && (written >= 0));
+
+ return buf->buf;
+}
diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c
new file mode 100644
index 0000000..4a14744
--- /dev/null
+++ b/source3/lib/system_smbd.c
@@ -0,0 +1,253 @@
+/*
+ Unix SMB/CIFS implementation.
+ system call wrapper interface.
+ Copyright (C) Andrew Tridgell 2002
+ Copyright (C) Andrew Barteltt 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ This file may assume linkage with smbd - for things like become_root()
+ etc.
+*/
+
+#include "includes.h"
+#include "system/passwd.h"
+#include "nsswitch/winbind_client.h"
+#include "../lib/util/setid.h"
+
+#ifndef HAVE_GETGROUPLIST
+
+#ifdef HAVE_GETGRSET
+static int getgrouplist_getgrset(const char *user, gid_t gid, gid_t *groups,
+ int *grpcnt)
+{
+ char *grplist;
+ char *grp;
+ gid_t temp_gid;
+ int num_gids = 1;
+ int ret = 0;
+ long l;
+
+ grplist = getgrset(user);
+
+ DEBUG(10, ("getgrset returned %s\n", grplist));
+
+ if (grplist == NULL) {
+ return -1;
+ }
+
+ if (*grpcnt > 0) {
+ groups[0] = gid;
+ }
+
+ while ((grp = strsep(&grplist, ",")) != NULL) {
+ l = strtol(grp, NULL, 10);
+ temp_gid = (gid_t) l;
+ if (temp_gid == gid) {
+ continue;
+ }
+
+ if (num_gids + 1 > *grpcnt) {
+ num_gids++;
+ continue;
+ }
+ groups[num_gids++] = temp_gid;
+ }
+ free(grplist);
+
+ if (num_gids > *grpcnt) {
+ ret = -1;
+ }
+ *grpcnt = num_gids;
+
+ DEBUG(10, ("Found %d groups for user %s\n", *grpcnt, user));
+
+ return ret;
+}
+
+#else /* HAVE_GETGRSET */
+
+/*
+ This is a *much* faster way of getting the list of groups for a user
+ without changing the current supplementary group list. The old
+ method used getgrent() which could take 20 minutes on a really big
+ network with hundeds of thousands of groups and users. The new method
+ takes a couple of seconds.
+
+ NOTE!! this function only works if it is called as root!
+ */
+
+static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups,
+ int *grpcnt)
+{
+ gid_t *gids_saved;
+ int ret, ngrp_saved, num_gids;
+
+ if (non_root_mode()) {
+ *grpcnt = 0;
+ return 0;
+ }
+
+ /* work out how many groups we need to save */
+ ngrp_saved = getgroups(0, NULL);
+ if (ngrp_saved == -1) {
+ /* this shouldn't happen */
+ return -1;
+ }
+
+ gids_saved = SMB_MALLOC_ARRAY(gid_t, ngrp_saved+1);
+ if (!gids_saved) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ ngrp_saved = getgroups(ngrp_saved, gids_saved);
+ if (ngrp_saved == -1) {
+ SAFE_FREE(gids_saved);
+ /* very strange! */
+ return -1;
+ }
+
+ if (initgroups(user, gid) == -1) {
+ DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n"));
+ SAFE_FREE(gids_saved);
+ return -1;
+ }
+
+ /* this must be done to cope with systems that put the current egid in the
+ return from getgroups() */
+ save_re_gid();
+ set_effective_gid(gid);
+ samba_setgid(gid);
+
+ num_gids = getgroups(0, NULL);
+ if (num_gids == -1) {
+ SAFE_FREE(gids_saved);
+ /* very strange! */
+ return -1;
+ }
+
+ if (num_gids + 1 > *grpcnt) {
+ *grpcnt = num_gids + 1;
+ ret = -1;
+ } else {
+ ret = getgroups(*grpcnt - 1, &groups[1]);
+ if (ret < 0) {
+ SAFE_FREE(gids_saved);
+ /* very strange! */
+ return -1;
+ }
+ groups[0] = gid;
+ *grpcnt = ret + 1;
+ }
+
+ restore_re_gid();
+
+ if (sys_setgroups(gid, ngrp_saved, gids_saved) != 0) {
+ /* yikes! */
+ DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n"));
+ smb_panic("getgrouplist: failed to reset group list!");
+ }
+
+ free(gids_saved);
+ return ret;
+}
+#endif /* HAVE_GETGRSET */
+#endif /* HAVE_GETGROUPLIST */
+
+static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
+{
+ int retval;
+ bool winbind_env;
+
+ DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
+
+ /* This is only ever called for Unix users, remote memberships are
+ * always determined by the info3 coming back from auth3 or the
+ * PAC. */
+ winbind_env = winbind_env_set();
+ (void)winbind_off();
+
+#ifdef HAVE_GETGROUPLIST
+ retval = getgrouplist(user, gid, groups, grpcnt);
+#else
+#ifdef HAVE_GETGRSET
+ retval = getgrouplist_getgrset(user, gid, groups, grpcnt);
+#else
+ become_root();
+ retval = getgrouplist_internals(user, gid, groups, grpcnt);
+ unbecome_root();
+#endif /* HAVE_GETGRSET */
+#endif /* HAVE_GETGROUPLIST */
+
+ /* allow winbindd lookups, but only if they were not already disabled */
+ if (!winbind_env) {
+ (void)winbind_on();
+ }
+
+ return retval;
+}
+
+bool getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user,
+ gid_t primary_gid,
+ gid_t **ret_groups, uint32_t *p_ngroups)
+{
+ int max_grp = MIN(128, getgroups_max());
+ gid_t stack_groups[max_grp];
+ uint32_t ngrp;
+ gid_t *temp_groups = stack_groups;
+ gid_t *to_free = NULL;
+ gid_t *groups;
+ int i;
+
+ if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) {
+ to_free = talloc_array(mem_ctx, gid_t, max_grp);
+ if (!to_free) {
+ return False;
+ }
+ temp_groups = to_free;
+
+ if (sys_getgrouplist(user, primary_gid,
+ temp_groups, &max_grp) == -1) {
+ DEBUG(0, ("get_user_groups: failed to get the unix "
+ "group list\n"));
+ TALLOC_FREE(to_free);
+ return False;
+ }
+ }
+
+ ngrp = 0;
+ groups = NULL;
+
+ /* Add in primary group first */
+ if (!add_gid_to_array_unique(mem_ctx, primary_gid, &groups, &ngrp)) {
+ TALLOC_FREE(to_free);
+ return False;
+ }
+
+ for (i=0; i<max_grp; i++) {
+ if (!add_gid_to_array_unique(mem_ctx, temp_groups[i],
+ &groups, &ngrp)) {
+ TALLOC_FREE(to_free);
+ return False;
+ }
+ }
+
+ *p_ngroups = ngrp;
+ *ret_groups = groups;
+ TALLOC_FREE(to_free);
+ return True;
+}
diff --git a/source3/lib/tallocmsg.c b/source3/lib/tallocmsg.c
new file mode 100644
index 0000000..af5a90b
--- /dev/null
+++ b/source3/lib/tallocmsg.c
@@ -0,0 +1,85 @@
+/*
+ samba -- Unix SMB/CIFS implementation.
+ Copyright (C) 2001, 2002 by Martin Pool
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "messages.h"
+#include "lib/util/talloc_report_printf.h"
+
+static bool pool_usage_filter(struct messaging_rec *rec, void *private_data)
+{
+ FILE *f = NULL;
+ int fd;
+
+ if (rec->msg_type != MSG_REQ_POOL_USAGE) {
+ return false;
+ }
+
+ DBG_DEBUG("Got MSG_REQ_POOL_USAGE\n");
+
+ if (rec->num_fds != 1) {
+ DBG_DEBUG("Got %"PRIu8" fds, expected one\n", rec->num_fds);
+ return false;
+ }
+
+ fd = dup(rec->fds[0]);
+ if (fd == -1) {
+ DBG_DEBUG("dup(%"PRIi64") failed: %s\n",
+ rec->fds[0],
+ strerror(errno));
+ return false;
+ }
+
+ f = fdopen(fd, "w");
+ if (f == NULL) {
+ DBG_DEBUG("fdopen failed: %s\n", strerror(errno));
+ close(fd);
+ return false;
+ }
+
+ talloc_full_report_printf(NULL, f);
+
+ fclose(f);
+ /*
+ * Returning false, means messaging_dispatch_waiters()
+ * won't call messaging_filtered_read_done() and
+ * our messaging_filtered_read_send() stays alive
+ * and will get messages.
+ */
+ return false;
+}
+
+/**
+ * Register handler for MSG_REQ_POOL_USAGE
+ **/
+void register_msg_pool_usage(
+ TALLOC_CTX *mem_ctx, struct messaging_context *msg_ctx)
+{
+ struct tevent_req *req = NULL;
+
+ req = messaging_filtered_read_send(
+ mem_ctx,
+ messaging_tevent_context(msg_ctx),
+ msg_ctx,
+ pool_usage_filter,
+ NULL);
+ if (req == NULL) {
+ DBG_WARNING("messaging_filtered_read_send failed\n");
+ return;
+ }
+ DBG_INFO("Registered MSG_REQ_POOL_USAGE\n");
+}
diff --git a/source3/lib/tdb_validate.c b/source3/lib/tdb_validate.c
new file mode 100644
index 0000000..78bd824
--- /dev/null
+++ b/source3/lib/tdb_validate.c
@@ -0,0 +1,538 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * A general tdb content validation mechanism
+ *
+ * Copyright (C) Michael Adam 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "util_tdb.h"
+#include "tdb_validate.h"
+
+/*
+ * internal validation function, executed by the child.
+ */
+static int tdb_validate_child(struct tdb_context *tdb,
+ tdb_validate_data_func validate_fn)
+{
+ int ret = 1;
+ int check_rc;
+ int num_entries = 0;
+ struct tdb_validation_status v_status;
+
+ v_status.tdb_error = False;
+ v_status.bad_freelist = False;
+ v_status.bad_entry = False;
+ v_status.unknown_key = False;
+ v_status.success = True;
+
+ if (!tdb) {
+ v_status.tdb_error = True;
+ v_status.success = False;
+ goto out;
+ }
+
+ /*
+ * we can simplify this by passing a check function,
+ * but I don't want to change all the callers...
+ */
+ check_rc = tdb_check(tdb, NULL, NULL);
+ if (check_rc != 0) {
+ v_status.tdb_error = True;
+ v_status.success = False;
+ goto out;
+ }
+
+ /* Check if the tdb's freelist is good. */
+ if (tdb_validate_freelist(tdb, &num_entries) == -1) {
+ v_status.bad_freelist = True;
+ v_status.success = False;
+ goto out;
+ }
+
+ DEBUG(10,("tdb_validate_child: tdb %s freelist has %d entries\n",
+ tdb_name(tdb), num_entries));
+
+ /* Now traverse the tdb to validate it. */
+ num_entries = tdb_traverse(tdb, validate_fn, (void *)&v_status);
+ if (!v_status.success) {
+ goto out;
+ } else if (num_entries < 0) {
+ v_status.tdb_error = True;
+ v_status.success = False;
+ goto out;
+ }
+
+ DEBUG(10,("tdb_validate_child: tdb %s is good with %d entries\n",
+ tdb_name(tdb), num_entries));
+ ret = 0; /* Cache is good. */
+
+out:
+ DEBUG(10, ("tdb_validate_child: summary of validation status:\n"));
+ DEBUGADD(10,(" * tdb error: %s\n", v_status.tdb_error ? "yes" : "no"));
+ DEBUGADD(10,(" * bad freelist: %s\n",v_status.bad_freelist?"yes":"no"));
+ DEBUGADD(10,(" * bad entry: %s\n", v_status.bad_entry ? "yes" : "no"));
+ DEBUGADD(10,(" * unknown key: %s\n", v_status.unknown_key?"yes":"no"));
+ DEBUGADD(10,(" => overall success: %s\n", v_status.success?"yes":"no"));
+
+ return ret;
+}
+
+/*
+ * tdb validation function.
+ * returns 0 if tdb is ok, != 0 if it isn't.
+ * this function expects an opened tdb.
+ */
+int tdb_validate(struct tdb_context *tdb, tdb_validate_data_func validate_fn)
+{
+ pid_t child_pid = -1;
+ int child_status = 0;
+ int wait_pid = 0;
+ int ret = 1;
+
+ if (tdb == NULL) {
+ DEBUG(1, ("Error: tdb_validate called with tdb == NULL\n"));
+ return ret;
+ }
+
+ DEBUG(5, ("tdb_validate called for tdb '%s'\n", tdb_name(tdb)));
+
+ /* fork and let the child do the validation.
+ * benefit: no need to twist signal handlers and panic functions.
+ * just let the child panic. we catch the signal. */
+
+ DEBUG(10, ("tdb_validate: forking to let child do validation.\n"));
+ child_pid = fork();
+ if (child_pid == 0) {
+ /* child code */
+ DEBUG(10, ("tdb_validate (validation child): created\n"));
+ DEBUG(10, ("tdb_validate (validation child): "
+ "calling tdb_validate_child\n"));
+ exit(tdb_validate_child(tdb, validate_fn));
+ }
+ else if (child_pid < 0) {
+ DEBUG(1, ("tdb_validate: fork for validation failed.\n"));
+ goto done;
+ }
+
+ /* parent */
+
+ DEBUG(10, ("tdb_validate: fork succeeded, child PID = %u\n",
+ (unsigned int)child_pid));
+
+ DEBUG(10, ("tdb_validate: waiting for child to finish...\n"));
+ while ((wait_pid = waitpid(child_pid, &child_status, 0)) < 0) {
+ if (errno == EINTR) {
+ DEBUG(10, ("tdb_validate: got signal during waitpid, "
+ "retrying\n"));
+ errno = 0;
+ continue;
+ }
+ DEBUG(1, ("tdb_validate: waitpid failed with error '%s'.\n",
+ strerror(errno)));
+ goto done;
+ }
+ if (wait_pid != child_pid) {
+ DEBUG(1, ("tdb_validate: waitpid returned pid %d, "
+ "but %u was expected\n", wait_pid, (unsigned int)child_pid));
+ goto done;
+ }
+
+ DEBUG(10, ("tdb_validate: validating child returned.\n"));
+ if (WIFEXITED(child_status)) {
+ DEBUG(10, ("tdb_validate: child exited, code %d.\n",
+ WEXITSTATUS(child_status)));
+ ret = WEXITSTATUS(child_status);
+ }
+ if (WIFSIGNALED(child_status)) {
+ DEBUG(10, ("tdb_validate: child terminated by signal %d\n",
+ WTERMSIG(child_status)));
+#ifdef WCOREDUMP
+ if (WCOREDUMP(child_status)) {
+ DEBUGADD(10, ("core dumped\n"));
+ }
+#endif
+ ret = WTERMSIG(child_status);
+ }
+ if (WIFSTOPPED(child_status)) {
+ DEBUG(10, ("tdb_validate: child was stopped by signal %d\n",
+ WSTOPSIG(child_status)));
+ ret = WSTOPSIG(child_status);
+ }
+
+done:
+ DEBUG(5, ("tdb_validate returning code '%d' for tdb '%s'\n", ret,
+ tdb_name(tdb)));
+
+ return ret;
+}
+
+/*
+ * tdb validation function.
+ * returns 0 if tdb is ok, != 0 if it isn't.
+ * this is a wrapper around the actual validation function that opens and closes
+ * the tdb.
+ */
+int tdb_validate_open(const char *tdb_path, tdb_validate_data_func validate_fn)
+{
+ TDB_CONTEXT *tdb = NULL;
+ int ret = 1;
+
+ DEBUG(5, ("tdb_validate_open called for tdb '%s'\n", tdb_path));
+
+ tdb = tdb_open_log(tdb_path, 0, TDB_DEFAULT, O_RDWR, 0);
+ if (!tdb) {
+ DEBUG(1, ("Error opening tdb %s\n", tdb_path));
+ return ret;
+ }
+
+ ret = tdb_validate(tdb, validate_fn);
+ tdb_close(tdb);
+ return ret;
+}
+
+/*
+ * tdb backup function and helpers for tdb_validate wrapper with backup
+ * handling.
+ */
+
+/* this structure eliminates the need for a global overall status for
+ * the traverse-copy */
+struct tdb_copy_data {
+ struct tdb_context *dst;
+ bool success;
+};
+
+static int traverse_copy_fn(struct tdb_context *tdb, TDB_DATA key,
+ TDB_DATA dbuf, void *private_data)
+{
+ struct tdb_copy_data *data = (struct tdb_copy_data *)private_data;
+
+ if (tdb_store(data->dst, key, dbuf, TDB_INSERT) != 0) {
+ DEBUG(4, ("Failed to insert into %s: %s\n", tdb_name(data->dst),
+ strerror(errno)));
+ data->success = False;
+ return 1;
+ }
+ return 0;
+}
+
+static int tdb_copy(struct tdb_context *src, struct tdb_context *dst)
+{
+ struct tdb_copy_data data;
+ int count;
+
+ data.dst = dst;
+ data.success = True;
+
+ count = tdb_traverse(src, traverse_copy_fn, (void *)(&data));
+ if ((count < 0) || (data.success == False)) {
+ return -1;
+ }
+ return count;
+}
+
+static int tdb_verify_basic(struct tdb_context *tdb)
+{
+ return tdb_traverse(tdb, NULL, NULL);
+}
+
+/* this backup function is essentially taken from lib/tdb/tools/tdbbackup.tdb
+ */
+static int tdb_backup(TALLOC_CTX *ctx, const char *src_path,
+ const char *dst_path, int hash_size)
+{
+ struct tdb_context *src_tdb = NULL;
+ struct tdb_context *dst_tdb = NULL;
+ char *tmp_path = NULL;
+ struct stat st;
+ int count1, count2;
+ int saved_errno = 0;
+ int ret = -1;
+
+ if (stat(src_path, &st) != 0) {
+ DEBUG(3, ("Could not stat '%s': %s\n", src_path,
+ strerror(errno)));
+ goto done;
+ }
+
+ /* open old tdb RDWR - so we can lock it */
+ src_tdb = tdb_open_log(src_path, 0, TDB_DEFAULT, O_RDWR, 0);
+ if (src_tdb == NULL) {
+ DEBUG(3, ("Failed to open tdb '%s'\n", src_path));
+ goto done;
+ }
+
+ if (tdb_lockall(src_tdb) != 0) {
+ DEBUG(3, ("Failed to lock tdb '%s'\n", src_path));
+ goto done;
+ }
+
+ tmp_path = talloc_asprintf(ctx, "%s%s", dst_path, ".tmp");
+ if (!tmp_path) {
+ DEBUG(3, ("talloc fail\n"));
+ goto done;
+ }
+
+ unlink(tmp_path);
+
+ if (!hash_size) {
+ hash_size = tdb_hash_size(src_tdb);
+ }
+
+ dst_tdb = tdb_open_log(tmp_path, hash_size,
+ TDB_DEFAULT, O_RDWR | O_CREAT | O_EXCL,
+ st.st_mode & 0777);
+ if (dst_tdb == NULL) {
+ DEBUG(3, ("Error creating tdb '%s': %s\n", tmp_path,
+ strerror(errno)));
+ saved_errno = errno;
+ unlink(tmp_path);
+ goto done;
+ }
+
+ count1 = tdb_copy(src_tdb, dst_tdb);
+ if (count1 < 0) {
+ DEBUG(3, ("Failed to copy tdb '%s': %s\n", src_path,
+ strerror(errno)));
+ tdb_close(dst_tdb);
+ goto done;
+ }
+
+ /* reopen ro and do basic verification */
+ tdb_close(dst_tdb);
+ dst_tdb = tdb_open_log(tmp_path, 0, TDB_DEFAULT, O_RDONLY, 0);
+ if (!dst_tdb) {
+ DEBUG(3, ("Failed to reopen tdb '%s': %s\n", tmp_path,
+ strerror(errno)));
+ goto done;
+ }
+ count2 = tdb_verify_basic(dst_tdb);
+ if (count2 != count1) {
+ DEBUG(3, ("Failed to verify result of copying tdb '%s'.\n",
+ src_path));
+ tdb_close(dst_tdb);
+ goto done;
+ }
+
+ DEBUG(10, ("tdb_backup: successfully copied %d entries\n", count1));
+
+ /* make sure the new tdb has reached stable storage
+ * then rename it to its destination */
+ fsync(tdb_fd(dst_tdb));
+ tdb_close(dst_tdb);
+ unlink(dst_path);
+ if (rename(tmp_path, dst_path) != 0) {
+ DEBUG(3, ("Failed to rename '%s' to '%s': %s\n",
+ tmp_path, dst_path, strerror(errno)));
+ goto done;
+ }
+
+ /* success */
+ ret = 0;
+
+done:
+ if (src_tdb != NULL) {
+ tdb_close(src_tdb);
+ }
+ if (tmp_path != NULL) {
+ unlink(tmp_path);
+ TALLOC_FREE(tmp_path);
+ }
+ if (saved_errno != 0) {
+ errno = saved_errno;
+ }
+ return ret;
+}
+
+static int rename_file_with_suffix(TALLOC_CTX *ctx, const char *path,
+ const char *suffix)
+{
+ int ret = -1;
+ char *dst_path;
+
+ dst_path = talloc_asprintf(ctx, "%s%s", path, suffix);
+ if (dst_path == NULL) {
+ DEBUG(3, ("error out of memory\n"));
+ return ret;
+ }
+
+ ret = (rename(path, dst_path) != 0);
+
+ if (ret == 0) {
+ DEBUG(5, ("moved '%s' to '%s'\n", path, dst_path));
+ } else if (errno == ENOENT) {
+ DEBUG(3, ("file '%s' does not exist - so not moved\n", path));
+ ret = 0;
+ } else {
+ DEBUG(3, ("error renaming %s to %s: %s\n", path, dst_path,
+ strerror(errno)));
+ }
+
+ TALLOC_FREE(dst_path);
+ return ret;
+}
+
+/*
+ * do a backup of a tdb, moving the destination out of the way first
+ */
+static int tdb_backup_with_rotate(TALLOC_CTX *ctx, const char *src_path,
+ const char *dst_path, int hash_size,
+ const char *rotate_suffix,
+ bool retry_norotate_if_nospc,
+ bool rename_as_last_resort_if_nospc)
+{
+ int ret;
+
+ rename_file_with_suffix(ctx, dst_path, rotate_suffix);
+
+ ret = tdb_backup(ctx, src_path, dst_path, hash_size);
+
+ if (ret != 0) {
+ DEBUG(10, ("backup of %s failed: %s\n", src_path, strerror(errno)));
+ }
+ if ((ret != 0) && (errno == ENOSPC) && retry_norotate_if_nospc)
+ {
+ char *rotate_path = talloc_asprintf(ctx, "%s%s", dst_path,
+ rotate_suffix);
+ if (rotate_path == NULL) {
+ DEBUG(10, ("talloc fail\n"));
+ return -1;
+ }
+ DEBUG(10, ("backup of %s failed due to lack of space\n",
+ src_path));
+ DEBUGADD(10, ("trying to free some space by removing rotated "
+ "dst %s\n", rotate_path));
+ if (unlink(rotate_path) == -1) {
+ DEBUG(10, ("unlink of %s failed: %s\n", rotate_path,
+ strerror(errno)));
+ } else {
+ ret = tdb_backup(ctx, src_path, dst_path, hash_size);
+ }
+ TALLOC_FREE(rotate_path);
+ }
+
+ if ((ret != 0) && (errno == ENOSPC) && rename_as_last_resort_if_nospc)
+ {
+ DEBUG(10, ("backup of %s failed due to lack of space\n",
+ src_path));
+ DEBUGADD(10, ("using 'rename' as a last resort\n"));
+ ret = rename(src_path, dst_path);
+ }
+
+ return ret;
+}
+
+/*
+ * validation function with backup handling:
+ *
+ * - calls tdb_validate
+ * - if the tdb is ok, create a backup "name.bak", possibly moving
+ * existing backup to name.bak.old,
+ * return 0 (success) even if the backup fails
+ * - if the tdb is corrupt:
+ * - move the tdb to "name.corrupt"
+ * - check if there is valid backup.
+ * if so, restore the backup.
+ * if restore is successful, return 0 (success),
+ * - otherwise return -1 (failure)
+ */
+int tdb_validate_and_backup(const char *tdb_path,
+ tdb_validate_data_func validate_fn)
+{
+ int ret = -1;
+ const char *backup_suffix = ".bak";
+ const char *corrupt_suffix = ".corrupt";
+ const char *rotate_suffix = ".old";
+ char *tdb_path_backup;
+ struct stat st;
+ TALLOC_CTX *ctx = NULL;
+
+ ctx = talloc_new(NULL);
+ if (ctx == NULL) {
+ DEBUG(0, ("tdb_validate_and_backup: out of memory\n"));
+ goto done;
+ }
+
+ tdb_path_backup = talloc_asprintf(ctx, "%s%s", tdb_path, backup_suffix);
+ if (!tdb_path_backup) {
+ DEBUG(0, ("tdb_validate_and_backup: out of memory\n"));
+ goto done;
+ }
+
+ ret = tdb_validate_open(tdb_path, validate_fn);
+
+ if (ret == 0) {
+ DEBUG(1, ("tdb '%s' is valid\n", tdb_path));
+ ret = tdb_backup_with_rotate(ctx, tdb_path, tdb_path_backup, 0,
+ rotate_suffix, True, False);
+ if (ret != 0) {
+ DEBUG(1, ("Error creating backup of tdb '%s'\n",
+ tdb_path));
+ /* the actual validation was successful: */
+ ret = 0;
+ } else {
+ DEBUG(1, ("Created backup '%s' of tdb '%s'\n",
+ tdb_path_backup, tdb_path));
+ }
+ } else {
+ DEBUG(1, ("tdb '%s' is invalid\n", tdb_path));
+
+ ret =stat(tdb_path_backup, &st);
+ if (ret != 0) {
+ DEBUG(5, ("Could not stat '%s': %s\n", tdb_path_backup,
+ strerror(errno)));
+ DEBUG(1, ("No backup found.\n"));
+ } else {
+ DEBUG(1, ("backup '%s' found.\n", tdb_path_backup));
+ ret = tdb_validate_open(tdb_path_backup, validate_fn);
+ if (ret != 0) {
+ DEBUG(1, ("Backup '%s' is invalid.\n",
+ tdb_path_backup));
+ }
+ }
+
+ if (ret != 0) {
+ int renamed = rename_file_with_suffix(ctx, tdb_path,
+ corrupt_suffix);
+ if (renamed != 0) {
+ DEBUG(1, ("Error moving tdb to '%s%s'\n",
+ tdb_path, corrupt_suffix));
+ } else {
+ DEBUG(1, ("Corrupt tdb stored as '%s%s'\n",
+ tdb_path, corrupt_suffix));
+ }
+ goto done;
+ }
+
+ DEBUG(1, ("valid backup '%s' found\n", tdb_path_backup));
+ ret = tdb_backup_with_rotate(ctx, tdb_path_backup, tdb_path, 0,
+ corrupt_suffix, True, True);
+ if (ret != 0) {
+ DEBUG(1, ("Error restoring backup from '%s'\n",
+ tdb_path_backup));
+ } else {
+ DEBUG(1, ("Restored tdb backup from '%s'\n",
+ tdb_path_backup));
+ }
+ }
+
+done:
+ TALLOC_FREE(ctx);
+ return ret;
+}
diff --git a/source3/lib/tdb_validate.h b/source3/lib/tdb_validate.h
new file mode 100644
index 0000000..3e7c20d
--- /dev/null
+++ b/source3/lib/tdb_validate.h
@@ -0,0 +1,79 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * A general tdb content validation mechanism
+ *
+ * Copyright (C) Michael Adam 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __TDB_VALIDATE_H__
+#define __TDB_VALIDATE_H__
+
+#include "lib/replace/replace.h"
+#include <tdb.h>
+
+/**
+ * Flag field for keeping track of the status of a validation.
+ */
+struct tdb_validation_status {
+ bool tdb_error;
+ bool bad_freelist;
+ bool bad_entry;
+ bool unknown_key;
+ bool success;
+};
+
+/**
+ * Callback function type for the validation mechanism.
+ */
+typedef int (*tdb_validate_data_func)(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
+ TDB_DATA dbuf, void *state);
+
+/**
+ * tdb validation function.
+ * returns 0 if tdb is ok, != 0 if it isn't.
+ * this function expects an opened tdb.
+ */
+int tdb_validate(struct tdb_context *tdb,
+ tdb_validate_data_func validate_fn);
+
+/**
+ * tdb validation function.
+ * returns 0 if tdb is ok, != 0 if it isn't.
+ * This is a wrapper around the actual validation function that
+ * opens and closes the tdb.
+ */
+int tdb_validate_open(const char *tdb_path,
+ tdb_validate_data_func validate_fn);
+
+/**
+ * validation function with backup handling:
+ *
+ * - calls tdb_validate
+ * - if the tdb is ok, create a backup "name.bak", possibly moving
+ * existing backup to name.bak.old,
+ * return 0 (success) even if the backup fails
+ * - if the tdb is corrupt:
+ * - move the tdb to "name.corrupt"
+ * - check if there is valid backup.
+ * if so, restore the backup.
+ * if restore is successful, return 0 (success),
+ * - otherwise return -1 (failure)
+ */
+int tdb_validate_and_backup(const char *tdb_path,
+ tdb_validate_data_func validate_fn);
+
+#endif /* __TDB_VALIDATE_H__ */
diff --git a/source3/lib/test_adouble.c b/source3/lib/test_adouble.c
new file mode 100644
index 0000000..615c224
--- /dev/null
+++ b/source3/lib/test_adouble.c
@@ -0,0 +1,389 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2021 Ralph Boehme <slow@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "adouble.c"
+#include <cmocka.h>
+
+static int setup_talloc_context(void **state)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ *state = frame;
+ return 0;
+}
+
+static int teardown_talloc_context(void **state)
+{
+ TALLOC_CTX *frame = *state;
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/*
+ * Basic and sane buffer.
+ */
+static uint8_t ad_basic[] = {
+ 0x00, 0x05, 0x16, 0x07, /* Magic */
+ 0x00, 0x02, 0x00, 0x00, /* Version */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x02, /* Count */
+ /* adentry 1: FinderInfo */
+ 0x00, 0x00, 0x00, 0x09, /* eid: FinderInfo */
+ 0x00, 0x00, 0x00, 0x32, /* offset */
+ 0x00, 0x00, 0x00, 0x20, /* length */
+ /* adentry 2: Resourcefork */
+ 0x00, 0x00, 0x00, 0x02, /* eid: Resourcefork */
+ 0x00, 0x00, 0x00, 0x52, /* offset */
+ 0xff, 0xff, 0xff, 0x00, /* length */
+ /* FinderInfo data: 32 bytes */
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+/*
+ * An empty FinderInfo entry.
+ */
+static uint8_t ad_finderinfo1[] = {
+ 0x00, 0x05, 0x16, 0x07, /* Magic */
+ 0x00, 0x02, 0x00, 0x00, /* Version */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x02, /* Count */
+ /* adentry 1: FinderInfo */
+ 0x00, 0x00, 0x00, 0x09, /* eid: FinderInfo */
+ 0x00, 0x00, 0x00, 0x52, /* off: points at end of buffer */
+ 0x00, 0x00, 0x00, 0x00, /* len: 0, so off+len don't exceed bufferlen */
+ /* adentry 2: Resourcefork */
+ 0x00, 0x00, 0x00, 0x02, /* eid: Resourcefork */
+ 0x00, 0x00, 0x00, 0x52, /* offset */
+ 0xff, 0xff, 0xff, 0x00, /* length */
+ /* FinderInfo data: 32 bytes */
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+/*
+ * A dangerous FinderInfo with correct length exceeding buffer by one byte.
+ */
+static uint8_t ad_finderinfo2[] = {
+ 0x00, 0x05, 0x16, 0x07, /* Magic */
+ 0x00, 0x02, 0x00, 0x00, /* Version */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x02, /* Count */
+ /* adentry 1: FinderInfo */
+ 0x00, 0x00, 0x00, 0x09, /* eid: FinderInfo */
+ 0x00, 0x00, 0x00, 0x33, /* off: points at beginng of data + 1 */
+ 0x00, 0x00, 0x00, 0x20, /* len: 32, so off+len exceeds bufferlen by 1 */
+ /* adentry 2: Resourcefork */
+ 0x00, 0x00, 0x00, 0x02, /* eid: Resourcefork */
+ 0x00, 0x00, 0x00, 0x52, /* offset */
+ 0xff, 0xff, 0xff, 0x00, /* length */
+ /* FinderInfo data: 32 bytes */
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+static uint8_t ad_finderinfo3[] = {
+ 0x00, 0x05, 0x16, 0x07, /* Magic */
+ 0x00, 0x02, 0x00, 0x00, /* Version */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x02, /* Count */
+ /* adentry 1: FinderInfo */
+ 0x00, 0x00, 0x00, 0x09, /* eid: FinderInfo */
+ 0x00, 0x00, 0x00, 0x33, /* off: points at beginng of data + 1 */
+ 0x00, 0x00, 0x00, 0x1f, /* len: 31, so off+len don't exceed buf */
+ /* adentry 2: Resourcefork */
+ 0x00, 0x00, 0x00, 0x02, /* eid: Resourcefork */
+ 0x00, 0x00, 0x00, 0x52, /* offset */
+ 0xff, 0xff, 0xff, 0x00, /* length */
+ /* FinderInfo data: 32 bytes */
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+/*
+ * A dangerous name entry.
+ */
+static uint8_t ad_name[] = {
+ 0x00, 0x05, 0x16, 0x07, /* Magic */
+ 0x00, 0x02, 0x00, 0x00, /* Version */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x02, /* Count */
+ /* adentry 1: FinderInfo */
+ 0x00, 0x00, 0x00, 0x09, /* eid: FinderInfo */
+ 0x00, 0x00, 0x00, 0x32, /* offset */
+ 0x00, 0x00, 0x00, 0x20, /* length */
+ /* adentry 2: Name */
+ 0x00, 0x00, 0x00, 0x03, /* eid: Name */
+ 0x00, 0x00, 0x00, 0x52, /* off: points at end of buffer */
+ 0x00, 0x00, 0x00, 0x01, /* len: 1, so off+len exceeds bufferlen */
+ /* FinderInfo data: 32 bytes */
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+/*
+ * A empty ADEID_FILEDATESI entry.
+ */
+static uint8_t ad_date1[] = {
+ 0x00, 0x05, 0x16, 0x07, /* Magic */
+ 0x00, 0x02, 0x00, 0x00, /* Version */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x02, /* Count */
+ /* adentry 1: FinderInfo */
+ 0x00, 0x00, 0x00, 0x09, /* eid: FinderInfo */
+ 0x00, 0x00, 0x00, 0x32, /* offset */
+ 0x00, 0x00, 0x00, 0x20, /* length */
+ /* adentry 2: Dates */
+ 0x00, 0x00, 0x00, 0x08, /* eid: dates */
+ 0x00, 0x00, 0x00, 0x52, /* off: end of buffer */
+ 0x00, 0x00, 0x00, 0x00, /* len: 0, empty entry, valid */
+ /* FinderInfo data: 32 bytes */
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+/*
+ * A dangerous ADEID_FILEDATESI entry, invalid length.
+ */
+static uint8_t ad_date2[] = {
+ 0x00, 0x05, 0x16, 0x07, /* Magic */
+ 0x00, 0x02, 0x00, 0x00, /* Version */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x00, 0x00, 0x00, /* Filler */
+ 0x00, 0x02, /* Count */
+ /* adentry 1: FinderInfo */
+ 0x00, 0x00, 0x00, 0x09, /* eid: FinderInfo */
+ 0x00, 0x00, 0x00, 0x32, /* offset */
+ 0x00, 0x00, 0x00, 0x20, /* length */
+ /* adentry 2: Dates */
+ 0x00, 0x00, 0x00, 0x08, /* eid: dates */
+ 0x00, 0x00, 0x00, 0x43, /* off: FinderInfo buf but one byte short */
+ 0x00, 0x00, 0x00, 0x0f, /* len: 15, so off+len don't exceed bufferlen */
+ /* FinderInfo data: 32 bytes */
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+};
+
+static struct adouble *parse_adouble(TALLOC_CTX *mem_ctx,
+ uint8_t *adbuf,
+ size_t adsize,
+ off_t filesize)
+{
+ struct adouble *ad = NULL;
+ bool ok;
+
+ ad = talloc_zero(mem_ctx, struct adouble);
+ ad->ad_data = talloc_zero_size(ad, adsize);
+ assert_non_null(ad);
+
+ memcpy(ad->ad_data, adbuf, adsize);
+
+ ok = ad_unpack(ad, 2, filesize);
+ if (!ok) {
+ return NULL;
+ }
+
+ return ad;
+}
+
+static void parse_abouble_basic(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ struct adouble *ad = NULL;
+ char *p = NULL;
+
+ ad = parse_adouble(frame, ad_basic, sizeof(ad_basic), 0xffffff52);
+ assert_non_null(ad);
+
+ p = ad_get_entry(ad, ADEID_FINDERI);
+ assert_non_null(p);
+
+ return;
+}
+
+static void parse_abouble_finderinfo1(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ struct adouble *ad = NULL;
+ char *p = NULL;
+
+ ad = parse_adouble(frame,
+ ad_finderinfo1,
+ sizeof(ad_finderinfo1),
+ 0xffffff52);
+ assert_non_null(ad);
+
+ p = ad_get_entry(ad, ADEID_FINDERI);
+ assert_null(p);
+
+ return;
+}
+
+static void parse_abouble_finderinfo2(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ struct adouble *ad = NULL;
+
+ ad = parse_adouble(frame,
+ ad_finderinfo2,
+ sizeof(ad_finderinfo2),
+ 0xffffff52);
+ assert_null(ad);
+
+ return;
+}
+
+static void parse_abouble_finderinfo3(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ struct adouble *ad = NULL;
+
+ ad = parse_adouble(frame,
+ ad_finderinfo3,
+ sizeof(ad_finderinfo3),
+ 0xffffff52);
+ assert_null(ad);
+
+ return;
+}
+
+static void parse_abouble_name(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ struct adouble *ad = NULL;
+
+ ad = parse_adouble(frame, ad_name, sizeof(ad_name), 0x52);
+ assert_null(ad);
+
+ return;
+}
+
+static void parse_abouble_date1(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ struct adouble *ad = NULL;
+ char *p = NULL;
+
+ ad = parse_adouble(frame, ad_date1, sizeof(ad_date1), 0x52);
+ assert_non_null(ad);
+
+ p = ad_get_entry(ad, ADEID_FILEDATESI);
+ assert_null(p);
+
+ return;
+}
+
+static void parse_abouble_date2(void **state)
+{
+ TALLOC_CTX *frame = *state;
+ struct adouble *ad = NULL;
+
+ ad = parse_adouble(frame, ad_date2, sizeof(ad_date2), 0x52);
+ assert_null(ad);
+
+ return;
+}
+
+int main(int argc, char *argv[])
+{
+ int rc;
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(parse_abouble_basic),
+ cmocka_unit_test(parse_abouble_finderinfo1),
+ cmocka_unit_test(parse_abouble_finderinfo2),
+ cmocka_unit_test(parse_abouble_finderinfo3),
+ cmocka_unit_test(parse_abouble_name),
+ cmocka_unit_test(parse_abouble_date1),
+ cmocka_unit_test(parse_abouble_date2),
+ };
+
+ if (argc == 2) {
+ cmocka_set_test_filter(argv[1]);
+ }
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+ rc = cmocka_run_group_tests(tests,
+ setup_talloc_context,
+ teardown_talloc_context);
+
+ return rc;
+}
diff --git a/source3/lib/test_tldap.c b/source3/lib/test_tldap.c
new file mode 100644
index 0000000..659c5a7
--- /dev/null
+++ b/source3/lib/test_tldap.c
@@ -0,0 +1,63 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Test suite for ldap client
+ *
+ * Copyright (C) 2018 Andreas Schneider <asn@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include "source3/lib/tldap.c"
+
+static void test_tldap_unescape_ldapv3(void **state)
+{
+ const char *unescaped_dn = "(&(objectclass=group)(cn=Samba*))";
+ char dn[] = "\\28&\\28objectclass=group\\29\\28cn=Samba\\2a\\29\\29";
+ size_t dnlen = sizeof(dn);
+ bool ok;
+
+ ok = tldap_unescape_inplace(dn, &dnlen);
+ assert_true(ok);
+
+ assert_string_equal(dn, unescaped_dn);
+}
+
+static void test_tldap_unescape_ldapv2(void **state)
+{
+ const char *unescaped_dn = "(&(objectclass=group)(cn=Samba*))";
+ char dn[] = "\\(&\\(objectclass=group\\)\\(cn=Samba\\*\\)\\)";
+ size_t dnlen = sizeof(dn);
+ bool ok;
+
+ ok = tldap_unescape_inplace(dn, &dnlen);
+ assert_true(ok);
+
+ assert_string_equal(dn, unescaped_dn);
+}
+
+int main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_tldap_unescape_ldapv3),
+ cmocka_unit_test(test_tldap_unescape_ldapv2)
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/source3/lib/tevent_barrier.c b/source3/lib/tevent_barrier.c
new file mode 100644
index 0000000..0fc0a31
--- /dev/null
+++ b/source3/lib/tevent_barrier.c
@@ -0,0 +1,192 @@
+/*
+ Unix SMB/CIFS implementation.
+ Implement a barrier
+ Copyright (C) Volker Lendecke 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "tevent_barrier.h"
+#include "lib/util/tevent_unix.h"
+
+struct tevent_barrier_waiter {
+ struct tevent_immediate *im;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+};
+
+struct tevent_barrier {
+ unsigned count;
+ struct tevent_barrier_waiter *waiters;
+ void (*trigger_cb)(void *private_data);
+ void *private_data;
+};
+
+static int tevent_barrier_destructor(struct tevent_barrier *b);
+static void tevent_barrier_release(struct tevent_barrier *b);
+static void tevent_barrier_release_one(struct tevent_context *ctx,
+ struct tevent_immediate *im,
+ void *private_data);
+static void tevent_barrier_release_trigger(struct tevent_context *ctx,
+ struct tevent_immediate *im,
+ void *private_data);
+
+struct tevent_barrier *tevent_barrier_init(
+ TALLOC_CTX *mem_ctx, unsigned count,
+ void (*trigger_cb)(void *private_data), void *private_data)
+{
+ struct tevent_barrier *b;
+ unsigned i;
+
+ if (count == 0) {
+ return NULL;
+ }
+
+ b = talloc(mem_ctx, struct tevent_barrier);
+ if (b == NULL) {
+ return NULL;
+ }
+ b->count = 0;
+ b->trigger_cb = trigger_cb;
+ b->private_data = private_data;
+
+ b->waiters = talloc_array(b, struct tevent_barrier_waiter, count);
+ if (b->waiters == NULL) {
+ goto fail;
+ }
+ for (i=0; i<count; i++) {
+ struct tevent_barrier_waiter *w = &b->waiters[i];
+
+ w->im = tevent_create_immediate(b->waiters);
+ if (w->im == NULL) {
+ goto fail;
+ }
+ w->req = NULL;
+ }
+ talloc_set_destructor(b, tevent_barrier_destructor);
+ return b;
+fail:
+ TALLOC_FREE(b);
+ return NULL;
+}
+
+static int tevent_barrier_destructor(struct tevent_barrier *b)
+{
+ tevent_barrier_release(b);
+ return 0;
+}
+
+struct tevent_barrier_wait_state {
+ struct tevent_barrier *b;
+ int index;
+};
+
+static void tevent_barrier_release(struct tevent_barrier *b)
+{
+ unsigned i;
+
+ for (i=0; i<b->count; i++) {
+ struct tevent_barrier_waiter *w = &b->waiters[i];
+ struct tevent_barrier_wait_state *state;
+
+ if (w->req == NULL) {
+ continue;
+ }
+ tevent_schedule_immediate(
+ w->im, w->ev, tevent_barrier_release_one, w->req);
+
+ state = tevent_req_data(
+ w->req, struct tevent_barrier_wait_state);
+ talloc_set_destructor(state, NULL);
+
+ w->req = NULL;
+ w->ev = NULL;
+ }
+ b->count = 0;
+ if (b->trigger_cb != NULL) {
+ b->trigger_cb(b->private_data);
+ }
+}
+
+static void tevent_barrier_release_one(struct tevent_context *ctx,
+ struct tevent_immediate *im,
+ void *private_data)
+{
+ struct tevent_req *req = talloc_get_type_abort(
+ private_data, struct tevent_req);
+ tevent_req_done(req);
+}
+
+static int tevent_barrier_wait_state_destructor(
+ struct tevent_barrier_wait_state *s);
+
+struct tevent_req *tevent_barrier_wait_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tevent_barrier *b)
+{
+ struct tevent_req *req;
+ struct tevent_barrier_wait_state *state;
+ struct tevent_barrier_waiter *w;
+ struct tevent_immediate *im;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tevent_barrier_wait_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->b = b;
+ state->index = b->count;
+
+ w = &b->waiters[b->count];
+ w->ev = ev;
+ w->req = req;
+ b->count += 1;
+
+ talloc_set_destructor(state, tevent_barrier_wait_state_destructor);
+
+ if (b->count < talloc_array_length(b->waiters)) {
+ return req;
+ }
+
+ im = tevent_create_immediate(req);
+ if (tevent_req_nomem(im, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_schedule_immediate(im, ev, tevent_barrier_release_trigger, b);
+ return req;
+}
+
+static int tevent_barrier_wait_state_destructor(
+ struct tevent_barrier_wait_state *s)
+{
+ struct tevent_barrier *b = s->b;
+ b->waiters[s->index].req = b->waiters[b->count-1].req;
+ b->count -= 1;
+ return 0;
+}
+
+static void tevent_barrier_release_trigger(struct tevent_context *ctx,
+ struct tevent_immediate *im,
+ void *private_data)
+{
+ struct tevent_barrier *b = talloc_get_type_abort(
+ private_data, struct tevent_barrier);
+ tevent_barrier_release(b);
+}
+
+int tevent_barrier_wait_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_unix(req);
+}
diff --git a/source3/lib/tevent_barrier.h b/source3/lib/tevent_barrier.h
new file mode 100644
index 0000000..2b35852
--- /dev/null
+++ b/source3/lib/tevent_barrier.h
@@ -0,0 +1,37 @@
+/*
+ Unix SMB/CIFS implementation.
+ Implement a barrier
+ Copyright (C) Volker Lendecke 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _TEVENT_BARRIER_H
+#define _TEVENT_BARRIER_H
+
+#include "talloc.h"
+#include "tevent.h"
+
+struct tevent_barrier;
+
+struct tevent_barrier *tevent_barrier_init(
+ TALLOC_CTX *mem_ctx, unsigned count,
+ void (*trigger_cb)(void *private_data), void *private_data);
+
+struct tevent_req *tevent_barrier_wait_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tevent_barrier *b);
+int tevent_barrier_wait_recv(struct tevent_req *req);
+
+#endif /* _TEVENT_BARRIER_H */
diff --git a/source3/lib/tevent_glib_glue.c b/source3/lib/tevent_glib_glue.c
new file mode 100644
index 0000000..3be08fc
--- /dev/null
+++ b/source3/lib/tevent_glib_glue.c
@@ -0,0 +1,881 @@
+/*
+ Unix SMB/CIFS implementation.
+ Integration of a glib g_main_context into a tevent_context
+ Copyright (C) Stefan Metzmacher 2016
+ Copyright (C) Ralph Boehme 2016
+
+ ** NOTE! The following LGPL license applies to the tevent
+ ** library. This does NOT imply that all of Samba is released
+ ** under the LGPL
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "system/filesys.h"
+#include "lib/util/debug.h"
+#include "lib/util/select.h"
+#include <tevent.h>
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_TEVENT
+
+#ifdef HAVE_GLIB
+#include <glib.h>
+#include "tevent_glib_glue.h"
+
+struct fd_map {
+ struct tevent_glib_glue *glue;
+ int fd;
+ struct tevent_fd *fd_event;
+};
+
+struct tevent_glib_glue {
+ /*
+ * The tevent context we're feeding.
+ */
+ struct tevent_context *ev;
+
+ /*
+ * The glib gmain context we're polling and whether we're currently
+ * owning it by virtue of g_main_context_acquire().
+ */
+ GMainContext *gmain_ctx;
+ bool gmain_owner;
+
+ /*
+ * Set by samba_tevent_glib_glue_quit().
+ */
+ bool quit;
+
+ /*
+ * tevent trace callback and data we got from tevent_get_trace_callback()
+ * before installing our own trace callback.
+ */
+ tevent_trace_callback_t prev_tevent_trace_cb;
+ void *prev_tevent_trace_data;
+
+ /*
+ * Don't call tevent_glib_prepare() in the tevent tracepoint handler if
+ * explicitly told so. This is an optimisation for the case that glib
+ * event sources are created from glib event callbacks.
+ */
+ bool skip_glib_refresh;
+
+ /*
+ * Used when acquiring the glib gmain context failed.
+ */
+ struct tevent_timer *acquire_retry_timer;
+
+ /*
+ * glib gmain context timeout and priority for the current event look
+ * iteration. gtimeout is translated to a tevent timer event, unless it
+ * is 0 which signals some event source is pending. In that case we
+ * dispatch an immediate event. gpriority is ignored by us, just passed
+ * to the glib relevant functions.
+ */
+ gint gtimeout;
+ gint gpriority;
+ struct tevent_timer *timer;
+ struct tevent_immediate *im;
+ bool scheduled_im;
+
+ /*
+ * glib gmain context fds returned from g_main_context_query(). These
+ * get translated to tevent fd events.
+ */
+ GPollFD *gpollfds;
+ gint num_gpollfds;
+
+ /*
+ * A copy of gpollfds and num_gpollfds from the previous event loop
+ * iteration, used to detect changes in the set of fds.
+ */
+ GPollFD *prev_gpollfds;
+ gint num_prev_gpollfds;
+
+ /*
+ * An array of pointers to fd_map's. The fd_map'd contain the tevent
+ * event fd as well as a pointer to the corresponding glib GPollFD.
+ */
+ struct fd_map **fd_map;
+ size_t num_maps;
+};
+
+static bool tevent_glib_prepare(struct tevent_glib_glue *glue);
+static bool tevent_glib_process(struct tevent_glib_glue *glue);
+static bool tevent_glib_glue_reinit(struct tevent_glib_glue *glue);
+static void tevent_glib_fd_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data);
+
+typedef int (*gfds_cmp_cb)(const void *fd1, const void *fd2);
+typedef bool (*gfds_found_cb)(struct tevent_glib_glue *glue,
+ const GPollFD *new,
+ const GPollFD *old);
+typedef bool (*gfds_new_cb)(struct tevent_glib_glue *glue,
+ const GPollFD *fd);
+typedef bool (*gfds_removed_cb)(struct tevent_glib_glue *glue,
+ const GPollFD *fd);
+
+/**
+ * Compare two sorted GPollFD arrays
+ *
+ * For every element that exists in gfds and prev_gfds found_fn() is called.
+ * For every element in gfds but not in prev_gfds, new_fn() is called.
+ * For every element in prev_gfds but not in gfds removed_fn() is called.
+ **/
+static bool cmp_gfds(struct tevent_glib_glue *glue,
+ GPollFD *gfds,
+ GPollFD *prev_gfds,
+ size_t num_gfds,
+ size_t num_prev_gfds,
+ gfds_cmp_cb cmp_cb,
+ gfds_found_cb found_cb,
+ gfds_new_cb new_cb,
+ gfds_removed_cb removed_cb)
+{
+ bool ok;
+ size_t i = 0, j = 0;
+ int cmp;
+
+ while (i < num_gfds && j < num_prev_gfds) {
+ cmp = cmp_cb(&gfds[i], &prev_gfds[j]);
+ if (cmp == 0) {
+ ok = found_cb(glue, &gfds[i], &prev_gfds[j]);
+ if (!ok) {
+ return false;
+ }
+ i++;
+ j++;
+ } else if (cmp < 0) {
+ ok = new_cb(glue, &gfds[i]);
+ if (!ok) {
+ return false;
+ }
+ i++;
+ } else {
+ ok = removed_cb(glue, &prev_gfds[j]);
+ if (!ok) {
+ return false;
+ }
+ j++;
+ }
+ }
+
+ while (i < num_gfds) {
+ ok = new_cb(glue, &gfds[i++]);
+ if (!ok) {
+ return false;
+ }
+ }
+
+ while (j < num_prev_gfds) {
+ ok = removed_cb(glue, &prev_gfds[j++]);
+ if (!ok) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+static int glib_fd_cmp_func(const void *p1, const void *p2)
+{
+ const GPollFD *lhs = p1;
+ const GPollFD *rhs = p2;
+
+ if (lhs->fd < rhs->fd) {
+ return -1;
+ } else if (lhs->fd > rhs->fd) {
+ return 1;
+ }
+
+ return 0;
+}
+
+/*
+ * We already have a tevent fd event for the glib GPollFD, but we may have to
+ * update flags.
+ */
+static bool match_gfd_cb(struct tevent_glib_glue *glue,
+ const GPollFD *new_gfd,
+ const GPollFD *old_gfd)
+{
+ size_t i;
+ struct fd_map *fd_map = NULL;
+ struct tevent_fd *fd_event = NULL;
+
+ if (new_gfd->events == old_gfd->events) {
+ return true;
+ }
+
+ for (i = 0; i < glue->num_maps; i++) {
+ if (glue->fd_map[i]->fd == new_gfd->fd) {
+ break;
+ }
+ }
+
+ if (i == glue->num_maps) {
+ DBG_ERR("match_gfd_cb: glib fd %d not in map\n", new_gfd->fd);
+ return false;
+ }
+
+ fd_map = glue->fd_map[i];
+ if (fd_map == NULL) {
+ DBG_ERR("fd_map for fd %d is NULL\n", new_gfd->fd);
+ return false;
+ }
+
+ fd_event = fd_map->fd_event;
+ if (fd_event == NULL) {
+ DBG_ERR("fd_event for fd %d is NULL\n", new_gfd->fd);
+ return false;
+ }
+
+ tevent_fd_set_flags(fd_event, 0);
+
+ if (new_gfd->events & (G_IO_IN | G_IO_HUP | G_IO_ERR)) {
+ TEVENT_FD_READABLE(fd_event);
+ }
+ if (new_gfd->events & G_IO_OUT) {
+ TEVENT_FD_WRITEABLE(fd_event);
+ }
+
+ return true;
+}
+
+static bool new_gfd_cb(struct tevent_glib_glue *glue, const GPollFD *gfd)
+{
+ struct tevent_fd *fd_event = NULL;
+ struct fd_map *fd_map = NULL;
+ uint16_t events = 0;
+ bool revent;
+ bool wevent;
+
+ revent = (gfd->events & (G_IO_IN | G_IO_HUP | G_IO_ERR));
+ wevent = (gfd->events & G_IO_OUT);
+ if (revent) {
+ events |= TEVENT_FD_READ;
+ }
+ if (wevent) {
+ events |= TEVENT_FD_WRITE;
+ }
+
+ glue->fd_map = talloc_realloc(glue,
+ glue->fd_map,
+ struct fd_map *,
+ glue->num_maps + 1);
+ if (glue->fd_map == NULL) {
+ DBG_ERR("talloc_realloc failed\n");
+ return false;
+ }
+ fd_map = talloc_zero(glue->fd_map, struct fd_map);
+ if (fd_map == NULL) {
+ DBG_ERR("talloc_realloc failed\n");
+ return false;
+ }
+ glue->fd_map[glue->num_maps] = fd_map;
+ glue->num_maps++;
+
+ fd_event = tevent_add_fd(glue->ev,
+ glue->fd_map,
+ gfd->fd,
+ events,
+ tevent_glib_fd_handler,
+ fd_map);
+ if (fd_event == NULL) {
+ DBG_ERR("tevent_add_fd failed\n");
+ return false;
+ }
+
+ *fd_map = (struct fd_map) {
+ .glue = glue,
+ .fd = gfd->fd,
+ .fd_event = fd_event,
+ };
+
+ DBG_DEBUG("added tevent_fd for glib fd %d\n", gfd->fd);
+
+ return true;
+}
+
+static bool remove_gfd_cb(struct tevent_glib_glue *glue, const GPollFD *gfd)
+{
+ size_t i;
+
+ for (i = 0; i < glue->num_maps; i++) {
+ if (glue->fd_map[i]->fd == gfd->fd) {
+ break;
+ }
+ }
+
+ if (i == glue->num_maps) {
+ DBG_ERR("remove_gfd_cb: glib fd %d not in map\n", gfd->fd);
+ return false;
+ }
+
+ TALLOC_FREE(glue->fd_map[i]->fd_event);
+ TALLOC_FREE(glue->fd_map[i]);
+
+ if (i + 1 < glue->num_maps) {
+ memmove(&glue->fd_map[i],
+ &glue->fd_map[i+1],
+ (glue->num_maps - (i + 1)) * sizeof(struct fd_map *));
+ }
+
+ glue->fd_map = talloc_realloc(glue,
+ glue->fd_map,
+ struct fd_map *,
+ glue->num_maps - 1);
+ if (glue->num_maps > 0 && glue->fd_map == NULL) {
+ DBG_ERR("talloc_realloc failed\n");
+ return false;
+ }
+ glue->num_maps--;
+
+ return true;
+}
+
+static short gpoll_to_poll_event(gushort gevent)
+{
+ short pevent = 0;
+
+ if (gevent & G_IO_IN) {
+ pevent |= POLLIN;
+ }
+ if (gevent & G_IO_OUT) {
+ pevent |= POLLOUT;
+ }
+ if (gevent & G_IO_HUP) {
+ pevent |= POLLHUP;
+ }
+ if (gevent & G_IO_ERR) {
+ pevent |= POLLERR;
+ }
+
+ return pevent;
+}
+
+static gushort poll_to_gpoll_event(short pevent)
+{
+ gushort gevent = 0;
+
+ if (pevent & POLLIN) {
+ gevent |= G_IO_IN;
+ }
+ if (pevent & POLLOUT) {
+ gevent |= G_IO_OUT;
+ }
+ if (pevent & POLLHUP) {
+ gevent |= G_IO_HUP;
+ }
+ if (pevent & POLLERR) {
+ gevent |= G_IO_ERR;
+ }
+
+ return gevent;
+}
+
+static void tevent_glib_fd_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data)
+{
+ struct fd_map *fd_map = talloc_get_type_abort(
+ private_data, struct fd_map);
+ struct tevent_glib_glue *glue = NULL;
+ GPollFD *gpollfd = NULL;
+ struct pollfd fd;
+ int ret;
+ int i;
+
+ glue = fd_map->glue;
+
+ for (i = 0; i < glue->num_gpollfds; i++) {
+ if (glue->gpollfds[i].fd != fd_map->fd) {
+ continue;
+ }
+ gpollfd = &glue->gpollfds[i];
+ break;
+ }
+ if (gpollfd == NULL) {
+ DBG_ERR("No gpollfd for fd_map [%p] fd [%d]\n",
+ fd_map, fd_map->fd);
+ return;
+ }
+ /*
+ * We have to poll() the fd to get the correct fd event for glib. tevent
+ * only tells us about readable/writable in flags, but we need the full
+ * glory for glib.
+ */
+
+ fd = (struct pollfd) {
+ .fd = gpollfd->fd,
+ .events = gpoll_to_poll_event(gpollfd->events),
+ };
+
+ ret = sys_poll_intr(&fd, 1, 0);
+ if (ret == -1) {
+ DBG_ERR("poll: %s\n", strerror(errno));
+ return;
+ }
+ if (ret == 0) {
+ return;
+ }
+
+ gpollfd->revents = poll_to_gpoll_event(fd.revents);
+
+ tevent_glib_process(glue);
+ return;
+}
+
+static void tevent_glib_timer_handler(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval current_time,
+ void *private_data)
+{
+ struct tevent_glib_glue *glue = talloc_get_type_abort(
+ private_data, struct tevent_glib_glue);
+
+ glue->timer = NULL;
+ tevent_glib_process(glue);
+ return;
+}
+
+static void tevent_glib_im_handler(struct tevent_context *ev,
+ struct tevent_immediate *im,
+ void *private_data)
+{
+ struct tevent_glib_glue *glue = talloc_get_type_abort(
+ private_data, struct tevent_glib_glue);
+
+ glue->scheduled_im = false;
+ tevent_glib_process(glue);
+ return;
+}
+
+static bool save_current_fdset(struct tevent_glib_glue *glue)
+{
+ /*
+ * Save old glib fds. We only grow the prev array.
+ */
+
+ if (glue->num_prev_gpollfds < glue->num_gpollfds) {
+ glue->prev_gpollfds = talloc_realloc(glue,
+ glue->prev_gpollfds,
+ GPollFD,
+ glue->num_gpollfds);
+ if (glue->prev_gpollfds == NULL) {
+ DBG_ERR("talloc_realloc failed\n");
+ return false;
+ }
+ }
+ glue->num_prev_gpollfds = glue->num_gpollfds;
+ if (glue->num_gpollfds > 0) {
+ memcpy(glue->prev_gpollfds, glue->gpollfds,
+ sizeof(GPollFD) * glue->num_gpollfds);
+ memset(glue->gpollfds, 0, sizeof(GPollFD) * glue->num_gpollfds);
+ }
+
+ return true;
+}
+
+static bool get_glib_fds_and_timeout(struct tevent_glib_glue *glue)
+{
+ bool ok;
+ gint num_fds;
+
+ ok = save_current_fdset(glue);
+ if (!ok) {
+ return false;
+ }
+
+ while (true) {
+ num_fds = g_main_context_query(glue->gmain_ctx,
+ glue->gpriority,
+ &glue->gtimeout,
+ glue->gpollfds,
+ glue->num_gpollfds);
+ if (num_fds == glue->num_gpollfds) {
+ break;
+ }
+ glue->gpollfds = talloc_realloc(glue,
+ glue->gpollfds,
+ GPollFD,
+ num_fds);
+ if (num_fds > 0 && glue->gpollfds == NULL) {
+ DBG_ERR("talloc_realloc failed\n");
+ return false;
+ }
+ glue->num_gpollfds = num_fds;
+ };
+
+ if (glue->num_gpollfds > 0) {
+ qsort(glue->gpollfds,
+ num_fds,
+ sizeof(GPollFD),
+ glib_fd_cmp_func);
+ }
+
+ DBG_DEBUG("num fds: %d, timeout: %d ms\n",
+ num_fds, glue->gtimeout);
+
+ return true;
+}
+
+static bool tevent_glib_update_events(struct tevent_glib_glue *glue)
+{
+ struct timeval tv;
+ bool ok;
+
+ ok = cmp_gfds(glue,
+ glue->gpollfds,
+ glue->prev_gpollfds,
+ glue->num_gpollfds,
+ glue->num_prev_gpollfds,
+ glib_fd_cmp_func,
+ match_gfd_cb,
+ new_gfd_cb,
+ remove_gfd_cb);
+ if (!ok) {
+ return false;
+ }
+
+ TALLOC_FREE(glue->timer);
+
+ if (glue->gtimeout == -1) {
+ return true;
+ }
+
+ if (glue->gtimeout == 0) {
+ /*
+ * glue->gtimeout is 0 if g_main_context_query() returned
+ * timeout=0. That means there are pending events ready to be
+ * dispatched. We only want to run one event handler per loop
+ * iteration, so we schedule an immediate event to run it in the
+ * next iteration.
+ */
+ if (glue->scheduled_im) {
+ return true;
+ }
+ tevent_schedule_immediate(glue->im,
+ glue->ev,
+ tevent_glib_im_handler,
+ glue);
+ glue->scheduled_im = true;
+ return true;
+ }
+
+ tv = tevent_timeval_current_ofs(glue->gtimeout / 1000,
+ (glue->gtimeout % 1000) * 1000);
+
+ glue->timer = tevent_add_timer(glue->ev,
+ glue,
+ tv,
+ tevent_glib_timer_handler,
+ glue);
+ if (glue->timer == NULL) {
+ DBG_ERR("tevent_add_timer failed\n");
+ return false;
+ }
+
+ return true;
+}
+
+static void tevent_glib_retry_timer(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval current_time,
+ void *private_data)
+{
+ struct tevent_glib_glue *glue = talloc_get_type_abort(
+ private_data, struct tevent_glib_glue);
+
+ glue->acquire_retry_timer = NULL;
+ (void)tevent_glib_prepare(glue);
+}
+
+/**
+ * Fetch glib event sources and add them to tevent
+ *
+ * Fetch glib event sources and attach corresponding tevent events to our tevent
+ * context. get_glib_fds_and_timeout() gets the relevant glib event sources: the
+ * set of active fds and the next timer. tevent_glib_update_events() then
+ * translates those to tevent and creates tevent events.
+ *
+ * When called, the thread must NOT be the owner to the glib main
+ * context. tevent_glib_prepare() is either the first function when the
+ * tevent_glib_glue is created, or after tevent_glib_process() has been called
+ * to process pending event, which will have ceased ownership.
+ **/
+static bool tevent_glib_prepare(struct tevent_glib_glue *glue)
+{
+ bool ok;
+ gboolean gok;
+
+ if (glue->quit) {
+ /* Set via samba_tevent_glib_glue_quit() */
+ return true;
+ }
+
+ if (glue->acquire_retry_timer != NULL) {
+ /*
+ * We're still waiting on the below g_main_context_acquire() to
+ * succeed, just return.
+ */
+ return true;
+ }
+
+ if (glue->gmain_owner) {
+ g_main_context_release(glue->gmain_ctx);
+ glue->gmain_owner = false;
+ }
+
+ gok = g_main_context_acquire(glue->gmain_ctx);
+ if (!gok) {
+ DBG_ERR("couldn't acquire g_main_context\n");
+
+ /*
+ * Ensure no tevent event fires while we're not the gmain
+ * context owner. The event handler would call
+ * tevent_glib_process() and that expects being the owner of the
+ * context.
+ */
+ ok = tevent_glib_glue_reinit(glue);
+ if (!ok) {
+ DBG_ERR("tevent_glib_glue_reinit failed\n");
+ samba_tevent_glib_glue_quit(glue);
+ return false;
+ }
+
+ glue->acquire_retry_timer = tevent_add_timer(
+ glue->ev,
+ glue,
+ tevent_timeval_current_ofs(0, 1000),
+ tevent_glib_retry_timer,
+ glue);
+ if (glue->acquire_retry_timer == NULL) {
+ DBG_ERR("tevent_add_timer failed\n");
+ samba_tevent_glib_glue_quit(glue);
+ return false;
+ }
+ return true;
+ }
+ glue->gmain_owner = true;
+
+ /*
+ * Discard "ready" return value from g_main_context_prepare(). We don't
+ * want to dispatch events here, that's only done in from the tevent loop.
+ */
+ (void)g_main_context_prepare(glue->gmain_ctx, &glue->gpriority);
+
+ ok = get_glib_fds_and_timeout(glue);
+ if (!ok) {
+ DBG_ERR("get_glib_fds_and_timeout failed\n");
+ samba_tevent_glib_glue_quit(glue);
+ return false;
+ }
+
+ ok = tevent_glib_update_events(glue);
+ if (!ok) {
+ DBG_ERR("tevent_glib_update_events failed\n");
+ samba_tevent_glib_glue_quit(glue);
+ return false;
+ }
+
+ return true;
+}
+
+/**
+ * Process pending glib events
+ *
+ * tevent_glib_process() gets called to process pending glib events via
+ * g_main_context_check() and then g_main_context_dispatch().
+ *
+ * After pending event handlers are dispatched, we rearm the glib glue event
+ * handlers in tevent by calling tevent_glib_prepare().
+ *
+ * When tevent_glib_process() is called the thread must own the glib
+ * gmain_ctx. That is achieved by tevent_glib_prepare() being the only function
+ * that acquires context ownership.
+ *
+ * To give other threads that are blocked on g_main_context_acquire(gmain_ctx) a
+ * chance to acquire context ownership (eg needed to attach event sources), we
+ * release context ownership before calling tevent_glib_prepare() which will
+ * acquire it again.
+ */
+static bool tevent_glib_process(struct tevent_glib_glue *glue)
+{
+ bool ok;
+
+ DBG_DEBUG("tevent_glib_process\n");
+
+ /*
+ * Ignore the "sources_ready" return from g_main_context_check(). glib
+ * itself also ignores it in g_main_context_iterate(). In theory only
+ * calling g_main_context_dispatch() if g_main_context_check() returns
+ * true should work, but older glib versions had a bug where
+ * g_main_context_check() returns false even though events are pending.
+ *
+ * https://bugzilla.gnome.org/show_bug.cgi?id=11059
+ */
+ (void)g_main_context_check(glue->gmain_ctx,
+ glue->gpriority,
+ glue->gpollfds,
+ glue->num_gpollfds);
+
+ g_main_context_dispatch(glue->gmain_ctx);
+
+ ok = tevent_glib_prepare(glue);
+ if (!ok) {
+ return false;
+ }
+ glue->skip_glib_refresh = true;
+ return true;
+}
+
+static void tevent_glib_glue_trace_callback(enum tevent_trace_point point,
+ void *private_data)
+{
+ struct tevent_glib_glue *glue = talloc_get_type_abort(
+ private_data, struct tevent_glib_glue);
+
+ if (point == TEVENT_TRACE_AFTER_LOOP_ONCE) {
+ if (!glue->skip_glib_refresh) {
+ tevent_glib_prepare(glue);
+ }
+ glue->skip_glib_refresh = false;
+ }
+
+ /* chain previous handler */
+ if (glue->prev_tevent_trace_cb != NULL) {
+ glue->prev_tevent_trace_cb(point, glue->prev_tevent_trace_data);
+ }
+}
+
+static void tevent_glib_glue_cleanup(struct tevent_glib_glue *glue)
+{
+ size_t n = talloc_array_length(glue->fd_map);
+ size_t i;
+
+ for (i = 0; i < n; i++) {
+ TALLOC_FREE(glue->fd_map[i]->fd_event);
+ TALLOC_FREE(glue->fd_map[i]);
+ }
+
+ tevent_set_trace_callback(glue->ev,
+ glue->prev_tevent_trace_cb,
+ glue->prev_tevent_trace_data);
+ glue->prev_tevent_trace_cb = NULL;
+ glue->prev_tevent_trace_data = NULL;
+
+ TALLOC_FREE(glue->fd_map);
+ glue->num_maps = 0;
+
+ TALLOC_FREE(glue->gpollfds);
+ glue->num_gpollfds = 0;
+
+ TALLOC_FREE(glue->prev_gpollfds);
+ glue->num_prev_gpollfds = 0;
+
+ TALLOC_FREE(glue->timer);
+ TALLOC_FREE(glue->acquire_retry_timer);
+ TALLOC_FREE(glue->im);
+
+ /*
+ * These are not really needed, but let's wipe the slate clean.
+ */
+ glue->skip_glib_refresh = false;
+ glue->gtimeout = 0;
+ glue->gpriority = 0;
+}
+
+static bool tevent_glib_glue_reinit(struct tevent_glib_glue *glue)
+{
+ tevent_glib_glue_cleanup(glue);
+
+ glue->im = tevent_create_immediate(glue);
+ if (glue->im == NULL) {
+ return false;
+ }
+
+ tevent_get_trace_callback(glue->ev,
+ &glue->prev_tevent_trace_cb,
+ &glue->prev_tevent_trace_data);
+ tevent_set_trace_callback(glue->ev,
+ tevent_glib_glue_trace_callback,
+ glue);
+
+ return true;
+}
+
+void samba_tevent_glib_glue_quit(struct tevent_glib_glue *glue)
+{
+ tevent_glib_glue_cleanup(glue);
+ glue->quit = true;
+ return;
+}
+
+struct tevent_glib_glue *samba_tevent_glib_glue_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ GMainContext *gmain_ctx)
+{
+ bool ok;
+ struct tevent_glib_glue *glue = NULL;
+
+ glue = talloc_zero(mem_ctx, struct tevent_glib_glue);
+ if (glue == NULL) {
+ DBG_ERR("talloc_zero failed\n");
+ return NULL;
+ }
+
+ *glue = (struct tevent_glib_glue) {
+ .ev = ev,
+ .gmain_ctx = gmain_ctx,
+ };
+
+ glue->im = tevent_create_immediate(glue);
+
+ tevent_get_trace_callback(glue->ev,
+ &glue->prev_tevent_trace_cb,
+ &glue->prev_tevent_trace_data);
+ tevent_set_trace_callback(glue->ev,
+ tevent_glib_glue_trace_callback,
+ glue);
+
+ ok = tevent_glib_prepare(glue);
+ if (!ok) {
+ TALLOC_FREE(glue);
+ return NULL;
+ }
+
+ return glue;
+}
+
+#else /* HAVE_GLIB */
+
+struct tevent_glib_glue *samba_tevent_glib_glue_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ GMainContext *gmain_ctx)
+{
+ errno = ENOSYS;
+ return NULL;
+}
+
+void samba_tevent_glib_glue_quit(struct tevent_glib_glue *glue)
+{
+ return;
+}
+#endif /* HAVE_GLIB */
diff --git a/source3/lib/tevent_glib_glue.h b/source3/lib/tevent_glib_glue.h
new file mode 100644
index 0000000..0d001fa
--- /dev/null
+++ b/source3/lib/tevent_glib_glue.h
@@ -0,0 +1,68 @@
+/*
+ Unix SMB/CIFS implementation.
+ Poll glib event loop from tevent
+
+ Copyright (C) Ralph Boehme 2016
+
+ ** NOTE! The following LGPL license applies to the tevent
+ ** library. This does NOT imply that all of Samba is released
+ ** under the LGPL
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _TEVENT_GLIB_GLUE_H
+#define _TEVENT_GLIB_GLUE_H
+
+#include <talloc.h>
+#include <tevent.h>
+
+/**
+ * @brief Add a glib GmainContext to a tevent context
+ *
+ * tevent will poll the glib event sources and run handlers for
+ * pending events as detailed in the glib documentation:
+ *
+ * https://developer.gnome.org/glib/stable/glib-The-Main-Event-Loop.html
+ *
+ * If tevent was built without glib support, this function will always return
+ * NULL with an error number ENOSYS.
+ *
+ * @param[in] mem_ctx Memory context to use
+ *
+ * @param[in] ev Event context to use
+ *
+ * @param[in] gmain_ctx GMainContext that will be added to tevent
+ *
+ * @return A handle on the glue context that binds the
+ * the GMainContext to tevent. Pass the glue handle to
+ * tevent_glib_glue_quit() in a callback when you want
+ * stop processing glib events.
+ * You must not call talloc_free() on the handle while
+ * the loop is still in use and attached to tevent.
+ */
+struct tevent_glib_glue *samba_tevent_glib_glue_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ GMainContext *gmain_ctx);
+
+/**
+ * @brief Stop polling a GMainContext
+ *
+ * Used in a callback when you want to stop processing glib events.
+ *
+ * @param[in] glue And tevent_glib_glue handle
+ */
+void samba_tevent_glib_glue_quit(struct tevent_glib_glue *glue);
+
+#endif
diff --git a/source3/lib/tevent_glib_glue_tests.c b/source3/lib/tevent_glib_glue_tests.c
new file mode 100644
index 0000000..d6cf664
--- /dev/null
+++ b/source3/lib/tevent_glib_glue_tests.c
@@ -0,0 +1,397 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ testing of the tevent glib glue subsystem
+
+ Copyright (C) Ralph Boehme 2016
+
+ glib tests adapted from glib2 glib/tests/mainloop.c
+ Copyright (C) 2011 Red Hat Inc., Matthias Clasen
+
+ ** NOTE! The following LGPL license applies to the tevent
+ ** library. This does NOT imply that all of Samba is released
+ ** under the LGPL
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+
+/*
+ * glib uses TRUE and FALSE which may have redefined by "includes.h" to be
+ * unusable. Unndefine so glib can establish its own working replacement.
+ */
+#undef TRUE
+#undef FALSE
+#include <glib.h>
+#include <glib-unix.h>
+#include "lib/tevent_glib_glue.h"
+
+/*
+ * Unfortunately the glib test suite runner doesn't pass args to tests
+ * so we must keep a few globals here.
+ */
+static struct tevent_context *ev;
+
+static gboolean count_calls(gpointer data)
+{
+ gint *i = (gint *)data;
+
+ (*i)++;
+
+ return TRUE;
+}
+
+static gboolean quit_loop(gpointer data)
+{
+ struct tevent_glib_glue *glue = talloc_get_type_abort(
+ data, struct tevent_glib_glue);
+
+ samba_tevent_glib_glue_quit(glue);
+
+ return G_SOURCE_REMOVE;
+}
+
+static void test_timeouts(void)
+{
+ GMainContext *ctx = NULL;
+ struct tevent_glib_glue *glue = NULL;
+ GSource *source = NULL;
+ gint a;
+ gint b;
+ gint c;
+
+ a = b = c = 0;
+
+ ctx = g_main_context_new();
+ glue = samba_tevent_glib_glue_create(ev, ev, ctx);
+ g_assert(glue != NULL);
+
+ source = g_timeout_source_new(100);
+ g_source_set_callback(source, count_calls, &a, NULL);
+ g_source_attach(source, ctx);
+ g_source_unref(source);
+
+ source = g_timeout_source_new(250);
+ g_source_set_callback(source, count_calls, &b, NULL);
+ g_source_attach(source, ctx);
+ g_source_unref(source);
+
+ source = g_timeout_source_new(330);
+ g_source_set_callback(source, count_calls, &c, NULL);
+ g_source_attach(source, ctx);
+ g_source_unref(source);
+
+ source = g_timeout_source_new(1050);
+ g_source_set_callback(source, quit_loop, glue, NULL);
+ g_source_attach(source, ctx);
+ g_source_unref(source);
+
+ g_assert(tevent_loop_wait(ev) == 0);
+
+ /* We may be delayed for an arbitrary amount of time - for example,
+ * it's possible for all timeouts to fire exactly once.
+ */
+ g_assert_cmpint(a, >, 0);
+ g_assert_cmpint(a, >=, b);
+ g_assert_cmpint(b, >=, c);
+
+ g_assert_cmpint(a, <=, 10);
+ g_assert_cmpint(b, <=, 4);
+ g_assert_cmpint(c, <=, 3);
+
+ samba_tevent_glib_glue_quit(glue);
+ TALLOC_FREE(glue);
+ g_main_context_unref(ctx);
+}
+
+struct test_glib_ev_source_data {
+ GMainContext *ctx;
+ struct tevent_glib_glue *glue;
+};
+
+static gboolean test_glib_ev_source_quit_loop(gpointer data);
+
+static gboolean test_glib_ev_source_timeout_cb(gpointer data)
+{
+ struct test_glib_ev_source_data *state = talloc_get_type_abort(
+ data, struct test_glib_ev_source_data);
+ GSource *source = NULL;
+
+ source = g_timeout_source_new(100);
+ g_source_set_callback(source,
+ test_glib_ev_source_quit_loop,
+ state,
+ NULL);
+ g_source_attach(source, state->ctx);
+ g_source_unref(source);
+
+ return TRUE;
+}
+
+static gboolean test_glib_ev_source_quit_loop(gpointer data)
+{
+ struct test_glib_ev_source_data *state = talloc_get_type_abort(
+ data, struct test_glib_ev_source_data);
+
+ samba_tevent_glib_glue_quit(state->glue);
+
+ return G_SOURCE_REMOVE;
+}
+
+static void test_glib_ev_source(void)
+{
+ GMainContext *ctx = NULL;
+ struct tevent_glib_glue *glue = NULL;
+ struct test_glib_ev_source_data *state = NULL;
+ GSource *source = NULL;
+
+ ctx = g_main_context_new();
+ g_assert(ctx != NULL);
+
+ glue = samba_tevent_glib_glue_create(ev, ev, ctx);
+ g_assert(glue != NULL);
+
+ state = talloc_zero(glue, struct test_glib_ev_source_data);
+ g_assert(state != NULL);
+
+ state->ctx = ctx;
+ state->glue = glue;
+
+ source = g_timeout_source_new(100);
+ g_source_set_callback(source,
+ test_glib_ev_source_timeout_cb,
+ state,
+ NULL);
+ g_source_attach(source, ctx);
+ g_source_unref(source);
+
+ g_assert(tevent_loop_wait(ev) == 0);
+
+ TALLOC_FREE(glue);
+ g_main_context_unref(ctx);
+}
+
+struct test_tevent_ev_source_data {
+ GMainContext *ctx;
+ struct tevent_glib_glue *glue;
+};
+
+static gboolean test_tevent_ev_source_quit_loop(gpointer data);
+
+static void test_tevent_ev_source_timeout_cb(struct tevent_context *_ev,
+ struct tevent_timer *te,
+ struct timeval current_time,
+ void *data)
+{
+ struct test_tevent_ev_source_data *state = talloc_get_type_abort(
+ data, struct test_tevent_ev_source_data);
+ GSource *source = NULL;
+
+ source = g_timeout_source_new(100);
+ g_source_set_callback(source,
+ test_tevent_ev_source_quit_loop,
+ state,
+ NULL);
+ g_source_attach(source, state->ctx);
+ g_source_unref(source);
+
+ return;
+}
+
+static gboolean test_tevent_ev_source_quit_loop(gpointer data)
+{
+ struct test_tevent_ev_source_data *state = talloc_get_type_abort(
+ data, struct test_tevent_ev_source_data);
+
+ samba_tevent_glib_glue_quit(state->glue);
+
+ return G_SOURCE_REMOVE;
+}
+
+static void test_tevent_ev_source(void)
+{
+ GMainContext *ctx = NULL;
+ struct tevent_glib_glue *glue = NULL;
+ struct test_tevent_ev_source_data *state = NULL;
+ struct tevent_timer *timer = NULL;
+
+ ctx = g_main_context_new();
+ g_assert(ctx != NULL);
+
+ glue = samba_tevent_glib_glue_create(ev, ev, ctx);
+ g_assert(glue != NULL);
+
+ state = talloc_zero(glue, struct test_tevent_ev_source_data);
+ g_assert(state != NULL);
+
+ state->ctx = ctx;
+ state->glue = glue;
+
+ timer = tevent_add_timer(ev,
+ state,
+ tevent_timeval_current_ofs(0, 1000),
+ test_tevent_ev_source_timeout_cb,
+ state);
+ g_assert(timer != NULL);
+
+ g_assert(tevent_loop_wait(ev) == 0);
+
+ TALLOC_FREE(glue);
+ g_main_context_unref(ctx);
+}
+
+static gchar zeros[1024];
+
+static gsize fill_a_pipe(gint fd)
+{
+ gsize written = 0;
+ GPollFD pfd;
+
+ pfd.fd = fd;
+ pfd.events = G_IO_OUT;
+ while (g_poll(&pfd, 1, 0) == 1)
+ /* we should never see -1 here */
+ written += write(fd, zeros, sizeof zeros);
+
+ return written;
+}
+
+static gboolean write_bytes(gint fd,
+ GIOCondition condition,
+ gpointer user_data)
+{
+ gssize *to_write = user_data;
+ gint limit;
+
+ if (*to_write == 0)
+ return FALSE;
+
+ /* Detect if we run before we should */
+ g_assert(*to_write >= 0);
+
+ limit = MIN(*to_write, sizeof zeros);
+ *to_write -= write(fd, zeros, limit);
+
+ return TRUE;
+}
+
+static gboolean read_bytes(gint fd,
+ GIOCondition condition,
+ gpointer user_data)
+{
+ static gchar buffer[1024];
+ gssize *to_read = user_data;
+
+ *to_read -= read(fd, buffer, sizeof buffer);
+
+ /* The loop will exit when there is nothing else to read, then we will
+ * use g_source_remove() to destroy this source.
+ */
+ return TRUE;
+}
+
+static void test_unix_fd(void)
+{
+ gssize to_write = -1;
+ gssize to_read;
+ gint fds[2];
+ gint a, b;
+ gint s;
+ GSource *source_a = NULL;
+ GSource *source_b = NULL;
+ struct tevent_glib_glue *glue = NULL;
+
+ glue = samba_tevent_glib_glue_create(ev, ev, g_main_context_default());
+ g_assert(glue != NULL);
+
+ s = pipe(fds);
+ g_assert(s == 0);
+
+ to_read = fill_a_pipe(fds[1]);
+ /* write at higher priority to keep the pipe full... */
+ a = g_unix_fd_add_full(G_PRIORITY_HIGH,
+ fds[1],
+ G_IO_OUT,
+ write_bytes,
+ &to_write,
+ NULL);
+ source_a = g_source_ref(g_main_context_find_source_by_id(NULL, a));
+ /* make sure no 'writes' get dispatched yet */
+ while (tevent_loop_once(ev));
+
+ to_read += 128 * 1024 * 1024;
+ to_write = 128 * 1024 * 1024;
+ b = g_unix_fd_add(fds[0], G_IO_IN, read_bytes, &to_read);
+ source_b = g_source_ref(g_main_context_find_source_by_id(NULL, b));
+
+ /* Assuming the kernel isn't internally 'laggy' then there will always
+ * be either data to read or room in which to write. That will keep
+ * the loop running until all data has been read and written.
+ */
+ while (to_write > 0 || to_read > 0)
+ {
+ gssize to_write_was = to_write;
+ gssize to_read_was = to_read;
+
+ if (tevent_loop_once(ev) != 0)
+ break;
+
+ /* Since the sources are at different priority, only one of them
+ * should possibly have run.
+ */
+ g_assert(to_write == to_write_was || to_read == to_read_was);
+ }
+
+ g_assert(to_write == 0);
+ g_assert(to_read == 0);
+
+ /* 'a' is already removed by itself */
+ g_assert(g_source_is_destroyed(source_a));
+ g_source_unref(source_a);
+ g_source_remove(b);
+ g_assert(g_source_is_destroyed(source_b));
+ g_source_unref(source_b);
+
+ samba_tevent_glib_glue_quit(glue);
+ TALLOC_FREE(glue);
+
+ close(fds[1]);
+ close(fds[0]);
+}
+
+int main(int argc, const char *argv[])
+{
+ int test_argc = 3;
+ char *test_argv[] = {
+ discard_const("test_glib_glue"),
+ discard_const("-m"),
+ discard_const("no-undefined")
+ };
+ char **argvp = test_argv;
+
+ g_test_init(&test_argc, &argvp, NULL);
+
+ ev = tevent_context_init(NULL);
+ if (ev == NULL) {
+ exit(1);
+ }
+
+ g_test_add_func("/mainloop/timeouts", test_timeouts);
+ g_test_add_func("/mainloop/glib_ev_source", test_glib_ev_source);
+ g_test_add_func("/mainloop/tevent_ev_source", test_tevent_ev_source);
+ g_test_add_func("/mainloop/unix-fd", test_unix_fd);
+
+ return g_test_run();
+}
diff --git a/source3/lib/time.c b/source3/lib/time.c
new file mode 100644
index 0000000..0d44a08
--- /dev/null
+++ b/source3/lib/time.c
@@ -0,0 +1,458 @@
+/*
+ Unix SMB/CIFS implementation.
+ time handling functions
+
+ Copyright (C) Andrew Tridgell 1992-2004
+ Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Jeremy Allison 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+/**
+ * @file
+ * @brief time handling functions
+ */
+
+
+#define NTTIME_INFINITY (NTTIME)0x8000000000000000LL
+
+#define TIME_FIXUP_CONSTANT_INT INT64_C(11644473600)
+
+/**************************************************************
+ Handle conversions between time_t and uint32, taking care to
+ preserve the "special" values.
+**************************************************************/
+
+uint32_t convert_time_t_to_uint32_t(time_t t)
+{
+#if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8))
+ /* time_t is 64-bit. */
+ if (t == 0x8000000000000000LL) {
+ return 0x80000000;
+ } else if (t == 0x7FFFFFFFFFFFFFFFLL) {
+ return 0x7FFFFFFF;
+ }
+#endif
+ return (uint32_t)t;
+}
+
+time_t convert_uint32_t_to_time_t(uint32_t u)
+{
+#if (defined(SIZEOF_TIME_T) && (SIZEOF_TIME_T == 8))
+ /* time_t is 64-bit. */
+ if (u == 0x80000000) {
+ return (time_t)0x8000000000000000LL;
+ } else if (u == 0x7FFFFFFF) {
+ return (time_t)0x7FFFFFFFFFFFFFFFLL;
+ }
+#endif
+ return (time_t)u;
+}
+
+/****************************************************************************
+ Check if NTTIME is 0.
+****************************************************************************/
+
+bool nt_time_is_zero(const NTTIME *nt)
+{
+ return (*nt == 0);
+}
+
+/****************************************************************************
+ Convert ASN.1 GeneralizedTime string to unix-time.
+ Returns 0 on failure; Currently ignores timezone.
+****************************************************************************/
+
+time_t generalized_to_unix_time(const char *str)
+{
+ struct tm tm;
+
+ ZERO_STRUCT(tm);
+
+ if (sscanf(str, "%4d%2d%2d%2d%2d%2d",
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday,
+ &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) {
+ return 0;
+ }
+ tm.tm_year -= 1900;
+ tm.tm_mon -= 1;
+
+ return timegm(&tm);
+}
+
+/*******************************************************************
+ Accessor function for the server time zone offset.
+ set_server_zone_offset() must have been called first.
+******************************************************************/
+
+static int server_zone_offset;
+
+int get_server_zone_offset(void)
+{
+ return server_zone_offset;
+}
+
+/*******************************************************************
+ Initialize the server time zone offset. Called when a client connects.
+******************************************************************/
+
+int set_server_zone_offset(time_t t)
+{
+ server_zone_offset = get_time_zone(t);
+ return server_zone_offset;
+}
+
+/***************************************************************************
+ Server versions of the above functions.
+***************************************************************************/
+
+void srv_put_dos_date(char *buf,int offset,time_t unixdate)
+{
+ push_dos_date((uint8_t *)buf, offset, unixdate, server_zone_offset);
+}
+
+void srv_put_dos_date2_ts(char *buf, int offset, struct timespec unix_ts)
+{
+ time_t unixdate = convert_timespec_to_time_t(unix_ts);
+ push_dos_date2((uint8_t *)buf, offset, unixdate, server_zone_offset);
+}
+
+void srv_put_dos_date3(char *buf,int offset,time_t unixdate)
+{
+ push_dos_date3((uint8_t *)buf, offset, unixdate, server_zone_offset);
+}
+
+void round_timespec(enum timestamp_set_resolution res, struct timespec *ts)
+{
+ if (is_omit_timespec(ts)) {
+ return;
+ }
+
+ switch (res) {
+ case TIMESTAMP_SET_SECONDS:
+ round_timespec_to_sec(ts);
+ break;
+ case TIMESTAMP_SET_MSEC:
+ round_timespec_to_usec(ts);
+ break;
+ case TIMESTAMP_SET_NT_OR_BETTER:
+ /* No rounding needed. */
+ break;
+ }
+}
+
+/****************************************************************************
+ Take a Unix time and convert to an NTTIME structure and place in buffer
+ pointed to by p, rounded to the correct resolution.
+****************************************************************************/
+
+void put_long_date_timespec(enum timestamp_set_resolution res, char *p, struct timespec ts)
+{
+ NTTIME nt;
+ round_timespec(res, &ts);
+ nt = unix_timespec_to_nt_time(ts);
+ SBVAL(p, 0, nt);
+}
+
+void put_long_date_full_timespec(enum timestamp_set_resolution res,
+ char *p,
+ const struct timespec *_ts)
+{
+ struct timespec ts = *_ts;
+ NTTIME nt;
+
+ round_timespec(res, &ts);
+ nt = full_timespec_to_nt_time(&ts);
+ SBVAL(p, 0, nt);
+}
+
+struct timespec pull_long_date_full_timespec(const char *p)
+{
+ NTTIME nt = BVAL(p, 0);
+
+ return nt_time_to_full_timespec(nt);
+}
+
+void put_long_date(char *p, time_t t)
+{
+ struct timespec ts;
+ ts.tv_sec = t;
+ ts.tv_nsec = 0;
+ put_long_date_timespec(TIMESTAMP_SET_SECONDS, p, ts);
+}
+
+void dos_filetime_timespec(struct timespec *tsp)
+{
+ tsp->tv_sec &= ~1;
+ tsp->tv_nsec = 0;
+}
+
+/*******************************************************************
+ Create a unix date (int GMT) from a dos date (which is actually in
+ localtime).
+********************************************************************/
+
+time_t make_unix_date(const void *date_ptr, int zone_offset)
+{
+ return pull_dos_date(date_ptr, zone_offset);
+}
+
+/*******************************************************************
+ Like make_unix_date() but the words are reversed.
+********************************************************************/
+
+time_t make_unix_date2(const void *date_ptr, int zone_offset)
+{
+ return pull_dos_date2(date_ptr, zone_offset);
+}
+
+/*******************************************************************
+ Create a unix GMT date from a dos date in 32 bit "unix like" format
+ these generally arrive as localtimes, with corresponding DST.
+******************************************************************/
+
+time_t make_unix_date3(const void *date_ptr, int zone_offset)
+{
+ return pull_dos_date3(date_ptr, zone_offset);
+}
+
+time_t srv_make_unix_date(const void *date_ptr)
+{
+ return make_unix_date(date_ptr, server_zone_offset);
+}
+
+time_t srv_make_unix_date2(const void *date_ptr)
+{
+ return make_unix_date2(date_ptr, server_zone_offset);
+}
+
+time_t srv_make_unix_date3(const void *date_ptr)
+{
+ return make_unix_date3(date_ptr, server_zone_offset);
+}
+
+/****************************************************************************
+ Interprets an nt time into a unix struct timespec.
+ Differs from nt_time_to_unix in that an 8 byte value of 0xffffffffffffffff
+ will be returned as (time_t)-1, whereas nt_time_to_unix returns 0 in this case.
+****************************************************************************/
+
+struct timespec interpret_long_date(NTTIME nt)
+{
+ if (nt == (uint64_t)-1) {
+ struct timespec ret;
+ ret.tv_sec = (time_t)-1;
+ ret.tv_nsec = 0;
+ return ret;
+ }
+ return nt_time_to_full_timespec(nt);
+}
+
+/*******************************************************************
+ Re-read the smb serverzone value.
+******************************************************************/
+
+static struct timeval start_time_hires;
+
+void TimeInit(void)
+{
+ set_server_zone_offset(time(NULL));
+
+ DEBUG(4,("TimeInit: Serverzone is %d\n", server_zone_offset));
+
+ /* Save the start time of this process. */
+ if (start_time_hires.tv_sec == 0 && start_time_hires.tv_usec == 0) {
+ GetTimeOfDay(&start_time_hires);
+ }
+}
+
+/**********************************************************************
+ Return a timeval struct of the uptime of this process. As TimeInit is
+ done before a daemon fork then this is the start time from the parent
+ daemon start. JRA.
+***********************************************************************/
+
+void get_process_uptime(struct timeval *ret_time)
+{
+ struct timeval time_now_hires;
+
+ GetTimeOfDay(&time_now_hires);
+ ret_time->tv_sec = time_now_hires.tv_sec - start_time_hires.tv_sec;
+ if (time_now_hires.tv_usec < start_time_hires.tv_usec) {
+ ret_time->tv_sec -= 1;
+ ret_time->tv_usec = 1000000 + (time_now_hires.tv_usec - start_time_hires.tv_usec);
+ } else {
+ ret_time->tv_usec = time_now_hires.tv_usec - start_time_hires.tv_usec;
+ }
+}
+
+/**
+ * @brief Get the startup time of the server.
+ *
+ * @param[out] ret_time A pointer to a timveal structure to set the startup
+ * time.
+ */
+void get_startup_time(struct timeval *ret_time)
+{
+ ret_time->tv_sec = start_time_hires.tv_sec;
+ ret_time->tv_usec = start_time_hires.tv_usec;
+}
+
+
+/****************************************************************************
+ Convert a NTTIME structure to a time_t.
+ It's originally in "100ns units".
+
+ This is an absolute version of the one above.
+ By absolute I mean, it doesn't adjust from 1/1/1601 to 1/1/1970
+ if the NTTIME was 5 seconds, the time_t is 5 seconds. JFM
+****************************************************************************/
+
+time_t nt_time_to_unix_abs(const NTTIME *nt)
+{
+ uint64_t d;
+
+ if (*nt == 0) {
+ return (time_t)0;
+ }
+
+ if (*nt == (uint64_t)-1) {
+ return (time_t)-1;
+ }
+
+ if (*nt == NTTIME_INFINITY) {
+ return (time_t)-1;
+ }
+
+ /* reverse the time */
+ /* it's a negative value, turn it to positive */
+ d=~*nt;
+
+ d += 1000*1000*10/2;
+ d /= 1000*1000*10;
+
+ if (!(TIME_T_MIN <= ((time_t)d) && ((time_t)d) <= TIME_T_MAX)) {
+ return (time_t)0;
+ }
+
+ return (time_t)d;
+}
+
+/****************************************************************************
+ Convert a time_t to a NTTIME structure
+
+ This is an absolute version of the one above.
+ By absolute I mean, it doesn't adjust from 1/1/1970 to 1/1/1601
+ If the time_t was 5 seconds, the NTTIME is 5 seconds. JFM
+****************************************************************************/
+
+void unix_to_nt_time_abs(NTTIME *nt, time_t t)
+{
+ double d;
+
+ if (t==0) {
+ *nt = 0;
+ return;
+ }
+
+ if (t == TIME_T_MAX) {
+ *nt = 0x7fffffffffffffffLL;
+ return;
+ }
+
+ if (t == (time_t)-1) {
+ /* that's what NT uses for infinite */
+ *nt = NTTIME_INFINITY;
+ return;
+ }
+
+ d = (double)(t);
+ d *= 1.0e7;
+
+ *nt = (NTTIME)d;
+
+ /* convert to a negative value */
+ *nt=~*nt;
+}
+
+
+/****************************************************************************
+ Utility function that always returns a const string even if localtime
+ and asctime fail.
+****************************************************************************/
+
+const char *time_to_asc(const time_t t)
+{
+ const char *asct;
+ struct tm *lt = localtime(&t);
+
+ if (!lt) {
+ return "unknown time\n";
+ }
+
+ asct = asctime(lt);
+ if (!asct) {
+ return "unknown time\n";
+ }
+ return asct;
+}
+
+const char *display_time(NTTIME nttime)
+{
+ float high;
+ float low;
+ int sec;
+ int days, hours, mins, secs;
+
+ if (nttime==0)
+ return "Now";
+
+ if (nttime==NTTIME_INFINITY)
+ return "Never";
+
+ high = 65536;
+ high = high/10000;
+ high = high*65536;
+ high = high/1000;
+ high = high * (~(nttime >> 32));
+
+ low = ~(nttime & 0xFFFFFFFF);
+ low = low/(1000*1000*10);
+
+ sec=(int)(high+low);
+
+ days=sec/(60*60*24);
+ hours=(sec - (days*60*60*24)) / (60*60);
+ mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60;
+ secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60);
+
+ return talloc_asprintf(talloc_tos(), "%u days, %u hours, %u minutes, "
+ "%u seconds", days, hours, mins, secs);
+}
+
+bool nt_time_is_set(const NTTIME *nt)
+{
+ if (*nt == 0x7FFFFFFFFFFFFFFFLL) {
+ return false;
+ }
+
+ if (*nt == NTTIME_INFINITY) {
+ return false;
+ }
+
+ return true;
+}
diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c
new file mode 100644
index 0000000..ad3232b
--- /dev/null
+++ b/source3/lib/tldap.c
@@ -0,0 +1,2726 @@
+/*
+ Unix SMB/CIFS implementation.
+ Infrastructure for async ldap client requests
+ Copyright (C) Volker Lendecke 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "tldap.h"
+#include "system/network.h"
+#include "system/locale.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/samba_util.h"
+#include "lib/util_tsock.h"
+#include "../lib/util/asn1.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../lib/util/tevent_unix.h"
+
+static TLDAPRC tldap_simple_recv(struct tevent_req *req);
+static bool tldap_msg_set_pending(struct tevent_req *req);
+
+#define TEVENT_TLDAP_RC_MAGIC (0x87bcd26e)
+
+bool tevent_req_ldap_error(struct tevent_req *req, TLDAPRC rc)
+{
+ uint64_t err;
+
+ if (TLDAP_RC_IS_SUCCESS(rc)) {
+ return false;
+ }
+
+ err = TEVENT_TLDAP_RC_MAGIC;
+ err <<= 32;
+ err |= TLDAP_RC_V(rc);
+
+ return tevent_req_error(req, err);
+}
+
+bool tevent_req_is_ldap_error(struct tevent_req *req, TLDAPRC *perr)
+{
+ enum tevent_req_state state;
+ uint64_t err;
+
+ if (!tevent_req_is_error(req, &state, &err)) {
+ return false;
+ }
+ switch (state) {
+ case TEVENT_REQ_TIMED_OUT:
+ *perr = TLDAP_TIMEOUT;
+ break;
+ case TEVENT_REQ_NO_MEMORY:
+ *perr = TLDAP_NO_MEMORY;
+ break;
+ case TEVENT_REQ_USER_ERROR:
+ if ((err >> 32) != TEVENT_TLDAP_RC_MAGIC) {
+ abort();
+ }
+ *perr = TLDAP_RC(err & 0xffffffff);
+ break;
+ default:
+ *perr = TLDAP_OPERATIONS_ERROR;
+ break;
+ }
+ return true;
+}
+
+struct tldap_ctx_attribute {
+ char *name;
+ void *ptr;
+};
+
+struct tldap_context {
+ int ld_version;
+ struct tstream_context *conn;
+ int msgid;
+ struct tevent_queue *outgoing;
+ struct tevent_req **pending;
+ struct tevent_req *read_req;
+
+ /* For the sync wrappers we need something like get_last_error... */
+ struct tldap_message *last_msg;
+
+ /* debug */
+ void (*log_fn)(void *context, enum tldap_debug_level level,
+ const char *fmt, va_list ap);
+ void *log_private;
+
+ struct tldap_ctx_attribute *ctx_attrs;
+};
+
+struct tldap_message {
+ struct asn1_data *data;
+ uint8_t *inbuf;
+ int type;
+ int id;
+
+ /* RESULT_ENTRY */
+ char *dn;
+ struct tldap_attribute *attribs;
+
+ /* Error data sent by the server */
+ TLDAPRC lderr;
+ char *res_matcheddn;
+ char *res_diagnosticmessage;
+ char *res_referral;
+ DATA_BLOB res_serverSaslCreds;
+ struct tldap_control *res_sctrls;
+
+ /* Controls sent by the server */
+ struct tldap_control *ctrls;
+};
+
+void tldap_set_debug(struct tldap_context *ld,
+ void (*log_fn)(void *log_private,
+ enum tldap_debug_level level,
+ const char *fmt,
+ va_list ap) PRINTF_ATTRIBUTE(3,0),
+ void *log_private)
+{
+ ld->log_fn = log_fn;
+ ld->log_private = log_private;
+}
+
+static void tldap_debug(
+ struct tldap_context *ld,
+ enum tldap_debug_level level,
+ const char *fmt, ...) PRINTF_ATTRIBUTE(3,4);
+
+static void tldap_debug(struct tldap_context *ld,
+ enum tldap_debug_level level,
+ const char *fmt, ...)
+{
+ va_list ap;
+ if (!ld) {
+ return;
+ }
+ if (ld->log_fn == NULL) {
+ return;
+ }
+ va_start(ap, fmt);
+ ld->log_fn(ld->log_private, level, fmt, ap);
+ va_end(ap);
+}
+
+static int tldap_next_msgid(struct tldap_context *ld)
+{
+ int result;
+
+ result = ld->msgid++;
+ if (ld->msgid == INT_MAX) {
+ ld->msgid = 1;
+ }
+ return result;
+}
+
+struct tldap_context *tldap_context_create(TALLOC_CTX *mem_ctx, int fd)
+{
+ struct tldap_context *ctx;
+ int ret;
+
+ ctx = talloc_zero(mem_ctx, struct tldap_context);
+ if (ctx == NULL) {
+ return NULL;
+ }
+ ret = tstream_bsd_existing_socket(ctx, fd, &ctx->conn);
+ if (ret == -1) {
+ TALLOC_FREE(ctx);
+ return NULL;
+ }
+ ctx->msgid = 1;
+ ctx->ld_version = 3;
+ ctx->outgoing = tevent_queue_create(ctx, "tldap_outgoing");
+ if (ctx->outgoing == NULL) {
+ TALLOC_FREE(ctx);
+ return NULL;
+ }
+ return ctx;
+}
+
+bool tldap_connection_ok(struct tldap_context *ld)
+{
+ int ret;
+
+ if (ld == NULL) {
+ return false;
+ }
+
+ if (ld->conn == NULL) {
+ return false;
+ }
+
+ ret = tstream_pending_bytes(ld->conn);
+ if (ret == -1) {
+ return false;
+ }
+
+ return true;
+}
+
+static size_t tldap_pending_reqs(struct tldap_context *ld)
+{
+ return talloc_array_length(ld->pending);
+}
+
+struct tstream_context *tldap_get_tstream(struct tldap_context *ld)
+{
+ return ld->conn;
+}
+
+void tldap_set_tstream(struct tldap_context *ld,
+ struct tstream_context *stream)
+{
+ ld->conn = stream;
+}
+
+static struct tldap_ctx_attribute *tldap_context_findattr(
+ struct tldap_context *ld, const char *name)
+{
+ size_t i, num_attrs;
+
+ num_attrs = talloc_array_length(ld->ctx_attrs);
+
+ for (i=0; i<num_attrs; i++) {
+ if (strcmp(ld->ctx_attrs[i].name, name) == 0) {
+ return &ld->ctx_attrs[i];
+ }
+ }
+ return NULL;
+}
+
+bool tldap_context_setattr(struct tldap_context *ld,
+ const char *name, const void *_pptr)
+{
+ struct tldap_ctx_attribute *tmp, *attr;
+ char *tmpname;
+ int num_attrs;
+ void **pptr = (void **)discard_const_p(void,_pptr);
+
+ attr = tldap_context_findattr(ld, name);
+ if (attr != NULL) {
+ /*
+ * We don't actually delete attrs, we don't expect tons of
+ * attributes being shuffled around.
+ */
+ TALLOC_FREE(attr->ptr);
+ if (*pptr != NULL) {
+ attr->ptr = talloc_move(ld->ctx_attrs, pptr);
+ *pptr = NULL;
+ }
+ return true;
+ }
+
+ tmpname = talloc_strdup(ld, name);
+ if (tmpname == NULL) {
+ return false;
+ }
+
+ num_attrs = talloc_array_length(ld->ctx_attrs);
+
+ tmp = talloc_realloc(ld, ld->ctx_attrs, struct tldap_ctx_attribute,
+ num_attrs+1);
+ if (tmp == NULL) {
+ TALLOC_FREE(tmpname);
+ return false;
+ }
+ tmp[num_attrs].name = talloc_move(tmp, &tmpname);
+ if (*pptr != NULL) {
+ tmp[num_attrs].ptr = talloc_move(tmp, pptr);
+ } else {
+ tmp[num_attrs].ptr = NULL;
+ }
+ *pptr = NULL;
+ ld->ctx_attrs = tmp;
+ return true;
+}
+
+void *tldap_context_getattr(struct tldap_context *ld, const char *name)
+{
+ struct tldap_ctx_attribute *attr = tldap_context_findattr(ld, name);
+
+ if (attr == NULL) {
+ return NULL;
+ }
+ return attr->ptr;
+}
+
+struct read_ldap_state {
+ uint8_t *buf;
+ bool done;
+};
+
+static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data);
+static void read_ldap_done(struct tevent_req *subreq);
+
+static struct tevent_req *read_ldap_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *conn)
+{
+ struct tevent_req *req, *subreq;
+ struct read_ldap_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct read_ldap_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->done = false;
+
+ subreq = tstream_read_packet_send(state, ev, conn, 2, read_ldap_more,
+ state);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, read_ldap_done, req);
+ return req;
+}
+
+static ssize_t read_ldap_more(uint8_t *buf, size_t buflen, void *private_data)
+{
+ struct read_ldap_state *state = talloc_get_type_abort(
+ private_data, struct read_ldap_state);
+ size_t len;
+ int i, lensize;
+
+ if (state->done) {
+ /* We've been here, we're done */
+ return 0;
+ }
+
+ /*
+ * From ldap.h: LDAP_TAG_MESSAGE is 0x30
+ */
+ if (buf[0] != 0x30) {
+ return -1;
+ }
+
+ len = buf[1];
+ if ((len & 0x80) == 0) {
+ state->done = true;
+ return len;
+ }
+
+ lensize = (len & 0x7f);
+ len = 0;
+
+ if (buflen == 2) {
+ /* Please get us the full length */
+ return lensize;
+ }
+ if (buflen > 2 + lensize) {
+ state->done = true;
+ return 0;
+ }
+ if (buflen != 2 + lensize) {
+ return -1;
+ }
+
+ for (i=0; i<lensize; i++) {
+ len = (len << 8) | buf[2+i];
+ }
+ return len;
+}
+
+static void read_ldap_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct read_ldap_state *state = tevent_req_data(
+ req, struct read_ldap_state);
+ ssize_t nread;
+ int err;
+
+ nread = tstream_read_packet_recv(subreq, state, &state->buf, &err);
+ TALLOC_FREE(subreq);
+ if (nread == -1) {
+ tevent_req_error(req, err);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static ssize_t read_ldap_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **pbuf, int *perrno)
+{
+ struct read_ldap_state *state = tevent_req_data(
+ req, struct read_ldap_state);
+
+ if (tevent_req_is_unix_error(req, perrno)) {
+ return -1;
+ }
+ *pbuf = talloc_move(mem_ctx, &state->buf);
+ return talloc_get_size(*pbuf);
+}
+
+struct tldap_msg_state {
+ struct tldap_context *ld;
+ struct tevent_context *ev;
+ int id;
+ struct iovec iov;
+
+ struct asn1_data *data;
+ uint8_t *inbuf;
+};
+
+static bool tldap_push_controls(struct asn1_data *data,
+ struct tldap_control *sctrls,
+ int num_sctrls)
+{
+ int i;
+
+ if ((sctrls == NULL) || (num_sctrls == 0)) {
+ return true;
+ }
+
+ if (!asn1_push_tag(data, ASN1_CONTEXT(0))) return false;
+
+ for (i=0; i<num_sctrls; i++) {
+ struct tldap_control *c = &sctrls[i];
+ if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) return false;
+ if (!asn1_write_OctetString(data, c->oid, strlen(c->oid))) return false;
+ if (c->critical) {
+ if (!asn1_write_BOOLEAN(data, true)) return false;
+ }
+ if (c->value.data != NULL) {
+ if (!asn1_write_OctetString(data, c->value.data,
+ c->value.length)) return false;
+ }
+ if (!asn1_pop_tag(data)) return false; /* ASN1_SEQUENCE(0) */
+ }
+
+ return asn1_pop_tag(data); /* ASN1_CONTEXT(0) */
+}
+
+#define tldap_context_disconnect(ld, status) \
+ _tldap_context_disconnect(ld, status, __location__)
+
+static void _tldap_context_disconnect(struct tldap_context *ld,
+ TLDAPRC status,
+ const char *location)
+{
+ if (ld->conn == NULL) {
+ /*
+ * We don't need to tldap_debug() on
+ * a potential 2nd run.
+ *
+ * The rest of the function would just
+ * be a noop for the 2nd run anyway.
+ */
+ return;
+ }
+
+ tldap_debug(ld, TLDAP_DEBUG_WARNING,
+ "tldap_context_disconnect: %s at %s\n",
+ tldap_rc2string(status),
+ location);
+ tevent_queue_stop(ld->outgoing);
+ TALLOC_FREE(ld->read_req);
+ TALLOC_FREE(ld->conn);
+
+ while (talloc_array_length(ld->pending) > 0) {
+ struct tevent_req *req = NULL;
+ struct tldap_msg_state *state = NULL;
+
+ req = ld->pending[0];
+ state = tevent_req_data(req, struct tldap_msg_state);
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_ldap_error(req, status);
+ }
+}
+
+static void tldap_msg_sent(struct tevent_req *subreq);
+static void tldap_msg_received(struct tevent_req *subreq);
+
+static struct tevent_req *tldap_msg_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ int id, struct asn1_data *data,
+ struct tldap_control *sctrls,
+ int num_sctrls)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_msg_state *state;
+ DATA_BLOB blob;
+ bool ok;
+
+ tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_send: sending msg %d\n",
+ id);
+
+ req = tevent_req_create(mem_ctx, &state, struct tldap_msg_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ld = ld;
+ state->ev = ev;
+ state->id = id;
+
+ ok = tldap_connection_ok(ld);
+ if (!ok) {
+ tevent_req_ldap_error(req, TLDAP_SERVER_DOWN);
+ return tevent_req_post(req, ev);
+ }
+
+ if (!tldap_push_controls(data, sctrls, num_sctrls)) {
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+ }
+
+
+ if (!asn1_pop_tag(data)) {
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+ }
+
+ if (!asn1_blob(data, &blob)) {
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+ }
+
+ if (!tldap_msg_set_pending(req)) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);;
+ }
+
+ state->iov.iov_base = (void *)blob.data;
+ state->iov.iov_len = blob.length;
+
+ subreq = tstream_writev_queue_send(state, ev, ld->conn, ld->outgoing,
+ &state->iov, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_msg_sent, req);
+ return req;
+}
+
+static void tldap_msg_unset_pending(struct tevent_req *req)
+{
+ struct tldap_msg_state *state = tevent_req_data(
+ req, struct tldap_msg_state);
+ struct tldap_context *ld = state->ld;
+ int num_pending = tldap_pending_reqs(ld);
+ int i;
+
+ tevent_req_set_cleanup_fn(req, NULL);
+
+ for (i=0; i<num_pending; i++) {
+ if (req == ld->pending[i]) {
+ break;
+ }
+ }
+ if (i == num_pending) {
+ /*
+ * Something's seriously broken. Just returning here is the
+ * right thing nevertheless, the point of this routine is to
+ * remove ourselves from cli->pending.
+ */
+ return;
+ }
+
+ if (num_pending == 1) {
+ TALLOC_FREE(ld->pending);
+ return;
+ }
+
+ /*
+ * Remove ourselves from the cli->pending array
+ */
+ if (num_pending > 1) {
+ ld->pending[i] = ld->pending[num_pending-1];
+ }
+
+ /*
+ * No NULL check here, we're shrinking by sizeof(void *), and
+ * talloc_realloc just adjusts the size for this.
+ */
+ ld->pending = talloc_realloc(NULL, ld->pending, struct tevent_req *,
+ num_pending - 1);
+}
+
+static void tldap_msg_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state)
+{
+ tldap_msg_unset_pending(req);
+}
+
+static bool tldap_msg_set_pending(struct tevent_req *req)
+{
+ struct tldap_msg_state *state = tevent_req_data(
+ req, struct tldap_msg_state);
+ struct tldap_context *ld;
+ struct tevent_req **pending;
+ int num_pending;
+
+ ld = state->ld;
+ num_pending = tldap_pending_reqs(ld);
+
+ pending = talloc_realloc(ld, ld->pending, struct tevent_req *,
+ num_pending+1);
+ if (pending == NULL) {
+ return false;
+ }
+ pending[num_pending] = req;
+ ld->pending = pending;
+ tevent_req_set_cleanup_fn(req, tldap_msg_cleanup);
+
+ if (ld->read_req != NULL) {
+ return true;
+ }
+
+ /*
+ * We're the first one, add the read_ldap request that waits for the
+ * answer from the server
+ */
+ ld->read_req = read_ldap_send(ld->pending, state->ev, ld->conn);
+ if (ld->read_req == NULL) {
+ tldap_msg_unset_pending(req);
+ return false;
+ }
+ tevent_req_set_callback(ld->read_req, tldap_msg_received, ld);
+ return true;
+}
+
+static void tldap_msg_sent(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_msg_state *state = tevent_req_data(
+ req, struct tldap_msg_state);
+ ssize_t nwritten;
+ int err;
+
+ nwritten = tstream_writev_queue_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (nwritten == -1) {
+ tldap_context_disconnect(state->ld, TLDAP_SERVER_DOWN);
+ return;
+ }
+}
+
+static int tldap_msg_msgid(struct tevent_req *req)
+{
+ struct tldap_msg_state *state = tevent_req_data(
+ req, struct tldap_msg_state);
+
+ return state->id;
+}
+
+static void tldap_msg_received(struct tevent_req *subreq)
+{
+ struct tldap_context *ld = tevent_req_callback_data(
+ subreq, struct tldap_context);
+ struct tevent_req *req;
+ struct tldap_msg_state *state;
+ struct asn1_data *data;
+ uint8_t *inbuf;
+ ssize_t received;
+ size_t num_pending;
+ size_t i;
+ int err;
+ TLDAPRC status = TLDAP_PROTOCOL_ERROR;
+ int id;
+ uint8_t type;
+ bool ok;
+
+ received = read_ldap_recv(subreq, talloc_tos(), &inbuf, &err);
+ TALLOC_FREE(subreq);
+ ld->read_req = NULL;
+ if (received == -1) {
+ status = TLDAP_SERVER_DOWN;
+ goto fail;
+ }
+
+ data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
+ if (data == NULL) {
+ /*
+ * We have to disconnect all, we can't tell which of
+ * the requests this reply is for.
+ */
+ status = TLDAP_NO_MEMORY;
+ goto fail;
+ }
+ asn1_load_nocopy(data, inbuf, received);
+
+ ok = true;
+ ok &= asn1_start_tag(data, ASN1_SEQUENCE(0));
+ ok &= asn1_read_Integer(data, &id);
+ ok &= asn1_peek_uint8(data, &type);
+
+ if (!ok) {
+ status = TLDAP_PROTOCOL_ERROR;
+ goto fail;
+ }
+
+ tldap_debug(ld, TLDAP_DEBUG_TRACE, "tldap_msg_received: got msg %d "
+ "type %d\n", id, (int)type);
+
+ if (id == 0) {
+ tldap_debug(
+ ld,
+ TLDAP_DEBUG_WARNING,
+ "tldap_msg_received: got msgid 0 of "
+ "type %"PRIu8", disconnecting\n",
+ type);
+ tldap_context_disconnect(ld, TLDAP_SERVER_DOWN);
+ return;
+ }
+
+ num_pending = talloc_array_length(ld->pending);
+
+ for (i=0; i<num_pending; i++) {
+ if (id == tldap_msg_msgid(ld->pending[i])) {
+ break;
+ }
+ }
+ if (i == num_pending) {
+ /* Dump unexpected reply */
+ tldap_debug(ld, TLDAP_DEBUG_WARNING, "tldap_msg_received: "
+ "No request pending for msg %d\n", id);
+ TALLOC_FREE(data);
+ TALLOC_FREE(inbuf);
+ goto done;
+ }
+
+ req = ld->pending[i];
+ state = tevent_req_data(req, struct tldap_msg_state);
+
+ state->inbuf = talloc_move(state, &inbuf);
+ state->data = talloc_move(state, &data);
+
+ tldap_msg_unset_pending(req);
+ num_pending = talloc_array_length(ld->pending);
+
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_done(req);
+
+ done:
+ if (num_pending == 0) {
+ return;
+ }
+
+ state = tevent_req_data(ld->pending[0], struct tldap_msg_state);
+ ld->read_req = read_ldap_send(ld->pending, state->ev, ld->conn);
+ if (ld->read_req == NULL) {
+ status = TLDAP_NO_MEMORY;
+ goto fail;
+ }
+ tevent_req_set_callback(ld->read_req, tldap_msg_received, ld);
+ return;
+
+ fail:
+ tldap_context_disconnect(ld, status);
+}
+
+static TLDAPRC tldap_msg_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct tldap_message **pmsg)
+{
+ struct tldap_msg_state *state = tevent_req_data(
+ req, struct tldap_msg_state);
+ struct tldap_message *msg;
+ TLDAPRC err;
+ uint8_t msgtype;
+
+ if (tevent_req_is_ldap_error(req, &err)) {
+ return err;
+ }
+
+ if (!asn1_peek_uint8(state->data, &msgtype)) {
+ return TLDAP_PROTOCOL_ERROR;
+ }
+
+ if (pmsg == NULL) {
+ return TLDAP_SUCCESS;
+ }
+
+ msg = talloc_zero(mem_ctx, struct tldap_message);
+ if (msg == NULL) {
+ return TLDAP_NO_MEMORY;
+ }
+ msg->id = state->id;
+
+ msg->inbuf = talloc_move(msg, &state->inbuf);
+ msg->data = talloc_move(msg, &state->data);
+ msg->type = msgtype;
+
+ *pmsg = msg;
+ return TLDAP_SUCCESS;
+}
+
+struct tldap_req_state {
+ int id;
+ struct asn1_data *out;
+ struct tldap_message *result;
+};
+
+static struct tevent_req *tldap_req_create(TALLOC_CTX *mem_ctx,
+ struct tldap_context *ld,
+ struct tldap_req_state **pstate)
+{
+ struct tevent_req *req;
+ struct tldap_req_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct tldap_req_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->out = asn1_init(state, ASN1_MAX_TREE_DEPTH);
+ if (state->out == NULL) {
+ goto err;
+ }
+ state->id = tldap_next_msgid(ld);
+
+ if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_write_Integer(state->out, state->id)) goto err;
+
+ *pstate = state;
+ return req;
+
+ err:
+
+ TALLOC_FREE(req);
+ return NULL;
+}
+
+static void tldap_save_msg(struct tldap_context *ld, struct tevent_req *req)
+{
+ struct tldap_req_state *state = tevent_req_data(
+ req, struct tldap_req_state);
+
+ TALLOC_FREE(ld->last_msg);
+ ld->last_msg = talloc_move(ld, &state->result);
+}
+
+static char *blob2string_talloc(TALLOC_CTX *mem_ctx, DATA_BLOB blob)
+{
+ char *result = talloc_array(mem_ctx, char, blob.length+1);
+
+ if (result == NULL) {
+ return NULL;
+ }
+
+ memcpy(result, blob.data, blob.length);
+ result[blob.length] = '\0';
+ return result;
+}
+
+static bool asn1_read_OctetString_talloc(TALLOC_CTX *mem_ctx,
+ struct asn1_data *data,
+ char **presult)
+{
+ DATA_BLOB string;
+ char *result;
+ if (!asn1_read_OctetString(data, mem_ctx, &string))
+ return false;
+
+ result = blob2string_talloc(mem_ctx, string);
+
+ data_blob_free(&string);
+
+ if (result == NULL) {
+ return false;
+ }
+ *presult = result;
+ return true;
+}
+
+static bool tldap_decode_controls(struct tldap_req_state *state);
+
+static bool tldap_decode_response(struct tldap_req_state *state)
+{
+ struct asn1_data *data = state->result->data;
+ struct tldap_message *msg = state->result;
+ int rc;
+ bool ok = true;
+
+ ok &= asn1_read_enumerated(data, &rc);
+ if (ok) {
+ msg->lderr = TLDAP_RC(rc);
+ }
+
+ ok &= asn1_read_OctetString_talloc(msg, data, &msg->res_matcheddn);
+ ok &= asn1_read_OctetString_talloc(msg, data,
+ &msg->res_diagnosticmessage);
+ if (!ok) return ok;
+ if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
+ ok &= asn1_start_tag(data, ASN1_CONTEXT(3));
+ ok &= asn1_read_OctetString_talloc(msg, data,
+ &msg->res_referral);
+ ok &= asn1_end_tag(data);
+ } else {
+ msg->res_referral = NULL;
+ }
+
+ return ok;
+}
+
+static void tldap_sasl_bind_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_sasl_bind_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ const char *dn,
+ const char *mechanism,
+ DATA_BLOB *creds,
+ struct tldap_control *sctrls,
+ int num_sctrls,
+ struct tldap_control *cctrls,
+ int num_cctrls)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_req_state *state;
+
+ req = tldap_req_create(mem_ctx, ld, &state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (dn == NULL) {
+ dn = "";
+ }
+
+ if (!asn1_push_tag(state->out, TLDAP_REQ_BIND)) goto err;
+ if (!asn1_write_Integer(state->out, ld->ld_version)) goto err;
+ if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
+
+ if (mechanism == NULL) {
+ if (!asn1_push_tag(state->out, ASN1_CONTEXT_SIMPLE(0))) goto err;
+ if (!asn1_write(state->out, creds->data, creds->length)) goto err;
+ if (!asn1_pop_tag(state->out)) goto err;
+ } else {
+ if (!asn1_push_tag(state->out, ASN1_CONTEXT(3))) goto err;
+ if (!asn1_write_OctetString(state->out, mechanism,
+ strlen(mechanism))) goto err;
+ if ((creds != NULL) && (creds->data != NULL)) {
+ if (!asn1_write_OctetString(state->out, creds->data,
+ creds->length)) goto err;
+ }
+ if (!asn1_pop_tag(state->out)) goto err;
+ }
+
+ if (!asn1_pop_tag(state->out)) goto err;
+
+ subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
+ sctrls, num_sctrls);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_sasl_bind_done, req);
+ return req;
+
+ err:
+
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+}
+
+static void tldap_sasl_bind_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_req_state *state = tevent_req_data(
+ req, struct tldap_req_state);
+ TLDAPRC rc;
+ bool ok;
+
+ rc = tldap_msg_recv(subreq, state, &state->result);
+ TALLOC_FREE(subreq);
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+ if (state->result->type != TLDAP_RES_BIND) {
+ tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
+ return;
+ }
+
+ ok = asn1_start_tag(state->result->data, TLDAP_RES_BIND);
+ ok &= tldap_decode_response(state);
+
+ if (asn1_peek_tag(state->result->data, ASN1_CONTEXT_SIMPLE(7))) {
+ int len;
+
+ ok &= asn1_start_tag(state->result->data,
+ ASN1_CONTEXT_SIMPLE(7));
+ if (!ok) {
+ goto decode_error;
+ }
+
+ len = asn1_tag_remaining(state->result->data);
+ if (len == -1) {
+ goto decode_error;
+ }
+
+ state->result->res_serverSaslCreds =
+ data_blob_talloc(state->result, NULL, len);
+ if (state->result->res_serverSaslCreds.data == NULL) {
+ goto decode_error;
+ }
+
+ ok = asn1_read(state->result->data,
+ state->result->res_serverSaslCreds.data,
+ state->result->res_serverSaslCreds.length);
+
+ ok &= asn1_end_tag(state->result->data);
+ }
+
+ ok &= asn1_end_tag(state->result->data);
+
+ if (!ok) {
+ goto decode_error;
+ }
+
+ if (!TLDAP_RC_IS_SUCCESS(state->result->lderr) &&
+ !TLDAP_RC_EQUAL(state->result->lderr,
+ TLDAP_SASL_BIND_IN_PROGRESS)) {
+ tevent_req_ldap_error(req, state->result->lderr);
+ return;
+ }
+ tevent_req_done(req);
+ return;
+
+decode_error:
+ tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
+ return;
+}
+
+TLDAPRC tldap_sasl_bind_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ DATA_BLOB *serverSaslCreds)
+{
+ struct tldap_req_state *state = tevent_req_data(
+ req, struct tldap_req_state);
+ TLDAPRC rc;
+
+ if (tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+
+ if (serverSaslCreds != NULL) {
+ serverSaslCreds->data = talloc_move(
+ mem_ctx, &state->result->res_serverSaslCreds.data);
+ serverSaslCreds->length =
+ state->result->res_serverSaslCreds.length;
+ }
+
+ return state->result->lderr;
+}
+
+TLDAPRC tldap_sasl_bind(struct tldap_context *ld,
+ const char *dn,
+ const char *mechanism,
+ DATA_BLOB *creds,
+ struct tldap_control *sctrls,
+ int num_sctrls,
+ struct tldap_control *cctrls,
+ int num_cctrls,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *serverSaslCreds)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_sasl_bind_send(frame, ev, ld, dn, mechanism, creds,
+ sctrls, num_sctrls, cctrls, num_cctrls);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+ rc = tldap_sasl_bind_recv(req, mem_ctx, serverSaslCreds);
+ tldap_save_msg(ld, req);
+ fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
+
+struct tevent_req *tldap_simple_bind_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ const char *dn,
+ const char *passwd)
+{
+ DATA_BLOB cred;
+
+ if (passwd != NULL) {
+ cred.data = discard_const_p(uint8_t, passwd);
+ cred.length = strlen(passwd);
+ } else {
+ cred.data = discard_const_p(uint8_t, "");
+ cred.length = 0;
+ }
+ return tldap_sasl_bind_send(mem_ctx, ev, ld, dn, NULL, &cred, NULL, 0,
+ NULL, 0);
+}
+
+TLDAPRC tldap_simple_bind_recv(struct tevent_req *req)
+{
+ return tldap_sasl_bind_recv(req, NULL, NULL);
+}
+
+TLDAPRC tldap_simple_bind(struct tldap_context *ld, const char *dn,
+ const char *passwd)
+{
+ DATA_BLOB cred;
+
+ if (passwd != NULL) {
+ cred.data = discard_const_p(uint8_t, passwd);
+ cred.length = strlen(passwd);
+ } else {
+ cred.data = discard_const_p(uint8_t, "");
+ cred.length = 0;
+ }
+ return tldap_sasl_bind(ld, dn, NULL, &cred, NULL, 0, NULL, 0,
+ NULL, NULL);
+}
+
+/*****************************************************************************/
+
+/* can't use isalpha() as only a strict set is valid for LDAP */
+
+static bool tldap_is_alpha(char c)
+{
+ return (((c >= 'a') && (c <= 'z')) || \
+ ((c >= 'A') && (c <= 'Z')));
+}
+
+static bool tldap_is_adh(char c)
+{
+ return tldap_is_alpha(c) || isdigit(c) || (c == '-');
+}
+
+#define TLDAP_FILTER_AND ASN1_CONTEXT(0)
+#define TLDAP_FILTER_OR ASN1_CONTEXT(1)
+#define TLDAP_FILTER_NOT ASN1_CONTEXT(2)
+#define TLDAP_FILTER_EQ ASN1_CONTEXT(3)
+#define TLDAP_FILTER_SUB ASN1_CONTEXT(4)
+#define TLDAP_FILTER_LE ASN1_CONTEXT(5)
+#define TLDAP_FILTER_GE ASN1_CONTEXT(6)
+#define TLDAP_FILTER_PRES ASN1_CONTEXT_SIMPLE(7)
+#define TLDAP_FILTER_APX ASN1_CONTEXT(8)
+#define TLDAP_FILTER_EXT ASN1_CONTEXT(9)
+
+#define TLDAP_SUB_INI ASN1_CONTEXT_SIMPLE(0)
+#define TLDAP_SUB_ANY ASN1_CONTEXT_SIMPLE(1)
+#define TLDAP_SUB_FIN ASN1_CONTEXT_SIMPLE(2)
+
+
+/* oid's should be numerical only in theory,
+ * but apparently some broken servers may have alphanum aliases instead.
+ * Do like openldap libraries and allow alphanum aliases for oids, but
+ * do not allow Tagging options in that case.
+ */
+static bool tldap_is_attrdesc(const char *s, int len, bool no_tagopts)
+{
+ bool is_oid = false;
+ bool dot = false;
+ int i;
+
+ /* first char has stricter rules */
+ if (isdigit(*s)) {
+ is_oid = true;
+ } else if (!tldap_is_alpha(*s)) {
+ /* bad first char */
+ return false;
+ }
+
+ for (i = 1; i < len; i++) {
+
+ if (is_oid) {
+ if (isdigit(s[i])) {
+ dot = false;
+ continue;
+ }
+ if (s[i] == '.') {
+ if (dot) {
+ /* malformed */
+ return false;
+ }
+ dot = true;
+ continue;
+ }
+ } else {
+ if (tldap_is_adh(s[i])) {
+ continue;
+ }
+ }
+
+ if (s[i] == ';') {
+ if (no_tagopts) {
+ /* no tagging options */
+ return false;
+ }
+ if (dot) {
+ /* malformed */
+ return false;
+ }
+ if ((i + 1) == len) {
+ /* malformed */
+ return false;
+ }
+
+ is_oid = false;
+ continue;
+ }
+ }
+
+ if (dot) {
+ /* malformed */
+ return false;
+ }
+
+ return true;
+}
+
+/* this function copies the value until the closing parenthesis is found. */
+static char *tldap_get_val(TALLOC_CTX *memctx,
+ const char *value, const char **_s)
+{
+ const char *s = value;
+
+ /* find terminator */
+ while (*s) {
+ s = strchr(s, ')');
+ if (s && (*(s - 1) == '\\')) {
+ s++;
+ continue;
+ }
+ break;
+ }
+ if (!s || !(*s == ')')) {
+ /* malformed filter */
+ return NULL;
+ }
+
+ *_s = s;
+
+ return talloc_strndup(memctx, value, s - value);
+}
+
+static int tldap_hex2char(const char *x)
+{
+ if (isxdigit(x[0]) && isxdigit(x[1])) {
+ const char h1 = x[0], h2 = x[1];
+ int c = 0;
+
+ if (h1 >= 'a') c = h1 - (int)'a' + 10;
+ else if (h1 >= 'A') c = h1 - (int)'A' + 10;
+ else if (h1 >= '0') c = h1 - (int)'0';
+ c = c << 4;
+ if (h2 >= 'a') c += h2 - (int)'a' + 10;
+ else if (h2 >= 'A') c += h2 - (int)'A' + 10;
+ else if (h2 >= '0') c += h2 - (int)'0';
+
+ return c;
+ }
+
+ return -1;
+}
+
+static bool tldap_find_first_star(const char *val, const char **star)
+{
+ const char *s;
+
+ for (s = val; *s; s++) {
+ switch (*s) {
+ case '\\':
+ if (isxdigit(s[1]) && isxdigit(s[2])) {
+ s += 2;
+ break;
+ }
+ /* not hex based escape, check older syntax */
+ switch (s[1]) {
+ case '(':
+ case ')':
+ case '*':
+ case '\\':
+ s++;
+ break;
+ default:
+ /* invalid escape sequence */
+ return false;
+ }
+ break;
+ case ')':
+ /* end of val, nothing found */
+ *star = s;
+ return true;
+
+ case '*':
+ *star = s;
+ return true;
+ }
+ }
+
+ /* string ended without closing parenthesis, filter is malformed */
+ return false;
+}
+
+static bool tldap_unescape_inplace(char *value, size_t *val_len)
+{
+ int c;
+ size_t i, p;
+
+ for (i = 0,p = 0; i < *val_len; i++) {
+
+ switch (value[i]) {
+ case '(':
+ case ')':
+ case '*':
+ /* these must be escaped */
+ return false;
+
+ case '\\':
+ if (!value[i + 1]) {
+ /* invalid EOL */
+ return false;
+ }
+ i++;
+
+ /* LDAPv3 escaped */
+ c = tldap_hex2char(&value[i]);
+ if (c >= 0 && c < 256) {
+ value[p] = c;
+ i++;
+ p++;
+ break;
+ }
+
+ /* LDAPv2 escaped */
+ switch (value[i]) {
+ case '(':
+ case ')':
+ case '*':
+ case '\\':
+ value[p] = value[i];
+ p++;
+
+ break;
+ default:
+ /* invalid */
+ return false;
+ }
+ break;
+
+ default:
+ value[p] = value[i];
+ p++;
+ }
+ }
+ value[p] = '\0';
+ *val_len = p;
+ return true;
+}
+
+static bool tldap_push_filter_basic(struct tldap_context *ld,
+ struct asn1_data *data,
+ const char **_s);
+static bool tldap_push_filter_substring(struct tldap_context *ld,
+ struct asn1_data *data,
+ const char *val,
+ const char **_s);
+static bool tldap_push_filter_int(struct tldap_context *ld,
+ struct asn1_data *data,
+ const char **_s)
+{
+ const char *s = *_s;
+ bool ret;
+
+ if (*s != '(') {
+ tldap_debug(ld, TLDAP_DEBUG_ERROR,
+ "Incomplete or malformed filter\n");
+ return false;
+ }
+ s++;
+
+ /* we are right after a parenthesis,
+ * find out what op we have at hand */
+ switch (*s) {
+ case '&':
+ tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: AND\n");
+ if (!asn1_push_tag(data, TLDAP_FILTER_AND)) return false;
+ s++;
+ break;
+
+ case '|':
+ tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: OR\n");
+ if (!asn1_push_tag(data, TLDAP_FILTER_OR)) return false;
+ s++;
+ break;
+
+ case '!':
+ tldap_debug(ld, TLDAP_DEBUG_TRACE, "Filter op: NOT\n");
+ if (!asn1_push_tag(data, TLDAP_FILTER_NOT)) return false;
+ s++;
+ ret = tldap_push_filter_int(ld, data, &s);
+ if (!ret) {
+ return false;
+ }
+ if (!asn1_pop_tag(data)) return false;
+ goto done;
+
+ case '(':
+ case ')':
+ tldap_debug(ld, TLDAP_DEBUG_ERROR,
+ "Invalid parenthesis '%c'\n", *s);
+ return false;
+
+ case '\0':
+ tldap_debug(ld, TLDAP_DEBUG_ERROR,
+ "Invalid filter termination\n");
+ return false;
+
+ default:
+ ret = tldap_push_filter_basic(ld, data, &s);
+ if (!ret) {
+ return false;
+ }
+ goto done;
+ }
+
+ /* only and/or filters get here.
+ * go through the list of filters */
+
+ if (*s == ')') {
+ /* RFC 4526: empty and/or */
+ if (!asn1_pop_tag(data)) return false;
+ goto done;
+ }
+
+ while (*s) {
+ ret = tldap_push_filter_int(ld, data, &s);
+ if (!ret) {
+ return false;
+ }
+
+ if (*s == ')') {
+ /* end of list, return */
+ if (!asn1_pop_tag(data)) return false;
+ break;
+ }
+ }
+
+done:
+ if (*s != ')') {
+ tldap_debug(ld, TLDAP_DEBUG_ERROR,
+ "Incomplete or malformed filter\n");
+ return false;
+ }
+ s++;
+
+ if (asn1_has_error(data)) {
+ return false;
+ }
+
+ *_s = s;
+ return true;
+}
+
+
+static bool tldap_push_filter_basic(struct tldap_context *ld,
+ struct asn1_data *data,
+ const char **_s)
+{
+ TALLOC_CTX *tmpctx = talloc_tos();
+ const char *s = *_s;
+ const char *e;
+ const char *eq;
+ const char *val;
+ const char *type;
+ const char *dn;
+ const char *rule;
+ const char *star;
+ size_t type_len = 0;
+ char *uval;
+ size_t uval_len;
+ bool write_octect = true;
+ bool ret;
+
+ eq = strchr(s, '=');
+ if (!eq) {
+ tldap_debug(ld, TLDAP_DEBUG_ERROR,
+ "Invalid filter, missing equal sign\n");
+ return false;
+ }
+
+ val = eq + 1;
+ e = eq - 1;
+
+ switch (*e) {
+ case '<':
+ if (!asn1_push_tag(data, TLDAP_FILTER_LE)) return false;
+ break;
+
+ case '>':
+ if (!asn1_push_tag(data, TLDAP_FILTER_GE)) return false;
+ break;
+
+ case '~':
+ if (!asn1_push_tag(data, TLDAP_FILTER_APX)) return false;
+ break;
+
+ case ':':
+ if (!asn1_push_tag(data, TLDAP_FILTER_EXT)) return false;
+ write_octect = false;
+
+ type = NULL;
+ dn = NULL;
+ rule = NULL;
+
+ if (*s == ':') { /* [:dn]:rule:= value */
+ if (s == e) {
+ /* malformed filter */
+ return false;
+ }
+ dn = s;
+ } else { /* type[:dn][:rule]:= value */
+ type = s;
+ dn = strchr(s, ':');
+ type_len = dn - type;
+ if (dn == e) { /* type:= value */
+ dn = NULL;
+ }
+ }
+ if (dn) {
+ dn++;
+
+ rule = strchr(dn, ':');
+ if (rule == NULL) {
+ return false;
+ }
+ if ((rule == dn + 1) || rule + 1 == e) {
+ /* malformed filter, contains "::" */
+ return false;
+ }
+
+ if (strncasecmp_m(dn, "dn:", 3) != 0) {
+ if (rule == e) {
+ rule = dn;
+ dn = NULL;
+ } else {
+ /* malformed filter. With two
+ * optionals, the first must be "dn"
+ */
+ return false;
+ }
+ } else {
+ if (rule == e) {
+ rule = NULL;
+ } else {
+ rule++;
+ }
+ }
+ }
+
+ if (!type && !dn && !rule) {
+ /* malformed filter, there must be at least one */
+ return false;
+ }
+
+ /*
+ MatchingRuleAssertion ::= SEQUENCE {
+ matchingRule [1] MatchingRuleID OPTIONAL,
+ type [2] AttributeDescription OPTIONAL,
+ matchValue [3] AssertionValue,
+ dnAttributes [4] BOOLEAN DEFAULT FALSE
+ }
+ */
+
+ /* check and add rule */
+ if (rule) {
+ ret = tldap_is_attrdesc(rule, e - rule, true);
+ if (!ret) {
+ return false;
+ }
+ if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(1))) return false;
+ if (!asn1_write(data, rule, e - rule)) return false;
+ if (!asn1_pop_tag(data)) return false;
+ }
+
+ /* check and add type */
+ if (type) {
+ ret = tldap_is_attrdesc(type, type_len, false);
+ if (!ret) {
+ return false;
+ }
+ if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(2))) return false;
+ if (!asn1_write(data, type, type_len)) return false;
+ if (!asn1_pop_tag(data)) return false;
+ }
+
+ uval = tldap_get_val(tmpctx, val, _s);
+ if (!uval) {
+ return false;
+ }
+ uval_len = *_s - val;
+ ret = tldap_unescape_inplace(uval, &uval_len);
+ if (!ret) {
+ return false;
+ }
+
+ if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3))) return false;
+ if (!asn1_write(data, uval, uval_len)) return false;
+ if (!asn1_pop_tag(data)) return false;
+
+ if (!asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4))) return false;
+ if (!asn1_write_uint8(data, dn?1:0)) return false;
+ if (!asn1_pop_tag(data)) return false;
+ break;
+
+ default:
+ e = eq;
+
+ ret = tldap_is_attrdesc(s, e - s, false);
+ if (!ret) {
+ return false;
+ }
+
+ if (strncmp(val, "*)", 2) == 0) {
+ /* presence */
+ if (!asn1_push_tag(data, TLDAP_FILTER_PRES)) return false;
+ if (!asn1_write(data, s, e - s)) return false;
+ *_s = val + 1;
+ write_octect = false;
+ break;
+ }
+
+ ret = tldap_find_first_star(val, &star);
+ if (!ret) {
+ return false;
+ }
+ if (*star == '*') {
+ /* substring */
+ if (!asn1_push_tag(data, TLDAP_FILTER_SUB)) return false;
+ if (!asn1_write_OctetString(data, s, e - s)) return false;
+ ret = tldap_push_filter_substring(ld, data, val, &s);
+ if (!ret) {
+ return false;
+ }
+ *_s = s;
+ write_octect = false;
+ break;
+ }
+
+ /* if nothing else, then it is just equality */
+ if (!asn1_push_tag(data, TLDAP_FILTER_EQ)) return false;
+ write_octect = true;
+ break;
+ }
+
+ if (write_octect) {
+ uval = tldap_get_val(tmpctx, val, _s);
+ if (!uval) {
+ return false;
+ }
+ uval_len = *_s - val;
+ ret = tldap_unescape_inplace(uval, &uval_len);
+ if (!ret) {
+ return false;
+ }
+
+ if (!asn1_write_OctetString(data, s, e - s)) return false;
+ if (!asn1_write_OctetString(data, uval, uval_len)) return false;
+ }
+
+ if (asn1_has_error(data)) {
+ return false;
+ }
+ return asn1_pop_tag(data);
+}
+
+static bool tldap_push_filter_substring(struct tldap_context *ld,
+ struct asn1_data *data,
+ const char *val,
+ const char **_s)
+{
+ TALLOC_CTX *tmpctx = talloc_tos();
+ bool initial = true;
+ const char *star;
+ char *chunk;
+ size_t chunk_len;
+ bool ret;
+
+ /*
+ SubstringFilter ::= SEQUENCE {
+ type AttributeDescription,
+ -- at least one must be present
+ substrings SEQUENCE OF CHOICE {
+ initial [0] LDAPString,
+ any [1] LDAPString,
+ final [2] LDAPString } }
+ */
+ if (!asn1_push_tag(data, ASN1_SEQUENCE(0))) return false;
+
+ do {
+ ret = tldap_find_first_star(val, &star);
+ if (!ret) {
+ return false;
+ }
+ chunk_len = star - val;
+
+ switch (*star) {
+ case '*':
+ if (!initial && chunk_len == 0) {
+ /* found '**', which is illegal */
+ return false;
+ }
+ break;
+ case ')':
+ if (initial) {
+ /* no stars ?? */
+ return false;
+ }
+ /* we are done */
+ break;
+ default:
+ /* ?? */
+ return false;
+ }
+
+ if (initial && chunk_len == 0) {
+ val = star + 1;
+ initial = false;
+ continue;
+ }
+
+ chunk = talloc_strndup(tmpctx, val, chunk_len);
+ if (!chunk) {
+ return false;
+ }
+ ret = tldap_unescape_inplace(chunk, &chunk_len);
+ if (!ret) {
+ return false;
+ }
+ switch (*star) {
+ case '*':
+ if (initial) {
+ if (!asn1_push_tag(data, TLDAP_SUB_INI)) return false;
+ initial = false;
+ } else {
+ if (!asn1_push_tag(data, TLDAP_SUB_ANY)) return false;
+ }
+ break;
+ case ')':
+ if (!asn1_push_tag(data, TLDAP_SUB_FIN)) return false;
+ break;
+ default:
+ /* ?? */
+ return false;
+ }
+ if (!asn1_write(data, chunk, chunk_len)) return false;
+ if (!asn1_pop_tag(data)) return false;
+
+ val = star + 1;
+
+ } while (*star == '*');
+
+ *_s = star;
+
+ /* end of sequence */
+ return asn1_pop_tag(data);
+}
+
+/* NOTE: although openldap libraries allow for spaces in some places, mostly
+ * around parentheses, we do not allow any spaces (except in values of
+ * course) as I couldn't find any place in RFC 4512 or RFC 4515 where
+ * leading or trailing spaces were allowed.
+ */
+static bool tldap_push_filter(struct tldap_context *ld,
+ struct asn1_data *data,
+ const char *filter)
+{
+ const char *s = filter;
+ bool ret;
+
+ ret = tldap_push_filter_int(ld, data, &s);
+ if (ret && *s) {
+ tldap_debug(ld, TLDAP_DEBUG_ERROR,
+ "Incomplete or malformed filter\n");
+ return false;
+ }
+ return ret;
+}
+
+/*****************************************************************************/
+
+static void tldap_search_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_search_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ const char *base, int scope,
+ const char *filter,
+ const char **attrs,
+ int num_attrs,
+ int attrsonly,
+ struct tldap_control *sctrls,
+ int num_sctrls,
+ struct tldap_control *cctrls,
+ int num_cctrls,
+ int timelimit,
+ int sizelimit,
+ int deref)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_req_state *state;
+ int i;
+
+ req = tldap_req_create(mem_ctx, ld, &state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (!asn1_push_tag(state->out, TLDAP_REQ_SEARCH)) goto encoding_error;
+ if (!asn1_write_OctetString(state->out, base, strlen(base))) goto encoding_error;
+ if (!asn1_write_enumerated(state->out, scope)) goto encoding_error;
+ if (!asn1_write_enumerated(state->out, deref)) goto encoding_error;
+ if (!asn1_write_Integer(state->out, sizelimit)) goto encoding_error;
+ if (!asn1_write_Integer(state->out, timelimit)) goto encoding_error;
+ if (!asn1_write_BOOLEAN(state->out, attrsonly)) goto encoding_error;
+
+ if (!tldap_push_filter(ld, state->out, filter)) {
+ goto encoding_error;
+ }
+
+ if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto encoding_error;
+ for (i=0; i<num_attrs; i++) {
+ if (!asn1_write_OctetString(state->out, attrs[i], strlen(attrs[i]))) goto encoding_error;
+ }
+ if (!asn1_pop_tag(state->out)) goto encoding_error;
+ if (!asn1_pop_tag(state->out)) goto encoding_error;
+
+ subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
+ sctrls, num_sctrls);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_search_done, req);
+ return req;
+
+ encoding_error:
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+}
+
+static void tldap_search_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_req_state *state = tevent_req_data(
+ req, struct tldap_req_state);
+ TLDAPRC rc;
+
+ rc = tldap_msg_recv(subreq, state, &state->result);
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+ switch (state->result->type) {
+ case TLDAP_RES_SEARCH_ENTRY:
+ case TLDAP_RES_SEARCH_REFERENCE:
+ if (!tldap_msg_set_pending(subreq)) {
+ tevent_req_oom(req);
+ return;
+ }
+ tevent_req_notify_callback(req);
+ break;
+ case TLDAP_RES_SEARCH_RESULT:
+ TALLOC_FREE(subreq);
+ if (!asn1_start_tag(state->result->data,
+ state->result->type) ||
+ !tldap_decode_response(state) ||
+ !asn1_end_tag(state->result->data) ||
+ !tldap_decode_controls(state)) {
+ tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
+ return;
+ }
+ tevent_req_done(req);
+ break;
+ default:
+ tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
+ return;
+ }
+}
+
+TLDAPRC tldap_search_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct tldap_message **pmsg)
+{
+ struct tldap_req_state *state = tevent_req_data(
+ req, struct tldap_req_state);
+ TLDAPRC rc;
+
+ if (!tevent_req_is_in_progress(req)
+ && tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+
+ if (tevent_req_is_in_progress(req)) {
+ switch (state->result->type) {
+ case TLDAP_RES_SEARCH_ENTRY:
+ case TLDAP_RES_SEARCH_REFERENCE:
+ break;
+ default:
+ return TLDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ *pmsg = talloc_move(mem_ctx, &state->result);
+ return TLDAP_SUCCESS;
+}
+
+struct tldap_search_all_state {
+ struct tldap_message **msgs;
+ struct tldap_message *result;
+};
+
+static void tldap_search_all_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_search_all_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct tldap_context *ld, const char *base, int scope,
+ const char *filter, const char **attrs, int num_attrs, int attrsonly,
+ struct tldap_control *sctrls, int num_sctrls,
+ struct tldap_control *cctrls, int num_cctrls,
+ int timelimit, int sizelimit, int deref)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_search_all_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tldap_search_all_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = tldap_search_send(state, ev, ld, base, scope, filter,
+ attrs, num_attrs, attrsonly,
+ sctrls, num_sctrls, cctrls, num_cctrls,
+ timelimit, sizelimit, deref);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_search_all_done, req);
+ return req;
+}
+
+static void tldap_search_all_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_search_all_state *state = tevent_req_data(
+ req, struct tldap_search_all_state);
+ struct tldap_message *msg, **tmp;
+ size_t num_msgs;
+ TLDAPRC rc;
+ int msgtype;
+
+ rc = tldap_search_recv(subreq, state, &msg);
+ /* No TALLOC_FREE(subreq), this is multi-step */
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+
+ msgtype = tldap_msg_type(msg);
+ if (msgtype == TLDAP_RES_SEARCH_RESULT) {
+ state->result = msg;
+ tevent_req_done(req);
+ return;
+ }
+
+ num_msgs = talloc_array_length(state->msgs);
+
+ tmp = talloc_realloc(state, state->msgs, struct tldap_message *,
+ num_msgs + 1);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+ }
+ state->msgs = tmp;
+ state->msgs[num_msgs] = talloc_move(state->msgs, &msg);
+}
+
+TLDAPRC tldap_search_all_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct tldap_message ***msgs,
+ struct tldap_message **result)
+{
+ struct tldap_search_all_state *state = tevent_req_data(
+ req, struct tldap_search_all_state);
+ TLDAPRC rc;
+
+ if (tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+
+ if (msgs != NULL) {
+ *msgs = talloc_move(mem_ctx, &state->msgs);
+ }
+ if (result != NULL) {
+ *result = talloc_move(mem_ctx, &state->result);
+ }
+
+ return TLDAP_SUCCESS;
+}
+
+TLDAPRC tldap_search(struct tldap_context *ld,
+ const char *base, int scope, const char *filter,
+ const char **attrs, int num_attrs, int attrsonly,
+ struct tldap_control *sctrls, int num_sctrls,
+ struct tldap_control *cctrls, int num_cctrls,
+ int timelimit, int sizelimit, int deref,
+ TALLOC_CTX *mem_ctx, struct tldap_message ***pmsgs)
+{
+ TALLOC_CTX *frame;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+ struct tldap_message **msgs;
+ struct tldap_message *result;
+
+ if (tldap_pending_reqs(ld)) {
+ return TLDAP_BUSY;
+ }
+
+ frame = talloc_stackframe();
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_search_all_send(frame, ev, ld, base, scope, filter,
+ attrs, num_attrs, attrsonly,
+ sctrls, num_sctrls, cctrls, num_cctrls,
+ timelimit, sizelimit, deref);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+ rc = tldap_search_all_recv(req, frame, &msgs, &result);
+ TALLOC_FREE(req);
+ if (!TLDAP_RC_IS_SUCCESS(rc)) {
+ goto fail;
+ }
+
+ TALLOC_FREE(ld->last_msg);
+ ld->last_msg = talloc_move(ld, &result);
+
+ if (pmsgs != NULL) {
+ *pmsgs = talloc_move(mem_ctx, &msgs);
+ }
+fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
+
+static bool tldap_parse_search_entry(struct tldap_message *msg)
+{
+ int num_attribs = 0;
+
+ if (msg->type != TLDAP_RES_SEARCH_ENTRY) {
+ return false;
+ }
+ if (!asn1_start_tag(msg->data, TLDAP_RES_SEARCH_ENTRY)) {
+ return false;
+ }
+
+ /* dn */
+
+ if (!asn1_read_OctetString_talloc(msg, msg->data, &msg->dn)) return false;
+
+ if (msg->dn == NULL) {
+ return false;
+ }
+
+ /*
+ * Attributes: We overallocate msg->attribs by one, so that while
+ * looping over the attributes we can directly parse into the last
+ * array element. Same for the values in the inner loop.
+ */
+
+ msg->attribs = talloc_array(msg, struct tldap_attribute, 1);
+ if (msg->attribs == NULL) {
+ return false;
+ }
+
+ if (!asn1_start_tag(msg->data, ASN1_SEQUENCE(0))) return false;
+ while (asn1_peek_tag(msg->data, ASN1_SEQUENCE(0))) {
+ struct tldap_attribute *attrib;
+ int num_values = 0;
+
+ attrib = &msg->attribs[num_attribs];
+ attrib->values = talloc_array(msg->attribs, DATA_BLOB, 1);
+ if (attrib->values == NULL) {
+ return false;
+ }
+ if (!asn1_start_tag(msg->data, ASN1_SEQUENCE(0))) return false;
+ if (!asn1_read_OctetString_talloc(msg->attribs, msg->data,
+ &attrib->name)) return false;
+ if (!asn1_start_tag(msg->data, ASN1_SET)) return false;
+
+ while (asn1_peek_tag(msg->data, ASN1_OCTET_STRING)) {
+ if (!asn1_read_OctetString(msg->data, msg,
+ &attrib->values[num_values])) return false;
+
+ attrib->values = talloc_realloc(
+ msg->attribs, attrib->values, DATA_BLOB,
+ num_values + 2);
+ if (attrib->values == NULL) {
+ return false;
+ }
+ num_values += 1;
+ }
+ attrib->values = talloc_realloc(msg->attribs, attrib->values,
+ DATA_BLOB, num_values);
+ attrib->num_values = num_values;
+
+ if (!asn1_end_tag(msg->data)) return false; /* ASN1_SET */
+ if (!asn1_end_tag(msg->data)) return false; /* ASN1_SEQUENCE(0) */
+ msg->attribs = talloc_realloc(
+ msg, msg->attribs, struct tldap_attribute,
+ num_attribs + 2);
+ if (msg->attribs == NULL) {
+ return false;
+ }
+ num_attribs += 1;
+ }
+ msg->attribs = talloc_realloc(
+ msg, msg->attribs, struct tldap_attribute, num_attribs);
+ return asn1_end_tag(msg->data);
+}
+
+bool tldap_entry_dn(struct tldap_message *msg, char **dn)
+{
+ if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
+ return false;
+ }
+ *dn = msg->dn;
+ return true;
+}
+
+bool tldap_entry_attributes(struct tldap_message *msg,
+ struct tldap_attribute **attributes,
+ int *num_attributes)
+{
+ if ((msg->dn == NULL) && (!tldap_parse_search_entry(msg))) {
+ return false;
+ }
+ *attributes = msg->attribs;
+ *num_attributes = talloc_array_length(msg->attribs);
+ return true;
+}
+
+static bool tldap_decode_controls(struct tldap_req_state *state)
+{
+ struct tldap_message *msg = state->result;
+ struct asn1_data *data = msg->data;
+ struct tldap_control *sctrls = NULL;
+ int num_controls = 0;
+ bool ret = false;
+
+ msg->res_sctrls = NULL;
+
+ if (!asn1_peek_tag(data, ASN1_CONTEXT(0))) {
+ return true;
+ }
+
+ if (!asn1_start_tag(data, ASN1_CONTEXT(0))) goto out;
+
+ while (asn1_peek_tag(data, ASN1_SEQUENCE(0))) {
+ struct tldap_control *c;
+ char *oid = NULL;
+
+ sctrls = talloc_realloc(msg, sctrls, struct tldap_control,
+ num_controls + 1);
+ if (sctrls == NULL) {
+ goto out;
+ }
+ c = &sctrls[num_controls];
+
+ if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto out;
+ if (!asn1_read_OctetString_talloc(msg, data, &oid)) goto out;
+ if (asn1_has_error(data) || (oid == NULL)) {
+ goto out;
+ }
+ c->oid = oid;
+ if (asn1_peek_tag(data, ASN1_BOOLEAN)) {
+ if (!asn1_read_BOOLEAN(data, &c->critical)) goto out;
+ } else {
+ c->critical = false;
+ }
+ c->value = data_blob_null;
+ if (asn1_peek_tag(data, ASN1_OCTET_STRING) &&
+ !asn1_read_OctetString(data, msg, &c->value)) {
+ goto out;
+ }
+ if (!asn1_end_tag(data)) goto out; /* ASN1_SEQUENCE(0) */
+
+ num_controls += 1;
+ }
+
+ if (!asn1_end_tag(data)) goto out; /* ASN1_CONTEXT(0) */
+
+ ret = true;
+
+ out:
+
+ if (ret) {
+ msg->res_sctrls = sctrls;
+ } else {
+ TALLOC_FREE(sctrls);
+ }
+ return ret;
+}
+
+static void tldap_simple_done(struct tevent_req *subreq, int type)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_req_state *state = tevent_req_data(
+ req, struct tldap_req_state);
+ TLDAPRC rc;
+
+ rc = tldap_msg_recv(subreq, state, &state->result);
+ TALLOC_FREE(subreq);
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+ if (state->result->type != type) {
+ tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
+ return;
+ }
+ if (!asn1_start_tag(state->result->data, state->result->type) ||
+ !tldap_decode_response(state) ||
+ !asn1_end_tag(state->result->data) ||
+ !tldap_decode_controls(state)) {
+ tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
+ return;
+ }
+ if (!TLDAP_RC_IS_SUCCESS(state->result->lderr)) {
+ tevent_req_ldap_error(req, state->result->lderr);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static TLDAPRC tldap_simple_recv(struct tevent_req *req)
+{
+ TLDAPRC rc;
+ if (tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+ return TLDAP_SUCCESS;
+}
+
+static void tldap_add_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_add_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ const char *dn,
+ struct tldap_mod *attributes,
+ int num_attributes,
+ struct tldap_control *sctrls,
+ int num_sctrls,
+ struct tldap_control *cctrls,
+ int num_cctrls)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_req_state *state;
+ int i, j;
+
+ req = tldap_req_create(mem_ctx, ld, &state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (!asn1_push_tag(state->out, TLDAP_REQ_ADD)) goto err;
+ if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
+ if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
+
+ for (i=0; i<num_attributes; i++) {
+ struct tldap_mod *attrib = &attributes[i];
+ if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_write_OctetString(state->out, attrib->attribute,
+ strlen(attrib->attribute))) goto err;
+ if (!asn1_push_tag(state->out, ASN1_SET)) goto err;
+ for (j=0; j<attrib->num_values; j++) {
+ if (!asn1_write_OctetString(state->out,
+ attrib->values[j].data,
+ attrib->values[j].length)) goto err;
+ }
+ if (!asn1_pop_tag(state->out)) goto err;
+ if (!asn1_pop_tag(state->out)) goto err;
+ }
+
+ if (!asn1_pop_tag(state->out)) goto err;
+ if (!asn1_pop_tag(state->out)) goto err;
+
+ subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
+ sctrls, num_sctrls);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_add_done, req);
+ return req;
+
+ err:
+
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+}
+
+static void tldap_add_done(struct tevent_req *subreq)
+{
+ tldap_simple_done(subreq, TLDAP_RES_ADD);
+}
+
+TLDAPRC tldap_add_recv(struct tevent_req *req)
+{
+ return tldap_simple_recv(req);
+}
+
+TLDAPRC tldap_add(struct tldap_context *ld, const char *dn,
+ struct tldap_mod *attributes, int num_attributes,
+ struct tldap_control *sctrls, int num_sctrls,
+ struct tldap_control *cctrls, int num_cctrls)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_add_send(frame, ev, ld, dn, attributes, num_attributes,
+ sctrls, num_sctrls, cctrls, num_cctrls);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+ rc = tldap_add_recv(req);
+ tldap_save_msg(ld, req);
+ fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
+
+static void tldap_modify_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_modify_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ const char *dn,
+ struct tldap_mod *mods, int num_mods,
+ struct tldap_control *sctrls,
+ int num_sctrls,
+ struct tldap_control *cctrls,
+ int num_cctrls)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_req_state *state;
+ int i, j;
+
+ req = tldap_req_create(mem_ctx, ld, &state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (!asn1_push_tag(state->out, TLDAP_REQ_MODIFY)) goto err;
+ if (!asn1_write_OctetString(state->out, dn, strlen(dn))) goto err;
+ if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
+
+ for (i=0; i<num_mods; i++) {
+ struct tldap_mod *mod = &mods[i];
+ if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_write_enumerated(state->out, mod->mod_op)) goto err;
+ if (!asn1_push_tag(state->out, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_write_OctetString(state->out, mod->attribute,
+ strlen(mod->attribute))) goto err;
+ if (!asn1_push_tag(state->out, ASN1_SET)) goto err;
+ for (j=0; j<mod->num_values; j++) {
+ if (!asn1_write_OctetString(state->out,
+ mod->values[j].data,
+ mod->values[j].length)) goto err;
+ }
+ if (!asn1_pop_tag(state->out)) goto err;
+ if (!asn1_pop_tag(state->out)) goto err;
+ if (!asn1_pop_tag(state->out)) goto err;
+ }
+
+ if (!asn1_pop_tag(state->out)) goto err;
+ if (!asn1_pop_tag(state->out)) goto err;
+
+ subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
+ sctrls, num_sctrls);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_modify_done, req);
+ return req;
+
+ err:
+
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+}
+
+static void tldap_modify_done(struct tevent_req *subreq)
+{
+ tldap_simple_done(subreq, TLDAP_RES_MODIFY);
+}
+
+TLDAPRC tldap_modify_recv(struct tevent_req *req)
+{
+ return tldap_simple_recv(req);
+}
+
+TLDAPRC tldap_modify(struct tldap_context *ld, const char *dn,
+ struct tldap_mod *mods, int num_mods,
+ struct tldap_control *sctrls, int num_sctrls,
+ struct tldap_control *cctrls, int num_cctrls)
+ {
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_modify_send(frame, ev, ld, dn, mods, num_mods,
+ sctrls, num_sctrls, cctrls, num_cctrls);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+ rc = tldap_modify_recv(req);
+ tldap_save_msg(ld, req);
+ fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
+
+static void tldap_delete_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_delete_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ const char *dn,
+ struct tldap_control *sctrls,
+ int num_sctrls,
+ struct tldap_control *cctrls,
+ int num_cctrls)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_req_state *state;
+
+ req = tldap_req_create(mem_ctx, ld, &state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (!asn1_push_tag(state->out, TLDAP_REQ_DELETE)) goto err;
+ if (!asn1_write(state->out, dn, strlen(dn))) goto err;
+ if (!asn1_pop_tag(state->out)) goto err;
+
+ subreq = tldap_msg_send(state, ev, ld, state->id, state->out,
+ sctrls, num_sctrls);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_delete_done, req);
+ return req;
+
+ err:
+
+ tevent_req_ldap_error(req, TLDAP_ENCODING_ERROR);
+ return tevent_req_post(req, ev);
+}
+
+static void tldap_delete_done(struct tevent_req *subreq)
+{
+ tldap_simple_done(subreq, TLDAP_RES_DELETE);
+}
+
+TLDAPRC tldap_delete_recv(struct tevent_req *req)
+{
+ return tldap_simple_recv(req);
+}
+
+TLDAPRC tldap_delete(struct tldap_context *ld, const char *dn,
+ struct tldap_control *sctrls, int num_sctrls,
+ struct tldap_control *cctrls, int num_cctrls)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_delete_send(frame, ev, ld, dn, sctrls, num_sctrls,
+ cctrls, num_cctrls);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+ rc = tldap_delete_recv(req);
+ tldap_save_msg(ld, req);
+ fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
+
+int tldap_msg_id(const struct tldap_message *msg)
+{
+ return msg->id;
+}
+
+int tldap_msg_type(const struct tldap_message *msg)
+{
+ return msg->type;
+}
+
+const char *tldap_msg_matcheddn(struct tldap_message *msg)
+{
+ if (msg == NULL) {
+ return NULL;
+ }
+ return msg->res_matcheddn;
+}
+
+const char *tldap_msg_diagnosticmessage(struct tldap_message *msg)
+{
+ if (msg == NULL) {
+ return NULL;
+ }
+ return msg->res_diagnosticmessage;
+}
+
+const char *tldap_msg_referral(struct tldap_message *msg)
+{
+ if (msg == NULL) {
+ return NULL;
+ }
+ return msg->res_referral;
+}
+
+void tldap_msg_sctrls(struct tldap_message *msg, int *num_sctrls,
+ struct tldap_control **sctrls)
+{
+ if (msg == NULL) {
+ *sctrls = NULL;
+ *num_sctrls = 0;
+ return;
+ }
+ *sctrls = msg->res_sctrls;
+ *num_sctrls = talloc_array_length(msg->res_sctrls);
+}
+
+struct tldap_message *tldap_ctx_lastmsg(struct tldap_context *ld)
+{
+ return ld->last_msg;
+}
+
+static const struct { TLDAPRC rc; const char *string; } tldaprc_errmap[] =
+{
+ { TLDAP_SUCCESS,
+ "TLDAP_SUCCESS" },
+ { TLDAP_OPERATIONS_ERROR,
+ "TLDAP_OPERATIONS_ERROR" },
+ { TLDAP_PROTOCOL_ERROR,
+ "TLDAP_PROTOCOL_ERROR" },
+ { TLDAP_TIMELIMIT_EXCEEDED,
+ "TLDAP_TIMELIMIT_EXCEEDED" },
+ { TLDAP_SIZELIMIT_EXCEEDED,
+ "TLDAP_SIZELIMIT_EXCEEDED" },
+ { TLDAP_COMPARE_FALSE,
+ "TLDAP_COMPARE_FALSE" },
+ { TLDAP_COMPARE_TRUE,
+ "TLDAP_COMPARE_TRUE" },
+ { TLDAP_STRONG_AUTH_NOT_SUPPORTED,
+ "TLDAP_STRONG_AUTH_NOT_SUPPORTED" },
+ { TLDAP_STRONG_AUTH_REQUIRED,
+ "TLDAP_STRONG_AUTH_REQUIRED" },
+ { TLDAP_REFERRAL,
+ "TLDAP_REFERRAL" },
+ { TLDAP_ADMINLIMIT_EXCEEDED,
+ "TLDAP_ADMINLIMIT_EXCEEDED" },
+ { TLDAP_UNAVAILABLE_CRITICAL_EXTENSION,
+ "TLDAP_UNAVAILABLE_CRITICAL_EXTENSION" },
+ { TLDAP_CONFIDENTIALITY_REQUIRED,
+ "TLDAP_CONFIDENTIALITY_REQUIRED" },
+ { TLDAP_SASL_BIND_IN_PROGRESS,
+ "TLDAP_SASL_BIND_IN_PROGRESS" },
+ { TLDAP_NO_SUCH_ATTRIBUTE,
+ "TLDAP_NO_SUCH_ATTRIBUTE" },
+ { TLDAP_UNDEFINED_TYPE,
+ "TLDAP_UNDEFINED_TYPE" },
+ { TLDAP_INAPPROPRIATE_MATCHING,
+ "TLDAP_INAPPROPRIATE_MATCHING" },
+ { TLDAP_CONSTRAINT_VIOLATION,
+ "TLDAP_CONSTRAINT_VIOLATION" },
+ { TLDAP_TYPE_OR_VALUE_EXISTS,
+ "TLDAP_TYPE_OR_VALUE_EXISTS" },
+ { TLDAP_INVALID_SYNTAX,
+ "TLDAP_INVALID_SYNTAX" },
+ { TLDAP_NO_SUCH_OBJECT,
+ "TLDAP_NO_SUCH_OBJECT" },
+ { TLDAP_ALIAS_PROBLEM,
+ "TLDAP_ALIAS_PROBLEM" },
+ { TLDAP_INVALID_DN_SYNTAX,
+ "TLDAP_INVALID_DN_SYNTAX" },
+ { TLDAP_IS_LEAF,
+ "TLDAP_IS_LEAF" },
+ { TLDAP_ALIAS_DEREF_PROBLEM,
+ "TLDAP_ALIAS_DEREF_PROBLEM" },
+ { TLDAP_INAPPROPRIATE_AUTH,
+ "TLDAP_INAPPROPRIATE_AUTH" },
+ { TLDAP_INVALID_CREDENTIALS,
+ "TLDAP_INVALID_CREDENTIALS" },
+ { TLDAP_INSUFFICIENT_ACCESS,
+ "TLDAP_INSUFFICIENT_ACCESS" },
+ { TLDAP_BUSY,
+ "TLDAP_BUSY" },
+ { TLDAP_UNAVAILABLE,
+ "TLDAP_UNAVAILABLE" },
+ { TLDAP_UNWILLING_TO_PERFORM,
+ "TLDAP_UNWILLING_TO_PERFORM" },
+ { TLDAP_LOOP_DETECT,
+ "TLDAP_LOOP_DETECT" },
+ { TLDAP_NAMING_VIOLATION,
+ "TLDAP_NAMING_VIOLATION" },
+ { TLDAP_OBJECT_CLASS_VIOLATION,
+ "TLDAP_OBJECT_CLASS_VIOLATION" },
+ { TLDAP_NOT_ALLOWED_ON_NONLEAF,
+ "TLDAP_NOT_ALLOWED_ON_NONLEAF" },
+ { TLDAP_NOT_ALLOWED_ON_RDN,
+ "TLDAP_NOT_ALLOWED_ON_RDN" },
+ { TLDAP_ALREADY_EXISTS,
+ "TLDAP_ALREADY_EXISTS" },
+ { TLDAP_NO_OBJECT_CLASS_MODS,
+ "TLDAP_NO_OBJECT_CLASS_MODS" },
+ { TLDAP_RESULTS_TOO_LARGE,
+ "TLDAP_RESULTS_TOO_LARGE" },
+ { TLDAP_AFFECTS_MULTIPLE_DSAS,
+ "TLDAP_AFFECTS_MULTIPLE_DSAS" },
+ { TLDAP_OTHER,
+ "TLDAP_OTHER" },
+ { TLDAP_SERVER_DOWN,
+ "TLDAP_SERVER_DOWN" },
+ { TLDAP_LOCAL_ERROR,
+ "TLDAP_LOCAL_ERROR" },
+ { TLDAP_ENCODING_ERROR,
+ "TLDAP_ENCODING_ERROR" },
+ { TLDAP_DECODING_ERROR,
+ "TLDAP_DECODING_ERROR" },
+ { TLDAP_TIMEOUT,
+ "TLDAP_TIMEOUT" },
+ { TLDAP_AUTH_UNKNOWN,
+ "TLDAP_AUTH_UNKNOWN" },
+ { TLDAP_FILTER_ERROR,
+ "TLDAP_FILTER_ERROR" },
+ { TLDAP_USER_CANCELLED,
+ "TLDAP_USER_CANCELLED" },
+ { TLDAP_PARAM_ERROR,
+ "TLDAP_PARAM_ERROR" },
+ { TLDAP_NO_MEMORY,
+ "TLDAP_NO_MEMORY" },
+ { TLDAP_CONNECT_ERROR,
+ "TLDAP_CONNECT_ERROR" },
+ { TLDAP_NOT_SUPPORTED,
+ "TLDAP_NOT_SUPPORTED" },
+ { TLDAP_CONTROL_NOT_FOUND,
+ "TLDAP_CONTROL_NOT_FOUND" },
+ { TLDAP_NO_RESULTS_RETURNED,
+ "TLDAP_NO_RESULTS_RETURNED" },
+ { TLDAP_MORE_RESULTS_TO_RETURN,
+ "TLDAP_MORE_RESULTS_TO_RETURN" },
+ { TLDAP_CLIENT_LOOP,
+ "TLDAP_CLIENT_LOOP" },
+ { TLDAP_REFERRAL_LIMIT_EXCEEDED,
+ "TLDAP_REFERRAL_LIMIT_EXCEEDED" },
+};
+
+const char *tldap_rc2string(TLDAPRC rc)
+{
+ size_t i;
+
+ for (i=0; i<ARRAY_SIZE(tldaprc_errmap); i++) {
+ if (TLDAP_RC_EQUAL(rc, tldaprc_errmap[i].rc)) {
+ return tldaprc_errmap[i].string;
+ }
+ }
+
+ return "Unknown LDAP Error";
+}
diff --git a/source3/lib/tldap_gensec_bind.c b/source3/lib/tldap_gensec_bind.c
new file mode 100644
index 0000000..c409213
--- /dev/null
+++ b/source3/lib/tldap_gensec_bind.c
@@ -0,0 +1,366 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Gensec based tldap auth
+ * Copyright (C) Volker Lendecke 2015
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "tldap_gensec_bind.h"
+#include "tldap_util.h"
+#include "lib/util/tevent_unix.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/samba_util.h"
+#include "lib/util/debug.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
+#include "lib/param/param.h"
+#include "source4/auth/gensec/gensec_tstream.h"
+
+struct tldap_gensec_bind_state {
+ struct tevent_context *ev;
+ struct tldap_context *ctx;
+ struct cli_credentials *creds;
+ const char *target_service;
+ const char *target_hostname;
+ const char *target_principal;
+ struct loadparm_context *lp_ctx;
+ uint32_t gensec_features;
+
+ bool first;
+ struct gensec_security *gensec;
+ NTSTATUS gensec_status;
+ DATA_BLOB gensec_output;
+};
+
+static void tldap_gensec_bind_got_mechs(struct tevent_req *subreq);
+static void tldap_gensec_update_done(struct tldap_gensec_bind_state *state,
+ struct tevent_req *subreq);
+static void tldap_gensec_bind_done(struct tevent_req *subreq);
+
+static struct tevent_req *tldap_gensec_bind_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct tldap_context *ctx, struct cli_credentials *creds,
+ const char *target_service, const char *target_hostname,
+ const char *target_principal, struct loadparm_context *lp_ctx,
+ uint32_t gensec_features)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_gensec_bind_state *state;
+
+ const char *attrs[] = { "supportedSASLMechanisms" };
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tldap_gensec_bind_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ctx = ctx;
+ state->creds = creds;
+ state->target_service = target_service;
+ state->target_hostname = target_hostname;
+ state->target_principal = target_principal;
+ state->lp_ctx = lp_ctx;
+ state->gensec_features = gensec_features;
+ state->first = true;
+
+ subreq = tldap_search_all_send(
+ state, state->ev, state->ctx, "", TLDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, ARRAY_SIZE(attrs),
+ false, NULL, 0, NULL, 0, 0, 1 /* sizelimit */, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_gensec_bind_got_mechs, req);
+ return req;
+}
+
+static void tldap_gensec_bind_got_mechs(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_gensec_bind_state *state = tevent_req_data(
+ req, struct tldap_gensec_bind_state);
+ struct tldap_message **msgs, *msg, *result;
+ struct tldap_attribute *attribs, *attrib;
+ int num_attribs;
+ size_t num_msgs;
+ TLDAPRC rc;
+ int i;
+ bool ok;
+ const char **sasl_mechs;
+ NTSTATUS status;
+
+ rc = tldap_search_all_recv(subreq, state, &msgs, &result);
+ TALLOC_FREE(subreq);
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+
+ /*
+ * TODO: Inspect "Result"
+ */
+
+ num_msgs = talloc_array_length(msgs);
+ if (num_msgs != 1) {
+ DBG_DEBUG("num_msgs = %zu\n", num_msgs);
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ msg = msgs[0];
+
+ ok = tldap_entry_attributes(msg, &attribs, &num_attribs);
+ if (!ok) {
+ DBG_DEBUG("tldap_entry_attributes failed\n");
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ if (num_attribs != 1) {
+ DBG_DEBUG("num_attribs = %d\n", num_attribs);
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ attrib = &attribs[0];
+
+ sasl_mechs = talloc_array(state, const char *, attrib->num_values+1);
+ if (tevent_req_nomem(sasl_mechs, req)) {
+ return;
+ }
+
+ for (i=0; i<attrib->num_values; i++) {
+ DATA_BLOB *v = &attrib->values[i];
+ size_t len;
+
+ ok = convert_string_talloc(sasl_mechs, CH_UTF8, CH_UNIX,
+ v->data, v->length,
+ &sasl_mechs[i], &len);
+ if (!ok) {
+ DBG_DEBUG("convert_string_talloc failed\n");
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ }
+ sasl_mechs[attrib->num_values] = NULL;
+
+ gensec_init();
+
+ status = gensec_client_start(
+ state, &state->gensec,
+ lpcfg_gensec_settings(state, state->lp_ctx));
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_client_start failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ status = gensec_set_credentials(state->gensec, state->creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_credentials failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ status = gensec_set_target_service(state->gensec,
+ state->target_service);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_target_service failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ if (state->target_hostname != NULL) {
+ status = gensec_set_target_hostname(state->gensec,
+ state->target_hostname);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_target_hostname failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ }
+
+ if (state->target_principal != NULL) {
+ status = gensec_set_target_principal(state->gensec,
+ state->target_principal);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_set_target_principal failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+ }
+
+ gensec_want_feature(state->gensec, state->gensec_features);
+
+ status = gensec_start_mech_by_sasl_list(state->gensec, sasl_mechs);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_start_mech_by_sasl_list failed: %s\n",
+ nt_errstr(status));
+ tevent_req_ldap_error(req, TLDAP_OPERATIONS_ERROR);
+ return;
+ }
+
+ state->gensec_status = gensec_update(state->gensec, state,
+ data_blob_null,
+ &state->gensec_output);
+ tldap_gensec_update_done(state, req);
+}
+
+static void tldap_gensec_update_done(struct tldap_gensec_bind_state *state,
+ struct tevent_req *req)
+{
+ struct tevent_req *subreq;
+
+ if (!NT_STATUS_IS_OK(state->gensec_status) &&
+ !NT_STATUS_EQUAL(state->gensec_status,
+ NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ DBG_DEBUG("gensec_update failed: %s\n",
+ nt_errstr(state->gensec_status));
+ tevent_req_ldap_error(req, TLDAP_INVALID_CREDENTIALS);
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(state->gensec_status) &&
+ (state->gensec_output.length == 0)) {
+
+ if (state->first) {
+ tevent_req_ldap_error(req, TLDAP_INVALID_CREDENTIALS);
+ } else {
+ tevent_req_done(req);
+ }
+ return;
+ }
+
+ state->first = false;
+
+ subreq = tldap_sasl_bind_send(
+ state, state->ev, state->ctx, "",
+ state->gensec->ops->sasl_name, &state->gensec_output,
+ NULL, 0, NULL, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, tldap_gensec_bind_done, req);
+}
+
+static void tldap_gensec_bind_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_gensec_bind_state *state = tevent_req_data(
+ req, struct tldap_gensec_bind_state);
+ DATA_BLOB input;
+ TLDAPRC rc;
+
+ rc = tldap_sasl_bind_recv(subreq, state, &input);
+ TALLOC_FREE(subreq);
+ if (!TLDAP_RC_IS_SUCCESS(rc) &&
+ !TLDAP_RC_EQUAL(rc, TLDAP_SASL_BIND_IN_PROGRESS)) {
+ tevent_req_ldap_error(req, rc);
+ return;
+ }
+
+ if (TLDAP_RC_IS_SUCCESS(rc) && NT_STATUS_IS_OK(state->gensec_status)) {
+ tevent_req_done(req);
+ return;
+ }
+
+ state->gensec_status = gensec_update(state->gensec, state,
+ input,
+ &state->gensec_output);
+ tldap_gensec_update_done(state, req);
+}
+
+static TLDAPRC tldap_gensec_bind_recv(struct tevent_req *req)
+{
+ struct tldap_gensec_bind_state *state = tevent_req_data(
+ req, struct tldap_gensec_bind_state);
+ struct tstream_context *plain, *sec;
+ NTSTATUS status;
+ TLDAPRC rc;
+
+ if (tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+
+ if ((state->gensec_features & GENSEC_FEATURE_SIGN) &&
+ !gensec_have_feature(state->gensec, GENSEC_FEATURE_SIGN)) {
+ return TLDAP_OPERATIONS_ERROR;
+ }
+ if ((state->gensec_features & GENSEC_FEATURE_SEAL) &&
+ !gensec_have_feature(state->gensec, GENSEC_FEATURE_SEAL)) {
+ return TLDAP_OPERATIONS_ERROR;
+ }
+
+ if (!gensec_have_feature(state->gensec, GENSEC_FEATURE_SIGN) &&
+ !gensec_have_feature(state->gensec, GENSEC_FEATURE_SEAL)) {
+ return TLDAP_SUCCESS;
+ }
+
+ /*
+ * The gensec ctx needs to survive as long as the ldap context
+ * lives
+ */
+ talloc_steal(state->ctx, state->gensec);
+
+ plain = tldap_get_tstream(state->ctx);
+
+ status = gensec_create_tstream(state->ctx, state->gensec,
+ plain, &sec);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("gensec_create_tstream failed: %s\n",
+ nt_errstr(status));
+ return TLDAP_OPERATIONS_ERROR;
+ }
+
+ tldap_set_tstream(state->ctx, sec);
+
+ return TLDAP_SUCCESS;
+}
+
+TLDAPRC tldap_gensec_bind(
+ struct tldap_context *ctx, struct cli_credentials *creds,
+ const char *target_service, const char *target_hostname,
+ const char *target_principal, struct loadparm_context *lp_ctx,
+ uint32_t gensec_features)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_gensec_bind_send(frame, ev, ctx, creds, target_service,
+ target_hostname, target_principal, lp_ctx,
+ gensec_features);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+ rc = tldap_gensec_bind_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
diff --git a/source3/lib/tldap_gensec_bind.h b/source3/lib/tldap_gensec_bind.h
new file mode 100644
index 0000000..cb6b8e6
--- /dev/null
+++ b/source3/lib/tldap_gensec_bind.h
@@ -0,0 +1,33 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Gensec based tldap bind
+ * Copyright (C) Volker Lendecke 2015
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __TLDAP_GENSEC_BIND_H__
+#define __TLDAP_GENSEC_BIND_H__
+
+#include "replace.h"
+#include "tldap.h"
+#include "auth/credentials/credentials.h"
+
+TLDAPRC tldap_gensec_bind(
+ struct tldap_context *ctx, struct cli_credentials *creds,
+ const char *target_service, const char *target_hostname,
+ const char *target_principal, struct loadparm_context *lp_ctx,
+ uint32_t gensec_features);
+
+#endif
diff --git a/source3/lib/tldap_util.c b/source3/lib/tldap_util.c
new file mode 100644
index 0000000..89aea4c
--- /dev/null
+++ b/source3/lib/tldap_util.c
@@ -0,0 +1,843 @@
+/*
+ Unix SMB/CIFS implementation.
+ Infrastructure for async ldap client requests
+ Copyright (C) Volker Lendecke 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "tldap.h"
+#include "tldap_util.h"
+#include "../libcli/security/security.h"
+#include "../lib/util/asn1.h"
+#include "lib/util/smb_strtox.h"
+
+bool tldap_entry_values(struct tldap_message *msg, const char *attribute,
+ DATA_BLOB **values, int *num_values)
+{
+ struct tldap_attribute *attributes;
+ int i, num_attributes;
+
+ if (!tldap_entry_attributes(msg, &attributes, &num_attributes)) {
+ return false;
+ }
+
+ for (i=0; i<num_attributes; i++) {
+ if (strequal(attribute, attributes[i].name)) {
+ break;
+ }
+ }
+ if (i == num_attributes) {
+ return false;
+ }
+ *num_values = attributes[i].num_values;
+ *values = attributes[i].values;
+ return true;
+}
+
+bool tldap_get_single_valueblob(struct tldap_message *msg,
+ const char *attribute, DATA_BLOB *blob)
+{
+ int num_values;
+ DATA_BLOB *values;
+
+ if (attribute == NULL) {
+ return NULL;
+ }
+ if (!tldap_entry_values(msg, attribute, &values, &num_values)) {
+ return NULL;
+ }
+ if (num_values != 1) {
+ return NULL;
+ }
+ *blob = values[0];
+ return true;
+}
+
+char *tldap_talloc_single_attribute(struct tldap_message *msg,
+ const char *attribute,
+ TALLOC_CTX *mem_ctx)
+{
+ DATA_BLOB val;
+ char *result;
+ size_t len;
+
+ if (!tldap_get_single_valueblob(msg, attribute, &val)) {
+ return NULL;
+ }
+ if (!convert_string_talloc(mem_ctx, CH_UTF8, CH_UNIX,
+ val.data, val.length,
+ &result, &len)) {
+ return NULL;
+ }
+ return result;
+}
+
+bool tldap_pull_binsid(struct tldap_message *msg, const char *attribute,
+ struct dom_sid *sid)
+{
+ DATA_BLOB val;
+ ssize_t ret;
+
+ if (!tldap_get_single_valueblob(msg, attribute, &val)) {
+ return false;
+ }
+ ret = sid_parse(val.data, val.length, sid);
+ return (ret != -1);
+}
+
+bool tldap_pull_guid(struct tldap_message *msg, const char *attribute,
+ struct GUID *guid)
+{
+ DATA_BLOB val;
+
+ if (!tldap_get_single_valueblob(msg, attribute, &val)) {
+ return false;
+ }
+ return NT_STATUS_IS_OK(GUID_from_data_blob(&val, guid));
+}
+
+static bool tldap_add_blob_vals(TALLOC_CTX *mem_ctx, struct tldap_mod *mod,
+ DATA_BLOB *newvals, int num_newvals)
+{
+ int num_values = talloc_array_length(mod->values);
+ int i;
+ DATA_BLOB *tmp;
+
+ tmp = talloc_realloc(mem_ctx, mod->values, DATA_BLOB,
+ num_values + num_newvals);
+ if (tmp == NULL) {
+ return false;
+ }
+ mod->values = tmp;
+
+ for (i=0; i<num_newvals; i++) {
+ mod->values[i+num_values].data = (uint8_t *)talloc_memdup(
+ mod->values, newvals[i].data, newvals[i].length);
+ if (mod->values[i+num_values].data == NULL) {
+ return false;
+ }
+ mod->values[i+num_values].length = newvals[i].length;
+ }
+ mod->num_values = num_values + num_newvals;
+ return true;
+}
+
+bool tldap_add_mod_blobs(TALLOC_CTX *mem_ctx,
+ struct tldap_mod **pmods, int *pnum_mods,
+ int mod_op, const char *attrib,
+ DATA_BLOB *newvals, int num_newvals)
+{
+ struct tldap_mod new_mod;
+ struct tldap_mod *mods = *pmods;
+ struct tldap_mod *mod = NULL;
+ int i, num_mods;
+
+ if (mods == NULL) {
+ mods = talloc_array(mem_ctx, struct tldap_mod, 0);
+ }
+ if (mods == NULL) {
+ return false;
+ }
+
+ num_mods = *pnum_mods;
+
+ for (i=0; i<num_mods; i++) {
+ if ((mods[i].mod_op == mod_op)
+ && strequal(mods[i].attribute, attrib)) {
+ mod = &mods[i];
+ break;
+ }
+ }
+
+ if (mod == NULL) {
+ new_mod.mod_op = mod_op;
+ new_mod.attribute = talloc_strdup(mods, attrib);
+ if (new_mod.attribute == NULL) {
+ return false;
+ }
+ new_mod.num_values = 0;
+ new_mod.values = NULL;
+ mod = &new_mod;
+ }
+
+ if ((num_newvals != 0)
+ && !tldap_add_blob_vals(mods, mod, newvals, num_newvals)) {
+ return false;
+ }
+
+ if ((i == num_mods) && (talloc_array_length(mods) < num_mods + 1)) {
+ mods = talloc_realloc(talloc_tos(), mods, struct tldap_mod,
+ num_mods+1);
+ if (mods == NULL) {
+ return false;
+ }
+ mods[num_mods] = *mod;
+ }
+
+ *pmods = mods;
+ *pnum_mods += 1;
+ return true;
+}
+
+bool tldap_add_mod_str(TALLOC_CTX *mem_ctx,
+ struct tldap_mod **pmods, int *pnum_mods,
+ int mod_op, const char *attrib, const char *str)
+{
+ DATA_BLOB utf8;
+ bool ret;
+
+ if (!convert_string_talloc(talloc_tos(), CH_UNIX, CH_UTF8, str,
+ strlen(str), &utf8.data, &utf8.length)) {
+ return false;
+ }
+
+ ret = tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods, mod_op, attrib,
+ &utf8, 1);
+ TALLOC_FREE(utf8.data);
+ return ret;
+}
+
+static bool tldap_make_mod_blob_int(struct tldap_message *existing,
+ TALLOC_CTX *mem_ctx,
+ struct tldap_mod **pmods, int *pnum_mods,
+ const char *attrib, DATA_BLOB newval,
+ int (*comparison)(const DATA_BLOB *d1,
+ const DATA_BLOB *d2))
+{
+ int num_values = 0;
+ DATA_BLOB *values = NULL;
+ DATA_BLOB oldval = data_blob_null;
+
+ if ((existing != NULL)
+ && tldap_entry_values(existing, attrib, &values, &num_values)) {
+
+ if (num_values > 1) {
+ /* can't change multivalue attributes atm */
+ return false;
+ }
+ if (num_values == 1) {
+ oldval = values[0];
+ }
+ }
+
+ if ((oldval.data != NULL) && (newval.data != NULL)
+ && (comparison(&oldval, &newval) == 0)) {
+ /* Believe it or not, but LDAP will deny a delete and
+ an add at the same time if the values are the
+ same... */
+ DEBUG(10,("tldap_make_mod_blob_int: attribute |%s| not "
+ "changed.\n", attrib));
+ return true;
+ }
+
+ if (oldval.data != NULL) {
+ /* By deleting exactly the value we found in the entry this
+ * should be race-free in the sense that the LDAP-Server will
+ * deny the complete operation if somebody changed the
+ * attribute behind our back. */
+ /* This will also allow modifying single valued attributes in
+ * Novell NDS. In NDS you have to first remove attribute and
+ * then you could add new value */
+
+ DEBUG(10, ("tldap_make_mod_blob_int: deleting attribute |%s|\n",
+ attrib));
+ if (!tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods,
+ TLDAP_MOD_DELETE,
+ attrib, &oldval, 1)) {
+ return false;
+ }
+ }
+
+ /* Regardless of the real operation (add or modify)
+ we add the new value here. We rely on deleting
+ the old value, should it exist. */
+
+ if (newval.data != NULL) {
+ DEBUG(10, ("tldap_make_mod_blob_int: adding attribute |%s| value len "
+ "%d\n", attrib, (int)newval.length));
+ if (!tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods,
+ TLDAP_MOD_ADD,
+ attrib, &newval, 1)) {
+ return false;
+ }
+ }
+ return true;
+}
+
+bool tldap_make_mod_blob(struct tldap_message *existing, TALLOC_CTX *mem_ctx,
+ struct tldap_mod **pmods, int *pnum_mods,
+ const char *attrib, DATA_BLOB newval)
+{
+ return tldap_make_mod_blob_int(existing, mem_ctx, pmods, pnum_mods,
+ attrib, newval, data_blob_cmp);
+}
+
+static int compare_utf8_blobs(const DATA_BLOB *d1, const DATA_BLOB *d2)
+{
+ char *s1, *s2;
+ size_t s1len, s2len;
+ int ret;
+
+ if (!convert_string_talloc(talloc_tos(), CH_UTF8, CH_UNIX, d1->data,
+ d1->length, &s1, &s1len)) {
+ /* can't do much here */
+ return 0;
+ }
+ if (!convert_string_talloc(talloc_tos(), CH_UTF8, CH_UNIX, d2->data,
+ d2->length, &s2, &s2len)) {
+ /* can't do much here */
+ TALLOC_FREE(s1);
+ return 0;
+ }
+ ret = strcasecmp_m(s1, s2);
+ TALLOC_FREE(s2);
+ TALLOC_FREE(s1);
+ return ret;
+}
+
+bool tldap_make_mod_fmt(struct tldap_message *existing, TALLOC_CTX *mem_ctx,
+ struct tldap_mod **pmods, int *pnum_mods,
+ const char *attrib, const char *fmt, ...)
+{
+ va_list ap;
+ char *newval;
+ bool ret;
+ DATA_BLOB blob = data_blob_null;
+
+ va_start(ap, fmt);
+ newval = talloc_vasprintf(talloc_tos(), fmt, ap);
+ va_end(ap);
+
+ if (newval == NULL) {
+ return false;
+ }
+
+ blob.length = strlen(newval);
+ if (blob.length != 0) {
+ blob.data = discard_const_p(uint8_t, newval);
+ }
+ ret = tldap_make_mod_blob_int(existing, mem_ctx, pmods, pnum_mods,
+ attrib, blob, compare_utf8_blobs);
+ TALLOC_FREE(newval);
+ return ret;
+}
+
+const char *tldap_errstr(TALLOC_CTX *mem_ctx, struct tldap_context *ld,
+ TLDAPRC rc)
+{
+ const char *ld_error = NULL;
+ char *res;
+
+ if (ld != NULL) {
+ ld_error = tldap_msg_diagnosticmessage(tldap_ctx_lastmsg(ld));
+ }
+ res = talloc_asprintf(mem_ctx, "LDAP error %d (%s), %s",
+ (int)TLDAP_RC_V(rc), tldap_rc2string(rc),
+ ld_error ? ld_error : "unknown");
+ return res;
+}
+
+TLDAPRC tldap_search_va(struct tldap_context *ld, const char *base, int scope,
+ const char *attrs[], int num_attrs, int attrsonly,
+ TALLOC_CTX *mem_ctx, struct tldap_message ***res,
+ const char *fmt, va_list ap)
+{
+ char *filter;
+ TLDAPRC rc;
+
+ filter = talloc_vasprintf(talloc_tos(), fmt, ap);
+ if (filter == NULL) {
+ return TLDAP_NO_MEMORY;
+ }
+
+ rc = tldap_search(ld, base, scope, filter,
+ attrs, num_attrs, attrsonly,
+ NULL /*sctrls*/, 0, NULL /*cctrls*/, 0,
+ 0 /*timelimit*/, 0 /*sizelimit*/, 0 /*deref*/,
+ mem_ctx, res);
+ TALLOC_FREE(filter);
+ return rc;
+}
+
+TLDAPRC tldap_search_fmt(struct tldap_context *ld, const char *base, int scope,
+ const char *attrs[], int num_attrs, int attrsonly,
+ TALLOC_CTX *mem_ctx, struct tldap_message ***res,
+ const char *fmt, ...)
+{
+ va_list ap;
+ TLDAPRC rc;
+
+ va_start(ap, fmt);
+ rc = tldap_search_va(ld, base, scope, attrs, num_attrs, attrsonly,
+ mem_ctx, res, fmt, ap);
+ va_end(ap);
+ return rc;
+}
+
+bool tldap_pull_uint64(struct tldap_message *msg, const char *attr,
+ uint64_t *presult)
+{
+ char *str;
+ uint64_t result;
+ int error = 0;
+
+ str = tldap_talloc_single_attribute(msg, attr, talloc_tos());
+ if (str == NULL) {
+ DEBUG(10, ("Could not find attribute %s\n", attr));
+ return false;
+ }
+
+ result = smb_strtoull(str, NULL, 10, &error, SMB_STR_STANDARD);
+ if (error != 0) {
+ DBG_DEBUG("Attribute conversion failed (%s)\n",
+ strerror(error));
+ TALLOC_FREE(str);
+ return false;
+ }
+
+ TALLOC_FREE(str);
+ *presult = result;
+ return true;
+}
+
+bool tldap_pull_uint32(struct tldap_message *msg, const char *attr,
+ uint32_t *presult)
+{
+ uint64_t result;
+
+ if (!tldap_pull_uint64(msg, attr, &result)) {
+ return false;
+ }
+ *presult = (uint32_t)result;
+ return true;
+}
+
+struct tldap_fetch_rootdse_state {
+ struct tldap_context *ld;
+ struct tldap_message *rootdse;
+};
+
+static void tldap_fetch_rootdse_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_fetch_rootdse_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_fetch_rootdse_state *state;
+ static const char *attrs[2] = { "*", "+" };
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tldap_fetch_rootdse_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ld = ld;
+ state->rootdse = NULL;
+
+ subreq = tldap_search_send(
+ mem_ctx, ev, ld, "", TLDAP_SCOPE_BASE, "(objectclass=*)",
+ attrs, ARRAY_SIZE(attrs), 0, NULL, 0, NULL, 0, 0, 0, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_fetch_rootdse_done, req);
+ return req;
+}
+
+static void tldap_fetch_rootdse_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_fetch_rootdse_state *state = tevent_req_data(
+ req, struct tldap_fetch_rootdse_state);
+ struct tldap_message *msg;
+ TLDAPRC rc;
+
+ rc = tldap_search_recv(subreq, state, &msg);
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+
+ switch (tldap_msg_type(msg)) {
+ case TLDAP_RES_SEARCH_ENTRY:
+ if (state->rootdse != NULL) {
+ goto protocol_error;
+ }
+ state->rootdse = msg;
+ break;
+ case TLDAP_RES_SEARCH_RESULT:
+ TALLOC_FREE(subreq);
+ if (state->rootdse == NULL) {
+ goto protocol_error;
+ }
+ tevent_req_done(req);
+ break;
+ default:
+ goto protocol_error;
+ }
+ return;
+
+protocol_error:
+ tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
+ return;
+}
+
+TLDAPRC tldap_fetch_rootdse_recv(struct tevent_req *req)
+{
+ struct tldap_fetch_rootdse_state *state = tevent_req_data(
+ req, struct tldap_fetch_rootdse_state);
+ TLDAPRC rc;
+ char *dn;
+
+ if (tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+ /* Trigger parsing the dn, just to make sure it's ok */
+ if (!tldap_entry_dn(state->rootdse, &dn)) {
+ return TLDAP_DECODING_ERROR;
+ }
+ if (!tldap_context_setattr(state->ld, "tldap:rootdse",
+ &state->rootdse)) {
+ return TLDAP_NO_MEMORY;
+ }
+ return TLDAP_SUCCESS;
+}
+
+TLDAPRC tldap_fetch_rootdse(struct tldap_context *ld)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ TLDAPRC rc = TLDAP_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = tldap_fetch_rootdse_send(frame, ev, ld);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ rc = TLDAP_OPERATIONS_ERROR;
+ goto fail;
+ }
+
+ rc = tldap_fetch_rootdse_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return rc;
+}
+
+struct tldap_message *tldap_rootdse(struct tldap_context *ld)
+{
+ return talloc_get_type(tldap_context_getattr(ld, "tldap:rootdse"),
+ struct tldap_message);
+}
+
+bool tldap_entry_has_attrvalue(struct tldap_message *msg,
+ const char *attribute,
+ const DATA_BLOB blob)
+{
+ int i, num_values;
+ DATA_BLOB *values;
+
+ if (!tldap_entry_values(msg, attribute, &values, &num_values)) {
+ return false;
+ }
+ for (i=0; i<num_values; i++) {
+ if (data_blob_cmp(&values[i], &blob) == 0) {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool tldap_supports_control(struct tldap_context *ld, const char *oid)
+{
+ struct tldap_message *rootdse = tldap_rootdse(ld);
+
+ if (rootdse == NULL) {
+ return false;
+ }
+ return tldap_entry_has_attrvalue(rootdse, "supportedControl",
+ data_blob_const(oid, strlen(oid)));
+}
+
+struct tldap_control *tldap_add_control(TALLOC_CTX *mem_ctx,
+ struct tldap_control *ctrls,
+ int num_ctrls,
+ struct tldap_control *ctrl)
+{
+ struct tldap_control *result;
+
+ result = talloc_array(mem_ctx, struct tldap_control, num_ctrls+1);
+ if (result == NULL) {
+ return NULL;
+ }
+ if (num_ctrls > 0) {
+ memcpy(result, ctrls, sizeof(struct tldap_control) * num_ctrls);
+ }
+ result[num_ctrls] = *ctrl;
+ return result;
+}
+
+/*
+ * Find a control returned by the server
+ */
+struct tldap_control *tldap_msg_findcontrol(struct tldap_message *msg,
+ const char *oid)
+{
+ struct tldap_control *controls;
+ int i, num_controls;
+
+ tldap_msg_sctrls(msg, &num_controls, &controls);
+
+ for (i=0; i<num_controls; i++) {
+ if (strcmp(controls[i].oid, oid) == 0) {
+ return &controls[i];
+ }
+ }
+ return NULL;
+}
+
+struct tldap_search_paged_state {
+ struct tevent_context *ev;
+ struct tldap_context *ld;
+ const char *base;
+ const char *filter;
+ int scope;
+ const char **attrs;
+ int num_attrs;
+ int attrsonly;
+ struct tldap_control *sctrls;
+ int num_sctrls;
+ struct tldap_control *cctrls;
+ int num_cctrls;
+ int timelimit;
+ int sizelimit;
+ int deref;
+
+ int page_size;
+ struct asn1_data *asn1;
+ DATA_BLOB cookie;
+ struct tldap_message *result;
+};
+
+static struct tevent_req *tldap_ship_paged_search(
+ TALLOC_CTX *mem_ctx,
+ struct tldap_search_paged_state *state)
+{
+ struct tldap_control *pgctrl;
+ struct asn1_data *asn1 = NULL;
+
+ asn1 = asn1_init(state, ASN1_MAX_TREE_DEPTH);
+ if (asn1 == NULL) {
+ return NULL;
+ }
+ if (!asn1_push_tag(asn1, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_write_Integer(asn1, state->page_size)) goto err;
+ if (!asn1_write_OctetString(asn1, state->cookie.data, state->cookie.length)) goto err;
+ if (!asn1_pop_tag(asn1)) goto err;
+ state->asn1 = asn1;
+
+ pgctrl = &state->sctrls[state->num_sctrls-1];
+ pgctrl->oid = TLDAP_CONTROL_PAGEDRESULTS;
+ pgctrl->critical = true;
+ if (!asn1_blob(state->asn1, &pgctrl->value)) {
+ goto err;
+ }
+ return tldap_search_send(mem_ctx, state->ev, state->ld, state->base,
+ state->scope, state->filter, state->attrs,
+ state->num_attrs, state->attrsonly,
+ state->sctrls, state->num_sctrls,
+ state->cctrls, state->num_cctrls,
+ state->timelimit, state->sizelimit,
+ state->deref);
+
+ err:
+
+ TALLOC_FREE(asn1);
+ return NULL;
+}
+
+static void tldap_search_paged_done(struct tevent_req *subreq);
+
+struct tevent_req *tldap_search_paged_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tldap_context *ld,
+ const char *base, int scope,
+ const char *filter,
+ const char **attrs,
+ int num_attrs,
+ int attrsonly,
+ struct tldap_control *sctrls,
+ int num_sctrls,
+ struct tldap_control *cctrls,
+ int num_cctrls,
+ int timelimit,
+ int sizelimit,
+ int deref,
+ int page_size)
+{
+ struct tevent_req *req, *subreq;
+ struct tldap_search_paged_state *state;
+ struct tldap_control empty_control;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tldap_search_paged_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ld = ld;
+ state->base = base;
+ state->filter = filter;
+ state->scope = scope;
+ state->attrs = attrs;
+ state->num_attrs = num_attrs;
+ state->attrsonly = attrsonly;
+ state->cctrls = cctrls;
+ state->num_cctrls = num_cctrls;
+ state->timelimit = timelimit;
+ state->sizelimit = sizelimit;
+ state->deref = deref;
+
+ state->page_size = page_size;
+ state->asn1 = NULL;
+ state->cookie = data_blob_null;
+
+ ZERO_STRUCT(empty_control);
+
+ state->sctrls = tldap_add_control(state, sctrls, num_sctrls,
+ &empty_control);
+ if (tevent_req_nomem(state->sctrls, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->num_sctrls = num_sctrls+1;
+
+ subreq = tldap_ship_paged_search(state, state);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tldap_search_paged_done, req);
+
+ return req;
+}
+
+static void tldap_search_paged_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tldap_search_paged_state *state = tevent_req_data(
+ req, struct tldap_search_paged_state);
+ struct asn1_data *asn1 = NULL;
+ struct tldap_control *pgctrl;
+ TLDAPRC rc;
+ int size;
+
+ rc = tldap_search_recv(subreq, state, &state->result);
+ if (tevent_req_ldap_error(req, rc)) {
+ return;
+ }
+
+ TALLOC_FREE(state->asn1);
+
+ switch (tldap_msg_type(state->result)) {
+ case TLDAP_RES_SEARCH_ENTRY:
+ case TLDAP_RES_SEARCH_REFERENCE:
+ tevent_req_notify_callback(req);
+ return;
+ case TLDAP_RES_SEARCH_RESULT:
+ break;
+ default:
+ TALLOC_FREE(subreq);
+ tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
+ return;
+ }
+
+ TALLOC_FREE(subreq);
+
+ /* We've finished one paged search, fire the next */
+
+ pgctrl = tldap_msg_findcontrol(state->result,
+ TLDAP_CONTROL_PAGEDRESULTS);
+ if (pgctrl == NULL) {
+ /* RFC2696 requires the server to return the control */
+ tevent_req_ldap_error(req, TLDAP_PROTOCOL_ERROR);
+ return;
+ }
+
+ TALLOC_FREE(state->cookie.data);
+
+ asn1 = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
+ if (tevent_req_nomem(asn1, req)) {
+ return;
+ }
+
+ asn1_load_nocopy(asn1, pgctrl->value.data, pgctrl->value.length);
+ if (!asn1_start_tag(asn1, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_read_Integer(asn1, &size)) goto err;
+ if (!asn1_read_OctetString(asn1, state, &state->cookie)) goto err;
+ if (!asn1_end_tag(asn1)) goto err;
+
+ TALLOC_FREE(asn1);
+
+ if (state->cookie.length == 0) {
+ /* We're done, no cookie anymore */
+ tevent_req_done(req);
+ return;
+ }
+
+ TALLOC_FREE(state->result);
+
+ subreq = tldap_ship_paged_search(state, state);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, tldap_search_paged_done, req);
+
+ return;
+err:
+
+ TALLOC_FREE(asn1);
+ tevent_req_ldap_error(req, TLDAP_DECODING_ERROR);
+}
+
+TLDAPRC tldap_search_paged_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct tldap_message **pmsg)
+{
+ struct tldap_search_paged_state *state = tevent_req_data(
+ req, struct tldap_search_paged_state);
+ TLDAPRC rc;
+
+ if (!tevent_req_is_in_progress(req)
+ && tevent_req_is_ldap_error(req, &rc)) {
+ return rc;
+ }
+ if (tevent_req_is_in_progress(req)) {
+ switch (tldap_msg_type(state->result)) {
+ case TLDAP_RES_SEARCH_ENTRY:
+ case TLDAP_RES_SEARCH_REFERENCE:
+ break;
+ default:
+ return TLDAP_PROTOCOL_ERROR;
+ }
+ }
+ *pmsg = talloc_move(mem_ctx, &state->result);
+ return TLDAP_SUCCESS;
+}
diff --git a/source3/lib/username.c b/source3/lib/username.c
new file mode 100644
index 0000000..280285e
--- /dev/null
+++ b/source3/lib/username.c
@@ -0,0 +1,243 @@
+/*
+ Unix SMB/CIFS implementation.
+ Username handling
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Jeremy Allison 1997-2001.
+ Copyright (C) Andrew Bartlett 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/passwd.h"
+#include "../lib/util/memcache.h"
+#include "../lib/util/util_pw.h"
+#include "lib/util/string_wrappers.h"
+
+/* internal functions */
+static struct passwd *uname_string_combinations(char *s, TALLOC_CTX *mem_ctx,
+ struct passwd * (*fn) (TALLOC_CTX *mem_ctx, const char *),
+ int N);
+static struct passwd *uname_string_combinations2(char *s, TALLOC_CTX *mem_ctx, int offset,
+ struct passwd * (*fn) (TALLOC_CTX *mem_ctx, const char *),
+ int N);
+
+static struct passwd *getpwnam_alloc_cached(TALLOC_CTX *mem_ctx, const char *name)
+{
+ struct passwd *pw, *for_cache;
+
+ pw = (struct passwd *)memcache_lookup_talloc(
+ NULL, GETPWNAM_CACHE, data_blob_string_const_null(name));
+ if (pw != NULL) {
+ return tcopy_passwd(mem_ctx, pw);
+ }
+
+ pw = getpwnam(name);
+ if (pw == NULL) {
+ return NULL;
+ }
+
+ for_cache = tcopy_passwd(talloc_tos(), pw);
+ if (for_cache == NULL) {
+ return NULL;
+ }
+
+ memcache_add_talloc(NULL, GETPWNAM_CACHE,
+ data_blob_string_const_null(name), &for_cache);
+
+ return tcopy_passwd(mem_ctx, pw);
+}
+
+/****************************************************************************
+ Flush all cached passwd structs.
+****************************************************************************/
+
+void flush_pwnam_cache(void)
+{
+ memcache_flush(NULL, GETPWNAM_CACHE);
+}
+
+/****************************************************************************
+ Get a users home directory.
+****************************************************************************/
+
+char *get_user_home_dir(TALLOC_CTX *mem_ctx, const char *user)
+{
+ struct passwd *pass;
+ char *result;
+
+ /* Ensure the user exists. */
+
+ pass = Get_Pwnam_alloc(mem_ctx, user);
+
+ if (!pass)
+ return(NULL);
+
+ /* Return home directory from struct passwd. */
+
+ result = talloc_move(mem_ctx, &pass->pw_dir);
+
+ TALLOC_FREE(pass);
+ return result;
+}
+
+/****************************************************************************
+ * A wrapper for getpwnam(). The following variations are tried:
+ * - as transmitted
+ * - in all lower case if this differs from transmitted
+ * - in all upper case if this differs from transmitted
+ * - using lp_username_level() for permutations.
+****************************************************************************/
+
+static struct passwd *Get_Pwnam_internals(TALLOC_CTX *mem_ctx,
+ const char *user, char *user2)
+{
+ struct passwd *ret = NULL;
+
+ if (!user2 || !(*user2))
+ return(NULL);
+
+ if (!user || !(*user))
+ return(NULL);
+
+ /* Try in all lower case first as this is the most
+ common case on UNIX systems */
+ if (!strlower_m(user2)) {
+ DEBUG(5,("strlower_m %s failed\n", user2));
+ goto done;
+ }
+
+ DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
+ ret = getpwnam_alloc_cached(mem_ctx, user2);
+ if(ret)
+ goto done;
+
+ /* Try as given, if username wasn't originally lowercase */
+ if(strcmp(user, user2) != 0) {
+ DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n",
+ user));
+ ret = getpwnam_alloc_cached(mem_ctx, user);
+ if(ret)
+ goto done;
+ }
+
+ /* Try as uppercase, if username wasn't originally uppercase */
+ if (!strupper_m(user2)) {
+ goto done;
+ }
+
+ if(strcmp(user, user2) != 0) {
+ DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n",
+ user2));
+ ret = getpwnam_alloc_cached(mem_ctx, user2);
+ if(ret)
+ goto done;
+ }
+
+ /* Try all combinations up to usernamelevel */
+ if (!strlower_m(user2)) {
+ DEBUG(5,("strlower_m %s failed\n", user2));
+ goto done;
+ }
+ DEBUG(5,("Checking combinations of %d uppercase letters in %s\n",
+ lp_username_level(), user2));
+ ret = uname_string_combinations(user2, mem_ctx, getpwnam_alloc_cached,
+ lp_username_level());
+
+done:
+ DEBUG(5,("Get_Pwnam_internals %s find user [%s]!\n",ret ?
+ "did":"didn't", user));
+
+ return ret;
+}
+
+/****************************************************************************
+ Get_Pwnam wrapper without modification.
+ NOTE: This with NOT modify 'user'!
+ This will return an allocated structure
+****************************************************************************/
+
+struct passwd *Get_Pwnam_alloc(TALLOC_CTX *mem_ctx, const char *user)
+{
+ fstring user2;
+
+ if ( *user == '\0' ) {
+ DEBUG(10,("Get_Pwnam: empty username!\n"));
+ return NULL;
+ }
+
+ fstrcpy(user2, user);
+
+ DEBUG(5,("Finding user %s\n", user));
+
+ return Get_Pwnam_internals(mem_ctx, user, user2);
+}
+
+/* The functions below have been taken from password.c and slightly modified */
+/****************************************************************************
+ Apply a function to upper/lower case combinations
+ of a string and return true if one of them returns true.
+ Try all combinations with N uppercase letters.
+ offset is the first char to try and change (start with 0)
+ it assumes the string starts lowercased
+****************************************************************************/
+
+static struct passwd *uname_string_combinations2(char *s, TALLOC_CTX *mem_ctx,
+ int offset,
+ struct passwd *(*fn)(TALLOC_CTX *mem_ctx, const char *),
+ int N)
+{
+ ssize_t len = (ssize_t)strlen(s);
+ int i;
+ struct passwd *ret;
+
+ if (N <= 0 || offset >= len)
+ return(fn(mem_ctx, s));
+
+ for (i=offset;i<(len-(N-1));i++) {
+ char c = s[i];
+ if (!islower_m((int)c))
+ continue;
+ s[i] = toupper_m(c);
+ ret = uname_string_combinations2(s, mem_ctx, i+1, fn, N-1);
+ if(ret)
+ return(ret);
+ s[i] = c;
+ }
+ return(NULL);
+}
+
+/****************************************************************************
+ Apply a function to upper/lower case combinations
+ of a string and return true if one of them returns true.
+ Try all combinations with up to N uppercase letters.
+ offset is the first char to try and change (start with 0)
+ it assumes the string starts lowercased
+****************************************************************************/
+
+static struct passwd * uname_string_combinations(char *s, TALLOC_CTX *mem_ctx,
+ struct passwd * (*fn)(TALLOC_CTX *mem_ctx, const char *),
+ int N)
+{
+ int n;
+ struct passwd *ret;
+
+ for (n=1;n<=N;n++) {
+ ret = uname_string_combinations2(s,mem_ctx,0,fn,n);
+ if(ret)
+ return(ret);
+ }
+ return(NULL);
+}
+
diff --git a/source3/lib/util.c b/source3/lib/util.c
new file mode 100644
index 0000000..51dc50d
--- /dev/null
+++ b/source3/lib/util.c
@@ -0,0 +1,2013 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Jeremy Allison 2001-2007
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) James Peach 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @brief Small functions that don't fit anywhere else
+ * @file util.c
+ */
+
+#include "includes.h"
+#include "system/passwd.h"
+#include "system/filesys.h"
+#include "lib/util/server_id.h"
+#include "lib/util/memcache.h"
+#include "util_tdb.h"
+#include "ctdbd_conn.h"
+#include "../lib/util/util_pw.h"
+#include "messages.h"
+#include "lib/messaging/messages_dgm.h"
+#include "libcli/security/security.h"
+#include "serverid.h"
+#include "lib/util/sys_rw.h"
+#include "lib/util/sys_rw_data.h"
+#include "lib/util/util_process.h"
+#include "lib/dbwrap/dbwrap_ctdb.h"
+#include "lib/gencache.h"
+#include "lib/util/string_wrappers.h"
+
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
+
+/* Max allowable allococation - 256mb - 0x10000000 */
+#define MAX_ALLOC_SIZE (1024*1024*256)
+
+static enum protocol_types Protocol = PROTOCOL_COREPLUS;
+
+enum protocol_types get_Protocol(void)
+{
+ return Protocol;
+}
+
+void set_Protocol(enum protocol_types p)
+{
+ Protocol = p;
+}
+
+static enum remote_arch_types ra_type = RA_UNKNOWN;
+
+void gfree_all( void )
+{
+ gfree_loadparm();
+ gfree_charcnv();
+ gfree_interfaces();
+ gfree_debugsyms();
+ gfree_memcache();
+
+}
+
+/*******************************************************************
+ Check if a file exists - call vfs_file_exist for samba files.
+********************************************************************/
+
+bool file_exist_stat(const char *fname,SMB_STRUCT_STAT *sbuf,
+ bool fake_dir_create_times)
+{
+ SMB_STRUCT_STAT st;
+ if (!sbuf)
+ sbuf = &st;
+
+ if (sys_stat(fname, sbuf, fake_dir_create_times) != 0)
+ return(False);
+
+ return((S_ISREG(sbuf->st_ex_mode)) || (S_ISFIFO(sbuf->st_ex_mode)));
+}
+
+/*******************************************************************
+ Check if a unix domain socket exists - call vfs_file_exist for samba files.
+********************************************************************/
+
+bool socket_exist(const char *fname)
+{
+ SMB_STRUCT_STAT st;
+ if (sys_stat(fname, &st, false) != 0)
+ return(False);
+
+ return S_ISSOCK(st.st_ex_mode);
+}
+
+/*******************************************************************
+ Returns the size in bytes of the named given the stat struct.
+********************************************************************/
+
+uint64_t get_file_size_stat(const SMB_STRUCT_STAT *sbuf)
+{
+ return sbuf->st_ex_size;
+}
+
+/****************************************************************************
+ Check two stats have identical dev and ino fields.
+****************************************************************************/
+
+bool check_same_dev_ino(const SMB_STRUCT_STAT *sbuf1,
+ const SMB_STRUCT_STAT *sbuf2)
+{
+ return ((sbuf1->st_ex_dev == sbuf2->st_ex_dev) &&
+ (sbuf1->st_ex_ino == sbuf2->st_ex_ino));
+}
+
+/****************************************************************************
+ Check if a stat struct is identical for use.
+****************************************************************************/
+
+bool check_same_stat(const SMB_STRUCT_STAT *sbuf1,
+ const SMB_STRUCT_STAT *sbuf2)
+{
+ return ((sbuf1->st_ex_uid == sbuf2->st_ex_uid) &&
+ (sbuf1->st_ex_gid == sbuf2->st_ex_gid) &&
+ check_same_dev_ino(sbuf1, sbuf2));
+}
+
+/*******************************************************************
+ Show a smb message structure.
+********************************************************************/
+
+void show_msg(const char *buf)
+{
+ int i;
+ int bcc=0;
+
+ if (!DEBUGLVL(5))
+ return;
+
+ DEBUG(5,("size=%d\nsmb_com=0x%x\nsmb_rcls=%d\nsmb_reh=%d\nsmb_err=%d\nsmb_flg=%d\nsmb_flg2=%d\n",
+ smb_len(buf),
+ (int)CVAL(buf,smb_com),
+ (int)CVAL(buf,smb_rcls),
+ (int)CVAL(buf,smb_reh),
+ (int)SVAL(buf,smb_err),
+ (int)CVAL(buf,smb_flg),
+ (int)SVAL(buf,smb_flg2)));
+ DEBUGADD(5,("smb_tid=%d\nsmb_pid=%d\nsmb_uid=%d\nsmb_mid=%d\n",
+ (int)SVAL(buf,smb_tid),
+ (int)SVAL(buf,smb_pid),
+ (int)SVAL(buf,smb_uid),
+ (int)SVAL(buf,smb_mid)));
+ DEBUGADD(5,("smt_wct=%d\n",(int)CVAL(buf,smb_wct)));
+
+ for (i=0;i<(int)CVAL(buf,smb_wct);i++)
+ DEBUGADD(5,("smb_vwv[%2d]=%5d (0x%X)\n",i,
+ SVAL(buf,smb_vwv+2*i),SVAL(buf,smb_vwv+2*i)));
+
+ bcc = (int)SVAL(buf,smb_vwv+2*(CVAL(buf,smb_wct)));
+
+ DEBUGADD(5,("smb_bcc=%d\n",bcc));
+
+ if (DEBUGLEVEL < 10)
+ return;
+
+ if (DEBUGLEVEL < 50)
+ bcc = MIN(bcc, 512);
+
+ dump_data(10, (const uint8_t *)smb_buf_const(buf), bcc);
+}
+
+/*******************************************************************
+ Setup only the byte count for a smb message.
+********************************************************************/
+
+int set_message_bcc(char *buf,int num_bytes)
+{
+ int num_words = CVAL(buf,smb_wct);
+ SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
+ _smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+ return (smb_size + num_words*2 + num_bytes);
+}
+
+/*******************************************************************
+ Add a data blob to the end of a smb_buf, adjusting bcc and smb_len.
+ Return the bytes added
+********************************************************************/
+
+ssize_t message_push_blob(uint8_t **outbuf, DATA_BLOB blob)
+{
+ size_t newlen = smb_len(*outbuf) + 4 + blob.length;
+ uint8_t *tmp;
+
+ if (!(tmp = talloc_realloc(NULL, *outbuf, uint8_t, newlen))) {
+ DEBUG(0, ("talloc failed\n"));
+ return -1;
+ }
+ *outbuf = tmp;
+
+ memcpy(tmp + smb_len(tmp) + 4, blob.data, blob.length);
+ set_message_bcc((char *)tmp, smb_buflen(tmp) + blob.length);
+ return blob.length;
+}
+
+/*******************************************************************
+ Reduce a file name, removing .. elements.
+********************************************************************/
+
+static char *dos_clean_name(TALLOC_CTX *ctx, const char *s)
+{
+ char *p = NULL;
+ char *str = NULL;
+
+ DEBUG(3,("dos_clean_name [%s]\n",s));
+
+ /* remove any double slashes */
+ str = talloc_all_string_sub(ctx, s, "\\\\", "\\");
+ if (!str) {
+ return NULL;
+ }
+
+ /* Remove leading .\\ characters */
+ if(strncmp(str, ".\\", 2) == 0) {
+ trim_string(str, ".\\", NULL);
+ if(*str == 0) {
+ str = talloc_strdup(ctx, ".\\");
+ if (!str) {
+ return NULL;
+ }
+ }
+ }
+
+ while ((p = strstr_m(str,"\\..\\")) != NULL) {
+ char *s1;
+
+ *p = 0;
+ s1 = p+3;
+
+ if ((p=strrchr_m(str,'\\')) != NULL) {
+ *p = 0;
+ } else {
+ *str = 0;
+ }
+ str = talloc_asprintf(ctx,
+ "%s%s",
+ str,
+ s1);
+ if (!str) {
+ return NULL;
+ }
+ }
+
+ trim_string(str,NULL,"\\..");
+ return talloc_all_string_sub(ctx, str, "\\.\\", "\\");
+}
+
+/*******************************************************************
+ Reduce a file name, removing .. elements.
+********************************************************************/
+
+char *unix_clean_name(TALLOC_CTX *ctx, const char *s)
+{
+ char *p = NULL;
+ char *str = NULL;
+
+ DEBUG(3,("unix_clean_name [%s]\n",s));
+
+ /* remove any double slashes */
+ str = talloc_all_string_sub(ctx, s, "//","/");
+ if (!str) {
+ return NULL;
+ }
+
+ /* Remove leading ./ characters */
+ if(strncmp(str, "./", 2) == 0) {
+ trim_string(str, "./", NULL);
+ if(*str == 0) {
+ str = talloc_strdup(ctx, "./");
+ if (!str) {
+ return NULL;
+ }
+ }
+ }
+
+ while ((p = strstr_m(str,"/../")) != NULL) {
+ char *s1;
+
+ *p = 0;
+ s1 = p+3;
+
+ if ((p=strrchr_m(str,'/')) != NULL) {
+ *p = 0;
+ } else {
+ *str = 0;
+ }
+ str = talloc_asprintf(ctx,
+ "%s%s",
+ str,
+ s1);
+ if (!str) {
+ return NULL;
+ }
+ }
+
+ trim_string(str,NULL,"/..");
+ return talloc_all_string_sub(ctx, str, "/./", "/");
+}
+
+char *clean_name(TALLOC_CTX *ctx, const char *s)
+{
+ char *str = dos_clean_name(ctx, s);
+ if (!str) {
+ return NULL;
+ }
+ return unix_clean_name(ctx, str);
+}
+
+/*******************************************************************
+ Write data into an fd at a given offset. Ignore seek errors.
+********************************************************************/
+
+ssize_t write_data_at_offset(int fd, const char *buffer, size_t N, off_t pos)
+{
+ size_t total=0;
+ ssize_t ret;
+
+ if (pos == (off_t)-1) {
+ return write_data(fd, buffer, N);
+ }
+#if defined(HAVE_PWRITE) || defined(HAVE_PRWITE64)
+ while (total < N) {
+ ret = sys_pwrite(fd,buffer + total,N - total, pos);
+ if (ret == -1 && errno == ESPIPE) {
+ return write_data(fd, buffer + total,N - total);
+ }
+ if (ret == -1) {
+ DEBUG(0,("write_data_at_offset: write failure. Error = %s\n", strerror(errno) ));
+ return -1;
+ }
+ if (ret == 0) {
+ return total;
+ }
+ total += ret;
+ pos += ret;
+ }
+ return (ssize_t)total;
+#else
+ /* Use lseek and write_data. */
+ if (lseek(fd, pos, SEEK_SET) == -1) {
+ if (errno != ESPIPE) {
+ return -1;
+ }
+ }
+ return write_data(fd, buffer, N);
+#endif
+}
+
+static int reinit_after_fork_pipe[2] = { -1, -1 };
+
+NTSTATUS init_before_fork(void)
+{
+ int ret;
+
+ ret = pipe(reinit_after_fork_pipe);
+ if (ret == -1) {
+ NTSTATUS status;
+
+ status = map_nt_error_from_unix_common(errno);
+
+ DEBUG(0, ("Error creating child_pipe: %s\n",
+ nt_errstr(status)));
+
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/**
+ * @brief Get a fd to watch for our parent process to exit
+ *
+ * Samba parent processes open a pipe that naturally closes when the
+ * parent exits. Child processes can watch the read end of the pipe
+ * for readability: Readability with 0 bytes to read means the parent
+ * has exited and the child process might also want to exit.
+ */
+
+int parent_watch_fd(void)
+{
+ return reinit_after_fork_pipe[0];
+}
+
+/**
+ * Detect died parent by detecting EOF on the pipe
+ */
+static void reinit_after_fork_pipe_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data)
+{
+ char c;
+
+ if (sys_read(reinit_after_fork_pipe[0], &c, 1) != 1) {
+ /*
+ * we have reached EOF on stdin, which means the
+ * parent has exited. Shutdown the server
+ */
+ TALLOC_FREE(fde);
+ (void)kill(getpid(), SIGTERM);
+ }
+}
+
+
+NTSTATUS reinit_after_fork(struct messaging_context *msg_ctx,
+ struct tevent_context *ev_ctx,
+ bool parent_longlived)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ int ret;
+
+ /*
+ * The main process thread should never
+ * allow per_thread_cwd_enable() to be
+ * called.
+ */
+ per_thread_cwd_disable();
+
+ if (reinit_after_fork_pipe[1] != -1) {
+ close(reinit_after_fork_pipe[1]);
+ reinit_after_fork_pipe[1] = -1;
+ }
+
+ /* tdb needs special fork handling */
+ if (tdb_reopen_all(parent_longlived ? 1 : 0) != 0) {
+ DEBUG(0,("tdb_reopen_all failed.\n"));
+ status = NT_STATUS_OPEN_FAILED;
+ goto done;
+ }
+
+ if (ev_ctx != NULL) {
+ /*
+ * The parent can have different private data for the callbacks,
+ * which are gone in the child. Reset the callbacks to be safe.
+ */
+ tevent_set_trace_callback(ev_ctx, NULL, NULL);
+ tevent_set_trace_fd_callback(ev_ctx, NULL, NULL);
+ tevent_set_trace_signal_callback(ev_ctx, NULL, NULL);
+ tevent_set_trace_timer_callback(ev_ctx, NULL, NULL);
+ tevent_set_trace_immediate_callback(ev_ctx, NULL, NULL);
+ tevent_set_trace_queue_callback(ev_ctx, NULL, NULL);
+ if (tevent_re_initialise(ev_ctx) != 0) {
+ smb_panic(__location__ ": Failed to re-initialise event context");
+ }
+ }
+
+ if (reinit_after_fork_pipe[0] != -1) {
+ struct tevent_fd *fde;
+
+ fde = tevent_add_fd(ev_ctx, ev_ctx /* TALLOC_CTX */,
+ reinit_after_fork_pipe[0], TEVENT_FD_READ,
+ reinit_after_fork_pipe_handler, NULL);
+ if (fde == NULL) {
+ smb_panic(__location__ ": Failed to add reinit_after_fork pipe event");
+ }
+ }
+
+ if (msg_ctx) {
+ /*
+ * For clustering, we need to re-init our ctdbd connection after the
+ * fork
+ */
+ status = messaging_reinit(msg_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("messaging_reinit() failed: %s\n",
+ nt_errstr(status)));
+ }
+
+ if (lp_clustering()) {
+ ret = ctdb_async_ctx_reinit(
+ NULL, messaging_tevent_context(msg_ctx));
+ if (ret != 0) {
+ DBG_ERR("db_ctdb_async_ctx_reinit failed: %s\n",
+ strerror(errno));
+ return map_nt_error_from_unix(ret);
+ }
+ }
+ }
+
+ done:
+ return status;
+}
+
+/****************************************************************************
+ (Hopefully) efficient array append.
+****************************************************************************/
+
+void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size,
+ void *element, void *_array, uint32_t *num_elements,
+ ssize_t *array_size)
+{
+ void **array = (void **)_array;
+
+ if (*array_size < 0) {
+ return;
+ }
+
+ if (*array == NULL) {
+ if (*array_size == 0) {
+ *array_size = 128;
+ }
+
+ if (*array_size >= MAX_ALLOC_SIZE/element_size) {
+ goto error;
+ }
+
+ *array = TALLOC(mem_ctx, element_size * (*array_size));
+ if (*array == NULL) {
+ goto error;
+ }
+ }
+
+ if (*num_elements == *array_size) {
+ *array_size *= 2;
+
+ if (*array_size >= MAX_ALLOC_SIZE/element_size) {
+ goto error;
+ }
+
+ *array = TALLOC_REALLOC(mem_ctx, *array,
+ element_size * (*array_size));
+
+ if (*array == NULL) {
+ goto error;
+ }
+ }
+
+ memcpy((char *)(*array) + element_size*(*num_elements),
+ element, element_size);
+ *num_elements += 1;
+
+ return;
+
+ error:
+ *num_elements = 0;
+ *array_size = -1;
+}
+
+/****************************************************************************
+ Get my own domain name, or "" if we have none.
+****************************************************************************/
+
+char *get_mydnsdomname(TALLOC_CTX *ctx)
+{
+ const char *domname;
+ char *p;
+
+ domname = get_mydnsfullname();
+ if (!domname) {
+ return NULL;
+ }
+
+ p = strchr_m(domname, '.');
+ if (p) {
+ p++;
+ return talloc_strdup(ctx, p);
+ } else {
+ return talloc_strdup(ctx, "");
+ }
+}
+
+bool process_exists(const struct server_id pid)
+{
+ return serverid_exists(&pid);
+}
+
+/*******************************************************************
+ Convert a uid into a user name.
+********************************************************************/
+
+const char *uidtoname(uid_t uid)
+{
+ TALLOC_CTX *ctx = talloc_tos();
+ char *name = NULL;
+ struct passwd *pass = NULL;
+
+ pass = getpwuid_alloc(ctx,uid);
+ if (pass) {
+ name = talloc_strdup(ctx,pass->pw_name);
+ TALLOC_FREE(pass);
+ } else {
+ name = talloc_asprintf(ctx,
+ "%ld",
+ (long int)uid);
+ }
+ return name;
+}
+
+/*******************************************************************
+ Convert a gid into a group name.
+********************************************************************/
+
+char *gidtoname(gid_t gid)
+{
+ struct group *grp;
+
+ grp = getgrgid(gid);
+ if (grp) {
+ return talloc_strdup(talloc_tos(), grp->gr_name);
+ }
+ else {
+ return talloc_asprintf(talloc_tos(),
+ "%d",
+ (int)gid);
+ }
+}
+
+/*******************************************************************
+ Convert a user name into a uid.
+********************************************************************/
+
+uid_t nametouid(const char *name)
+{
+ struct passwd *pass;
+ char *p;
+ uid_t u;
+
+ pass = Get_Pwnam_alloc(talloc_tos(), name);
+ if (pass) {
+ u = pass->pw_uid;
+ TALLOC_FREE(pass);
+ return u;
+ }
+
+ u = (uid_t)strtol(name, &p, 0);
+ if ((p != name) && (*p == '\0'))
+ return u;
+
+ return (uid_t)-1;
+}
+
+/*******************************************************************
+ Convert a name to a gid_t if possible. Return -1 if not a group.
+********************************************************************/
+
+gid_t nametogid(const char *name)
+{
+ struct group *grp;
+ char *p;
+ gid_t g;
+
+ g = (gid_t)strtol(name, &p, 0);
+ if ((p != name) && (*p == '\0'))
+ return g;
+
+ grp = getgrnam(name);
+ if (grp)
+ return(grp->gr_gid);
+ return (gid_t)-1;
+}
+
+/*******************************************************************
+ Something really nasty happened - panic !
+********************************************************************/
+
+static void call_panic_action(const char *why, bool as_root)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ char *cmd;
+ int result;
+
+ cmd = lp_panic_action(talloc_tos(), lp_sub);
+ if (cmd == NULL || cmd[0] == '\0') {
+ return;
+ }
+
+ DBG_ERR("Calling panic action [%s]\n", cmd);
+
+#if defined(HAVE_PRCTL) && defined(PR_SET_PTRACER)
+ /*
+ * Make sure all children can attach a debugger.
+ */
+ prctl(PR_SET_PTRACER, getpid(), 0, 0, 0);
+#endif
+
+ if (as_root) {
+ become_root();
+ }
+
+ result = system(cmd);
+
+ if (as_root) {
+ unbecome_root();
+ }
+
+ if (result == -1)
+ DBG_ERR("fork failed in panic action: %s\n",
+ strerror(errno));
+ else
+ DBG_ERR("action returned status %d\n",
+ WEXITSTATUS(result));
+}
+
+void smb_panic_s3(const char *why)
+{
+ call_panic_action(why, false);
+ dump_core();
+}
+
+void log_panic_action(const char *msg)
+{
+ DBG_ERR("%s", msg);
+ call_panic_action(msg, true);
+}
+
+/*******************************************************************
+ A readdir wrapper which just returns the file name.
+ ********************************************************************/
+
+const char *readdirname(DIR *p)
+{
+ struct dirent *ptr;
+ char *dname;
+
+ if (!p)
+ return(NULL);
+
+ ptr = (struct dirent *)readdir(p);
+ if (!ptr)
+ return(NULL);
+
+ dname = ptr->d_name;
+
+ return talloc_strdup(talloc_tos(), dname);
+}
+
+/*******************************************************************
+ Utility function used to decide if the last component
+ of a path matches a (possibly wildcarded) entry in a namelist.
+********************************************************************/
+
+bool is_in_path(const char *name, name_compare_entry *namelist, bool case_sensitive)
+{
+ const char *last_component;
+
+ /* if we have no list it's obviously not in the path */
+ if ((namelist == NULL) || (namelist[0].name == NULL)) {
+ return False;
+ }
+
+ /* Do not reject path components if namelist is set to '.*' */
+ if (ISDOT(name) || ISDOTDOT(name)) {
+ return false;
+ }
+
+ DEBUG(8, ("is_in_path: %s\n", name));
+
+ /* Get the last component of the unix name. */
+ last_component = strrchr_m(name, '/');
+ if (!last_component) {
+ last_component = name;
+ } else {
+ last_component++; /* Go past '/' */
+ }
+
+ for(; namelist->name != NULL; namelist++) {
+ if(namelist->is_wild) {
+ if (mask_match(last_component, namelist->name, case_sensitive)) {
+ DEBUG(8,("is_in_path: mask match succeeded\n"));
+ return True;
+ }
+ } else {
+ if((case_sensitive && (strcmp(last_component, namelist->name) == 0))||
+ (!case_sensitive && (strcasecmp_m(last_component, namelist->name) == 0))) {
+ DEBUG(8,("is_in_path: match succeeded\n"));
+ return True;
+ }
+ }
+ }
+ DEBUG(8,("is_in_path: match not found\n"));
+ return False;
+}
+
+/*******************************************************************
+ Strip a '/' separated list into an array of
+ name_compare_enties structures suitable for
+ passing to is_in_path(). We do this for
+ speed so we can pre-parse all the names in the list
+ and don't do it for each call to is_in_path().
+ We also check if the entry contains a wildcard to
+ remove a potentially expensive call to mask_match
+ if possible.
+********************************************************************/
+
+void set_namearray(name_compare_entry **ppname_array, const char *namelist_in)
+{
+ char *name_end;
+ char *namelist;
+ char *namelist_end;
+ char *nameptr;
+ int num_entries = 0;
+ int i;
+
+ (*ppname_array) = NULL;
+
+ if((namelist_in == NULL ) || ((namelist_in != NULL) && (*namelist_in == '\0')))
+ return;
+
+ namelist = talloc_strdup(talloc_tos(), namelist_in);
+ if (namelist == NULL) {
+ DEBUG(0,("set_namearray: talloc fail\n"));
+ return;
+ }
+ nameptr = namelist;
+
+ namelist_end = &namelist[strlen(namelist)];
+
+ /* We need to make two passes over the string. The
+ first to count the number of elements, the second
+ to split it.
+ */
+
+ while(nameptr <= namelist_end) {
+ if ( *nameptr == '/' ) {
+ /* cope with multiple (useless) /s) */
+ nameptr++;
+ continue;
+ }
+ /* anything left? */
+ if ( *nameptr == '\0' )
+ break;
+
+ /* find the next '/' or consume remaining */
+ name_end = strchr_m(nameptr, '/');
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
+ num_entries++;
+ }
+
+ if(num_entries == 0) {
+ talloc_free(namelist);
+ return;
+ }
+
+ if(( (*ppname_array) = SMB_MALLOC_ARRAY(name_compare_entry, num_entries + 1)) == NULL) {
+ DEBUG(0,("set_namearray: malloc fail\n"));
+ talloc_free(namelist);
+ return;
+ }
+
+ /* Now copy out the names */
+ nameptr = namelist;
+ i = 0;
+ while(nameptr <= namelist_end) {
+ if ( *nameptr == '/' ) {
+ /* cope with multiple (useless) /s) */
+ nameptr++;
+ continue;
+ }
+ /* anything left? */
+ if ( *nameptr == '\0' )
+ break;
+
+ /* find the next '/' or consume remaining */
+ name_end = strchr_m(nameptr, '/');
+ if (name_end != NULL) {
+ *name_end = '\0';
+ }
+
+ (*ppname_array)[i].is_wild = ms_has_wild(nameptr);
+ if(((*ppname_array)[i].name = SMB_STRDUP(nameptr)) == NULL) {
+ DEBUG(0,("set_namearray: malloc fail (1)\n"));
+ talloc_free(namelist);
+ return;
+ }
+
+ if (name_end == NULL) {
+ /* Point nameptr at the terminating '\0' */
+ nameptr += strlen(nameptr);
+ } else {
+ /* next segment please */
+ nameptr = name_end + 1;
+ }
+ i++;
+ }
+
+ (*ppname_array)[i].name = NULL;
+
+ talloc_free(namelist);
+ return;
+}
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_LOCKING
+
+/****************************************************************************
+ Simple routine to query existing file locks. Cruft in NFS and 64->32 bit mapping
+ is dealt with in posix.c
+ Returns True if we have information regarding this lock region (and returns
+ F_UNLCK in *ptype if the region is unlocked). False if the call failed.
+****************************************************************************/
+
+bool fcntl_getlock(int fd, int op, off_t *poffset, off_t *pcount, int *ptype, pid_t *ppid)
+{
+ struct flock lock;
+ int ret;
+
+ DEBUG(8,("fcntl_getlock fd=%d op=%d offset=%.0f count=%.0f type=%d\n",
+ fd,op,(double)*poffset,(double)*pcount,*ptype));
+
+ lock.l_type = *ptype;
+ lock.l_whence = SEEK_SET;
+ lock.l_start = *poffset;
+ lock.l_len = *pcount;
+ lock.l_pid = 0;
+
+ ret = sys_fcntl_ptr(fd,op,&lock);
+
+ if (ret == -1) {
+ int saved_errno = errno;
+ DEBUG(3,("fcntl_getlock: lock request failed at offset %.0f count %.0f type %d (%s)\n",
+ (double)*poffset,(double)*pcount,*ptype,strerror(errno)));
+ errno = saved_errno;
+ return False;
+ }
+
+ *ptype = lock.l_type;
+ *poffset = lock.l_start;
+ *pcount = lock.l_len;
+ *ppid = lock.l_pid;
+
+ DEBUG(3,("fcntl_getlock: fd %d is returned info %d pid %u\n",
+ fd, (int)lock.l_type, (unsigned int)lock.l_pid));
+ return True;
+}
+
+#if defined(HAVE_OFD_LOCKS)
+int map_process_lock_to_ofd_lock(int op)
+{
+ switch (op) {
+ case F_GETLK:
+ case F_OFD_GETLK:
+ op = F_OFD_GETLK;
+ break;
+ case F_SETLK:
+ case F_OFD_SETLK:
+ op = F_OFD_SETLK;
+ break;
+ case F_SETLKW:
+ case F_OFD_SETLKW:
+ op = F_OFD_SETLKW;
+ break;
+ default:
+ return -1;
+ }
+ return op;
+}
+#else /* HAVE_OFD_LOCKS */
+int map_process_lock_to_ofd_lock(int op)
+{
+ return op;
+}
+#endif /* HAVE_OFD_LOCKS */
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_ALL
+
+/*******************************************************************
+ Is the name specified one of my netbios names.
+ Returns true if it is equal, false otherwise.
+********************************************************************/
+
+static bool nb_name_equal(const char *s1, const char *s2)
+{
+ int cmp = strncasecmp_m(s1, s2, MAX_NETBIOSNAME_LEN-1);
+ return (cmp == 0);
+}
+
+bool is_myname(const char *s)
+{
+ const char **aliases = NULL;
+ bool ok = false;
+
+ ok = nb_name_equal(lp_netbios_name(), s);
+ if (ok) {
+ goto done;
+ }
+
+ aliases = lp_netbios_aliases();
+ if (aliases == NULL) {
+ goto done;
+ }
+
+ while (*aliases != NULL) {
+ ok = nb_name_equal(*aliases, s);
+ if (ok) {
+ goto done;
+ }
+ aliases += 1;
+ }
+
+done:
+ DBG_DEBUG("is_myname(\"%s\") returns %d\n", s, (int)ok);
+ return ok;
+}
+
+/*******************************************************************
+ we distinguish between 2K and XP by the "Native Lan Manager" string
+ WinXP => "Windows 2002 5.1"
+ WinXP 64bit => "Windows XP 5.2"
+ Win2k => "Windows 2000 5.0"
+ NT4 => "Windows NT 4.0"
+ Win9x => "Windows 4.0"
+ Windows 2003 doesn't set the native lan manager string but
+ they do set the domain to "Windows 2003 5.2" (probably a bug).
+********************************************************************/
+
+void ra_lanman_string( const char *native_lanman )
+{
+ if ( strcmp( native_lanman, "Windows 2002 5.1" ) == 0 )
+ set_remote_arch( RA_WINXP );
+ else if ( strcmp( native_lanman, "Windows XP 5.2" ) == 0 )
+ set_remote_arch( RA_WINXP64 );
+ else if ( strcmp( native_lanman, "Windows Server 2003 5.2" ) == 0 )
+ set_remote_arch( RA_WIN2K3 );
+}
+
+static const char *remote_arch_strings[] = {
+ [RA_UNKNOWN] = "UNKNOWN",
+ [RA_WFWG] = "WfWg",
+ [RA_OS2] = "OS2",
+ [RA_WIN95] = "Win95",
+ [RA_WINNT] = "WinNT",
+ [RA_WIN2K] = "Win2K",
+ [RA_WINXP] = "WinXP",
+ [RA_WIN2K3] = "Win2K3",
+ [RA_VISTA] = "Vista",
+ [RA_SAMBA] = "Samba",
+ [RA_CIFSFS] = "CIFSFS",
+ [RA_WINXP64] = "WinXP64",
+ [RA_OSX] = "OSX",
+};
+
+const char *get_remote_arch_str(void)
+{
+ if (ra_type >= ARRAY_SIZE(remote_arch_strings)) {
+ /*
+ * set_remote_arch() already checks this so ra_type
+ * should be in the allowed range, but anyway, let's
+ * do another bound check here.
+ */
+ DBG_ERR("Remote arch info out of sync [%d] missing\n", ra_type);
+ ra_type = RA_UNKNOWN;
+ }
+ return remote_arch_strings[ra_type];
+}
+
+enum remote_arch_types get_remote_arch_from_str(const char *remote_arch_string)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(remote_arch_strings); i++) {
+ if (strcmp(remote_arch_string, remote_arch_strings[i]) == 0) {
+ return i;
+ }
+ }
+ return RA_UNKNOWN;
+}
+
+/*******************************************************************
+ Set the horrid remote_arch string based on an enum.
+********************************************************************/
+
+void set_remote_arch(enum remote_arch_types type)
+{
+ if (ra_type >= ARRAY_SIZE(remote_arch_strings)) {
+ /*
+ * This protects against someone adding values to enum
+ * remote_arch_types without updating
+ * remote_arch_strings array.
+ */
+ DBG_ERR("Remote arch info out of sync [%d] missing\n", ra_type);
+ ra_type = RA_UNKNOWN;
+ return;
+ }
+
+ ra_type = type;
+ DEBUG(10,("set_remote_arch: Client arch is \'%s\'\n",
+ get_remote_arch_str()));
+}
+
+/*******************************************************************
+ Get the remote_arch type.
+********************************************************************/
+
+enum remote_arch_types get_remote_arch(void)
+{
+ return ra_type;
+}
+
+#define RA_CACHE_TTL 7*24*3600
+
+static bool remote_arch_cache_key(const struct GUID *client_guid,
+ fstring key)
+{
+ struct GUID_txt_buf guid_buf;
+ const char *guid_string = NULL;
+
+ guid_string = GUID_buf_string(client_guid, &guid_buf);
+ if (guid_string == NULL) {
+ return false;
+ }
+
+ fstr_sprintf(key, "RA/%s", guid_string);
+ return true;
+}
+
+struct ra_parser_state {
+ bool found;
+ enum remote_arch_types ra;
+};
+
+static void ra_parser(const struct gencache_timeout *t,
+ DATA_BLOB blob,
+ void *priv_data)
+{
+ struct ra_parser_state *state = (struct ra_parser_state *)priv_data;
+ const char *ra_str = NULL;
+
+ if (gencache_timeout_expired(t)) {
+ return;
+ }
+
+ if ((blob.length == 0) || (blob.data[blob.length-1] != '\0')) {
+ DBG_ERR("Remote arch cache key not a string\n");
+ return;
+ }
+
+ ra_str = (const char *)blob.data;
+ DBG_INFO("Got remote arch [%s] from cache\n", ra_str);
+
+ state->ra = get_remote_arch_from_str(ra_str);
+ state->found = true;
+ return;
+}
+
+static bool remote_arch_cache_get(const struct GUID *client_guid)
+{
+ bool ok;
+ fstring ra_key;
+ struct ra_parser_state state = (struct ra_parser_state) {
+ .found = false,
+ .ra = RA_UNKNOWN,
+ };
+
+ ok = remote_arch_cache_key(client_guid, ra_key);
+ if (!ok) {
+ return false;
+ }
+
+ ok = gencache_parse(ra_key, ra_parser, &state);
+ if (!ok || !state.found) {
+ return true;
+ }
+
+ if (state.ra == RA_UNKNOWN) {
+ return true;
+ }
+
+ set_remote_arch(state.ra);
+ return true;
+}
+
+static bool remote_arch_cache_set(const struct GUID *client_guid)
+{
+ bool ok;
+ fstring ra_key;
+ const char *ra_str = NULL;
+
+ if (get_remote_arch() == RA_UNKNOWN) {
+ return true;
+ }
+
+ ok = remote_arch_cache_key(client_guid, ra_key);
+ if (!ok) {
+ return false;
+ }
+
+ ra_str = get_remote_arch_str();
+ if (ra_str == NULL) {
+ return false;
+ }
+
+ ok = gencache_set(ra_key, ra_str, time(NULL) + RA_CACHE_TTL);
+ if (!ok) {
+ return false;
+ }
+
+ return true;
+}
+
+bool remote_arch_cache_update(const struct GUID *client_guid)
+{
+ bool ok;
+
+ if (get_remote_arch() == RA_UNKNOWN) {
+
+ become_root();
+ ok = remote_arch_cache_get(client_guid);
+ unbecome_root();
+
+ return ok;
+ }
+
+ become_root();
+ ok = remote_arch_cache_set(client_guid);
+ unbecome_root();
+
+ return ok;
+}
+
+bool remote_arch_cache_delete(const struct GUID *client_guid)
+{
+ bool ok;
+ fstring ra_key;
+
+ ok = remote_arch_cache_key(client_guid, ra_key);
+ if (!ok) {
+ return false;
+ }
+
+ become_root();
+ ok = gencache_del(ra_key);
+ unbecome_root();
+
+ if (!ok) {
+ return false;
+ }
+
+ return true;
+}
+
+
+/*****************************************************************************
+ Provide a checksum on a string
+
+ Input: s - the null-terminated character string for which the checksum
+ will be calculated.
+
+ Output: The checksum value calculated for s.
+*****************************************************************************/
+
+int str_checksum(const char *s)
+{
+ TDB_DATA key;
+ if (s == NULL)
+ return 0;
+
+ key = (TDB_DATA) { .dptr = discard_const_p(uint8_t, s),
+ .dsize = strlen(s) };
+
+ return tdb_jenkins_hash(&key);
+}
+
+/*****************************************************************
+ Zero a memory area then free it. Used to catch bugs faster.
+*****************************************************************/
+
+void zero_free(void *p, size_t size)
+{
+ memset(p, 0, size);
+ SAFE_FREE(p);
+}
+
+/*****************************************************************
+ Set our open file limit to a requested max and return the limit.
+*****************************************************************/
+
+int set_maxfiles(int requested_max)
+{
+#if (defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE))
+ struct rlimit rlp;
+ int saved_current_limit;
+
+ if(getrlimit(RLIMIT_NOFILE, &rlp)) {
+ DEBUG(0,("set_maxfiles: getrlimit (1) for RLIMIT_NOFILE failed with error %s\n",
+ strerror(errno) ));
+ /* just guess... */
+ return requested_max;
+ }
+
+ /*
+ * Set the fd limit to be real_max_open_files + MAX_OPEN_FUDGEFACTOR to
+ * account for the extra fd we need
+ * as well as the log files and standard
+ * handles etc. Save the limit we want to set in case
+ * we are running on an OS that doesn't support this limit (AIX)
+ * which always returns RLIM_INFINITY for rlp.rlim_max.
+ */
+
+ /* Try raising the hard (max) limit to the requested amount. */
+
+#if defined(RLIM_INFINITY)
+ if (rlp.rlim_max != RLIM_INFINITY) {
+ int orig_max = rlp.rlim_max;
+
+ if ( rlp.rlim_max < requested_max )
+ rlp.rlim_max = requested_max;
+
+ /* This failing is not an error - many systems (Linux) don't
+ support our default request of 10,000 open files. JRA. */
+
+ if(setrlimit(RLIMIT_NOFILE, &rlp)) {
+ DEBUG(3,("set_maxfiles: setrlimit for RLIMIT_NOFILE for %d max files failed with error %s\n",
+ (int)rlp.rlim_max, strerror(errno) ));
+
+ /* Set failed - restore original value from get. */
+ rlp.rlim_max = orig_max;
+ }
+ }
+#endif
+
+ /* Now try setting the soft (current) limit. */
+
+ saved_current_limit = rlp.rlim_cur = MIN(requested_max,rlp.rlim_max);
+
+ if(setrlimit(RLIMIT_NOFILE, &rlp)) {
+ DEBUG(0,("set_maxfiles: setrlimit for RLIMIT_NOFILE for %d files failed with error %s\n",
+ (int)rlp.rlim_cur, strerror(errno) ));
+ /* just guess... */
+ return saved_current_limit;
+ }
+
+ if(getrlimit(RLIMIT_NOFILE, &rlp)) {
+ DEBUG(0,("set_maxfiles: getrlimit (2) for RLIMIT_NOFILE failed with error %s\n",
+ strerror(errno) ));
+ /* just guess... */
+ return saved_current_limit;
+ }
+
+#if defined(RLIM_INFINITY)
+ if(rlp.rlim_cur == RLIM_INFINITY)
+ return saved_current_limit;
+#endif
+
+ if((int)rlp.rlim_cur > saved_current_limit)
+ return saved_current_limit;
+
+ return rlp.rlim_cur;
+#else /* !defined(HAVE_GETRLIMIT) || !defined(RLIMIT_NOFILE) */
+ /*
+ * No way to know - just guess...
+ */
+ return requested_max;
+#endif
+}
+
+/*****************************************************************
+ malloc that aborts with smb_panic on fail or zero size.
+ *****************************************************************/
+
+void *smb_xmalloc_array(size_t size, unsigned int count)
+{
+ void *p;
+ if (size == 0) {
+ smb_panic("smb_xmalloc_array: called with zero size");
+ }
+ if (count >= MAX_ALLOC_SIZE/size) {
+ smb_panic("smb_xmalloc_array: alloc size too large");
+ }
+ if ((p = SMB_MALLOC(size*count)) == NULL) {
+ DEBUG(0, ("smb_xmalloc_array failed to allocate %lu * %lu bytes\n",
+ (unsigned long)size, (unsigned long)count));
+ smb_panic("smb_xmalloc_array: malloc failed");
+ }
+ return p;
+}
+
+/*****************************************************************
+ Get local hostname and cache result.
+*****************************************************************/
+
+char *myhostname(void)
+{
+ static char *ret;
+ if (ret == NULL) {
+ ret = get_myname(NULL);
+ }
+ return ret;
+}
+
+/*****************************************************************
+ Get local hostname and cache result.
+*****************************************************************/
+
+char *myhostname_upper(void)
+{
+ static char *ret;
+ if (ret == NULL) {
+ char *name = get_myname(NULL);
+ if (name == NULL) {
+ return NULL;
+ }
+ ret = strupper_talloc(NULL, name);
+ talloc_free(name);
+ }
+ return ret;
+}
+
+/*******************************************************************
+ Given a filename - get its directory name
+********************************************************************/
+
+bool parent_dirname(TALLOC_CTX *mem_ctx, const char *dir, char **parent,
+ const char **name)
+{
+ char *p;
+ ptrdiff_t len;
+
+ p = strrchr_m(dir, '/'); /* Find final '/', if any */
+
+ if (p == NULL) {
+ if (!(*parent = talloc_strdup(mem_ctx, "."))) {
+ return False;
+ }
+ if (name) {
+ *name = dir;
+ }
+ return True;
+ }
+
+ len = p-dir;
+
+ *parent = talloc_strndup(mem_ctx, dir, len);
+ if (*parent == NULL) {
+ return False;
+ }
+
+ if (name) {
+ *name = p+1;
+ }
+ return True;
+}
+
+/*******************************************************************
+ Determine if a pattern contains any Microsoft wildcard characters.
+*******************************************************************/
+
+bool ms_has_wild(const char *s)
+{
+ const char *found = strpbrk(s, "*?<>\"");
+ return (found != NULL);
+}
+
+bool ms_has_wild_w(const smb_ucs2_t *s)
+{
+ smb_ucs2_t c;
+ if (!s) return False;
+ while ((c = *s++)) {
+ switch (c) {
+ case UCS2_CHAR('*'):
+ case UCS2_CHAR('?'):
+ case UCS2_CHAR('<'):
+ case UCS2_CHAR('>'):
+ case UCS2_CHAR('"'):
+ return True;
+ }
+ }
+ return False;
+}
+
+/*******************************************************************
+ A wrapper that handles case sensitivity and the special handling
+ of the ".." name.
+*******************************************************************/
+
+bool mask_match(const char *string, const char *pattern, bool is_case_sensitive)
+{
+ if (ISDOTDOT(string))
+ string = ".";
+ if (ISDOT(pattern))
+ return False;
+
+ return ms_fnmatch_protocol(pattern, string, Protocol, is_case_sensitive) == 0;
+}
+
+/*******************************************************************
+ A wrapper that handles a list of patterns and calls mask_match()
+ on each. Returns True if any of the patterns match.
+*******************************************************************/
+
+bool mask_match_list(const char *string, char **list, int listLen, bool is_case_sensitive)
+{
+ while (listLen-- > 0) {
+ if (mask_match(string, *list++, is_case_sensitive))
+ return True;
+ }
+ return False;
+}
+
+/**********************************************************************
+ Converts a name to a fully qualified domain name.
+ Returns true if lookup succeeded, false if not (then fqdn is set to name)
+ Uses getaddrinfo() with AI_CANONNAME flag to obtain the official
+ canonical name of the host. getaddrinfo() may use a variety of sources
+ including /etc/hosts to obtain the domainname. It expects aliases in
+ /etc/hosts to NOT be the FQDN. The FQDN should come first.
+************************************************************************/
+
+bool name_to_fqdn(fstring fqdn, const char *name)
+{
+ char *full = NULL;
+ struct addrinfo hints;
+ struct addrinfo *result;
+ int s;
+
+ /* Configure hints to obtain canonical name */
+
+ memset(&hints, 0, sizeof(struct addrinfo));
+ hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */
+ hints.ai_socktype = SOCK_DGRAM; /* Datagram socket */
+ hints.ai_flags = AI_CANONNAME; /* Get host's FQDN */
+ hints.ai_protocol = 0; /* Any protocol */
+
+ s = getaddrinfo(name, NULL, &hints, &result);
+ if (s != 0) {
+ DBG_WARNING("getaddrinfo lookup for %s failed: %s\n",
+ name,
+ gai_strerror(s));
+ fstrcpy(fqdn, name);
+ return false;
+ }
+ full = result->ai_canonname;
+
+ /* Find out if the FQDN is returned as an alias
+ * to cope with /etc/hosts files where the first
+ * name is not the FQDN but the short name.
+ * getaddrinfo provides no easy way of handling aliases
+ * in /etc/hosts. Users should make sure the FQDN
+ * comes first in /etc/hosts. */
+ if (full && (! strchr_m(full, '.'))) {
+ DEBUG(1, ("WARNING: your /etc/hosts file may be broken!\n"));
+ DEBUGADD(1, (" Full qualified domain names (FQDNs) should not be specified\n"));
+ DEBUGADD(1, (" as an alias in /etc/hosts. FQDN should be the first name\n"));
+ DEBUGADD(1, (" prior to any aliases.\n"));
+ }
+ if (full && (strcasecmp_m(full, "localhost.localdomain") == 0)) {
+ DEBUG(1, ("WARNING: your /etc/hosts file may be broken!\n"));
+ DEBUGADD(1, (" Specifying the machine hostname for address 127.0.0.1 may lead\n"));
+ DEBUGADD(1, (" to Kerberos authentication problems as localhost.localdomain\n"));
+ DEBUGADD(1, (" may end up being used instead of the real machine FQDN.\n"));
+ }
+
+ DEBUG(10,("name_to_fqdn: lookup for %s -> %s.\n", name, full));
+ fstrcpy(fqdn, full);
+ freeaddrinfo(result); /* No longer needed */
+ return true;
+}
+
+struct server_id interpret_pid(const char *pid_string)
+{
+ return server_id_from_string(get_my_vnn(), pid_string);
+}
+
+/****************************************************************
+ Check if an offset into a buffer is safe.
+ If this returns True it's safe to indirect into the byte at
+ pointer ptr+off.
+****************************************************************/
+
+bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off)
+{
+ const char *end_base = buf_base + buf_len;
+ char *end_ptr = ptr + off;
+
+ if (!buf_base || !ptr) {
+ return False;
+ }
+
+ if (end_base < buf_base || end_ptr < ptr) {
+ return False; /* wrap. */
+ }
+
+ if (end_ptr < end_base) {
+ return True;
+ }
+ return False;
+}
+
+/****************************************************************
+ Return a safe pointer into a string within a buffer, or NULL.
+****************************************************************/
+
+char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off)
+{
+ if (!is_offset_safe(buf_base, buf_len, ptr, off)) {
+ return NULL;
+ }
+ /* Check if a valid string exists at this offset. */
+ if (skip_string(buf_base,buf_len, ptr + off) == NULL) {
+ return NULL;
+ }
+ return ptr + off;
+}
+
+
+/****************************************************************
+ Split DOM\user into DOM and user. Do not mix with winbind variants of that
+ call (they take care of winbind separator and other winbind specific settings).
+****************************************************************/
+
+bool split_domain_user(TALLOC_CTX *mem_ctx,
+ const char *full_name,
+ char **domain,
+ char **user)
+{
+ const char *p = NULL;
+
+ p = strchr_m(full_name, '\\');
+
+ if (p != NULL) {
+ *domain = talloc_strndup(mem_ctx, full_name,
+ PTR_DIFF(p, full_name));
+ if (*domain == NULL) {
+ return false;
+ }
+ *user = talloc_strdup(mem_ctx, p+1);
+ if (*user == NULL) {
+ TALLOC_FREE(*domain);
+ return false;
+ }
+ } else {
+ *domain = NULL;
+ *user = talloc_strdup(mem_ctx, full_name);
+ if (*user == NULL) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+/****************************************************************
+ strip off leading '\\' from a hostname
+****************************************************************/
+
+const char *strip_hostname(const char *s)
+{
+ if (!s) {
+ return NULL;
+ }
+
+ if (strlen_m(s) < 3) {
+ return s;
+ }
+
+ if (s[0] == '\\') s++;
+ if (s[0] == '\\') s++;
+
+ return s;
+}
+
+bool any_nt_status_not_ok(NTSTATUS err1, NTSTATUS err2, NTSTATUS *result)
+{
+ if (!NT_STATUS_IS_OK(err1)) {
+ *result = err1;
+ return true;
+ }
+ if (!NT_STATUS_IS_OK(err2)) {
+ *result = err2;
+ return true;
+ }
+ return false;
+}
+
+int timeval_to_msec(struct timeval t)
+{
+ return t.tv_sec * 1000 + (t.tv_usec+999) / 1000;
+}
+
+/*******************************************************************
+ Check a given DOS pathname is valid for a share.
+********************************************************************/
+
+char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname)
+{
+ char *ptr = NULL;
+
+ if (!dos_pathname) {
+ return NULL;
+ }
+
+ ptr = talloc_strdup(ctx, dos_pathname);
+ if (!ptr) {
+ return NULL;
+ }
+ /* Convert any '\' paths to '/' */
+ unix_format(ptr);
+ ptr = unix_clean_name(ctx, ptr);
+ if (!ptr) {
+ return NULL;
+ }
+
+ /* NT is braindead - it wants a C: prefix to a pathname ! So strip it. */
+ if (strlen(ptr) > 2 && ptr[1] == ':' && ptr[0] != '/')
+ ptr += 2;
+
+ /* Only absolute paths allowed. */
+ if (*ptr != '/')
+ return NULL;
+
+ return ptr;
+}
+
+/*******************************************************************
+ Return True if the filename is one of the special executable types.
+********************************************************************/
+
+bool is_executable(const char *fname)
+{
+ if ((fname = strrchr_m(fname,'.'))) {
+ if (strequal(fname,".com") ||
+ strequal(fname,".dll") ||
+ strequal(fname,".exe") ||
+ strequal(fname,".sym")) {
+ return True;
+ }
+ }
+ return False;
+}
+
+/****************************************************************************
+ Open a file with a share mode - old openX method - map into NTCreate.
+****************************************************************************/
+
+bool map_open_params_to_ntcreate(const char *smb_base_fname,
+ int deny_mode, int open_func,
+ uint32_t *paccess_mask,
+ uint32_t *pshare_mode,
+ uint32_t *pcreate_disposition,
+ uint32_t *pcreate_options,
+ uint32_t *pprivate_flags)
+{
+ uint32_t access_mask;
+ uint32_t share_mode;
+ uint32_t create_disposition;
+ uint32_t create_options = FILE_NON_DIRECTORY_FILE;
+ uint32_t private_flags = 0;
+
+ DEBUG(10,("map_open_params_to_ntcreate: fname = %s, deny_mode = 0x%x, "
+ "open_func = 0x%x\n",
+ smb_base_fname, (unsigned int)deny_mode,
+ (unsigned int)open_func ));
+
+ /* Create the NT compatible access_mask. */
+ switch (GET_OPENX_MODE(deny_mode)) {
+ case DOS_OPEN_EXEC: /* Implies read-only - used to be FILE_READ_DATA */
+ case DOS_OPEN_RDONLY:
+ access_mask = FILE_GENERIC_READ;
+ break;
+ case DOS_OPEN_WRONLY:
+ access_mask = FILE_GENERIC_WRITE;
+ break;
+ case DOS_OPEN_RDWR:
+ case DOS_OPEN_FCB:
+ access_mask = FILE_GENERIC_READ|FILE_GENERIC_WRITE;
+ break;
+ default:
+ DEBUG(10,("map_open_params_to_ntcreate: bad open mode = 0x%x\n",
+ (unsigned int)GET_OPENX_MODE(deny_mode)));
+ return False;
+ }
+
+ /* Create the NT compatible create_disposition. */
+ switch (open_func) {
+ case OPENX_FILE_EXISTS_FAIL|OPENX_FILE_CREATE_IF_NOT_EXIST:
+ create_disposition = FILE_CREATE;
+ break;
+
+ case OPENX_FILE_EXISTS_OPEN:
+ create_disposition = FILE_OPEN;
+ break;
+
+ case OPENX_FILE_EXISTS_OPEN|OPENX_FILE_CREATE_IF_NOT_EXIST:
+ create_disposition = FILE_OPEN_IF;
+ break;
+
+ case OPENX_FILE_EXISTS_TRUNCATE:
+ create_disposition = FILE_OVERWRITE;
+ break;
+
+ case OPENX_FILE_EXISTS_TRUNCATE|OPENX_FILE_CREATE_IF_NOT_EXIST:
+ create_disposition = FILE_OVERWRITE_IF;
+ break;
+
+ default:
+ /* From samba4 - to be confirmed. */
+ if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_EXEC) {
+ create_disposition = FILE_CREATE;
+ break;
+ }
+ DEBUG(10,("map_open_params_to_ntcreate: bad "
+ "open_func 0x%x\n", (unsigned int)open_func));
+ return False;
+ }
+
+ /* Create the NT compatible share modes. */
+ switch (GET_DENY_MODE(deny_mode)) {
+ case DENY_ALL:
+ share_mode = FILE_SHARE_NONE;
+ break;
+
+ case DENY_WRITE:
+ share_mode = FILE_SHARE_READ;
+ break;
+
+ case DENY_READ:
+ share_mode = FILE_SHARE_WRITE;
+ break;
+
+ case DENY_NONE:
+ share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
+ break;
+
+ case DENY_DOS:
+ private_flags |= NTCREATEX_FLAG_DENY_DOS;
+ if (is_executable(smb_base_fname)) {
+ share_mode = FILE_SHARE_READ|FILE_SHARE_WRITE;
+ } else {
+ if (GET_OPENX_MODE(deny_mode) == DOS_OPEN_RDONLY) {
+ share_mode = FILE_SHARE_READ;
+ } else {
+ share_mode = FILE_SHARE_NONE;
+ }
+ }
+ break;
+
+ case DENY_FCB:
+ private_flags |= NTCREATEX_FLAG_DENY_FCB;
+ share_mode = FILE_SHARE_NONE;
+ break;
+
+ default:
+ DEBUG(10,("map_open_params_to_ntcreate: bad deny_mode 0x%x\n",
+ (unsigned int)GET_DENY_MODE(deny_mode) ));
+ return False;
+ }
+
+ DEBUG(10,("map_open_params_to_ntcreate: file %s, access_mask = 0x%x, "
+ "share_mode = 0x%x, create_disposition = 0x%x, "
+ "create_options = 0x%x private_flags = 0x%x\n",
+ smb_base_fname,
+ (unsigned int)access_mask,
+ (unsigned int)share_mode,
+ (unsigned int)create_disposition,
+ (unsigned int)create_options,
+ (unsigned int)private_flags));
+
+ if (paccess_mask) {
+ *paccess_mask = access_mask;
+ }
+ if (pshare_mode) {
+ *pshare_mode = share_mode;
+ }
+ if (pcreate_disposition) {
+ *pcreate_disposition = create_disposition;
+ }
+ if (pcreate_options) {
+ *pcreate_options = create_options;
+ }
+ if (pprivate_flags) {
+ *pprivate_flags = private_flags;
+ }
+
+ return True;
+
+}
+
+/*************************************************************************
+ Return a talloced copy of a struct security_unix_token. NULL on fail.
+*************************************************************************/
+
+struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok)
+{
+ struct security_unix_token *cpy;
+
+ cpy = talloc(ctx, struct security_unix_token);
+ if (!cpy) {
+ return NULL;
+ }
+
+ cpy->uid = tok->uid;
+ cpy->gid = tok->gid;
+ cpy->ngroups = tok->ngroups;
+ if (tok->ngroups) {
+ /* Make this a talloc child of cpy. */
+ cpy->groups = (gid_t *)talloc_memdup(
+ cpy, tok->groups, tok->ngroups * sizeof(gid_t));
+ if (!cpy->groups) {
+ TALLOC_FREE(cpy);
+ return NULL;
+ }
+ } else {
+ cpy->groups = NULL;
+ }
+ return cpy;
+}
+
+/****************************************************************************
+ Return a root token
+****************************************************************************/
+
+struct security_unix_token *root_unix_token(TALLOC_CTX *mem_ctx)
+{
+ struct security_unix_token *t = NULL;
+
+ t = talloc_zero(mem_ctx, struct security_unix_token);
+ if (t == NULL) {
+ return NULL;
+ }
+
+ /*
+ * This is not needed, but lets make it explicit, not implicit.
+ */
+ *t = (struct security_unix_token) {
+ .uid = 0,
+ .gid = 0,
+ .ngroups = 0,
+ .groups = NULL
+ };
+
+ return t;
+}
+
+char *utok_string(TALLOC_CTX *mem_ctx, const struct security_unix_token *tok)
+{
+ char *str;
+ uint32_t i;
+
+ str = talloc_asprintf(
+ mem_ctx,
+ "uid=%ju, gid=%ju, %"PRIu32" groups:",
+ (uintmax_t)(tok->uid),
+ (uintmax_t)(tok->gid),
+ tok->ngroups);
+
+ for (i=0; i<tok->ngroups; i++) {
+ talloc_asprintf_addbuf(
+ &str, " %ju", (uintmax_t)tok->groups[i]);
+ }
+
+ return str;
+}
+
+/****************************************************************************
+ Check that a file matches a particular file type.
+****************************************************************************/
+
+bool dir_check_ftype(uint32_t mode, uint32_t dirtype)
+{
+ uint32_t mask;
+
+ /* Check the "may have" search bits. */
+ if (((mode & ~dirtype) &
+ (FILE_ATTRIBUTE_HIDDEN |
+ FILE_ATTRIBUTE_SYSTEM |
+ FILE_ATTRIBUTE_DIRECTORY)) != 0) {
+ return false;
+ }
+
+ /* Check the "must have" bits,
+ which are the may have bits shifted eight */
+ /* If must have bit is set, the file/dir can
+ not be returned in search unless the matching
+ file attribute is set */
+ mask = ((dirtype >> 8) & (FILE_ATTRIBUTE_DIRECTORY|
+ FILE_ATTRIBUTE_ARCHIVE|
+ FILE_ATTRIBUTE_READONLY|
+ FILE_ATTRIBUTE_HIDDEN|
+ FILE_ATTRIBUTE_SYSTEM)); /* & 0x37 */
+ if(mask) {
+ if((mask & (mode & (FILE_ATTRIBUTE_DIRECTORY|
+ FILE_ATTRIBUTE_ARCHIVE|
+ FILE_ATTRIBUTE_READONLY|
+ FILE_ATTRIBUTE_HIDDEN|
+ FILE_ATTRIBUTE_SYSTEM))) == mask) {
+ /* check if matching attribute present */
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ return true;
+}
diff --git a/source3/lib/util_builtin.c b/source3/lib/util_builtin.c
new file mode 100644
index 0000000..a456218
--- /dev/null
+++ b/source3/lib/util_builtin.c
@@ -0,0 +1,158 @@
+/*
+ Unix SMB/CIFS implementation.
+ Translate BUILTIN names to SIDs and vice versa
+ Copyright (C) Volker Lendecke 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/security/security.h"
+
+struct rid_name_map {
+ uint32_t rid;
+ const char *name;
+};
+
+static const struct rid_name_map builtin_aliases[] = {
+ { BUILTIN_RID_ADMINISTRATORS, "Administrators" },
+ { BUILTIN_RID_USERS, "Users" },
+ { BUILTIN_RID_GUESTS, "Guests" },
+ { BUILTIN_RID_POWER_USERS, "Power Users" },
+ { BUILTIN_RID_ACCOUNT_OPERATORS, "Account Operators" },
+ { BUILTIN_RID_SERVER_OPERATORS, "Server Operators" },
+ { BUILTIN_RID_PRINT_OPERATORS, "Print Operators" },
+ { BUILTIN_RID_BACKUP_OPERATORS, "Backup Operators" },
+ { BUILTIN_RID_REPLICATOR, "Replicator" },
+ { BUILTIN_RID_RAS_SERVERS, "RAS Servers" },
+ { BUILTIN_RID_PRE_2K_ACCESS,
+ "Pre-Windows 2000 Compatible Access" },
+ { BUILTIN_RID_REMOTE_DESKTOP_USERS,
+ "Remote Desktop Users" },
+ { BUILTIN_RID_NETWORK_CONF_OPERATORS,
+ "Network Configuration Operators" },
+ { BUILTIN_RID_INCOMING_FOREST_TRUST,
+ "Incoming Forest Trust Builders" },
+ { BUILTIN_RID_PERFMON_USERS,
+ "Performance Monitor Users" },
+ { BUILTIN_RID_PERFLOG_USERS,
+ "Performance Log Users" },
+ { BUILTIN_RID_AUTH_ACCESS,
+ "Windows Authorization Access Group" },
+ { BUILTIN_RID_TS_LICENSE_SERVERS,
+ "Terminal Server License Servers" },
+ { BUILTIN_RID_DISTRIBUTED_COM_USERS,
+ "Distributed COM Users" },
+ { BUILTIN_RID_CRYPTO_OPERATORS,
+ "Cryptographic Operators" },
+ { BUILTIN_RID_EVENT_LOG_READERS,
+ "Event Log Readers" },
+ { BUILTIN_RID_CERT_SERV_DCOM_ACCESS,
+ "Certificate Service DCOM Access" },
+ { 0, NULL}};
+
+/*******************************************************************
+ Look up a rid in the BUILTIN domain
+ ********************************************************************/
+bool lookup_builtin_rid(TALLOC_CTX *mem_ctx, uint32_t rid, const char **name)
+{
+ const struct rid_name_map *aliases = builtin_aliases;
+
+ while (aliases->name != NULL) {
+ if (rid == aliases->rid) {
+ *name = talloc_strdup(mem_ctx, aliases->name);
+ return True;
+ }
+ aliases++;
+ }
+
+ return False;
+}
+
+/*******************************************************************
+ Look up a name in the BUILTIN domain
+ ********************************************************************/
+bool lookup_builtin_name(const char *name, uint32_t *rid)
+{
+ const struct rid_name_map *aliases = builtin_aliases;
+
+ while (aliases->name != NULL) {
+ if (strequal(name, aliases->name)) {
+ *rid = aliases->rid;
+ return True;
+ }
+ aliases++;
+ }
+
+ return False;
+}
+
+/*****************************************************************
+ Return the name of the BUILTIN domain
+*****************************************************************/
+
+const char *builtin_domain_name(void)
+{
+ return "BUILTIN";
+}
+
+/*****************************************************************
+ Check if the SID is the builtin SID (S-1-5-32).
+*****************************************************************/
+
+bool sid_check_is_builtin(const struct dom_sid *sid)
+{
+ return dom_sid_equal(sid, &global_sid_Builtin);
+}
+
+/*****************************************************************
+ Check if the SID is one of the builtin SIDs (S-1-5-32-a).
+*****************************************************************/
+
+bool sid_check_is_in_builtin(const struct dom_sid *sid)
+{
+ struct dom_sid dom_sid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, NULL);
+
+ return sid_check_is_builtin(&dom_sid);
+}
+
+/********************************************************************
+ Check if the SID is one of the well-known builtin SIDs (S-1-5-32-x)
+*********************************************************************/
+
+bool sid_check_is_wellknown_builtin(const struct dom_sid *sid)
+{
+ struct dom_sid dom_sid;
+ const struct rid_name_map *aliases = builtin_aliases;
+ uint32_t rid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, &rid);
+
+ if (!sid_check_is_builtin(&dom_sid)) {
+ return false;
+ }
+
+ while (aliases->name != NULL) {
+ if (aliases->rid == rid) {
+ return True;
+ }
+ aliases++;
+ }
+
+ return False;
+}
diff --git a/source3/lib/util_cluster.c b/source3/lib/util_cluster.c
new file mode 100644
index 0000000..4287c2c
--- /dev/null
+++ b/source3/lib/util_cluster.c
@@ -0,0 +1,42 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * cluster utility functions
+ * Copyright (C) Volker Lendecke 2013
+ * Copyright (C) Michael Adam 2013
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include "ctdbd_conn.h"
+#include "util_cluster.h"
+#include "lib/cluster_support.h"
+#include "lib/util/debug.h"
+#include "source3/param/param_proto.h"
+
+bool cluster_probe_ok(void)
+{
+ if (lp_clustering()) {
+ int ret;
+
+ ret = ctdbd_probe(lp_ctdbd_socket(), lp_ctdb_timeout());
+ if (ret != 0) {
+ DEBUG(0, ("clustering=yes but ctdbd connect failed: "
+ "%s\n", strerror(ret)));
+ return false;
+ }
+ }
+
+ return true;
+}
diff --git a/source3/lib/util_cluster.h b/source3/lib/util_cluster.h
new file mode 100644
index 0000000..6d05987
--- /dev/null
+++ b/source3/lib/util_cluster.h
@@ -0,0 +1,27 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * cluster utility functions
+ * Copyright (C) Volker Lendecke 2013
+ * Copyright (C) Michael Adam 2013
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef __UTIL_CLUSTER_H__
+#define __UTIL_CLUSTER_H__
+
+bool cluster_probe_ok(void);
+
+#endif /* __UTIL_CLUSTER_H__ */
diff --git a/source3/lib/util_ea.c b/source3/lib/util_ea.c
new file mode 100644
index 0000000..dd48e77
--- /dev/null
+++ b/source3/lib/util_ea.c
@@ -0,0 +1,126 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB Extended attribute buffer handling
+ Copyright (C) Jeremy Allison 2005-2013
+ Copyright (C) Tim Prouty 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util_ea.h"
+
+/****************************************************************************
+ Read one EA list entry from the buffer.
+****************************************************************************/
+
+struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t data_size, size_t *pbytes_used)
+{
+ struct ea_list *eal = talloc_zero(ctx, struct ea_list);
+ uint16_t val_len;
+ unsigned int namelen;
+ size_t converted_size;
+
+ if (!eal) {
+ return NULL;
+ }
+
+ if (data_size < 6) {
+ return NULL;
+ }
+
+ eal->ea.flags = CVAL(pdata,0);
+ namelen = CVAL(pdata,1);
+ val_len = SVAL(pdata,2);
+
+ if (4 + namelen + 1 + val_len > data_size) {
+ return NULL;
+ }
+
+ /* Ensure the name is null terminated. */
+ if (pdata[namelen + 4] != '\0') {
+ return NULL;
+ }
+ if (!pull_ascii_talloc(ctx, &eal->ea.name, pdata + 4, &converted_size)) {
+ DEBUG(0,("read_ea_list_entry: pull_ascii_talloc failed: %s\n",
+ strerror(errno)));
+ }
+ if (!eal->ea.name) {
+ return NULL;
+ }
+
+ eal->ea.value = data_blob_talloc(eal, NULL, (size_t)val_len + 1);
+ if (!eal->ea.value.data) {
+ return NULL;
+ }
+
+ memcpy(eal->ea.value.data, pdata + 4 + namelen + 1, val_len);
+
+ /* Ensure we're null terminated just in case we print the value. */
+ eal->ea.value.data[val_len] = '\0';
+ /* But don't count the null. */
+ eal->ea.value.length--;
+
+ if (pbytes_used) {
+ *pbytes_used = 4 + namelen + 1 + val_len;
+ }
+
+ DEBUG(10,("read_ea_list_entry: read ea name %s\n", eal->ea.name));
+ dump_data(10, eal->ea.value.data, eal->ea.value.length);
+
+ return eal;
+}
+
+/****************************************************************************
+ Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
+****************************************************************************/
+
+struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size)
+{
+ struct ea_list *ea_list_head = NULL;
+ size_t offset = 0;
+
+ if (data_size < 4) {
+ return NULL;
+ }
+
+ while (offset + 4 <= data_size) {
+ size_t next_offset = IVAL(pdata,offset);
+ struct ea_list *eal = read_ea_list_entry(ctx, pdata + offset + 4, data_size - offset - 4, NULL);
+
+ if (!eal) {
+ return NULL;
+ }
+
+ DLIST_ADD_END(ea_list_head, eal);
+ if (next_offset == 0) {
+ break;
+ }
+
+ /* Integer wrap protection for the increment. */
+ if (offset + next_offset < offset) {
+ break;
+ }
+
+ offset += next_offset;
+
+ /* Integer wrap protection for while loop. */
+ if (offset + 4 < offset) {
+ break;
+ }
+
+ }
+
+ return ea_list_head;
+}
diff --git a/source3/lib/util_ea.h b/source3/lib/util_ea.h
new file mode 100644
index 0000000..54423ac
--- /dev/null
+++ b/source3/lib/util_ea.h
@@ -0,0 +1,36 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB Extended attribute buffer handling
+ Copyright (C) Jeremy Allison 2005-2013
+ Copyright (C) Tim Prouty 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIB_UTIL_EA_H__
+#define __LIB_UTIL_EA_H__
+
+/****************************************************************************
+ Read one EA list entry from a buffer.
+****************************************************************************/
+
+struct ea_list *read_ea_list_entry(TALLOC_CTX *ctx, const char *pdata, size_t data_size, size_t *pbytes_used);
+
+/****************************************************************************
+ Read a list of EA names and data from an incoming data buffer. Create an ea_list with them.
+****************************************************************************/
+
+struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, const char *pdata, size_t data_size);
+
+#endif /* __LIB_UTIL_EA_H__ */
diff --git a/source3/lib/util_event.c b/source3/lib/util_event.c
new file mode 100644
index 0000000..ea7e7b7
--- /dev/null
+++ b/source3/lib/util_event.c
@@ -0,0 +1,102 @@
+/*
+ Unix SMB/CIFS implementation.
+ Timed event library.
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Volker Lendecke 2005-2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "util_event.h"
+
+struct idle_event {
+ struct tevent_timer *te;
+ struct timeval interval;
+ char *name;
+ bool (*handler)(const struct timeval *now, void *private_data);
+ void *private_data;
+};
+
+static void smbd_idle_event_handler(struct tevent_context *ctx,
+ struct tevent_timer *te,
+ struct timeval now,
+ void *private_data)
+{
+ struct idle_event *event =
+ talloc_get_type_abort(private_data, struct idle_event);
+
+ TALLOC_FREE(event->te);
+
+ DEBUG(10,("smbd_idle_event_handler: %s %p called\n",
+ event->name, event->te));
+
+ if (!event->handler(&now, event->private_data)) {
+ DEBUG(10,("smbd_idle_event_handler: %s %p stopped\n",
+ event->name, event->te));
+ /* Don't repeat, delete ourselves */
+ TALLOC_FREE(event);
+ return;
+ }
+
+ DEBUG(10,("smbd_idle_event_handler: %s %p rescheduled\n",
+ event->name, event->te));
+
+ event->te = tevent_add_timer(ctx, event,
+ timeval_sum(&now, &event->interval),
+ smbd_idle_event_handler, event);
+
+ /* We can't do much but fail here. */
+ SMB_ASSERT(event->te != NULL);
+}
+
+struct idle_event *event_add_idle(struct tevent_context *event_ctx,
+ TALLOC_CTX *mem_ctx,
+ struct timeval interval,
+ const char *name,
+ bool (*handler)(const struct timeval *now,
+ void *private_data),
+ void *private_data)
+{
+ struct idle_event *result;
+ struct timeval now = timeval_current();
+
+ result = talloc(mem_ctx, struct idle_event);
+ if (result == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return NULL;
+ }
+
+ result->interval = interval;
+ result->handler = handler;
+ result->private_data = private_data;
+
+ if (!(result->name = talloc_asprintf(result, "idle_evt(%s)", name))) {
+ DEBUG(0, ("talloc failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ result->te = tevent_add_timer(event_ctx, result,
+ timeval_sum(&now, &interval),
+ smbd_idle_event_handler, result);
+ if (result->te == NULL) {
+ DEBUG(0, ("event_add_timed failed\n"));
+ TALLOC_FREE(result);
+ return NULL;
+ }
+
+ DEBUG(10,("event_add_idle: %s %p\n", result->name, result->te));
+ return result;
+}
diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c
new file mode 100644
index 0000000..ba96eee
--- /dev/null
+++ b/source3/lib/util_file.c
@@ -0,0 +1,187 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include "lib/util_file.h"
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+#include "lib/util/sys_rw.h"
+#include "lib/util/sys_popen.h"
+#include "lib/async_req/async_sock.h"
+#include "lib/util/tevent_unix.h"
+
+struct file_ploadv_state {
+ struct tevent_context *ev;
+ struct tevent_req *subreq;
+ size_t maxsize;
+ int fd;
+ uint8_t *buf;
+};
+
+static void file_ploadv_cleanup_fn(
+ struct tevent_req *req, enum tevent_req_state req_state);
+static void file_ploadv_readable(struct tevent_req *subreq);
+
+struct tevent_req *file_ploadv_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ char * const argl[], size_t maxsize)
+{
+ struct tevent_req *req = NULL;
+ struct file_ploadv_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct file_ploadv_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->maxsize = maxsize;
+
+ state->fd = sys_popenv(argl);
+ if (state->fd == -1) {
+ tevent_req_error(req, errno);
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_cleanup_fn(req, file_ploadv_cleanup_fn);
+
+ state->subreq = wait_for_read_send(state, state->ev, state->fd, false);
+ if (tevent_req_nomem(state->subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->subreq, file_ploadv_readable, req);
+ return req;
+}
+
+static void file_ploadv_cleanup_fn(
+ struct tevent_req *req, enum tevent_req_state req_state)
+{
+ struct file_ploadv_state *state = tevent_req_data(
+ req, struct file_ploadv_state);
+
+ TALLOC_FREE(state->subreq);
+ if (state->fd != -1) {
+ sys_pclose(state->fd);
+ state->fd = -1;
+ }
+}
+
+static void file_ploadv_readable(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct file_ploadv_state *state = tevent_req_data(
+ req, struct file_ploadv_state);
+ uint8_t buf[1024];
+ uint8_t *tmp;
+ ssize_t nread;
+ size_t bufsize;
+ int err;
+ bool ok;
+
+ ok = wait_for_read_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ state->subreq = NULL;
+ if (!ok) {
+ tevent_req_error(req, err);
+ return;
+ }
+
+ nread = sys_read(state->fd, buf, sizeof(buf));
+ if (nread == -1) {
+ tevent_req_error(req, errno);
+ return;
+ }
+ if (nread == 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ bufsize = talloc_get_size(state->buf);
+ if (bufsize > 0) {
+ /*
+ * Last round we've added the trailing '\0'. Remove it
+ * for this round.
+ */
+ bufsize -= 1;
+ }
+
+ if (((bufsize + nread) < bufsize) ||
+ ((bufsize + nread + 1) < bufsize)) {
+ /* overflow */
+ tevent_req_error(req, EMSGSIZE);
+ return;
+ }
+
+ if ((state->maxsize != 0) && ((bufsize + nread) > state->maxsize)) {
+ tevent_req_error(req, EMSGSIZE);
+ return;
+ }
+
+ tmp = talloc_realloc(state, state->buf, uint8_t, bufsize + nread + 1);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+ }
+ state->buf = tmp;
+
+ memcpy(state->buf + bufsize, buf, nread);
+ state->buf[bufsize+nread] = '\0';
+
+ state->subreq = wait_for_read_send(state, state->ev, state->fd, false);
+ if (tevent_req_nomem(state->subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(state->subreq, file_ploadv_readable, req);
+}
+
+int file_ploadv_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **buf)
+{
+ struct file_ploadv_state *state = tevent_req_data(
+ req, struct file_ploadv_state);
+ int err;
+
+ if (tevent_req_is_unix_error(req, &err)) {
+ return err;
+ }
+ *buf = talloc_move(mem_ctx, &state->buf);
+
+ tevent_req_received(req);
+
+ return 0;
+}
+
+
+/**
+ Load a pipe into memory and return an array of pointers to lines in the data
+ must be freed with TALLOC_FREE.
+**/
+
+char **file_lines_ploadv(TALLOC_CTX *mem_ctx,
+ char * const argl[],
+ int *numlines)
+{
+ char *p = NULL;
+ size_t size;
+
+ p = file_ploadv(argl, &size);
+ if (!p) {
+ return NULL;
+ }
+
+ return file_lines_parse(p, size, numlines, mem_ctx);
+}
diff --git a/source3/lib/util_file.h b/source3/lib/util_file.h
new file mode 100644
index 0000000..1aef5a2
--- /dev/null
+++ b/source3/lib/util_file.h
@@ -0,0 +1,35 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_UTIL_FILE_H__
+#define __LIB_UTIL_FILE_H__
+
+#include "replace.h"
+#include <tevent.h>
+
+struct tevent_req *file_ploadv_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ char * const argl[], size_t maxsize);
+int file_ploadv_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **buf);
+char **file_lines_ploadv(TALLOC_CTX *mem_ctx,
+ char * const argl[],
+ int *numlines);
+
+#endif
diff --git a/source3/lib/util_macstreams.c b/source3/lib/util_macstreams.c
new file mode 100644
index 0000000..787ad88
--- /dev/null
+++ b/source3/lib/util_macstreams.c
@@ -0,0 +1,73 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Ralph Boehme 2019
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "MacExtensions.h"
+#include "util_macstreams.h"
+
+/* Yes, I have considered multibyte */
+#undef strncasecmp
+
+bool is_afpinfo_stream(const char *sname)
+{
+ int cmp;
+
+ if (sname == NULL) {
+ return false;
+ }
+
+ cmp = strncasecmp(sname,
+ AFPINFO_STREAM_NAME,
+ strlen(AFPINFO_STREAM_NAME));
+ if (cmp == 0) {
+ return true;
+ }
+ return false;
+}
+
+bool is_afpresource_stream(const char *sname)
+{
+ int cmp;
+
+ if (sname == NULL) {
+ return false;
+ }
+
+ cmp = strncasecmp(sname,
+ AFPRESOURCE_STREAM_NAME,
+ strlen(AFPRESOURCE_STREAM_NAME));
+ if (cmp == 0) {
+ return true;
+ }
+ return false;
+}
+
+/**
+ * Test whether stream is an Apple stream.
+ **/
+bool is_apple_stream(const char *sname)
+{
+ if (is_afpinfo_stream(sname)) {
+ return true;
+ }
+ if (is_afpresource_stream(sname)) {
+ return true;
+ }
+ return false;
+}
diff --git a/source3/lib/util_macstreams.h b/source3/lib/util_macstreams.h
new file mode 100644
index 0000000..ad50abc
--- /dev/null
+++ b/source3/lib/util_macstreams.h
@@ -0,0 +1,27 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Ralph Boehme 2019
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _UTIL_MACSTREAMS_H_
+#define _UTIL_MACSTREAMS_H_
+
+bool is_afpinfo_stream(const char *sname);
+bool is_afpresource_stream(const char *sname);
+bool is_apple_stream(const char *sname);
+
+#endif
diff --git a/source3/lib/util_malloc.c b/source3/lib/util_malloc.c
new file mode 100644
index 0000000..09586d5
--- /dev/null
+++ b/source3/lib/util_malloc.c
@@ -0,0 +1,122 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Jeremy Allison 2001-2007
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) James Peach 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#if defined(PARANOID_MALLOC_CHECKER)
+
+/****************************************************************************
+ Internal malloc wrapper. Externally visible.
+****************************************************************************/
+
+void *malloc_(size_t size)
+{
+ if (size == 0) {
+ return NULL;
+ }
+#undef malloc
+ return malloc(size);
+#define malloc(s) __ERROR_DONT_USE_MALLOC_DIRECTLY
+}
+
+/****************************************************************************
+ Internal realloc wrapper. Not externally visible.
+****************************************************************************/
+
+static void *realloc_(void *ptr, size_t size)
+{
+#undef realloc
+ return realloc(ptr, size);
+#define realloc(p,s) __ERROR_DONT_USE_REALLOC_DIRECTLY
+}
+
+#endif /* PARANOID_MALLOC_CHECKER */
+
+/****************************************************************************
+ Expand a pointer to be a particular size.
+ Note that this version of Realloc has an extra parameter that decides
+ whether to free the passed in storage on allocation failure or if the
+ new size is zero.
+
+ This is designed for use in the typical idiom of :
+
+ p = SMB_REALLOC(p, size)
+ if (!p) {
+ return error;
+ }
+
+ and not to have to keep track of the old 'p' contents to free later, nor
+ to worry if the size parameter was zero. In the case where NULL is returned
+ we guarantee that p has been freed.
+
+ If free later semantics are desired, then pass 'free_old_on_error' as False which
+ guarantees that the old contents are not freed on error, even if size == 0. To use
+ this idiom use :
+
+ tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
+ if (!tmp) {
+ SAFE_FREE(p);
+ return error;
+ } else {
+ p = tmp;
+ }
+
+ Changes were instigated by Coverity error checking. JRA.
+****************************************************************************/
+
+void *Realloc(void *p, size_t size, bool free_old_on_error)
+{
+ void *ret=NULL;
+
+ if (size == 0) {
+ if (free_old_on_error) {
+ SAFE_FREE(p);
+ }
+ DEBUG(2,("Realloc asked for 0 bytes\n"));
+ return NULL;
+ }
+
+#if defined(PARANOID_MALLOC_CHECKER)
+ if (!p) {
+ ret = (void *)malloc_(size);
+ } else {
+ ret = (void *)realloc_(p,size);
+ }
+#else
+ if (!p) {
+ ret = (void *)malloc(size);
+ } else {
+ ret = (void *)realloc(p,size);
+ }
+#endif
+
+ if (!ret) {
+ if (free_old_on_error && p) {
+ SAFE_FREE(p);
+ }
+ DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));
+ }
+
+ return(ret);
+}
+
diff --git a/source3/lib/util_matching.c b/source3/lib/util_matching.c
new file mode 100644
index 0000000..4a321f2
--- /dev/null
+++ b/source3/lib/util_matching.c
@@ -0,0 +1,391 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Stefan Metzmacher 2021
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/util_matching.h"
+#include "lib/util/string_wrappers.h"
+
+struct samba_path_matching_entry {
+ const char *name;
+ bool is_wild;
+ regex_t re;
+};
+
+struct samba_path_matching_result {
+ ssize_t replace_start;
+ ssize_t replace_end;
+ bool match;
+};
+
+struct samba_path_matching {
+ bool case_sensitive;
+ NTSTATUS (*matching_fn)(const struct samba_path_matching *pm,
+ const struct samba_path_matching_entry *e,
+ const char *namecomponent,
+ struct samba_path_matching_result *result);
+ size_t num_entries;
+ struct samba_path_matching_entry *entries;
+};
+
+static NTSTATUS samba_path_matching_split(TALLOC_CTX *mem_ctx,
+ const char *namelist_in,
+ struct samba_path_matching **ppm)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ char *name_end = NULL;
+ char *namelist = NULL;
+ char *namelist_end = NULL;
+ char *nameptr = NULL;
+ struct samba_path_matching *pm = NULL;
+ size_t num_entries = 0;
+ struct samba_path_matching_entry *entries = NULL;
+
+ *ppm = NULL;
+
+ pm = talloc_zero(mem_ctx, struct samba_path_matching);
+ if (pm == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ talloc_reparent(mem_ctx, frame, pm);
+
+ namelist = talloc_strdup(frame, namelist_in);
+ if (namelist == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ nameptr = namelist;
+
+ namelist_end = &namelist[strlen(namelist)];
+
+ /*
+ * We need to make two passes over the string. The
+ * first to count the number of elements, the second
+ * to split it.
+ *
+ * The 1st time entries is NULL.
+ * the 2nd time entries is allocated.
+ */
+again:
+ while (nameptr <= namelist_end) {
+ /* anything left? */
+ if (*nameptr == '\0') {
+ break;
+ }
+
+ if (*nameptr == '/') {
+ /* cope with multiple (useless) /s) */
+ nameptr++;
+ continue;
+ }
+
+ /* find the next '/' or consume remaining */
+ name_end = strchr_m(nameptr, '/');
+ if (entries != NULL) {
+ if (name_end != NULL) {
+ *name_end = '\0';
+ }
+ entries[num_entries].name = talloc_strdup(entries,
+ nameptr);
+ if (entries[num_entries].name == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ num_entries++;
+ if (name_end != NULL) {
+ /* next segment please */
+ nameptr = name_end + 1;
+ continue;
+ }
+
+ /* no entries remaining */
+ break;
+ }
+
+ if (num_entries == 0) {
+ /*
+ * No entries in the first round => we're done
+ */
+ goto done;
+ }
+
+ if (entries != NULL) {
+ /*
+ * We finished the 2nd round => we're done
+ */
+ goto done;
+ }
+
+ /*
+ * Now allocate the array and loop again
+ * in order to split the names.
+ */
+ entries = talloc_zero_array(pm,
+ struct samba_path_matching_entry,
+ num_entries);
+ if (entries == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ num_entries = 0;
+ nameptr = namelist;
+ goto again;
+
+done:
+ pm->num_entries = num_entries;
+ pm->entries = entries;
+ *ppm = talloc_move(mem_ctx, &pm);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+};
+
+static NTSTATUS samba_path_create_mswild_fn(const struct samba_path_matching *pm,
+ const struct samba_path_matching_entry *e,
+ const char *namecomponent,
+ struct samba_path_matching_result *result)
+{
+ bool match = false;
+
+ if (e->is_wild) {
+ match = mask_match(namecomponent, e->name, pm->case_sensitive);
+ } else if (pm->case_sensitive) {
+ match = (strcmp(namecomponent, e->name) == 0);
+ } else {
+ match = (strcasecmp_m(namecomponent, e->name) == 0);
+ }
+
+ *result = (struct samba_path_matching_result) {
+ .match = match,
+ .replace_start = -1,
+ .replace_end = -1,
+ };
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS samba_path_matching_mswild_create(TALLOC_CTX *mem_ctx,
+ bool case_sensitive,
+ const char *namelist_in,
+ struct samba_path_matching **ppm)
+{
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct samba_path_matching *pm = NULL;
+ size_t i;
+
+ *ppm = NULL;
+
+ status = samba_path_matching_split(mem_ctx, namelist_in, &pm);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+ talloc_reparent(mem_ctx, frame, pm);
+
+ for (i = 0; i < pm->num_entries; i++) {
+ struct samba_path_matching_entry *e = &pm->entries[i];
+
+ e->is_wild = ms_has_wild(e->name);
+ }
+
+ pm->case_sensitive = case_sensitive;
+ pm->matching_fn = samba_path_create_mswild_fn;
+ *ppm = talloc_move(mem_ctx, &pm);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+};
+
+static int samba_path_matching_regex_sub1_destructor(struct samba_path_matching *pm)
+{
+ ssize_t i;
+
+ for (i = 0; i < pm->num_entries; i++) {
+ struct samba_path_matching_entry *e = &pm->entries[i];
+
+ regfree(&e->re);
+ }
+
+ pm->num_entries = 0;
+
+ return 0;
+}
+
+static NTSTATUS samba_path_create_regex_sub1_fn(const struct samba_path_matching *pm,
+ const struct samba_path_matching_entry *e,
+ const char *namecomponent,
+ struct samba_path_matching_result *result)
+{
+ if (e->re.re_nsub == 1) {
+ regmatch_t matches[2] = { };
+ int ret;
+
+ ret = regexec(&e->re, namecomponent, 2, matches, 0);
+ if (ret == 0) {
+ *result = (struct samba_path_matching_result) {
+ .match = true,
+ .replace_start = matches[1].rm_so,
+ .replace_end = matches[1].rm_eo,
+ };
+
+ return NT_STATUS_OK;
+ }
+ }
+
+ *result = (struct samba_path_matching_result) {
+ .match = false,
+ .replace_start = -1,
+ .replace_end = -1,
+ };
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS samba_path_matching_regex_sub1_create(TALLOC_CTX *mem_ctx,
+ const char *namelist_in,
+ struct samba_path_matching **ppm)
+{
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct samba_path_matching *pm = NULL;
+ ssize_t i;
+
+ *ppm = NULL;
+
+ status = samba_path_matching_split(mem_ctx, namelist_in, &pm);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+ talloc_reparent(mem_ctx, frame, pm);
+
+ for (i = 0; i < pm->num_entries; i++) {
+ struct samba_path_matching_entry *e = &pm->entries[i];
+ int ret;
+
+ ret = regcomp(&e->re, e->name, 0);
+ if (ret != 0) {
+ fstring buf = { 0,};
+
+ regerror(ret, &e->re, buf, sizeof(buf));
+
+ DBG_ERR("idx[%zu] regcomp: /%s/ - %d - %s\n",
+ i, e->name, ret, buf);
+
+ status = NT_STATUS_INVALID_PARAMETER;
+ i--;
+ goto cleanup;
+ }
+
+ if (e->re.re_nsub != 1) {
+ DBG_ERR("idx[%zu] regcomp: /%s/ - re_nsub[%zu] != 1\n",
+ i, e->name, e->re.re_nsub);
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto cleanup;
+ }
+ }
+
+ talloc_set_destructor(pm, samba_path_matching_regex_sub1_destructor);
+
+ pm->case_sensitive = true;
+ pm->matching_fn = samba_path_create_regex_sub1_fn;
+ *ppm = talloc_move(mem_ctx, &pm);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+
+cleanup:
+ for (; i >= 0; i--) {
+ struct samba_path_matching_entry *e = &pm->entries[i];
+
+ regfree(&e->re);
+ }
+
+ TALLOC_FREE(frame);
+ return status;
+};
+
+NTSTATUS samba_path_matching_check_last_component(struct samba_path_matching *pm,
+ const char *name,
+ ssize_t *p_match_idx,
+ ssize_t *p_replace_start,
+ ssize_t *p_replace_end)
+{
+ struct samba_path_matching_result result = {
+ .match = false,
+ .replace_start = -1,
+ .replace_end = -1,
+ };
+ ssize_t match_idx = -1;
+ NTSTATUS status = NT_STATUS_OK;
+ const char *last_component = NULL;
+ size_t i;
+
+ if (pm->num_entries == 0) {
+ goto finish;
+ }
+
+ /* Get the last component of the unix name. */
+ last_component = strrchr_m(name, '/');
+ if (last_component == NULL) {
+ last_component = name;
+ } else {
+ last_component++; /* Go past '/' */
+ }
+
+ for (i = 0; i < pm->num_entries; i++) {
+ struct samba_path_matching_entry *e = &pm->entries[i];
+
+ status = pm->matching_fn(pm, e, last_component, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ result = (struct samba_path_matching_result) {
+ .match = false,
+ .replace_start = -1,
+ .replace_end = -1,
+ };
+ goto finish;
+ }
+
+ if (result.match) {
+ match_idx = i;
+ goto finish;
+ }
+ }
+
+finish:
+ *p_match_idx = match_idx;
+ if (p_replace_start != NULL) {
+ size_t last_ofs = 0;
+
+ if (result.replace_start >= 0) {
+ last_ofs = PTR_DIFF(last_component, name);
+ }
+
+ *p_replace_start = last_ofs + result.replace_start;
+ }
+ if (p_replace_end != NULL) {
+ size_t last_ofs = 0;
+
+ if (result.replace_end >= 0) {
+ last_ofs = PTR_DIFF(last_component, name);
+ }
+
+ *p_replace_end = last_ofs + result.replace_end;
+ }
+ return status;
+}
diff --git a/source3/lib/util_matching.h b/source3/lib/util_matching.h
new file mode 100644
index 0000000..5abe40e
--- /dev/null
+++ b/source3/lib/util_matching.h
@@ -0,0 +1,40 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Stefan Metzmacher 2021
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAMBA_LIB_UTIL_MATCHING_H_
+#define _SAMBA_LIB_UTIL_MATCHING_H_
+
+struct samba_path_matching;
+
+NTSTATUS samba_path_matching_mswild_create(TALLOC_CTX *mem_ctx,
+ bool case_sensitive,
+ const char *namelist_in,
+ struct samba_path_matching **ppm);
+
+NTSTATUS samba_path_matching_regex_sub1_create(TALLOC_CTX *mem_ctx,
+ const char *namelist_in,
+ struct samba_path_matching **ppm);
+
+NTSTATUS samba_path_matching_check_last_component(struct samba_path_matching *pm,
+ const char *name,
+ ssize_t *p_match_idx,
+ ssize_t *p_replace_start,
+ ssize_t *p_replace_end);
+
+#endif /* _SAMBA_LIB_UTIL_MATCHING_H_ */
diff --git a/source3/lib/util_names.c b/source3/lib/util_names.c
new file mode 100644
index 0000000..b62ddb3
--- /dev/null
+++ b/source3/lib/util_names.c
@@ -0,0 +1,86 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Jeremy Allison 2001-2007
+ Copyright (C) Simo Sorce 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) James Peach 2006
+ Copyright (C) Andrew Bartlett 2010-2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+/******************************************************************
+ get the default domain/netbios name to be used when dealing
+ with our passdb list of accounts
+******************************************************************/
+
+const char *get_global_sam_name(void)
+{
+ if (IS_DC) {
+ return lp_workgroup();
+ }
+ return lp_netbios_name();
+}
+
+
+/******************************************************************
+ Get the default domain/netbios name to be used when
+ testing authentication.
+******************************************************************/
+
+const char *my_sam_name(void)
+{
+ if (lp_server_role() == ROLE_STANDALONE) {
+ return lp_netbios_name();
+ }
+
+ return lp_workgroup();
+}
+
+bool is_allowed_domain(const char *domain_name)
+{
+ const char **ignored_domains = NULL;
+ const char **dom = NULL;
+
+ ignored_domains = lp_parm_string_list(-1,
+ "winbind",
+ "ignore domains",
+ NULL);
+
+ for (dom = ignored_domains; dom != NULL && *dom != NULL; dom++) {
+ if (gen_fnmatch(*dom, domain_name) == 0) {
+ DBG_NOTICE("Ignoring domain '%s'\n", domain_name);
+ return false;
+ }
+ }
+
+ if (lp_allow_trusted_domains()) {
+ return true;
+ }
+
+ if (strequal(lp_workgroup(), domain_name)) {
+ return true;
+ }
+
+ if (is_myname(domain_name)) {
+ return true;
+ }
+
+ DBG_NOTICE("Not trusted domain '%s'\n", domain_name);
+ return false;
+}
diff --git a/source3/lib/util_nscd.c b/source3/lib/util_nscd.c
new file mode 100644
index 0000000..6002f14
--- /dev/null
+++ b/source3/lib/util_nscd.c
@@ -0,0 +1,45 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Guenther Deschner 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+#ifdef HAVE_LIBNSCD
+#include <libnscd.h>
+#endif
+
+static void smb_nscd_flush_cache(const char *service)
+{
+#ifdef HAVE_NSCD_FLUSH_CACHE
+ if (nscd_flush_cache(service)) {
+ DEBUG(10,("failed to flush nscd cache for '%s' service: %s. "
+ "Is nscd running?\n",
+ service, strerror(errno)));
+ }
+#endif
+}
+
+void smb_nscd_flush_user_cache(void)
+{
+ smb_nscd_flush_cache("passwd");
+}
+
+void smb_nscd_flush_group_cache(void)
+{
+ smb_nscd_flush_cache("group");
+}
diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c
new file mode 100644
index 0000000..925b79c
--- /dev/null
+++ b/source3/lib/util_nttoken.c
@@ -0,0 +1,103 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Authentication utility functions
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Copyright (C) Andrew Bartlett 2001-2023
+ * Copyright (C) Jeremy Allison 2000-2001
+ * Copyright (C) Rafal Szczesniak 2002
+ * Copyright (C) Volker Lendecke 2006
+ * Copyright (C) Michael Adam 2007
+ * Copyright (C) Guenther Deschner 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* function(s) moved from auth/auth_util.c to minimize linker deps */
+
+#include "includes.h"
+#include "../libcli/security/security.h"
+
+/****************************************************************************
+ merge NT tokens
+****************************************************************************/
+
+NTSTATUS merge_with_system_token(TALLOC_CTX *mem_ctx,
+ const struct security_token *token_1,
+ struct security_token **token_out)
+{
+ const struct security_token *token_2 = get_system_token();
+ struct security_token *token = NULL;
+ NTSTATUS status;
+ uint32_t i;
+
+ if (!token_1 || !token_2 || !token_out) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ token = talloc_zero(mem_ctx, struct security_token);
+ NT_STATUS_HAVE_NO_MEMORY(token);
+
+ for (i=0; i < token_1->num_sids; i++) {
+ status = add_sid_to_array_unique(mem_ctx,
+ &token_1->sids[i],
+ &token->sids,
+ &token->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(token);
+ return status;
+ }
+ }
+
+ for (i=0; i < token_2->num_sids; i++) {
+ status = add_sid_to_array_unique(mem_ctx,
+ &token_2->sids[i],
+ &token->sids,
+ &token->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(token);
+ return status;
+ }
+ }
+
+ token->privilege_mask |= token_1->privilege_mask;
+ token->privilege_mask |= token_2->privilege_mask;
+
+ token->rights_mask |= token_1->rights_mask;
+ token->rights_mask |= token_2->rights_mask;
+
+ /*
+ * We don't need to merge claims as the system token has no
+ * claims
+ */
+
+ *token_out = token;
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Check if this struct security_ace has a SID in common with the token.
+********************************************************************/
+
+bool token_sid_in_ace(const struct security_token *token, const struct security_ace *ace)
+{
+ size_t i;
+
+ for (i = 0; i < token->num_sids; i++) {
+ if (dom_sid_equal(&ace->trustee, &token->sids[i]))
+ return true;
+ }
+
+ return false;
+}
diff --git a/source3/lib/util_path.c b/source3/lib/util_path.c
new file mode 100644
index 0000000..a7d1a8b
--- /dev/null
+++ b/source3/lib/util_path.c
@@ -0,0 +1,350 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba utility functions
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Copyright (C) Jeremy Allison 2001-2007
+ * Copyright (C) Simo Sorce 2001
+ * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ * Copyright (C) James Peach 2006
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include <talloc.h>
+#include "lib/util/debug.h"
+#include "lib/util/samba_util.h"
+#include "lib/util_path.h"
+
+struct loadparm_substitution;
+struct share_params;
+#include "source3/param/param_proto.h"
+
+/**
+ * @brief Returns an absolute path to a file concatenating the provided
+ * @a rootpath and @a basename
+ *
+ * @param name Filename, relative to @a rootpath
+ *
+ * @retval Pointer to a string containing the full path.
+ **/
+
+static char *xx_path(TALLOC_CTX *mem_ctx,
+ const char *name,
+ const char *rootpath)
+{
+ char *fname = NULL;
+
+ fname = talloc_strdup(mem_ctx, rootpath);
+ if (!fname) {
+ return NULL;
+ }
+ trim_string(fname,"","/");
+
+ if (!directory_create_or_exist(fname, 0755)) {
+ return NULL;
+ }
+
+ return talloc_asprintf_append(fname, "/%s", name);
+}
+
+/**
+ * @brief Returns an absolute path to a file in the Samba lock directory.
+ *
+ * @param name File to find, relative to LOCKDIR.
+ *
+ * @retval Pointer to a talloc'ed string containing the full path.
+ **/
+
+char *lock_path(TALLOC_CTX *mem_ctx, const char *name)
+{
+ return xx_path(mem_ctx, name, lp_lock_directory());
+}
+
+/**
+ * @brief Returns an absolute path to a file in the Samba state directory.
+ *
+ * @param name File to find, relative to STATEDIR.
+ *
+ * @retval Pointer to a talloc'ed string containing the full path.
+ **/
+
+char *state_path(TALLOC_CTX *mem_ctx, const char *name)
+{
+ return xx_path(mem_ctx, name, lp_state_directory());
+}
+
+/**
+ * @brief Returns an absolute path to a file in the Samba cache directory.
+ *
+ * @param name File to find, relative to CACHEDIR.
+ *
+ * @retval Pointer to a talloc'ed string containing the full path.
+ **/
+
+char *cache_path(TALLOC_CTX *mem_ctx, const char *name)
+{
+ return xx_path(mem_ctx, name, lp_cache_directory());
+}
+
+/**
+ * @brief Removes any invalid path components in an absolute POSIX path.
+ *
+ * @param ctx Talloc context to return string.
+ *
+ * @param abs_path Absolute path string to process.
+ *
+ * @retval Pointer to a talloc'ed string containing the absolute full path.
+ **/
+
+char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *pathname_in)
+{
+ /*
+ * Note we use +2 here so if pathname_in=="" then we
+ * have space to return "/".
+ */
+ char *pathname = talloc_array(ctx, char, strlen(pathname_in)+2);
+ const char *s = pathname_in;
+ char *p = pathname;
+
+ if (pathname == NULL) {
+ return NULL;
+ }
+
+ /* Always start with a '/'. */
+ *p++ = '/';
+
+ while (*s) {
+ /* Deal with '/' or multiples of '/'. */
+ if (s[0] == '/') {
+ while (s[0] == '/') {
+ /* Eat trailing '/' */
+ s++;
+ }
+ /* Update target with one '/' */
+ if (p[-1] != '/') {
+ *p++ = '/';
+ }
+ continue;
+ }
+ if (p[-1] == '/') {
+ /* Deal with "./" or ".\0" */
+ if (s[0] == '.' &&
+ (s[1] == '/' || s[1] == '\0')) {
+ /* Eat the dot. */
+ s++;
+ while (s[0] == '/') {
+ /* Eat any trailing '/' */
+ s++;
+ }
+ /* Don't write anything to target. */
+ continue;
+ }
+ /* Deal with "../" or "..\0" */
+ if (s[0] == '.' && s[1] == '.' &&
+ (s[2] == '/' || s[2] == '\0')) {
+ /* Eat the dot dot. */
+ s += 2;
+ while (s[0] == '/') {
+ /* Eat any trailing '/' */
+ s++;
+ }
+ /*
+ * As we're on the slash, we go back
+ * one character to point p at the
+ * slash we just saw.
+ */
+ if (p > pathname) {
+ p--;
+ }
+ /*
+ * Now go back to the slash
+ * before the one that p currently points to.
+ */
+ while (p > pathname) {
+ p--;
+ if (p[0] == '/') {
+ break;
+ }
+ }
+ /*
+ * Step forward one to leave the
+ * last written '/' alone.
+ */
+ p++;
+
+ /* Don't write anything to target. */
+ continue;
+ }
+ }
+ /* Non-separator character, just copy. */
+ *p++ = *s++;
+ }
+ if (p[-1] == '/') {
+ /*
+ * We finished on a '/'.
+ * Remove the trailing '/', but not if it's
+ * the sole character in the path.
+ */
+ if (p > pathname + 1) {
+ p--;
+ }
+ }
+ /* Terminate and we're done ! */
+ *p++ = '\0';
+ return pathname;
+}
+
+static bool find_snapshot_token(
+ const char *filename,
+ char sep,
+ const char **_start,
+ const char **_next_component,
+ NTTIME *twrp)
+{
+ const char *start = NULL;
+ const char *end = NULL;
+ struct tm tm = {};
+ time_t t;
+
+ start = strstr_m(filename, "@GMT-");
+
+ if (start == NULL) {
+ return false;
+ }
+
+ if ((start > filename) && (start[-1] != sep)) {
+ /* the GMT-token does not start a path-component */
+ return false;
+ }
+
+ end = strptime(start, GMT_FORMAT, &tm);
+ if (end == NULL) {
+ /* Not a valid timestring. */
+ return false;
+ }
+
+ if ((end[0] != '\0') && (end[0] != sep)) {
+ /*
+ * It is not a complete path component, i.e. the path
+ * component continues after the gmt-token.
+ */
+ return false;
+ }
+
+ tm.tm_isdst = -1;
+ t = timegm(&tm);
+ unix_to_nt_time(twrp, t);
+
+ DBG_DEBUG("Extracted @GMT-Timestamp %s\n",
+ nt_time_string(talloc_tos(), *twrp));
+
+ *_start = start;
+
+ if (end[0] == sep) {
+ end += 1;
+ }
+ *_next_component = end;
+
+ return true;
+}
+
+bool clistr_is_previous_version_path(const char *path)
+{
+ const char *start = NULL;
+ const char *next = NULL;
+ NTTIME twrp;
+ bool ok;
+
+ ok = find_snapshot_token(path, '\\', &start, &next, &twrp);
+ return ok;
+}
+
+static bool extract_snapshot_token_internal(char *fname, NTTIME *twrp, char sep)
+{
+ const char *start = NULL;
+ const char *next = NULL;
+ size_t remaining;
+ bool found;
+
+ found = find_snapshot_token(fname, sep, &start, &next, twrp);
+ if (!found) {
+ return false;
+ }
+
+ remaining = strlen(next);
+ memmove(discard_const_p(char, start), next, remaining+1);
+
+ return true;
+}
+
+bool extract_snapshot_token(char *fname, NTTIME *twrp)
+{
+ return extract_snapshot_token_internal(fname, twrp, '/');
+}
+
+bool clistr_smb2_extract_snapshot_token(char *fname, NTTIME *twrp)
+{
+ return extract_snapshot_token_internal(fname, twrp, '\\');
+}
+
+/*
+ * Take two absolute paths, figure out if "subdir" is a proper
+ * subdirectory of "parent". Return the component relative to the
+ * "parent" without the potential "/". Take care of "parent"
+ * possibly ending in "/".
+ */
+bool subdir_of(const char *parent,
+ size_t parent_len,
+ const char *subdir,
+ const char **_relative)
+{
+ const char *relative = NULL;
+ bool matched;
+
+ SMB_ASSERT(parent[0] == '/');
+ SMB_ASSERT(subdir[0] == '/');
+
+ if (parent_len == 1) {
+ /*
+ * Everything is below "/"
+ */
+ *_relative = subdir+1;
+ return true;
+ }
+
+ if (parent[parent_len-1] == '/') {
+ parent_len -= 1;
+ }
+
+ matched = (strncmp(subdir, parent, parent_len) == 0);
+ if (!matched) {
+ return false;
+ }
+
+ relative = &subdir[parent_len];
+
+ if (relative[0] == '\0') {
+ *_relative = relative; /* nothing left */
+ return true;
+ }
+
+ if (relative[0] == '/') {
+ /* End of parent must match a '/' in subdir. */
+ *_relative = relative+1;
+ return true;
+ }
+
+ return false;
+}
diff --git a/source3/lib/util_path.h b/source3/lib/util_path.h
new file mode 100644
index 0000000..9dcc1dd
--- /dev/null
+++ b/source3/lib/util_path.h
@@ -0,0 +1,55 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba utility functions
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Copyright (C) Jeremy Allison 2001-2007
+ * Copyright (C) Simo Sorce 2001
+ * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ * Copyright (C) James Peach 2006
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_UTIL_PATH_H__
+#define __LIB_UTIL_PATH_H__
+
+#include "replace.h"
+#include <talloc.h>
+#include "lib/util/time.h"
+
+/*
+ * Timestamp format used in "previous versions":
+ * This is the windows-level format of the @GMT- token.
+ * It is a fixed format not to be confused with the
+ * format for the POSIX-Level token of the shadow_copy2
+ * VFS module that can be configured via the "shadow:format"
+ * configuration option but defaults to the same format.
+ * See the shadow_copy2 module.
+ */
+#define GMT_NAME_LEN 24 /* length of a @GMT- name */
+#define GMT_FORMAT "@GMT-%Y.%m.%d-%H.%M.%S"
+
+char *lock_path(TALLOC_CTX *mem_ctx, const char *name);
+char *state_path(TALLOC_CTX *mem_ctx, const char *name);
+char *cache_path(TALLOC_CTX *mem_ctx, const char *name);
+char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path);
+bool extract_snapshot_token(char *fname, NTTIME *twrp);
+bool clistr_smb2_extract_snapshot_token(char *fname, NTTIME *twrp);
+bool clistr_is_previous_version_path(const char *path);
+bool subdir_of(const char *parent,
+ size_t parent_len,
+ const char *subdir,
+ const char **_relative);
+
+#endif
diff --git a/source3/lib/util_procid.c b/source3/lib/util_procid.c
new file mode 100644
index 0000000..5a4c081
--- /dev/null
+++ b/source3/lib/util_procid.c
@@ -0,0 +1,69 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba utility functions
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Copyright (C) Jeremy Allison 2001-2007
+ * Copyright (C) Simo Sorce 2001
+ * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ * Copyright (C) James Peach 2006
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "util_procid.h"
+#include "lib/util/debug.h"
+#include "lib/messaging/messages_dgm.h"
+
+pid_t procid_to_pid(const struct server_id *proc)
+{
+ return proc->pid;
+}
+
+static uint32_t my_vnn = NONCLUSTER_VNN;
+
+void set_my_vnn(uint32_t vnn)
+{
+ DEBUG(10, ("vnn pid %d = %u\n", (int)getpid(), (unsigned int)vnn));
+ my_vnn = vnn;
+}
+
+uint32_t get_my_vnn(void)
+{
+ return my_vnn;
+}
+
+struct server_id pid_to_procid(pid_t pid)
+{
+ uint64_t unique = 0;
+ int ret;
+
+ ret = messaging_dgm_get_unique(pid, &unique);
+ if (ret != 0) {
+ DBG_NOTICE("messaging_dgm_get_unique failed: %s\n",
+ strerror(ret));
+ }
+
+ return (struct server_id) {
+ .pid = pid, .unique_id = unique, .vnn = my_vnn };
+}
+
+bool procid_valid(const struct server_id *pid)
+{
+ return (pid->pid != (uint64_t)-1);
+}
+
+bool procid_is_local(const struct server_id *pid)
+{
+ return pid->vnn == my_vnn;
+}
diff --git a/source3/lib/util_procid.h b/source3/lib/util_procid.h
new file mode 100644
index 0000000..9637363
--- /dev/null
+++ b/source3/lib/util_procid.h
@@ -0,0 +1,37 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Samba utility functions
+ * Copyright (C) Andrew Tridgell 1992-1998
+ * Copyright (C) Jeremy Allison 2001-2007
+ * Copyright (C) Simo Sorce 2001
+ * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ * Copyright (C) James Peach 2006
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_UTIL_PROCID_H__
+#define __LIB_UTIL_PROCID_H__
+
+#include "replace.h"
+#include "librpc/gen_ndr/server_id.h"
+
+pid_t procid_to_pid(const struct server_id *proc);
+void set_my_vnn(uint32_t vnn);
+uint32_t get_my_vnn(void);
+struct server_id pid_to_procid(pid_t pid);
+bool procid_valid(const struct server_id *pid);
+bool procid_is_local(const struct server_id *pid);
+
+#endif
diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c
new file mode 100644
index 0000000..23f37b7
--- /dev/null
+++ b/source3/lib/util_sd.c
@@ -0,0 +1,626 @@
+/*
+ Unix SMB/CIFS implementation.
+ Security Descriptor (SD) helper functions
+
+ Copyright (C) Andrew Tridgell 2000
+ Copyright (C) Tim Potter 2000
+ Copyright (C) Jeremy Allison 2000
+ Copyright (C) Jelmer Vernooij 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "util_sd.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "../libcli/security/security.h"
+#include "rpc_client/cli_pipe.h"
+#include "rpc_client/cli_lsarpc.h"
+#include "lib/util/string_wrappers.h"
+
+/* These values discovered by inspection */
+
+struct perm_value {
+ const char *perm;
+ uint32_t mask;
+};
+
+static const struct perm_value special_values[] = {
+ { "R", SEC_RIGHTS_FILE_READ },
+ { "W", SEC_RIGHTS_FILE_WRITE },
+ { "X", SEC_RIGHTS_FILE_EXECUTE },
+ { "D", SEC_STD_DELETE },
+ { "P", SEC_STD_WRITE_DAC },
+ { "O", SEC_STD_WRITE_OWNER },
+ { NULL, 0 },
+};
+
+static const struct perm_value standard_values[] = {
+ { "READ", SEC_RIGHTS_DIR_READ|SEC_DIR_TRAVERSE },
+ { "CHANGE", SEC_RIGHTS_DIR_READ|SEC_STD_DELETE|\
+ SEC_DIR_DELETE_CHILD|\
+ SEC_RIGHTS_DIR_WRITE|SEC_DIR_TRAVERSE },
+ { "FULL", SEC_RIGHTS_DIR_ALL },
+ { NULL, 0 },
+};
+
+static const struct {
+ uint16_t mask;
+ const char *str;
+ const char *desc;
+} sec_desc_ctrl_bits[] = {
+ {SEC_DESC_OWNER_DEFAULTED, "OD", "Owner Defaulted"},
+ {SEC_DESC_GROUP_DEFAULTED, "GD", "Group Defaulted"},
+ {SEC_DESC_DACL_PRESENT, "DP", "DACL Present"},
+ {SEC_DESC_DACL_DEFAULTED, "DD", "DACL Defaulted"},
+ {SEC_DESC_SACL_PRESENT, "SP", "SACL Present"},
+ {SEC_DESC_SACL_DEFAULTED, "SD", "SACL Defaulted"},
+ {SEC_DESC_DACL_TRUSTED, "DT", "DACL Trusted"},
+ {SEC_DESC_SERVER_SECURITY, "SS", "Server Security"},
+ {SEC_DESC_DACL_AUTO_INHERIT_REQ, "DR", "DACL Inheritance Required"},
+ {SEC_DESC_SACL_AUTO_INHERIT_REQ, "SR", "SACL Inheritance Required"},
+ {SEC_DESC_DACL_AUTO_INHERITED, "DI", "DACL Auto Inherited"},
+ {SEC_DESC_SACL_AUTO_INHERITED, "SI", "SACL Auto Inherited"},
+ {SEC_DESC_DACL_PROTECTED, "PD", "DACL Protected"},
+ {SEC_DESC_SACL_PROTECTED, "PS", "SACL Protected"},
+ {SEC_DESC_RM_CONTROL_VALID, "RM", "RM Control Valid"},
+ {SEC_DESC_SELF_RELATIVE , "SR", "Self Relative"},
+};
+
+/* Open cli connection and policy handle */
+static NTSTATUS cli_lsa_lookup_sid(struct cli_state *cli,
+ const struct dom_sid *sid,
+ TALLOC_CTX *mem_ctx,
+ enum lsa_SidType *type,
+ char **domain, char **name)
+{
+ struct smbXcli_tcon *orig_tcon = NULL;
+ char *orig_share = NULL;
+ struct rpc_pipe_client *p = NULL;
+ struct policy_handle handle;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ enum lsa_SidType *types;
+ char **domains;
+ char **names;
+
+ if (cli_state_has_tcon(cli)) {
+ cli_state_save_tcon_share(cli, &orig_tcon, &orig_share);
+ }
+
+ status = cli_tree_connect(cli, "IPC$", "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto tcon_fail;
+ }
+
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
+ &p);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = rpccli_lsa_open_policy(p, talloc_tos(), True,
+ GENERIC_EXECUTE_ACCESS, &handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = rpccli_lsa_lookup_sids(p, talloc_tos(), &handle, 1, sid,
+ &domains, &names, &types);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ *type = types[0];
+ *domain = talloc_move(mem_ctx, &domains[0]);
+ *name = talloc_move(mem_ctx, &names[0]);
+
+ status = NT_STATUS_OK;
+ fail:
+ TALLOC_FREE(p);
+ cli_tdis(cli);
+ tcon_fail:
+ cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/* convert a SID to a string, either numeric or username/group */
+void SidToString(struct cli_state *cli, fstring str, const struct dom_sid *sid,
+ bool numeric)
+{
+ char *domain = NULL;
+ char *name = NULL;
+ enum lsa_SidType type;
+ NTSTATUS status;
+
+ sid_to_fstring(str, sid);
+
+ if (numeric || cli == NULL) {
+ return;
+ }
+
+ status = cli_lsa_lookup_sid(cli, sid, talloc_tos(), &type,
+ &domain, &name);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return;
+ }
+
+ if (*domain) {
+ slprintf(str, sizeof(fstring) - 1, "%s%s%s",
+ domain, lp_winbind_separator(), name);
+ } else {
+ fstrcpy(str, name);
+ }
+}
+
+static NTSTATUS cli_lsa_lookup_name(struct cli_state *cli,
+ const char *name,
+ enum lsa_SidType *type,
+ struct dom_sid *sid)
+{
+ struct smbXcli_tcon *orig_tcon = NULL;
+ char *orig_share = NULL;
+ struct rpc_pipe_client *p = NULL;
+ struct policy_handle handle;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct dom_sid *sids;
+ enum lsa_SidType *types;
+
+ if (cli_state_has_tcon(cli)) {
+ cli_state_save_tcon_share(cli, &orig_tcon, &orig_share);
+ }
+
+ status = cli_tree_connect(cli, "IPC$", "?????", NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto tcon_fail;
+ }
+
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_lsarpc,
+ &p);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = rpccli_lsa_open_policy(p, talloc_tos(), True,
+ GENERIC_EXECUTE_ACCESS, &handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = rpccli_lsa_lookup_names(p, talloc_tos(), &handle, 1, &name,
+ NULL, 1, &sids, &types);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ *type = types[0];
+ *sid = sids[0];
+
+ status = NT_STATUS_OK;
+ fail:
+ TALLOC_FREE(p);
+ cli_tdis(cli);
+ tcon_fail:
+ cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/* convert a string to a SID, either numeric or username/group */
+bool StringToSid(struct cli_state *cli, struct dom_sid *sid, const char *str)
+{
+ enum lsa_SidType type;
+
+ if (string_to_sid(sid, str)) {
+ return true;
+ }
+
+ if (cli == NULL) {
+ return false;
+ }
+
+ return NT_STATUS_IS_OK(cli_lsa_lookup_name(cli, str, &type, sid));
+}
+
+static void print_ace_flags(FILE *f, uint8_t flags)
+{
+ char *str = talloc_strdup(NULL, "");
+ size_t len;
+
+ if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
+ talloc_asprintf_addbuf(&str, "OI|");
+ }
+ if (flags & SEC_ACE_FLAG_CONTAINER_INHERIT) {
+ talloc_asprintf_addbuf(&str, "CI|");
+ }
+ if (flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
+ talloc_asprintf_addbuf(&str, "NP|");
+ }
+ if (flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+ talloc_asprintf_addbuf(&str, "IO|");
+ }
+ if (flags & SEC_ACE_FLAG_INHERITED_ACE) {
+ talloc_asprintf_addbuf(&str, "I|");
+ }
+ if (str == NULL) {
+ goto out;
+ }
+
+ /* Ignore define SEC_ACE_FLAG_SUCCESSFUL_ACCESS ( 0x40 )
+ and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're
+ audit ace flags. */
+
+ len = strlen(str);
+ if (len > 0) {
+ fprintf(f, "/%.*s/", (int)len-1, str);
+ } else {
+ fprintf(f, "/0x%x/", flags);
+ }
+ TALLOC_FREE(str);
+ return;
+
+ out:
+ fprintf(f, "/0x%x/", flags);
+}
+
+/* print an ACE on a FILE, using either numeric or ascii representation */
+void print_ace(struct cli_state *cli, FILE *f, struct security_ace *ace,
+ bool numeric)
+{
+ const struct perm_value *v;
+ fstring sidstr;
+ int do_print = 0;
+ uint32_t got_mask;
+
+ SidToString(cli, sidstr, &ace->trustee, numeric);
+
+ fprintf(f, "%s:", sidstr);
+
+ if (numeric) {
+ fprintf(f, "%d/0x%x/0x%08x",
+ ace->type, ace->flags, ace->access_mask);
+ return;
+ }
+
+ /* Ace type */
+
+ if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
+ fprintf(f, "ALLOWED");
+ } else if (ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
+ fprintf(f, "DENIED");
+ } else {
+ fprintf(f, "%d", ace->type);
+ }
+
+ print_ace_flags(f, ace->flags);
+
+ /* Standard permissions */
+
+ for (v = standard_values; v->perm; v++) {
+ if (ace->access_mask == v->mask) {
+ fprintf(f, "%s", v->perm);
+ return;
+ }
+ }
+
+ /* Special permissions. Print out a hex value if we have
+ leftover bits in the mask. */
+
+ got_mask = ace->access_mask;
+
+ again:
+ for (v = special_values; v->perm; v++) {
+ if ((ace->access_mask & v->mask) == v->mask) {
+ if (do_print) {
+ fprintf(f, "%s", v->perm);
+ }
+ got_mask &= ~v->mask;
+ }
+ }
+
+ if (!do_print) {
+ if (got_mask != 0) {
+ fprintf(f, "0x%08x", ace->access_mask);
+ } else {
+ do_print = 1;
+ goto again;
+ }
+ }
+}
+
+static bool parse_ace_flags(const char *str, unsigned int *pflags)
+{
+ const char *p = str;
+ *pflags = 0;
+
+ while (*p) {
+ if (strnequal(p, "OI", 2)) {
+ *pflags |= SEC_ACE_FLAG_OBJECT_INHERIT;
+ p += 2;
+ } else if (strnequal(p, "CI", 2)) {
+ *pflags |= SEC_ACE_FLAG_CONTAINER_INHERIT;
+ p += 2;
+ } else if (strnequal(p, "NP", 2)) {
+ *pflags |= SEC_ACE_FLAG_NO_PROPAGATE_INHERIT;
+ p += 2;
+ } else if (strnequal(p, "IO", 2)) {
+ *pflags |= SEC_ACE_FLAG_INHERIT_ONLY;
+ p += 2;
+ } else if (*p == 'I') {
+ *pflags |= SEC_ACE_FLAG_INHERITED_ACE;
+ p += 1;
+ } else if (*p) {
+ return false;
+ }
+
+ switch (*p) {
+ case '|':
+ p++;
+
+ FALL_THROUGH;
+ case '\0':
+ continue;
+ default:
+ return false;
+ }
+ }
+ return true;
+}
+
+/* parse an ACE in the same format as print_ace() */
+bool parse_ace(struct cli_state *cli, struct security_ace *ace,
+ const char *orig_str)
+{
+ char *p;
+ const char *cp;
+ char *tok;
+ unsigned int atype = 0;
+ unsigned int aflags = 0;
+ unsigned int amask = 0;
+ struct dom_sid sid;
+ uint32_t mask;
+ const struct perm_value *v;
+ char *str = SMB_STRDUP(orig_str);
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!str) {
+ TALLOC_FREE(frame);
+ return False;
+ }
+
+ ZERO_STRUCTP(ace);
+ p = strchr_m(str,':');
+ if (!p) {
+ printf("ACE '%s': missing ':'.\n", orig_str);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+ *p = '\0';
+ p++;
+
+ if (!StringToSid(cli, &sid, str)) {
+ printf("ACE '%s': failed to convert '%s' to SID\n",
+ orig_str, str);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+
+ cp = p;
+ if (!next_token_talloc(frame, &cp, &tok, "/")) {
+ printf("ACE '%s': failed to find '/' character.\n",
+ orig_str);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+
+ if (strncmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
+ atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
+ atype = SEC_ACE_TYPE_ACCESS_DENIED;
+
+ } else if (strnequal(tok, "0x", 2)) {
+ int result;
+
+ result = sscanf(tok, "%x", &atype);
+ if (result == 0 ||
+ (atype != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+ atype != SEC_ACE_TYPE_ACCESS_DENIED)) {
+ printf("ACE '%s': bad hex value for type at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return false;
+ }
+ } else if(tok[0] >= '0' && tok[0] <= '9') {
+ int result;
+
+ result = sscanf(tok, "%u", &atype);
+ if (result == 0 ||
+ (atype != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+ atype != SEC_ACE_TYPE_ACCESS_DENIED)) {
+ printf("ACE '%s': bad integer value for type at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return false;
+ }
+ } else {
+ printf("ACE '%s': missing 'ALLOWED' or 'DENIED' entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+
+ if (!next_token_talloc(frame, &cp, &tok, "/")) {
+ printf("ACE '%s': bad flags entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+
+ if (tok[0] < '0' || tok[0] > '9') {
+ if (!parse_ace_flags(tok, &aflags)) {
+ printf("ACE '%s': bad named flags entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+ } else if (strnequal(tok, "0x", 2)) {
+ if (!sscanf(tok, "%x", &aflags)) {
+ printf("ACE '%s': bad hex flags entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+ } else {
+ if (!sscanf(tok, "%u", &aflags)) {
+ printf("ACE '%s': bad integer flags entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+ }
+
+ if (!next_token_talloc(frame, &cp, &tok, "/")) {
+ printf("ACE '%s': missing / at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+
+ if (strncmp(tok, "0x", 2) == 0) {
+ if (sscanf(tok, "%x", &amask) != 1) {
+ printf("ACE '%s': bad hex number at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+ goto done;
+ }
+
+ for (v = standard_values; v->perm; v++) {
+ if (strcmp(tok, v->perm) == 0) {
+ amask = v->mask;
+ goto done;
+ }
+ }
+
+ p = tok;
+
+ while(*p) {
+ bool found = False;
+
+ for (v = special_values; v->perm; v++) {
+ if (v->perm[0] == *p) {
+ amask |= v->mask;
+ found = True;
+ }
+ }
+
+ if (!found) {
+ printf("ACE '%s': bad permission value at '%s'\n",
+ orig_str, p);
+ SAFE_FREE(str);
+ TALLOC_FREE(frame);
+ return False;
+ }
+ p++;
+ }
+
+ if (*p) {
+ TALLOC_FREE(frame);
+ SAFE_FREE(str);
+ return False;
+ }
+
+ done:
+ mask = amask;
+ init_sec_ace(ace, &sid, atype, mask, aflags);
+ TALLOC_FREE(frame);
+ SAFE_FREE(str);
+ return True;
+}
+
+static void print_acl_ctrl(FILE *file, uint16_t ctrl, bool numeric)
+{
+ int i;
+ const char* separator = "";
+
+ fprintf(file, "CONTROL:");
+ if (numeric) {
+ fprintf(file, "0x%x\n", ctrl);
+ return;
+ }
+
+ for (i = ARRAY_SIZE(sec_desc_ctrl_bits) - 1; i >= 0; i--) {
+ if (ctrl & sec_desc_ctrl_bits[i].mask) {
+ fprintf(file, "%s%s",
+ separator, sec_desc_ctrl_bits[i].str);
+ separator = "|";
+ }
+ }
+ fputc('\n', file);
+}
+
+/* print a ascii version of a security descriptor on a FILE handle */
+void sec_desc_print(struct cli_state *cli, FILE *f,
+ struct security_descriptor *sd, bool numeric)
+{
+ fstring sidstr;
+ uint32_t i;
+
+ fprintf(f, "REVISION:%d\n", sd->revision);
+ print_acl_ctrl(f, sd->type, numeric);
+
+ /* Print owner and group sid */
+
+ if (sd->owner_sid) {
+ SidToString(cli, sidstr, sd->owner_sid, numeric);
+ } else {
+ fstrcpy(sidstr, "");
+ }
+
+ fprintf(f, "OWNER:%s\n", sidstr);
+
+ if (sd->group_sid) {
+ SidToString(cli, sidstr, sd->group_sid, numeric);
+ } else {
+ fstrcpy(sidstr, "");
+ }
+
+ fprintf(f, "GROUP:%s\n", sidstr);
+
+ /* Print aces */
+ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
+ struct security_ace *ace = &sd->dacl->aces[i];
+ fprintf(f, "ACL:");
+ print_ace(cli, f, ace, numeric);
+ fprintf(f, "\n");
+ }
+
+}
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
new file mode 100644
index 0000000..ba6f109
--- /dev/null
+++ b/source3/lib/util_sec.c
@@ -0,0 +1,598 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Jeremy Allison 1998.
+ rewritten for version 2.0.6 by Tridge
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef AUTOCONF_TEST
+#include "includes.h"
+#include "system/passwd.h" /* uid_wrapper */
+#include "../lib/util/setid.h"
+
+#else
+/* we are running this code in autoconf test mode to see which type of setuid
+ function works */
+#if defined(HAVE_UNISTD_H)
+#include <unistd.h>
+#endif
+#include <stdbool.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_PRIV_H
+#include <sys/priv.h>
+#endif
+#ifdef HAVE_SYS_ID_H
+#include <sys/id.h>
+#endif
+
+#define DEBUG(x, y) printf y
+#define smb_panic(x) exit(1)
+#endif
+
+/* are we running as non-root? This is used by the regression test code,
+ and potentially also for sites that want non-root smbd */
+static uid_t initial_uid;
+static gid_t initial_gid;
+
+/****************************************************************************
+remember what uid we got started as - this allows us to run correctly
+as non-root while catching trapdoor systems
+****************************************************************************/
+
+void sec_init(void)
+{
+ static int initialized;
+
+ if (!initialized) {
+
+#ifndef AUTOCONF_TEST
+ if (uid_wrapper_enabled()) {
+ setenv("UID_WRAPPER_MYUID", "1", 1);
+ }
+#endif
+
+ initial_uid = geteuid();
+ initial_gid = getegid();
+
+#ifndef AUTOCONF_TEST
+ if (uid_wrapper_enabled()) {
+ unsetenv("UID_WRAPPER_MYUID");
+ }
+#endif
+
+ initialized = 1;
+ }
+}
+
+/****************************************************************************
+some code (eg. winbindd) needs to know what uid we started as
+****************************************************************************/
+uid_t sec_initial_uid(void)
+{
+ return initial_uid;
+}
+
+/****************************************************************************
+some code (eg. winbindd, profiling shm) needs to know what gid we started as
+****************************************************************************/
+gid_t sec_initial_gid(void)
+{
+ return initial_gid;
+}
+
+/**
+ * @brief Check if we are running in root mode.
+ *
+ * @return Return whether Samba has root privileges
+ */
+bool root_mode(void)
+{
+ uid_t euid;
+
+ euid = geteuid();
+
+#ifndef AUTOCONF_TEST
+ if (uid_wrapper_enabled()) {
+ return (euid == initial_uid || euid == (uid_t)0);
+ }
+#endif
+
+ return (initial_uid == euid);
+}
+
+/****************************************************************************
+are we running in non-root mode?
+****************************************************************************/
+bool non_root_mode(void)
+{
+ return (initial_uid != (uid_t)0);
+}
+
+/****************************************************************************
+abort if we haven't set the uid correctly
+****************************************************************************/
+static void assert_uid(uid_t ruid, uid_t euid)
+{
+ if ((euid != (uid_t)-1 && geteuid() != euid) ||
+ (ruid != (uid_t)-1 && getuid() != ruid)) {
+ if (!non_root_mode()) {
+ DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
+ (int)ruid, (int)euid,
+ (int)getuid(), (int)geteuid()));
+ smb_panic("failed to set uid\n");
+ exit(1);
+ }
+ }
+}
+
+/****************************************************************************
+abort if we haven't set the gid correctly
+****************************************************************************/
+static void assert_gid(gid_t rgid, gid_t egid)
+{
+ if ((egid != (gid_t)-1 && getegid() != egid) ||
+ (rgid != (gid_t)-1 && getgid() != rgid)) {
+ if (!non_root_mode()) {
+ DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
+ (int)rgid, (int)egid,
+ (int)getgid(), (int)getegid(),
+ (int)getuid(), (int)geteuid()));
+ smb_panic("failed to set gid\n");
+ exit(1);
+ }
+ }
+}
+
+/****************************************************************************
+ Gain root privilege before doing something.
+ We want to end up with ruid==euid==0
+****************************************************************************/
+void gain_root_privilege(void)
+{
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresuid(0,0,0);
+#endif
+
+#if USE_SETEUID
+ samba_seteuid(0);
+#endif
+
+#if USE_SETREUID
+ samba_setreuid(0, 0);
+#endif
+
+#if USE_SETUIDX
+ samba_setuidx(ID_EFFECTIVE, 0);
+ samba_setuidx(ID_REAL, 0);
+#endif
+
+ /* this is needed on some systems */
+ samba_setuid(0);
+
+ assert_uid(0, 0);
+}
+
+
+/****************************************************************************
+ Ensure our real and effective groups are zero.
+ we want to end up with rgid==egid==0
+****************************************************************************/
+void gain_root_group_privilege(void)
+{
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresgid(0,0,0);
+#endif
+
+#if USE_SETREUID
+ samba_setregid(0,0);
+#endif
+
+#if USE_SETEUID
+ samba_setegid(0);
+#endif
+
+#if USE_SETUIDX
+ samba_setgidx(ID_EFFECTIVE, 0);
+ samba_setgidx(ID_REAL, 0);
+#endif
+
+ samba_setgid(0);
+
+ assert_gid(0, 0);
+}
+
+
+/****************************************************************************
+ Set effective uid, and possibly the real uid too.
+ We want to end up with either:
+
+ ruid==uid and euid==uid
+
+ or
+
+ ruid==0 and euid==uid
+
+ depending on what the local OS will allow us to regain root from.
+****************************************************************************/
+void set_effective_uid(uid_t uid)
+{
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ /* Set the effective as well as the real uid. */
+ if (samba_setresuid(uid,uid,-1) == -1) {
+ if (errno == EAGAIN) {
+ DEBUG(0, ("samba_setresuid failed with EAGAIN. uid(%d) "
+ "might be over its NPROC limit\n",
+ (int)uid));
+ }
+ }
+#endif
+
+#if USE_SETREUID
+ samba_setreuid(-1,uid);
+#endif
+
+#if USE_SETEUID
+ samba_seteuid(uid);
+#endif
+
+#if USE_SETUIDX
+ samba_setuidx(ID_EFFECTIVE, uid);
+#endif
+
+ assert_uid(-1, uid);
+}
+
+/****************************************************************************
+ Set *only* the effective gid.
+ we want to end up with rgid==0 and egid==gid
+****************************************************************************/
+void set_effective_gid(gid_t gid)
+{
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresgid(-1,gid,-1);
+#endif
+
+#if USE_SETREUID
+ samba_setregid(-1,gid);
+#endif
+
+#if USE_SETEUID
+ samba_setegid(gid);
+#endif
+
+#if USE_SETUIDX
+ samba_setgidx(ID_EFFECTIVE, gid);
+#endif
+
+ assert_gid(-1, gid);
+}
+
+static uid_t saved_euid, saved_ruid;
+static gid_t saved_egid, saved_rgid;
+
+/****************************************************************************
+ save the real and effective uid for later restoration. Used by the quotas
+ code
+****************************************************************************/
+void save_re_uid(void)
+{
+ saved_ruid = getuid();
+ saved_euid = geteuid();
+}
+
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+
+void restore_re_uid_fromroot(void)
+{
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresuid(saved_ruid, saved_euid, -1);
+#elif USE_SETREUID
+ samba_setreuid(saved_ruid, -1);
+ samba_setreuid(-1,saved_euid);
+#elif USE_SETUIDX
+ samba_setuidx(ID_REAL, saved_ruid);
+ samba_setuidx(ID_EFFECTIVE, saved_euid);
+#else
+ set_effective_uid(saved_euid);
+ if (getuid() != saved_ruid)
+ samba_setuid(saved_ruid);
+ set_effective_uid(saved_euid);
+#endif
+
+ assert_uid(saved_ruid, saved_euid);
+}
+
+void restore_re_uid(void)
+{
+ set_effective_uid(0);
+ restore_re_uid_fromroot();
+}
+
+/****************************************************************************
+ save the real and effective gid for later restoration. Used by the
+ getgroups code
+****************************************************************************/
+void save_re_gid(void)
+{
+ saved_rgid = getgid();
+ saved_egid = getegid();
+}
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+void restore_re_gid(void)
+{
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresgid(saved_rgid, saved_egid, -1);
+#elif USE_SETREUID
+ samba_setregid(saved_rgid, -1);
+ samba_setregid(-1,saved_egid);
+#elif USE_SETUIDX
+ samba_setgidx(ID_REAL, saved_rgid);
+ samba_setgidx(ID_EFFECTIVE, saved_egid);
+#else
+ set_effective_gid(saved_egid);
+ if (getgid() != saved_rgid)
+ samba_setgid(saved_rgid);
+ set_effective_gid(saved_egid);
+#endif
+
+ assert_gid(saved_rgid, saved_egid);
+}
+
+
+/****************************************************************************
+ set the real AND effective uid to the current effective uid in a way that
+ allows root to be regained.
+ This is only possible on some platforms.
+****************************************************************************/
+int set_re_uid(void)
+{
+ uid_t uid = geteuid();
+
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresuid(uid, uid, -1);
+#endif
+
+#if USE_SETREUID
+ samba_setreuid(0, 0);
+ samba_setreuid(uid, -1);
+ samba_setreuid(-1, uid);
+#endif
+
+#if USE_SETEUID
+ /* can't be done */
+ return -1;
+#endif
+
+#if USE_SETUIDX
+ /* can't be done */
+ return -1;
+#endif
+
+ assert_uid(uid, uid);
+ return 0;
+}
+
+
+/****************************************************************************
+ Become the specified uid and gid - permanently !
+ there should be no way back if possible
+****************************************************************************/
+void become_user_permanently(uid_t uid, gid_t gid)
+{
+ /*
+ * First - gain root privilege. We do this to ensure
+ * we can lose it again.
+ */
+
+ gain_root_privilege();
+ gain_root_group_privilege();
+
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresgid(gid,gid,gid);
+ samba_setgid(gid);
+ samba_setresuid(uid,uid,uid);
+ samba_setuid(uid);
+#endif
+
+#if USE_SETREUID
+ samba_setregid(gid,gid);
+ samba_setgid(gid);
+ samba_setreuid(uid,uid);
+ samba_setuid(uid);
+#endif
+
+#if USE_SETEUID
+ samba_setegid(gid);
+ samba_setgid(gid);
+ samba_setuid(uid);
+ samba_seteuid(uid);
+ samba_setuid(uid);
+#endif
+
+#if USE_SETUIDX
+ samba_setgidx(ID_REAL, gid);
+ samba_setgidx(ID_EFFECTIVE, gid);
+ samba_setgid(gid);
+ samba_setuidx(ID_REAL, uid);
+ samba_setuidx(ID_EFFECTIVE, uid);
+ samba_setuid(uid);
+#endif
+
+ assert_uid(uid, uid);
+ assert_gid(gid, gid);
+}
+
+#if defined(HAVE_LINUX_THREAD_CREDENTIALS) && defined(HAVE___THREAD)
+ struct set_thread_credentials_cache {
+ bool active;
+ uid_t uid;
+ gid_t gid;
+ size_t setlen;
+ uintptr_t gidset;
+ };
+static __thread struct set_thread_credentials_cache cache;
+#endif
+
+/**********************************************************
+ Function to set thread specific credentials. Leave
+ saved-set uid/gid alone.Must be thread-safe code.
+**********************************************************/
+
+int set_thread_credentials(uid_t uid,
+ gid_t gid,
+ size_t setlen,
+ const gid_t *gidset)
+{
+#if defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ /*
+ * With Linux thread-specific credentials
+ * we know we have setresuid/setresgid
+ * available.
+ */
+#ifdef HAVE___THREAD
+ if (cache.active &&
+ cache.uid == uid &&
+ cache.gid == gid &&
+ cache.setlen == setlen &&
+ (const gid_t *)cache.gidset == gidset)
+ {
+ return 0;
+ }
+#endif /* HAVE___THREAD */
+
+ /* Become root. */
+ /* Set ru=0, eu=0 */
+ if (samba_setresuid(0, 0, -1) != 0) {
+ return -1;
+ }
+ /* Set our primary gid. */
+ /* Set rg=gid, eg=gid */
+ if (samba_setresgid(gid, gid, -1) != 0) {
+ return -1;
+ }
+ /* Set extra groups list. */
+ if (samba_setgroups(setlen, gidset) != 0) {
+ return -1;
+ }
+ /* Become the requested user. */
+ /* Set ru=uid, eu=uid */
+ if (samba_setresuid(uid, uid, -1) != 0) {
+ return -1;
+ }
+ if (geteuid() != uid || getuid() != uid ||
+ getegid() != gid || getgid() != gid) {
+ smb_panic("set_thread_credentials failed\n");
+ return -1;
+ }
+
+#ifdef HAVE___THREAD
+ cache.active = true;
+ cache.uid = uid;
+ cache.gid = gid;
+ cache.setlen = setlen;
+ cache.gidset = (uintptr_t)gidset;
+#endif /* HAVE___THREAD */
+
+ return 0;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+#ifdef AUTOCONF_TEST
+
+/****************************************************************************
+this function just checks that we don't get ENOSYS back
+****************************************************************************/
+static int have_syscall(void)
+{
+ errno = 0;
+
+#if defined(USE_SETRESUID) || defined(HAVE_LINUX_THREAD_CREDENTIALS)
+ samba_setresuid(-1,-1,-1);
+#endif
+
+#if USE_SETREUID
+ samba_setreuid(-1,-1);
+#endif
+
+#if USE_SETEUID
+ samba_seteuid(-1);
+#endif
+
+#if USE_SETUIDX
+ samba_setuidx(ID_EFFECTIVE, -1);
+#endif
+
+ if (errno == ENOSYS) {
+ return -1;
+ }
+ return 0;
+}
+
+int main(void)
+{
+ if (getuid() != 0) {
+#if (defined(AIX) && defined(USE_SETREUID))
+ /* setreuid is badly broken on AIX 4.1, we avoid it completely */
+ fprintf(stderr,"avoiding possibly broken setreuid\n");
+ exit(1);
+#endif
+
+ /* if not running as root then at least check to see if we get ENOSYS - this
+ handles Linux 2.0.x with glibc 2.1 */
+ fprintf(stderr,"not running as root: checking for ENOSYS\n");
+ exit(have_syscall());
+ }
+
+ gain_root_privilege();
+ gain_root_group_privilege();
+ set_effective_gid(1);
+ set_effective_uid(1);
+ save_re_uid();
+ restore_re_uid();
+ gain_root_privilege();
+ gain_root_group_privilege();
+ become_user_permanently(1, 1);
+ samba_setuid(0);
+ if (getuid() == 0) {
+ fprintf(stderr,"uid not set permanently\n");
+ exit(1);
+ }
+
+ printf("OK\n");
+
+ exit(0);
+}
+#endif
+
+/****************************************************************************
+Check if we are setuid root. Used in libsmb and smbpasswd paranoia checks.
+****************************************************************************/
+bool is_setuid_root(void)
+{
+ return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
+}
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
new file mode 100644
index 0000000..fd767f9
--- /dev/null
+++ b/source3/lib/util_sid.c
@@ -0,0 +1,206 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
+ Copyright (C) Jeremy Allison 1999
+ Copyright (C) Stefan (metze) Metzmacher 2002
+ Copyright (C) Simo Sorce 2002
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "../librpc/gen_ndr/netlogon.h"
+#include "../libcli/security/security.h"
+#include "lib/util/string_wrappers.h"
+#include "source3/lib/util_specialsids.h"
+
+
+/*****************************************************************
+ Convert a SID to an ascii string.
+*****************************************************************/
+
+char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid)
+{
+ struct dom_sid_buf buf;
+ fstrcpy(sidstr_out, dom_sid_str_buf(sid, &buf));
+ return sidstr_out;
+}
+
+/*****************************************************************
+ Write a sid out into on-the-wire format.
+*****************************************************************/
+
+bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid)
+{
+ struct ndr_push ndr = {
+ .data = outbuf, .alloc_size = len, .fixed_buf_size = true,
+ };
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_push_dom_sid(&ndr, NDR_SCALARS|NDR_BUFFERS, sid);
+ return NDR_ERR_CODE_IS_SUCCESS(ndr_err);
+}
+
+/*****************************************************************
+ Returns true if SID is internal (and non-mappable).
+*****************************************************************/
+
+bool non_mappable_sid(struct dom_sid *sid)
+{
+ struct dom_sid dom;
+
+ sid_copy(&dom, sid);
+ sid_split_rid(&dom, NULL);
+
+ if (dom_sid_equal(&dom, &global_sid_Builtin))
+ return True;
+
+ if (dom_sid_equal(&dom, &global_sid_NT_Authority))
+ return True;
+
+ return False;
+}
+
+/*****************************************************************
+ Return the binary string representation of a struct dom_sid.
+ Caller must free.
+*****************************************************************/
+
+char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
+{
+ int len = ndr_size_dom_sid(sid, 0);
+ uint8_t buf[len];
+ sid_linearize(buf, len, sid);
+ return hex_encode_talloc(mem_ctx, buf, len);
+}
+
+NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
+ const struct netr_SamInfo3 *info3,
+ struct dom_sid **user_sids,
+ uint32_t *num_user_sids,
+ bool include_user_group_rid)
+{
+ NTSTATUS status;
+ struct dom_sid sid;
+ struct dom_sid *sid_array = NULL;
+ uint32_t num_sids = 0;
+ uint32_t i;
+
+ if (include_user_group_rid) {
+ if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid)) {
+ DEBUG(3, ("could not compose user SID from rid 0x%x\n",
+ info3->base.rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not append user SID from rid 0x%x\n",
+ info3->base.rid));
+ return status;
+ }
+ }
+
+ if (!sid_compose(&sid, info3->base.domain_sid, info3->base.primary_gid)) {
+ DEBUG(3, ("could not compose group SID from rid 0x%x\n",
+ info3->base.primary_gid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not append group SID from rid 0x%x\n",
+ info3->base.rid));
+ return status;
+ }
+
+ for (i = 0; i < info3->base.groups.count; i++) {
+ /* Don't add the primary group sid twice. */
+ if (!sid_compose(&sid, info3->base.domain_sid,
+ info3->base.groups.rids[i].rid)) {
+ DEBUG(3, ("could not compose SID from additional group "
+ "rid 0x%x\n", info3->base.groups.rids[i].rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not append SID from additional group "
+ "rid 0x%x\n", info3->base.groups.rids[i].rid));
+ return status;
+ }
+ }
+
+ /* Copy 'other' sids. We need to do sid filtering here to
+ prevent possible elevation of privileges. See:
+
+ http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
+ */
+
+ for (i = 0; i < info3->sidcount; i++) {
+
+ if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) {
+ continue;
+ }
+
+ status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
+ &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ struct dom_sid_buf buf;
+ DEBUG(3, ("could not add SID to array: %s\n",
+ dom_sid_str_buf(info3->sids[i].sid, &buf)));
+ return status;
+ }
+ }
+
+ *user_sids = sid_array;
+ *num_user_sids = num_sids;
+
+ return NT_STATUS_OK;
+}
+
+bool security_token_find_npa_flags(const struct security_token *token,
+ uint32_t *_flags)
+{
+ const struct dom_sid *npa_flags_sid = NULL;
+ size_t num_npa_sids;
+
+ num_npa_sids =
+ security_token_count_flag_sids(token,
+ &global_sid_Samba_NPA_Flags,
+ 1,
+ &npa_flags_sid);
+ if (num_npa_sids != 1) {
+ return false;
+ }
+
+ sid_peek_rid(npa_flags_sid, _flags);
+ return true;
+}
+
+void security_token_del_npa_flags(struct security_token *token)
+{
+ const struct dom_sid *npa_flags_sid = NULL;
+ size_t num_npa_sids;
+
+ num_npa_sids =
+ security_token_count_flag_sids(token,
+ &global_sid_Samba_NPA_Flags,
+ 1,
+ &npa_flags_sid);
+ SMB_ASSERT(num_npa_sids == 1);
+
+ del_sid_from_array(npa_flags_sid, &token->sids, &token->num_sids);
+}
diff --git a/source3/lib/util_sid_passdb.c b/source3/lib/util_sid_passdb.c
new file mode 100644
index 0000000..e67a27d
--- /dev/null
+++ b/source3/lib/util_sid_passdb.c
@@ -0,0 +1,131 @@
+/*
+ Unix SMB/CIFS implementation.
+ sid utility functions
+
+ Copyright (C) Michael Adam 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "lib/util_sid_passdb.h"
+#include "lib/util_unixsids.h"
+#include "passdb/machine_sid.h"
+#include "passdb.h"
+
+/**
+ * check whether this is an object-sid that should
+ * be treated by the passdb, e.g. for id-mapping.
+ */
+bool sid_check_object_is_for_passdb(const struct dom_sid *sid)
+{
+ if (sid_check_is_in_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
+ return true;
+ }
+
+ if (sid_check_is_in_builtin(sid) && pdb_is_responsible_for_builtin()) {
+ return true;
+ }
+
+ if (sid_check_is_in_wellknown_domain(sid) &&
+ pdb_is_responsible_for_wellknown())
+ {
+ return true;
+ }
+
+ if (sid_check_is_in_unix_users(sid) &&
+ pdb_is_responsible_for_unix_users())
+ {
+ return true;
+ }
+
+ if (sid_check_is_in_unix_groups(sid) &&
+ pdb_is_responsible_for_unix_groups())
+ {
+ return true;
+ }
+
+ if (pdb_is_responsible_for_everything_else())
+ {
+ return true;
+ }
+
+ return false;
+}
+
+/**
+ * check whether this is an object- or domain-sid that should
+ * be treated by the passdb, e.g. for id-mapping.
+ */
+bool sid_check_is_for_passdb(const struct dom_sid *sid)
+{
+ if (sid_check_is_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
+ return true;
+ }
+
+ if (sid_check_is_in_our_sam(sid) && pdb_is_responsible_for_our_sam()) {
+ return true;
+ }
+
+ if (sid_check_is_builtin(sid) && pdb_is_responsible_for_builtin()) {
+ return true;
+ }
+
+ if (sid_check_is_in_builtin(sid) && pdb_is_responsible_for_builtin()) {
+ return true;
+ }
+
+ if (sid_check_is_wellknown_domain(sid, NULL) &&
+ pdb_is_responsible_for_wellknown())
+ {
+ return true;
+ }
+
+ if (sid_check_is_in_wellknown_domain(sid) &&
+ pdb_is_responsible_for_wellknown())
+ {
+ return true;
+ }
+
+ if (sid_check_is_unix_users(sid) &&
+ pdb_is_responsible_for_unix_users())
+ {
+ return true;
+ }
+
+ if (sid_check_is_in_unix_users(sid) &&
+ pdb_is_responsible_for_unix_users())
+ {
+ return true;
+ }
+
+ if (sid_check_is_unix_groups(sid) &&
+ pdb_is_responsible_for_unix_groups())
+ {
+ return true;
+ }
+
+ if (sid_check_is_in_unix_groups(sid) &&
+ pdb_is_responsible_for_unix_groups())
+ {
+ return true;
+ }
+
+ if (pdb_is_responsible_for_everything_else())
+ {
+ return true;
+ }
+
+ return false;
+}
diff --git a/source3/lib/util_sid_passdb.h b/source3/lib/util_sid_passdb.h
new file mode 100644
index 0000000..381d63c
--- /dev/null
+++ b/source3/lib/util_sid_passdb.h
@@ -0,0 +1,36 @@
+/*
+ Unix SMB/CIFS implementation.
+ sid utility functions
+
+ Copyright (C) Michael Adam 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_UTIL_SID_PASSDB_H__
+#define __LIB_UTIL_SID_PASSDB_H__
+
+/**
+ * check whether this is an object-sid that should
+ * be treated by the passdb, e.g. for id-mapping.
+ */
+bool sid_check_object_is_for_passdb(const struct dom_sid *sid);
+
+/**
+ * check whether this is an object- or domain-sid that should
+ * be treated by the passdb, e.g. for id-mapping.
+ */
+bool sid_check_is_for_passdb(const struct dom_sid *sid);
+
+#endif /* __LIB_UTIL_SID_PASSDB_H__ */
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
new file mode 100644
index 0000000..5ff875c
--- /dev/null
+++ b/source3/lib/util_sock.c
@@ -0,0 +1,1232 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Tim Potter 2000-2001
+ Copyright (C) Jeremy Allison 1992-2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "../lib/util/memcache.h"
+#include "../lib/async_req/async_sock.h"
+#include "../lib/util/select.h"
+#include "lib/socket/interfaces.h"
+#include "../lib/util/tevent_unix.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "../lib/tsocket/tsocket.h"
+#include "lib/util/sys_rw.h"
+#include "lib/util/sys_rw_data.h"
+#include "source3/lib/util_tsock.h"
+
+/****************************************************************************
+ Determine if a file descriptor is in fact a socket.
+****************************************************************************/
+
+bool is_a_socket(int fd)
+{
+ int v;
+ socklen_t l;
+ l = sizeof(int);
+ return(getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0);
+}
+
+/****************************************************************************
+ Read data from a file descriptor with a timeout in msec.
+ mincount = if timeout, minimum to read before returning
+ maxcount = number to be read.
+ time_out = timeout in milliseconds
+ NB. This can be called with a non-socket fd, don't change
+ sys_read() to sys_recv() or other socket call.
+****************************************************************************/
+
+NTSTATUS read_fd_with_timeout(int fd, char *buf,
+ size_t mincnt, size_t maxcnt,
+ unsigned int time_out,
+ size_t *size_ret)
+{
+ int pollrtn;
+ ssize_t readret;
+ size_t nread = 0;
+
+ /* just checking .... */
+ if (maxcnt <= 0)
+ return NT_STATUS_OK;
+
+ /* Blocking read */
+ if (time_out == 0) {
+ if (mincnt == 0) {
+ mincnt = maxcnt;
+ }
+
+ while (nread < mincnt) {
+ readret = sys_read(fd, buf + nread, maxcnt - nread);
+
+ if (readret == 0) {
+ DEBUG(5,("read_fd_with_timeout: "
+ "blocking read. EOF from client.\n"));
+ return NT_STATUS_END_OF_FILE;
+ }
+
+ if (readret == -1) {
+ return map_nt_error_from_unix(errno);
+ }
+ nread += readret;
+ }
+ goto done;
+ }
+
+ /* Most difficult - timeout read */
+ /* If this is ever called on a disk file and
+ mincnt is greater then the filesize then
+ system performance will suffer severely as
+ select always returns true on disk files */
+
+ for (nread=0; nread < mincnt; ) {
+ int revents;
+
+ pollrtn = poll_intr_one_fd(fd, POLLIN|POLLHUP, time_out,
+ &revents);
+
+ /* Check if error */
+ if (pollrtn == -1) {
+ return map_nt_error_from_unix(errno);
+ }
+
+ /* Did we timeout ? */
+ if ((pollrtn == 0) ||
+ ((revents & (POLLIN|POLLHUP|POLLERR)) == 0)) {
+ DEBUG(10,("read_fd_with_timeout: timeout read. "
+ "select timed out.\n"));
+ return NT_STATUS_IO_TIMEOUT;
+ }
+
+ readret = sys_read(fd, buf+nread, maxcnt-nread);
+
+ if (readret == 0) {
+ /* we got EOF on the file descriptor */
+ DEBUG(5,("read_fd_with_timeout: timeout read. "
+ "EOF from client.\n"));
+ return NT_STATUS_END_OF_FILE;
+ }
+
+ if (readret == -1) {
+ return map_nt_error_from_unix(errno);
+ }
+
+ nread += readret;
+ }
+
+ done:
+ /* Return the number we got */
+ if (size_ret) {
+ *size_ret = nread;
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Read data from an fd, reading exactly N bytes.
+ NB. This can be called with a non-socket fd, don't add dependencies
+ on socket calls.
+****************************************************************************/
+
+NTSTATUS read_data_ntstatus(int fd, char *buffer, size_t N)
+{
+ return read_fd_with_timeout(fd, buffer, N, N, 0, NULL);
+}
+
+/****************************************************************************
+ Read 4 bytes of a smb packet and return the smb length of the packet.
+ Store the result in the buffer.
+ This version of the function will return a length of zero on receiving
+ a keepalive packet.
+ Timeout is in milliseconds.
+****************************************************************************/
+
+NTSTATUS read_smb_length_return_keepalive(int fd, char *inbuf,
+ unsigned int timeout,
+ size_t *len)
+{
+ int msg_type;
+ NTSTATUS status;
+
+ status = read_fd_with_timeout(fd, inbuf, 4, 4, timeout, NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ *len = smb_len(inbuf);
+ msg_type = CVAL(inbuf,0);
+
+ if (msg_type == NBSSkeepalive) {
+ DEBUG(5,("Got keepalive packet\n"));
+ }
+
+ DEBUG(10,("got smb length of %lu\n",(unsigned long)(*len)));
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Read an smb from a fd.
+ The timeout is in milliseconds.
+ This function will return on receipt of a session keepalive packet.
+ maxlen is the max number of bytes to return, not including the 4 byte
+ length. If zero it means buflen limit.
+ Doesn't check the MAC on signed packets.
+****************************************************************************/
+
+NTSTATUS receive_smb_raw(int fd, char *buffer, size_t buflen, unsigned int timeout,
+ size_t maxlen, size_t *p_len)
+{
+ size_t len;
+ NTSTATUS status;
+
+ status = read_smb_length_return_keepalive(fd,buffer,timeout,&len);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("read_fd_with_timeout failed, read "
+ "error = %s.\n", nt_errstr(status)));
+ return status;
+ }
+
+ if (len > buflen) {
+ DEBUG(0,("Invalid packet length! (%lu bytes).\n",
+ (unsigned long)len));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if(len > 0) {
+ if (maxlen) {
+ len = MIN(len,maxlen);
+ }
+
+ status = read_fd_with_timeout(
+ fd, buffer+4, len, len, timeout, &len);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("read_fd_with_timeout failed, read error = "
+ "%s.\n", nt_errstr(status)));
+ return status;
+ }
+
+ /* not all of samba3 properly checks for packet-termination
+ * of strings. This ensures that we don't run off into
+ * empty space. */
+ SSVAL(buffer+4,len, 0);
+ }
+
+ *p_len = len;
+ return NT_STATUS_OK;
+}
+
+/*
+ * Open a socket of the specified type, port, and address for incoming data.
+ *
+ * Return sock or -errno
+ */
+
+int open_socket_in(
+ int type,
+ const struct sockaddr_storage *paddr,
+ uint16_t port,
+ bool rebind)
+{
+ struct samba_sockaddr addr = {
+ .sa_socklen = sizeof(struct sockaddr_storage),
+ .u.ss = *paddr,
+ };
+ int ret, sock = -1;
+ int val = rebind ? 1 : 0;
+ bool ok;
+
+ switch (addr.u.sa.sa_family) {
+ case AF_INET6:
+ addr.sa_socklen = sizeof(struct sockaddr_in6);
+ break;
+ case AF_INET:
+ addr.sa_socklen = sizeof(struct sockaddr_in);
+ break;
+ }
+
+ ok = samba_sockaddr_set_port(&addr, port);
+ if (!ok) {
+ ret = -EINVAL;
+ DBG_DEBUG("samba_sockaddr_set_port failed\n");
+ goto fail;
+ }
+
+ sock = socket(addr.u.ss.ss_family, type, 0 );
+ if (sock == -1) {
+ ret = -errno;
+ DBG_DEBUG("socket() failed: %s\n", strerror(errno));
+ goto fail;
+ }
+
+ ret = setsockopt(
+ sock, SOL_SOCKET, SO_REUSEADDR, (char *)&val, sizeof(val));
+ if (ret == -1) {
+ ret = -errno;
+ DBG_DEBUG("setsockopt(SO_REUSEADDR) failed: %s\n",
+ strerror(errno));
+ goto fail;
+ }
+
+#ifdef SO_REUSEPORT
+ ret = setsockopt(
+ sock, SOL_SOCKET, SO_REUSEPORT, (char *)&val, sizeof(val));
+ if (ret == -1) {
+ ret = -errno;
+ DBG_DEBUG("setsockopt(SO_REUSEPORT) failed: %s\n",
+ strerror(errno));
+ goto fail;
+ }
+#endif /* SO_REUSEPORT */
+
+#ifdef HAVE_IPV6
+ /*
+ * As IPV6_V6ONLY is the default on some systems,
+ * we better try to be consistent and always use it.
+ *
+ * This also avoids using IPv4 via AF_INET6 sockets
+ * and makes sure %I never resolves to a '::ffff:192.168.0.1'
+ * string.
+ */
+ if (addr.u.ss.ss_family == AF_INET6) {
+
+ val = 1;
+
+ ret = setsockopt(
+ sock,
+ IPPROTO_IPV6,
+ IPV6_V6ONLY,
+ (const void *)&val,
+ sizeof(val));
+ if (ret == -1) {
+ ret = -errno;
+ DBG_DEBUG("setsockopt(IPV6_V6ONLY) failed: %s\n",
+ strerror(errno));
+ goto fail;
+ }
+ }
+#endif
+
+ /* now we've got a socket - we need to bind it */
+ ret = bind(sock, &addr.u.sa, addr.sa_socklen);
+ if (ret == -1) {
+ char addrstr[INET6_ADDRSTRLEN];
+
+ ret = -errno;
+
+ print_sockaddr(addrstr, sizeof(addrstr), &addr.u.ss);
+ DBG_DEBUG("bind for %s port %"PRIu16" failed: %s\n",
+ addrstr,
+ port,
+ strerror(-ret));
+ goto fail;
+ }
+
+ DBG_DEBUG("bind succeeded on port %"PRIu16"\n", port);
+
+ return sock;
+
+fail:
+ if (sock != -1) {
+ close(sock);
+ sock = -1;
+ }
+ return ret;
+ }
+
+struct open_socket_out_state {
+ int fd;
+ struct tevent_context *ev;
+ struct sockaddr_storage ss;
+ socklen_t salen;
+ uint16_t port;
+ struct tevent_req *connect_subreq;
+};
+
+static void open_socket_out_connected(struct tevent_req *subreq);
+
+static void open_socket_out_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state)
+{
+ struct open_socket_out_state *state =
+ tevent_req_data(req, struct open_socket_out_state);
+
+ /*
+ * Make sure that the async_connect_send subreq has a chance to reset
+ * fcntl before the socket goes away.
+ */
+ TALLOC_FREE(state->connect_subreq);
+
+ if (req_state == TEVENT_REQ_DONE) {
+ /*
+ * we keep the socket open for the caller to use
+ */
+ return;
+ }
+
+ if (state->fd != -1) {
+ close(state->fd);
+ state->fd = -1;
+ }
+}
+
+/****************************************************************************
+ Create an outgoing socket. timeout is in milliseconds.
+**************************************************************************/
+
+struct tevent_req *open_socket_out_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct sockaddr_storage *pss,
+ uint16_t port,
+ int timeout)
+{
+ char addr[INET6_ADDRSTRLEN];
+ struct tevent_req *req;
+ struct open_socket_out_state *state;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct open_socket_out_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ss = *pss;
+ state->port = port;
+ state->salen = -1;
+
+ state->fd = socket(state->ss.ss_family, SOCK_STREAM, 0);
+ if (state->fd == -1) {
+ status = map_nt_error_from_unix(errno);
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+
+ tevent_req_set_cleanup_fn(req, open_socket_out_cleanup);
+
+ if ((timeout != 0) &&
+ !tevent_req_set_endtime(
+ req, ev, timeval_current_ofs_msec(timeout))) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
+
+#if defined(HAVE_IPV6)
+ if (pss->ss_family == AF_INET6) {
+ struct sockaddr_in6 *psa6;
+ psa6 = (struct sockaddr_in6 *)&state->ss;
+ psa6->sin6_port = htons(port);
+ if (psa6->sin6_scope_id == 0
+ && IN6_IS_ADDR_LINKLOCAL(&psa6->sin6_addr)) {
+ setup_linklocal_scope_id(
+ (struct sockaddr *)&(state->ss));
+ }
+ state->salen = sizeof(struct sockaddr_in6);
+ }
+#endif
+ if (pss->ss_family == AF_INET) {
+ struct sockaddr_in *psa;
+ psa = (struct sockaddr_in *)&state->ss;
+ psa->sin_port = htons(port);
+ state->salen = sizeof(struct sockaddr_in);
+ }
+
+ if (pss->ss_family == AF_UNIX) {
+ state->salen = sizeof(struct sockaddr_un);
+ }
+
+ print_sockaddr(addr, sizeof(addr), &state->ss);
+ DEBUG(3,("Connecting to %s at port %u\n", addr, (unsigned int)port));
+
+ state->connect_subreq = async_connect_send(
+ state, state->ev, state->fd, (struct sockaddr *)&state->ss,
+ state->salen, NULL, NULL, NULL);
+ if (tevent_req_nomem(state->connect_subreq, NULL)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->connect_subreq,
+ open_socket_out_connected, req);
+ return req;
+}
+
+static void open_socket_out_connected(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct open_socket_out_state *state =
+ tevent_req_data(req, struct open_socket_out_state);
+ int ret;
+ int sys_errno;
+
+ ret = async_connect_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ state->connect_subreq = NULL;
+ if (ret == 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ tevent_req_nterror(req, map_nt_error_from_unix(sys_errno));
+}
+
+NTSTATUS open_socket_out_recv(struct tevent_req *req, int *pfd)
+{
+ struct open_socket_out_state *state =
+ tevent_req_data(req, struct open_socket_out_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ *pfd = state->fd;
+ state->fd = -1;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+/**
+* @brief open a socket
+*
+* @param pss a struct sockaddr_storage defining the address to connect to
+* @param port to connect to
+* @param timeout in MILLISECONDS
+* @param pfd file descriptor returned
+*
+* @return NTSTATUS code
+*/
+NTSTATUS open_socket_out(const struct sockaddr_storage *pss, uint16_t port,
+ int timeout, int *pfd)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ req = open_socket_out_send(frame, ev, pss, port, timeout);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+ status = open_socket_out_recv(req, pfd);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct open_socket_out_defer_state {
+ struct tevent_context *ev;
+ struct sockaddr_storage ss;
+ uint16_t port;
+ int timeout;
+ int fd;
+};
+
+static void open_socket_out_defer_waited(struct tevent_req *subreq);
+static void open_socket_out_defer_connected(struct tevent_req *subreq);
+
+struct tevent_req *open_socket_out_defer_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct timeval wait_time,
+ const struct sockaddr_storage *pss,
+ uint16_t port,
+ int timeout)
+{
+ struct tevent_req *req, *subreq;
+ struct open_socket_out_defer_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct open_socket_out_defer_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->ss = *pss;
+ state->port = port;
+ state->timeout = timeout;
+
+ subreq = tevent_wakeup_send(
+ state, ev,
+ timeval_current_ofs(wait_time.tv_sec, wait_time.tv_usec));
+ if (subreq == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, open_socket_out_defer_waited, req);
+ return req;
+ fail:
+ TALLOC_FREE(req);
+ return NULL;
+}
+
+static void open_socket_out_defer_waited(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct open_socket_out_defer_state *state = tevent_req_data(
+ req, struct open_socket_out_defer_state);
+ bool ret;
+
+ ret = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ret) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+
+ subreq = open_socket_out_send(state, state->ev, &state->ss,
+ state->port, state->timeout);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, open_socket_out_defer_connected, req);
+}
+
+static void open_socket_out_defer_connected(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct open_socket_out_defer_state *state = tevent_req_data(
+ req, struct open_socket_out_defer_state);
+ NTSTATUS status;
+
+ status = open_socket_out_recv(subreq, &state->fd);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS open_socket_out_defer_recv(struct tevent_req *req, int *pfd)
+{
+ struct open_socket_out_defer_state *state = tevent_req_data(
+ req, struct open_socket_out_defer_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfd = state->fd;
+ state->fd = -1;
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Return the IP addr of the remote end of a socket as a string.
+ Optionally return the struct sockaddr_storage.
+ ******************************************************************/
+
+static const char *get_peer_addr_internal(int fd,
+ char *addr_buf,
+ size_t addr_buf_len,
+ struct sockaddr *pss,
+ socklen_t *plength)
+{
+ struct sockaddr_storage ss;
+ socklen_t length = sizeof(ss);
+
+ strlcpy(addr_buf,"0.0.0.0",addr_buf_len);
+
+ if (fd == -1) {
+ return addr_buf;
+ }
+
+ if (pss == NULL) {
+ pss = (struct sockaddr *)&ss;
+ plength = &length;
+ }
+
+ if (getpeername(fd, (struct sockaddr *)pss, plength) < 0) {
+ int level = (errno == ENOTCONN) ? 2 : 0;
+ DEBUG(level, ("getpeername failed. Error was %s\n",
+ strerror(errno)));
+ return addr_buf;
+ }
+
+ print_sockaddr_len(addr_buf,
+ addr_buf_len,
+ pss,
+ *plength);
+ return addr_buf;
+}
+
+/*******************************************************************
+ Matchname - determine if host name matches IP address. Used to
+ confirm a hostname lookup to prevent spoof attacks.
+******************************************************************/
+
+static bool matchname(const char *remotehost,
+ const struct sockaddr *pss,
+ socklen_t len)
+{
+ struct addrinfo *res = NULL;
+ struct addrinfo *ailist = NULL;
+ char addr_buf[INET6_ADDRSTRLEN];
+ bool ret = interpret_string_addr_internal(&ailist,
+ remotehost,
+ AI_ADDRCONFIG|AI_CANONNAME);
+
+ if (!ret || ailist == NULL) {
+ DEBUG(3,("matchname: getaddrinfo failed for "
+ "name %s [%s]\n",
+ remotehost,
+ gai_strerror(ret) ));
+ return false;
+ }
+
+ /*
+ * Make sure that getaddrinfo() returns the "correct" host name.
+ */
+
+ if (ailist->ai_canonname == NULL ||
+ (!strequal(remotehost, ailist->ai_canonname) &&
+ !strequal(remotehost, "localhost"))) {
+ DEBUG(0,("matchname: host name/name mismatch: %s != %s\n",
+ remotehost,
+ ailist->ai_canonname ?
+ ailist->ai_canonname : "(NULL)"));
+ freeaddrinfo(ailist);
+ return false;
+ }
+
+ /* Look up the host address in the address list we just got. */
+ for (res = ailist; res; res = res->ai_next) {
+ if (!res->ai_addr) {
+ continue;
+ }
+ if (sockaddr_equal((const struct sockaddr *)res->ai_addr,
+ (const struct sockaddr *)pss)) {
+ freeaddrinfo(ailist);
+ return true;
+ }
+ }
+
+ /*
+ * The host name does not map to the original host address. Perhaps
+ * someone has compromised a name server. More likely someone botched
+ * it, but that could be dangerous, too.
+ */
+
+ DEBUG(0,("matchname: host name/address mismatch: %s != %s\n",
+ print_sockaddr_len(addr_buf,
+ sizeof(addr_buf),
+ pss,
+ len),
+ ailist->ai_canonname ? ailist->ai_canonname : "(NULL)"));
+
+ if (ailist) {
+ freeaddrinfo(ailist);
+ }
+ return false;
+}
+
+/*******************************************************************
+ Deal with the singleton cache.
+******************************************************************/
+
+struct name_addr_pair {
+ struct sockaddr_storage ss;
+ const char *name;
+};
+
+/*******************************************************************
+ Lookup a name/addr pair. Returns memory allocated from memcache.
+******************************************************************/
+
+static bool lookup_nc(struct name_addr_pair *nc)
+{
+ DATA_BLOB tmp;
+
+ ZERO_STRUCTP(nc);
+
+ if (!memcache_lookup(
+ NULL, SINGLETON_CACHE,
+ data_blob_string_const_null("get_peer_name"),
+ &tmp)) {
+ return false;
+ }
+
+ memcpy(&nc->ss, tmp.data, sizeof(nc->ss));
+ nc->name = (const char *)tmp.data + sizeof(nc->ss);
+ return true;
+}
+
+/*******************************************************************
+ Save a name/addr pair.
+******************************************************************/
+
+static void store_nc(const struct name_addr_pair *nc)
+{
+ DATA_BLOB tmp;
+ size_t namelen = strlen(nc->name);
+
+ tmp = data_blob(NULL, sizeof(nc->ss) + namelen + 1);
+ if (!tmp.data) {
+ return;
+ }
+ memcpy(tmp.data, &nc->ss, sizeof(nc->ss));
+ memcpy(tmp.data+sizeof(nc->ss), nc->name, namelen+1);
+
+ memcache_add(NULL, SINGLETON_CACHE,
+ data_blob_string_const_null("get_peer_name"),
+ tmp);
+ data_blob_free(&tmp);
+}
+
+/*******************************************************************
+ Return the IP addr of the remote end of a socket as a string.
+ ******************************************************************/
+
+const char *get_peer_addr(int fd, char *addr, size_t addr_len)
+{
+ return get_peer_addr_internal(fd, addr, addr_len, NULL, NULL);
+}
+
+int get_remote_hostname(const struct tsocket_address *remote_address,
+ char **name,
+ TALLOC_CTX *mem_ctx)
+{
+ char name_buf[MAX_DNS_NAME_LENGTH];
+ char tmp_name[MAX_DNS_NAME_LENGTH];
+ struct name_addr_pair nc;
+ struct sockaddr_storage ss;
+ ssize_t len;
+ int rc;
+
+ if (!lp_hostname_lookups()) {
+ nc.name = tsocket_address_inet_addr_string(remote_address,
+ mem_ctx);
+ if (nc.name == NULL) {
+ return -1;
+ }
+
+ len = tsocket_address_bsd_sockaddr(remote_address,
+ (struct sockaddr *) &nc.ss,
+ sizeof(struct sockaddr_storage));
+ if (len < 0) {
+ return -1;
+ }
+
+ store_nc(&nc);
+ lookup_nc(&nc);
+
+ if (nc.name == NULL) {
+ *name = talloc_strdup(mem_ctx, "UNKNOWN");
+ } else {
+ *name = talloc_strdup(mem_ctx, nc.name);
+ }
+ return 0;
+ }
+
+ lookup_nc(&nc);
+
+ ZERO_STRUCT(ss);
+
+ len = tsocket_address_bsd_sockaddr(remote_address,
+ (struct sockaddr *) &ss,
+ sizeof(struct sockaddr_storage));
+ if (len < 0) {
+ return -1;
+ }
+
+ /* it might be the same as the last one - save some DNS work */
+ if (sockaddr_equal((struct sockaddr *)&ss, (struct sockaddr *)&nc.ss)) {
+ if (nc.name == NULL) {
+ *name = talloc_strdup(mem_ctx, "UNKNOWN");
+ } else {
+ *name = talloc_strdup(mem_ctx, nc.name);
+ }
+ return 0;
+ }
+
+ /* Look up the remote host name. */
+ rc = sys_getnameinfo((struct sockaddr *) &ss,
+ len,
+ name_buf,
+ sizeof(name_buf),
+ NULL,
+ 0,
+ 0);
+ if (rc < 0) {
+ char *p;
+
+ p = tsocket_address_inet_addr_string(remote_address, mem_ctx);
+ if (p == NULL) {
+ return -1;
+ }
+
+ DEBUG(1,("getnameinfo failed for %s with error %s\n",
+ p,
+ gai_strerror(rc)));
+ strlcpy(name_buf, p, sizeof(name_buf));
+
+ TALLOC_FREE(p);
+ } else {
+ if (!matchname(name_buf, (struct sockaddr *)&ss, len)) {
+ DEBUG(0,("matchname failed on %s\n", name_buf));
+ strlcpy(name_buf, "UNKNOWN", sizeof(name_buf));
+ }
+ }
+
+ strlcpy(tmp_name, name_buf, sizeof(tmp_name));
+ alpha_strcpy(name_buf, tmp_name, "_-.", sizeof(name_buf));
+ if (strstr(name_buf,"..")) {
+ strlcpy(name_buf, "UNKNOWN", sizeof(name_buf));
+ }
+
+ nc.name = name_buf;
+ nc.ss = ss;
+
+ store_nc(&nc);
+ lookup_nc(&nc);
+
+ if (nc.name == NULL) {
+ *name = talloc_strdup(mem_ctx, "UNKNOWN");
+ } else {
+ *name = talloc_strdup(mem_ctx, nc.name);
+ }
+
+ return 0;
+}
+
+/*******************************************************************
+ Create protected unix domain socket.
+
+ Some unixes cannot set permissions on a ux-dom-sock, so we
+ have to make sure that the directory contains the protection
+ permissions instead.
+ ******************************************************************/
+
+int create_pipe_sock(const char *socket_dir,
+ const char *socket_name,
+ mode_t dir_perms)
+{
+#ifdef HAVE_UNIXSOCKET
+ struct sockaddr_un sunaddr;
+ bool ok;
+ int sock = -1;
+ mode_t old_umask;
+ char *path = NULL;
+ size_t path_len;
+
+ old_umask = umask(0);
+
+ ok = directory_create_or_exist_strict(socket_dir,
+ sec_initial_uid(),
+ dir_perms);
+ if (!ok) {
+ goto out_close;
+ }
+
+ /* Create the socket file */
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+
+ if (sock == -1) {
+ DEBUG(0, ("create_pipe_sock: socket error %s\n",
+ strerror(errno) ));
+ goto out_close;
+ }
+
+ if (asprintf(&path, "%s/%s", socket_dir, socket_name) == -1) {
+ goto out_close;
+ }
+
+ unlink(path);
+ memset(&sunaddr, 0, sizeof(sunaddr));
+ sunaddr.sun_family = AF_UNIX;
+
+ path_len = strlcpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path));
+ if (path_len > sizeof(sunaddr.sun_path)) {
+ DBG_ERR("Refusing to attempt to create pipe socket "
+ "%s. Path is longer than permitted for a "
+ "unix domain socket. It would truncate to "
+ "%s\n",
+ path,
+ sunaddr.sun_path);
+ goto out_close;
+ }
+
+ if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
+ DEBUG(0, ("bind failed on pipe socket %s: %s\n", path,
+ strerror(errno)));
+ goto out_close;
+ }
+
+ SAFE_FREE(path);
+
+ umask(old_umask);
+ return sock;
+
+out_close:
+ SAFE_FREE(path);
+ if (sock != -1)
+ close(sock);
+
+ umask(old_umask);
+ return -1;
+
+#else
+ DEBUG(0, ("create_pipe_sock: No Unix sockets on this system\n"));
+ return -1;
+#endif /* HAVE_UNIXSOCKET */
+}
+
+/****************************************************************************
+ Get my own canonical name, including domain.
+****************************************************************************/
+
+const char *get_mydnsfullname(void)
+{
+ struct addrinfo *res = NULL;
+ char my_hostname[HOST_NAME_MAX];
+ bool ret;
+ DATA_BLOB tmp;
+
+ if (memcache_lookup(NULL, SINGLETON_CACHE,
+ data_blob_string_const_null("get_mydnsfullname"),
+ &tmp)) {
+ SMB_ASSERT(tmp.length > 0);
+ return (const char *)tmp.data;
+ }
+
+ /* get my host name */
+ if (gethostname(my_hostname, sizeof(my_hostname)) == -1) {
+ DEBUG(0,("get_mydnsfullname: gethostname failed\n"));
+ return NULL;
+ }
+
+ /* Ensure null termination. */
+ my_hostname[sizeof(my_hostname)-1] = '\0';
+
+ ret = interpret_string_addr_internal(&res,
+ my_hostname,
+ AI_ADDRCONFIG|AI_CANONNAME);
+
+ if (!ret || res == NULL) {
+ DEBUG(3,("get_mydnsfullname: getaddrinfo failed for "
+ "name %s [%s]\n",
+ my_hostname,
+ gai_strerror(ret) ));
+ return NULL;
+ }
+
+ /*
+ * Make sure that getaddrinfo() returns the "correct" host name.
+ */
+
+ if (res->ai_canonname == NULL) {
+ DEBUG(3,("get_mydnsfullname: failed to get "
+ "canonical name for %s\n",
+ my_hostname));
+ freeaddrinfo(res);
+ return NULL;
+ }
+
+ /* This copies the data, so we must do a lookup
+ * afterwards to find the value to return.
+ */
+
+ memcache_add(NULL, SINGLETON_CACHE,
+ data_blob_string_const_null("get_mydnsfullname"),
+ data_blob_string_const_null(res->ai_canonname));
+
+ if (!memcache_lookup(NULL, SINGLETON_CACHE,
+ data_blob_string_const_null("get_mydnsfullname"),
+ &tmp)) {
+ tmp = data_blob_talloc(talloc_tos(), res->ai_canonname,
+ strlen(res->ai_canonname) + 1);
+ }
+
+ freeaddrinfo(res);
+
+ return (const char *)tmp.data;
+}
+
+/************************************************************
+ Is this my ip address ?
+************************************************************/
+
+static bool is_my_ipaddr(const char *ipaddr_str)
+{
+ struct sockaddr_storage ss;
+ struct iface_struct *nics;
+ int i, n;
+
+ if (!interpret_string_addr(&ss, ipaddr_str, AI_NUMERICHOST)) {
+ return false;
+ }
+
+ if (is_zero_addr(&ss)) {
+ return false;
+ }
+
+ if (ismyaddr((struct sockaddr *)&ss) ||
+ is_loopback_addr((struct sockaddr *)&ss)) {
+ return true;
+ }
+
+ n = get_interfaces(talloc_tos(), &nics);
+ for (i=0; i<n; i++) {
+ if (sockaddr_equal((struct sockaddr *)&nics[i].ip, (struct sockaddr *)&ss)) {
+ TALLOC_FREE(nics);
+ return true;
+ }
+ }
+ TALLOC_FREE(nics);
+ return false;
+}
+
+/************************************************************
+ Is this my name ?
+************************************************************/
+
+bool is_myname_or_ipaddr(const char *s)
+{
+ TALLOC_CTX *ctx = talloc_tos();
+ char *name = NULL;
+ const char *dnsname;
+ char *servername = NULL;
+
+ if (!s) {
+ return false;
+ }
+
+ /* Sanitize the string from '\\name' */
+ name = talloc_strdup(ctx, s);
+ if (!name) {
+ return false;
+ }
+
+ servername = strrchr_m(name, '\\' );
+ if (!servername) {
+ servername = name;
+ } else {
+ servername++;
+ }
+
+ /* Optimize for the common case */
+ if (strequal(servername, lp_netbios_name())) {
+ return true;
+ }
+
+ /* Check for an alias */
+ if (is_myname(servername)) {
+ return true;
+ }
+
+ /* Check for loopback */
+ if (strequal(servername, "127.0.0.1") ||
+ strequal(servername, "::1")) {
+ return true;
+ }
+
+ if (strequal(servername, "localhost")) {
+ return true;
+ }
+
+ /* Maybe it's my dns name */
+ dnsname = get_mydnsfullname();
+ if (dnsname && strequal(servername, dnsname)) {
+ return true;
+ }
+
+ /* Maybe its an IP address? */
+ if (is_ipaddress(servername)) {
+ return is_my_ipaddr(servername);
+ }
+
+ /* Handle possible CNAME records - convert to an IP addr. list. */
+ {
+ /* Use DNS to resolve the name, check all addresses. */
+ struct addrinfo *p = NULL;
+ struct addrinfo *res = NULL;
+
+ if (!interpret_string_addr_internal(&res,
+ servername,
+ AI_ADDRCONFIG)) {
+ return false;
+ }
+
+ for (p = res; p; p = p->ai_next) {
+ char addr[INET6_ADDRSTRLEN];
+ struct sockaddr_storage ss;
+
+ ZERO_STRUCT(ss);
+ memcpy(&ss, p->ai_addr, p->ai_addrlen);
+ print_sockaddr(addr,
+ sizeof(addr),
+ &ss);
+ if (is_my_ipaddr(addr)) {
+ freeaddrinfo(res);
+ return true;
+ }
+ }
+ freeaddrinfo(res);
+ }
+
+ /* No match */
+ return false;
+}
+
+int poll_one_fd(int fd, int events, int timeout, int *revents)
+{
+ struct pollfd pfd;
+ int ret;
+
+ pfd.fd = fd;
+ pfd.events = events;
+
+ ret = poll(&pfd, 1, timeout);
+
+ /*
+ * Assign whatever poll did, even in the ret<=0 case.
+ */
+ *revents = pfd.revents;
+
+ return ret;
+}
+
+int poll_intr_one_fd(int fd, int events, int timeout, int *revents)
+{
+ struct pollfd pfd;
+ int ret;
+
+ pfd.fd = fd;
+ pfd.events = events;
+
+ ret = sys_poll_intr(&pfd, 1, timeout);
+ if (ret <= 0) {
+ *revents = 0;
+ return ret;
+ }
+ *revents = pfd.revents;
+ return 1;
+}
diff --git a/source3/lib/util_specialsids.c b/source3/lib/util_specialsids.c
new file mode 100644
index 0000000..10c189c
--- /dev/null
+++ b/source3/lib/util_specialsids.c
@@ -0,0 +1,42 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Guenther Deschner 2016
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "libcli/security/dom_sid.h"
+#include "../libcli/security/security.h"
+#include "util_specialsids.h"
+
+bool sid_check_is_asserted_identity(const struct dom_sid *sid)
+{
+ return dom_sid_equal(sid, &global_sid_Asserted_Identity);
+}
+
+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid)
+{
+ struct dom_sid dom_sid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, NULL);
+
+ return sid_check_is_asserted_identity(&dom_sid);
+}
+
+const char *asserted_identity_domain_name(void)
+{
+ return "Asserted Identity";
+}
diff --git a/source3/lib/util_specialsids.h b/source3/lib/util_specialsids.h
new file mode 100644
index 0000000..c650737
--- /dev/null
+++ b/source3/lib/util_specialsids.h
@@ -0,0 +1,29 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Copyright (C) Guenther Deschner 2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIB_UTIL_SPECIALSIDS_H__
+#define __LIB_UTIL_SPECIALSIDS_H__
+
+#include "replace.h"
+
+struct dom_sid;
+bool sid_check_is_asserted_identity(const struct dom_sid *sid);
+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid);
+const char *asserted_identity_domain_name(void);
+
+#endif
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
new file mode 100644
index 0000000..3ac1e55
--- /dev/null
+++ b/source3/lib/util_str.c
@@ -0,0 +1,762 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+
+ Copyright (C) Andrew Tridgell 1992-2001
+ Copyright (C) Simo Sorce 2001-2002
+ Copyright (C) Martin Pool 2003
+ Copyright (C) James Peach 2006
+ Copyright (C) Jeremy Allison 1992-2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/param/loadparm.h"
+#include "lib/util/smb_strtox.h"
+
+static const char toupper_ascii_fast_table[128] = {
+ 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+ 0x60, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+ 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f
+};
+
+/**
+ * Compare 2 strings up to and including the nth char.
+ *
+ * @note The comparison is case-insensitive.
+ **/
+bool strnequal(const char *s1,const char *s2,size_t n)
+{
+ if (s1 == s2)
+ return(true);
+ if (!s1 || !s2 || !n)
+ return(false);
+
+ return(strncasecmp_m(s1,s2,n)==0);
+}
+
+/**
+ Skip past a string in a buffer. Buffer may not be
+ null terminated. end_ptr points to the first byte after
+ then end of the buffer.
+**/
+
+char *skip_string(const char *base, size_t len, char *buf)
+{
+ const char *end_ptr = base + len;
+
+ if (end_ptr < base || !base || !buf || buf >= end_ptr) {
+ return NULL;
+ }
+
+ /* Skip the string */
+ while (*buf) {
+ buf++;
+ if (buf >= end_ptr) {
+ return NULL;
+ }
+ }
+ /* Skip the '\0' */
+ buf++;
+ return buf;
+}
+
+/**
+ Count the number of characters in a string. Normally this will
+ be the same as the number of bytes in a string for single byte strings,
+ but will be different for multibyte.
+**/
+
+size_t str_charnum(const char *s)
+{
+ size_t ret, converted_size;
+ smb_ucs2_t *tmpbuf2 = NULL;
+ if (!push_ucs2_talloc(talloc_tos(), &tmpbuf2, s, &converted_size)) {
+ return 0;
+ }
+ ret = strlen_w(tmpbuf2);
+ TALLOC_FREE(tmpbuf2);
+ return ret;
+}
+
+bool trim_char(char *s,char cfront,char cback)
+{
+ bool ret = false;
+ char *ep;
+ char *fp = s;
+
+ /* Ignore null or empty strings. */
+ if (!s || (s[0] == '\0'))
+ return false;
+
+ if (cfront) {
+ while (*fp && *fp == cfront)
+ fp++;
+ if (!*fp) {
+ /* We ate the string. */
+ s[0] = '\0';
+ return true;
+ }
+ if (fp != s)
+ ret = true;
+ }
+
+ ep = fp + strlen(fp) - 1;
+ if (cback) {
+ /* Attempt ascii only. Bail for mb strings. */
+ while ((ep >= fp) && (*ep == cback)) {
+ ret = true;
+ if ((ep > fp) && (((unsigned char)ep[-1]) & 0x80)) {
+ /* Could be mb... bail back to tim_string. */
+ char fs[2], bs[2];
+ if (cfront) {
+ fs[0] = cfront;
+ fs[1] = '\0';
+ }
+ bs[0] = cback;
+ bs[1] = '\0';
+ return trim_string(s, cfront ? fs : NULL, bs);
+ } else {
+ ep--;
+ }
+ }
+ if (ep < fp) {
+ /* We ate the string. */
+ s[0] = '\0';
+ return true;
+ }
+ }
+
+ ep[1] = '\0';
+ memmove(s, fp, ep-fp+2);
+ return ret;
+}
+
+/**
+ Check if a string is part of a list.
+**/
+
+bool in_list(const char *s, const char *list, bool casesensitive)
+{
+ char *tok = NULL;
+ bool ret = false;
+ TALLOC_CTX *frame;
+
+ if (!list) {
+ return false;
+ }
+
+ frame = talloc_stackframe();
+ while (next_token_talloc(frame, &list, &tok,LIST_SEP)) {
+ if (casesensitive) {
+ if (strcmp(tok,s) == 0) {
+ ret = true;
+ break;
+ }
+ } else {
+ if (strcasecmp_m(tok,s) == 0) {
+ ret = true;
+ break;
+ }
+ }
+ }
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/**
+ Truncate a string at a specified length.
+**/
+
+char *string_truncate(char *s, unsigned int length)
+{
+ if (s && strlen(s) > length)
+ s[length] = 0;
+ return s;
+}
+
+
+/***********************************************************************
+ Return the equivalent of doing strrchr 'n' times - always going
+ backwards.
+***********************************************************************/
+
+char *strnrchr_m(const char *s, char c, unsigned int n)
+{
+ smb_ucs2_t *ws = NULL;
+ char *s2 = NULL;
+ smb_ucs2_t *p;
+ char *ret;
+ size_t converted_size;
+
+ if (!push_ucs2_talloc(talloc_tos(), &ws, s, &converted_size)) {
+ /* Too hard to try and get right. */
+ return NULL;
+ }
+ p = strnrchr_w(ws, UCS2_CHAR(c), n);
+ if (!p) {
+ TALLOC_FREE(ws);
+ return NULL;
+ }
+ *p = 0;
+ if (!pull_ucs2_talloc(talloc_tos(), &s2, ws, &converted_size)) {
+ TALLOC_FREE(ws);
+ /* Too hard to try and get right. */
+ return NULL;
+ }
+ ret = discard_const_p(char, (s+strlen(s2)));
+ TALLOC_FREE(ws);
+ TALLOC_FREE(s2);
+ return ret;
+}
+
+static bool unix_strlower(const char *src, size_t srclen, char *dest, size_t destlen)
+{
+ size_t size;
+ smb_ucs2_t *buffer = NULL;
+ bool ret;
+
+ if (!convert_string_talloc(talloc_tos(), CH_UNIX, CH_UTF16LE, src, srclen,
+ (void **)(void *)&buffer, &size))
+ {
+ return false;
+ }
+ if (!strlower_w(buffer) && (dest == src)) {
+ TALLOC_FREE(buffer);
+ return true;
+ }
+ ret = convert_string(CH_UTF16LE, CH_UNIX, buffer, size, dest, destlen, &size);
+ TALLOC_FREE(buffer);
+ return ret;
+}
+
+#if 0 /* Alternate function that avoid talloc calls for ASCII and non ASCII */
+
+/**
+ Convert a string to lower case.
+**/
+_PUBLIC_ void strlower_m(char *s)
+{
+ char *d;
+ struct smb_iconv_handle *iconv_handle;
+
+ iconv_handle = get_iconv_handle();
+
+ d = s;
+
+ while (*s) {
+ size_t c_size, c_size2;
+ codepoint_t c = next_codepoint_handle(iconv_handle, s, &c_size);
+ c_size2 = push_codepoint_handle(iconv_handle, d, tolower_m(c));
+ if (c_size2 > c_size) {
+ DEBUG(0,("FATAL: codepoint 0x%x (0x%x) expanded from %d to %d bytes in strlower_m\n",
+ c, tolower_m(c), (int)c_size, (int)c_size2));
+ smb_panic("codepoint expansion in strlower_m\n");
+ }
+ s += c_size;
+ d += c_size2;
+ }
+ *d = 0;
+}
+
+#endif
+
+/**
+ Convert a string to lower case.
+**/
+
+bool strlower_m(char *s)
+{
+ size_t len;
+ int errno_save;
+ bool ret = false;
+
+ /* this is quite a common operation, so we want it to be
+ fast. We optimise for the ascii case, knowing that all our
+ supported multi-byte character sets are ascii-compatible
+ (ie. they match for the first 128 chars) */
+
+ while (*s && !(((unsigned char)s[0]) & 0x80)) {
+ *s = tolower_m((unsigned char)*s);
+ s++;
+ }
+
+ if (!*s)
+ return true;
+
+ /* I assume that lowercased string takes the same number of bytes
+ * as source string even in UTF-8 encoding. (VIV) */
+ len = strlen(s) + 1;
+ errno_save = errno;
+ errno = 0;
+ ret = unix_strlower(s,len,s,len);
+ /* Catch mb conversion errors that may not terminate. */
+ if (errno) {
+ s[len-1] = '\0';
+ }
+ errno = errno_save;
+ return ret;
+}
+
+static bool unix_strupper(const char *src, size_t srclen, char *dest, size_t destlen)
+{
+ size_t size;
+ smb_ucs2_t *buffer;
+ bool ret;
+
+ if (!push_ucs2_talloc(talloc_tos(), &buffer, src, &size)) {
+ return false;
+ }
+
+ if (!strupper_w(buffer) && (dest == src)) {
+ TALLOC_FREE(buffer);
+ return true;
+ }
+
+ ret = convert_string(CH_UTF16LE, CH_UNIX, buffer, size, dest, destlen, &size);
+ TALLOC_FREE(buffer);
+ return ret;
+}
+
+#if 0 /* Alternate function that avoid talloc calls for ASCII and non ASCII */
+
+/**
+ Convert a string to UPPER case.
+**/
+_PUBLIC_ void strupper_m(char *s)
+{
+ char *d;
+ struct smb_iconv_handle *iconv_handle;
+
+ iconv_handle = get_iconv_handle();
+
+ d = s;
+
+ while (*s) {
+ size_t c_size, c_size2;
+ codepoint_t c = next_codepoint_handle(iconv_handle, s, &c_size);
+ c_size2 = push_codepoint_handle(iconv_handle, d, toupper_m(c));
+ if (c_size2 > c_size) {
+ DEBUG(0,("FATAL: codepoint 0x%x (0x%x) expanded from %d to %d bytes in strupper_m\n",
+ c, toupper_m(c), (int)c_size, (int)c_size2));
+ smb_panic("codepoint expansion in strupper_m\n");
+ }
+ s += c_size;
+ d += c_size2;
+ }
+ *d = 0;
+}
+
+#endif
+
+/**
+ Convert a string to upper case.
+**/
+
+bool strupper_m(char *s)
+{
+ size_t len;
+ bool ret = false;
+
+ /* this is quite a common operation, so we want it to be
+ fast. We optimise for the ascii case, knowing that all our
+ supported multi-byte character sets are ascii-compatible
+ (ie. they match for the first 128 chars) */
+
+ while (*s && !(((unsigned char)s[0]) & 0x80)) {
+ *s = toupper_ascii_fast_table[(unsigned char)s[0]];
+ s++;
+ }
+
+ if (!*s)
+ return true;
+
+ /* I assume that uppercased string takes the same number of bytes
+ * as source string even in multibyte encoding. (VIV) */
+ len = strlen(s) + 1;
+ ret = unix_strupper(s,len,s,len);
+ /* Catch mb conversion errors that may not terminate. */
+ if (!ret) {
+ s[len-1] = '\0';
+ }
+ return ret;
+}
+
+/**
+ Just a typesafety wrapper for snprintf into a fstring.
+**/
+
+int fstr_sprintf(fstring s, const char *fmt, ...)
+{
+ va_list ap;
+ int ret;
+
+ va_start(ap, fmt);
+ ret = vsnprintf(s, FSTRING_LEN, fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
+/* read a SMB_BIG_UINT from a string */
+uint64_t STR_TO_SMB_BIG_UINT(const char *nptr, const char **entptr)
+{
+
+ uint64_t val = (uint64_t)-1;
+ const char *p = nptr;
+
+ if (!p) {
+ if (entptr) {
+ *entptr = p;
+ }
+ return val;
+ }
+
+ while (*p && isspace(*p))
+ p++;
+
+ sscanf(p,"%"SCNu64,&val);
+ if (entptr) {
+ while (*p && isdigit(*p))
+ p++;
+ *entptr = p;
+ }
+
+ return val;
+}
+
+/* Convert a size specification to a count of bytes. We accept the following
+ * suffixes:
+ * bytes if there is no suffix
+ * kK kibibytes
+ * mM mebibytes
+ * gG gibibytes
+ * tT tibibytes
+ * pP whatever the ISO name for petabytes is
+ *
+ * Returns 0 if the string can't be converted.
+ */
+uint64_t conv_str_size(const char * str)
+{
+ uint64_t lval;
+ char *end;
+ int error = 0;
+
+ if (str == NULL || *str == '\0') {
+ return 0;
+ }
+
+ lval = smb_strtoull(str, &end, 10, &error, SMB_STR_STANDARD);
+
+ if (error != 0) {
+ return 0;
+ }
+
+ if (*end == '\0') {
+ return lval;
+ }
+
+ if (strwicmp(end, "K") == 0) {
+ lval *= 1024ULL;
+ } else if (strwicmp(end, "M") == 0) {
+ lval *= (1024ULL * 1024ULL);
+ } else if (strwicmp(end, "G") == 0) {
+ lval *= (1024ULL * 1024ULL *
+ 1024ULL);
+ } else if (strwicmp(end, "T") == 0) {
+ lval *= (1024ULL * 1024ULL *
+ 1024ULL * 1024ULL);
+ } else if (strwicmp(end, "P") == 0) {
+ lval *= (1024ULL * 1024ULL *
+ 1024ULL * 1024ULL *
+ 1024ULL);
+ } else {
+ return 0;
+ }
+
+ return lval;
+}
+
+char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...)
+{
+ va_list ap;
+ char *ret;
+
+ va_start(ap, fmt);
+ ret = talloc_vasprintf(t, fmt, ap);
+ va_end(ap);
+
+ if (ret == NULL) {
+ return NULL;
+ }
+ if (!strupper_m(ret)) {
+ TALLOC_FREE(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+char *talloc_asprintf_strlower_m(TALLOC_CTX *t, const char *fmt, ...)
+{
+ va_list ap;
+ char *ret;
+
+ va_start(ap, fmt);
+ ret = talloc_vasprintf(t, fmt, ap);
+ va_end(ap);
+
+ if (ret == NULL) {
+ return NULL;
+ }
+ if (!strlower_m(ret)) {
+ TALLOC_FREE(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+
+/********************************************************************
+ Check a string for any occurrences of a specified list of invalid
+ characters.
+********************************************************************/
+
+bool validate_net_name( const char *name,
+ const char *invalid_chars,
+ int max_len)
+{
+ int i;
+
+ if (!name) {
+ return false;
+ }
+
+ for ( i=0; i<max_len && name[i]; i++ ) {
+ /* fail if strchr_m() finds one of the invalid characters */
+ if ( name[i] && strchr_m( invalid_chars, name[i] ) ) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+
+/*******************************************************************
+ Add a shell escape character '\' to any character not in a known list
+ of characters. UNIX charset format.
+*******************************************************************/
+
+#define INCLUDE_LIST "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_/ \t.,"
+#define INSIDE_DQUOTE_LIST "$`\n\"\\"
+
+char *escape_shell_string(const char *src)
+{
+ size_t srclen = strlen(src);
+ char *ret = SMB_MALLOC_ARRAY(char, (srclen * 2) + 1);
+ char *dest = ret;
+ bool in_s_quote = false;
+ bool in_d_quote = false;
+ bool next_escaped = false;
+
+ if (!ret) {
+ return NULL;
+ }
+
+ while (*src) {
+ size_t c_size;
+ codepoint_t c = next_codepoint(src, &c_size);
+
+ if (c == INVALID_CODEPOINT) {
+ SAFE_FREE(ret);
+ return NULL;
+ }
+
+ if (c_size > 1) {
+ memcpy(dest, src, c_size);
+ src += c_size;
+ dest += c_size;
+ next_escaped = false;
+ continue;
+ }
+
+ /*
+ * Deal with backslash escaped state.
+ * This only lasts for one character.
+ */
+
+ if (next_escaped) {
+ *dest++ = *src++;
+ next_escaped = false;
+ continue;
+ }
+
+ /*
+ * Deal with single quote state. The
+ * only thing we care about is exiting
+ * this state.
+ */
+
+ if (in_s_quote) {
+ if (*src == '\'') {
+ in_s_quote = false;
+ }
+ *dest++ = *src++;
+ continue;
+ }
+
+ /*
+ * Deal with double quote state. The most
+ * complex state. We must cope with \, meaning
+ * possibly escape next char (depending what it
+ * is), ", meaning exit this state, and possibly
+ * add an \ escape to any unprotected character
+ * (listed in INSIDE_DQUOTE_LIST).
+ */
+
+ if (in_d_quote) {
+ if (*src == '\\') {
+ /*
+ * Next character might be escaped.
+ * We have to peek. Inside double
+ * quotes only INSIDE_DQUOTE_LIST
+ * characters are escaped by a \.
+ */
+
+ char nextchar;
+
+ c = next_codepoint(&src[1], &c_size);
+ if (c == INVALID_CODEPOINT) {
+ SAFE_FREE(ret);
+ return NULL;
+ }
+ if (c_size > 1) {
+ /*
+ * Don't escape the next char.
+ * Just copy the \.
+ */
+ *dest++ = *src++;
+ continue;
+ }
+
+ nextchar = src[1];
+
+ if (nextchar && strchr(INSIDE_DQUOTE_LIST,
+ (int)nextchar)) {
+ next_escaped = true;
+ }
+ *dest++ = *src++;
+ continue;
+ }
+
+ if (*src == '\"') {
+ /* Exit double quote state. */
+ in_d_quote = false;
+ *dest++ = *src++;
+ continue;
+ }
+
+ /*
+ * We know the character isn't \ or ",
+ * so escape it if it's any of the other
+ * possible unprotected characters.
+ */
+
+ if (strchr(INSIDE_DQUOTE_LIST, (int)*src)) {
+ *dest++ = '\\';
+ }
+ *dest++ = *src++;
+ continue;
+ }
+
+ /*
+ * From here to the end of the loop we're
+ * not in the single or double quote state.
+ */
+
+ if (*src == '\\') {
+ /* Next character must be escaped. */
+ next_escaped = true;
+ *dest++ = *src++;
+ continue;
+ }
+
+ if (*src == '\'') {
+ /* Go into single quote state. */
+ in_s_quote = true;
+ *dest++ = *src++;
+ continue;
+ }
+
+ if (*src == '\"') {
+ /* Go into double quote state. */
+ in_d_quote = true;
+ *dest++ = *src++;
+ continue;
+ }
+
+ /* Check if we need to escape the character. */
+
+ if (!strchr(INCLUDE_LIST, (int)*src)) {
+ *dest++ = '\\';
+ }
+ *dest++ = *src++;
+ }
+ *dest++ = '\0';
+ return ret;
+}
+
+/*
+ * This routine improves performance for operations temporarily acting on a
+ * full path. It is equivalent to the much more expensive
+ *
+ * talloc_asprintf(talloc_tos(), "%s/%s", dir, name)
+ *
+ * This actually does make a difference in metadata-heavy workloads (i.e. the
+ * "standard" client.txt nbench run.
+ */
+
+ssize_t full_path_tos(const char *dir, const char *name,
+ char *tmpbuf, size_t tmpbuf_len,
+ char **pdst, char **to_free)
+{
+ size_t dirlen, namelen, len;
+ char *dst;
+
+ dirlen = strlen(dir);
+ namelen = strlen(name);
+ len = dirlen + namelen + 1;
+
+ if (len < tmpbuf_len) {
+ dst = tmpbuf;
+ *to_free = NULL;
+ } else {
+ dst = talloc_array(talloc_tos(), char, len+1);
+ if (dst == NULL) {
+ return -1;
+ }
+ *to_free = dst;
+ }
+
+ memcpy(dst, dir, dirlen);
+ dst[dirlen] = '/';
+ memcpy(dst+dirlen+1, name, namelen+1);
+ *pdst = dst;
+ return len;
+}
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c
new file mode 100644
index 0000000..d85f676
--- /dev/null
+++ b/source3/lib/util_tdb.c
@@ -0,0 +1,449 @@
+/*
+ Unix SMB/CIFS implementation.
+ tdb utility functions
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Rafal Szczesniak 2002
+ Copyright (C) Michael Adam 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "util_tdb.h"
+#include "cbuf.h"
+
+#undef malloc
+#undef realloc
+#undef calloc
+#undef strdup
+
+/****************************************************************************
+ Useful pair of routines for packing/unpacking data consisting of
+ integers and strings.
+****************************************************************************/
+
+static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap)
+{
+ uint8_t bt;
+ uint16_t w;
+ uint32_t d;
+ int i;
+ void *p;
+ int len = 0;
+ char *s;
+ char c;
+ const char *fmt0 = fmt;
+ int bufsize0 = bufsize;
+ size_t to_write = 0;
+ while (*fmt) {
+ switch ((c = *fmt++)) {
+ case 'b': /* unsigned 8-bit integer */
+ len = 1;
+ bt = (uint8_t)va_arg(ap, int);
+ if (bufsize && bufsize >= len)
+ SSVAL(buf, 0, bt);
+ break;
+ case 'w': /* unsigned 16-bit integer */
+ len = 2;
+ w = (uint16_t)va_arg(ap, int);
+ if (bufsize && bufsize >= len)
+ SSVAL(buf, 0, w);
+ break;
+ case 'd': /* signed 32-bit integer (standard int in most systems) */
+ len = 4;
+ d = va_arg(ap, uint32_t);
+ if (bufsize && bufsize >= len)
+ SIVAL(buf, 0, d);
+ break;
+ case 'p': /* pointer */
+ len = 4;
+ p = va_arg(ap, void *);
+ d = p?1:0;
+ if (bufsize && bufsize >= len)
+ SIVAL(buf, 0, d);
+ break;
+ case 'P': /* null-terminated string */
+ case 'f': /* null-terminated string */
+ s = va_arg(ap,char *);
+ if (s == NULL) {
+ smb_panic("Invalid argument");
+ }
+ w = strlen(s);
+ len = w + 1;
+ if (bufsize && bufsize >= len)
+ memcpy(buf, s, len);
+ break;
+ case 'B': /* fixed-length string */
+ i = va_arg(ap, int);
+ s = va_arg(ap, char *);
+ len = 4+i;
+ if (bufsize && bufsize >= len) {
+ SIVAL(buf, 0, i);
+ if (s != NULL) {
+ memcpy(buf+4, s, i);
+ }
+ }
+ break;
+ default:
+ DEBUG(0,("Unknown tdb_pack format %c in %s\n",
+ c, fmt));
+ len = 0;
+ break;
+ }
+
+ to_write += len;
+ if (bufsize > 0) {
+ bufsize -= len;
+ buf += len;
+ }
+ if (bufsize < 0)
+ bufsize = 0;
+ }
+
+ DEBUG(18,("tdb_pack_va(%s, %d) -> %d\n",
+ fmt0, bufsize0, (int)to_write));
+
+ return to_write;
+}
+
+size_t tdb_pack(uint8_t *buf, int bufsize, const char *fmt, ...)
+{
+ va_list ap;
+ size_t result;
+
+ va_start(ap, fmt);
+ result = tdb_pack_va(buf, bufsize, fmt, ap);
+ va_end(ap);
+ return result;
+}
+
+/****************************************************************************
+ Useful pair of routines for packing/unpacking data consisting of
+ integers and strings.
+****************************************************************************/
+
+int tdb_unpack(const uint8_t *buf, int in_bufsize, const char *fmt, ...)
+{
+ va_list ap;
+ uint8_t *bt;
+ uint16_t *w;
+ uint32_t *d;
+ size_t bufsize = in_bufsize;
+ size_t len;
+ uint32_t *i;
+ void **p;
+ char *s, **b, **ps;
+ char c;
+ const uint8_t *buf0 = buf;
+ const char *fmt0 = fmt;
+
+ va_start(ap, fmt);
+
+ while (*fmt) {
+ switch ((c=*fmt++)) {
+ case 'b': /* unsigned 8-bit integer */
+ len = 1;
+ bt = va_arg(ap, uint8_t *);
+ if (bufsize < len)
+ goto no_space;
+ *bt = SVAL(buf, 0);
+ break;
+ case 'w': /* unsigned 16-bit integer */
+ len = 2;
+ w = va_arg(ap, uint16_t *);
+ if (bufsize < len)
+ goto no_space;
+ *w = SVAL(buf, 0);
+ break;
+ case 'd': /* unsigned 32-bit integer (standard int in most systems) */
+ len = 4;
+ d = va_arg(ap, uint32_t *);
+ if (bufsize < len)
+ goto no_space;
+ *d = IVAL(buf, 0);
+ break;
+ case 'p': /* pointer */
+ len = 4;
+ p = va_arg(ap, void **);
+ if (bufsize < len)
+ goto no_space;
+ /*
+ * This isn't a real pointer - only a token (1 or 0)
+ * to mark the fact a pointer is present.
+ */
+
+ *p = (void *)(IVAL(buf, 0) ? (void *)1 : NULL);
+ break;
+ case 'P': /* null-terminated string */
+ /* Return malloc'ed string. */
+ ps = va_arg(ap,char **);
+ len = strnlen((const char *)buf, bufsize) + 1;
+ if (bufsize < len)
+ goto no_space;
+ if (ps != NULL) {
+ *ps = SMB_STRDUP((const char *)buf);
+ if (*ps == NULL) {
+ goto no_space;
+ }
+ }
+ break;
+ case 'f': /* null-terminated string */
+ s = va_arg(ap,char *);
+ len = strnlen((const char *)buf, bufsize) + 1;
+ if (bufsize < len || len > sizeof(fstring))
+ goto no_space;
+ if (s != NULL) {
+ memcpy(s, buf, len);
+ }
+ break;
+ case 'B': /* fixed-length string */
+ i = va_arg(ap, uint32_t *);
+ b = va_arg(ap, char **);
+ len = 4;
+ if (bufsize < len)
+ goto no_space;
+ *i = IVAL(buf, 0);
+ if (! *i) {
+ *b = NULL;
+ break;
+ }
+ len += *i;
+ if (len < *i) {
+ goto no_space;
+ }
+ if (bufsize < len)
+ goto no_space;
+ if (b != NULL) {
+ *b = (char *)SMB_MALLOC(*i);
+ if (! *b)
+ goto no_space;
+ memcpy(*b, buf+4, *i);
+ }
+ break;
+ default:
+ DEBUG(0,("Unknown tdb_unpack format %c in %s\n",
+ c, fmt));
+
+ len = 0;
+ break;
+ }
+
+ buf += len;
+ bufsize -= len;
+ }
+
+ va_end(ap);
+
+ DEBUG(18,("tdb_unpack(%s, %d) -> %d\n",
+ fmt0, in_bufsize, (int)PTR_DIFF(buf, buf0)));
+
+ return PTR_DIFF(buf, buf0);
+
+ no_space:
+ va_end(ap);
+ return -1;
+}
+
+
+/****************************************************************************
+ Log tdb messages via DEBUG().
+****************************************************************************/
+
+static void tdb_log(TDB_CONTEXT *tdb, enum tdb_debug_level level,
+ const char *format, ...) PRINTF_ATTRIBUTE(3,4);
+
+static void tdb_log(TDB_CONTEXT *tdb, enum tdb_debug_level level, const char *format, ...)
+{
+ va_list ap;
+ char *ptr = NULL;
+ int ret;
+
+ va_start(ap, format);
+ ret = vasprintf(&ptr, format, ap);
+ va_end(ap);
+
+ if ((ret == -1) || !*ptr)
+ return;
+
+ DEBUG((int)level, ("tdb(%s): %s", tdb_name(tdb) ? tdb_name(tdb) : "unnamed", ptr));
+ SAFE_FREE(ptr);
+}
+
+/****************************************************************************
+ Like tdb_open() but also setup a logging function that redirects to
+ the samba DEBUG() system.
+****************************************************************************/
+
+TDB_CONTEXT *tdb_open_log(const char *name, int hash_size, int tdb_flags,
+ int open_flags, mode_t mode)
+{
+ TDB_CONTEXT *tdb;
+ struct tdb_logging_context log_ctx = { .log_fn = tdb_log };
+
+ if (!lp_use_mmap())
+ tdb_flags |= TDB_NOMMAP;
+
+ if ((hash_size == 0) && (name != NULL)) {
+ const char *base = strrchr_m(name, '/');
+ if (base != NULL) {
+ base += 1;
+ }
+ else {
+ base = name;
+ }
+ hash_size = lp_parm_int(-1, "tdb_hashsize", base, 0);
+ }
+
+ tdb = tdb_open_ex(name, hash_size, tdb_flags,
+ open_flags, mode, &log_ctx, NULL);
+ if (!tdb)
+ return NULL;
+
+ return tdb;
+}
+
+int tdb_data_cmp(TDB_DATA t1, TDB_DATA t2)
+{
+ int ret;
+ if (t1.dptr == NULL && t2.dptr != NULL) {
+ return -1;
+ }
+ if (t1.dptr != NULL && t2.dptr == NULL) {
+ return 1;
+ }
+ if (t1.dptr == t2.dptr) {
+ return t1.dsize - t2.dsize;
+ }
+ ret = memcmp(t1.dptr, t2.dptr, MIN(t1.dsize, t2.dsize));
+ if (ret == 0) {
+ return t1.dsize - t2.dsize;
+ }
+ return ret;
+}
+
+char *tdb_data_string(TALLOC_CTX *mem_ctx, TDB_DATA d)
+{
+ int len;
+ char *ret = NULL;
+ cbuf *ost = cbuf_new(mem_ctx);
+
+ if (ost == NULL) {
+ return NULL;
+ }
+
+ len = cbuf_printf(ost, "%zu:", d.dsize);
+ if (len == -1) {
+ goto done;
+ }
+
+ if (d.dptr == NULL) {
+ len = cbuf_puts(ost, "<NULL>", -1);
+ } else {
+ len = cbuf_print_quoted(ost, (const char*)d.dptr, d.dsize);
+ }
+ if (len == -1) {
+ goto done;
+ }
+
+ cbuf_swapptr(ost, &ret, 0);
+ talloc_steal(mem_ctx, ret);
+
+done:
+ talloc_free(ost);
+ return ret;
+}
+
+char *tdb_data_dbg(TDB_DATA d)
+{
+ return hex_encode_talloc(talloc_tos(), d.dptr, d.dsize);
+}
+
+static sig_atomic_t gotalarm;
+
+/***************************************************************
+ Signal function to tell us we timed out.
+****************************************************************/
+
+static void gotalarm_sig(int signum)
+{
+ gotalarm = 1;
+}
+
+/****************************************************************************
+ Lock a chain with timeout (in seconds).
+****************************************************************************/
+
+static int tdb_chainlock_with_timeout_internal( TDB_CONTEXT *tdb, TDB_DATA key, unsigned int timeout, int rw_type)
+{
+ /* Allow tdb_chainlock to be interrupted by an alarm. */
+ int ret;
+ gotalarm = 0;
+
+ if (timeout) {
+ CatchSignal(SIGALRM, gotalarm_sig);
+ tdb_setalarm_sigptr(tdb, &gotalarm);
+ alarm(timeout);
+ }
+
+ if (rw_type == F_RDLCK)
+ ret = tdb_chainlock_read(tdb, key);
+ else
+ ret = tdb_chainlock(tdb, key);
+
+ if (timeout) {
+ alarm(0);
+ tdb_setalarm_sigptr(tdb, NULL);
+ CatchSignal(SIGALRM, SIG_IGN);
+ if (gotalarm && (ret != 0)) {
+ DEBUG(0,("tdb_chainlock_with_timeout_internal: alarm (%u) timed out for key %s in tdb %s\n",
+ timeout, key.dptr, tdb_name(tdb)));
+ /* TODO: If we time out waiting for a lock, it might
+ * be nice to use F_GETLK to get the pid of the
+ * process currently holding the lock and print that
+ * as part of the debugging message. -- mbp */
+ return -1;
+ }
+ }
+
+ return ret == 0 ? 0 : -1;
+}
+
+/****************************************************************************
+ Write lock a chain. Return non-zero if timeout or lock failed.
+****************************************************************************/
+
+int tdb_chainlock_with_timeout( TDB_CONTEXT *tdb, TDB_DATA key, unsigned int timeout)
+{
+ return tdb_chainlock_with_timeout_internal(tdb, key, timeout, F_WRLCK);
+}
+
+int tdb_lock_bystring_with_timeout(TDB_CONTEXT *tdb, const char *keyval,
+ int timeout)
+{
+ TDB_DATA key = string_term_tdb_data(keyval);
+
+ return tdb_chainlock_with_timeout(tdb, key, timeout);
+}
+
+/****************************************************************************
+ Read lock a chain by string. Return non-zero if timeout or lock failed.
+****************************************************************************/
+
+int tdb_read_lock_bystring_with_timeout(TDB_CONTEXT *tdb, const char *keyval, unsigned int timeout)
+{
+ TDB_DATA key = string_term_tdb_data(keyval);
+
+ return tdb_chainlock_with_timeout_internal(tdb, key, timeout, F_RDLCK);
+}
diff --git a/source3/lib/util_transfer_file.c b/source3/lib/util_transfer_file.c
new file mode 100644
index 0000000..5653906
--- /dev/null
+++ b/source3/lib/util_transfer_file.c
@@ -0,0 +1,119 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Utility functions to transfer files.
+ *
+ * Copyright (C) Jeremy Allison 2001-2002
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <includes.h>
+#include "transfer_file.h"
+#include "lib/util/sys_rw.h"
+
+/****************************************************************************
+ Transfer some data between two fd's.
+****************************************************************************/
+
+#ifndef TRANSFER_BUF_SIZE
+#define TRANSFER_BUF_SIZE 65536
+#endif
+
+
+ssize_t transfer_file_internal(void *in_file,
+ void *out_file,
+ size_t n,
+ ssize_t (*pread_fn)(void *, void *, size_t, off_t),
+ ssize_t (*pwrite_fn)(void *, const void *, size_t, off_t))
+{
+ char *buf;
+ size_t total = 0;
+ ssize_t read_ret;
+ ssize_t write_ret;
+ size_t num_to_read_thistime;
+ size_t num_written = 0;
+ off_t offset = 0;
+
+ if (n == 0) {
+ return 0;
+ }
+
+ if ((buf = SMB_MALLOC_ARRAY(char, TRANSFER_BUF_SIZE)) == NULL) {
+ return -1;
+ }
+
+ do {
+ num_to_read_thistime = MIN((n - total), TRANSFER_BUF_SIZE);
+
+ read_ret = (*pread_fn)(in_file, buf, num_to_read_thistime, offset);
+ if (read_ret == -1) {
+ DEBUG(0,("transfer_file_internal: read failure. "
+ "Error = %s\n", strerror(errno) ));
+ SAFE_FREE(buf);
+ return -1;
+ }
+ if (read_ret == 0) {
+ break;
+ }
+
+ num_written = 0;
+
+ while (num_written < read_ret) {
+ write_ret = (*pwrite_fn)(out_file, buf + num_written,
+ read_ret - num_written,
+ offset + num_written);
+
+ if (write_ret == -1) {
+ DEBUG(0,("transfer_file_internal: "
+ "write failure. Error = %s\n",
+ strerror(errno) ));
+ SAFE_FREE(buf);
+ return -1;
+ }
+ if (write_ret == 0) {
+ return (ssize_t)total;
+ }
+
+ num_written += (size_t)write_ret;
+ }
+
+ total += (size_t)read_ret;
+ offset += (off_t)read_ret;
+ } while (total < n);
+
+ SAFE_FREE(buf);
+ return (ssize_t)total;
+}
+
+static ssize_t sys_pread_fn(void *file, void *buf, size_t len, off_t offset)
+{
+ int *fd = (int *)file;
+
+ return sys_pread(*fd, buf, len, offset);
+}
+
+static ssize_t sys_pwrite_fn(void *file, const void *buf, size_t len, off_t offset)
+{
+ int *fd = (int *)file;
+
+ return sys_pwrite(*fd, buf, len, offset);
+}
+
+off_t transfer_file(int infd, int outfd, off_t n)
+{
+ return (off_t)transfer_file_internal(&infd, &outfd, (size_t)n,
+ sys_pread_fn, sys_pwrite_fn);
+}
diff --git a/source3/lib/util_tsock.c b/source3/lib/util_tsock.c
new file mode 100644
index 0000000..6432ce4
--- /dev/null
+++ b/source3/lib/util_tsock.c
@@ -0,0 +1,149 @@
+/*
+ Unix SMB/CIFS implementation.
+ Utilities around tsocket
+ Copyright (C) Volker Lendecke 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "system/network.h"
+#include <tevent.h>
+#include "lib/util_tsock.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../lib/util/tevent_unix.h"
+
+struct tstream_read_packet_state {
+ struct tevent_context *ev;
+ struct tstream_context *stream;
+ ssize_t (*more)(uint8_t *buf, size_t buflen, void *private_data);
+ void *private_data;
+ uint8_t *buf;
+ struct iovec iov;
+};
+
+static void tstream_read_packet_done(struct tevent_req *subreq);
+
+struct tevent_req *tstream_read_packet_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *stream,
+ size_t initial,
+ ssize_t (*more)(uint8_t *buf,
+ size_t buflen,
+ void *private_data),
+ void *private_data)
+{
+ struct tevent_req *req, *subreq;
+ struct tstream_read_packet_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tstream_read_packet_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->buf = talloc_array(state, uint8_t, initial);
+ if (tevent_req_nomem(state->buf, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->iov.iov_base = (void *)state->buf;
+ state->iov.iov_len = initial;
+
+ state->ev = ev;
+ state->stream = stream;
+ state->more = more;
+ state->private_data = private_data;
+
+ subreq = tstream_readv_send(state, ev, stream, &state->iov, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tstream_read_packet_done, req);
+
+ return req;
+}
+
+static void tstream_read_packet_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct tstream_read_packet_state *state = tevent_req_data(
+ req, struct tstream_read_packet_state);
+ int ret, err;
+ size_t total;
+ ssize_t more;
+ uint8_t *tmp;
+
+ ret = tstream_readv_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (ret == 0) {
+ err = EPIPE;
+ }
+ if (ret <= 0) {
+ tevent_req_error(req, err);
+ return;
+ }
+
+ if (state->more == NULL) {
+ /* Nobody to ask, this is a async read_data */
+ tevent_req_done(req);
+ return;
+ }
+ total = talloc_array_length(state->buf);
+
+ more = state->more(state->buf, total, state->private_data);
+ if (more == -1) {
+ /* We got an invalid packet, tell the caller */
+ tevent_req_error(req, EIO);
+ return;
+ }
+ if (more == 0) {
+ /* We're done, full packet received */
+ tevent_req_done(req);
+ return;
+ }
+
+ if (total + more < total) {
+ tevent_req_error(req, EMSGSIZE);
+ return;
+ }
+
+ tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+ }
+ state->buf = tmp;
+
+ state->iov.iov_base = (void *)(state->buf + total);
+ state->iov.iov_len = more;
+
+ subreq = tstream_readv_send(state, state->ev, state->stream,
+ &state->iov, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, tstream_read_packet_done, req);
+}
+
+ssize_t tstream_read_packet_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **pbuf, int *perrno)
+{
+ struct tstream_read_packet_state *state =
+ tevent_req_data(req, struct tstream_read_packet_state);
+
+ if (tevent_req_is_unix_error(req, perrno)) {
+ return -1;
+ }
+ *pbuf = talloc_move(mem_ctx, &state->buf);
+ return talloc_array_length(*pbuf);
+}
diff --git a/source3/lib/util_tsock.h b/source3/lib/util_tsock.h
new file mode 100644
index 0000000..de4381a
--- /dev/null
+++ b/source3/lib/util_tsock.h
@@ -0,0 +1,38 @@
+/*
+ Unix SMB/CIFS implementation.
+ Utilities around tsocket
+ Copyright (C) Volker Lendecke 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __UTIL_TSOCK_H__
+#define __UTIL_TSOCK_H__
+
+#include "replace.h"
+#include <tevent.h>
+
+struct tstream_context;
+struct tevent_req *tstream_read_packet_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *stream,
+ size_t initial,
+ ssize_t (*more)(uint8_t *buf,
+ size_t buflen,
+ void *private_data),
+ void *private_data);
+ssize_t tstream_read_packet_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **pbuf, int *perrno);
+
+#endif
diff --git a/source3/lib/util_unixsids.c b/source3/lib/util_unixsids.c
new file mode 100644
index 0000000..387232c
--- /dev/null
+++ b/source3/lib/util_unixsids.c
@@ -0,0 +1,80 @@
+/*
+ Unix SMB/CIFS implementation.
+ Translate unix-defined names to SIDs and vice versa
+ Copyright (C) Volker Lendecke 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "util_unixsids.h"
+#include "../libcli/security/security.h"
+
+bool sid_check_is_unix_users(const struct dom_sid *sid)
+{
+ return dom_sid_equal(sid, &global_sid_Unix_Users);
+}
+
+bool sid_check_is_in_unix_users(const struct dom_sid *sid)
+{
+ struct dom_sid dom_sid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, NULL);
+
+ return sid_check_is_unix_users(&dom_sid);
+}
+
+void uid_to_unix_users_sid(uid_t uid, struct dom_sid *sid)
+{
+ /*
+ * This can never fail, we know that global_sid_Unix_Users is
+ * short enough for a domain sid.
+ */
+ sid_compose(sid, &global_sid_Unix_Users, uid);
+}
+
+void gid_to_unix_groups_sid(gid_t gid, struct dom_sid *sid)
+{
+ /*
+ * This can never fail, we know that global_sid_Unix_Groups is
+ * short enough for a domain sid.
+ */
+ sid_compose(sid, &global_sid_Unix_Groups, gid);
+}
+
+const char *unix_users_domain_name(void)
+{
+ return "Unix User";
+}
+
+bool sid_check_is_unix_groups(const struct dom_sid *sid)
+{
+ return dom_sid_equal(sid, &global_sid_Unix_Groups);
+}
+
+bool sid_check_is_in_unix_groups(const struct dom_sid *sid)
+{
+ struct dom_sid dom_sid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, NULL);
+
+ return sid_check_is_unix_groups(&dom_sid);
+}
+
+const char *unix_groups_domain_name(void)
+{
+ return "Unix Group";
+}
diff --git a/source3/lib/util_unixsids.h b/source3/lib/util_unixsids.h
new file mode 100644
index 0000000..b90a746
--- /dev/null
+++ b/source3/lib/util_unixsids.h
@@ -0,0 +1,36 @@
+/*
+ Unix SMB/CIFS implementation.
+ Translate unix-defined names to SIDs and vice versa
+ Copyright (C) Volker Lendecke 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __UTIL_UNIXSIDS_H__
+#define __UTIL_UNIXSIDS_H__
+
+#include "replace.h"
+
+struct dom_sid;
+
+bool sid_check_is_unix_users(const struct dom_sid *sid);
+bool sid_check_is_in_unix_users(const struct dom_sid *sid);
+void uid_to_unix_users_sid(uid_t uid, struct dom_sid *sid);
+void gid_to_unix_groups_sid(gid_t gid, struct dom_sid *sid);
+const char *unix_users_domain_name(void);
+bool sid_check_is_unix_groups(const struct dom_sid *sid);
+bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
+const char *unix_groups_domain_name(void);
+
+#endif
diff --git a/source3/lib/util_wellknown.c b/source3/lib/util_wellknown.c
new file mode 100644
index 0000000..8cb7a36
--- /dev/null
+++ b/source3/lib/util_wellknown.c
@@ -0,0 +1,192 @@
+/*
+ Unix SMB/CIFS implementation.
+ Lookup routines for well-known SIDs
+ Copyright (C) Andrew Tridgell 1992-1998
+ Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
+ Copyright (C) Jeremy Allison 1999
+ Copyright (C) Volker Lendecke 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/security/security.h"
+
+struct rid_name_map {
+ uint32_t rid;
+ const char *name;
+};
+
+struct sid_name_map_info
+{
+ const struct dom_sid *sid;
+ const char *name;
+ const struct rid_name_map *known_users;
+};
+
+static const struct rid_name_map everyone_users[] = {
+ { 0, "Everyone" },
+ { 0, NULL}};
+
+static const struct rid_name_map local_authority_users[] = {
+ { 0, "Local" },
+ { 1, "Console Logon" },
+ { 0, NULL}};
+
+static const struct rid_name_map creator_owner_users[] = {
+ { 0, "Creator Owner" },
+ { 1, "Creator Group" },
+ { 2, "Creator Owner Server" },
+ { 3, "Creator Group Server" },
+ { 4, "Owner Rights" },
+ { 0, NULL}};
+
+static const struct rid_name_map nt_authority_users[] = {
+ { 1, "Dialup" },
+ { 2, "Network"},
+ { 3, "Batch"},
+ { 4, "Interactive"},
+ { 6, "Service"},
+ { 7, "Anonymous Logon"},
+ { 8, "Proxy"},
+ { 9, "Enterprise Domain Controllers"},
+ { 10, "Self"},
+ { 11, "Authenticated Users"},
+ { 12, "Restricted"},
+ { 13, "Terminal Server User"},
+ { 14, "Remote Interactive Logon"},
+ { 15, "This Organization"},
+ { 17, "IUSR"},
+ { 18, "SYSTEM"},
+ { 19, "Local Service"},
+ { 20, "Network Service"},
+ { 0, NULL}};
+
+static struct sid_name_map_info special_domains[] = {
+ { &global_sid_World_Domain, "", everyone_users },
+ { &global_sid_Local_Authority, "", local_authority_users },
+ { &global_sid_Creator_Owner_Domain, "", creator_owner_users },
+ { &global_sid_NT_Authority, "NT Authority", nt_authority_users },
+ { NULL, NULL, NULL }};
+
+bool sid_check_is_wellknown_domain(const struct dom_sid *sid, const char **name)
+{
+ int i;
+
+ for (i=0; special_domains[i].sid != NULL; i++) {
+ if (dom_sid_equal(sid, special_domains[i].sid)) {
+ if (name != NULL) {
+ *name = special_domains[i].name;
+ }
+ return True;
+ }
+ }
+ return False;
+}
+
+bool sid_check_is_in_wellknown_domain(const struct dom_sid *sid)
+{
+ struct dom_sid dom_sid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, NULL);
+
+ return sid_check_is_wellknown_domain(&dom_sid, NULL);
+}
+
+/**************************************************************************
+ Looks up a known username from one of the known domains.
+***************************************************************************/
+
+bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
+ const char **domain, const char **name)
+{
+ int i;
+ struct dom_sid dom_sid;
+ uint32_t rid;
+ const struct rid_name_map *users = NULL;
+ struct dom_sid_buf buf;
+
+ sid_copy(&dom_sid, sid);
+ if (!sid_split_rid(&dom_sid, &rid)) {
+ DEBUG(2, ("Could not split rid from SID\n"));
+ return False;
+ }
+
+ for (i=0; special_domains[i].sid != NULL; i++) {
+ if (dom_sid_equal(&dom_sid, special_domains[i].sid)) {
+ *domain = talloc_strdup(mem_ctx,
+ special_domains[i].name);
+ users = special_domains[i].known_users;
+ break;
+ }
+ }
+
+ if (users == NULL) {
+ DEBUG(10, ("SID %s is no special sid\n",
+ dom_sid_str_buf(sid, &buf)));
+ return False;
+ }
+
+ for (i=0; users[i].name != NULL; i++) {
+ if (rid == users[i].rid) {
+ *name = talloc_strdup(mem_ctx, users[i].name);
+ return True;
+ }
+ }
+
+ DEBUG(10, ("RID of special SID %s not found\n",
+ dom_sid_str_buf(sid, &buf)));
+
+ return False;
+}
+
+/**************************************************************************
+ Try and map a name to one of the well known SIDs.
+***************************************************************************/
+
+bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
+ struct dom_sid *sid, const char **pdomain)
+{
+ int i, j;
+ const char *domain = *pdomain;
+
+ DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name));
+
+ for (i=0; special_domains[i].sid != NULL; i++) {
+ const struct rid_name_map *users =
+ special_domains[i].known_users;
+
+ if (domain[0] != '\0') {
+ if (!strequal(domain, special_domains[i].name)) {
+ continue;
+ }
+ }
+
+ if (users == NULL)
+ continue;
+
+ for (j=0; users[j].name != NULL; j++) {
+ if ( strequal(users[j].name, name) ) {
+ sid_compose(sid, special_domains[i].sid,
+ users[j].rid);
+ *pdomain = talloc_strdup(
+ mem_ctx, special_domains[i].name);
+ return True;
+ }
+ }
+ }
+
+ return False;
+}
diff --git a/source3/lib/version.c b/source3/lib/version.c
new file mode 100644
index 0000000..28fcd1b
--- /dev/null
+++ b/source3/lib/version.c
@@ -0,0 +1,32 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba Version functions
+
+ Copyright (C) Stefan Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "version.h"
+
+const char *samba_version_string(void)
+{
+ return SAMBA_VERSION_STRING;
+}
+
+const char *samba_copyright_string(void)
+{
+ return SAMBA_COPYRIGHT_STRING;
+}
diff --git a/source3/lib/version_test.c b/source3/lib/version_test.c
new file mode 100644
index 0000000..880cfeb
--- /dev/null
+++ b/source3/lib/version_test.c
@@ -0,0 +1,26 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * version_test - test program for samba_version_strion()
+ * Copyright (C) Michael Adam 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+int main(void)
+{
+ printf("%s\n", samba_version_string());
+ return 0;
+}
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
new file mode 100644
index 0000000..7e3f8ab
--- /dev/null
+++ b/source3/lib/winbind_util.c
@@ -0,0 +1,403 @@
+/*
+ Unix SMB/CIFS implementation.
+ Winbind Utility functions
+
+ Copyright (C) Gerald (Jerry) Carter 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/security/security.h"
+#include "../lib/util/util_pw.h"
+#include "nsswitch/libwbclient/wbclient.h"
+
+#include "lib/winbind_util.h"
+
+#if defined(WITH_WINBIND)
+
+struct passwd * winbind_getpwnam(const char * name)
+{
+ wbcErr result;
+ struct passwd * tmp_pwd = NULL;
+ struct passwd * pwd = NULL;
+
+ result = wbcGetpwnam(name, &tmp_pwd);
+ if (result != WBC_ERR_SUCCESS)
+ return pwd;
+
+ pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
+
+ wbcFreeMemory(tmp_pwd);
+
+ return pwd;
+}
+
+struct passwd * winbind_getpwsid(const struct dom_sid *sid)
+{
+ wbcErr result;
+ struct passwd * tmp_pwd = NULL;
+ struct passwd * pwd = NULL;
+ struct wbcDomainSid dom_sid;
+
+ memcpy(&dom_sid, sid, sizeof(dom_sid));
+
+ result = wbcGetpwsid(&dom_sid, &tmp_pwd);
+ if (result != WBC_ERR_SUCCESS)
+ return pwd;
+
+ pwd = tcopy_passwd(talloc_tos(), tmp_pwd);
+
+ wbcFreeMemory(tmp_pwd);
+
+ return pwd;
+}
+
+/* Call winbindd to convert a name to a sid */
+
+bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
+ enum lsa_SidType *name_type)
+{
+ struct wbcDomainSid dom_sid;
+ wbcErr result;
+ enum wbcSidType type;
+
+ result = wbcLookupName(dom_name, name, &dom_sid, &type);
+ if (result != WBC_ERR_SUCCESS)
+ return false;
+
+ memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+ *name_type = (enum lsa_SidType)type;
+
+ return true;
+}
+
+/* Call winbindd to convert sid to name */
+
+bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
+ const char **domain, const char **name,
+ enum lsa_SidType *name_type)
+{
+ struct wbcDomainSid dom_sid;
+ wbcErr result;
+ enum wbcSidType type;
+ char *domain_name = NULL;
+ char *account_name = NULL;
+ struct dom_sid_buf buf;
+
+ memcpy(&dom_sid, sid, sizeof(dom_sid));
+
+ result = wbcLookupSid(&dom_sid, &domain_name, &account_name, &type);
+ if (result != WBC_ERR_SUCCESS)
+ return false;
+
+ /* Copy out result */
+
+ if (domain) {
+ *domain = talloc_strdup(mem_ctx, domain_name);
+ }
+ if (name) {
+ *name = talloc_strdup(mem_ctx, account_name);
+ }
+ *name_type = (enum lsa_SidType)type;
+
+ DEBUG(10, ("winbind_lookup_sid: SUCCESS: SID %s -> %s %s\n",
+ dom_sid_str_buf(sid, &buf), domain_name, account_name));
+
+ wbcFreeMemory(domain_name);
+ wbcFreeMemory(account_name);
+
+ if ((domain && !*domain) || (name && !*name)) {
+ DEBUG(0,("winbind_lookup_sid: talloc() failed!\n"));
+ return false;
+ }
+
+
+ return true;
+}
+
+/* Ping winbindd to see it is alive */
+
+bool winbind_ping(void)
+{
+ wbcErr result = wbcPing();
+
+ return (result == WBC_ERR_SUCCESS);
+}
+
+/* Call winbindd to convert SID to uid */
+
+bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
+{
+ struct wbcDomainSid dom_sid;
+ wbcErr result;
+
+ memcpy(&dom_sid, sid, sizeof(dom_sid));
+
+ result = wbcSidToUid(&dom_sid, puid);
+
+ return (result == WBC_ERR_SUCCESS);
+}
+
+/* Call winbindd to convert SID to gid */
+
+bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
+{
+ struct wbcDomainSid dom_sid;
+ wbcErr result;
+
+ memcpy(&dom_sid, sid, sizeof(dom_sid));
+
+ result = wbcSidToGid(&dom_sid, pgid);
+
+ return (result == WBC_ERR_SUCCESS);
+}
+
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+ struct wbcUnixId wbc_xid;
+ struct wbcDomainSid dom_sid;
+ wbcErr result;
+
+ switch (xid->type) {
+ case ID_TYPE_UID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_UID, .id.uid = xid->id
+ };
+ break;
+ case ID_TYPE_GID:
+ wbc_xid = (struct wbcUnixId) {
+ .type = WBC_ID_TYPE_GID, .id.gid = xid->id
+ };
+ break;
+ default:
+ return false;
+ }
+
+ result = wbcUnixIdsToSids(&wbc_xid, 1, &dom_sid);
+ if (result != WBC_ERR_SUCCESS) {
+ return false;
+ }
+
+ memcpy(sid, &dom_sid, sizeof(struct dom_sid));
+ return true;
+}
+
+/* Check for a trusted domain */
+
+wbcErr wb_is_trusted_domain(const char *domain)
+{
+ wbcErr result;
+ struct wbcDomainInfo *info = NULL;
+
+ result = wbcDomainInfo(domain, &info);
+
+ if (WBC_ERROR_IS_OK(result)) {
+ wbcFreeMemory(info);
+ }
+
+ return result;
+}
+
+/* Lookup a set of rids in a given domain */
+
+bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *domain_sid,
+ int num_rids, uint32_t *rids,
+ const char **domain_name,
+ const char ***names, enum lsa_SidType **types)
+{
+ const char *dom_name = NULL;
+ const char **namelist = NULL;
+ enum wbcSidType *name_types = NULL;
+ struct wbcDomainSid dom_sid;
+ wbcErr ret;
+ int i;
+
+ memcpy(&dom_sid, domain_sid, sizeof(struct wbcDomainSid));
+
+ ret = wbcLookupRids(&dom_sid, num_rids, rids,
+ &dom_name, &namelist, &name_types);
+ if (ret != WBC_ERR_SUCCESS) {
+ return false;
+ }
+
+ *domain_name = talloc_strdup(mem_ctx, dom_name);
+ *names = talloc_array(mem_ctx, const char*, num_rids);
+ *types = talloc_array(mem_ctx, enum lsa_SidType, num_rids);
+
+ for(i=0; i<num_rids; i++) {
+ (*names)[i] = talloc_strdup(*names, namelist[i]);
+ (*types)[i] = (enum lsa_SidType)name_types[i];
+ }
+
+ wbcFreeMemory(discard_const_p(char, dom_name));
+ wbcFreeMemory(namelist);
+ wbcFreeMemory(name_types);
+
+ return true;
+}
+
+/* Ask Winbind to allocate a new uid for us */
+
+bool winbind_allocate_uid(uid_t *uid)
+{
+ wbcErr ret;
+
+ ret = wbcAllocateUid(uid);
+
+ return (ret == WBC_ERR_SUCCESS);
+}
+
+/* Ask Winbind to allocate a new gid for us */
+
+bool winbind_allocate_gid(gid_t *gid)
+{
+ wbcErr ret;
+
+ ret = wbcAllocateGid(gid);
+
+ return (ret == WBC_ERR_SUCCESS);
+}
+
+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *user_sid,
+ uint32_t *p_num_sids,
+ struct dom_sid **p_sids)
+{
+ wbcErr ret;
+ struct wbcDomainSid dom_sid;
+ struct wbcDomainSid *sid_list = NULL;
+ uint32_t num_sids;
+
+ memcpy(&dom_sid, user_sid, sizeof(dom_sid));
+
+ ret = wbcLookupUserSids(&dom_sid,
+ false,
+ &num_sids,
+ &sid_list);
+ if (ret != WBC_ERR_SUCCESS) {
+ return false;
+ }
+
+ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
+ if (*p_sids == NULL) {
+ wbcFreeMemory(sid_list);
+ return false;
+ }
+
+ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids);
+
+ *p_num_sids = num_sids;
+ wbcFreeMemory(sid_list);
+
+ return true;
+}
+
+#else /* WITH_WINBIND */
+
+struct passwd * winbind_getpwnam(const char * name)
+{
+ return NULL;
+}
+
+struct passwd * winbind_getpwsid(const struct dom_sid *sid)
+{
+ return NULL;
+}
+
+bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
+ enum lsa_SidType *name_type)
+{
+ return false;
+}
+
+/* Call winbindd to convert sid to name */
+
+bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
+ const char **domain, const char **name,
+ enum lsa_SidType *name_type)
+{
+ return false;
+}
+
+/* Ping winbindd to see it is alive */
+
+bool winbind_ping(void)
+{
+ return false;
+}
+
+/* Call winbindd to convert SID to uid */
+
+bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid)
+{
+ return false;
+}
+
+/* Call winbindd to convert SID to gid */
+
+bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid)
+{
+ return false;
+}
+
+/* Call winbindd to convert uid or gid to SID */
+
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid)
+{
+ return false;
+}
+
+/* Check for a trusted domain */
+
+wbcErr wb_is_trusted_domain(const char *domain)
+{
+ return WBC_ERR_UNKNOWN_FAILURE;
+}
+
+/* Lookup a set of rids in a given domain */
+
+bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *domain_sid,
+ int num_rids, uint32_t *rids,
+ const char **domain_name,
+ const char ***names, enum lsa_SidType **types)
+{
+ return false;
+}
+
+/* Ask Winbind to allocate a new uid for us */
+
+bool winbind_allocate_uid(uid_t *uid)
+{
+ return false;
+}
+
+/* Ask Winbind to allocate a new gid for us */
+
+bool winbind_allocate_gid(gid_t *gid)
+{
+ return false;
+}
+
+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *user_sid,
+ uint32_t *p_num_sids,
+ struct dom_sid **p_sids)
+{
+ return false;
+}
+
+#endif /* WITH_WINBIND */
diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
new file mode 100644
index 0000000..6056190
--- /dev/null
+++ b/source3/lib/winbind_util.h
@@ -0,0 +1,56 @@
+/*
+ Unix SMB/CIFS implementation.
+ Winbind Utility functions
+
+ Copyright (C) Gerald (Jerry) Carter 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIB__WINBIND_UTIL_H__
+#define __LIB__WINBIND_UTIL_H__
+
+#include "../librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/idmap.h"
+
+/* needed for wbcErr below */
+#include "nsswitch/libwbclient/wbclient.h"
+
+/* The following definitions come from lib/winbind_util.c */
+
+bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid *sid,
+ enum lsa_SidType *name_type);
+bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
+ const char **domain, const char **name,
+ enum lsa_SidType *name_type);
+bool winbind_ping(void);
+bool winbind_sid_to_uid(uid_t *puid, const struct dom_sid *sid);
+bool winbind_sid_to_gid(gid_t *pgid, const struct dom_sid *sid);
+bool winbind_xid_to_sid(struct dom_sid *sid, const struct unixid *xid);
+struct passwd * winbind_getpwnam(const char * sname);
+struct passwd * winbind_getpwsid(const struct dom_sid *sid);
+wbcErr wb_is_trusted_domain(const char *domain);
+bool winbind_lookup_rids(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *domain_sid,
+ int num_rids, uint32_t *rids,
+ const char **domain_name,
+ const char ***names, enum lsa_SidType **types);
+bool winbind_allocate_uid(uid_t *uid);
+bool winbind_allocate_gid(gid_t *gid);
+bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *user_sid,
+ uint32_t *p_num_sids,
+ struct dom_sid **p_sids);
+
+#endif /* __LIB__WINBIND_UTIL_H__ */
diff --git a/source3/lib/wins_srv.c b/source3/lib/wins_srv.c
new file mode 100644
index 0000000..ea94dc1
--- /dev/null
+++ b/source3/lib/wins_srv.c
@@ -0,0 +1,409 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba wins server helper functions
+ Copyright (C) Andrew Tridgell 1992-2002
+ Copyright (C) Christopher R. Hertel 2000
+ Copyright (C) Tim Potter 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/gencache.h"
+#include "lib/util/string_wrappers.h"
+
+/*
+ This is pretty much a complete rewrite of the earlier code. The main
+ aim of the rewrite is to add support for having multiple wins server
+ lists, so Samba can register with multiple groups of wins servers
+ and each group has a failover list of wins servers.
+
+ Central to the way it all works is the idea of a wins server
+ 'tag'. A wins tag is a label for a group of wins servers. For
+ example if you use
+
+ wins server = fred:192.168.2.10 mary:192.168.3.199 fred:192.168.2.61
+
+ then you would have two groups of wins servers, one tagged with the
+ name 'fred' and the other with the name 'mary'. I would usually
+ recommend using interface names instead of 'fred' and 'mary' but
+ they can be any alpha string.
+
+ Now, how does it all work. Well, nmbd needs to register each of its
+ IPs with each of its names once with each group of wins servers. So
+ it tries registering with the first one mentioned in the list, then
+ if that fails it marks that WINS server dead and moves onto the next
+ one.
+
+ In the client code things are a bit different. As each of the groups
+ of wins servers is a separate name space we need to try each of the
+ groups until we either succeed or we run out of wins servers to
+ try. If we get a negative response from a wins server then that
+ means the name doesn't exist in that group, so we give up on that
+ group and move to the next group. If we don't get a response at all
+ then maybe the wins server is down, in which case we need to
+ failover to the next one for that group.
+
+ confused yet? (tridge)
+*/
+
+/* how long a server is marked dead for */
+#define DEATH_TIME 600
+
+/* The list of dead wins servers is stored in gencache.tdb. Each server is
+ marked dead from the point of view of a given source address. We keep a
+ separate dead list for each src address to cope with multiple interfaces
+ that are not routable to each other.
+ */
+
+#define WINS_SRV_FMT "WINS_SRV_DEAD/%s,%s" /* wins_ip,src_ip */
+
+static char *wins_srv_keystr(struct in_addr wins_ip, struct in_addr src_ip)
+{
+ char *keystr = NULL, *wins_ip_addr = NULL, *src_ip_addr = NULL;
+
+ wins_ip_addr = SMB_STRDUP(inet_ntoa(wins_ip));
+ src_ip_addr = SMB_STRDUP(inet_ntoa(src_ip));
+
+ if ( !wins_ip_addr || !src_ip_addr ) {
+ DEBUG(0,("wins_srv_keystr: malloc error\n"));
+ goto done;
+ }
+
+ if (asprintf(&keystr, WINS_SRV_FMT, wins_ip_addr, src_ip_addr) == -1) {
+ DEBUG(0, (": ns_srv_keystr: malloc error for key string\n"));
+ }
+
+done:
+ SAFE_FREE(wins_ip_addr);
+ SAFE_FREE(src_ip_addr);
+
+ return keystr;
+}
+
+/*
+ see if an ip is on the dead list
+*/
+
+bool wins_srv_is_dead(struct in_addr wins_ip, struct in_addr src_ip)
+{
+ char *keystr = wins_srv_keystr(wins_ip, src_ip);
+ bool result;
+
+ /* If the key exists then the WINS server has been marked as dead */
+
+ result = gencache_get(keystr, NULL, NULL, NULL);
+ SAFE_FREE(keystr);
+
+ DEBUG(4, ("wins_srv_is_dead: %s is %s\n", inet_ntoa(wins_ip),
+ result ? "dead" : "alive"));
+
+ return result;
+}
+
+
+/*
+ mark a wins server as being alive (for the moment)
+*/
+void wins_srv_alive(struct in_addr wins_ip, struct in_addr src_ip)
+{
+ char *keystr = wins_srv_keystr(wins_ip, src_ip);
+
+ gencache_del(keystr);
+ SAFE_FREE(keystr);
+
+ DEBUG(4, ("wins_srv_alive: marking wins server %s alive\n",
+ inet_ntoa(wins_ip)));
+}
+
+/*
+ mark a wins server as temporarily dead
+*/
+void wins_srv_died(struct in_addr wins_ip, struct in_addr src_ip)
+{
+ char *keystr;
+
+ if (is_zero_ip_v4(wins_ip) || wins_srv_is_dead(wins_ip, src_ip))
+ return;
+
+ keystr = wins_srv_keystr(wins_ip, src_ip);
+
+ gencache_set(keystr, "DOWN", time(NULL) + DEATH_TIME);
+
+ SAFE_FREE(keystr);
+
+ DEBUG(4,("Marking wins server %s dead for %u seconds from source %s\n",
+ inet_ntoa(wins_ip), DEATH_TIME, inet_ntoa(src_ip)));
+}
+
+/*
+ return the total number of wins servers, dead or not
+*/
+unsigned wins_srv_count(void)
+{
+ const char **list;
+ int count = 0;
+
+ if (lp_we_are_a_wins_server()) {
+ /* simple - just talk to ourselves */
+ return 1;
+ }
+
+ list = lp_wins_server_list();
+ for (count=0; list && list[count]; count++)
+ /* nop */ ;
+
+ return count;
+}
+
+/* an internal convenience structure for an IP with a short string tag
+ attached */
+struct tagged_ip {
+ fstring tag;
+ struct in_addr ip;
+};
+
+/*
+ parse an IP string that might be in tagged format
+ the result is a tagged_ip structure containing the tag
+ and the ip in in_addr format. If there is no tag then
+ use the tag '*'
+*/
+static void parse_ip(struct tagged_ip *ip, const char *str)
+{
+ char *s = strchr(str, ':');
+ if (!s) {
+ fstrcpy(ip->tag, "*");
+ ip->ip = interpret_addr2(str);
+ return;
+ }
+
+ ip->ip = interpret_addr2(s+1);
+ fstrcpy(ip->tag, str);
+ s = strchr(ip->tag, ':');
+ if (s) {
+ *s = 0;
+ }
+}
+
+
+
+/*
+ return the list of wins server tags. A 'tag' is used to distinguish
+ wins server as either belonging to the same name space or a separate
+ name space. Usually you would setup your 'wins server' option to
+ list one or more wins server per interface and use the interface
+ name as your tag, but you are free to use any tag you like.
+*/
+char **wins_srv_tags(void)
+{
+ char **ret = NULL;
+ unsigned int count=0, i, j;
+ const char **list;
+
+ if (lp_we_are_a_wins_server()) {
+ /* give the caller something to chew on. This makes
+ the rest of the logic simpler (ie. less special cases) */
+ ret = SMB_MALLOC_ARRAY(char *, 2);
+ if (!ret) return NULL;
+ ret[0] = SMB_STRDUP("*");
+ ret[1] = NULL;
+ return ret;
+ }
+
+ list = lp_wins_server_list();
+ if (!list)
+ return NULL;
+
+ /* yes, this is O(n^2) but n is very small */
+ for (i=0;list[i];i++) {
+ struct tagged_ip t_ip;
+
+ parse_ip(&t_ip, list[i]);
+
+ /* see if we already have it */
+ for (j=0;j<count;j++) {
+ if (strcmp(ret[j], t_ip.tag) == 0) {
+ break;
+ }
+ }
+
+ if (j != count) {
+ /* we already have it. Move along */
+ continue;
+ }
+
+ /* add it to the list */
+ ret = SMB_REALLOC_ARRAY(ret, char *, count+2);
+ if (!ret) {
+ return NULL;
+ }
+ ret[count] = SMB_STRDUP(t_ip.tag);
+ if (!ret[count]) break;
+ count++;
+ }
+
+ if (count) {
+ /* make sure we null terminate */
+ ret[count] = NULL;
+ }
+
+ return ret;
+}
+
+/* free a list of wins server tags given by wins_srv_tags */
+void wins_srv_tags_free(char **list)
+{
+ int i;
+ if (!list) return;
+ for (i=0; list[i]; i++) {
+ free(list[i]);
+ }
+ free(list);
+}
+
+
+/*
+ return the IP of the currently active wins server for the given tag,
+ or the zero IP otherwise
+*/
+struct in_addr wins_srv_ip_tag(const char *tag, struct in_addr src_ip)
+{
+ const char **list;
+ int i;
+ struct tagged_ip t_ip;
+
+ /* if we are a wins server then we always just talk to ourselves */
+ if (lp_we_are_a_wins_server()) {
+ struct in_addr loopback_ip;
+ loopback_ip.s_addr = htonl(INADDR_LOOPBACK);
+ return loopback_ip;
+ }
+
+ list = lp_wins_server_list();
+ if (!list || !list[0]) {
+ struct in_addr ip;
+ zero_ip_v4(&ip);
+ return ip;
+ }
+
+ /* find the first live one for this tag */
+ for (i=0; list[i]; i++) {
+ parse_ip(&t_ip, list[i]);
+ if (strcmp(tag, t_ip.tag) != 0) {
+ /* not for the right tag. Move along */
+ continue;
+ }
+ if (!wins_srv_is_dead(t_ip.ip, src_ip)) {
+ fstring src_name;
+ fstrcpy(src_name, inet_ntoa(src_ip));
+ DEBUG(6,("Current wins server for tag '%s' with source %s is %s\n",
+ tag,
+ src_name,
+ inet_ntoa(t_ip.ip)));
+ return t_ip.ip;
+ }
+ }
+
+ /* they're all dead - try the first one until they revive */
+ for (i=0; list[i]; i++) {
+ parse_ip(&t_ip, list[i]);
+ if (strcmp(tag, t_ip.tag) != 0) {
+ continue;
+ }
+ return t_ip.ip;
+ }
+
+ /* this can't happen?? */
+ zero_ip_v4(&t_ip.ip);
+ return t_ip.ip;
+}
+
+bool wins_server_tag_ips(const char *tag, TALLOC_CTX *mem_ctx,
+ struct in_addr **pservers, size_t *pnum_servers)
+{
+ const char **list;
+ size_t i, num_servers;
+ struct in_addr *servers;
+
+ list = lp_wins_server_list();
+ if ((list == NULL) || (list[0] == NULL)) {
+ return false;
+ }
+
+ num_servers = 0;
+
+ for (i=0; list[i] != NULL; i++) {
+ struct tagged_ip t_ip;
+ parse_ip(&t_ip, list[i]);
+ if (strcmp(tag, t_ip.tag) == 0) {
+ /* Wrap check. */
+ if (num_servers + 1 < num_servers) {
+ return false;
+ }
+ num_servers += 1;
+ }
+ }
+
+ servers = talloc_array(mem_ctx, struct in_addr, num_servers);
+ if (servers == NULL) {
+ return false;
+ }
+
+ num_servers = 0;
+
+ for (i=0; list[i] != NULL; i++) {
+ struct tagged_ip t_ip;
+ parse_ip(&t_ip, list[i]);
+ if (strcmp(tag, t_ip.tag) == 0) {
+ servers[num_servers] = t_ip.ip;
+ num_servers += 1;
+ }
+ }
+ *pnum_servers = num_servers;
+ *pservers = servers;
+ return true;
+}
+
+
+/*
+ return a count of the number of IPs for a particular tag, including
+ dead ones
+*/
+unsigned wins_srv_count_tag(const char *tag)
+{
+ const char **list;
+ int i, count=0;
+
+ /* if we are a wins server then we always just talk to ourselves */
+ if (lp_we_are_a_wins_server()) {
+ return 1;
+ }
+
+ list = lp_wins_server_list();
+ if (!list || !list[0]) {
+ return 0;
+ }
+
+ /* find the first live one for this tag */
+ for (i=0; list[i]; i++) {
+ struct tagged_ip t_ip;
+ parse_ip(&t_ip, list[i]);
+ if (strcmp(tag, t_ip.tag) == 0) {
+ count++;
+ }
+ }
+
+ return count;
+}
diff --git a/source3/lib/xattr_tdb.c b/source3/lib/xattr_tdb.c
new file mode 100644
index 0000000..564cdd8
--- /dev/null
+++ b/source3/lib/xattr_tdb.c
@@ -0,0 +1,468 @@
+/*
+ * Store posix-level xattrs in a tdb
+ *
+ * Copyright (C) Andrew Bartlett 2011
+ *
+ * extracted from vfs_xattr_tdb by
+ *
+ * Copyright (C) Volker Lendecke, 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "source3/include/includes.h"
+#include "system/filesys.h"
+#include "librpc/gen_ndr/xattr.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
+#include "librpc/gen_ndr/file_id.h"
+#include "dbwrap/dbwrap.h"
+#include "lib/util/util_tdb.h"
+#include "source3/lib/xattr_tdb.h"
+#include "source3/lib/file_id.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
+
+/*
+ * unmarshall tdb_xattrs
+ */
+
+static NTSTATUS xattr_tdb_pull_attrs(TALLOC_CTX *mem_ctx,
+ const TDB_DATA *data,
+ struct tdb_xattrs **presult)
+{
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+ struct tdb_xattrs *result;
+
+ if (!(result = talloc_zero(mem_ctx, struct tdb_xattrs))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (data->dsize == 0) {
+ *presult = result;
+ return NT_STATUS_OK;
+ }
+
+ blob = data_blob_const(data->dptr, data->dsize);
+
+ ndr_err = ndr_pull_struct_blob(&blob, result, result,
+ (ndr_pull_flags_fn_t)ndr_pull_tdb_xattrs);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0, ("ndr_pull_tdb_xattrs failed: %s\n",
+ ndr_errstr(ndr_err)));
+ TALLOC_FREE(result);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ *presult = result;
+ return NT_STATUS_OK;
+}
+
+/*
+ * marshall tdb_xattrs
+ */
+
+static NTSTATUS xattr_tdb_push_attrs(TALLOC_CTX *mem_ctx,
+ const struct tdb_xattrs *attribs,
+ TDB_DATA *data)
+{
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_push_struct_blob(&blob, mem_ctx, attribs,
+ (ndr_push_flags_fn_t)ndr_push_tdb_xattrs);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(0, ("ndr_push_tdb_xattrs failed: %s\n",
+ ndr_errstr(ndr_err)));
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ *data = make_tdb_data(blob.data, blob.length);
+ return NT_STATUS_OK;
+}
+
+/*
+ * Load tdb_xattrs for a file from the tdb
+ */
+
+static NTSTATUS xattr_tdb_load_attrs(TALLOC_CTX *mem_ctx,
+ struct db_context *db_ctx,
+ const struct file_id *id,
+ struct tdb_xattrs **presult)
+{
+ uint8_t id_buf[16];
+ NTSTATUS status;
+ TDB_DATA data;
+
+ /* For backwards compatibility only store the dev/inode. */
+ push_file_id_16((char *)id_buf, id);
+
+ status = dbwrap_fetch(db_ctx, mem_ctx,
+ make_tdb_data(id_buf, sizeof(id_buf)),
+ &data);
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ return status;
+ }
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ status = xattr_tdb_pull_attrs(mem_ctx, &data, presult);
+ TALLOC_FREE(data.dptr);
+ return status;
+}
+
+/*
+ * fetch_lock the tdb_ea record for a file
+ */
+
+static struct db_record *xattr_tdb_lock_attrs(TALLOC_CTX *mem_ctx,
+ struct db_context *db_ctx,
+ const struct file_id *id)
+{
+ uint8_t id_buf[16];
+
+ /* For backwards compatibility only store the dev/inode. */
+ push_file_id_16((char *)id_buf, id);
+ return dbwrap_fetch_locked(db_ctx, mem_ctx,
+ make_tdb_data(id_buf, sizeof(id_buf)));
+}
+
+/*
+ * Save tdb_xattrs to a previously fetch_locked record
+ */
+
+static NTSTATUS xattr_tdb_save_attrs(struct db_record *rec,
+ const struct tdb_xattrs *attribs)
+{
+ TDB_DATA data = tdb_null;
+ NTSTATUS status;
+
+ status = xattr_tdb_push_attrs(talloc_tos(), attribs, &data);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("xattr_tdb_push_attrs failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = dbwrap_record_store(rec, data, 0);
+
+ TALLOC_FREE(data.dptr);
+
+ return status;
+}
+
+/*
+ * Worker routine for getxattr and fgetxattr
+ */
+
+ssize_t xattr_tdb_getattr(struct db_context *db_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct file_id *id,
+ const char *name, DATA_BLOB *blob)
+{
+ struct tdb_xattrs *attribs;
+ uint32_t i;
+ ssize_t result = -1;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct file_id_buf buf;
+
+ DBG_DEBUG("xattr_tdb_getattr called for file %s, name %s\n",
+ file_id_str_buf(*id, &buf), name);
+
+ status = xattr_tdb_load_attrs(frame, db_ctx, id, &attribs);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("xattr_tdb_fetch_attrs failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(frame);
+ errno = EINVAL;
+ return -1;
+ }
+
+ for (i=0; i<attribs->num_eas; i++) {
+ if (strcmp(attribs->eas[i].name, name) == 0) {
+ break;
+ }
+ }
+
+ if (i == attribs->num_eas) {
+ errno = ENOATTR;
+ goto fail;
+ }
+
+ *blob = attribs->eas[i].value;
+ talloc_steal(mem_ctx, blob->data);
+ result = attribs->eas[i].value.length;
+
+ fail:
+ TALLOC_FREE(frame);
+ return result;
+}
+
+/*
+ * Worker routine for setxattr and fsetxattr
+ */
+
+int xattr_tdb_setattr(struct db_context *db_ctx,
+ const struct file_id *id, const char *name,
+ const void *value, size_t size, int flags)
+{
+ NTSTATUS status;
+ struct db_record *rec;
+ struct tdb_xattrs *attribs;
+ uint32_t i;
+ TDB_DATA data;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct file_id_buf buf;
+
+ DBG_DEBUG("xattr_tdb_setattr called for file %s, name %s\n",
+ file_id_str_buf(*id, &buf), name);
+
+ rec = xattr_tdb_lock_attrs(frame, db_ctx, id);
+
+ if (rec == NULL) {
+ DEBUG(0, ("xattr_tdb_lock_attrs failed\n"));
+ errno = EINVAL;
+ return -1;
+ }
+
+ data = dbwrap_record_get_value(rec);
+
+ status = xattr_tdb_pull_attrs(rec, &data, &attribs);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("xattr_tdb_fetch_attrs failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ for (i=0; i<attribs->num_eas; i++) {
+ if (strcmp(attribs->eas[i].name, name) == 0) {
+ if (flags & XATTR_CREATE) {
+ TALLOC_FREE(frame);
+ errno = EEXIST;
+ return -1;
+ }
+ break;
+ }
+ }
+
+ if (i == attribs->num_eas) {
+ struct xattr_EA *tmp;
+
+ if (flags & XATTR_REPLACE) {
+ TALLOC_FREE(frame);
+ errno = ENOATTR;
+ return -1;
+ }
+
+ tmp = talloc_realloc(
+ attribs, attribs->eas, struct xattr_EA,
+ attribs->num_eas+ 1);
+
+ if (tmp == NULL) {
+ DEBUG(0, ("talloc_realloc failed\n"));
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return -1;
+ }
+
+ attribs->eas = tmp;
+ attribs->num_eas += 1;
+ }
+
+ attribs->eas[i].name = name;
+ attribs->eas[i].value.data = discard_const_p(uint8_t, value);
+ attribs->eas[i].value.length = size;
+
+ status = xattr_tdb_save_attrs(rec, attribs);
+
+ TALLOC_FREE(frame);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("save failed: %s\n", nt_errstr(status)));
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Worker routine for listxattr and flistxattr
+ */
+
+ssize_t xattr_tdb_listattr(struct db_context *db_ctx,
+ const struct file_id *id, char *list,
+ size_t size)
+{
+ NTSTATUS status;
+ struct tdb_xattrs *attribs;
+ uint32_t i;
+ size_t len = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ status = xattr_tdb_load_attrs(frame, db_ctx, id, &attribs);
+
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND))
+ {
+ DEBUG(0, ("xattr_tdb_fetch_attrs failed: %s\n",
+ nt_errstr(status)));
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ TALLOC_FREE(frame);
+ return 0;
+ }
+
+ DEBUG(10, ("xattr_tdb_listattr: Found %d xattrs\n",
+ attribs->num_eas));
+
+ for (i=0; i<attribs->num_eas; i++) {
+ size_t tmp;
+
+ DEBUG(10, ("xattr_tdb_listattr: xattrs[i].name: %s\n",
+ attribs->eas[i].name));
+
+ tmp = strlen(attribs->eas[i].name);
+
+ /*
+ * Try to protect against overflow
+ */
+
+ if (len + (tmp+1) < len) {
+ TALLOC_FREE(frame);
+ errno = EINVAL;
+ return -1;
+ }
+
+ /*
+ * Take care of the terminating NULL
+ */
+ len += (tmp + 1);
+ }
+
+ if (len > size) {
+ TALLOC_FREE(frame);
+ errno = ERANGE;
+ return len;
+ }
+
+ len = 0;
+
+ for (i=0; i<attribs->num_eas; i++) {
+ strlcpy(list+len, attribs->eas[i].name,
+ size-len);
+ len += (strlen(attribs->eas[i].name) + 1);
+ }
+
+ TALLOC_FREE(frame);
+ return len;
+}
+
+/*
+ * Worker routine for removexattr and fremovexattr
+ */
+
+int xattr_tdb_removeattr(struct db_context *db_ctx,
+ const struct file_id *id, const char *name)
+{
+ NTSTATUS status;
+ struct db_record *rec;
+ struct tdb_xattrs *attribs;
+ uint32_t i;
+ TDB_DATA value;
+
+ rec = xattr_tdb_lock_attrs(talloc_tos(), db_ctx, id);
+
+ if (rec == NULL) {
+ DEBUG(0, ("xattr_tdb_lock_attrs failed\n"));
+ errno = EINVAL;
+ return -1;
+ }
+
+ value = dbwrap_record_get_value(rec);
+
+ status = xattr_tdb_pull_attrs(rec, &value, &attribs);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("xattr_tdb_fetch_attrs failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(rec);
+ return -1;
+ }
+
+ for (i=0; i<attribs->num_eas; i++) {
+ if (strcmp(attribs->eas[i].name, name) == 0) {
+ break;
+ }
+ }
+
+ if (i == attribs->num_eas) {
+ TALLOC_FREE(rec);
+ errno = ENOATTR;
+ return -1;
+ }
+
+ attribs->eas[i] =
+ attribs->eas[attribs->num_eas-1];
+ attribs->num_eas -= 1;
+
+ if (attribs->num_eas == 0) {
+ dbwrap_record_delete(rec);
+ TALLOC_FREE(rec);
+ return 0;
+ }
+
+ status = xattr_tdb_save_attrs(rec, attribs);
+
+ TALLOC_FREE(rec);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("save failed: %s\n", nt_errstr(status)));
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Worker routine for unlink and rmdir
+ */
+
+void xattr_tdb_remove_all_attrs(struct db_context *db_ctx,
+ const struct file_id *id)
+{
+ struct db_record *rec;
+ rec = xattr_tdb_lock_attrs(talloc_tos(), db_ctx, id);
+
+ /*
+ * If rec == NULL there's not much we can do about it
+ */
+
+ if (rec != NULL) {
+ dbwrap_record_delete(rec);
+ TALLOC_FREE(rec);
+ }
+}
diff --git a/source3/lib/xattr_tdb.h b/source3/lib/xattr_tdb.h
new file mode 100644
index 0000000..03bc43a
--- /dev/null
+++ b/source3/lib/xattr_tdb.h
@@ -0,0 +1,41 @@
+/*
+ * Store posix-level xattrs in a tdb
+ *
+ * Copyright (C) Andrew Bartlett 2011
+ *
+ * extracted from vfs_xattr_tdb by
+ *
+ * Copyright (C) Volker Lendecke, 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "librpc/gen_ndr/file_id.h"
+
+/* The following definitions come from lib/util/xattr_tdb.c */
+
+ssize_t xattr_tdb_getattr(struct db_context *db_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct file_id *id,
+ const char *name, DATA_BLOB *blob);
+int xattr_tdb_setattr(struct db_context *db_ctx,
+ const struct file_id *id, const char *name,
+ const void *value, size_t size, int flags);
+ssize_t xattr_tdb_listattr(struct db_context *db_ctx,
+ const struct file_id *id, char *list,
+ size_t size);
+int xattr_tdb_removeattr(struct db_context *db_ctx,
+ const struct file_id *id, const char *name);
+void xattr_tdb_remove_all_attrs(struct db_context *db_ctx,
+ const struct file_id *id);
diff --git a/source3/libads/ads_ldap_protos.h b/source3/libads/ads_ldap_protos.h
new file mode 100644
index 0000000..b063815
--- /dev/null
+++ b/source3/libads/ads_ldap_protos.h
@@ -0,0 +1,142 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+ Copyright (C) Guenther Deschner 2005
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_ADS_LDAP_PROTOS_H_
+#define _LIBADS_ADS_LDAP_PROTOS_H_
+
+#ifdef HAVE_LDAP_INIT_FD
+int ldap_init_fd(ber_socket_t fd, int proto, char *uri, LDAP **ldp);
+#endif
+
+/*
+ * Prototypes for ads
+ */
+
+LDAP *ldap_open_with_timeout(const char *server,
+ struct sockaddr_storage *ss,
+ int port, unsigned int to);
+void ads_msgfree(ADS_STRUCT *ads, LDAPMessage *msg);
+char *ads_get_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, LDAPMessage *msg);
+
+char *ads_pull_string(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, LDAPMessage *msg,
+ const char *field);
+char **ads_pull_strings(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field,
+ size_t *num_values);
+char **ads_pull_strings_range(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field,
+ char **current_strings,
+ const char **next_attribute,
+ size_t *num_strings,
+ bool *more_strings);
+bool ads_pull_uint32(ADS_STRUCT *ads, LDAPMessage *msg, const char *field,
+ uint32_t *v);
+bool ads_pull_guid(ADS_STRUCT *ads, LDAPMessage *msg, struct GUID *guid);
+bool ads_pull_sid(ADS_STRUCT *ads, LDAPMessage *msg, const char *field,
+ struct dom_sid *sid);
+int ads_pull_sids(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field, struct dom_sid **sids);
+bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field, struct security_descriptor **sd);
+char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg);
+ADS_STATUS ads_find_machine_acct(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *machine);
+ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *printer,
+ const char *servername);
+ADS_STATUS ads_find_printers(ADS_STRUCT *ads, LDAPMessage **res);
+ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *user);
+
+ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
+ const char *expr,
+ const char **attrs, LDAPMessage **res);
+ADS_STATUS ads_search(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *expr, const char **attrs);
+ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *dn, const char **attrs);
+ADS_STATUS ads_do_search_all_args(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, void *args,
+ LDAPMessage **res);
+ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, LDAPMessage **res);
+ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path,
+ int scope,
+ const char *expr,
+ const char **attrs, LDAPMessage **res);
+ADS_STATUS ads_search_retry(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *expr, const char **attrs);
+ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *dn,
+ const char **attrs);
+ADS_STATUS ads_search_retry_extended_dn_ranged(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ const char *dn,
+ const char **attrs,
+ enum ads_extended_dn_flags flags,
+ char ***strings,
+ size_t *num_strings);
+ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res,
+ const struct dom_sid *sid,
+ const char **attrs);
+
+
+LDAPMessage *ads_first_entry(ADS_STRUCT *ads, LDAPMessage *res);
+LDAPMessage *ads_next_entry(ADS_STRUCT *ads, LDAPMessage *res);
+LDAPMessage *ads_first_message(ADS_STRUCT *ads, LDAPMessage *res);
+LDAPMessage *ads_next_message(ADS_STRUCT *ads, LDAPMessage *res);
+void ads_process_results(ADS_STRUCT *ads, LDAPMessage *res,
+ bool (*fn)(ADS_STRUCT *,char *, void **, void *),
+ void *data_area);
+void ads_dump(ADS_STRUCT *ads, LDAPMessage *res);
+
+struct GROUP_POLICY_OBJECT;
+ADS_STATUS ads_parse_gpo(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ LDAPMessage *res,
+ const char *gpo_dn,
+ struct GROUP_POLICY_OBJECT *gpo);
+ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res,
+ uint32_t sd_flags,
+ const char *dn,
+ const char **attrs);
+ADS_STATUS ads_do_search_all_sd_flags(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, uint32_t sd_flags,
+ LDAPMessage **res);
+ADS_STATUS ads_get_tokensids(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *dn,
+ struct dom_sid *user_sid,
+ struct dom_sid *primary_group_sid,
+ struct dom_sid **sids,
+ size_t *num_sids);
+ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char ***ous,
+ size_t *num_ous);
+
+#endif /* _LIBADS_ADS_LDAP_PROTOS_H_ */
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
new file mode 100644
index 0000000..ceefcd6
--- /dev/null
+++ b/source3/libads/ads_proto.h
@@ -0,0 +1,229 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * ads (active directory) utility library
+ *
+ * Copyright (C) Andrew Bartlett 2001
+ * Copyright (C) Andrew Tridgell 2001
+ * Copyright (C) Remus Koos (remuskoos@yahoo.com) 2001
+ * Copyright (C) Alexey Kotovich 2002
+ * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003
+ * Copyright (C) Luke Howard 2003
+ * Copyright (C) Guenther Deschner 2003-2008
+ * Copyright (C) Rakesh Patel 2004
+ * Copyright (C) Dan Perry 2004
+ * Copyright (C) Jeremy Allison 2004
+ * Copyright (C) Gerald Carter 2006
+ * Copyright (C) Stefan Metzmacher 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBADS_ADS_PROTO_H_
+#define _LIBADS_ADS_PROTO_H_
+
+enum ads_sasl_state_e {
+ ADS_SASL_PLAIN = 0,
+ ADS_SASL_SIGN,
+ ADS_SASL_SEAL,
+};
+
+/* The following definitions come from libads/ads_struct.c */
+
+ADS_STATUS ads_build_path(const char *realm,
+ const char *sep,
+ const char *field,
+ int reverse,
+ char **_path);
+ADS_STATUS ads_build_dn(const char *realm, TALLOC_CTX *mem_ctx, char **_dn);
+char *ads_build_domain(const char *dn);
+ADS_STRUCT *ads_init(TALLOC_CTX *mem_ctx,
+ const char *realm,
+ const char *workgroup,
+ const char *ldap_server,
+ enum ads_sasl_state_e sasl_state);
+bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, unsigned flags);
+
+/* The following definitions come from libads/disp_sec.c */
+
+void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd);
+
+/* The following definitions come from libads/kerberos_keytab.c */
+
+int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc,
+ bool update_ads);
+int ads_keytab_delete_entry(ADS_STRUCT *ads, const char *srvPrinc);
+int ads_keytab_flush(ADS_STRUCT *ads);
+int ads_keytab_create_default(ADS_STRUCT *ads);
+int ads_keytab_list(const char *keytab_name);
+
+/* The following definitions come from libads/net_ads_setspn.c */
+bool ads_setspn_list(ADS_STRUCT *ads, const char *machine);
+bool ads_setspn_add(ADS_STRUCT *ads, const char *machine_name,
+ const char * spn);
+bool ads_setspn_delete(ADS_STRUCT *ads, const char *machine_name,
+ const char * spn);
+
+/* The following definitions come from libads/krb5_errs.c */
+
+/* The following definitions come from libads/kerberos_util.c */
+
+int ads_kinit_password(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/ldap.c */
+
+bool ads_sitename_match(ADS_STRUCT *ads);
+bool ads_closest_dc(ADS_STRUCT *ads);
+ADS_STATUS ads_connect(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
+void ads_zero_ldap(ADS_STRUCT *ads);
+void ads_disconnect(ADS_STRUCT *ads);
+ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr, const char **attrs,
+ bool (*fn)(ADS_STRUCT *, char *, void **, void *),
+ void *data_area);
+char *ads_parent_dn(const char *dn);
+ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx);
+ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char *val);
+ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods);
+ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods);
+ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn);
+char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit);
+char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid);
+ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+uint32_t ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
+uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+
+bool ads_element_in_array(const char **el_array, size_t num_el, const char *el);
+
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+ char ***spn_array,
+ size_t *num_spns);
+ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
+ADS_STATUS ads_add_service_principal_names(ADS_STRUCT *ads, const char *machine_name,
+ const char **spns);
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
+ const char *machine_name,
+ const char *machine_password,
+ const char *org_unit,
+ uint32_t etype_list,
+ const char *dns_domain_name);
+ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit, bool *moved);
+int ads_count_replies(ADS_STRUCT *ads, void *res);
+ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32_t *usn);
+ADS_STATUS ads_current_time(ADS_STRUCT *ads);
+ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32_t *val);
+ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid);
+ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name);
+ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn);
+ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes);
+ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char ***ous,
+ size_t *num_ous);
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+ const char *extended_dn,
+ enum ads_extended_dn_flags flags,
+ struct dom_sid *sid);
+char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+ char ***hostnames_array,
+ size_t *num_hostnames);
+char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+bool ads_has_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
+ uint32_t account_type, const char *org_unit);
+ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname);
+ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *samaccountname,
+ uint32_t *uac_ret,
+ const char **dn_ret);
+ADS_STATUS ads_config_path(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char **config_path);
+const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
+ const char *config_path,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *rights_guid);
+ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char **account_ou);
+
+/* The following definitions come from libads/ldap_printer.c */
+
+ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, const ADS_MODLIST *mods);
+ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, ADS_MODLIST *mods);
+WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ ADS_MODLIST *mods,
+ const char *printer);
+
+/* The following definitions come from libads/ldap_user.c */
+
+ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
+ const char *container, const char *fullname);
+ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
+ const char *container, const char *comment);
+
+/* The following definitions come from libads/ldap_utils.c */
+
+ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings);
+
+/* The following definitions come from libads/sasl.c */
+
+ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/sasl_wrapping.c */
+
+ADS_STATUS ads_setup_sasl_wrapping(struct ads_saslwrap *wrap, LDAP *ld,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data);
+void ndr_print_ads_saslwrap_struct(struct ndr_print *ndr,
+ const char *name,
+ const struct ads_saslwrap *r);
+
+/* The following definitions come from libads/util.c */
+
+ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal);
+
+struct spn_struct {
+ const char *serviceclass;
+ const char *servicename;
+ const char *host;
+ int32_t port;
+};
+
+/* parse a windows style SPN, returns NULL if parsing fails */
+struct spn_struct *parse_spn(TALLOC_CTX *ctx, const char *srvprinc);
+
+#endif /* _LIBADS_ADS_PROTO_H_ */
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
new file mode 100644
index 0000000..7056994
--- /dev/null
+++ b/source3/libads/ads_status.c
@@ -0,0 +1,157 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Andrew Bartlett 2001
+
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "system/gssapi.h"
+#include "smb_ldap.h"
+#include "libads/ads_status.h"
+
+/*
+ build a ADS_STATUS structure
+*/
+ADS_STATUS ads_build_error(enum ads_error_type etype,
+ int rc, int minor_status)
+{
+ ADS_STATUS ret;
+
+ if (etype == ENUM_ADS_ERROR_NT) {
+ DEBUG(0,("don't use ads_build_error with ENUM_ADS_ERROR_NT!\n"));
+ ret.err.rc = -1;
+ ret.error_type = ENUM_ADS_ERROR_SYSTEM;
+ ret.minor_status = 0;
+ return ret;
+ }
+
+ ret.err.rc = rc;
+ ret.error_type = etype;
+ ret.minor_status = minor_status;
+ return ret;
+}
+
+ADS_STATUS ads_build_nt_error(enum ads_error_type etype,
+ NTSTATUS nt_status)
+{
+ ADS_STATUS ret;
+
+ if (etype != ENUM_ADS_ERROR_NT) {
+ DEBUG(0,("don't use ads_build_nt_error without ENUM_ADS_ERROR_NT!\n"));
+ ret.err.rc = -1;
+ ret.error_type = ENUM_ADS_ERROR_SYSTEM;
+ ret.minor_status = 0;
+ return ret;
+ }
+ ret.err.nt_status = nt_status;
+ ret.error_type = etype;
+ ret.minor_status = 0;
+ return ret;
+}
+
+/*
+ do a rough conversion between ads error codes and NT status codes
+ we'll need to fill this in more
+*/
+NTSTATUS ads_ntstatus(ADS_STATUS status)
+{
+ switch (status.error_type) {
+ case ENUM_ADS_ERROR_NT:
+ return status.err.nt_status;
+ case ENUM_ADS_ERROR_SYSTEM:
+ return map_nt_error_from_unix(status.err.rc);
+#ifdef HAVE_LDAP
+ case ENUM_ADS_ERROR_LDAP:
+ if (status.err.rc == LDAP_SUCCESS) {
+ return NT_STATUS_OK;
+ }
+ if (status.err.rc == LDAP_TIMELIMIT_EXCEEDED) {
+ return NT_STATUS_IO_TIMEOUT;
+ }
+ return NT_STATUS_LDAP(status.err.rc);
+#endif
+#ifdef HAVE_KRB5
+ case ENUM_ADS_ERROR_KRB5:
+ return krb5_to_nt_status(status.err.rc);
+#endif
+ default:
+ break;
+ }
+
+ if (ADS_ERR_OK(status)) {
+ return NT_STATUS_OK;
+ }
+ return NT_STATUS_UNSUCCESSFUL;
+}
+
+/*
+ return a string for an error from a ads routine
+*/
+const char *ads_errstr(ADS_STATUS status)
+{
+ switch (status.error_type) {
+ case ENUM_ADS_ERROR_SYSTEM:
+ return strerror(status.err.rc);
+#ifdef HAVE_LDAP
+ case ENUM_ADS_ERROR_LDAP:
+ return ldap_err2string(status.err.rc);
+#endif
+#ifdef HAVE_KRB5
+ case ENUM_ADS_ERROR_KRB5:
+ return error_message(status.err.rc);
+ case ENUM_ADS_ERROR_GSS:
+ {
+ char *ret;
+ uint32_t msg_ctx;
+ uint32_t minor;
+ gss_buffer_desc msg1, msg2;
+
+ msg_ctx = 0;
+
+ msg1.value = NULL;
+ msg2.value = NULL;
+ gss_display_status(&minor, status.err.rc, GSS_C_GSS_CODE,
+ GSS_C_NULL_OID, &msg_ctx, &msg1);
+ gss_display_status(&minor, status.minor_status, GSS_C_MECH_CODE,
+ GSS_C_NULL_OID, &msg_ctx, &msg2);
+ ret = talloc_asprintf(talloc_tos(), "%s : %s",
+ (char *)msg1.value, (char *)msg2.value);
+ SMB_ASSERT(ret != NULL);
+ gss_release_buffer(&minor, &msg1);
+ gss_release_buffer(&minor, &msg2);
+ return ret;
+ }
+#endif
+ case ENUM_ADS_ERROR_NT:
+ return get_friendly_nt_error_msg(ads_ntstatus(status));
+ default:
+ return "Unknown ADS error type!? (not compiled in?)";
+ }
+}
+
+#ifdef HAVE_KRB5
+NTSTATUS gss_err_to_ntstatus(uint32_t maj, uint32_t min)
+{
+ ADS_STATUS adss = ADS_ERROR_GSS(maj, min);
+ DEBUG(10,("gss_err_to_ntstatus: Error %s\n",
+ ads_errstr(adss) ));
+ return ads_ntstatus(adss);
+}
+#endif
diff --git a/source3/libads/ads_status.h b/source3/libads/ads_status.h
new file mode 100644
index 0000000..2ff4ef0
--- /dev/null
+++ b/source3/libads/ads_status.h
@@ -0,0 +1,68 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Andrew Bartlett 2001
+
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_ADS_STATUS_H_
+#define _LIBADS_ADS_STATUS_H_
+
+/* there are 5 possible types of errors the ads subsystem can produce */
+enum ads_error_type {ENUM_ADS_ERROR_KRB5, ENUM_ADS_ERROR_GSS,
+ ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT};
+
+typedef struct {
+ enum ads_error_type error_type;
+ union err_state{
+ int rc;
+ NTSTATUS nt_status;
+ } err;
+ /* For error_type = ENUM_ADS_ERROR_GSS minor_status describe GSS API error */
+ /* Where rc represents major_status of GSS API error */
+ int minor_status;
+} ADS_STATUS;
+
+/* macros to simplify error returning */
+#define ADS_ERROR(rc) ADS_ERROR_LDAP(rc)
+#define ADS_ERROR_LDAP(rc) ads_build_error(ENUM_ADS_ERROR_LDAP, rc, 0)
+#define ADS_ERROR_SYSTEM(rc) ads_build_error(ENUM_ADS_ERROR_SYSTEM, rc?rc:EINVAL, 0)
+#define ADS_ERROR_KRB5(rc) ads_build_error(ENUM_ADS_ERROR_KRB5, rc, 0)
+#define ADS_ERROR_GSS(rc, minor) ads_build_error(ENUM_ADS_ERROR_GSS, rc, minor)
+#define ADS_ERROR_NT(rc) ads_build_nt_error(ENUM_ADS_ERROR_NT,rc)
+
+#define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
+#define ADS_SUCCESS ADS_ERROR(0)
+
+#define ADS_ERROR_HAVE_NO_MEMORY(x) do { \
+ if (!(x)) {\
+ return ADS_ERROR(LDAP_NO_MEMORY);\
+ }\
+} while (0)
+
+/* The following definitions come from libads/ads_status.c */
+
+ADS_STATUS ads_build_error(enum ads_error_type etype,
+ int rc, int minor_status);
+ADS_STATUS ads_build_nt_error(enum ads_error_type etype,
+ NTSTATUS nt_status);
+NTSTATUS ads_ntstatus(ADS_STATUS status);
+const char *ads_errstr(ADS_STATUS status);
+NTSTATUS gss_err_to_ntstatus(uint32_t maj, uint32_t min);
+
+#endif /* _LIBADS_ADS_STATUS_H_ */
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
new file mode 100644
index 0000000..97f84d1
--- /dev/null
+++ b/source3/libads/ads_struct.c
@@ -0,0 +1,239 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+
+/* return a ldap dn path from a string, given separators and field name
+ caller must free
+*/
+ADS_STATUS ads_build_path(const char *realm,
+ const char *sep,
+ const char *field,
+ int reverse,
+ char **_path)
+{
+ char *p, *r;
+ int numbits = 0;
+ char *ret;
+ int len;
+ char *saveptr;
+
+ *_path = NULL;
+
+ r = SMB_STRDUP(realm);
+ if (r == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ for (p=r; *p; p++) {
+ if (strchr(sep, *p)) {
+ numbits++;
+ }
+ }
+
+ len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1;
+
+ ret = (char *)SMB_MALLOC(len);
+ if (!ret) {
+ free(r);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ if (strlcpy(ret,field, len) >= len) {
+ /* Truncate ! */
+ free(r);
+ free(ret);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+ p=strtok_r(r, sep, &saveptr);
+ if (p) {
+ if (strlcat(ret, p, len) >= len) {
+ free(r);
+ free(ret);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) {
+ int retval;
+ char *s = NULL;
+ if (reverse)
+ retval = asprintf(&s, "%s%s,%s", field, p, ret);
+ else
+ retval = asprintf(&s, "%s,%s%s", ret, field, p);
+ free(ret);
+ if (retval == -1) {
+ free(r);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+ ret = SMB_STRDUP(s);
+ free(s);
+ }
+ }
+
+ free(r);
+
+ *_path = ret;
+
+ return ADS_ERROR_NT(NT_STATUS_OK);
+}
+
+/* return a dn of the form "dc=AA,dc=BB,dc=CC" from a
+ realm of the form AA.BB.CC
+ caller must free
+*/
+ADS_STATUS ads_build_dn(const char *realm, TALLOC_CTX *mem_ctx, char **_dn)
+{
+ ADS_STATUS status;
+ char *dn = NULL;
+
+ status = ads_build_path(realm, ".", "dc=", 0, &dn);
+ if (!ADS_ERR_OK(status)) {
+ SAFE_FREE(dn);
+ return status;
+ }
+
+ *_dn = talloc_strdup(mem_ctx, dn);
+ SAFE_FREE(dn);
+ if (*_dn == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ return ADS_ERROR_NT(NT_STATUS_OK);
+}
+
+/* return a DNS name in the for aa.bb.cc from the DN
+ "dc=AA,dc=BB,dc=CC". caller must free
+*/
+char *ads_build_domain(const char *dn)
+{
+ char *dnsdomain = NULL;
+
+ /* result should always be shorter than the DN */
+
+ if ( (dnsdomain = SMB_STRDUP( dn )) == NULL ) {
+ DEBUG(0,("ads_build_domain: malloc() failed!\n"));
+ return NULL;
+ }
+
+ if (!strlower_m( dnsdomain )) {
+ SAFE_FREE(dnsdomain);
+ return NULL;
+ }
+
+ all_string_sub( dnsdomain, "dc=", "", 0);
+ all_string_sub( dnsdomain, ",", ".", 0 );
+
+ return dnsdomain;
+}
+
+static int ads_destructor(ADS_STRUCT *ads)
+{
+#ifdef HAVE_LDAP
+ ads_disconnect(ads);
+#endif
+ return 0;
+}
+
+/*
+ initialise a ADS_STRUCT, ready for some ads_ ops
+*/
+ADS_STRUCT *ads_init(TALLOC_CTX *mem_ctx,
+ const char *realm,
+ const char *workgroup,
+ const char *ldap_server,
+ enum ads_sasl_state_e sasl_state)
+{
+ ADS_STRUCT *ads = NULL;
+ int wrap_flags;
+
+ ads = talloc_zero(mem_ctx, ADS_STRUCT);
+ if (ads == NULL) {
+ return NULL;
+ }
+ talloc_set_destructor(ads, ads_destructor);
+
+#ifdef HAVE_LDAP
+ ads_zero_ldap(ads);
+#endif
+
+ ads->server.realm = talloc_strdup(ads, realm);
+ if (realm != NULL && ads->server.realm == NULL) {
+ DBG_WARNING("Out of memory\n");
+ TALLOC_FREE(ads);
+ return NULL;
+ }
+
+ ads->server.workgroup = talloc_strdup(ads, workgroup);
+ if (workgroup != NULL && ads->server.workgroup == NULL) {
+ DBG_WARNING("Out of memory\n");
+ TALLOC_FREE(ads);
+ return NULL;
+ }
+
+ ads->server.ldap_server = talloc_strdup(ads, ldap_server);
+ if (ldap_server != NULL && ads->server.ldap_server == NULL) {
+ DBG_WARNING("Out of memory\n");
+ TALLOC_FREE(ads);
+ return NULL;
+ }
+
+ wrap_flags = lp_client_ldap_sasl_wrapping();
+ if (wrap_flags == -1) {
+ wrap_flags = 0;
+ }
+
+ switch (sasl_state) {
+ case ADS_SASL_PLAIN:
+ break;
+ case ADS_SASL_SIGN:
+ wrap_flags |= ADS_AUTH_SASL_SIGN;
+ break;
+ case ADS_SASL_SEAL:
+ wrap_flags |= ADS_AUTH_SASL_SEAL;
+ break;
+ }
+
+ ads->auth.flags = wrap_flags;
+
+ /* Start with the configured page size when the connection is new,
+ * we will drop it by half we get a timeout. */
+ ads->config.ldap_page_size = lp_ldap_page_size();
+
+ return ads;
+}
+
+/****************************************************************
+****************************************************************/
+
+bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, unsigned flags)
+{
+ unsigned other_flags;
+
+ if (!ads) {
+ return false;
+ }
+
+ other_flags = ads->auth.flags & ~(ADS_AUTH_SASL_SIGN|ADS_AUTH_SASL_SEAL);
+
+ ads->auth.flags = flags | other_flags;
+
+ return true;
+}
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
new file mode 100644
index 0000000..10adc3e
--- /dev/null
+++ b/source3/libads/authdata.c
@@ -0,0 +1,323 @@
+/*
+ Unix SMB/CIFS implementation.
+ kerberos authorization data (PAC) utility library
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Luke Howard 2002-2003
+ Copyright (C) Stefan Metzmacher 2004-2005
+ Copyright (C) Guenther Deschner 2005,2007,2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
+#include "auth/common_auth.h"
+#include "lib/param/param.h"
+#include "librpc/crypto/gse.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
+#include "../libcli/auth/spnego.h"
+#include "lib/util/asn1.h"
+
+#ifdef HAVE_KRB5
+
+#include "auth/kerberos/pac_utils.h"
+
+struct smb_krb5_context;
+
+/*
+ generate a krb5 GSS-API wrapper packet given a ticket
+*/
+static DATA_BLOB spnego_gen_krb5_wrap(
+ TALLOC_CTX *ctx, const DATA_BLOB ticket, const uint8_t tok_id[2])
+{
+ ASN1_DATA *data;
+ DATA_BLOB ret = data_blob_null;
+
+ data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
+ if (data == NULL) {
+ return data_blob_null;
+ }
+
+ if (!asn1_push_tag(data, ASN1_APPLICATION(0))) goto err;
+ if (!asn1_write_OID(data, OID_KERBEROS5)) goto err;
+
+ if (!asn1_write(data, tok_id, 2)) goto err;
+ if (!asn1_write(data, ticket.data, ticket.length)) goto err;
+ if (!asn1_pop_tag(data)) goto err;
+
+ if (!asn1_extract_blob(data, ctx, &ret)) {
+ goto err;
+ }
+
+ asn1_free(data);
+ data = NULL;
+
+ err:
+
+ if (data != NULL) {
+ if (asn1_has_error(data)) {
+ DEBUG(1, ("Failed to build krb5 wrapper at offset %d\n",
+ (int)asn1_current_ofs(data)));
+ }
+
+ asn1_free(data);
+ }
+
+ return ret;
+}
+
+/*
+ * Given the username/password, do a kinit, store the ticket in
+ * cache_name if specified, and return the PAC_LOGON_INFO (the
+ * structure containing the important user information such as
+ * groups).
+ */
+NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ const char *name,
+ const char *pass,
+ time_t time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ const char *local_service,
+ char **_canon_principal,
+ char **_canon_realm,
+ struct PAC_DATA_CTR **_pac_data_ctr)
+{
+ krb5_error_code ret;
+ NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
+ DATA_BLOB tkt = data_blob_null;
+ DATA_BLOB tkt_wrapped = data_blob_null;
+ DATA_BLOB ap_rep = data_blob_null;
+ DATA_BLOB sesskey1 = data_blob_null;
+ const char *auth_princ = NULL;
+ const char *cc = "MEMORY:kerberos_return_pac";
+ struct auth_session_info *session_info;
+ struct gensec_security *gensec_server_context;
+ const struct gensec_security_ops **backends;
+ struct gensec_settings *gensec_settings;
+ size_t idx = 0;
+ struct auth4_context *auth_context;
+ struct loadparm_context *lp_ctx;
+ struct PAC_DATA_CTR *pac_data_ctr = NULL;
+ char *canon_principal = NULL;
+ char *canon_realm = NULL;
+
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+ ZERO_STRUCT(tkt);
+ ZERO_STRUCT(ap_rep);
+ ZERO_STRUCT(sesskey1);
+
+ if (!name || !pass) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (_canon_principal != NULL) {
+ *_canon_principal = NULL;
+ }
+
+ if (_canon_realm != NULL) {
+ *_canon_realm = NULL;
+ }
+
+ if (cache_name) {
+ cc = cache_name;
+ }
+
+ if (!strchr_m(name, '@')) {
+ auth_princ = talloc_asprintf(mem_ctx, "%s@%s", name,
+ lp_realm());
+ } else {
+ auth_princ = name;
+ }
+ NT_STATUS_HAVE_NO_MEMORY(auth_princ);
+
+ ret = kerberos_kinit_password_ext(auth_princ,
+ pass,
+ time_offset,
+ expire_time,
+ renew_till_time,
+ cc,
+ request_pac,
+ add_netbios_addr,
+ renewable_time,
+ tmp_ctx,
+ &canon_principal,
+ &canon_realm,
+ &status);
+ if (ret) {
+ DEBUG(1,("kinit failed for '%s' with: %s (%d)\n",
+ auth_princ, error_message(ret), ret));
+ /* status already set */
+ goto out;
+ }
+
+ DEBUG(10,("got TGT for %s in %s\n", auth_princ, cc));
+ if (expire_time) {
+ DEBUGADD(10,("\tvalid until: %s (%d)\n",
+ http_timestring(talloc_tos(), *expire_time),
+ (int)*expire_time));
+ }
+ if (renew_till_time) {
+ DEBUGADD(10,("\trenewable till: %s (%d)\n",
+ http_timestring(talloc_tos(), *renew_till_time),
+ (int)*renew_till_time));
+ }
+
+ /* we cannot continue with krb5 when UF_DONT_REQUIRE_PREAUTH is set,
+ * in that case fallback to NTLM - gd */
+
+ if (expire_time && renew_till_time &&
+ (*expire_time == 0) && (*renew_till_time == 0)) {
+ status = NT_STATUS_INVALID_LOGON_TYPE;
+ goto out;
+ }
+
+ ret = ads_krb5_cli_get_ticket(mem_ctx,
+ local_service,
+ time_offset,
+ &tkt,
+ &sesskey1,
+ 0,
+ cc,
+ NULL,
+ impersonate_princ_s);
+ if (ret) {
+ DEBUG(1,("failed to get ticket for %s: %s\n",
+ local_service, error_message(ret)));
+ if (impersonate_princ_s) {
+ DEBUGADD(1,("tried S4U2SELF impersonation as: %s\n",
+ impersonate_princ_s));
+ }
+ status = krb5_to_nt_status(ret);
+ goto out;
+ }
+
+ /* wrap that up in a nice GSS-API wrapping */
+ tkt_wrapped = spnego_gen_krb5_wrap(tmp_ctx, tkt, TOK_ID_KRB_AP_REQ);
+ if (tkt_wrapped.data == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ auth_context = auth4_context_for_PAC_DATA_CTR(tmp_ctx);
+ if (auth_context == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ lp_ctx = loadparm_init_s3(tmp_ctx, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ status = NT_STATUS_INVALID_SERVER_STATE;
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ goto out;
+ }
+
+ gensec_settings = lpcfg_gensec_settings(tmp_ctx, lp_ctx);
+ if (gensec_settings == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ DEBUG(10, ("lpcfg_gensec_settings failed\n"));
+ goto out;
+ }
+
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 2);
+ if (backends == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ gensec_settings->backends = backends;
+
+ gensec_init();
+
+ backends[idx++] = &gensec_gse_krb5_security_ops;
+
+ status = gensec_server_start(tmp_ctx, gensec_settings,
+ auth_context, &gensec_server_context);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, (__location__ "Failed to start server-side GENSEC to validate a Kerberos ticket: %s\n", nt_errstr(status)));
+ goto out;
+ }
+
+ talloc_unlink(tmp_ctx, lp_ctx);
+ talloc_unlink(tmp_ctx, gensec_settings);
+ talloc_unlink(tmp_ctx, auth_context);
+
+ /* Session info is not complete, do not pass to auth log */
+ gensec_want_feature(gensec_server_context, GENSEC_FEATURE_NO_AUTHZ_LOG);
+
+ status = gensec_start_mech_by_oid(gensec_server_context, GENSEC_OID_KERBEROS5);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, (__location__ "Failed to start server-side GENSEC krb5 to validate a Kerberos ticket: %s\n", nt_errstr(status)));
+ goto out;
+ }
+
+ /* Do a client-server update dance */
+ status = gensec_update(gensec_server_context, tmp_ctx, tkt_wrapped, &ap_rep);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("gensec_update() failed: %s\n", nt_errstr(status)));
+ goto out;
+ }
+
+ /* Now return the PAC information to the callers. We ignore
+ * the session_info and instead pick out the PAC via the
+ * private_data on the auth_context */
+ status = gensec_session_info(gensec_server_context, tmp_ctx, &session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Unable to obtain PAC via gensec_session_info\n"));
+ goto out;
+ }
+
+ pac_data_ctr = auth4_context_get_PAC_DATA_CTR(auth_context, mem_ctx);
+ if (pac_data_ctr == NULL) {
+ DEBUG(1,("no PAC\n"));
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+ *_pac_data_ctr = talloc_move(mem_ctx, &pac_data_ctr);
+ if (_canon_principal != NULL) {
+ *_canon_principal = talloc_move(mem_ctx, &canon_principal);
+ }
+ if (_canon_realm != NULL) {
+ *_canon_realm = talloc_move(mem_ctx, &canon_realm);
+ }
+
+out:
+ talloc_free(tmp_ctx);
+ if (cc != cache_name) {
+ ads_kdestroy(cc);
+ }
+
+ data_blob_free(&tkt);
+ data_blob_free(&ap_rep);
+ data_blob_free(&sesskey1);
+
+ return status;
+}
+
+#endif
diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
new file mode 100644
index 0000000..56c2537
--- /dev/null
+++ b/source3/libads/cldap.c
@@ -0,0 +1,453 @@
+/*
+ Samba Unix/Linux SMB client library
+ net ads cldap functions
+ Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+ Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
+ Copyright (C) 2008 Guenther Deschner (gd@samba.org)
+ Copyright (C) 2009 Stefan Metzmacher (metze@samba.org)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/cldap/cldap.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "libads/cldap.h"
+
+struct cldap_multi_netlogon_state {
+ struct tevent_context *ev;
+ const struct tsocket_address * const *servers;
+ int num_servers;
+ const char *domain;
+ const char *hostname;
+ unsigned ntversion;
+ int min_servers;
+
+ struct cldap_socket **cldap;
+ struct tevent_req **subreqs;
+ int num_sent;
+ int num_received;
+ int num_good_received;
+ struct cldap_netlogon *ios;
+ struct netlogon_samlogon_response **responses;
+};
+
+static void cldap_multi_netlogon_done(struct tevent_req *subreq);
+static void cldap_multi_netlogon_next(struct tevent_req *subreq);
+
+/****************************************************************
+****************************************************************/
+
+#define RETURN_ON_FALSE(x) if (!(x)) return false;
+
+bool check_cldap_reply_required_flags(uint32_t ret_flags,
+ uint32_t req_flags)
+{
+ if (req_flags == 0) {
+ return true;
+ }
+
+ if (req_flags & DS_PDC_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
+
+ if (req_flags & DS_GC_SERVER_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_GC);
+
+ if (req_flags & DS_ONLY_LDAP_NEEDED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_LDAP);
+
+ if ((req_flags & DS_DIRECTORY_SERVICE_REQUIRED) ||
+ (req_flags & DS_DIRECTORY_SERVICE_PREFERRED))
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS);
+
+ if (req_flags & DS_KDC_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_KDC);
+
+ if (req_flags & DS_TIMESERV_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_TIMESERV);
+
+ if (req_flags & DS_WEB_SERVICE_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_ADS_WEB_SERVICE);
+
+ if (req_flags & DS_WRITABLE_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_WRITABLE);
+
+ if (req_flags & DS_DIRECTORY_SERVICE_6_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & (NBT_SERVER_SELECT_SECRET_DOMAIN_6
+ |NBT_SERVER_FULL_SECRET_DOMAIN_6));
+
+ if (req_flags & DS_DIRECTORY_SERVICE_8_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_8);
+
+ if (req_flags & DS_DIRECTORY_SERVICE_9_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_9);
+
+ if (req_flags & DS_DIRECTORY_SERVICE_10_REQUIRED)
+ RETURN_ON_FALSE(ret_flags & NBT_SERVER_DS_10);
+
+ return true;
+}
+
+/*
+ * Do a parallel cldap ping to the servers. The first "min_servers"
+ * are fired directly, the remaining ones in 100msec intervals. If
+ * "min_servers" responses came in successfully, we immediately reply,
+ * not waiting for the remaining ones.
+ */
+
+struct tevent_req *cldap_multi_netlogon_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const struct tsocket_address * const *servers, int num_servers,
+ const char *domain, const char *hostname, unsigned ntversion,
+ int min_servers)
+{
+ struct tevent_req *req, *subreq;
+ struct cldap_multi_netlogon_state *state;
+ int i;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cldap_multi_netlogon_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->servers = servers;
+ state->num_servers = num_servers;
+ state->domain = domain;
+ state->hostname = hostname;
+ state->ntversion = ntversion;
+ state->min_servers = min_servers;
+
+ if (min_servers > num_servers) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ state->subreqs = talloc_zero_array(state,
+ struct tevent_req *,
+ num_servers);
+ if (tevent_req_nomem(state->subreqs, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->cldap = talloc_zero_array(state,
+ struct cldap_socket *,
+ num_servers);
+ if (tevent_req_nomem(state->cldap, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->responses = talloc_zero_array(state,
+ struct netlogon_samlogon_response *,
+ num_servers);
+ if (tevent_req_nomem(state->responses, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->ios = talloc_zero_array(state->responses,
+ struct cldap_netlogon,
+ num_servers);
+ if (tevent_req_nomem(state->ios, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ for (i=0; i<num_servers; i++) {
+ NTSTATUS status;
+
+ status = cldap_socket_init(state->cldap,
+ NULL, /* local_addr */
+ state->servers[i],
+ &state->cldap[i]);
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Don't error out all sends just
+ * because one cldap_socket_init() failed.
+ * Log it here, and the cldap_netlogon_send()
+ * will catch it (with in.dest_address == NULL)
+ * and correctly error out in
+ * cldap_multi_netlogon_done(). This still allows
+ * the other requests to be concurrently sent.
+ */
+ DBG_NOTICE("cldap_socket_init failed for %s "
+ " error %s\n",
+ tsocket_address_string(state->servers[i],
+ req),
+ nt_errstr(status));
+ }
+
+ state->ios[i].in.dest_address = NULL;
+ state->ios[i].in.dest_port = 0;
+ state->ios[i].in.realm = domain;
+ state->ios[i].in.host = NULL;
+ state->ios[i].in.user = NULL;
+ state->ios[i].in.domain_guid = NULL;
+ state->ios[i].in.domain_sid = NULL;
+ state->ios[i].in.acct_control = 0;
+ state->ios[i].in.version = ntversion;
+ state->ios[i].in.map_response = false;
+ }
+
+ for (i=0; i<min_servers; i++) {
+ state->subreqs[i] = cldap_netlogon_send(state->subreqs,
+ state->ev,
+ state->cldap[i],
+ &state->ios[i]);
+ if (tevent_req_nomem(state->subreqs[i], req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ state->subreqs[i], cldap_multi_netlogon_done, req);
+ }
+ state->num_sent = min_servers;
+
+ if (state->num_sent < state->num_servers) {
+ /*
+ * After 100 milliseconds fire the next one
+ */
+ subreq = tevent_wakeup_send(state, state->ev,
+ timeval_current_ofs(0, 100000));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cldap_multi_netlogon_next,
+ req);
+ }
+
+ return req;
+}
+
+static void cldap_multi_netlogon_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cldap_multi_netlogon_state *state = tevent_req_data(
+ req, struct cldap_multi_netlogon_state);
+ NTSTATUS status;
+ struct netlogon_samlogon_response *response;
+ int i;
+
+ for (i=0; i<state->num_sent; i++) {
+ if (state->subreqs[i] == subreq) {
+ break;
+ }
+ }
+ if (i == state->num_sent) {
+ /*
+ * Got a response we did not fire...
+ */
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+ state->subreqs[i] = NULL;
+
+ response = talloc_zero(state, struct netlogon_samlogon_response);
+ if (tevent_req_nomem(response, req)) {
+ return;
+ }
+
+ status = cldap_netlogon_recv(subreq, response,
+ &state->ios[i]);
+ TALLOC_FREE(subreq);
+ state->num_received += 1;
+
+ if (NT_STATUS_IS_OK(status)) {
+ *response = state->ios[i].out.netlogon;
+ state->responses[i] = talloc_move(state->responses,
+ &response);
+ state->num_good_received += 1;
+ }
+
+ if ((state->num_received == state->num_servers) ||
+ (state->num_good_received >= state->min_servers)) {
+ tevent_req_done(req);
+ return;
+ }
+}
+
+static void cldap_multi_netlogon_next(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cldap_multi_netlogon_state *state = tevent_req_data(
+ req, struct cldap_multi_netlogon_state);
+ bool ret;
+
+ ret = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ret) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+
+ subreq = cldap_netlogon_send(state->subreqs,
+ state->ev,
+ state->cldap[state->num_sent],
+ &state->ios[state->num_sent]);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cldap_multi_netlogon_done, req);
+ state->subreqs[state->num_sent] = subreq;
+ state->num_sent += 1;
+
+ if (state->num_sent < state->num_servers) {
+ /*
+ * After 100 milliseconds fire the next one
+ */
+ subreq = tevent_wakeup_send(state, state->ev,
+ timeval_current_ofs(0, 100000));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cldap_multi_netlogon_next,
+ req);
+ }
+}
+
+NTSTATUS cldap_multi_netlogon_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct netlogon_samlogon_response ***responses)
+{
+ struct cldap_multi_netlogon_state *state = tevent_req_data(
+ req, struct cldap_multi_netlogon_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ return status;
+ }
+ /*
+ * If we timeout, give back what we have so far
+ */
+ *responses = talloc_move(mem_ctx, &state->responses);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cldap_multi_netlogon(
+ TALLOC_CTX *mem_ctx,
+ const struct tsocket_address * const *servers,
+ int num_servers,
+ const char *domain, const char *hostname, unsigned ntversion,
+ int min_servers, struct timeval timeout,
+ struct netlogon_samlogon_response ***responses)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cldap_multi_netlogon_send(
+ ev, ev, servers, num_servers, domain, hostname, ntversion,
+ min_servers);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_set_endtime(req, ev, timeout)) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cldap_multi_netlogon_recv(req, mem_ctx, responses);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+/*******************************************************************
+ do a cldap netlogon query. Always 389/udp
+*******************************************************************/
+
+bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage *ss,
+ const char *realm,
+ uint32_t nt_version,
+ struct netlogon_samlogon_response **_reply)
+{
+ NTSTATUS status;
+ char addrstr[INET6_ADDRSTRLEN];
+ const char *dest_str;
+ struct tsocket_address *dest_addr;
+ const struct tsocket_address * const *dest_addrs;
+ struct netlogon_samlogon_response **responses = NULL;
+ int ret;
+
+ dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
+
+ ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
+ dest_str, LDAP_PORT,
+ &dest_addr);
+ if (ret != 0) {
+ status = map_nt_error_from_unix(errno);
+ DEBUG(2,("Failed to create cldap tsocket_address for %s - %s\n",
+ dest_str, nt_errstr(status)));
+ return false;
+ }
+
+ dest_addrs = (const struct tsocket_address * const *)&dest_addr;
+
+ status = cldap_multi_netlogon(talloc_tos(),
+ dest_addrs, 1,
+ realm, NULL,
+ nt_version, 1,
+ timeval_current_ofs(MAX(3,lp_ldap_timeout()/2), 0),
+ &responses);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("ads_cldap_netlogon: cldap_multi_netlogon "
+ "failed: %s\n", nt_errstr(status)));
+ return false;
+ }
+ if (responses == NULL || responses[0] == NULL) {
+ DEBUG(2, ("ads_cldap_netlogon: did not get a reply\n"));
+ TALLOC_FREE(responses);
+ return false;
+ }
+ *_reply = talloc_move(mem_ctx, &responses[0]);
+
+ return true;
+}
+
+/*******************************************************************
+ do a cldap netlogon query. Always 389/udp
+*******************************************************************/
+
+bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage *ss,
+ const char *realm,
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
+{
+ uint32_t nt_version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+ struct netlogon_samlogon_response *reply = NULL;
+ bool ret;
+
+ ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply);
+ if (!ret) {
+ return false;
+ }
+
+ if (reply->ntver != NETLOGON_NT_VERSION_5EX) {
+ DEBUG(0,("ads_cldap_netlogon_5: nt_version mismatch: 0x%08x\n",
+ reply->ntver));
+ return false;
+ }
+
+ *reply5 = reply->data.nt5_ex;
+
+ return true;
+}
diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h
new file mode 100644
index 0000000..7fa1bdf
--- /dev/null
+++ b/source3/libads/cldap.h
@@ -0,0 +1,60 @@
+/*
+ Samba Unix/Linux SMB client library
+ net ads cldap functions
+ Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+ Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
+ Copyright (C) 2008 Guenther Deschner (gd@samba.org)
+ Copyright (C) 2009 Stefan Metzmacher (metze@samba.org)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_CLDAP_H_
+#define _LIBADS_CLDAP_H_
+
+#include "../libcli/netlogon/netlogon.h"
+
+/* The following definitions come from libads/cldap.c */
+
+bool check_cldap_reply_required_flags(uint32_t ret_flags,
+ uint32_t req_flags);
+
+struct tevent_req *cldap_multi_netlogon_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const struct tsocket_address * const *servers,
+ int num_servers,
+ const char *domain, const char *hostname, unsigned ntversion,
+ int min_servers);
+NTSTATUS cldap_multi_netlogon_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct netlogon_samlogon_response ***responses);
+NTSTATUS cldap_multi_netlogon(
+ TALLOC_CTX *mem_ctx,
+ const struct tsocket_address * const *servers,
+ int num_servers,
+ const char *domain, const char *hostname, unsigned ntversion,
+ int min_servers, struct timeval timeout,
+ struct netlogon_samlogon_response ***responses);
+
+bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage *ss,
+ const char *realm,
+ uint32_t nt_version,
+ struct netlogon_samlogon_response **reply);
+bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage *ss,
+ const char *realm,
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5);
+
+#endif /* _LIBADS_CLDAP_H_ */
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
new file mode 100644
index 0000000..a193c5b
--- /dev/null
+++ b/source3/libads/disp_sec.c
@@ -0,0 +1,254 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions. ADS stuff
+ Copyright (C) Alexey Kotovich 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+#include "libads/ldap_schema.h"
+#include "../libcli/security/secace.h"
+#include "../librpc/ndr/libndr.h"
+#include "libcli/security/dom_sid.h"
+
+/* for ADS */
+#define SEC_RIGHTS_FULL_CTRL 0xf01ff
+
+#ifdef HAVE_LDAP
+
+static struct perm_mask_str {
+ uint32_t mask;
+ const char *str;
+} perms[] = {
+ {SEC_RIGHTS_FULL_CTRL, "[Full Control]"},
+
+ {SEC_ADS_LIST, "[List Contents]"},
+ {SEC_ADS_LIST_OBJECT, "[List Object]"},
+
+ {SEC_ADS_READ_PROP, "[Read All Properties]"},
+ {SEC_STD_READ_CONTROL, "[Read Permissions]"},
+
+ {SEC_ADS_SELF_WRITE, "[All validate writes]"},
+ {SEC_ADS_WRITE_PROP, "[Write All Properties]"},
+
+ {SEC_STD_WRITE_DAC, "[Modify Permissions]"},
+ {SEC_STD_WRITE_OWNER, "[Modify Owner]"},
+
+ {SEC_ADS_CREATE_CHILD, "[Create All Child Objects]"},
+
+ {SEC_STD_DELETE, "[Delete]"},
+ {SEC_ADS_DELETE_TREE, "[Delete Subtree]"},
+ {SEC_ADS_DELETE_CHILD, "[Delete All Child Objects]"},
+
+ {SEC_ADS_CONTROL_ACCESS, "[Change Password]"},
+ {SEC_ADS_CONTROL_ACCESS, "[Reset Password]"},
+
+ {0, 0}
+};
+
+/* convert a security permissions into a string */
+static void ads_disp_perms(uint32_t type)
+{
+ int i = 0;
+ int j = 0;
+
+ printf("Permissions: ");
+
+ if (type == SEC_RIGHTS_FULL_CTRL) {
+ printf("%s\n", perms[j].str);
+ return;
+ }
+
+ for (i = 0; i < 32; i++) {
+ if (type & ((uint32_t)1 << i)) {
+ for (j = 1; perms[j].str; j ++) {
+ if (perms[j].mask == (((unsigned) 1) << i)) {
+ printf("\n\t%s (0x%08x)", perms[j].str, perms[j].mask);
+ }
+ }
+ type &= ~(1 << i);
+ }
+ }
+
+ /* remaining bits get added on as-is */
+ if (type != 0) {
+ printf("[%08x]", type);
+ }
+ puts("");
+}
+
+static const char *ads_interprete_guid_from_object(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *guid)
+{
+ const char *ret = NULL;
+
+ if (!ads || !mem_ctx) {
+ return NULL;
+ }
+
+ ret = ads_get_attrname_by_guid(ads, ads->config.schema_path,
+ mem_ctx, guid);
+ if (ret) {
+ return talloc_asprintf(mem_ctx, "LDAP attribute: \"%s\"", ret);
+ }
+
+ ret = ads_get_extended_right_name_by_guid(ads, ads->config.config_path,
+ mem_ctx, guid);
+
+ if (ret) {
+ return talloc_asprintf(mem_ctx, "Extended right: \"%s\"", ret);
+ }
+
+ return ret;
+}
+
+static void ads_disp_sec_ace_object(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ struct security_ace_object *object)
+{
+ if (object->flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
+ printf("Object type: SEC_ACE_OBJECT_TYPE_PRESENT\n");
+ printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx,
+ &object->type.type),
+ ads_interprete_guid_from_object(ads, mem_ctx,
+ &object->type.type));
+ }
+ if (object->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
+ printf("Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT\n");
+ printf("Object GUID: %s (%s)\n", GUID_string(mem_ctx,
+ &object->inherited_type.inherited_type),
+ ads_interprete_guid_from_object(ads, mem_ctx,
+ &object->inherited_type.inherited_type));
+ }
+}
+
+/* display ACE */
+static void ads_disp_ace(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_ace *sec_ace)
+{
+ const char *access_type = "UNKNOWN";
+ struct dom_sid_buf sidbuf;
+
+ if (!sec_ace_object(sec_ace->type)) {
+ printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x)\n",
+ sec_ace->type,
+ sec_ace->flags,
+ sec_ace->size,
+ sec_ace->access_mask);
+ } else {
+ printf("------- ACE (type: 0x%02x, flags: 0x%02x, size: 0x%02x, mask: 0x%x, object flags: 0x%x)\n",
+ sec_ace->type,
+ sec_ace->flags,
+ sec_ace->size,
+ sec_ace->access_mask,
+ sec_ace->object.object.flags);
+ }
+
+ if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED) {
+ access_type = "ALLOWED";
+ } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED) {
+ access_type = "DENIED";
+ } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT) {
+ access_type = "SYSTEM AUDIT";
+ } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
+ access_type = "ALLOWED OBJECT";
+ } else if (sec_ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) {
+ access_type = "DENIED OBJECT";
+ } else if (sec_ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT) {
+ access_type = "AUDIT OBJECT";
+ }
+
+ printf("access SID: %s\naccess type: %s\n",
+ dom_sid_str_buf(&sec_ace->trustee, &sidbuf),
+ access_type);
+
+ if (sec_ace_object(sec_ace->type)) {
+ ads_disp_sec_ace_object(ads, mem_ctx, &sec_ace->object.object);
+ }
+
+ ads_disp_perms(sec_ace->access_mask);
+}
+
+/* display ACL */
+static void ads_disp_acl(struct security_acl *sec_acl, const char *type)
+{
+ if (!sec_acl)
+ printf("------- (%s) ACL not present\n", type);
+ else {
+ printf("------- (%s) ACL (revision: %d, size: %d, number of ACEs: %d)\n",
+ type,
+ sec_acl->revision,
+ sec_acl->size,
+ sec_acl->num_aces);
+ }
+}
+
+/* display SD */
+void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd)
+{
+ uint32_t i;
+ char *tmp_path = NULL;
+ struct dom_sid_buf buf;
+
+ if (!sd) {
+ return;
+ }
+
+ if (ads && !ads->config.schema_path) {
+ if (ADS_ERR_OK(ads_schema_path(ads, mem_ctx, &tmp_path))) {
+ ads->config.schema_path = talloc_strdup(ads, tmp_path);
+ if (ads->config.schema_path == NULL) {
+ DBG_WARNING("Out of memory\n");
+ }
+ }
+ }
+
+ if (ads && !ads->config.config_path) {
+ if (ADS_ERR_OK(ads_config_path(ads, mem_ctx, &tmp_path))) {
+ ads->config.config_path = talloc_strdup(ads, tmp_path);
+ if (ads->config.config_path == NULL) {
+ DBG_WARNING("Out of memory\n");
+ }
+ }
+ }
+
+ printf("-------------- Security Descriptor (revision: %d, type: 0x%02x)\n",
+ sd->revision,
+ sd->type);
+
+ printf("owner SID: %s\n", sd->owner_sid ?
+ dom_sid_str_buf(sd->owner_sid, &buf) : "(null)");
+ printf("group SID: %s\n", sd->group_sid ?
+ dom_sid_str_buf(sd->group_sid, &buf) : "(null)");
+
+ ads_disp_acl(sd->sacl, "system");
+ if (sd->sacl) {
+ for (i = 0; i < sd->sacl->num_aces; i ++) {
+ ads_disp_ace(ads, mem_ctx, &sd->sacl->aces[i]);
+ }
+ }
+
+ ads_disp_acl(sd->dacl, "user");
+ if (sd->dacl) {
+ for (i = 0; i < sd->dacl->num_aces; i ++) {
+ ads_disp_ace(ads, mem_ctx, &sd->dacl->aces[i]);
+ }
+ }
+
+ printf("-------------- End Of Security Descriptor\n");
+}
+
+#endif
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
new file mode 100644
index 0000000..f76c566
--- /dev/null
+++ b/source3/libads/kerberos.c
@@ -0,0 +1,908 @@
+/*
+ Unix SMB/CIFS implementation.
+ kerberos utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Nalin Dahyabhai <nalin@redhat.com> 2004.
+ Copyright (C) Jeremy Allison 2004.
+ Copyright (C) Gerald Carter 2006.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/namequery.h"
+#include "system/filesys.h"
+#include "smb_krb5.h"
+#include "../librpc/gen_ndr/ndr_misc.h"
+#include "libads/kerberos_proto.h"
+#include "libads/cldap.h"
+#include "secrets.h"
+#include "../lib/tsocket/tsocket.h"
+#include "lib/util/asn1.h"
+
+#ifdef HAVE_KRB5
+
+#define LIBADS_CCACHE_NAME "MEMORY:libads"
+
+/*
+ we use a prompter to avoid a crash bug in the kerberos libs when
+ dealing with empty passwords
+ this prompter is just a string copy ...
+*/
+static krb5_error_code
+kerb_prompter(krb5_context ctx, void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[])
+{
+ if (num_prompts == 0) return 0;
+ if (num_prompts == 2) {
+ /*
+ * only heimdal has a prompt type and we need to deal with it here to
+ * avoid loops.
+ *
+ * removing the prompter completely is not an option as at least these
+ * versions would crash: heimdal-1.0.2 and heimdal-1.1. Later heimdal
+ * version have looping detection and return with a proper error code.
+ */
+
+#if defined(HAVE_KRB5_PROMPT_TYPE) /* Heimdal */
+ if (prompts[0].type == KRB5_PROMPT_TYPE_NEW_PASSWORD &&
+ prompts[1].type == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN) {
+ /*
+ * We don't want to change passwords here. We're
+ * called from heimdal when the KDC returns
+ * KRB5KDC_ERR_KEY_EXPIRED, but at this point we don't
+ * have the chance to ask the user for a new
+ * password. If we return 0 (i.e. success), we will be
+ * spinning in the endless for-loop in
+ * change_password() in
+ * third_party/heimdal/lib/krb5/init_creds_pw.c
+ */
+ return KRB5KDC_ERR_KEY_EXPIRED;
+ }
+#elif defined(HAVE_KRB5_GET_PROMPT_TYPES) /* MIT */
+ krb5_prompt_type *prompt_types = NULL;
+
+ prompt_types = krb5_get_prompt_types(ctx);
+ if (prompt_types != NULL) {
+ if (prompt_types[0] == KRB5_PROMPT_TYPE_NEW_PASSWORD &&
+ prompt_types[1] == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN) {
+ return KRB5KDC_ERR_KEY_EXP;
+ }
+ }
+#endif
+ }
+
+ memset(prompts[0].reply->data, '\0', prompts[0].reply->length);
+ if (prompts[0].reply->length > 0) {
+ if (data) {
+ strncpy((char *)prompts[0].reply->data, (const char *)data,
+ prompts[0].reply->length-1);
+ prompts[0].reply->length = strlen((const char *)prompts[0].reply->data);
+ } else {
+ prompts[0].reply->length = 0;
+ }
+ }
+ return 0;
+}
+
+/*
+ simulate a kinit, putting the tgt in the given cache location. If cache_name == NULL
+ place in default cache location.
+ remus@snapserver.com
+*/
+int kerberos_kinit_password_ext(const char *given_principal,
+ const char *password,
+ int time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ TALLOC_CTX *mem_ctx,
+ char **_canon_principal,
+ char **_canon_realm,
+ NTSTATUS *ntstatus)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ krb5_context ctx = NULL;
+ krb5_error_code code = 0;
+ krb5_ccache cc = NULL;
+ krb5_principal me = NULL;
+ krb5_principal canon_princ = NULL;
+ krb5_creds my_creds;
+ krb5_get_init_creds_opt *opt = NULL;
+ smb_krb5_addresses *addr = NULL;
+ char *canon_principal = NULL;
+ char *canon_realm = NULL;
+
+ ZERO_STRUCT(my_creds);
+
+ code = smb_krb5_init_context_common(&ctx);
+ if (code != 0) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
+ TALLOC_FREE(frame);
+ return code;
+ }
+
+ if (time_offset != 0) {
+ krb5_set_real_time(ctx, time(NULL) + time_offset, 0);
+ }
+
+ DBG_DEBUG("as %s using [%s] as ccache and config [%s]\n",
+ given_principal,
+ cache_name ? cache_name: krb5_cc_default_name(ctx),
+ getenv("KRB5_CONFIG"));
+
+ if ((code = krb5_cc_resolve(ctx, cache_name ? cache_name : krb5_cc_default_name(ctx), &cc))) {
+ goto out;
+ }
+
+ if ((code = smb_krb5_parse_name(ctx, given_principal, &me))) {
+ goto out;
+ }
+
+ if ((code = krb5_get_init_creds_opt_alloc(ctx, &opt))) {
+ goto out;
+ }
+
+ krb5_get_init_creds_opt_set_renew_life(opt, renewable_time);
+ krb5_get_init_creds_opt_set_forwardable(opt, True);
+
+ /* Turn on canonicalization for lower case realm support */
+#ifdef SAMBA4_USES_HEIMDAL
+ krb5_get_init_creds_opt_set_win2k(ctx, opt, true);
+ krb5_get_init_creds_opt_set_canonicalize(ctx, opt, true);
+#else /* MIT */
+ krb5_get_init_creds_opt_set_canonicalize(opt, true);
+#endif /* MIT */
+#if 0
+ /* insane testing */
+ krb5_get_init_creds_opt_set_tkt_life(opt, 60);
+#endif
+
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
+ if (request_pac) {
+ if ((code = krb5_get_init_creds_opt_set_pac_request(ctx, opt, (krb5_boolean)request_pac))) {
+ goto out;
+ }
+ }
+#endif
+ if (add_netbios_addr) {
+ if ((code = smb_krb5_gen_netbios_krb5_address(&addr,
+ lp_netbios_name()))) {
+ goto out;
+ }
+ krb5_get_init_creds_opt_set_address_list(opt, addr->addrs);
+ }
+
+ if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password),
+ kerb_prompter, discard_const_p(char, password),
+ 0, NULL, opt))) {
+ goto out;
+ }
+
+ canon_princ = my_creds.client;
+
+ code = smb_krb5_unparse_name(frame,
+ ctx,
+ canon_princ,
+ &canon_principal);
+ if (code != 0) {
+ goto out;
+ }
+
+ DBG_DEBUG("%s mapped to %s\n", given_principal, canon_principal);
+
+ canon_realm = smb_krb5_principal_get_realm(frame, ctx, canon_princ);
+ if (canon_realm == NULL) {
+ code = ENOMEM;
+ goto out;
+ }
+
+ if ((code = krb5_cc_initialize(ctx, cc, canon_princ))) {
+ goto out;
+ }
+
+ if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
+ goto out;
+ }
+
+ if (expire_time) {
+ *expire_time = (time_t) my_creds.times.endtime;
+ }
+
+ if (renew_till_time) {
+ *renew_till_time = (time_t) my_creds.times.renew_till;
+ }
+
+ if (_canon_principal != NULL) {
+ *_canon_principal = talloc_move(mem_ctx, &canon_principal);
+ }
+ if (_canon_realm != NULL) {
+ *_canon_realm = talloc_move(mem_ctx, &canon_realm);
+ }
+ out:
+ if (ntstatus) {
+ /* fast path */
+ if (code == 0) {
+ *ntstatus = NT_STATUS_OK;
+ goto cleanup;
+ }
+
+ /* fall back to self-made-mapping */
+ *ntstatus = krb5_to_nt_status(code);
+ }
+
+ cleanup:
+ krb5_free_cred_contents(ctx, &my_creds);
+ if (me) {
+ krb5_free_principal(ctx, me);
+ }
+ if (addr) {
+ smb_krb5_free_addresses(ctx, addr);
+ }
+ if (opt) {
+ krb5_get_init_creds_opt_free(ctx, opt);
+ }
+ if (cc) {
+ krb5_cc_close(ctx, cc);
+ }
+ if (ctx) {
+ krb5_free_context(ctx);
+ }
+ TALLOC_FREE(frame);
+ return code;
+}
+
+int ads_kdestroy(const char *cc_name)
+{
+ krb5_error_code code;
+ krb5_context ctx = NULL;
+ krb5_ccache cc = NULL;
+
+ code = smb_krb5_init_context_common(&ctx);
+ if (code != 0) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(code));
+ return code;
+ }
+
+ if (!cc_name) {
+ if ((code = krb5_cc_default(ctx, &cc))) {
+ krb5_free_context(ctx);
+ return code;
+ }
+ } else {
+ if ((code = krb5_cc_resolve(ctx, cc_name, &cc))) {
+ DEBUG(3, ("ads_kdestroy: krb5_cc_resolve failed: %s\n",
+ error_message(code)));
+ krb5_free_context(ctx);
+ return code;
+ }
+ }
+
+ if ((code = krb5_cc_destroy (ctx, cc))) {
+ DEBUG(3, ("ads_kdestroy: krb5_cc_destroy failed: %s\n",
+ error_message(code)));
+ }
+
+ krb5_free_context (ctx);
+ return code;
+}
+
+int create_kerberos_key_from_string(krb5_context context,
+ krb5_principal host_princ,
+ krb5_principal salt_princ,
+ krb5_data *password,
+ krb5_keyblock *key,
+ krb5_enctype enctype,
+ bool no_salt)
+{
+ int ret;
+ /*
+ * Check if we've determined that the KDC is salting keys for this
+ * principal/enctype in a non-obvious way. If it is, try to match
+ * its behavior.
+ */
+ if (no_salt) {
+ KRB5_KEY_DATA(key) = (KRB5_KEY_DATA_CAST *)SMB_MALLOC(password->length);
+ if (!KRB5_KEY_DATA(key)) {
+ return ENOMEM;
+ }
+ memcpy(KRB5_KEY_DATA(key), password->data, password->length);
+ KRB5_KEY_LENGTH(key) = password->length;
+ KRB5_KEY_TYPE(key) = enctype;
+ return 0;
+ }
+ ret = smb_krb5_create_key_from_string(context,
+ salt_princ ? salt_princ : host_princ,
+ NULL,
+ password,
+ enctype,
+ key);
+ return ret;
+}
+
+/************************************************************************
+************************************************************************/
+
+int kerberos_kinit_password(const char *principal,
+ const char *password,
+ int time_offset,
+ const char *cache_name)
+{
+ return kerberos_kinit_password_ext(principal,
+ password,
+ time_offset,
+ 0,
+ 0,
+ cache_name,
+ False,
+ False,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL);
+}
+
+/************************************************************************
+************************************************************************/
+
+/************************************************************************
+ Create a string list of available kdc's, possibly searching by sitename.
+ Does DNS queries.
+
+ If "sitename" is given, the DC's in that site are listed first.
+
+************************************************************************/
+
+static void add_sockaddr_unique(struct sockaddr_storage *addrs, size_t *num_addrs,
+ const struct sockaddr_storage *addr)
+{
+ size_t i;
+
+ for (i=0; i<*num_addrs; i++) {
+ if (sockaddr_equal((const struct sockaddr *)&addrs[i],
+ (const struct sockaddr *)addr)) {
+ return;
+ }
+ }
+ addrs[i] = *addr;
+ *num_addrs += 1;
+}
+
+/* print_canonical_sockaddr prints an ipv6 addr in the form of
+* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
+* always properly dealt with by some older krb5 libraries. Adding the hard-coded
+* portnumber workarounds the issue. - gd */
+
+static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
+ const struct sockaddr_storage *pss)
+{
+ char *str = NULL;
+
+ str = print_canonical_sockaddr(mem_ctx, pss);
+ if (str == NULL) {
+ return NULL;
+ }
+
+ if (pss->ss_family != AF_INET6) {
+ return str;
+ }
+
+#if defined(HAVE_IPV6)
+ str = talloc_asprintf_append(str, ":88");
+#endif
+ return str;
+}
+
+static char *get_kdc_ip_string(char *mem_ctx,
+ const char *realm,
+ const char *sitename,
+ const struct sockaddr_storage *pss)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ size_t i;
+ struct samba_sockaddr *ip_sa_site = NULL;
+ struct samba_sockaddr *ip_sa_nonsite = NULL;
+ struct samba_sockaddr sa = {0};
+ size_t count_site = 0;
+ size_t count_nonsite;
+ size_t num_dcs;
+ struct sockaddr_storage *dc_addrs = NULL;
+ struct tsocket_address **dc_addrs2 = NULL;
+ const struct tsocket_address * const *dc_addrs3 = NULL;
+ char *result = NULL;
+ struct netlogon_samlogon_response **responses = NULL;
+ NTSTATUS status;
+ bool ok;
+ char *kdc_str = NULL;
+ char *canon_sockaddr = NULL;
+
+ SMB_ASSERT(pss != NULL);
+
+ canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
+ if (canon_sockaddr == NULL) {
+ goto out;
+ }
+
+ kdc_str = talloc_asprintf(frame,
+ "\t\tkdc = %s\n",
+ canon_sockaddr);
+ if (kdc_str == NULL) {
+ goto out;
+ }
+
+ ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
+ if (!ok) {
+ goto out;
+ }
+
+ /*
+ * First get the KDC's only in this site, the rest will be
+ * appended later
+ */
+
+ if (sitename) {
+ status = get_kdc_list(frame,
+ realm,
+ sitename,
+ &ip_sa_site,
+ &count_site);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("get_kdc_list fail %s\n",
+ nt_errstr(status));
+ goto out;
+ }
+ DBG_DEBUG("got %zu addresses from site %s search\n",
+ count_site,
+ sitename);
+ }
+
+ /* Get all KDC's. */
+
+ status = get_kdc_list(frame,
+ realm,
+ NULL,
+ &ip_sa_nonsite,
+ &count_nonsite);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("get_kdc_list (site-less) fail %s\n",
+ nt_errstr(status));
+ goto out;
+ }
+ DBG_DEBUG("got %zu addresses from site-less search\n", count_nonsite);
+
+ if (count_site + count_nonsite < count_site) {
+ /* Wrap check. */
+ DBG_ERR("get_kdc_list_talloc (site-less) fail wrap error\n");
+ goto out;
+ }
+
+
+ dc_addrs = talloc_array(talloc_tos(), struct sockaddr_storage,
+ count_site + count_nonsite);
+ if (dc_addrs == NULL) {
+ goto out;
+ }
+
+ num_dcs = 0;
+
+ for (i = 0; i < count_site; i++) {
+ if (!sockaddr_equal(&sa.u.sa, &ip_sa_site[i].u.sa)) {
+ add_sockaddr_unique(dc_addrs, &num_dcs,
+ &ip_sa_site[i].u.ss);
+ }
+ }
+
+ for (i = 0; i < count_nonsite; i++) {
+ if (!sockaddr_equal(&sa.u.sa, &ip_sa_nonsite[i].u.sa)) {
+ add_sockaddr_unique(dc_addrs, &num_dcs,
+ &ip_sa_nonsite[i].u.ss);
+ }
+ }
+
+ DBG_DEBUG("%zu additional KDCs to test\n", num_dcs);
+ if (num_dcs == 0) {
+ /*
+ * We do not have additional KDCs, but we have the one passed
+ * in via `pss`. So just use that one and leave.
+ */
+ result = talloc_move(mem_ctx, &kdc_str);
+ goto out;
+ }
+
+ dc_addrs2 = talloc_zero_array(talloc_tos(),
+ struct tsocket_address *,
+ num_dcs);
+ if (dc_addrs2 == NULL) {
+ goto out;
+ }
+
+ for (i=0; i<num_dcs; i++) {
+ char addr[INET6_ADDRSTRLEN];
+ int ret;
+
+ print_sockaddr(addr, sizeof(addr), &dc_addrs[i]);
+
+ ret = tsocket_address_inet_from_strings(dc_addrs2, "ip",
+ addr, LDAP_PORT,
+ &dc_addrs2[i]);
+ if (ret != 0) {
+ status = map_nt_error_from_unix(errno);
+ DEBUG(2,("Failed to create tsocket_address for %s - %s\n",
+ addr, nt_errstr(status)));
+ goto out;
+ }
+ }
+
+ dc_addrs3 = (const struct tsocket_address * const *)dc_addrs2;
+
+ status = cldap_multi_netlogon(talloc_tos(),
+ dc_addrs3, num_dcs,
+ realm, lp_netbios_name(),
+ NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX,
+ MIN(num_dcs, 3), timeval_current_ofs(3, 0), &responses);
+ TALLOC_FREE(dc_addrs2);
+ dc_addrs3 = NULL;
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("get_kdc_ip_string: cldap_multi_netlogon failed: "
+ "%s\n", nt_errstr(status)));
+ goto out;
+ }
+
+ for (i=0; i<num_dcs; i++) {
+ char *new_kdc_str;
+
+ if (responses[i] == NULL) {
+ continue;
+ }
+
+ /* Append to the string - inefficient but not done often. */
+ new_kdc_str = talloc_asprintf_append(
+ kdc_str,
+ "\t\tkdc = %s\n",
+ print_canonical_sockaddr_with_port(
+ mem_ctx, &dc_addrs[i]));
+ if (new_kdc_str == NULL) {
+ goto out;
+ }
+ kdc_str = new_kdc_str;
+ }
+
+ result = talloc_move(mem_ctx, &kdc_str);
+out:
+ if (result != NULL) {
+ DBG_DEBUG("Returning\n%s\n", result);
+ } else {
+ DBG_NOTICE("Failed to get KDC ip address\n");
+ }
+
+ TALLOC_FREE(frame);
+ return result;
+}
+
+/************************************************************************
+ Create a specific krb5.conf file in the private directory pointing
+ at a specific kdc for a realm. Keyed off domain name. Sets
+ KRB5_CONFIG environment variable to point to this file. Must be
+ run as root or will fail (which is a good thing :-).
+************************************************************************/
+
+#if !defined(SAMBA4_USES_HEIMDAL) /* MIT version */
+static char *get_enctypes(TALLOC_CTX *mem_ctx)
+{
+ char *aes_enctypes = NULL;
+ const char *legacy_enctypes = "";
+ char *enctypes = NULL;
+
+ aes_enctypes = talloc_strdup(mem_ctx, "");
+ if (aes_enctypes == NULL) {
+ goto done;
+ }
+
+ if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+ lp_kerberos_encryption_types() == KERBEROS_ETYPES_STRONG) {
+ aes_enctypes = talloc_asprintf_append(
+ aes_enctypes, "%s", "aes256-cts-hmac-sha1-96 ");
+ if (aes_enctypes == NULL) {
+ goto done;
+ }
+ aes_enctypes = talloc_asprintf_append(
+ aes_enctypes, "%s", "aes128-cts-hmac-sha1-96");
+ if (aes_enctypes == NULL) {
+ goto done;
+ }
+ }
+
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_ALLOWED &&
+ (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+ lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY)) {
+ legacy_enctypes = "RC4-HMAC";
+ }
+
+ enctypes =
+ talloc_asprintf(mem_ctx, "\tdefault_tgs_enctypes = %s %s\n"
+ "\tdefault_tkt_enctypes = %s %s\n"
+ "\tpreferred_enctypes = %s %s\n",
+ aes_enctypes, legacy_enctypes, aes_enctypes,
+ legacy_enctypes, aes_enctypes, legacy_enctypes);
+done:
+ TALLOC_FREE(aes_enctypes);
+ return enctypes;
+}
+#else /* Heimdal version */
+static char *get_enctypes(TALLOC_CTX *mem_ctx)
+{
+ const char *aes_enctypes = "";
+ const char *legacy_enctypes = "";
+ char *enctypes = NULL;
+
+ if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+ lp_kerberos_encryption_types() == KERBEROS_ETYPES_STRONG) {
+ aes_enctypes =
+ "aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96";
+ }
+
+ if (lp_kerberos_encryption_types() == KERBEROS_ETYPES_ALL ||
+ lp_kerberos_encryption_types() == KERBEROS_ETYPES_LEGACY) {
+ legacy_enctypes = "arcfour-hmac-md5";
+ }
+
+ enctypes = talloc_asprintf(mem_ctx, "\tdefault_etypes = %s %s\n",
+ aes_enctypes, legacy_enctypes);
+
+ return enctypes;
+}
+#endif
+
+bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+ const struct sockaddr_storage *pss)
+{
+ char *dname;
+ char *tmpname = NULL;
+ char *fname = NULL;
+ char *file_contents = NULL;
+ char *kdc_ip_string = NULL;
+ size_t flen = 0;
+ ssize_t ret;
+ int fd;
+ char *realm_upper = NULL;
+ bool result = false;
+ char *enctypes = NULL;
+ const char *include_system_krb5 = "";
+ mode_t mask;
+
+ if (!lp_create_krb5_conf()) {
+ return false;
+ }
+
+ if (realm == NULL) {
+ DEBUG(0, ("No realm has been specified! Do you really want to "
+ "join an Active Directory server?\n"));
+ return false;
+ }
+
+ if (domain == NULL || pss == NULL) {
+ return false;
+ }
+
+ dname = lock_path(talloc_tos(), "smb_krb5");
+ if (!dname) {
+ return false;
+ }
+ if ((mkdir(dname, 0755)==-1) && (errno != EEXIST)) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: "
+ "failed to create directory %s. Error was %s\n",
+ dname, strerror(errno) ));
+ goto done;
+ }
+
+ tmpname = lock_path(talloc_tos(), "smb_tmp_krb5.XXXXXX");
+ if (!tmpname) {
+ goto done;
+ }
+
+ fname = talloc_asprintf(dname, "%s/krb5.conf.%s", dname, domain);
+ if (!fname) {
+ goto done;
+ }
+
+ DEBUG(10,("create_local_private_krb5_conf_for_domain: fname = %s, realm = %s, domain = %s\n",
+ fname, realm, domain ));
+
+ realm_upper = talloc_strdup(fname, realm);
+ if (!strupper_m(realm_upper)) {
+ goto done;
+ }
+
+ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
+ if (!kdc_ip_string) {
+ goto done;
+ }
+
+ enctypes = get_enctypes(fname);
+ if (enctypes == NULL) {
+ goto done;
+ }
+
+#if !defined(SAMBA4_USES_HEIMDAL)
+ if (lp_include_system_krb5_conf()) {
+ include_system_krb5 = "include /etc/krb5.conf";
+ }
+#endif
+
+ /*
+ * We are setting 'dns_lookup_kdc' to true, because we want to lookup
+ * KDCs which are not configured via DNS SRV records, eg. if we do:
+ *
+ * net ads join -Uadmin@otherdomain
+ */
+ file_contents =
+ talloc_asprintf(fname,
+ "[libdefaults]\n"
+ "\tdefault_realm = %s\n"
+ "%s"
+ "\tdns_lookup_realm = false\n"
+ "\tdns_lookup_kdc = true\n\n"
+ "[realms]\n\t%s = {\n"
+ "%s\t}\n"
+ "\t%s = {\n"
+ "%s\t}\n"
+ "%s\n",
+ realm_upper,
+ enctypes,
+ realm_upper,
+ kdc_ip_string,
+ domain,
+ kdc_ip_string,
+ include_system_krb5);
+
+ if (!file_contents) {
+ goto done;
+ }
+
+ flen = strlen(file_contents);
+
+ mask = umask(S_IRWXO | S_IRWXG);
+ fd = mkstemp(tmpname);
+ umask(mask);
+ if (fd == -1) {
+ DBG_ERR("mkstemp failed, for file %s. Errno %s\n",
+ tmpname,
+ strerror(errno));
+ goto done;
+ }
+
+ if (fchmod(fd, 0644)==-1) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: fchmod failed for %s."
+ " Errno %s\n",
+ tmpname, strerror(errno) ));
+ unlink(tmpname);
+ close(fd);
+ goto done;
+ }
+
+ ret = write(fd, file_contents, flen);
+ if (flen != ret) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: write failed,"
+ " returned %d (should be %u). Errno %s\n",
+ (int)ret, (unsigned int)flen, strerror(errno) ));
+ unlink(tmpname);
+ close(fd);
+ goto done;
+ }
+ if (close(fd)==-1) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: close failed."
+ " Errno %s\n", strerror(errno) ));
+ unlink(tmpname);
+ goto done;
+ }
+
+ if (rename(tmpname, fname) == -1) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: rename "
+ "of %s to %s failed. Errno %s\n",
+ tmpname, fname, strerror(errno) ));
+ unlink(tmpname);
+ goto done;
+ }
+
+ DBG_INFO("wrote file %s with realm %s KDC list:\n%s\n",
+ fname, realm_upper, kdc_ip_string);
+
+ /* Set the environment variable to this file. */
+ setenv("KRB5_CONFIG", fname, 1);
+
+ result = true;
+
+#if defined(OVERWRITE_SYSTEM_KRB5_CONF)
+
+#define SYSTEM_KRB5_CONF_PATH "/etc/krb5.conf"
+ /* Insanity, sheer insanity..... */
+
+ if (strequal(realm, lp_realm())) {
+ SMB_STRUCT_STAT sbuf;
+
+ if (sys_lstat(SYSTEM_KRB5_CONF_PATH, &sbuf, false) == 0) {
+ if (S_ISLNK(sbuf.st_ex_mode) && sbuf.st_ex_size) {
+ int lret;
+ size_t alloc_size = sbuf.st_ex_size + 1;
+ char *linkpath = talloc_array(talloc_tos(), char,
+ alloc_size);
+ if (!linkpath) {
+ goto done;
+ }
+ lret = readlink(SYSTEM_KRB5_CONF_PATH, linkpath,
+ alloc_size - 1);
+ if (lret == -1) {
+ TALLOC_FREE(linkpath);
+ goto done;
+ }
+ linkpath[lret] = '\0';
+
+ if (strcmp(linkpath, fname) == 0) {
+ /* Symlink already exists. */
+ TALLOC_FREE(linkpath);
+ goto done;
+ }
+ TALLOC_FREE(linkpath);
+ }
+ }
+
+ /* Try and replace with a symlink. */
+ if (symlink(fname, SYSTEM_KRB5_CONF_PATH) == -1) {
+ const char *newpath = SYSTEM_KRB5_CONF_PATH ".saved";
+ if (errno != EEXIST) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: symlink "
+ "of %s to %s failed. Errno %s\n",
+ fname, SYSTEM_KRB5_CONF_PATH, strerror(errno) ));
+ goto done; /* Not a fatal error. */
+ }
+
+ /* Yes, this is a race condition... too bad. */
+ if (rename(SYSTEM_KRB5_CONF_PATH, newpath) == -1) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: rename "
+ "of %s to %s failed. Errno %s\n",
+ SYSTEM_KRB5_CONF_PATH, newpath,
+ strerror(errno) ));
+ goto done; /* Not a fatal error. */
+ }
+
+ if (symlink(fname, SYSTEM_KRB5_CONF_PATH) == -1) {
+ DEBUG(0,("create_local_private_krb5_conf_for_domain: "
+ "forced symlink of %s to /etc/krb5.conf failed. Errno %s\n",
+ fname, strerror(errno) ));
+ goto done; /* Not a fatal error. */
+ }
+ }
+ }
+#endif
+
+done:
+ TALLOC_FREE(tmpname);
+ TALLOC_FREE(dname);
+
+ return result;
+}
+#endif
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
new file mode 100644
index 0000000..466211a
--- /dev/null
+++ b/source3/libads/kerberos_keytab.c
@@ -0,0 +1,1026 @@
+/*
+ Unix SMB/CIFS implementation.
+ kerberos keytab utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Luke Howard 2003
+ Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
+ Copyright (C) Guenther Deschner 2003
+ Copyright (C) Rakesh Patel 2004
+ Copyright (C) Dan Perry 2004
+ Copyright (C) Jeremy Allison 2004
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "ads.h"
+#include "secrets.h"
+
+#ifdef HAVE_KRB5
+
+#ifdef HAVE_ADS
+
+/* This MAX_NAME_LEN is a constant defined in krb5.h */
+#ifndef MAX_KEYTAB_NAME_LEN
+#define MAX_KEYTAB_NAME_LEN 1100
+#endif
+
+static krb5_error_code ads_keytab_open(krb5_context context,
+ krb5_keytab *keytab)
+{
+ char keytab_str[MAX_KEYTAB_NAME_LEN] = {0};
+ const char *keytab_name = NULL;
+ krb5_error_code ret = 0;
+
+ switch (lp_kerberos_method()) {
+ case KERBEROS_VERIFY_SYSTEM_KEYTAB:
+ case KERBEROS_VERIFY_SECRETS_AND_KEYTAB:
+ ret = krb5_kt_default_name(context,
+ keytab_str,
+ sizeof(keytab_str) - 2);
+ if (ret != 0) {
+ DBG_WARNING("Failed to get default keytab name\n");
+ goto out;
+ }
+ keytab_name = keytab_str;
+ break;
+ case KERBEROS_VERIFY_DEDICATED_KEYTAB:
+ keytab_name = lp_dedicated_keytab_file();
+ break;
+ default:
+ DBG_ERR("Invalid kerberos method set (%d)\n",
+ lp_kerberos_method());
+ ret = KRB5_KT_BADNAME;
+ goto out;
+ }
+
+ if (keytab_name == NULL || keytab_name[0] == '\0') {
+ DBG_ERR("Invalid keytab name\n");
+ ret = KRB5_KT_BADNAME;
+ goto out;
+ }
+
+ ret = smb_krb5_kt_open(context, keytab_name, true, keytab);
+ if (ret != 0) {
+ DBG_WARNING("smb_krb5_kt_open failed (%s)\n",
+ error_message(ret));
+ goto out;
+ }
+
+out:
+ return ret;
+}
+
+static bool fill_default_spns(TALLOC_CTX *ctx, const char *machine_name,
+ const char *my_fqdn, const char *spn,
+ const char ***spns)
+{
+ char *psp1, *psp2;
+
+ if (*spns == NULL) {
+ *spns = talloc_zero_array(ctx, const char*, 3);
+ if (*spns == NULL) {
+ return false;
+ }
+ }
+
+ psp1 = talloc_asprintf(ctx,
+ "%s/%s",
+ spn,
+ machine_name);
+ if (psp1 == NULL) {
+ return false;
+ }
+
+ if (!strlower_m(&psp1[strlen(spn) + 1])) {
+ return false;
+ }
+ (*spns)[0] = psp1;
+
+ psp2 = talloc_asprintf(ctx,
+ "%s/%s",
+ spn,
+ my_fqdn);
+ if (psp2 == NULL) {
+ return false;
+ }
+
+ if (!strlower_m(&psp2[strlen(spn) + 1])) {
+ return false;
+ }
+
+ (*spns)[1] = psp2;
+
+ return true;
+}
+
+static bool ads_set_machine_account_spns(TALLOC_CTX *ctx,
+ ADS_STRUCT *ads,
+ const char *service_or_spn,
+ const char *my_fqdn)
+{
+ const char **spn_names = NULL;
+ ADS_STATUS aderr;
+ struct spn_struct* spn_struct = NULL;
+ char *tmp = NULL;
+
+ /* SPN should have '/' */
+ tmp = strchr_m(service_or_spn, '/');
+ if (tmp != NULL) {
+ spn_struct = parse_spn(ctx, service_or_spn);
+ if (spn_struct == NULL) {
+ return false;
+ }
+ }
+
+ DBG_INFO("Attempting to add/update '%s'\n", service_or_spn);
+
+ if (spn_struct != NULL) {
+ spn_names = talloc_zero_array(ctx, const char*, 2);
+ spn_names[0] = service_or_spn;
+ } else {
+ bool ok;
+
+ ok = fill_default_spns(ctx,
+ lp_netbios_name(),
+ my_fqdn,
+ service_or_spn,
+ &spn_names);
+ if (!ok) {
+ return false;
+ }
+ }
+ aderr = ads_add_service_principal_names(ads,
+ lp_netbios_name(),
+ spn_names);
+ if (!ADS_ERR_OK(aderr)) {
+ DBG_WARNING("Failed to add service principal name.\n");
+ return false;
+ }
+
+ return true;
+}
+
+/*
+ * Create kerberos principal(s) from SPN or service name.
+ */
+static bool service_or_spn_to_kerberos_princ(TALLOC_CTX *ctx,
+ const char *service_or_spn,
+ const char *my_fqdn,
+ char **p_princ_s,
+ char **p_short_princ_s)
+{
+ char *princ_s = NULL;
+ char *short_princ_s = NULL;
+ const char *service = service_or_spn;
+ const char *host = my_fqdn;
+ struct spn_struct* spn_struct = NULL;
+ char *tmp = NULL;
+ bool ok = true;
+
+ /* SPN should have '/' */
+ tmp = strchr_m(service_or_spn, '/');
+ if (tmp != NULL) {
+ spn_struct = parse_spn(ctx, service_or_spn);
+ if (spn_struct == NULL) {
+ ok = false;
+ goto out;
+ }
+ }
+ if (spn_struct != NULL) {
+ service = spn_struct->serviceclass;
+ host = spn_struct->host;
+ }
+ princ_s = talloc_asprintf(ctx, "%s/%s@%s",
+ service,
+ host, lp_realm());
+ if (princ_s == NULL) {
+ ok = false;
+ goto out;
+ }
+
+ if (spn_struct == NULL) {
+ short_princ_s = talloc_asprintf(ctx, "%s/%s@%s",
+ service, lp_netbios_name(),
+ lp_realm());
+ if (short_princ_s == NULL) {
+ ok = false;
+ goto out;
+ }
+ }
+ *p_princ_s = princ_s;
+ *p_short_princ_s = short_princ_s;
+out:
+ return ok;
+}
+
+static int add_kt_entry_etypes(krb5_context context, TALLOC_CTX *tmpctx,
+ ADS_STRUCT *ads, const char *salt_princ_s,
+ krb5_keytab keytab, krb5_kvno kvno,
+ const char *srvPrinc, const char *my_fqdn,
+ krb5_data *password, bool update_ads)
+{
+ krb5_error_code ret = 0;
+ char *princ_s = NULL;
+ char *short_princ_s = NULL;
+ krb5_enctype enctypes[4] = {
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ ENCTYPE_ARCFOUR_HMAC,
+ 0
+ };
+ size_t i;
+
+ /* Construct our principal */
+ if (strchr_m(srvPrinc, '@')) {
+ /* It's a fully-named principal. */
+ princ_s = talloc_asprintf(tmpctx, "%s", srvPrinc);
+ if (!princ_s) {
+ ret = -1;
+ goto out;
+ }
+ } else if (srvPrinc[strlen(srvPrinc)-1] == '$') {
+ /* It's the machine account, as used by smbclient clients. */
+ princ_s = talloc_asprintf(tmpctx, "%s@%s",
+ srvPrinc, lp_realm());
+ if (!princ_s) {
+ ret = -1;
+ goto out;
+ }
+ } else {
+ /* It's a normal service principal. Add the SPN now so that we
+ * can obtain credentials for it and double-check the salt value
+ * used to generate the service's keys. */
+
+ if (!service_or_spn_to_kerberos_princ(tmpctx,
+ srvPrinc,
+ my_fqdn,
+ &princ_s,
+ &short_princ_s)) {
+ ret = -1;
+ goto out;
+ }
+
+ /* According to http://support.microsoft.com/kb/326985/en-us,
+ certain principal names are automatically mapped to the
+ host/... principal in the AD account.
+ So only create these in the keytab, not in AD. --jerry */
+
+ if (update_ads && !strequal(srvPrinc, "cifs") &&
+ !strequal(srvPrinc, "host")) {
+ if (!ads_set_machine_account_spns(tmpctx,
+ ads,
+ srvPrinc,
+ my_fqdn)) {
+ ret = -1;
+ goto out;
+ }
+ }
+ }
+
+ for (i = 0; enctypes[i]; i++) {
+
+ /* add the fqdn principal to the keytab */
+ ret = smb_krb5_kt_add_entry(context,
+ keytab,
+ kvno,
+ princ_s,
+ salt_princ_s,
+ enctypes[i],
+ password,
+ false); /* no_salt */
+ if (ret) {
+ DBG_WARNING("Failed to add entry to keytab\n");
+ goto out;
+ }
+
+ /* add the short principal name if we have one */
+ if (short_princ_s) {
+ ret = smb_krb5_kt_add_entry(context,
+ keytab,
+ kvno,
+ short_princ_s,
+ salt_princ_s,
+ enctypes[i],
+ password,
+ false); /* no_salt */
+ if (ret) {
+ DBG_WARNING("Failed to add short entry to keytab\n");
+ goto out;
+ }
+ }
+ }
+out:
+ return ret;
+}
+
+/**********************************************************************
+ Adds a single service principal, i.e. 'host' to the system keytab
+***********************************************************************/
+
+int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc, bool update_ads)
+{
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ krb5_data password;
+ krb5_kvno kvno;
+ char *salt_princ_s = NULL;
+ char *password_s = NULL;
+ char *my_fqdn;
+ TALLOC_CTX *tmpctx = NULL;
+ char **hostnames_array = NULL;
+ size_t num_hostnames = 0;
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ return -1;
+ }
+
+ ret = ads_keytab_open(context, &keytab);
+ if (ret != 0) {
+ goto out;
+ }
+
+ /* retrieve the password */
+ if (!secrets_init()) {
+ DBG_WARNING("secrets_init failed\n");
+ ret = -1;
+ goto out;
+ }
+ password_s = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+ if (!password_s) {
+ DBG_WARNING("failed to fetch machine password\n");
+ ret = -1;
+ goto out;
+ }
+ ZERO_STRUCT(password);
+ password.data = password_s;
+ password.length = strlen(password_s);
+
+ /* we need the dNSHostName value here */
+ tmpctx = talloc_init(__location__);
+ if (!tmpctx) {
+ DBG_ERR("talloc_init() failed!\n");
+ ret = -1;
+ goto out;
+ }
+
+ my_fqdn = ads_get_dnshostname(ads, tmpctx, lp_netbios_name());
+ if (!my_fqdn) {
+ DBG_ERR("unable to determine machine account's dns name in "
+ "AD!\n");
+ ret = -1;
+ goto out;
+ }
+
+ /* make sure we have a single instance of the computer account */
+ if (!ads_has_samaccountname(ads, tmpctx, lp_netbios_name())) {
+ DBG_ERR("unable to determine machine account's short name in "
+ "AD!\n");
+ ret = -1;
+ goto out;
+ }
+
+ kvno = (krb5_kvno)ads_get_machine_kvno(ads, lp_netbios_name());
+ if (kvno == -1) {
+ /* -1 indicates failure, everything else is OK */
+ DBG_WARNING("ads_get_machine_kvno failed to determine the "
+ "system's kvno.\n");
+ ret = -1;
+ goto out;
+ }
+
+ salt_princ_s = kerberos_secrets_fetch_salt_princ();
+ if (salt_princ_s == NULL) {
+ DBG_WARNING("kerberos_secrets_fetch_salt_princ() failed\n");
+ ret = -1;
+ goto out;
+ }
+
+ ret = add_kt_entry_etypes(context, tmpctx, ads, salt_princ_s, keytab,
+ kvno, srvPrinc, my_fqdn, &password,
+ update_ads);
+ if (ret != 0) {
+ goto out;
+ }
+
+ if (ADS_ERR_OK(ads_get_additional_dns_hostnames(tmpctx, ads,
+ lp_netbios_name(),
+ &hostnames_array,
+ &num_hostnames))) {
+ size_t i;
+
+ for (i = 0; i < num_hostnames; i++) {
+
+ ret = add_kt_entry_etypes(context, tmpctx, ads,
+ salt_princ_s, keytab,
+ kvno, srvPrinc,
+ hostnames_array[i],
+ &password, update_ads);
+ if (ret != 0) {
+ goto out;
+ }
+ }
+ }
+
+out:
+ SAFE_FREE(salt_princ_s);
+ TALLOC_FREE(tmpctx);
+
+ if (keytab) {
+ krb5_kt_close(context, keytab);
+ }
+ if (context) {
+ krb5_free_context(context);
+ }
+ return (int)ret;
+}
+
+/**********************************************************************
+ Delete a single service principal, i.e. 'host' from the system keytab
+***********************************************************************/
+
+int ads_keytab_delete_entry(ADS_STRUCT *ads, const char *srvPrinc)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ char *princ_s = NULL;
+ krb5_principal princ = NULL;
+ char *short_princ_s = NULL;
+ krb5_principal short_princ = NULL;
+ bool ok;
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ goto out;
+ }
+
+ ret = ads_keytab_open(context, &keytab);
+ if (ret != 0) {
+ goto out;
+ }
+
+ /* Construct our principal */
+ if (strchr_m(srvPrinc, '@')) {
+ /* It's a fully-named principal. */
+ princ_s = talloc_asprintf(frame, "%s", srvPrinc);
+ if (!princ_s) {
+ ret = -1;
+ goto out;
+ }
+ } else if (srvPrinc[strlen(srvPrinc)-1] == '$') {
+ /* It's the machine account, as used by smbclient clients. */
+ princ_s = talloc_asprintf(frame, "%s@%s",
+ srvPrinc, lp_realm());
+ if (!princ_s) {
+ ret = -1;
+ goto out;
+ }
+ } else {
+ /*
+ * It's a normal service principal.
+ */
+ char *my_fqdn = NULL;
+ char *tmp = NULL;
+
+ /*
+ * SPN should have '/' otherwise we
+ * need to fallback and find our dnshostname
+ */
+ tmp = strchr_m(srvPrinc, '/');
+ if (tmp == NULL) {
+ my_fqdn = ads_get_dnshostname(ads, frame, lp_netbios_name());
+ if (!my_fqdn) {
+ DBG_ERR("unable to determine machine account's dns name in "
+ "AD!\n");
+ ret = -1;
+ goto out;
+ }
+ }
+
+ ok = service_or_spn_to_kerberos_princ(frame,
+ srvPrinc,
+ my_fqdn,
+ &princ_s,
+ &short_princ_s);
+ if (!ok) {
+ ret = -1;
+ goto out;
+ }
+ }
+
+ ret = smb_krb5_parse_name(context, princ_s, &princ);
+ if (ret) {
+ DEBUG(1, (__location__ ": smb_krb5_parse_name(%s) "
+ "failed (%s)\n", princ_s, error_message(ret)));
+ goto out;
+ }
+
+ if (short_princ_s != NULL) {
+ ret = smb_krb5_parse_name(context, short_princ_s, &short_princ);
+ if (ret) {
+ DEBUG(1, (__location__ ": smb_krb5_parse_name(%s) "
+ "failed (%s)\n", short_princ_s, error_message(ret)));
+ goto out;
+ }
+ }
+
+ /* Seek and delete old keytab entries */
+ ret = smb_krb5_kt_seek_and_delete_old_entries(context,
+ keytab,
+ false, /* keep_old_kvno */
+ -1,
+ false, /* enctype_only */
+ ENCTYPE_NULL,
+ princ_s,
+ princ,
+ false); /* flush */
+ if (ret) {
+ goto out;
+ }
+
+ if (short_princ_s == NULL) {
+ goto out;
+ }
+
+ /* Seek and delete old keytab entries */
+ ret = smb_krb5_kt_seek_and_delete_old_entries(context,
+ keytab,
+ false, /* keep_old_kvno */
+ -1,
+ false, /* enctype_only */
+ ENCTYPE_NULL,
+ short_princ_s,
+ short_princ,
+ false); /* flush */
+ if (ret) {
+ goto out;
+ }
+
+out:
+ if (princ) {
+ krb5_free_principal(context, princ);
+ }
+ if (short_princ) {
+ krb5_free_principal(context, short_princ);
+ }
+ if (keytab) {
+ krb5_kt_close(context, keytab);
+ }
+ if (context) {
+ krb5_free_context(context);
+ }
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/**********************************************************************
+ Flushes all entries from the system keytab.
+***********************************************************************/
+
+int ads_keytab_flush(ADS_STRUCT *ads)
+{
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ ADS_STATUS aderr;
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ return ret;
+ }
+
+ ret = ads_keytab_open(context, &keytab);
+ if (ret != 0) {
+ goto out;
+ }
+
+ /* Seek and delete all old keytab entries */
+ ret = smb_krb5_kt_seek_and_delete_old_entries(context,
+ keytab,
+ false, /* keep_old_kvno */
+ -1,
+ false, /* enctype_only */
+ ENCTYPE_NULL,
+ NULL,
+ NULL,
+ true); /* flush */
+ if (ret) {
+ goto out;
+ }
+
+ aderr = ads_clear_service_principal_names(ads, lp_netbios_name());
+ if (!ADS_ERR_OK(aderr)) {
+ DEBUG(1, (__location__ ": Error while clearing service "
+ "principal listings in LDAP.\n"));
+ ret = -1;
+ goto out;
+ }
+
+out:
+ if (keytab) {
+ krb5_kt_close(context, keytab);
+ }
+ if (context) {
+ krb5_free_context(context);
+ }
+ return ret;
+}
+
+/**********************************************************************
+ Adds all the required service principals to the system keytab.
+***********************************************************************/
+
+int ads_keytab_create_default(ADS_STRUCT *ads)
+{
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ krb5_kt_cursor cursor = {0};
+ krb5_keytab_entry kt_entry = {0};
+ krb5_kvno kvno;
+ size_t found = 0;
+ char *sam_account_name, *upn;
+ char **oldEntries = NULL, *princ_s[26];
+ TALLOC_CTX *frame;
+ char *machine_name;
+ char **spn_array;
+ size_t num_spns;
+ size_t i;
+ bool ok = false;
+ ADS_STATUS status;
+
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+
+ frame = talloc_stackframe();
+ if (frame == NULL) {
+ ret = -1;
+ goto done;
+ }
+
+ status = ads_get_service_principal_names(frame,
+ ads,
+ lp_netbios_name(),
+ &spn_array,
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ ret = -1;
+ goto done;
+ }
+
+ for (i = 0; i < num_spns; i++) {
+ char *srv_princ;
+ char *p;
+
+ srv_princ = strlower_talloc(frame, spn_array[i]);
+ if (srv_princ == NULL) {
+ ret = -1;
+ goto done;
+ }
+
+ p = strchr_m(srv_princ, '/');
+ if (p == NULL) {
+ continue;
+ }
+ p[0] = '\0';
+
+ /* Add the SPNs found on the DC */
+ ret = ads_keytab_add_entry(ads, srv_princ, false);
+ if (ret != 0) {
+ DEBUG(1, ("ads_keytab_add_entry failed while "
+ "adding '%s' principal.\n",
+ spn_array[i]));
+ goto done;
+ }
+ }
+
+#if 0 /* don't create the CIFS/... keytab entries since no one except smbd
+ really needs them and we will fall back to verifying against
+ secrets.tdb */
+
+ ret = ads_keytab_add_entry(ads, "cifs", false));
+ if (ret != 0 ) {
+ DEBUG(1, (__location__ ": ads_keytab_add_entry failed while "
+ "adding 'cifs'.\n"));
+ return ret;
+ }
+#endif
+
+ memset(princ_s, '\0', sizeof(princ_s));
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ goto done;
+ }
+
+ machine_name = talloc_strdup(frame, lp_netbios_name());
+ if (!machine_name) {
+ ret = -1;
+ goto done;
+ }
+
+ /* now add the userPrincipalName and sAMAccountName entries */
+ ok = ads_has_samaccountname(ads, frame, machine_name);
+ if (!ok) {
+ DEBUG(0, (__location__ ": unable to determine machine "
+ "account's name in AD!\n"));
+ ret = -1;
+ goto done;
+ }
+
+ /*
+ * append '$' to netbios name so 'ads_keytab_add_entry' recognises
+ * it as a machine account rather than a service or Windows SPN.
+ */
+ sam_account_name = talloc_asprintf(frame, "%s$",machine_name);
+ if (sam_account_name == NULL) {
+ ret = -1;
+ goto done;
+ }
+ /* upper case the sAMAccountName to make it easier for apps to
+ know what case to use in the keytab file */
+ if (!strupper_m(sam_account_name)) {
+ ret = -1;
+ goto done;
+ }
+
+ ret = ads_keytab_add_entry(ads, sam_account_name, false);
+ if (ret != 0) {
+ DEBUG(1, (__location__ ": ads_keytab_add_entry() failed "
+ "while adding sAMAccountName (%s)\n",
+ sam_account_name));
+ goto done;
+ }
+
+ /* remember that not every machine account will have a upn */
+ upn = ads_get_upn(ads, frame, machine_name);
+ if (upn) {
+ ret = ads_keytab_add_entry(ads, upn, false);
+ if (ret != 0) {
+ DEBUG(1, (__location__ ": ads_keytab_add_entry() "
+ "failed while adding UPN (%s)\n", upn));
+ goto done;
+ }
+ }
+
+ /* Now loop through the keytab and update any other existing entries */
+ kvno = (krb5_kvno)ads_get_machine_kvno(ads, machine_name);
+ if (kvno == (krb5_kvno)-1) {
+ DEBUG(1, (__location__ ": ads_get_machine_kvno() failed to "
+ "determine the system's kvno.\n"));
+ goto done;
+ }
+
+ DEBUG(3, (__location__ ": Searching for keytab entries to preserve "
+ "and update.\n"));
+
+ ret = ads_keytab_open(context, &keytab);
+ if (ret != 0) {
+ goto done;
+ }
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret != KRB5_KT_END && ret != ENOENT ) {
+ while ((ret = krb5_kt_next_entry(context, keytab,
+ &kt_entry, &cursor)) == 0) {
+ smb_krb5_kt_free_entry(context, &kt_entry);
+ ZERO_STRUCT(kt_entry);
+ found++;
+ }
+ }
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ ZERO_STRUCT(cursor);
+
+ /*
+ * Hmmm. There is no "rewind" function for the keytab. This means we
+ * have a race condition where someone else could add entries after
+ * we've counted them. Re-open asap to minimise the race. JRA.
+ */
+ DEBUG(3, (__location__ ": Found %zd entries in the keytab.\n", found));
+ if (!found) {
+ goto done;
+ }
+
+ oldEntries = talloc_zero_array(frame, char *, found + 1);
+ if (!oldEntries) {
+ DEBUG(1, (__location__ ": Failed to allocate space to store "
+ "the old keytab entries (talloc failed?).\n"));
+ ret = -1;
+ goto done;
+ }
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret == KRB5_KT_END || ret == ENOENT) {
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ ZERO_STRUCT(cursor);
+ goto done;
+ }
+
+ while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) {
+ if (kt_entry.vno != kvno) {
+ char *ktprinc = NULL;
+ char *p;
+
+ /* This returns a malloc'ed string in ktprinc. */
+ ret = smb_krb5_unparse_name(oldEntries, context,
+ kt_entry.principal,
+ &ktprinc);
+ if (ret) {
+ DEBUG(1, (__location__
+ ": smb_krb5_unparse_name failed "
+ "(%s)\n", error_message(ret)));
+ goto done;
+ }
+ /*
+ * From looking at the krb5 source they don't seem to
+ * take locale or mb strings into account.
+ * Maybe this is because they assume utf8 ?
+ * In this case we may need to convert from utf8 to
+ * mb charset here ? JRA.
+ */
+ p = strchr_m(ktprinc, '@');
+ if (p) {
+ *p = '\0';
+ }
+
+ p = strchr_m(ktprinc, '/');
+ if (p) {
+ *p = '\0';
+ }
+ for (i = 0; i < found; i++) {
+ if (!oldEntries[i]) {
+ oldEntries[i] = ktprinc;
+ break;
+ }
+ if (!strcmp(oldEntries[i], ktprinc)) {
+ TALLOC_FREE(ktprinc);
+ break;
+ }
+ }
+ if (i == found) {
+ TALLOC_FREE(ktprinc);
+ }
+ }
+ smb_krb5_kt_free_entry(context, &kt_entry);
+ ZERO_STRUCT(kt_entry);
+ }
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ ZERO_STRUCT(cursor);
+
+ ret = 0;
+ for (i = 0; oldEntries[i]; i++) {
+ ret |= ads_keytab_add_entry(ads, oldEntries[i], false);
+ TALLOC_FREE(oldEntries[i]);
+ }
+
+done:
+ TALLOC_FREE(oldEntries);
+ TALLOC_FREE(frame);
+
+ if (context) {
+ if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) {
+ smb_krb5_kt_free_entry(context, &kt_entry);
+ }
+ if (!all_zero((uint8_t *)&cursor, sizeof(cursor)) && keytab) {
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ }
+ if (keytab) {
+ krb5_kt_close(context, keytab);
+ }
+ krb5_free_context(context);
+ }
+ return ret;
+}
+
+#endif /* HAVE_ADS */
+
+/**********************************************************************
+ List system keytab.
+***********************************************************************/
+
+int ads_keytab_list(const char *keytab_name)
+{
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry kt_entry;
+
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ return ret;
+ }
+
+ if (keytab_name == NULL) {
+#ifdef HAVE_ADS
+ ret = ads_keytab_open(context, &keytab);
+#else
+ ret = ENOENT;
+#endif
+ } else {
+ ret = smb_krb5_kt_open(context, keytab_name, False, &keytab);
+ }
+ if (ret) {
+ DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
+ error_message(ret)));
+ goto out;
+ }
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret) {
+ ZERO_STRUCT(cursor);
+ goto out;
+ }
+
+ printf("Vno Type Principal\n");
+
+ while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) {
+
+ char *princ_s = NULL;
+ char *etype_s = NULL;
+ krb5_enctype enctype = 0;
+
+ ret = smb_krb5_unparse_name(talloc_tos(), context,
+ kt_entry.principal, &princ_s);
+ if (ret) {
+ goto out;
+ }
+
+ enctype = smb_krb5_kt_get_enctype_from_entry(&kt_entry);
+
+ ret = smb_krb5_enctype_to_string(context, enctype, &etype_s);
+ if (ret &&
+ (asprintf(&etype_s, "UNKNOWN: %d", enctype) == -1)) {
+ TALLOC_FREE(princ_s);
+ goto out;
+ }
+
+ printf("%3d %-43s %s\n", kt_entry.vno, etype_s, princ_s);
+
+ TALLOC_FREE(princ_s);
+ SAFE_FREE(etype_s);
+
+ ret = smb_krb5_kt_free_entry(context, &kt_entry);
+ if (ret) {
+ goto out;
+ }
+ }
+
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ if (ret) {
+ goto out;
+ }
+
+ /* Ensure we don't double free. */
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+out:
+
+ if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) {
+ smb_krb5_kt_free_entry(context, &kt_entry);
+ }
+ if (!all_zero((uint8_t *)&cursor, sizeof(cursor)) && keytab) {
+ krb5_kt_end_seq_get(context, keytab, &cursor);
+ }
+
+ if (keytab) {
+ krb5_kt_close(context, keytab);
+ }
+ if (context) {
+ krb5_free_context(context);
+ }
+ return ret;
+}
+
+#endif /* HAVE_KRB5 */
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
new file mode 100644
index 0000000..8073812
--- /dev/null
+++ b/source3/libads/kerberos_proto.h
@@ -0,0 +1,104 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * kerberos utility library
+ *
+ * Copyright (C) Andrew Tridgell 2001
+ * Copyright (C) Remus Koos (remuskoos@yahoo.com) 2001
+ * Copyright (C) Luke Howard 2002-2003
+ * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+ * Copyright (C) Guenther Deschner 2003-2008
+ * Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
+ * Copyright (C) Jeremy Allison 2004,2007
+ * Copyright (C) Stefan Metzmacher 2004-2005
+ * Copyright (C) Nalin Dahyabhai <nalin@redhat.com> 2004
+ * Copyright (C) Gerald Carter 2006
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBADS_KERBEROS_PROTO_H_
+#define _LIBADS_KERBEROS_PROTO_H_
+
+#include "system/kerberos.h"
+
+struct PAC_DATA_CTR;
+
+#define DEFAULT_KRB5_PORT 88
+
+#include "libads/ads_status.h"
+
+/* The following definitions come from libads/kerberos.c */
+
+int kerberos_kinit_password_ext(const char *given_principal,
+ const char *password,
+ int time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ TALLOC_CTX *mem_ctx,
+ char **_canon_principal,
+ char **_canon_realm,
+ NTSTATUS *ntstatus);
+int ads_kdestroy(const char *cc_name);
+
+int kerberos_kinit_password(const char *principal,
+ const char *password,
+ int time_offset,
+ const char *cache_name);
+bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+ const struct sockaddr_storage *pss);
+
+/* The following definitions come from libads/authdata.c */
+
+NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ const char *name,
+ const char *pass,
+ time_t time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ const char *local_service,
+ char **_canon_principal,
+ char **_canon_realm,
+ struct PAC_DATA_CTR **pac_data_ctr);
+
+/* The following definitions come from libads/krb5_setpw.c */
+
+ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
+ const char *newpw, int time_offset);
+ADS_STATUS kerberos_set_password(const char *kpasswd_server,
+ const char *auth_principal, const char *auth_password,
+ const char *target_principal, const char *new_password,
+ int time_offset);
+
+#ifdef HAVE_KRB5
+int create_kerberos_key_from_string(krb5_context context,
+ krb5_principal host_princ,
+ krb5_principal salt_princ,
+ krb5_data *password,
+ krb5_keyblock *key,
+ krb5_enctype enctype,
+ bool no_salt);
+#endif
+
+#endif /* _LIBADS_KERBEROS_PROTO_H_ */
diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c
new file mode 100644
index 0000000..bfe5382
--- /dev/null
+++ b/source3/libads/kerberos_util.c
@@ -0,0 +1,80 @@
+/*
+ Unix SMB/CIFS implementation.
+ krb5 set password implementation
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "ads.h"
+#include "lib/param/loadparm.h"
+
+#ifdef HAVE_KRB5
+
+/* run kinit to setup our ccache */
+int ads_kinit_password(ADS_STRUCT *ads)
+{
+ char *s;
+ int ret;
+ const char *account_name;
+ fstring acct_name;
+
+ if (ads->auth.password == NULL || ads->auth.password[0] == '\0') {
+ return KRB5_LIBOS_CANTREADPWD;
+ }
+
+ if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+ account_name = ads->auth.user_name;
+ goto got_accountname;
+ }
+
+ if ( IS_DC ) {
+ /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
+ account_name = lp_workgroup();
+ } else {
+ /* always use the sAMAccountName for security = domain */
+ /* lp_netbios_name()$@REA.LM */
+ if ( lp_security() == SEC_DOMAIN ) {
+ fstr_sprintf( acct_name, "%s$", lp_netbios_name() );
+ account_name = acct_name;
+ }
+ else
+ /* This looks like host/lp_netbios_name()@REA.LM */
+ account_name = ads->auth.user_name;
+ }
+
+ got_accountname:
+ if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
+ return KRB5_CC_NOMEM;
+ }
+
+ ret = kerberos_kinit_password_ext(s, ads->auth.password,
+ ads->auth.time_offset,
+ &ads->auth.tgt_expire, NULL,
+ ads->auth.ccache_name, false, false,
+ ads->auth.renewable,
+ NULL, NULL, NULL, NULL);
+
+ if (ret) {
+ DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
+ s, error_message(ret)));
+ }
+ SAFE_FREE(s);
+ return ret;
+}
+
+#endif
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
new file mode 100644
index 0000000..dda8857
--- /dev/null
+++ b/source3/libads/krb5_setpw.c
@@ -0,0 +1,329 @@
+/*
+ Unix SMB/CIFS implementation.
+ krb5 set password implementation
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
+#include "../lib/util/asn1.h"
+
+#ifdef HAVE_KRB5
+
+/* Those are defined by kerberos-set-passwd-02.txt and are probably
+ * not supported by M$ implementation */
+#define KRB5_KPASSWD_POLICY_REJECT 8
+#define KRB5_KPASSWD_BAD_PRINCIPAL 9
+#define KRB5_KPASSWD_ETYPE_NOSUPP 10
+
+/*
+ * we've got to be able to distinguish KRB_ERRORs from other
+ * requests - valid response for CHPW v2 replies.
+ */
+
+static krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code)
+{
+ switch (res_code) {
+ case KRB5_KPASSWD_ACCESSDENIED:
+ return KRB5KDC_ERR_BADOPTION;
+ case KRB5_KPASSWD_INITIAL_FLAG_NEEDED:
+ return KRB5KDC_ERR_BADOPTION;
+ /* return KV5M_ALT_METHOD; MIT-only define */
+ case KRB5_KPASSWD_ETYPE_NOSUPP:
+ return KRB5KDC_ERR_ETYPE_NOSUPP;
+ case KRB5_KPASSWD_BAD_PRINCIPAL:
+ return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ case KRB5_KPASSWD_POLICY_REJECT:
+ case KRB5_KPASSWD_SOFTERROR:
+ return KRB5KDC_ERR_POLICY;
+ default:
+ return KRB5KRB_ERR_GENERIC;
+ }
+}
+
+ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *principal,
+ const char *newpw, int time_offset)
+{
+
+ ADS_STATUS aret;
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_principal princ = NULL;
+ krb5_ccache ccache = NULL;
+ int result_code;
+ krb5_data result_code_string = { 0 };
+ krb5_data result_string = { 0 };
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ if (principal) {
+ ret = smb_krb5_parse_name(context, principal, &princ);
+ if (ret) {
+ krb5_free_context(context);
+ DEBUG(1, ("Failed to parse %s (%s)\n", principal,
+ error_message(ret)));
+ return ADS_ERROR_KRB5(ret);
+ }
+ }
+
+ if (time_offset != 0) {
+ krb5_set_real_time(context, time(NULL) + time_offset, 0);
+ }
+
+ ret = krb5_cc_default(context, &ccache);
+ if (ret) {
+ krb5_free_principal(context, princ);
+ krb5_free_context(context);
+ DEBUG(1,("Failed to get default creds (%s)\n", error_message(ret)));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ ret = krb5_set_password_using_ccache(context,
+ ccache,
+ discard_const_p(char, newpw),
+ princ,
+ &result_code,
+ &result_code_string,
+ &result_string);
+ if (ret) {
+ DEBUG(1, ("krb5_set_password failed (%s)\n", error_message(ret)));
+ aret = ADS_ERROR_KRB5(ret);
+ goto done;
+ }
+
+ if (result_code != KRB5_KPASSWD_SUCCESS) {
+ ret = kpasswd_err_to_krb5_err(result_code);
+ DEBUG(1, ("krb5_set_password failed (%s)\n", error_message(ret)));
+ aret = ADS_ERROR_KRB5(ret);
+ goto done;
+ }
+
+ aret = ADS_SUCCESS;
+
+ done:
+ smb_krb5_free_data_contents(context, &result_code_string);
+ smb_krb5_free_data_contents(context, &result_string);
+ krb5_free_principal(context, princ);
+ krb5_cc_close(context, ccache);
+ krb5_free_context(context);
+
+ return aret;
+}
+
+/*
+ we use a prompter to avoid a crash bug in the kerberos libs when
+ dealing with empty passwords
+ this prompter is just a string copy ...
+*/
+static krb5_error_code
+kerb_prompter(krb5_context ctx, void *data,
+ const char *name,
+ const char *banner,
+ int num_prompts,
+ krb5_prompt prompts[])
+{
+ if (num_prompts == 0) return 0;
+
+ memset(prompts[0].reply->data, 0, prompts[0].reply->length);
+ if (prompts[0].reply->length > 0) {
+ if (data) {
+ strncpy((char *)prompts[0].reply->data,
+ (const char *)data,
+ prompts[0].reply->length-1);
+ prompts[0].reply->length = strlen((const char *)prompts[0].reply->data);
+ } else {
+ prompts[0].reply->length = 0;
+ }
+ }
+ return 0;
+}
+
+static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
+ const char *principal,
+ const char *oldpw,
+ const char *newpw,
+ int time_offset)
+{
+ ADS_STATUS aret;
+ krb5_error_code ret;
+ krb5_context context = NULL;
+ krb5_principal princ;
+ krb5_get_init_creds_opt *opts = NULL;
+ krb5_creds creds;
+ char *chpw_princ = NULL, *password;
+ char *realm = NULL;
+ int result_code;
+ krb5_data result_code_string = { 0 };
+ krb5_data result_string = { 0 };
+ smb_krb5_addresses *addr = NULL;
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ if ((ret = smb_krb5_parse_name(context, principal, &princ))) {
+ krb5_free_context(context);
+ DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ ret = krb5_get_init_creds_opt_alloc(context, &opts);
+ if (ret != 0) {
+ krb5_free_context(context);
+ DBG_WARNING("krb5_get_init_creds_opt_alloc failed: %s\n",
+ error_message(ret));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ krb5_get_init_creds_opt_set_tkt_life(opts, 5 * 60);
+ krb5_get_init_creds_opt_set_renew_life(opts, 0);
+ krb5_get_init_creds_opt_set_forwardable(opts, 0);
+ krb5_get_init_creds_opt_set_proxiable(opts, 0);
+#ifdef SAMBA4_USES_HEIMDAL
+ krb5_get_init_creds_opt_set_win2k(context, opts, true);
+ krb5_get_init_creds_opt_set_canonicalize(context, opts, true);
+#else /* MIT */
+#if 0
+ /*
+ * FIXME
+ *
+ * Due to an upstream MIT Kerberos bug, this feature is not
+ * not working. Affection versions (2019-10-09): <= 1.17
+ *
+ * Reproducer:
+ * kinit -C aDmInIsTrAtOr@ACME.COM -S kadmin/changepw@ACME.COM
+ *
+ * This is NOT a problem if the service is a krbtgt.
+ *
+ * https://bugzilla.samba.org/show_bug.cgi?id=14155
+ */
+ krb5_get_init_creds_opt_set_canonicalize(opts, true);
+#endif
+#endif /* MIT */
+
+ /* note that heimdal will fill in the local addresses if the addresses
+ * in the creds_init_opt are all empty and then later fail with invalid
+ * address, sending our local netbios krb5 address - just like windows
+ * - avoids this - gd */
+ ret = smb_krb5_gen_netbios_krb5_address(&addr, lp_netbios_name());
+ if (ret) {
+ krb5_free_principal(context, princ);
+ krb5_get_init_creds_opt_free(context, opts);
+ krb5_free_context(context);
+ return ADS_ERROR_KRB5(ret);
+ }
+ krb5_get_init_creds_opt_set_address_list(opts, addr->addrs);
+
+ realm = smb_krb5_principal_get_realm(NULL, context, princ);
+
+ /* We have to obtain an INITIAL changepw ticket for changing password */
+ if (asprintf(&chpw_princ, "kadmin/changepw@%s", realm) == -1) {
+ krb5_free_principal(context, princ);
+ krb5_get_init_creds_opt_free(context, opts);
+ smb_krb5_free_addresses(context, addr);
+ krb5_free_context(context);
+ TALLOC_FREE(realm);
+ DEBUG(1, ("ads_krb5_chg_password: asprintf fail\n"));
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ TALLOC_FREE(realm);
+ password = SMB_STRDUP(oldpw);
+ ret = krb5_get_init_creds_password(context, &creds, princ, password,
+ kerb_prompter, NULL,
+ 0, chpw_princ, opts);
+ krb5_get_init_creds_opt_free(context, opts);
+ smb_krb5_free_addresses(context, addr);
+ SAFE_FREE(chpw_princ);
+ SAFE_FREE(password);
+
+ if (ret) {
+ if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ DEBUG(1,("Password incorrect while getting initial ticket\n"));
+ } else {
+ DEBUG(1,("krb5_get_init_creds_password failed (%s)\n", error_message(ret)));
+ }
+ krb5_free_principal(context, princ);
+ krb5_free_context(context);
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ ret = krb5_set_password(context,
+ &creds,
+ discard_const_p(char, newpw),
+ NULL,
+ &result_code,
+ &result_code_string,
+ &result_string);
+
+ if (ret) {
+ DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
+ aret = ADS_ERROR_KRB5(ret);
+ goto done;
+ }
+
+ if (result_code != KRB5_KPASSWD_SUCCESS) {
+ ret = kpasswd_err_to_krb5_err(result_code);
+ DEBUG(1, ("krb5_change_password failed (%s)\n", error_message(ret)));
+ aret = ADS_ERROR_KRB5(ret);
+ goto done;
+ }
+
+ aret = ADS_SUCCESS;
+
+ done:
+ smb_krb5_free_data_contents(context, &result_code_string);
+ smb_krb5_free_data_contents(context, &result_string);
+ krb5_free_principal(context, princ);
+ krb5_free_context(context);
+
+ return aret;
+}
+
+ADS_STATUS kerberos_set_password(const char *kpasswd_server,
+ const char *auth_principal,
+ const char *auth_password,
+ const char *target_principal,
+ const char *new_password, int time_offset)
+{
+ int ret;
+
+ if ((ret = kerberos_kinit_password(auth_principal, auth_password, time_offset, NULL))) {
+ DEBUG(1,("Failed kinit for principal %s (%s)\n", auth_principal, error_message(ret)));
+ return ADS_ERROR_KRB5(ret);
+ }
+
+ if (!strcmp(auth_principal, target_principal)) {
+ return ads_krb5_chg_password(kpasswd_server, target_principal,
+ auth_password, new_password,
+ time_offset);
+ } else {
+ return ads_krb5_set_password(kpasswd_server, target_principal,
+ new_password, time_offset);
+ }
+}
+
+#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
new file mode 100644
index 0000000..b5139e5
--- /dev/null
+++ b/source3/libads/ldap.c
@@ -0,0 +1,4684 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+ Copyright (C) Guenther Deschner 2005
+ Copyright (C) Gerald Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+#include "libads/sitename_cache.h"
+#include "libads/cldap.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../lib/addns/dnsquery.h"
+#include "../libds/common/flags.h"
+#include "smbldap.h"
+#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/netlogon.h"
+#include "lib/param/loadparm.h"
+#include "libsmb/namequery.h"
+#include "../librpc/gen_ndr/ndr_ads.h"
+
+#ifdef HAVE_LDAP
+
+/**
+ * @file ldap.c
+ * @brief basic ldap client-side routines for ads server communications
+ *
+ * The routines contained here should do the necessary ldap calls for
+ * ads setups.
+ *
+ * Important note: attribute names passed into ads_ routines must
+ * already be in UTF-8 format. We do not convert them because in almost
+ * all cases, they are just ascii (which is represented with the same
+ * codepoints in UTF-8). This may have to change at some point
+ **/
+
+
+#define LDAP_SERVER_TREE_DELETE_OID "1.2.840.113556.1.4.805"
+
+static SIG_ATOMIC_T gotalarm;
+
+/***************************************************************
+ Signal function to tell us we timed out.
+****************************************************************/
+
+static void gotalarm_sig(int signum)
+{
+ gotalarm = 1;
+}
+
+ LDAP *ldap_open_with_timeout(const char *server,
+ struct sockaddr_storage *ss,
+ int port, unsigned int to)
+{
+ LDAP *ldp = NULL;
+ int ldap_err;
+ char *uri;
+
+ DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout "
+ "%u seconds\n", server, port, to));
+
+ if (to) {
+ /* Setup timeout */
+ gotalarm = 0;
+ CatchSignal(SIGALRM, gotalarm_sig);
+ alarm(to);
+ /* End setup timeout. */
+ }
+
+ if ( strchr_m(server, ':') ) {
+ /* IPv6 URI */
+ uri = talloc_asprintf(talloc_tos(), "ldap://[%s]:%u", server, port);
+ } else {
+ /* IPv4 URI */
+ uri = talloc_asprintf(talloc_tos(), "ldap://%s:%u", server, port);
+ }
+ if (uri == NULL) {
+ return NULL;
+ }
+
+#ifdef HAVE_LDAP_INIT_FD
+ {
+ int fd = -1;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ unsigned timeout_ms = 1000 * to;
+
+ status = open_socket_out(ss, port, timeout_ms, &fd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("open_socket_out: failed to open socket\n"));
+ return NULL;
+ }
+
+/* define LDAP_PROTO_TCP from openldap.h if required */
+#ifndef LDAP_PROTO_TCP
+#define LDAP_PROTO_TCP 1
+#endif
+ ldap_err = ldap_init_fd(fd, LDAP_PROTO_TCP, uri, &ldp);
+ }
+#elif defined(HAVE_LDAP_INITIALIZE)
+ ldap_err = ldap_initialize(&ldp, uri);
+#else
+ ldp = ldap_open(server, port);
+ if (ldp != NULL) {
+ ldap_err = LDAP_SUCCESS;
+ } else {
+ ldap_err = LDAP_OTHER;
+ }
+#endif
+ if (ldap_err != LDAP_SUCCESS) {
+ DEBUG(2,("Could not initialize connection for LDAP server '%s': %s\n",
+ uri, ldap_err2string(ldap_err)));
+ } else {
+ DEBUG(10, ("Initialized connection for LDAP server '%s'\n", uri));
+ }
+
+ if (to) {
+ /* Teardown timeout. */
+ alarm(0);
+ CatchSignal(SIGALRM, SIG_IGN);
+ }
+
+ return ldp;
+}
+
+static int ldap_search_with_timeout(LDAP *ld,
+ LDAP_CONST char *base,
+ int scope,
+ LDAP_CONST char *filter,
+ char **attrs,
+ int attrsonly,
+ LDAPControl **sctrls,
+ LDAPControl **cctrls,
+ int sizelimit,
+ LDAPMessage **res )
+{
+ int to = lp_ldap_timeout();
+ struct timeval timeout;
+ struct timeval *timeout_ptr = NULL;
+ int result;
+
+ /* Setup timeout for the ldap_search_ext_s call - local and remote. */
+ gotalarm = 0;
+
+ if (to) {
+ timeout.tv_sec = to;
+ timeout.tv_usec = 0;
+ timeout_ptr = &timeout;
+
+ /* Setup alarm timeout. */
+ CatchSignal(SIGALRM, gotalarm_sig);
+ /* Make the alarm time one second beyond
+ the timeout we're setting for the
+ remote search timeout, to allow that
+ to fire in preference. */
+ alarm(to+1);
+ /* End setup timeout. */
+ }
+
+
+ result = ldap_search_ext_s(ld, base, scope, filter, attrs,
+ attrsonly, sctrls, cctrls, timeout_ptr,
+ sizelimit, res);
+
+ if (to) {
+ /* Teardown alarm timeout. */
+ CatchSignal(SIGALRM, SIG_IGN);
+ alarm(0);
+ }
+
+ if (gotalarm != 0)
+ return LDAP_TIMELIMIT_EXCEEDED;
+
+ /*
+ * A bug in OpenLDAP means ldap_search_ext_s can return
+ * LDAP_SUCCESS but with a NULL res pointer. Cope with
+ * this. See bug #6279 for details. JRA.
+ */
+
+ if (*res == NULL) {
+ return LDAP_TIMELIMIT_EXCEEDED;
+ }
+
+ return result;
+}
+
+/**********************************************
+ Do client and server sitename match ?
+**********************************************/
+
+bool ads_sitename_match(ADS_STRUCT *ads)
+{
+ if (ads->config.server_site_name == NULL &&
+ ads->config.client_site_name == NULL ) {
+ DEBUG(10,("ads_sitename_match: both null\n"));
+ return True;
+ }
+ if (ads->config.server_site_name &&
+ ads->config.client_site_name &&
+ strequal(ads->config.server_site_name,
+ ads->config.client_site_name)) {
+ DEBUG(10,("ads_sitename_match: name %s match\n", ads->config.server_site_name));
+ return True;
+ }
+ DEBUG(10,("ads_sitename_match: no match between server: %s and client: %s\n",
+ ads->config.server_site_name ? ads->config.server_site_name : "NULL",
+ ads->config.client_site_name ? ads->config.client_site_name : "NULL"));
+ return False;
+}
+
+/**********************************************
+ Is this the closest DC ?
+**********************************************/
+
+bool ads_closest_dc(ADS_STRUCT *ads)
+{
+ if (ads->config.flags & NBT_SERVER_CLOSEST) {
+ DEBUG(10,("ads_closest_dc: NBT_SERVER_CLOSEST flag set\n"));
+ return True;
+ }
+
+ /* not sure if this can ever happen */
+ if (ads_sitename_match(ads)) {
+ DEBUG(10,("ads_closest_dc: NBT_SERVER_CLOSEST flag not set but sites match\n"));
+ return True;
+ }
+
+ if (ads->config.client_site_name == NULL) {
+ DEBUG(10,("ads_closest_dc: client belongs to no site\n"));
+ return True;
+ }
+
+ DEBUG(10,("ads_closest_dc: %s is not the closest DC\n",
+ ads->config.ldap_server_name));
+
+ return False;
+}
+
+static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
+ bool gc,
+ const struct sockaddr_storage *ss,
+ const struct NETLOGON_SAM_LOGON_RESPONSE_EX *cldap_reply)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ bool ret = false;
+ char addr[INET6_ADDRSTRLEN];
+ ADS_STATUS status;
+ char *dn;
+
+ print_sockaddr(addr, sizeof(addr), ss);
+
+ /* Check the CLDAP reply flags */
+
+ if (!(cldap_reply->server_type & NBT_SERVER_LDAP)) {
+ DBG_WARNING("%s's CLDAP reply says it is not an LDAP server!\n",
+ addr);
+ ret = false;
+ goto out;
+ }
+
+ /* Fill in the ads->config values */
+
+ ADS_TALLOC_CONST_FREE(ads->config.realm);
+ ADS_TALLOC_CONST_FREE(ads->config.bind_path);
+ ADS_TALLOC_CONST_FREE(ads->config.ldap_server_name);
+ ADS_TALLOC_CONST_FREE(ads->config.server_site_name);
+ ADS_TALLOC_CONST_FREE(ads->config.client_site_name);
+ ADS_TALLOC_CONST_FREE(ads->server.workgroup);
+
+ if (!check_cldap_reply_required_flags(cldap_reply->server_type,
+ ads->config.flags)) {
+ ret = false;
+ goto out;
+ }
+
+ ads->config.ldap_server_name = talloc_strdup(ads,
+ cldap_reply->pdc_dns_name);
+ if (ads->config.ldap_server_name == NULL) {
+ DBG_WARNING("Out of memory\n");
+ ret = false;
+ goto out;
+ }
+
+ ads->config.realm = talloc_asprintf_strupper_m(ads,
+ "%s",
+ cldap_reply->dns_domain);
+ if (ads->config.realm == NULL) {
+ DBG_WARNING("Out of memory\n");
+ ret = false;
+ goto out;
+ }
+
+ status = ads_build_dn(ads->config.realm, ads, &dn);
+ if (!ADS_ERR_OK(status)) {
+ DBG_DEBUG("Failed to build bind path: %s\n",
+ ads_errstr(status));
+ ret = false;
+ goto out;
+ }
+ ads->config.bind_path = dn;
+
+ if (*cldap_reply->server_site) {
+ ads->config.server_site_name =
+ talloc_strdup(ads, cldap_reply->server_site);
+ if (ads->config.server_site_name == NULL) {
+ DBG_WARNING("Out of memory\n");
+ ret = false;
+ goto out;
+ }
+ }
+
+ if (*cldap_reply->client_site) {
+ ads->config.client_site_name =
+ talloc_strdup(ads, cldap_reply->client_site);
+ if (ads->config.client_site_name == NULL) {
+ DBG_WARNING("Out of memory\n");
+ ret = false;
+ goto out;
+ }
+ }
+
+ ads->server.workgroup = talloc_strdup(ads, cldap_reply->domain_name);
+ if (ads->server.workgroup == NULL) {
+ DBG_WARNING("Out of memory\n");
+ ret = false;
+ goto out;
+ }
+
+ ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
+ ads->ldap.ss = *ss;
+
+ /* Store our site name. */
+ sitename_store(cldap_reply->domain_name, cldap_reply->client_site);
+ sitename_store(cldap_reply->dns_domain, cldap_reply->client_site);
+
+ /* Leave this until last so that the flags are not clobbered */
+ ads->config.flags = cldap_reply->server_type;
+
+ ret = true;
+
+ out:
+
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/*
+ try a connection to a given ldap server, returning True and setting the servers IP
+ in the ads struct if successful
+ */
+static bool ads_try_connect(ADS_STRUCT *ads, bool gc,
+ struct sockaddr_storage *ss)
+{
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply = {};
+ TALLOC_CTX *frame = talloc_stackframe();
+ bool ok;
+ char addr[INET6_ADDRSTRLEN] = { 0, };
+
+ if (ss == NULL) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ print_sockaddr(addr, sizeof(addr), ss);
+
+ DBG_INFO("ads_try_connect: sending CLDAP request to %s (realm: %s)\n",
+ addr, ads->server.realm);
+
+ ok = ads_cldap_netlogon_5(frame, ss, ads->server.realm, &cldap_reply);
+ if (!ok) {
+ DBG_NOTICE("ads_cldap_netlogon_5(%s, %s) failed.\n",
+ addr, ads->server.realm);
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ ok = ads_fill_cldap_reply(ads, gc, ss, &cldap_reply);
+ if (!ok) {
+ DBG_NOTICE("ads_fill_cldap_reply(%s, %s) failed.\n",
+ addr, ads->server.realm);
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ TALLOC_FREE(frame);
+ return true;
+}
+
+/**********************************************************************
+ send a cldap ping to list of servers, one at a time, until one of
+ them answers it's an ldap server. Record success in the ADS_STRUCT.
+ Take note of and update negative connection cache.
+**********************************************************************/
+
+static NTSTATUS cldap_ping_list(ADS_STRUCT *ads,
+ const char *domain,
+ struct samba_sockaddr *sa_list,
+ size_t count)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct timeval endtime = timeval_current_ofs(MAX(3,lp_ldap_timeout()/2), 0);
+ uint32_t nt_version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
+ struct tsocket_address **ts_list = NULL;
+ const struct tsocket_address * const *ts_list_const = NULL;
+ struct samba_sockaddr **req_sa_list = NULL;
+ struct netlogon_samlogon_response **responses = NULL;
+ size_t num_requests = 0;
+ NTSTATUS status;
+ size_t i;
+ bool ok = false;
+ bool retry;
+
+ ts_list = talloc_zero_array(frame,
+ struct tsocket_address *,
+ count);
+ if (ts_list == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ req_sa_list = talloc_zero_array(frame,
+ struct samba_sockaddr *,
+ count);
+ if (req_sa_list == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+again:
+ /*
+ * The retry loop is bound by the timeout
+ */
+ retry = false;
+ num_requests = 0;
+
+ for (i = 0; i < count; i++) {
+ char server[INET6_ADDRSTRLEN];
+ int ret;
+
+ if (is_zero_addr(&sa_list[i].u.ss)) {
+ continue;
+ }
+
+ print_sockaddr(server, sizeof(server), &sa_list[i].u.ss);
+
+ status = check_negative_conn_cache(domain, server);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+
+ ret = tsocket_address_inet_from_strings(ts_list, "ip",
+ server, LDAP_PORT,
+ &ts_list[num_requests]);
+ if (ret != 0) {
+ status = map_nt_error_from_unix(errno);
+ DBG_WARNING("Failed to create tsocket_address for %s - %s\n",
+ server, nt_errstr(status));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ req_sa_list[num_requests] = &sa_list[i];
+ num_requests += 1;
+ }
+
+ DBG_DEBUG("Try to create %zu netlogon connections for domain '%s' "
+ "(provided count of addresses was %zu).\n",
+ num_requests,
+ domain,
+ count);
+
+ if (num_requests == 0) {
+ status = NT_STATUS_NO_LOGON_SERVERS;
+ DBG_WARNING("domain[%s] num_requests[%zu] for count[%zu] - %s\n",
+ domain, num_requests, count, nt_errstr(status));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ ts_list_const = (const struct tsocket_address * const *)ts_list;
+
+ status = cldap_multi_netlogon(frame,
+ ts_list_const, num_requests,
+ ads->server.realm, NULL,
+ nt_version,
+ 1, endtime, &responses);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("cldap_multi_netlogon(realm=%s, num_requests=%zu) "
+ "for count[%zu] - %s\n",
+ ads->server.realm,
+ num_requests, count,
+ nt_errstr(status));
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_LOGON_SERVERS;
+ }
+
+ for (i = 0; i < num_requests; i++) {
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX *cldap_reply = NULL;
+ char server[INET6_ADDRSTRLEN];
+
+ if (responses[i] == NULL) {
+ continue;
+ }
+
+ print_sockaddr(server, sizeof(server), &req_sa_list[i]->u.ss);
+
+ if (responses[i]->ntver != NETLOGON_NT_VERSION_5EX) {
+ DBG_NOTICE("realm=[%s] nt_version mismatch: 0x%08x for %s\n",
+ ads->server.realm,
+ responses[i]->ntver, server);
+ continue;
+ }
+
+ cldap_reply = &responses[i]->data.nt5_ex;
+
+ /* Returns ok only if it matches the correct server type */
+ ok = ads_fill_cldap_reply(ads,
+ false,
+ &req_sa_list[i]->u.ss,
+ cldap_reply);
+ if (ok) {
+ DBG_DEBUG("realm[%s]: selected %s => %s\n",
+ ads->server.realm,
+ server, cldap_reply->pdc_dns_name);
+ if (CHECK_DEBUGLVL(DBGLVL_DEBUG)) {
+ NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_EX,
+ cldap_reply);
+ }
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ DBG_NOTICE("realm[%s] server %s %s - not usable\n",
+ ads->server.realm,
+ server, cldap_reply->pdc_dns_name);
+ if (CHECK_DEBUGLVL(DBGLVL_NOTICE)) {
+ NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_EX,
+ cldap_reply);
+ }
+ add_failed_connection_entry(domain, server,
+ NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID);
+ retry = true;
+ }
+
+ if (retry) {
+ bool expired;
+
+ expired = timeval_expired(&endtime);
+ if (!expired) {
+ goto again;
+ }
+ }
+
+ /* keep track of failures as all were not suitable */
+ for (i = 0; i < num_requests; i++) {
+ char server[INET6_ADDRSTRLEN];
+
+ print_sockaddr(server, sizeof(server), &req_sa_list[i]->u.ss);
+
+ add_failed_connection_entry(domain, server,
+ NT_STATUS_UNSUCCESSFUL);
+ }
+
+ status = NT_STATUS_NO_LOGON_SERVERS;
+ DBG_WARNING("realm[%s] no valid response "
+ "num_requests[%zu] for count[%zu] - %s\n",
+ ads->server.realm,
+ num_requests, count, nt_errstr(status));
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_LOGON_SERVERS;
+}
+
+/***************************************************************************
+ resolve a name and perform an "ldap ping" using NetBIOS and related methods
+****************************************************************************/
+
+static NTSTATUS resolve_and_ping_netbios(ADS_STRUCT *ads,
+ const char *domain, const char *realm)
+{
+ size_t i;
+ size_t count = 0;
+ struct samba_sockaddr *sa_list = NULL;
+ NTSTATUS status;
+
+ DEBUG(6, ("resolve_and_ping_netbios: (cldap) looking for domain '%s'\n",
+ domain));
+
+ status = get_sorted_dc_list(talloc_tos(),
+ domain,
+ NULL,
+ &sa_list,
+ &count,
+ false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* remove servers which are known to be dead based on
+ the corresponding DNS method */
+ if (*realm) {
+ for (i = 0; i < count; ++i) {
+ char server[INET6_ADDRSTRLEN];
+
+ print_sockaddr(server, sizeof(server), &sa_list[i].u.ss);
+
+ if(!NT_STATUS_IS_OK(
+ check_negative_conn_cache(realm, server))) {
+ /* Ensure we add the workgroup name for this
+ IP address as negative too. */
+ add_failed_connection_entry(
+ domain, server,
+ NT_STATUS_UNSUCCESSFUL);
+ }
+ }
+ }
+
+ status = cldap_ping_list(ads, domain, sa_list, count);
+
+ TALLOC_FREE(sa_list);
+
+ return status;
+}
+
+
+/**********************************************************************
+ resolve a name and perform an "ldap ping" using DNS
+**********************************************************************/
+
+static NTSTATUS resolve_and_ping_dns(ADS_STRUCT *ads, const char *sitename,
+ const char *realm)
+{
+ size_t count = 0;
+ struct samba_sockaddr *sa_list = NULL;
+ NTSTATUS status;
+
+ DEBUG(6, ("resolve_and_ping_dns: (cldap) looking for realm '%s'\n",
+ realm));
+
+ status = get_sorted_dc_list(talloc_tos(),
+ realm,
+ sitename,
+ &sa_list,
+ &count,
+ true);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(sa_list);
+ return status;
+ }
+
+ status = cldap_ping_list(ads, realm, sa_list, count);
+
+ TALLOC_FREE(sa_list);
+
+ return status;
+}
+
+/**********************************************************************
+ Try to find an AD dc using our internal name resolution routines
+ Try the realm first and then the workgroup name if netbios is not
+ disabled
+**********************************************************************/
+
+static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
+{
+ const char *c_domain = "";
+ const char *c_realm;
+ bool use_own_domain = False;
+ char *sitename = NULL;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ bool ok = false;
+
+ /* if the realm and workgroup are both empty, assume they are ours */
+
+ /* realm */
+ c_realm = ads->server.realm;
+
+ if (c_realm == NULL)
+ c_realm = "";
+
+ if (!*c_realm) {
+ /* special case where no realm and no workgroup means our own */
+ if ( !ads->server.workgroup || !*ads->server.workgroup ) {
+ use_own_domain = True;
+ c_realm = lp_realm();
+ }
+ }
+
+ if (!lp_disable_netbios()) {
+ if (use_own_domain) {
+ c_domain = lp_workgroup();
+ } else {
+ c_domain = ads->server.workgroup;
+ if (!*c_realm && (!c_domain || !*c_domain)) {
+ c_domain = lp_workgroup();
+ }
+ }
+
+ if (!c_domain) {
+ c_domain = "";
+ }
+ }
+
+ if (!*c_realm && !*c_domain) {
+ DEBUG(0, ("ads_find_dc: no realm or workgroup! Don't know "
+ "what to do\n"));
+ return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
+ }
+
+ /*
+ * In case of LDAP we use get_dc_name() as that
+ * creates the custom krb5.conf file
+ */
+ if (!(ads->auth.flags & ADS_AUTH_NO_BIND)) {
+ fstring srv_name;
+ struct sockaddr_storage ip_out;
+
+ DEBUG(6, ("ads_find_dc: (ldap) looking for realm '%s'"
+ " and falling back to domain '%s'\n",
+ c_realm, c_domain));
+
+ ok = get_dc_name(c_domain, c_realm, srv_name, &ip_out);
+ if (ok) {
+ if (is_zero_addr(&ip_out)) {
+ return NT_STATUS_NO_LOGON_SERVERS;
+ }
+
+ /*
+ * we call ads_try_connect() to fill in the
+ * ads->config details
+ */
+ ok = ads_try_connect(ads, false, &ip_out);
+ if (ok) {
+ return NT_STATUS_OK;
+ }
+ }
+
+ return NT_STATUS_NO_LOGON_SERVERS;
+ }
+
+ if (*c_realm) {
+ sitename = sitename_fetch(talloc_tos(), c_realm);
+ status = resolve_and_ping_dns(ads, sitename, c_realm);
+
+ if (NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(sitename);
+ return status;
+ }
+
+ /* In case we failed to contact one of our closest DC on our
+ * site we
+ * need to try to find another DC, retry with a site-less SRV
+ * DNS query
+ * - Guenther */
+
+ if (sitename) {
+ DEBUG(3, ("ads_find_dc: failed to find a valid DC on "
+ "our site (%s), Trying to find another DC "
+ "for realm '%s' (domain '%s')\n",
+ sitename, c_realm, c_domain));
+ namecache_delete(c_realm, 0x1C);
+ status =
+ resolve_and_ping_dns(ads, NULL, c_realm);
+
+ if (NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(sitename);
+ return status;
+ }
+ }
+
+ TALLOC_FREE(sitename);
+ }
+
+ /* try netbios as fallback - if permitted,
+ or if configuration specifically requests it */
+ if (*c_domain) {
+ if (*c_realm) {
+ DEBUG(3, ("ads_find_dc: falling back to netbios "
+ "name resolution for domain '%s' (realm '%s')\n",
+ c_domain, c_realm));
+ }
+
+ status = resolve_and_ping_netbios(ads, c_domain, c_realm);
+ if (NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ DEBUG(1, ("ads_find_dc: "
+ "name resolution for realm '%s' (domain '%s') failed: %s\n",
+ c_realm, c_domain, nt_errstr(status)));
+ return status;
+}
+/**
+ * Connect to the LDAP server
+ * @param ads Pointer to an existing ADS_STRUCT
+ * @return status of connection
+ **/
+ADS_STATUS ads_connect(ADS_STRUCT *ads)
+{
+ int version = LDAP_VERSION3;
+ ADS_STATUS status;
+ NTSTATUS ntstatus;
+ char addr[INET6_ADDRSTRLEN];
+ struct sockaddr_storage existing_ss;
+
+ zero_sockaddr(&existing_ss);
+
+ /*
+ * ads_connect can be passed in a reused ADS_STRUCT
+ * with an existing non-zero ads->ldap.ss IP address
+ * that was stored by going through ads_find_dc()
+ * if ads->server.ldap_server was NULL.
+ *
+ * If ads->server.ldap_server is still NULL but
+ * the target address isn't the zero address, then
+ * store that address off off before zeroing out
+ * ads->ldap so we don't keep doing multiple calls
+ * to ads_find_dc() in the reuse case.
+ *
+ * If a caller wants a clean ADS_STRUCT they
+ * will TALLOC_FREE it and allocate a new one
+ * by calling ads_init(), which ensures
+ * ads->ldap.ss is a properly zero'ed out valid IP
+ * address.
+ */
+ if (ads->server.ldap_server == NULL && !is_zero_addr(&ads->ldap.ss)) {
+ /* Save off the address we previously found by ads_find_dc(). */
+ existing_ss = ads->ldap.ss;
+ }
+
+ ads_zero_ldap(ads);
+ ZERO_STRUCT(ads->ldap_wrap_data);
+ ads->ldap.last_attempt = time_mono(NULL);
+ ads->ldap_wrap_data.wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
+
+ /* try with a user specified server */
+
+ if (DEBUGLEVEL >= 11) {
+ char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads);
+ DEBUG(11,("ads_connect: entering\n"));
+ DEBUGADD(11,("%s\n", s));
+ TALLOC_FREE(s);
+ }
+
+ if (ads->server.ldap_server) {
+ bool ok = false;
+ struct sockaddr_storage ss;
+
+ DBG_DEBUG("Resolving name of LDAP server '%s'.\n",
+ ads->server.ldap_server);
+ ok = resolve_name(ads->server.ldap_server, &ss, 0x20, true);
+ if (!ok) {
+ DEBUG(5,("ads_connect: unable to resolve name %s\n",
+ ads->server.ldap_server));
+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
+ goto out;
+ }
+
+ if (is_zero_addr(&ss)) {
+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
+ goto out;
+ }
+
+ ok = ads_try_connect(ads, ads->server.gc, &ss);
+ if (ok) {
+ goto got_connection;
+ }
+
+ /* The choice of which GC use is handled one level up in
+ ads_connect_gc(). If we continue on from here with
+ ads_find_dc() we will get GC searches on port 389 which
+ doesn't work. --jerry */
+
+ if (ads->server.gc == true) {
+ return ADS_ERROR(LDAP_OPERATIONS_ERROR);
+ }
+
+ if (ads->server.no_fallback) {
+ status = ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
+ goto out;
+ }
+ }
+
+ if (!is_zero_addr(&existing_ss)) {
+ /* We saved off who we should talk to. */
+ bool ok = ads_try_connect(ads,
+ ads->server.gc,
+ &existing_ss);
+ if (ok) {
+ goto got_connection;
+ }
+ /*
+ * Keep trying to find a server and fall through
+ * into ads_find_dc() again.
+ */
+ DBG_DEBUG("Failed to connect to DC via LDAP server IP address, "
+ "trying to find another DC.\n");
+ }
+
+ ntstatus = ads_find_dc(ads);
+ if (NT_STATUS_IS_OK(ntstatus)) {
+ goto got_connection;
+ }
+
+ status = ADS_ERROR_NT(ntstatus);
+ goto out;
+
+got_connection:
+
+ print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+ DEBUG(3,("Successfully contacted LDAP server %s\n", addr));
+
+ if (!ads->auth.user_name) {
+ /* Must use the userPrincipalName value here or sAMAccountName
+ and not servicePrincipalName; found by Guenther Deschner */
+ ads->auth.user_name = talloc_asprintf(ads,
+ "%s$",
+ lp_netbios_name());
+ if (ads->auth.user_name == NULL) {
+ DBG_ERR("talloc_asprintf failed\n");
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ if (ads->auth.realm == NULL) {
+ ads->auth.realm = talloc_strdup(ads, ads->config.realm);
+ if (ads->auth.realm == NULL) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ if (!ads->auth.kdc_server) {
+ print_sockaddr(addr, sizeof(addr), &ads->ldap.ss);
+ ads->auth.kdc_server = talloc_strdup(ads, addr);
+ if (ads->auth.kdc_server == NULL) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ /* If the caller() requested no LDAP bind, then we are done */
+
+ if (ads->auth.flags & ADS_AUTH_NO_BIND) {
+ status = ADS_SUCCESS;
+ goto out;
+ }
+
+ ads->ldap_wrap_data.mem_ctx = talloc_init("ads LDAP connection memory");
+ if (!ads->ldap_wrap_data.mem_ctx) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+
+ /* Otherwise setup the TCP LDAP session */
+
+ ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name,
+ &ads->ldap.ss,
+ ads->ldap.port, lp_ldap_timeout());
+ if (ads->ldap.ld == NULL) {
+ status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
+ goto out;
+ }
+ DEBUG(3,("Connected to LDAP server %s\n", ads->config.ldap_server_name));
+
+ /* cache the successful connection for workgroup and realm */
+ if (ads_closest_dc(ads)) {
+ saf_store( ads->server.workgroup, ads->config.ldap_server_name);
+ saf_store( ads->server.realm, ads->config.ldap_server_name);
+ }
+
+ ldap_set_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+ /* fill in the current time and offsets */
+
+ status = ads_current_time( ads );
+ if ( !ADS_ERR_OK(status) ) {
+ goto out;
+ }
+
+ /* Now do the bind */
+
+ if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
+ status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, NULL, NULL));
+ goto out;
+ }
+
+ if (ads->auth.flags & ADS_AUTH_SIMPLE_BIND) {
+ status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, ads->auth.user_name, ads->auth.password));
+ goto out;
+ }
+
+ status = ads_sasl_bind(ads);
+
+ out:
+ if (DEBUGLEVEL >= 11) {
+ char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads);
+ DEBUG(11,("ads_connect: leaving with: %s\n",
+ ads_errstr(status)));
+ DEBUGADD(11,("%s\n", s));
+ TALLOC_FREE(s);
+ }
+
+ return status;
+}
+
+/**
+ * Connect to the LDAP server using given credentials
+ * @param ads Pointer to an existing ADS_STRUCT
+ * @return status of connection
+ **/
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads)
+{
+ ads->auth.flags |= ADS_AUTH_USER_CREDS;
+
+ return ads_connect(ads);
+}
+
+/**
+ * Zero out the internal ads->ldap struct and initialize the address to zero IP.
+ * @param ads Pointer to an existing ADS_STRUCT
+ *
+ * Sets the ads->ldap.ss to a valid
+ * zero ip address that can be detected by
+ * our is_zero_addr() function. Otherwise
+ * it is left as AF_UNSPEC (0).
+ **/
+void ads_zero_ldap(ADS_STRUCT *ads)
+{
+ ZERO_STRUCT(ads->ldap);
+ /*
+ * Initialize the sockaddr_storage so we can use
+ * sockaddr test functions against it.
+ */
+ zero_sockaddr(&ads->ldap.ss);
+}
+
+/**
+ * Disconnect the LDAP server
+ * @param ads Pointer to an existing ADS_STRUCT
+ **/
+void ads_disconnect(ADS_STRUCT *ads)
+{
+ if (ads->ldap.ld) {
+ ldap_unbind(ads->ldap.ld);
+ ads->ldap.ld = NULL;
+ }
+ if (ads->ldap_wrap_data.wrap_ops &&
+ ads->ldap_wrap_data.wrap_ops->disconnect) {
+ ads->ldap_wrap_data.wrap_ops->disconnect(&ads->ldap_wrap_data);
+ }
+ if (ads->ldap_wrap_data.mem_ctx) {
+ talloc_free(ads->ldap_wrap_data.mem_ctx);
+ }
+ ads_zero_ldap(ads);
+ ZERO_STRUCT(ads->ldap_wrap_data);
+}
+
+/*
+ Duplicate a struct berval into talloc'ed memory
+ */
+static struct berval *dup_berval(TALLOC_CTX *ctx, const struct berval *in_val)
+{
+ struct berval *value;
+
+ if (!in_val) return NULL;
+
+ value = talloc_zero(ctx, struct berval);
+ if (value == NULL)
+ return NULL;
+ if (in_val->bv_len == 0) return value;
+
+ value->bv_len = in_val->bv_len;
+ value->bv_val = (char *)talloc_memdup(ctx, in_val->bv_val,
+ in_val->bv_len);
+ return value;
+}
+
+/*
+ Make a values list out of an array of (struct berval *)
+ */
+static struct berval **ads_dup_values(TALLOC_CTX *ctx,
+ const struct berval **in_vals)
+{
+ struct berval **values;
+ int i;
+
+ if (!in_vals) return NULL;
+ for (i=0; in_vals[i]; i++)
+ ; /* count values */
+ values = talloc_zero_array(ctx, struct berval *, i+1);
+ if (!values) return NULL;
+
+ for (i=0; in_vals[i]; i++) {
+ values[i] = dup_berval(ctx, in_vals[i]);
+ }
+ return values;
+}
+
+/*
+ UTF8-encode a values list out of an array of (char *)
+ */
+static char **ads_push_strvals(TALLOC_CTX *ctx, const char **in_vals)
+{
+ char **values;
+ int i;
+ size_t size;
+
+ if (!in_vals) return NULL;
+ for (i=0; in_vals[i]; i++)
+ ; /* count values */
+ values = talloc_zero_array(ctx, char *, i+1);
+ if (!values) return NULL;
+
+ for (i=0; in_vals[i]; i++) {
+ if (!push_utf8_talloc(ctx, &values[i], in_vals[i], &size)) {
+ TALLOC_FREE(values);
+ return NULL;
+ }
+ }
+ return values;
+}
+
+/*
+ Pull a (char *) array out of a UTF8-encoded values list
+ */
+static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals)
+{
+ char **values;
+ int i;
+ size_t converted_size;
+
+ if (!in_vals) return NULL;
+ for (i=0; in_vals[i]; i++)
+ ; /* count values */
+ values = talloc_zero_array(ctx, char *, i+1);
+ if (!values) return NULL;
+
+ for (i=0; in_vals[i]; i++) {
+ if (!pull_utf8_talloc(ctx, &values[i], in_vals[i],
+ &converted_size)) {
+ DEBUG(0,("ads_pull_strvals: pull_utf8_talloc failed: "
+ "%s\n", strerror(errno)));
+ }
+ }
+ return values;
+}
+
+/**
+ * Do a search with paged results. cookie must be null on the first
+ * call, and then returned on each subsequent call. It will be null
+ * again when the entire search is complete
+ * @param ads connection to ads server
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE)
+ * @param expr Search expression - specified in local charset
+ * @param attrs Attributes to retrieve - specified in utf8 or ascii
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param count Number of entries retrieved on this page
+ * @param cookie The paged results cookie to be returned on subsequent calls
+ * @return status of search
+ **/
+static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads,
+ const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, void *args,
+ LDAPMessage **res,
+ int *count, struct berval **cookie)
+{
+ int rc, i, version;
+ char *utf8_expr, *utf8_path, **search_attrs = NULL;
+ size_t converted_size;
+ LDAPControl PagedResults, NoReferrals, ExternalCtrl, *controls[4], **rcontrols;
+ BerElement *cookie_be = NULL;
+ struct berval *cookie_bv= NULL;
+ BerElement *ext_be = NULL;
+ struct berval *ext_bv= NULL;
+
+ TALLOC_CTX *ctx;
+ ads_control *external_control = (ads_control *) args;
+
+ *res = NULL;
+
+ if (!(ctx = talloc_init("ads_do_paged_search_args")))
+ return ADS_ERROR(LDAP_NO_MEMORY);
+
+ /* 0 means the conversion worked but the result was empty
+ so we only fail if it's -1. In any case, it always
+ at least nulls out the dest */
+ if (!push_utf8_talloc(ctx, &utf8_expr, expr, &converted_size) ||
+ !push_utf8_talloc(ctx, &utf8_path, bind_path, &converted_size))
+ {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ if (!attrs || !(*attrs))
+ search_attrs = NULL;
+ else {
+ /* This would be the utf8-encoded version...*/
+ /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */
+ if (!(search_attrs = str_list_copy(talloc_tos(), attrs))) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+ }
+
+ /* Paged results only available on ldap v3 or later */
+ ldap_get_option(ads->ldap.ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+ if (version < LDAP_VERSION3) {
+ rc = LDAP_NOT_SUPPORTED;
+ goto done;
+ }
+
+ cookie_be = ber_alloc_t(LBER_USE_DER);
+ if (*cookie) {
+ ber_printf(cookie_be, "{iO}", (ber_int_t) ads->config.ldap_page_size, *cookie);
+ ber_bvfree(*cookie); /* don't need it from last time */
+ *cookie = NULL;
+ } else {
+ ber_printf(cookie_be, "{io}", (ber_int_t) ads->config.ldap_page_size, "", 0);
+ }
+ ber_flatten(cookie_be, &cookie_bv);
+ PagedResults.ldctl_oid = discard_const_p(char, ADS_PAGE_CTL_OID);
+ PagedResults.ldctl_iscritical = (char) 1;
+ PagedResults.ldctl_value.bv_len = cookie_bv->bv_len;
+ PagedResults.ldctl_value.bv_val = cookie_bv->bv_val;
+
+ NoReferrals.ldctl_oid = discard_const_p(char, ADS_NO_REFERRALS_OID);
+ NoReferrals.ldctl_iscritical = (char) 0;
+ NoReferrals.ldctl_value.bv_len = 0;
+ NoReferrals.ldctl_value.bv_val = discard_const_p(char, "");
+
+ if (external_control &&
+ (strequal(external_control->control, ADS_EXTENDED_DN_OID) ||
+ strequal(external_control->control, ADS_SD_FLAGS_OID))) {
+
+ ExternalCtrl.ldctl_oid = discard_const_p(char, external_control->control);
+ ExternalCtrl.ldctl_iscritical = (char) external_control->critical;
+
+ /* win2k does not accept a ldctl_value being passed in */
+
+ if (external_control->val != 0) {
+
+ if ((ext_be = ber_alloc_t(LBER_USE_DER)) == NULL ) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ if ((ber_printf(ext_be, "{i}", (ber_int_t) external_control->val)) == -1) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+ if ((ber_flatten(ext_be, &ext_bv)) == -1) {
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ ExternalCtrl.ldctl_value.bv_len = ext_bv->bv_len;
+ ExternalCtrl.ldctl_value.bv_val = ext_bv->bv_val;
+
+ } else {
+ ExternalCtrl.ldctl_value.bv_len = 0;
+ ExternalCtrl.ldctl_value.bv_val = NULL;
+ }
+
+ controls[0] = &NoReferrals;
+ controls[1] = &PagedResults;
+ controls[2] = &ExternalCtrl;
+ controls[3] = NULL;
+
+ } else {
+ controls[0] = &NoReferrals;
+ controls[1] = &PagedResults;
+ controls[2] = NULL;
+ }
+
+ /* we need to disable referrals as the openldap libs don't
+ handle them and paged results at the same time. Using them
+ together results in the result record containing the server
+ page control being removed from the result list (tridge/jmcd)
+
+ leaving this in despite the control that says don't generate
+ referrals, in case the server doesn't support it (jmcd)
+ */
+ ldap_set_option(ads->ldap.ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+
+ rc = ldap_search_with_timeout(ads->ldap.ld, utf8_path, scope, utf8_expr,
+ search_attrs, 0, controls,
+ NULL, LDAP_NO_LIMIT,
+ (LDAPMessage **)res);
+
+ ber_free(cookie_be, 1);
+ ber_bvfree(cookie_bv);
+
+ if (rc) {
+ DEBUG(3,("ads_do_paged_search_args: ldap_search_with_timeout(%s) -> %s\n", expr,
+ ldap_err2string(rc)));
+ if (rc == LDAP_OTHER) {
+ char *ldap_errmsg;
+ int ret;
+
+ ret = ldap_parse_result(ads->ldap.ld,
+ *res,
+ NULL,
+ NULL,
+ &ldap_errmsg,
+ NULL,
+ NULL,
+ 0);
+ if (ret == LDAP_SUCCESS) {
+ DEBUG(3, ("ldap_search_with_timeout(%s) "
+ "error: %s\n", expr, ldap_errmsg));
+ ldap_memfree(ldap_errmsg);
+ }
+ }
+ goto done;
+ }
+
+ rc = ldap_parse_result(ads->ldap.ld, *res, NULL, NULL, NULL,
+ NULL, &rcontrols, 0);
+
+ if (!rcontrols) {
+ goto done;
+ }
+
+ for (i=0; rcontrols[i]; i++) {
+ if (strcmp(ADS_PAGE_CTL_OID, rcontrols[i]->ldctl_oid) == 0) {
+ cookie_be = ber_init(&rcontrols[i]->ldctl_value);
+ ber_scanf(cookie_be,"{iO}", (ber_int_t *) count,
+ &cookie_bv);
+ /* the berval is the cookie, but must be freed when
+ it is all done */
+ if (cookie_bv->bv_len) /* still more to do */
+ *cookie=ber_bvdup(cookie_bv);
+ else
+ *cookie=NULL;
+ ber_bvfree(cookie_bv);
+ ber_free(cookie_be, 1);
+ break;
+ }
+ }
+ ldap_controls_free(rcontrols);
+
+done:
+ talloc_destroy(ctx);
+
+ if (ext_be) {
+ ber_free(ext_be, 1);
+ }
+
+ if (ext_bv) {
+ ber_bvfree(ext_bv);
+ }
+
+ if (rc != LDAP_SUCCESS && *res != NULL) {
+ ads_msgfree(ads, *res);
+ *res = NULL;
+ }
+
+ /* if/when we decide to utf8-encode attrs, take out this next line */
+ TALLOC_FREE(search_attrs);
+
+ return ADS_ERROR(rc);
+}
+
+static ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, LDAPMessage **res,
+ int *count, struct berval **cookie)
+{
+ return ads_do_paged_search_args(ads, bind_path, scope, expr, attrs, NULL, res, count, cookie);
+}
+
+
+/**
+ * Get all results for a search. This uses ads_do_paged_search() to return
+ * all entries in a large search.
+ * @param ads connection to ads server
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE)
+ * @param expr Search expression
+ * @param attrs Attributes to retrieve
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @return status of search
+ **/
+ ADS_STATUS ads_do_search_all_args(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, void *args,
+ LDAPMessage **res)
+{
+ struct berval *cookie = NULL;
+ int count = 0;
+ ADS_STATUS status;
+
+ *res = NULL;
+ status = ads_do_paged_search_args(ads, bind_path, scope, expr, attrs, args, res,
+ &count, &cookie);
+
+ if (!ADS_ERR_OK(status))
+ return status;
+
+#ifdef HAVE_LDAP_ADD_RESULT_ENTRY
+ while (cookie) {
+ LDAPMessage *res2 = NULL;
+ LDAPMessage *msg, *next;
+
+ status = ads_do_paged_search_args(ads, bind_path, scope, expr,
+ attrs, args, &res2, &count, &cookie);
+ if (!ADS_ERR_OK(status)) {
+ break;
+ }
+
+ /* this relies on the way that ldap_add_result_entry() works internally. I hope
+ that this works on all ldap libs, but I have only tested with openldap */
+ for (msg = ads_first_message(ads, res2); msg; msg = next) {
+ next = ads_next_message(ads, msg);
+ ldap_add_result_entry((LDAPMessage **)res, msg);
+ }
+ /* note that we do not free res2, as the memory is now
+ part of the main returned list */
+ }
+#else
+ DEBUG(0, ("no ldap_add_result_entry() support in LDAP libs!\n"));
+ status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+#endif
+
+ return status;
+}
+
+ ADS_STATUS ads_do_search_all(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, LDAPMessage **res)
+{
+ return ads_do_search_all_args(ads, bind_path, scope, expr, attrs, NULL, res);
+}
+
+ ADS_STATUS ads_do_search_all_sd_flags(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, uint32_t sd_flags,
+ LDAPMessage **res)
+{
+ ads_control args;
+
+ args.control = ADS_SD_FLAGS_OID;
+ args.val = sd_flags;
+ args.critical = True;
+
+ return ads_do_search_all_args(ads, bind_path, scope, expr, attrs, &args, res);
+}
+
+
+/**
+ * Run a function on all results for a search. Uses ads_do_paged_search() and
+ * runs the function as each page is returned, using ads_process_results()
+ * @param ads connection to ads server
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE)
+ * @param expr Search expression - specified in local charset
+ * @param attrs Attributes to retrieve - specified in UTF-8 or ascii
+ * @param fn Function which takes attr name, values list, and data_area
+ * @param data_area Pointer which is passed to function on each call
+ * @return status of search
+ **/
+ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr, const char **attrs,
+ bool (*fn)(ADS_STRUCT *, char *, void **, void *),
+ void *data_area)
+{
+ struct berval *cookie = NULL;
+ int count = 0;
+ ADS_STATUS status;
+ LDAPMessage *res;
+
+ status = ads_do_paged_search(ads, bind_path, scope, expr, attrs, &res,
+ &count, &cookie);
+
+ if (!ADS_ERR_OK(status)) return status;
+
+ ads_process_results(ads, res, fn, data_area);
+ ads_msgfree(ads, res);
+
+ while (cookie) {
+ status = ads_do_paged_search(ads, bind_path, scope, expr, attrs,
+ &res, &count, &cookie);
+
+ if (!ADS_ERR_OK(status)) break;
+
+ ads_process_results(ads, res, fn, data_area);
+ ads_msgfree(ads, res);
+ }
+
+ return status;
+}
+
+/**
+ * Do a search with a timeout.
+ * @param ads connection to ads server
+ * @param bind_path Base dn for the search
+ * @param scope Scope of search (LDAP_SCOPE_BASE | LDAP_SCOPE_ONE | LDAP_SCOPE_SUBTREE)
+ * @param expr Search expression
+ * @param attrs Attributes to retrieve
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @return status of search
+ **/
+ ADS_STATUS ads_do_search(ADS_STRUCT *ads, const char *bind_path, int scope,
+ const char *expr,
+ const char **attrs, LDAPMessage **res)
+{
+ int rc;
+ char *utf8_expr, *utf8_path, **search_attrs = NULL;
+ size_t converted_size;
+ TALLOC_CTX *ctx;
+
+ *res = NULL;
+ if (!(ctx = talloc_init("ads_do_search"))) {
+ DEBUG(1,("ads_do_search: talloc_init() failed!\n"));
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* 0 means the conversion worked but the result was empty
+ so we only fail if it's negative. In any case, it always
+ at least nulls out the dest */
+ if (!push_utf8_talloc(ctx, &utf8_expr, expr, &converted_size) ||
+ !push_utf8_talloc(ctx, &utf8_path, bind_path, &converted_size))
+ {
+ DEBUG(1,("ads_do_search: push_utf8_talloc() failed!\n"));
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+
+ if (!attrs || !(*attrs))
+ search_attrs = NULL;
+ else {
+ /* This would be the utf8-encoded version...*/
+ /* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */
+ if (!(search_attrs = str_list_copy(talloc_tos(), attrs)))
+ {
+ DEBUG(1,("ads_do_search: str_list_copy() failed!\n"));
+ rc = LDAP_NO_MEMORY;
+ goto done;
+ }
+ }
+
+ /* see the note in ads_do_paged_search - we *must* disable referrals */
+ ldap_set_option(ads->ldap.ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+
+ rc = ldap_search_with_timeout(ads->ldap.ld, utf8_path, scope, utf8_expr,
+ search_attrs, 0, NULL, NULL,
+ LDAP_NO_LIMIT,
+ (LDAPMessage **)res);
+
+ if (rc == LDAP_SIZELIMIT_EXCEEDED) {
+ DEBUG(3,("Warning! sizelimit exceeded in ldap. Truncating.\n"));
+ rc = 0;
+ }
+
+ done:
+ talloc_destroy(ctx);
+ /* if/when we decide to utf8-encode attrs, take out this next line */
+ TALLOC_FREE(search_attrs);
+ return ADS_ERROR(rc);
+}
+/**
+ * Do a general ADS search
+ * @param ads connection to ads server
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param expr Search expression
+ * @param attrs Attributes to retrieve
+ * @return status of search
+ **/
+ ADS_STATUS ads_search(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *expr, const char **attrs)
+{
+ return ads_do_search(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
+ expr, attrs, res);
+}
+
+/**
+ * Do a search on a specific DistinguishedName
+ * @param ads connection to ads server
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param dn DistinguishedName to search
+ * @param attrs Attributes to retrieve
+ * @return status of search
+ **/
+ ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *dn, const char **attrs)
+{
+ return ads_do_search(ads, dn, LDAP_SCOPE_BASE, "(objectclass=*)",
+ attrs, res);
+}
+
+/**
+ * Free up memory from a ads_search
+ * @param ads connection to ads server
+ * @param msg Search results to free
+ **/
+ void ads_msgfree(ADS_STRUCT *ads, LDAPMessage *msg)
+{
+ if (!msg) return;
+ ldap_msgfree(msg);
+}
+
+/**
+ * Get a dn from search results
+ * @param ads connection to ads server
+ * @param msg Search result
+ * @return dn string
+ **/
+ char *ads_get_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, LDAPMessage *msg)
+{
+ char *utf8_dn, *unix_dn;
+ size_t converted_size;
+
+ utf8_dn = ldap_get_dn(ads->ldap.ld, msg);
+
+ if (!utf8_dn) {
+ DEBUG (5, ("ads_get_dn: ldap_get_dn failed\n"));
+ return NULL;
+ }
+
+ if (!pull_utf8_talloc(mem_ctx, &unix_dn, utf8_dn, &converted_size)) {
+ DEBUG(0,("ads_get_dn: string conversion failure utf8 [%s]\n",
+ utf8_dn ));
+ return NULL;
+ }
+ ldap_memfree(utf8_dn);
+ return unix_dn;
+}
+
+/**
+ * Get the parent from a dn
+ * @param dn the dn to return the parent from
+ * @return parent dn string
+ **/
+char *ads_parent_dn(const char *dn)
+{
+ char *p;
+
+ if (dn == NULL) {
+ return NULL;
+ }
+
+ p = strchr(dn, ',');
+
+ if (p == NULL) {
+ return NULL;
+ }
+
+ return p+1;
+}
+
+/**
+ * Find a machine account given a hostname
+ * @param ads connection to ads server
+ * @param res ** which will contain results - free res* with ads_msgfree()
+ * @param host Hostname to search for
+ * @return status of search
+ **/
+ ADS_STATUS ads_find_machine_acct(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *machine)
+{
+ ADS_STATUS status;
+ char *expr;
+ const char *attrs[] = {
+ /* This is how Windows checks for machine accounts */
+ "objectClass",
+ "SamAccountName",
+ "userAccountControl",
+ "DnsHostName",
+ "ServicePrincipalName",
+ "userPrincipalName",
+ "unicodePwd",
+
+ /* Additional attributes Samba checks */
+ "msDS-AdditionalDnsHostName",
+ "msDS-SupportedEncryptionTypes",
+ "nTSecurityDescriptor",
+ "objectSid",
+
+ NULL
+ };
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ *res = NULL;
+
+ /* the easiest way to find a machine account anywhere in the tree
+ is to look for hostname$ */
+ expr = talloc_asprintf(frame, "(samAccountName=%s$)", machine);
+ if (expr == NULL) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto done;
+ }
+
+ status = ads_search(ads, res, expr, attrs);
+ if (ADS_ERR_OK(status)) {
+ if (ads_count_replies(ads, *res) != 1) {
+ status = ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT);
+ }
+ }
+
+done:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/**
+ * Initialize a list of mods to be used in a modify request
+ * @param ctx An initialized TALLOC_CTX
+ * @return allocated ADS_MODLIST
+ **/
+ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx)
+{
+#define ADS_MODLIST_ALLOC_SIZE 10
+ LDAPMod **mods;
+
+ if ((mods = talloc_zero_array(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
+ /* -1 is safety to make sure we don't go over the end.
+ need to reset it to NULL before doing ldap modify */
+ mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
+
+ return (ADS_MODLIST)mods;
+}
+
+
+/*
+ add an attribute to the list, with values list already constructed
+*/
+static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ int mod_op, const char *name,
+ const void *_invals)
+{
+ int curmod;
+ LDAPMod **modlist = (LDAPMod **) *mods;
+ struct berval **ber_values = NULL;
+ char **char_values = NULL;
+
+ if (!_invals) {
+ mod_op = LDAP_MOD_DELETE;
+ } else {
+ if (mod_op & LDAP_MOD_BVALUES) {
+ const struct berval **b;
+ b = discard_const_p(const struct berval *, _invals);
+ ber_values = ads_dup_values(ctx, b);
+ } else {
+ const char **c;
+ c = discard_const_p(const char *, _invals);
+ char_values = ads_push_strvals(ctx, c);
+ }
+ }
+
+ /* find the first empty slot */
+ for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
+ curmod++);
+ if (modlist[curmod] == (LDAPMod *) -1) {
+ if (!(modlist = talloc_realloc(ctx, modlist, LDAPMod *,
+ curmod+ADS_MODLIST_ALLOC_SIZE+1)))
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ memset(&modlist[curmod], 0,
+ ADS_MODLIST_ALLOC_SIZE*sizeof(LDAPMod *));
+ modlist[curmod+ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
+ *mods = (ADS_MODLIST)modlist;
+ }
+
+ if (!(modlist[curmod] = talloc_zero(ctx, LDAPMod)))
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ modlist[curmod]->mod_type = talloc_strdup(ctx, name);
+ if (mod_op & LDAP_MOD_BVALUES) {
+ modlist[curmod]->mod_bvalues = ber_values;
+ } else if (mod_op & LDAP_MOD_DELETE) {
+ modlist[curmod]->mod_values = NULL;
+ } else {
+ modlist[curmod]->mod_values = char_values;
+ }
+
+ modlist[curmod]->mod_op = mod_op;
+ return ADS_ERROR(LDAP_SUCCESS);
+}
+
+/**
+ * Add a single string value to a mod list
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to add
+ * @param val The value to add - NULL means DELETE
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char *val)
+{
+ const char *values[2];
+
+ values[0] = val;
+ values[1] = NULL;
+
+ if (!val)
+ return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
+ return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE, name, values);
+}
+
+/**
+ * Add an array of string values to a mod list
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to add
+ * @param vals The array of string values to add - NULL means DELETE
+ * @return ADS STATUS indicating success of add
+ **/
+ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals)
+{
+ if (!vals)
+ return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
+ return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE,
+ name, (const void **) vals);
+}
+
+/**
+ * Add a single ber-encoded value to a mod list
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name The attribute name to add
+ * @param val The value to add - NULL means DELETE
+ * @return ADS STATUS indicating success of add
+ **/
+static ADS_STATUS ads_mod_ber(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const struct berval *val)
+{
+ const struct berval *values[2];
+
+ values[0] = val;
+ values[1] = NULL;
+ if (!val)
+ return ads_modlist_add(ctx, mods, LDAP_MOD_DELETE, name, NULL);
+ return ads_modlist_add(ctx, mods, LDAP_MOD_REPLACE|LDAP_MOD_BVALUES,
+ name, (const void **) values);
+}
+
+static void ads_print_error(int ret, LDAP *ld)
+{
+ if (ret != 0) {
+ char *ld_error = NULL;
+ ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &ld_error);
+ DBG_ERR("AD LDAP ERROR: %d (%s): %s\n",
+ ret,
+ ldap_err2string(ret),
+ ld_error);
+ SAFE_FREE(ld_error);
+ }
+}
+
+/**
+ * Perform an ldap modify
+ * @param ads connection to ads server
+ * @param mod_dn DistinguishedName to modify
+ * @param mods list of modifications to perform
+ * @return status of modify
+ **/
+ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods)
+{
+ int ret,i;
+ char *utf8_dn = NULL;
+ size_t converted_size;
+ /*
+ this control is needed to modify that contains a currently
+ non-existent attribute (but allowable for the object) to run
+ */
+ LDAPControl PermitModify = {
+ discard_const_p(char, ADS_PERMIT_MODIFY_OID),
+ {0, NULL},
+ (char) 1};
+ LDAPControl *controls[2];
+
+ DBG_INFO("AD LDAP: Modifying %s\n", mod_dn);
+
+ controls[0] = &PermitModify;
+ controls[1] = NULL;
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, mod_dn, &converted_size)) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ /* find the end of the list, marked by NULL or -1 */
+ for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++);
+ /* make sure the end of the list is NULL */
+ mods[i] = NULL;
+ ret = ldap_modify_ext_s(ads->ldap.ld, utf8_dn,
+ (LDAPMod **) mods, controls, NULL);
+ ads_print_error(ret, ads->ldap.ld);
+ TALLOC_FREE(utf8_dn);
+ return ADS_ERROR(ret);
+}
+
+/**
+ * Perform an ldap add
+ * @param ads connection to ads server
+ * @param new_dn DistinguishedName to add
+ * @param mods list of attributes and values for DN
+ * @return status of add
+ **/
+ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods)
+{
+ int ret, i;
+ char *utf8_dn = NULL;
+ size_t converted_size;
+
+ DBG_INFO("AD LDAP: Adding %s\n", new_dn);
+
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, new_dn, &converted_size)) {
+ DEBUG(1, ("ads_gen_add: push_utf8_talloc failed!\n"));
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ /* find the end of the list, marked by NULL or -1 */
+ for(i=0;(mods[i]!=0)&&(mods[i]!=(LDAPMod *) -1);i++);
+ /* make sure the end of the list is NULL */
+ mods[i] = NULL;
+
+ ret = ldap_add_ext_s(ads->ldap.ld, utf8_dn, (LDAPMod**)mods, NULL, NULL);
+ ads_print_error(ret, ads->ldap.ld);
+ TALLOC_FREE(utf8_dn);
+ return ADS_ERROR(ret);
+}
+
+/**
+ * Delete a DistinguishedName
+ * @param ads connection to ads server
+ * @param new_dn DistinguishedName to delete
+ * @return status of delete
+ **/
+ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn)
+{
+ int ret;
+ char *utf8_dn = NULL;
+ size_t converted_size;
+ if (!push_utf8_talloc(talloc_tos(), &utf8_dn, del_dn, &converted_size)) {
+ DEBUG(1, ("ads_del_dn: push_utf8_talloc failed!\n"));
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ DBG_INFO("AD LDAP: Deleting %s\n", del_dn);
+
+ ret = ldap_delete_s(ads->ldap.ld, utf8_dn);
+ ads_print_error(ret, ads->ldap.ld);
+ TALLOC_FREE(utf8_dn);
+ return ADS_ERROR(ret);
+}
+
+/**
+ * Build an org unit string
+ * if org unit is Computers or blank then assume a container, otherwise
+ * assume a / separated list of organisational units.
+ * jmcd: '\' is now used for escapes so certain chars can be in the ou (e.g. #)
+ * @param ads connection to ads server
+ * @param org_unit Organizational unit
+ * @return org unit string - caller must free
+ **/
+char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit)
+{
+ ADS_STATUS status;
+ char *ret = NULL;
+ char *dn = NULL;
+
+ if (!org_unit || !*org_unit) {
+
+ ret = ads_default_ou_string(ads, DS_GUID_COMPUTERS_CONTAINER);
+
+ /* samba4 might not yet respond to a wellknownobject-query */
+ return ret ? ret : SMB_STRDUP("cn=Computers");
+ }
+
+ if (strequal(org_unit, "Computers")) {
+ return SMB_STRDUP("cn=Computers");
+ }
+
+ /* jmcd: removed "\\" from the separation chars, because it is
+ needed as an escape for chars like '#' which are valid in an
+ OU name */
+ status = ads_build_path(org_unit, "/", "ou=", 1, &dn);
+ if (!ADS_ERR_OK(status)) {
+ return NULL;
+ }
+
+ return dn;
+}
+
+/**
+ * Get a org unit string for a well-known GUID
+ * @param ads connection to ads server
+ * @param wknguid Well known GUID
+ * @return org unit string - caller must free
+ **/
+char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ char *base, *wkn_dn = NULL, *ret = NULL, **wkn_dn_exp = NULL,
+ **bind_dn_exp = NULL;
+ const char *attrs[] = {"distinguishedName", NULL};
+ int new_ln, wkn_ln, bind_ln, i;
+
+ if (wknguid == NULL) {
+ return NULL;
+ }
+
+ if (asprintf(&base, "<WKGUID=%s,%s>", wknguid, ads->config.bind_path ) == -1) {
+ DEBUG(1, ("asprintf failed!\n"));
+ return NULL;
+ }
+
+ status = ads_search_dn(ads, &res, base, attrs);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("Failed while searching for: %s\n", base));
+ goto out;
+ }
+
+ if (ads_count_replies(ads, res) != 1) {
+ goto out;
+ }
+
+ /* substitute the bind-path from the well-known-guid-search result */
+ wkn_dn = ads_get_dn(ads, talloc_tos(), res);
+ if (!wkn_dn) {
+ goto out;
+ }
+
+ wkn_dn_exp = ldap_explode_dn(wkn_dn, 0);
+ if (!wkn_dn_exp) {
+ goto out;
+ }
+
+ bind_dn_exp = ldap_explode_dn(ads->config.bind_path, 0);
+ if (!bind_dn_exp) {
+ goto out;
+ }
+
+ for (wkn_ln=0; wkn_dn_exp[wkn_ln]; wkn_ln++)
+ ;
+ for (bind_ln=0; bind_dn_exp[bind_ln]; bind_ln++)
+ ;
+
+ new_ln = wkn_ln - bind_ln;
+
+ ret = SMB_STRDUP(wkn_dn_exp[0]);
+ if (!ret) {
+ goto out;
+ }
+
+ for (i=1; i < new_ln; i++) {
+ char *s = NULL;
+
+ if (asprintf(&s, "%s,%s", ret, wkn_dn_exp[i]) == -1) {
+ SAFE_FREE(ret);
+ goto out;
+ }
+
+ SAFE_FREE(ret);
+ ret = SMB_STRDUP(s);
+ free(s);
+ if (!ret) {
+ goto out;
+ }
+ }
+
+ out:
+ SAFE_FREE(base);
+ ads_msgfree(ads, res);
+ TALLOC_FREE(wkn_dn);
+ if (wkn_dn_exp) {
+ ldap_value_free(wkn_dn_exp);
+ }
+ if (bind_dn_exp) {
+ ldap_value_free(bind_dn_exp);
+ }
+
+ return ret;
+}
+
+/**
+ * Adds (appends) an item to an attribute array, rather then
+ * replacing the whole list
+ * @param ctx An initialized TALLOC_CTX
+ * @param mods An initialized ADS_MODLIST
+ * @param name name of the ldap attribute to append to
+ * @param vals an array of values to add
+ * @return status of addition
+ **/
+
+ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals)
+{
+ return ads_modlist_add(ctx, mods, LDAP_MOD_ADD, name,
+ (const void *) vals);
+}
+
+/**
+ * Determines the an account's current KVNO via an LDAP lookup
+ * @param ads An initialized ADS_STRUCT
+ * @param account_name the NT samaccountname.
+ * @return the kvno for the account, or -1 in case of a failure.
+ **/
+
+uint32_t ads_get_kvno(ADS_STRUCT *ads, const char *account_name)
+{
+ LDAPMessage *res = NULL;
+ uint32_t kvno = (uint32_t)-1; /* -1 indicates a failure */
+ char *filter;
+ const char *attrs[] = {"msDS-KeyVersionNumber", NULL};
+ char *dn_string = NULL;
+ ADS_STATUS ret;
+
+ DEBUG(5,("ads_get_kvno: Searching for account %s\n", account_name));
+ if (asprintf(&filter, "(samAccountName=%s)", account_name) == -1) {
+ return kvno;
+ }
+ ret = ads_search(ads, &res, filter, attrs);
+ SAFE_FREE(filter);
+ if (!ADS_ERR_OK(ret) || (ads_count_replies(ads, res) != 1)) {
+ DEBUG(1,("ads_get_kvno: Account for %s not found.\n", account_name));
+ ads_msgfree(ads, res);
+ return kvno;
+ }
+
+ dn_string = ads_get_dn(ads, talloc_tos(), res);
+ if (!dn_string) {
+ DEBUG(0,("ads_get_kvno: out of memory.\n"));
+ ads_msgfree(ads, res);
+ return kvno;
+ }
+ DEBUG(5,("ads_get_kvno: Using: %s\n", dn_string));
+ TALLOC_FREE(dn_string);
+
+ /* ---------------------------------------------------------
+ * 0 is returned as a default KVNO from this point on...
+ * This is done because Windows 2000 does not support key
+ * version numbers. Chances are that a failure in the next
+ * step is simply due to Windows 2000 being used for a
+ * domain controller. */
+ kvno = 0;
+
+ if (!ads_pull_uint32(ads, res, "msDS-KeyVersionNumber", &kvno)) {
+ DEBUG(3,("ads_get_kvno: Error Determining KVNO!\n"));
+ DEBUG(3,("ads_get_kvno: Windows 2000 does not support KVNO's, so this may be normal.\n"));
+ ads_msgfree(ads, res);
+ return kvno;
+ }
+
+ /* Success */
+ DEBUG(5,("ads_get_kvno: Looked Up KVNO of: %d\n", kvno));
+ ads_msgfree(ads, res);
+ return kvno;
+}
+
+/**
+ * Determines the computer account's current KVNO via an LDAP lookup
+ * @param ads An initialized ADS_STRUCT
+ * @param machine_name the NetBIOS name of the computer, which is used to identify the computer account.
+ * @return the kvno for the computer account, or -1 in case of a failure.
+ **/
+
+uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name)
+{
+ char *computer_account = NULL;
+ uint32_t kvno = -1;
+
+ if (asprintf(&computer_account, "%s$", machine_name) < 0) {
+ return kvno;
+ }
+
+ kvno = ads_get_kvno(ads, computer_account);
+ free(computer_account);
+
+ return kvno;
+}
+
+/**
+ * This clears out all registered spn's for a given hostname
+ * @param ads An initialized ADS_STRUCT
+ * @param machine_name the NetBIOS name of the computer.
+ * @return 0 upon success, non-zero otherwise.
+ **/
+
+ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name)
+{
+ TALLOC_CTX *ctx;
+ LDAPMessage *res = NULL;
+ ADS_MODLIST mods;
+ const char *servicePrincipalName[1] = {NULL};
+ ADS_STATUS ret;
+ char *dn_string = NULL;
+
+ ret = ads_find_machine_acct(ads, &res, machine_name);
+ if (!ADS_ERR_OK(ret)) {
+ DEBUG(5,("ads_clear_service_principal_names: WARNING: Host Account for %s not found... skipping operation.\n", machine_name));
+ DEBUG(5,("ads_clear_service_principal_names: WARNING: Service Principals for %s have NOT been cleared.\n", machine_name));
+ ads_msgfree(ads, res);
+ return ret;
+ }
+
+ DEBUG(5,("ads_clear_service_principal_names: Host account for %s found\n", machine_name));
+ ctx = talloc_init("ads_clear_service_principal_names");
+ if (!ctx) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (!(mods = ads_init_mods(ctx))) {
+ talloc_destroy(ctx);
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ ret = ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
+ if (!ADS_ERR_OK(ret)) {
+ DEBUG(1,("ads_clear_service_principal_names: Error creating strlist.\n"));
+ ads_msgfree(ads, res);
+ talloc_destroy(ctx);
+ return ret;
+ }
+ dn_string = ads_get_dn(ads, talloc_tos(), res);
+ if (!dn_string) {
+ talloc_destroy(ctx);
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ ret = ads_gen_mod(ads, dn_string, mods);
+ TALLOC_FREE(dn_string);
+ if (!ADS_ERR_OK(ret)) {
+ DEBUG(1,("ads_clear_service_principal_names: Error: Updating Service Principals for machine %s in LDAP\n",
+ machine_name));
+ ads_msgfree(ads, res);
+ talloc_destroy(ctx);
+ return ret;
+ }
+
+ ads_msgfree(ads, res);
+ talloc_destroy(ctx);
+ return ret;
+}
+
+/**
+ * @brief Search for an element in a string array.
+ *
+ * @param[in] el_array The string array to search.
+ *
+ * @param[in] num_el The number of elements in the string array.
+ *
+ * @param[in] el The string to search.
+ *
+ * @return True if found, false if not.
+ */
+bool ads_element_in_array(const char **el_array, size_t num_el, const char *el)
+{
+ size_t i;
+
+ if (el_array == NULL || num_el == 0 || el == NULL) {
+ return false;
+ }
+
+ for (i = 0; i < num_el && el_array[i] != NULL; i++) {
+ int cmp;
+
+ cmp = strcasecmp_m(el_array[i], el);
+ if (cmp == 0) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+/**
+ * @brief This gets the service principal names of an existing computer account.
+ *
+ * @param[in] mem_ctx The memory context to use to allocate the spn array.
+ *
+ * @param[in] ads The ADS context to use.
+ *
+ * @param[in] machine_name The NetBIOS name of the computer, which is used to
+ * identify the computer account.
+ *
+ * @param[in] spn_array A pointer to store the array for SPNs.
+ *
+ * @param[in] num_spns The number of principals stored in the array.
+ *
+ * @return 0 on success, or a ADS error if a failure occurred.
+ */
+ADS_STATUS ads_get_service_principal_names(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+ char ***spn_array,
+ size_t *num_spns)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ int count;
+
+ status = ads_find_machine_acct(ads,
+ &res,
+ machine_name);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("Host Account for %s not found... skipping operation.\n",
+ machine_name));
+ return status;
+ }
+
+ count = ads_count_replies(ads, res);
+ if (count != 1) {
+ status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ goto done;
+ }
+
+ *spn_array = ads_pull_strings(ads,
+ mem_ctx,
+ res,
+ "servicePrincipalName",
+ num_spns);
+ if (*spn_array == NULL) {
+ DEBUG(1, ("Host account for %s does not have service principal "
+ "names.\n",
+ machine_name));
+ status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ goto done;
+ }
+
+done:
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+/**
+ * This adds a service principal name to an existing computer account
+ * (found by hostname) in AD.
+ * @param ads An initialized ADS_STRUCT
+ * @param machine_name the NetBIOS name of the computer, which is used to identify the computer account.
+ * @param spns An array or strings for the service principals to add,
+ * i.e. 'cifs/machine_name', 'http/machine.full.domain.com' etc.
+ * @return 0 upon success, or non-zero if a failure occurs
+ **/
+
+ADS_STATUS ads_add_service_principal_names(ADS_STRUCT *ads,
+ const char *machine_name,
+ const char **spns)
+{
+ ADS_STATUS ret;
+ TALLOC_CTX *ctx;
+ LDAPMessage *res = NULL;
+ ADS_MODLIST mods;
+ char *dn_string = NULL;
+ const char **servicePrincipalName = spns;
+
+ ret = ads_find_machine_acct(ads, &res, machine_name);
+ if (!ADS_ERR_OK(ret)) {
+ DEBUG(1,("ads_add_service_principal_name: WARNING: Host Account for %s not found... skipping operation.\n",
+ machine_name));
+ DEBUG(1,("ads_add_service_principal_name: WARNING: Service Principals have NOT been added.\n"));
+ ads_msgfree(ads, res);
+ return ret;
+ }
+
+ DEBUG(1,("ads_add_service_principal_name: Host account for %s found\n", machine_name));
+ if (!(ctx = talloc_init("ads_add_service_principal_name"))) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ DEBUG(5,("ads_add_service_principal_name: INFO: "
+ "Adding %s to host %s\n",
+ spns[0] ? "N/A" : spns[0], machine_name));
+
+
+ DEBUG(5,("ads_add_service_principal_name: INFO: "
+ "Adding %s to host %s\n",
+ spns[1] ? "N/A" : spns[1], machine_name));
+
+ if ( (mods = ads_init_mods(ctx)) == NULL ) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
+
+ ret = ads_add_strlist(ctx,
+ &mods,
+ "servicePrincipalName",
+ servicePrincipalName);
+ if (!ADS_ERR_OK(ret)) {
+ DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
+ goto out;
+ }
+
+ if ( (dn_string = ads_get_dn(ads, ctx, res)) == NULL ) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
+
+ ret = ads_gen_mod(ads, dn_string, mods);
+ if (!ADS_ERR_OK(ret)) {
+ DEBUG(1,("ads_add_service_principal_name: Error: Updating Service Principals in LDAP\n"));
+ goto out;
+ }
+
+ out:
+ TALLOC_FREE( ctx );
+ ads_msgfree(ads, res);
+ return ret;
+}
+
+static uint32_t ads_get_acct_ctrl(ADS_STRUCT *ads,
+ LDAPMessage *msg)
+{
+ uint32_t acct_ctrl = 0;
+ bool ok;
+
+ ok = ads_pull_uint32(ads, msg, "userAccountControl", &acct_ctrl);
+ if (!ok) {
+ return 0;
+ }
+
+ return acct_ctrl;
+}
+
+static ADS_STATUS ads_change_machine_acct(ADS_STRUCT *ads,
+ LDAPMessage *msg,
+ const struct berval *machine_pw_val)
+{
+ ADS_MODLIST mods;
+ ADS_STATUS ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+ uint32_t acct_control;
+ char *control_str = NULL;
+ const char *attrs[] = {
+ "objectSid",
+ NULL
+ };
+ LDAPMessage *res = NULL;
+ char *dn = NULL;
+
+ dn = ads_get_dn(ads, frame, msg);
+ if (dn == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ acct_control = ads_get_acct_ctrl(ads, msg);
+ if (acct_control == 0) {
+ ret = ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+ goto done;
+ }
+
+ /*
+ * Changing the password, disables the account. So we need to change the
+ * userAccountControl flags to enable it again.
+ */
+ mods = ads_init_mods(frame);
+ if (mods == NULL) {
+ ret = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ ads_mod_ber(frame, &mods, "unicodePwd", machine_pw_val);
+
+ ret = ads_gen_mod(ads, dn, mods);
+ if (!ADS_ERR_OK(ret)) {
+ goto done;
+ }
+ TALLOC_FREE(mods);
+
+ /*
+ * To activate the account, we need to disable and enable it.
+ */
+ acct_control |= UF_ACCOUNTDISABLE;
+
+ control_str = talloc_asprintf(frame, "%u", acct_control);
+ if (control_str == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ mods = ads_init_mods(frame);
+ if (mods == NULL) {
+ ret = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ ads_mod_str(frame, &mods, "userAccountControl", control_str);
+
+ ret = ads_gen_mod(ads, dn, mods);
+ if (!ADS_ERR_OK(ret)) {
+ goto done;
+ }
+ TALLOC_FREE(mods);
+ TALLOC_FREE(control_str);
+
+ /*
+ * Enable the account again.
+ */
+ acct_control &= ~UF_ACCOUNTDISABLE;
+
+ control_str = talloc_asprintf(frame, "%u", acct_control);
+ if (control_str == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ mods = ads_init_mods(frame);
+ if (mods == NULL) {
+ ret = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ ads_mod_str(frame, &mods, "userAccountControl", control_str);
+
+ ret = ads_gen_mod(ads, dn, mods);
+ if (!ADS_ERR_OK(ret)) {
+ goto done;
+ }
+ TALLOC_FREE(mods);
+ TALLOC_FREE(control_str);
+
+ ret = ads_search_dn(ads, &res, dn, attrs);
+ ads_msgfree(ads, res);
+
+done:
+ talloc_free(frame);
+
+ return ret;
+}
+
+/**
+ * adds a machine account to the ADS server
+ * @param ads An initialized ADS_STRUCT
+ * @param machine_name - the NetBIOS machine name of this account.
+ * @param account_type A number indicating the type of account to create
+ * @param org_unit The LDAP path in which to place this account
+ * @return 0 upon success, or non-zero otherwise
+**/
+
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
+ const char *machine_name,
+ const char *machine_password,
+ const char *org_unit,
+ uint32_t etype_list,
+ const char *dns_domain_name)
+{
+ ADS_STATUS ret;
+ char *samAccountName = NULL;
+ char *controlstr = NULL;
+ TALLOC_CTX *ctx = NULL;
+ ADS_MODLIST mods;
+ char *machine_escaped = NULL;
+ char *dns_hostname = NULL;
+ char *new_dn = NULL;
+ char *utf8_pw = NULL;
+ size_t utf8_pw_len = 0;
+ char *utf16_pw = NULL;
+ size_t utf16_pw_len = 0;
+ struct berval machine_pw_val;
+ bool ok;
+ const char **spn_array = NULL;
+ size_t num_spns = 0;
+ const char *spn_prefix[] = {
+ "HOST",
+ "RestrictedKrbHost",
+ };
+ size_t i;
+ LDAPMessage *res = NULL;
+ uint32_t acct_control = UF_WORKSTATION_TRUST_ACCOUNT;
+
+ ctx = talloc_init("ads_add_machine_acct");
+ if (ctx == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ machine_escaped = escape_rdn_val_string_alloc(machine_name);
+ if (machine_escaped == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ utf8_pw = talloc_asprintf(ctx, "\"%s\"", machine_password);
+ if (utf8_pw == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+ utf8_pw_len = strlen(utf8_pw);
+
+ ok = convert_string_talloc(ctx,
+ CH_UTF8, CH_UTF16MUNGED,
+ utf8_pw, utf8_pw_len,
+ (void *)&utf16_pw, &utf16_pw_len);
+ if (!ok) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ machine_pw_val = (struct berval) {
+ .bv_val = utf16_pw,
+ .bv_len = utf16_pw_len,
+ };
+
+ /* Check if the machine account already exists. */
+ ret = ads_find_machine_acct(ads, &res, machine_escaped);
+ if (ADS_ERR_OK(ret)) {
+ /* Change the machine account password */
+ ret = ads_change_machine_acct(ads, res, &machine_pw_val);
+ ads_msgfree(ads, res);
+
+ goto done;
+ }
+ ads_msgfree(ads, res);
+
+ new_dn = talloc_asprintf(ctx, "cn=%s,%s", machine_escaped, org_unit);
+ if (new_dn == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ /* Create machine account */
+
+ samAccountName = talloc_asprintf(ctx, "%s$", machine_name);
+ if (samAccountName == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ dns_hostname = talloc_asprintf(ctx,
+ "%s.%s",
+ machine_name,
+ dns_domain_name);
+ if (dns_hostname == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ /* Add dns_hostname SPNs */
+ for (i = 0; i < ARRAY_SIZE(spn_prefix); i++) {
+ char *spn = talloc_asprintf(ctx,
+ "%s/%s",
+ spn_prefix[i],
+ dns_hostname);
+ if (spn == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ ok = add_string_to_array(ctx,
+ spn,
+ &spn_array,
+ &num_spns);
+ if (!ok) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+ }
+
+ /* Add machine_name SPNs */
+ for (i = 0; i < ARRAY_SIZE(spn_prefix); i++) {
+ char *spn = talloc_asprintf(ctx,
+ "%s/%s",
+ spn_prefix[i],
+ machine_name);
+ if (spn == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ ok = add_string_to_array(ctx,
+ spn,
+ &spn_array,
+ &num_spns);
+ if (!ok) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+ }
+
+ /* Make sure to NULL terminate the array */
+ spn_array = talloc_realloc(ctx, spn_array, const char *, num_spns + 1);
+ if (spn_array == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+ spn_array[num_spns] = NULL;
+
+ controlstr = talloc_asprintf(ctx, "%u", acct_control);
+ if (controlstr == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ mods = ads_init_mods(ctx);
+ if (mods == NULL) {
+ ret = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ ads_mod_str(ctx, &mods, "objectClass", "Computer");
+ ads_mod_str(ctx, &mods, "SamAccountName", samAccountName);
+ ads_mod_str(ctx, &mods, "userAccountControl", controlstr);
+ ads_mod_str(ctx, &mods, "DnsHostName", dns_hostname);
+ ads_mod_strlist(ctx, &mods, "ServicePrincipalName", spn_array);
+ ads_mod_ber(ctx, &mods, "unicodePwd", &machine_pw_val);
+
+ ret = ads_gen_add(ads, new_dn, mods);
+
+done:
+ SAFE_FREE(machine_escaped);
+ talloc_destroy(ctx);
+
+ return ret;
+}
+
+/**
+ * move a machine account to another OU on the ADS server
+ * @param ads - An initialized ADS_STRUCT
+ * @param machine_name - the NetBIOS machine name of this account.
+ * @param org_unit - The LDAP path in which to place this account
+ * @param moved - whether we moved the machine account (optional)
+ * @return 0 upon success, or non-zero otherwise
+**/
+
+ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit, bool *moved)
+{
+ ADS_STATUS rc;
+ int ldap_status;
+ LDAPMessage *res = NULL;
+ char *filter = NULL;
+ char *computer_dn = NULL;
+ char *parent_dn;
+ char *computer_rdn = NULL;
+ bool need_move = False;
+
+ if (asprintf(&filter, "(samAccountName=%s$)", machine_name) == -1) {
+ rc = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ /* Find pre-existing machine */
+ rc = ads_search(ads, &res, filter, NULL);
+ if (!ADS_ERR_OK(rc)) {
+ goto done;
+ }
+
+ computer_dn = ads_get_dn(ads, talloc_tos(), res);
+ if (!computer_dn) {
+ rc = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ parent_dn = ads_parent_dn(computer_dn);
+ if (strequal(parent_dn, org_unit)) {
+ goto done;
+ }
+
+ need_move = True;
+
+ if (asprintf(&computer_rdn, "CN=%s", machine_name) == -1) {
+ rc = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ ldap_status = ldap_rename_s(ads->ldap.ld, computer_dn, computer_rdn,
+ org_unit, 1, NULL, NULL);
+ rc = ADS_ERROR(ldap_status);
+
+done:
+ ads_msgfree(ads, res);
+ SAFE_FREE(filter);
+ TALLOC_FREE(computer_dn);
+ SAFE_FREE(computer_rdn);
+
+ if (!ADS_ERR_OK(rc)) {
+ need_move = False;
+ }
+
+ if (moved) {
+ *moved = need_move;
+ }
+
+ return rc;
+}
+
+/*
+ dump a binary result from ldap
+*/
+static void dump_binary(ADS_STRUCT *ads, const char *field, struct berval **values)
+{
+ size_t i;
+ for (i=0; values[i]; i++) {
+ ber_len_t j;
+ printf("%s: ", field);
+ for (j=0; j<values[i]->bv_len; j++) {
+ printf("%02X", (unsigned char)values[i]->bv_val[j]);
+ }
+ printf("\n");
+ }
+}
+
+static void dump_guid(ADS_STRUCT *ads, const char *field, struct berval **values)
+{
+ int i;
+ for (i=0; values[i]; i++) {
+ NTSTATUS status;
+ DATA_BLOB in = data_blob_const(values[i]->bv_val, values[i]->bv_len);
+ struct GUID guid;
+
+ status = GUID_from_ndr_blob(&in, &guid);
+ if (NT_STATUS_IS_OK(status)) {
+ printf("%s: %s\n", field, GUID_string(talloc_tos(), &guid));
+ } else {
+ printf("%s: INVALID GUID\n", field);
+ }
+ }
+}
+
+/*
+ dump a sid result from ldap
+*/
+static void dump_sid(ADS_STRUCT *ads, const char *field, struct berval **values)
+{
+ int i;
+ for (i=0; values[i]; i++) {
+ ssize_t ret;
+ struct dom_sid sid;
+ struct dom_sid_buf tmp;
+ ret = sid_parse((const uint8_t *)values[i]->bv_val,
+ values[i]->bv_len, &sid);
+ if (ret == -1) {
+ return;
+ }
+ printf("%s: %s\n", field, dom_sid_str_buf(&sid, &tmp));
+ }
+}
+
+/*
+ dump ntSecurityDescriptor
+*/
+static void dump_sd(ADS_STRUCT *ads, const char *filed, struct berval **values)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct security_descriptor *psd;
+ NTSTATUS status;
+
+ status = unmarshall_sec_desc(talloc_tos(), (uint8_t *)values[0]->bv_val,
+ values[0]->bv_len, &psd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("unmarshall_sec_desc failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return;
+ }
+
+ if (psd) {
+ ads_disp_sd(ads, talloc_tos(), psd);
+ }
+
+ TALLOC_FREE(frame);
+}
+
+/*
+ dump a string result from ldap
+*/
+static void dump_string(const char *field, char **values)
+{
+ int i;
+ for (i=0; values[i]; i++) {
+ printf("%s: %s\n", field, values[i]);
+ }
+}
+
+/*
+ dump a field from LDAP on stdout
+ used for debugging
+*/
+
+static bool ads_dump_field(ADS_STRUCT *ads, char *field, void **values, void *data_area)
+{
+ const struct {
+ const char *name;
+ bool string;
+ void (*handler)(ADS_STRUCT *, const char *, struct berval **);
+ } handlers[] = {
+ {"objectGUID", False, dump_guid},
+ {"netbootGUID", False, dump_guid},
+ {"nTSecurityDescriptor", False, dump_sd},
+ {"dnsRecord", False, dump_binary},
+ {"objectSid", False, dump_sid},
+ {"tokenGroups", False, dump_sid},
+ {"tokenGroupsNoGCAcceptable", False, dump_sid},
+ {"tokengroupsGlobalandUniversal", False, dump_sid},
+ {"mS-DS-CreatorSID", False, dump_sid},
+ {"msExchMailboxGuid", False, dump_guid},
+ {NULL, True, NULL}
+ };
+ int i;
+
+ if (!field) { /* must be end of an entry */
+ printf("\n");
+ return False;
+ }
+
+ for (i=0; handlers[i].name; i++) {
+ if (strcasecmp_m(handlers[i].name, field) == 0) {
+ if (!values) /* first time, indicate string or not */
+ return handlers[i].string;
+ handlers[i].handler(ads, field, (struct berval **) values);
+ break;
+ }
+ }
+ if (!handlers[i].name) {
+ if (!values) /* first time, indicate string conversion */
+ return True;
+ dump_string(field, (char **)values);
+ }
+ return False;
+}
+
+/**
+ * Dump a result from LDAP on stdout
+ * used for debugging
+ * @param ads connection to ads server
+ * @param res Results to dump
+ **/
+
+ void ads_dump(ADS_STRUCT *ads, LDAPMessage *res)
+{
+ ads_process_results(ads, res, ads_dump_field, NULL);
+}
+
+/**
+ * Walk through results, calling a function for each entry found.
+ * The function receives a field name, a berval * array of values,
+ * and a data area passed through from the start. The function is
+ * called once with null for field and values at the end of each
+ * entry.
+ * @param ads connection to ads server
+ * @param res Results to process
+ * @param fn Function for processing each result
+ * @param data_area user-defined area to pass to function
+ **/
+ void ads_process_results(ADS_STRUCT *ads, LDAPMessage *res,
+ bool (*fn)(ADS_STRUCT *, char *, void **, void *),
+ void *data_area)
+{
+ LDAPMessage *msg;
+ TALLOC_CTX *ctx;
+ size_t converted_size;
+
+ if (!(ctx = talloc_init("ads_process_results")))
+ return;
+
+ for (msg = ads_first_entry(ads, res); msg;
+ msg = ads_next_entry(ads, msg)) {
+ char *utf8_field;
+ BerElement *b;
+
+ for (utf8_field=ldap_first_attribute(ads->ldap.ld,
+ (LDAPMessage *)msg,&b);
+ utf8_field;
+ utf8_field=ldap_next_attribute(ads->ldap.ld,
+ (LDAPMessage *)msg,b)) {
+ struct berval **ber_vals;
+ char **str_vals;
+ char **utf8_vals;
+ char *field;
+ bool string;
+
+ if (!pull_utf8_talloc(ctx, &field, utf8_field,
+ &converted_size))
+ {
+ DEBUG(0,("ads_process_results: "
+ "pull_utf8_talloc failed: %s\n",
+ strerror(errno)));
+ }
+
+ string = fn(ads, field, NULL, data_area);
+
+ if (string) {
+ const char **p;
+
+ utf8_vals = ldap_get_values(ads->ldap.ld,
+ (LDAPMessage *)msg, field);
+ p = discard_const_p(const char *, utf8_vals);
+ str_vals = ads_pull_strvals(ctx, p);
+ fn(ads, field, (void **) str_vals, data_area);
+ ldap_value_free(utf8_vals);
+ } else {
+ ber_vals = ldap_get_values_len(ads->ldap.ld,
+ (LDAPMessage *)msg, field);
+ fn(ads, field, (void **) ber_vals, data_area);
+
+ ldap_value_free_len(ber_vals);
+ }
+ ldap_memfree(utf8_field);
+ }
+ ber_free(b, 0);
+ talloc_free_children(ctx);
+ fn(ads, NULL, NULL, data_area); /* completed an entry */
+
+ }
+ talloc_destroy(ctx);
+}
+
+/**
+ * count how many replies are in a LDAPMessage
+ * @param ads connection to ads server
+ * @param res Results to count
+ * @return number of replies
+ **/
+int ads_count_replies(ADS_STRUCT *ads, void *res)
+{
+ return ldap_count_entries(ads->ldap.ld, (LDAPMessage *)res);
+}
+
+/**
+ * pull the first entry from a ADS result
+ * @param ads connection to ads server
+ * @param res Results of search
+ * @return first entry from result
+ **/
+ LDAPMessage *ads_first_entry(ADS_STRUCT *ads, LDAPMessage *res)
+{
+ return ldap_first_entry(ads->ldap.ld, res);
+}
+
+/**
+ * pull the next entry from a ADS result
+ * @param ads connection to ads server
+ * @param res Results of search
+ * @return next entry from result
+ **/
+ LDAPMessage *ads_next_entry(ADS_STRUCT *ads, LDAPMessage *res)
+{
+ return ldap_next_entry(ads->ldap.ld, res);
+}
+
+/**
+ * pull the first message from a ADS result
+ * @param ads connection to ads server
+ * @param res Results of search
+ * @return first message from result
+ **/
+ LDAPMessage *ads_first_message(ADS_STRUCT *ads, LDAPMessage *res)
+{
+ return ldap_first_message(ads->ldap.ld, res);
+}
+
+/**
+ * pull the next message from a ADS result
+ * @param ads connection to ads server
+ * @param res Results of search
+ * @return next message from result
+ **/
+ LDAPMessage *ads_next_message(ADS_STRUCT *ads, LDAPMessage *res)
+{
+ return ldap_next_message(ads->ldap.ld, res);
+}
+
+/**
+ * pull a single string from a ADS result
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX to use for allocating result string
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @return Result string in talloc context
+ **/
+ char *ads_pull_string(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, LDAPMessage *msg,
+ const char *field)
+{
+ char **values;
+ char *ret = NULL;
+ char *ux_string;
+ size_t converted_size;
+
+ values = ldap_get_values(ads->ldap.ld, msg, field);
+ if (!values)
+ return NULL;
+
+ if (values[0] && pull_utf8_talloc(mem_ctx, &ux_string, values[0],
+ &converted_size))
+ {
+ ret = ux_string;
+ }
+ ldap_value_free(values);
+ return ret;
+}
+
+/**
+ * pull an array of strings from a ADS result
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX to use for allocating result string
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @return Result strings in talloc context
+ **/
+ char **ads_pull_strings(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field,
+ size_t *num_values)
+{
+ char **values;
+ char **ret = NULL;
+ size_t i, converted_size;
+
+ values = ldap_get_values(ads->ldap.ld, msg, field);
+ if (!values)
+ return NULL;
+
+ *num_values = ldap_count_values(values);
+
+ ret = talloc_array(mem_ctx, char *, *num_values + 1);
+ if (!ret) {
+ ldap_value_free(values);
+ return NULL;
+ }
+
+ for (i=0;i<*num_values;i++) {
+ if (!pull_utf8_talloc(mem_ctx, &ret[i], values[i],
+ &converted_size))
+ {
+ ldap_value_free(values);
+ return NULL;
+ }
+ }
+ ret[i] = NULL;
+
+ ldap_value_free(values);
+ return ret;
+}
+
+/**
+ * pull an array of strings from a ADS result
+ * (handle large multivalue attributes with range retrieval)
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX to use for allocating result string
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param current_strings strings returned by a previous call to this function
+ * @param next_attribute The next query should ask for this attribute
+ * @param num_values How many values did we get this time?
+ * @param more_values Are there more values to get?
+ * @return Result strings in talloc context
+ **/
+ char **ads_pull_strings_range(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field,
+ char **current_strings,
+ const char **next_attribute,
+ size_t *num_strings,
+ bool *more_strings)
+{
+ char *attr;
+ char *expected_range_attrib, *range_attr = NULL;
+ BerElement *ptr = NULL;
+ char **strings;
+ char **new_strings;
+ size_t num_new_strings;
+ unsigned long int range_start;
+ unsigned long int range_end;
+
+ /* we might have been given the whole lot anyway */
+ if ((strings = ads_pull_strings(ads, mem_ctx, msg, field, num_strings))) {
+ *more_strings = False;
+ return strings;
+ }
+
+ expected_range_attrib = talloc_asprintf(mem_ctx, "%s;Range=", field);
+
+ /* look for Range result */
+ for (attr = ldap_first_attribute(ads->ldap.ld, (LDAPMessage *)msg, &ptr);
+ attr;
+ attr = ldap_next_attribute(ads->ldap.ld, (LDAPMessage *)msg, ptr)) {
+ /* we ignore the fact that this is utf8, as all attributes are ascii... */
+ if (strnequal(attr, expected_range_attrib, strlen(expected_range_attrib))) {
+ range_attr = attr;
+ break;
+ }
+ ldap_memfree(attr);
+ }
+ if (!range_attr) {
+ ber_free(ptr, 0);
+ /* nothing here - this field is just empty */
+ *more_strings = False;
+ return NULL;
+ }
+
+ if (sscanf(&range_attr[strlen(expected_range_attrib)], "%lu-%lu",
+ &range_start, &range_end) == 2) {
+ *more_strings = True;
+ } else {
+ if (sscanf(&range_attr[strlen(expected_range_attrib)], "%lu-*",
+ &range_start) == 1) {
+ *more_strings = False;
+ } else {
+ DEBUG(1, ("ads_pull_strings_range: Cannot parse Range attribute (%s)\n",
+ range_attr));
+ ldap_memfree(range_attr);
+ *more_strings = False;
+ return NULL;
+ }
+ }
+
+ if ((*num_strings) != range_start) {
+ DEBUG(1, ("ads_pull_strings_range: Range attribute (%s) doesn't start at %u, but at %lu"
+ " - aborting range retrieval\n",
+ range_attr, (unsigned int)(*num_strings) + 1, range_start));
+ ldap_memfree(range_attr);
+ *more_strings = False;
+ return NULL;
+ }
+
+ new_strings = ads_pull_strings(ads, mem_ctx, msg, range_attr, &num_new_strings);
+
+ if (*more_strings && ((*num_strings + num_new_strings) != (range_end + 1))) {
+ DEBUG(1, ("ads_pull_strings_range: Range attribute (%s) tells us we have %lu "
+ "strings in this bunch, but we only got %lu - aborting range retrieval\n",
+ range_attr, (unsigned long int)range_end - range_start + 1,
+ (unsigned long int)num_new_strings));
+ ldap_memfree(range_attr);
+ *more_strings = False;
+ return NULL;
+ }
+
+ strings = talloc_realloc(mem_ctx, current_strings, char *,
+ *num_strings + num_new_strings);
+
+ if (strings == NULL) {
+ ldap_memfree(range_attr);
+ *more_strings = False;
+ return NULL;
+ }
+
+ if (new_strings && num_new_strings) {
+ memcpy(&strings[*num_strings], new_strings,
+ sizeof(*new_strings) * num_new_strings);
+ }
+
+ (*num_strings) += num_new_strings;
+
+ if (*more_strings) {
+ *next_attribute = talloc_asprintf(mem_ctx,
+ "%s;range=%d-*",
+ field,
+ (int)*num_strings);
+
+ if (!*next_attribute) {
+ DEBUG(1, ("talloc_asprintf for next attribute failed!\n"));
+ ldap_memfree(range_attr);
+ *more_strings = False;
+ return NULL;
+ }
+ }
+
+ ldap_memfree(range_attr);
+
+ return strings;
+}
+
+/**
+ * pull a single uint32_t from a ADS result
+ * @param ads connection to ads server
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param v Pointer to int to store result
+ * @return boolean indicating success
+*/
+ bool ads_pull_uint32(ADS_STRUCT *ads, LDAPMessage *msg, const char *field,
+ uint32_t *v)
+{
+ char **values;
+
+ values = ldap_get_values(ads->ldap.ld, msg, field);
+ if (!values)
+ return False;
+ if (!values[0]) {
+ ldap_value_free(values);
+ return False;
+ }
+
+ *v = atoi(values[0]);
+ ldap_value_free(values);
+ return True;
+}
+
+/**
+ * pull a single objectGUID from an ADS result
+ * @param ads connection to ADS server
+ * @param msg results of search
+ * @param guid 37-byte area to receive text guid
+ * @return boolean indicating success
+ **/
+ bool ads_pull_guid(ADS_STRUCT *ads, LDAPMessage *msg, struct GUID *guid)
+{
+ DATA_BLOB blob;
+ NTSTATUS status;
+
+ if (!smbldap_talloc_single_blob(talloc_tos(), ads->ldap.ld, msg, "objectGUID",
+ &blob)) {
+ return false;
+ }
+
+ status = GUID_from_ndr_blob(&blob, guid);
+ talloc_free(blob.data);
+ return NT_STATUS_IS_OK(status);
+}
+
+
+/**
+ * pull a single struct dom_sid from a ADS result
+ * @param ads connection to ads server
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param sid Pointer to sid to store result
+ * @return boolean indicating success
+*/
+ bool ads_pull_sid(ADS_STRUCT *ads, LDAPMessage *msg, const char *field,
+ struct dom_sid *sid)
+{
+ return smbldap_pull_sid(ads->ldap.ld, msg, field, sid);
+}
+
+/**
+ * pull an array of struct dom_sids from a ADS result
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX for allocating sid array
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param sids pointer to sid array to allocate
+ * @return the count of SIDs pulled
+ **/
+ int ads_pull_sids(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field, struct dom_sid **sids)
+{
+ struct berval **values;
+ int count, i;
+
+ values = ldap_get_values_len(ads->ldap.ld, msg, field);
+
+ if (!values)
+ return 0;
+
+ for (i=0; values[i]; i++)
+ /* nop */ ;
+
+ if (i) {
+ (*sids) = talloc_array(mem_ctx, struct dom_sid, i);
+ if (!(*sids)) {
+ ldap_value_free_len(values);
+ return 0;
+ }
+ } else {
+ (*sids) = NULL;
+ }
+
+ count = 0;
+ for (i=0; values[i]; i++) {
+ ssize_t ret;
+ ret = sid_parse((const uint8_t *)values[i]->bv_val,
+ values[i]->bv_len, &(*sids)[count]);
+ if (ret != -1) {
+ struct dom_sid_buf buf;
+ DBG_DEBUG("pulling SID: %s\n",
+ dom_sid_str_buf(&(*sids)[count], &buf));
+ count++;
+ }
+ }
+
+ ldap_value_free_len(values);
+ return count;
+}
+
+/**
+ * pull a struct security_descriptor from a ADS result
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX for allocating sid array
+ * @param msg Results of search
+ * @param field Attribute to retrieve
+ * @param sd Pointer to *struct security_descriptor to store result (talloc()ed)
+ * @return boolean indicating success
+*/
+ bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, const char *field,
+ struct security_descriptor **sd)
+{
+ struct berval **values;
+ bool ret = true;
+
+ values = ldap_get_values_len(ads->ldap.ld, msg, field);
+
+ if (!values) return false;
+
+ if (values[0]) {
+ NTSTATUS status;
+ status = unmarshall_sec_desc(mem_ctx,
+ (uint8_t *)values[0]->bv_val,
+ values[0]->bv_len, sd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("unmarshall_sec_desc failed: %s\n",
+ nt_errstr(status)));
+ ret = false;
+ }
+ }
+
+ ldap_value_free_len(values);
+ return ret;
+}
+
+/*
+ * in order to support usernames longer than 21 characters we need to
+ * use both the sAMAccountName and the userPrincipalName attributes
+ * It seems that not all users have the userPrincipalName attribute set
+ *
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX for allocating sid array
+ * @param msg Results of search
+ * @return the username
+ */
+ char *ads_pull_username(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg)
+{
+#if 0 /* JERRY */
+ char *ret, *p;
+
+ /* lookup_name() only works on the sAMAccountName to
+ returning the username portion of userPrincipalName
+ breaks winbindd_getpwnam() */
+
+ ret = ads_pull_string(ads, mem_ctx, msg, "userPrincipalName");
+ if (ret && (p = strchr_m(ret, '@'))) {
+ *p = 0;
+ return ret;
+ }
+#endif
+ return ads_pull_string(ads, mem_ctx, msg, "sAMAccountName");
+}
+
+
+/**
+ * find the update serial number - this is the core of the ldap cache
+ * @param ads connection to ads server
+ * @param ads connection to ADS server
+ * @param usn Pointer to retrieved update serial number
+ * @return status of search
+ **/
+ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32_t *usn)
+{
+ const char *attrs[] = {"highestCommittedUSN", NULL};
+ ADS_STATUS status;
+ LDAPMessage *res;
+
+ status = ads_do_search_retry(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status))
+ return status;
+
+ if (ads_count_replies(ads, res) != 1) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+ }
+
+ if (!ads_pull_uint32(ads, res, "highestCommittedUSN", usn)) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ }
+
+ ads_msgfree(ads, res);
+ return ADS_SUCCESS;
+}
+
+/* parse a ADS timestring - typical string is
+ '20020917091222.0Z0' which means 09:12.22 17th September
+ 2002, timezone 0 */
+static time_t ads_parse_time(const char *str)
+{
+ struct tm tm;
+
+ ZERO_STRUCT(tm);
+
+ if (sscanf(str, "%4d%2d%2d%2d%2d%2d",
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday,
+ &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) {
+ return 0;
+ }
+ tm.tm_year -= 1900;
+ tm.tm_mon -= 1;
+
+ return timegm(&tm);
+}
+
+/********************************************************************
+********************************************************************/
+
+ADS_STATUS ads_current_time(ADS_STRUCT *ads)
+{
+ const char *attrs[] = {"currentTime", NULL};
+ ADS_STATUS status;
+ LDAPMessage *res;
+ char *timestr;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ ADS_STRUCT *ads_s = ads;
+
+ /* establish a new ldap tcp session if necessary */
+
+ if ( !ads->ldap.ld ) {
+ /*
+ * ADS_STRUCT may be being reused after a
+ * DC lookup, so ads->ldap.ss may already have a
+ * good address. If not, re-initialize the passed-in
+ * ADS_STRUCT with the given server.XXXX parameters.
+ *
+ * Note that this doesn't depend on
+ * ads->server.ldap_server != NULL,
+ * as the case where ads->server.ldap_server==NULL and
+ * ads->ldap.ss != zero_address is precisely the DC
+ * lookup case where ads->ldap.ss was found by going
+ * through ads_find_dc() again we want to avoid repeating.
+ */
+ if (is_zero_addr(&ads->ldap.ss)) {
+ ads_s = ads_init(tmp_ctx,
+ ads->server.realm,
+ ads->server.workgroup,
+ ads->server.ldap_server,
+ ADS_SASL_PLAIN );
+ if (ads_s == NULL) {
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+ goto done;
+ }
+ }
+
+ /*
+ * Reset ads->config.flags as it can contain the flags
+ * returned by the previous CLDAP ping when reusing the struct.
+ */
+ ads_s->config.flags = 0;
+
+ ads_s->auth.flags = ADS_AUTH_ANON_BIND;
+ status = ads_connect( ads_s );
+ if ( !ADS_ERR_OK(status))
+ goto done;
+ }
+
+ status = ads_do_search(ads_s, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ timestr = ads_pull_string(ads_s, tmp_ctx, res, "currentTime");
+ if (!timestr) {
+ ads_msgfree(ads_s, res);
+ status = ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+ goto done;
+ }
+
+ /* but save the time and offset in the original ADS_STRUCT */
+
+ ads->config.current_time = ads_parse_time(timestr);
+
+ if (ads->config.current_time != 0) {
+ ads->auth.time_offset = ads->config.current_time - time(NULL);
+ DEBUG(4,("KDC time offset is %d seconds\n", ads->auth.time_offset));
+ }
+
+ ads_msgfree(ads, res);
+
+ status = ADS_SUCCESS;
+
+done:
+ TALLOC_FREE(tmp_ctx);
+
+ return status;
+}
+
+/********************************************************************
+********************************************************************/
+
+ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32_t *val)
+{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ const char *attrs[] = {"domainFunctionality", NULL};
+ ADS_STATUS status;
+ LDAPMessage *res;
+ ADS_STRUCT *ads_s = ads;
+
+ *val = DS_DOMAIN_FUNCTION_2000;
+
+ /* establish a new ldap tcp session if necessary */
+
+ if ( !ads->ldap.ld ) {
+ /*
+ * ADS_STRUCT may be being reused after a
+ * DC lookup, so ads->ldap.ss may already have a
+ * good address. If not, re-initialize the passed-in
+ * ADS_STRUCT with the given server.XXXX parameters.
+ *
+ * Note that this doesn't depend on
+ * ads->server.ldap_server != NULL,
+ * as the case where ads->server.ldap_server==NULL and
+ * ads->ldap.ss != zero_address is precisely the DC
+ * lookup case where ads->ldap.ss was found by going
+ * through ads_find_dc() again we want to avoid repeating.
+ */
+ if (is_zero_addr(&ads->ldap.ss)) {
+ ads_s = ads_init(tmp_ctx,
+ ads->server.realm,
+ ads->server.workgroup,
+ ads->server.ldap_server,
+ ADS_SASL_PLAIN );
+ if (ads_s == NULL ) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto done;
+ }
+ }
+
+ /*
+ * Reset ads->config.flags as it can contain the flags
+ * returned by the previous CLDAP ping when reusing the struct.
+ */
+ ads_s->config.flags = 0;
+
+ ads_s->auth.flags = ADS_AUTH_ANON_BIND;
+ status = ads_connect( ads_s );
+ if ( !ADS_ERR_OK(status))
+ goto done;
+ }
+
+ /* If the attribute does not exist assume it is a Windows 2000
+ functional domain */
+
+ status = ads_do_search(ads_s, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status)) {
+ if ( status.err.rc == LDAP_NO_SUCH_ATTRIBUTE ) {
+ status = ADS_SUCCESS;
+ }
+ goto done;
+ }
+
+ if ( !ads_pull_uint32(ads_s, res, "domainFunctionality", val) ) {
+ DEBUG(5,("ads_domain_func_level: Failed to pull the domainFunctionality attribute.\n"));
+ }
+ DEBUG(3,("ads_domain_func_level: %d\n", *val));
+
+
+ ads_msgfree(ads_s, res);
+
+done:
+ TALLOC_FREE(tmp_ctx);
+
+ return status;
+}
+
+/**
+ * find the domain sid for our domain
+ * @param ads connection to ads server
+ * @param sid Pointer to domain sid
+ * @return status of search
+ **/
+ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid)
+{
+ const char *attrs[] = {"objectSid", NULL};
+ LDAPMessage *res;
+ ADS_STATUS rc;
+
+ rc = ads_do_search_retry(ads, ads->config.bind_path, LDAP_SCOPE_BASE, "(objectclass=*)",
+ attrs, &res);
+ if (!ADS_ERR_OK(rc)) return rc;
+ if (!ads_pull_sid(ads, res, "objectSid", sid)) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR_SYSTEM(ENOENT);
+ }
+ ads_msgfree(ads, res);
+
+ return ADS_SUCCESS;
+}
+
+/**
+ * find our site name
+ * @param ads connection to ads server
+ * @param mem_ctx Pointer to talloc context
+ * @param site_name Pointer to the sitename
+ * @return status of search
+ **/
+ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name)
+{
+ ADS_STATUS status;
+ LDAPMessage *res;
+ const char *dn, *service_name;
+ const char *attrs[] = { "dsServiceName", NULL };
+
+ status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ service_name = ads_pull_string(ads, mem_ctx, res, "dsServiceName");
+ if (service_name == NULL) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+ }
+
+ ads_msgfree(ads, res);
+
+ /* go up three levels */
+ dn = ads_parent_dn(ads_parent_dn(ads_parent_dn(service_name)));
+ if (dn == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ *site_name = talloc_strdup(mem_ctx, dn);
+ if (*site_name == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ return status;
+ /*
+ dsServiceName: CN=NTDS Settings,CN=W2K3DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ber,DC=suse,DC=de
+ */
+}
+
+/**
+ * find the site dn where a machine resides
+ * @param ads connection to ads server
+ * @param mem_ctx Pointer to talloc context
+ * @param computer_name name of the machine
+ * @param site_name Pointer to the sitename
+ * @return status of search
+ **/
+ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn)
+{
+ ADS_STATUS status;
+ LDAPMessage *res;
+ const char *parent, *filter;
+ char *config_context = NULL;
+ char *dn;
+
+ /* shortcut a query */
+ if (strequal(computer_name, ads->config.ldap_server_name)) {
+ return ads_site_dn(ads, mem_ctx, site_dn);
+ }
+
+ status = ads_config_path(ads, mem_ctx, &config_context);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ filter = talloc_asprintf(mem_ctx, "(cn=%s)", computer_name);
+ if (filter == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_do_search(ads, config_context, LDAP_SCOPE_SUBTREE,
+ filter, NULL, &res);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (ads_count_replies(ads, res) != 1) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ }
+
+ dn = ads_get_dn(ads, mem_ctx, res);
+ if (dn == NULL) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* go up three levels */
+ parent = ads_parent_dn(ads_parent_dn(ads_parent_dn(dn)));
+ if (parent == NULL) {
+ ads_msgfree(ads, res);
+ TALLOC_FREE(dn);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ *site_dn = talloc_strdup(mem_ctx, parent);
+ if (*site_dn == NULL) {
+ ads_msgfree(ads, res);
+ TALLOC_FREE(dn);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ TALLOC_FREE(dn);
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+/**
+ * get the upn suffixes for a domain
+ * @param ads connection to ads server
+ * @param mem_ctx Pointer to talloc context
+ * @param suffixes Pointer to an array of suffixes
+ * @param num_suffixes Pointer to the number of suffixes
+ * @return status of search
+ **/
+ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes)
+{
+ ADS_STATUS status;
+ LDAPMessage *res;
+ const char *base;
+ char *config_context = NULL;
+ const char *attrs[] = { "uPNSuffixes", NULL };
+
+ status = ads_config_path(ads, mem_ctx, &config_context);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ base = talloc_asprintf(mem_ctx, "cn=Partitions,%s", config_context);
+ if (base == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_search_dn(ads, &res, base, attrs);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (ads_count_replies(ads, res) != 1) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ }
+
+ (*suffixes) = ads_pull_strings(ads, mem_ctx, res, "uPNSuffixes", num_suffixes);
+ if ((*suffixes) == NULL) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+/**
+ * get the joinable ous for a domain
+ * @param ads connection to ads server
+ * @param mem_ctx Pointer to talloc context
+ * @param ous Pointer to an array of ous
+ * @param num_ous Pointer to the number of ous
+ * @return status of search
+ **/
+ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char ***ous,
+ size_t *num_ous)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ LDAPMessage *msg = NULL;
+ const char *attrs[] = { "dn", NULL };
+ int count = 0;
+
+ status = ads_search(ads, &res,
+ "(|(objectClass=domain)(objectclass=organizationalUnit))",
+ attrs);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ count = ads_count_replies(ads, res);
+ if (count < 1) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+ }
+
+ for (msg = ads_first_entry(ads, res); msg;
+ msg = ads_next_entry(ads, msg)) {
+ const char **p = discard_const_p(const char *, *ous);
+ char *dn = NULL;
+
+ dn = ads_get_dn(ads, talloc_tos(), msg);
+ if (!dn) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (!add_string_to_array(mem_ctx, dn, &p, num_ous)) {
+ TALLOC_FREE(dn);
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ TALLOC_FREE(dn);
+ *ous = discard_const_p(char *, p);
+ }
+
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+
+/**
+ * pull a struct dom_sid from an extended dn string
+ * @param mem_ctx TALLOC_CTX
+ * @param extended_dn string
+ * @param flags string type of extended_dn
+ * @param sid pointer to a struct dom_sid
+ * @return NT_STATUS_OK on success,
+ * NT_INVALID_PARAMETER on error,
+ * NT_STATUS_NOT_FOUND if no SID present
+ **/
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+ const char *extended_dn,
+ enum ads_extended_dn_flags flags,
+ struct dom_sid *sid)
+{
+ char *p, *q, *dn;
+
+ if (!extended_dn) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ /* otherwise extended_dn gets stripped off */
+ if ((dn = talloc_strdup(mem_ctx, extended_dn)) == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+ /*
+ * ADS_EXTENDED_DN_HEX_STRING:
+ * <GUID=238e1963cb390f4bb032ba0105525a29>;<SID=010500000000000515000000bb68c8fd6b61b427572eb04556040000>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
+ *
+ * ADS_EXTENDED_DN_STRING (only with w2k3):
+ * <GUID=63198e23-39cb-4b0f-b032-ba0105525a29>;<SID=S-1-5-21-4257769659-666132843-1169174103-1110>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
+ *
+ * Object with no SID, such as an Exchange Public Folder
+ * <GUID=28907fb4bdf6854993e7f0a10b504e7c>;CN=public,CN=Microsoft Exchange System Objects,DC=sd2k3ms,DC=west,DC=isilon,DC=com
+ */
+
+ p = strchr(dn, ';');
+ if (!p) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ if (strncmp(p, ";<SID=", strlen(";<SID=")) != 0) {
+ DEBUG(5,("No SID present in extended dn\n"));
+ return ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
+ }
+
+ p += strlen(";<SID=");
+
+ q = strchr(p, '>');
+ if (!q) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ *q = '\0';
+
+ DEBUG(100,("ads_get_sid_from_extended_dn: sid string is %s\n", p));
+
+ switch (flags) {
+
+ case ADS_EXTENDED_DN_STRING:
+ if (!string_to_sid(sid, p)) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+ break;
+ case ADS_EXTENDED_DN_HEX_STRING: {
+ ssize_t ret;
+ fstring buf;
+ size_t buf_len;
+
+ buf_len = strhex_to_str(buf, sizeof(buf), p, strlen(p));
+ if (buf_len == 0) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ ret = sid_parse((const uint8_t *)buf, buf_len, sid);
+ if (ret == -1) {
+ DEBUG(10,("failed to parse sid\n"));
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+ break;
+ }
+ default:
+ DEBUG(10,("unknown extended dn format\n"));
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ return ADS_ERROR_NT(NT_STATUS_OK);
+}
+
+/********************************************************************
+********************************************************************/
+
+char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
+{
+ LDAPMessage *res = NULL;
+ ADS_STATUS status;
+ int count = 0;
+ char *name = NULL;
+
+ status = ads_find_machine_acct(ads, &res, machine_name);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
+ lp_netbios_name()));
+ goto out;
+ }
+
+ if ( (count = ads_count_replies(ads, res)) != 1 ) {
+ DEBUG(1,("ads_get_dnshostname: %d entries returned!\n", count));
+ goto out;
+ }
+
+ if ( (name = ads_pull_string(ads, ctx, res, "dNSHostName")) == NULL ) {
+ DEBUG(0,("ads_get_dnshostname: No dNSHostName attribute!\n"));
+ }
+
+out:
+ ads_msgfree(ads, res);
+
+ return name;
+}
+
+/********************************************************************
+********************************************************************/
+
+static char **get_addl_hosts(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ LDAPMessage *msg, size_t *num_values)
+{
+ const char *field = "msDS-AdditionalDnsHostName";
+ struct berval **values = NULL;
+ char **ret = NULL;
+ size_t i, converted_size;
+
+ /*
+ * Windows DC implicitly adds a short name for each FQDN added to
+ * msDS-AdditionalDnsHostName, but it comes with a strange binary
+ * suffix "\0$" which we should ignore (see bug #14406).
+ */
+
+ values = ldap_get_values_len(ads->ldap.ld, msg, field);
+ if (values == NULL) {
+ return NULL;
+ }
+
+ *num_values = ldap_count_values_len(values);
+
+ ret = talloc_array(mem_ctx, char *, *num_values + 1);
+ if (ret == NULL) {
+ ldap_value_free_len(values);
+ return NULL;
+ }
+
+ for (i = 0; i < *num_values; i++) {
+ ret[i] = NULL;
+ if (!convert_string_talloc(mem_ctx, CH_UTF8, CH_UNIX,
+ values[i]->bv_val,
+ strnlen(values[i]->bv_val,
+ values[i]->bv_len),
+ &ret[i], &converted_size)) {
+ ldap_value_free_len(values);
+ return NULL;
+ }
+ }
+ ret[i] = NULL;
+
+ ldap_value_free_len(values);
+ return ret;
+}
+
+ADS_STATUS ads_get_additional_dns_hostnames(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char *machine_name,
+ char ***hostnames_array,
+ size_t *num_hostnames)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ int count;
+
+ status = ads_find_machine_acct(ads,
+ &res,
+ machine_name);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("Host Account for %s not found... skipping operation.\n",
+ machine_name));
+ return status;
+ }
+
+ count = ads_count_replies(ads, res);
+ if (count != 1) {
+ status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ goto done;
+ }
+
+ *hostnames_array = get_addl_hosts(ads, mem_ctx, res, num_hostnames);
+ if (*hostnames_array == NULL) {
+ DEBUG(1, ("Host account for %s does not have msDS-AdditionalDnsHostName.\n",
+ machine_name));
+ status = ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ goto done;
+ }
+
+done:
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+/********************************************************************
+********************************************************************/
+
+char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
+{
+ LDAPMessage *res = NULL;
+ ADS_STATUS status;
+ int count = 0;
+ char *name = NULL;
+
+ status = ads_find_machine_acct(ads, &res, machine_name);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("ads_get_upn: Failed to find account for %s\n",
+ lp_netbios_name()));
+ goto out;
+ }
+
+ if ( (count = ads_count_replies(ads, res)) != 1 ) {
+ DEBUG(1,("ads_get_upn: %d entries returned!\n", count));
+ goto out;
+ }
+
+ if ( (name = ads_pull_string(ads, ctx, res, "userPrincipalName")) == NULL ) {
+ DEBUG(2,("ads_get_upn: No userPrincipalName attribute!\n"));
+ }
+
+out:
+ ads_msgfree(ads, res);
+
+ return name;
+}
+
+/********************************************************************
+********************************************************************/
+
+bool ads_has_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
+{
+ LDAPMessage *res = NULL;
+ ADS_STATUS status;
+ int count = 0;
+ char *name = NULL;
+ bool ok = false;
+
+ status = ads_find_machine_acct(ads, &res, machine_name);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0,("ads_has_samaccountname: Failed to find account for %s\n",
+ lp_netbios_name()));
+ goto out;
+ }
+
+ if ( (count = ads_count_replies(ads, res)) != 1 ) {
+ DEBUG(1,("ads_has_samaccountname: %d entries returned!\n", count));
+ goto out;
+ }
+
+ if ( (name = ads_pull_string(ads, ctx, res, "sAMAccountName")) == NULL ) {
+ DEBUG(0,("ads_has_samaccountname: No sAMAccountName attribute!\n"));
+ }
+
+out:
+ ads_msgfree(ads, res);
+ if (name != NULL) {
+ ok = (strlen(name) > 0);
+ }
+ TALLOC_FREE(name);
+ return ok;
+}
+
+#if 0
+
+ SAVED CODE - we used to join via ldap - remember how we did this. JRA.
+
+/**
+ * Join a machine to a realm
+ * Creates the machine account and sets the machine password
+ * @param ads connection to ads server
+ * @param machine name of host to add
+ * @param org_unit Organizational unit to place machine in
+ * @return status of join
+ **/
+ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
+ uint32_t account_type, const char *org_unit)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ char *machine;
+
+ /* machine name must be lowercase */
+ machine = SMB_STRDUP(machine_name);
+ strlower_m(machine);
+
+ /*
+ status = ads_find_machine_acct(ads, (void **)&res, machine);
+ if (ADS_ERR_OK(status) && ads_count_replies(ads, res) == 1) {
+ DEBUG(0, ("Host account for %s already exists - deleting old account\n", machine));
+ status = ads_leave_realm(ads, machine);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ("Failed to delete host '%s' from the '%s' realm.\n",
+ machine, ads->config.realm));
+ return status;
+ }
+ }
+ */
+ status = ads_add_machine_acct(ads, machine, account_type, org_unit);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ("ads_join_realm: ads_add_machine_acct failed (%s): %s\n", machine, ads_errstr(status)));
+ SAFE_FREE(machine);
+ return status;
+ }
+
+ status = ads_find_machine_acct(ads, (void **)(void *)&res, machine);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ("ads_join_realm: Host account test failed for machine %s\n", machine));
+ SAFE_FREE(machine);
+ return status;
+ }
+
+ SAFE_FREE(machine);
+ ads_msgfree(ads, res);
+
+ return status;
+}
+#endif
+
+/**
+ * Delete a machine from the realm
+ * @param ads connection to ads server
+ * @param hostname Machine to remove
+ * @return status of delete
+ **/
+ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname)
+{
+ ADS_STATUS status;
+ void *msg;
+ LDAPMessage *res;
+ char *hostnameDN, *host;
+ int rc;
+ LDAPControl ldap_control;
+ LDAPControl * pldap_control[2] = {NULL, NULL};
+
+ pldap_control[0] = &ldap_control;
+ memset(&ldap_control, 0, sizeof(LDAPControl));
+ ldap_control.ldctl_oid = discard_const_p(char, LDAP_SERVER_TREE_DELETE_OID);
+
+ /* hostname must be lowercase */
+ host = SMB_STRDUP(hostname);
+ if (!strlower_m(host)) {
+ SAFE_FREE(host);
+ return ADS_ERROR_SYSTEM(EINVAL);
+ }
+
+ status = ads_find_machine_acct(ads, &res, host);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ("Host account for %s does not exist.\n", host));
+ SAFE_FREE(host);
+ return status;
+ }
+
+ msg = ads_first_entry(ads, res);
+ if (!msg) {
+ SAFE_FREE(host);
+ return ADS_ERROR_SYSTEM(ENOENT);
+ }
+
+ hostnameDN = ads_get_dn(ads, talloc_tos(), (LDAPMessage *)msg);
+ if (hostnameDN == NULL) {
+ SAFE_FREE(host);
+ return ADS_ERROR_SYSTEM(ENOENT);
+ }
+
+ rc = ldap_delete_ext_s(ads->ldap.ld, hostnameDN, pldap_control, NULL);
+ if (rc) {
+ DEBUG(3,("ldap_delete_ext_s failed with error code %d\n", rc));
+ }else {
+ DEBUG(3,("ldap_delete_ext_s succeeded with error code %d\n", rc));
+ }
+
+ if (rc != LDAP_SUCCESS) {
+ const char *attrs[] = { "cn", NULL };
+ LDAPMessage *msg_sub;
+
+ /* we only search with scope ONE, we do not expect any further
+ * objects to be created deeper */
+
+ status = ads_do_search_retry(ads, hostnameDN,
+ LDAP_SCOPE_ONELEVEL,
+ "(objectclass=*)", attrs, &res);
+
+ if (!ADS_ERR_OK(status)) {
+ SAFE_FREE(host);
+ TALLOC_FREE(hostnameDN);
+ return status;
+ }
+
+ for (msg_sub = ads_first_entry(ads, res); msg_sub;
+ msg_sub = ads_next_entry(ads, msg_sub)) {
+
+ char *dn = NULL;
+
+ if ((dn = ads_get_dn(ads, talloc_tos(), msg_sub)) == NULL) {
+ SAFE_FREE(host);
+ TALLOC_FREE(hostnameDN);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_del_dn(ads, dn);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(3,("failed to delete dn %s: %s\n", dn, ads_errstr(status)));
+ SAFE_FREE(host);
+ TALLOC_FREE(dn);
+ TALLOC_FREE(hostnameDN);
+ return status;
+ }
+
+ TALLOC_FREE(dn);
+ }
+
+ /* there should be no subordinate objects anymore */
+ status = ads_do_search_retry(ads, hostnameDN,
+ LDAP_SCOPE_ONELEVEL,
+ "(objectclass=*)", attrs, &res);
+
+ if (!ADS_ERR_OK(status) || ( (ads_count_replies(ads, res)) > 0 ) ) {
+ SAFE_FREE(host);
+ TALLOC_FREE(hostnameDN);
+ return status;
+ }
+
+ /* delete hostnameDN now */
+ status = ads_del_dn(ads, hostnameDN);
+ if (!ADS_ERR_OK(status)) {
+ SAFE_FREE(host);
+ DEBUG(3,("failed to delete dn %s: %s\n", hostnameDN, ads_errstr(status)));
+ TALLOC_FREE(hostnameDN);
+ return status;
+ }
+ }
+
+ TALLOC_FREE(hostnameDN);
+
+ status = ads_find_machine_acct(ads, &res, host);
+ if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
+ (status.err.rc != LDAP_NO_SUCH_OBJECT)) {
+ DEBUG(3, ("Failed to remove host account.\n"));
+ SAFE_FREE(host);
+ return status;
+ }
+
+ SAFE_FREE(host);
+ return ADS_SUCCESS;
+}
+
+/**
+ * pull all token-sids from an LDAP dn
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX for allocating sid array
+ * @param dn of LDAP object
+ * @param user_sid pointer to struct dom_sid (objectSid)
+ * @param primary_group_sid pointer to struct dom_sid (self composed)
+ * @param sids pointer to sid array to allocate
+ * @param num_sids counter of SIDs pulled
+ * @return status of token query
+ **/
+ ADS_STATUS ads_get_tokensids(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *dn,
+ struct dom_sid *user_sid,
+ struct dom_sid *primary_group_sid,
+ struct dom_sid **sids,
+ size_t *num_sids)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ int count = 0;
+ size_t tmp_num_sids;
+ struct dom_sid *tmp_sids;
+ struct dom_sid tmp_user_sid;
+ struct dom_sid tmp_primary_group_sid;
+ uint32_t pgid;
+ const char *attrs[] = {
+ "objectSid",
+ "tokenGroups",
+ "primaryGroupID",
+ NULL
+ };
+
+ status = ads_search_retry_dn(ads, &res, dn, attrs);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ count = ads_count_replies(ads, res);
+ if (count != 1) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT);
+ }
+
+ if (!ads_pull_sid(ads, res, "objectSid", &tmp_user_sid)) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+
+ if (!ads_pull_uint32(ads, res, "primaryGroupID", &pgid)) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+
+ {
+ /* hack to compose the primary group sid without knowing the
+ * domsid */
+
+ struct dom_sid domsid;
+
+ sid_copy(&domsid, &tmp_user_sid);
+
+ if (!sid_split_rid(&domsid, NULL)) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+
+ if (!sid_compose(&tmp_primary_group_sid, &domsid, pgid)) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+ }
+
+ tmp_num_sids = ads_pull_sids(ads, mem_ctx, res, "tokenGroups", &tmp_sids);
+
+ if (tmp_num_sids == 0 || !tmp_sids) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+
+ if (num_sids) {
+ *num_sids = tmp_num_sids;
+ }
+
+ if (sids) {
+ *sids = tmp_sids;
+ }
+
+ if (user_sid) {
+ *user_sid = tmp_user_sid;
+ }
+
+ if (primary_group_sid) {
+ *primary_group_sid = tmp_primary_group_sid;
+ }
+
+ DEBUG(10,("ads_get_tokensids: returned %d sids\n", (int)tmp_num_sids + 2));
+
+ ads_msgfree(ads, res);
+ return ADS_ERROR_LDAP(LDAP_SUCCESS);
+}
+
+/**
+ * Find a sAMAccountName in LDAP
+ * @param ads connection to ads server
+ * @param mem_ctx TALLOC_CTX for allocating sid array
+ * @param samaccountname to search
+ * @param uac_ret uint32_t pointer userAccountControl attribute value
+ * @param dn_ret pointer to dn
+ * @return status of token query
+ **/
+ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *samaccountname,
+ uint32_t *uac_ret,
+ const char **dn_ret)
+{
+ ADS_STATUS status;
+ const char *attrs[] = { "userAccountControl", NULL };
+ const char *filter;
+ LDAPMessage *res = NULL;
+ char *dn = NULL;
+ uint32_t uac = 0;
+
+ filter = talloc_asprintf(mem_ctx, "(&(objectclass=user)(sAMAccountName=%s))",
+ samaccountname);
+ if (filter == NULL) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+
+ status = ads_do_search_all(ads, ads->config.bind_path,
+ LDAP_SCOPE_SUBTREE,
+ filter, attrs, &res);
+
+ if (!ADS_ERR_OK(status)) {
+ goto out;
+ }
+
+ if (ads_count_replies(ads, res) != 1) {
+ status = ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+ goto out;
+ }
+
+ dn = ads_get_dn(ads, talloc_tos(), res);
+ if (dn == NULL) {
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
+
+ if (!ads_pull_uint32(ads, res, "userAccountControl", &uac)) {
+ status = ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE);
+ goto out;
+ }
+
+ if (uac_ret) {
+ *uac_ret = uac;
+ }
+
+ if (dn_ret) {
+ *dn_ret = talloc_strdup(mem_ctx, dn);
+ if (!*dn_ret) {
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
+ }
+ out:
+ TALLOC_FREE(dn);
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+/**
+ * find our configuration path
+ * @param ads connection to ads server
+ * @param mem_ctx Pointer to talloc context
+ * @param config_path Pointer to the config path
+ * @return status of search
+ **/
+ADS_STATUS ads_config_path(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char **config_path)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ const char *config_context = NULL;
+ const char *attrs[] = { "configurationNamingContext", NULL };
+
+ status = ads_do_search(ads, "", LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ config_context = ads_pull_string(ads, mem_ctx, res,
+ "configurationNamingContext");
+ ads_msgfree(ads, res);
+ if (!config_context) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (config_path) {
+ *config_path = talloc_strdup(mem_ctx, config_context);
+ if (!*config_path) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+ return ADS_ERROR(LDAP_SUCCESS);
+}
+
+/**
+ * find the displayName of an extended right
+ * @param ads connection to ads server
+ * @param config_path The config path
+ * @param mem_ctx Pointer to talloc context
+ * @param GUID struct of the rightsGUID
+ * @return status of search
+ **/
+const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
+ const char *config_path,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *rights_guid)
+{
+ ADS_STATUS rc;
+ LDAPMessage *res = NULL;
+ char *expr = NULL;
+ const char *attrs[] = { "displayName", NULL };
+ const char *result = NULL;
+ const char *path;
+
+ if (!ads || !mem_ctx || !rights_guid) {
+ goto done;
+ }
+
+ expr = talloc_asprintf(mem_ctx, "(rightsGuid=%s)",
+ GUID_string(mem_ctx, rights_guid));
+ if (!expr) {
+ goto done;
+ }
+
+ path = talloc_asprintf(mem_ctx, "cn=Extended-Rights,%s", config_path);
+ if (!path) {
+ goto done;
+ }
+
+ rc = ads_do_search_retry(ads, path, LDAP_SCOPE_SUBTREE,
+ expr, attrs, &res);
+ if (!ADS_ERR_OK(rc)) {
+ goto done;
+ }
+
+ if (ads_count_replies(ads, res) != 1) {
+ goto done;
+ }
+
+ result = ads_pull_string(ads, mem_ctx, res, "displayName");
+
+ done:
+ ads_msgfree(ads, res);
+ return result;
+}
+
+/**
+ * verify or build and verify an account ou
+ * @param mem_ctx Pointer to talloc context
+ * @param ads connection to ads server
+ * @param account_ou
+ * @return status of search
+ **/
+
+ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char **account_ou)
+{
+ char **exploded_dn;
+ const char *name;
+ char *ou_string;
+
+ if (account_ou == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ if (*account_ou != NULL) {
+ exploded_dn = ldap_explode_dn(*account_ou, 0);
+ if (exploded_dn) {
+ ldap_value_free(exploded_dn);
+ return ADS_SUCCESS;
+ }
+ }
+
+ ou_string = ads_ou_string(ads, *account_ou);
+ if (!ou_string) {
+ return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX);
+ }
+
+ name = talloc_asprintf(mem_ctx, "%s,%s", ou_string,
+ ads->config.bind_path);
+ SAFE_FREE(ou_string);
+
+ if (!name) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+
+ exploded_dn = ldap_explode_dn(name, 0);
+ if (!exploded_dn) {
+ return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX);
+ }
+ ldap_value_free(exploded_dn);
+
+ *account_ou = name;
+ return ADS_SUCCESS;
+}
+
+#endif
diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c
new file mode 100644
index 0000000..e610893
--- /dev/null
+++ b/source3/libads/ldap_printer.c
@@ -0,0 +1,361 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) printer utility library
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+#include "rpc_client/rpc_client.h"
+#include "../librpc/gen_ndr/ndr_spoolss_c.h"
+#include "rpc_client/cli_spoolss.h"
+#include "registry.h"
+#include "libcli/registry/util_reg.h"
+
+#ifdef HAVE_ADS
+
+/*
+ find a printer given the name and the hostname
+ Note that results "res" may be allocated on return so that the
+ results can be used. It should be freed using ads_msgfree.
+*/
+ ADS_STATUS ads_find_printer_on_server(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *printer,
+ const char *servername)
+{
+ ADS_STATUS status;
+ char *srv_dn, **srv_cn, *s = NULL;
+ const char *attrs[] = {"*", "nTSecurityDescriptor", NULL};
+
+ status = ads_find_machine_acct(ads, res, servername);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1, ("ads_find_printer_on_server: cannot find host %s in ads\n",
+ servername));
+ return status;
+ }
+ if (ads_count_replies(ads, *res) != 1) {
+ ads_msgfree(ads, *res);
+ *res = NULL;
+ return ADS_ERROR(LDAP_NO_SUCH_OBJECT);
+ }
+ srv_dn = ldap_get_dn(ads->ldap.ld, *res);
+ if (srv_dn == NULL) {
+ ads_msgfree(ads, *res);
+ *res = NULL;
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ srv_cn = ldap_explode_dn(srv_dn, 1);
+ if (srv_cn == NULL) {
+ ldap_memfree(srv_dn);
+ ads_msgfree(ads, *res);
+ *res = NULL;
+ return ADS_ERROR(LDAP_INVALID_DN_SYNTAX);
+ }
+ ads_msgfree(ads, *res);
+ *res = NULL;
+
+ if (asprintf(&s, "(cn=%s-%s)", srv_cn[0], printer) == -1) {
+ ldap_memfree(srv_dn);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ status = ads_search(ads, res, s, attrs);
+
+ ldap_memfree(srv_dn);
+ ldap_value_free(srv_cn);
+ SAFE_FREE(s);
+ return status;
+}
+
+ ADS_STATUS ads_find_printers(ADS_STRUCT *ads, LDAPMessage **res)
+{
+ const char *ldap_expr;
+ const char *attrs[] = { "objectClass", "printerName", "location", "driverName",
+ "serverName", "description", NULL };
+
+ /* For the moment only display all printers */
+
+ ldap_expr = "(&(!(showInAdvancedViewOnly=TRUE))(uncName=*)"
+ "(objectCategory=printQueue))";
+
+ return ads_search(ads, res, ldap_expr, attrs);
+}
+
+/*
+ modify a printer entry in the directory
+*/
+ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, const ADS_MODLIST *mods)
+{
+ return ads_gen_mod(ads, prt_dn, *mods);
+}
+
+/*
+ add a printer to the directory
+*/
+ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, ADS_MODLIST *mods)
+{
+ ads_mod_str(ctx, mods, "objectClass", "printQueue");
+ return ads_gen_add(ads, prt_dn, *mods);
+}
+
+/*
+ map a REG_SZ to an ldap mod
+*/
+static bool map_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, struct registry_value *value)
+{
+ const char *str_value = NULL;
+ ADS_STATUS status;
+
+ if (value->type != REG_SZ)
+ return false;
+
+ if (value->data.length && value->data.data) {
+ if (!pull_reg_sz(ctx, &value->data, &str_value)) {
+ return false;
+ }
+ status = ads_mod_str(ctx, mods, name, str_value);
+ return ADS_ERR_OK(status);
+ }
+ return true;
+}
+
+/*
+ map a REG_DWORD to an ldap mod
+*/
+static bool map_dword(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, struct registry_value *value)
+{
+ char *str_value = NULL;
+ ADS_STATUS status;
+
+ if (value->type != REG_DWORD) {
+ return false;
+ }
+ if (value->data.length != sizeof(uint32_t)) {
+ return false;
+ }
+ str_value = talloc_asprintf(ctx, "%d", IVAL(value->data.data, 0));
+ if (!str_value) {
+ return false;
+ }
+ status = ads_mod_str(ctx, mods, name, str_value);
+ return ADS_ERR_OK(status);
+}
+
+/*
+ map a boolean REG_BINARY to an ldap mod
+*/
+static bool map_bool(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, struct registry_value *value)
+{
+ const char *str_value;
+ ADS_STATUS status;
+
+ if (value->type != REG_BINARY) {
+ return false;
+ }
+ if (value->data.length != 1) {
+ return false;
+ }
+
+ str_value = *value->data.data ? "TRUE" : "FALSE";
+
+ status = ads_mod_str(ctx, mods, name, str_value);
+ return ADS_ERR_OK(status);
+}
+
+/*
+ map a REG_MULTI_SZ to an ldap mod
+*/
+static bool map_multi_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, struct registry_value *value)
+{
+ const char **str_values = NULL;
+ ADS_STATUS status;
+
+ if (value->type != REG_MULTI_SZ) {
+ return false;
+ }
+
+ if (value->data.length && value->data.data) {
+ if (!pull_reg_multi_sz(ctx, &value->data, &str_values)) {
+ return false;
+ }
+ status = ads_mod_strlist(ctx, mods, name, str_values);
+ return ADS_ERR_OK(status);
+ }
+ return true;
+}
+
+struct valmap_to_ads {
+ const char *valname;
+ bool (*fn)(TALLOC_CTX *, ADS_MODLIST *, const char *, struct registry_value *);
+};
+
+/*
+ map a REG_SZ to an ldap mod
+*/
+static void map_regval_to_ads(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, struct registry_value *value)
+{
+ const struct valmap_to_ads map[] = {
+ {SPOOL_REG_ASSETNUMBER, map_sz},
+ {SPOOL_REG_BYTESPERMINUTE, map_dword},
+ {SPOOL_REG_DEFAULTPRIORITY, map_dword},
+ {SPOOL_REG_DESCRIPTION, map_sz},
+ {SPOOL_REG_DRIVERNAME, map_sz},
+ {SPOOL_REG_DRIVERVERSION, map_dword},
+ {SPOOL_REG_FLAGS, map_dword},
+ {SPOOL_REG_LOCATION, map_sz},
+ {SPOOL_REG_OPERATINGSYSTEM, map_sz},
+ {SPOOL_REG_OPERATINGSYSTEMHOTFIX, map_sz},
+ {SPOOL_REG_OPERATINGSYSTEMSERVICEPACK, map_sz},
+ {SPOOL_REG_OPERATINGSYSTEMVERSION, map_sz},
+ {SPOOL_REG_PORTNAME, map_multi_sz},
+ {SPOOL_REG_PRINTATTRIBUTES, map_dword},
+ {SPOOL_REG_PRINTBINNAMES, map_multi_sz},
+ {SPOOL_REG_PRINTCOLLATE, map_bool},
+ {SPOOL_REG_PRINTCOLOR, map_bool},
+ {SPOOL_REG_PRINTDUPLEXSUPPORTED, map_bool},
+ {SPOOL_REG_PRINTENDTIME, map_dword},
+ {SPOOL_REG_PRINTFORMNAME, map_sz},
+ {SPOOL_REG_PRINTKEEPPRINTEDJOBS, map_bool},
+ {SPOOL_REG_PRINTLANGUAGE, map_multi_sz},
+ {SPOOL_REG_PRINTMACADDRESS, map_sz},
+ {SPOOL_REG_PRINTMAXCOPIES, map_sz},
+ {SPOOL_REG_PRINTMAXRESOLUTIONSUPPORTED, map_dword},
+ {SPOOL_REG_PRINTMAXXEXTENT, map_dword},
+ {SPOOL_REG_PRINTMAXYEXTENT, map_dword},
+ {SPOOL_REG_PRINTMEDIAREADY, map_multi_sz},
+ {SPOOL_REG_PRINTMEDIASUPPORTED, map_multi_sz},
+ {SPOOL_REG_PRINTMEMORY, map_dword},
+ {SPOOL_REG_PRINTMINXEXTENT, map_dword},
+ {SPOOL_REG_PRINTMINYEXTENT, map_dword},
+ {SPOOL_REG_PRINTNETWORKADDRESS, map_sz},
+ {SPOOL_REG_PRINTNOTIFY, map_sz},
+ {SPOOL_REG_PRINTNUMBERUP, map_dword},
+ {SPOOL_REG_PRINTORIENTATIONSSUPPORTED, map_multi_sz},
+ {SPOOL_REG_PRINTOWNER, map_sz},
+ {SPOOL_REG_PRINTPAGESPERMINUTE, map_dword},
+ {SPOOL_REG_PRINTRATE, map_dword},
+ {SPOOL_REG_PRINTRATEUNIT, map_sz},
+ {SPOOL_REG_PRINTSEPARATORFILE, map_sz},
+ {SPOOL_REG_PRINTSHARENAME, map_sz},
+ {SPOOL_REG_PRINTSPOOLING, map_sz},
+ {SPOOL_REG_PRINTSTAPLINGSUPPORTED, map_bool},
+ {SPOOL_REG_PRINTSTARTTIME, map_dword},
+ {SPOOL_REG_PRINTSTATUS, map_sz},
+ {SPOOL_REG_PRIORITY, map_dword},
+ {SPOOL_REG_SERVERNAME, map_sz},
+ {SPOOL_REG_SHORTSERVERNAME, map_sz},
+ {SPOOL_REG_UNCNAME, map_sz},
+ {SPOOL_REG_URL, map_sz},
+ {SPOOL_REG_VERSIONNUMBER, map_dword},
+ {NULL, NULL}
+ };
+ int i;
+
+ for (i=0; map[i].valname; i++) {
+ if (strcasecmp_m(map[i].valname, name) == 0) {
+ if (!map[i].fn(ctx, mods, name, value)) {
+ DEBUG(5, ("Add of value %s to modlist failed\n", name));
+ } else {
+ DEBUG(7, ("Mapped value %s\n", name));
+ }
+ }
+ }
+}
+
+
+WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ ADS_MODLIST *mods,
+ const char *printer)
+{
+ struct dcerpc_binding_handle *b = cli->binding_handle;
+ WERROR result;
+ char *printername;
+ struct spoolss_PrinterEnumValues *info;
+ uint32_t count;
+ uint32_t i;
+ struct policy_handle pol;
+ WERROR werr;
+
+ if ((asprintf(&printername, "%s\\%s", cli->srv_name_slash, printer) == -1)) {
+ DEBUG(3, ("Insufficient memory\n"));
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ result = rpccli_spoolss_openprinter_ex(cli, mem_ctx,
+ printername,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ &pol);
+ if (!W_ERROR_IS_OK(result)) {
+ DEBUG(3, ("Unable to open printer %s, error is %s.\n",
+ printername, win_errstr(result)));
+ SAFE_FREE(printername);
+ return result;
+ }
+
+ result = rpccli_spoolss_enumprinterdataex(cli, mem_ctx, &pol,
+ SPOOL_DSDRIVER_KEY,
+ 0,
+ &count,
+ &info);
+
+ if (!W_ERROR_IS_OK(result)) {
+ DEBUG(3, ("Unable to do enumdataex on %s, error is %s.\n",
+ printername, win_errstr(result)));
+ } else {
+ /* Have the data we need now, so start building */
+ for (i=0; i < count; i++) {
+ struct registry_value v;
+ v.type = info[i].type;
+ v.data = *info[i].data;
+
+ map_regval_to_ads(mem_ctx, mods, info[i].value_name, &v);
+ }
+ }
+
+ result = rpccli_spoolss_enumprinterdataex(cli, mem_ctx, &pol,
+ SPOOL_DSSPOOLER_KEY,
+ 0,
+ &count,
+ &info);
+ if (!W_ERROR_IS_OK(result)) {
+ DEBUG(3, ("Unable to do enumdataex on %s, error is %s.\n",
+ printername, win_errstr(result)));
+ } else {
+ for (i=0; i < count; i++) {
+ struct registry_value v;
+ v.type = info[i].type;
+ v.data = *info[i].data;
+
+ map_regval_to_ads(mem_ctx, mods, info[i].value_name, &v);
+ }
+ }
+
+ ads_mod_str(mem_ctx, mods, SPOOL_REG_PRINTERNAME, printer);
+
+ dcerpc_spoolss_ClosePrinter(b, mem_ctx, &pol, &werr);
+ SAFE_FREE(printername);
+
+ return result;
+}
+
+#endif
diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
new file mode 100644
index 0000000..d2f486e
--- /dev/null
+++ b/source3/libads/ldap_schema.c
@@ -0,0 +1,354 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Guenther Deschner 2005-2007
+ Copyright (C) Gerald (Jerry) Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+#include "libads/ldap_schema.h"
+#include "libads/ldap_schema_oids.h"
+#include "../libcli/ldap/ldap_ndr.h"
+
+#ifdef HAVE_LDAP
+
+static ADS_STATUS ads_get_attrnames_by_oids(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *schema_path,
+ const char **OIDs,
+ size_t num_OIDs,
+ char ***OIDs_out, char ***names,
+ size_t *count)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ LDAPMessage *msg;
+ char *expr = NULL;
+ const char *attrs[] = { "lDAPDisplayName", "attributeId", NULL };
+ int i = 0, p = 0;
+
+ if (!ads || !mem_ctx || !names || !count || !OIDs || !OIDs_out) {
+ return ADS_ERROR(LDAP_PARAM_ERROR);
+ }
+
+ if (num_OIDs == 0 || OIDs[0] == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_NONE_MAPPED);
+ }
+
+ expr = talloc_asprintf(mem_ctx, "(|");
+
+ for (i=0; i<num_OIDs; i++) {
+ talloc_asprintf_addbuf(&expr, "(attributeId=%s)", OIDs[i]);
+ }
+
+ talloc_asprintf_addbuf(&expr, ")");
+ if (expr == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_do_search_retry(ads, schema_path,
+ LDAP_SCOPE_SUBTREE, expr, attrs, &res);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ *count = ads_count_replies(ads, res);
+ if (*count == 0 || !res) {
+ status = ADS_ERROR_NT(NT_STATUS_NONE_MAPPED);
+ goto out;
+ }
+
+ if (((*names) = talloc_array(mem_ctx, char *, *count)) == NULL) {
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
+ if (((*OIDs_out) = talloc_array(mem_ctx, char *, *count)) == NULL) {
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
+
+ for (msg = ads_first_entry(ads, res); msg != NULL;
+ msg = ads_next_entry(ads, msg)) {
+
+ (*names)[p] = ads_pull_string(ads, mem_ctx, msg,
+ "lDAPDisplayName");
+ (*OIDs_out)[p] = ads_pull_string(ads, mem_ctx, msg,
+ "attributeId");
+ if (((*names)[p] == NULL) || ((*OIDs_out)[p] == NULL)) {
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+ goto out;
+ }
+
+ p++;
+ }
+
+ if (*count < num_OIDs) {
+ status = ADS_ERROR_NT(STATUS_SOME_UNMAPPED);
+ goto out;
+ }
+
+ status = ADS_ERROR(LDAP_SUCCESS);
+out:
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+const char *ads_get_attrname_by_guid(ADS_STRUCT *ads,
+ const char *schema_path,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *schema_guid)
+{
+ ADS_STATUS rc;
+ LDAPMessage *res = NULL;
+ char *expr = NULL;
+ const char *attrs[] = { "lDAPDisplayName", NULL };
+ const char *result = NULL;
+ char *guid_bin = NULL;
+
+ if (!ads || !mem_ctx || !schema_guid) {
+ goto done;
+ }
+
+ guid_bin = ldap_encode_ndr_GUID(mem_ctx, schema_guid);
+ if (!guid_bin) {
+ goto done;
+ }
+
+ expr = talloc_asprintf(mem_ctx, "(schemaIDGUID=%s)", guid_bin);
+ if (!expr) {
+ goto done;
+ }
+
+ rc = ads_do_search_retry(ads, schema_path, LDAP_SCOPE_SUBTREE,
+ expr, attrs, &res);
+ if (!ADS_ERR_OK(rc)) {
+ goto done;
+ }
+
+ if (ads_count_replies(ads, res) != 1) {
+ goto done;
+ }
+
+ result = ads_pull_string(ads, mem_ctx, res, "lDAPDisplayName");
+
+ done:
+ TALLOC_FREE(guid_bin);
+ ads_msgfree(ads, res);
+ return result;
+
+}
+
+/*********************************************************************
+*********************************************************************/
+
+ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path)
+{
+ ADS_STATUS status;
+ LDAPMessage *res;
+ const char *schema;
+ const char *attrs[] = { "schemaNamingContext", NULL };
+
+ status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if ( (schema = ads_pull_string(ads, mem_ctx, res, "schemaNamingContext")) == NULL ) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_RESULTS_RETURNED);
+ }
+
+ if ( (*schema_path = talloc_strdup(mem_ctx, schema)) == NULL ) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ ads_msgfree(ads, res);
+
+ return status;
+}
+
+/**
+ * Check for "Services for Unix" or rfc2307 Schema and load some attributes into the ADS_STRUCT
+ * @param ads connection to ads server
+ * @param enum mapping type
+ * @return ADS_STATUS status of search (False if one or more attributes couldn't be
+ * found in Active Directory)
+ **/
+ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ enum wb_posix_mapping map_type,
+ struct posix_schema **s )
+{
+ TALLOC_CTX *ctx = NULL;
+ ADS_STATUS status;
+ char **oids_out, **names_out;
+ size_t num_names;
+ char *schema_path = NULL;
+ int i;
+ struct posix_schema *schema = NULL;
+
+ const char *oids_sfu[] = { ADS_ATTR_SFU_UIDNUMBER_OID,
+ ADS_ATTR_SFU_GIDNUMBER_OID,
+ ADS_ATTR_SFU_HOMEDIR_OID,
+ ADS_ATTR_SFU_SHELL_OID,
+ ADS_ATTR_SFU_GECOS_OID,
+ ADS_ATTR_SFU_UID_OID };
+
+ const char *oids_sfu20[] = { ADS_ATTR_SFU20_UIDNUMBER_OID,
+ ADS_ATTR_SFU20_GIDNUMBER_OID,
+ ADS_ATTR_SFU20_HOMEDIR_OID,
+ ADS_ATTR_SFU20_SHELL_OID,
+ ADS_ATTR_SFU20_GECOS_OID,
+ ADS_ATTR_SFU20_UID_OID };
+
+ const char *oids_rfc2307[] = { ADS_ATTR_RFC2307_UIDNUMBER_OID,
+ ADS_ATTR_RFC2307_GIDNUMBER_OID,
+ ADS_ATTR_RFC2307_HOMEDIR_OID,
+ ADS_ATTR_RFC2307_SHELL_OID,
+ ADS_ATTR_RFC2307_GECOS_OID,
+ ADS_ATTR_RFC2307_UID_OID };
+
+ DEBUG(10,("ads_check_posix_schema_mapping for schema mode: %d\n", map_type));
+
+ switch (map_type) {
+
+ case WB_POSIX_MAP_TEMPLATE:
+ case WB_POSIX_MAP_UNIXINFO:
+ DEBUG(10,("ads_check_posix_schema_mapping: nothing to do\n"));
+ return ADS_ERROR(LDAP_SUCCESS);
+
+ case WB_POSIX_MAP_SFU:
+ case WB_POSIX_MAP_SFU20:
+ case WB_POSIX_MAP_RFC2307:
+ break;
+
+ default:
+ DEBUG(0,("ads_check_posix_schema_mapping: "
+ "unknown enum %d\n", map_type));
+ return ADS_ERROR(LDAP_PARAM_ERROR);
+ }
+
+ if ( (ctx = talloc_init("ads_check_posix_schema_mapping")) == NULL ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if ( (schema = talloc(mem_ctx, struct posix_schema)) == NULL ) {
+ TALLOC_FREE( ctx );
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_schema_path(ads, ctx, &schema_path);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(3,("ads_check_posix_mapping: Unable to retrieve schema DN!\n"));
+ goto done;
+ }
+
+ switch (map_type) {
+ case WB_POSIX_MAP_SFU:
+ status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu,
+ ARRAY_SIZE(oids_sfu),
+ &oids_out, &names_out, &num_names);
+ break;
+ case WB_POSIX_MAP_SFU20:
+ status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_sfu20,
+ ARRAY_SIZE(oids_sfu20),
+ &oids_out, &names_out, &num_names);
+ break;
+ case WB_POSIX_MAP_RFC2307:
+ status = ads_get_attrnames_by_oids(ads, ctx, schema_path, oids_rfc2307,
+ ARRAY_SIZE(oids_rfc2307),
+ &oids_out, &names_out, &num_names);
+ break;
+ default:
+ status = ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ break;
+ }
+
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(3,("ads_check_posix_schema_mapping: failed %s\n",
+ ads_errstr(status)));
+ goto done;
+ }
+
+ for (i=0; i<num_names; i++) {
+
+ DEBUGADD(10,("\tOID %s has name: %s\n", oids_out[i], names_out[i]));
+
+ if (strequal(ADS_ATTR_RFC2307_UIDNUMBER_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU_UIDNUMBER_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_UIDNUMBER_OID, oids_out[i])) {
+ schema->posix_uidnumber_attr = talloc_strdup(schema, names_out[i]);
+ continue;
+ }
+
+ if (strequal(ADS_ATTR_RFC2307_GIDNUMBER_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU_GIDNUMBER_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_GIDNUMBER_OID, oids_out[i])) {
+ schema->posix_gidnumber_attr = talloc_strdup(schema, names_out[i]);
+ continue;
+ }
+
+ if (strequal(ADS_ATTR_RFC2307_HOMEDIR_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU_HOMEDIR_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_HOMEDIR_OID, oids_out[i])) {
+ schema->posix_homedir_attr = talloc_strdup(schema, names_out[i]);
+ continue;
+ }
+
+ if (strequal(ADS_ATTR_RFC2307_SHELL_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU_SHELL_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_SHELL_OID, oids_out[i])) {
+ schema->posix_shell_attr = talloc_strdup(schema, names_out[i]);
+ continue;
+ }
+
+ if (strequal(ADS_ATTR_RFC2307_GECOS_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU_GECOS_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_GECOS_OID, oids_out[i])) {
+ schema->posix_gecos_attr = talloc_strdup(schema, names_out[i]);
+ }
+
+ if (strequal(ADS_ATTR_RFC2307_UID_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU_UID_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_UID_OID, oids_out[i])) {
+ schema->posix_uid_attr = talloc_strdup(schema, names_out[i]);
+ }
+ }
+
+ if (!schema->posix_uidnumber_attr ||
+ !schema->posix_gidnumber_attr ||
+ !schema->posix_homedir_attr ||
+ !schema->posix_shell_attr ||
+ !schema->posix_gecos_attr) {
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+ TALLOC_FREE( schema );
+ goto done;
+ }
+
+ *s = schema;
+
+ status = ADS_ERROR(LDAP_SUCCESS);
+
+done:
+ TALLOC_FREE(ctx);
+
+ return status;
+}
+
+#endif
diff --git a/source3/libads/ldap_schema.h b/source3/libads/ldap_schema.h
new file mode 100644
index 0000000..f36d3e0
--- /dev/null
+++ b/source3/libads/ldap_schema.h
@@ -0,0 +1,57 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Guenther Deschner 2005-2007
+ Copyright (C) Gerald (Jerry) Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_LDAP_SCHEMA_H_
+#define _LIBADS_LDAP_SCHEMA_H_
+
+/* used to remember the names of the posix attributes in AD */
+/* see the rfc2307 & sfu nss backends */
+
+struct posix_schema {
+ char *posix_homedir_attr;
+ char *posix_shell_attr;
+ char *posix_uidnumber_attr;
+ char *posix_gidnumber_attr;
+ char *posix_gecos_attr;
+ char *posix_uid_attr;
+};
+
+enum wb_posix_mapping {
+ WB_POSIX_MAP_UNKNOWN = -1,
+ WB_POSIX_MAP_TEMPLATE = 0,
+ WB_POSIX_MAP_SFU = 1,
+ WB_POSIX_MAP_SFU20 = 2,
+ WB_POSIX_MAP_RFC2307 = 3,
+ WB_POSIX_MAP_UNIXINFO = 4
+};
+
+/* The following definitions come from libads/ldap_schema.c */
+
+const char *ads_get_attrname_by_guid(ADS_STRUCT *ads,
+ const char *schema_path,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *schema_guid);
+ADS_STATUS ads_schema_path(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char **schema_path);
+ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ enum wb_posix_mapping map_type,
+ struct posix_schema **s ) ;
+
+#endif /* _LIBADS_LDAP_SCHEMA_H_ */
diff --git a/source3/libads/ldap_schema_oids.h b/source3/libads/ldap_schema_oids.h
new file mode 100644
index 0000000..cb17b3c
--- /dev/null
+++ b/source3/libads/ldap_schema_oids.h
@@ -0,0 +1,49 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Guenther Deschner 2005-2007
+ Copyright (C) Gerald (Jerry) Carter 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_LDAP_SCHEMA_OIDS_H_
+#define _LIBADS_LDAP_SCHEMA_OIDS_H_
+
+/* ldap attribute oids (Services for Unix 3.0, 3.5) */
+#define ADS_ATTR_SFU_UIDNUMBER_OID "1.2.840.113556.1.6.18.1.310"
+#define ADS_ATTR_SFU_GIDNUMBER_OID "1.2.840.113556.1.6.18.1.311"
+#define ADS_ATTR_SFU_HOMEDIR_OID "1.2.840.113556.1.6.18.1.344"
+#define ADS_ATTR_SFU_SHELL_OID "1.2.840.113556.1.6.18.1.312"
+#define ADS_ATTR_SFU_GECOS_OID "1.2.840.113556.1.6.18.1.337"
+#define ADS_ATTR_SFU_UID_OID "1.2.840.113556.1.6.18.1.309"
+
+/* ldap attribute oids (Services for Unix 2.0) */
+#define ADS_ATTR_SFU20_UIDNUMBER_OID "1.2.840.113556.1.4.7000.187.70"
+#define ADS_ATTR_SFU20_GIDNUMBER_OID "1.2.840.113556.1.4.7000.187.71"
+#define ADS_ATTR_SFU20_HOMEDIR_OID "1.2.840.113556.1.4.7000.187.106"
+#define ADS_ATTR_SFU20_SHELL_OID "1.2.840.113556.1.4.7000.187.72"
+#define ADS_ATTR_SFU20_GECOS_OID "1.2.840.113556.1.4.7000.187.97"
+#define ADS_ATTR_SFU20_UID_OID "1.2.840.113556.1.4.7000.187.102"
+
+
+/* ldap attribute oids (RFC2307) */
+#define ADS_ATTR_RFC2307_UIDNUMBER_OID "1.3.6.1.1.1.1.0"
+#define ADS_ATTR_RFC2307_GIDNUMBER_OID "1.3.6.1.1.1.1.1"
+#define ADS_ATTR_RFC2307_HOMEDIR_OID "1.3.6.1.1.1.1.3"
+#define ADS_ATTR_RFC2307_SHELL_OID "1.3.6.1.1.1.1.4"
+#define ADS_ATTR_RFC2307_GECOS_OID "1.3.6.1.1.1.1.2"
+#define ADS_ATTR_RFC2307_UID_OID "0.9.2342.19200300.100.1.1"
+
+#endif
diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c
new file mode 100644
index 0000000..5542100
--- /dev/null
+++ b/source3/libads/ldap_user.c
@@ -0,0 +1,132 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads (active directory) utility library
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+#include "../libds/common/flags.h"
+
+#ifdef HAVE_ADS
+
+/*
+ find a user account
+*/
+ ADS_STATUS ads_find_user_acct(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *user)
+{
+ ADS_STATUS status;
+ char *ldap_exp;
+ const char *attrs[] = {"*", NULL};
+ char *escaped_user = escape_ldap_string(talloc_tos(), user);
+ if (!escaped_user) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (asprintf(&ldap_exp, "(samAccountName=%s)", escaped_user) == -1) {
+ TALLOC_FREE(escaped_user);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ status = ads_search(ads, res, ldap_exp, attrs);
+ SAFE_FREE(ldap_exp);
+ TALLOC_FREE(escaped_user);
+ return status;
+}
+
+ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
+ const char *container, const char *fullname)
+{
+ TALLOC_CTX *ctx;
+ ADS_MODLIST mods;
+ ADS_STATUS status;
+ const char *upn, *new_dn, *name, *controlstr;
+ char *name_escaped = NULL;
+ const char *objectClass[] = {"top", "person", "organizationalPerson",
+ "user", NULL};
+
+ if (fullname && *fullname) name = fullname;
+ else name = user;
+
+ if (!(ctx = talloc_init("ads_add_user_acct")))
+ return ADS_ERROR(LDAP_NO_MEMORY);
+
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+
+ if (!(upn = talloc_asprintf(ctx, "%s@%s", user, ads->config.realm)))
+ goto done;
+ if (!(name_escaped = escape_rdn_val_string_alloc(name)))
+ goto done;
+ if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container,
+ ads->config.bind_path)))
+ goto done;
+ if (!(controlstr = talloc_asprintf(ctx, "%u", (UF_NORMAL_ACCOUNT | UF_ACCOUNTDISABLE))))
+ goto done;
+ if (!(mods = ads_init_mods(ctx)))
+ goto done;
+
+ ads_mod_str(ctx, &mods, "cn", name);
+ ads_mod_strlist(ctx, &mods, "objectClass", objectClass);
+ ads_mod_str(ctx, &mods, "userPrincipalName", upn);
+ ads_mod_str(ctx, &mods, "name", name);
+ ads_mod_str(ctx, &mods, "displayName", name);
+ ads_mod_str(ctx, &mods, "sAMAccountName", user);
+ ads_mod_str(ctx, &mods, "userAccountControl", controlstr);
+ status = ads_gen_add(ads, new_dn, mods);
+
+ done:
+ SAFE_FREE(name_escaped);
+ talloc_destroy(ctx);
+ return status;
+}
+
+ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
+ const char *container, const char *comment)
+{
+ TALLOC_CTX *ctx;
+ ADS_MODLIST mods;
+ ADS_STATUS status;
+ char *new_dn;
+ char *name_escaped = NULL;
+ const char *objectClass[] = {"top", "group", NULL};
+
+ if (!(ctx = talloc_init("ads_add_group_acct")))
+ return ADS_ERROR(LDAP_NO_MEMORY);
+
+ status = ADS_ERROR(LDAP_NO_MEMORY);
+
+ if (!(name_escaped = escape_rdn_val_string_alloc(group)))
+ goto done;
+ if (!(new_dn = talloc_asprintf(ctx, "cn=%s,%s,%s", name_escaped, container,
+ ads->config.bind_path)))
+ goto done;
+ if (!(mods = ads_init_mods(ctx)))
+ goto done;
+
+ ads_mod_str(ctx, &mods, "cn", group);
+ ads_mod_strlist(ctx, &mods, "objectClass",objectClass);
+ ads_mod_str(ctx, &mods, "name", group);
+ if (comment && *comment)
+ ads_mod_str(ctx, &mods, "description", comment);
+ ads_mod_str(ctx, &mods, "sAMAccountName", group);
+ status = ads_gen_add(ads, new_dn, mods);
+
+ done:
+ SAFE_FREE(name_escaped);
+ talloc_destroy(ctx);
+ return status;
+}
+#endif
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
new file mode 100644
index 0000000..c08f046
--- /dev/null
+++ b/source3/libads/ldap_utils.c
@@ -0,0 +1,389 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Some Helpful wrappers on LDAP
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Guenther Deschner 2006,2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+#include "lib/param/loadparm.h"
+
+#ifdef HAVE_LDAP
+
+static ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ const char **attrs,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings,
+ uint32_t *first_usn,
+ int *num_retries,
+ bool *more_values);
+
+/*
+ a wrapper around ldap_search_s that retries depending on the error code
+ this is supposed to catch dropped connections and auto-reconnect
+*/
+static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT *ads, const char *bind_path, int scope,
+ const char *expr,
+ const char **attrs, void *args,
+ LDAPMessage **res)
+{
+ ADS_STATUS status;
+ int count = 3;
+ char *bp;
+
+ *res = NULL;
+
+ if (!ads->ldap.ld &&
+ time_mono(NULL) - ads->ldap.last_attempt < ADS_RECONNECT_TIME) {
+ return ADS_ERROR(LDAP_SERVER_DOWN);
+ }
+
+ bp = SMB_STRDUP(bind_path);
+
+ if (!bp) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ *res = NULL;
+
+ /* when binding anonymously, we cannot use the paged search LDAP
+ * control - Guenther */
+
+ if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
+ status = ads_do_search(ads, bp, scope, expr, attrs, res);
+ } else {
+ status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
+ }
+ if (ADS_ERR_OK(status)) {
+ DEBUG(5,("Search for %s in <%s> gave %d replies\n",
+ expr, bp, ads_count_replies(ads, *res)));
+ SAFE_FREE(bp);
+ return status;
+ }
+
+ while (--count) {
+
+ if (NT_STATUS_EQUAL(ads_ntstatus(status), NT_STATUS_IO_TIMEOUT) &&
+ ads->config.ldap_page_size >= (lp_ldap_page_size() / 4) &&
+ lp_ldap_page_size() > 4) {
+ int new_page_size = (ads->config.ldap_page_size / 2);
+ DEBUG(1, ("Reducing LDAP page size from %d to %d due to IO_TIMEOUT\n",
+ ads->config.ldap_page_size, new_page_size));
+ ads->config.ldap_page_size = new_page_size;
+ }
+
+ if (*res)
+ ads_msgfree(ads, *res);
+ *res = NULL;
+
+ DEBUG(3,("Reopening ads connection to realm '%s' after error %s\n",
+ ads->config.realm, ads_errstr(status)));
+
+ ads_disconnect(ads);
+ status = ads_connect(ads);
+
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
+ ads_errstr(status)));
+ /*
+ * We need to keep the ads pointer
+ * from being freed here as we don't own it and
+ * callers depend on it being around.
+ */
+ ads_disconnect(ads);
+ SAFE_FREE(bp);
+ return status;
+ }
+
+ *res = NULL;
+
+ /* when binding anonymously, we cannot use the paged search LDAP
+ * control - Guenther */
+
+ if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
+ status = ads_do_search(ads, bp, scope, expr, attrs, res);
+ } else {
+ status = ads_do_search_all_args(ads, bp, scope, expr, attrs, args, res);
+ }
+
+ if (ADS_ERR_OK(status)) {
+ DEBUG(5,("Search for filter: %s, base: %s gave %d replies\n",
+ expr, bp, ads_count_replies(ads, *res)));
+ SAFE_FREE(bp);
+ return status;
+ }
+ }
+ SAFE_FREE(bp);
+
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("ads reopen failed after error %s\n",
+ ads_errstr(status)));
+ }
+ return status;
+}
+
+ ADS_STATUS ads_do_search_retry(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, LDAPMessage **res)
+{
+ return ads_do_search_retry_internal(ads, bind_path, scope, expr, attrs, NULL, res);
+}
+
+static ADS_STATUS ads_do_search_retry_args(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr,
+ const char **attrs, void *args,
+ LDAPMessage **res)
+{
+ return ads_do_search_retry_internal(ads, bind_path, scope, expr, attrs, args, res);
+}
+
+
+ ADS_STATUS ads_search_retry(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *expr, const char **attrs)
+{
+ return ads_do_search_retry(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
+ expr, attrs, res);
+}
+
+ ADS_STATUS ads_search_retry_dn(ADS_STRUCT *ads, LDAPMessage **res,
+ const char *dn,
+ const char **attrs)
+{
+ return ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, res);
+}
+
+ ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res,
+ uint32_t sd_flags,
+ const char *dn,
+ const char **attrs)
+{
+ ads_control args;
+
+ args.control = ADS_SD_FLAGS_OID;
+ args.val = sd_flags;
+ args.critical = True;
+
+ return ads_do_search_retry_args(ads, dn, LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, &args, res);
+}
+
+ ADS_STATUS ads_search_retry_extended_dn_ranged(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx,
+ const char *dn,
+ const char **attrs,
+ enum ads_extended_dn_flags flags,
+ char ***strings,
+ size_t *num_strings)
+{
+ ads_control args;
+
+ args.control = ADS_EXTENDED_DN_OID;
+ args.val = flags;
+ args.critical = True;
+
+ /* we can only range process one attribute */
+ if (!attrs || !attrs[0] || attrs[1]) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+
+ return ads_ranged_search(ads, mem_ctx, LDAP_SCOPE_BASE, dn,
+ "(objectclass=*)", &args, attrs[0],
+ strings, num_strings);
+
+}
+
+ ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res,
+ const struct dom_sid *sid,
+ const char **attrs)
+{
+ char *dn, *sid_string;
+ ADS_STATUS status;
+
+ sid_string = sid_binstring_hex_talloc(talloc_tos(), sid);
+ if (sid_string == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (!asprintf(&dn, "<SID=%s>", sid_string)) {
+ TALLOC_FREE(sid_string);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_do_search_retry(ads, dn, LDAP_SCOPE_BASE,
+ "(objectclass=*)", attrs, res);
+ SAFE_FREE(dn);
+ TALLOC_FREE(sid_string);
+ return status;
+}
+
+ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings)
+{
+ ADS_STATUS status;
+ uint32_t first_usn;
+ int num_retries = 0;
+ const char **attrs;
+ bool more_values = False;
+
+ *num_strings = 0;
+ *strings = NULL;
+
+ attrs = talloc_array(mem_ctx, const char *, 3);
+ ADS_ERROR_HAVE_NO_MEMORY(attrs);
+
+ attrs[0] = talloc_strdup(mem_ctx, range_attr);
+ attrs[1] = talloc_strdup(mem_ctx, "usnChanged");
+ attrs[2] = NULL;
+
+ ADS_ERROR_HAVE_NO_MEMORY(attrs[0]);
+ ADS_ERROR_HAVE_NO_MEMORY(attrs[1]);
+
+ do {
+ status = ads_ranged_search_internal(ads, mem_ctx,
+ scope, base, filter,
+ attrs, args, range_attr,
+ strings, num_strings,
+ &first_usn, &num_retries,
+ &more_values);
+
+ if (NT_STATUS_EQUAL(STATUS_MORE_ENTRIES, ads_ntstatus(status))) {
+ continue;
+ }
+
+ if (!ADS_ERR_OK(status)) {
+ *num_strings = 0;
+ strings = NULL;
+ goto done;
+ }
+
+ } while (more_values);
+
+ done:
+ DEBUG(10,("returning with %d strings\n", (int)*num_strings));
+
+ return status;
+}
+
+static ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ const char **attrs,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings,
+ uint32_t *first_usn,
+ int *num_retries,
+ bool *more_values)
+{
+ LDAPMessage *res = NULL;
+ ADS_STATUS status;
+ int count;
+ uint32_t current_usn;
+
+ DEBUG(10, ("Searching for attrs[0] = %s, attrs[1] = %s\n", attrs[0], attrs[1]));
+
+ *more_values = False;
+
+ status = ads_do_search_retry_internal(ads, base, scope, filter, attrs, args, &res);
+
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("ads_search: %s\n",
+ ads_errstr(status)));
+ return status;
+ }
+
+ if (!res) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ count = ads_count_replies(ads, res);
+ if (count == 0) {
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_SUCCESS);
+ }
+
+ if (*num_strings == 0) {
+ if (!ads_pull_uint32(ads, res, "usnChanged", first_usn)) {
+ DEBUG(1, ("could not pull first usnChanged!\n"));
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+ if (!ads_pull_uint32(ads, res, "usnChanged", &current_usn)) {
+ DEBUG(1, ("could not pull current usnChanged!\n"));
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (*first_usn != current_usn) {
+ DEBUG(5, ("USN on this record changed"
+ " - restarting search\n"));
+ if (*num_retries < 5) {
+ (*num_retries)++;
+ *num_strings = 0;
+ ads_msgfree(ads, res);
+ return ADS_ERROR_NT(STATUS_MORE_ENTRIES);
+ } else {
+ DEBUG(5, ("USN on this record changed"
+ " - restarted search too many times, aborting!\n"));
+ ads_msgfree(ads, res);
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+ *strings = ads_pull_strings_range(ads, mem_ctx, res,
+ range_attr,
+ *strings,
+ &attrs[0],
+ num_strings,
+ more_values);
+
+ ads_msgfree(ads, res);
+
+ /* paranoia checks */
+ if (*strings == NULL && *more_values) {
+ DEBUG(0,("no strings found but more values???\n"));
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ if (*num_strings == 0 && *more_values) {
+ DEBUG(0,("no strings found but more values???\n"));
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ return (*more_values) ? ADS_ERROR_NT(STATUS_MORE_ENTRIES) : ADS_ERROR(LDAP_SUCCESS);
+}
+
+#endif
diff --git a/source3/libads/net_ads_setspn.c b/source3/libads/net_ads_setspn.c
new file mode 100644
index 0000000..b163184
--- /dev/null
+++ b/source3/libads/net_ads_setspn.c
@@ -0,0 +1,229 @@
+/*
+ Unix SMB/CIFS implementation.
+ net ads setspn routines
+ Copyright (C) Noel Power 2018
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+
+#ifdef HAVE_ADS
+bool ads_setspn_list(ADS_STRUCT *ads, const char *machine_name)
+{
+ size_t i = 0;
+ TALLOC_CTX *frame = NULL;
+ char **spn_array = NULL;
+ size_t num_spns = 0;
+ bool ok = false;
+ ADS_STATUS status;
+
+ frame = talloc_stackframe();
+ status = ads_get_service_principal_names(frame,
+ ads,
+ machine_name,
+ &spn_array,
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ d_printf("Registered SPNs for %s\n", machine_name);
+ for (i = 0; i < num_spns; i++) {
+ d_printf("\t%s\n", spn_array[i]);
+ }
+
+ ok = true;
+done:
+ TALLOC_FREE(frame);
+ return ok;
+}
+
+/* returns true if spn exists in spn_array (match is NOT case-sensitive) */
+static bool find_spn_in_spnlist(TALLOC_CTX *ctx,
+ const char *spn,
+ char **spn_array,
+ size_t num_spns)
+{
+ char *lc_spn = NULL;
+ size_t i = 0;
+
+ lc_spn = strlower_talloc(ctx, spn);
+ if (lc_spn == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n",
+ spn);
+ return false;
+ }
+
+ for (i = 0; i < num_spns; i++) {
+ char *lc_spn_attr = strlower_talloc(ctx, spn_array[i]);
+ if (lc_spn_attr == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n",
+ spn_array[i]);
+ return false;
+ }
+
+ if (strequal(lc_spn, lc_spn_attr)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+bool ads_setspn_add(ADS_STRUCT *ads, const char *machine_name, const char * spn)
+{
+ bool ret = false;
+ TALLOC_CTX *frame = NULL;
+ ADS_STATUS status;
+ struct spn_struct *spn_struct = NULL;
+ const char *spns[2] = {NULL, NULL};
+ char **existing_spns = NULL;
+ size_t num_spns = 0;
+ bool found = false;
+
+ frame = talloc_stackframe();
+ spns[0] = spn;
+ spn_struct = parse_spn(frame, spn);
+ if (spn_struct == NULL) {
+ goto done;
+ }
+
+ status = ads_get_service_principal_names(frame,
+ ads,
+ machine_name,
+ &existing_spns,
+ &num_spns);
+
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ found = find_spn_in_spnlist(frame, spn, existing_spns, num_spns);
+ if (found) {
+ d_printf("Duplicate SPN found, aborting operation.\n");
+ goto done;
+ }
+
+ d_printf("Registering SPN %s for object %s\n", spn, machine_name);
+ status = ads_add_service_principal_names(ads, machine_name, spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ ret = true;
+ d_printf("Updated object\n");
+done:
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+bool ads_setspn_delete(ADS_STRUCT *ads,
+ const char *machine_name,
+ const char * spn)
+{
+ size_t i = 0, j = 0;
+ TALLOC_CTX *frame = NULL;
+ char **spn_array = NULL;
+ const char **new_spn_array = NULL;
+ char *lc_spn = NULL;
+ size_t num_spns = 0;
+ ADS_STATUS status;
+ ADS_MODLIST mods;
+ bool ok = false;
+ LDAPMessage *res = NULL;
+
+ frame = talloc_stackframe();
+
+ lc_spn = strlower_talloc(frame, spn);
+ if (lc_spn == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n", spn);
+ goto done;
+ }
+
+ status = ads_find_machine_acct(ads,
+ &res,
+ machine_name);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ status = ads_get_service_principal_names(frame,
+ ads,
+ machine_name,
+ &spn_array,
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ new_spn_array = talloc_zero_array(frame, const char*, num_spns + 1);
+ if (!new_spn_array) {
+ DBG_ERR("Out of memory, failed to allocate array.\n");
+ goto done;
+ }
+
+ /*
+ * create new spn list to write to object (excluding the spn to
+ * be deleted).
+ */
+ for (i = 0, j = 0; i < num_spns; i++) {
+ /*
+ * windows setspn.exe deletes matching spn in a case
+ * insensitive way.
+ */
+ char *lc_spn_attr = strlower_talloc(frame, spn_array[i]);
+ if (lc_spn_attr == NULL) {
+ DBG_ERR("Out of memory, lowercasing %s.\n",
+ spn_array[i]);
+ goto done;
+ }
+
+ if (!strequal(lc_spn, lc_spn_attr)) {
+ new_spn_array[j++] = spn_array[i];
+ }
+ }
+
+ /* found and removed spn */
+ if (j < num_spns) {
+ char *dn = NULL;
+ mods = ads_init_mods(frame);
+ if (mods == NULL) {
+ goto done;
+ }
+ d_printf("Unregistering SPN %s for %s\n", spn, machine_name);
+ status = ads_mod_strlist(frame, &mods, "servicePrincipalName", new_spn_array);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ dn = ads_get_dn(ads, frame, res);
+ if (dn == NULL ) {
+ goto done;
+ }
+
+ status = ads_gen_mod(ads, dn, mods);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
+ d_printf("Updated object\n");
+
+ ok = true;
+done:
+ TALLOC_FREE(frame);
+ return ok;
+}
+
+#endif /* HAVE_ADS */
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
new file mode 100644
index 0000000..5ae8b99
--- /dev/null
+++ b/source3/libads/sasl.c
@@ -0,0 +1,855 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads sasl code
+ Copyright (C) Andrew Tridgell 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/auth/spnego.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth_generic.h"
+#include "ads.h"
+#include "smb_krb5.h"
+#include "system/gssapi.h"
+#include "lib/param/loadparm.h"
+#include "krb5_env.h"
+#include "lib/util/asn1.h"
+
+#ifdef HAVE_LDAP
+
+static ADS_STATUS ads_sasl_gensec_wrap(struct ads_saslwrap *wrap,
+ uint8_t *buf, uint32_t len)
+{
+ struct gensec_security *gensec_security =
+ talloc_get_type_abort(wrap->wrap_private_data,
+ struct gensec_security);
+ NTSTATUS nt_status;
+ DATA_BLOB unwrapped, wrapped;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ unwrapped = data_blob_const(buf, len);
+
+ nt_status = gensec_wrap(gensec_security, frame, &unwrapped, &wrapped);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(frame);
+ return ADS_ERROR_NT(nt_status);
+ }
+
+ if ((wrap->out.size - 4) < wrapped.length) {
+ TALLOC_FREE(frame);
+ return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
+ }
+
+ /* copy the wrapped blob to the right location */
+ memcpy(wrap->out.buf + 4, wrapped.data, wrapped.length);
+
+ /* set how many bytes must be written to the underlying socket */
+ wrap->out.left = 4 + wrapped.length;
+
+ TALLOC_FREE(frame);
+
+ return ADS_SUCCESS;
+}
+
+static ADS_STATUS ads_sasl_gensec_unwrap(struct ads_saslwrap *wrap)
+{
+ struct gensec_security *gensec_security =
+ talloc_get_type_abort(wrap->wrap_private_data,
+ struct gensec_security);
+ NTSTATUS nt_status;
+ DATA_BLOB unwrapped, wrapped;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ wrapped = data_blob_const(wrap->in.buf + 4, wrap->in.ofs - 4);
+
+ nt_status = gensec_unwrap(gensec_security, frame, &wrapped, &unwrapped);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(frame);
+ return ADS_ERROR_NT(nt_status);
+ }
+
+ if (wrapped.length < unwrapped.length) {
+ TALLOC_FREE(frame);
+ return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
+ }
+
+ /* copy the wrapped blob to the right location */
+ memcpy(wrap->in.buf + 4, unwrapped.data, unwrapped.length);
+
+ /* set how many bytes must be written to the underlying socket */
+ wrap->in.left = unwrapped.length;
+ wrap->in.ofs = 4;
+
+ TALLOC_FREE(frame);
+
+ return ADS_SUCCESS;
+}
+
+static void ads_sasl_gensec_disconnect(struct ads_saslwrap *wrap)
+{
+ struct gensec_security *gensec_security =
+ talloc_get_type_abort(wrap->wrap_private_data,
+ struct gensec_security);
+
+ TALLOC_FREE(gensec_security);
+
+ wrap->wrap_ops = NULL;
+ wrap->wrap_private_data = NULL;
+}
+
+static const struct ads_saslwrap_ops ads_sasl_gensec_ops = {
+ .name = "gensec",
+ .wrap = ads_sasl_gensec_wrap,
+ .unwrap = ads_sasl_gensec_unwrap,
+ .disconnect = ads_sasl_gensec_disconnect
+};
+
+/*
+ perform a LDAP/SASL/SPNEGO/{NTLMSSP,KRB5} bind (just how many layers can
+ we fit on one socket??)
+*/
+static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
+ const char *sasl,
+ enum credentials_use_kerberos krb5_state,
+ const char *target_service,
+ const char *target_hostname,
+ const DATA_BLOB server_blob)
+{
+ DATA_BLOB blob_in = data_blob_null;
+ DATA_BLOB blob_out = data_blob_null;
+ int rc;
+ NTSTATUS nt_status;
+ ADS_STATUS status;
+ struct auth_generic_state *auth_generic_state;
+ bool use_spnego_principal = lp_client_use_spnego_principal();
+ const char *sasl_list[] = { sasl, NULL };
+ NTTIME end_nt_time;
+ struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
+
+ nt_status = auth_generic_client_prepare(NULL, &auth_generic_state);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return ADS_ERROR_NT(nt_status);
+ }
+
+ if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_username(auth_generic_state, ads->auth.user_name))) {
+ return ADS_ERROR_NT(nt_status);
+ }
+ if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_domain(auth_generic_state, ads->auth.realm))) {
+ return ADS_ERROR_NT(nt_status);
+ }
+ if (!NT_STATUS_IS_OK(nt_status = auth_generic_set_password(auth_generic_state, ads->auth.password))) {
+ return ADS_ERROR_NT(nt_status);
+ }
+
+ if (server_blob.length == 0) {
+ use_spnego_principal = false;
+ }
+
+ if (krb5_state == CRED_USE_KERBEROS_DISABLED) {
+ use_spnego_principal = false;
+ }
+
+ cli_credentials_set_kerberos_state(auth_generic_state->credentials,
+ krb5_state,
+ CRED_SPECIFIED);
+
+ if (target_service != NULL) {
+ nt_status = gensec_set_target_service(
+ auth_generic_state->gensec_security,
+ target_service);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return ADS_ERROR_NT(nt_status);
+ }
+ }
+
+ if (target_hostname != NULL) {
+ nt_status = gensec_set_target_hostname(
+ auth_generic_state->gensec_security,
+ target_hostname);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return ADS_ERROR_NT(nt_status);
+ }
+ }
+
+ if (target_service != NULL && target_hostname != NULL) {
+ use_spnego_principal = false;
+ }
+
+ switch (wrap->wrap_type) {
+ case ADS_SASLWRAP_TYPE_SEAL:
+ gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
+ break;
+ case ADS_SASLWRAP_TYPE_SIGN:
+ if (ads->auth.flags & ADS_AUTH_SASL_FORCE) {
+ gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
+ } else {
+ /*
+ * windows servers are broken with sign only,
+ * so we let the NTLMSSP backend to seal here,
+ * via GENSEC_FEATURE_LDAP_STYLE.
+ */
+ gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
+ gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_LDAP_STYLE);
+ }
+ break;
+ case ADS_SASLWRAP_TYPE_PLAIN:
+ break;
+ }
+
+ nt_status = auth_generic_client_start_by_sasl(auth_generic_state,
+ sasl_list);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return ADS_ERROR_NT(nt_status);
+ }
+
+ rc = LDAP_SASL_BIND_IN_PROGRESS;
+ if (use_spnego_principal) {
+ blob_in = data_blob_dup_talloc(talloc_tos(), server_blob);
+ if (blob_in.length == 0) {
+ TALLOC_FREE(auth_generic_state);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+ } else {
+ blob_in = data_blob_null;
+ }
+ blob_out = data_blob_null;
+
+ while (true) {
+ struct berval cred, *scred = NULL;
+
+ nt_status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), blob_in, &blob_out);
+ data_blob_free(&blob_in);
+ if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
+ && !NT_STATUS_IS_OK(nt_status))
+ {
+ TALLOC_FREE(auth_generic_state);
+ data_blob_free(&blob_out);
+ return ADS_ERROR_NT(nt_status);
+ }
+
+ if (NT_STATUS_IS_OK(nt_status) && rc == 0 && blob_out.length == 0) {
+ break;
+ }
+
+ cred.bv_val = (char *)blob_out.data;
+ cred.bv_len = blob_out.length;
+ scred = NULL;
+ rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, sasl, &cred, NULL, NULL, &scred);
+ data_blob_free(&blob_out);
+ if ((rc != LDAP_SASL_BIND_IN_PROGRESS) && (rc != 0)) {
+ if (scred) {
+ ber_bvfree(scred);
+ }
+
+ TALLOC_FREE(auth_generic_state);
+ return ADS_ERROR(rc);
+ }
+ if (scred) {
+ blob_in = data_blob_talloc(talloc_tos(),
+ scred->bv_val,
+ scred->bv_len);
+ if (blob_in.length != scred->bv_len) {
+ ber_bvfree(scred);
+ TALLOC_FREE(auth_generic_state);
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+ ber_bvfree(scred);
+ } else {
+ blob_in = data_blob_null;
+ }
+ if (NT_STATUS_IS_OK(nt_status) && rc == 0 && blob_in.length == 0) {
+ break;
+ }
+ }
+
+ data_blob_free(&blob_in);
+ data_blob_free(&blob_out);
+
+ if (wrap->wrap_type >= ADS_SASLWRAP_TYPE_SEAL) {
+ bool ok;
+
+ ok = gensec_have_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SEAL);
+ if (!ok) {
+ DEBUG(0,("The gensec feature sealing request, but unavailable\n"));
+ TALLOC_FREE(auth_generic_state);
+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
+ }
+
+ ok = gensec_have_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SIGN);
+ if (!ok) {
+ DEBUG(0,("The gensec feature signing request, but unavailable\n"));
+ TALLOC_FREE(auth_generic_state);
+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
+ }
+
+ } else if (wrap->wrap_type >= ADS_SASLWRAP_TYPE_SIGN) {
+ bool ok;
+
+ ok = gensec_have_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_SIGN);
+ if (!ok) {
+ DEBUG(0,("The gensec feature signing request, but unavailable\n"));
+ TALLOC_FREE(auth_generic_state);
+ return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
+ }
+ }
+
+ ads->auth.tgs_expire = LONG_MAX;
+ end_nt_time = gensec_expire_time(auth_generic_state->gensec_security);
+ if (end_nt_time != GENSEC_EXPIRE_TIME_INFINITY) {
+ struct timeval tv;
+ nttime_to_timeval(&tv, end_nt_time);
+ ads->auth.tgs_expire = tv.tv_sec;
+ }
+
+ if (wrap->wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
+ size_t max_wrapped =
+ gensec_max_wrapped_size(auth_generic_state->gensec_security);
+ wrap->out.max_unwrapped =
+ gensec_max_input_size(auth_generic_state->gensec_security);
+
+ wrap->out.sig_size = max_wrapped - wrap->out.max_unwrapped;
+ /*
+ * Note that we have to truncate this to 0x2C
+ * (taken from a capture with LDAP unbind), as the
+ * signature size is not constant for Kerberos with
+ * arcfour-hmac-md5.
+ */
+ wrap->in.min_wrapped = MIN(wrap->out.sig_size, 0x2C);
+ wrap->in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED;
+ status = ads_setup_sasl_wrapping(wrap, ads->ldap.ld,
+ &ads_sasl_gensec_ops,
+ auth_generic_state->gensec_security);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(0, ("ads_setup_sasl_wrapping() failed: %s\n",
+ ads_errstr(status)));
+ TALLOC_FREE(auth_generic_state);
+ return status;
+ }
+ /* Only keep the gensec_security element around long-term */
+ talloc_steal(NULL, auth_generic_state->gensec_security);
+ }
+ TALLOC_FREE(auth_generic_state);
+
+ return ADS_ERROR(rc);
+}
+
+#ifdef HAVE_KRB5
+struct ads_service_principal {
+ char *service;
+ char *hostname;
+ char *string;
+};
+
+static void ads_free_service_principal(struct ads_service_principal *p)
+{
+ SAFE_FREE(p->service);
+ SAFE_FREE(p->hostname);
+ SAFE_FREE(p->string);
+ ZERO_STRUCTP(p);
+}
+
+static ADS_STATUS ads_guess_target(ADS_STRUCT *ads,
+ char **service,
+ char **hostname,
+ char **principal)
+{
+ ADS_STATUS status = ADS_ERROR(LDAP_NO_MEMORY);
+ char *princ = NULL;
+ TALLOC_CTX *frame;
+ char *server = NULL;
+ char *realm = NULL;
+ int rc;
+
+ frame = talloc_stackframe();
+ if (frame == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (ads->server.realm && ads->server.ldap_server) {
+ server = strlower_talloc(frame, ads->server.ldap_server);
+ if (server == NULL) {
+ goto out;
+ }
+
+ realm = strupper_talloc(frame, ads->server.realm);
+ if (realm == NULL) {
+ goto out;
+ }
+
+ /*
+ * If we got a name which is bigger than a NetBIOS name,
+ * but isn't a FQDN, create one.
+ */
+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+ char *dnsdomain;
+
+ dnsdomain = strlower_talloc(frame, ads->server.realm);
+ if (dnsdomain == NULL) {
+ goto out;
+ }
+
+ server = talloc_asprintf(frame,
+ "%s.%s",
+ server, dnsdomain);
+ if (server == NULL) {
+ goto out;
+ }
+ }
+ } else if (ads->config.realm && ads->config.ldap_server_name) {
+ server = strlower_talloc(frame, ads->config.ldap_server_name);
+ if (server == NULL) {
+ goto out;
+ }
+
+ realm = strupper_talloc(frame, ads->config.realm);
+ if (realm == NULL) {
+ goto out;
+ }
+
+ /*
+ * If we got a name which is bigger than a NetBIOS name,
+ * but isn't a FQDN, create one.
+ */
+ if (strlen(server) > 15 && strstr(server, ".") == NULL) {
+ char *dnsdomain;
+
+ dnsdomain = strlower_talloc(frame, ads->server.realm);
+ if (dnsdomain == NULL) {
+ goto out;
+ }
+
+ server = talloc_asprintf(frame,
+ "%s.%s",
+ server, dnsdomain);
+ if (server == NULL) {
+ goto out;
+ }
+ }
+ }
+
+ if (server == NULL || realm == NULL) {
+ goto out;
+ }
+
+ *service = SMB_STRDUP("ldap");
+ if (*service == NULL) {
+ status = ADS_ERROR(LDAP_PARAM_ERROR);
+ goto out;
+ }
+ *hostname = SMB_STRDUP(server);
+ if (*hostname == NULL) {
+ SAFE_FREE(*service);
+ status = ADS_ERROR(LDAP_PARAM_ERROR);
+ goto out;
+ }
+ rc = asprintf(&princ, "ldap/%s@%s", server, realm);
+ if (rc == -1 || princ == NULL) {
+ SAFE_FREE(*service);
+ SAFE_FREE(*hostname);
+ status = ADS_ERROR(LDAP_PARAM_ERROR);
+ goto out;
+ }
+
+ *principal = princ;
+
+ status = ADS_SUCCESS;
+out:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
+ struct ads_service_principal *p)
+{
+ ADS_STATUS status;
+
+ ZERO_STRUCTP(p);
+
+ status = ads_guess_target(ads,
+ &p->service,
+ &p->hostname,
+ &p->string);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ return ADS_SUCCESS;
+}
+
+#endif /* HAVE_KRB5 */
+
+/*
+ parse a negTokenInit packet giving a GUID, a list of supported
+ OIDs (the mechanisms) and a principal name string
+*/
+static bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
+ DATA_BLOB blob,
+ char *OIDs[ASN1_MAX_OIDS],
+ char **principal,
+ DATA_BLOB *secblob)
+{
+ int i;
+ bool ret = false;
+ ASN1_DATA *data;
+
+ for (i = 0; i < ASN1_MAX_OIDS; i++) {
+ OIDs[i] = NULL;
+ }
+
+ if (principal) {
+ *principal = NULL;
+ }
+ if (secblob) {
+ *secblob = data_blob_null;
+ }
+
+ data = asn1_init(talloc_tos(), ASN1_MAX_TREE_DEPTH);
+ if (data == NULL) {
+ return false;
+ }
+
+ if (!asn1_load(data, blob)) goto err;
+
+ if (!asn1_start_tag(data,ASN1_APPLICATION(0))) goto err;
+
+ if (!asn1_check_OID(data,OID_SPNEGO)) goto err;
+
+ /* negTokenInit [0] NegTokenInit */
+ if (!asn1_start_tag(data,ASN1_CONTEXT(0))) goto err;
+ if (!asn1_start_tag(data,ASN1_SEQUENCE(0))) goto err;
+
+ /* mechTypes [0] MechTypeList OPTIONAL */
+
+ /* Not really optional, we depend on this to decide
+ * what mechanisms we have to work with. */
+
+ if (!asn1_start_tag(data,ASN1_CONTEXT(0))) goto err;
+ if (!asn1_start_tag(data,ASN1_SEQUENCE(0))) goto err;
+ for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) {
+ if (!asn1_read_OID(data,ctx, &OIDs[i])) {
+ goto err;
+ }
+ if (asn1_has_error(data)) {
+ goto err;
+ }
+ }
+ OIDs[i] = NULL;
+ if (!asn1_end_tag(data)) goto err;
+ if (!asn1_end_tag(data)) goto err;
+
+ /*
+ Win7 + Live Sign-in Assistant attaches a mechToken
+ ASN1_CONTEXT(2) to the negTokenInit packet
+ which breaks our negotiation if we just assume
+ the next tag is ASN1_CONTEXT(3).
+ */
+
+ if (asn1_peek_tag(data, ASN1_CONTEXT(1))) {
+ uint8_t flags;
+
+ /* reqFlags [1] ContextFlags OPTIONAL */
+ if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err;
+ if (!asn1_start_tag(data, ASN1_BIT_STRING)) goto err;
+ while (asn1_tag_remaining(data) > 0) {
+ if (!asn1_read_uint8(data, &flags)) goto err;
+ }
+ if (!asn1_end_tag(data)) goto err;
+ if (!asn1_end_tag(data)) goto err;
+ }
+
+ if (asn1_peek_tag(data, ASN1_CONTEXT(2))) {
+ DATA_BLOB sblob = data_blob_null;
+ /* mechToken [2] OCTET STRING OPTIONAL */
+ if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err;
+ if (!asn1_read_OctetString(data, ctx, &sblob)) goto err;
+ if (!asn1_end_tag(data)) {
+ data_blob_free(&sblob);
+ goto err;
+ }
+ if (secblob) {
+ *secblob = sblob;
+ } else {
+ data_blob_free(&sblob);
+ }
+ }
+
+ if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
+ char *princ = NULL;
+ /* mechListMIC [3] OCTET STRING OPTIONAL */
+ if (!asn1_start_tag(data, ASN1_CONTEXT(3))) goto err;
+ if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err;
+ if (!asn1_start_tag(data, ASN1_CONTEXT(0))) goto err;
+ if (!asn1_read_GeneralString(data, ctx, &princ)) goto err;
+ if (!asn1_end_tag(data)) goto err;
+ if (!asn1_end_tag(data)) goto err;
+ if (!asn1_end_tag(data)) goto err;
+ if (principal) {
+ *principal = princ;
+ } else {
+ TALLOC_FREE(princ);
+ }
+ }
+
+ if (!asn1_end_tag(data)) goto err;
+ if (!asn1_end_tag(data)) goto err;
+
+ if (!asn1_end_tag(data)) goto err;
+
+ ret = !asn1_has_error(data);
+
+ err:
+
+ if (asn1_has_error(data)) {
+ int j;
+ if (principal) {
+ TALLOC_FREE(*principal);
+ }
+ if (secblob) {
+ data_blob_free(secblob);
+ }
+ for(j = 0; j < i && j < ASN1_MAX_OIDS-1; j++) {
+ TALLOC_FREE(OIDs[j]);
+ }
+ }
+
+ asn1_free(data);
+ return ret;
+}
+
+/*
+ this performs a SASL/SPNEGO bind
+*/
+static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct ads_service_principal p = {0};
+ struct berval *scred=NULL;
+ int rc, i;
+ ADS_STATUS status;
+ DATA_BLOB blob = data_blob_null;
+ char *given_principal = NULL;
+ char *OIDs[ASN1_MAX_OIDS];
+#ifdef HAVE_KRB5
+ bool got_kerberos_mechanism = False;
+#endif
+ const char *mech = NULL;
+
+ rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSS-SPNEGO", NULL, NULL, NULL, &scred);
+
+ if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
+ status = ADS_ERROR(rc);
+ goto done;
+ }
+
+ blob = data_blob(scred->bv_val, scred->bv_len);
+
+ ber_bvfree(scred);
+
+#if 0
+ file_save("sasl_spnego.dat", blob.data, blob.length);
+#endif
+
+ /* the server sent us the first part of the SPNEGO exchange in the negprot
+ reply */
+ if (!spnego_parse_negTokenInit(talloc_tos(), blob, OIDs, &given_principal, NULL) ||
+ OIDs[0] == NULL) {
+ status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
+ goto done;
+ }
+ TALLOC_FREE(given_principal);
+
+ /* make sure the server understands kerberos */
+ for (i=0;OIDs[i];i++) {
+ DEBUG(3,("ads_sasl_spnego_bind: got OID=%s\n", OIDs[i]));
+#ifdef HAVE_KRB5
+ if (strcmp(OIDs[i], OID_KERBEROS5_OLD) == 0 ||
+ strcmp(OIDs[i], OID_KERBEROS5) == 0) {
+ got_kerberos_mechanism = True;
+ }
+#endif
+ talloc_free(OIDs[i]);
+ }
+
+ status = ads_generate_service_principal(ads, &p);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+#ifdef HAVE_KRB5
+ if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
+ got_kerberos_mechanism)
+ {
+ mech = "KRB5";
+
+ if (ads->auth.password == NULL ||
+ ads->auth.password[0] == '\0')
+ {
+
+ status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO",
+ CRED_USE_KERBEROS_REQUIRED,
+ p.service, p.hostname,
+ blob);
+ if (ADS_ERR_OK(status)) {
+ ads_free_service_principal(&p);
+ goto done;
+ }
+
+ DEBUG(10,("ads_sasl_spnego_gensec_bind(KRB5) failed with: %s, "
+ "calling kinit\n", ads_errstr(status)));
+ }
+
+ status = ADS_ERROR_KRB5(ads_kinit_password(ads));
+
+ if (ADS_ERR_OK(status)) {
+ status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO",
+ CRED_USE_KERBEROS_REQUIRED,
+ p.service, p.hostname,
+ blob);
+ if (!ADS_ERR_OK(status)) {
+ DBG_ERR("kinit succeeded but "
+ "SPNEGO bind with Kerberos failed "
+ "for %s/%s - user[%s], realm[%s]: %s\n",
+ p.service, p.hostname,
+ ads->auth.user_name,
+ ads->auth.realm,
+ ads_errstr(status));
+ }
+ }
+
+ /* only fallback to NTLMSSP if allowed */
+ if (ADS_ERR_OK(status) ||
+ !(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
+ goto done;
+ }
+
+ DBG_WARNING("SASL bind with Kerberos failed "
+ "for %s/%s - user[%s], realm[%s]: %s, "
+ "try to fallback to NTLMSSP\n",
+ p.service, p.hostname,
+ ads->auth.user_name,
+ ads->auth.realm,
+ ads_errstr(status));
+ }
+#endif
+
+ /* lets do NTLMSSP ... this has the big advantage that we don't need
+ to sync clocks, and we don't rely on special versions of the krb5
+ library for HMAC_MD4 encryption */
+ mech = "NTLMSSP";
+
+ if (!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
+ DBG_WARNING("We can't use NTLMSSP, it is not allowed.\n");
+ status = ADS_ERROR_NT(NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
+ goto done;
+ }
+
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ DBG_WARNING("We can't fallback to NTLMSSP, weak crypto is"
+ " disallowed.\n");
+ status = ADS_ERROR_NT(NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
+ goto done;
+ }
+
+ status = ads_sasl_spnego_gensec_bind(ads, "GSS-SPNEGO",
+ CRED_USE_KERBEROS_DISABLED,
+ p.service, p.hostname,
+ data_blob_null);
+done:
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("ads_sasl_spnego_gensec_bind(%s) failed "
+ "for %s/%s with user[%s] realm=[%s]: %s\n", mech,
+ p.service, p.hostname,
+ ads->auth.user_name,
+ ads->auth.realm,
+ ads_errstr(status)));
+ }
+ ads_free_service_principal(&p);
+ TALLOC_FREE(frame);
+ if (blob.data != NULL) {
+ data_blob_free(&blob);
+ }
+ return status;
+}
+
+/* mapping between SASL mechanisms and functions */
+static struct {
+ const char *name;
+ ADS_STATUS (*fn)(ADS_STRUCT *);
+} sasl_mechanisms[] = {
+ {"GSS-SPNEGO", ads_sasl_spnego_bind},
+ {NULL, NULL}
+};
+
+ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads)
+{
+ const char *attrs[] = {"supportedSASLMechanisms", NULL};
+ char **values;
+ ADS_STATUS status;
+ int i, j;
+ LDAPMessage *res;
+ struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
+
+ /* get a list of supported SASL mechanisms */
+ status = ads_do_search(ads, "", LDAP_SCOPE_BASE, "(objectclass=*)", attrs, &res);
+ if (!ADS_ERR_OK(status)) return status;
+
+ values = ldap_get_values(ads->ldap.ld, res, "supportedSASLMechanisms");
+
+ if (ads->auth.flags & ADS_AUTH_SASL_SEAL) {
+ wrap->wrap_type = ADS_SASLWRAP_TYPE_SEAL;
+ } else if (ads->auth.flags & ADS_AUTH_SASL_SIGN) {
+ wrap->wrap_type = ADS_SASLWRAP_TYPE_SIGN;
+ } else {
+ wrap->wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
+ }
+
+ /* try our supported mechanisms in order */
+ for (i=0;sasl_mechanisms[i].name;i++) {
+ /* see if the server supports it */
+ for (j=0;values && values[j];j++) {
+ if (strcmp(values[j], sasl_mechanisms[i].name) == 0) {
+ DEBUG(4,("Found SASL mechanism %s\n", values[j]));
+retry:
+ status = sasl_mechanisms[i].fn(ads);
+ if (status.error_type == ENUM_ADS_ERROR_LDAP &&
+ status.err.rc == LDAP_STRONG_AUTH_REQUIRED &&
+ wrap->wrap_type == ADS_SASLWRAP_TYPE_PLAIN)
+ {
+ DEBUG(3,("SASL bin got LDAP_STRONG_AUTH_REQUIRED "
+ "retrying with signing enabled\n"));
+ wrap->wrap_type = ADS_SASLWRAP_TYPE_SIGN;
+ goto retry;
+ }
+ ldap_value_free(values);
+ ldap_msgfree(res);
+ return status;
+ }
+ }
+ }
+
+ ldap_value_free(values);
+ ldap_msgfree(res);
+ return ADS_ERROR(LDAP_AUTH_METHOD_NOT_SUPPORTED);
+}
+
+#endif /* HAVE_LDAP */
+
diff --git a/source3/libads/sasl_wrapping.c b/source3/libads/sasl_wrapping.c
new file mode 100644
index 0000000..7a58765
--- /dev/null
+++ b/source3/libads/sasl_wrapping.c
@@ -0,0 +1,351 @@
+/*
+ Unix SMB/CIFS implementation.
+ ads sasl wrapping code
+ Copyright (C) Stefan Metzmacher 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+
+void ndr_print_ads_saslwrap_struct(struct ndr_print *ndr, const char *name, const struct ads_saslwrap *r)
+{
+ ndr_print_struct(ndr, name, "saslwrap");
+ ndr->depth++;
+ ndr_print_uint16(ndr, "wrap_type", r->wrap_type);
+#ifdef HAVE_LDAP_SASL_WRAPPING
+ ndr_print_ptr(ndr, "sbiod", r->sbiod);
+#endif /* HAVE_LDAP_SASL_WRAPPING */
+ ndr_print_ptr(ndr, "mem_ctx", r->mem_ctx);
+ ndr_print_ptr(ndr, "wrap_ops", r->wrap_ops);
+ ndr_print_ptr(ndr, "wrap_private_data", r->wrap_private_data);
+ ndr_print_struct(ndr, name, "in");
+ ndr->depth++;
+ ndr_print_uint32(ndr, "ofs", r->in.ofs);
+ ndr_print_uint32(ndr, "needed", r->in.needed);
+ ndr_print_uint32(ndr, "left", r->in.left);
+ ndr_print_uint32(ndr, "max_wrapped", r->in.max_wrapped);
+ ndr_print_uint32(ndr, "min_wrapped", r->in.min_wrapped);
+ ndr_print_uint32(ndr, "size", r->in.size);
+ ndr_print_array_uint8(ndr, "buf", r->in.buf, r->in.size);
+ ndr->depth--;
+ ndr_print_struct(ndr, name, "out");
+ ndr->depth++;
+ ndr_print_uint32(ndr, "ofs", r->out.ofs);
+ ndr_print_uint32(ndr, "left", r->out.left);
+ ndr_print_uint32(ndr, "max_unwrapped", r->out.max_unwrapped);
+ ndr_print_uint32(ndr, "sig_size", r->out.sig_size);
+ ndr_print_uint32(ndr, "size", r->out.size);
+ ndr_print_array_uint8(ndr, "buf", r->out.buf, r->out.size);
+ ndr->depth--;
+}
+
+#ifdef HAVE_LDAP_SASL_WRAPPING
+
+static int ads_saslwrap_setup(Sockbuf_IO_Desc *sbiod, void *arg)
+{
+ struct ads_saslwrap *wrap = (struct ads_saslwrap *)arg;
+
+ wrap->sbiod = (struct Sockbuf_IO_Desc *)sbiod;
+
+ sbiod->sbiod_pvt = wrap;
+
+ return 0;
+}
+
+static int ads_saslwrap_remove(Sockbuf_IO_Desc *sbiod)
+{
+ return 0;
+}
+
+static ber_slen_t ads_saslwrap_prepare_inbuf(struct ads_saslwrap *wrap)
+{
+ wrap->in.ofs = 0;
+ wrap->in.needed = 0;
+ wrap->in.left = 0;
+ wrap->in.size = 4 + wrap->in.min_wrapped;
+ wrap->in.buf = talloc_array(wrap->mem_ctx,
+ uint8_t, wrap->in.size);
+ if (!wrap->in.buf) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static ber_slen_t ads_saslwrap_grow_inbuf(struct ads_saslwrap *wrap)
+{
+ if (wrap->in.size == (4 + wrap->in.needed)) {
+ return 0;
+ }
+
+ wrap->in.size = 4 + wrap->in.needed;
+ wrap->in.buf = talloc_realloc(wrap->mem_ctx,
+ wrap->in.buf,
+ uint8_t, wrap->in.size);
+ if (!wrap->in.buf) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static void ads_saslwrap_shrink_inbuf(struct ads_saslwrap *wrap)
+{
+ talloc_free(wrap->in.buf);
+
+ wrap->in.buf = NULL;
+ wrap->in.size = 0;
+ wrap->in.ofs = 0;
+ wrap->in.needed = 0;
+ wrap->in.left = 0;
+}
+
+static ber_slen_t ads_saslwrap_read(Sockbuf_IO_Desc *sbiod,
+ void *buf, ber_len_t len)
+{
+ struct ads_saslwrap *wrap =
+ (struct ads_saslwrap *)sbiod->sbiod_pvt;
+ ber_slen_t ret;
+
+ /* If ofs < 4 it means we don't have read the length header yet */
+ if (wrap->in.ofs < 4) {
+ ret = ads_saslwrap_prepare_inbuf(wrap);
+ if (ret < 0) return ret;
+
+ ret = LBER_SBIOD_READ_NEXT(sbiod,
+ wrap->in.buf + wrap->in.ofs,
+ 4 - wrap->in.ofs);
+ if (ret <= 0) return ret;
+ wrap->in.ofs += ret;
+
+ if (wrap->in.ofs < 4) goto eagain;
+
+ wrap->in.needed = RIVAL(wrap->in.buf, 0);
+ if (wrap->in.needed > wrap->in.max_wrapped) {
+ errno = EINVAL;
+ return -1;
+ }
+ if (wrap->in.needed < wrap->in.min_wrapped) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ ret = ads_saslwrap_grow_inbuf(wrap);
+ if (ret < 0) return ret;
+ }
+
+ /*
+ * if there's more data needed from the remote end,
+ * we need to read more
+ */
+ if (wrap->in.needed > 0) {
+ ret = LBER_SBIOD_READ_NEXT(sbiod,
+ wrap->in.buf + wrap->in.ofs,
+ wrap->in.needed);
+ if (ret <= 0) return ret;
+ wrap->in.ofs += ret;
+ wrap->in.needed -= ret;
+
+ if (wrap->in.needed > 0) goto eagain;
+ }
+
+ /*
+ * if we have a complete packet and have not yet unwrapped it
+ * we need to call the mech specific unwrap() hook
+ */
+ if (wrap->in.needed == 0 && wrap->in.left == 0) {
+ ADS_STATUS status;
+ status = wrap->wrap_ops->unwrap(wrap);
+ if (!ADS_ERR_OK(status)) {
+ errno = EACCES;
+ return -1;
+ }
+ }
+
+ /*
+ * if we have unwrapped data give it to the caller
+ */
+ if (wrap->in.left > 0) {
+ ret = MIN(wrap->in.left, len);
+ memcpy(buf, wrap->in.buf + wrap->in.ofs, ret);
+ wrap->in.ofs += ret;
+ wrap->in.left -= ret;
+
+ /*
+ * if no more is left shrink the inbuf,
+ * this will trigger reading a new SASL packet
+ * from the remote stream in the next call
+ */
+ if (wrap->in.left == 0) {
+ ads_saslwrap_shrink_inbuf(wrap);
+ }
+
+ return ret;
+ }
+
+ /*
+ * if we don't have anything for the caller yet,
+ * tell him to ask again
+ */
+eagain:
+ errno = EAGAIN;
+ return -1;
+}
+
+static ber_slen_t ads_saslwrap_prepare_outbuf(struct ads_saslwrap *wrap,
+ uint32_t len)
+{
+ wrap->out.ofs = 0;
+ wrap->out.left = 0;
+ wrap->out.size = 4 + wrap->out.sig_size + len;
+ wrap->out.buf = talloc_array(wrap->mem_ctx,
+ uint8_t, wrap->out.size);
+ if (!wrap->out.buf) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static void ads_saslwrap_shrink_outbuf(struct ads_saslwrap *wrap)
+{
+ talloc_free(wrap->out.buf);
+
+ wrap->out.buf = NULL;
+ wrap->out.size = 0;
+ wrap->out.ofs = 0;
+ wrap->out.left = 0;
+}
+
+static ber_slen_t ads_saslwrap_write(Sockbuf_IO_Desc *sbiod,
+ void *buf, ber_len_t len)
+{
+ struct ads_saslwrap *wrap =
+ (struct ads_saslwrap *)sbiod->sbiod_pvt;
+ ber_slen_t ret, rlen;
+
+ /* if the buffer is empty, we need to wrap in incoming buffer */
+ if (wrap->out.left == 0) {
+ ADS_STATUS status;
+
+ if (len == 0) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ rlen = MIN(len, wrap->out.max_unwrapped);
+
+ ret = ads_saslwrap_prepare_outbuf(wrap, rlen);
+ if (ret < 0) return ret;
+
+ status = wrap->wrap_ops->wrap(wrap, (uint8_t *)buf, rlen);
+ if (!ADS_ERR_OK(status)) {
+ errno = EACCES;
+ return -1;
+ }
+
+ RSIVAL(wrap->out.buf, 0, wrap->out.left - 4);
+ } else {
+ rlen = -1;
+ }
+
+ ret = LBER_SBIOD_WRITE_NEXT(sbiod,
+ wrap->out.buf + wrap->out.ofs,
+ wrap->out.left);
+ if (ret <= 0) return ret;
+ wrap->out.ofs += ret;
+ wrap->out.left -= ret;
+
+ if (wrap->out.left == 0) {
+ ads_saslwrap_shrink_outbuf(wrap);
+ }
+
+ if (rlen > 0) return rlen;
+
+ errno = EAGAIN;
+ return -1;
+}
+
+static int ads_saslwrap_ctrl(Sockbuf_IO_Desc *sbiod, int opt, void *arg)
+{
+ struct ads_saslwrap *wrap =
+ (struct ads_saslwrap *)sbiod->sbiod_pvt;
+ int ret;
+
+ switch (opt) {
+ case LBER_SB_OPT_DATA_READY:
+ if (wrap->in.left > 0) {
+ return 1;
+ }
+ ret = LBER_SBIOD_CTRL_NEXT(sbiod, opt, arg);
+ break;
+ default:
+ ret = LBER_SBIOD_CTRL_NEXT(sbiod, opt, arg);
+ break;
+ }
+
+ return ret;
+}
+
+static int ads_saslwrap_close(Sockbuf_IO_Desc *sbiod)
+{
+ return 0;
+}
+
+static const Sockbuf_IO ads_saslwrap_sockbuf_io = {
+ ads_saslwrap_setup, /* sbi_setup */
+ ads_saslwrap_remove, /* sbi_remove */
+ ads_saslwrap_ctrl, /* sbi_ctrl */
+ ads_saslwrap_read, /* sbi_read */
+ ads_saslwrap_write, /* sbi_write */
+ ads_saslwrap_close /* sbi_close */
+};
+
+ADS_STATUS ads_setup_sasl_wrapping(struct ads_saslwrap *wrap, LDAP *ld,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data)
+{
+ ADS_STATUS status;
+ Sockbuf *sb;
+ Sockbuf_IO *io = discard_const_p(Sockbuf_IO, &ads_saslwrap_sockbuf_io);
+ int rc;
+
+ rc = ldap_get_option(ld, LDAP_OPT_SOCKBUF, &sb);
+ status = ADS_ERROR_LDAP(rc);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ /* setup the real wrapping callbacks */
+ rc = ber_sockbuf_add_io(sb, io, LBER_SBIOD_LEVEL_TRANSPORT, wrap);
+ status = ADS_ERROR_LDAP(rc);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ wrap->wrap_ops = discard_const(ops);
+ wrap->wrap_private_data = private_data;
+
+ return ADS_SUCCESS;
+}
+#else
+ADS_STATUS ads_setup_sasl_wrapping(struct ads_saslwrap *wrap, LDAP *ld,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data)
+{
+ return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED);
+}
+#endif /* HAVE_LDAP_SASL_WRAPPING */
diff --git a/source3/libads/sitename_cache.c b/source3/libads/sitename_cache.c
new file mode 100644
index 0000000..4bf2ca7
--- /dev/null
+++ b/source3/libads/sitename_cache.c
@@ -0,0 +1,132 @@
+/*
+ Unix SMB/CIFS implementation.
+ DNS utility library
+ Copyright (C) Gerald (Jerry) Carter 2006.
+ Copyright (C) Jeremy Allison 2007.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libads/sitename_cache.h"
+#include "lib/gencache.h"
+
+/****************************************************************************
+ Store and fetch the AD client sitename.
+****************************************************************************/
+
+#define SITENAME_KEY "AD_SITENAME/DOMAIN/%s"
+
+static char *sitename_key(TALLOC_CTX *mem_ctx, const char *realm)
+{
+ char *keystr = talloc_asprintf_strupper_m(
+ mem_ctx, SITENAME_KEY, realm);
+ return keystr;
+}
+
+
+/****************************************************************************
+ Store the AD client sitename.
+ We store indefinitely as every new CLDAP query will re-write this.
+****************************************************************************/
+
+bool sitename_store(const char *realm, const char *sitename)
+{
+ time_t expire;
+ bool ret = False;
+ char *key;
+
+ if (!realm || (strlen(realm) == 0)) {
+ DEBUG(0,("sitename_store: no realm\n"));
+ return False;
+ }
+
+ key = sitename_key(talloc_tos(), realm);
+
+ if (!sitename || (sitename && !*sitename)) {
+ DEBUG(5,("sitename_store: deleting empty sitename!\n"));
+ ret = gencache_del(key);
+ TALLOC_FREE(key);
+ return ret;
+ }
+
+ expire = get_time_t_max(); /* Store indefinitely. */
+
+ DEBUG(10,("sitename_store: realm = [%s], sitename = [%s], expire = [%u]\n",
+ realm, sitename, (unsigned int)expire ));
+
+ ret = gencache_set( key, sitename, expire );
+ TALLOC_FREE(key);
+ return ret;
+}
+
+/****************************************************************************
+ Fetch the AD client sitename.
+ Caller must free.
+****************************************************************************/
+
+char *sitename_fetch(TALLOC_CTX *mem_ctx, const char *realm)
+{
+ char *sitename = NULL;
+ time_t timeout;
+ bool ret = False;
+ const char *query_realm;
+ char *key;
+
+ if (!realm || (strlen(realm) == 0)) {
+ query_realm = lp_realm();
+ } else {
+ query_realm = realm;
+ }
+
+ key = sitename_key(talloc_tos(), query_realm);
+
+ ret = gencache_get( key, mem_ctx, &sitename, &timeout );
+ TALLOC_FREE(key);
+ if ( !ret ) {
+ DBG_INFO("No stored sitename for realm '%s'\n", query_realm);
+ } else {
+ DBG_INFO("Returning sitename for realm '%s': \"%s\"\n",
+ query_realm, sitename);
+ }
+ return sitename;
+}
+
+/****************************************************************************
+ Did the sitename change ?
+****************************************************************************/
+
+bool stored_sitename_changed(const char *realm, const char *sitename)
+{
+ bool ret = False;
+
+ char *new_sitename;
+
+ if (!realm || (strlen(realm) == 0)) {
+ DEBUG(0,("stored_sitename_changed: no realm\n"));
+ return False;
+ }
+
+ new_sitename = sitename_fetch(talloc_tos(), realm);
+
+ if (sitename && new_sitename && !strequal(sitename, new_sitename)) {
+ ret = True;
+ } else if ((sitename && !new_sitename) ||
+ (!sitename && new_sitename)) {
+ ret = True;
+ }
+ TALLOC_FREE(new_sitename);
+ return ret;
+}
+
diff --git a/source3/libads/sitename_cache.h b/source3/libads/sitename_cache.h
new file mode 100644
index 0000000..9044964
--- /dev/null
+++ b/source3/libads/sitename_cache.h
@@ -0,0 +1,28 @@
+/*
+ Unix SMB/CIFS implementation.
+ DNS utility library
+ Copyright (C) Gerald (Jerry) Carter 2006.
+ Copyright (C) Jeremy Allison 2007.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_SITENAME_CACHE_H_
+#define _LIBADS_SITENAME_CACHE_H_
+
+bool sitename_store(const char *realm, const char *sitename);
+char *sitename_fetch(TALLOC_CTX *mem_ctx, const char *realm);
+bool stored_sitename_changed(const char *realm, const char *sitename);
+
+#endif /* _LIBADS_SITENAME_CACHE_H_ */
diff --git a/source3/libads/util.c b/source3/libads/util.c
new file mode 100644
index 0000000..a1e33fd
--- /dev/null
+++ b/source3/libads/util.c
@@ -0,0 +1,236 @@
+/*
+ Unix SMB/CIFS implementation.
+ krb5 set password implementation
+ Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "ads.h"
+#include "secrets.h"
+#include "librpc/gen_ndr/ndr_secrets.h"
+
+#ifdef HAVE_KRB5
+ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal)
+{
+ const char *password = NULL;
+ const char *new_password = NULL;
+ ADS_STATUS ret;
+ const char *domain = lp_workgroup();
+ struct secrets_domain_info1 *info = NULL;
+ struct secrets_domain_info1_change *prev = NULL;
+ const DATA_BLOB *cleartext_blob = NULL;
+ DATA_BLOB pw_blob = data_blob_null;
+ DATA_BLOB new_pw_blob = data_blob_null;
+ NTSTATUS status;
+ struct timeval tv = timeval_current();
+ NTTIME now = timeval_to_nttime(&tv);
+ int role = lp_server_role();
+ bool ok;
+
+ if (role != ROLE_DOMAIN_MEMBER) {
+ DBG_ERR("Machine account password change only supported on a DOMAIN_MEMBER.\n");
+ return ADS_ERROR_NT(NT_STATUS_INVALID_SERVER_STATE);
+ }
+
+ new_password = trust_pw_new_value(talloc_tos(), SEC_CHAN_WKSTA, SEC_ADS);
+ if (new_password == NULL) {
+ ret = ADS_ERROR_SYSTEM(errno);
+ DEBUG(1,("Failed to generate machine password\n"));
+ return ret;
+ }
+
+ status = secrets_prepare_password_change(domain,
+ ads->auth.kdc_server,
+ new_password,
+ talloc_tos(),
+ &info, &prev);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ADS_ERROR_NT(status);
+ }
+ if (prev != NULL) {
+ status = NT_STATUS_REQUEST_NOT_ACCEPTED;
+ secrets_failed_password_change("localhost",
+ status,
+ NT_STATUS_NOT_COMMITTED,
+ info);
+ return ADS_ERROR_NT(status);
+ }
+
+ cleartext_blob = &info->password->cleartext_blob;
+ ok = convert_string_talloc(talloc_tos(), CH_UTF16MUNGED, CH_UNIX,
+ cleartext_blob->data,
+ cleartext_blob->length,
+ (void **)&pw_blob.data,
+ &pw_blob.length);
+ if (!ok) {
+ status = NT_STATUS_UNMAPPABLE_CHARACTER;
+ if (errno == ENOMEM) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+ DBG_ERR("convert_string_talloc(CH_UTF16MUNGED, CH_UNIX) "
+ "failed for password of %s - %s\n",
+ domain, nt_errstr(status));
+ return ADS_ERROR_NT(status);
+ }
+ password = (const char *)pw_blob.data;
+
+ cleartext_blob = &info->next_change->password->cleartext_blob;
+ ok = convert_string_talloc(talloc_tos(), CH_UTF16MUNGED, CH_UNIX,
+ cleartext_blob->data,
+ cleartext_blob->length,
+ (void **)&new_pw_blob.data,
+ &new_pw_blob.length);
+ if (!ok) {
+ status = NT_STATUS_UNMAPPABLE_CHARACTER;
+ if (errno == ENOMEM) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+ DBG_ERR("convert_string_talloc(CH_UTF16MUNGED, CH_UNIX) "
+ "failed for new_password of %s - %s\n",
+ domain, nt_errstr(status));
+ secrets_failed_password_change("localhost",
+ status,
+ NT_STATUS_NOT_COMMITTED,
+ info);
+ return ADS_ERROR_NT(status);
+ }
+ talloc_keep_secret(new_pw_blob.data);
+ new_password = (const char *)new_pw_blob.data;
+
+ ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset);
+
+ if (!ADS_ERR_OK(ret)) {
+ status = ads_ntstatus(ret);
+ DBG_ERR("kerberos_set_password(%s, %s) "
+ "failed for new_password of %s - %s\n",
+ ads->auth.kdc_server, host_principal,
+ domain, nt_errstr(status));
+ secrets_failed_password_change(ads->auth.kdc_server,
+ NT_STATUS_NOT_COMMITTED,
+ status,
+ info);
+ return ret;
+ }
+
+ status = secrets_finish_password_change(ads->auth.kdc_server, now, info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("Failed to save machine password\n"));
+ return ADS_ERROR_NT(status);
+ }
+
+ return ADS_SUCCESS;
+}
+#endif
+
+/**
+* @brief Parses windows style SPN service/host:port/servicename
+* serviceclass - A string that identifies the general class of service
+* e.g. 'http'
+* host - A netbios name or fully-qualified DNS name
+* port - An optional TCP or UDP port number
+* servicename - An optional distinguished name, GUID, DNS name or
+* DNS name of an SRV or MX record. (not needed for host
+* based services)
+*
+* @param[in] ctx - Talloc context.
+* @param[in] srvprinc - The service principal
+*
+* @return - struct spn_struct containing the fields parsed or NULL
+* if srvprinc could not be parsed.
+*/
+struct spn_struct *parse_spn(TALLOC_CTX *ctx, const char *srvprinc)
+{
+ struct spn_struct * result = NULL;
+ char *tmp = NULL;
+ char *port_str = NULL;
+ char *host_str = NULL;
+
+ result = talloc_zero(ctx, struct spn_struct);
+ if (result == NULL) {
+ DBG_ERR("Out of memory\n");
+ return NULL;
+ }
+
+ result->serviceclass = talloc_strdup(result, srvprinc);
+ if (result->serviceclass == NULL) {
+ DBG_ERR("Out of memory\n");
+ goto fail;
+ }
+ result->port = -1;
+
+ tmp = strchr_m(result->serviceclass, '/');
+ if (tmp == NULL) {
+ /* illegal */
+ DBG_ERR("Failed to parse spn %s, no host definition\n",
+ srvprinc);
+ goto fail;
+ }
+
+ /* terminate service principal */
+ *tmp = '\0';
+ tmp++;
+ host_str = tmp;
+
+ tmp = strchr_m(host_str, ':');
+ if (tmp != NULL) {
+ *tmp = '\0';
+ tmp++;
+ port_str = tmp;
+ } else {
+ tmp = host_str;
+ }
+
+ tmp = strchr_m(tmp, '/');
+ if (tmp != NULL) {
+ *tmp = '\0';
+ tmp++;
+ result->servicename = tmp;
+ }
+
+ if (strlen(host_str) == 0) {
+ /* illegal */
+ DBG_ERR("Failed to parse spn %s, illegal host definition\n",
+ srvprinc);
+ goto fail;
+ }
+ result->host = host_str;
+
+ if (result->servicename != NULL && (strlen(result->servicename) == 0)) {
+ DBG_ERR("Failed to parse spn %s, empty servicename "
+ "definition\n", srvprinc);
+ goto fail;
+ }
+ if (port_str != NULL) {
+ if (strlen(port_str) == 0) {
+ DBG_ERR("Failed to parse spn %s, empty port "
+ "definition\n", srvprinc);
+ goto fail;
+ }
+ result->port = (int32_t)strtol(port_str, NULL, 10);
+ if (result->port <= 0
+ || result->port > 65535
+ || errno == ERANGE) {
+ DBG_ERR("Failed to parse spn %s, port number "
+ "conversion failed\n", srvprinc);
+ errno = 0;
+ goto fail;
+ }
+ }
+ return result;
+fail:
+ TALLOC_FREE(result);
+ return NULL;
+}
diff --git a/source3/libgpo/gpext/registry.c b/source3/libgpo/gpext/registry.c
new file mode 100644
index 0000000..ffa1d02
--- /dev/null
+++ b/source3/libgpo/gpext/registry.c
@@ -0,0 +1,440 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Group Policy Support
+ * Copyright (C) Guenther Deschner 2007-2008,2010
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "../libgpo/gpo_ini.h"
+#include "../libgpo/gpo.h"
+#include "libgpo/gpo_proto.h"
+#include "registry.h"
+#include "../librpc/gen_ndr/ndr_preg.h"
+#include "libgpo/gpext/gpext.h"
+
+#define GP_EXT_NAME "registry"
+
+/* more info can be found at:
+ * http://msdn2.microsoft.com/en-us/library/aa374407.aspx */
+
+#define GP_REGPOL_FILE "Registry.pol"
+
+#define GP_REGPOL_FILE_SIGNATURE 0x67655250 /* 'PReg' */
+#define GP_REGPOL_FILE_VERSION 1
+
+static TALLOC_CTX *ctx = NULL;
+
+NTSTATUS gpext_registry_init(TALLOC_CTX *mem_ctx);
+
+/****************************************************************
+****************************************************************/
+
+static bool reg_parse_value(TALLOC_CTX *mem_ctx,
+ const char **value,
+ enum gp_reg_action *action)
+{
+ if (!*value) {
+ *action = GP_REG_ACTION_ADD_KEY;
+ return true;
+ }
+
+ if (strncmp(*value, "**", 2) != 0) {
+ *action = GP_REG_ACTION_ADD_VALUE;
+ return true;
+ }
+
+ if (strnequal(*value, "**DelVals.", 10)) {
+ *action = GP_REG_ACTION_DEL_ALL_VALUES;
+ return true;
+ }
+
+ if (strnequal(*value, "**Del.", 6)) {
+ *value = talloc_strdup(mem_ctx, *value + 6);
+ *action = GP_REG_ACTION_DEL_VALUE;
+ return true;
+ }
+
+ if (strnequal(*value, "**SecureKey", 11)) {
+ if (strnequal(*value, "**SecureKey=1", 13)) {
+ *action = GP_REG_ACTION_SEC_KEY_SET;
+ return true;
+ }
+
+ /*************** not tested from here on ***************/
+ if (strnequal(*value, "**SecureKey=0", 13)) {
+ smb_panic("not supported: **SecureKey=0");
+ *action = GP_REG_ACTION_SEC_KEY_RESET;
+ return true;
+ }
+ DEBUG(0,("unknown: SecureKey: %s\n", *value));
+ smb_panic("not supported SecureKey method");
+ return false;
+ }
+
+ if (strnequal(*value, "**DeleteValues", strlen("**DeleteValues"))) {
+ smb_panic("not supported: **DeleteValues");
+ *action = GP_REG_ACTION_DEL_VALUES;
+ return false;
+ }
+
+ if (strnequal(*value, "**DeleteKeys", strlen("**DeleteKeys"))) {
+ smb_panic("not supported: **DeleteKeys");
+ *action = GP_REG_ACTION_DEL_KEYS;
+ return false;
+ }
+
+ DEBUG(0,("unknown value: %s\n", *value));
+ smb_panic(*value);
+ return false;
+}
+
+/****************************************************************
+****************************************************************/
+
+static bool gp_reg_entry_from_file_entry(TALLOC_CTX *mem_ctx,
+ struct preg_entry *r,
+ struct gp_registry_entry **reg_entry)
+{
+ struct registry_value *data = NULL;
+ struct gp_registry_entry *entry = NULL;
+ enum gp_reg_action action = GP_REG_ACTION_NONE;
+ enum ndr_err_code ndr_err;
+
+ ZERO_STRUCTP(*reg_entry);
+
+ data = talloc_zero(mem_ctx, struct registry_value);
+ if (!data)
+ return false;
+
+ data->type = r->type;
+
+ ndr_err = ndr_push_union_blob(
+ &data->data,
+ mem_ctx,
+ &r->data,
+ r->type,
+ (ndr_push_flags_fn_t)ndr_push_winreg_Data);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DBG_WARNING("ndr_push_winreg_Data failed: %s\n",
+ ndr_errstr(ndr_err));
+ return false;
+ }
+
+ entry = talloc_zero(mem_ctx, struct gp_registry_entry);
+ if (!entry)
+ return false;
+
+ if (!reg_parse_value(mem_ctx, &r->valuename, &action))
+ return false;
+
+ entry->key = talloc_strdup(entry, r->keyname);
+ entry->value = talloc_strdup(entry, r->valuename);
+ entry->data = data;
+ entry->action = action;
+
+ *reg_entry = entry;
+
+ return true;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS reg_parse_registry(TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ const char *filename,
+ struct gp_registry_entry **entries_p,
+ size_t *num_entries_p)
+{
+ DATA_BLOB blob;
+ NTSTATUS status;
+ enum ndr_err_code ndr_err;
+ const char *real_filename = NULL;
+ struct preg_file r;
+ struct gp_registry_entry *entries = NULL;
+ size_t num_entries = 0;
+ int i;
+
+ status = gp_find_file(mem_ctx,
+ flags,
+ filename,
+ GP_REGPOL_FILE,
+ &real_filename);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ blob.data = (uint8_t *)file_load(real_filename, &blob.length, 0, NULL);
+ if (!blob.data) {
+ return NT_STATUS_CANNOT_LOAD_REGISTRY_FILE;
+ }
+
+ ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &r,
+ (ndr_pull_flags_fn_t)ndr_pull_preg_file);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ goto out;
+ }
+
+ if (flags & GPO_INFO_FLAG_VERBOSE) {
+ NDR_PRINT_DEBUG(preg_file, &r);
+ }
+
+ if (!strequal(r.header.signature, "PReg")) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+ if (r.header.version != GP_REGPOL_FILE_VERSION) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+ for (i=0; i < r.num_entries; i++) {
+
+ struct gp_registry_entry *r_entry = NULL;
+
+ if (!gp_reg_entry_from_file_entry(mem_ctx,
+ &r.entries[i],
+ &r_entry)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ if (!add_gp_registry_entry_to_array(mem_ctx,
+ r_entry,
+ &entries,
+ &num_entries)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ }
+
+ *entries_p = entries;
+ *num_entries_p = num_entries;
+
+ status = NT_STATUS_OK;
+
+ out:
+ data_blob_free(&blob);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR reg_apply_registry(TALLOC_CTX *mem_ctx,
+ const struct security_token *token,
+ struct registry_key *root_key,
+ uint32_t flags,
+ struct gp_registry_entry *entries,
+ size_t num_entries)
+{
+ struct gp_registry_context *reg_ctx = NULL;
+ WERROR werr;
+ size_t i;
+
+ if (num_entries == 0) {
+ return WERR_OK;
+ }
+
+#if 0
+ if (flags & GPO_LIST_FLAG_MACHINE) {
+ werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
+ get_system_token(),
+ &reg_ctx);
+ } else {
+ werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
+ token,
+ &reg_ctx);
+ }
+ W_ERROR_NOT_OK_RETURN(werr);
+#endif
+ for (i=0; i<num_entries; i++) {
+
+ /* FIXME: maybe we should check here if we attempt to go beyond
+ * the 4 allowed reg keys */
+
+ werr = reg_apply_registry_entry(mem_ctx, root_key,
+ reg_ctx,
+ &(entries)[i],
+ token, flags);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,("failed to apply registry: %s\n",
+ win_errstr(werr)));
+ goto done;
+ }
+ }
+
+done:
+ gp_free_reg_ctx(reg_ctx);
+ return werr;
+}
+
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS registry_process_group_policy(TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ struct registry_key *root_key,
+ const struct security_token *token,
+ const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ const struct GROUP_POLICY_OBJECT *changed_gpo_list)
+{
+ NTSTATUS status;
+ WERROR werr;
+ struct gp_registry_entry *entries = NULL;
+ size_t num_entries = 0;
+ char *unix_path = NULL;
+ const struct GROUP_POLICY_OBJECT *gpo;
+ char *gpo_cache_path = cache_path(talloc_tos(), GPO_CACHE_DIR);
+ if (gpo_cache_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* implementation of the policy callback function, see
+ * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+ * for details - gd */
+
+ /* for now do not process the list of deleted group policies
+
+ for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
+ }
+
+ */
+
+ for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
+
+ gpext_debug_header(0, "registry_process_group_policy", flags,
+ gpo, GP_EXT_GUID_REGISTRY, NULL);
+
+ status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
+ gpo, &unix_path);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_cache_path_free;
+ }
+
+ status = reg_parse_registry(mem_ctx,
+ flags,
+ unix_path,
+ &entries,
+ &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("failed to parse registry: %s\n",
+ nt_errstr(status)));
+ goto err_cache_path_free;
+ }
+
+ dump_reg_entries(flags, "READ", entries, num_entries);
+
+ werr = reg_apply_registry(mem_ctx, token, root_key, flags,
+ entries, num_entries);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,("failed to apply registry: %s\n",
+ win_errstr(werr)));
+ status = werror_to_ntstatus(werr);
+ goto err_cache_path_free;
+ }
+ }
+ status = NT_STATUS_OK;
+
+err_cache_path_free:
+ talloc_free(gpo_cache_path);
+ talloc_free(entries);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS registry_get_reg_config(TALLOC_CTX *mem_ctx,
+ struct gp_extension_reg_info **reg_info)
+{
+ NTSTATUS status;
+ struct gp_extension_reg_info *info = NULL;
+ struct gp_extension_reg_table table[] = {
+ { "ProcessGroupPolicy", REG_SZ, "registry_process_group_policy" },
+ { NULL, REG_NONE, NULL }
+ };
+
+ info = talloc_zero(mem_ctx, struct gp_extension_reg_info);
+ NT_STATUS_HAVE_NO_MEMORY(info);
+
+ status = gpext_info_add_entry(mem_ctx, GP_EXT_NAME,
+ GP_EXT_GUID_REGISTRY,
+ table, info);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *reg_info = info;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS registry_initialize(TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS registry_shutdown(void)
+{
+ NTSTATUS status;
+
+ status = gpext_unregister_gp_extension(GP_EXT_NAME);
+ if (NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ TALLOC_FREE(ctx);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static struct gp_extension_methods registry_methods = {
+ .initialize = registry_initialize,
+ .process_group_policy = registry_process_group_policy,
+ .get_reg_config = registry_get_reg_config,
+ .shutdown = registry_shutdown
+};
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS gpext_registry_init(TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+
+ ctx = talloc_init("gpext_registry_init");
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ status = gpext_register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
+ GP_EXT_NAME, GP_EXT_GUID_REGISTRY,
+ &registry_methods);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(ctx);
+ }
+
+ return status;
+}
diff --git a/source3/libgpo/gpext/scripts.c b/source3/libgpo/gpext/scripts.c
new file mode 100644
index 0000000..fe0f139
--- /dev/null
+++ b/source3/libgpo/gpext/scripts.c
@@ -0,0 +1,487 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Group Policy Support
+ * Copyright (C) Guenther Deschner 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "../libgpo/gpo_ini.h"
+#include "../libgpo/gpo.h"
+#include "libgpo/gpo_proto.h"
+#include "registry.h"
+#include "registry/reg_api.h"
+#include "../libcli/registry/util_reg.h"
+#include "libgpo/gpext/gpext.h"
+
+#define GP_EXT_NAME "scripts"
+
+#define KEY_GP_SCRIPTS "Software\\Policies\\Microsoft\\Windows\\System\\Scripts"
+
+#define GP_SCRIPTS_INI "Scripts/scripts.ini"
+
+#define GP_SCRIPTS_INI_STARTUP "Startup"
+#define GP_SCRIPTS_INI_SHUTDOWN "Shutdown"
+#define GP_SCRIPTS_INI_LOGON "Logon"
+#define GP_SCRIPTS_INI_LOGOFF "Logoff"
+
+#define GP_SCRIPTS_SECTION_CMDLINE "cmdline"
+#define GP_SCRIPTS_SECTION_PARAMETERS "parameters"
+
+#define GP_SCRIPTS_REG_VAL_SCRIPT "Script"
+#define GP_SCRIPTS_REG_VAL_PARAMETERS "Parameters"
+#define GP_SCRIPTS_REG_VAL_EXECTIME "ExecTime"
+
+NTSTATUS gpext_scripts_init(TALLOC_CTX *mem_ctx);
+
+static TALLOC_CTX *ctx = NULL;
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS scripts_get_reg_config(TALLOC_CTX *mem_ctx,
+ struct gp_extension_reg_info **reg_info)
+{
+ NTSTATUS status;
+ struct gp_extension_reg_info *info = NULL;
+
+ struct gp_extension_reg_table table[] = {
+ { "ProcessGroupPolicy", REG_SZ, "scripts_process_group_policy" },
+ { "NoGPOListChanges", REG_DWORD, "1" },
+ { "NoSlowLink", REG_DWORD, "1" },
+ { "NotifyLinkTransition", REG_DWORD, "1" },
+ { NULL, REG_NONE, NULL },
+ };
+
+ info = talloc_zero(mem_ctx, struct gp_extension_reg_info);
+ NT_STATUS_HAVE_NO_MEMORY(info);
+
+ status = gpext_info_add_entry(mem_ctx, GP_EXT_NAME,
+ GP_EXT_GUID_SCRIPTS,
+ table, info);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *reg_info = info;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS generate_gp_registry_entry(TALLOC_CTX *mem_ctx,
+ const char *key,
+ const char *value,
+ uint32_t data_type,
+ DATA_BLOB *blob,
+ enum gp_reg_action action,
+ struct gp_registry_entry **entry_out)
+{
+ struct gp_registry_entry *entry = NULL;
+ struct registry_value *data = NULL;
+
+ entry = talloc_zero(mem_ctx, struct gp_registry_entry);
+ NT_STATUS_HAVE_NO_MEMORY(entry);
+
+ data = talloc_zero(mem_ctx, struct registry_value);
+ NT_STATUS_HAVE_NO_MEMORY(data);
+
+ data->type = data_type;
+ data->data = *blob;
+
+ entry->key = key;
+ entry->data = data;
+ entry->action = action;
+ entry->value = talloc_strdup(mem_ctx, value);
+ NT_STATUS_HAVE_NO_MEMORY(entry->value);
+
+ *entry_out = entry;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS scripts_parse_ini_section(struct gp_inifile_context *ini_ctx,
+ uint32_t flags,
+ const char *section,
+ struct gp_registry_entry **entries,
+ size_t *num_entries)
+{
+ NTSTATUS status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ NTSTATUS result;
+ int i = 0;
+
+ while (1) {
+
+ const char *key = NULL;
+ const char *script = NULL;
+ const char *count = NULL;
+ const char *parameters = NULL;
+ DATA_BLOB blob;
+ bool ok;
+
+ count = talloc_asprintf(ini_ctx->mem_ctx, "%d", i);
+ NT_STATUS_HAVE_NO_MEMORY(count);
+
+ key = talloc_asprintf(ini_ctx->mem_ctx, "%s:%s%s",
+ section, count,
+ GP_SCRIPTS_SECTION_CMDLINE);
+ NT_STATUS_HAVE_NO_MEMORY(key);
+
+ result = gp_inifile_getstring(ini_ctx, key, &script);
+ if (!NT_STATUS_IS_OK(result)) {
+ break;
+ }
+
+ key = talloc_asprintf(ini_ctx->mem_ctx, "%s:%s%s",
+ section, count,
+ GP_SCRIPTS_SECTION_PARAMETERS);
+ NT_STATUS_HAVE_NO_MEMORY(key);
+
+ result = gp_inifile_getstring(ini_ctx, key, &parameters);
+ if (!NT_STATUS_IS_OK(result)) {
+ break;
+ }
+
+ {
+ struct gp_registry_entry *entry = NULL;
+
+ ok = push_reg_sz(ini_ctx->mem_ctx, &blob, script);
+ if (!ok) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = generate_gp_registry_entry(ini_ctx->mem_ctx,
+ count,
+ GP_SCRIPTS_REG_VAL_SCRIPT,
+ REG_SZ,
+ &blob,
+ GP_REG_ACTION_ADD_VALUE,
+ &entry);
+ NT_STATUS_NOT_OK_RETURN(status);
+ if (!add_gp_registry_entry_to_array(ini_ctx->mem_ctx,
+ entry,
+ entries,
+ num_entries)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ {
+ struct gp_registry_entry *entry = NULL;
+
+ ok = push_reg_sz(ini_ctx->mem_ctx, &blob, parameters);
+ if (!ok) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = generate_gp_registry_entry(ini_ctx->mem_ctx,
+ count,
+ GP_SCRIPTS_REG_VAL_PARAMETERS,
+ REG_SZ,
+ &blob,
+ GP_REG_ACTION_ADD_VALUE,
+ &entry);
+ NT_STATUS_NOT_OK_RETURN(status);
+ if (!add_gp_registry_entry_to_array(ini_ctx->mem_ctx,
+ entry,
+ entries,
+ num_entries)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ {
+ struct gp_registry_entry *entry = NULL;
+
+ blob = data_blob_talloc_zero(ini_ctx->mem_ctx, 8);
+
+ status = generate_gp_registry_entry(ini_ctx->mem_ctx,
+ count,
+ GP_SCRIPTS_REG_VAL_EXECTIME,
+ REG_QWORD,
+ &blob,
+ GP_REG_ACTION_ADD_VALUE,
+ &entry);
+ NT_STATUS_NOT_OK_RETURN(status);
+ if (!add_gp_registry_entry_to_array(ini_ctx->mem_ctx,
+ entry,
+ entries,
+ num_entries)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ status = NT_STATUS_OK;
+ i++;
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR scripts_store_reg_gpovals(TALLOC_CTX *mem_ctx,
+ struct registry_key *key,
+ const struct GROUP_POLICY_OBJECT *gpo)
+{
+ WERROR werr;
+
+ if (!key || !gpo) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = gp_store_reg_val_sz(mem_ctx, key, "DisplayName",
+ gpo->display_name);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ werr = gp_store_reg_val_sz(mem_ctx, key, "FileSysPath",
+ gpo->file_sys_path);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ werr = gp_store_reg_val_sz(mem_ctx, key, "GPO-ID",
+ gpo->ds_path);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ werr = gp_store_reg_val_sz(mem_ctx, key, "GPOName",
+ gpo->name);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ werr = gp_store_reg_val_sz(mem_ctx, key, "SOM-ID",
+ gpo->link);
+ W_ERROR_NOT_OK_RETURN(werr);
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR scripts_apply(TALLOC_CTX *mem_ctx,
+ const struct security_token *token,
+ struct registry_key *root_key,
+ uint32_t flags,
+ const char *section,
+ const struct GROUP_POLICY_OBJECT *gpo,
+ struct gp_registry_entry *entries,
+ size_t num_entries)
+{
+ struct gp_registry_context *reg_ctx = NULL;
+ WERROR werr;
+ size_t i;
+ const char *keystr = NULL;
+ int count = 0;
+
+ if (num_entries == 0) {
+ return WERR_OK;
+ }
+
+#if 0
+ if (flags & GPO_INFO_FLAG_MACHINE) {
+ struct security_token *tmp_token;
+
+ tmp_token = registry_create_system_token(mem_ctx);
+ W_ERROR_HAVE_NO_MEMORY(tmp_token);
+
+ werr = gp_init_reg_ctx(mem_ctx, KEY_HKLM, REG_KEY_WRITE,
+ tmp_token,
+ &reg_ctx);
+ } else {
+ werr = gp_init_reg_ctx(mem_ctx, KEY_HKCU, REG_KEY_WRITE,
+ token,
+ &reg_ctx);
+ }
+ W_ERROR_NOT_OK_RETURN(werr);
+#endif
+
+ keystr = talloc_asprintf(mem_ctx, "%s\\%s\\%d", KEY_GP_SCRIPTS,
+ section, count++);
+ W_ERROR_HAVE_NO_MEMORY(keystr);
+
+ reg_deletekey_recursive(root_key, keystr);
+
+ werr = gp_store_reg_subkey(mem_ctx, keystr,
+ root_key, &root_key);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ werr = scripts_store_reg_gpovals(mem_ctx, root_key, gpo);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ for (i=0; i<num_entries; i++) {
+
+ werr = reg_apply_registry_entry(mem_ctx, root_key, reg_ctx,
+ &(entries)[i],
+ token, flags);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,("failed to apply registry: %s\n",
+ win_errstr(werr)));
+ goto done;
+ }
+ }
+
+ done:
+ gp_free_reg_ctx(reg_ctx);
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS scripts_process_group_policy(TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ struct registry_key *root_key,
+ const struct security_token *token,
+ const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ const struct GROUP_POLICY_OBJECT *changed_gpo_list)
+{
+ NTSTATUS status;
+ WERROR werr;
+ int i = 0;
+ char *unix_path = NULL;
+ struct gp_inifile_context *ini_ctx = NULL;
+ struct gp_registry_entry *entries = NULL;
+ size_t num_entries = 0;
+ const char *list[] = {
+ GP_SCRIPTS_INI_STARTUP,
+ GP_SCRIPTS_INI_SHUTDOWN,
+ GP_SCRIPTS_INI_LOGON,
+ GP_SCRIPTS_INI_LOGOFF
+ };
+ const struct GROUP_POLICY_OBJECT *gpo;
+ char *gpo_cache_path = cache_path(talloc_tos(), GPO_CACHE_DIR);
+ if (gpo_cache_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* implementation of the policy callback function, see
+ * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+ * for details - gd */
+
+ /* for now do not process the list of deleted group policies
+
+ for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
+ }
+
+ */
+
+ for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
+
+ gpext_debug_header(0, "scripts_process_group_policy", flags,
+ gpo, GP_EXT_GUID_SCRIPTS, NULL);
+
+ status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
+ gpo, &unix_path);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_cache_path_free;
+ }
+
+ status = gp_inifile_init_context(mem_ctx, flags, unix_path,
+ GP_SCRIPTS_INI, &ini_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto err_cache_path_free;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(list); i++) {
+
+ TALLOC_FREE(entries);
+ num_entries = 0;
+
+ status = scripts_parse_ini_section(ini_ctx, flags, list[i],
+ &entries, &num_entries);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ continue;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(ini_ctx);
+ goto err_cache_path_free;
+ }
+
+ dump_reg_entries(flags, "READ", entries, num_entries);
+
+ werr = scripts_apply(ini_ctx->mem_ctx, token, root_key,
+ flags, list[i], gpo, entries, num_entries);
+ if (!W_ERROR_IS_OK(werr)) {
+ continue; /* FIXME: finally fix storing empty strings and REG_QWORD! */
+ }
+ }
+
+ TALLOC_FREE(ini_ctx);
+ }
+ status = NT_STATUS_OK;
+
+err_cache_path_free:
+ talloc_free(gpo_cache_path);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS scripts_initialize(TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS scripts_shutdown(void)
+{
+ NTSTATUS status;
+
+ status = gpext_unregister_gp_extension(GP_EXT_NAME);
+ if (NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ TALLOC_FREE(ctx);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static struct gp_extension_methods scripts_methods = {
+ .initialize = scripts_initialize,
+ .process_group_policy = scripts_process_group_policy,
+ .get_reg_config = scripts_get_reg_config,
+ .shutdown = scripts_shutdown
+};
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS gpext_scripts_init(TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+
+ ctx = talloc_init("gpext_scripts_init");
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ status = gpext_register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
+ GP_EXT_NAME, GP_EXT_GUID_SCRIPTS,
+ &scripts_methods);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(ctx);
+ }
+
+ return status;
+}
diff --git a/source3/libgpo/gpext/security.c b/source3/libgpo/gpext/security.c
new file mode 100644
index 0000000..a915eec
--- /dev/null
+++ b/source3/libgpo/gpext/security.c
@@ -0,0 +1,297 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Group Policy Support
+ * Copyright (C) Guenther Deschner 2005-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "../libgpo/gpo_ini.h"
+#include "../libgpo/gpo.h"
+#include "libgpo/gpo_proto.h"
+#include "libgpo/gpext/gpext.h"
+
+#define GP_EXT_NAME "security"
+
+#define GPTTMPL_UNIX_PATH "Microsoft/Windows NT/SecEdit/GptTmpl.inf"
+
+#define GPTTMPL_SECTION_UNICODE "Unicode"
+#define GPTTMPL_SECTION_VERSION "Version"
+
+#define GPTTMPL_SECTION_REGISTRY_VALUES "Registry Values"
+#define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access"
+#define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy"
+#define GPTTMPL_SECTION_EVENT_AUDIT "Event Audit"
+#define GPTTMPL_SECTION_PRIVILEGE_RIGHTS "Privilege Rights"
+#define GPTTMPL_SECTION_APPLICATION_LOG "Application Log"
+#define GPTTMPL_SECTION_SECURITY_LOG "Security Log"
+#define GPTTMPL_SECTION_SYSTEM_LOG "System Log"
+#define GPTTMPL_SECTION_GROUP_MEMBERSHIP "Group Membership"
+#define GPTTMPL_SECTION_FILE_SECURITY "File Security"
+#define GPTTMPL_SECTION_SERVICE_GENERAL_SETTING "Service General Setting"
+
+NTSTATUS gpext_security_init(TALLOC_CTX *mem_ctx);
+
+static TALLOC_CTX *ctx = NULL;
+
+struct gpttmpl_table {
+ const char *section;
+ const char *parameter;
+ enum winreg_Type type;
+};
+
+/****************************************************************
+ parse the Version section from gpttmpl file
+****************************************************************/
+
+#define GPTTMPL_PARAMETER_REVISION "Revision"
+#define GPTTMPL_PARAMETER_SIGNATURE "signature"
+#define GPTTMPL_VALUE_CHICAGO "\"$CHICAGO$\"" /* whatever this is good for... */
+#define GPTTMPL_PARAMETER_UNICODE "Unicode"
+
+static NTSTATUS gpttmpl_parse_header(struct gp_inifile_context *ini_ctx,
+ uint32_t *version_out)
+{
+ const char *signature = NULL;
+ NTSTATUS result;
+ int version;
+ bool is_unicode = false;
+
+ if (!ini_ctx) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ result = gp_inifile_getstring(ini_ctx, GPTTMPL_SECTION_VERSION
+ ":"GPTTMPL_PARAMETER_SIGNATURE, &signature);
+ if (!NT_STATUS_IS_OK(result)) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ if (!strequal(signature, GPTTMPL_VALUE_CHICAGO)) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ result = gp_inifile_getint(ini_ctx, GPTTMPL_SECTION_VERSION
+ ":"GPTTMPL_PARAMETER_REVISION, &version);
+ if (!NT_STATUS_IS_OK(result)) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ if (version_out) {
+ *version_out = version;
+ }
+
+ result = gp_inifile_getbool(ini_ctx, GPTTMPL_SECTION_UNICODE
+ ":"GPTTMPL_PARAMETER_UNICODE, &is_unicode);
+ if (!NT_STATUS_IS_OK(result) || !is_unicode) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS gpttmpl_init_context(TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ const char *unix_path,
+ struct gp_inifile_context **ini_ctx)
+{
+ NTSTATUS status;
+ uint32_t version;
+ struct gp_inifile_context *tmp_ctx = NULL;
+
+ status = gp_inifile_init_context(mem_ctx, flags, unix_path,
+ GPTTMPL_UNIX_PATH, &tmp_ctx);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ status = gpttmpl_parse_header(tmp_ctx, &version);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("gpttmpl_init_context: failed: %s\n",
+ nt_errstr(status)));
+ TALLOC_FREE(tmp_ctx);
+ return status;
+ }
+
+ *ini_ctx = tmp_ctx;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS gpttmpl_process(struct gp_inifile_context *ini_ctx,
+ struct registry_key *root_key,
+ uint32_t flags)
+{
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS security_process_group_policy(TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ struct registry_key *root_key,
+ const struct security_token *token,
+ const struct GROUP_POLICY_OBJECT *deleted_gpo_list,
+ const struct GROUP_POLICY_OBJECT *changed_gpo_list)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ char *unix_path = NULL;
+ struct gp_inifile_context *ini_ctx = NULL;
+ const struct GROUP_POLICY_OBJECT *gpo;
+ char *gpo_cache_path = cache_path(talloc_tos(), GPO_CACHE_DIR);
+ if (gpo_cache_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* implementation of the policy callback function, see
+ * http://msdn.microsoft.com/en-us/library/aa373494%28v=vs.85%29.aspx
+ * for details - gd */
+
+ /* for now do not process the list of deleted group policies
+
+ for (gpo = deleted_gpo_list; gpo; gpo = gpo->next) {
+ }
+
+ */
+
+ for (gpo = changed_gpo_list; gpo; gpo = gpo->next) {
+
+ gpext_debug_header(0, "security_process_group_policy", flags,
+ gpo, GP_EXT_GUID_SECURITY, NULL);
+
+ /* this handler processes the gpttmpl files and merge output to the
+ * registry */
+
+ status = gpo_get_unix_path(mem_ctx, gpo_cache_path,
+ gpo, &unix_path);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ status = gpttmpl_init_context(mem_ctx, flags, unix_path,
+ &ini_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ status = gpttmpl_process(ini_ctx, root_key, flags);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ TALLOC_FREE(ini_ctx);
+ }
+
+ out:
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("security_process_group_policy: %s\n",
+ nt_errstr(status)));
+ }
+ TALLOC_FREE(ini_ctx);
+ talloc_free(gpo_cache_path);
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS security_get_reg_config(TALLOC_CTX *mem_ctx,
+ struct gp_extension_reg_info **reg_info)
+{
+ NTSTATUS status;
+ struct gp_extension_reg_info *info = NULL;
+
+ struct gp_extension_reg_table table[] = {
+ /* FIXME: how can we store the "(Default)" value ??? */
+ /* { "", REG_SZ, "Security" }, */
+ { "ProcessGroupPolicy", REG_SZ, "security_process_group_policy" },
+ { "NoUserPolicy", REG_DWORD, "1" },
+ { "ExtensionDebugLevel", REG_DWORD, "1" },
+ { NULL, REG_NONE, NULL }
+ };
+
+ info = talloc_zero(mem_ctx, struct gp_extension_reg_info);
+ NT_STATUS_HAVE_NO_MEMORY(info);
+
+ status = gpext_info_add_entry(mem_ctx, GP_EXT_NAME,
+ GP_EXT_GUID_SECURITY,
+ table, info);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ *reg_info = info;
+
+ return NT_STATUS_OK;
+}
+
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS security_initialize(TALLOC_CTX *mem_ctx)
+{
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS security_shutdown(void)
+{
+ NTSTATUS status;
+
+ status = gpext_unregister_gp_extension(GP_EXT_NAME);
+ if (NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ TALLOC_FREE(ctx);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static struct gp_extension_methods security_methods = {
+ .initialize = security_initialize,
+ .process_group_policy = security_process_group_policy,
+ .get_reg_config = security_get_reg_config,
+ .shutdown = security_shutdown
+};
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS gpext_security_init(TALLOC_CTX *mem_ctx)
+{
+ NTSTATUS status;
+
+ ctx = talloc_init("gpext_security_init");
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ status = gpext_register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION,
+ GP_EXT_NAME, GP_EXT_GUID_SECURITY,
+ &security_methods);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(ctx);
+ }
+
+ return status;
+}
diff --git a/source3/libgpo/gpext/wscript_build b/source3/libgpo/gpext/wscript_build
new file mode 100644
index 0000000..365b420
--- /dev/null
+++ b/source3/libgpo/gpext/wscript_build
@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+bld.SAMBA3_MODULE('gpext_registry',
+ subsystem='gpext',
+ source='registry.c',
+ deps='NDR_PREG',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('gpext_registry'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('gpext_registry'))
+
+bld.SAMBA3_MODULE('gpext_scripts',
+ subsystem='gpext',
+ source='scripts.c',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('gpext_scripts'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('gpext_scripts'))
+
+bld.SAMBA3_MODULE('gpext_security',
+ subsystem='gpext',
+ source='security.c',
+ init_function='',
+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('gpext_security'),
+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('gpext_security'))
diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c
new file mode 100644
index 0000000..7d5d836
--- /dev/null
+++ b/source3/libnet/libnet_dssync.c
@@ -0,0 +1,724 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Stefan (metze) Metzmacher 2005
+ Copyright (C) Guenther Deschner 2008
+ Copyright (C) Michael Adam 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libnet/libnet_dssync.h"
+#include "rpc_client/cli_pipe.h"
+#include "../libcli/drsuapi/drsuapi.h"
+#include "../librpc/gen_ndr/ndr_drsuapi_c.h"
+
+/****************************************************************
+****************************************************************/
+
+static int libnet_dssync_free_context(struct dssync_context *ctx)
+{
+ WERROR result;
+ struct dcerpc_binding_handle *b;
+
+ if (!ctx) {
+ return 0;
+ }
+
+ if (is_valid_policy_hnd(&ctx->bind_handle) && ctx->cli) {
+ b = ctx->cli->binding_handle;
+ dcerpc_drsuapi_DsUnbind(b, ctx, &ctx->bind_handle, &result);
+ }
+
+ return 0;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS libnet_dssync_init_context(TALLOC_CTX *mem_ctx,
+ struct dssync_context **ctx_p)
+{
+ struct dssync_context *ctx;
+
+ ctx = talloc_zero(mem_ctx, struct dssync_context);
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ talloc_set_destructor(ctx, libnet_dssync_free_context);
+ ctx->clean_old_entries = false;
+
+ *ctx_p = ctx;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static void parse_obj_identifier(struct drsuapi_DsReplicaObjectIdentifier *id,
+ uint32_t *rid)
+{
+ if (!id || !rid) {
+ return;
+ }
+
+ *rid = 0;
+
+ if (id->sid.num_auths > 0) {
+ *rid = id->sid.sub_auths[id->sid.num_auths - 1];
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+static void libnet_dssync_decrypt_attributes(TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key,
+ struct drsuapi_DsReplicaObjectListItemEx *cur)
+{
+ for (; cur; cur = cur->next_object) {
+
+ uint32_t i;
+ uint32_t rid = 0;
+
+ parse_obj_identifier(cur->object.identifier, &rid);
+
+ for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
+
+ struct drsuapi_DsReplicaAttribute *attr;
+
+ attr = &cur->object.attribute_ctr.attributes[i];
+
+ if (attr->value_ctr.num_values < 1) {
+ continue;
+ }
+
+ if (!attr->value_ctr.values[0].blob) {
+ continue;
+ }
+
+ drsuapi_decrypt_attribute(mem_ctx,
+ session_key,
+ rid,
+ 0,
+ attr);
+ }
+ }
+}
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnet_dssync_bind(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx)
+{
+ NTSTATUS status;
+ WERROR werr;
+
+ struct GUID bind_guid;
+ struct drsuapi_DsBindInfoCtr bind_info;
+ struct drsuapi_DsBindInfo28 info28;
+ struct dcerpc_binding_handle *b = ctx->cli->binding_handle;
+
+ ZERO_STRUCT(info28);
+
+ GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
+
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7;
+ info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT;
+ info28.site_guid = GUID_zero();
+ info28.pid = 508;
+ info28.repl_epoch = 0;
+
+ bind_info.length = 28;
+ bind_info.info.info28 = info28;
+
+ status = dcerpc_drsuapi_DsBind(b, mem_ctx,
+ &bind_guid,
+ &bind_info,
+ &ctx->bind_handle,
+ &werr);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ return werror_to_ntstatus(werr);
+ }
+
+ ZERO_STRUCT(ctx->remote_info28);
+ switch (bind_info.length) {
+ case 24: {
+ struct drsuapi_DsBindInfo24 *info24;
+ info24 = &bind_info.info.info24;
+ ctx->remote_info28.site_guid = info24->site_guid;
+ ctx->remote_info28.supported_extensions = info24->supported_extensions;
+ ctx->remote_info28.pid = info24->pid;
+ ctx->remote_info28.repl_epoch = 0;
+ break;
+ }
+ case 28: {
+ ctx->remote_info28 = bind_info.info.info28;
+ break;
+ }
+ case 32: {
+ struct drsuapi_DsBindInfo32 *info32;
+ info32 = &bind_info.info.info32;
+ ctx->remote_info28.site_guid = info32->site_guid;
+ ctx->remote_info28.supported_extensions = info32->supported_extensions;
+ ctx->remote_info28.pid = info32->pid;
+ ctx->remote_info28.repl_epoch = info32->repl_epoch;
+ break;
+ }
+ case 48: {
+ struct drsuapi_DsBindInfo48 *info48;
+ info48 = &bind_info.info.info48;
+ ctx->remote_info28.site_guid = info48->site_guid;
+ ctx->remote_info28.supported_extensions = info48->supported_extensions;
+ ctx->remote_info28.pid = info48->pid;
+ ctx->remote_info28.repl_epoch = info48->repl_epoch;
+ break;
+ }
+ case 52: {
+ struct drsuapi_DsBindInfo52 *info52;
+ info52 = &bind_info.info.info52;
+ ctx->remote_info28.site_guid = info52->site_guid;
+ ctx->remote_info28.supported_extensions = info52->supported_extensions;
+ ctx->remote_info28.pid = info52->pid;
+ ctx->remote_info28.repl_epoch = info52->repl_epoch;
+ break;
+ }
+ default:
+ DEBUG(1, ("Warning: invalid info length in bind info: %d\n",
+ bind_info.length));
+ break;
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnet_dssync_lookup_nc(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx)
+{
+ NTSTATUS status;
+ WERROR werr;
+ uint32_t level = 1;
+ union drsuapi_DsNameRequest req;
+ uint32_t level_out;
+ struct drsuapi_DsNameString names[1];
+ union drsuapi_DsNameCtr ctr;
+ struct dcerpc_binding_handle *b = ctx->cli->binding_handle;
+
+ names[0].str = talloc_asprintf(mem_ctx, "%s\\", ctx->domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(names[0].str);
+
+ req.req1.codepage = 1252; /* german */
+ req.req1.language = 0x00000407; /* german */
+ req.req1.count = 1;
+ req.req1.names = names;
+ req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS;
+ req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_UNKNOWN;
+ req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
+
+ status = dcerpc_drsuapi_DsCrackNames(b, mem_ctx,
+ &ctx->bind_handle,
+ level,
+ &req,
+ &level_out,
+ &ctr,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to lookup DN for domain name: %s",
+ get_friendly_nt_error_msg(status));
+ return status;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to lookup DN for domain name: %s",
+ get_friendly_werror_msg(werr));
+ return werror_to_ntstatus(werr);
+ }
+
+ if (ctr.ctr1->count != 1) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ ctx->nc_dn = talloc_strdup(mem_ctx, ctr.ctr1->array[0].result_name);
+ NT_STATUS_HAVE_NO_MEMORY(ctx->nc_dn);
+
+ if (!ctx->dns_domain_name) {
+ ctx->dns_domain_name = talloc_strdup_upper(mem_ctx,
+ ctr.ctr1->array[0].dns_domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(ctx->dns_domain_name);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnet_dssync_init(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx)
+{
+ NTSTATUS status;
+
+ status = libnet_dssync_bind(mem_ctx, ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!ctx->nc_dn) {
+ status = libnet_dssync_lookup_nc(mem_ctx, ctx);
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx,
+ const char *dn,
+ struct replUpToDateVectorBlob *utdv,
+ uint32_t *plevel,
+ union drsuapi_DsGetNCChangesRequest *preq)
+{
+ NTSTATUS status;
+ uint32_t count;
+ uint32_t level;
+ union drsuapi_DsGetNCChangesRequest req;
+ enum drsuapi_DsExtendedOperation extended_op;
+ struct drsuapi_DsReplicaObjectIdentifier *nc = NULL;
+ struct drsuapi_DsReplicaCursorCtrEx *cursors = NULL;
+
+ uint32_t replica_flags = DRSUAPI_DRS_WRIT_REP |
+ DRSUAPI_DRS_INIT_SYNC |
+ DRSUAPI_DRS_PER_SYNC |
+ DRSUAPI_DRS_GET_ANC |
+ DRSUAPI_DRS_NEVER_SYNCED;
+
+ ZERO_STRUCT(req);
+
+ if (ctx->remote_info28.supported_extensions
+ & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8)
+ {
+ level = 8;
+ } else {
+ level = 5;
+ }
+
+ nc = talloc_zero(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier);
+ if (!nc) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ nc->dn = dn;
+ nc->guid = GUID_zero();
+ nc->sid = (struct dom_sid) {0};
+
+ if (!ctx->single_object_replication &&
+ !ctx->force_full_replication && utdv)
+ {
+ cursors = talloc_zero(mem_ctx,
+ struct drsuapi_DsReplicaCursorCtrEx);
+ if (!cursors) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ switch (utdv->version) {
+ case 1:
+ cursors->count = utdv->ctr.ctr1.count;
+ cursors->cursors = utdv->ctr.ctr1.cursors;
+ break;
+ case 2:
+ cursors->count = utdv->ctr.ctr2.count;
+ cursors->cursors = talloc_array(cursors,
+ struct drsuapi_DsReplicaCursor,
+ cursors->count);
+ if (!cursors->cursors) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ for (count = 0; count < cursors->count; count++) {
+ cursors->cursors[count].source_dsa_invocation_id =
+ utdv->ctr.ctr2.cursors[count].source_dsa_invocation_id;
+ cursors->cursors[count].highest_usn =
+ utdv->ctr.ctr2.cursors[count].highest_usn;
+ }
+ break;
+ }
+ }
+
+ if (ctx->single_object_replication) {
+ extended_op = DRSUAPI_EXOP_REPL_OBJ;
+ } else {
+ extended_op = DRSUAPI_EXOP_NONE;
+ }
+
+ if (level == 8) {
+ req.req8.naming_context = nc;
+ req.req8.replica_flags = replica_flags;
+ req.req8.max_object_count = 402;
+ req.req8.max_ndr_size = 402116;
+ req.req8.uptodateness_vector = cursors;
+ req.req8.extended_op = extended_op;
+ } else if (level == 5) {
+ req.req5.naming_context = nc;
+ req.req5.replica_flags = replica_flags;
+ req.req5.max_object_count = 402;
+ req.req5.max_ndr_size = 402116;
+ req.req5.uptodateness_vector = cursors;
+ req.req5.extended_op = extended_op;
+ } else {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ if (plevel) {
+ *plevel = level;
+ }
+
+ if (preq) {
+ *preq = req;
+ }
+
+ return NT_STATUS_OK;
+
+fail:
+ TALLOC_FREE(nc);
+ TALLOC_FREE(cursors);
+ return status;
+}
+
+static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx,
+ uint32_t level,
+ union drsuapi_DsGetNCChangesRequest *req,
+ struct replUpToDateVectorBlob **pnew_utdv)
+{
+ NTSTATUS status;
+ WERROR werr;
+ union drsuapi_DsGetNCChangesCtr ctr;
+ struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
+ struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
+ struct replUpToDateVectorBlob *new_utdv = NULL;
+ uint32_t level_out = 0;
+ uint32_t out_level = 0;
+ int y;
+ bool last_query;
+ struct dcerpc_binding_handle *b = ctx->cli->binding_handle;
+
+ if (!ctx->single_object_replication) {
+ new_utdv = talloc_zero(mem_ctx, struct replUpToDateVectorBlob);
+ if (!new_utdv) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ }
+
+ for (y=0, last_query = false; !last_query; y++) {
+ struct drsuapi_DsReplicaObjectListItemEx *first_object = NULL;
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr = NULL;
+ uint32_t linked_attributes_count = 0;
+ struct drsuapi_DsReplicaLinkedAttribute *linked_attributes = NULL;
+
+ if (level == 8) {
+ DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
+ (long long)req->req8.highwatermark.tmp_highest_usn,
+ (long long)req->req8.highwatermark.highest_usn));
+ } else if (level == 5) {
+ DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y,
+ (long long)req->req5.highwatermark.tmp_highest_usn,
+ (long long)req->req5.highwatermark.highest_usn));
+ }
+
+ status = dcerpc_drsuapi_DsGetNCChanges(b, mem_ctx,
+ &ctx->bind_handle,
+ level,
+ req,
+ &level_out,
+ &ctr,
+ &werr);
+ if (!NT_STATUS_IS_OK(status)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to get NC Changes: %s",
+ get_friendly_nt_error_msg(status));
+ goto out;
+ }
+
+ if (!W_ERROR_IS_OK(werr)) {
+ status = werror_to_ntstatus(werr);
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to get NC Changes: %s",
+ get_friendly_werror_msg(werr));
+ goto out;
+ }
+
+ if (level_out == 1) {
+ out_level = 1;
+ ctr1 = &ctr.ctr1;
+ } else if (level_out == 2 && ctr.ctr2.mszip1.ts) {
+ out_level = 1;
+ ctr1 = &ctr.ctr2.mszip1.ts->ctr1;
+ } else if (level_out == 6) {
+ out_level = 6;
+ ctr6 = &ctr.ctr6;
+ } else if (level_out == 7
+ && ctr.ctr7.level == 6
+ && ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP
+ && ctr.ctr7.ctr.mszip6.ts) {
+ out_level = 6;
+ ctr6 = &ctr.ctr7.ctr.mszip6.ts->ctr6;
+ } else if (level_out == 7
+ && ctr.ctr7.level == 6
+ && ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2
+ && ctr.ctr7.ctr.xpress6.ts) {
+ out_level = 6;
+ ctr6 = &ctr.ctr7.ctr.xpress6.ts->ctr6;
+ }
+
+ if (out_level == 1) {
+ DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
+ (long long)ctr1->new_highwatermark.tmp_highest_usn,
+ (long long)ctr1->new_highwatermark.highest_usn));
+
+ first_object = ctr1->first_object;
+ mapping_ctr = &ctr1->mapping_ctr;
+
+ if (ctr1->more_data) {
+ req->req5.highwatermark = ctr1->new_highwatermark;
+ } else {
+ last_query = true;
+ if (ctr1->uptodateness_vector &&
+ !ctx->single_object_replication)
+ {
+ new_utdv->version = 1;
+ new_utdv->ctr.ctr1.count =
+ ctr1->uptodateness_vector->count;
+ new_utdv->ctr.ctr1.cursors =
+ ctr1->uptodateness_vector->cursors;
+ }
+ }
+ } else if (out_level == 6) {
+ DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y,
+ (long long)ctr6->new_highwatermark.tmp_highest_usn,
+ (long long)ctr6->new_highwatermark.highest_usn));
+
+ first_object = ctr6->first_object;
+ mapping_ctr = &ctr6->mapping_ctr;
+
+ linked_attributes = ctr6->linked_attributes;
+ linked_attributes_count = ctr6->linked_attributes_count;
+
+ if (ctr6->more_data) {
+ req->req8.highwatermark = ctr6->new_highwatermark;
+ } else {
+ last_query = true;
+ if (ctr6->uptodateness_vector &&
+ !ctx->single_object_replication)
+ {
+ new_utdv->version = 2;
+ new_utdv->ctr.ctr2.count =
+ ctr6->uptodateness_vector->count;
+ new_utdv->ctr.ctr2.cursors =
+ ctr6->uptodateness_vector->cursors;
+ }
+ }
+ }
+
+ status = cli_get_session_key(mem_ctx, ctx->cli, &ctx->session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to get Session Key: %s",
+ nt_errstr(status));
+ goto out;
+ }
+
+ libnet_dssync_decrypt_attributes(mem_ctx,
+ &ctx->session_key,
+ first_object);
+
+ if (ctx->ops->process_objects) {
+ status = ctx->ops->process_objects(ctx, mem_ctx,
+ first_object,
+ mapping_ctr);
+ if (!NT_STATUS_IS_OK(status)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to call processing function: %s",
+ nt_errstr(status));
+ goto out;
+ }
+ }
+
+ if (linked_attributes_count == 0) {
+ continue;
+ }
+
+ if (ctx->ops->process_links) {
+ status = ctx->ops->process_links(ctx, mem_ctx,
+ linked_attributes_count,
+ linked_attributes,
+ mapping_ctr);
+ if (!NT_STATUS_IS_OK(status)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to call processing function: %s",
+ nt_errstr(status));
+ goto out;
+ }
+ }
+ }
+
+ *pnew_utdv = new_utdv;
+
+out:
+ return status;
+}
+
+static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx)
+{
+ NTSTATUS status;
+
+ uint32_t level = 0;
+ union drsuapi_DsGetNCChangesRequest req;
+ struct replUpToDateVectorBlob *old_utdv = NULL;
+ struct replUpToDateVectorBlob *pnew_utdv = NULL;
+ const char **dns;
+ uint32_t dn_count;
+ uint32_t count;
+
+ if (ctx->ops->startup) {
+ status = ctx->ops->startup(ctx, mem_ctx, &old_utdv);
+ if (!NT_STATUS_IS_OK(status)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to call startup operation: %s",
+ nt_errstr(status));
+ goto out;
+ }
+ }
+
+ if (ctx->single_object_replication && ctx->object_dns) {
+ dns = ctx->object_dns;
+ dn_count = ctx->object_count;
+ } else {
+ dns = &ctx->nc_dn;
+ dn_count = 1;
+ }
+
+ status = NT_STATUS_OK;
+
+ for (count=0; count < dn_count; count++) {
+ status = libnet_dssync_build_request(mem_ctx, ctx,
+ dns[count],
+ old_utdv, &level,
+ &req);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ status = libnet_dssync_getncchanges(mem_ctx, ctx, level, &req,
+ &pnew_utdv);
+ if (!NT_STATUS_IS_OK(status)) {
+ if (!ctx->error_message) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to call DsGetNCCHanges: %s",
+ nt_errstr(status));
+ }
+ goto out;
+ }
+ }
+
+ if (ctx->ops->finish) {
+ status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv);
+ if (!NT_STATUS_IS_OK(status)) {
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to call finishing operation: %s",
+ nt_errstr(status));
+ goto out;
+ }
+ }
+
+ out:
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx)
+{
+ NTSTATUS status;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = libnet_dssync_init(tmp_ctx, ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ status = libnet_dssync_process(tmp_ctx, ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ out:
+ TALLOC_FREE(tmp_ctx);
+ return status;
+}
+
diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h
new file mode 100644
index 0000000..d426d8b
--- /dev/null
+++ b/source3/libnet/libnet_dssync.h
@@ -0,0 +1,73 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libnet Support
+ * Copyright (C) Guenther Deschner 2008
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "../librpc/gen_ndr/drsuapi.h"
+#include "../librpc/gen_ndr/drsblobs.h"
+
+struct dssync_context;
+
+struct dssync_ops {
+ NTSTATUS (*startup)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob **pold_utdv);
+ NTSTATUS (*process_objects)(struct dssync_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaObjectListItemEx *objects,
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mappings);
+ NTSTATUS (*process_links)(struct dssync_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ uint32_t count,
+ struct drsuapi_DsReplicaLinkedAttribute *links,
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mappings);
+ NTSTATUS (*finish)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob *new_utdv);
+};
+
+struct dssync_context {
+ const char *domain_name;
+ const char *dns_domain_name;
+ struct rpc_pipe_client *cli;
+ const char *nc_dn;
+ bool single_object_replication;
+ bool force_full_replication;
+ bool clean_old_entries;
+ uint32_t object_count;
+ const char **object_dns;
+ struct policy_handle bind_handle;
+ DATA_BLOB session_key;
+ const char *output_filename;
+ struct drsuapi_DsBindInfo28 remote_info28;
+
+ void *private_data;
+
+ const struct dssync_ops *ops;
+
+ char *result_message;
+ char *error_message;
+};
+
+extern const struct dssync_ops libnet_dssync_keytab_ops;
+extern const struct dssync_ops libnet_dssync_passdb_ops;
+
+/* The following definitions come from libnet/libnet_dssync.c */
+
+NTSTATUS libnet_dssync_init_context(TALLOC_CTX *mem_ctx,
+ struct dssync_context **ctx_p);
+NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx,
+ struct dssync_context *ctx);
diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c
new file mode 100644
index 0000000..41893b4
--- /dev/null
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -0,0 +1,609 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Guenther Deschner <gd@samba.org> 2008
+ Copyright (C) Michael Adam 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "libnet/libnet_dssync.h"
+#include "libnet/libnet_keytab.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+
+#if defined(HAVE_ADS)
+
+static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob **pold_utdv)
+{
+ krb5_error_code ret = 0;
+ struct libnet_keytab_context *keytab_ctx;
+ struct libnet_keytab_entry *entry;
+ struct replUpToDateVectorBlob *old_utdv = NULL;
+ char *principal;
+
+ ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx);
+ if (ret) {
+ return krb5_to_nt_status(ret);
+ }
+
+ keytab_ctx->dns_domain_name = ctx->dns_domain_name;
+ keytab_ctx->clean_old_entries = ctx->clean_old_entries;
+ ctx->private_data = keytab_ctx;
+
+ principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s",
+ ctx->nc_dn, ctx->dns_domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(principal);
+
+ entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL,
+ mem_ctx);
+ if (entry) {
+ enum ndr_err_code ndr_err;
+ old_utdv = talloc(mem_ctx, struct replUpToDateVectorBlob);
+
+ ndr_err = ndr_pull_struct_blob(&entry->password, old_utdv, old_utdv,
+ (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ NTSTATUS status = ndr_map_error2ntstatus(ndr_err);
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to pull UpToDateVector: %s",
+ nt_errstr(status));
+ return status;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(replUpToDateVectorBlob, old_utdv);
+ }
+ }
+
+ if (pold_utdv) {
+ *pold_utdv = old_utdv;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob *new_utdv)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ krb5_error_code ret = 0;
+ struct libnet_keytab_context *keytab_ctx =
+ (struct libnet_keytab_context *)ctx->private_data;
+
+ if (new_utdv) {
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv);
+ }
+
+ ndr_err = ndr_push_struct_blob(&blob, mem_ctx, new_utdv,
+ (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to push UpToDateVector: %s",
+ nt_errstr(status));
+ goto done;
+ }
+
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, 0,
+ ctx->nc_dn, "UTDV",
+ ENCTYPE_NULL,
+ blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ }
+
+ ret = libnet_keytab_add(keytab_ctx);
+ if (ret) {
+ status = krb5_to_nt_status(ret);
+ ctx->error_message = talloc_asprintf(ctx,
+ "Failed to add entries to keytab %s: %s",
+ keytab_ctx->keytab_name, error_message(ret));
+ goto done;
+ }
+
+ ctx->result_message = talloc_asprintf(ctx,
+ "Vampired %d accounts to keytab %s",
+ keytab_ctx->count,
+ keytab_ctx->keytab_name);
+
+done:
+ TALLOC_FREE(keytab_ctx);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS parse_supplemental_credentials(TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *blob,
+ struct package_PrimaryKerberosCtr3 **pkb3,
+ struct package_PrimaryKerberosCtr4 **pkb4)
+{
+ NTSTATUS status;
+ enum ndr_err_code ndr_err;
+ struct supplementalCredentialsBlob scb;
+ struct supplementalCredentialsPackage *scpk = NULL;
+ DATA_BLOB scpk_blob;
+ struct package_PrimaryKerberosBlob *pkb;
+ bool newer_keys = false;
+ uint32_t j;
+
+ ndr_err = ndr_pull_struct_blob_all(blob, mem_ctx, &scb,
+ (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ goto done;
+ }
+ if ((scb.sub.signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE)
+ && (scb.sub.num_packages != 0))
+ {
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb);
+ }
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+ for (j=0; j < scb.sub.num_packages; j++) {
+ if (strcmp("Primary:Kerberos-Newer-Keys",
+ scb.sub.packages[j].name) == 0)
+ {
+ scpk = &scb.sub.packages[j];
+ if (!scpk->data || !scpk->data[0]) {
+ scpk = NULL;
+ continue;
+ }
+ newer_keys = true;
+ break;
+ } else if (strcmp("Primary:Kerberos",
+ scb.sub.packages[j].name) == 0)
+ {
+ /*
+ * grab this but don't break here:
+ * there might still be newer-keys ...
+ */
+ scpk = &scb.sub.packages[j];
+ if (!scpk->data || !scpk->data[0]) {
+ scpk = NULL;
+ }
+ }
+ }
+
+ if (!scpk) {
+ /* no data */
+ status = NT_STATUS_OK;
+ goto done;
+ }
+
+ scpk_blob = strhex_to_data_blob(mem_ctx, scpk->data);
+ if (!scpk_blob.data) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ pkb = talloc_zero(mem_ctx, struct package_PrimaryKerberosBlob);
+ if (!pkb) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ ndr_err = ndr_pull_struct_blob(&scpk_blob, mem_ctx, pkb,
+ (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ goto done;
+ }
+
+ if (!newer_keys && pkb->version != 3) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
+ if (newer_keys && pkb->version != 4) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
+ if (pkb->version == 4 && pkb4) {
+ *pkb4 = &pkb->ctr.ctr4;
+ } else if (pkb->version == 3 && pkb3) {
+ *pkb3 = &pkb->ctr.ctr3;
+ }
+
+ status = NT_STATUS_OK;
+
+done:
+ return status;
+}
+
+static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
+ struct libnet_keytab_context *ctx,
+ struct drsuapi_DsReplicaObjectListItemEx *cur)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ uchar nt_passwd[16];
+ DATA_BLOB *blob;
+ int i = 0;
+ struct drsuapi_DsReplicaAttribute *attr;
+ bool got_pwd = false;
+
+ struct package_PrimaryKerberosCtr3 *pkb3 = NULL;
+ struct package_PrimaryKerberosCtr4 *pkb4 = NULL;
+
+ char *object_dn = NULL;
+ char *upn = NULL;
+ char **spn = NULL;
+ uint32_t num_spns = 0;
+ char *name = NULL;
+ uint32_t kvno = 0;
+ uint32_t uacc = 0;
+ uint32_t sam_type = 0;
+
+ uint32_t pwd_history_len = 0;
+ uint8_t *pwd_history = NULL;
+
+ ZERO_STRUCT(nt_passwd);
+
+ object_dn = talloc_strdup(mem_ctx, cur->object.identifier->dn);
+ if (!object_dn) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ DEBUG(3, ("parsing object '%s'\n", object_dn));
+
+ for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
+
+ attr = &cur->object.attribute_ctr.attributes[i];
+
+ if (attr->attid == DRSUAPI_ATTID_servicePrincipalName) {
+ uint32_t count;
+ num_spns = attr->value_ctr.num_values;
+ spn = talloc_array(mem_ctx, char *, num_spns);
+ for (count = 0; count < num_spns; count++) {
+ blob = attr->value_ctr.values[count].blob;
+ pull_string_talloc(spn, NULL, 0,
+ &spn[count],
+ blob->data, blob->length,
+ STR_UNICODE);
+ }
+ }
+
+ if (attr->value_ctr.num_values != 1) {
+ continue;
+ }
+
+ if (!attr->value_ctr.values[0].blob) {
+ continue;
+ }
+
+ blob = attr->value_ctr.values[0].blob;
+
+ switch (attr->attid) {
+ case DRSUAPI_ATTID_unicodePwd:
+
+ if (blob->length != 16) {
+ break;
+ }
+
+ memcpy(&nt_passwd, blob->data, 16);
+ got_pwd = true;
+
+ /* pick the kvno from the meta_data version,
+ * thanks, metze, for explaining this */
+
+ if (!cur->meta_data_ctr) {
+ break;
+ }
+ if (cur->meta_data_ctr->count !=
+ cur->object.attribute_ctr.num_attributes) {
+ break;
+ }
+ kvno = cur->meta_data_ctr->meta_data[i].version;
+ break;
+ case DRSUAPI_ATTID_ntPwdHistory:
+ pwd_history_len = blob->length / 16;
+ pwd_history = blob->data;
+ break;
+ case DRSUAPI_ATTID_userPrincipalName:
+ pull_string_talloc(mem_ctx, NULL, 0, &upn,
+ blob->data, blob->length,
+ STR_UNICODE);
+ break;
+ case DRSUAPI_ATTID_sAMAccountName:
+ pull_string_talloc(mem_ctx, NULL, 0, &name,
+ blob->data, blob->length,
+ STR_UNICODE);
+ break;
+ case DRSUAPI_ATTID_sAMAccountType:
+ sam_type = IVAL(blob->data, 0);
+ break;
+ case DRSUAPI_ATTID_userAccountControl:
+ uacc = IVAL(blob->data, 0);
+ break;
+ case DRSUAPI_ATTID_supplementalCredentials:
+ status = parse_supplemental_credentials(mem_ctx,
+ blob,
+ &pkb3,
+ &pkb4);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(2, ("parsing of supplemental "
+ "credentials failed: %s\n",
+ nt_errstr(status)));
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (!got_pwd) {
+ DEBUG(10, ("no password (unicodePwd) found - skipping.\n"));
+ return NT_STATUS_OK;
+ }
+
+ if (name) {
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, 0, object_dn,
+ "SAMACCOUNTNAME",
+ ENCTYPE_NULL,
+ data_blob_talloc(mem_ctx, name,
+ strlen(name) + 1));
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ } else {
+ /* look into keytab ... */
+ struct libnet_keytab_entry *entry = NULL;
+ char *principal = NULL;
+
+ DEBUG(10, ("looking for SAMACCOUNTNAME/%s@%s in keytayb...\n",
+ object_dn, ctx->dns_domain_name));
+
+ principal = talloc_asprintf(mem_ctx, "%s/%s@%s",
+ "SAMACCOUNTNAME",
+ object_dn,
+ ctx->dns_domain_name);
+ if (!principal) {
+ DEBUG(1, ("talloc failed\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+ entry = libnet_keytab_search(ctx, principal, 0, ENCTYPE_NULL,
+ mem_ctx);
+ if (entry) {
+ name = (char *)talloc_memdup(mem_ctx,
+ entry->password.data,
+ entry->password.length);
+ if (!name) {
+ DEBUG(1, ("talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ } else {
+ DEBUG(10, ("found name %s\n", name));
+ }
+ TALLOC_FREE(entry);
+ } else {
+ DEBUG(10, ("entry not found\n"));
+ }
+ TALLOC_FREE(principal);
+ }
+
+ if (!name) {
+ DEBUG(10, ("no name (sAMAccountName) found - skipping.\n"));
+ return NT_STATUS_OK;
+ }
+
+ DEBUG(1,("#%02d: %s:%d, ", ctx->count, name, kvno));
+ DEBUGADD(1,("sAMAccountType: 0x%08x, userAccountControl: 0x%08x",
+ sam_type, uacc));
+ if (upn) {
+ DEBUGADD(1,(", upn: %s", upn));
+ }
+ if (num_spns > 0) {
+ DEBUGADD(1, (", spns: ["));
+ for (i = 0; i < num_spns; i++) {
+ DEBUGADD(1, ("%s%s", spn[i],
+ (i+1 == num_spns)?"]":", "));
+ }
+ }
+ DEBUGADD(1,("\n"));
+
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL,
+ ENCTYPE_ARCFOUR_HMAC,
+ data_blob_talloc(mem_ctx, nt_passwd, 16));
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* add kerberos keys (if any) */
+
+ if (pkb4) {
+ for (i=0; i < pkb4->num_keys; i++) {
+ if (!pkb4->keys[i].value) {
+ continue;
+ }
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno,
+ name,
+ NULL,
+ pkb4->keys[i].keytype,
+ *pkb4->keys[i].value);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ for (i=0; i < pkb4->num_old_keys; i++) {
+ if (!pkb4->old_keys[i].value) {
+ continue;
+ }
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1,
+ name,
+ NULL,
+ pkb4->old_keys[i].keytype,
+ *pkb4->old_keys[i].value);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ for (i=0; i < pkb4->num_older_keys; i++) {
+ if (!pkb4->older_keys[i].value) {
+ continue;
+ }
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 2,
+ name,
+ NULL,
+ pkb4->older_keys[i].keytype,
+ *pkb4->older_keys[i].value);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ }
+
+ if (pkb3) {
+ for (i=0; i < pkb3->num_keys; i++) {
+ if (!pkb3->keys[i].value) {
+ continue;
+ }
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name,
+ NULL,
+ pkb3->keys[i].keytype,
+ *pkb3->keys[i].value);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ for (i=0; i < pkb3->num_old_keys; i++) {
+ if (!pkb3->old_keys[i].value) {
+ continue;
+ }
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1,
+ name,
+ NULL,
+ pkb3->old_keys[i].keytype,
+ *pkb3->old_keys[i].value);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ }
+
+ if (kvno < pwd_history_len) {
+ return status;
+ }
+
+ /* add password history */
+
+ /* skip first entry */
+ if (got_pwd) {
+ kvno--;
+ i = 1;
+ } else {
+ i = 0;
+ }
+
+ for (; i<pwd_history_len; i++) {
+ status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno--, name, NULL,
+ ENCTYPE_ARCFOUR_HMAC,
+ data_blob_talloc(mem_ctx, &pwd_history[i*16], 16));
+ if (!NT_STATUS_IS_OK(status)) {
+ break;
+ }
+ }
+
+ return status;
+}
+
+static bool dn_is_in_object_list(struct dssync_context *ctx,
+ const char *dn)
+{
+ uint32_t count;
+
+ if (ctx->object_count == 0) {
+ return true;
+ }
+
+ for (count = 0; count < ctx->object_count; count++) {
+ if (strequal(ctx->object_dns[count], dn)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS keytab_process_objects(struct dssync_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaObjectListItemEx *cur,
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ struct libnet_keytab_context *keytab_ctx =
+ (struct libnet_keytab_context *)ctx->private_data;
+
+ for (; cur; cur = cur->next_object) {
+ /*
+ * When not in single object replication mode,
+ * the object_dn list is used as a positive write filter.
+ */
+ if (!ctx->single_object_replication &&
+ !dn_is_in_object_list(ctx, cur->object.identifier->dn))
+ {
+ continue;
+ }
+
+ status = parse_object(mem_ctx, keytab_ctx, cur);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ }
+
+ out:
+ return status;
+}
+
+#else
+
+static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob **pold_utdv)
+{
+ return NT_STATUS_NOT_SUPPORTED;
+}
+
+static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob *new_utdv)
+{
+ return NT_STATUS_NOT_SUPPORTED;
+}
+
+static NTSTATUS keytab_process_objects(struct dssync_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaObjectListItemEx *cur,
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr)
+{
+ return NT_STATUS_NOT_SUPPORTED;
+}
+#endif /* defined(HAVE_ADS) */
+
+const struct dssync_ops libnet_dssync_keytab_ops = {
+ .startup = keytab_startup,
+ .process_objects = keytab_process_objects,
+ .finish = keytab_finish,
+};
diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c
new file mode 100644
index 0000000..7d5ef64
--- /dev/null
+++ b/source3/libnet/libnet_dssync_passdb.c
@@ -0,0 +1,1955 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Guenther Deschner <gd@samba.org> 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/passwd.h"
+#include "libnet/libnet_dssync.h"
+#include "../libcli/security/security.h"
+#include "../libds/common/flags.h"
+#include "../librpc/gen_ndr/ndr_drsuapi.h"
+#include "util_tdb.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_rbt.h"
+#include "../libds/common/flag_mapping.h"
+#include "passdb.h"
+#include "lib/util/base64.h"
+#include "lib/util/string_wrappers.h"
+
+/****************************************************************
+****************************************************************/
+
+struct dssync_passdb {
+ struct pdb_methods *methods;
+ struct db_context *all;
+ struct db_context *aliases;
+ struct db_context *groups;
+};
+
+struct dssync_passdb_obj {
+ struct dssync_passdb_obj *self;
+ uint32_t type;
+ struct drsuapi_DsReplicaObjectListItemEx *cur;
+ TDB_DATA key;
+ TDB_DATA data;
+ struct db_context *members;
+};
+
+struct dssync_passdb_mem {
+ struct dssync_passdb_mem *self;
+ bool active;
+ struct drsuapi_DsReplicaObjectIdentifier3 *cur;
+ struct dssync_passdb_obj *obj;
+ TDB_DATA key;
+ TDB_DATA data;
+};
+
+static NTSTATUS dssync_insert_obj(struct dssync_passdb *pctx,
+ struct db_context *db,
+ struct dssync_passdb_obj *obj)
+{
+ NTSTATUS status;
+ struct db_record *rec;
+ TDB_DATA value;
+
+ rec = dbwrap_fetch_locked(db, talloc_tos(), obj->key);
+ if (rec == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ value = dbwrap_record_get_value(rec);
+ if (value.dsize != 0) {
+ abort();
+ }
+
+ status = dbwrap_record_store(rec, obj->data, TDB_INSERT);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(rec);
+ return status;
+ }
+ TALLOC_FREE(rec);
+ return NT_STATUS_OK;
+}
+
+static struct dssync_passdb_obj *dssync_parse_obj(const TDB_DATA data)
+{
+ struct dssync_passdb_obj *obj;
+
+ if (data.dsize != sizeof(obj)) {
+ return NULL;
+ }
+
+ /*
+ * we need to copy the pointer to avoid alignment problems
+ * on some systems.
+ */
+ memcpy(&obj, data.dptr, sizeof(obj));
+
+ return talloc_get_type_abort(obj, struct dssync_passdb_obj);
+}
+
+static struct dssync_passdb_obj *dssync_search_obj_by_guid(struct dssync_passdb *pctx,
+ struct db_context *db,
+ const struct GUID *guid)
+{
+ struct dssync_passdb_obj *obj;
+ TDB_DATA key;
+ TDB_DATA data;
+ NTSTATUS status;
+
+ key = make_tdb_data((const uint8_t *)(const void *)guid,
+ sizeof(*guid));
+
+ status = dbwrap_fetch(db, talloc_tos(), key, &data);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NULL;
+ }
+
+ obj = dssync_parse_obj(data);
+ return obj;
+}
+
+static NTSTATUS dssync_create_obj(struct dssync_passdb *pctx,
+ struct db_context *db,
+ uint32_t type,
+ struct drsuapi_DsReplicaObjectListItemEx *cur,
+ struct dssync_passdb_obj **_obj)
+{
+ NTSTATUS status;
+ struct dssync_passdb_obj *obj;
+
+ obj = talloc_zero(pctx, struct dssync_passdb_obj);
+ if (obj == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ obj->self = obj;
+ obj->cur = cur;
+ obj->type = type;
+ obj->key = make_tdb_data((const uint8_t *)(void *)&cur->object.identifier->guid,
+ sizeof(cur->object.identifier->guid));
+ obj->data = make_tdb_data((const uint8_t *)(void *)&obj->self,
+ sizeof(obj->self));
+
+ obj->members = db_open_rbt(obj);
+ if (obj->members == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = dssync_insert_obj(pctx, db, obj);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(obj);
+ return status;
+ }
+ *_obj = obj;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS dssync_insert_mem(struct dssync_passdb *pctx,
+ struct dssync_passdb_obj *obj,
+ struct dssync_passdb_mem *mem)
+{
+ NTSTATUS status;
+ struct db_record *rec;
+ TDB_DATA value;
+
+ rec = dbwrap_fetch_locked(obj->members, talloc_tos(), mem->key);
+ if (rec == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ value = dbwrap_record_get_value(rec);
+ if (value.dsize != 0) {
+ abort();
+ }
+
+ status = dbwrap_record_store(rec, mem->data, TDB_INSERT);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(rec);
+ return status;
+ }
+ TALLOC_FREE(rec);
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS dssync_create_mem(struct dssync_passdb *pctx,
+ struct dssync_passdb_obj *obj,
+ bool active,
+ struct drsuapi_DsReplicaObjectIdentifier3 *cur,
+ struct dssync_passdb_mem **_mem)
+{
+ NTSTATUS status;
+ struct dssync_passdb_mem *mem;
+
+ mem = talloc_zero(pctx, struct dssync_passdb_mem);
+ if (mem == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ mem->self = mem;
+ mem->cur = cur;
+ mem->active = active;
+ mem->obj = NULL;
+ mem->key = make_tdb_data((const uint8_t *)(void *)&cur->guid,
+ sizeof(cur->guid));
+ mem->data = make_tdb_data((const uint8_t *)(void *)&mem->self,
+ sizeof(mem->self));
+
+ status = dssync_insert_mem(pctx, obj, mem);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(obj);
+ return status;
+ }
+ *_mem = mem;
+ return NT_STATUS_OK;
+}
+
+static struct dssync_passdb_mem *dssync_parse_mem(const TDB_DATA data)
+{
+ struct dssync_passdb_mem *mem;
+
+ if (data.dsize != sizeof(mem)) {
+ return NULL;
+ }
+
+ /*
+ * we need to copy the pointer to avoid alignment problems
+ * on some systems.
+ */
+ memcpy(&mem, data.dptr, sizeof(mem));
+
+ return talloc_get_type_abort(mem, struct dssync_passdb_mem);
+}
+
+static NTSTATUS passdb_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob **pold_utdv)
+{
+ NTSTATUS status;
+ struct dssync_passdb *pctx;
+
+ pctx = talloc_zero(mem_ctx, struct dssync_passdb);
+ if (pctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (ctx->output_filename) {
+ status = make_pdb_method_name(&pctx->methods, ctx->output_filename);
+ } else {
+ status = make_pdb_method_name(&pctx->methods, lp_passdb_backend());
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ pctx->all = db_open_rbt(pctx);
+ if (pctx->all == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ pctx->aliases = db_open_rbt(pctx);
+ if (pctx->aliases == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ pctx->groups = db_open_rbt(pctx);
+ if (pctx->groups == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ctx->private_data = pctx;
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+struct dssync_passdb_traverse_amembers {
+ struct dssync_context *ctx;
+ struct dssync_passdb_obj *obj;
+ const char *name;
+ uint32_t idx;
+};
+
+struct dssync_passdb_traverse_aliases {
+ struct dssync_context *ctx;
+ const char *name;
+ uint32_t idx;
+};
+
+static int dssync_passdb_traverse_amembers(struct db_record *rec,
+ void *private_data)
+{
+ struct dssync_passdb_traverse_amembers *state =
+ (struct dssync_passdb_traverse_amembers *)private_data;
+ struct dssync_passdb *pctx =
+ talloc_get_type_abort(state->ctx->private_data,
+ struct dssync_passdb);
+ struct dssync_passdb_mem *mem;
+ NTSTATUS status;
+ struct dom_sid alias_sid;
+ struct dom_sid member_sid;
+ struct dom_sid_buf buf1, buf2;
+ const char *member_dn;
+ size_t num_members;
+ size_t i;
+ struct dom_sid *members;
+ bool is_member = false;
+ const char *action;
+ TDB_DATA value;
+
+ state->idx++;
+
+ alias_sid = state->obj->cur->object.identifier->sid;
+
+ value = dbwrap_record_get_value(rec);
+ mem = dssync_parse_mem(value);
+ if (mem == NULL) {
+ return -1;
+ }
+
+ member_sid = mem->cur->sid;
+ member_dn = mem->cur->dn;
+
+ mem->obj = dssync_search_obj_by_guid(pctx, pctx->all, &mem->cur->guid);
+ if (mem->obj == NULL) {
+ DEBUG(0,("alias[%s] member[%s] can't resolve member - ignoring\n",
+ dom_sid_str_buf(&alias_sid, &buf1),
+ is_null_sid(&member_sid)?
+ dom_sid_str_buf(&member_sid, &buf2):
+ member_dn));
+ return 0;
+ }
+
+ switch (mem->obj->type) {
+ case ATYPE_DISTRIBUTION_LOCAL_GROUP:
+ case ATYPE_DISTRIBUTION_GLOBAL_GROUP:
+ DEBUG(0, ("alias[%s] ignore distribution group [%s]\n",
+ dom_sid_str_buf(&alias_sid, &buf1),
+ member_dn));
+ return 0;
+ default:
+ break;
+ }
+
+ DEBUG(0,("alias[%s] member[%s]\n",
+ dom_sid_str_buf(&alias_sid, &buf1),
+ dom_sid_str_buf(&member_sid, &buf2)));
+
+ status = pdb_enum_aliasmem(&alias_sid, talloc_tos(),
+ &members, &num_members);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Could not find current alias members %s - %s\n",
+ dom_sid_str_buf(&alias_sid, &buf1),
+ nt_errstr(status)));
+ return -1;
+ }
+
+ for (i=0; i < num_members; i++) {
+ bool match;
+
+ match = dom_sid_equal(&members[i], &member_sid);
+ if (match) {
+ is_member = true;
+ break;
+ }
+ }
+
+ status = NT_STATUS_OK;
+ action = "none";
+ if (!is_member && mem->active) {
+ action = "add";
+ pdb_add_aliasmem(&alias_sid, &member_sid);
+ } else if (is_member && !mem->active) {
+ action = "delete";
+ pdb_del_aliasmem(&alias_sid, &member_sid);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Could not %s %s as alias members of %s - %s\n",
+ action,
+ dom_sid_str_buf(&member_sid, &buf1),
+ dom_sid_str_buf(&alias_sid, &buf2),
+ nt_errstr(status)));
+ return -1;
+ }
+
+ return 0;
+}
+
+static int dssync_passdb_traverse_aliases(struct db_record *rec,
+ void *private_data)
+{
+ struct dssync_passdb_traverse_aliases *state =
+ (struct dssync_passdb_traverse_aliases *)private_data;
+ struct dssync_passdb *pctx =
+ talloc_get_type_abort(state->ctx->private_data,
+ struct dssync_passdb);
+ struct dssync_passdb_traverse_amembers mstate;
+ struct dssync_passdb_obj *obj;
+ TDB_DATA value;
+ NTSTATUS status;
+
+ state->idx++;
+ if (pctx->methods == NULL) {
+ return -1;
+ }
+
+ value = dbwrap_record_get_value(rec);
+ obj = dssync_parse_obj(value);
+ if (obj == NULL) {
+ return -1;
+ }
+
+ ZERO_STRUCT(mstate);
+ mstate.ctx = state->ctx;
+ mstate.name = "members";
+ mstate.obj = obj;
+ status = dbwrap_traverse_read(obj->members,
+ dssync_passdb_traverse_amembers,
+ &mstate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+struct dssync_passdb_traverse_gmembers {
+ struct dssync_context *ctx;
+ struct dssync_passdb_obj *obj;
+ const char *name;
+ uint32_t idx;
+};
+
+struct dssync_passdb_traverse_groups {
+ struct dssync_context *ctx;
+ const char *name;
+ uint32_t idx;
+};
+
+static int dssync_passdb_traverse_gmembers(struct db_record *rec,
+ void *private_data)
+{
+ struct dssync_passdb_traverse_gmembers *state =
+ (struct dssync_passdb_traverse_gmembers *)private_data;
+ struct dssync_passdb *pctx =
+ talloc_get_type_abort(state->ctx->private_data,
+ struct dssync_passdb);
+ struct dssync_passdb_mem *mem;
+ NTSTATUS status;
+ char *nt_member = NULL;
+ char **unix_members;
+ struct dom_sid group_sid;
+ struct dom_sid member_sid;
+ struct dom_sid_buf buf1, buf2;
+ struct samu *member = NULL;
+ const char *member_dn = NULL;
+ GROUP_MAP *map;
+ struct group *grp;
+ uint32_t rid;
+ bool is_unix_member = false;
+ TDB_DATA value;
+
+ state->idx++;
+
+ group_sid = state->obj->cur->object.identifier->sid;
+
+ status = dom_sid_split_rid(talloc_tos(), &group_sid, NULL, &rid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+
+ value = dbwrap_record_get_value(rec);
+
+ mem = dssync_parse_mem(value);
+ if (mem == NULL) {
+ return -1;
+ }
+
+ member_sid = mem->cur->sid;
+ member_dn = mem->cur->dn;
+
+ mem->obj = dssync_search_obj_by_guid(pctx, pctx->all, &mem->cur->guid);
+ if (mem->obj == NULL) {
+ DEBUG(0,("group[%s] member[%s] can't resolve member - ignoring\n",
+ dom_sid_str_buf(&group_sid, &buf1),
+ is_null_sid(&member_sid)?
+ dom_sid_str_buf(&member_sid, &buf2):
+ member_dn));
+ return 0;
+ }
+
+ member_sid = mem->obj->cur->object.identifier->sid;
+ member_dn = mem->obj->cur->object.identifier->dn;
+
+ switch (mem->obj->type) {
+ case ATYPE_SECURITY_LOCAL_GROUP:
+ case ATYPE_SECURITY_GLOBAL_GROUP:
+ DEBUG(0, ("Group[%s] ignore member group [%s]\n",
+ dom_sid_str_buf(&group_sid, &buf1),
+ dom_sid_str_buf(&member_sid, &buf2)));
+ return 0;
+
+ case ATYPE_DISTRIBUTION_LOCAL_GROUP:
+ case ATYPE_DISTRIBUTION_GLOBAL_GROUP:
+ DEBUG(0, ("Group[%s] ignore distribution group [%s]\n",
+ dom_sid_str_buf(&group_sid, &buf1),
+ member_dn));
+ return 0;
+ default:
+ break;
+ }
+
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
+ }
+
+ if (!get_domain_group_from_sid(group_sid, map)) {
+ DEBUG(0, ("Could not find global group %s\n",
+ dom_sid_str_buf(&group_sid, &buf1)));
+ //return NT_STATUS_NO_SUCH_GROUP;
+ TALLOC_FREE(map);
+ return -1;
+ }
+
+ if (!(grp = getgrgid(map->gid))) {
+ DEBUG(0, ("Could not find unix group %lu\n",
+ (unsigned long)map->gid));
+ //return NT_STATUS_NO_SUCH_GROUP;
+ TALLOC_FREE(map);
+ return -1;
+ }
+
+ TALLOC_FREE(map);
+
+ DEBUG(0,("Group members of %s: ", grp->gr_name));
+
+ if ( !(member = samu_new(talloc_tos())) ) {
+ //return NT_STATUS_NO_MEMORY;
+ return -1;
+ }
+
+ if (!pdb_getsampwsid(member, &member_sid)) {
+ DEBUG(1, ("Found bogus group member: (member_sid=%s group=%s)\n",
+ dom_sid_str_buf(&member_sid, &buf1),
+ grp->gr_name));
+ TALLOC_FREE(member);
+ return -1;
+ }
+
+ if (pdb_get_group_rid(member) == rid) {
+ DEBUGADD(0,("%s(primary),", pdb_get_username(member)));
+ TALLOC_FREE(member);
+ return -1;
+ }
+
+ DEBUGADD(0,("%s,", pdb_get_username(member)));
+ nt_member = talloc_strdup(talloc_tos(), pdb_get_username(member));
+ TALLOC_FREE(member);
+
+ DEBUGADD(0,("\n"));
+
+ unix_members = grp->gr_mem;
+
+ while (*unix_members) {
+ if (strcmp(*unix_members, nt_member) == 0) {
+ is_unix_member = true;
+ break;
+ }
+ unix_members += 1;
+ }
+
+ if (!is_unix_member && mem->active) {
+ smb_add_user_group(grp->gr_name, nt_member);
+ } else if (is_unix_member && !mem->active) {
+ smb_delete_user_group(grp->gr_name, nt_member);
+ }
+
+ return 0;
+}
+
+static int dssync_passdb_traverse_groups(struct db_record *rec,
+ void *private_data)
+{
+ struct dssync_passdb_traverse_groups *state =
+ (struct dssync_passdb_traverse_groups *)private_data;
+ struct dssync_passdb *pctx =
+ talloc_get_type_abort(state->ctx->private_data,
+ struct dssync_passdb);
+ struct dssync_passdb_traverse_gmembers mstate;
+ struct dssync_passdb_obj *obj;
+ TDB_DATA value;
+ NTSTATUS status;
+
+ state->idx++;
+ if (pctx->methods == NULL) {
+ return -1;
+ }
+
+ value = dbwrap_record_get_value(rec);
+
+ obj = dssync_parse_obj(value);
+ if (obj == NULL) {
+ return -1;
+ }
+
+ ZERO_STRUCT(mstate);
+ mstate.ctx = state->ctx;
+ mstate.name = "members";
+ mstate.obj = obj;
+ status = dbwrap_traverse_read(obj->members,
+ dssync_passdb_traverse_gmembers,
+ &mstate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return -1;
+ }
+
+ return 0;
+}
+
+static NTSTATUS passdb_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
+ struct replUpToDateVectorBlob *new_utdv)
+{
+ struct dssync_passdb *pctx =
+ talloc_get_type_abort(ctx->private_data,
+ struct dssync_passdb);
+ struct dssync_passdb_traverse_aliases astate;
+ struct dssync_passdb_traverse_groups gstate;
+ NTSTATUS status;
+
+ ZERO_STRUCT(astate);
+ astate.ctx = ctx;
+ astate.name = "aliases";
+ status = dbwrap_traverse_read(pctx->aliases,
+ dssync_passdb_traverse_aliases,
+ &astate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ZERO_STRUCT(gstate);
+ gstate.ctx = ctx;
+ gstate.name = "groups";
+ status = dbwrap_traverse_read(pctx->groups,
+ dssync_passdb_traverse_groups,
+ &gstate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ TALLOC_FREE(pctx->methods);
+ TALLOC_FREE(pctx);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS smb_create_user(TALLOC_CTX *mem_ctx,
+ uint32_t acct_flags,
+ const char *account,
+ struct passwd **passwd_p)
+{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
+ struct passwd *passwd;
+ char *add_script = NULL;
+
+ passwd = Get_Pwnam_alloc(mem_ctx, account);
+ if (passwd) {
+ *passwd_p = passwd;
+ return NT_STATUS_OK;
+ }
+
+ /* Create appropriate user */
+ if (acct_flags & ACB_NORMAL) {
+ add_script = lp_add_user_script(mem_ctx, lp_sub);
+ } else if ( (acct_flags & ACB_WSTRUST) ||
+ (acct_flags & ACB_SVRTRUST) ||
+ (acct_flags & ACB_DOMTRUST) ) {
+ add_script = lp_add_machine_script(mem_ctx, lp_sub);
+ } else {
+ DEBUG(1, ("Unknown user type: %s\n",
+ pdb_encode_acct_ctrl(acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!add_script) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (*add_script) {
+ int add_ret;
+ add_script = talloc_all_string_sub(mem_ctx, add_script,
+ "%u", account);
+ if (!add_script) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ add_ret = smbrun(add_script, NULL, NULL);
+ DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' "
+ "gave %d\n", add_script, add_ret));
+ if (add_ret == 0) {
+ smb_nscd_flush_user_cache();
+ }
+ }
+
+ /* try and find the possible unix account again */
+ passwd = Get_Pwnam_alloc(mem_ctx, account);
+ if (!passwd) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ *passwd_p = passwd;
+
+ return NT_STATUS_OK;
+}
+
+static struct drsuapi_DsReplicaAttribute *find_drsuapi_attr(
+ const struct drsuapi_DsReplicaObjectListItemEx *cur,
+ uint32_t attid)
+{
+ uint32_t i = 0;
+
+ for (i = 0; i < cur->object.attribute_ctr.num_attributes; i++) {
+ struct drsuapi_DsReplicaAttribute *attr;
+
+ attr = &cur->object.attribute_ctr.attributes[i];
+
+ if (attr->attid == attid) {
+ return attr;
+ }
+ }
+
+ return NULL;
+}
+
+static NTSTATUS find_drsuapi_attr_string(TALLOC_CTX *mem_ctx,
+ const struct drsuapi_DsReplicaObjectListItemEx *cur,
+ uint32_t attid,
+ uint32_t *_count,
+ char ***_array)
+{
+ struct drsuapi_DsReplicaAttribute *attr;
+ char **array;
+ uint32_t a;
+
+ attr = find_drsuapi_attr(cur, attid);
+ if (attr == NULL) {
+ return NT_STATUS_PROPSET_NOT_FOUND;
+ }
+
+ array = talloc_array(mem_ctx, char *, attr->value_ctr.num_values);
+ if (array == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (a = 0; a < attr->value_ctr.num_values; a++) {
+ const DATA_BLOB *blob;
+ ssize_t ret;
+
+ blob = attr->value_ctr.values[a].blob;
+
+ if (blob == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ ret = pull_string_talloc(array, NULL, 0, &array[a],
+ blob->data, blob->length,
+ STR_UNICODE);
+ if (ret == -1) {
+ //TODO
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ }
+
+ *_count = attr->value_ctr.num_values;
+ *_array = array;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS find_drsuapi_attr_int32(TALLOC_CTX *mem_ctx,
+ const struct drsuapi_DsReplicaObjectListItemEx *cur,
+ uint32_t attid,
+ uint32_t *_count,
+ int32_t **_array)
+{
+ struct drsuapi_DsReplicaAttribute *attr;
+ int32_t *array;
+ uint32_t a;
+
+ attr = find_drsuapi_attr(cur, attid);
+ if (attr == NULL) {
+ return NT_STATUS_PROPSET_NOT_FOUND;
+ }
+
+ array = talloc_array(mem_ctx, int32_t, attr->value_ctr.num_values);
+ if (array == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (a = 0; a < attr->value_ctr.num_values; a++) {
+ const DATA_BLOB *blob;
+
+ blob = attr->value_ctr.values[a].blob;
+
+ if (blob == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ if (blob->length != 4) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ array[a] = IVAL(blob->data, 0);
+ }
+
+ *_count = attr->value_ctr.num_values;
+ *_array = array;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS find_drsuapi_attr_blob(TALLOC_CTX *mem_ctx,
+ const struct drsuapi_DsReplicaObjectListItemEx *cur,
+ uint32_t attid,
+ uint32_t *_count,
+ DATA_BLOB **_array)
+{
+ struct drsuapi_DsReplicaAttribute *attr;
+ DATA_BLOB *array;
+ uint32_t a;
+
+ attr = find_drsuapi_attr(cur, attid);
+ if (attr == NULL) {
+ return NT_STATUS_PROPSET_NOT_FOUND;
+ }
+
+ array = talloc_array(mem_ctx, DATA_BLOB, attr->value_ctr.num_values);
+ if (array == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (a = 0; a < attr->value_ctr.num_values; a++) {
+ const DATA_BLOB *blob;
+
+ blob = attr->value_ctr.values[a].blob;
+
+ if (blob == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ array[a] = data_blob_talloc(array, blob->data, blob->length);
+ if (array[a].length != blob->length) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ *_count = attr->value_ctr.num_values;
+ *_array = array;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS find_drsuapi_attr_int64(TALLOC_CTX *mem_ctx,
+ const struct drsuapi_DsReplicaObjectListItemEx *cur,
+ uint32_t attid,
+ uint32_t *_count,
+ int64_t **_array)
+{
+ struct drsuapi_DsReplicaAttribute *attr;
+ int64_t *array;
+ uint32_t a;
+
+ attr = find_drsuapi_attr(cur, attid);
+ if (attr == NULL) {
+ return NT_STATUS_PROPSET_NOT_FOUND;
+ }
+
+ array = talloc_array(mem_ctx, int64_t, attr->value_ctr.num_values);
+ if (array == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (a = 0; a < attr->value_ctr.num_values; a++) {
+ const DATA_BLOB *blob;
+
+ blob = attr->value_ctr.values[a].blob;
+
+ if (blob == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ if (blob->length != 8) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ array[a] = BVAL(blob->data, 0);
+ }
+ *_count = attr->value_ctr.num_values;
+ *_array = array;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS find_drsuapi_attr_dn(TALLOC_CTX *mem_ctx,
+ const struct drsuapi_DsReplicaObjectListItemEx *cur,
+ uint32_t attid,
+ uint32_t *_count,
+ struct drsuapi_DsReplicaObjectIdentifier3 **_array)
+{
+ struct drsuapi_DsReplicaAttribute *attr;
+ struct drsuapi_DsReplicaObjectIdentifier3 *array;
+ uint32_t a;
+
+ attr = find_drsuapi_attr(cur, attid);
+ if (attr == NULL) {
+ return NT_STATUS_PROPSET_NOT_FOUND;
+ }
+
+ array = talloc_array(mem_ctx,
+ struct drsuapi_DsReplicaObjectIdentifier3,
+ attr->value_ctr.num_values);
+ if (array == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (a = 0; a < attr->value_ctr.num_values; a++) {
+ const DATA_BLOB *blob;
+ enum ndr_err_code ndr_err;
+ NTSTATUS status;
+
+ blob = attr->value_ctr.values[a].blob;
+
+ if (blob == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ /* windows sometimes sends an extra two pad bytes here */
+ ndr_err = ndr_pull_struct_blob(blob, array, &array[a],
+ (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ return status;
+ }
+ }
+ *_count = attr->value_ctr.num_values;
+ *_array = array;
+ return NT_STATUS_OK;
+}
+
+#define GET_BLOB_EX(attr, needed) do { \
+ NTSTATUS _status; \
+ uint32_t _cnt; \
+ DATA_BLOB *_vals = NULL; \
+ attr = data_blob_null; \
+ _status = find_drsuapi_attr_blob(mem_ctx, cur, \
+ DRSUAPI_ATTID_ ## attr, \
+ &_cnt, &_vals); \
+ if (NT_STATUS_EQUAL(_status, NT_STATUS_PROPSET_NOT_FOUND)) { \
+ if (!needed) { \
+ _status = NT_STATUS_OK; \
+ _cnt = 0; \
+ } \
+ } \
+ if (!NT_STATUS_IS_OK(_status)) { \
+ DEBUG(0,(__location__ "attr[%s] %s\n", \
+ #attr, nt_errstr(_status))); \
+ return _status; \
+ } \
+ if (_cnt == 0) { \
+ if (needed) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND; \
+ } \
+ } else if (_cnt > 1) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_INTERNAL_DB_CORRUPTION; \
+ } else { \
+ attr = _vals[0]; \
+ (void)talloc_steal(mem_ctx, _vals[0].data); \
+ } \
+ talloc_free(_vals); \
+} while(0)
+
+#define GET_STRING_EX(attr, needed) do { \
+ NTSTATUS _status; \
+ uint32_t _cnt; \
+ char **_vals = NULL; \
+ attr = NULL; \
+ _status = find_drsuapi_attr_string(mem_ctx, cur, \
+ DRSUAPI_ATTID_ ## attr, \
+ &_cnt, &_vals); \
+ if (NT_STATUS_EQUAL(_status, NT_STATUS_PROPSET_NOT_FOUND)) { \
+ if (!needed) { \
+ _status = NT_STATUS_OK; \
+ _cnt = 0; \
+ } \
+ } \
+ if (!NT_STATUS_IS_OK(_status)) { \
+ DEBUG(0,(__location__ "attr[%s] %s\n", \
+ #attr, nt_errstr(_status))); \
+ return _status; \
+ } \
+ if (_cnt == 0) { \
+ if (needed) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND; \
+ } \
+ } else if (_cnt > 1) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_INTERNAL_DB_CORRUPTION; \
+ } else { \
+ attr = talloc_move(mem_ctx, &_vals[0]); \
+ } \
+ talloc_free(_vals); \
+} while(0)
+
+#define GET_UINT32_EX(attr, needed) do { \
+ NTSTATUS _status; \
+ uint32_t _cnt; \
+ int32_t*_vals = NULL; \
+ attr = 0; \
+ _status = find_drsuapi_attr_int32(mem_ctx, cur, \
+ DRSUAPI_ATTID_ ## attr, \
+ &_cnt, &_vals); \
+ if (NT_STATUS_EQUAL(_status, NT_STATUS_PROPSET_NOT_FOUND)) { \
+ if (!needed) { \
+ _status = NT_STATUS_OK; \
+ _cnt = 0; \
+ } \
+ } \
+ if (!NT_STATUS_IS_OK(_status)) { \
+ DEBUG(0,(__location__ "attr[%s] %s\n", \
+ #attr, nt_errstr(_status))); \
+ return _status; \
+ } \
+ if (_cnt == 0) { \
+ if (needed) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND; \
+ } \
+ } else if (_cnt > 1) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_INTERNAL_DB_CORRUPTION; \
+ } else { \
+ attr = (uint32_t)_vals[0]; \
+ } \
+ talloc_free(_vals); \
+} while(0)
+
+#define GET_UINT64_EX(attr, needed) do { \
+ NTSTATUS _status; \
+ uint32_t _cnt; \
+ int64_t *_vals = NULL; \
+ attr = 0; \
+ _status = find_drsuapi_attr_int64(mem_ctx, cur, \
+ DRSUAPI_ATTID_ ## attr, \
+ &_cnt, &_vals); \
+ if (NT_STATUS_EQUAL(_status, NT_STATUS_PROPSET_NOT_FOUND)) { \
+ if (!needed) { \
+ _status = NT_STATUS_OK; \
+ _cnt = 0; \
+ } \
+ } \
+ if (!NT_STATUS_IS_OK(_status)) { \
+ DEBUG(0,(__location__ "attr[%s] %s\n", \
+ #attr, nt_errstr(_status))); \
+ return _status; \
+ } \
+ if (_cnt == 0) { \
+ if (needed) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND; \
+ } \
+ } else if (_cnt > 1) { \
+ talloc_free(_vals); \
+ DEBUG(0,(__location__ "attr[%s] count[%u]\n", #attr, _cnt)); \
+ return NT_STATUS_INTERNAL_DB_CORRUPTION; \
+ } else { \
+ attr = (uint64_t)_vals[0]; \
+ } \
+ talloc_free(_vals); \
+} while(0)
+
+#define GET_BLOB(attr) GET_BLOB_EX(attr, false)
+#define GET_STRING(attr) GET_STRING_EX(attr, false)
+#define GET_UINT32(attr) GET_UINT32_EX(attr, false)
+#define GET_UINT64(attr) GET_UINT64_EX(attr, false)
+
+/* Convert a struct samu_DELTA to a struct samu. */
+#define STRING_CHANGED (old_string && !new_string) ||\
+ (!old_string && new_string) ||\
+ (old_string && new_string && (strcmp(old_string, new_string) != 0))
+
+#define STRING_CHANGED_NC(s1,s2) ((s1) && !(s2)) ||\
+ (!(s1) && (s2)) ||\
+ ((s1) && (s2) && (strcmp((s1), (s2)) != 0))
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS sam_account_from_object(struct samu *account,
+ struct drsuapi_DsReplicaObjectListItemEx *cur)
+{
+ TALLOC_CTX *mem_ctx = account;
+ const char *old_string, *new_string;
+ struct dom_sid_buf buf;
+ time_t unix_time, stored_time;
+ NTSTATUS status;
+
+ NTTIME lastLogon;
+ NTTIME lastLogoff;
+ NTTIME pwdLastSet;
+ NTTIME accountExpires;
+ const char *sAMAccountName;
+ const char *displayName;
+ const char *homeDirectory;
+ const char *homeDrive;
+ const char *scriptPath;
+ const char *profilePath;
+ const char *description;
+ const char *userWorkstations;
+ DATA_BLOB userParameters;
+ struct dom_sid objectSid;
+ uint32_t primaryGroupID;
+ uint32_t userAccountControl;
+ DATA_BLOB logonHours;
+ uint32_t badPwdCount;
+ uint32_t logonCount;
+ DATA_BLOB unicodePwd;
+ DATA_BLOB dBCSPwd;
+
+ uint32_t rid = 0;
+ uint32_t acct_flags;
+ uint32_t units_per_week;
+
+ objectSid = cur->object.identifier->sid;
+ GET_STRING_EX(sAMAccountName, true);
+ DEBUG(0,("sam_account_from_object(%s, %s) start\n",
+ sAMAccountName,
+ dom_sid_str_buf(&objectSid, &buf)));
+ GET_UINT64(lastLogon);
+ GET_UINT64(lastLogoff);
+ GET_UINT64(pwdLastSet);
+ GET_UINT64(accountExpires);
+ GET_STRING(displayName);
+ GET_STRING(homeDirectory);
+ GET_STRING(homeDrive);
+ GET_STRING(scriptPath);
+ GET_STRING(profilePath);
+ GET_STRING(description);
+ GET_STRING(userWorkstations);
+ GET_BLOB(userParameters);
+ GET_UINT32(primaryGroupID);
+ GET_UINT32(userAccountControl);
+ GET_BLOB(logonHours);
+ GET_UINT32(badPwdCount);
+ GET_UINT32(logonCount);
+ GET_BLOB(unicodePwd);
+ GET_BLOB(dBCSPwd);
+
+ status = dom_sid_split_rid(mem_ctx, &objectSid, NULL, &rid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ acct_flags = ds_uf2acb(userAccountControl);
+
+ /* Username, fullname, home dir, dir drive, logon script, acct
+ desc, workstations, profile. */
+
+ if (sAMAccountName) {
+ old_string = pdb_get_nt_username(account);
+ new_string = sAMAccountName;
+
+ if (STRING_CHANGED) {
+ pdb_set_nt_username(account, new_string, PDB_CHANGED);
+ }
+
+ /* Unix username is the same - for sanity */
+ old_string = pdb_get_username( account );
+ if (STRING_CHANGED) {
+ pdb_set_username(account, new_string, PDB_CHANGED);
+ }
+ }
+
+ if (displayName) {
+ old_string = pdb_get_fullname(account);
+ new_string = displayName;
+
+ if (STRING_CHANGED)
+ pdb_set_fullname(account, new_string, PDB_CHANGED);
+ }
+
+ if (homeDirectory) {
+ old_string = pdb_get_homedir(account);
+ new_string = homeDirectory;
+
+ if (STRING_CHANGED)
+ pdb_set_homedir(account, new_string, PDB_CHANGED);
+ }
+
+ if (homeDrive) {
+ old_string = pdb_get_dir_drive(account);
+ new_string = homeDrive;
+
+ if (STRING_CHANGED)
+ pdb_set_dir_drive(account, new_string, PDB_CHANGED);
+ }
+
+ if (scriptPath) {
+ old_string = pdb_get_logon_script(account);
+ new_string = scriptPath;
+
+ if (STRING_CHANGED)
+ pdb_set_logon_script(account, new_string, PDB_CHANGED);
+ }
+
+ if (description) {
+ old_string = pdb_get_acct_desc(account);
+ new_string = description;
+
+ if (STRING_CHANGED)
+ pdb_set_acct_desc(account, new_string, PDB_CHANGED);
+ }
+
+ if (userWorkstations) {
+ old_string = pdb_get_workstations(account);
+ new_string = userWorkstations;
+
+ if (STRING_CHANGED)
+ pdb_set_workstations(account, new_string, PDB_CHANGED);
+ }
+
+ if (profilePath) {
+ old_string = pdb_get_profile_path(account);
+ new_string = profilePath;
+
+ if (STRING_CHANGED)
+ pdb_set_profile_path(account, new_string, PDB_CHANGED);
+ }
+
+ if (userParameters.data) {
+ char *newstr = NULL;
+ old_string = pdb_get_munged_dial(account);
+
+ if (userParameters.length != 0) {
+ newstr = base64_encode_data_blob(talloc_tos(),
+ userParameters);
+ SMB_ASSERT(newstr != NULL);
+ }
+
+ if (STRING_CHANGED_NC(old_string, newstr))
+ pdb_set_munged_dial(account, newstr, PDB_CHANGED);
+ TALLOC_FREE(newstr);
+ }
+
+ /* User and group sid */
+ if (rid != 0 && pdb_get_user_rid(account) != rid) {
+ pdb_set_user_sid_from_rid(account, rid, PDB_CHANGED);
+ }
+ if (primaryGroupID != 0 && pdb_get_group_rid(account) != primaryGroupID) {
+ pdb_set_group_sid_from_rid(account, primaryGroupID, PDB_CHANGED);
+ }
+
+ /* Logon and password information */
+ if (!nt_time_is_zero(&lastLogon)) {
+ unix_time = nt_time_to_unix(lastLogon);
+ stored_time = pdb_get_logon_time(account);
+ if (stored_time != unix_time)
+ pdb_set_logon_time(account, unix_time, PDB_CHANGED);
+ }
+
+ if (!nt_time_is_zero(&lastLogoff)) {
+ unix_time = nt_time_to_unix(lastLogoff);
+ stored_time = pdb_get_logoff_time(account);
+ if (stored_time != unix_time)
+ pdb_set_logoff_time(account, unix_time,PDB_CHANGED);
+ }
+
+ /* Logon Divs */
+ units_per_week = logonHours.length * 8;
+
+ if (pdb_get_logon_divs(account) != units_per_week) {
+ pdb_set_logon_divs(account, units_per_week, PDB_CHANGED);
+ }
+
+ /* Logon Hours Len */
+ if (units_per_week/8 != pdb_get_hours_len(account)) {
+ pdb_set_hours_len(account, units_per_week/8, PDB_CHANGED);
+ }
+
+ /* Logon Hours */
+ if (logonHours.data) {
+ char oldstr[44], newstr[44];
+ pdb_sethexhours(oldstr, pdb_get_hours(account));
+ pdb_sethexhours(newstr, logonHours.data);
+ if (!strequal(oldstr, newstr)) {
+ pdb_set_hours(account, logonHours.data,
+ logonHours.length, PDB_CHANGED);
+ }
+ }
+
+ if (pdb_get_bad_password_count(account) != badPwdCount)
+ pdb_set_bad_password_count(account, badPwdCount, PDB_CHANGED);
+
+ if (pdb_get_logon_count(account) != logonCount)
+ pdb_set_logon_count(account, logonCount, PDB_CHANGED);
+
+ if (!nt_time_is_zero(&pwdLastSet)) {
+ unix_time = nt_time_to_unix(pwdLastSet);
+ stored_time = pdb_get_pass_last_set_time(account);
+ if (stored_time != unix_time)
+ pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED);
+ } else {
+ /* no last set time, make it now */
+ pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED);
+ }
+
+ if (!nt_time_is_zero(&accountExpires)) {
+ unix_time = nt_time_to_unix(accountExpires);
+ stored_time = pdb_get_kickoff_time(account);
+ if (stored_time != unix_time)
+ pdb_set_kickoff_time(account, unix_time, PDB_CHANGED);
+ }
+
+ /* Decode hashes from password hash
+ Note that win2000 may send us all zeros for the hashes if it doesn't
+ think this channel is secure enough - don't set the passwords at all
+ in that case
+ */
+ if (dBCSPwd.length == 16 && !all_zero(dBCSPwd.data, 16)) {
+ pdb_set_lanman_passwd(account, dBCSPwd.data, PDB_CHANGED);
+ }
+
+ if (unicodePwd.length == 16 && !all_zero(unicodePwd.data, 16)) {
+ pdb_set_nt_passwd(account, unicodePwd.data, PDB_CHANGED);
+ }
+
+ /* TODO: history */
+
+ /* TODO: account expiry time */
+
+ pdb_set_acct_ctrl(account, acct_flags, PDB_CHANGED);
+
+ pdb_set_domain(account, lp_workgroup(), PDB_CHANGED);
+
+ DEBUG(0,("sam_account_from_object(%s, %s) done\n",
+ sAMAccountName,
+ dom_sid_str_buf(&objectSid, &buf)));
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
+ TALLOC_CTX *mem_ctx,
+ struct dssync_passdb_obj *obj)
+{
+ struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
+ NTSTATUS status;
+ fstring account;
+ struct samu *sam_account=NULL;
+ GROUP_MAP *map;
+ struct group *grp;
+ struct dom_sid user_sid;
+ struct dom_sid group_sid;
+ struct dom_sid_buf buf;
+ struct passwd *passwd = NULL;
+ uint32_t acct_flags;
+ uint32_t rid;
+
+ const char *sAMAccountName;
+ uint32_t userAccountControl;
+
+ user_sid = cur->object.identifier->sid;
+ GET_STRING_EX(sAMAccountName, true);
+ GET_UINT32_EX(userAccountControl, true);
+
+ status = dom_sid_split_rid(mem_ctx, &user_sid, NULL, &rid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ fstrcpy(account, sAMAccountName);
+ if (rid == DOMAIN_RID_GUEST) {
+ /*
+ * pdb_getsampwsid() has special handling for DOMAIN_RID_GUEST
+ * that's why we need to ignore it here.
+ *
+ * pdb_smbpasswd.c also has some DOMAIN_RID_GUEST related
+ * code...
+ */
+ DEBUG(0,("Ignore %s - %s\n",
+ account,
+ dom_sid_str_buf(&user_sid, &buf)));
+ return NT_STATUS_OK;
+ }
+ DEBUG(0,("Creating account: %s\n", account));
+
+ if ( !(sam_account = samu_new(mem_ctx)) ) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ acct_flags = ds_uf2acb(userAccountControl);
+ status = smb_create_user(sam_account, acct_flags, account, &passwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("Could not create posix account info for '%s'- %s\n",
+ account, nt_errstr(status)));
+ TALLOC_FREE(sam_account);
+ return status;
+ }
+
+ DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
+ dom_sid_str_buf(&user_sid, &buf),
+ account));
+ if (!pdb_getsampwsid(sam_account, &user_sid)) {
+ sam_account_from_object(sam_account, cur);
+ DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
+ dom_sid_str_buf(&user_sid, &buf),
+ pdb_get_username(sam_account)));
+ if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) {
+ DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
+ account));
+ TALLOC_FREE(sam_account);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ } else {
+ sam_account_from_object(sam_account, cur);
+ DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
+ dom_sid_str_buf(&user_sid, &buf),
+ pdb_get_username(sam_account)));
+ if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) {
+ DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
+ account));
+ TALLOC_FREE(sam_account);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
+
+ if (pdb_get_group_sid(sam_account) == NULL) {
+ TALLOC_FREE(sam_account);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ group_sid = *pdb_get_group_sid(sam_account);
+
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!pdb_getgrsid(map, group_sid)) {
+ DEBUG(0, ("Primary group of %s has no mapping!\n",
+ pdb_get_username(sam_account)));
+ } else {
+ if (map->gid != passwd->pw_gid) {
+ if (!(grp = getgrgid(map->gid))) {
+ DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
+ (unsigned long)map->gid, pdb_get_username(sam_account),
+ dom_sid_str_buf(&group_sid, &buf)));
+ } else {
+ smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
+ }
+ }
+ }
+
+ TALLOC_FREE(map);
+
+ if ( !passwd ) {
+ DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
+ pdb_get_username(sam_account)));
+ }
+
+ TALLOC_FREE(sam_account);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
+ TALLOC_CTX *mem_ctx,
+ struct dssync_passdb_obj *obj)
+{
+ struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
+ NTSTATUS status;
+ struct group *grp = NULL;
+ struct dom_sid group_sid;
+ uint32_t rid = 0;
+ struct dom_sid *dom_sid = NULL;
+ struct dom_sid_buf sid_str;
+ GROUP_MAP *map;
+ bool insert = true;
+
+ const char *sAMAccountName;
+ const char *description;
+ uint32_t i;
+ uint32_t num_members = 0;
+ struct drsuapi_DsReplicaObjectIdentifier3 *members = NULL;
+
+ group_sid = cur->object.identifier->sid;
+ GET_STRING_EX(sAMAccountName, true);
+ GET_STRING(description);
+
+ status = find_drsuapi_attr_dn(obj, cur, DRSUAPI_ATTID_member,
+ &num_members, &members);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROPSET_NOT_FOUND)) {
+ status = NT_STATUS_OK;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ dom_sid_split_rid(mem_ctx, &group_sid, &dom_sid, &rid);
+
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (map == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ map->nt_name = talloc_strdup(map, sAMAccountName);
+ if (map->nt_name == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if (description) {
+ map->comment = talloc_strdup(map, description);
+ } else {
+ map->comment = talloc_strdup(map, "");
+ }
+ if (map->comment == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ DEBUG(0,("Creating alias[%s] - %s members[%u]\n",
+ map->nt_name,
+ dom_sid_str_buf(&group_sid, &sid_str),
+ num_members));
+
+ status = dssync_insert_obj(pctx, pctx->aliases, obj);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (pdb_getgrsid(map, group_sid)) {
+ if (map->gid != -1) {
+ grp = getgrgid(map->gid);
+ }
+ insert = false;
+ }
+
+ if (grp == NULL) {
+ gid_t gid;
+
+ /* No group found from mapping, find it from its name. */
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
+
+ /* No appropriate group found, create one */
+
+ DEBUG(0, ("Creating unix group: '%s'\n",
+ map->nt_name));
+
+ if (smb_create_group(map->nt_name, &gid) != 0) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
+
+ if ((grp = getgrgid(gid)) == NULL) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
+ }
+ }
+
+ map->gid = grp->gr_gid;
+ map->sid = group_sid;
+
+ if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
+ /*
+ * pdb_ldap does not like SID_NAME_WKN_GRP...
+ *
+ * map.sid_name_use = SID_NAME_WKN_GRP;
+ */
+ map->sid_name_use = SID_NAME_ALIAS;
+ } else {
+ map->sid_name_use = SID_NAME_ALIAS;
+ }
+
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
+ } else {
+ pdb_update_group_mapping_entry(map);
+ }
+
+ for (i=0; i < num_members; i++) {
+ struct dssync_passdb_mem *mem;
+
+ status = dssync_create_mem(pctx, obj,
+ true /* active */,
+ &members[i], &mem);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ }
+
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(map);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
+ TALLOC_CTX *mem_ctx,
+ struct dssync_passdb_obj *obj)
+{
+ struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
+ NTSTATUS status;
+ struct group *grp = NULL;
+ struct dom_sid group_sid;
+ struct dom_sid_buf sid_str;
+ GROUP_MAP *map;
+ bool insert = true;
+
+ const char *sAMAccountName;
+ const char *description;
+ uint32_t i;
+ uint32_t num_members = 0;
+ struct drsuapi_DsReplicaObjectIdentifier3 *members = NULL;
+
+ group_sid = cur->object.identifier->sid;
+ GET_STRING_EX(sAMAccountName, true);
+ GET_STRING(description);
+
+ status = find_drsuapi_attr_dn(obj, cur, DRSUAPI_ATTID_member,
+ &num_members, &members);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROPSET_NOT_FOUND)) {
+ status = NT_STATUS_OK;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ map->nt_name = talloc_strdup(map, sAMAccountName);
+ if (!map->nt_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ if (description) {
+ map->comment = talloc_strdup(map, description);
+ } else {
+ map->comment = talloc_strdup(map, "");
+ }
+ if (!map->comment) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ DEBUG(0,("Creating group[%s] - %s members [%u]\n",
+ map->nt_name,
+ dom_sid_str_buf(&group_sid, &sid_str),
+ num_members));
+
+ status = dssync_insert_obj(pctx, pctx->groups, obj);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ if (pdb_getgrsid(map, group_sid)) {
+ if (map->gid != -1) {
+ grp = getgrgid(map->gid);
+ }
+ insert = false;
+ }
+
+ if (grp == NULL) {
+ gid_t gid;
+
+ /* No group found from mapping, find it from its name. */
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
+
+ /* No appropriate group found, create one */
+
+ DEBUG(0, ("Creating unix group: '%s'\n",
+ map->nt_name));
+
+ if (smb_create_group(map->nt_name, &gid) != 0) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
+
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
+ }
+ }
+
+ map->gid = grp->gr_gid;
+ map->sid = group_sid;
+ map->sid_name_use = SID_NAME_DOM_GRP;
+
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
+ } else {
+ pdb_update_group_mapping_entry(map);
+ }
+
+ for (i=0; i < num_members; i++) {
+ struct dssync_passdb_mem *mem;
+
+ status = dssync_create_mem(pctx, obj,
+ true /* active */,
+ &members[i], &mem);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ }
+
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(map);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS handle_interdomain_trust_object(struct dssync_passdb *pctx,
+ TALLOC_CTX *mem_ctx,
+ struct dssync_passdb_obj *obj)
+{
+ struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
+ DEBUG(0,("trust: %s\n", cur->object.identifier->dn));
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+struct dssync_object_table_t {
+ uint32_t type;
+ NTSTATUS (*fn) (struct dssync_passdb *pctx,
+ TALLOC_CTX *mem_ctx,
+ struct dssync_passdb_obj *obj);
+};
+
+static const struct dssync_object_table_t dssync_object_table[] = {
+ { ATYPE_NORMAL_ACCOUNT, handle_account_object },
+ { ATYPE_WORKSTATION_TRUST, handle_account_object },
+ { ATYPE_SECURITY_LOCAL_GROUP, handle_alias_object },
+ { ATYPE_SECURITY_GLOBAL_GROUP, handle_group_object },
+ { ATYPE_INTERDOMAIN_TRUST, handle_interdomain_trust_object },
+};
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS parse_object(struct dssync_passdb *pctx,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaObjectListItemEx *cur)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ DATA_BLOB *blob = NULL;
+ uint32_t i = 0;
+ size_t a = 0;
+
+ char *name = NULL;
+ uint32_t sam_type = 0;
+
+ DEBUG(3, ("parsing object '%s'\n", cur->object.identifier->dn));
+
+ for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) {
+ struct drsuapi_DsReplicaAttribute *attr =
+ &cur->object.attribute_ctr.attributes[i];
+
+ if (attr->value_ctr.num_values != 1) {
+ continue;
+ }
+
+ if (!attr->value_ctr.values[0].blob) {
+ continue;
+ }
+
+ blob = attr->value_ctr.values[0].blob;
+
+ switch (attr->attid) {
+ case DRSUAPI_ATTID_sAMAccountName:
+ pull_string_talloc(mem_ctx, NULL, 0, &name,
+ blob->data, blob->length,
+ STR_UNICODE);
+ break;
+ case DRSUAPI_ATTID_sAMAccountType:
+ sam_type = IVAL(blob->data, 0);
+ break;
+ default:
+ break;
+ }
+ }
+
+ for (a=0; a < ARRAY_SIZE(dssync_object_table); a++) {
+ if (sam_type == dssync_object_table[a].type) {
+ if (dssync_object_table[a].fn) {
+ struct dssync_passdb_obj *obj = NULL;
+ status = dssync_create_obj(pctx, pctx->all,
+ sam_type, cur, &obj);
+ if (!NT_STATUS_IS_OK(status)) {
+ break;
+ }
+ status = dssync_object_table[a].fn(pctx,
+ mem_ctx,
+ obj);
+ break;
+ }
+ }
+ }
+
+ return status;
+}
+
+static NTSTATUS parse_link(struct dssync_passdb *pctx,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaLinkedAttribute *cur)
+{
+ struct drsuapi_DsReplicaObjectIdentifier3 *id3;
+ const DATA_BLOB *blob;
+ enum ndr_err_code ndr_err;
+ NTSTATUS status;
+ bool active = false;
+ struct dssync_passdb_mem *mem;
+ struct dssync_passdb_obj *obj;
+
+ if (cur->attid != DRSUAPI_ATTID_member) {
+ return NT_STATUS_OK;
+ }
+
+ if (cur->flags & DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE) {
+ active = true;
+ }
+
+ DEBUG(3, ("parsing link '%s' - %s\n",
+ cur->identifier->dn, active?"adding":"deleting"));
+
+ blob = cur->value.blob;
+
+ if (blob == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ obj = dssync_search_obj_by_guid(pctx, pctx->all, &cur->identifier->guid);
+ if (obj == NULL) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ id3 = talloc_zero(obj, struct drsuapi_DsReplicaObjectIdentifier3);
+ if (id3 == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* windows sometimes sends an extra two pad bytes here */
+ ndr_err = ndr_pull_struct_blob(blob, id3, id3,
+ (ndr_pull_flags_fn_t)ndr_pull_drsuapi_DsReplicaObjectIdentifier3);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ status = ndr_map_error2ntstatus(ndr_err);
+ return status;
+ }
+
+ status = dssync_create_mem(pctx, obj,
+ active,
+ id3, &mem);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS passdb_process_objects(struct dssync_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaObjectListItemEx *cur,
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ struct dssync_passdb *pctx =
+ talloc_get_type_abort(ctx->private_data,
+ struct dssync_passdb);
+
+ for (; cur; cur = cur->next_object) {
+ status = parse_object(pctx, mem_ctx, cur);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ }
+
+ out:
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS passdb_process_links(struct dssync_context *ctx,
+ TALLOC_CTX *mem_ctx,
+ uint32_t count,
+ struct drsuapi_DsReplicaLinkedAttribute *links,
+ struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ struct dssync_passdb *pctx =
+ talloc_get_type_abort(ctx->private_data,
+ struct dssync_passdb);
+ uint32_t i;
+
+ for (i = 0; i < count; i++) {
+ status = parse_link(pctx, mem_ctx, &links[i]);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ }
+
+ out:
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+const struct dssync_ops libnet_dssync_passdb_ops = {
+ .startup = passdb_startup,
+ .process_objects = passdb_process_objects,
+ .process_links = passdb_process_links,
+ .finish = passdb_finish,
+};
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
new file mode 100644
index 0000000..d3194bd
--- /dev/null
+++ b/source3/libnet/libnet_join.c
@@ -0,0 +1,3289 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libnet Join Support
+ * Copyright (C) Gerald (Jerry) Carter 2006
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "ads.h"
+#include "libsmb/namequery.h"
+#include "librpc/gen_ndr/ndr_libnet_join.h"
+#include "libnet/libnet_join.h"
+#include "libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/ndr_samr_c.h"
+#include "rpc_client/init_samr.h"
+#include "../librpc/gen_ndr/ndr_lsa_c.h"
+#include "rpc_client/cli_lsarpc.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "rpc_client/cli_netlogon.h"
+#include "lib/smbconf/smbconf.h"
+#include "lib/smbconf/smbconf_reg.h"
+#include "../libds/common/flags.h"
+#include "secrets.h"
+#include "rpc_client/init_lsa.h"
+#include "rpc_client/cli_pipe.h"
+#include "../libcli/security/security.h"
+#include "passdb.h"
+#include "libsmb/libsmb.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/param/loadparm.h"
+#include "libcli/auth/netlogon_creds_cli.h"
+#include "auth/credentials/credentials.h"
+#include "krb5_env.h"
+#include "libsmb/dsgetdcname.h"
+#include "rpc_client/util_netlogon.h"
+#include "libnet/libnet_join_offline.h"
+
+/****************************************************************
+****************************************************************/
+
+#define LIBNET_JOIN_DUMP_CTX(ctx, r, f) \
+ do { \
+ char *str = NULL; \
+ str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_JoinCtx, f, r); \
+ DEBUG(1,("libnet_Join:\n%s", str)); \
+ TALLOC_FREE(str); \
+ } while (0)
+
+#define LIBNET_JOIN_IN_DUMP_CTX(ctx, r) \
+ LIBNET_JOIN_DUMP_CTX(ctx, r, NDR_IN | NDR_SET_VALUES)
+#define LIBNET_JOIN_OUT_DUMP_CTX(ctx, r) \
+ LIBNET_JOIN_DUMP_CTX(ctx, r, NDR_OUT)
+
+#define LIBNET_UNJOIN_DUMP_CTX(ctx, r, f) \
+ do { \
+ char *str = NULL; \
+ str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_UnjoinCtx, f, r); \
+ DEBUG(1,("libnet_Unjoin:\n%s", str)); \
+ TALLOC_FREE(str); \
+ } while (0)
+
+#define LIBNET_UNJOIN_IN_DUMP_CTX(ctx, r) \
+ LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_IN | NDR_SET_VALUES)
+#define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \
+ LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT)
+
+/****************************************************************
+****************************************************************/
+
+static void libnet_join_set_error_string(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ const char *format, ...)
+ PRINTF_ATTRIBUTE(3,4);
+
+static void libnet_join_set_error_string(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ const char *format, ...)
+{
+ va_list args;
+
+ if (r->out.error_string) {
+ return;
+ }
+
+ va_start(args, format);
+ r->out.error_string = talloc_vasprintf(mem_ctx, format, args);
+ va_end(args);
+}
+
+/****************************************************************
+****************************************************************/
+
+static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r,
+ const char *format, ...)
+ PRINTF_ATTRIBUTE(3,4);
+
+static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r,
+ const char *format, ...)
+{
+ va_list args;
+
+ if (r->out.error_string) {
+ return;
+ }
+
+ va_start(args, format);
+ r->out.error_string = talloc_vasprintf(mem_ctx, format, args);
+ va_end(args);
+}
+
+#ifdef HAVE_ADS
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
+ const char *netbios_domain_name,
+ const char *dc_name,
+ const char *user_name,
+ const char *password,
+ const char *ccname,
+ TALLOC_CTX *mem_ctx,
+ ADS_STRUCT **ads)
+{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ ADS_STATUS status;
+ ADS_STRUCT *my_ads = NULL;
+ char *cp;
+ enum credentials_use_kerberos krb5_state;
+
+ my_ads = ads_init(tmp_ctx,
+ dns_domain_name,
+ netbios_domain_name,
+ dc_name,
+ ADS_SASL_SEAL);
+ if (!my_ads) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto out;
+ }
+
+ /* In FIPS mode, client use kerberos is forced to required. */
+ krb5_state = lp_client_use_kerberos();
+ switch (krb5_state) {
+ case CRED_USE_KERBEROS_REQUIRED:
+ my_ads->auth.flags &= ~ADS_AUTH_DISABLE_KERBEROS;
+ my_ads->auth.flags &= ~ADS_AUTH_ALLOW_NTLMSSP;
+ break;
+ case CRED_USE_KERBEROS_DESIRED:
+ my_ads->auth.flags &= ~ADS_AUTH_DISABLE_KERBEROS;
+ my_ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+ break;
+ case CRED_USE_KERBEROS_DISABLED:
+ my_ads->auth.flags |= ADS_AUTH_DISABLE_KERBEROS;
+ my_ads->auth.flags |= ADS_AUTH_ALLOW_NTLMSSP;
+ break;
+ }
+
+ if (user_name) {
+ ADS_TALLOC_CONST_FREE(my_ads->auth.user_name);
+ my_ads->auth.user_name = talloc_strdup(my_ads, user_name);
+ if (my_ads->auth.user_name == NULL) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ if ((cp = strchr_m(my_ads->auth.user_name, '@'))!=0) {
+ *cp++ = '\0';
+ ADS_TALLOC_CONST_FREE(my_ads->auth.realm);
+ my_ads->auth.realm = talloc_asprintf_strupper_m(my_ads, "%s", cp);
+ if (my_ads->auth.realm == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto out;
+ }
+ }
+ }
+
+ if (password) {
+ ADS_TALLOC_CONST_FREE(my_ads->auth.password);
+ my_ads->auth.password = talloc_strdup(my_ads, password);
+ if (my_ads->auth.password == NULL) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ }
+
+ if (ccname != NULL) {
+ ADS_TALLOC_CONST_FREE(my_ads->auth.ccache_name);
+ my_ads->auth.ccache_name = talloc_strdup(my_ads, ccname);
+ if (my_ads->auth.ccache_name == NULL) {
+ status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ goto out;
+ }
+ setenv(KRB5_ENV_CCNAME, my_ads->auth.ccache_name, 1);
+ }
+
+ status = ads_connect_user_creds(my_ads);
+ if (!ADS_ERR_OK(status)) {
+ goto out;
+ }
+
+ *ads = talloc_move(mem_ctx, &my_ads);
+
+ status = ADS_SUCCESS;
+out:
+ TALLOC_FREE(tmp_ctx);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ bool use_machine_creds)
+{
+ ADS_STATUS status;
+ const char *username;
+ const char *password;
+ const char *ccname = NULL;
+
+ if (use_machine_creds) {
+ if (r->in.machine_name == NULL ||
+ r->in.machine_password == NULL) {
+ return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
+ }
+ username = talloc_asprintf(mem_ctx, "%s$",
+ r->in.machine_name);
+ if (username == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ password = r->in.machine_password;
+ ccname = "MEMORY:libnet_join_machine_creds";
+ } else {
+ char *p = NULL;
+
+ username = r->in.admin_account;
+
+ p = strchr(r->in.admin_account, '@');
+ if (p == NULL) {
+ username = talloc_asprintf(mem_ctx, "%s@%s",
+ r->in.admin_account,
+ r->in.admin_domain);
+ }
+ if (username == NULL) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ password = r->in.admin_password;
+
+ /*
+ * when r->in.use_kerberos is set to allow "net ads join -k" we
+ * may not override the provided credential cache - gd
+ */
+
+ if (!r->in.use_kerberos) {
+ ccname = "MEMORY:libnet_join_user_creds";
+ }
+ }
+
+ status = libnet_connect_ads(r->out.dns_domain_name,
+ r->out.netbios_domain_name,
+ r->in.dc_name,
+ username,
+ password,
+ ccname,
+ r,
+ &r->in.ads);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to connect to AD: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ if (!r->out.netbios_domain_name) {
+ r->out.netbios_domain_name = talloc_strdup(mem_ctx,
+ r->in.ads->server.workgroup);
+ ADS_ERROR_HAVE_NO_MEMORY(r->out.netbios_domain_name);
+ }
+
+ if (!r->out.dns_domain_name) {
+ r->out.dns_domain_name = talloc_strdup(mem_ctx,
+ r->in.ads->config.realm);
+ ADS_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name);
+ }
+
+ r->out.domain_is_ad = true;
+
+ return ADS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_connect_ads_user(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ return libnet_join_connect_ads(mem_ctx, r, false);
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_connect_ads_machine(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ return libnet_join_connect_ads(mem_ctx, r, true);
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ ADS_STATUS status;
+
+ status = libnet_connect_ads(r->in.domain_name,
+ r->in.domain_name,
+ r->in.dc_name,
+ r->in.admin_account,
+ r->in.admin_password,
+ NULL,
+ r,
+ &r->in.ads);
+ if (!ADS_ERR_OK(status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to connect to AD: %s",
+ ads_errstr(status));
+ }
+
+ return status;
+}
+
+/****************************************************************
+ join a domain using ADS (LDAP mods)
+****************************************************************/
+
+static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ const char *attrs[] = { "dn", NULL };
+ bool moved = false;
+
+ status = ads_check_ou_dn(mem_ctx, r->in.ads, &r->in.account_ou);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ status = ads_search_dn(r->in.ads, &res, r->in.account_ou, attrs);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (ads_count_replies(r->in.ads, res) != 1) {
+ ads_msgfree(r->in.ads, res);
+ return ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT);
+ }
+
+ ads_msgfree(r->in.ads, res);
+
+ /* Attempt to create the machine account and bail if this fails.
+ Assume that the admin wants exactly what they requested */
+
+ if (r->in.machine_password == NULL) {
+ r->in.machine_password =
+ trust_pw_new_value(mem_ctx,
+ r->in.secure_channel_type,
+ SEC_ADS);
+ if (r->in.machine_password == NULL) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+ }
+
+ status = ads_create_machine_acct(r->in.ads,
+ r->in.machine_name,
+ r->in.machine_password,
+ r->in.account_ou,
+ r->in.desired_encryption_types,
+ r->out.dns_domain_name);
+
+ if (ADS_ERR_OK(status)) {
+ DBG_WARNING("Machine account successfully created\n");
+ return status;
+ } else if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
+ (status.err.rc == LDAP_ALREADY_EXISTS)) {
+ status = ADS_SUCCESS;
+ }
+
+ if (!ADS_ERR_OK(status)) {
+ DBG_WARNING("Failed to create machine account\n");
+ return status;
+ }
+
+ status = ads_move_machine_acct(r->in.ads,
+ r->in.machine_name,
+ r->in.account_ou,
+ &moved);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(1,("failure to locate/move pre-existing "
+ "machine account\n"));
+ return status;
+ }
+
+ DEBUG(1,("The machine account %s the specified OU.\n",
+ moved ? "was moved into" : "already exists in"));
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ ADS_STATUS status;
+
+ if (!r->in.ads) {
+ status = libnet_unjoin_connect_ads(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to connect to AD: %s",
+ ads_errstr(status));
+ return status;
+ }
+ }
+
+ status = ads_leave_realm(r->in.ads, r->in.machine_name);
+ if (!ADS_ERR_OK(status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to leave realm: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ return ADS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ ADS_STATUS status;
+ LDAPMessage *res = NULL;
+ char *dn = NULL;
+ struct dom_sid sid;
+
+ if (!r->in.machine_name) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_find_machine_acct(r->in.ads,
+ &res,
+ r->in.machine_name);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (ads_count_replies(r->in.ads, res) != 1) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ dn = ads_get_dn(r->in.ads, mem_ctx, res);
+ if (!dn) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ r->out.dn = talloc_strdup(mem_ctx, dn);
+ if (!r->out.dn) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ if (!ads_pull_uint32(r->in.ads, res, "msDS-SupportedEncryptionTypes",
+ &r->out.set_encryption_types)) {
+ r->out.set_encryption_types = 0;
+ }
+
+ if (!ads_pull_sid(r->in.ads, res, "objectSid", &sid)) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ dom_sid_split_rid(mem_ctx, &sid, NULL, &r->out.account_rid);
+ done:
+ ads_msgfree(r->in.ads, res);
+ TALLOC_FREE(dn);
+
+ return status;
+}
+
+static ADS_STATUS libnet_join_get_machine_spns(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ char ***spn_array,
+ size_t *num_spns)
+{
+ ADS_STATUS status;
+
+ if (r->in.machine_name == NULL) {
+ return ADS_ERROR_SYSTEM(EINVAL);
+ }
+
+ status = ads_get_service_principal_names(mem_ctx,
+ r->in.ads,
+ r->in.machine_name,
+ spn_array,
+ num_spns);
+
+ return status;
+}
+
+static ADS_STATUS add_uniq_spn(TALLOC_CTX *mem_ctx, const char *spn,
+ const char ***array, size_t *num)
+{
+ bool ok = ads_element_in_array(*array, *num, spn);
+ if (!ok) {
+ ok = add_string_to_array(mem_ctx, spn, array, num);
+ if (!ok) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+ }
+ return ADS_SUCCESS;
+}
+
+/****************************************************************
+ Set a machines dNSHostName and servicePrincipalName attributes
+****************************************************************/
+
+static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ ADS_STATUS status;
+ ADS_MODLIST mods;
+ fstring my_fqdn;
+ fstring my_alias;
+ const char **spn_array = NULL;
+ size_t num_spns = 0;
+ char *spn = NULL;
+ const char **netbios_aliases = NULL;
+ const char **addl_hostnames = NULL;
+
+ /* Find our DN */
+
+ status = libnet_join_find_machine_acct(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ status = libnet_join_get_machine_spns(frame,
+ r,
+ discard_const_p(char **, &spn_array),
+ &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(5, ("Retrieving the servicePrincipalNames failed.\n"));
+ }
+
+ /* Windows only creates HOST/shortname & HOST/fqdn. */
+
+ spn = talloc_asprintf(frame, "HOST/%s", r->in.machine_name);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+ if (!strupper_m(spn)) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ if (r->in.dnshostname != NULL) {
+ fstr_sprintf(my_fqdn, "%s", r->in.dnshostname);
+ } else {
+ fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name,
+ lp_dnsdomain());
+ }
+
+ if (!strlower_m(my_fqdn)) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ spn = talloc_asprintf(frame, "HOST/%s", my_fqdn);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ for (netbios_aliases = lp_netbios_aliases();
+ netbios_aliases != NULL && *netbios_aliases != NULL;
+ netbios_aliases++) {
+ /*
+ * Add HOST/NETBIOSNAME
+ */
+ spn = talloc_asprintf(frame, "HOST/%s", *netbios_aliases);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+ if (!strupper_m(spn)) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ /*
+ * Add HOST/netbiosname.domainname
+ */
+ fstr_sprintf(my_alias, "%s.%s",
+ *netbios_aliases,
+ lp_dnsdomain());
+
+ spn = talloc_asprintf(frame, "HOST/%s", my_alias);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
+
+ for (addl_hostnames = lp_additional_dns_hostnames();
+ addl_hostnames != NULL && *addl_hostnames != NULL;
+ addl_hostnames++) {
+
+ spn = talloc_asprintf(frame, "HOST/%s", *addl_hostnames);
+ if (spn == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ status = add_uniq_spn(frame, spn, &spn_array, &num_spns);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
+
+ /* make sure to NULL terminate the array */
+ spn_array = talloc_realloc(frame, spn_array, const char *, num_spns + 1);
+ if (spn_array == NULL) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+ spn_array[num_spns] = NULL;
+
+ mods = ads_init_mods(mem_ctx);
+ if (!mods) {
+ status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ goto done;
+ }
+
+ /* fields of primary importance */
+
+ status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ status = ads_mod_strlist(mem_ctx, &mods, "servicePrincipalName",
+ spn_array);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+
+ addl_hostnames = lp_additional_dns_hostnames();
+ if (addl_hostnames != NULL && *addl_hostnames != NULL) {
+ status = ads_mod_strlist(mem_ctx, &mods,
+ "msDS-AdditionalDnsHostName",
+ addl_hostnames);
+ if (!ADS_ERR_OK(status)) {
+ goto done;
+ }
+ }
+
+ status = ads_gen_mod(r->in.ads, r->out.dn, mods);
+
+done:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ ADS_STATUS status;
+ ADS_MODLIST mods;
+
+ if (!r->in.create_upn) {
+ return ADS_SUCCESS;
+ }
+
+ /* Find our DN */
+
+ status = libnet_join_find_machine_acct(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (!r->in.upn) {
+ const char *realm = r->out.dns_domain_name;
+
+ /* in case we are about to generate a keytab during the join
+ * make sure the default upn we create is usable with kinit -k.
+ * gd */
+
+ if (USE_KERBEROS_KEYTAB) {
+ realm = talloc_strdup_upper(mem_ctx,
+ r->out.dns_domain_name);
+ }
+
+ if (!realm) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ r->in.upn = talloc_asprintf(mem_ctx,
+ "host/%s@%s",
+ r->in.machine_name,
+ realm);
+ if (!r->in.upn) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+ }
+
+ /* now do the mods */
+
+ mods = ads_init_mods(mem_ctx);
+ if (!mods) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+
+ /* fields of primary importance */
+
+ status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", r->in.upn);
+ if (!ADS_ERR_OK(status)) {
+ return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
+ }
+
+ return ads_gen_mod(r->in.ads, r->out.dn, mods);
+}
+
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ ADS_STATUS status;
+ ADS_MODLIST mods;
+ char *os_sp = NULL;
+
+ if (!r->in.os_name || !r->in.os_version ) {
+ return ADS_SUCCESS;
+ }
+
+ /* Find our DN */
+
+ status = libnet_join_find_machine_acct(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ /* now do the mods */
+
+ mods = ads_init_mods(mem_ctx);
+ if (!mods) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if (r->in.os_servicepack) {
+ /*
+ * if blank string then leave os_sp equal to NULL to force
+ * attribute delete (LDAP_MOD_DELETE)
+ */
+ if (!strequal(r->in.os_servicepack,"")) {
+ os_sp = talloc_strdup(mem_ctx, r->in.os_servicepack);
+ }
+ } else {
+ os_sp = talloc_asprintf(mem_ctx, "Samba %s",
+ samba_version_string());
+ }
+ if (!os_sp && !strequal(r->in.os_servicepack,"")) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* fields of primary importance */
+
+ status = ads_mod_str(mem_ctx, &mods, "operatingSystem",
+ r->in.os_name);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion",
+ r->in.os_version);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ status = ads_mod_str(mem_ctx, &mods, "operatingSystemServicePack",
+ os_sp);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ return ads_gen_mod(r->in.ads, r->out.dn, mods);
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_set_etypes(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ ADS_STATUS status;
+ ADS_MODLIST mods;
+ const char *etype_list_str;
+
+ etype_list_str = talloc_asprintf(mem_ctx, "%d",
+ r->in.desired_encryption_types);
+ if (!etype_list_str) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* Find our DN */
+
+ status = libnet_join_find_machine_acct(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (r->in.desired_encryption_types == r->out.set_encryption_types) {
+ return ADS_SUCCESS;
+ }
+
+ /* now do the mods */
+
+ mods = ads_init_mods(mem_ctx);
+ if (!mods) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ status = ads_mod_str(mem_ctx, &mods, "msDS-SupportedEncryptionTypes",
+ etype_list_str);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ status = ads_gen_mod(r->in.ads, r->out.dn, mods);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ r->out.set_encryption_types = r->in.desired_encryption_types;
+
+ return ADS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ if (!USE_SYSTEM_KEYTAB) {
+ return true;
+ }
+
+ if (ads_keytab_create_default(r->in.ads) != 0) {
+ return false;
+ }
+
+ return true;
+}
+
+/****************************************************************
+****************************************************************/
+
+static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ uint32_t domain_func;
+ ADS_STATUS status;
+ const char *salt = NULL;
+ char *std_salt = NULL;
+
+ status = ads_domain_func_level(r->in.ads, &domain_func);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to determine domain functional level: %s",
+ ads_errstr(status));
+ return false;
+ }
+
+ /* go ahead and setup the default salt */
+
+ std_salt = kerberos_standard_des_salt();
+ if (!std_salt) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to obtain standard DES salt");
+ return false;
+ }
+
+ salt = talloc_strdup(mem_ctx, std_salt);
+ if (!salt) {
+ return false;
+ }
+
+ SAFE_FREE(std_salt);
+
+ /* if it's a Windows functional domain, we have to look for the UPN */
+
+ if (domain_func == DS_DOMAIN_FUNCTION_2000) {
+ char *upn;
+
+ upn = ads_get_upn(r->in.ads, mem_ctx,
+ r->in.machine_name);
+ if (upn) {
+ salt = talloc_strdup(mem_ctx, upn);
+ if (!salt) {
+ return false;
+ }
+ }
+ }
+
+ r->out.krb5_salt = salt;
+ return true;
+}
+
+/****************************************************************
+****************************************************************/
+
+static ADS_STATUS libnet_join_post_processing_ads_modify(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ ADS_STATUS status;
+ bool need_etype_update = false;
+
+ if (r->in.request_offline_join) {
+ /*
+ * When in the "request offline join" path we can no longer
+ * modify the AD account as we are operating w/o network - gd
+ */
+ return ADS_SUCCESS;
+ }
+
+ if (!r->in.ads) {
+ status = libnet_join_connect_ads_user(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+ }
+
+ status = libnet_join_set_machine_spn(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to set machine spn: %s\n"
+ "Do you have sufficient permissions to create machine "
+ "accounts?",
+ ads_errstr(status));
+ return status;
+ }
+
+ status = libnet_join_set_os_attributes(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to set machine os attributes: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ status = libnet_join_set_machine_upn(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to set machine upn: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ status = libnet_join_find_machine_acct(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
+ if (r->in.desired_encryption_types != r->out.set_encryption_types) {
+ uint32_t func_level = 0;
+
+ status = ads_domain_func_level(r->in.ads, &func_level);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to query domain controller functional level: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ if (func_level >= DS_DOMAIN_FUNCTION_2008) {
+ need_etype_update = true;
+ }
+ }
+
+ if (need_etype_update) {
+ /*
+ * We need to reconnect as machine account in order
+ * to update msDS-SupportedEncryptionTypes reliable
+ */
+
+ if (r->in.ads->auth.ccache_name != NULL) {
+ ads_kdestroy(r->in.ads->auth.ccache_name);
+ ADS_TALLOC_CONST_FREE(r->in.ads->auth.ccache_name);
+ }
+
+ TALLOC_FREE(r->in.ads);
+
+ status = libnet_join_connect_ads_machine(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to connect as machine account: %s",
+ ads_errstr(status));
+ return status;
+ }
+
+ status = libnet_join_set_etypes(mem_ctx, r);
+ if (!ADS_ERR_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to set machine kerberos encryption types: %s",
+ ads_errstr(status));
+ return status;
+ }
+ }
+
+ if (!libnet_join_derive_salting_principal(mem_ctx, r)) {
+ return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+ }
+
+ return ADS_SUCCESS;
+}
+
+static ADS_STATUS libnet_join_post_processing_ads_sync(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ if (!libnet_join_create_keytab(mem_ctx, r)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to create kerberos keytab");
+ return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
+ }
+
+ return ADS_SUCCESS;
+}
+#endif /* HAVE_ADS */
+
+/****************************************************************
+ Store the machine password and domain SID
+****************************************************************/
+
+static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ NTSTATUS status;
+
+ status = secrets_store_JoinCtx(r);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("secrets_store_JoinCtx() failed %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ return true;
+}
+
+/****************************************************************
+ Connect dc's IPC$ share
+****************************************************************/
+
+static NTSTATUS libnet_join_connect_dc_ipc(const char *dc,
+ const char *user,
+ const char *domain,
+ const char *pass,
+ bool use_kerberos,
+ struct cli_state **cli)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ bool fallback_after_kerberos = false;
+ bool use_ccache = false;
+ bool pw_nt_hash = false;
+ struct cli_credentials *creds = NULL;
+ int flags = CLI_FULL_CONNECTION_IPC;
+ NTSTATUS status;
+
+ if (use_kerberos && pass) {
+ fallback_after_kerberos = true;
+ }
+
+ creds = cli_session_creds_init(frame,
+ user,
+ domain,
+ NULL, /* realm (use default) */
+ pass,
+ use_kerberos,
+ fallback_after_kerberos,
+ use_ccache,
+ pw_nt_hash);
+ if (creds == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = cli_full_connection_creds(cli,
+ NULL,
+ dc,
+ NULL, 0,
+ "IPC$", "IPC",
+ creds,
+ flags);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+ Lookup domain dc's info
+****************************************************************/
+
+static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ struct cli_state **cli)
+{
+ struct rpc_pipe_client *pipe_hnd = NULL;
+ struct policy_handle lsa_pol;
+ NTSTATUS status, result;
+ union lsa_PolicyInformation *info = NULL;
+ struct dcerpc_binding_handle *b;
+ const char *account = r->in.admin_account;
+ const char *domain = r->in.admin_domain;
+ const char *password = r->in.admin_password;
+ bool use_kerberos = r->in.use_kerberos;
+
+ if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE) {
+ account = "";
+ domain = "";
+ password = NULL;
+ use_kerberos = false;
+ }
+
+ status = libnet_join_connect_dc_ipc(r->in.dc_name,
+ account,
+ domain,
+ password,
+ use_kerberos,
+ cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc,
+ &pipe_hnd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("Error connecting to LSA pipe. Error was %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ b = pipe_hnd->binding_handle;
+
+ status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
+ SEC_FLAG_MAXIMUM_ALLOWED, &lsa_pol);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = dcerpc_lsa_QueryInfoPolicy2(b, mem_ctx,
+ &lsa_pol,
+ LSA_POLICY_INFO_DNS,
+ &info,
+ &result);
+ if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
+ r->out.domain_is_ad = true;
+ r->out.netbios_domain_name = info->dns.name.string;
+ r->out.dns_domain_name = info->dns.dns_domain.string;
+ r->out.forest_name = info->dns.dns_forest.string;
+ r->out.domain_guid = info->dns.domain_guid;
+ r->out.domain_sid = dom_sid_dup(mem_ctx, info->dns.sid);
+ NT_STATUS_HAVE_NO_MEMORY(r->out.domain_sid);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ status = dcerpc_lsa_QueryInfoPolicy(b, mem_ctx,
+ &lsa_pol,
+ LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ r->out.netbios_domain_name = info->account_domain.name.string;
+ r->out.domain_sid = dom_sid_dup(mem_ctx, info->account_domain.sid);
+ NT_STATUS_HAVE_NO_MEMORY(r->out.domain_sid);
+ }
+
+ dcerpc_lsa_Close(b, mem_ctx, &lsa_pol, &result);
+ TALLOC_FREE(pipe_hnd);
+
+ done:
+ return status;
+}
+
+/****************************************************************
+ Do the domain join unsecure
+****************************************************************/
+
+static NTSTATUS libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ struct cli_state *cli)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct rpc_pipe_client *authenticate_pipe = NULL;
+ struct rpc_pipe_client *passwordset_pipe = NULL;
+ struct cli_credentials *cli_creds;
+ struct netlogon_creds_cli_context *netlogon_creds = NULL;
+ struct netlogon_creds_CredentialState *creds = NULL;
+ uint32_t netlogon_flags = 0;
+ size_t len = 0;
+ bool ok;
+ DATA_BLOB new_trust_blob = data_blob_null;
+ NTSTATUS status;
+
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_netlogon,
+ &authenticate_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ if (!r->in.machine_password) {
+ int security = r->in.ads ? SEC_ADS : SEC_DOMAIN;
+
+ r->in.machine_password = trust_pw_new_value(mem_ctx,
+ r->in.secure_channel_type,
+ security);
+ if (r->in.machine_password == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ cli_creds = cli_credentials_init(talloc_tos());
+ if (cli_creds == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ cli_credentials_set_username(cli_creds, r->out.account_name,
+ CRED_SPECIFIED);
+ cli_credentials_set_domain(cli_creds, r->in.domain_name,
+ CRED_SPECIFIED);
+ cli_credentials_set_realm(cli_creds, "", CRED_SPECIFIED);
+ cli_credentials_set_secure_channel_type(cli_creds,
+ r->in.secure_channel_type);
+
+ /* according to WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED */
+ cli_credentials_set_password(cli_creds, r->in.admin_password,
+ CRED_SPECIFIED);
+
+ status = rpccli_create_netlogon_creds_ctx(
+ cli_creds, authenticate_pipe->desthost, r->in.msg_ctx,
+ frame, &netlogon_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ status = rpccli_setup_netlogon_creds(
+ cli, NCACN_NP, netlogon_creds, true /* force_reauth */,
+ cli_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ status = netlogon_creds_cli_get(netlogon_creds, frame, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ netlogon_flags = creds->negotiate_flags;
+ TALLOC_FREE(creds);
+
+ if (netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC) {
+ const char *remote_name = smbXcli_conn_remote_name(cli->conn);
+ const struct sockaddr_storage *remote_sockaddr =
+ smbXcli_conn_remote_sockaddr(cli->conn);
+
+ status = cli_rpc_pipe_open_schannel_with_creds(
+ cli,
+ &ndr_table_netlogon,
+ NCACN_NP,
+ netlogon_creds,
+ remote_name,
+ remote_sockaddr,
+ &passwordset_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+ } else {
+ passwordset_pipe = authenticate_pipe;
+ }
+
+ len = strlen(r->in.machine_password);
+ ok = convert_string_talloc(frame, CH_UNIX, CH_UTF16,
+ r->in.machine_password, len,
+ &new_trust_blob.data,
+ &new_trust_blob.length);
+ if (!ok) {
+ status = NT_STATUS_UNMAPPABLE_CHARACTER;
+ if (errno == ENOMEM) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ status = netlogon_creds_cli_ServerPasswordSet(netlogon_creds,
+ passwordset_pipe->binding_handle,
+ &new_trust_blob,
+ NULL); /* new_version */
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+ Do the domain join
+****************************************************************/
+
+static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r,
+ struct cli_state *cli)
+{
+ struct rpc_pipe_client *pipe_hnd = NULL;
+ struct policy_handle sam_pol, domain_pol, user_pol;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL, result;
+ char *acct_name;
+ struct lsa_String lsa_acct_name;
+ uint32_t acct_flags = ACB_WSTRUST;
+ struct samr_Ids user_rids;
+ struct samr_Ids name_types;
+ union samr_UserInfo user_info;
+ struct dcerpc_binding_handle *b = NULL;
+ unsigned int old_timeout = 0;
+
+ DATA_BLOB session_key = data_blob_null;
+ struct samr_CryptPassword crypt_pwd;
+ struct samr_CryptPasswordEx crypt_pwd_ex;
+
+ ZERO_STRUCT(sam_pol);
+ ZERO_STRUCT(domain_pol);
+ ZERO_STRUCT(user_pol);
+
+ switch (r->in.secure_channel_type) {
+ case SEC_CHAN_WKSTA:
+ acct_flags = ACB_WSTRUST;
+ break;
+ case SEC_CHAN_BDC:
+ acct_flags = ACB_SVRTRUST;
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!r->in.machine_password) {
+ int security = r->in.ads ? SEC_ADS : SEC_DOMAIN;
+
+ r->in.machine_password = trust_pw_new_value(mem_ctx,
+ r->in.secure_channel_type,
+ security);
+ NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password);
+ }
+
+ /* Open the domain */
+
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
+ &pipe_hnd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("Error connecting to SAM pipe. Error was %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ b = pipe_hnd->binding_handle;
+
+ status = cli_get_session_key(mem_ctx, pipe_hnd, &session_key);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("Error getting session_key of SAM pipe. Error was %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ status = dcerpc_samr_Connect2(b, mem_ctx,
+ pipe_hnd->desthost,
+ SAMR_ACCESS_ENUM_DOMAINS
+ | SAMR_ACCESS_LOOKUP_DOMAIN,
+ &sam_pol,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ &sam_pol,
+ SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+ | SAMR_DOMAIN_ACCESS_CREATE_USER
+ | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+ r->out.domain_sid,
+ &domain_pol,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ /* Create domain user */
+
+ acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name);
+ if (!strlower_m(acct_name)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
+ init_lsa_String(&lsa_acct_name, acct_name);
+
+ if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
+ uint32_t access_desired =
+ SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+ SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+ SAMR_USER_ACCESS_SET_PASSWORD |
+ SAMR_USER_ACCESS_GET_ATTRIBUTES |
+ SAMR_USER_ACCESS_SET_ATTRIBUTES;
+ uint32_t access_granted = 0;
+
+ DEBUG(10,("Creating account with desired access mask: %d\n",
+ access_desired));
+
+ status = dcerpc_samr_CreateUser2(b, mem_ctx,
+ &domain_pol,
+ &lsa_acct_name,
+ acct_flags,
+ access_desired,
+ &user_pol,
+ &access_granted,
+ &r->out.account_rid,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ status = result;
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+
+ DEBUG(10,("Creation of workstation account failed: %s\n",
+ nt_errstr(status)));
+
+ /* If NT_STATUS_ACCESS_DENIED then we have a valid
+ username/password combo but the user does not have
+ administrator access. */
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "User specified does not have "
+ "administrator privileges");
+ }
+
+ goto done;
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+ if (!(r->in.join_flags &
+ WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) {
+ goto done;
+ }
+ }
+
+ /* We *must* do this.... don't ask... */
+
+ if (NT_STATUS_IS_OK(status)) {
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
+ }
+ }
+
+ status = dcerpc_samr_LookupNames(b, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+
+ if (name_types.ids[0] != SID_NAME_USER) {
+ DEBUG(0,("%s is not a user account (type=%d)\n",
+ acct_name, name_types.ids[0]));
+ status = NT_STATUS_INVALID_WORKSTATION;
+ goto done;
+ }
+
+ r->out.account_rid = user_rids.ids[0];
+
+ /* Open handle on user */
+
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ &domain_pol,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ r->out.account_rid,
+ &user_pol,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ /* Fill in the additional account flags now */
+
+ acct_flags |= ACB_PWNOEXP;
+
+ /* Set account flags on machine account */
+ ZERO_STRUCT(user_info.info16);
+ user_info.info16.acct_flags = acct_flags;
+
+ status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ &user_pol,
+ UserControlInformation,
+ &user_info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ dcerpc_samr_DeleteUser(b, mem_ctx,
+ &user_pol,
+ &result);
+
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to set account flags for machine account (%s)\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+
+ dcerpc_samr_DeleteUser(b, mem_ctx,
+ &user_pol,
+ &result);
+
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to set account flags for machine account (%s)\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ /* Set password on machine account - first try level 26 */
+
+ /*
+ * increase the timeout as password filter modules on the DC
+ * might delay the operation for a significant amount of time
+ */
+ old_timeout = rpccli_set_timeout(pipe_hnd, 600000);
+
+ status = init_samr_CryptPasswordEx(r->in.machine_password,
+ &session_key,
+ &crypt_pwd_ex);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto error;
+ }
+
+ user_info.info26.password = crypt_pwd_ex;
+ user_info.info26.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
+
+ status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ &user_pol,
+ UserInternal5InformationNew,
+ &user_info,
+ &result);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE)) {
+
+ /* retry with level 24 */
+
+ status = init_samr_CryptPassword(r->in.machine_password,
+ &session_key,
+ &crypt_pwd);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto error;
+ }
+
+ user_info.info24.password = crypt_pwd;
+ user_info.info24.password_expired = PASS_DONT_CHANGE_AT_NEXT_LOGON;
+
+ status = dcerpc_samr_SetUserInfo2(b, mem_ctx,
+ &user_pol,
+ UserInternal5Information,
+ &user_info,
+ &result);
+ }
+
+error:
+ old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout);
+
+ if (!NT_STATUS_IS_OK(status)) {
+
+ dcerpc_samr_DeleteUser(b, mem_ctx,
+ &user_pol,
+ &result);
+
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to set password for machine account (%s)\n",
+ nt_errstr(status));
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+
+ dcerpc_samr_DeleteUser(b, mem_ctx,
+ &user_pol,
+ &result);
+
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to set password for machine account (%s)\n",
+ nt_errstr(status));
+ goto done;
+ }
+
+ status = NT_STATUS_OK;
+
+ done:
+ if (!pipe_hnd) {
+ return status;
+ }
+
+ data_blob_clear_free(&session_key);
+
+ if (is_valid_policy_hnd(&sam_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &sam_pol, &result);
+ }
+ if (is_valid_policy_hnd(&domain_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
+ }
+ if (is_valid_policy_hnd(&user_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
+ }
+ TALLOC_FREE(pipe_hnd);
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
+ const char *netbios_domain_name,
+ const char *dc_name,
+ const bool use_kerberos)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct cli_state *cli = NULL;
+ struct rpc_pipe_client *netlogon_pipe = NULL;
+ struct cli_credentials *cli_creds = NULL;
+ struct netlogon_creds_cli_context *netlogon_creds = NULL;
+ struct netlogon_creds_CredentialState *creds = NULL;
+ uint32_t netlogon_flags = 0;
+ NTSTATUS status;
+ int flags = CLI_FULL_CONNECTION_IPC;
+ const char *remote_name = NULL;
+ const struct sockaddr_storage *remote_sockaddr = NULL;
+
+ if (!dc_name) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!secrets_init()) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ }
+
+ status = pdb_get_trust_credentials(netbios_domain_name, NULL,
+ frame, &cli_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ /* we don't want any old password */
+ cli_credentials_set_old_password(cli_creds, NULL, CRED_SPECIFIED);
+
+ if (use_kerberos) {
+ cli_credentials_set_kerberos_state(cli_creds,
+ CRED_USE_KERBEROS_REQUIRED,
+ CRED_SPECIFIED);
+ }
+
+ status = cli_full_connection_creds(&cli, NULL,
+ dc_name,
+ NULL, 0,
+ "IPC$", "IPC",
+ cli_creds,
+ flags);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ struct cli_credentials *anon_creds = NULL;
+
+ anon_creds = cli_credentials_init_anon(frame);
+ if (anon_creds == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = cli_full_connection_creds(&cli,
+ NULL,
+ dc_name,
+ NULL, 0,
+ "IPC$", "IPC",
+ anon_creds,
+ flags);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ status = rpccli_create_netlogon_creds_ctx(cli_creds,
+ dc_name,
+ msg_ctx,
+ frame,
+ &netlogon_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_shutdown(cli);
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ status = rpccli_setup_netlogon_creds(cli, NCACN_NP,
+ netlogon_creds,
+ true, /* force_reauth */
+ cli_creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("connect_to_domain_password_server: "
+ "unable to open the domain client session to "
+ "machine %s. Flags[0x%08X] Error was : %s.\n",
+ dc_name, (unsigned)netlogon_flags,
+ nt_errstr(status)));
+ cli_shutdown(cli);
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ status = netlogon_creds_cli_get(netlogon_creds,
+ talloc_tos(),
+ &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_shutdown(cli);
+ TALLOC_FREE(frame);
+ return status;
+ }
+ netlogon_flags = creds->negotiate_flags;
+ TALLOC_FREE(creds);
+
+ if (!(netlogon_flags & NETLOGON_NEG_AUTHENTICATED_RPC)) {
+ cli_shutdown(cli);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ remote_name = smbXcli_conn_remote_name(cli->conn);
+ remote_sockaddr = smbXcli_conn_remote_sockaddr(cli->conn);
+
+ status = cli_rpc_pipe_open_schannel_with_creds(
+ cli, &ndr_table_netlogon, NCACN_NP,
+ netlogon_creds,
+ remote_name,
+ remote_sockaddr,
+ &netlogon_pipe);
+
+ TALLOC_FREE(netlogon_pipe);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("libnet_join_ok: failed to open schannel session "
+ "on netlogon pipe to server %s for domain %s. "
+ "Error was %s\n",
+ remote_name,
+ netbios_domain_name, nt_errstr(status)));
+ cli_shutdown(cli);
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ cli_shutdown(cli);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ NTSTATUS status;
+
+ status = libnet_join_ok(r->in.msg_ctx,
+ r->out.netbios_domain_name,
+ r->in.dc_name,
+ r->in.use_kerberos);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to verify domain membership after joining: %s",
+ get_friendly_nt_error_msg(status));
+ return WERR_NERR_SETUPNOTJOINED;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ /*
+ * TODO: use values from 'struct libnet_UnjoinCtx' ?
+ */
+ return secrets_delete_machine_password_ex(lp_workgroup(), lp_realm());
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ struct cli_state *cli = NULL;
+ struct rpc_pipe_client *pipe_hnd = NULL;
+ struct policy_handle sam_pol, domain_pol, user_pol;
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL, result;
+ char *acct_name;
+ uint32_t user_rid;
+ struct lsa_String lsa_acct_name;
+ struct samr_Ids user_rids;
+ struct samr_Ids name_types;
+ union samr_UserInfo *info = NULL;
+ struct dcerpc_binding_handle *b = NULL;
+
+ ZERO_STRUCT(sam_pol);
+ ZERO_STRUCT(domain_pol);
+ ZERO_STRUCT(user_pol);
+
+ status = libnet_join_connect_dc_ipc(r->in.dc_name,
+ r->in.admin_account,
+ r->in.admin_domain,
+ r->in.admin_password,
+ r->in.use_kerberos,
+ &cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ /* Open the domain */
+
+ status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
+ &pipe_hnd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("Error connecting to SAM pipe. Error was %s\n",
+ nt_errstr(status)));
+ goto done;
+ }
+
+ b = pipe_hnd->binding_handle;
+
+ status = dcerpc_samr_Connect2(b, mem_ctx,
+ pipe_hnd->desthost,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ &sam_pol,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ status = dcerpc_samr_OpenDomain(b, mem_ctx,
+ &sam_pol,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ r->in.domain_sid,
+ &domain_pol,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ /* Create domain user */
+
+ acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name);
+ if (!strlower_m(acct_name)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+
+ init_lsa_String(&lsa_acct_name, acct_name);
+
+ status = dcerpc_samr_LookupNames(b, mem_ctx,
+ &domain_pol,
+ 1,
+ &lsa_acct_name,
+ &user_rids,
+ &name_types,
+ &result);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+ if (user_rids.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+ if (name_types.count != 1) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto done;
+ }
+
+ if (name_types.ids[0] != SID_NAME_USER) {
+ DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name,
+ name_types.ids[0]));
+ status = NT_STATUS_INVALID_WORKSTATION;
+ goto done;
+ }
+
+ user_rid = user_rids.ids[0];
+
+ /* Open handle on user */
+
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ &domain_pol,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ user_rid,
+ &user_pol,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ goto done;
+ }
+
+ /* Get user info */
+
+ status = dcerpc_samr_QueryUserInfo(b, mem_ctx,
+ &user_pol,
+ 16,
+ &info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
+ goto done;
+ }
+
+ /* now disable and setuser info */
+
+ info->info16.acct_flags |= ACB_DISABLED;
+
+ status = dcerpc_samr_SetUserInfo(b, mem_ctx,
+ &user_pol,
+ 16,
+ info,
+ &result);
+ if (!NT_STATUS_IS_OK(status)) {
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
+ goto done;
+ }
+ if (!NT_STATUS_IS_OK(result)) {
+ status = result;
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
+ goto done;
+ }
+ status = result;
+ dcerpc_samr_Close(b, mem_ctx, &user_pol, &result);
+
+done:
+ if (pipe_hnd && b) {
+ if (is_valid_policy_hnd(&domain_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &domain_pol, &result);
+ }
+ if (is_valid_policy_hnd(&sam_pol)) {
+ dcerpc_samr_Close(b, mem_ctx, &sam_pol, &result);
+ }
+ TALLOC_FREE(pipe_hnd);
+ }
+
+ if (cli) {
+ cli_shutdown(cli);
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r)
+{
+ WERROR werr = WERR_OK;
+ sbcErr err;
+ struct smbconf_ctx *ctx;
+
+ err = smbconf_init_reg(r, &ctx, NULL);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ err = smbconf_set_global_parameter(ctx, "netbios name",
+ r->in.machine_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) {
+
+ err = smbconf_set_global_parameter(ctx, "security", "user");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ err = smbconf_set_global_parameter(ctx, "workgroup",
+ r->in.domain_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ smbconf_delete_global_parameter(ctx, "realm");
+ goto done;
+ }
+
+ err = smbconf_set_global_parameter(ctx, "security", "domain");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ err = smbconf_set_global_parameter(ctx, "workgroup",
+ r->out.netbios_domain_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ if (r->out.domain_is_ad) {
+ err = smbconf_set_global_parameter(ctx, "security", "ads");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ err = smbconf_set_global_parameter(ctx, "realm",
+ r->out.dns_domain_name);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+ }
+
+ done:
+ smbconf_shutdown(ctx);
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r)
+{
+ WERROR werr = WERR_OK;
+ sbcErr err;
+ struct smbconf_ctx *ctx;
+
+ err = smbconf_init_reg(r, &ctx, NULL);
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
+
+ err = smbconf_set_global_parameter(ctx, "security", "user");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ err = smbconf_delete_global_parameter(ctx, "workgroup");
+ if (!SBC_ERROR_IS_OK(err)) {
+ werr = WERR_SERVICE_DOES_NOT_EXIST;
+ goto done;
+ }
+
+ smbconf_delete_global_parameter(ctx, "realm");
+ }
+
+ done:
+ smbconf_shutdown(ctx);
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR do_JoinConfig(struct libnet_JoinCtx *r)
+{
+ WERROR werr;
+
+ if (!W_ERROR_IS_OK(r->out.result)) {
+ return r->out.result;
+ }
+
+ if (!r->in.modify_config) {
+ return WERR_OK;
+ }
+
+ werr = do_join_modify_vals_config(r);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ lp_load_global(get_dyn_CONFIGFILE());
+
+ r->out.modified_config = true;
+ r->out.result = werr;
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_unjoin_config(struct libnet_UnjoinCtx *r)
+{
+ WERROR werr;
+
+ if (!W_ERROR_IS_OK(r->out.result)) {
+ return r->out.result;
+ }
+
+ if (!r->in.modify_config) {
+ return WERR_OK;
+ }
+
+ werr = do_unjoin_modify_vals_config(r);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ lp_load_global(get_dyn_CONFIGFILE());
+
+ r->out.modified_config = true;
+ r->out.result = werr;
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static bool libnet_parse_domain_dc(TALLOC_CTX *mem_ctx,
+ const char *domain_str,
+ const char **domain_p,
+ const char **dc_p)
+{
+ char *domain = NULL;
+ char *dc = NULL;
+ const char *p = NULL;
+
+ if (!domain_str || !domain_p || !dc_p) {
+ return false;
+ }
+
+ p = strchr_m(domain_str, '\\');
+
+ if (p != NULL) {
+ domain = talloc_strndup(mem_ctx, domain_str,
+ PTR_DIFF(p, domain_str));
+ dc = talloc_strdup(mem_ctx, p+1);
+ if (!dc) {
+ return false;
+ }
+ } else {
+ domain = talloc_strdup(mem_ctx, domain_str);
+ dc = NULL;
+ }
+ if (!domain) {
+ return false;
+ }
+
+ *domain_p = domain;
+
+ if (!*dc_p && dc) {
+ *dc_p = dc;
+ }
+
+ return true;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ if (!r->in.domain_name) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "No domain name defined");
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (strlen(r->in.machine_name) > 15) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Our netbios name can be at most 15 chars long, "
+ "\"%s\" is %u chars long\n",
+ r->in.machine_name,
+ (unsigned int)strlen(r->in.machine_name));
+ return WERR_INVALID_PARAMETER;
+ }
+
+ r->out.account_name = talloc_asprintf(mem_ctx, "%s$",
+ r->in.machine_name);
+ if (r->out.account_name == NULL) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Unable to construct r->out.account_name");
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name,
+ &r->in.domain_name,
+ &r->in.dc_name)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Failed to parse domain name");
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (r->in.request_offline_join) {
+ /*
+ * When in the "request offline join" path we do not have admin
+ * credentials available so we can skip the next steps - gd
+ */
+ return WERR_OK;
+ }
+
+ if (!r->in.admin_domain) {
+ char *admin_domain = NULL;
+ char *admin_account = NULL;
+ bool ok;
+
+ ok = split_domain_user(mem_ctx,
+ r->in.admin_account,
+ &admin_domain,
+ &admin_account);
+ if (!ok) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ if (admin_domain != NULL) {
+ r->in.admin_domain = admin_domain;
+ } else {
+ r->in.admin_domain = r->in.domain_name;
+ }
+ r->in.admin_account = admin_account;
+ }
+
+ if (r->in.provision_computer_account_only) {
+ /*
+ * When in the "provision_computer_account_only" path we do not
+ * need to have access to secrets.tdb at all - gd
+ */
+ return WERR_OK;
+ }
+
+ if (!secrets_init()) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Unable to open secrets database");
+ return WERR_CAN_NOT_COMPLETE;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static void libnet_join_add_dom_rids_to_builtins(struct dom_sid *domain_sid)
+{
+ NTSTATUS status;
+
+ /* Try adding dom admins to builtin\admins. Only log failures. */
+ status = create_builtin_administrators(domain_sid);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
+ DEBUG(10,("Unable to auto-add domain administrators to "
+ "BUILTIN\\Administrators during join because "
+ "winbindd must be running.\n"));
+ } else if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("Failed to auto-add domain administrators to "
+ "BUILTIN\\Administrators during join: %s\n",
+ nt_errstr(status)));
+ }
+
+ /* Try adding dom users to builtin\users. Only log failures. */
+ status = create_builtin_users(domain_sid);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
+ DEBUG(10,("Unable to auto-add domain users to BUILTIN\\users "
+ "during join because winbindd must be running.\n"));
+ } else if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("Failed to auto-add domain administrators to "
+ "BUILTIN\\Administrators during join: %s\n",
+ nt_errstr(status)));
+ }
+
+ /* Try adding dom guests to builtin\guests. Only log failures. */
+ status = create_builtin_guests(domain_sid);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
+ DEBUG(10,("Unable to auto-add domain guests to "
+ "BUILTIN\\Guests during join because "
+ "winbindd must be running.\n"));
+ } else if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("Failed to auto-add domain guests to "
+ "BUILTIN\\Guests during join: %s\n",
+ nt_errstr(status)));
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ WERROR werr;
+
+ if (!W_ERROR_IS_OK(r->out.result)) {
+ return r->out.result;
+ }
+
+ if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) {
+ werr = do_JoinConfig(r);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ return WERR_OK;
+ }
+
+#ifdef HAVE_ADS
+ if (r->out.domain_is_ad &&
+ !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+ ADS_STATUS ads_status;
+
+ ads_status = libnet_join_post_processing_ads_modify(mem_ctx, r);
+ if (!ADS_ERR_OK(ads_status)) {
+ return WERR_GEN_FAILURE;
+ }
+ }
+#endif /* HAVE_ADS */
+
+ if (r->in.provision_computer_account_only) {
+ /*
+ * When we only provision a computer account we are done here - gd.
+ */
+ return WERR_OK;
+ }
+
+ saf_join_store(r->out.netbios_domain_name, r->in.dc_name);
+ if (r->out.dns_domain_name) {
+ saf_join_store(r->out.dns_domain_name, r->in.dc_name);
+ }
+
+ if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) {
+ return WERR_NERR_SETUPNOTJOINED;
+ }
+
+ werr = do_JoinConfig(r);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+#ifdef HAVE_ADS
+ if (r->out.domain_is_ad &&
+ !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+ ADS_STATUS ads_status;
+
+ ads_status = libnet_join_post_processing_ads_sync(mem_ctx, r);
+ if (!ADS_ERR_OK(ads_status)) {
+ return WERR_GEN_FAILURE;
+ }
+ }
+#endif /* HAVE_ADS */
+
+ libnet_join_add_dom_rids_to_builtins(r->out.domain_sid);
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r)
+{
+ TALLOC_FREE(r->in.ads);
+
+ return 0;
+}
+
+/****************************************************************
+****************************************************************/
+
+static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r)
+{
+ TALLOC_FREE(r->in.ads);
+
+ return 0;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx **r)
+{
+ struct libnet_JoinCtx *ctx;
+
+ ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx);
+ if (!ctx) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ talloc_set_destructor(ctx, libnet_destroy_JoinCtx);
+
+ ctx->in.machine_name = talloc_strdup(ctx, lp_netbios_name());
+ W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name);
+
+ ctx->in.secure_channel_type = SEC_CHAN_WKSTA;
+
+ ctx->in.desired_encryption_types = 0;
+ ctx->in.desired_encryption_types |= ENC_RC4_HMAC_MD5;
+ ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES128;
+ ctx->in.desired_encryption_types |= ENC_HMAC_SHA1_96_AES256;
+
+ *r = ctx;
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx **r)
+{
+ struct libnet_UnjoinCtx *ctx;
+
+ ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx);
+ if (!ctx) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ talloc_set_destructor(ctx, libnet_destroy_UnjoinCtx);
+
+ ctx->in.machine_name = talloc_strdup(ctx, lp_netbios_name());
+ W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name);
+
+ *r = ctx;
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ bool valid_security = false;
+ bool valid_workgroup = false;
+ bool valid_realm = false;
+ bool valid_hostname = false;
+ bool ignored_realm = false;
+
+ /* check if configuration is already set correctly */
+
+ valid_workgroup = strequal(lp_workgroup(), r->out.netbios_domain_name);
+ valid_hostname = strequal(lp_netbios_name(), r->in.machine_name);
+
+ switch (r->out.domain_is_ad) {
+ case false:
+ valid_security = (lp_security() == SEC_DOMAIN)
+ || (lp_server_role() == ROLE_DOMAIN_PDC)
+ || (lp_server_role() == ROLE_DOMAIN_BDC);
+ if (valid_workgroup && valid_security) {
+ /* nothing to be done */
+ return WERR_OK;
+ }
+ break;
+ case true:
+ valid_realm = strequal(lp_realm(), r->out.dns_domain_name);
+ switch (lp_security()) {
+ case SEC_DOMAIN:
+ if (!valid_realm && lp_winbind_rpc_only()) {
+ valid_realm = true;
+ ignored_realm = true;
+ }
+
+ FALL_THROUGH;
+ case SEC_ADS:
+ valid_security = true;
+ }
+
+ if (valid_workgroup && valid_realm && valid_security &&
+ valid_hostname) {
+ if (ignored_realm && !r->in.modify_config)
+ {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Warning: ignoring realm when "
+ "joining AD domain with "
+ "'security=domain' and "
+ "'winbind rpc only = yes'. "
+ "(realm set to '%s', "
+ "should be '%s').", lp_realm(),
+ r->out.dns_domain_name);
+ }
+ /* nothing to be done */
+ return WERR_OK;
+ }
+ break;
+ }
+
+ /* check if we are supposed to manipulate configuration */
+
+ if (!r->in.modify_config) {
+
+ char *wrong_conf = talloc_strdup(mem_ctx, "");
+
+ if (!valid_hostname) {
+ wrong_conf = talloc_asprintf_append(wrong_conf,
+ "\"netbios name\" set to '%s', should be '%s'",
+ lp_netbios_name(), r->in.machine_name);
+ W_ERROR_HAVE_NO_MEMORY(wrong_conf);
+ }
+
+ if (!valid_workgroup) {
+ wrong_conf = talloc_asprintf_append(wrong_conf,
+ "\"workgroup\" set to '%s', should be '%s'",
+ lp_workgroup(), r->out.netbios_domain_name);
+ W_ERROR_HAVE_NO_MEMORY(wrong_conf);
+ }
+
+ if (!valid_realm) {
+ wrong_conf = talloc_asprintf_append(wrong_conf,
+ "\"realm\" set to '%s', should be '%s'",
+ lp_realm(), r->out.dns_domain_name);
+ W_ERROR_HAVE_NO_MEMORY(wrong_conf);
+ }
+
+ if (!valid_security) {
+ const char *sec = NULL;
+ switch (lp_security()) {
+ case SEC_USER: sec = "user"; break;
+ case SEC_DOMAIN: sec = "domain"; break;
+ case SEC_ADS: sec = "ads"; break;
+ }
+ wrong_conf = talloc_asprintf_append(wrong_conf,
+ "\"security\" set to '%s', should be %s",
+ sec, r->out.domain_is_ad ?
+ "either 'domain' or 'ads'" : "'domain'");
+ W_ERROR_HAVE_NO_MEMORY(wrong_conf);
+ }
+
+ libnet_join_set_error_string(mem_ctx, r,
+ "Invalid configuration (%s) and configuration modification "
+ "was not requested", wrong_conf);
+ return WERR_CAN_NOT_COMPLETE;
+ }
+
+ /* check if we are able to manipulate configuration */
+
+ if (!lp_config_backend_is_registry()) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "Configuration manipulation requested but not "
+ "supported by backend");
+ return WERR_NOT_SUPPORTED;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ struct cli_state *cli = NULL;
+#ifdef HAVE_ADS
+ ADS_STATUS ads_status;
+#endif /* HAVE_ADS */
+ const char *pre_connect_realm = NULL;
+ const char *sitename = NULL;
+ struct netr_DsRGetDCNameInfo *info;
+ const char *dc;
+ uint32_t name_type_flags = 0;
+
+ /* Before contacting a DC, we can securely know
+ * the realm only if the user specifies it.
+ */
+ if (r->in.use_kerberos &&
+ r->in.domain_name_type == JoinDomNameTypeDNS) {
+ pre_connect_realm = r->in.domain_name;
+ }
+
+ if (r->in.domain_name_type == JoinDomNameTypeDNS) {
+ name_type_flags = DS_IS_DNS_NAME;
+ } else if (r->in.domain_name_type == JoinDomNameTypeNBT) {
+ name_type_flags = DS_IS_FLAT_NAME;
+ }
+
+ if (r->in.dc_name) {
+ status = dsgetonedcname(mem_ctx,
+ r->in.msg_ctx,
+ r->in.domain_name,
+ r->in.dc_name,
+ DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_RETURN_DNS_NAME |
+ name_type_flags,
+ &info);
+ } else {
+ status = dsgetdcname(mem_ctx,
+ r->in.msg_ctx,
+ r->in.domain_name,
+ NULL,
+ NULL,
+ DS_FORCE_REDISCOVERY |
+ DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_RETURN_DNS_NAME |
+ name_type_flags,
+ &info);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to find DC for domain %s - %s",
+ r->in.domain_name,
+ get_friendly_nt_error_msg(status));
+ return WERR_NERR_DCNOTFOUND;
+ }
+
+ dc = strip_hostname(info->dc_unc);
+ r->in.dc_name = talloc_strdup(mem_ctx, dc);
+ W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
+
+ if (info->dc_address == NULL || info->dc_address[0] != '\\' ||
+ info->dc_address[1] != '\\') {
+ DBG_ERR("ill-formed DC address '%s'\n",
+ info->dc_address);
+ return WERR_NERR_DCNOTFOUND;
+ }
+
+ sitename = info->dc_site_name;
+ /* info goes out of scope but the memory stays
+ allocated on the talloc context */
+
+ /* return the allocated netr_DsRGetDCNameInfo struct */
+ r->out.dcinfo = info;
+
+ if (pre_connect_realm != NULL) {
+ struct sockaddr_storage ss = {0};
+ const char *numeric_dcip = info->dc_address + 2;
+
+ if (numeric_dcip[0] == '\0') {
+ if (!interpret_string_addr(&ss, numeric_dcip,
+ AI_NUMERICHOST)) {
+ DBG_ERR(
+ "cannot parse IP address '%s' of DC '%s'\n",
+ numeric_dcip, r->in.dc_name);
+ return WERR_NERR_DCNOTFOUND;
+ }
+ } else {
+ if (!interpret_string_addr(&ss, r->in.dc_name, 0)) {
+ DBG_WARNING(
+ "cannot resolve IP address of DC '%s'\n",
+ r->in.dc_name);
+ return WERR_NERR_DCNOTFOUND;
+ }
+ }
+
+ /* The domain parameter is only used as modifier
+ * to krb5.conf file name. _JOIN_ is not a valid
+ * NetBIOS name so it cannot clash with another domain
+ * -- Uri.
+ */
+ create_local_private_krb5_conf_for_domain(pre_connect_realm,
+ "_JOIN_",
+ sitename,
+ &ss);
+ }
+
+ status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to lookup DC info for domain '%s' over rpc: %s",
+ r->in.domain_name, get_friendly_nt_error_msg(status));
+ return ntstatus_to_werror(status);
+ }
+
+ werr = libnet_join_check_config(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ if (!r->in.provision_computer_account_only) {
+ goto done;
+ }
+ /* do not fail when only provisioning */
+ }
+
+#ifdef HAVE_ADS
+
+ if (r->out.domain_is_ad) {
+ create_local_private_krb5_conf_for_domain(
+ r->out.dns_domain_name, r->out.netbios_domain_name,
+ sitename, smbXcli_conn_remote_sockaddr(cli->conn));
+ }
+
+ if (r->out.domain_is_ad &&
+ !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+
+ const char *initial_account_ou = r->in.account_ou;
+
+ /*
+ * we want to create the msDS-SupportedEncryptionTypes attribute
+ * as early as possible so always try an LDAP create as the user
+ * first. We copy r->in.account_ou because it may be changed
+ * during the machine pre-creation.
+ */
+
+ ads_status = libnet_join_connect_ads_user(mem_ctx, r);
+ if (!ADS_ERR_OK(ads_status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to connect to AD: %s",
+ ads_errstr(ads_status));
+ return WERR_NERR_DEFAULTJOINREQUIRED;
+ }
+
+ ads_status = libnet_join_precreate_machine_acct(mem_ctx, r);
+ if (ADS_ERR_OK(ads_status)) {
+
+ /*
+ * LDAP object creation succeeded.
+ */
+ r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE;
+
+ return WERR_OK;
+ }
+
+ if (initial_account_ou != NULL) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to precreate account in ou %s: %s",
+ r->in.account_ou,
+ ads_errstr(ads_status));
+ return WERR_NERR_DEFAULTJOINREQUIRED;
+ }
+
+ DBG_INFO("Failed to pre-create account in OU %s: %s\n",
+ r->in.account_ou, ads_errstr(ads_status));
+ }
+#endif /* HAVE_ADS */
+
+ if ((r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE) &&
+ (r->in.join_flags & WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED)) {
+ status = libnet_join_joindomain_rpc_unsecure(mem_ctx, r, cli);
+ } else {
+ status = libnet_join_joindomain_rpc(mem_ctx, r, cli);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_join_set_error_string(mem_ctx, r,
+ "failed to join domain '%s' over rpc: %s",
+ r->in.domain_name, get_friendly_nt_error_msg(status));
+ if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+ return WERR_NERR_SETUPALREADYJOINED;
+ }
+ werr = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ werr = WERR_OK;
+
+ done:
+ if (cli) {
+ cli_shutdown(cli);
+ }
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_DomainOfflineJoin(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ NTSTATUS status;
+ WERROR werr;
+ struct ODJ_WIN7BLOB win7blob;
+ struct OP_JOINPROV3_PART joinprov3;
+ const char *dc_name;
+
+ if (!r->in.request_offline_join) {
+ return WERR_NERR_DEFAULTJOINREQUIRED;
+ }
+
+ if (r->in.odj_provision_data == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ werr = libnet_odj_find_win7blob(r->in.odj_provision_data, &win7blob);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ r->out.netbios_domain_name = talloc_strdup(mem_ctx,
+ win7blob.DnsDomainInfo.Name.string);
+ W_ERROR_HAVE_NO_MEMORY(r->out.netbios_domain_name);
+
+ r->out.dns_domain_name = talloc_strdup(mem_ctx,
+ win7blob.DnsDomainInfo.DnsDomainName.string);
+ W_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name);
+
+ r->out.forest_name = talloc_strdup(mem_ctx,
+ win7blob.DnsDomainInfo.DnsForestName.string);
+ W_ERROR_HAVE_NO_MEMORY(r->out.forest_name);
+
+ r->out.domain_guid = win7blob.DnsDomainInfo.DomainGuid;
+ r->out.domain_sid = dom_sid_dup(mem_ctx,
+ win7blob.DnsDomainInfo.Sid);
+ W_ERROR_HAVE_NO_MEMORY(r->out.domain_sid);
+
+ werr = libnet_odj_find_joinprov3(r->in.odj_provision_data, &joinprov3);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ r->out.account_rid = joinprov3.Rid;
+
+ dc_name = strip_hostname(win7blob.DcInfo.dc_address);
+ if (dc_name == NULL) {
+ return WERR_DOMAIN_CONTROLLER_NOT_FOUND;
+ }
+ r->in.dc_name = talloc_strdup(mem_ctx, dc_name);
+ W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
+
+ r->out.domain_is_ad = true;
+
+ /* we cannot use talloc_steal but have to deep copy the struct here */
+ status = copy_netr_DsRGetDCNameInfo(mem_ctx, &win7blob.DcInfo,
+ &r->out.dcinfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ntstatus_to_werror(status);
+ }
+
+ werr = libnet_join_check_config(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ return WERR_OK;
+#if 0
+ /* the following fields are currently not filled in */
+
+ const char * dn;
+ uint32_t set_encryption_types;
+ const char * krb5_salt;
+#endif
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ WERROR werr;
+ struct libnet_UnjoinCtx *u = NULL;
+
+ werr = libnet_init_UnjoinCtx(mem_ctx, &u);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+
+ u->in.debug = r->in.debug;
+ u->in.dc_name = r->in.dc_name;
+ u->in.domain_name = r->in.domain_name;
+ u->in.admin_account = r->in.admin_account;
+ u->in.admin_password = r->in.admin_password;
+ u->in.modify_config = r->in.modify_config;
+ u->in.use_kerberos = r->in.use_kerberos;
+ u->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
+ WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
+
+ werr = libnet_Unjoin(mem_ctx, u);
+ TALLOC_FREE(u);
+
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR libnet_Join(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r)
+{
+ WERROR werr;
+
+ if (r->in.debug) {
+ LIBNET_JOIN_IN_DUMP_CTX(mem_ctx, r);
+ }
+
+ ZERO_STRUCT(r->out);
+
+ werr = libnet_join_pre_processing(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
+ if (r->in.request_offline_join) {
+ werr = libnet_DomainOfflineJoin(mem_ctx, r);
+ } else {
+ werr = libnet_DomainJoin(mem_ctx, r);
+ }
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+ }
+
+ werr = libnet_join_post_processing(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ if (r->in.provision_computer_account_only) {
+ /*
+ * When we only provision a computer account we are done here - gd.
+ */
+ goto done;
+ }
+
+ if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
+ if (r->in.request_offline_join) {
+ /*
+ * When we are serving an offline domain join request we
+ * have no network so we are done here - gd.
+ */
+ goto done;
+ }
+
+ werr = libnet_join_post_verify(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ libnet_join_rollback(mem_ctx, r);
+ }
+ }
+
+ done:
+ r->out.result = werr;
+
+ if (r->in.debug) {
+ LIBNET_JOIN_OUT_DUMP_CTX(mem_ctx, r);
+ }
+ return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ NTSTATUS status;
+
+ if (!r->in.domain_sid) {
+ struct dom_sid sid;
+ if (!secrets_fetch_domain_sid(lp_workgroup(), &sid)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "Unable to fetch domain sid: are we joined?");
+ return WERR_NERR_SETUPNOTJOINED;
+ }
+ r->in.domain_sid = dom_sid_dup(mem_ctx, &sid);
+ W_ERROR_HAVE_NO_MEMORY(r->in.domain_sid);
+ }
+
+ if (!(r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) &&
+ !r->in.delete_machine_account) {
+ libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+ return WERR_OK;
+ }
+
+ if (!r->in.dc_name) {
+ struct netr_DsRGetDCNameInfo *info;
+ const char *dc;
+ status = dsgetdcname(mem_ctx,
+ r->in.msg_ctx,
+ r->in.domain_name,
+ NULL,
+ NULL,
+ DS_DIRECTORY_SERVICE_REQUIRED |
+ DS_WRITABLE_REQUIRED |
+ DS_RETURN_DNS_NAME,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to find DC for domain %s - %s",
+ r->in.domain_name,
+ get_friendly_nt_error_msg(status));
+ return WERR_NERR_DCNOTFOUND;
+ }
+
+ dc = strip_hostname(info->dc_unc);
+ r->in.dc_name = talloc_strdup(mem_ctx, dc);
+ W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
+ }
+
+#ifdef HAVE_ADS
+ /* for net ads leave, try to delete the account. If it works,
+ no sense in disabling. If it fails, we can still try to
+ disable it. jmcd */
+
+ if (r->in.delete_machine_account) {
+ ADS_STATUS ads_status;
+ ads_status = libnet_unjoin_connect_ads(mem_ctx, r);
+ if (ADS_ERR_OK(ads_status)) {
+ /* dirty hack */
+ r->out.dns_domain_name =
+ talloc_strdup(mem_ctx,
+ r->in.ads->server.realm);
+ ads_status =
+ libnet_unjoin_remove_machine_acct(mem_ctx, r);
+ }
+ if (!ADS_ERR_OK(ads_status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to remove machine account from AD: %s",
+ ads_errstr(ads_status));
+ } else {
+ r->out.deleted_machine_account = true;
+ W_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name);
+ libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+ return WERR_OK;
+ }
+ }
+#endif /* HAVE_ADS */
+
+ /* The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means
+ "disable". */
+ if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
+ status = libnet_join_unjoindomain_rpc(mem_ctx, r);
+ if (!NT_STATUS_IS_OK(status)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "failed to disable machine account via rpc: %s",
+ get_friendly_nt_error_msg(status));
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ return WERR_NERR_SETUPNOTJOINED;
+ }
+ return ntstatus_to_werror(status);
+ }
+
+ r->out.dns_domain_name = talloc_strdup(mem_ctx,
+ r->in.domain_name);
+ r->out.disabled_machine_account = true;
+ }
+
+ /* If disable succeeded or was not requested at all, we
+ should be getting rid of our end of things */
+
+ libnet_join_unjoindomain_remove_secrets(mem_ctx, r);
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ if (!r->in.domain_name) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "No domain name defined");
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name,
+ &r->in.domain_name,
+ &r->in.dc_name)) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "Failed to parse domain name");
+ return WERR_INVALID_PARAMETER;
+ }
+
+ if (IS_DC) {
+ return WERR_NERR_SETUPDOMAINCONTROLLER;
+ }
+
+ if (!r->in.admin_domain) {
+ char *admin_domain = NULL;
+ char *admin_account = NULL;
+ bool ok;
+
+ ok = split_domain_user(mem_ctx,
+ r->in.admin_account,
+ &admin_domain,
+ &admin_account);
+ if (!ok) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ if (admin_domain != NULL) {
+ r->in.admin_domain = admin_domain;
+ } else {
+ r->in.admin_domain = r->in.domain_name;
+ }
+ r->in.admin_account = admin_account;
+ }
+
+ if (!secrets_init()) {
+ libnet_unjoin_set_error_string(mem_ctx, r,
+ "Unable to open secrets database");
+ return WERR_CAN_NOT_COMPLETE;
+ }
+
+ return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_unjoin_post_processing(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ saf_delete(r->out.netbios_domain_name);
+ saf_delete(r->out.dns_domain_name);
+
+ return libnet_unjoin_config(r);
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r)
+{
+ WERROR werr;
+
+ if (r->in.debug) {
+ LIBNET_UNJOIN_IN_DUMP_CTX(mem_ctx, r);
+ }
+
+ werr = libnet_unjoin_pre_processing(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
+ werr = libnet_DomainUnjoin(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ libnet_unjoin_config(r);
+ goto done;
+ }
+ }
+
+ werr = libnet_unjoin_post_processing(mem_ctx, r);
+ if (!W_ERROR_IS_OK(werr)) {
+ goto done;
+ }
+
+ done:
+ r->out.result = werr;
+
+ if (r->in.debug) {
+ LIBNET_UNJOIN_OUT_DUMP_CTX(mem_ctx, r);
+ }
+
+ return werr;
+}
diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h
new file mode 100644
index 0000000..b7e2f0b
--- /dev/null
+++ b/source3/libnet/libnet_join.h
@@ -0,0 +1,40 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libnet Join Support
+ * Copyright (C) Gerald (Jerry) Carter 2006
+ * Copyright (C) Guenther Deschner 2007-2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBNET_LIBNET_JOIN_H_
+#define _LIBNET_LIBNET_JOIN_H_
+
+/* The following definitions come from libnet/libnet_join.c */
+
+struct messaging_context;
+NTSTATUS libnet_join_ok(struct messaging_context *msg_ctx,
+ const char *netbios_domain_name,
+ const char *dc_name,
+ const bool use_kerberos);
+WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx **r);
+WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx **r);
+WERROR libnet_Join(TALLOC_CTX *mem_ctx,
+ struct libnet_JoinCtx *r);
+WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx,
+ struct libnet_UnjoinCtx *r);
+
+#endif /* _LIBNET_LIBNET_JOIN_H_ */
diff --git a/source3/libnet/libnet_join_offline.c b/source3/libnet/libnet_join_offline.c
new file mode 100644
index 0000000..d1317dd
--- /dev/null
+++ b/source3/libnet/libnet_join_offline.c
@@ -0,0 +1,441 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libnet Join offline support
+ * Copyright (C) Guenther Deschner 2021
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_libnet_join.h"
+#include "../librpc/gen_ndr/ndr_ODJ.h"
+#include "libnet/libnet_join_offline.h"
+#include "libcli/security/dom_sid.h"
+#include "rpc_client/util_netlogon.h"
+
+static WERROR libnet_odj_compose_ODJ_WIN7BLOB(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ struct ODJ_WIN7BLOB *b)
+{
+ char *samaccount;
+ uint32_t len;
+ struct ODJ_POLICY_DNS_DOMAIN_INFO i = {
+ .Sid = NULL,
+ };
+
+ ZERO_STRUCTP(b);
+
+ b->lpDomain = talloc_strdup(mem_ctx, r->out.dns_domain_name);
+ if (b->lpDomain == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ samaccount = talloc_strdup(mem_ctx, r->out.account_name);
+ if (samaccount == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ len = strlen(samaccount);
+ if (samaccount[len-1] == '$') {
+ samaccount[len-1] = '\0';
+ }
+ b->lpMachineName = samaccount;
+
+ b->lpMachinePassword = talloc_strdup(mem_ctx, r->in.machine_password);
+ if (b->lpMachinePassword == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ /* fill up ODJ_POLICY_DNS_DOMAIN_INFO */
+
+ i.Name.string = talloc_strdup(mem_ctx, r->out.netbios_domain_name);
+ if (i.Name.string == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ i.DnsDomainName.string = talloc_strdup(mem_ctx, r->out.dns_domain_name);
+ if (i.DnsDomainName.string == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ i.DnsForestName.string = talloc_strdup(mem_ctx, r->out.forest_name);
+ if (i.DnsForestName.string == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ i.DomainGuid = r->out.domain_guid;
+ i.Sid = dom_sid_dup(mem_ctx, r->out.domain_sid);
+ if (i.Sid == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ b->DnsDomainInfo = i;
+
+ if (r->out.dcinfo) {
+ struct netr_DsRGetDCNameInfo *p;
+
+ p = talloc_steal(mem_ctx, r->out.dcinfo);
+ if (p == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ b->DcInfo = *p;
+ }
+
+ /*
+ * According to
+ * https://docs.microsoft.com/en-us/windows/win32/netmgmt/odj-odj_win7blob
+ * it should be 0 but Windows 2019 always sets 6 - gd.
+ */
+ b->Options = 6;
+
+ return WERR_OK;
+}
+
+static WERROR libnet_odj_compose_OP_JOINPROV2_PART(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ struct OP_JOINPROV2_PART **p)
+{
+ struct OP_JOINPROV2_PART *b;
+
+ b = talloc_zero(mem_ctx, struct OP_JOINPROV2_PART);
+ if (b == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ /* TODO */
+
+ *p = b;
+
+ return WERR_INVALID_LEVEL;
+}
+
+static WERROR libnet_odj_compose_OP_JOINPROV3_PART(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ struct OP_JOINPROV3_PART **p)
+{
+ struct OP_JOINPROV3_PART *b;
+ struct dom_sid *sid;
+
+ b = talloc_zero(mem_ctx, struct OP_JOINPROV3_PART);
+ if (b == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ b->Rid = r->out.account_rid;
+ sid = dom_sid_add_rid(mem_ctx, r->out.domain_sid, r->out.account_rid);
+ if (sid == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ b->lpSid = dom_sid_string(mem_ctx, sid);
+ if (b->lpSid == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ *p = b;
+
+ return WERR_OK;
+}
+
+static WERROR libnet_odj_compose_OP_PACKAGE_PART(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ const struct ODJ_WIN7BLOB *win7,
+ const char *join_provider_guid,
+ uint32_t flags,
+ struct OP_PACKAGE_PART *p)
+{
+ struct GUID guid;
+ uint32_t level;
+ WERROR werr;
+
+ if (!NT_STATUS_IS_OK(GUID_from_string(join_provider_guid, &guid))) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ level = odj_switch_level_from_guid(&guid);
+
+ p->PartType = guid;
+ p->ulFlags = flags;
+ p->part_len = 0; /* autogenerated */
+ p->Part = talloc_zero(mem_ctx, union OP_PACKAGE_PART_u);
+ if (p->Part == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ switch (level) {
+ case 1: /* ODJ_GUID_JOIN_PROVIDER */
+ if (win7 == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+ p->Part->win7blob = *win7;
+ break;
+ case 2: /* ODJ_GUID_JOIN_PROVIDER2 */
+ werr = libnet_odj_compose_OP_JOINPROV2_PART(mem_ctx, r,
+ &p->Part->join_prov2.p);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+ break;
+ case 3: /* ODJ_GUID_JOIN_PROVIDER3 */
+ werr = libnet_odj_compose_OP_JOINPROV3_PART(mem_ctx, r,
+ &p->Part->join_prov3.p);
+ if (!W_ERROR_IS_OK(werr)) {
+ return werr;
+ }
+ break;
+ default:
+ return WERR_INVALID_LEVEL;
+ }
+
+ return WERR_OK;
+}
+
+static WERROR libnet_odj_compose_OP_PACKAGE_PART_COLLECTION(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ const struct ODJ_WIN7BLOB *win7,
+ struct OP_PACKAGE_PART_COLLECTION **pp)
+{
+ WERROR werr;
+ struct OP_PACKAGE_PART_COLLECTION *p;
+
+ p = talloc_zero(mem_ctx, struct OP_PACKAGE_PART_COLLECTION);
+ if (p == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ p->cParts = 2;
+ p->pParts = talloc_zero_array(p, struct OP_PACKAGE_PART, p->cParts);
+ if (p->pParts == NULL) {
+ talloc_free(p);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ werr = libnet_odj_compose_OP_PACKAGE_PART(p, r, win7,
+ ODJ_GUID_JOIN_PROVIDER,
+ OPSPI_PACKAGE_PART_ESSENTIAL,
+ &p->pParts[0]);
+ if (!W_ERROR_IS_OK(werr)) {
+ talloc_free(p);
+ return werr;
+ }
+
+ werr = libnet_odj_compose_OP_PACKAGE_PART(p, r, NULL,
+ ODJ_GUID_JOIN_PROVIDER3,
+ 0,
+ &p->pParts[1]);
+ if (!W_ERROR_IS_OK(werr)) {
+ talloc_free(p);
+ return werr;
+ }
+
+ *pp = p;
+
+ return WERR_OK;
+}
+
+static WERROR libnet_odj_compose_OP_PACKAGE(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ const struct ODJ_WIN7BLOB *win7,
+ struct OP_PACKAGE **pp)
+{
+ WERROR werr;
+ struct OP_PACKAGE_PART_COLLECTION *c;
+ struct OP_PACKAGE *p;
+
+ p = talloc_zero(mem_ctx, struct OP_PACKAGE);
+ if (p == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ werr = libnet_odj_compose_OP_PACKAGE_PART_COLLECTION(p, r, win7, &c);
+ if (!W_ERROR_IS_OK(werr)) {
+ talloc_free(p);
+ return werr;
+ }
+
+ p->EncryptionType = GUID_zero();
+
+ p->WrappedPartCollection.cbBlob = 0; /* autogenerated */
+ p->WrappedPartCollection.w = talloc_zero(p,
+ struct OP_PACKAGE_PART_COLLECTION_serialized_ptr);
+ if (p->WrappedPartCollection.w == NULL) {
+ talloc_free(p);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ p->WrappedPartCollection.w->s.p = c;
+
+ *pp = p;
+
+ return WERR_OK;
+}
+
+WERROR libnet_odj_compose_ODJ_PROVISION_DATA(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ struct ODJ_PROVISION_DATA **b_p)
+{
+ WERROR werr;
+ struct ODJ_PROVISION_DATA *b;
+ struct ODJ_WIN7BLOB win7;
+ struct OP_PACKAGE *package;
+
+ b = talloc_zero(mem_ctx, struct ODJ_PROVISION_DATA);
+ if (b == NULL) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ b->ulVersion = 1;
+ b->ulcBlobs = 2;
+ b->pBlobs = talloc_zero_array(b, struct ODJ_BLOB, b->ulcBlobs);
+ if (b->pBlobs == NULL) {
+ talloc_free(b);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ werr = libnet_odj_compose_ODJ_WIN7BLOB(b, r, &win7);
+ if (!W_ERROR_IS_OK(werr)) {
+ talloc_free(b);
+ return werr;
+ }
+
+ werr = libnet_odj_compose_OP_PACKAGE(b, r, &win7, &package);
+ if (!W_ERROR_IS_OK(werr)) {
+ talloc_free(b);
+ return werr;
+ }
+
+ b->pBlobs[0].ulODJFormat = ODJ_WIN7_FORMAT;
+ b->pBlobs[0].cbBlob = 0; /* autogenerated */
+ b->pBlobs[0].pBlob = talloc_zero(b, union ODJ_BLOB_u);
+ if (b->pBlobs[0].pBlob == NULL) {
+ talloc_free(b);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ b->pBlobs[0].pBlob->odj_win7blob = win7;
+
+ b->pBlobs[1].ulODJFormat = ODJ_WIN8_FORMAT;
+ b->pBlobs[1].cbBlob = 0; /* autogenerated */
+ b->pBlobs[1].pBlob = talloc_zero(b, union ODJ_BLOB_u);
+ if (b->pBlobs[1].pBlob == NULL) {
+ talloc_free(b);
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+ b->pBlobs[1].pBlob->op_package.p = package;
+
+ *b_p = b;
+
+ return WERR_OK;
+}
+
+WERROR libnet_odj_find_win7blob(const struct ODJ_PROVISION_DATA *r,
+ struct ODJ_WIN7BLOB *win7blob)
+{
+ int i;
+
+ if (r == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ for (i = 0; i < r->ulcBlobs; i++) {
+
+ struct ODJ_BLOB b = r->pBlobs[i];
+
+ switch (b.ulODJFormat) {
+ case ODJ_WIN7_FORMAT:
+ *win7blob = b.pBlob->odj_win7blob;
+ return WERR_OK;
+
+ case ODJ_WIN8_FORMAT: {
+ NTSTATUS status;
+ struct OP_PACKAGE_PART_COLLECTION *col;
+ struct GUID guid;
+ int k;
+
+ if (b.pBlob->op_package.p->WrappedPartCollection.w == NULL) {
+ return WERR_BAD_FORMAT;
+ }
+
+ col = b.pBlob->op_package.p->WrappedPartCollection.w->s.p;
+
+ status = GUID_from_string(ODJ_GUID_JOIN_PROVIDER, &guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ for (k = 0; k < col->cParts; k++) {
+ if (GUID_equal(&guid, &col->pParts[k].PartType)) {
+ *win7blob = col->pParts[k].Part->win7blob;
+ return WERR_OK;
+ }
+ }
+ break;
+ }
+ default:
+ return WERR_BAD_FORMAT;
+ }
+ }
+
+ return WERR_BAD_FORMAT;
+}
+
+
+WERROR libnet_odj_find_joinprov3(const struct ODJ_PROVISION_DATA *r,
+ struct OP_JOINPROV3_PART *joinprov3)
+{
+ int i;
+
+ if (r == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
+
+ for (i = 0; i < r->ulcBlobs; i++) {
+
+ struct ODJ_BLOB b = r->pBlobs[i];
+
+ switch (b.ulODJFormat) {
+ case ODJ_WIN7_FORMAT:
+ continue;
+
+ case ODJ_WIN8_FORMAT: {
+ NTSTATUS status;
+ struct OP_PACKAGE_PART_COLLECTION *col;
+ struct GUID guid;
+ int k;
+
+ if (b.pBlob->op_package.p->WrappedPartCollection.w == NULL) {
+ return WERR_BAD_FORMAT;
+ }
+
+ col = b.pBlob->op_package.p->WrappedPartCollection.w->s.p;
+
+ status = GUID_from_string(ODJ_GUID_JOIN_PROVIDER3, &guid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return WERR_NOT_ENOUGH_MEMORY;
+ }
+
+ for (k = 0; k < col->cParts; k++) {
+ if (GUID_equal(&guid, &col->pParts[k].PartType)) {
+ *joinprov3 = *col->pParts[k].Part->join_prov3.p;
+ return WERR_OK;
+ }
+ }
+ break;
+ }
+ default:
+ return WERR_BAD_FORMAT;
+ }
+ }
+
+ return WERR_BAD_FORMAT;
+}
diff --git a/source3/libnet/libnet_join_offline.h b/source3/libnet/libnet_join_offline.h
new file mode 100644
index 0000000..7507c58
--- /dev/null
+++ b/source3/libnet/libnet_join_offline.h
@@ -0,0 +1,26 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libnet Join offline support
+ * Copyright (C) Guenther Deschner 2021
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+WERROR libnet_odj_compose_ODJ_PROVISION_DATA(TALLOC_CTX *mem_ctx,
+ const struct libnet_JoinCtx *r,
+ struct ODJ_PROVISION_DATA **b_p);
+WERROR libnet_odj_find_win7blob(const struct ODJ_PROVISION_DATA *r,
+ struct ODJ_WIN7BLOB *win7blob);
+WERROR libnet_odj_find_joinprov3(const struct ODJ_PROVISION_DATA *r,
+ struct OP_JOINPROV3_PART *joinprov3);
diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c
new file mode 100644
index 0000000..ea4fd5e
--- /dev/null
+++ b/source3/libnet/libnet_keytab.c
@@ -0,0 +1,457 @@
+/*
+ Unix SMB/CIFS implementation.
+ dump the remote SAM using rpc samsync operations
+
+ Copyright (C) Guenther Deschner 2008.
+ Copyright (C) Michael Adam 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "ads.h"
+#include "secrets.h"
+#include "libnet/libnet_keytab.h"
+
+#ifdef HAVE_KRB5
+
+/****************************************************************
+****************************************************************/
+
+static int keytab_close(struct libnet_keytab_context *ctx)
+{
+ if (!ctx) {
+ return 0;
+ }
+
+ if (ctx->keytab && ctx->context) {
+ krb5_kt_close(ctx->context, ctx->keytab);
+ }
+
+ if (ctx->context) {
+ krb5_free_context(ctx->context);
+ }
+
+ TALLOC_FREE(ctx->ads);
+
+ TALLOC_FREE(ctx);
+
+ return 0;
+}
+
+/****************************************************************
+****************************************************************/
+
+krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx,
+ const char *keytab_name,
+ struct libnet_keytab_context **ctx)
+{
+ krb5_error_code ret = 0;
+ krb5_context context = NULL;
+ krb5_keytab keytab = NULL;
+ const char *keytab_string = NULL;
+
+ struct libnet_keytab_context *r;
+
+ r = talloc_zero(mem_ctx, struct libnet_keytab_context);
+ if (!r) {
+ return ENOMEM;
+ }
+
+ talloc_set_destructor(r, keytab_close);
+
+ ret = smb_krb5_init_context_common(&context);
+ if (ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(ret));
+ return ret;
+ }
+
+ ret = smb_krb5_kt_open_relative(context,
+ keytab_name,
+ true, /* write_access */
+ &keytab);
+ if (ret) {
+ DBG_WARNING("smb_krb5_kt_open_relative failed (%s)\n",
+ error_message(ret));
+ krb5_free_context(context);
+ return ret;
+ }
+
+ ret = smb_krb5_kt_get_name(mem_ctx, context, keytab, &keytab_string);
+ if (ret) {
+ krb5_kt_close(context, keytab);
+ krb5_free_context(context);
+ return ret;
+ }
+
+ r->context = context;
+ r->keytab = keytab;
+ r->keytab_name = keytab_string;
+ r->clean_old_entries = false;
+
+ *ctx = r;
+
+ return 0;
+}
+
+/****************************************************************
+****************************************************************/
+
+/**
+ * Remove all entries that have the given principal, kvno and enctype.
+ */
+static krb5_error_code libnet_keytab_remove_entries(krb5_context context,
+ krb5_keytab keytab,
+ const char *principal,
+ int kvno,
+ const krb5_enctype enctype,
+ bool ignore_kvno)
+{
+ krb5_error_code ret;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry kt_entry;
+
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret) {
+ return 0;
+ }
+
+ while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0)
+ {
+ krb5_keyblock *keyp;
+ char *princ_s = NULL;
+
+ if (kt_entry.vno != kvno && !ignore_kvno) {
+ goto cont;
+ }
+
+ keyp = KRB5_KT_KEY(&kt_entry);
+
+ if (KRB5_KEY_TYPE(keyp) != enctype) {
+ goto cont;
+ }
+
+ ret = smb_krb5_unparse_name(talloc_tos(), context, kt_entry.principal,
+ &princ_s);
+ if (ret) {
+ DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+
+ if (strcmp(principal, princ_s) != 0) {
+ goto cont;
+ }
+
+ /* match found - remove */
+
+ DEBUG(10, ("found entry for principal %s, kvno %d, "
+ "enctype %d - trying to remove it\n",
+ princ_s, kt_entry.vno, KRB5_KEY_TYPE(keyp)));
+
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ ZERO_STRUCT(cursor);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+
+ ret = krb5_kt_remove_entry(context, keytab,
+ &kt_entry);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+ DEBUG(10, ("removed entry for principal %s, kvno %d, "
+ "enctype %d\n", princ_s, kt_entry.vno,
+ KRB5_KEY_TYPE(keyp)));
+
+ ret = krb5_kt_start_seq_get(context, keytab, &cursor);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n",
+ error_message(ret)));
+ goto cont;
+ }
+
+cont:
+ smb_krb5_kt_free_entry(context, &kt_entry);
+ TALLOC_FREE(princ_s);
+ }
+
+ ret = krb5_kt_end_seq_get(context, keytab, &cursor);
+ if (ret) {
+ DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n",
+ error_message(ret)));
+ }
+
+ return ret;
+}
+
+static krb5_error_code libnet_keytab_add_entry(krb5_context context,
+ krb5_keytab keytab,
+ krb5_kvno kvno,
+ const char *princ_s,
+ krb5_enctype enctype,
+ krb5_data password)
+{
+ krb5_keyblock *keyp;
+ krb5_keytab_entry kt_entry;
+ krb5_error_code ret;
+ krb5_principal salt_princ = NULL;
+ char *salt_princ_s;
+
+ /* remove duplicates first ... */
+ ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno,
+ enctype, false);
+ if (ret) {
+ DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n",
+ error_message(ret)));
+ }
+
+ ZERO_STRUCT(kt_entry);
+
+ kt_entry.vno = kvno;
+
+ ret = smb_krb5_parse_name(context, princ_s, &kt_entry.principal);
+ if (ret) {
+ DEBUG(1, ("smb_krb5_parse_name(%s) failed (%s)\n",
+ princ_s, error_message(ret)));
+ return ret;
+ }
+
+ keyp = KRB5_KT_KEY(&kt_entry);
+
+ salt_princ_s = kerberos_secrets_fetch_salt_princ();
+ if (salt_princ_s == NULL) {
+ ret = KRB5KRB_ERR_GENERIC;
+ goto done;
+ }
+
+ ret = krb5_parse_name(context, salt_princ_s, &salt_princ);
+ SAFE_FREE(salt_princ_s);
+ if (ret != 0) {
+ ret = KRB5KRB_ERR_GENERIC;
+ goto done;
+ }
+
+ ret = create_kerberos_key_from_string(context,
+ kt_entry.principal,
+ salt_princ,
+ &password,
+ keyp,
+ enctype,
+ true);
+ krb5_free_principal(context, salt_princ);
+ if (ret != 0) {
+ ret = KRB5KRB_ERR_GENERIC;
+ goto done;
+ }
+
+ ret = krb5_kt_add_entry(context, keytab, &kt_entry);
+ if (ret) {
+ DEBUG(1, ("adding entry to keytab failed (%s)\n",
+ error_message(ret)));
+ }
+
+done:
+ krb5_free_keyblock_contents(context, keyp);
+ krb5_free_principal(context, kt_entry.principal);
+ ZERO_STRUCT(kt_entry);
+ smb_krb5_kt_free_entry(context, &kt_entry);
+
+ return ret;
+}
+
+krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx)
+{
+ krb5_error_code ret = 0;
+ uint32_t i;
+
+
+ if (ctx->clean_old_entries) {
+ DEBUG(0, ("cleaning old entries...\n"));
+ for (i=0; i < ctx->count; i++) {
+ struct libnet_keytab_entry *entry = &ctx->entries[i];
+
+ ret = libnet_keytab_remove_entries(ctx->context,
+ ctx->keytab,
+ entry->principal,
+ 0,
+ entry->enctype,
+ true);
+ if (ret) {
+ DEBUG(1,("libnet_keytab_add: Failed to remove "
+ "old entries for %s (enctype %u): %s\n",
+ entry->principal, entry->enctype,
+ error_message(ret)));
+ return ret;
+ }
+ }
+ }
+
+ for (i=0; i<ctx->count; i++) {
+
+ struct libnet_keytab_entry *entry = &ctx->entries[i];
+ krb5_data password;
+
+ ZERO_STRUCT(password);
+ password.data = (char *)entry->password.data;
+ password.length = entry->password.length;
+
+ ret = libnet_keytab_add_entry(ctx->context,
+ ctx->keytab,
+ entry->kvno,
+ entry->principal,
+ entry->enctype,
+ password);
+ if (ret) {
+ DEBUG(1,("libnet_keytab_add: "
+ "Failed to add entry to keytab file\n"));
+ return ret;
+ }
+ }
+
+ return ret;
+}
+
+struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx,
+ const char *principal,
+ int kvno,
+ const krb5_enctype enctype,
+ TALLOC_CTX *mem_ctx)
+{
+ krb5_error_code ret = 0;
+ krb5_kt_cursor cursor;
+ krb5_keytab_entry kt_entry;
+ struct libnet_keytab_entry *entry = NULL;
+
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(cursor);
+
+ ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor);
+ if (ret) {
+ DEBUG(10, ("krb5_kt_start_seq_get failed: %s\n",
+ error_message(ret)));
+ return NULL;
+ }
+
+ while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0)
+ {
+ krb5_keyblock *keyp;
+ char *princ_s = NULL;
+
+ entry = NULL;
+
+ if (kt_entry.vno != kvno) {
+ goto cont;
+ }
+
+ keyp = KRB5_KT_KEY(&kt_entry);
+
+ if (KRB5_KEY_TYPE(keyp) != enctype) {
+ goto cont;
+ }
+
+ entry = talloc_zero(mem_ctx, struct libnet_keytab_entry);
+ if (!entry) {
+ DEBUG(3, ("talloc failed\n"));
+ goto fail;
+ }
+
+ ret = smb_krb5_unparse_name(entry, ctx->context, kt_entry.principal,
+ &princ_s);
+ if (ret) {
+ goto cont;
+ }
+
+ if (strcmp(principal, princ_s) != 0) {
+ goto cont;
+ }
+
+ entry->principal = talloc_strdup(entry, princ_s);
+ if (!entry->principal) {
+ DEBUG(3, ("talloc_strdup_failed\n"));
+ goto fail;
+ }
+
+ entry->name = talloc_move(entry, &princ_s);
+
+ entry->password = data_blob_talloc(entry, KRB5_KEY_DATA(keyp),
+ KRB5_KEY_LENGTH(keyp));
+ if (!entry->password.data) {
+ DEBUG(3, ("data_blob_talloc failed\n"));
+ goto fail;
+ }
+
+ DEBUG(10, ("found entry\n"));
+
+ smb_krb5_kt_free_entry(ctx->context, &kt_entry);
+ break;
+
+fail:
+ smb_krb5_kt_free_entry(ctx->context, &kt_entry);
+ TALLOC_FREE(entry);
+ break;
+
+cont:
+ smb_krb5_kt_free_entry(ctx->context, &kt_entry);
+ TALLOC_FREE(entry);
+ continue;
+ }
+
+ krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor);
+ return entry;
+}
+
+/**
+ * Helper function to add data to the list
+ * of keytab entries. It builds the prefix from the input.
+ */
+NTSTATUS libnet_keytab_add_to_keytab_entries(TALLOC_CTX *mem_ctx,
+ struct libnet_keytab_context *ctx,
+ uint32_t kvno,
+ const char *name,
+ const char *prefix,
+ const krb5_enctype enctype,
+ DATA_BLOB blob)
+{
+ struct libnet_keytab_entry entry;
+
+ entry.kvno = kvno;
+ entry.name = talloc_strdup(mem_ctx, name);
+ entry.principal = talloc_asprintf(mem_ctx, "%s%s%s@%s",
+ prefix ? prefix : "",
+ prefix ? "/" : "",
+ name, ctx->dns_domain_name);
+ entry.enctype = enctype;
+ entry.password = blob;
+ NT_STATUS_HAVE_NO_MEMORY(entry.name);
+ NT_STATUS_HAVE_NO_MEMORY(entry.principal);
+ NT_STATUS_HAVE_NO_MEMORY(entry.password.data);
+
+ ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry,
+ &ctx->entries, &ctx->count);
+ NT_STATUS_HAVE_NO_MEMORY(ctx->entries);
+
+ return NT_STATUS_OK;
+}
+
+#endif /* HAVE_KRB5 */
diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h
new file mode 100644
index 0000000..df6e957
--- /dev/null
+++ b/source3/libnet/libnet_keytab.h
@@ -0,0 +1,61 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * libnet Support
+ * Copyright (C) Guenther Deschner 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef HAVE_KRB5
+
+struct libnet_keytab_entry {
+ const char *name;
+ const char *principal;
+ DATA_BLOB password;
+ uint32_t kvno;
+ krb5_enctype enctype;
+};
+
+struct ads_struct;
+
+struct libnet_keytab_context {
+ krb5_context context;
+ krb5_keytab keytab;
+ const char *keytab_name;
+ struct ads_struct *ads;
+ const char *dns_domain_name;
+ uint32_t count;
+ struct libnet_keytab_entry *entries;
+ bool clean_old_entries;
+};
+
+/* The following definitions come from libnet/libnet_keytab.c */
+
+krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx,
+ const char *keytab_name,
+ struct libnet_keytab_context **ctx);
+krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx);
+
+struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx,
+ const char *principal, int kvno,
+ const krb5_enctype enctype,
+ TALLOC_CTX *mem_ctx);
+NTSTATUS libnet_keytab_add_to_keytab_entries(TALLOC_CTX *mem_ctx,
+ struct libnet_keytab_context *ctx,
+ uint32_t kvno,
+ const char *name,
+ const char *prefix,
+ const krb5_enctype enctype,
+ DATA_BLOB blob);
+#endif /* HAVE_KRB5 */
diff --git a/source3/libnet/netapi.pc.in b/source3/libnet/netapi.pc.in
new file mode 100644
index 0000000..a699027
--- /dev/null
+++ b/source3/libnet/netapi.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: Samba libnetapi
+Description: A library to control CIFS servers
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -lnetapi
+Cflags: -I${includedir}
+URL: http://www.samba.org/
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
new file mode 100644
index 0000000..ddda18e
--- /dev/null
+++ b/source3/librpc/crypto/gse.c
@@ -0,0 +1,1438 @@
+/*
+ * GSSAPI Security Extensions
+ * RPC Pipe client and server routines
+ * Copyright (C) Simo Sorce 2010.
+ * Copyright (C) Andrew Bartlett 2004-2011.
+ * Copyright (C) Stefan Metzmacher <metze@samba.org> 2004-2005
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* We support only GSSAPI/KRB5 here */
+
+#include "includes.h"
+#include <tevent.h>
+#include "lib/util/tevent_ntstatus.h"
+#include "gse.h"
+#include "libads/kerberos_proto.h"
+#include "auth/common_auth.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
+#include "auth/credentials/credentials.h"
+#include "../librpc/gen_ndr/dcerpc.h"
+#include "param/param.h"
+
+#if defined(HAVE_KRB5)
+
+#include "auth/kerberos/pac_utils.h"
+#include "auth/kerberos/gssapi_helper.h"
+#include "gse_krb5.h"
+
+static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min);
+static size_t gensec_gse_sig_size(struct gensec_security *gensec_security,
+ size_t data_size);
+
+struct gse_context {
+ gss_ctx_id_t gssapi_context;
+ gss_name_t server_name;
+ gss_name_t client_name;
+ OM_uint32 gss_want_flags, gss_got_flags;
+ size_t max_wrap_buf_size;
+ size_t sig_size;
+
+ gss_cred_id_t delegated_cred_handle;
+
+ NTTIME expire_time;
+
+ /* gensec_gse only */
+ krb5_context k5ctx;
+ krb5_ccache ccache;
+ krb5_keytab keytab;
+
+ gss_OID_desc gss_mech;
+ gss_cred_id_t creds;
+
+ gss_OID ret_mech;
+};
+
+/* free non talloc dependent contexts */
+static int gse_context_destructor(void *ptr)
+{
+ struct gse_context *gse_ctx;
+ OM_uint32 gss_min;
+
+ gse_ctx = talloc_get_type_abort(ptr, struct gse_context);
+ if (gse_ctx->k5ctx) {
+ if (gse_ctx->ccache) {
+ krb5_cc_close(gse_ctx->k5ctx, gse_ctx->ccache);
+ gse_ctx->ccache = NULL;
+ }
+ if (gse_ctx->keytab) {
+ krb5_kt_close(gse_ctx->k5ctx, gse_ctx->keytab);
+ gse_ctx->keytab = NULL;
+ }
+ krb5_free_context(gse_ctx->k5ctx);
+ gse_ctx->k5ctx = NULL;
+ }
+ if (gse_ctx->gssapi_context != GSS_C_NO_CONTEXT) {
+ (void)gss_delete_sec_context(&gss_min,
+ &gse_ctx->gssapi_context,
+ GSS_C_NO_BUFFER);
+ }
+ if (gse_ctx->server_name) {
+ (void)gss_release_name(&gss_min,
+ &gse_ctx->server_name);
+ }
+ if (gse_ctx->client_name) {
+ (void)gss_release_name(&gss_min,
+ &gse_ctx->client_name);
+ }
+ if (gse_ctx->creds) {
+ (void)gss_release_cred(&gss_min,
+ &gse_ctx->creds);
+ }
+ if (gse_ctx->delegated_cred_handle) {
+ (void)gss_release_cred(&gss_min,
+ &gse_ctx->delegated_cred_handle);
+ }
+
+ /* MIT and Heimdal differ as to if you can call
+ * gss_release_oid() on this OID, generated by
+ * gss_{accept,init}_sec_context(). However, as long as the
+ * oid is gss_mech_krb5 (which it always is at the moment),
+ * then this is a moot point, as both declare this particular
+ * OID static, and so no memory is lost. This assert is in
+ * place to ensure that the programmer who wishes to extend
+ * this code to EAP or other GSS mechanisms determines an
+ * implementation-dependent way of releasing any dynamically
+ * allocated OID */
+ SMB_ASSERT(smb_gss_oid_equal(&gse_ctx->gss_mech, GSS_C_NO_OID) ||
+ smb_gss_oid_equal(&gse_ctx->gss_mech, gss_mech_krb5));
+
+ return 0;
+}
+
+static NTSTATUS gse_setup_server_principal(TALLOC_CTX *mem_ctx,
+ const char *target_principal,
+ const char *service,
+ const char *hostname,
+ const char *realm,
+ char **pserver_principal,
+ gss_name_t *pserver_name)
+{
+ char *server_principal = NULL;
+ gss_buffer_desc name_token;
+ gss_OID name_type;
+ OM_uint32 maj_stat, min_stat = 0;
+
+ if (target_principal != NULL) {
+ server_principal = talloc_strdup(mem_ctx, target_principal);
+ name_type = GSS_C_NULL_OID;
+ } else {
+ server_principal = talloc_asprintf(mem_ctx,
+ "%s/%s@%s",
+ service,
+ hostname,
+ realm);
+ name_type = GSS_C_NT_USER_NAME;
+ }
+ if (server_principal == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ name_token.value = (uint8_t *)server_principal;
+ name_token.length = strlen(server_principal);
+
+ maj_stat = gss_import_name(&min_stat,
+ &name_token,
+ name_type,
+ pserver_name);
+ if (maj_stat) {
+ DBG_WARNING("GSS Import name of %s failed: %s\n",
+ server_principal,
+ gse_errstr(mem_ctx, maj_stat, min_stat));
+ TALLOC_FREE(server_principal);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ *pserver_principal = server_principal;
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
+ bool do_sign, bool do_seal,
+ const char *ccache_name,
+ uint32_t add_gss_c_flags,
+ struct gse_context **_gse_ctx)
+{
+ struct gse_context *gse_ctx;
+ krb5_error_code k5ret;
+ NTSTATUS status;
+
+ gse_ctx = talloc_zero(mem_ctx, struct gse_context);
+ if (!gse_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ talloc_set_destructor((TALLOC_CTX *)gse_ctx, gse_context_destructor);
+
+ gse_ctx->expire_time = GENSEC_EXPIRE_TIME_INFINITY;
+ gse_ctx->max_wrap_buf_size = UINT16_MAX;
+
+ memcpy(&gse_ctx->gss_mech, gss_mech_krb5, sizeof(gss_OID_desc));
+
+ gse_ctx->gss_want_flags = GSS_C_MUTUAL_FLAG |
+ GSS_C_DELEG_POLICY_FLAG |
+ GSS_C_REPLAY_FLAG |
+ GSS_C_SEQUENCE_FLAG;
+ if (do_sign) {
+ gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
+ }
+ if (do_seal) {
+ gse_ctx->gss_want_flags |= GSS_C_INTEG_FLAG;
+ gse_ctx->gss_want_flags |= GSS_C_CONF_FLAG;
+ }
+
+ gse_ctx->gss_want_flags |= add_gss_c_flags;
+
+ /* Initialize Kerberos Context */
+ k5ret = smb_krb5_init_context_common(&gse_ctx->k5ctx);
+ if (k5ret) {
+ DBG_ERR("kerberos init context failed (%s)\n",
+ error_message(k5ret));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto err_out;
+ }
+
+#ifdef SAMBA4_USES_HEIMDAL
+ k5ret = gsskrb5_set_dns_canonicalize(false);
+ if (k5ret) {
+ DBG_ERR("gsskrb5_set_dns_canonicalize() failed (%s)\n",
+ error_message(k5ret));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto err_out;
+ }
+#endif
+
+ if (!ccache_name) {
+ ccache_name = krb5_cc_default_name(gse_ctx->k5ctx);
+ }
+ k5ret = krb5_cc_resolve(gse_ctx->k5ctx, ccache_name,
+ &gse_ctx->ccache);
+ if (k5ret) {
+ DEBUG(1, ("Failed to resolve credential cache '%s'! (%s)\n",
+ ccache_name, error_message(k5ret)));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto err_out;
+ }
+
+ /* TODO: Should we enforce a enc_types list ?
+ ret = krb5_set_default_tgs_ktypes(gse_ctx->k5ctx, enc_types);
+ */
+
+ *_gse_ctx = gse_ctx;
+ return NT_STATUS_OK;
+
+err_out:
+ TALLOC_FREE(gse_ctx);
+ return status;
+}
+
+static NTSTATUS gse_init_client(struct gensec_security *gensec_security,
+ bool do_sign, bool do_seal,
+ const char *ccache_name,
+ const char *server,
+ const char *service,
+ const char *realm,
+ const char *username,
+ const char *password,
+ uint32_t add_gss_c_flags,
+ struct gse_context **_gse_ctx)
+{
+ struct gse_context *gse_ctx;
+ OM_uint32 gss_maj, gss_min;
+#ifdef HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
+ gss_buffer_desc empty_buffer = GSS_C_EMPTY_BUFFER;
+ gss_OID oid = discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X);
+#endif
+ NTSTATUS status;
+
+ if (!server || !service) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = gse_context_init(gensec_security, do_sign, do_seal,
+ ccache_name, add_gss_c_flags,
+ &gse_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+#ifdef SAMBA4_USES_HEIMDAL
+ {
+ int ret;
+ bool set_dns_canon = gensec_setting_bool(
+ gensec_security->settings,
+ "krb5", "set_dns_canonicalize",
+ false);
+ const char *server_realm = lpcfg_realm(
+ gensec_security->settings->lp_ctx);
+ if (server_realm != NULL) {
+ ret = gsskrb5_set_default_realm(server_realm);
+ if (ret) {
+ DBG_ERR("gsskrb5_set_default_realm failed\n");
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ }
+
+ /*
+ * don't do DNS lookups of any kind, it might/will
+ * fail for a netbios name
+ */
+ ret = gsskrb5_set_dns_canonicalize(set_dns_canon);
+ if (ret != GSS_S_COMPLETE) {
+ DBG_ERR("gsskrb5_set_dns_canonicalize failed\n");
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ }
+#endif
+
+ /* TODO: get krb5 ticket using username/password, if no valid
+ * one already available in ccache */
+
+ gss_maj = smb_gss_krb5_import_cred(&gss_min,
+ gse_ctx->k5ctx,
+ gse_ctx->ccache,
+ NULL, /* keytab_principal */
+ NULL, /* keytab */
+ &gse_ctx->creds);
+ if (gss_maj) {
+ char *ccache = NULL;
+ int kret;
+
+ kret = krb5_cc_get_full_name(gse_ctx->k5ctx,
+ gse_ctx->ccache,
+ &ccache);
+ if (kret != 0) {
+ ccache = NULL;
+ }
+
+ DEBUG(5, ("smb_gss_krb5_import_cred ccache[%s] failed with [%s] -"
+ "the caller may retry after a kinit.\n",
+ ccache, gse_errstr(gse_ctx, gss_maj, gss_min)));
+ krb5_free_string(gse_ctx->k5ctx, ccache);
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto err_out;
+ }
+
+#ifdef HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
+ /*
+ * Don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG.
+ *
+ * This allows us to disable SIGN and SEAL for
+ * AUTH_LEVEL_CONNECT and AUTH_LEVEL_INTEGRITY.
+ *
+ * https://groups.yahoo.com/neo/groups/cat-ietf/conversations/topics/575
+ * http://krbdev.mit.edu/rt/Ticket/Display.html?id=6938
+ */
+ gss_maj = gss_set_cred_option(&gss_min, &gse_ctx->creds,
+ oid,
+ &empty_buffer);
+ if (gss_maj) {
+ DEBUG(0, ("gss_set_cred_option(GSS_KRB5_CRED_NO_CI_FLAGS_X), "
+ "failed with [%s]\n",
+ gse_errstr(gse_ctx, gss_maj, gss_min)));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto err_out;
+ }
+#endif
+
+ *_gse_ctx = gse_ctx;
+ return NT_STATUS_OK;
+
+err_out:
+ TALLOC_FREE(gse_ctx);
+ return status;
+}
+
+static NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
+ struct gensec_security *gensec_security,
+ const DATA_BLOB *token_in,
+ DATA_BLOB *token_out)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ OM_uint32 gss_maj = 0;
+ OM_uint32 gss_min;
+ gss_buffer_desc in_data;
+ gss_buffer_desc out_data;
+ DATA_BLOB blob = data_blob_null;
+ NTSTATUS status;
+ OM_uint32 time_rec = 0;
+ struct timeval tv;
+ struct cli_credentials *cli_creds = gensec_get_credentials(gensec_security);
+ const char *target_principal = gensec_get_target_principal(gensec_security);
+ const char *hostname = gensec_get_target_hostname(gensec_security);
+ const char *service = gensec_get_target_service(gensec_security);
+ const char *client_realm = cli_credentials_get_realm(cli_creds);
+ char *server_principal = NULL;
+ char *server_realm = NULL;
+ bool fallback = false;
+ OM_uint32 time_req = 0;
+
+ time_req = gensec_setting_int(gensec_security->settings,
+ "gensec_gssapi",
+ "requested_life_time",
+ time_req);
+
+ in_data.value = token_in->data;
+ in_data.length = token_in->length;
+
+ /*
+ * With credentials for administrator@FOREST1.EXAMPLE.COM this patch
+ * changes the target_principal for the ldap service of host
+ * dc2.forest2.example.com from
+ *
+ * ldap/dc2.forest2.example.com@FOREST1.EXAMPLE.COM
+ *
+ * to
+ *
+ * ldap/dc2.forest2.example.com@FOREST2.EXAMPLE.COM
+ *
+ * Typically ldap/dc2.forest2.example.com@FOREST1.EXAMPLE.COM should be
+ * used in order to allow the KDC of FOREST1.EXAMPLE.COM to generate a
+ * referral ticket for krbtgt/FOREST2.EXAMPLE.COM@FOREST1.EXAMPLE.COM.
+ *
+ * The problem is that KDCs only return such referral tickets if
+ * there's a forest trust between FOREST1.EXAMPLE.COM and
+ * FOREST2.EXAMPLE.COM. If there's only an external domain trust
+ * between FOREST1.EXAMPLE.COM and FOREST2.EXAMPLE.COM the KDC of
+ * FOREST1.EXAMPLE.COM will respond with S_PRINCIPAL_UNKNOWN when being
+ * asked for ldap/dc2.forest2.example.com@FOREST1.EXAMPLE.COM.
+ *
+ * In the case of an external trust the client can still ask explicitly
+ * for krbtgt/FOREST2.EXAMPLE.COM@FOREST1.EXAMPLE.COM and the KDC of
+ * FOREST1.EXAMPLE.COM will generate it.
+ *
+ * From there the client can use the
+ * krbtgt/FOREST2.EXAMPLE.COM@FOREST1.EXAMPLE.COM ticket and ask a KDC
+ * of FOREST2.EXAMPLE.COM for a service ticket for
+ * ldap/dc2.forest2.example.com@FOREST2.EXAMPLE.COM.
+ *
+ * With Heimdal we'll get the fallback on S_PRINCIPAL_UNKNOWN behavior
+ * when we pass ldap/dc2.forest2.example.com@FOREST2.EXAMPLE.COM as
+ * target principal. As _krb5_get_cred_kdc_any() first calls
+ * get_cred_kdc_referral() (which always starts with the client realm)
+ * and falls back to get_cred_kdc_capath() (which starts with the given
+ * realm).
+ *
+ * MIT krb5 only tries the given realm of the target principal, if we
+ * want to autodetect support for transitive forest trusts, would have
+ * to do the fallback ourself.
+ */
+#ifndef SAMBA4_USES_HEIMDAL
+ if (gse_ctx->server_name == NULL) {
+ OM_uint32 gss_min2 = 0;
+
+ status = gse_setup_server_principal(mem_ctx,
+ target_principal,
+ service,
+ hostname,
+ client_realm,
+ &server_principal,
+ &gse_ctx->server_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ gss_maj = gss_init_sec_context(&gss_min,
+ gse_ctx->creds,
+ &gse_ctx->gssapi_context,
+ gse_ctx->server_name,
+ &gse_ctx->gss_mech,
+ gse_ctx->gss_want_flags,
+ time_req,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &in_data,
+ NULL,
+ &out_data,
+ &gse_ctx->gss_got_flags,
+ &time_rec);
+ if (gss_maj != GSS_S_FAILURE) {
+ goto init_sec_context_done;
+ }
+ if (gss_min != (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) {
+ goto init_sec_context_done;
+ }
+ if (target_principal != NULL) {
+ goto init_sec_context_done;
+ }
+
+ fallback = true;
+ TALLOC_FREE(server_principal);
+ gss_release_name(&gss_min2, &gse_ctx->server_name);
+ }
+#endif /* !SAMBA4_USES_HEIMDAL */
+
+ if (gse_ctx->server_name == NULL) {
+ server_realm = smb_krb5_get_realm_from_hostname(mem_ctx,
+ hostname,
+ client_realm);
+ if (server_realm == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (fallback &&
+ strequal(client_realm, server_realm)) {
+ goto init_sec_context_done;
+ }
+
+ status = gse_setup_server_principal(mem_ctx,
+ target_principal,
+ service,
+ hostname,
+ server_realm,
+ &server_principal,
+ &gse_ctx->server_name);
+ TALLOC_FREE(server_realm);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ TALLOC_FREE(server_principal);
+ }
+
+ gss_maj = gss_init_sec_context(&gss_min,
+ gse_ctx->creds,
+ &gse_ctx->gssapi_context,
+ gse_ctx->server_name,
+ &gse_ctx->gss_mech,
+ gse_ctx->gss_want_flags,
+ time_req, GSS_C_NO_CHANNEL_BINDINGS,
+ &in_data, NULL, &out_data,
+ &gse_ctx->gss_got_flags, &time_rec);
+ goto init_sec_context_done;
+ /* JUMP! */
+init_sec_context_done:
+
+ switch (gss_maj) {
+ case GSS_S_COMPLETE:
+ /* we are done with it */
+ tv = timeval_current_ofs(time_rec, 0);
+ gse_ctx->expire_time = timeval_to_nttime(&tv);
+
+ status = NT_STATUS_OK;
+ break;
+ case GSS_S_CONTINUE_NEEDED:
+ /* we will need a third leg */
+ status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ break;
+ case GSS_S_CONTEXT_EXPIRED:
+ /* Make SPNEGO ignore us, we can't go any further here */
+ DBG_NOTICE("Context expired\n");
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ case GSS_S_FAILURE:
+ switch (gss_min) {
+ case (OM_uint32)KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: {
+ gss_buffer_desc name_token = {
+ .length = 0,
+ };
+
+ gss_maj = gss_display_name(&gss_min,
+ gse_ctx->server_name,
+ &name_token,
+ NULL);
+ if (gss_maj == GSS_S_COMPLETE) {
+ DBG_NOTICE("Server principal %.*s not found\n",
+ (int)name_token.length,
+ (char *)name_token.value);
+ gss_release_buffer(&gss_maj, &name_token);
+ } else {
+ DBG_NOTICE("Server principal not found\n");
+ }
+
+ /* Make SPNEGO ignore us, we can't go any further here */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ }
+ case (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED:
+ DBG_NOTICE("Ticket expired\n");
+ /* Make SPNEGO ignore us, we can't go any further here */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ case (OM_uint32)KRB5KRB_AP_ERR_TKT_NYV:
+ DBG_NOTICE("Clockskew\n");
+ /* Make SPNEGO ignore us, we can't go any further here */
+ status = NT_STATUS_TIME_DIFFERENCE_AT_DC;
+ goto done;
+ case (OM_uint32)KRB5_KDC_UNREACH:
+ DBG_NOTICE("KDC unreachable\n");
+ /* Make SPNEGO ignore us, we can't go any further here */
+ status = NT_STATUS_NO_LOGON_SERVERS;
+ goto done;
+ case (OM_uint32)KRB5KRB_AP_ERR_MSG_TYPE:
+ /* Garbage input, possibly from the auto-mech detection */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto done;
+ case (OM_uint32)KRB5KDC_ERR_ETYPE_NOSUPP:
+ status = NT_STATUS_KDC_UNKNOWN_ETYPE;
+ goto done;
+ default:
+ DBG_ERR("gss_init_sec_context failed with [%s](%u)\n",
+ gse_errstr(talloc_tos(), gss_maj, gss_min),
+ gss_min);
+ status = NT_STATUS_LOGON_FAILURE;
+ goto done;
+ }
+ break;
+ default:
+ DBG_ERR("gss_init_sec_context failed with [%s]\n",
+ gse_errstr(talloc_tos(), gss_maj, gss_min));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto done;
+ }
+
+ /* we may be told to return nothing */
+ if (out_data.length) {
+ blob = data_blob_talloc(mem_ctx, out_data.value, out_data.length);
+ if (!blob.data) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+
+ gss_release_buffer(&gss_min, &out_data);
+ }
+
+done:
+ *token_out = blob;
+ return status;
+}
+
+static NTSTATUS gse_init_server(TALLOC_CTX *mem_ctx,
+ bool do_sign, bool do_seal,
+ uint32_t add_gss_c_flags,
+ struct gse_context **_gse_ctx)
+{
+ struct gse_context *gse_ctx;
+ OM_uint32 gss_maj, gss_min;
+ krb5_error_code ret;
+ NTSTATUS status;
+
+ status = gse_context_init(mem_ctx, do_sign, do_seal,
+ NULL, add_gss_c_flags, &gse_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ret = gse_krb5_get_server_keytab(gse_ctx->k5ctx,
+ &gse_ctx->keytab);
+ if (ret) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto done;
+ }
+
+ /* This creates a GSSAPI cred_id_t with the keytab set */
+ gss_maj = smb_gss_krb5_import_cred(&gss_min, gse_ctx->k5ctx,
+ NULL, NULL, gse_ctx->keytab,
+ &gse_ctx->creds);
+
+ if (gss_maj != 0) {
+ DEBUG(0, ("smb_gss_krb5_import_cred failed with [%s]\n",
+ gse_errstr(gse_ctx, gss_maj, gss_min)));
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto done;
+ }
+
+ status = NT_STATUS_OK;
+
+done:
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(gse_ctx);
+ }
+
+ *_gse_ctx = gse_ctx;
+ return status;
+}
+
+static NTSTATUS gse_get_server_auth_token(TALLOC_CTX *mem_ctx,
+ struct gensec_security *gensec_security,
+ const DATA_BLOB *token_in,
+ DATA_BLOB *token_out)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ OM_uint32 gss_maj, gss_min;
+ gss_buffer_desc in_data;
+ gss_buffer_desc out_data;
+ DATA_BLOB blob = data_blob_null;
+ NTSTATUS status;
+ OM_uint32 time_rec = 0;
+ struct timeval tv;
+
+ in_data.value = token_in->data;
+ in_data.length = token_in->length;
+
+ gss_maj = gss_accept_sec_context(&gss_min,
+ &gse_ctx->gssapi_context,
+ gse_ctx->creds,
+ &in_data,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &gse_ctx->client_name,
+ &gse_ctx->ret_mech,
+ &out_data,
+ &gse_ctx->gss_got_flags,
+ &time_rec,
+ &gse_ctx->delegated_cred_handle);
+ switch (gss_maj) {
+ case GSS_S_COMPLETE:
+ /* we are done with it */
+ tv = timeval_current_ofs(time_rec, 0);
+ gse_ctx->expire_time = timeval_to_nttime(&tv);
+
+ status = NT_STATUS_OK;
+ break;
+ case GSS_S_CONTINUE_NEEDED:
+ /* we will need a third leg */
+ status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ break;
+ default:
+ DEBUG(1, ("gss_accept_sec_context failed with [%s]\n",
+ gse_errstr(talloc_tos(), gss_maj, gss_min)));
+
+ if (gse_ctx->gssapi_context) {
+ gss_delete_sec_context(&gss_min,
+ &gse_ctx->gssapi_context,
+ GSS_C_NO_BUFFER);
+ }
+
+ /*
+ * If we got an output token, make Windows aware of it
+ * by telling it that more processing is needed
+ */
+ if (out_data.length > 0) {
+ status = NT_STATUS_MORE_PROCESSING_REQUIRED;
+ /* Fall through to handle the out token */
+ } else {
+ status = NT_STATUS_LOGON_FAILURE;
+ goto done;
+ }
+ }
+
+ /* we may be told to return nothing */
+ if (out_data.length) {
+ blob = data_blob_talloc(mem_ctx, out_data.value, out_data.length);
+ if (!blob.data) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+ gss_release_buffer(&gss_min, &out_data);
+ }
+
+
+done:
+ *token_out = blob;
+ return status;
+}
+
+static char *gse_errstr(TALLOC_CTX *mem_ctx, OM_uint32 maj, OM_uint32 min)
+{
+ OM_uint32 gss_min, gss_maj;
+ gss_buffer_desc msg_min;
+ gss_buffer_desc msg_maj;
+ OM_uint32 msg_ctx = 0;
+
+ char *errstr = NULL;
+
+ ZERO_STRUCT(msg_min);
+ ZERO_STRUCT(msg_maj);
+
+ gss_maj = gss_display_status(&gss_min, maj, GSS_C_GSS_CODE,
+ GSS_C_NO_OID, &msg_ctx, &msg_maj);
+ if (gss_maj) {
+ goto done;
+ }
+ errstr = talloc_strndup(mem_ctx,
+ (char *)msg_maj.value,
+ msg_maj.length);
+ if (!errstr) {
+ goto done;
+ }
+ gss_maj = gss_display_status(&gss_min, min, GSS_C_MECH_CODE,
+ (gss_OID)discard_const(gss_mech_krb5),
+ &msg_ctx, &msg_min);
+ if (gss_maj) {
+ goto done;
+ }
+
+ errstr = talloc_strdup_append_buffer(errstr, ": ");
+ if (!errstr) {
+ goto done;
+ }
+ errstr = talloc_strndup_append_buffer(errstr,
+ (char *)msg_min.value,
+ msg_min.length);
+ if (!errstr) {
+ goto done;
+ }
+
+done:
+ if (msg_min.value) {
+ gss_release_buffer(&gss_min, &msg_min);
+ }
+ if (msg_maj.value) {
+ gss_release_buffer(&gss_min, &msg_maj);
+ }
+ return errstr;
+}
+
+static NTSTATUS gensec_gse_client_start(struct gensec_security *gensec_security)
+{
+ struct gse_context *gse_ctx;
+ struct cli_credentials *creds = gensec_get_credentials(gensec_security);
+ NTSTATUS nt_status;
+ OM_uint32 want_flags = 0;
+ bool do_sign = false, do_seal = false;
+ const char *hostname = gensec_get_target_hostname(gensec_security);
+ const char *service = gensec_get_target_service(gensec_security);
+ const char *username = cli_credentials_get_username(creds);
+ const char *password = cli_credentials_get_password(creds);
+ const char *realm = cli_credentials_get_realm(creds);
+
+ if (!hostname) {
+ DEBUG(1, ("Could not determine hostname for target computer, cannot use kerberos\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ if (is_ipaddress(hostname)) {
+ DEBUG(2, ("Cannot do GSE to an IP address\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ if (strcmp(hostname, "localhost") == 0) {
+ DEBUG(2, ("GSE to 'localhost' does not make sense\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
+ do_sign = true;
+ }
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
+ do_sign = true;
+ }
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+ do_seal = true;
+ }
+ if (gensec_security->want_features & GENSEC_FEATURE_DCE_STYLE) {
+ want_flags |= GSS_C_DCE_STYLE;
+ }
+
+ nt_status = gse_init_client(gensec_security, do_sign, do_seal, NULL,
+ hostname, service, realm,
+ username, password, want_flags,
+ &gse_ctx);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+ gensec_security->private_data = gse_ctx;
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gse_server_start(struct gensec_security *gensec_security)
+{
+ struct gse_context *gse_ctx;
+ NTSTATUS nt_status;
+ OM_uint32 want_flags = 0;
+ bool do_sign = false, do_seal = false;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
+ do_sign = true;
+ }
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+ do_seal = true;
+ }
+ if (gensec_security->want_features & GENSEC_FEATURE_DCE_STYLE) {
+ want_flags |= GSS_C_DCE_STYLE;
+ }
+
+ nt_status = gse_init_server(gensec_security, do_sign, do_seal, want_flags,
+ &gse_ctx);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+ gensec_security->private_data = gse_ctx;
+ return NT_STATUS_OK;
+}
+
+struct gensec_gse_update_state {
+ NTSTATUS status;
+ DATA_BLOB out;
+};
+
+static NTSTATUS gensec_gse_update_internal(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB in,
+ DATA_BLOB *out);
+
+static struct tevent_req *gensec_gse_update_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct gensec_security *gensec_security,
+ const DATA_BLOB in)
+{
+ struct tevent_req *req = NULL;
+ struct gensec_gse_update_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct gensec_gse_update_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = gensec_gse_update_internal(gensec_security,
+ state, in,
+ &state->out);
+ state->status = status;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+}
+
+static NTSTATUS gensec_gse_update_internal(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB in,
+ DATA_BLOB *out)
+{
+ NTSTATUS status;
+
+ switch (gensec_security->gensec_role) {
+ case GENSEC_CLIENT:
+ status = gse_get_client_auth_token(mem_ctx,
+ gensec_security,
+ &in, out);
+ break;
+ case GENSEC_SERVER:
+ status = gse_get_server_auth_token(mem_ctx,
+ gensec_security,
+ &in, out);
+ break;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gse_update_recv(struct tevent_req *req,
+ TALLOC_CTX *out_mem_ctx,
+ DATA_BLOB *out)
+{
+ struct gensec_gse_update_state *state =
+ tevent_req_data(req,
+ struct gensec_gse_update_state);
+ NTSTATUS status;
+
+ *out = data_blob_null;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ *out = state->out;
+ talloc_steal(out_mem_ctx, state->out.data);
+ status = state->status;
+ tevent_req_received(req);
+ return status;
+}
+
+static NTSTATUS gensec_gse_wrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input_token, output_token;
+ int conf_state;
+ input_token.length = in->length;
+ input_token.value = in->data;
+
+ maj_stat = gss_wrap(&min_stat,
+ gse_ctx->gssapi_context,
+ gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL),
+ GSS_C_QOP_DEFAULT,
+ &input_token,
+ &conf_state,
+ &output_token);
+ if (GSS_ERROR(maj_stat)) {
+ DEBUG(0, ("gensec_gse_wrap: GSS Wrap failed: %s\n",
+ gse_errstr(talloc_tos(), maj_stat, min_stat)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ *out = data_blob_talloc(mem_ctx, output_token.value, output_token.length);
+ gss_release_buffer(&min_stat, &output_token);
+
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
+ && !conf_state) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gse_unwrap(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const DATA_BLOB *in,
+ DATA_BLOB *out)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ OM_uint32 maj_stat, min_stat;
+ gss_buffer_desc input_token, output_token;
+ int conf_state;
+ gss_qop_t qop_state;
+ input_token.length = in->length;
+ input_token.value = in->data;
+
+ maj_stat = gss_unwrap(&min_stat,
+ gse_ctx->gssapi_context,
+ &input_token,
+ &output_token,
+ &conf_state,
+ &qop_state);
+ if (GSS_ERROR(maj_stat)) {
+ DEBUG(0, ("gensec_gse_unwrap: GSS UnWrap failed: %s\n",
+ gse_errstr(talloc_tos(), maj_stat, min_stat)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ *out = data_blob_talloc(mem_ctx, output_token.value, output_token.length);
+ gss_release_buffer(&min_stat, &output_token);
+
+ if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
+ && !conf_state) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gse_seal_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ bool hdr_signing = false;
+ size_t sig_size = 0;
+ NTSTATUS status;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+ hdr_signing = true;
+ }
+
+ sig_size = gensec_gse_sig_size(gensec_security, length);
+
+ status = gssapi_seal_packet(gse_ctx->gssapi_context,
+ &gse_ctx->gss_mech,
+ hdr_signing, sig_size,
+ data, length,
+ whole_pdu, pdu_length,
+ mem_ctx, sig);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("gssapi_seal_packet(hdr_signing=%u,sig_size=%zu,"
+ "data=%zu,pdu=%zu) failed: %s\n",
+ hdr_signing, sig_size, length, pdu_length,
+ nt_errstr(status)));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gse_unseal_packet(struct gensec_security *gensec_security,
+ uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ bool hdr_signing = false;
+ NTSTATUS status;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+ hdr_signing = true;
+ }
+
+ status = gssapi_unseal_packet(gse_ctx->gssapi_context,
+ &gse_ctx->gss_mech,
+ hdr_signing,
+ data, length,
+ whole_pdu, pdu_length,
+ sig);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("gssapi_unseal_packet(hdr_signing=%u,sig_size=%zu,"
+ "data=%zu,pdu=%zu) failed: %s\n",
+ hdr_signing, sig->length, length, pdu_length,
+ nt_errstr(status)));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gse_sign_packet(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ DATA_BLOB *sig)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ bool hdr_signing = false;
+ NTSTATUS status;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+ hdr_signing = true;
+ }
+
+ status = gssapi_sign_packet(gse_ctx->gssapi_context,
+ &gse_ctx->gss_mech,
+ hdr_signing,
+ data, length,
+ whole_pdu, pdu_length,
+ mem_ctx, sig);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("gssapi_sign_packet(hdr_signing=%u,"
+ "data=%zu,pdu=%zu) failed: %s\n",
+ hdr_signing, length, pdu_length,
+ nt_errstr(status)));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS gensec_gse_check_packet(struct gensec_security *gensec_security,
+ const uint8_t *data, size_t length,
+ const uint8_t *whole_pdu, size_t pdu_length,
+ const DATA_BLOB *sig)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ bool hdr_signing = false;
+ NTSTATUS status;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+ hdr_signing = true;
+ }
+
+ status = gssapi_check_packet(gse_ctx->gssapi_context,
+ &gse_ctx->gss_mech,
+ hdr_signing,
+ data, length,
+ whole_pdu, pdu_length,
+ sig);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("gssapi_check_packet(hdr_signing=%u,sig_size=%zu"
+ "data=%zu,pdu=%zu) failed: %s\n",
+ hdr_signing, sig->length, length, pdu_length,
+ nt_errstr(status)));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/* Try to figure out what features we actually got on the connection */
+static bool gensec_gse_have_feature(struct gensec_security *gensec_security,
+ uint32_t feature)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+
+ if (feature & GENSEC_FEATURE_SESSION_KEY) {
+ return gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG;
+ }
+ if (feature & GENSEC_FEATURE_SIGN) {
+ return gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG;
+ }
+ if (feature & GENSEC_FEATURE_SEAL) {
+ return gse_ctx->gss_got_flags & GSS_C_CONF_FLAG;
+ }
+ if (feature & GENSEC_FEATURE_DCE_STYLE) {
+ return gse_ctx->gss_got_flags & GSS_C_DCE_STYLE;
+ }
+ if (feature & GENSEC_FEATURE_NEW_SPNEGO) {
+ NTSTATUS status;
+ uint32_t keytype;
+
+ if (!(gse_ctx->gss_got_flags & GSS_C_INTEG_FLAG)) {
+ return false;
+ }
+
+ status = gssapi_get_session_key(talloc_tos(),
+ gse_ctx->gssapi_context, NULL, &keytype);
+ /*
+ * We should do a proper sig on the mechListMic unless
+ * we know we have to be backwards compatible with
+ * earlier windows versions.
+ *
+ * Negotiating a non-krb5
+ * mech for example should be regarded as having
+ * NEW_SPNEGO
+ */
+ if (NT_STATUS_IS_OK(status)) {
+ switch (keytype) {
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_ARCFOUR_HMAC:
+ case ENCTYPE_DES3_CBC_SHA1:
+ return false;
+ }
+ }
+ return true;
+ }
+ /* We can always do async (rather than strict request/reply) packets. */
+ if (feature & GENSEC_FEATURE_ASYNC_REPLIES) {
+ return true;
+ }
+ if (feature & GENSEC_FEATURE_SIGN_PKT_HEADER) {
+ return true;
+ }
+ return false;
+}
+
+static NTTIME gensec_gse_expire_time(struct gensec_security *gensec_security)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+
+ return gse_ctx->expire_time;
+}
+
+/*
+ * Extract the 'session key' needed by SMB signing and ncacn_np
+ * (for encrypting some passwords).
+ *
+ * This breaks all the abstractions, but what do you expect...
+ */
+static NTSTATUS gensec_gse_session_key(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *session_key)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+
+ return gssapi_get_session_key(mem_ctx, gse_ctx->gssapi_context, session_key, NULL);
+}
+
+/* Get some basic (and authorization) information about the user on
+ * this session. This uses either the PAC (if present) or a local
+ * database lookup */
+static NTSTATUS gensec_gse_session_info(struct gensec_security *gensec_security,
+ TALLOC_CTX *mem_ctx,
+ struct auth_session_info **_session_info)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ NTSTATUS nt_status;
+ TALLOC_CTX *tmp_ctx;
+ struct auth_session_info *session_info = NULL;
+ OM_uint32 maj_stat, min_stat;
+ DATA_BLOB pac_blob, *pac_blob_ptr = NULL;
+
+ gss_buffer_desc name_token;
+ char *principal_string;
+
+ tmp_ctx = talloc_named(mem_ctx, 0, "gensec_gse_session_info context");
+ NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+
+ maj_stat = gss_display_name(&min_stat,
+ gse_ctx->client_name,
+ &name_token,
+ NULL);
+ if (GSS_ERROR(maj_stat)) {
+ DEBUG(1, ("GSS display_name failed: %s\n",
+ gse_errstr(talloc_tos(), maj_stat, min_stat)));
+ talloc_free(tmp_ctx);
+ return NT_STATUS_FOOBAR;
+ }
+
+ principal_string = talloc_strndup(tmp_ctx,
+ (const char *)name_token.value,
+ name_token.length);
+
+ gss_release_buffer(&min_stat, &name_token);
+
+ if (!principal_string) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_status = gssapi_obtain_pac_blob(tmp_ctx, gse_ctx->gssapi_context,
+ gse_ctx->client_name,
+ &pac_blob);
+
+ /* IF we have the PAC - otherwise we need to get this
+ * data from elsewhere
+ */
+ if (NT_STATUS_IS_OK(nt_status)) {
+ pac_blob_ptr = &pac_blob;
+ }
+ nt_status = gensec_generate_session_info_pac(tmp_ctx,
+ gensec_security,
+ NULL,
+ pac_blob_ptr, principal_string,
+ gensec_get_remote_address(gensec_security),
+ &session_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+
+ nt_status = gensec_gse_session_key(gensec_security, session_info,
+ &session_info->session_key);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+
+ *_session_info = talloc_move(mem_ctx, &session_info);
+ talloc_free(tmp_ctx);
+
+ return NT_STATUS_OK;
+}
+
+static size_t gensec_gse_max_input_size(struct gensec_security *gensec_security)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ OM_uint32 maj_stat, min_stat;
+ OM_uint32 max_input_size;
+
+ maj_stat = gss_wrap_size_limit(&min_stat,
+ gse_ctx->gssapi_context,
+ gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL),
+ GSS_C_QOP_DEFAULT,
+ gse_ctx->max_wrap_buf_size,
+ &max_input_size);
+ if (GSS_ERROR(maj_stat)) {
+ TALLOC_CTX *mem_ctx = talloc_new(NULL);
+ DEBUG(1, ("gensec_gssapi_max_input_size: determining signature size with gss_wrap_size_limit failed: %s\n",
+ gse_errstr(mem_ctx, maj_stat, min_stat)));
+ talloc_free(mem_ctx);
+ return 0;
+ }
+
+ return max_input_size;
+}
+
+/* Find out the maximum output size negotiated on this connection */
+static size_t gensec_gse_max_wrapped_size(struct gensec_security *gensec_security)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+ return gse_ctx->max_wrap_buf_size;
+}
+
+static size_t gensec_gse_sig_size(struct gensec_security *gensec_security,
+ size_t data_size)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+
+ if (gse_ctx->sig_size > 0) {
+ return gse_ctx->sig_size;
+ }
+
+ gse_ctx->sig_size = gssapi_get_sig_size(gse_ctx->gssapi_context,
+ &gse_ctx->gss_mech,
+ gse_ctx->gss_got_flags,
+ data_size);
+ return gse_ctx->sig_size;
+}
+
+static const char *gensec_gse_final_auth_type(struct gensec_security *gensec_security)
+{
+ struct gse_context *gse_ctx =
+ talloc_get_type_abort(gensec_security->private_data,
+ struct gse_context);
+
+ /* Only return the string for GSSAPI/Krb5 */
+ if (smb_gss_oid_equal(&gse_ctx->gss_mech,
+ gss_mech_krb5)) {
+ return GENSEC_FINAL_AUTH_TYPE_KRB5;
+ } else {
+ return "gensec_gse: UNKNOWN MECH";
+ }
+}
+
+static const char *gensec_gse_krb5_oids[] = {
+ GENSEC_OID_KERBEROS5_OLD,
+ GENSEC_OID_KERBEROS5,
+ NULL
+};
+
+const struct gensec_security_ops gensec_gse_krb5_security_ops = {
+ .name = "gse_krb5",
+ .auth_type = DCERPC_AUTH_TYPE_KRB5,
+ .oid = gensec_gse_krb5_oids,
+ .client_start = gensec_gse_client_start,
+ .server_start = gensec_gse_server_start,
+ .magic = gensec_magic_check_krb5_oid,
+ .update_send = gensec_gse_update_send,
+ .update_recv = gensec_gse_update_recv,
+ .session_key = gensec_gse_session_key,
+ .session_info = gensec_gse_session_info,
+ .sig_size = gensec_gse_sig_size,
+ .sign_packet = gensec_gse_sign_packet,
+ .check_packet = gensec_gse_check_packet,
+ .seal_packet = gensec_gse_seal_packet,
+ .unseal_packet = gensec_gse_unseal_packet,
+ .max_input_size = gensec_gse_max_input_size,
+ .max_wrapped_size = gensec_gse_max_wrapped_size,
+ .wrap = gensec_gse_wrap,
+ .unwrap = gensec_gse_unwrap,
+ .have_feature = gensec_gse_have_feature,
+ .expire_time = gensec_gse_expire_time,
+ .final_auth_type = gensec_gse_final_auth_type,
+ .enabled = true,
+ .kerberos = true,
+ .priority = GENSEC_GSSAPI
+};
+
+#endif /* HAVE_KRB5 */
diff --git a/source3/librpc/crypto/gse.h b/source3/librpc/crypto/gse.h
new file mode 100644
index 0000000..8618573
--- /dev/null
+++ b/source3/librpc/crypto/gse.h
@@ -0,0 +1,26 @@
+/*
+ * GSSAPI Security Extensions
+ * Copyright (C) Simo Sorce 2010.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _GSE_H_
+#define _GSE_H_
+
+struct gse_context;
+
+extern const struct gensec_security_ops gensec_gse_krb5_security_ops;
+
+#endif /* _GSE_H_ */
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
new file mode 100644
index 0000000..f1e0e51
--- /dev/null
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -0,0 +1,609 @@
+/*
+ * GSSAPI Security Extensions
+ * Krb5 helpers
+ * Copyright (C) Simo Sorce 2010.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "secrets.h"
+#include "librpc/gen_ndr/secrets.h"
+#include "gse_krb5.h"
+#include "lib/param/loadparm.h"
+#include "libads/kerberos_proto.h"
+#include "lib/util/string_wrappers.h"
+
+#ifdef HAVE_KRB5
+
+static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab)
+{
+ krb5_error_code ret;
+ krb5_kt_cursor kt_cursor;
+ krb5_keytab_entry kt_entry;
+
+ ZERO_STRUCT(kt_entry);
+
+ ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
+ if (ret != 0) {
+ return ret;
+ }
+
+ ret = krb5_kt_next_entry(krbctx, keytab, &kt_entry, &kt_cursor);
+ while (ret == 0) {
+
+ /* we need to close and reopen enumeration because we modify
+ * the keytab */
+ ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
+ if (ret != 0) {
+ DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
+ "failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+
+ /* remove the entry */
+ ret = krb5_kt_remove_entry(krbctx, keytab, &kt_entry);
+ if (ret != 0) {
+ DEBUG(1, (__location__ ": krb5_kt_remove_entry() "
+ "failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+ ZERO_STRUCT(kt_entry);
+
+ /* now reopen */
+ ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
+ if (ret != 0) {
+ DEBUG(1, (__location__ ": krb5_kt_start_seq() failed "
+ "(%s)\n", error_message(ret)));
+ goto out;
+ }
+
+ ret = krb5_kt_next_entry(krbctx, keytab,
+ &kt_entry, &kt_cursor);
+ }
+
+ if (ret != KRB5_KT_END && ret != ENOENT) {
+ DEBUG(1, (__location__ ": flushing keytab we got [%s]!\n",
+ error_message(ret)));
+ }
+
+ ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
+ if (ret != 0) {
+ DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
+ "failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+ ret = 0;
+
+out:
+ return ret;
+}
+
+static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
+ krb5_keytab keytab,
+ krb5_principal princ,
+ krb5_kvno vno,
+ struct secrets_domain_info1_password *pw)
+{
+ krb5_error_code ret;
+ krb5_enctype *enctypes;
+ uint16_t i;
+
+ ret = smb_krb5_get_allowed_etypes(krbctx, &enctypes);
+ if (ret) {
+ DEBUG(1, (__location__
+ ": Can't determine permitted enctypes!\n"));
+ return ret;
+ }
+
+ for (i = 0; i < pw->num_keys; i++) {
+ krb5_keytab_entry kt_entry;
+ krb5_keyblock *key = NULL;
+ unsigned int ei;
+ bool found_etype = false;
+
+ for (ei=0; enctypes[ei] != 0; ei++) {
+ if ((uint32_t)enctypes[ei] != pw->keys[i].keytype) {
+ continue;
+ }
+
+ found_etype = true;
+ break;
+ }
+
+ if (!found_etype) {
+ continue;
+ }
+
+ ZERO_STRUCT(kt_entry);
+ kt_entry.principal = princ;
+ kt_entry.vno = vno;
+
+ key = KRB5_KT_KEY(&kt_entry);
+ KRB5_KEY_TYPE(key) = pw->keys[i].keytype;
+ KRB5_KEY_DATA(key) = pw->keys[i].value.data;
+ KRB5_KEY_LENGTH(key) = pw->keys[i].value.length;
+
+ ret = krb5_kt_add_entry(krbctx, keytab, &kt_entry);
+ if (ret) {
+ DEBUG(1, (__location__ ": Failed to add entry to "
+ "keytab for enctype %d (error: %s)\n",
+ (unsigned)pw->keys[i].keytype,
+ error_message(ret)));
+ goto out;
+ }
+ }
+
+ ret = 0;
+
+out:
+ krb5_free_enctypes(krbctx, enctypes);
+ return ret;
+}
+
+#define SRV_MEM_KEYTAB_NAME "MEMORY:cifs_srv_keytab"
+#define CLEARTEXT_PRIV_ENCTYPE -99
+
+static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx,
+ krb5_keytab *keytab)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ krb5_error_code ret, ret2;
+ const char *domain = lp_workgroup();
+ struct secrets_domain_info1 *info = NULL;
+ const char *realm = NULL;
+ const DATA_BLOB *ct = NULL;
+ krb5_kt_cursor kt_cursor;
+ krb5_keytab_entry kt_entry;
+ krb5_principal princ = NULL;
+ krb5_kvno kvno = 0; /* FIXME: fetch current vno from KDC ? */
+ NTSTATUS status;
+
+ if (!secrets_init()) {
+ DEBUG(1, (__location__ ": secrets_init failed\n"));
+ TALLOC_FREE(frame);
+ return KRB5_CONFIG_CANTOPEN;
+ }
+
+ status = secrets_fetch_or_upgrade_domain_info(domain,
+ frame,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("secrets_fetch_or_upgrade_domain_info(%s) - %s\n",
+ domain, nt_errstr(status));
+ TALLOC_FREE(frame);
+ return KRB5_LIBOS_CANTREADPWD;
+ }
+ ct = &info->password->cleartext_blob;
+
+ if (info->domain_info.dns_domain.string != NULL) {
+ realm = strupper_talloc(frame,
+ info->domain_info.dns_domain.string);
+ if (realm == NULL) {
+ TALLOC_FREE(frame);
+ return ENOMEM;
+ }
+ }
+
+ ZERO_STRUCT(kt_entry);
+ ZERO_STRUCT(kt_cursor);
+
+ /* check if the keytab already has any entry */
+ ret = krb5_kt_start_seq_get(krbctx, *keytab, &kt_cursor);
+ if (ret != 0) {
+ goto out;
+ }
+
+ /* check if we have our special enctype used to hold
+ * the clear text password. If so, check it out so that
+ * we can verify if the keytab needs to be upgraded */
+ while ((ret = krb5_kt_next_entry(krbctx, *keytab,
+ &kt_entry, &kt_cursor)) == 0) {
+ if (smb_krb5_kt_get_enctype_from_entry(&kt_entry) ==
+ CLEARTEXT_PRIV_ENCTYPE) {
+ break;
+ }
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+ ZERO_STRUCT(kt_entry);
+ }
+
+ ret2 = krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor);
+ if (ret2 != 0) {
+ ret = ret2;
+ DEBUG(1, (__location__ ": krb5_kt_end_seq_get() "
+ "failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+
+ if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) {
+ /* Error parsing keytab */
+ DEBUG(1, (__location__ ": Failed to parse memory "
+ "keytab!\n"));
+ goto out;
+ }
+
+ if (ret == 0) {
+ /* found private entry,
+ * check if keytab is up to date */
+
+ if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) &&
+ (mem_equal_const_time(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)),
+ ct->data, ct->length))) {
+ /* keytab is already up to date, return */
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+ goto out;
+ }
+
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+ ZERO_STRUCT(kt_entry);
+
+
+ /* flush keytab, we need to regen it */
+ ret = flush_keytab(krbctx, *keytab);
+ if (ret) {
+ DEBUG(1, (__location__ ": Failed to flush "
+ "memory keytab!\n"));
+ goto out;
+ }
+ }
+
+ /* keytab is not up to date, fill it up */
+
+ ret = smb_krb5_make_principal(krbctx, &princ, realm,
+ info->account_name, NULL);
+ if (ret) {
+ DEBUG(1, (__location__ ": Failed to get host principal!\n"));
+ goto out;
+ }
+
+ ret = fill_keytab_from_password(krbctx, *keytab,
+ princ, kvno,
+ info->password);
+ if (ret) {
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->password.\n.");
+ goto out;
+ }
+
+ if (info->old_password != NULL) {
+ ret = fill_keytab_from_password(krbctx, *keytab,
+ princ, kvno - 1,
+ info->old_password);
+ if (ret) {
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->old_password.\n.");
+ goto out;
+ }
+ }
+
+ if (info->older_password != NULL) {
+ ret = fill_keytab_from_password(krbctx, *keytab,
+ princ, kvno - 2,
+ info->older_password);
+ if (ret) {
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->older_password.\n.");
+ goto out;
+ }
+ }
+
+ if (info->next_change != NULL) {
+ ret = fill_keytab_from_password(krbctx, *keytab,
+ princ, kvno - 3,
+ info->next_change->password);
+ if (ret) {
+ DBG_WARNING("fill_keytab_from_password() failed for "
+ "info->next_change->password.\n.");
+ goto out;
+ }
+ }
+
+ /* add our private enctype + cleartext password so that we can
+ * update the keytab if secrets change later on */
+ ZERO_STRUCT(kt_entry);
+ kt_entry.principal = princ;
+ kt_entry.vno = 0;
+
+ KRB5_KEY_TYPE(KRB5_KT_KEY(&kt_entry)) = CLEARTEXT_PRIV_ENCTYPE;
+ KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry)) = ct->length;
+ KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)) = ct->data;
+
+ ret = krb5_kt_add_entry(krbctx, *keytab, &kt_entry);
+ if (ret) {
+ DEBUG(1, (__location__ ": Failed to add entry to "
+ "keytab for private enctype (%d) (error: %s)\n",
+ CLEARTEXT_PRIV_ENCTYPE, error_message(ret)));
+ goto out;
+ }
+
+ ret = 0;
+
+out:
+
+ if (princ) {
+ krb5_free_principal(krbctx, princ);
+ }
+
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx,
+ krb5_keytab *mkeytab)
+{
+ krb5_error_code ret = 0;
+ krb5_keytab keytab = NULL;
+ krb5_kt_cursor kt_cursor = { 0, };
+ krb5_keytab_entry kt_entry = { 0, };
+ char *valid_princ_formats[7] = { NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL };
+ char *entry_princ_s = NULL;
+ fstring my_name, my_fqdn;
+ unsigned i;
+ int err;
+
+ /* Generate the list of principal names which we expect
+ * clients might want to use for authenticating to the file
+ * service. We allow name$,{host,cifs}/{name,fqdn,name.REALM}. */
+
+ fstrcpy(my_name, lp_netbios_name());
+
+ my_fqdn[0] = '\0';
+ name_to_fqdn(my_fqdn, lp_netbios_name());
+
+ err = asprintf(&valid_princ_formats[0],
+ "%s$@%s", my_name, lp_realm());
+ if (err == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+ err = asprintf(&valid_princ_formats[1],
+ "host/%s@%s", my_name, lp_realm());
+ if (err == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+ err = asprintf(&valid_princ_formats[2],
+ "host/%s@%s", my_fqdn, lp_realm());
+ if (err == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+ err = asprintf(&valid_princ_formats[3],
+ "host/%s.%s@%s", my_name, lp_realm(), lp_realm());
+ if (err == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+ err = asprintf(&valid_princ_formats[4],
+ "cifs/%s@%s", my_name, lp_realm());
+ if (err == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+ err = asprintf(&valid_princ_formats[5],
+ "cifs/%s@%s", my_fqdn, lp_realm());
+ if (err == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+ err = asprintf(&valid_princ_formats[6],
+ "cifs/%s.%s@%s", my_name, lp_realm(), lp_realm());
+ if (err == -1) {
+ ret = ENOMEM;
+ goto out;
+ }
+
+ ret = smb_krb5_kt_open_relative(krbctx, NULL, false, &keytab);
+ if (ret) {
+ DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
+ error_message(ret)));
+ goto out;
+ }
+
+ /*
+ * Iterate through the keytab. For each key, if the principal
+ * name case-insensitively matches one of the allowed formats,
+ * copy it to the memory keytab.
+ */
+
+ ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
+ if (ret) {
+ DEBUG(1, (__location__ ": krb5_kt_start_seq_get failed (%s)\n",
+ error_message(ret)));
+ /*
+ * krb5_kt_start_seq_get() may leaves bogus data
+ * in kt_cursor. And we want to use the all_zero()
+ * logic below.
+ *
+ * See bug #10490
+ */
+ ZERO_STRUCT(kt_cursor);
+ goto out;
+ }
+
+ while ((krb5_kt_next_entry(krbctx, keytab,
+ &kt_entry, &kt_cursor) == 0)) {
+ ret = smb_krb5_unparse_name(talloc_tos(), krbctx,
+ kt_entry.principal,
+ &entry_princ_s);
+ if (ret) {
+ DEBUG(1, (__location__ ": smb_krb5_unparse_name "
+ "failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(valid_princ_formats); i++) {
+
+ if (!strequal(entry_princ_s, valid_princ_formats[i])) {
+ continue;
+ }
+
+ ret = krb5_kt_add_entry(krbctx, *mkeytab, &kt_entry);
+ if (ret) {
+ DEBUG(1, (__location__ ": smb_krb5_unparse_name "
+ "failed (%s)\n", error_message(ret)));
+ goto out;
+ }
+ }
+
+ /* Free the name we parsed. */
+ TALLOC_FREE(entry_princ_s);
+
+ /* Free the entry we just read. */
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+ ZERO_STRUCT(kt_entry);
+ }
+ krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
+
+ ZERO_STRUCT(kt_cursor);
+
+out:
+
+ for (i = 0; i < ARRAY_SIZE(valid_princ_formats); i++) {
+ SAFE_FREE(valid_princ_formats[i]);
+ }
+
+ TALLOC_FREE(entry_princ_s);
+
+ if (!all_zero((uint8_t *)&kt_entry, sizeof(kt_entry))) {
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+ }
+
+ if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && keytab) {
+ krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
+ }
+
+ if (keytab) {
+ krb5_kt_close(krbctx, keytab);
+ }
+
+ return ret;
+}
+
+static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx,
+ krb5_keytab *mkeytab)
+{
+ krb5_error_code ret = 0;
+ krb5_keytab keytab = NULL;
+ krb5_kt_cursor kt_cursor;
+ krb5_keytab_entry kt_entry;
+
+ ret = smb_krb5_kt_open(krbctx, lp_dedicated_keytab_file(),
+ false, &keytab);
+ if (ret) {
+ DEBUG(1, ("smb_krb5_kt_open of %s failed (%s)\n",
+ lp_dedicated_keytab_file(),
+ error_message(ret)));
+ return ret;
+ }
+
+ /*
+ * Copy the dedicated keyab to our in-memory keytab.
+ */
+
+ ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor);
+ if (ret) {
+ DEBUG(1, (__location__ ": krb5_kt_start_seq_get on %s "
+ "failed (%s)\n",
+ lp_dedicated_keytab_file(),
+ error_message(ret)));
+ goto out;
+ }
+
+ while ((krb5_kt_next_entry(krbctx, keytab,
+ &kt_entry, &kt_cursor) == 0)) {
+
+ ret = krb5_kt_add_entry(krbctx, *mkeytab, &kt_entry);
+
+ /* Free the entry we just read. */
+ smb_krb5_kt_free_entry(krbctx, &kt_entry);
+
+ if (ret) {
+ DEBUG(1, (__location__ ": smb_krb5_unparse_name "
+ "failed (%s)\n", error_message(ret)));
+ break;
+ }
+ }
+ krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor);
+
+out:
+
+ krb5_kt_close(krbctx, keytab);
+
+ return ret;
+}
+
+krb5_error_code gse_krb5_get_server_keytab(krb5_context krbctx,
+ krb5_keytab *keytab)
+{
+ krb5_error_code ret = 0;
+ krb5_error_code ret1 = 0;
+ krb5_error_code ret2 = 0;
+
+ *keytab = NULL;
+
+ /* create memory keytab */
+ ret = krb5_kt_resolve(krbctx, SRV_MEM_KEYTAB_NAME, keytab);
+ if (ret) {
+ DEBUG(1, (__location__ ": Failed to get memory "
+ "keytab!\n"));
+ return ret;
+ }
+
+ switch (lp_kerberos_method()) {
+ default:
+ case KERBEROS_VERIFY_SECRETS:
+ ret = fill_mem_keytab_from_secrets(krbctx, keytab);
+ break;
+ case KERBEROS_VERIFY_SYSTEM_KEYTAB:
+ ret = fill_mem_keytab_from_system_keytab(krbctx, keytab);
+ break;
+ case KERBEROS_VERIFY_DEDICATED_KEYTAB:
+ /* just use whatever keytab is configured */
+ ret = fill_mem_keytab_from_dedicated_keytab(krbctx, keytab);
+ break;
+ case KERBEROS_VERIFY_SECRETS_AND_KEYTAB:
+ ret1 = fill_mem_keytab_from_secrets(krbctx, keytab);
+ if (ret1) {
+ DEBUG(3, (__location__ ": Warning! Unable to set mem "
+ "keytab from secrets!\n"));
+ }
+ /* Now append system keytab keys too */
+ ret2 = fill_mem_keytab_from_system_keytab(krbctx, keytab);
+ if (ret2) {
+ DEBUG(3, (__location__ ": Warning! Unable to set mem "
+ "keytab from system keytab!\n"));
+ }
+ if (ret1 == 0 || ret2 == 0) {
+ ret = 0;
+ } else {
+ ret = ret1;
+ }
+ break;
+ }
+
+ if (ret) {
+ krb5_kt_close(krbctx, *keytab);
+ *keytab = NULL;
+ DEBUG(1,("%s: Error! Unable to set mem keytab - %d\n",
+ __location__, ret));
+ }
+
+ return ret;
+}
+
+#endif /* HAVE_KRB5 */
diff --git a/source3/librpc/crypto/gse_krb5.h b/source3/librpc/crypto/gse_krb5.h
new file mode 100644
index 0000000..ea789c9
--- /dev/null
+++ b/source3/librpc/crypto/gse_krb5.h
@@ -0,0 +1,30 @@
+/*
+ * GSSAPI Security Extensions
+ * Krb5 helpers
+ * Copyright (C) Simo Sorce 2010.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _GSE_KRB5_H_
+#define _GSE_KRB5_H_
+
+#ifdef HAVE_KRB5
+
+krb5_error_code gse_krb5_get_server_keytab(krb5_context krbctx,
+ krb5_keytab *keytab);
+
+#endif /* HAVE_KRB5 */
+
+#endif /* _GSE_KRB5_H_ */
diff --git a/source3/librpc/gen_ndr/README b/source3/librpc/gen_ndr/README
new file mode 100644
index 0000000..5ccb89d
--- /dev/null
+++ b/source3/librpc/gen_ndr/README
@@ -0,0 +1,4 @@
+This contains the generated files from PIDL for the IDL files in ../idl/*.idl
+
+DO NOT REMOVE THIS FILE. The waf 1.5 build relies on this directory
+existing in the source tree.
diff --git a/source3/librpc/idl/IDL_LICENSE.txt b/source3/librpc/idl/IDL_LICENSE.txt
new file mode 100644
index 0000000..01ae670
--- /dev/null
+++ b/source3/librpc/idl/IDL_LICENSE.txt
@@ -0,0 +1,9 @@
+The IDL files in this directory are made available by the Samba Team
+under the following license:
+
+ Permission to use, copy, modify, and distribute these interface
+ definitions for any purpose is hereby granted without fee.
+
+ This work is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl
new file mode 100644
index 0000000..4f3a387
--- /dev/null
+++ b/source3/librpc/idl/ads.idl
@@ -0,0 +1,130 @@
+#include "idl_types.h"
+#include "config.h"
+
+/*
+ ads interface definition
+*/
+
+import "nbt.idl";
+
+cpp_quote("#include <system/network.h>")
+
+[
+ pointer_default(unique)
+]
+interface ads
+{
+ typedef [public] enum {
+ ADS_SASLWRAP_TYPE_PLAIN = 1,
+ ADS_SASLWRAP_TYPE_SIGN = 2,
+ ADS_SASLWRAP_TYPE_SEAL = 4
+ } ads_saslwrap_type;
+
+ /* ads auth control flags */
+ typedef [public] bitmap {
+ ADS_AUTH_DISABLE_KERBEROS = 0x0001,
+ ADS_AUTH_NO_BIND = 0x0002,
+ ADS_AUTH_ANON_BIND = 0x0004,
+ ADS_AUTH_SIMPLE_BIND = 0x0008,
+ ADS_AUTH_ALLOW_NTLMSSP = 0x0010,
+ ADS_AUTH_SASL_SIGN = 0x0020,
+ ADS_AUTH_SASL_SEAL = 0x0040,
+ ADS_AUTH_SASL_FORCE = 0x0080,
+ ADS_AUTH_USER_CREDS = 0x0100
+ } ads_auth_flags;
+
+ const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF;
+ const int ADS_SASL_WRAPPING_OUT_MAX_WRAPPED = 0x00A00000;
+
+ typedef [nopull,nopush] struct {
+ string realm;
+ string workgroup;
+ string ldap_server;
+ boolean8 gc; /* Is this a global catalog server? */
+ boolean8 no_fallback; /* Bail if the ldap_server is not available */
+ } ads_server;
+
+ typedef [nopull,nopush] struct {
+ string realm;
+ string password;
+ string user_name;
+ string kdc_server;
+ ads_auth_flags flags;
+ int time_offset;
+ string ccache_name;
+ time_t tgt_expire;
+ time_t tgs_expire;
+ time_t renewable;
+ } ads_auth;
+
+ typedef [nopull,nopush] struct {
+ nbt_server_type flags; /* cldap flags identifying the services. */
+ string realm;
+ string bind_path;
+ string ldap_server_name;
+ string server_site_name;
+ string client_site_name;
+ time_t current_time;
+ string schema_path;
+ string config_path;
+ int ldap_page_size;
+ } ads_config;
+
+ typedef [nopull,nopush] struct {
+ uint32 ofs;
+ uint32 needed;
+ uint32 left;
+ uint32 max_wrapped;
+ uint32 min_wrapped;
+ uint32 size;
+ uint8 *buf;
+ } ads_ldap_buf_in;
+
+ typedef [nopull,nopush] struct {
+ uint32 ofs;
+ uint32 left;
+ uint32 max_unwrapped;
+ uint32 sig_size;
+ uint32 size;
+ uint8 *buf;
+ } ads_ldap_buf_out;
+
+ typedef [nopull,nopush] struct {
+ ads_saslwrap_type wrap_type;
+ [ignore] ads_saslwrap_ops *wrap_ops;
+#ifdef HAVE_LDAP_SASL_WRAPPING
+ [ignore] Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
+#endif /* HAVE_LDAP_SASL_WRAPPING */
+ [ignore] TALLOC_CTX *mem_ctx;
+ [ignore] void *wrap_private_data;
+ ads_ldap_buf_in in;
+ ads_ldap_buf_out out;
+ } ads_saslwrap;
+
+ typedef [nopull,nopush] struct {
+ [ignore] ldap *ld;
+ sockaddr_storage ss; /* the ip of the active connection, if any */
+ time_t last_attempt; /* last attempt to reconnect, monotonic clock */
+ int port;
+ } ads_ldap;
+
+ typedef [public,nopull,nopush] struct {
+ /* info needed to find the server */
+ ads_server server;
+
+ /* info needed to authenticate */
+ ads_auth auth;
+
+ /* info derived from the servers config */
+ ads_config config;
+
+#ifdef HAVE_LDAP
+ ads_saslwrap ldap_wrap_data;
+ /* info about the current LDAP connection */
+ ads_ldap ldap;
+#endif /* HAVE_LDAP */
+
+ } ads_struct;
+}
+
+
diff --git a/source3/librpc/idl/leases_db.idl b/source3/librpc/idl/leases_db.idl
new file mode 100644
index 0000000..2551dfc
--- /dev/null
+++ b/source3/librpc/idl/leases_db.idl
@@ -0,0 +1,54 @@
+#include "idl_types.h"
+
+import "misc.idl";
+import "smb2_lease_struct.idl";
+import "file_id.idl";
+
+[
+ pointer_default(unique)
+]
+interface leases_db
+{
+ typedef [public] struct {
+ GUID client_guid;
+ smb2_lease_key lease_key;
+ } leases_db_key;
+
+ typedef [public] struct {
+ file_id id;
+ [string,charset(UTF8)] char *servicepath;
+ [string,charset(UTF8)] char *base_name;
+ [string,charset(UTF8)] char *stream_name;
+ } leases_db_file;
+
+ typedef [public] struct {
+ smb2_lease_state current_state;
+ /*
+ * 'breaking' indicates that we're waiting
+ * for a lease break ack from the client
+ * and breaking_to_requested and breaking_to_required
+ * have a meaning.
+ *
+ * breaking_to_requested is the value already sent to
+ * the client, the client needs to ack to this (or less).
+ *
+ * breaking_to_required is the internal value that needs to
+ * be reached before we can reset breaking = false, this
+ * may requires multiple roundtrips to the client, e.g.
+ * when the lease broken to a more reduced value, while
+ * the lease break is still in progress.
+ *
+ * The following can be assumed (if breaking == true):
+ *
+ * current_state>breaking_to_requested>=breaking_to_required
+ */
+ boolean8 breaking;
+ smb2_lease_state breaking_to_requested;
+ smb2_lease_state breaking_to_required;
+ uint16 lease_version;
+ uint16 epoch;
+
+ uint32 num_files;
+ leases_db_file files[num_files];
+ } leases_db_value;
+}
diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl/libnet_join.idl
new file mode 100644
index 0000000..4c8e658
--- /dev/null
+++ b/source3/librpc/idl/libnet_join.idl
@@ -0,0 +1,91 @@
+#include "idl_types.h"
+
+import "wkssvc.idl", "security.idl", "misc.idl", "netlogon.idl", "ODJ.idl", "ads.idl";
+
+/*
+ libnetjoin interface definition
+*/
+
+[
+ pointer_default(unique)
+]
+interface libnetjoin
+{
+ typedef bitmap wkssvc_joinflags wkssvc_joinflags;
+ typedef enum netr_SchannelType netr_SchannelType;
+
+ typedef [public] enum {
+ JoinDomNameTypeUnknown = 0,
+ JoinDomNameTypeDNS = 1,
+ JoinDomNameTypeNBT = 2
+ } libnetjoin_JoinDomNameType;
+
+ [nopush,nopull,noopnum] WERROR libnet_JoinCtx(
+ [in] string dc_name,
+ [in] string machine_name,
+ [in,ref] string *domain_name,
+ [in] libnetjoin_JoinDomNameType domain_name_type,
+ [in] string account_ou,
+ [in] string admin_account,
+ [in] string admin_domain,
+ [in,noprint] string admin_password,
+ [in] string machine_password,
+ [in] wkssvc_joinflags join_flags,
+ [in] string os_version,
+ [in] string os_name,
+ [in] string os_servicepack,
+ [in] boolean8 create_upn,
+ [in] string upn,
+ [in] string dnshostname,
+ [in] boolean8 modify_config,
+ [in,unique] ads_struct *ads,
+ [in] boolean8 debug,
+ [in] boolean8 use_kerberos,
+ [in] netr_SchannelType secure_channel_type,
+ [in,noprint] messaging_context *msg_ctx,
+ [in] uint32 desired_encryption_types,
+ [in] boolean8 provision_computer_account_only,
+ [in,out,unique] ODJ_PROVISION_DATA *odj_provision_data,
+ [in] boolean8 request_offline_join,
+ [out] string account_name,
+ [out] string netbios_domain_name,
+ [out] string dns_domain_name,
+ [out] string forest_name,
+ [out] string dn,
+ [out] GUID domain_guid,
+ [out] dom_sid *domain_sid,
+ [out] boolean8 modified_config,
+ [out] string error_string,
+ [out] boolean8 domain_is_ad,
+ [out] uint32 set_encryption_types,
+ [out] string krb5_salt,
+ [out,unique] netr_DsRGetDCNameInfo *dcinfo,
+ [out] uint32 account_rid
+ );
+
+ [nopush,nopull,noopnum] WERROR libnet_UnjoinCtx(
+ [in] string dc_name,
+ [in] string machine_name,
+ [in] string domain_name,
+ [in] string account_ou,
+ [in] string admin_account,
+ [in] string admin_domain,
+ [in,noprint] string admin_password,
+ [in] string machine_password,
+ [in] wkssvc_joinflags unjoin_flags,
+ [in] boolean8 delete_machine_account,
+ [in] boolean8 modify_config,
+ [in] dom_sid *domain_sid,
+ [in,unique] ads_struct *ads,
+ [in] boolean8 debug,
+ [in] boolean8 use_kerberos,
+ [in,noprint] messaging_context *msg_ctx,
+ [out] string netbios_domain_name,
+ [out] string dns_domain_name,
+ [out] string forest_name,
+ [out] boolean8 modified_config,
+ [out] string error_string,
+ [out] boolean8 disabled_machine_account,
+ [out] boolean8 deleted_machine_account
+ );
+}
diff --git a/source3/librpc/idl/libnetapi.idl b/source3/librpc/idl/libnetapi.idl
new file mode 100644
index 0000000..4675af6
--- /dev/null
+++ b/source3/librpc/idl/libnetapi.idl
@@ -0,0 +1,2070 @@
+/*
+ libnetapi interface definition
+*/
+
+cpp_quote("#define LIBNETAPI_LOCAL_SERVER(x) (!x || is_myname_or_ipaddr(x))")
+cpp_quote("#ifndef MAXSUBAUTHS")
+cpp_quote("#define MAXSUBAUTHS 15 /* max sub authorities in a SID */")
+cpp_quote("#endif")
+
+import "misc.idl";
+
+[
+ pointer_default(unique)
+]
+interface libnetapi
+{
+ const int ERROR_MORE_DATA = 234L;
+
+ [public] typedef [v1_enum] enum {
+ NERR_Success = 0,
+ NERR_NoOfflineJoinInfo = 2709,
+ NERR_BadOfflineJoinInfo = 2710,
+ NERR_CantCreateJoinInfo = 2711,
+ NERR_BadDomainJoinInfo = 2712,
+ NERR_JoinPerformedMustRestart = 2713,
+ NERR_NoJoinPending = 2714,
+ NERR_ValuesNotSet = 2715,
+ NERR_CantVerifyHostname = 2716,
+ NERR_CantLoadOfflineHive = 2717,
+ NERR_Connectionsecure = 2718,
+ NERR_ProvisioningBlobUnsupported = 2719
+ } NET_API_STATUS;
+
+ [public] typedef struct {
+ uint8 sid_rev_num;
+ uint8 num_auths;
+ uint8 id_auth[6];
+ uint32 sub_auths[MAXSUBAUTHS];
+ } domsid;
+
+ /*******************************************/
+ /* NetJoinDomain */
+ /*******************************************/
+
+ typedef [public,bitmap32bit] bitmap {
+ NETSETUP_JOIN_DOMAIN = 0x00000001,
+ NETSETUP_ACCT_CREATE = 0x00000002,
+ NETSETUP_ACCT_DELETE = 0x00000004,
+ NETSETUP_WIN9X_UPGRADE = 0x00000010,
+ NETSETUP_DOMAIN_JOIN_IF_JOINED = 0x00000020,
+ NETSETUP_JOIN_UNSECURE = 0x00000040,
+ NETSETUP_MACHINE_PWD_PASSED = 0x00000080,
+ NETSETUP_DEFER_SPN_SET = 0x00000100,
+ NETSETUP_JOIN_DC_ACCOUNT = 0x00000200,
+ NETSETUP_JOIN_WITH_NEW_NAME = 0x00000400,
+ NETSETUP_JOIN_READONLY = 0x00000800,
+ NETSETUP_AMBIGUOUS_DC = 0x00001000,
+ NETSETUP_NO_NETLOGON_CACHE = 0x00002000,
+ NETSETUP_DONT_CONTROL_SERVICES = 0x00004000,
+ NETSETUP_SET_MACHINE_NAME = 0x00008000,
+ NETSETUP_FORCE_SPN_SET = 0x00010000,
+ NETSETUP_NO_ACCT_REUSE = 0x00020000,
+ NETSETUP_INSTALL_INVOCATION = 0x00040000,
+ NETSETUP_IGNORE_UNSUPPORTED_FLAGS = 0x10000000
+ } NetJoinFlags;
+
+ [nopush,nopull] NET_API_STATUS NetJoinDomain(
+ [in,unique] string *server,
+ [in,ref] string *domain,
+ [in,unique] string *account_ou,
+ [in,unique] string *account,
+ [in,unique] string *password,
+ [in] NetJoinFlags join_flags
+ );
+
+ /*******************************************/
+ /* NetUnjoinDomain */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetUnjoinDomain(
+ [in,unique] string *server_name,
+ [in,unique] string *account,
+ [in,unique] string *password,
+ [in] NetJoinFlags unjoin_flags
+ );
+
+ /*******************************************/
+ /* NetGetJoinInformation */
+ /*******************************************/
+
+ typedef enum {
+ NetSetupUnknownStatus = 0,
+ NetSetupUnjoined = 1,
+ NetSetupWorkgroupName = 2,
+ NetSetupDomainName = 3
+ } NETSETUP_JOIN_STATUS;
+
+ [nopush,nopull] NET_API_STATUS NetGetJoinInformation(
+ [in,unique] string *server_name,
+ [out] string **name_buffer,
+ [out] uint16 *name_type
+ );
+
+ /*******************************************/
+ /* NetGetJoinableOUs */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGetJoinableOUs(
+ [in,unique] string *server_name,
+ [in,ref] string *domain,
+ [in,unique] string *account,
+ [in,unique] string *password,
+ [out] uint32 *ou_count,
+ [out] string ***ous
+ );
+
+ /*******************************************/
+ /* NetRenameMachineInDomain */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetRenameMachineInDomain(
+ [in] string server_name,
+ [in] string new_machine_name,
+ [in] string account,
+ [in] string password,
+ [in] uint32 rename_options
+ );
+
+ /*******************************************/
+ /* NetProvisionComputerAccount */
+ /*******************************************/
+
+ typedef [public,bitmap32bit] bitmap {
+ NETSETUP_PROVISION_DOWNLEVEL_PRIV_SUPPORT = 0x00000001,
+ NETSETUP_PROVISION_REUSE_ACCOUNT = 0x00000002,
+ NETSETUP_PROVISION_USE_DEFAULT_PASSWORD = 0x00000004,
+ NETSETUP_PROVISION_SKIP_ACCOUNT_SEARCH = 0x00000008,
+ NETSETUP_PROVISION_ROOT_CA_CERTS = 0x00000010
+ } NetProvisionFlags;
+
+ [nopush,nopull] NET_API_STATUS NetProvisionComputerAccount(
+ [in,ref] string *domain,
+ [in,ref] string *machine_name,
+ [in,unique] string *machine_account_ou,
+ [in,unique] string *dcname,
+ [in] NetProvisionFlags options,
+ [in,out,unique] uint8 **provision_bin_data,
+ [in,out,unique] uint32 *provision_bin_data_size,
+ [in,out,unique] string **provision_text_data
+ );
+
+ /*******************************************/
+ /* NetRequestOfflineDomainJoin */
+ /*******************************************/
+
+ typedef [public,bitmap32bit] bitmap {
+ NETSETUP_PROVISION_ONLINE_CALLER = 0x40000000
+ } NetProvisionJoinFlags;
+
+ [nopush,nopull] NET_API_STATUS NetRequestOfflineDomainJoin(
+ [in,unique] uint8 *provision_bin_data,
+ [in] uint32 provision_bin_data_size,
+ [in] NetProvisionJoinFlags options,
+ [in,unique] string *windows_path
+ );
+
+ /*******************************************/
+ /* NetComposeOfflineDomainJoin */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetComposeOfflineDomainJoin(
+ [in,ref] string *dns_domain_name,
+ [in,ref] string *netbios_domain_name,
+ [in,ref] domsid *domain_sid,
+ [in,ref] GUID *domain_guid,
+ [in,ref] string *forest_name,
+ [in,ref] string *machine_account_name,
+ [in,ref] string *machine_account_password,
+ [in,unique] string *dc_name,
+ [in,unique] string *dc_address,
+ [in] boolean8 domain_is_ad,
+ [in,out,unique] uint8 **compose_bin_data,
+ [in,out,unique] uint32 *compose_bin_data_size,
+ [in,out,unique] string **compose_text_data
+ );
+
+ /*******************************************/
+ /* NetServerGetInfo */
+ /*******************************************/
+
+ [public] typedef struct {
+ uint32 sv100_platform_id;
+ string sv100_name;
+ } SERVER_INFO_100;
+
+ [public] typedef struct {
+ uint32 sv101_platform_id;
+ string sv101_name;
+ uint32 sv101_version_major;
+ uint32 sv101_version_minor;
+ uint32 sv101_type;
+ string sv101_comment;
+ } SERVER_INFO_101;
+
+ [public] typedef struct {
+ uint32 sv102_platform_id;
+ string sv102_name;
+ uint32 sv102_version_major;
+ uint32 sv102_version_minor;
+ uint32 sv102_type;
+ string sv102_comment;
+ uint32 sv102_users;
+ uint32 sv102_disc;
+ boolean8 sv102_hidden;
+ uint32 sv102_announce;
+ uint32 sv102_anndelta;
+ uint32 sv102_licenses;
+ string sv102_userpath;
+ } SERVER_INFO_102;
+
+ [public] typedef struct {
+ uint32 sv402_ulist_mtime;
+ uint32 sv402_glist_mtime;
+ uint32 sv402_alist_mtime;
+ string sv402_alerts;
+ uint32 sv402_security;
+ uint32 sv402_numadmin;
+ uint32 sv402_lanmask;
+ string sv402_guestacct;
+ uint32 sv402_chdevs;
+ uint32 sv402_chdevq;
+ uint32 sv402_chdevjobs;
+ uint32 sv402_connections;
+ uint32 sv402_shares;
+ uint32 sv402_openfiles;
+ uint32 sv402_sessopens;
+ uint32 sv402_sessvcs;
+ uint32 sv402_sessreqs;
+ uint32 sv402_opensearch;
+ uint32 sv402_activelocks;
+ uint32 sv402_numreqbuf;
+ uint32 sv402_sizreqbuf;
+ uint32 sv402_numbigbuf;
+ uint32 sv402_numfiletasks;
+ uint32 sv402_alertsched;
+ uint32 sv402_erroralert;
+ uint32 sv402_logonalert;
+ uint32 sv402_accessalert;
+ uint32 sv402_diskalert;
+ uint32 sv402_netioalert;
+ uint32 sv402_maxauditsz;
+ string sv402_srvheuristics;
+ } SERVER_INFO_402;
+
+ [public] typedef struct {
+ uint32 sv403_ulist_mtime;
+ uint32 sv403_glist_mtime;
+ uint32 sv403_alist_mtime;
+ string sv403_alerts;
+ uint32 sv403_security;
+ uint32 sv403_numadmin;
+ uint32 sv403_lanmask;
+ string sv403_guestacct;
+ uint32 sv403_chdevs;
+ uint32 sv403_chdevq;
+ uint32 sv403_chdevjobs;
+ uint32 sv403_connections;
+ uint32 sv403_shares;
+ uint32 sv403_openfiles;
+ uint32 sv403_sessopens;
+ uint32 sv403_sessvcs;
+ uint32 sv403_sessreqs;
+ uint32 sv403_opensearch;
+ uint32 sv403_activelocks;
+ uint32 sv403_numreqbuf;
+ uint32 sv403_sizreqbuf;
+ uint32 sv403_numbigbuf;
+ uint32 sv403_numfiletasks;
+ uint32 sv403_alertsched;
+ uint32 sv403_erroralert;
+ uint32 sv403_logonalert;
+ uint32 sv403_accessalert;
+ uint32 sv403_diskalert;
+ uint32 sv403_netioalert;
+ uint32 sv403_maxauditsz;
+ string sv403_srvheuristics;
+ uint32 sv403_auditedevents;
+ uint32 sv403_autoprofile;
+ string sv403_autopath;
+ } SERVER_INFO_403;
+
+ [public] typedef struct {
+ uint32 sv502_sessopens;
+ uint32 sv502_sessvcs;
+ uint32 sv502_opensearch;
+ uint32 sv502_sizreqbuf;
+ uint32 sv502_initworkitems;
+ uint32 sv502_maxworkitems;
+ uint32 sv502_rawworkitems;
+ uint32 sv502_irpstacksize;
+ uint32 sv502_maxrawbuflen;
+ uint32 sv502_sessusers;
+ uint32 sv502_sessconns;
+ uint32 sv502_maxpagedmemoryusage;
+ uint32 sv502_maxnonpagedmemoryusage;
+ boolean8 sv502_enablesoftcompat;
+ boolean8 sv502_enableforcedlogoff;
+ boolean8 sv502_timesource;
+ boolean8 sv502_acceptdownlevelapis;
+ boolean8 sv502_lmannounce;
+ } SERVER_INFO_502;
+
+ [public] typedef struct {
+ uint32 sv503_sessopens;
+ uint32 sv503_sessvcs;
+ uint32 sv503_opensearch;
+ uint32 sv503_sizreqbuf;
+ uint32 sv503_initworkitems;
+ uint32 sv503_maxworkitems;
+ uint32 sv503_rawworkitems;
+ uint32 sv503_irpstacksize;
+ uint32 sv503_maxrawbuflen;
+ uint32 sv503_sessusers;
+ uint32 sv503_sessconns;
+ uint32 sv503_maxpagedmemoryusage;
+ uint32 sv503_maxnonpagedmemoryusage;
+ boolean8 sv503_enablesoftcompat;
+ boolean8 sv503_enableforcedlogoff;
+ boolean8 sv503_timesource;
+ boolean8 sv503_acceptdownlevelapis;
+ boolean8 sv503_lmannounce;
+ string sv503_domain;
+ uint32 sv503_maxcopyreadlen;
+ uint32 sv503_maxcopywritelen;
+ uint32 sv503_minkeepsearch;
+ uint32 sv503_maxkeepsearch;
+ uint32 sv503_minkeepcomplsearch;
+ uint32 sv503_maxkeepcomplsearch;
+ uint32 sv503_threadcountadd;
+ uint32 sv503_numblockthreads;
+ uint32 sv503_scavtimeout;
+ uint32 sv503_minrcvqueue;
+ uint32 sv503_minfreeworkitems;
+ uint32 sv503_xactmemsize;
+ uint32 sv503_threadpriority;
+ uint32 sv503_maxmpxct;
+ uint32 sv503_oplockbreakwait;
+ uint32 sv503_oplockbreakresponsewait;
+ boolean8 sv503_enableoplocks;
+ boolean8 sv503_enableoplockforceclose;
+ boolean8 sv503_enablefcbopens;
+ boolean8 sv503_enableraw;
+ boolean8 sv503_enablesharednetdrives;
+ uint32 sv503_minfreeconnections;
+ uint32 sv503_maxfreeconnections;
+ } SERVER_INFO_503;
+
+ [public] typedef struct {
+ uint32 sv599_sessopens;
+ uint32 sv599_sessvcs;
+ uint32 sv599_opensearch;
+ uint32 sv599_sizreqbuf;
+ uint32 sv599_initworkitems;
+ uint32 sv599_maxworkitems;
+ uint32 sv599_rawworkitems;
+ uint32 sv599_irpstacksize;
+ uint32 sv599_maxrawbuflen;
+ uint32 sv599_sessusers;
+ uint32 sv599_sessconns;
+ uint32 sv599_maxpagedmemoryusage;
+ uint32 sv599_maxnonpagedmemoryusage;
+ boolean8 sv599_enablesoftcompat;
+ boolean8 sv599_enableforcedlogoff;
+ boolean8 sv599_timesource;
+ boolean8 sv599_acceptdownlevelapis;
+ boolean8 sv599_lmannounce;
+ string sv599_domain;
+ uint32 sv599_maxcopyreadlen;
+ uint32 sv599_maxcopywritelen;
+ uint32 sv599_minkeepsearch;
+ uint32 sv599_maxkeepsearch;
+ uint32 sv599_minkeepcomplsearch;
+ uint32 sv599_maxkeepcomplsearch;
+ uint32 sv599_threadcountadd;
+ uint32 sv599_numblockthreads;
+ uint32 sv599_scavtimeout;
+ uint32 sv599_minrcvqueue;
+ uint32 sv599_minfreeworkitems;
+ uint32 sv599_xactmemsize;
+ uint32 sv599_threadpriority;
+ uint32 sv599_maxmpxct;
+ uint32 sv599_oplockbreakwait;
+ uint32 sv599_oplockbreakresponsewait;
+ boolean8 sv599_enableoplocks;
+ boolean8 sv599_enableoplockforceclose;
+ boolean8 sv599_enablefcbopens;
+ boolean8 sv599_enableraw;
+ boolean8 sv599_enablesharednetdrives;
+ uint32 sv599_minfreeconnections;
+ uint32 sv599_maxfreeconnections;
+ uint32 sv599_initsesstable;
+ uint32 sv599_initconntable;
+ uint32 sv599_initfiletable;
+ uint32 sv599_initsearchtable;
+ uint32 sv599_alertschedule;
+ uint32 sv599_errorthreshold;
+ uint32 sv599_networkerrorthreshold;
+ uint32 sv599_diskspacethreshold;
+ uint32 sv599_reserved;
+ uint32 sv599_maxlinkdelay;
+ uint32 sv599_minlinkthroughput;
+ uint32 sv599_linkinfovalidtime;
+ uint32 sv599_scavqosinfoupdatetime;
+ uint32 sv599_maxworkitemidletime;
+ } SERVER_INFO_599;
+
+ [public] typedef struct {
+ uint32 sv598_maxrawworkitems;
+ uint32 sv598_maxthreadsperqueue;
+ uint32 sv598_producttype;
+ uint32 sv598_serversize;
+ uint32 sv598_connectionlessautodisc;
+ uint32 sv598_sharingviolationretries;
+ uint32 sv598_sharingviolationdelay;
+ uint32 sv598_maxglobalopensearch;
+ uint32 sv598_removeduplicatesearches;
+ uint32 sv598_lockviolationoffset;
+ uint32 sv598_lockviolationdelay;
+ uint32 sv598_mdlreadswitchover;
+ uint32 sv598_cachedopenlimit;
+ uint32 sv598_otherqueueaffinity;
+ boolean8 sv598_restrictnullsessaccess;
+ boolean8 sv598_enablewfw311directipx;
+ uint32 sv598_queuesamplesecs;
+ uint32 sv598_balancecount;
+ uint32 sv598_preferredaffinity;
+ uint32 sv598_maxfreerfcbs;
+ uint32 sv598_maxfreemfcbs;
+ uint32 sv598_maxfreelfcbs;
+ uint32 sv598_maxfreepagedpoolchunks;
+ uint32 sv598_minpagedpoolchunksize;
+ uint32 sv598_maxpagedpoolchunksize;
+ boolean8 sv598_sendsfrompreferredprocessor;
+ uint32 sv598_cacheddirectorylimit;
+ uint32 sv598_maxcopylength;
+ boolean8 sv598_enablecompression;
+ boolean8 sv598_autosharewks;
+ boolean8 sv598_autoshareserver;
+ boolean8 sv598_enablesecuritysignature;
+ boolean8 sv598_requiresecuritysignature;
+ uint32 sv598_minclientbuffersize;
+ GUID sv598_serverguid;
+ uint32 sv598_ConnectionNoSessionsTimeout;
+ uint32 sv598_IdleThreadTimeOut;
+ boolean8 sv598_enableW9xsecuritysignature;
+ boolean8 sv598_enforcekerberosreauthentication;
+ boolean8 sv598_disabledos;
+ uint32 sv598_lowdiskspaceminimum;
+ boolean8 sv598_disablestrictnamechecking;
+ } SERVER_INFO_598;
+
+ [public] typedef struct {
+ string sv1005_comment;
+ } SERVER_INFO_1005;
+
+ [public] typedef struct {
+ uint32 sv1107_users;
+ } SERVER_INFO_1107;
+
+ [public] typedef struct {
+ int32 sv1010_disc;
+ } SERVER_INFO_1010;
+
+ [public] typedef struct {
+ boolean8 sv1016_hidden;
+ } SERVER_INFO_1016;
+
+ [public] typedef struct {
+ uint32 sv1017_announce;
+ } SERVER_INFO_1017;
+
+ [public] typedef struct {
+ uint32 sv1018_anndelta;
+ } SERVER_INFO_1018;
+
+ [public] typedef struct {
+ uint32 sv1501_sessopens;
+ } SERVER_INFO_1501;
+
+ [public] typedef struct {
+ uint32 sv1502_sessvcs;
+ } SERVER_INFO_1502;
+
+ [public] typedef struct {
+ uint32 sv1503_opensearch;
+ } SERVER_INFO_1503;
+
+ [public] typedef struct {
+ uint32 sv1506_maxworkitems;
+ } SERVER_INFO_1506;
+
+ [public] typedef struct {
+ uint32 sv1509_maxrawbuflen;
+ } SERVER_INFO_1509;
+
+ [public] typedef struct {
+ uint32 sv1510_sessusers;
+ } SERVER_INFO_1510;
+
+ [public] typedef struct {
+ uint32 sv1511_sessconns;
+ } SERVER_INFO_1511;
+
+ [public] typedef struct {
+ uint32 sv1512_maxnonpagedmemoryusage;
+ } SERVER_INFO_1512;
+
+ [public] typedef struct {
+ uint32 sv1513_maxpagedmemoryusage;
+ } SERVER_INFO_1513;
+
+ [public] typedef struct {
+ boolean8 sv1514_enablesoftcompat;
+ } SERVER_INFO_1514;
+
+ [public] typedef struct {
+ boolean8 sv1515_enableforcedlogoff;
+ } SERVER_INFO_1515;
+
+ [public] typedef struct {
+ boolean8 sv1516_timesource;
+ } SERVER_INFO_1516;
+
+ [public] typedef struct {
+ boolean8 sv1518_lmannounce;
+ } SERVER_INFO_1518;
+
+ [public] typedef struct {
+ uint32 sv1520_maxcopyreadlen;
+ } SERVER_INFO_1520;
+
+ [public] typedef struct {
+ uint32 sv1521_maxcopywritelen;
+ } SERVER_INFO_1521;
+
+ [public] typedef struct {
+ uint32 sv1522_minkeepsearch;
+ } SERVER_INFO_1522;
+
+ [public] typedef struct {
+ uint32 sv1523_maxkeepsearch;
+ } SERVER_INFO_1523;
+
+ [public] typedef struct {
+ uint32 sv1524_minkeepcomplsearch;
+ } SERVER_INFO_1524;
+
+ [public] typedef struct {
+ uint32 sv1525_maxkeepcomplsearch;
+ } SERVER_INFO_1525;
+
+ [public] typedef struct {
+ uint32 sv1528_scavtimeout;
+ } SERVER_INFO_1528;
+
+ [public] typedef struct {
+ uint32 sv1529_minrcvqueue;
+ } SERVER_INFO_1529;
+
+ [public] typedef struct {
+ uint32 sv1530_minfreeworkitems;
+ } SERVER_INFO_1530;
+
+ [public] typedef struct {
+ uint32 sv1533_maxmpxct;
+ } SERVER_INFO_1533;
+
+ [public] typedef struct {
+ uint32 sv1534_oplockbreakwait;
+ } SERVER_INFO_1534;
+
+ [public] typedef struct {
+ uint32 sv1535_oplockbreakresponsewait;
+ } SERVER_INFO_1535;
+
+ [public] typedef struct {
+ boolean8 sv1536_enableoplocks;
+ } SERVER_INFO_1536;
+
+ [public] typedef struct {
+ boolean8 sv1537_enableoplockforceclose;
+ } SERVER_INFO_1537;
+
+ [public] typedef struct {
+ boolean8 sv1538_enablefcbopens;
+ } SERVER_INFO_1538;
+
+ [public] typedef struct {
+ boolean8 sv1539_enableraw;
+ } SERVER_INFO_1539;
+
+ [public] typedef struct {
+ boolean8 sv1540_enablesharednetdrives;
+ } SERVER_INFO_1540;
+
+ [public] typedef struct {
+ boolean8 sv1541_minfreeconnections;
+ } SERVER_INFO_1541;
+
+ [public] typedef struct {
+ boolean8 sv1542_maxfreeconnections;
+ } SERVER_INFO_1542;
+
+ [public] typedef struct {
+ uint32 sv1543_initsesstable;
+ } SERVER_INFO_1543;
+
+ [public] typedef struct {
+ uint32 sv1544_initconntable;
+ } SERVER_INFO_1544;
+
+ [public] typedef struct {
+ uint32 sv1545_initfiletable;
+ } SERVER_INFO_1545;
+
+ [public] typedef struct {
+ uint32 sv1546_initsearchtable;
+ } SERVER_INFO_1546;
+
+ [public] typedef struct {
+ uint32 sv1547_alertschedule;
+ } SERVER_INFO_1547;
+
+ [public] typedef struct {
+ uint32 sv1548_errorthreshold;
+ } SERVER_INFO_1548;
+
+ [public] typedef struct {
+ uint32 sv1549_networkerrorthreshold;
+ } SERVER_INFO_1549;
+
+ [public] typedef struct {
+ uint32 sv1550_diskspacethreshold;
+ } SERVER_INFO_1550;
+
+ [public] typedef struct {
+ uint32 sv1552_maxlinkdelay;
+ } SERVER_INFO_1552;
+
+ [public] typedef struct {
+ uint32 sv1553_minlinkthroughput;
+ } SERVER_INFO_1553;
+
+ [public] typedef struct {
+ uint32 sv1554_linkinfovalidtime;
+ } SERVER_INFO_1554;
+
+ [public] typedef struct {
+ uint32 sv1555_scavqosinfoupdatetime;
+ } SERVER_INFO_1555;
+
+ [public] typedef struct {
+ uint32 sv1556_maxworkitemidletime;
+ } SERVER_INFO_1556;
+
+ [public] typedef struct {
+ uint32 sv1557_maxrawworkitems;
+ } SERVER_INFO_1557;
+
+ [public] typedef struct {
+ uint32 sv1560_producttype;
+ } SERVER_INFO_1560;
+
+ [public] typedef struct {
+ uint32 sv1561_serversize;
+ } SERVER_INFO_1561;
+
+ [public] typedef struct {
+ uint32 sv1562_connectionlessautodisc;
+ } SERVER_INFO_1562;
+
+ [public] typedef struct {
+ uint32 sv1563_sharingviolationretries;
+ } SERVER_INFO_1563;
+
+ [public] typedef struct {
+ uint32 sv1564_sharingviolationdelay;
+ } SERVER_INFO_1564;
+
+ [public] typedef struct {
+ uint32 sv1565_maxglobalopensearch;
+ } SERVER_INFO_1565;
+
+ [public] typedef struct {
+ boolean8 sv1566_removeduplicatesearches;
+ } SERVER_INFO_1566;
+
+ [public] typedef struct {
+ uint32 sv1567_lockviolationretries;
+ } SERVER_INFO_1567;
+
+ [public] typedef struct {
+ uint32 sv1568_lockviolationoffset;
+ } SERVER_INFO_1568;
+
+ [public] typedef struct {
+ uint32 sv1569_lockviolationdelay;
+ } SERVER_INFO_1569;
+
+ [public] typedef struct {
+ uint32 sv1570_mdlreadswitchover;
+ } SERVER_INFO_1570;
+
+ [public] typedef struct {
+ uint32 sv1571_cachedopenlimit;
+ } SERVER_INFO_1571;
+
+ [public] typedef struct {
+ uint32 sv1572_criticalthreads;
+ } SERVER_INFO_1572;
+
+ [public] typedef struct {
+ uint32 sv1573_restrictnullsessaccess;
+ } SERVER_INFO_1573;
+
+ [public] typedef struct {
+ uint32 sv1574_enablewfw311directipx;
+ } SERVER_INFO_1574;
+
+ [public] typedef struct {
+ uint32 sv1575_otherqueueaffinity;
+ } SERVER_INFO_1575;
+
+ [public] typedef struct {
+ uint32 sv1576_queuesamplesecs;
+ } SERVER_INFO_1576;
+
+ [public] typedef struct {
+ uint32 sv1577_balancecount;
+ } SERVER_INFO_1577;
+
+ [public] typedef struct {
+ uint32 sv1578_preferredaffinity;
+ } SERVER_INFO_1578;
+
+ [public] typedef struct {
+ uint32 sv1579_maxfreerfcbs;
+ } SERVER_INFO_1579;
+
+ [public] typedef struct {
+ uint32 sv1580_maxfreemfcbs;
+ } SERVER_INFO_1580;
+
+ [public] typedef struct {
+ uint32 sv1581_maxfreemlcbs;
+ } SERVER_INFO_1581;
+
+ [public] typedef struct {
+ uint32 sv1582_maxfreepagedpoolchunks;
+ } SERVER_INFO_1582;
+
+ [public] typedef struct {
+ uint32 sv1583_minpagedpoolchunksize;
+ } SERVER_INFO_1583;
+
+ [public] typedef struct {
+ uint32 sv1584_maxpagedpoolchunksize;
+ } SERVER_INFO_1584;
+
+ [public] typedef struct {
+ boolean8 sv1585_sendsfrompreferredprocessor;
+ } SERVER_INFO_1585;
+
+ [public] typedef struct {
+ uint32 sv1586_maxthreadsperqueue;
+ } SERVER_INFO_1586;
+
+ [public] typedef struct {
+ uint32 sv1587_cacheddirectorylimit;
+ } SERVER_INFO_1587;
+
+ [public] typedef struct {
+ uint32 sv1588_maxcopylength;
+ } SERVER_INFO_1588;
+
+ [public] typedef struct {
+ uint32 sv1590_enablecompression;
+ } SERVER_INFO_1590;
+
+ [public] typedef struct {
+ uint32 sv1591_autosharewks;
+ } SERVER_INFO_1591;
+
+ [public] typedef struct {
+ uint32 sv1592_autosharewks;
+ } SERVER_INFO_1592;
+
+ [public] typedef struct {
+ uint32 sv1593_enablesecuritysignature;
+ } SERVER_INFO_1593;
+
+ [public] typedef struct {
+ uint32 sv1594_requiresecuritysignature;
+ } SERVER_INFO_1594;
+
+ [public] typedef struct {
+ uint32 sv1595_minclientbuffersize;
+ } SERVER_INFO_1595;
+
+ [public] typedef struct {
+ uint32 sv1596_ConnectionNoSessionsTimeout;
+ } SERVER_INFO_1596;
+
+ [public] typedef struct {
+ uint32 sv1597_IdleThreadTimeOut;
+ } SERVER_INFO_1597;
+
+ [public] typedef struct {
+ uint32 sv1598_enableW9xsecuritysignature;
+ } SERVER_INFO_1598;
+
+ [public] typedef struct {
+ boolean8 sv1598_enforcekerberosreauthentication;
+ } SERVER_INFO_1599;
+
+ [public] typedef struct {
+ boolean8 sv1598_disabledos;
+ } SERVER_INFO_1600;
+
+ [public] typedef struct {
+ uint32 sv1598_lowdiskspaceminimum;
+ } SERVER_INFO_1601;
+
+ [public] typedef struct {
+ boolean8 sv_1598_disablestrictnamechecking;
+ } SERVER_INFO_1602;
+
+ [nopush,nopull] NET_API_STATUS NetServerGetInfo(
+ [in,unique] string *server_name,
+ [in] uint32 level,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetServerSetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetServerSetInfo(
+ [in,unique] string *server_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out] uint32 *parm_error
+ );
+
+ /*******************************************/
+ /* NetWkstaGetInfo */
+ /*******************************************/
+
+ [public] typedef struct {
+ uint32 wki100_platform_id;
+ string wki100_computername;
+ string wki100_langroup;
+ uint32 wki100_ver_major;
+ uint32 wki100_ver_minor;
+ } WKSTA_INFO_100;
+
+ [public] typedef struct {
+ uint32 wki101_platform_id;
+ string wki101_computername;
+ string wki101_langroup;
+ uint32 wki101_ver_major;
+ uint32 wki101_ver_minor;
+ string wki101_lanroot;
+ } WKSTA_INFO_101;
+
+ [public] typedef struct {
+ uint32 wki102_platform_id;
+ string wki102_computername;
+ string wki102_langroup;
+ uint32 wki102_ver_major;
+ uint32 wki102_ver_minor;
+ string wki102_lanroot;
+ uint32 wki102_logged_on_users;
+ } WKSTA_INFO_102;
+
+ [nopush,nopull] NET_API_STATUS NetWkstaGetInfo(
+ [in,unique] string *server_name,
+ [in] uint32 level,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetGetDCName */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGetDCName(
+ [in,unique] string *server_name,
+ [in,unique] string *domain_name,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetGetAnyDCName */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGetAnyDCName(
+ [in,unique] string *server_name,
+ [in,unique] string *domain_name,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* DsGetDcName */
+ /*******************************************/
+
+ [public] typedef [bitmap32bit] bitmap {
+ DS_PDC_FLAG = 0x00000001,
+ DS_GC_FLAG = 0x00000004,
+ DS_LDAP_FLAG = 0x00000008,
+ DS_DS_FLAG = 0x00000010,
+ DS_KDC_FLAG = 0x00000020,
+ DS_TIMESERV_FLAG = 0x00000040,
+ DS_CLOSEST_FLAG = 0x00000080,
+ DS_WRITABLE_FLAG = 0x00000100,
+ DS_GOOD_TIMESERV_FLAG = 0x00000200,
+ DS_NDNC_FLAG = 0x00000400,
+ DS_SELECT_SECRET_DOMAIN_6_FLAG = 0x00000800,
+ DS_FULL_SECRET_DOMAIN_6_FLAG = 0x00001000,
+ DS_WS_FLAG = 0x00002000,
+ DS_DS_8_FLAG = 0x00004000,
+ DS_DNS_CONTROLLER_FLAG = 0x20000000,
+ DS_DNS_DOMAIN_FLAG = 0x40000000,
+ DS_DNS_FOREST_FLAG = 0x80000000
+ } DOMAIN_CONTROLLER_INFO_FLAGS;
+
+ [public] typedef struct {
+ string domain_controller_name;
+ string domain_controller_address;
+ uint32 domain_controller_address_type;
+ GUID domain_guid;
+ string domain_name;
+ string dns_forest_name;
+ DOMAIN_CONTROLLER_INFO_FLAGS flags;
+ string dc_site_name;
+ string client_site_name;
+ } DOMAIN_CONTROLLER_INFO;
+
+ [nopush,nopull] NET_API_STATUS DsGetDcName(
+ [in,unique] string *server_name,
+ [in,ref] string *domain_name,
+ [in,unique] GUID *domain_guid,
+ [in,unique] string *site_name,
+ [in] uint32 flags,
+ [out,ref] DOMAIN_CONTROLLER_INFO **dc_info
+ );
+
+ /*******************************************/
+ /* NetUserAdd */
+ /*******************************************/
+
+ [public] typedef struct {
+ string usri0_name;
+ } USER_INFO_0;
+
+ /* priv */
+ const int USER_PRIV_GUEST = 0;
+ const int USER_PRIV_USER = 1;
+ const int USER_PRIV_ADMIN = 2;
+
+ [public] typedef struct {
+ string usri1_name;
+ string usri1_password;
+ uint32 usri1_password_age;
+ uint32 usri1_priv;
+ string usri1_home_dir;
+ string usri1_comment;
+ uint32 usri1_flags;
+ string usri1_script_path;
+ } USER_INFO_1;
+
+ /* auth_flags in USER_INFO_2 */
+
+ const int AF_OP_PRINT = 0x1;
+ const int AF_OP_COMM = 0x2;
+ const int AF_OP_SERVER = 0x4;
+ const int AF_OP_ACCOUNTS = 0x8;
+ const int AF_SETTABLE_BITS = (AF_OP_PRINT | AF_OP_COMM | AF_OP_SERVER | AF_OP_ACCOUNTS);
+
+ const int USER_MAXSTORAGE_UNLIMITED = (uint32_t)-1L;
+
+ [public] typedef struct {
+ string usri2_name;
+ string usri2_password;
+ uint32 usri2_password_age;
+ uint32 usri2_priv;
+ string usri2_home_dir;
+ string usri2_comment;
+ uint32 usri2_flags;
+ string usri2_script_path;
+ uint32 usri2_auth_flags;
+ string usri2_full_name;
+ string usri2_usr_comment;
+ string usri2_parms;
+ string usri2_workstations;
+ uint32 usri2_last_logon;
+ uint32 usri2_last_logoff;
+ uint32 usri2_acct_expires;
+ uint32 usri2_max_storage;
+ uint32 usri2_units_per_week;
+ uint8 *usri2_logon_hours;
+ uint32 usri2_bad_pw_count;
+ uint32 usri2_num_logons;
+ string usri2_logon_server;
+ uint32 usri2_country_code;
+ uint32 usri2_code_page;
+ } USER_INFO_2;
+
+ [public] typedef struct {
+ string usri3_name;
+ uint32 usri3_password_age;
+ uint32 usri3_priv;
+ string usri3_home_dir;
+ string usri3_comment;
+ uint32 usri3_flags;
+ string usri3_script_path;
+ uint32 usri3_auth_flags;
+ string usri3_full_name;
+ string usri3_usr_comment;
+ string usri3_parms;
+ string usri3_workstations;
+ uint32 usri3_last_logon;
+ uint32 usri3_last_logoff;
+ uint32 usri3_acct_expires;
+ uint32 usri3_max_storage;
+ uint32 usri3_units_per_week;
+ uint8 *usri3_logon_hours;
+ uint32 usri3_bad_pw_count;
+ uint32 usri3_num_logons;
+ string usri3_logon_server;
+ uint32 usri3_country_code;
+ uint32 usri3_code_page;
+ uint32 usri3_user_id;
+ uint32 usri3_primary_group_id;
+ string usri3_profile;
+ string usri3_home_dir_drive;
+ uint32 usri3_password_expired;
+ } USER_INFO_3;
+
+ [public] typedef struct {
+ string usri4_name;
+ string usri4_password;
+ uint32 usri4_password_age;
+ uint32 usri4_priv;
+ string usri4_home_dir;
+ string usri4_comment;
+ uint32 usri4_flags;
+ string usri4_script_path;
+ uint32 usri4_auth_flags;
+ string usri4_full_name;
+ string usri4_usr_comment;
+ string usri4_parms;
+ string usri4_workstations;
+ uint32 usri4_last_logon;
+ uint32 usri4_last_logoff;
+ uint32 usri4_acct_expires;
+ uint32 usri4_max_storage;
+ uint32 usri4_units_per_week;
+ uint8 *usri4_logon_hours;
+ uint32 usri4_bad_pw_count;
+ uint32 usri4_num_logons;
+ string usri4_logon_server;
+ uint32 usri4_country_code;
+ uint32 usri4_code_page;
+ domsid *usri4_user_sid;
+ uint32 usri4_primary_group_id;
+ string usri4_profile;
+ string usri4_home_dir_drive;
+ uint32 usri4_password_expired;
+ } USER_INFO_4;
+
+ [public] typedef struct {
+ string usri10_name;
+ string usri10_comment;
+ string usri10_usr_comment;
+ string usri10_full_name;
+ } USER_INFO_10;
+
+ [public] typedef struct {
+ string usri11_name;
+ string usri11_comment;
+ string usri11_usr_comment;
+ string usri11_full_name;
+ uint32 usri11_priv;
+ uint32 usri11_auth_flags;
+ uint32 usri11_password_age;
+ string usri11_home_dir;
+ string usri11_parms;
+ uint32 usri11_last_logon;
+ uint32 usri11_last_logoff;
+ uint32 usri11_bad_pw_count;
+ uint32 usri11_num_logons;
+ string usri11_logon_server;
+ uint32 usri11_country_code;
+ string usri11_workstations;
+ uint32 usri11_max_storage;
+ uint32 usri11_units_per_week;
+ uint8 *usri11_logon_hours;
+ uint32 usri11_code_page;
+ } USER_INFO_11;
+
+ [public] typedef struct {
+ string usri20_name;
+ string usri20_full_name;
+ string usri20_comment;
+ uint32 usri20_flags;
+ uint32 usri20_user_id;
+ } USER_INFO_20;
+
+ const int ENCRYPTED_PWLEN = 16;
+
+ [public] typedef struct {
+ uint8 usri21_password[ENCRYPTED_PWLEN];
+ } USER_INFO_21;
+
+ [public] typedef struct {
+ string usri22_name;
+ uint8 usri22_password[ENCRYPTED_PWLEN];
+ uint32 usri22_password_age;
+ uint32 usri22_priv;
+ string usri22_home_dir;
+ string usri22_comment;
+ uint32 usri22_flags;
+ uint32 usri22_script_path;
+ uint32 usri22_auth_flags;
+ string usri22_full_name;
+ string usri22_usr_comment;
+ string usri22_parms;
+ string usri22_workstations;
+ uint32 usri22_last_logon;
+ uint32 usri22_last_logoff;
+ uint32 usri22_acct_expires;
+ uint32 usri22_max_storage;
+ uint32 usri22_units_per_week;
+ uint8 *usri22_logon_hours;
+ uint32 usri22_bad_pw_count;
+ uint32 usri22_num_logons;
+ string usri22_logon_server;
+ uint32 usri22_country_code;
+ uint32 usri22_code_page;
+ } USER_INFO_22;
+
+ [public] typedef struct {
+ string usri23_name;
+ string usri23_full_name;
+ string usri23_comment;
+ uint32 usri23_flags;
+ domsid *usri23_user_sid;
+ } USER_INFO_23;
+
+ [public] typedef struct {
+ string usri1003_password;
+ } USER_INFO_1003;
+
+ [public] typedef struct {
+ uint32 usri1005_priv;
+ } USER_INFO_1005;
+
+ [public] typedef struct {
+ string usri1006_home_dir;
+ } USER_INFO_1006;
+
+ [public] typedef struct {
+ string usri1007_comment;
+ } USER_INFO_1007;
+
+ [public] typedef struct {
+ uint32 usri1008_flags;
+ } USER_INFO_1008;
+
+ [public] typedef struct {
+ string usri1009_script_path;
+ } USER_INFO_1009;
+
+ [public] typedef struct {
+ uint32 usri1010_auth_flags;
+ } USER_INFO_1010;
+
+ [public] typedef struct {
+ string usri1011_full_name;
+ } USER_INFO_1011;
+
+ [public] typedef struct {
+ string usri1012_usr_comment;
+ } USER_INFO_1012;
+
+ [public] typedef struct {
+ string usri1013_parms;
+ } USER_INFO_1013;
+
+ [public] typedef struct {
+ string usri1014_workstations;
+ } USER_INFO_1014;
+
+ [public] typedef struct {
+ uint32 usri1017_acct_expires;
+ } USER_INFO_1017;
+
+ [public] typedef struct {
+ uint32 usri1018_max_storage;
+ } USER_INFO_1018;
+
+ [public] typedef struct {
+ uint32 usri1020_units_per_week;
+ uint8 *usri1020_logon_hours;
+ } USER_INFO_1020;
+
+ [public] typedef struct {
+ string usri1023_logon_server;
+ } USER_INFO_1023;
+
+ [public] typedef struct {
+ uint32 usri1024_country_code;
+ } USER_INFO_1024;
+
+ [public] typedef struct {
+ uint32 usri1025_code_page;
+ } USER_INFO_1025;
+
+ [public] typedef struct {
+ uint32 usri1051_primary_group_id;
+ } USER_INFO_1051;
+
+ [public] typedef struct {
+ string usri1052_profile;
+ } USER_INFO_1052;
+
+ [public] typedef struct {
+ string usri1053_home_dir_drive;
+ } USER_INFO_1053;
+
+ [public] typedef struct {
+ string usriX_name;
+ string usriX_password;
+ uint32 usriX_password_age;
+ uint32 usriX_priv;
+ string usriX_home_dir;
+ string usriX_comment;
+ uint32 usriX_flags;
+ string usriX_script_path;
+ uint32 usriX_auth_flags;
+ string usriX_full_name;
+ string usriX_usr_comment;
+ string usriX_parms;
+ string usriX_workstations;
+ uint32 usriX_last_logon;
+ uint32 usriX_last_logoff;
+ uint32 usriX_acct_expires;
+ uint32 usriX_max_storage;
+ uint32 usriX_units_per_week;
+ uint8 *usriX_logon_hours;
+ uint32 usriX_bad_pw_count;
+ uint32 usriX_num_logons;
+ string usriX_logon_server;
+ uint32 usriX_country_code;
+ uint32 usriX_code_page;
+ string usriX_profile;
+ string usriX_home_dir_drive;
+ uint32 usriX_user_id;
+ uint32 usriX_primary_group_id;
+ uint32 usriX_password_expired;
+ } USER_INFO_X;
+
+ [nopush,nopull] NET_API_STATUS NetUserAdd(
+ [in,unique] string *server_name,
+ [in] uint32 level,
+ [in,ref] uint8 *buffer,
+ [out,ref] uint32 *parm_error
+ );
+
+ /*******************************************/
+ /* NetUserDel */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetUserDel(
+ [in,unique] string *server_name,
+ [in,ref] string *user_name
+ );
+
+ /*******************************************/
+ /* NetUserEnum */
+ /*******************************************/
+
+ const int FILTER_TEMP_DUPLICATE_ACCOUNT = 0x0001;
+ const int FILTER_NORMAL_ACCOUNT = 0x0002;
+ const int FILTER_INTERDOMAIN_TRUST_ACCOUNT = 0x0008;
+ const int FILTER_WORKSTATION_TRUST_ACCOUNT = 0x0010;
+ const int FILTER_SERVER_TRUST_ACCOUNT = 0x0020;
+
+ [nopush,nopull] NET_API_STATUS NetUserEnum(
+ [in,unique] string *server_name,
+ [in] uint32 level,
+ [in] uint32 filter,
+ [out,ref] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out,ref] uint32 *entries_read,
+ [out,ref] uint32 *total_entries,
+ [in,out,ref] uint32 *resume_handle
+ );
+
+ /*******************************************/
+ /* NetUserChangePassword */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetUserChangePassword(
+ [in] string domain_name,
+ [in] string user_name,
+ [in] string old_password,
+ [in] string new_password
+ );
+
+ /*******************************************/
+ /* NetUserGetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetUserGetInfo(
+ [in] string server_name,
+ [in] string user_name,
+ [in] uint32 level,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetUserSetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetUserSetInfo(
+ [in] string server_name,
+ [in] string user_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetUserGetGroups */
+ /*******************************************/
+
+ [public] typedef struct {
+ string grui0_name;
+ } GROUP_USERS_INFO_0;
+
+ [public] typedef struct {
+ string grui1_name;
+ uint32 grui1_attributes;
+ } GROUP_USERS_INFO_1;
+
+ [nopush,nopull] NET_API_STATUS NetUserGetGroups(
+ [in] string server_name,
+ [in] string user_name,
+ [in] uint32 level,
+ [out] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out,ref] uint32 *entries_read,
+ [out,ref] uint32 *total_entries
+ );
+
+ /*******************************************/
+ /* NetUserSetGroups */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetUserSetGroups(
+ [in] string server_name,
+ [in] string user_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [in] uint32 num_entries
+ );
+
+ /*******************************************/
+ /* NetUserGetLocalGroups */
+ /*******************************************/
+
+ const int LG_INCLUDE_INDIRECT = 0x0001;
+
+ typedef struct {
+ string lgrui0_name;
+ } LOCALGROUP_USERS_INFO_0;
+
+ [nopush,nopull] NET_API_STATUS NetUserGetLocalGroups(
+ [in] string server_name,
+ [in] string user_name,
+ [in] uint32 level,
+ [in] uint32 flags,
+ [out] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out,ref] uint32 *entries_read,
+ [out,ref] uint32 *total_entries
+ );
+
+ /*******************************************/
+ /* NetUserModalsGet */
+ /*******************************************/
+
+ const int TIMEQ_FOREVER = (uint32_t)-1L;
+
+ typedef struct {
+ uint32 usrmod0_min_passwd_len;
+ uint32 usrmod0_max_passwd_age;
+ uint32 usrmod0_min_passwd_age;
+ uint32 usrmod0_force_logoff;
+ uint32 usrmod0_password_hist_len;
+ } USER_MODALS_INFO_0;
+
+ typedef struct {
+ uint32 usrmod1_role;
+ string usrmod1_primary;
+ } USER_MODALS_INFO_1;
+
+ typedef struct {
+ string usrmod2_domain_name;
+ domsid *usrmod2_domain_id;
+ } USER_MODALS_INFO_2;
+
+ typedef struct {
+ uint32 usrmod3_lockout_duration;
+ uint32 usrmod3_lockout_observation_window;
+ uint32 usrmod3_lockout_threshold;
+ } USER_MODALS_INFO_3;
+
+ typedef struct {
+ uint32 usrmod1001_min_passwd_len;
+ } USER_MODALS_INFO_1001;
+
+ typedef struct {
+ uint32 usrmod1002_max_passwd_age;
+ } USER_MODALS_INFO_1002;
+
+ typedef struct {
+ uint32 usrmod1003_min_passwd_age;
+ } USER_MODALS_INFO_1003;
+
+ typedef struct {
+ uint32 usrmod1004_force_logoff;
+ } USER_MODALS_INFO_1004;
+
+ typedef struct {
+ uint32 usrmod1005_password_hist_len;
+ } USER_MODALS_INFO_1005;
+
+ typedef struct {
+ uint32 usrmod1006_role;
+ } USER_MODALS_INFO_1006;
+
+ typedef struct {
+ string usrmod1007_primary;
+ } USER_MODALS_INFO_1007;
+
+ [nopush,nopull] NET_API_STATUS NetUserModalsGet(
+ [in] string server_name,
+ [in] uint32 level,
+ [out,ref] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetUserModalsSet */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetUserModalsSet(
+ [in] string server_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out,ref] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetQueryDisplayInformation */
+ /*******************************************/
+
+ [public] typedef struct {
+ string usri1_name;
+ string usri1_comment;
+ uint32 usri1_flags;
+ string usri1_full_name;
+ uint32 usri1_user_id;
+ uint32 usri1_next_index;
+ } NET_DISPLAY_USER;
+
+ [public] typedef struct {
+ string usri2_name;
+ string usri2_comment;
+ uint32 usri2_flags;
+ uint32 usri2_user_id;
+ uint32 usri2_next_index;
+ } NET_DISPLAY_MACHINE;
+
+ [public] typedef struct {
+ string grpi3_name;
+ string grpi3_comment;
+ uint32 grpi3_group_id;
+ uint32 grpi3_attributes;
+ uint32 grpi3_next_index;
+ } NET_DISPLAY_GROUP;
+
+ [nopush,nopull] NET_API_STATUS NetQueryDisplayInformation(
+ [in,unique] string *server_name,
+ [in] uint32 level,
+ [in] uint32 idx,
+ [in] uint32 entries_requested,
+ [in] uint32 prefmaxlen,
+ [out,ref] uint32 *entries_read,
+ [out,ref,noprint] void **buffer
+ );
+
+ /*******************************************/
+ /* NetGroupAdd */
+ /*******************************************/
+
+ typedef struct {
+ string grpi0_name;
+ } GROUP_INFO_0;
+
+ typedef struct {
+ string grpi1_name;
+ string grpi1_comment;
+ } GROUP_INFO_1;
+
+ typedef struct {
+ string grpi2_name;
+ string grpi2_comment;
+ uint32 grpi2_group_id;
+ uint32 grpi2_attributes;
+ } GROUP_INFO_2;
+
+ typedef struct {
+ string grpi3_name;
+ string grpi3_comment;
+ domsid *grpi3_group_sid;
+ uint32 grpi3_attributes;
+ } GROUP_INFO_3;
+
+ typedef struct {
+ string grpi1002_comment;
+ } GROUP_INFO_1002;
+
+ typedef struct {
+ uint32 grpi1005_attributes;
+ } GROUP_INFO_1005;
+
+ [nopush,nopull] NET_API_STATUS NetGroupAdd(
+ [in] string server_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetGroupDel */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupDel(
+ [in] string server_name,
+ [in] string group_name
+ );
+
+ /*******************************************/
+ /* NetGroupEnum */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupEnum(
+ [in] string server_name,
+ [in] uint32 level,
+ [out,ref] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out,ref] uint32 *entries_read,
+ [out,ref] uint32 *total_entries,
+ [in,out,ref] uint32 *resume_handle
+ );
+
+ /*******************************************/
+ /* NetGroupSetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupSetInfo(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetGroupGetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupGetInfo(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetGroupAddUser */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupAddUser(
+ [in] string server_name,
+ [in] string group_name,
+ [in] string user_name
+ );
+
+ /*******************************************/
+ /* NetGroupDelUser */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupDelUser(
+ [in] string server_name,
+ [in] string group_name,
+ [in] string user_name
+ );
+
+ /*******************************************/
+ /* NetGroupGetUsers */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupGetUsers(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [out] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out,ref] uint32 *entries_read,
+ [out,ref] uint32 *total_entries,
+ [in,out,ref] uint32 *resume_handle
+ );
+
+ /*******************************************/
+ /* NetGroupSetUsers */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetGroupSetUsers(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [in] uint32 num_entries
+ );
+
+ /*******************************************/
+ /* NetLocalGroupAdd */
+ /*******************************************/
+
+ typedef struct {
+ string lgrpi0_name;
+ } LOCALGROUP_INFO_0;
+
+ typedef struct {
+ string lgrpi1_name;
+ string lgrpi1_comment;
+ } LOCALGROUP_INFO_1;
+
+ typedef struct {
+ string lgrpi1002_comment;
+ } LOCALGROUP_INFO_1002;
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupAdd(
+ [in] string server_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out,ref] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetLocalGroupDel */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupDel(
+ [in] string server_name,
+ [in] string group_name
+ );
+
+ /*******************************************/
+ /* NetLocalGroupGetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupGetInfo(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [out,ref] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetLocalGroupSetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupSetInfo(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [in,ref] uint8 *buffer,
+ [out,ref] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetLocalGroupEnum */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupEnum(
+ [in] string server_name,
+ [in] uint32 level,
+ [out,ref] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out,ref] uint32 *entries_read,
+ [out,ref] uint32 *total_entries,
+ [in,out,ref] uint32 *resume_handle
+ );
+
+ /*******************************************/
+ /* NetLocalGroupAddMembers */
+ /*******************************************/
+
+ typedef enum {
+ SidTypeUser = 1,
+ SidTypeGroup = 2,
+ SidTypeDomain = 3,
+ SidTypeAlias = 4,
+ SidTypeWellKnownGroup = 5,
+ SidTypeDeletedAccount = 6,
+ SidTypeInvalid = 7,
+ SidTypeUnknown = 8,
+ SidTypeComputer = 9,
+ SidTypeLabel = 10
+ } SID_NAME_USE;
+
+ typedef struct {
+ domsid *lgrmi0_sid;
+ } LOCALGROUP_MEMBERS_INFO_0;
+
+ typedef struct {
+ domsid *lgrmi1_sid;
+ SID_NAME_USE lgrmi1_sidusage;
+ string lgrmi1_name;
+ } LOCALGROUP_MEMBERS_INFO_1;
+
+ typedef struct {
+ domsid *lgrmi2_sid;
+ SID_NAME_USE lgrmi2_sidusage;
+ string lgrmi2_domainandname;
+ } LOCALGROUP_MEMBERS_INFO_2;
+
+ typedef struct {
+ string lgrmi3_domainandname;
+ } LOCALGROUP_MEMBERS_INFO_3;
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupAddMembers(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [in] uint32 total_entries
+ );
+
+ /*******************************************/
+ /* NetLocalGroupDelMembers */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupDelMembers(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [in] uint32 total_entries
+ );
+
+ /*******************************************/
+ /* NetLocalGroupGetMembers */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupGetMembers(
+ [in] string server_name,
+ [in] string local_group_name,
+ [in] uint32 level,
+ [out] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out] uint32 *entries_read,
+ [out] uint32 *total_entries,
+ [in,out] uint32 *resume_handle
+ );
+
+ /*******************************************/
+ /* NetLocalGroupSetMembers */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetLocalGroupSetMembers(
+ [in] string server_name,
+ [in] string group_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [in] uint32 total_entries
+ );
+
+ /*******************************************/
+ /* NetRemoteTOD */
+ /*******************************************/
+
+ typedef struct {
+ uint32 tod_elapsedt;
+ uint32 tod_msecs;
+ uint32 tod_hours;
+ uint32 tod_mins;
+ uint32 tod_secs;
+ uint32 tod_hunds;
+ int32 tod_timezone;
+ uint32 tod_tinterval;
+ uint32 tod_day;
+ uint32 tod_month;
+ uint32 tod_year;
+ uint32 tod_weekday;
+ } TIME_OF_DAY_INFO;
+
+ [nopush,nopull] NET_API_STATUS NetRemoteTOD(
+ [in] string server_name,
+ [out,ref] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetShareAdd */
+ /*******************************************/
+
+ typedef struct {
+ string shi0_netname;
+ } SHARE_INFO_0;
+
+ typedef struct {
+ string shi1_netname;
+ uint32 shi1_type;
+ string shi1_remark;
+ } SHARE_INFO_1;
+
+ typedef struct {
+ string shi2_netname;
+ uint32 shi2_type;
+ string shi2_remark;
+ uint32 shi2_permissions;
+ uint32 shi2_max_uses;
+ uint32 shi2_current_uses;
+ string shi2_path;
+ string shi2_passwd;
+ } SHARE_INFO_2;
+
+ typedef struct {
+ string shi501_netname;
+ uint32 shi501_type;
+ string shi501_remark;
+ uint32 shi501_flags;
+ } SHARE_INFO_501;
+
+ typedef struct {
+ string shi502_netname;
+ uint32 shi502_type;
+ string shi502_remark;
+ uint32 shi502_permissions;
+ uint32 shi502_max_uses;
+ uint32 shi502_current_uses;
+ string shi502_path;
+ string shi502_passwd;
+ uint32 shi502_reserved;
+ security_descriptor *shi502_security_descriptor;
+ } SHARE_INFO_502;
+
+ typedef struct {
+ string shi1004_remark;
+ } SHARE_INFO_1004;
+
+ const int CSC_MASK = 0x30;
+
+ typedef [public,bitmap32bit] bitmap {
+ SHI1005_FLAGS_DFS = 0x01,
+ SHI1005_FLAGS_DFS_ROOT = 0x02,
+ CSC_CACHE_MANUAL_REINT = 0x00,
+ CSC_CACHE_AUTO_REINT = 0x10,
+ CSC_CACHE_VDO = 0x20,
+ CSC_CACHE_NONE = 0x30,
+ SHI1005_FLAGS_RESTRICT_EXCLUSIVE_OPENS = 0x0100,
+ SHI1005_FLAGS_FORCE_SHARED_DELETE = 0x0200,
+ SHI1005_FLAGS_ALLOW_NAMESPACE_CACHING = 0x0400,
+ SHI1005_FLAGS_ACCESS_BASED_DIRECTORY_ENUM = 0x0800
+ } SHARE_INFO_1005_FLAGS;
+
+ typedef struct {
+ SHARE_INFO_1005_FLAGS shi1005_flags;
+ } SHARE_INFO_1005;
+
+ typedef struct {
+ uint32 shi1006_max_uses;
+ } SHARE_INFO_1006;
+
+ [nopush,nopull] NET_API_STATUS NetShareAdd(
+ [in] string server_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetShareDel */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetShareDel(
+ [in] string server_name,
+ [in] string net_name,
+ [in] uint32 reserved
+ );
+
+ /*******************************************/
+ /* NetShareEnum */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetShareEnum(
+ [in] string server_name,
+ [in] uint32 level,
+ [out] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out] uint32 *entries_read,
+ [out] uint32 *total_entries,
+ [in,out] uint32 *resume_handle
+ );
+
+ /*******************************************/
+ /* NetShareGetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetShareGetInfo(
+ [in] string server_name,
+ [in] string net_name,
+ [in] uint32 level,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetShareSetInfo */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetShareSetInfo(
+ [in] string server_name,
+ [in] string net_name,
+ [in] uint32 level,
+ [in] uint8 *buffer,
+ [out] uint32 *parm_err
+ );
+
+ /*******************************************/
+ /* NetFileClose */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetFileClose(
+ [in] string server_name,
+ [in] uint32 fileid
+ );
+
+ /*******************************************/
+ /* NetFileGetInfo */
+ /*******************************************/
+
+ typedef struct {
+ uint32 fi2_id;
+ } FILE_INFO_2;
+
+ typedef struct {
+ uint32 fi3_id;
+ uint32 fi3_permissions;
+ uint32 fi3_num_locks;
+ string fi3_pathname;
+ string fi3_username;
+ } FILE_INFO_3;
+
+ [nopush,nopull] NET_API_STATUS NetFileGetInfo(
+ [in] string server_name,
+ [in] uint32 fileid,
+ [in] uint32 level,
+ [out] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* NetFileEnum */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetFileEnum(
+ [in] string server_name,
+ [in] string base_path,
+ [in] string user_name,
+ [in] uint32 level,
+ [out] uint8 **buffer,
+ [in] uint32 prefmaxlen,
+ [out] uint32 *entries_read,
+ [out] uint32 *total_entries,
+ [in,out] uint32 *resume_handle
+ );
+
+ /*******************************************/
+ /* NetShutdownInit */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetShutdownInit(
+ [in] string server_name,
+ [in] string message,
+ [in] uint32 timeout,
+ [in] uint8 force_apps,
+ [in] uint8 do_reboot
+ );
+
+ /*******************************************/
+ /* NetShutdownAbort */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS NetShutdownAbort(
+ [in] string server_name
+ );
+
+ /*******************************************/
+ /* I_NetLogonControl */
+ /*******************************************/
+
+ typedef struct {
+ uint32 netlog1_flags;
+ NET_API_STATUS netlog1_pdc_connection_status;
+ } NETLOGON_INFO_1;
+
+ typedef struct {
+ uint32 netlog2_flags;
+ NET_API_STATUS netlog2_pdc_connection_status;
+ string netlog2_trusted_dc_name;
+ NET_API_STATUS netlog2_tc_connection_status;
+ } NETLOGON_INFO_2;
+
+ typedef struct {
+ uint32 netlog1_flags;
+ uint32 netlog3_logon_attempts;
+ uint32 netlog3_reserved1;
+ uint32 netlog3_reserved2;
+ uint32 netlog3_reserved3;
+ uint32 netlog3_reserved4;
+ uint32 netlog3_reserved5;
+ } NETLOGON_INFO_3;
+
+ typedef struct {
+ string netlog4_trusted_dc_name;
+ string netlog4_trusted_domain_name;
+ } NETLOGON_INFO_4;
+
+ [nopush,nopull] NET_API_STATUS I_NetLogonControl(
+ [in] string server_name,
+ [in] uint32 function_code,
+ [in] uint32 query_level,
+ [out,ref] uint8 **buffer
+ );
+
+ /*******************************************/
+ /* I_NetLogonControl2 */
+ /*******************************************/
+
+ [nopush,nopull] NET_API_STATUS I_NetLogonControl2(
+ [in] string server_name,
+ [in] uint32 function_code,
+ [in] uint32 query_level,
+ [in,unique] uint8 *data,
+ [out,ref] uint8 **buffer
+ );
+}
diff --git a/source3/librpc/idl/open_files.idl b/source3/librpc/idl/open_files.idl
new file mode 100644
index 0000000..5dea021
--- /dev/null
+++ b/source3/librpc/idl/open_files.idl
@@ -0,0 +1,133 @@
+#include "idl_types.h"
+
+import "server_id.idl";
+import "security.idl";
+import "file_id.idl";
+import "smb2_lease_struct.idl";
+import "misc.idl";
+
+[
+ pointer_default(unique)
+]
+
+interface open_files
+{
+ typedef [enum16bit] enum {
+ SHARE_MODE_ENTRY_OP_TYPE_NONE = 0,
+ SHARE_MODE_ENTRY_OP_TYPE_EXCLUSIVE = 1,
+ SHARE_MODE_ENTRY_OP_TYPE_BATCH_WITHOUT_EXCLUSIVE = 2,
+ SHARE_MODE_ENTRY_OP_TYPE_BATCH = 3,
+ SHARE_MODE_ENTRY_OP_TYPE_LEVEL_II = 4,
+ SHARE_MODE_ENTRY_OP_TYPE_LEASE = 0x100
+ } share_mode_entry_op_type;
+
+ typedef [public] struct {
+ server_id pid;
+ hyper op_mid;
+ share_mode_entry_op_type op_type;
+ GUID client_guid;
+ smb2_lease_key lease_key;
+ uint32 access_mask;
+ uint32 share_access;
+ uint32 private_options;
+ timeval time;
+ udlong share_file_id;
+ uint32 uid;
+ uint16 flags;
+ uint32 name_hash;
+
+ /*
+ * In-memory flag indicating a non-existing pid. We don't want
+ * to store this share_mode_entry on disk.
+ */
+ [skip] boolean8 stale;
+ } share_mode_entry;
+
+ typedef [public] struct {
+ uint32 name_hash;
+ security_token *delete_nt_token;
+ security_unix_token *delete_token;
+ } delete_token;
+
+ typedef [public,bitmap16bit] bitmap {
+ SHARE_MODE_SHARE_DELETE = 0x100,
+ SHARE_MODE_SHARE_WRITE = 0x080,
+ SHARE_MODE_SHARE_READ = 0x040,
+ SHARE_MODE_ACCESS_DELETE = 0x020,
+ SHARE_MODE_ACCESS_WRITE = 0x010,
+ SHARE_MODE_ACCESS_READ = 0x008,
+ SHARE_MODE_LEASE_HANDLE = 0x004,
+ SHARE_MODE_LEASE_WRITE = 0x002,
+ SHARE_MODE_LEASE_READ = 0x001
+ } share_mode_flags;
+
+ typedef [public] struct {
+ hyper unique_content_epoch;
+ share_mode_flags flags;
+ [string,charset(UTF8)] char *servicepath;
+ [string,charset(UTF8)] char *base_name;
+ [string,charset(UTF8)] char *stream_name;
+ uint32 num_delete_tokens;
+ [size_is(num_delete_tokens)] delete_token delete_tokens[];
+ NTTIME old_write_time;
+ NTTIME changed_write_time;
+ [skip] boolean8 not_stored;
+ [skip] boolean8 modified;
+ [ignore] file_id id; /* In memory key used to lookup cache. */
+ } share_mode_data;
+
+ /* these are 0x30 (48) characters */
+ const string VFS_DEFAULT_DURABLE_COOKIE_MAGIC =
+ "VFS_DEFAULT_DURABLE_COOKIE_MAGIC ";
+ const uint32 VFS_DEFAULT_DURABLE_COOKIE_VERSION = 0;
+
+ /* this corresponds to struct stat_ex (SMB_STRUCT_STAT) */
+ typedef struct {
+ hyper st_ex_dev;
+ hyper st_ex_ino;
+ hyper st_ex_mode;
+ hyper st_ex_nlink;
+ hyper st_ex_uid;
+ hyper st_ex_gid;
+ hyper st_ex_rdev;
+ hyper st_ex_size;
+ timespec st_ex_atime;
+ timespec st_ex_mtime;
+ timespec st_ex_ctime;
+ timespec st_ex_btime;
+ hyper st_ex_blksize;
+ hyper st_ex_blocks;
+ uint32 st_ex_flags;
+ uint32 st_ex_iflags;
+ } vfs_default_durable_stat;
+
+ typedef [public] struct {
+ [value(VFS_DEFAULT_DURABLE_COOKIE_MAGIC),charset(DOS)] uint8 magic[0x30];
+ [value(VFS_DEFAULT_DURABLE_COOKIE_VERSION)] uint32 version;
+ boolean8 allow_reconnect;
+ file_id id;
+ [string,charset(UTF8)] char *servicepath;
+ [string,charset(UTF8)] char *base_name;
+ hyper initial_allocation_size;
+ hyper position_information;
+ boolean8 update_write_time_triggered;
+ boolean8 update_write_time_on_close;
+ boolean8 write_time_forced;
+ NTTIME close_write_time;
+ vfs_default_durable_stat stat_info;
+ } vfs_default_durable_cookie;
+
+ typedef [public] struct {
+ file_id id;
+ udlong share_file_id;
+ uint8 break_to;
+ } oplock_break_message;
+
+ typedef [public] struct {
+ file_id id;
+ udlong share_file_id;
+ [string,charset(UTF8)] char *servicepath;
+ [string,charset(UTF8)] char *base_name;
+ [string,charset(UTF8)] char *stream_name;
+ } file_rename_message;
+}
diff --git a/source3/librpc/idl/perfcount.idl b/source3/librpc/idl/perfcount.idl
new file mode 100644
index 0000000..e797e01
--- /dev/null
+++ b/source3/librpc/idl/perfcount.idl
@@ -0,0 +1,172 @@
+#include "idl_types.h"
+
+/*
+ IDL structures for perfcount code
+*/
+
+[
+ pointer_default(unique)
+]
+ interface perfcount
+{
+ const int PERF_NO_INSTANCES = -1;
+ const int PERF_NO_UNIQUE_ID = -1;
+
+ /* These determine the data size */
+ const int PERF_SIZE_DWORD = 0x00000000;
+ const int PERF_SIZE_LARGE = 0x00000100;
+ const int PERF_SIZE_ZERO = 0x00000200;
+ const int PERF_SIZE_VARIABLE_LEN = 0x00000300;
+
+ /* These determine the usage of the counter */
+ const int PERF_TYPE_NUMBER = 0x00000000;
+ const int PERF_TYPE_COUNTER = 0x00000400;
+ const int PERF_TYPE_TEXT = 0x00000800;
+ const int PERF_TYPE_ZERO = 0x00000C00;
+
+ /* If PERF_TYPE_NUMBER was selected, these provide display information */
+ const int PERF_NUMBER_HEX = 0x00000000;
+ const int PERF_NUMBER_DECIMAL = 0x00010000;
+ const int PERF_NUMBER_DEC_1000 = 0x00020000;
+
+ /* If PERF_TYPE_COUNTER was selected, these provide display information */
+ const int PERF_COUNTER_VALUE = 0x00000000;
+ const int PERF_COUNTER_RATE = 0x00010000;
+ const int PERF_COUNTER_FRACTION = 0x00020000;
+ const int PERF_COUNTER_BASE = 0x00030000;
+ const int PERF_COUNTER_ELAPSED = 0x00040000;
+ const int PERF_COUNTER_QUEUELEN = 0x00050000;
+ const int PERF_COUNTER_HISTOGRAM = 0x00060000;
+ const int PERF_COUNTER_PRECISION = 0x00070000;
+
+ /* If PERF_TYPE_TEXT was selected, these provide display information */
+ const int PERF_TEXT_UNICODE = 0x00000000;
+ const int PERF_TEXT_ASCII = 0x00010000;
+
+ /* These provide information for which tick count to use when computing elapsed interval */
+ const int PERF_TIMER_TICK = 0x00000000;
+ const int PERF_TIMER_100NS = 0x00100000;
+ const int PERF_OBJECT_TIMER = 0x00200000;
+
+ /* These affect how the data is manipulated prior to being displayed */
+ const int PERF_DELTA_COUNTER = 0x00400000;
+ const int PERF_DELTA_BASE = 0x00800000;
+ const int PERF_INVERSE_COUNTER = 0x01000000;
+ const int PERF_MULTI_COUNTER = 0x02000000;
+
+ /* These determine if any text gets added when the value is displayed */
+ const int PERF_DISPLAY_NO_SUFFIX = 0x00000000;
+ const int PERF_DISPLAY_PER_SEC = 0x10000000;
+ const int PERF_DISPLAY_PERCENT = 0x20000000;
+ const int PERF_DISPLAY_SECONDS = 0x30000000;
+ const int PERF_DISPLAY_NOSHOW = 0x40000000;
+
+ /* These determine the DetailLevel of the counter */
+ const int PERF_DETAIL_NOVICE = 100;
+ const int PERF_DETAIL_ADVANCED = 200;
+ const int PERF_DETAIL_EXPERT = 300;
+ const int PERF_DETAIL_WIZARD = 400;
+
+ typedef struct {
+ uint16 year;
+ uint16 month;
+ uint16 dayofweek;
+ uint16 day;
+ uint16 hour;
+ uint16 minute;
+ uint16 second;
+ uint16 milliseconds;
+ } SYSTEMTIME;
+
+ typedef [public] struct {
+ /* sizeof(PERF_COUNTER_DEFINITION) */
+ uint32 ByteLength;
+ uint32 CounterNameTitleIndex;
+ uint32 CounterNameTitlePointer;
+ uint32 CounterHelpTitleIndex;
+ uint32 CounterHelpTitlePointer;
+ uint32 DefaultScale;
+ uint32 DetailLevel;
+ uint32 CounterType;
+ uint32 CounterSize;
+ uint32 CounterOffset;
+ } PERF_COUNTER_DEFINITION;
+
+ typedef [public] struct {
+ /* Total size of the data block, including all data plus this header */
+ uint32 ByteLength;
+ uint8 data[ByteLength];
+ } PERF_COUNTER_BLOCK;
+
+ typedef [public] struct {
+ /* Total size of the instance definition, including the length of the terminated Name string */
+ uint32 ByteLength;
+ uint32 ParentObjectTitleIndex;
+ uint32 ParentObjectTitlePointer;
+ uint32 UniqueID;
+ /* From the start of the PERF_INSTANCE_DEFINITION, the byte offset to the start of the Name string */
+ uint32 NameOffset;
+ uint32 NameLength;
+ /* Unicode string containing the name for the instance */
+ uint8 *data;
+ PERF_COUNTER_BLOCK counter_data;
+ } PERF_INSTANCE_DEFINITION;
+
+ typedef [public] struct {
+ /* Total size of the object block, including all PERF_INSTANCE_DEFINITIONs,
+ PERF_COUNTER_DEFINITIONs and PERF_COUNTER_BLOCKs in bytes */
+ uint32 TotalByteLength;
+ /* Size of this PERF_OBJECT_TYPE plus all PERF_COUNTER_DEFINITIONs in bytes */
+ uint32 DefinitionLength;
+ /* Size of this PERF_OBJECT_TYPE */
+ uint32 HeaderLength;
+ uint32 ObjectNameTitleIndex;
+ uint32 ObjectNameTitlePointer;
+ uint32 ObjectHelpTitleIndex;
+ uint32 ObjectHelpTitlePointer;
+ uint32 DetailLevel;
+ uint32 NumCounters;
+ uint32 DefaultCounter;
+ uint32 NumInstances;
+ uint32 CodePage;
+ hyper PerfTime;
+ hyper PerfFreq;
+ PERF_COUNTER_DEFINITION counters[NumCounters];
+ PERF_INSTANCE_DEFINITION instances[NumInstances];
+ PERF_COUNTER_BLOCK counter_data;
+ } PERF_OBJECT_TYPE;
+
+ /* PerfCounter Inner Buffer structs */
+ typedef [public] struct {
+ /* hardcoded to read "P.E.R.F" */
+ uint16 Signature[4];
+ uint32 LittleEndian;
+ /* both currently hardcoded to 1 */
+ uint32 Version;
+ uint32 Revision;
+ /* bytes of PERF_OBJECT_TYPE data, does NOT include the PERF_DATA_BLOCK */
+ uint32 TotalByteLength;
+ /* size of PERF_DATA_BLOCK including the uint8 *data */
+ uint32 HeaderLength;
+ /* number of PERF_OBJECT_TYPE structures encoded */
+ uint32 NumObjectTypes;
+ uint32 DefaultObject;
+ SYSTEMTIME SystemTime;
+ /* This will guarantee that we're on a 64-bit boundary before we encode
+ PerfTime, and having it there will make my offset math much easier. */
+ uint32 Padding;
+ /* Now when I'm marshalling this, I'll need to call prs_align_uint64()
+ before I start encoding the uint64 structs */
+ /* clock rate * seconds uptime */
+ hyper PerfTime;
+ /* The clock rate of the CPU */
+ hyper PerfFreq;
+ /* used for high-res timers -- for now PerfTime * 10e7 */
+ hyper PerfTime100nSec;
+ uint32 SystemNameLength;
+ uint32 SystemNameOffset;
+ /* The SystemName, in unicode, terminated */
+ uint8* data;
+ PERF_OBJECT_TYPE objects[NumObjectTypes];
+ } PERF_DATA_BLOCK;
+}
diff --git a/source3/librpc/idl/rpc_host.idl b/source3/librpc/idl/rpc_host.idl
new file mode 100644
index 0000000..9eb48d3
--- /dev/null
+++ b/source3/librpc/idl/rpc_host.idl
@@ -0,0 +1,93 @@
+/**
+ * @file rpc_host.idl
+ *
+ * Definitions for communication between samba-dcerpcd and rpc helper
+ * daemons
+ */
+#include "idl_types.h"
+
+import "named_pipe_auth.idl";
+import "dcerpc.idl";
+
+[
+ pointer_default(unique)
+]
+
+interface rpc_host_msg
+{
+ /**
+ * @brief MSG_RPC_HOST_NEW_CLIENT: samba-dcerpcd->rpcd
+ *
+ * samba-dcerpcd to rpcd msg announcing a new client. This
+ * will carry a file descriptor representing the new
+ * connection
+ */
+ typedef [public] struct {
+ /**
+ * @brief The binding the client wants to connect to
+ */
+ [string,charset(UTF8)] char *binding;
+
+ /**
+ * @brief Auth info inherited from SMB
+ */
+ named_pipe_auth_req_info8 *npa_info8;
+
+ /**
+ * @brief Raw bind PDU
+ *
+ * Already read from the socket by samba-dcerpcd
+ */
+ DATA_BLOB bind_packet;
+ } rpc_host_client;
+
+ /**
+ * @brief MSG_RPC_WORKER_STATUS: rpcd->samba-dcerpcd
+ *
+ * Once a client has been handed over from samba-dcerpcd to an
+ * rpcd, samba-dcerpc has no control over this socket
+ * anymore. So it can't know when the client exits and the
+ * rpcd helper process has a slot free. Thus whenever a client
+ * exits, rpcd sends this message up to samba-dcerpc for a
+ * status update.
+ */
+ typedef [flag(NDR_NOALIGN),public] struct {
+ /**
+ * @brief Which rpc service is this message from
+ *
+ * samba-dcerpcd will only have the source pid of this
+ * message. To avoid a walk through all arrays with
+ * all rpcd helpers, give samba-dcerpcd a hint where
+ * in its arrays to find the rpcd that sent this
+ * message.
+ */
+ uint32 server_index;
+
+ /**
+ * @brief Which of the processes of a helper prog is this from
+ *
+ * @note while this is uint32, we currently only support 16-bit
+ * values, as we use it in the high 16-bits of the 32-bit
+ * association group id.
+ */
+ uint32 worker_index;
+
+
+ /**
+ * @brief How many association groups this process serves right now
+ *
+ * @note while this is uint32, we currently only support 16-bit
+ * values, as we use the worker_index in the high 16-bits of
+ * so we only have 16-bit per worker in order to form the 32-bit
+ * association group id.
+ */
+ uint32 num_association_groups;
+
+ /**
+ * @brief How many client connections this process serves right now
+ *
+ * @note might be greater or equal to num_association_groups.
+ */
+ uint32 num_connections;
+ } rpc_worker_status;
+}
diff --git a/source3/librpc/idl/rpcd_witness.idl b/source3/librpc/idl/rpcd_witness.idl
new file mode 100644
index 0000000..80852d2
--- /dev/null
+++ b/source3/librpc/idl/rpcd_witness.idl
@@ -0,0 +1,109 @@
+#include "idl_types.h"
+
+import "misc.idl";
+import "server_id.idl";
+import "security.idl";
+import "witness.idl";
+
+[
+ uuid("d320d080-a007-11ee-9cb4-37fa942d84d2"),
+ version(0.0),
+ pointer_default(unique),
+ helpstring("rpcd_witness structures")
+]
+interface rpcd_witness
+{
+ /*
+ * This the content of records stored in
+ * rpcd_witness_registration.tdb.
+ */
+ typedef [public] struct {
+ witness_version version;
+ [string,charset(UTF8)] char net_name[];
+ [string,charset(UTF8)] char *share_name;
+ [string,charset(UTF8)] char ip_address[];
+ [string,charset(UTF8)] char client_computer_name[];
+ witness_RegisterEx_flags flags;
+ uint32 timeout;
+ policy_handle context_handle;
+ server_id server_id;
+ [charset(UTF8),string] char account_name[];
+ [charset(UTF8),string] char domain_name[];
+ dom_sid account_sid;
+ [charset(UTF8),string] char local_address[];
+ [charset(UTF8),string] char remote_address[];
+ NTTIME registration_time;
+ } rpcd_witness_registration;
+
+ void rpcd_witness_registration_decode(
+ [in] rpcd_witness_registration reg
+ );
+
+ typedef [enum16bit] enum {
+ RPCD_WITNESS_REGISTRATION_UPDATE_CLIENT_MOVE_TO_NODE = 0x0001,
+ RPCD_WITNESS_REGISTRATION_UPDATE_CLIENT_MOVE_TO_IPV4 = 0x0002,
+ RPCD_WITNESS_REGISTRATION_UPDATE_CLIENT_MOVE_TO_IPV6 = 0x0003,
+ RPCD_WITNESS_REGISTRATION_UPDATE_SHARE_MOVE_TO_NODE = 0x0004,
+ RPCD_WITNESS_REGISTRATION_UPDATE_SHARE_MOVE_TO_IPV4 = 0x0005,
+ RPCD_WITNESS_REGISTRATION_UPDATE_SHARE_MOVE_TO_IPV6 = 0x0006,
+ RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER = 0x0007,
+ RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE = 0x0008
+ } rpcd_witness_registration_update_type;
+
+ typedef struct {
+ uint32 new_node;
+ } rpcd_witness_registration_update_move_to_node;
+
+ typedef struct {
+ [flag(NDR_BIG_ENDIAN)] ipv4address new_ipv4;
+ } rpcd_witness_registration_update_move_to_ipv4;
+
+ typedef struct {
+ [flag(NDR_BIG_ENDIAN)] ipv6address new_ipv6;
+ } rpcd_witness_registration_update_move_to_ipv6;
+
+ typedef struct {
+ witness_notifyResponse *response;
+ WERROR result;
+ } rpcd_witness_registration_update_force_response;
+
+ typedef [switch_type(rpcd_witness_registration_update_type)] union {
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_CLIENT_MOVE_TO_NODE)]
+ rpcd_witness_registration_update_move_to_node client_move_to_node;
+
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_CLIENT_MOVE_TO_IPV4)]
+ rpcd_witness_registration_update_move_to_ipv4 client_move_to_ipv4;
+
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_CLIENT_MOVE_TO_IPV6)]
+ rpcd_witness_registration_update_move_to_ipv6 client_move_to_ipv6;
+
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_SHARE_MOVE_TO_NODE)]
+ rpcd_witness_registration_update_move_to_node share_move_to_node;
+
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_SHARE_MOVE_TO_IPV4)]
+ rpcd_witness_registration_update_move_to_ipv4 share_move_to_ipv4;
+
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_SHARE_MOVE_TO_IPV6)]
+ rpcd_witness_registration_update_move_to_ipv6 share_move_to_ipv6;
+
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER)];
+ /* empty */
+
+ [case(RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE)]
+ rpcd_witness_registration_update_force_response force_response;
+ } rpcd_witness_registration_updateU;
+
+ /*
+ * This is the content of
+ * MSG_RPCD_WITNESS_REGISTRATION_UPDATE messages
+ */
+ typedef [public] struct {
+ policy_handle context_handle;
+ rpcd_witness_registration_update_type type;
+ [switch_is(type)] rpcd_witness_registration_updateU update;
+ } rpcd_witness_registration_updateB;
+
+ void rpcd_witness_registration_update_decode(
+ [in] rpcd_witness_registration_updateB update
+ );
+}
diff --git a/source3/librpc/idl/secrets.idl b/source3/librpc/idl/secrets.idl
new file mode 100644
index 0000000..2c06fa6
--- /dev/null
+++ b/source3/librpc/idl/secrets.idl
@@ -0,0 +1,131 @@
+#include "idl_types.h"
+
+import "misc.idl", "samr.idl", "lsa.idl", "netlogon.idl", "security.idl";
+
+/*
+ IDL structures for secrets code
+*/
+
+[
+ pointer_default(unique)
+]
+ interface secrets
+{
+
+ /*
+ * s3 on-disc storage structure for trusted domains, do not change !
+ */
+
+ typedef [flag(NDR_NOALIGN),public] struct {
+ [value(strlen_m_term(uni_name))] uint32 uni_name_len;
+ [charset(UTF16)] uint16 uni_name[32]; /* unicode domain name */
+ [value(strlen(pass))] uint32 pass_len;
+ astring pass; /* trust relationship's password */
+ time_t mod_time;
+ dom_sid domain_sid; /* remote domain's sid */
+ } TRUSTED_DOM_PASS;
+
+ /*
+ * s3 on-disc storage structure for lsa secrets, do not change !
+ */
+
+ typedef [public] struct {
+ DATA_BLOB *secret_current;
+ NTTIME secret_current_lastchange;
+ DATA_BLOB *secret_old;
+ NTTIME secret_old_lastchange;
+ security_descriptor *sd;
+ } lsa_secret;
+
+ /*
+ * This is the on-disc format the workstation trust.
+ *
+ * DO NOT CHANGE
+ * without changing secrets_domain_info_version
+ * and adding glue code. Discuss on samba-technical
+ * first!
+ */
+ typedef struct {
+ uint32 keytype;
+ uint32 iteration_count;
+ [flag(NDR_SECRET)] DATA_BLOB value;
+ } secrets_domain_info1_kerberos_key;
+
+ typedef struct {
+ NTTIME change_time;
+ [string,charset(UTF16)] uint16 change_server[];
+
+ [flag(NDR_SECRET)] DATA_BLOB cleartext_blob;
+ [flag(NDR_SECRET)] samr_Password nt_hash;
+
+ [string,charset(UTF16)] uint16 *salt_data;
+ uint32 default_iteration_count;
+ uint16 num_keys;
+ secrets_domain_info1_kerberos_key keys[num_keys];
+ } secrets_domain_info1_password;
+
+ typedef struct {
+ NTSTATUS local_status;
+ NTSTATUS remote_status;
+ NTTIME change_time;
+ [string,charset(UTF16)] uint16 change_server[];
+ [ref] secrets_domain_info1_password *password;
+ } secrets_domain_info1_change;
+
+ typedef [public] struct {
+ [value(0)] hyper reserved_flags;
+
+ NTTIME join_time;
+
+ [string,charset(UTF16)] uint16 computer_name[];
+ [string,charset(UTF16)] uint16 account_name[];
+ netr_SchannelType secure_channel_type;
+
+ lsa_DnsDomainInfo domain_info;
+ netr_TrustFlags trust_flags;
+ lsa_TrustType trust_type;
+ lsa_TrustAttributes trust_attributes;
+
+ /*
+ * This is unused currently, it might
+ * be useful to implement multi-tenancy (joining multiple domains)
+ * in future.
+ *
+ * Or we could use it to do other filtering of domains.
+ */
+ [value(NULL)] lsa_ForestTrustInformation *reserved_routing;
+
+ kerb_EncTypes supported_enc_types;
+ [string,charset(UTF16)] uint16 *salt_principal;
+
+ NTTIME password_last_change;
+ hyper password_changes;
+ secrets_domain_info1_change *next_change;
+
+ [ref] secrets_domain_info1_password *password;
+ secrets_domain_info1_password *old_password;
+ secrets_domain_info1_password *older_password;
+ } secrets_domain_info1;
+
+ typedef [v1_enum] enum {
+ SECRETS_DOMAIN_INFO_VERSION_1 = 0x00000001
+ } secrets_domain_info_version;
+
+ /*
+ * If we ever need to change this we need to
+ * change secrets_domain_info into
+ * secrets_domain_info_v1
+ */
+ typedef union {
+ [case(SECRETS_DOMAIN_INFO_VERSION_1)]
+ secrets_domain_info1 *info1;
+ [default];
+ } secrets_domain_infoU;
+
+ typedef [public] struct {
+ secrets_domain_info_version version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] secrets_domain_infoU info;
+ } secrets_domain_infoB;
+}
+
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
new file mode 100644
index 0000000..4eb43e6
--- /dev/null
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -0,0 +1,549 @@
+#include "idl_types.h"
+
+import "misc.idl";
+import "server_id.idl";
+import "security.idl";
+import "auth.idl";
+
+[
+ uuid("07408340-ae31-11e1-97dc-539f7fddc06f"),
+ version(0.0),
+ pointer_default(unique),
+ helpstring("smbXsrv structures")
+]
+interface smbXsrv
+{
+ /*
+ * smbXsrv_version* is designed to allow
+ * rolling code upgrades in future (within a cluster).
+ *
+ * This just adds the infrastructure,
+ * but it does not implement it yet!
+ *
+ * Currently it only prevents that
+ * nodes with a different version numbers
+ * cannot run at the same time.
+ *
+ * Each node checks at startup, if the version
+ * matches the version of all other nodes.
+ * And it exits if the version does not match
+ * to avoid corruption.
+ *
+ * While it would be possible to add versioning
+ * to each of our internal databases it is easier
+ * use a dedicated database "smbXsrv_version_global.tdb"
+ * to hold the global version information.
+ *
+ * This removes extra complexity from the individual
+ * databases and allows that we add/remove databases
+ * or use different indexing keys.
+ *
+ */
+ typedef [v1_enum] enum {
+ /*
+ * NOTE: Version 0 is designed to be unstable and the format
+ * may change during development.
+ */
+ SMBXSRV_VERSION_0 = 0x00000000
+ } smbXsrv_version_values;
+
+ const uint32 SMBXSRV_VERSION_CURRENT = SMBXSRV_VERSION_0;
+
+ typedef struct {
+ server_id server_id;
+ smbXsrv_version_values min_version;
+ smbXsrv_version_values max_version;
+ smbXsrv_version_values current_version;
+ } smbXsrv_version_node0;
+
+ typedef struct {
+ [ignore] db_record *db_rec;
+ [range(1, 1024)] uint32 num_nodes;
+ smbXsrv_version_node0 nodes[num_nodes];
+ } smbXsrv_version_global0;
+
+ typedef union {
+ [case(0)] smbXsrv_version_global0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_version_globalU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ uint32 seqnum;
+ [switch_is(version)] smbXsrv_version_globalU info;
+ } smbXsrv_version_globalB;
+
+ void smbXsrv_version_global_decode(
+ [in] smbXsrv_version_globalB blob
+ );
+
+ /* client */
+
+ typedef struct {
+ [ignore] db_record *db_rec;
+ server_id server_id;
+ [charset(UTF8),string] char local_address[];
+ [charset(UTF8),string] char remote_address[];
+ [charset(UTF8),string] char remote_name[];
+ NTTIME initial_connect_time;
+ GUID client_guid;
+ boolean8 stored;
+ } smbXsrv_client_global0;
+
+ typedef union {
+ [case(0)] smbXsrv_client_global0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_client_globalU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ uint32 seqnum;
+ [switch_is(version)] smbXsrv_client_globalU info;
+ } smbXsrv_client_globalB;
+
+ void smbXsrv_client_global_decode(
+ [in] smbXsrv_client_globalB blob
+ );
+
+ typedef [public] struct {
+ [ignore] smbXsrv_client_table *table;
+ [ignore] struct tevent_context *raw_ev_ctx;
+ [ignore] struct messaging_context *msg_ctx;
+
+ [ref] smbXsrv_client_global0 *global;
+
+ /*
+ * There's just one 'sconn' per client.
+ * It holds the FSA layer details, which are global
+ * per client (process).
+ */
+ [ignore] struct smbd_server_connection *sconn;
+
+ /*
+ * this session_table is used for SMB1 and SMB2,
+ */
+ [ignore] struct smbXsrv_session_table *session_table;
+ /*
+ * this tcon_table is only used for SMB1.
+ */
+ [ignore] struct smbXsrv_tcon_table *tcon_table;
+ /*
+ * this open_table is used for SMB1 and SMB2,
+ * because we have a global sconn->real_max_open_files
+ * limit.
+ */
+ [ignore] struct smbXsrv_open_table *open_table;
+
+ /*
+ * For now this is only one connection!
+ * With multi-channel support we'll get more than
+ * one in future.
+ */
+ [ignore] struct smbXsrv_connection *connections;
+ boolean8 server_multi_channel_enabled;
+ hyper next_channel_id;
+ [ignore] struct tevent_req *connection_pass_subreq;
+ [ignore] struct tevent_req *connection_drop_subreq;
+
+ /*
+ * A List of pending breaks.
+ */
+ [ignore] struct smbXsrv_pending_break *pending_breaks;
+ } smbXsrv_client;
+
+ typedef union {
+ [case(0)] smbXsrv_client *info0;
+ [default] hyper *dummy;
+ } smbXsrv_clientU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_clientU info;
+ } smbXsrv_clientB;
+
+ void smbXsrv_client_decode(
+ [in] smbXsrv_clientB blob
+ );
+
+ /*
+ * smbXsrv_connection_pass is used in the MSG_SMBXSRV_CONNECTION_PASS
+ * message and echo'ed as MSG_SMBXSRV_CONNECTION_PASSED message with
+ * negotiate_request.length = 0.
+ */
+ typedef struct {
+ GUID client_guid;
+ server_id src_server_id;
+ NTTIME xconn_connect_time;
+ server_id dst_server_id;
+ NTTIME client_connect_time;
+ DATA_BLOB negotiate_request;
+ } smbXsrv_connection_pass0;
+
+ typedef union {
+ [case(0)] smbXsrv_connection_pass0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_connection_passU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_connection_passU info;
+ } smbXsrv_connection_passB;
+
+ void smbXsrv_connection_pass_decode(
+ [in] smbXsrv_connection_passB blob
+ );
+
+ /*
+ * smbXsrv_connection_drop is used in the MSG_SMBXSRV_CONNECTION_DROP
+ * message as reaction the record is deleted.
+ */
+ typedef struct {
+ GUID client_guid;
+ server_id src_server_id;
+ NTTIME xconn_connect_time;
+ server_id dst_server_id;
+ NTTIME client_connect_time;
+ } smbXsrv_connection_drop0;
+
+ typedef union {
+ [case(0)] smbXsrv_connection_drop0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_connection_dropU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_connection_dropU info;
+ } smbXsrv_connection_dropB;
+
+ void smbXsrv_connection_drop_decode(
+ [in] smbXsrv_connection_dropB blob
+ );
+
+ /* sessions */
+
+ typedef [public,bitmap8bit] bitmap {
+ SMBXSRV_ENCRYPTION_REQUIRED = 0x01,
+ SMBXSRV_ENCRYPTION_DESIRED = 0x02,
+ SMBXSRV_PROCESSED_ENCRYPTED_PACKET = 0x04,
+ SMBXSRV_PROCESSED_UNENCRYPTED_PACKET = 0x08
+ } smbXsrv_encrpytion_flags;
+
+ typedef [public,bitmap8bit] bitmap {
+ SMBXSRV_SIGNING_REQUIRED = 0x01,
+ SMBXSRV_PROCESSED_SIGNED_PACKET = 0x02,
+ SMBXSRV_PROCESSED_UNSIGNED_PACKET = 0x04
+ } smbXsrv_signing_flags;
+
+ typedef struct {
+ server_id server_id;
+ hyper channel_id;
+ NTTIME creation_time;
+ [charset(UTF8),string] char local_address[];
+ [charset(UTF8),string] char remote_address[];
+ [charset(UTF8),string] char remote_name[];
+ [noprint] DATA_BLOB signing_key_blob;
+ [ignore] smb2_signing_key *signing_key;
+ uint32 auth_session_info_seqnum;
+ [ignore] smbXsrv_connection *connection;
+ uint16 signing_algo;
+ uint16 encryption_cipher;
+ } smbXsrv_channel_global0;
+
+ typedef struct {
+ [ignore] db_record *db_rec;
+ uint32 session_global_id;
+ hyper session_wire_id;
+ NTTIME creation_time;
+ NTTIME expiration_time;
+ /*
+ * auth_session is NULL until the
+ * session is valid for the first time.
+ */
+ NTTIME auth_time;
+ uint32 auth_session_info_seqnum;
+ auth_session_info *auth_session_info;
+ uint16 connection_dialect;
+ GUID client_guid;
+ smbXsrv_signing_flags signing_flags;
+ uint16 signing_algo;
+ smbXsrv_encrpytion_flags encryption_flags;
+ uint16 encryption_cipher;
+ [noprint] DATA_BLOB signing_key_blob;
+ [ignore] smb2_signing_key *signing_key;
+ [noprint] DATA_BLOB encryption_key_blob;
+ [ignore] smb2_signing_key *encryption_key;
+ [noprint] DATA_BLOB decryption_key_blob;
+ [ignore] smb2_signing_key *decryption_key;
+ [noprint] DATA_BLOB application_key_blob;
+ [ignore] smb2_signing_key *application_key;
+ [range(1, 1024)] uint32 num_channels;
+ smbXsrv_channel_global0 channels[num_channels];
+ } smbXsrv_session_global0;
+
+ typedef union {
+ [case(0)] smbXsrv_session_global0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_session_globalU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ uint32 seqnum;
+ [switch_is(version)] smbXsrv_session_globalU info;
+ } smbXsrv_session_globalB;
+
+ void smbXsrv_session_global_decode(
+ [in] smbXsrv_session_globalB blob
+ );
+
+ /*
+ * The main server code should just work with
+ * 'struct smbXsrv_session' and never use
+ * smbXsrv_session0, smbXsrv_sessionU
+ * and smbXsrv_sessionB directly.
+ *
+ * If we need to change the smbXsrv_session,
+ * we can just rename smbXsrv_session
+ * to smbXsrv_session0 and add a new
+ * smbXsrv_session for version 1
+ * and could implement transparent mapping.
+ */
+
+ typedef struct {
+ [ignore] smbXsrv_session_auth0 *prev;
+ [max_recursion(20000)] smbXsrv_session_auth0 *next;
+ [ignore] smbXsrv_session *session;
+ [ignore] smbXsrv_connection *connection;
+ [ignore] gensec_security *gensec;
+ [ignore] smbXsrv_preauth *preauth;
+ uint8 in_flags;
+ uint8 in_security_mode;
+ NTTIME creation_time;
+ NTTIME idle_time;
+ hyper channel_id;
+ } smbXsrv_session_auth0;
+
+ typedef struct {
+ [ignore] smbXsrv_session_table *table;
+ [ignore] db_record *db_rec;
+ [ignore] smbXsrv_client *client;
+ uint32 local_id;
+ [ref] smbXsrv_session_global0 *global;
+ NTSTATUS status;
+ NTTIME idle_time;
+ hyper nonce_high_random;
+ hyper nonce_high_max;
+ hyper nonce_high;
+ hyper nonce_low;
+ [ignore] smbXsrv_tcon_table *tcon_table;
+ [ignore] uint32 homes_snum;
+ smbXsrv_session_auth0 *pending_auth;
+ } smbXsrv_session;
+
+ typedef union {
+ [case(0)] smbXsrv_session *info0;
+ [default] hyper *dummy;
+ } smbXsrv_sessionU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_sessionU info;
+ } smbXsrv_sessionB;
+
+ void smbXsrv_session_decode(
+ [in] smbXsrv_sessionB blob
+ );
+
+ /*
+ * smbXsrv_session_close is use in the MSG_SMBXSRV_SESSION_CLOSE
+ * message
+ */
+ typedef struct {
+ uint32 old_session_global_id;
+ hyper old_session_wire_id;
+ NTTIME old_creation_time;
+ hyper new_session_wire_id;
+ } smbXsrv_session_close0;
+
+ typedef union {
+ [case(0)] smbXsrv_session_close0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_session_closeU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_session_closeU info;
+ } smbXsrv_session_closeB;
+
+ void smbXsrv_session_close_decode(
+ [in] smbXsrv_session_closeB blob
+ );
+
+ /* tree connects */
+
+ typedef struct {
+ [ignore] db_record *db_rec;
+ uint32 tcon_global_id;
+ uint32 tcon_wire_id;
+ server_id server_id;
+ NTTIME creation_time;
+ [charset(UTF8),string] char share_name[];
+ smbXsrv_encrpytion_flags encryption_flags;
+ /*
+ * for SMB1 this is the session that the tcon was opened on
+ */
+ uint32 session_global_id;
+ smbXsrv_signing_flags signing_flags;
+ } smbXsrv_tcon_global0;
+
+ typedef union {
+ [case(0)] smbXsrv_tcon_global0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_tcon_globalU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ uint32 seqnum;
+ [switch_is(version)] smbXsrv_tcon_globalU info;
+ } smbXsrv_tcon_globalB;
+
+ void smbXsrv_tcon_global_decode(
+ [in] smbXsrv_tcon_globalB blob
+ );
+
+ /*
+ * The main server code should just work with
+ * 'struct smbXsrv_tcon' and never use
+ * smbXsrv_tcon0, smbXsrv_tconU
+ * and smbXsrv_tconB directly.
+ *
+ * If we need to change the smbXsrv_tcon,
+ * we can just rename smbXsrv_tcon
+ * to smbXsrv_tcon0 and add a new
+ * smbXsrv_tcon for version 1
+ * and could implement transparent mapping.
+ */
+ typedef struct {
+ [ignore] smbXsrv_tcon_table *table;
+ [ignore] db_record *db_rec;
+ uint32 local_id;
+ [ref] smbXsrv_tcon_global0 *global;
+ NTSTATUS status;
+ NTTIME idle_time;
+ [ignore] connection_struct *compat;
+ } smbXsrv_tcon;
+
+ typedef union {
+ [case(0)] smbXsrv_tcon *info0;
+ [default] hyper *dummy;
+ } smbXsrv_tconU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_tconU info;
+ } smbXsrv_tconB;
+
+ void smbXsrv_tcon_decode(
+ [in] smbXsrv_tconB blob
+ );
+
+ /* open files */
+
+ typedef [public,bitmap8bit] bitmap {
+ SMBXSRV_OPEN_NEED_REPLAY_CACHE = 0x01,
+ SMBXSRV_OPEN_HAVE_REPLAY_CACHE = 0x02
+ } smbXsrv_open_flags;
+
+ typedef struct {
+ server_id server_id;
+ uint32 open_global_id;
+ hyper open_persistent_id;
+ hyper open_volatile_id;
+ dom_sid open_owner;
+ NTTIME open_time;
+ GUID create_guid;
+ GUID client_guid;
+ GUID app_instance_id;
+ /*
+ * TODO: for durable/resilient/persistent handles we need more
+ * things here. See [MS-SMB2] 3.3.1.10 Per Open
+ *
+ * NOTE: this is still version 0, which is not a stable format!
+ */
+ NTTIME disconnect_time;
+ uint32 durable_timeout_msec;
+ boolean8 durable;
+ DATA_BLOB backend_cookie;
+ uint16 channel_sequence;
+ hyper channel_generation;
+ [flag(NDR_PAHEX)] uint8 lock_sequence_array[64];
+ } smbXsrv_open_global0;
+
+ typedef union {
+ [case(0)] smbXsrv_open_global0 *info0;
+ [default] hyper *dummy;
+ } smbXsrv_open_globalU;
+
+ typedef [public] struct {
+
+ smbXsrv_version_values version;
+ uint32 seqnum;
+ [switch_is(version)] smbXsrv_open_globalU info;
+ } smbXsrv_open_globalB;
+
+ void smbXsrv_open_global_decode(
+ [in] smbXsrv_open_globalB blob
+ );
+
+ /*
+ * The main server code should just work with
+ * 'struct smbXsrv_open' and never use
+ * smbXsrv_open0, smbXsrv_openU
+ * and smbXsrv_openB directly.
+ *
+ * If we need to change the smbXsrv_open,
+ * we can just rename smbXsrv_open
+ * to smbXsrv_open0 and add a new
+ * smbXsrv_open for version 1
+ * and could implement transparent mapping.
+ */
+ typedef struct {
+ [ignore] smbXsrv_open_table *table;
+ uint32 local_id;
+ [ref] smbXsrv_open_global0 *global;
+ NTSTATUS status;
+ NTTIME idle_time;
+ [ignore] files_struct *compat;
+ smbXsrv_open_flags flags;
+ uint32 create_action;
+ hyper request_count;
+ hyper pre_request_count;
+ } smbXsrv_open;
+
+ typedef union {
+ [case(0)] smbXsrv_open *info0;
+ [default] hyper *dummy;
+ } smbXsrv_openU;
+
+ typedef [public] struct {
+ smbXsrv_version_values version;
+ [value(0)] uint32 reserved;
+ [switch_is(version)] smbXsrv_openU info;
+ } smbXsrv_openB;
+
+ void smbXsrv_open_decode(
+ [in] smbXsrv_openB blob
+ );
+
+ const uint32 SMBXSRV_OPEN_REPLAY_CACHE_FIXED_SIZE = 28;
+ typedef [public] struct {
+ GUID holder_req_guid;
+ NTTIME idle_time;
+ uint32 local_id;
+ } smbXsrv_open_replay_cache;
+}
diff --git a/source3/librpc/idl/wscript_build b/source3/librpc/idl/wscript_build
new file mode 100644
index 0000000..f46c498
--- /dev/null
+++ b/source3/librpc/idl/wscript_build
@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+
+import os
+
+topinclude=os.path.join(bld.srcnode.abspath(), 'librpc/idl')
+
+bld.SAMBA_PIDL_LIST('PIDL',
+ '''open_files.idl
+ perfcount.idl secrets.idl
+ smbXsrv.idl
+ leases_db.idl
+ rpcd_witness.idl
+ ''',
+ options='--includedir=%s --header --ndr-parser --client --python' % topinclude,
+ output_dir='../gen_ndr')
+
+bld.SAMBA_PIDL_LIST('PIDL',
+ '''
+ libnetapi.idl
+ rpc_host.idl
+ ''',
+ options='--includedir=%s --header --ndr-parser' % topinclude,
+ output_dir='../gen_ndr',
+ generate_tables=False)
+
+absinclude=os.path.join(bld.srcnode.abspath(), 'bin/default/include')
+
+bld.SAMBA_PIDL_LIST('PIDL',
+ '''
+ libnet_join.idl
+ ''',
+ options='--includedir=%s --includedir=%s --header --ndr-parser' % (topinclude, absinclude),
+ output_dir='../gen_ndr',
+ generate_tables=False)
+
+bld.SAMBA_PIDL_LIST('PIDL',
+ '''
+ ads.idl
+ ''',
+ options='--includedir=%s --includedir=%s --header --ndr-parser' % (topinclude, absinclude),
+ output_dir='../gen_ndr')
diff --git a/source3/librpc/ndr/ndr_ads.c b/source3/librpc/ndr/ndr_ads.c
new file mode 100644
index 0000000..6b6e11a
--- /dev/null
+++ b/source3/librpc/ndr/ndr_ads.c
@@ -0,0 +1,32 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ routines for marshalling/unmarshalling ads structures
+
+ Copyright (C) Guenther Deschner 2020
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_ads.h"
+
+enum ndr_err_code ndr_pull_ads_struct(struct ndr_pull *ndr, ndr_flags_type ndr_flags, struct ads_struct *r)
+{
+ return NDR_ERR_SUCCESS;
+}
+enum ndr_err_code ndr_push_ads_struct(struct ndr_push *ndr, ndr_flags_type ndr_flags, const struct ads_struct *r)
+{
+ return NDR_ERR_SUCCESS;
+}
diff --git a/source3/librpc/rpc/dcerpc.h b/source3/librpc/rpc/dcerpc.h
new file mode 100644
index 0000000..4b76c5c
--- /dev/null
+++ b/source3/librpc/rpc/dcerpc.h
@@ -0,0 +1,80 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ DCERPC client side interface structures
+
+ Copyright (C) 2008 Jelmer Vernooij
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* This is a public header file that is installed as part of Samba.
+ * If you remove any functions or change their signature, update
+ * the so version number. */
+
+#ifndef _S3_DCERPC_H__
+#define _S3_DCERPC_H__
+
+#include "librpc/gen_ndr/dcerpc.h"
+#include "../librpc/ndr/libndr.h"
+#include "../librpc/rpc/rpc_common.h"
+
+struct NL_AUTH_MESSAGE;
+struct gensec_security;
+
+/* auth state for all bind types. */
+
+struct pipe_auth_data {
+ enum dcerpc_AuthType auth_type;
+ enum dcerpc_AuthLevel auth_level;
+ uint32_t auth_context_id;
+ bool client_hdr_signing;
+ bool hdr_signing;
+ bool verified_bitmask1;
+
+ struct gensec_security *auth_ctx;
+
+ /* Only the client code uses this for now */
+ DATA_BLOB transport_session_key;
+};
+
+/* The following definitions come from librpc/rpc/dcerpc_helpers.c */
+NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx,
+ enum dcerpc_pkt_type ptype,
+ uint8_t pfc_flags,
+ uint16_t auth_length,
+ uint32_t call_id,
+ union dcerpc_payload *u,
+ DATA_BLOB *blob);
+NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ uint8_t auth_pad_length,
+ uint32_t auth_context_id,
+ const DATA_BLOB *credentials,
+ DATA_BLOB *blob);
+NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
+ size_t header_len, size_t data_left,
+ size_t max_xmit_frag,
+ size_t *data_to_send, size_t *frag_len,
+ size_t *auth_len, size_t *pad_len);
+NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
+ size_t pad_len, DATA_BLOB *rpc_out);
+NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
+ struct ncacn_packet *pkt,
+ DATA_BLOB *pkt_trailer,
+ uint8_t header_size,
+ DATA_BLOB *raw_pkt);
+
+#endif /* __S3_DCERPC_H__ */
diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
new file mode 100644
index 0000000..2b99eb7
--- /dev/null
+++ b/source3/librpc/rpc/dcerpc_helpers.c
@@ -0,0 +1,520 @@
+/*
+ * DCERPC Helper routines
+ * Günther Deschner <gd@samba.org> 2010.
+ * Simo Sorce <idra@samba.org> 2010.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "includes.h"
+#include "librpc/rpc/dcerpc.h"
+#include "librpc/rpc/dcerpc_util.h"
+#include "librpc/gen_ndr/ndr_dcerpc.h"
+#include "librpc/crypto/gse.h"
+#include "auth/gensec/gensec.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_PARSE
+
+/**
+* @brief NDR Encodes a ncacn_packet
+*
+* @param mem_ctx The memory context the blob will be allocated on
+* @param ptype The DCERPC packet type
+* @param pfc_flags The DCERPC PFC Flags
+* @param auth_length The length of the trailing auth blob
+* @param call_id The call ID
+* @param u The payload of the packet
+* @param blob [out] The encoded blob if successful
+*
+* @return an NTSTATUS error code
+*/
+NTSTATUS dcerpc_push_ncacn_packet(TALLOC_CTX *mem_ctx,
+ enum dcerpc_pkt_type ptype,
+ uint8_t pfc_flags,
+ uint16_t auth_length,
+ uint32_t call_id,
+ union dcerpc_payload *u,
+ DATA_BLOB *blob)
+{
+ struct ncacn_packet r;
+ enum ndr_err_code ndr_err;
+
+ r.rpc_vers = 5;
+ r.rpc_vers_minor = 0;
+ r.ptype = ptype;
+ r.pfc_flags = pfc_flags;
+ r.drep[0] = DCERPC_DREP_LE;
+ r.drep[1] = 0;
+ r.drep[2] = 0;
+ r.drep[3] = 0;
+ r.auth_length = auth_length;
+ r.call_id = call_id;
+ r.u = *u;
+
+ ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
+ (ndr_push_flags_fn_t)ndr_push_ncacn_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ dcerpc_set_frag_length(blob, blob->length);
+
+
+ if (DEBUGLEVEL >= 10) {
+ /* set frag len for print function */
+ r.frag_length = blob->length;
+ NDR_PRINT_DEBUG(ncacn_packet, &r);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/**
+* @brief NDR Encodes a dcerpc_auth structure
+*
+* @param mem_ctx The memory context the blob will be allocated on
+* @param auth_type The DCERPC Authentication Type
+* @param auth_level The DCERPC Authentication Level
+* @param auth_pad_length The padding added to the packet this blob will be
+* appended to.
+* @param auth_context_id The context id
+* @param credentials The authentication credentials blob (signature)
+* @param blob [out] The encoded blob if successful
+*
+* @return a NTSTATUS error code
+*/
+NTSTATUS dcerpc_push_dcerpc_auth(TALLOC_CTX *mem_ctx,
+ enum dcerpc_AuthType auth_type,
+ enum dcerpc_AuthLevel auth_level,
+ uint8_t auth_pad_length,
+ uint32_t auth_context_id,
+ const DATA_BLOB *credentials,
+ DATA_BLOB *blob)
+{
+ struct dcerpc_auth r;
+ enum ndr_err_code ndr_err;
+
+ r.auth_type = auth_type;
+ r.auth_level = auth_level;
+ r.auth_pad_length = auth_pad_length;
+ r.auth_reserved = 0;
+ r.auth_context_id = auth_context_id;
+ r.credentials = *credentials;
+
+ ndr_err = ndr_push_struct_blob(blob, mem_ctx, &r,
+ (ndr_push_flags_fn_t)ndr_push_dcerpc_auth);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(dcerpc_auth, &r);
+ }
+
+ return NT_STATUS_OK;
+}
+
+/**
+* @brief Calculate how much data we can in a packet, including calculating
+* auth token and pad lengths.
+*
+* @param auth The pipe_auth_data structure for this pipe.
+* @param header_len The length of the packet header
+* @param data_left The data left in the send buffer
+* @param max_xmit_frag The max fragment size.
+* @param data_to_send [out] The max data we will send in the pdu
+* @param frag_len [out] The total length of the fragment
+* @param auth_len [out] The length of the auth trailer
+* @param pad_len [out] The padding to be applied
+*
+* @return A NT Error status code.
+*/
+NTSTATUS dcerpc_guess_sizes(struct pipe_auth_data *auth,
+ size_t header_len, size_t data_left,
+ size_t max_xmit_frag,
+ size_t *data_to_send, size_t *frag_len,
+ size_t *auth_len, size_t *pad_len)
+{
+ size_t max_len;
+ size_t mod_len;
+ struct gensec_security *gensec_security;
+
+ /* no auth token cases first */
+ switch (auth->auth_level) {
+ case DCERPC_AUTH_LEVEL_NONE:
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ max_len = max_xmit_frag - header_len;
+ *data_to_send = MIN(max_len, data_left);
+ *pad_len = 0;
+ *auth_len = 0;
+ *frag_len = header_len + *data_to_send;
+ return NT_STATUS_OK;
+
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ break;
+
+ case DCERPC_AUTH_LEVEL_PACKET:
+ break;
+
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+
+ /* Sign/seal case, calculate auth and pad lengths */
+
+ max_len = max_xmit_frag - header_len - DCERPC_AUTH_TRAILER_LENGTH;
+
+ /* Treat the same for all authenticated rpc requests. */
+ switch (auth->auth_type) {
+ case DCERPC_AUTH_TYPE_SPNEGO:
+ case DCERPC_AUTH_TYPE_NTLMSSP:
+ case DCERPC_AUTH_TYPE_KRB5:
+ case DCERPC_AUTH_TYPE_SCHANNEL:
+ gensec_security = auth->auth_ctx;
+ mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT);
+ *auth_len = gensec_sig_size(gensec_security, max_len - mod_len);
+ if (*auth_len == 0) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ break;
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ max_len -= *auth_len;
+ mod_len = (max_len % DCERPC_AUTH_PAD_ALIGNMENT);
+ max_len -= mod_len;
+
+ *data_to_send = MIN(max_len, data_left);
+
+ *pad_len = DCERPC_AUTH_PAD_LENGTH(*data_to_send);
+
+ *frag_len = header_len + *data_to_send + *pad_len
+ + DCERPC_AUTH_TRAILER_LENGTH + *auth_len;
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Create and add the NTLMSSP sign/seal auth data.
+ ********************************************************************/
+
+static NTSTATUS add_generic_auth_footer(struct gensec_security *gensec_security,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *rpc_out)
+{
+ uint16_t data_and_pad_len = rpc_out->length
+ - DCERPC_RESPONSE_LENGTH
+ - DCERPC_AUTH_TRAILER_LENGTH;
+ DATA_BLOB auth_blob;
+ NTSTATUS status;
+
+ if (!gensec_security) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ /* Data portion is encrypted. */
+ status = gensec_seal_packet(gensec_security,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PACKET:
+ /* Data is signed. */
+ status = gensec_sign_packet(gensec_security,
+ rpc_out->data,
+ rpc_out->data
+ + DCERPC_RESPONSE_LENGTH,
+ data_and_pad_len,
+ rpc_out->data,
+ rpc_out->length,
+ &auth_blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
+
+ default:
+ /* Can't happen. */
+ smb_panic("bad auth level");
+ /* Notreached. */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* Finally attach the blob. */
+ if (!data_blob_append(NULL, rpc_out,
+ auth_blob.data, auth_blob.length)) {
+ DEBUG(0, ("Failed to add %u bytes auth blob.\n",
+ (unsigned int)auth_blob.length));
+ return NT_STATUS_NO_MEMORY;
+ }
+ data_blob_free(&auth_blob);
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Check/unseal the NTLMSSP auth data. (Unseal in place).
+ ********************************************************************/
+
+static NTSTATUS get_generic_auth_footer(struct gensec_security *gensec_security,
+ enum dcerpc_AuthLevel auth_level,
+ DATA_BLOB *data, DATA_BLOB *full_pkt,
+ DATA_BLOB *auth_token)
+{
+ if (gensec_security == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ switch (auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ /* Data portion is encrypted. */
+ return gensec_unseal_packet(gensec_security,
+ data->data,
+ data->length,
+ full_pkt->data,
+ full_pkt->length,
+ auth_token);
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ case DCERPC_AUTH_LEVEL_PACKET:
+ /* Data is signed. */
+ return gensec_check_packet(gensec_security,
+ data->data,
+ data->length,
+ full_pkt->data,
+ full_pkt->length,
+ auth_token);
+
+ default:
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+}
+
+/**
+* @brief Append an auth footer according to what is the current mechanism
+*
+* @param auth The pipe_auth_data associated with the connection
+* @param pad_len The padding used in the packet
+* @param rpc_out Packet blob up to and including the auth header
+*
+* @return A NTSTATUS error code.
+*/
+NTSTATUS dcerpc_add_auth_footer(struct pipe_auth_data *auth,
+ size_t pad_len, DATA_BLOB *rpc_out)
+{
+ struct gensec_security *gensec_security;
+ const char pad[DCERPC_AUTH_PAD_ALIGNMENT] = { 0, };
+ DATA_BLOB auth_info;
+ DATA_BLOB auth_blob;
+ NTSTATUS status;
+
+ if (auth->auth_type == DCERPC_AUTH_TYPE_NONE) {
+ return NT_STATUS_OK;
+ }
+
+ if (pad_len) {
+ SMB_ASSERT(pad_len <= ARRAY_SIZE(pad));
+
+ /* Copy the sign/seal padding data. */
+ if (!data_blob_append(NULL, rpc_out, pad, pad_len)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ /* marshall the dcerpc_auth with an actually empty auth_blob.
+ * This is needed because the ntmlssp signature includes the
+ * auth header. We will append the actual blob later. */
+ auth_blob = data_blob_null;
+ status = dcerpc_push_dcerpc_auth(rpc_out->data,
+ auth->auth_type,
+ auth->auth_level,
+ pad_len,
+ auth->auth_context_id,
+ &auth_blob,
+ &auth_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* append the header */
+ if (!data_blob_append(NULL, rpc_out,
+ auth_info.data, auth_info.length)) {
+ DEBUG(0, ("Failed to add %u bytes auth blob.\n",
+ (unsigned int)auth_info.length));
+ return NT_STATUS_NO_MEMORY;
+ }
+ data_blob_free(&auth_info);
+
+ /* Generate any auth sign/seal and add the auth footer. */
+ switch (auth->auth_type) {
+ case DCERPC_AUTH_TYPE_NONE:
+ status = NT_STATUS_OK;
+ break;
+ default:
+ gensec_security = auth->auth_ctx;
+ status = add_generic_auth_footer(gensec_security,
+ auth->auth_level,
+ rpc_out);
+ break;
+ }
+
+ return status;
+}
+
+/**
+* @brief Check authentication for request/response packets
+*
+* @param auth The auth data for the connection
+* @param pkt The actual ncacn_packet
+* @param pkt_trailer [in][out] The stub_and_verifier part of the packet,
+* the auth_trailer and padding will be removed.
+* @param header_size The header size
+* @param raw_pkt The whole raw packet data blob
+*
+* @return A NTSTATUS error code
+*/
+NTSTATUS dcerpc_check_auth(struct pipe_auth_data *auth,
+ struct ncacn_packet *pkt,
+ DATA_BLOB *pkt_trailer,
+ uint8_t header_size,
+ DATA_BLOB *raw_pkt)
+{
+ struct gensec_security *gensec_security;
+ NTSTATUS status;
+ struct dcerpc_auth auth_info;
+ uint32_t auth_length;
+ DATA_BLOB full_pkt;
+ DATA_BLOB data;
+
+ /*
+ * These check should be done in the caller.
+ */
+ SMB_ASSERT(raw_pkt->length == pkt->frag_length);
+ SMB_ASSERT(header_size <= pkt->frag_length);
+ SMB_ASSERT(pkt_trailer->length < pkt->frag_length);
+ SMB_ASSERT((pkt_trailer->length + header_size) <= pkt->frag_length);
+
+ switch (auth->auth_level) {
+ case DCERPC_AUTH_LEVEL_PRIVACY:
+ DEBUG(10, ("Requested Privacy.\n"));
+ break;
+
+ case DCERPC_AUTH_LEVEL_INTEGRITY:
+ DEBUG(10, ("Requested Integrity.\n"));
+ break;
+
+ case DCERPC_AUTH_LEVEL_PACKET:
+ DEBUG(10, ("Requested packet.\n"));
+ break;
+
+ case DCERPC_AUTH_LEVEL_CONNECT:
+ if (pkt->auth_length != 0) {
+ break;
+ }
+ return NT_STATUS_OK;
+
+ case DCERPC_AUTH_LEVEL_NONE:
+ if (pkt->auth_length != 0) {
+ DEBUG(3, ("Got non-zero auth len on non "
+ "authenticated connection!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ return NT_STATUS_OK;
+
+ default:
+ DEBUG(3, ("Unimplemented Auth Level %d\n",
+ auth->auth_level));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (pkt->auth_length == 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = dcerpc_pull_auth_trailer(pkt, pkt, pkt_trailer,
+ &auth_info, &auth_length, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (auth_info.auth_type != auth->auth_type) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (auth_info.auth_level != auth->auth_level) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (auth_info.auth_context_id != auth->auth_context_id) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ pkt_trailer->length -= auth_length;
+ data = data_blob_const(raw_pkt->data + header_size,
+ pkt_trailer->length);
+ full_pkt = data_blob_const(raw_pkt->data, raw_pkt->length);
+ full_pkt.length -= auth_info.credentials.length;
+
+ switch (auth->auth_type) {
+ case DCERPC_AUTH_TYPE_NONE:
+ return NT_STATUS_OK;
+
+ default:
+ DEBUG(10, ("GENSEC auth\n"));
+
+ gensec_security = auth->auth_ctx;
+ status = get_generic_auth_footer(gensec_security,
+ auth->auth_level,
+ &data, &full_pkt,
+ &auth_info.credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ break;
+ }
+
+ /* TODO: remove later
+ * this is still needed because in the server code the
+ * pkt_trailer actually has a copy of the raw data, and they
+ * are still both used in later calls */
+ if (auth->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
+ if (pkt_trailer->length != data.length) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ memcpy(pkt_trailer->data, data.data, data.length);
+ }
+
+ pkt_trailer->length -= auth_info.auth_pad_length;
+ data_blob_free(&auth_info.credentials);
+ return NT_STATUS_OK;
+}
+
diff --git a/source3/librpc/wscript_build b/source3/librpc/wscript_build
new file mode 100644
index 0000000..d228db7
--- /dev/null
+++ b/source3/librpc/wscript_build
@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+
+bld.SAMBA3_SUBSYSTEM('NDR_LIBNETAPI',
+ cflags="-D SKIP_NDR_TABLE_libnetapi",
+ source='gen_ndr/ndr_libnetapi.c',
+ public_deps='ndr',
+ allow_warnings=True
+ )
+
+bld.SAMBA3_SUBSYSTEM('NDR_LIBNET_JOIN',
+ source='gen_ndr/ndr_libnet_join.c',
+ public_deps='ndr krb5samba NDR_ODJ NDR_ADS'
+ )
+
+bld.SAMBA3_SUBSYSTEM("NDR_RPC_HOST",
+ source='gen_ndr/ndr_rpc_host.c',
+ public_deps='ndr')
+
+bld.SAMBA3_SUBSYSTEM('NDR_OPEN_FILES',
+ source='gen_ndr/ndr_open_files.c',
+ public_deps='ndr NDR_SERVER_ID NDR_FILE_ID NDR_SECURITY NDR_SMB2_LEASE_STRUCT'
+ )
+
+bld.SAMBA3_SUBSYSTEM('NDR_SMBXSRV',
+ source='gen_ndr/ndr_smbXsrv.c',
+ public_deps='ndr NDR_SERVER_ID NDR_SECURITY NDR_AUTH'
+ )
+
+bld.SAMBA3_SUBSYSTEM('NDR_LEASES_DB',
+ source='gen_ndr/ndr_leases_db.c',
+ public_deps='ndr NDR_SMB2_LEASE_STRUCT NDR_FILE_ID'
+ )
+
+bld.SAMBA3_SUBSYSTEM('NDR_RPCD_WITNESS',
+ source='gen_ndr/ndr_rpcd_witness.c',
+ public_deps='ndr NDR_SERVER_ID NDR_SECURITY NDR_WITNESS'
+ )
+
+bld.SAMBA3_SUBSYSTEM('NDR_SECRETS',
+ source='gen_ndr/ndr_secrets.c',
+ public_deps='ndr NDR_SAMR NDR_LSA NDR_NETLOGON NDR_SECURITY'
+ )
+
+bld.SAMBA3_SUBSYSTEM('NDR_PERFCOUNT',
+ source='gen_ndr/ndr_perfcount.c',
+ public_deps='ndr'
+ )
+
+bld.SAMBA3_SUBSYSTEM('NDR_ADS',
+ source='gen_ndr/ndr_ads.c ndr/ndr_ads.c',
+ public_deps='ndr NDR_NBT'
+ )
+
diff --git a/source3/libsmb/ABI/smbclient-0.1.0.sigs b/source3/libsmb/ABI/smbclient-0.1.0.sigs
new file mode 100644
index 0000000..3dea59c
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.1.0.sigs
@@ -0,0 +1,172 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setUser: void (SMBCCTX *, char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.2.0.sigs b/source3/libsmb/ABI/smbclient-0.2.0.sigs
new file mode 100644
index 0000000..aa85859
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.2.0.sigs
@@ -0,0 +1,172 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.2.1.sigs b/source3/libsmb/ABI/smbclient-0.2.1.sigs
new file mode 100644
index 0000000..1b7f6ce
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.2.1.sigs
@@ -0,0 +1,174 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.2.2.sigs b/source3/libsmb/ABI/smbclient-0.2.2.sigs
new file mode 100644
index 0000000..fdafdd0
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.2.2.sigs
@@ -0,0 +1,176 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.2.3.sigs b/source3/libsmb/ABI/smbclient-0.2.3.sigs
new file mode 100644
index 0000000..cda537c
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.2.3.sigs
@@ -0,0 +1,179 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.3.0.sigs b/source3/libsmb/ABI/smbclient-0.3.0.sigs
new file mode 100644
index 0000000..736f32a
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.3.0.sigs
@@ -0,0 +1,179 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.3.1.sigs b/source3/libsmb/ABI/smbclient-0.3.1.sigs
new file mode 100644
index 0000000..d41274d
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.3.1.sigs
@@ -0,0 +1,180 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.3.2.sigs b/source3/libsmb/ABI/smbclient-0.3.2.sigs
new file mode 100644
index 0000000..2f089d8
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.3.2.sigs
@@ -0,0 +1,181 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setConfiguration: int (SMBCCTX *, const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.3.3.sigs b/source3/libsmb/ABI/smbclient-0.3.3.sigs
new file mode 100644
index 0000000..833d0df
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.3.3.sigs
@@ -0,0 +1,184 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus: smbc_readdirplus_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: char *(SMBCCTX *)
+smbc_getWorkgroup: char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_readdirplus: const struct libsmb_file_info *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setConfiguration: int (SMBCCTX *, const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionReaddirPlus: void (SMBCCTX *, smbc_readdirplus_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.4.0.sigs b/source3/libsmb/ABI/smbclient-0.4.0.sigs
new file mode 100644
index 0000000..170cb52
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.4.0.sigs
@@ -0,0 +1,184 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus: smbc_readdirplus_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: const char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: const char *(SMBCCTX *)
+smbc_getWorkgroup: const char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_readdirplus: const struct libsmb_file_info *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setConfiguration: int (SMBCCTX *, const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionReaddirPlus: void (SMBCCTX *, smbc_readdirplus_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, const char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, const char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.5.0.sigs b/source3/libsmb/ABI/smbclient-0.5.0.sigs
new file mode 100644
index 0000000..b424597
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.5.0.sigs
@@ -0,0 +1,185 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus: smbc_readdirplus_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: const char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: const char *(SMBCCTX *)
+smbc_getWorkgroup: const char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_readdirplus: const struct libsmb_file_info *(unsigned int)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setConfiguration: int (SMBCCTX *, const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionReaddirPlus: void (SMBCCTX *, smbc_readdirplus_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, const char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionProtocols: smbc_bool (SMBCCTX *, const char *, const char *)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, const char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.6.0.sigs b/source3/libsmb/ABI/smbclient-0.6.0.sigs
new file mode 100644
index 0000000..ee758e2
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.6.0.sigs
@@ -0,0 +1,188 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus: smbc_readdirplus_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus2: smbc_readdirplus2_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: const char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: const char *(SMBCCTX *)
+smbc_getWorkgroup: const char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_readdirplus: const struct libsmb_file_info *(unsigned int)
+smbc_readdirplus2: const struct libsmb_file_info *(unsigned int, struct stat *)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setConfiguration: int (SMBCCTX *, const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionReaddirPlus: void (SMBCCTX *, smbc_readdirplus_fn)
+smbc_setFunctionReaddirPlus2: void (SMBCCTX *, smbc_readdirplus2_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, const char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionProtocols: smbc_bool (SMBCCTX *, const char *, const char *)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, const char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.7.0.sigs b/source3/libsmb/ABI/smbclient-0.7.0.sigs
new file mode 100644
index 0000000..ee758e2
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.7.0.sigs
@@ -0,0 +1,188 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus: smbc_readdirplus_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus2: smbc_readdirplus2_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: const char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: const char *(SMBCCTX *)
+smbc_getWorkgroup: const char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_readdirplus: const struct libsmb_file_info *(unsigned int)
+smbc_readdirplus2: const struct libsmb_file_info *(unsigned int, struct stat *)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setConfiguration: int (SMBCCTX *, const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionReaddirPlus: void (SMBCCTX *, smbc_readdirplus_fn)
+smbc_setFunctionReaddirPlus2: void (SMBCCTX *, smbc_readdirplus2_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, const char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionProtocols: smbc_bool (SMBCCTX *, const char *, const char *)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, const char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/ABI/smbclient-0.8.0.sigs b/source3/libsmb/ABI/smbclient-0.8.0.sigs
new file mode 100644
index 0000000..fc7e79f
--- /dev/null
+++ b/source3/libsmb/ABI/smbclient-0.8.0.sigs
@@ -0,0 +1,190 @@
+smbc_chmod: int (const char *, mode_t)
+smbc_close: int (int)
+smbc_closedir: int (int)
+smbc_creat: int (const char *, mode_t)
+smbc_fgetxattr: int (int, const char *, const void *, size_t)
+smbc_flistxattr: int (int, char *, size_t)
+smbc_free_context: int (SMBCCTX *, int)
+smbc_fremovexattr: int (int, const char *)
+smbc_fsetxattr: int (int, const char *, const void *, size_t, int)
+smbc_fstat: int (int, struct stat *)
+smbc_fstatvfs: int (int, struct statvfs *)
+smbc_ftruncate: int (int, off_t)
+smbc_getDebug: int (SMBCCTX *)
+smbc_getFunctionAddCachedServer: smbc_add_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionAuthData: smbc_get_auth_data_fn (SMBCCTX *)
+smbc_getFunctionAuthDataWithContext: smbc_get_auth_data_with_context_fn (SMBCCTX *)
+smbc_getFunctionCheckServer: smbc_check_server_fn (SMBCCTX *)
+smbc_getFunctionChmod: smbc_chmod_fn (SMBCCTX *)
+smbc_getFunctionClose: smbc_close_fn (SMBCCTX *)
+smbc_getFunctionClosedir: smbc_closedir_fn (SMBCCTX *)
+smbc_getFunctionCreat: smbc_creat_fn (SMBCCTX *)
+smbc_getFunctionFstat: smbc_fstat_fn (SMBCCTX *)
+smbc_getFunctionFstatVFS: smbc_fstatvfs_fn (SMBCCTX *)
+smbc_getFunctionFstatdir: smbc_fstatdir_fn (SMBCCTX *)
+smbc_getFunctionFtruncate: smbc_ftruncate_fn (SMBCCTX *)
+smbc_getFunctionGetCachedServer: smbc_get_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionGetdents: smbc_getdents_fn (SMBCCTX *)
+smbc_getFunctionGetxattr: smbc_getxattr_fn (SMBCCTX *)
+smbc_getFunctionListPrintJobs: smbc_list_print_jobs_fn (SMBCCTX *)
+smbc_getFunctionListxattr: smbc_listxattr_fn (SMBCCTX *)
+smbc_getFunctionLseek: smbc_lseek_fn (SMBCCTX *)
+smbc_getFunctionLseekdir: smbc_lseekdir_fn (SMBCCTX *)
+smbc_getFunctionMkdir: smbc_mkdir_fn (SMBCCTX *)
+smbc_getFunctionNotify: smbc_notify_fn (SMBCCTX *)
+smbc_getFunctionOpen: smbc_open_fn (SMBCCTX *)
+smbc_getFunctionOpenPrintJob: smbc_open_print_job_fn (SMBCCTX *)
+smbc_getFunctionOpendir: smbc_opendir_fn (SMBCCTX *)
+smbc_getFunctionPrintFile: smbc_print_file_fn (SMBCCTX *)
+smbc_getFunctionPurgeCachedServers: smbc_purge_cached_fn (SMBCCTX *)
+smbc_getFunctionRead: smbc_read_fn (SMBCCTX *)
+smbc_getFunctionReaddir: smbc_readdir_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus: smbc_readdirplus_fn (SMBCCTX *)
+smbc_getFunctionReaddirPlus2: smbc_readdirplus2_fn (SMBCCTX *)
+smbc_getFunctionRemoveCachedServer: smbc_remove_cached_srv_fn (SMBCCTX *)
+smbc_getFunctionRemoveUnusedServer: smbc_remove_unused_server_fn (SMBCCTX *)
+smbc_getFunctionRemovexattr: smbc_removexattr_fn (SMBCCTX *)
+smbc_getFunctionRename: smbc_rename_fn (SMBCCTX *)
+smbc_getFunctionRmdir: smbc_rmdir_fn (SMBCCTX *)
+smbc_getFunctionSetxattr: smbc_setxattr_fn (SMBCCTX *)
+smbc_getFunctionSplice: smbc_splice_fn (SMBCCTX *)
+smbc_getFunctionStat: smbc_stat_fn (SMBCCTX *)
+smbc_getFunctionStatVFS: smbc_statvfs_fn (SMBCCTX *)
+smbc_getFunctionTelldir: smbc_telldir_fn (SMBCCTX *)
+smbc_getFunctionUnlink: smbc_unlink_fn (SMBCCTX *)
+smbc_getFunctionUnlinkPrintJob: smbc_unlink_print_job_fn (SMBCCTX *)
+smbc_getFunctionUtimes: smbc_utimes_fn (SMBCCTX *)
+smbc_getFunctionWrite: smbc_write_fn (SMBCCTX *)
+smbc_getNetbiosName: const char *(SMBCCTX *)
+smbc_getOptionBrowseMaxLmbCount: int (SMBCCTX *)
+smbc_getOptionCaseSensitive: smbc_bool (SMBCCTX *)
+smbc_getOptionDebugToStderr: smbc_bool (SMBCCTX *)
+smbc_getOptionFallbackAfterKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionFullTimeNames: smbc_bool (SMBCCTX *)
+smbc_getOptionNoAutoAnonymousLogin: smbc_bool (SMBCCTX *)
+smbc_getOptionOneSharePerServer: smbc_bool (SMBCCTX *)
+smbc_getOptionOpenShareMode: smbc_share_mode (SMBCCTX *)
+smbc_getOptionPosixExtensions: smbc_bool (SMBCCTX *)
+smbc_getOptionSmbEncryptionLevel: smbc_smb_encrypt_level (SMBCCTX *)
+smbc_getOptionUrlEncodeReaddirEntries: smbc_bool (SMBCCTX *)
+smbc_getOptionUseCCache: smbc_bool (SMBCCTX *)
+smbc_getOptionUseKerberos: smbc_bool (SMBCCTX *)
+smbc_getOptionUseNTHash: smbc_bool (SMBCCTX *)
+smbc_getOptionUserData: void *(SMBCCTX *)
+smbc_getPort: uint16_t (SMBCCTX *)
+smbc_getServerCacheData: struct smbc_server_cache *(SMBCCTX *)
+smbc_getTimeout: int (SMBCCTX *)
+smbc_getUser: const char *(SMBCCTX *)
+smbc_getWorkgroup: const char *(SMBCCTX *)
+smbc_getdents: int (unsigned int, struct smbc_dirent *, int)
+smbc_getxattr: int (const char *, const char *, const void *, size_t)
+smbc_init: int (smbc_get_auth_data_fn, int)
+smbc_init_context: SMBCCTX *(SMBCCTX *)
+smbc_lgetxattr: int (const char *, const char *, const void *, size_t)
+smbc_list_print_jobs: int (const char *, smbc_list_print_job_fn)
+smbc_listxattr: int (const char *, char *, size_t)
+smbc_llistxattr: int (const char *, char *, size_t)
+smbc_lremovexattr: int (const char *, const char *)
+smbc_lseek: off_t (int, off_t, int)
+smbc_lseekdir: int (int, off_t)
+smbc_lsetxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_mkdir: int (const char *, mode_t)
+smbc_new_context: SMBCCTX *(void)
+smbc_notify: int (int, smbc_bool, uint32_t, unsigned int, smbc_notify_callback_fn, void *)
+smbc_open: int (const char *, int, mode_t)
+smbc_open_print_job: int (const char *)
+smbc_opendir: int (const char *)
+smbc_option_get: void *(SMBCCTX *, char *)
+smbc_option_set: void (SMBCCTX *, char *, ...)
+smbc_print_file: int (const char *, const char *)
+smbc_read: ssize_t (int, void *, size_t)
+smbc_readdir: struct smbc_dirent *(unsigned int)
+smbc_readdirplus: const struct libsmb_file_info *(unsigned int)
+smbc_readdirplus2: const struct libsmb_file_info *(unsigned int, struct stat *)
+smbc_removexattr: int (const char *, const char *)
+smbc_rename: int (const char *, const char *)
+smbc_rmdir: int (const char *)
+smbc_setConfiguration: int (SMBCCTX *, const char *)
+smbc_setDebug: void (SMBCCTX *, int)
+smbc_setFunctionAddCachedServer: void (SMBCCTX *, smbc_add_cached_srv_fn)
+smbc_setFunctionAuthData: void (SMBCCTX *, smbc_get_auth_data_fn)
+smbc_setFunctionAuthDataWithContext: void (SMBCCTX *, smbc_get_auth_data_with_context_fn)
+smbc_setFunctionCheckServer: void (SMBCCTX *, smbc_check_server_fn)
+smbc_setFunctionChmod: void (SMBCCTX *, smbc_chmod_fn)
+smbc_setFunctionClose: void (SMBCCTX *, smbc_close_fn)
+smbc_setFunctionClosedir: void (SMBCCTX *, smbc_closedir_fn)
+smbc_setFunctionCreat: void (SMBCCTX *, smbc_creat_fn)
+smbc_setFunctionFstat: void (SMBCCTX *, smbc_fstat_fn)
+smbc_setFunctionFstatVFS: void (SMBCCTX *, smbc_fstatvfs_fn)
+smbc_setFunctionFstatdir: void (SMBCCTX *, smbc_fstatdir_fn)
+smbc_setFunctionFtruncate: void (SMBCCTX *, smbc_ftruncate_fn)
+smbc_setFunctionGetCachedServer: void (SMBCCTX *, smbc_get_cached_srv_fn)
+smbc_setFunctionGetdents: void (SMBCCTX *, smbc_getdents_fn)
+smbc_setFunctionGetxattr: void (SMBCCTX *, smbc_getxattr_fn)
+smbc_setFunctionListPrintJobs: void (SMBCCTX *, smbc_list_print_jobs_fn)
+smbc_setFunctionListxattr: void (SMBCCTX *, smbc_listxattr_fn)
+smbc_setFunctionLseek: void (SMBCCTX *, smbc_lseek_fn)
+smbc_setFunctionLseekdir: void (SMBCCTX *, smbc_lseekdir_fn)
+smbc_setFunctionMkdir: void (SMBCCTX *, smbc_mkdir_fn)
+smbc_setFunctionNotify: void (SMBCCTX *, smbc_notify_fn)
+smbc_setFunctionOpen: void (SMBCCTX *, smbc_open_fn)
+smbc_setFunctionOpenPrintJob: void (SMBCCTX *, smbc_open_print_job_fn)
+smbc_setFunctionOpendir: void (SMBCCTX *, smbc_opendir_fn)
+smbc_setFunctionPrintFile: void (SMBCCTX *, smbc_print_file_fn)
+smbc_setFunctionPurgeCachedServers: void (SMBCCTX *, smbc_purge_cached_fn)
+smbc_setFunctionRead: void (SMBCCTX *, smbc_read_fn)
+smbc_setFunctionReaddir: void (SMBCCTX *, smbc_readdir_fn)
+smbc_setFunctionReaddirPlus: void (SMBCCTX *, smbc_readdirplus_fn)
+smbc_setFunctionReaddirPlus2: void (SMBCCTX *, smbc_readdirplus2_fn)
+smbc_setFunctionRemoveCachedServer: void (SMBCCTX *, smbc_remove_cached_srv_fn)
+smbc_setFunctionRemoveUnusedServer: void (SMBCCTX *, smbc_remove_unused_server_fn)
+smbc_setFunctionRemovexattr: void (SMBCCTX *, smbc_removexattr_fn)
+smbc_setFunctionRename: void (SMBCCTX *, smbc_rename_fn)
+smbc_setFunctionRmdir: void (SMBCCTX *, smbc_rmdir_fn)
+smbc_setFunctionSetxattr: void (SMBCCTX *, smbc_setxattr_fn)
+smbc_setFunctionSplice: void (SMBCCTX *, smbc_splice_fn)
+smbc_setFunctionStat: void (SMBCCTX *, smbc_stat_fn)
+smbc_setFunctionStatVFS: void (SMBCCTX *, smbc_statvfs_fn)
+smbc_setFunctionTelldir: void (SMBCCTX *, smbc_telldir_fn)
+smbc_setFunctionUnlink: void (SMBCCTX *, smbc_unlink_fn)
+smbc_setFunctionUnlinkPrintJob: void (SMBCCTX *, smbc_unlink_print_job_fn)
+smbc_setFunctionUtimes: void (SMBCCTX *, smbc_utimes_fn)
+smbc_setFunctionWrite: void (SMBCCTX *, smbc_write_fn)
+smbc_setLogCallback: void (SMBCCTX *, void *, smbc_debug_callback_fn)
+smbc_setNetbiosName: void (SMBCCTX *, const char *)
+smbc_setOptionBrowseMaxLmbCount: void (SMBCCTX *, int)
+smbc_setOptionCaseSensitive: void (SMBCCTX *, smbc_bool)
+smbc_setOptionDebugToStderr: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFallbackAfterKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionFullTimeNames: void (SMBCCTX *, smbc_bool)
+smbc_setOptionNoAutoAnonymousLogin: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOneSharePerServer: void (SMBCCTX *, smbc_bool)
+smbc_setOptionOpenShareMode: void (SMBCCTX *, smbc_share_mode)
+smbc_setOptionPosixExtensions: void (SMBCCTX *, smbc_bool)
+smbc_setOptionProtocols: smbc_bool (SMBCCTX *, const char *, const char *)
+smbc_setOptionSmbEncryptionLevel: void (SMBCCTX *, smbc_smb_encrypt_level)
+smbc_setOptionUrlEncodeReaddirEntries: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseCCache: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseKerberos: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUseNTHash: void (SMBCCTX *, smbc_bool)
+smbc_setOptionUserData: void (SMBCCTX *, void *)
+smbc_setPort: void (SMBCCTX *, uint16_t)
+smbc_setServerCacheData: void (SMBCCTX *, struct smbc_server_cache *)
+smbc_setTimeout: void (SMBCCTX *, int)
+smbc_setUser: void (SMBCCTX *, const char *)
+smbc_setWorkgroup: void (SMBCCTX *, const char *)
+smbc_set_context: SMBCCTX *(SMBCCTX *)
+smbc_set_credentials: void (const char *, const char *, const char *, smbc_bool, const char *)
+smbc_set_credentials_with_fallback: void (SMBCCTX *, const char *, const char *, const char *)
+smbc_setxattr: int (const char *, const char *, const void *, size_t, int)
+smbc_stat: int (const char *, struct stat *)
+smbc_statvfs: int (char *, struct statvfs *)
+smbc_telldir: off_t (int)
+smbc_unlink: int (const char *)
+smbc_unlink_print_job: int (const char *, int)
+smbc_urldecode: int (char *, char *, size_t)
+smbc_urlencode: int (char *, char *, int)
+smbc_utime: int (const char *, struct utimbuf *)
+smbc_utimes: int (const char *, struct timeval *)
+smbc_version: const char *(void)
+smbc_write: ssize_t (int, const void *, size_t)
diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
new file mode 100644
index 0000000..38e0bb9
--- /dev/null
+++ b/source3/libsmb/async_smb.c
@@ -0,0 +1,269 @@
+/*
+ Unix SMB/CIFS implementation.
+ Infrastructure for async SMB client requests
+ Copyright (C) Volker Lendecke 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+struct cli_smb_req_state {
+ struct cli_state *cli;
+ uint8_t smb_command;
+ struct tevent_req *req;
+ struct cli_smb_req_state **ptr;
+};
+
+static int cli_smb_req_state_destructor(struct cli_smb_req_state *state)
+{
+ talloc_set_destructor(state->ptr, NULL);
+ talloc_free(state->ptr);
+ return 0;
+}
+
+static int cli_smb_req_state_ptr_destructor(struct cli_smb_req_state **ptr)
+{
+ struct cli_smb_req_state *state = *ptr;
+ void *parent = talloc_parent(state);
+
+ talloc_set_destructor(state, NULL);
+
+ talloc_reparent(state, parent, state->req);
+ talloc_free(state);
+ return 0;
+}
+
+struct tevent_req *cli_smb_req_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint8_t smb_command,
+ uint8_t additional_flags,
+ uint16_t additional_flags2,
+ uint8_t wct, uint16_t *vwv,
+ int iov_count,
+ struct iovec *bytes_iov)
+{
+ struct cli_smb_req_state *state;
+ uint8_t clear_flags = 0;
+ uint16_t clear_flags2 = 0;
+
+ state = talloc_zero(mem_ctx, struct cli_smb_req_state);
+ if (state == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->smb_command = smb_command;
+ state->ptr = talloc(state, struct cli_smb_req_state *);
+ if (state->ptr == NULL) {
+ talloc_free(state);
+ return NULL;
+ }
+ *state->ptr = state;
+
+ state->req = smb1cli_req_create(state, ev, cli->conn, smb_command,
+ additional_flags, clear_flags,
+ additional_flags2, clear_flags2,
+ cli->timeout,
+ cli->smb1.pid,
+ cli->smb1.tcon,
+ cli->smb1.session,
+ wct, vwv, iov_count, bytes_iov);
+ if (state->req == NULL) {
+ talloc_free(state);
+ return NULL;
+ }
+
+ talloc_reparent(state, state->req, state->ptr);
+ talloc_set_destructor(state, cli_smb_req_state_destructor);
+ talloc_set_destructor(state->ptr, cli_smb_req_state_ptr_destructor);
+
+ return state->req;
+}
+
+struct tevent_req *cli_smb_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint8_t smb_command,
+ uint8_t additional_flags,
+ uint16_t additional_flags2,
+ uint8_t wct, uint16_t *vwv,
+ uint32_t num_bytes,
+ const uint8_t *bytes)
+{
+ struct cli_smb_req_state *state;
+ uint8_t clear_flags = 0;
+ uint16_t clear_flags2 = 0;
+
+ state = talloc_zero(mem_ctx, struct cli_smb_req_state);
+ if (state == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->smb_command = smb_command;
+ state->ptr = talloc(state, struct cli_smb_req_state *);
+ if (state->ptr == NULL) {
+ talloc_free(state);
+ return NULL;
+ }
+ *state->ptr = state;
+
+ state->req = smb1cli_req_send(state, ev, cli->conn, smb_command,
+ additional_flags, clear_flags,
+ additional_flags2, clear_flags2,
+ cli->timeout,
+ cli->smb1.pid,
+ cli->smb1.tcon,
+ cli->smb1.session,
+ wct, vwv, num_bytes, bytes);
+ if (state->req == NULL) {
+ talloc_free(state);
+ return NULL;
+ }
+
+ talloc_reparent(state, state->req, state->ptr);
+ talloc_set_destructor(state, cli_smb_req_state_destructor);
+ talloc_set_destructor(state->ptr, cli_smb_req_state_ptr_destructor);
+
+ return state->req;
+}
+
+NTSTATUS cli_smb_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx, uint8_t **pinbuf,
+ uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
+ uint32_t *pnum_bytes, uint8_t **pbytes)
+{
+ NTSTATUS status;
+ void *parent = talloc_parent(req);
+ struct cli_smb_req_state *state =
+ talloc_get_type(parent,
+ struct cli_smb_req_state);
+ struct iovec *recv_iov = NULL;
+ uint8_t wct = 0;
+ uint16_t *vwv = NULL;
+ uint32_t num_bytes;
+ uint8_t *bytes = NULL;
+ uint8_t *inbuf;
+ bool is_expected = false;
+ bool map_dos_errors = true;
+
+ if (pinbuf != NULL) {
+ *pinbuf = NULL;
+ }
+ if (pwct != NULL) {
+ *pwct = 0;
+ }
+ if (pvwv != NULL) {
+ *pvwv = NULL;
+ }
+ if (pnum_bytes != NULL) {
+ *pnum_bytes = 0;
+ }
+ if (pbytes != NULL) {
+ *pbytes = NULL;
+ }
+
+ status = smb1cli_req_recv(req, req,
+ &recv_iov,
+ NULL, /* phdr */
+ &wct,
+ &vwv,
+ NULL, /* pvwv_offset */
+ &num_bytes,
+ &bytes,
+ NULL, /* pbytes_offset */
+ &inbuf,
+ NULL, 0); /* expected */
+
+ if (state) {
+ if ((state->smb_command == SMBsesssetupX) &&
+ NT_STATUS_EQUAL(status,
+ NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ /*
+ * NT_STATUS_MORE_PROCESSING_REQUIRED is a
+ * valid return code for session setup
+ */
+ is_expected = true;
+ }
+
+ if ((state->smb_command == SMBntcreateX) &&
+ NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK)) {
+ min_wct = 0;
+ }
+
+ map_dos_errors = state->cli->map_dos_errors;
+ state->cli->raw_status = status;
+ talloc_free(state->ptr);
+ state = NULL;
+ }
+
+ if (NT_STATUS_IS_DOS(status) && map_dos_errors) {
+ uint8_t eclass = NT_STATUS_DOS_CLASS(status);
+ uint16_t ecode = NT_STATUS_DOS_CODE(status);
+ /*
+ * TODO: is it really a good idea to do a mapping here?
+ *
+ * The old cli_pull_error() also does it, so I do not change
+ * the behavior yet.
+ */
+ status = dos_to_ntstatus(eclass, ecode);
+ }
+
+ if (!NT_STATUS_IS_ERR(status)) {
+ is_expected = true;
+ }
+
+ if (!is_expected) {
+ TALLOC_FREE(recv_iov);
+ return status;
+ }
+
+ if (wct < min_wct) {
+ TALLOC_FREE(recv_iov);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (pwct != NULL) {
+ *pwct = wct;
+ }
+ if (pvwv != NULL) {
+ *pvwv = vwv;
+ }
+ if (pnum_bytes != NULL) {
+ *pnum_bytes = num_bytes;
+ }
+ if (pbytes != NULL) {
+ *pbytes = bytes;
+ }
+
+ if (pinbuf != NULL && mem_ctx != NULL) {
+ if (talloc_reference_count(inbuf) == 0) {
+ *pinbuf = talloc_move(mem_ctx, &inbuf);
+ TALLOC_FREE(recv_iov);
+ } else {
+ *pinbuf = inbuf;
+ }
+ } else if (mem_ctx != NULL) {
+ if (talloc_reference_count(inbuf) == 0) {
+ (void)talloc_move(mem_ctx, &inbuf);
+ TALLOC_FREE(recv_iov);
+ }
+ }
+
+ return status;
+}
diff --git a/source3/libsmb/auth_generic.c b/source3/libsmb/auth_generic.c
new file mode 100644
index 0000000..e5120a0
--- /dev/null
+++ b/source3/libsmb/auth_generic.c
@@ -0,0 +1,229 @@
+/*
+ NLTMSSP wrappers
+
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Andrew Bartlett 2001-2003,2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth_generic.h"
+#include "auth/gensec/gensec.h"
+#include "auth/credentials/credentials.h"
+#include "librpc/rpc/dcerpc.h"
+#include "lib/param/param.h"
+#include "librpc/crypto/gse.h"
+
+NTSTATUS auth_generic_set_username(struct auth_generic_state *ans,
+ const char *user)
+{
+ cli_credentials_set_username(ans->credentials, user, CRED_SPECIFIED);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_set_domain(struct auth_generic_state *ans,
+ const char *domain)
+{
+ cli_credentials_set_domain(ans->credentials, domain, CRED_SPECIFIED);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_set_password(struct auth_generic_state *ans,
+ const char *password)
+{
+ cli_credentials_set_password(ans->credentials, password, CRED_SPECIFIED);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_set_creds(struct auth_generic_state *ans,
+ struct cli_credentials *creds)
+{
+ talloc_unlink(ans->credentials, creds);
+ ans->credentials = creds;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_prepare(TALLOC_CTX *mem_ctx, struct auth_generic_state **auth_generic_state)
+{
+ struct auth_generic_state *ans;
+ NTSTATUS nt_status;
+ size_t idx = 0;
+ struct gensec_settings *gensec_settings;
+ const struct gensec_security_ops **backends = NULL;
+ struct loadparm_context *lp_ctx;
+ bool ok;
+
+ ans = talloc_zero(mem_ctx, struct auth_generic_state);
+ if (!ans) {
+ DEBUG(0,("auth_generic_start: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ lp_ctx = loadparm_init_s3(ans, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("loadparm_init_s3 failed\n"));
+ TALLOC_FREE(ans);
+ return NT_STATUS_INVALID_SERVER_STATE;
+ }
+
+ gensec_settings = lpcfg_gensec_settings(ans, lp_ctx);
+ if (lp_ctx == NULL) {
+ DEBUG(10, ("lpcfg_gensec_settings failed\n"));
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ backends = talloc_zero_array(gensec_settings,
+ const struct gensec_security_ops *, 7);
+ if (backends == NULL) {
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+ gensec_settings->backends = backends;
+
+ gensec_init();
+
+ /* These need to be in priority order, krb5 before NTLMSSP */
+#if defined(HAVE_KRB5)
+ backends[idx++] = &gensec_gse_krb5_security_ops;
+#endif
+
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_NTLMSSP);
+ backends[idx++] = gensec_security_by_name(NULL, "ntlmssp_resume_ccache");
+
+ backends[idx++] = gensec_security_by_oid(NULL, GENSEC_OID_SPNEGO);
+ backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_SCHANNEL);
+ backends[idx++] = gensec_security_by_auth_type(NULL, DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM);
+
+ nt_status = gensec_client_start(ans, &ans->gensec_security, gensec_settings);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(ans);
+ return nt_status;
+ }
+
+ ans->credentials = cli_credentials_init(ans);
+ if (!ans->credentials) {
+ TALLOC_FREE(ans);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ok = cli_credentials_guess(ans->credentials, lp_ctx);
+ if (!ok) {
+ TALLOC_FREE(ans);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ talloc_unlink(ans, lp_ctx);
+ talloc_unlink(ans, gensec_settings);
+
+ *auth_generic_state = ans;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_start(struct auth_generic_state *ans, const char *oid)
+{
+ NTSTATUS status;
+
+ /* Transfer the credentials to gensec */
+ status = gensec_set_credentials(ans->gensec_security, ans->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(ans, ans->credentials);
+ ans->credentials = NULL;
+
+ status = gensec_start_mech_by_oid(ans->gensec_security,
+ oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_start_by_name(struct auth_generic_state *ans,
+ const char *name)
+{
+ NTSTATUS status;
+
+ /* Transfer the credentials to gensec */
+ status = gensec_set_credentials(ans->gensec_security, ans->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(ans, ans->credentials);
+ ans->credentials = NULL;
+
+ status = gensec_start_mech_by_name(ans->gensec_security, name);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_start_by_authtype(struct auth_generic_state *ans,
+ uint8_t auth_type,
+ uint8_t auth_level)
+{
+ NTSTATUS status;
+
+ /* Transfer the credentials to gensec */
+ status = gensec_set_credentials(ans->gensec_security, ans->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(ans, ans->credentials);
+ ans->credentials = NULL;
+
+ status = gensec_start_mech_by_authtype(ans->gensec_security,
+ auth_type, auth_level);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS auth_generic_client_start_by_sasl(struct auth_generic_state *ans,
+ const char **sasl_list)
+{
+ NTSTATUS status;
+
+ /* Transfer the credentials to gensec */
+ status = gensec_set_credentials(ans->gensec_security, ans->credentials);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to set GENSEC credentials: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+ talloc_unlink(ans, ans->credentials);
+ ans->credentials = NULL;
+
+ status = gensec_start_mech_by_sasl_list(ans->gensec_security, sasl_list);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
new file mode 100644
index 0000000..08d95cf
--- /dev/null
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -0,0 +1,5040 @@
+/*
+ Unix SMB/CIFS implementation.
+ smb2 lib
+ Copyright (C) Jeremy Allison 2013
+ Copyright (C) Volker Lendecke 2013
+ Copyright (C) Stefan Metzmacher 2013
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ This code is a thin wrapper around the existing
+ cli_smb2_XXXX() functions in libcli/smb/smb2cli_XXXXX.c,
+ but allows the handles to be mapped to uint16_t fnums,
+ which are easier for smbclient to use.
+*/
+
+#include "includes.h"
+#include "client.h"
+#include "async_smb.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "cli_smb2_fnum.h"
+#include "trans2.h"
+#include "clirap.h"
+#include "../libcli/smb/smb2_create_blob.h"
+#include "libsmb/proto.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "../libcli/security/security.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "lib/util_ea.h"
+#include "librpc/gen_ndr/ndr_ioctl.h"
+#include "ntioctl.h"
+#include "librpc/gen_ndr/ndr_quota.h"
+#include "librpc/gen_ndr/ndr_smb3posix.h"
+#include "lib/util/string_wrappers.h"
+#include "lib/util/idtree.h"
+
+struct smb2_hnd {
+ uint64_t fid_persistent;
+ uint64_t fid_volatile;
+};
+
+/*
+ * Handle mapping code.
+ */
+
+/***************************************************************
+ Allocate a new fnum between 1 and 0xFFFE from an smb2_hnd.
+ Ensures handle is owned by cli struct.
+***************************************************************/
+
+static NTSTATUS map_smb2_handle_to_fnum(struct cli_state *cli,
+ const struct smb2_hnd *ph, /* In */
+ uint16_t *pfnum) /* Out */
+{
+ int ret;
+ struct idr_context *idp = cli->smb2.open_handles;
+ struct smb2_hnd *owned_h = talloc_memdup(cli,
+ ph,
+ sizeof(struct smb2_hnd));
+
+ if (owned_h == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (idp == NULL) {
+ /* Lazy init */
+ cli->smb2.open_handles = idr_init(cli);
+ if (cli->smb2.open_handles == NULL) {
+ TALLOC_FREE(owned_h);
+ return NT_STATUS_NO_MEMORY;
+ }
+ idp = cli->smb2.open_handles;
+ }
+
+ ret = idr_get_new_above(idp, owned_h, 1, 0xFFFE);
+ if (ret == -1) {
+ TALLOC_FREE(owned_h);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ *pfnum = (uint16_t)ret;
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ Return the smb2_hnd pointer associated with the given fnum.
+***************************************************************/
+
+static NTSTATUS map_fnum_to_smb2_handle(struct cli_state *cli,
+ uint16_t fnum, /* In */
+ struct smb2_hnd **pph) /* Out */
+{
+ struct idr_context *idp = cli->smb2.open_handles;
+
+ if (idp == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ *pph = (struct smb2_hnd *)idr_find(idp, fnum);
+ if (*pph == NULL) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ Delete the fnum to smb2_hnd mapping. Zeros out handle on
+ successful return.
+***************************************************************/
+
+static NTSTATUS delete_smb2_handle_mapping(struct cli_state *cli,
+ struct smb2_hnd **pph, /* In */
+ uint16_t fnum) /* In */
+{
+ struct idr_context *idp = cli->smb2.open_handles;
+ struct smb2_hnd *ph;
+
+ if (idp == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ ph = (struct smb2_hnd *)idr_find(idp, fnum);
+ if (ph != *pph) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ idr_remove(idp, fnum);
+ TALLOC_FREE(*pph);
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ Oplock mapping code.
+***************************************************************/
+
+static uint8_t flags_to_smb2_oplock(struct cli_smb2_create_flags create_flags)
+{
+ if (create_flags.batch_oplock) {
+ return SMB2_OPLOCK_LEVEL_BATCH;
+ } else if (create_flags.exclusive_oplock) {
+ return SMB2_OPLOCK_LEVEL_EXCLUSIVE;
+ }
+
+ /* create_flags doesn't do a level2 request. */
+ return SMB2_OPLOCK_LEVEL_NONE;
+}
+
+/***************************************************************
+ If we're on a DFS share, ensure we convert to a full DFS path
+ if this hasn't already been done.
+***************************************************************/
+
+static char *smb2_dfs_share_path(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ char *path)
+{
+ bool is_dfs = smbXcli_conn_dfs_supported(cli->conn) &&
+ smbXcli_tcon_is_dfs_share(cli->smb2.tcon);
+ bool is_already_dfs_path = false;
+
+ if (!is_dfs) {
+ return path;
+ }
+ is_already_dfs_path = cli_dfs_is_already_full_path(cli, path);
+ if (is_already_dfs_path) {
+ return path;
+ }
+ if (path[0] == '\0') {
+ return talloc_asprintf(ctx,
+ "%s\\%s",
+ smbXcli_conn_remote_name(cli->conn),
+ cli->share);
+ }
+ while (*path == '\\') {
+ path++;
+ }
+ return talloc_asprintf(ctx,
+ "%s\\%s\\%s",
+ smbXcli_conn_remote_name(cli->conn),
+ cli->share,
+ path);
+}
+
+/***************************************************************
+ Small wrapper that allows SMB2 create to return a uint16_t fnum.
+***************************************************************/
+
+struct cli_smb2_create_fnum_state {
+ struct cli_state *cli;
+ struct smb2_create_blobs in_cblobs;
+ struct smb2_create_blobs out_cblobs;
+ struct smb_create_returns cr;
+ struct symlink_reparse_struct *symlink;
+ uint16_t fnum;
+ struct tevent_req *subreq;
+};
+
+static void cli_smb2_create_fnum_done(struct tevent_req *subreq);
+static bool cli_smb2_create_fnum_cancel(struct tevent_req *req);
+
+struct tevent_req *cli_smb2_create_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_in,
+ struct cli_smb2_create_flags create_flags,
+ uint32_t impersonation_level,
+ uint32_t desired_access,
+ uint32_t file_attributes,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ const struct smb2_create_blobs *in_cblobs)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_smb2_create_fnum_state *state;
+ char *fname = NULL;
+ size_t fname_len = 0;
+ bool have_twrp;
+ NTTIME ntt;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb2_create_fnum_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ fname = talloc_strdup(state, fname_in);
+ if (tevent_req_nomem(fname, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (cli->backup_intent) {
+ create_options |= FILE_OPEN_FOR_BACKUP_INTENT;
+ }
+
+ if (cli->smb2.client_smb311_posix) {
+ uint8_t modebuf[4] = {
+ 0,
+ };
+
+ status =
+ smb2_create_blob_add(state,
+ &state->in_cblobs,
+ SMB2_CREATE_TAG_POSIX,
+ (DATA_BLOB){
+ .data = modebuf,
+ .length = sizeof(modebuf),
+ });
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ /* Check for @GMT- paths. Remove the @GMT and turn into TWrp if so. */
+ have_twrp = clistr_smb2_extract_snapshot_token(fname, &ntt);
+ if (have_twrp) {
+ status = smb2_create_blob_add(
+ state,
+ &state->in_cblobs,
+ SMB2_CREATE_TAG_TWRP,
+ (DATA_BLOB) {
+ .data = (uint8_t *)&ntt,
+ .length = sizeof(ntt),
+ });
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ if (in_cblobs != NULL) {
+ uint32_t i;
+ for (i=0; i<in_cblobs->num_blobs; i++) {
+ struct smb2_create_blob *b = &in_cblobs->blobs[i];
+ status = smb2_create_blob_add(
+ state, &state->in_cblobs, b->tag, b->data);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+ }
+ }
+
+ fname = smb2_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname, req)) {
+ return tevent_req_post(req, ev);
+ }
+ fname_len = strlen(fname);
+
+ /* SMB2 is pickier about pathnames. Ensure it doesn't
+ start in a '\' */
+ if (*fname == '\\') {
+ fname++;
+ fname_len--;
+ }
+
+ /* Or end in a '\' */
+ if (fname_len > 0 && fname[fname_len-1] == '\\') {
+ fname[fname_len-1] = '\0';
+ }
+
+ subreq = smb2cli_create_send(state, ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ fname,
+ flags_to_smb2_oplock(create_flags),
+ impersonation_level,
+ desired_access,
+ file_attributes,
+ share_access,
+ create_disposition,
+ create_options,
+ &state->in_cblobs);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_create_fnum_done, req);
+
+ state->subreq = subreq;
+ tevent_req_set_cancel_fn(req, cli_smb2_create_fnum_cancel);
+
+ return req;
+}
+
+static void cli_smb2_create_fnum_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_create_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_create_fnum_state);
+ struct smb2_hnd h;
+ NTSTATUS status;
+
+ status = smb2cli_create_recv(
+ subreq,
+ &h.fid_persistent,
+ &h.fid_volatile, &state->cr,
+ state,
+ &state->out_cblobs,
+ &state->symlink);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ status = map_smb2_handle_to_fnum(state->cli, &h, &state->fnum);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static bool cli_smb2_create_fnum_cancel(struct tevent_req *req)
+{
+ struct cli_smb2_create_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_create_fnum_state);
+ return tevent_req_cancel(state->subreq);
+}
+
+NTSTATUS cli_smb2_create_fnum_recv(
+ struct tevent_req *req,
+ uint16_t *pfnum,
+ struct smb_create_returns *cr,
+ TALLOC_CTX *mem_ctx,
+ struct smb2_create_blobs *out_cblobs,
+ struct symlink_reparse_struct **symlink)
+{
+ struct cli_smb2_create_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_create_fnum_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK) &&
+ (symlink != NULL)) {
+ *symlink = talloc_move(mem_ctx, &state->symlink);
+ }
+ state->cli->raw_status = status;
+ return status;
+ }
+ if (pfnum != NULL) {
+ *pfnum = state->fnum;
+ }
+ if (cr != NULL) {
+ *cr = state->cr;
+ }
+ if (out_cblobs != NULL) {
+ *out_cblobs = (struct smb2_create_blobs) {
+ .num_blobs = state->out_cblobs.num_blobs,
+ .blobs = talloc_move(
+ mem_ctx, &state->out_cblobs.blobs),
+ };
+ }
+ state->cli->raw_status = NT_STATUS_OK;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb2_create_fnum(
+ struct cli_state *cli,
+ const char *fname,
+ struct cli_smb2_create_flags create_flags,
+ uint32_t impersonation_level,
+ uint32_t desired_access,
+ uint32_t file_attributes,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ const struct smb2_create_blobs *in_cblobs,
+ uint16_t *pfid,
+ struct smb_create_returns *cr,
+ TALLOC_CTX *mem_ctx,
+ struct smb2_create_blobs *out_cblobs)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_create_fnum_send(
+ frame,
+ ev,
+ cli,
+ fname,
+ create_flags,
+ impersonation_level,
+ desired_access,
+ file_attributes,
+ share_access,
+ create_disposition,
+ create_options,
+ in_cblobs);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb2_create_fnum_recv(
+ req, pfid, cr, mem_ctx, out_cblobs, NULL);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Small wrapper that allows SMB2 close to use a uint16_t fnum.
+***************************************************************/
+
+struct cli_smb2_close_fnum_state {
+ struct cli_state *cli;
+ uint16_t fnum;
+ struct smb2_hnd *ph;
+};
+
+static void cli_smb2_close_fnum_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_close_fnum_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t flags)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_smb2_close_fnum_state *state;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb2_close_fnum_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->fnum = fnum;
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &state->ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = smb2cli_close_send(state,
+ ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ flags,
+ state->ph->fid_persistent,
+ state->ph->fid_volatile);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_close_fnum_done, req);
+ return req;
+}
+
+static void cli_smb2_close_fnum_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_close_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_close_fnum_state);
+ NTSTATUS status;
+
+ status = smb2cli_close_recv(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /* Delete the fnum -> handle mapping. */
+ status = delete_smb2_handle_mapping(state->cli, &state->ph,
+ state->fnum);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req)
+{
+ struct cli_smb2_close_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_close_fnum_state);
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ }
+ tevent_req_received(req);
+ return status;
+}
+
+NTSTATUS cli_smb2_close_fnum(struct cli_state *cli, uint16_t fnum)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_close_fnum_send(frame, ev, cli, fnum, 0);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb2_close_fnum_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_set_info_fnum_state {
+ uint8_t dummy;
+};
+
+static void cli_smb2_set_info_fnum_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_set_info_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_set_info_fnum_state *state = NULL;
+ struct smb2_hnd *ph = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_smb2_set_info_fnum_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = smb2cli_set_info_send(
+ state,
+ ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ in_info_type,
+ in_info_class,
+ in_input_buffer,
+ in_additional_info,
+ ph->fid_persistent,
+ ph->fid_volatile);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_set_info_fnum_done, req);
+ return req;
+}
+
+static void cli_smb2_set_info_fnum_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = smb2cli_set_info_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_set_info_fnum_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_smb2_set_info_fnum(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ bool ok;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_set_info_fnum_send(
+ frame,
+ ev,
+ cli,
+ fnum,
+ in_info_type,
+ in_info_class,
+ in_input_buffer,
+ in_additional_info);
+ if (req == NULL) {
+ goto fail;
+ }
+ ok = tevent_req_poll_ntstatus(req, ev, &status);
+ if (!ok) {
+ goto fail;
+ }
+ status = cli_smb2_set_info_fnum_recv(req);
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_delete_on_close_state {
+ struct cli_state *cli;
+ uint8_t data[1];
+ DATA_BLOB inbuf;
+};
+
+static void cli_smb2_delete_on_close_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_delete_on_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool flag)
+{
+ struct tevent_req *req = NULL;
+ struct cli_smb2_delete_on_close_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+ uint8_t in_info_type;
+ uint8_t in_file_info_class;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb2_delete_on_close_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ /*
+ * setinfo on the handle with info_type SMB2_SETINFO_FILE (1),
+ * level 13 (SMB_FILE_DISPOSITION_INFORMATION - 1000).
+ */
+ in_info_type = 1;
+ in_file_info_class = SMB_FILE_DISPOSITION_INFORMATION - 1000;
+ /* Setup data array. */
+ SCVAL(&state->data[0], 0, flag ? 1 : 0);
+ state->inbuf.data = &state->data[0];
+ state->inbuf.length = 1;
+
+ subreq = cli_smb2_set_info_fnum_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ in_info_type,
+ in_file_info_class,
+ &state->inbuf,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_smb2_delete_on_close_done,
+ req);
+ return req;
+}
+
+static void cli_smb2_delete_on_close_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_set_info_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_delete_on_close_recv(struct tevent_req *req)
+{
+ struct cli_smb2_delete_on_close_state *state =
+ tevent_req_data(req,
+ struct cli_smb2_delete_on_close_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ tevent_req_received(req);
+ return status;
+ }
+
+ state->cli->raw_status = NT_STATUS_OK;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb2_delete_on_close(struct cli_state *cli, uint16_t fnum, bool flag)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_delete_on_close_send(frame, ev, cli, fnum, flag);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb2_delete_on_close_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_mkdir_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+};
+
+static void cli_smb2_mkdir_opened(struct tevent_req *subreq);
+static void cli_smb2_mkdir_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_mkdir_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *dname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_mkdir_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_smb2_mkdir_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ /* Ensure this is a directory. */
+ subreq = cli_smb2_create_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ dname, /* fname */
+ (struct cli_smb2_create_flags){0}, /* create_flags */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level */
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE, /* share_access */
+ FILE_CREATE, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ NULL); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_mkdir_opened, req);
+ return req;
+}
+
+static void cli_smb2_mkdir_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_mkdir_state *state = tevent_req_data(
+ req, struct cli_smb2_mkdir_state);
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &fnum, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq =
+ cli_smb2_close_fnum_send(state, state->ev, state->cli, fnum, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_mkdir_closed, req);
+}
+
+static void cli_smb2_mkdir_closed(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_close_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_mkdir_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_smb2_rmdir_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *dname;
+ const struct smb2_create_blobs *in_cblobs;
+ uint16_t fnum;
+ NTSTATUS status;
+};
+
+static void cli_smb2_rmdir_opened1(struct tevent_req *subreq);
+static void cli_smb2_rmdir_opened2(struct tevent_req *subreq);
+static void cli_smb2_rmdir_disp_set(struct tevent_req *subreq);
+static void cli_smb2_rmdir_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_rmdir_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *dname,
+ const struct smb2_create_blobs *in_cblobs)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_rmdir_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_rmdir_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->dname = dname;
+ state->in_cblobs = in_cblobs;
+
+ subreq = cli_smb2_create_fnum_send(
+ state,
+ state->ev,
+ state->cli,
+ state->dname,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ DELETE_ACCESS, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ state->in_cblobs); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rmdir_opened1, req);
+ return req;
+}
+
+static void cli_smb2_rmdir_opened1(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_rmdir_state *state = tevent_req_data(
+ req, struct cli_smb2_rmdir_state);
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &state->fnum, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK)) {
+ /*
+ * Naive option to match our SMB1 code. Assume the
+ * symlink path that tripped us up was the last
+ * component and try again. Eventually we will have to
+ * deal with the returned path unprocessed component. JRA.
+ */
+ subreq = cli_smb2_create_fnum_send(
+ state,
+ state->ev,
+ state->cli,
+ state->dname,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ DELETE_ACCESS, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE|
+ FILE_DELETE_ON_CLOSE|
+ FILE_OPEN_REPARSE_POINT, /* create_options */
+ state->in_cblobs); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rmdir_opened2, req);
+ return;
+ }
+
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_smb2_delete_on_close_send(
+ state, state->ev, state->cli, state->fnum, true);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rmdir_disp_set, req);
+}
+
+static void cli_smb2_rmdir_opened2(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_rmdir_state *state = tevent_req_data(
+ req, struct cli_smb2_rmdir_state);
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &state->fnum, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_smb2_delete_on_close_send(
+ state, state->ev, state->cli, state->fnum, true);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rmdir_disp_set, req);
+}
+
+static void cli_smb2_rmdir_disp_set(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_rmdir_state *state = tevent_req_data(
+ req, struct cli_smb2_rmdir_state);
+
+ state->status = cli_smb2_delete_on_close_recv(subreq);
+ TALLOC_FREE(subreq);
+
+ /*
+ * Close the fd even if the set_disp failed
+ */
+
+ subreq = cli_smb2_close_fnum_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rmdir_closed, req);
+}
+
+static void cli_smb2_rmdir_closed(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_close_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_rmdir_recv(struct tevent_req *req)
+{
+ struct cli_smb2_rmdir_state *state = tevent_req_data(
+ req, struct cli_smb2_rmdir_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ return state->status;
+}
+
+/***************************************************************
+ Small wrapper that allows SMB2 to unlink a pathname.
+***************************************************************/
+
+struct cli_smb2_unlink_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *fname;
+ const struct smb2_create_blobs *in_cblobs;
+};
+
+static void cli_smb2_unlink_opened1(struct tevent_req *subreq);
+static void cli_smb2_unlink_opened2(struct tevent_req *subreq);
+static void cli_smb2_unlink_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_unlink_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ const struct smb2_create_blobs *in_cblobs)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_unlink_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_unlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->fname = fname;
+ state->in_cblobs = in_cblobs;
+
+ subreq = cli_smb2_create_fnum_send(
+ state, /* mem_ctx */
+ state->ev, /* tevent_context */
+ state->cli, /* cli_struct */
+ state->fname, /* filename */
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ DELETE_ACCESS, /* desired_access */
+ FILE_ATTRIBUTE_NORMAL, /* file attributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DELETE_ON_CLOSE, /* create_options */
+ state->in_cblobs); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_unlink_opened1, req);
+ return req;
+}
+
+static void cli_smb2_unlink_opened1(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_unlink_state *state = tevent_req_data(
+ req, struct cli_smb2_unlink_state);
+ uint16_t fnum = 0xffff;
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &fnum, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED)) {
+ /*
+ * Naive option to match our SMB1 code. Assume the
+ * symlink path that tripped us up was the last
+ * component and try again. Eventually we will have to
+ * deal with the returned path unprocessed component. JRA.
+ */
+ subreq = cli_smb2_create_fnum_send(
+ state, /* mem_ctx */
+ state->ev, /* tevent_context */
+ state->cli, /* cli_struct */
+ state->fname, /* filename */
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ DELETE_ACCESS, /* desired_access */
+ FILE_ATTRIBUTE_NORMAL, /* file attributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DELETE_ON_CLOSE|
+ FILE_OPEN_REPARSE_POINT, /* create_options */
+ state->in_cblobs); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_unlink_opened2, req);
+ return;
+ }
+
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq =
+ cli_smb2_close_fnum_send(state, state->ev, state->cli, fnum, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_unlink_closed, req);
+}
+
+static void cli_smb2_unlink_opened2(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_unlink_state *state = tevent_req_data(
+ req, struct cli_smb2_unlink_state);
+ uint16_t fnum = 0xffff;
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &fnum, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq =
+ cli_smb2_close_fnum_send(state, state->ev, state->cli, fnum, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_unlink_closed, req);
+}
+
+static void cli_smb2_unlink_closed(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_close_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_unlink_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/***************************************************************
+ Utility function to parse a SMB2_FIND_POSIX_INFORMATION reply.
+***************************************************************/
+
+static NTSTATUS parse_finfo_posix_info(const uint8_t *dir_data,
+ uint32_t dir_data_length,
+ struct file_info *finfo,
+ uint32_t *next_offset)
+{
+ struct smb3_file_posix_information info = {};
+ size_t consumed;
+ enum ndr_err_code ndr_err;
+ size_t namelen = 0;
+ size_t ret = 0;
+ uint32_t _next_offset = 0;
+
+ if (dir_data_length < 4) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ _next_offset = IVAL(dir_data, 0);
+
+ if (_next_offset > dir_data_length) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ if (_next_offset != 0) {
+ /* Ensure we only read what in this record. */
+ dir_data_length = _next_offset;
+ }
+
+ /*
+ * Skip NextEntryOffset and FileIndex
+ */
+ if (dir_data_length < 8) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+ dir_data += 8;
+ dir_data_length -= 8;
+
+ ndr_err = ndr_pull_struct_blob_noalloc(
+ dir_data,
+ dir_data_length,
+ &info,
+ (ndr_pull_flags_fn_t)ndr_pull_smb3_file_posix_information,
+ &consumed);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+ if (consumed > dir_data_length) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+ dir_data += consumed;
+ dir_data_length -= consumed;
+
+ finfo->btime_ts = interpret_long_date(info.creation_time);
+ finfo->atime_ts = interpret_long_date(info.last_access_time);
+ finfo->mtime_ts = interpret_long_date(info.last_write_time);
+ finfo->ctime_ts = interpret_long_date(info.change_time);
+ finfo->allocated_size = info.allocation_size;
+ finfo->size = info.end_of_file;
+ finfo->attr = info.file_attributes;
+ finfo->ino = info.inode;
+ finfo->st_ex_dev = info.device;
+ finfo->st_ex_nlink = info.cc.nlinks;
+ finfo->reparse_tag = info.cc.reparse_tag;
+ finfo->st_ex_mode = wire_perms_to_unix(info.cc.posix_perms);
+ sid_copy(&finfo->owner_sid, &info.cc.owner);
+ sid_copy(&finfo->group_sid, &info.cc.group);
+
+ if (dir_data_length < 4) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+ namelen = PULL_LE_U32(dir_data, 0);
+
+ dir_data += 4;
+ dir_data_length -= 4;
+
+ if (namelen > dir_data_length) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ ret = pull_string_talloc(finfo,
+ dir_data,
+ FLAGS2_UNICODE_STRINGS,
+ &finfo->name,
+ dir_data,
+ namelen,
+ STR_UNICODE);
+ if (ret == (size_t)-1) {
+ /* Bad conversion. */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (finfo->name == NULL) {
+ /* Bad conversion. */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ *next_offset = _next_offset;
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ Utility function to parse a SMB2_FIND_ID_BOTH_DIRECTORY_INFO reply.
+***************************************************************/
+
+static NTSTATUS parse_finfo_id_both_directory_info(const uint8_t *dir_data,
+ uint32_t dir_data_length,
+ struct file_info *finfo,
+ uint32_t *next_offset)
+{
+ size_t namelen = 0;
+ size_t slen = 0;
+ size_t ret = 0;
+
+ if (dir_data_length < 4) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ *next_offset = IVAL(dir_data, 0);
+
+ if (*next_offset > dir_data_length) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ if (*next_offset != 0) {
+ /* Ensure we only read what in this record. */
+ dir_data_length = *next_offset;
+ }
+
+ if (dir_data_length < 105) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+
+ finfo->btime_ts = interpret_long_date(BVAL(dir_data, 8));
+ finfo->atime_ts = interpret_long_date(BVAL(dir_data, 16));
+ finfo->mtime_ts = interpret_long_date(BVAL(dir_data, 24));
+ finfo->ctime_ts = interpret_long_date(BVAL(dir_data, 32));
+ finfo->size = IVAL2_TO_SMB_BIG_UINT(dir_data + 40, 0);
+ finfo->allocated_size = IVAL2_TO_SMB_BIG_UINT(dir_data + 48, 0);
+ finfo->attr = IVAL(dir_data + 56, 0);
+ finfo->ino = IVAL2_TO_SMB_BIG_UINT(dir_data + 96, 0);
+ namelen = IVAL(dir_data + 60,0);
+ if (namelen > (dir_data_length - 104)) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+ finfo->reparse_tag = IVAL(dir_data + 64, 0);
+ slen = CVAL(dir_data + 68, 0);
+ if (slen > 24) {
+ return NT_STATUS_INFO_LENGTH_MISMATCH;
+ }
+ ret = pull_string_talloc(finfo,
+ dir_data,
+ FLAGS2_UNICODE_STRINGS,
+ &finfo->short_name,
+ dir_data + 70,
+ slen,
+ STR_UNICODE);
+ if (ret == (size_t)-1) {
+ /* Bad conversion. */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ ret = pull_string_talloc(finfo,
+ dir_data,
+ FLAGS2_UNICODE_STRINGS,
+ &finfo->name,
+ dir_data + 104,
+ namelen,
+ STR_UNICODE);
+ if (ret == (size_t)-1) {
+ /* Bad conversion. */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (finfo->name == NULL) {
+ /* Bad conversion. */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Given a filename - get its directory name
+********************************************************************/
+
+static bool windows_parent_dirname(TALLOC_CTX *mem_ctx,
+ const char *dir,
+ char **parent,
+ const char **name)
+{
+ char *p;
+ ptrdiff_t len;
+
+ p = strrchr_m(dir, '\\'); /* Find final '\\', if any */
+
+ if (p == NULL) {
+ if (!(*parent = talloc_strdup(mem_ctx, "\\"))) {
+ return false;
+ }
+ if (name) {
+ *name = dir;
+ }
+ return true;
+ }
+
+ len = p-dir;
+
+ if (!(*parent = (char *)talloc_memdup(mem_ctx, dir, len+1))) {
+ return false;
+ }
+ (*parent)[len] = '\0';
+
+ if (name) {
+ *name = p+1;
+ }
+ return true;
+}
+
+struct cli_smb2_list_dir_data {
+ uint8_t *data;
+ uint32_t length;
+};
+
+struct cli_smb2_list_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *mask;
+
+ uint16_t fnum;
+
+ NTSTATUS status;
+ struct cli_smb2_list_dir_data *response;
+ uint32_t offset;
+ unsigned int info_level;
+};
+
+static void cli_smb2_list_opened(struct tevent_req *subreq);
+static void cli_smb2_list_done(struct tevent_req *subreq);
+static void cli_smb2_list_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_list_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *pathname,
+ unsigned int info_level)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_list_state *state = NULL;
+ char *parent = NULL;
+ bool ok;
+ struct smb2_create_blobs *in_cblobs = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_list_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->status = NT_STATUS_OK;
+ state->info_level = info_level;
+
+ ok = windows_parent_dirname(state, pathname, &parent, &state->mask);
+ if (!ok) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
+
+ if (smbXcli_conn_have_posix(cli->conn) &&
+ info_level == SMB2_FIND_POSIX_INFORMATION)
+ {
+ NTSTATUS status;
+
+ /* The mode MUST be 0 when opening an existing file/dir, and
+ * will be ignored by the server.
+ */
+ uint8_t linear_mode[4] = { 0 };
+ DATA_BLOB blob = { .data=linear_mode,
+ .length=sizeof(linear_mode) };
+
+ in_cblobs = talloc_zero(mem_ctx, struct smb2_create_blobs);
+ if (in_cblobs == NULL) {
+ return NULL;
+ }
+
+ status = smb2_create_blob_add(in_cblobs, in_cblobs,
+ SMB2_CREATE_TAG_POSIX, blob);
+ if (tevent_req_nterror(req, status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ subreq = cli_smb2_create_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ parent, /* fname */
+ (struct cli_smb2_create_flags){0}, /* create_flags */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level */
+ SEC_DIR_LIST|SEC_DIR_READ_ATTRIBUTE, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file_attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ in_cblobs); /* in_cblobs */
+ TALLOC_FREE(in_cblobs);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_list_opened, req);
+ return req;
+}
+
+static void cli_smb2_list_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_list_state *state = tevent_req_data(
+ req, struct cli_smb2_list_state);
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &state->fnum, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /*
+ * Make our caller get back to us via cli_smb2_list_recv(),
+ * triggering the smb2_query_directory_send()
+ */
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_notify_callback(req);
+}
+
+static void cli_smb2_list_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_list_state *state = tevent_req_data(
+ req, struct cli_smb2_list_state);
+ struct cli_smb2_list_dir_data *response = NULL;
+
+ response = talloc(state, struct cli_smb2_list_dir_data);
+ if (tevent_req_nomem(response, req)) {
+ return;
+ }
+
+ state->status = smb2cli_query_directory_recv(
+ subreq, response, &response->data, &response->length);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_IS_OK(state->status)) {
+ state->response = response;
+ state->offset = 0;
+
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_notify_callback(req);
+ return;
+ }
+
+ TALLOC_FREE(response);
+
+ subreq = cli_smb2_close_fnum_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_list_closed, req);
+}
+
+static void cli_smb2_list_closed(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_close_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+/*
+ * Return the next finfo directory.
+ *
+ * This parses the blob returned from QUERY_DIRECTORY step by step. If
+ * the blob ends, this triggers a fresh QUERY_DIRECTORY and returns
+ * NT_STATUS_RETRY, which will then trigger the caller again when the
+ * QUERY_DIRECTORY has returned with another buffer. This way we
+ * guarantee that no asynchronous request is open after this call
+ * returns an entry, so that other synchronous requests can be issued
+ * on the same connection while the directory listing proceeds.
+ */
+NTSTATUS cli_smb2_list_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct file_info **pfinfo)
+{
+ struct cli_smb2_list_state *state = tevent_req_data(
+ req, struct cli_smb2_list_state);
+ struct cli_smb2_list_dir_data *response = NULL;
+ struct file_info *finfo = NULL;
+ NTSTATUS status;
+ uint32_t next_offset = 0;
+ bool in_progress;
+
+ in_progress = tevent_req_is_in_progress(req);
+
+ if (!in_progress) {
+ if (!tevent_req_is_nterror(req, &status)) {
+ status = NT_STATUS_NO_MORE_FILES;
+ }
+ goto fail;
+ }
+
+ response = state->response;
+ if (response == NULL) {
+ struct tevent_req *subreq = NULL;
+ struct cli_state *cli = state->cli;
+ struct smb2_hnd *ph = NULL;
+ uint32_t max_trans, max_avail_len;
+ bool ok;
+
+ if (!NT_STATUS_IS_OK(state->status)) {
+ status = state->status;
+ goto fail;
+ }
+
+ status = map_fnum_to_smb2_handle(cli, state->fnum, &ph);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ max_trans = smb2cli_conn_max_trans_size(cli->conn);
+ ok = smb2cli_conn_req_possible(cli->conn, &max_avail_len);
+ if (ok) {
+ max_trans = MIN(max_trans, max_avail_len);
+ }
+
+ subreq = smb2cli_query_directory_send(
+ state, /* mem_ctx */
+ state->ev, /* ev */
+ cli->conn, /* conn */
+ cli->timeout, /* timeout_msec */
+ cli->smb2.session, /* session */
+ cli->smb2.tcon, /* tcon */
+ state->info_level, /* level */
+ 0, /* flags */
+ 0, /* file_index */
+ ph->fid_persistent, /* fid_persistent */
+ ph->fid_volatile, /* fid_volatile */
+ state->mask, /* mask */
+ max_trans); /* outbuf_len */
+ if (subreq == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_list_done, req);
+ return NT_STATUS_RETRY;
+ }
+
+ SMB_ASSERT(response->length > state->offset);
+
+ finfo = talloc_zero(mem_ctx, struct file_info);
+ if (finfo == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (state->info_level == SMB2_FIND_POSIX_INFORMATION) {
+ status = parse_finfo_posix_info(
+ response->data + state->offset,
+ response->length - state->offset,
+ finfo,
+ &next_offset);
+ } else {
+ status = parse_finfo_id_both_directory_info(
+ response->data + state->offset,
+ response->length - state->offset,
+ finfo,
+ &next_offset);
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = is_bad_finfo_name(state->cli, finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /*
+ * parse_finfo_id_both_directory_info() checks for overflow,
+ * no need to check again here.
+ */
+ state->offset += next_offset;
+
+ if (next_offset == 0) {
+ TALLOC_FREE(state->response);
+ }
+
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_notify_callback(req);
+
+ *pfinfo = finfo;
+ return NT_STATUS_OK;
+
+fail:
+ TALLOC_FREE(finfo);
+ tevent_req_received(req);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to query a path info (basic level).
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_qpathinfo_basic(struct cli_state *cli,
+ const char *name,
+ SMB_STRUCT_STAT *sbuf,
+ uint32_t *attributes)
+{
+ NTSTATUS status;
+ struct smb_create_returns cr;
+ uint16_t fnum = 0xffff;
+ size_t namelen = strlen(name);
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* SMB2 is pickier about pathnames. Ensure it doesn't
+ end in a '\' */
+ if (namelen > 0 && name[namelen-1] == '\\') {
+ char *modname = talloc_strndup(talloc_tos(), name, namelen-1);
+ if (modname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ name = modname;
+ }
+
+ /* This is commonly used as a 'cd'. Try qpathinfo on
+ a directory handle first. */
+
+ status = cli_smb2_create_fnum(cli,
+ name,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ NULL,
+ &fnum,
+ &cr,
+ NULL,
+ NULL);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_A_DIRECTORY)) {
+ /* Maybe a file ? */
+ status = cli_smb2_create_fnum(cli,
+ name,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ 0, /* file attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ 0, /* create_options */
+ NULL,
+ &fnum,
+ &cr,
+ NULL,
+ NULL);
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK)) {
+ /* Maybe a reparse point ? */
+ status = cli_smb2_create_fnum(cli,
+ name,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ 0, /* file attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_OPEN_REPARSE_POINT, /* create_options */
+ NULL,
+ &fnum,
+ &cr,
+ NULL,
+ NULL);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = cli_smb2_close_fnum(cli, fnum);
+
+ ZERO_STRUCTP(sbuf);
+
+ sbuf->st_ex_atime = nt_time_to_unix_timespec(cr.last_access_time);
+ sbuf->st_ex_mtime = nt_time_to_unix_timespec(cr.last_write_time);
+ sbuf->st_ex_ctime = nt_time_to_unix_timespec(cr.change_time);
+ sbuf->st_ex_size = cr.end_of_file;
+ *attributes = cr.file_attributes;
+
+ return status;
+}
+
+struct cli_smb2_query_info_fnum_state {
+ DATA_BLOB outbuf;
+};
+
+static void cli_smb2_query_info_fnum_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_query_info_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ uint32_t in_max_output_length,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info,
+ uint32_t in_flags)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_query_info_fnum_state *state = NULL;
+ struct smb2_hnd *ph = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_smb2_query_info_fnum_state);
+ if (req == NULL) {
+ return req;
+ }
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = smb2cli_query_info_send(
+ state,
+ ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ in_info_type,
+ in_info_class,
+ in_max_output_length,
+ in_input_buffer,
+ in_additional_info,
+ in_flags,
+ ph->fid_persistent,
+ ph->fid_volatile);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_query_info_fnum_done, req);
+ return req;
+}
+
+static void cli_smb2_query_info_fnum_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_query_info_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_query_info_fnum_state);
+ DATA_BLOB outbuf;
+ NTSTATUS status;
+
+ status = smb2cli_query_info_recv(subreq, state, &outbuf);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /*
+ * We have to dup the memory here because outbuf.data is not
+ * returned as a talloc object by smb2cli_query_info_recv.
+ * It's a pointer into the received buffer.
+ */
+ state->outbuf = data_blob_dup_talloc(state, outbuf);
+
+ if ((outbuf.length != 0) &&
+ tevent_req_nomem(state->outbuf.data, req)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb2_query_info_fnum_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *outbuf)
+{
+ struct cli_smb2_query_info_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_query_info_fnum_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *outbuf = (DATA_BLOB) {
+ .data = talloc_move(mem_ctx, &state->outbuf.data),
+ .length = state->outbuf.length,
+ };
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb2_query_info_fnum(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ uint32_t in_max_output_length,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info,
+ uint32_t in_flags,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *outbuf)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ bool ok;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_query_info_fnum_send(
+ frame,
+ ev,
+ cli,
+ fnum,
+ in_info_type,
+ in_info_class,
+ in_max_output_length,
+ in_input_buffer,
+ in_additional_info,
+ in_flags);
+ if (req == NULL) {
+ goto fail;
+ }
+ ok = tevent_req_poll_ntstatus(req, ev, &status);
+ if (!ok) {
+ goto fail;
+ }
+ status = cli_smb2_query_info_fnum_recv(req, mem_ctx, outbuf);
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Helper function for pathname operations.
+***************************************************************/
+
+struct get_fnum_from_path_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *name;
+ uint32_t desired_access;
+ uint16_t fnum;
+};
+
+static void get_fnum_from_path_opened_file(struct tevent_req *subreq);
+static void get_fnum_from_path_opened_reparse(struct tevent_req *subreq);
+static void get_fnum_from_path_opened_dir(struct tevent_req *subreq);
+
+static struct tevent_req *get_fnum_from_path_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *name,
+ uint32_t desired_access)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct get_fnum_from_path_state *state = NULL;
+ size_t namelen = strlen(name);
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct get_fnum_from_path_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->name = name;
+ state->desired_access = desired_access;
+
+ /*
+ * SMB2 is pickier about pathnames. Ensure it doesn't end in a
+ * '\'
+ */
+ if (namelen > 0 && name[namelen-1] == '\\') {
+ state->name = talloc_strndup(state, name, namelen-1);
+ if (tevent_req_nomem(state->name, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ subreq = cli_smb2_create_fnum_send(
+ state, /* mem_ctx, */
+ ev, /* ev */
+ cli, /* cli */
+ state->name, /* fname */
+ (struct cli_smb2_create_flags){0}, /* create_flags */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level */
+ desired_access, /* desired_access */
+ 0, /* file_attributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ 0, /* create_options */
+ NULL); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, get_fnum_from_path_opened_file, req);
+ return req;
+}
+
+static void get_fnum_from_path_opened_file(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct get_fnum_from_path_state *state = tevent_req_data(
+ req, struct get_fnum_from_path_state);
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &state->fnum, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED)) {
+ /*
+ * Naive option to match our SMB1 code. Assume the
+ * symlink path that tripped us up was the last
+ * component and try again. Eventually we will have to
+ * deal with the returned path unprocessed component. JRA.
+ */
+ subreq = cli_smb2_create_fnum_send(
+ state, /* mem_ctx, */
+ state->ev, /* ev */
+ state->cli, /* cli */
+ state->name, /* fname */
+ (struct cli_smb2_create_flags){0}, /* create_flags */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation */
+ state->desired_access, /* desired_access */
+ 0, /* file_attributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_OPEN_REPARSE_POINT, /* create_options */
+ NULL); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(
+ subreq, get_fnum_from_path_opened_reparse, req);
+ return;
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
+ subreq = cli_smb2_create_fnum_send(
+ state, /* mem_ctx, */
+ state->ev, /* ev */
+ state->cli, /* cli */
+ state->name, /* fname */
+ (struct cli_smb2_create_flags){0}, /* create_flags */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation */
+ state->desired_access, /* desired_access */
+ 0, /* file_attributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ NULL); /* in_cblobs */
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(
+ subreq, get_fnum_from_path_opened_dir, req);
+ return;
+ }
+
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void get_fnum_from_path_opened_reparse(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct get_fnum_from_path_state *state = tevent_req_data(
+ req, struct get_fnum_from_path_state);
+ NTSTATUS status = cli_smb2_create_fnum_recv(
+ subreq, &state->fnum, NULL, NULL, NULL, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void get_fnum_from_path_opened_dir(struct tevent_req *subreq)
+{
+ /* Abstraction violation, but these two are just the same... */
+ get_fnum_from_path_opened_reparse(subreq);
+}
+
+static NTSTATUS get_fnum_from_path_recv(
+ struct tevent_req *req, uint16_t *pfnum)
+{
+ struct get_fnum_from_path_state *state = tevent_req_data(
+ req, struct get_fnum_from_path_state);
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (!tevent_req_is_nterror(req, &status)) {
+ *pfnum = state->fnum;
+ }
+ tevent_req_received(req);
+ return status;
+}
+
+static NTSTATUS get_fnum_from_path(struct cli_state *cli,
+ const char *name,
+ uint32_t desired_access,
+ uint16_t *pfnum)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = get_fnum_from_path_send(frame, ev, cli, name, desired_access);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = get_fnum_from_path_recv(req, pfnum);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_qpathinfo_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *fname;
+ uint16_t fnum;
+ uint16_t level;
+ uint32_t min_rdata;
+ uint32_t max_rdata;
+
+ NTSTATUS status;
+ DATA_BLOB out;
+};
+
+static void cli_smb2_qpathinfo_opened(struct tevent_req *subreq);
+static void cli_smb2_qpathinfo_done(struct tevent_req *subreq);
+static void cli_smb2_qpathinfo_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_qpathinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint16_t level,
+ uint32_t min_rdata,
+ uint32_t max_rdata)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_qpathinfo_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx,
+ &state,
+ struct cli_smb2_qpathinfo_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->level = level;
+ state->min_rdata = min_rdata;
+ state->max_rdata = max_rdata;
+
+ subreq = get_fnum_from_path_send(state,
+ ev,
+ cli,
+ fname,
+ FILE_READ_ATTRIBUTES);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_qpathinfo_opened, req);
+ return req;
+}
+
+static void cli_smb2_qpathinfo_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_smb2_qpathinfo_state *state =
+ tevent_req_data(req, struct cli_smb2_qpathinfo_state);
+ NTSTATUS status;
+
+ status = get_fnum_from_path_recv(subreq, &state->fnum);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_smb2_query_info_fnum_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ 1, /* in_info_type */
+ state->level,
+ state->max_rdata,
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0); /* in_flags */
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_qpathinfo_done, req);
+}
+
+static void cli_smb2_qpathinfo_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_smb2_qpathinfo_state *state =
+ tevent_req_data(req, struct cli_smb2_qpathinfo_state);
+
+ state->status =
+ cli_smb2_query_info_fnum_recv(subreq, state, &state->out);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_IS_OK(state->status) &&
+ (state->out.length < state->min_rdata)) {
+ state->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ subreq = cli_smb2_close_fnum_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_qpathinfo_closed, req);
+}
+
+static void cli_smb2_qpathinfo_closed(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_smb2_qpathinfo_state *state =
+ tevent_req_data(req, struct cli_smb2_qpathinfo_state);
+ NTSTATUS status;
+
+ status = cli_smb2_close_fnum_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if (tevent_req_nterror(req, state->status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb2_qpathinfo_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint8_t **rdata,
+ uint32_t *num_rdata)
+{
+ struct cli_smb2_qpathinfo_state *state =
+ tevent_req_data(req, struct cli_smb2_qpathinfo_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ *rdata = talloc_move(mem_ctx, &state->out.data);
+ *num_rdata = state->out.length;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to set SMB_FILE_BASIC_INFORMATION on
+ a pathname.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_setpathinfo(struct cli_state *cli,
+ const char *name,
+ uint8_t in_info_type,
+ uint8_t in_file_info_class,
+ const DATA_BLOB *p_in_data)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ status = get_fnum_from_path(cli,
+ name,
+ FILE_WRITE_ATTRIBUTES,
+ &fnum);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = cli_smb2_set_info_fnum(
+ cli,
+ fnum,
+ in_info_type,
+ in_file_info_class,
+ p_in_data, /* in_input_buffer */
+ 0); /* in_additional_info */
+ fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+
+/***************************************************************
+ Wrapper that allows SMB2 to set pathname attributes.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_setatr(struct cli_state *cli,
+ const char *name,
+ uint32_t attr,
+ time_t mtime)
+{
+ uint8_t inbuf_store[40];
+ DATA_BLOB inbuf = data_blob_null;
+
+ /* setinfo on the handle with info_type SMB2_SETINFO_FILE (1),
+ level 4 (SMB_FILE_BASIC_INFORMATION - 1000). */
+
+ inbuf.data = inbuf_store;
+ inbuf.length = sizeof(inbuf_store);
+ data_blob_clear(&inbuf);
+
+ /*
+ * SMB1 uses attr == 0 to clear all attributes
+ * on a file (end up with FILE_ATTRIBUTE_NORMAL),
+ * and attr == FILE_ATTRIBUTE_NORMAL to mean ignore
+ * request attribute change.
+ *
+ * SMB2 uses exactly the reverse. Unfortunately as the
+ * cli_setatr() ABI is exposed inside libsmbclient,
+ * we must make the SMB2 cli_smb2_setatr() call
+ * export the same ABI as the SMB1 cli_setatr()
+ * which calls it. This means reversing the sense
+ * of the requested attr argument if it's zero
+ * or FILE_ATTRIBUTE_NORMAL.
+ *
+ * See BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899
+ */
+
+ if (attr == 0) {
+ attr = FILE_ATTRIBUTE_NORMAL;
+ } else if (attr == FILE_ATTRIBUTE_NORMAL) {
+ attr = 0;
+ }
+
+ SIVAL(inbuf.data, 32, attr);
+ if (mtime != 0) {
+ put_long_date((char *)inbuf.data + 16,mtime);
+ }
+ /* Set all the other times to -1. */
+ SBVAL(inbuf.data, 0, 0xFFFFFFFFFFFFFFFFLL);
+ SBVAL(inbuf.data, 8, 0xFFFFFFFFFFFFFFFFLL);
+ SBVAL(inbuf.data, 24, 0xFFFFFFFFFFFFFFFFLL);
+
+ return cli_smb2_setpathinfo(cli,
+ name,
+ 1, /* in_info_type */
+ /* in_file_info_class */
+ SMB_FILE_BASIC_INFORMATION - 1000,
+ &inbuf);
+}
+
+
+/***************************************************************
+ Wrapper that allows SMB2 to set file handle times.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_setattrE(struct cli_state *cli,
+ uint16_t fnum,
+ time_t change_time,
+ time_t access_time,
+ time_t write_time)
+{
+ uint8_t inbuf_store[40];
+ DATA_BLOB inbuf = data_blob_null;
+ NTSTATUS status;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* setinfo on the handle with info_type SMB2_SETINFO_FILE (1),
+ level 4 (SMB_FILE_BASIC_INFORMATION - 1000). */
+
+ inbuf.data = inbuf_store;
+ inbuf.length = sizeof(inbuf_store);
+ data_blob_clear(&inbuf);
+
+ SBVAL(inbuf.data, 0, 0xFFFFFFFFFFFFFFFFLL);
+ if (change_time != 0) {
+ put_long_date((char *)inbuf.data + 24, change_time);
+ }
+ if (access_time != 0) {
+ put_long_date((char *)inbuf.data + 8, access_time);
+ }
+ if (write_time != 0) {
+ put_long_date((char *)inbuf.data + 16, write_time);
+ }
+
+ status = cli_smb2_set_info_fnum(cli,
+ fnum,
+ 1, /* in_info_type */
+ SMB_FILE_BASIC_INFORMATION -
+ 1000, /* in_file_info_class */
+ &inbuf, /* in_input_buffer */
+ 0); /* in_additional_info */
+ cli->raw_status = status;
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to query disk attributes (size).
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_dskattr(struct cli_state *cli, const char *path,
+ uint64_t *bsize, uint64_t *total, uint64_t *avail)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+ DATA_BLOB outbuf = data_blob_null;
+ uint32_t sectors_per_unit = 0;
+ uint32_t bytes_per_sector = 0;
+ uint64_t total_size = 0;
+ uint64_t size_free = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /* First open the top level directory. */
+ status = cli_smb2_create_fnum(cli,
+ path,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ NULL,
+ &fnum,
+ NULL,
+ NULL,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* getinfo on the returned handle with info_type SMB2_GETINFO_FS (2),
+ level 3 (SMB_FS_SIZE_INFORMATION). */
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ fnum,
+ 2, /* in_info_type */
+ 3, /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* Parse the reply. */
+ if (outbuf.length != 24) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+
+ total_size = BVAL(outbuf.data, 0);
+ size_free = BVAL(outbuf.data, 8);
+ sectors_per_unit = IVAL(outbuf.data, 16);
+ bytes_per_sector = IVAL(outbuf.data, 20);
+
+ if (bsize) {
+ *bsize = (uint64_t)sectors_per_unit * (uint64_t)bytes_per_sector;
+ }
+ if (total) {
+ *total = total_size;
+ }
+ if (avail) {
+ *avail = size_free;
+ }
+
+ status = NT_STATUS_OK;
+
+ fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to query file system sizes.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_get_fs_full_size_info(struct cli_state *cli,
+ uint64_t *total_allocation_units,
+ uint64_t *caller_allocation_units,
+ uint64_t *actual_allocation_units,
+ uint64_t *sectors_per_allocation_unit,
+ uint64_t *bytes_per_sector)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+ DATA_BLOB outbuf = data_blob_null;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /* First open the top level directory. */
+ status =
+ cli_smb2_create_fnum(cli, "",
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ | FILE_SHARE_WRITE |
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ NULL,
+ &fnum,
+ NULL,
+ NULL,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* getinfo on the returned handle with info_type SMB2_GETINFO_FS (2),
+ level 7 (SMB_FS_FULL_SIZE_INFORMATION). */
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ fnum,
+ SMB2_0_INFO_FILESYSTEM, /* in_info_type */
+ SMB_FS_FULL_SIZE_INFORMATION - 1000, /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ if (outbuf.length < 32) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+
+ *total_allocation_units = BIG_UINT(outbuf.data, 0);
+ *caller_allocation_units = BIG_UINT(outbuf.data, 8);
+ *actual_allocation_units = BIG_UINT(outbuf.data, 16);
+ *sectors_per_allocation_unit = (uint64_t)IVAL(outbuf.data, 24);
+ *bytes_per_sector = (uint64_t)IVAL(outbuf.data, 28);
+
+fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to query file system attributes.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_get_fs_attr_info(struct cli_state *cli, uint32_t *fs_attr)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+ DATA_BLOB outbuf = data_blob_null;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /* First open the top level directory. */
+ status =
+ cli_smb2_create_fnum(cli, "",
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ | FILE_SHARE_WRITE |
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ NULL,
+ &fnum,
+ NULL,
+ NULL,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ fnum,
+ 2, /* in_info_type */
+ 5, /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ if (outbuf.length < 12) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+
+ *fs_attr = IVAL(outbuf.data, 0);
+
+fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to query file system volume info.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_get_fs_volume_info(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ char **_volume_name,
+ uint32_t *pserial_number,
+ time_t *pdate)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+ DATA_BLOB outbuf = data_blob_null;
+ uint32_t nlen;
+ char *volume_name = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /* First open the top level directory. */
+ status =
+ cli_smb2_create_fnum(cli, "",
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+ FILE_SHARE_READ | FILE_SHARE_WRITE |
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_DIRECTORY_FILE, /* create_options */
+ NULL,
+ &fnum,
+ NULL,
+ NULL,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* getinfo on the returned handle with info_type SMB2_GETINFO_FS (2),
+ level 1 (SMB_FS_VOLUME_INFORMATION). */
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ fnum,
+ SMB2_0_INFO_FILESYSTEM, /* in_info_type */
+ /* in_file_info_class */
+ SMB_FS_VOLUME_INFORMATION - 1000,
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ if (outbuf.length < 24) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+
+ if (pdate) {
+ struct timespec ts;
+ ts = interpret_long_date(BVAL(outbuf.data, 0));
+ *pdate = ts.tv_sec;
+ }
+ if (pserial_number) {
+ *pserial_number = IVAL(outbuf.data,8);
+ }
+ nlen = IVAL(outbuf.data,12);
+ if (nlen + 18 < 18) {
+ /* Integer wrap. */
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+ /*
+ * The next check is safe as we know outbuf.length >= 24
+ * from above.
+ */
+ if (nlen > (outbuf.length - 18)) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+
+ pull_string_talloc(mem_ctx,
+ (const char *)outbuf.data,
+ 0,
+ &volume_name,
+ outbuf.data + 18,
+ nlen,
+ STR_UNICODE);
+ if (volume_name == NULL) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+
+ *_volume_name = volume_name;
+
+fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_mxac_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *fname;
+ struct smb2_create_blobs in_cblobs;
+ uint16_t fnum;
+ NTSTATUS status;
+ uint32_t mxac;
+};
+
+static void cli_smb2_mxac_opened(struct tevent_req *subreq);
+static void cli_smb2_mxac_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_query_mxac_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_mxac_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_mxac_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ *state = (struct cli_smb2_mxac_state) {
+ .ev = ev,
+ .cli = cli,
+ .fname = fname,
+ };
+
+ status = smb2_create_blob_add(state,
+ &state->in_cblobs,
+ SMB2_CREATE_TAG_MXAC,
+ data_blob(NULL, 0));
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_smb2_create_fnum_send(
+ state,
+ state->ev,
+ state->cli,
+ state->fname,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_READ_ATTRIBUTES,
+ 0, /* file attributes */
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_OPEN,
+ 0, /* create_options */
+ &state->in_cblobs);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_mxac_opened, req);
+ return req;
+}
+
+static void cli_smb2_mxac_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_mxac_state *state = tevent_req_data(
+ req, struct cli_smb2_mxac_state);
+ struct smb2_create_blobs out_cblobs = {0};
+ struct smb2_create_blob *mxac_blob = NULL;
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &state->fnum, NULL, state, &out_cblobs, NULL);
+ TALLOC_FREE(subreq);
+
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ mxac_blob = smb2_create_blob_find(&out_cblobs, SMB2_CREATE_TAG_MXAC);
+ if (mxac_blob == NULL) {
+ state->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto close;
+ }
+ if (mxac_blob->data.length != 8) {
+ state->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto close;
+ }
+
+ state->status = NT_STATUS(IVAL(mxac_blob->data.data, 0));
+ state->mxac = IVAL(mxac_blob->data.data, 4);
+
+close:
+ subreq = cli_smb2_close_fnum_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_mxac_closed, req);
+
+ return;
+}
+
+static void cli_smb2_mxac_closed(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb2_close_fnum_recv(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb2_query_mxac_recv(struct tevent_req *req, uint32_t *mxac)
+{
+ struct cli_smb2_mxac_state *state = tevent_req_data(
+ req, struct cli_smb2_mxac_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (!NT_STATUS_IS_OK(state->status)) {
+ return state->status;
+ }
+
+ *mxac = state->mxac;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb2_query_mxac(struct cli_state *cli,
+ const char *fname,
+ uint32_t *_mxac)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
+ bool ok;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_query_mxac_send(frame, ev, cli, fname);
+ if (req == NULL) {
+ goto fail;
+ }
+ ok = tevent_req_poll_ntstatus(req, ev, &status);
+ if (!ok) {
+ goto fail;
+ }
+ status = cli_smb2_query_mxac_recv(req, _mxac);
+
+fail:
+ cli->raw_status = status;
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_rename_fnum_state {
+ DATA_BLOB inbuf;
+};
+
+static void cli_smb2_rename_fnum_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_smb2_rename_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ const char *fname_dst,
+ bool replace)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_rename_fnum_state *state = NULL;
+ size_t namelen = strlen(fname_dst);
+ smb_ucs2_t *converted_str = NULL;
+ size_t converted_size_bytes = 0;
+ size_t inbuf_size;
+ bool ok;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_smb2_rename_fnum_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /*
+ * SMB2 is pickier about pathnames. Ensure it doesn't start in
+ * a '\'
+ */
+ if (*fname_dst == '\\') {
+ fname_dst++;
+ }
+
+ /*
+ * SMB2 is pickier about pathnames. Ensure it doesn't end in a
+ * '\'
+ */
+ if (namelen > 0 && fname_dst[namelen-1] == '\\') {
+ fname_dst = talloc_strndup(state, fname_dst, namelen-1);
+ if (tevent_req_nomem(fname_dst, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ ok = push_ucs2_talloc(
+ state, &converted_str, fname_dst, &converted_size_bytes);
+ if (!ok) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * W2K8 insists the dest name is not null terminated. Remove
+ * the last 2 zero bytes and reduce the name length.
+ */
+ if (converted_size_bytes < 2) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+ converted_size_bytes -= 2;
+
+ inbuf_size = 20 + converted_size_bytes;
+ if (inbuf_size < 20) {
+ /* Integer wrap check. */
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * The Windows 10 SMB2 server has a minimum length
+ * for a SMB2_FILE_RENAME_INFORMATION buffer of
+ * 24 bytes. It returns NT_STATUS_INFO_LENGTH_MISMATCH
+ * if the length is less. This isn't an alignment
+ * issue as Windows client accepts happily 2-byte align
+ * for larger target name sizes. Also the Windows 10
+ * SMB1 server doesn't have this restriction.
+ *
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=14403
+ */
+ inbuf_size = MAX(inbuf_size, 24);
+
+ state->inbuf = data_blob_talloc_zero(state, inbuf_size);
+ if (tevent_req_nomem(state->inbuf.data, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (replace) {
+ SCVAL(state->inbuf.data, 0, 1);
+ }
+
+ SIVAL(state->inbuf.data, 16, converted_size_bytes);
+ memcpy(state->inbuf.data + 20, converted_str, converted_size_bytes);
+
+ TALLOC_FREE(converted_str);
+
+ /* setinfo on the returned handle with info_type SMB2_GETINFO_FILE (1),
+ level SMB2_FILE_RENAME_INFORMATION (SMB_FILE_RENAME_INFORMATION - 1000) */
+
+ subreq = cli_smb2_set_info_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ fnum, /* fnum */
+ 1, /* in_info_type */
+ SMB_FILE_RENAME_INFORMATION - 1000, /* in_file_info_class */
+ &state->inbuf, /* in_input_buffer */
+ 0); /* in_additional_info */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rename_fnum_done, req);
+ return req;
+}
+
+static void cli_smb2_rename_fnum_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_set_info_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_smb2_rename_fnum_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to rename a file.
+***************************************************************/
+
+struct cli_smb2_rename_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *fname_dst;
+ bool replace;
+ uint16_t fnum;
+
+ NTSTATUS rename_status;
+};
+
+static void cli_smb2_rename_opened(struct tevent_req *subreq);
+static void cli_smb2_rename_renamed(struct tevent_req *subreq);
+static void cli_smb2_rename_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_rename_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_rename_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_smb2_rename_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /*
+ * Strip a MSDFS path from fname_dst if we were given one.
+ */
+ status = cli_dfs_target_check(state,
+ cli,
+ fname_dst,
+ &fname_dst);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->ev = ev;
+ state->cli = cli;
+ state->fname_dst = fname_dst;
+ state->replace = replace;
+
+ subreq = get_fnum_from_path_send(
+ state, ev, cli, fname_src, DELETE_ACCESS);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rename_opened, req);
+ return req;
+}
+
+static void cli_smb2_rename_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_rename_state *state = tevent_req_data(
+ req, struct cli_smb2_rename_state);
+ NTSTATUS status;
+
+ status = get_fnum_from_path_recv(subreq, &state->fnum);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_smb2_rename_fnum_send(
+ state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ state->fname_dst,
+ state->replace);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rename_renamed, req);
+}
+
+static void cli_smb2_rename_renamed(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_rename_state *state = tevent_req_data(
+ req, struct cli_smb2_rename_state);
+
+ state->rename_status = cli_smb2_rename_fnum_recv(subreq);
+ TALLOC_FREE(subreq);
+
+ subreq = cli_smb2_close_fnum_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_rename_closed, req);
+}
+
+static void cli_smb2_rename_closed(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_close_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_rename_recv(struct tevent_req *req)
+{
+ struct cli_smb2_rename_state *state = tevent_req_data(
+ req, struct cli_smb2_rename_state);
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (!tevent_req_is_nterror(req, &status)) {
+ status = state->rename_status;
+ }
+ tevent_req_received(req);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to set an EA on a fnum.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_set_ea_fnum(struct cli_state *cli,
+ uint16_t fnum,
+ const char *ea_name,
+ const char *ea_val,
+ size_t ea_len)
+{
+ NTSTATUS status;
+ DATA_BLOB inbuf = data_blob_null;
+ size_t bloblen = 0;
+ char *ea_name_ascii = NULL;
+ size_t namelen = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /* Marshall the SMB2 EA data. */
+ if (ea_len > 0xFFFF) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ if (!push_ascii_talloc(frame,
+ &ea_name_ascii,
+ ea_name,
+ &namelen)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ if (namelen < 2 || namelen > 0xFF) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ bloblen = 8 + ea_len + namelen;
+ /* Round up to a 4 byte boundary. */
+ bloblen = ((bloblen + 3)&~3);
+
+ inbuf = data_blob_talloc_zero(frame, bloblen);
+ if (inbuf.data == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ /* namelen doesn't include the NULL byte. */
+ SCVAL(inbuf.data, 5, namelen - 1);
+ SSVAL(inbuf.data, 6, ea_len);
+ memcpy(inbuf.data + 8, ea_name_ascii, namelen);
+ memcpy(inbuf.data + 8 + namelen, ea_val, ea_len);
+
+ /* setinfo on the handle with info_type SMB2_SETINFO_FILE (1),
+ level 15 (SMB_FILE_FULL_EA_INFORMATION - 1000). */
+
+ status = cli_smb2_set_info_fnum(
+ cli,
+ fnum,
+ 1, /* in_info_type */
+ SMB_FILE_FULL_EA_INFORMATION - 1000, /* in_file_info_class */
+ &inbuf, /* in_input_buffer */
+ 0); /* in_additional_info */
+
+ fail:
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to set an EA on a pathname.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_set_ea_path(struct cli_state *cli,
+ const char *name,
+ const char *ea_name,
+ const char *ea_val,
+ size_t ea_len)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ status = get_fnum_from_path(cli,
+ name,
+ FILE_WRITE_EA,
+ &fnum);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ status = cli_set_ea_fnum(cli,
+ fnum,
+ ea_name,
+ ea_val,
+ ea_len);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to get an EA list on a pathname.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_get_ea_list_path(struct cli_state *cli,
+ const char *name,
+ TALLOC_CTX *ctx,
+ size_t *pnum_eas,
+ struct ea_struct **pea_array)
+{
+ NTSTATUS status;
+ uint16_t fnum = 0xffff;
+ DATA_BLOB outbuf = data_blob_null;
+ struct ea_list *ea_list = NULL;
+ struct ea_list *eal = NULL;
+ size_t ea_count = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ *pnum_eas = 0;
+ *pea_array = NULL;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ status = get_fnum_from_path(cli,
+ name,
+ FILE_READ_EA,
+ &fnum);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* getinfo on the handle with info_type SMB2_GETINFO_FILE (1),
+ level 15 (SMB_FILE_FULL_EA_INFORMATION - 1000). */
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ fnum,
+ 1, /* in_info_type */
+ SMB_FILE_FULL_EA_INFORMATION - 1000, /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ /* Parse the reply. */
+ ea_list = read_nttrans_ea_list(ctx,
+ (const char *)outbuf.data,
+ outbuf.length);
+ if (ea_list == NULL) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto fail;
+ }
+
+ /* Convert to an array. */
+ for (eal = ea_list; eal; eal = eal->next) {
+ ea_count++;
+ }
+
+ if (ea_count) {
+ *pea_array = talloc_array(ctx, struct ea_struct, ea_count);
+ if (*pea_array == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ ea_count = 0;
+ for (eal = ea_list; eal; eal = eal->next) {
+ (*pea_array)[ea_count++] = eal->ea;
+ }
+ *pnum_eas = ea_count;
+ }
+
+ fail:
+
+ if (fnum != 0xffff) {
+ cli_smb2_close_fnum(cli, fnum);
+ }
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to get user quota.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_get_user_quota(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ NTSTATUS status;
+ DATA_BLOB inbuf = data_blob_null;
+ DATA_BLOB info_blob = data_blob_null;
+ DATA_BLOB outbuf = data_blob_null;
+ TALLOC_CTX *frame = talloc_stackframe();
+ unsigned sid_len;
+ unsigned int offset;
+ struct smb2_query_quota_info query = {0};
+ struct file_get_quota_info info = {0};
+ enum ndr_err_code err;
+ struct ndr_push *ndr_push = NULL;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ sid_len = ndr_size_dom_sid(&pqt->sid, 0);
+
+ query.return_single = 1;
+
+ info.next_entry_offset = 0;
+ info.sid_length = sid_len;
+ info.sid = pqt->sid;
+
+ err = ndr_push_struct_blob(
+ &info_blob,
+ frame,
+ &info,
+ (ndr_push_flags_fn_t)ndr_push_file_get_quota_info);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ query.sid_list_length = info_blob.length;
+ ndr_push = ndr_push_init_ctx(frame);
+ if (!ndr_push) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ err = ndr_push_smb2_query_quota_info(ndr_push,
+ NDR_SCALARS | NDR_BUFFERS,
+ &query);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+
+ err = ndr_push_array_uint8(ndr_push, NDR_SCALARS, info_blob.data,
+ info_blob.length);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+ inbuf.data = ndr_push->data;
+ inbuf.length = ndr_push->offset;
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ quota_fnum,
+ 4, /* in_info_type */
+ 0, /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ &inbuf, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ if (!parse_user_quota_record(outbuf.data, outbuf.length, &offset,
+ pqt)) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ DEBUG(0, ("Got invalid FILE_QUOTA_INFORMATION in reply.\n"));
+ }
+
+fail:
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to list user quota.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_list_user_quota_step(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int quota_fnum,
+ SMB_NTQUOTA_LIST **pqt_list,
+ bool first)
+{
+ NTSTATUS status;
+ DATA_BLOB inbuf = data_blob_null;
+ DATA_BLOB outbuf = data_blob_null;
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct smb2_query_quota_info info = {0};
+ enum ndr_err_code err;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto cleanup;
+ }
+
+ info.restart_scan = first ? 1 : 0;
+
+ err = ndr_push_struct_blob(
+ &inbuf,
+ frame,
+ &info,
+ (ndr_push_flags_fn_t)ndr_push_smb2_query_quota_info);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ quota_fnum,
+ 4, /* in_info_type */
+ 0, /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ &inbuf, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+
+ /*
+ * safeguard against panic from calling parse_user_quota_list with
+ * NULL buffer
+ */
+ if (NT_STATUS_IS_OK(status) && outbuf.length == 0) {
+ status = NT_STATUS_NO_MORE_ENTRIES;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto cleanup;
+ }
+
+ status = parse_user_quota_list(outbuf.data, outbuf.length, mem_ctx,
+ pqt_list);
+
+cleanup:
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to get file system quota.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_get_fs_quota_info(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ NTSTATUS status;
+ DATA_BLOB outbuf = data_blob_null;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto cleanup;
+ }
+
+ status = cli_smb2_query_info_fnum(
+ cli,
+ quota_fnum,
+ 2, /* in_info_type */
+ SMB_FS_QUOTA_INFORMATION - 1000, /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0, /* in_flags */
+ frame,
+ &outbuf);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto cleanup;
+ }
+
+ status = parse_fs_quota_buffer(outbuf.data, outbuf.length, pqt);
+
+cleanup:
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to set user quota.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_set_user_quota(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_LIST *qtl)
+{
+ NTSTATUS status;
+ DATA_BLOB inbuf = data_blob_null;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto cleanup;
+ }
+
+ status = build_user_quota_buffer(qtl, 0, talloc_tos(), &inbuf, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto cleanup;
+ }
+
+ status = cli_smb2_set_info_fnum(
+ cli,
+ quota_fnum,
+ 4, /* in_info_type */
+ 0, /* in_file_info_class */
+ &inbuf, /* in_input_buffer */
+ 0); /* in_additional_info */
+cleanup:
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+
+ return status;
+}
+
+NTSTATUS cli_smb2_set_fs_quota_info(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ NTSTATUS status;
+ DATA_BLOB inbuf = data_blob_null;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto cleanup;
+ }
+
+ status = build_fs_quota_buffer(talloc_tos(), pqt, &inbuf, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto cleanup;
+ }
+
+ status = cli_smb2_set_info_fnum(
+ cli,
+ quota_fnum,
+ 2, /* in_info_type */
+ SMB_FS_QUOTA_INFORMATION - 1000, /* in_file_info_class */
+ &inbuf, /* in_input_buffer */
+ 0); /* in_additional_info */
+cleanup:
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_read_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ struct smb2_hnd *ph;
+ uint64_t start_offset;
+ uint32_t size;
+ uint32_t received;
+ uint8_t *buf;
+};
+
+static void cli_smb2_read_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_read_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ off_t offset,
+ size_t size)
+{
+ NTSTATUS status;
+ struct tevent_req *req, *subreq;
+ struct cli_smb2_read_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->start_offset = (uint64_t)offset;
+ state->size = (uint32_t)size;
+ state->received = 0;
+ state->buf = NULL;
+
+ status = map_fnum_to_smb2_handle(cli,
+ fnum,
+ &state->ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = smb2cli_read_send(state,
+ state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb2.session,
+ state->cli->smb2.tcon,
+ state->size,
+ state->start_offset,
+ state->ph->fid_persistent,
+ state->ph->fid_volatile,
+ 0, /* minimum_count */
+ 0); /* remaining_bytes */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_read_done, req);
+ return req;
+}
+
+static void cli_smb2_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_read_state *state = tevent_req_data(
+ req, struct cli_smb2_read_state);
+ NTSTATUS status;
+
+ status = smb2cli_read_recv(subreq, state,
+ &state->buf, &state->received);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (state->received > state->size) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb2_read_recv(struct tevent_req *req,
+ ssize_t *received,
+ uint8_t **rcvbuf)
+{
+ NTSTATUS status;
+ struct cli_smb2_read_state *state = tevent_req_data(
+ req, struct cli_smb2_read_state);
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ return status;
+ }
+ /*
+ * As in cli_read_andx_recv() rcvbuf is talloced from the request, so
+ * better make sure that you copy it away before you talloc_free(req).
+ * "rcvbuf" is NOT a talloc_ctx of its own, so do not talloc_move it!
+ */
+ *received = (ssize_t)state->received;
+ *rcvbuf = state->buf;
+ state->cli->raw_status = NT_STATUS_OK;
+ return NT_STATUS_OK;
+}
+
+struct cli_smb2_write_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ struct smb2_hnd *ph;
+ uint32_t flags;
+ const uint8_t *buf;
+ uint64_t offset;
+ uint32_t size;
+ uint32_t written;
+};
+
+static void cli_smb2_write_written(struct tevent_req *req);
+
+struct tevent_req *cli_smb2_write_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t mode,
+ const uint8_t *buf,
+ off_t offset,
+ size_t size)
+{
+ NTSTATUS status;
+ struct tevent_req *req, *subreq = NULL;
+ struct cli_smb2_write_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_write_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ /* Both SMB1 and SMB2 use 1 in the following meaning write-through. */
+ state->flags = (uint32_t)mode;
+ state->buf = buf;
+ state->offset = (uint64_t)offset;
+ state->size = (uint32_t)size;
+ state->written = 0;
+
+ status = map_fnum_to_smb2_handle(cli,
+ fnum,
+ &state->ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = smb2cli_write_send(state,
+ state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb2.session,
+ state->cli->smb2.tcon,
+ state->size,
+ state->offset,
+ state->ph->fid_persistent,
+ state->ph->fid_volatile,
+ 0, /* remaining_bytes */
+ state->flags, /* flags */
+ state->buf);
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_write_written, req);
+ return req;
+}
+
+static void cli_smb2_write_written(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_write_state *state = tevent_req_data(
+ req, struct cli_smb2_write_state);
+ NTSTATUS status;
+ uint32_t written;
+
+ status = smb2cli_write_recv(subreq, &written);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->written = written;
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb2_write_recv(struct tevent_req *req,
+ size_t *pwritten)
+{
+ struct cli_smb2_write_state *state = tevent_req_data(
+ req, struct cli_smb2_write_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ tevent_req_received(req);
+ return status;
+ }
+
+ if (pwritten != NULL) {
+ *pwritten = (size_t)state->written;
+ }
+ state->cli->raw_status = NT_STATUS_OK;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 async write using an fnum.
+ This is mostly cut-and-paste from Volker's code inside
+ source3/libsmb/clireadwrite.c, adapted for SMB2.
+
+ Done this way so I can reuse all the logic inside cli_push()
+ for free :-).
+***************************************************************/
+
+struct cli_smb2_writeall_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ struct smb2_hnd *ph;
+ uint32_t flags;
+ const uint8_t *buf;
+ uint64_t offset;
+ uint32_t size;
+ uint32_t written;
+};
+
+static void cli_smb2_writeall_written(struct tevent_req *req);
+
+struct tevent_req *cli_smb2_writeall_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t mode,
+ const uint8_t *buf,
+ off_t offset,
+ size_t size)
+{
+ NTSTATUS status;
+ struct tevent_req *req, *subreq = NULL;
+ struct cli_smb2_writeall_state *state = NULL;
+ uint32_t to_write;
+ uint32_t max_size;
+ bool ok;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_writeall_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ /* Both SMB1 and SMB2 use 1 in the following meaning write-through. */
+ state->flags = (uint32_t)mode;
+ state->buf = buf;
+ state->offset = (uint64_t)offset;
+ state->size = (uint32_t)size;
+ state->written = 0;
+
+ status = map_fnum_to_smb2_handle(cli,
+ fnum,
+ &state->ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ to_write = state->size;
+ max_size = smb2cli_conn_max_write_size(state->cli->conn);
+ to_write = MIN(max_size, to_write);
+ ok = smb2cli_conn_req_possible(state->cli->conn, &max_size);
+ if (ok) {
+ to_write = MIN(max_size, to_write);
+ }
+
+ subreq = smb2cli_write_send(state,
+ state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb2.session,
+ state->cli->smb2.tcon,
+ to_write,
+ state->offset,
+ state->ph->fid_persistent,
+ state->ph->fid_volatile,
+ 0, /* remaining_bytes */
+ state->flags, /* flags */
+ state->buf + state->written);
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_writeall_written, req);
+ return req;
+}
+
+static void cli_smb2_writeall_written(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_writeall_state *state = tevent_req_data(
+ req, struct cli_smb2_writeall_state);
+ NTSTATUS status;
+ uint32_t written, to_write;
+ uint32_t max_size;
+ bool ok;
+
+ status = smb2cli_write_recv(subreq, &written);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->written += written;
+
+ if (state->written > state->size) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ to_write = state->size - state->written;
+
+ if (to_write == 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ max_size = smb2cli_conn_max_write_size(state->cli->conn);
+ to_write = MIN(max_size, to_write);
+ ok = smb2cli_conn_req_possible(state->cli->conn, &max_size);
+ if (ok) {
+ to_write = MIN(max_size, to_write);
+ }
+
+ subreq = smb2cli_write_send(state,
+ state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb2.session,
+ state->cli->smb2.tcon,
+ to_write,
+ state->offset + state->written,
+ state->ph->fid_persistent,
+ state->ph->fid_volatile,
+ 0, /* remaining_bytes */
+ state->flags, /* flags */
+ state->buf + state->written);
+
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_writeall_written, req);
+}
+
+NTSTATUS cli_smb2_writeall_recv(struct tevent_req *req,
+ size_t *pwritten)
+{
+ struct cli_smb2_writeall_state *state = tevent_req_data(
+ req, struct cli_smb2_writeall_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ return status;
+ }
+ if (pwritten != NULL) {
+ *pwritten = (size_t)state->written;
+ }
+ state->cli->raw_status = NT_STATUS_OK;
+ return NT_STATUS_OK;
+}
+
+struct cli_smb2_splice_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ struct smb2_hnd *src_ph;
+ struct smb2_hnd *dst_ph;
+ int (*splice_cb)(off_t n, void *priv);
+ void *priv;
+ off_t written;
+ off_t size;
+ off_t src_offset;
+ off_t dst_offset;
+ bool resized;
+ struct req_resume_key_rsp resume_rsp;
+ struct srv_copychunk_copy cc_copy;
+};
+
+static void cli_splice_copychunk_send(struct cli_smb2_splice_state *state,
+ struct tevent_req *req);
+
+static void cli_splice_copychunk_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_splice_state *state =
+ tevent_req_data(req,
+ struct cli_smb2_splice_state);
+ struct smbXcli_conn *conn = state->cli->conn;
+ DATA_BLOB out_input_buffer = data_blob_null;
+ DATA_BLOB out_output_buffer = data_blob_null;
+ struct srv_copychunk_rsp cc_copy_rsp;
+ enum ndr_err_code ndr_ret;
+ NTSTATUS status;
+
+ status = smb2cli_ioctl_recv(subreq, state,
+ &out_input_buffer,
+ &out_output_buffer);
+ TALLOC_FREE(subreq);
+ if ((!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER) ||
+ state->resized) && tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ ndr_ret = ndr_pull_struct_blob(&out_output_buffer, state, &cc_copy_rsp,
+ (ndr_pull_flags_fn_t)ndr_pull_srv_copychunk_rsp);
+ if (ndr_ret != NDR_ERR_SUCCESS) {
+ DEBUG(0, ("failed to unmarshall copy chunk rsp\n"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+ uint32_t max_chunks = MIN(cc_copy_rsp.chunks_written,
+ cc_copy_rsp.total_bytes_written / cc_copy_rsp.chunk_bytes_written);
+ if ((cc_copy_rsp.chunk_bytes_written > smb2cli_conn_cc_chunk_len(conn) ||
+ max_chunks > smb2cli_conn_cc_max_chunks(conn)) &&
+ tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->resized = true;
+ smb2cli_conn_set_cc_chunk_len(conn, cc_copy_rsp.chunk_bytes_written);
+ smb2cli_conn_set_cc_max_chunks(conn, max_chunks);
+ } else {
+ if ((state->src_offset > INT64_MAX - cc_copy_rsp.total_bytes_written) ||
+ (state->dst_offset > INT64_MAX - cc_copy_rsp.total_bytes_written) ||
+ (state->written > INT64_MAX - cc_copy_rsp.total_bytes_written)) {
+ tevent_req_nterror(req, NT_STATUS_FILE_TOO_LARGE);
+ return;
+ }
+ state->src_offset += cc_copy_rsp.total_bytes_written;
+ state->dst_offset += cc_copy_rsp.total_bytes_written;
+ state->written += cc_copy_rsp.total_bytes_written;
+ if (!state->splice_cb(state->written, state->priv)) {
+ tevent_req_nterror(req, NT_STATUS_CANCELLED);
+ return;
+ }
+ }
+
+ cli_splice_copychunk_send(state, req);
+}
+
+static void cli_splice_copychunk_send(struct cli_smb2_splice_state *state,
+ struct tevent_req *req)
+{
+ struct tevent_req *subreq;
+ enum ndr_err_code ndr_ret;
+ struct smbXcli_conn *conn = state->cli->conn;
+ struct srv_copychunk_copy *cc_copy = &state->cc_copy;
+ off_t src_offset = state->src_offset;
+ off_t dst_offset = state->dst_offset;
+ uint32_t req_len = MIN(smb2cli_conn_cc_chunk_len(conn) * smb2cli_conn_cc_max_chunks(conn),
+ state->size - state->written);
+ DATA_BLOB in_input_buffer = data_blob_null;
+ DATA_BLOB in_output_buffer = data_blob_null;
+
+ if (state->size - state->written == 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ cc_copy->chunk_count = 0;
+ while (req_len) {
+ cc_copy->chunks[cc_copy->chunk_count].source_off = src_offset;
+ cc_copy->chunks[cc_copy->chunk_count].target_off = dst_offset;
+ cc_copy->chunks[cc_copy->chunk_count].length = MIN(req_len,
+ smb2cli_conn_cc_chunk_len(conn));
+ if (req_len < cc_copy->chunks[cc_copy->chunk_count].length) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+ req_len -= cc_copy->chunks[cc_copy->chunk_count].length;
+ if ((src_offset > INT64_MAX - cc_copy->chunks[cc_copy->chunk_count].length) ||
+ (dst_offset > INT64_MAX - cc_copy->chunks[cc_copy->chunk_count].length)) {
+ tevent_req_nterror(req, NT_STATUS_FILE_TOO_LARGE);
+ return;
+ }
+ src_offset += cc_copy->chunks[cc_copy->chunk_count].length;
+ dst_offset += cc_copy->chunks[cc_copy->chunk_count].length;
+ cc_copy->chunk_count++;
+ }
+
+ ndr_ret = ndr_push_struct_blob(&in_input_buffer, state, cc_copy,
+ (ndr_push_flags_fn_t)ndr_push_srv_copychunk_copy);
+ if (ndr_ret != NDR_ERR_SUCCESS) {
+ DEBUG(0, ("failed to marshall copy chunk req\n"));
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+
+ subreq = smb2cli_ioctl_send(state, state->ev, state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb2.session,
+ state->cli->smb2.tcon,
+ state->dst_ph->fid_persistent, /* in_fid_persistent */
+ state->dst_ph->fid_volatile, /* in_fid_volatile */
+ FSCTL_SRV_COPYCHUNK_WRITE,
+ 0, /* in_max_input_length */
+ &in_input_buffer,
+ 12, /* in_max_output_length */
+ &in_output_buffer,
+ SMB2_IOCTL_FLAG_IS_FSCTL);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_splice_copychunk_done,
+ req);
+}
+
+static void cli_splice_key_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_splice_state *state =
+ tevent_req_data(req,
+ struct cli_smb2_splice_state);
+ enum ndr_err_code ndr_ret;
+ NTSTATUS status;
+
+ DATA_BLOB out_input_buffer = data_blob_null;
+ DATA_BLOB out_output_buffer = data_blob_null;
+
+ status = smb2cli_ioctl_recv(subreq, state,
+ &out_input_buffer,
+ &out_output_buffer);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ ndr_ret = ndr_pull_struct_blob(&out_output_buffer,
+ state, &state->resume_rsp,
+ (ndr_pull_flags_fn_t)ndr_pull_req_resume_key_rsp);
+ if (ndr_ret != NDR_ERR_SUCCESS) {
+ DEBUG(0, ("failed to unmarshall resume key rsp\n"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ memcpy(&state->cc_copy.source_key,
+ &state->resume_rsp.resume_key,
+ sizeof state->resume_rsp.resume_key);
+
+ cli_splice_copychunk_send(state, req);
+}
+
+struct tevent_req *cli_smb2_splice_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t src_fnum, uint16_t dst_fnum,
+ off_t size, off_t src_offset, off_t dst_offset,
+ int (*splice_cb)(off_t n, void *priv),
+ void *priv)
+{
+ struct tevent_req *req;
+ struct tevent_req *subreq;
+ struct cli_smb2_splice_state *state;
+ NTSTATUS status;
+ DATA_BLOB in_input_buffer = data_blob_null;
+ DATA_BLOB in_output_buffer = data_blob_null;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_splice_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->ev = ev;
+ state->splice_cb = splice_cb;
+ state->priv = priv;
+ state->size = size;
+ state->written = 0;
+ state->src_offset = src_offset;
+ state->dst_offset = dst_offset;
+ state->cc_copy.chunks = talloc_array(state,
+ struct srv_copychunk,
+ smb2cli_conn_cc_max_chunks(cli->conn));
+ if (state->cc_copy.chunks == NULL) {
+ return NULL;
+ }
+
+ status = map_fnum_to_smb2_handle(cli, src_fnum, &state->src_ph);
+ if (tevent_req_nterror(req, status))
+ return tevent_req_post(req, ev);
+
+ status = map_fnum_to_smb2_handle(cli, dst_fnum, &state->dst_ph);
+ if (tevent_req_nterror(req, status))
+ return tevent_req_post(req, ev);
+
+ subreq = smb2cli_ioctl_send(state, ev, cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ state->src_ph->fid_persistent, /* in_fid_persistent */
+ state->src_ph->fid_volatile, /* in_fid_volatile */
+ FSCTL_SRV_REQUEST_RESUME_KEY,
+ 0, /* in_max_input_length */
+ &in_input_buffer,
+ 32, /* in_max_output_length */
+ &in_output_buffer,
+ SMB2_IOCTL_FLAG_IS_FSCTL);
+ if (tevent_req_nomem(subreq, req)) {
+ return NULL;
+ }
+ tevent_req_set_callback(subreq,
+ cli_splice_key_done,
+ req);
+
+ return req;
+}
+
+NTSTATUS cli_smb2_splice_recv(struct tevent_req *req, off_t *written)
+{
+ struct cli_smb2_splice_state *state = tevent_req_data(
+ req, struct cli_smb2_splice_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->cli->raw_status = status;
+ tevent_req_received(req);
+ return status;
+ }
+ if (written != NULL) {
+ *written = state->written;
+ }
+ state->cli->raw_status = NT_STATUS_OK;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+/***************************************************************
+ SMB2 enum shadow copy data.
+***************************************************************/
+
+struct cli_smb2_shadow_copy_data_fnum_state {
+ struct cli_state *cli;
+ uint16_t fnum;
+ struct smb2_hnd *ph;
+ DATA_BLOB out_input_buffer;
+ DATA_BLOB out_output_buffer;
+};
+
+static void cli_smb2_shadow_copy_data_fnum_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_smb2_shadow_copy_data_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool get_names)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_smb2_shadow_copy_data_fnum_state *state;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb2_shadow_copy_data_fnum_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->cli = cli;
+ state->fnum = fnum;
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &state->ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * TODO. Under SMB2 we should send a zero max_output_length
+ * ioctl to get the required size, then send another ioctl
+ * to get the data, but the current SMB1 implementation just
+ * does one roundtrip with a 64K buffer size. Do the same
+ * for now. JRA.
+ */
+
+ subreq = smb2cli_ioctl_send(state, ev, state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb2.session,
+ state->cli->smb2.tcon,
+ state->ph->fid_persistent, /* in_fid_persistent */
+ state->ph->fid_volatile, /* in_fid_volatile */
+ FSCTL_GET_SHADOW_COPY_DATA,
+ 0, /* in_max_input_length */
+ NULL, /* in_input_buffer */
+ get_names ?
+ CLI_BUFFER_SIZE : 16, /* in_max_output_length */
+ NULL, /* in_output_buffer */
+ SMB2_IOCTL_FLAG_IS_FSCTL);
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_smb2_shadow_copy_data_fnum_done,
+ req);
+
+ return req;
+}
+
+static void cli_smb2_shadow_copy_data_fnum_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_shadow_copy_data_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_shadow_copy_data_fnum_state);
+ NTSTATUS status;
+
+ status = smb2cli_ioctl_recv(subreq, state,
+ &state->out_input_buffer,
+ &state->out_output_buffer);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_smb2_shadow_copy_data_fnum_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ bool get_names,
+ char ***pnames,
+ int *pnum_names)
+{
+ struct cli_smb2_shadow_copy_data_fnum_state *state = tevent_req_data(
+ req, struct cli_smb2_shadow_copy_data_fnum_state);
+ char **names = NULL;
+ uint32_t num_names = 0;
+ uint32_t num_names_returned = 0;
+ uint32_t dlength = 0;
+ uint32_t i;
+ uint8_t *endp = NULL;
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (state->out_output_buffer.length < 16) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ num_names = IVAL(state->out_output_buffer.data, 0);
+ num_names_returned = IVAL(state->out_output_buffer.data, 4);
+ dlength = IVAL(state->out_output_buffer.data, 8);
+
+ if (num_names > 0x7FFFFFFF) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (get_names == false) {
+ *pnum_names = (int)num_names;
+ return NT_STATUS_OK;
+ }
+ if (num_names != num_names_returned) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (dlength + 12 < 12) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ /*
+ * NB. The below is an allowable return if there are
+ * more snapshots than the buffer size we told the
+ * server we can receive. We currently don't support
+ * this.
+ */
+ if (dlength + 12 > state->out_output_buffer.length) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (state->out_output_buffer.length +
+ (2 * sizeof(SHADOW_COPY_LABEL)) <
+ state->out_output_buffer.length) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ names = talloc_array(mem_ctx, char *, num_names_returned);
+ if (names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ endp = state->out_output_buffer.data +
+ state->out_output_buffer.length;
+
+ for (i=0; i<num_names_returned; i++) {
+ bool ret;
+ uint8_t *src;
+ size_t converted_size;
+
+ src = state->out_output_buffer.data + 12 +
+ (i * 2 * sizeof(SHADOW_COPY_LABEL));
+
+ if (src + (2 * sizeof(SHADOW_COPY_LABEL)) > endp) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ ret = convert_string_talloc(
+ names, CH_UTF16LE, CH_UNIX,
+ src, 2 * sizeof(SHADOW_COPY_LABEL),
+ &names[i], &converted_size);
+ if (!ret) {
+ TALLOC_FREE(names);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ }
+ *pnum_names = num_names;
+ *pnames = names;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb2_shadow_copy_data(TALLOC_CTX *mem_ctx,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool get_names,
+ char ***pnames,
+ int *pnum_names)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_shadow_copy_data_fnum_send(frame,
+ ev,
+ cli,
+ fnum,
+ get_names);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb2_shadow_copy_data_fnum_recv(req,
+ mem_ctx,
+ get_names,
+ pnames,
+ pnum_names);
+ fail:
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/***************************************************************
+ Wrapper that allows SMB2 to truncate a file.
+ Synchronous only.
+***************************************************************/
+
+NTSTATUS cli_smb2_ftruncate(struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t newsize)
+{
+ NTSTATUS status;
+ uint8_t buf[8] = {0};
+ DATA_BLOB inbuf = { .data = buf, .length = sizeof(buf) };
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ SBVAL(buf, 0, newsize);
+
+ /* setinfo on the handle with info_type SMB2_SETINFO_FILE (1),
+ level 20 (SMB_FILE_END_OF_FILE_INFORMATION - 1000). */
+
+ status = cli_smb2_set_info_fnum(
+ cli,
+ fnum,
+ 1, /* in_info_type */
+ SMB_FILE_END_OF_FILE_INFORMATION-1000, /* in_file_info_class */
+ &inbuf, /* in_input_buffer */
+ 0);
+
+ fail:
+
+ cli->raw_status = status;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_notify_state {
+ struct tevent_req *subreq;
+ struct notify_change *changes;
+ size_t num_changes;
+};
+
+static void cli_smb2_notify_done(struct tevent_req *subreq);
+static bool cli_smb2_notify_cancel(struct tevent_req *req);
+
+struct tevent_req *cli_smb2_notify_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t buffer_size,
+ uint32_t completion_filter,
+ bool recursive)
+{
+ struct tevent_req *req = NULL;
+ struct cli_smb2_notify_state *state = NULL;
+ struct smb2_hnd *ph = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb2_notify_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->subreq = smb2cli_notify_send(
+ state,
+ ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ buffer_size,
+ ph->fid_persistent,
+ ph->fid_volatile,
+ completion_filter,
+ recursive);
+ if (tevent_req_nomem(state->subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->subreq, cli_smb2_notify_done, req);
+ tevent_req_set_cancel_fn(req, cli_smb2_notify_cancel);
+ return req;
+}
+
+static bool cli_smb2_notify_cancel(struct tevent_req *req)
+{
+ struct cli_smb2_notify_state *state = tevent_req_data(
+ req, struct cli_smb2_notify_state);
+ bool ok;
+
+ ok = tevent_req_cancel(state->subreq);
+ return ok;
+}
+
+static void cli_smb2_notify_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_notify_state *state = tevent_req_data(
+ req, struct cli_smb2_notify_state);
+ uint8_t *base;
+ uint32_t len;
+ uint32_t ofs;
+ NTSTATUS status;
+
+ status = smb2cli_notify_recv(subreq, state, &base, &len);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ tevent_req_done(req);
+ return;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ ofs = 0;
+
+ while (len - ofs >= 12) {
+ struct notify_change *tmp;
+ struct notify_change *c;
+ uint32_t next_ofs = IVAL(base, ofs);
+ uint32_t file_name_length = IVAL(base, ofs+8);
+ size_t namelen;
+ bool ok;
+
+ tmp = talloc_realloc(
+ state,
+ state->changes,
+ struct notify_change,
+ state->num_changes + 1);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+ }
+ state->changes = tmp;
+ c = &state->changes[state->num_changes];
+ state->num_changes += 1;
+
+ if (smb_buffer_oob(len, ofs, next_ofs) ||
+ smb_buffer_oob(len, ofs+12, file_name_length)) {
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ c->action = IVAL(base, ofs+4);
+
+ ok = convert_string_talloc(
+ state->changes,
+ CH_UTF16LE,
+ CH_UNIX,
+ base + ofs + 12,
+ file_name_length,
+ &c->name,
+ &namelen);
+ if (!ok) {
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (next_ofs == 0) {
+ break;
+ }
+ ofs += next_ofs;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb2_notify_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct notify_change **pchanges,
+ uint32_t *pnum_changes)
+{
+ struct cli_smb2_notify_state *state = tevent_req_data(
+ req, struct cli_smb2_notify_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pchanges = talloc_move(mem_ctx, &state->changes);
+ *pnum_changes = state->num_changes;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_smb2_notify(struct cli_state *cli, uint16_t fnum,
+ uint32_t buffer_size, uint32_t completion_filter,
+ bool recursive, TALLOC_CTX *mem_ctx,
+ struct notify_change **pchanges,
+ uint32_t *pnum_changes)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb2_notify_send(
+ frame,
+ ev,
+ cli,
+ fnum,
+ buffer_size,
+ completion_filter,
+ recursive);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb2_notify_recv(req, mem_ctx, pchanges, pnum_changes);
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb2_fsctl_state {
+ DATA_BLOB out;
+};
+
+static void cli_smb2_fsctl_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb2_fsctl_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t ctl_code,
+ const DATA_BLOB *in,
+ uint32_t max_out)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_fsctl_state *state = NULL;
+ struct smb2_hnd *ph = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb2_fsctl_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &ph);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = smb2cli_ioctl_send(
+ state,
+ ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ ph->fid_persistent,
+ ph->fid_volatile,
+ ctl_code,
+ 0, /* in_max_input_length */
+ in,
+ max_out,
+ NULL,
+ SMB2_IOCTL_FLAG_IS_FSCTL);
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_fsctl_done, req);
+ return req;
+}
+
+static void cli_smb2_fsctl_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_fsctl_state *state = tevent_req_data(
+ req, struct cli_smb2_fsctl_state);
+ NTSTATUS status;
+
+ status = smb2cli_ioctl_recv(subreq, state, NULL, &state->out);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_smb2_fsctl_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *out)
+{
+ struct cli_smb2_fsctl_state *state = tevent_req_data(
+ req, struct cli_smb2_fsctl_state);
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ if (state->out.length == 0) {
+ *out = (DATA_BLOB) { .data = NULL, };
+ } else {
+ /*
+ * Can't use talloc_move() here, the outblobs from
+ * smb2cli_ioctl_recv() are not standalone talloc
+ * objects but just peek into the larger buffers
+ * received, hanging off "state".
+ */
+ *out = data_blob_talloc(
+ mem_ctx, state->out.data, state->out.length);
+ if (out->data == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/cli_smb2_fnum.h b/source3/libsmb/cli_smb2_fnum.h
new file mode 100644
index 0000000..abac569
--- /dev/null
+++ b/source3/libsmb/cli_smb2_fnum.h
@@ -0,0 +1,324 @@
+/*
+ Unix SMB/CIFS implementation.
+ smb2 wrapper client routines
+ Copyright (C) Jeremy Allison 2013
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SMB2CLI_FNUM_H__
+#define __SMB2CLI_FNUM_H__
+
+struct smbXcli_conn;
+struct smbXcli_session;
+struct cli_state;
+struct file_info;
+struct symlink_reparse_struct;
+
+struct cli_smb2_create_flags {
+ bool batch_oplock:1;
+ bool exclusive_oplock:1;
+};
+
+struct tevent_req *cli_smb2_create_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ struct cli_smb2_create_flags create_flags,
+ uint32_t impersonation_level,
+ uint32_t desired_access,
+ uint32_t file_attributes,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ const struct smb2_create_blobs *in_cblobs);
+NTSTATUS cli_smb2_create_fnum_recv(
+ struct tevent_req *req,
+ uint16_t *pfnum,
+ struct smb_create_returns *cr,
+ TALLOC_CTX *mem_ctx,
+ struct smb2_create_blobs *out_cblobs,
+ struct symlink_reparse_struct **symlink);
+NTSTATUS cli_smb2_create_fnum(
+ struct cli_state *cli,
+ const char *fname,
+ struct cli_smb2_create_flags create_flags,
+ uint32_t impersonation_level,
+ uint32_t desired_access,
+ uint32_t file_attributes,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ const struct smb2_create_blobs *in_cblobs,
+ uint16_t *pfid,
+ struct smb_create_returns *cr,
+ TALLOC_CTX *mem_ctx,
+ struct smb2_create_blobs *out_cblobs);
+
+struct tevent_req *cli_smb2_close_fnum_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t flags);
+NTSTATUS cli_smb2_close_fnum_recv(struct tevent_req *req);
+NTSTATUS cli_smb2_close_fnum(struct cli_state *cli, uint16_t fnum);
+struct tevent_req *cli_smb2_delete_on_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool flag);
+NTSTATUS cli_smb2_delete_on_close_recv(struct tevent_req *req);
+NTSTATUS cli_smb2_delete_on_close(struct cli_state *cli, uint16_t fnum, bool flag);
+struct tevent_req *cli_smb2_mkdir_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *name);
+NTSTATUS cli_smb2_mkdir_recv(struct tevent_req *req);
+struct tevent_req *cli_smb2_rmdir_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *dname,
+ const struct smb2_create_blobs *in_cblobs);
+NTSTATUS cli_smb2_rmdir_recv(struct tevent_req *req);
+struct tevent_req *cli_smb2_unlink_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ const struct smb2_create_blobs *in_cblobs);
+NTSTATUS cli_smb2_unlink_recv(struct tevent_req *req);
+struct tevent_req *cli_smb2_list_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *pathname,
+ unsigned int info_level);
+NTSTATUS cli_smb2_list_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct file_info **pfinfo);
+NTSTATUS cli_smb2_qpathinfo_basic(struct cli_state *cli,
+ const char *name,
+ SMB_STRUCT_STAT *sbuf,
+ uint32_t *attributes);
+struct tevent_req *cli_smb2_qpathinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint16_t level,
+ uint32_t min_rdata,
+ uint32_t max_rdata);
+NTSTATUS cli_smb2_qpathinfo_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint8_t **rdata,
+ uint32_t *num_rdata);
+struct tevent_req *cli_smb2_query_info_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ uint32_t in_max_output_length,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info,
+ uint32_t in_flags);
+NTSTATUS cli_smb2_query_info_fnum_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *outbuf);
+struct tevent_req *cli_smb2_set_info_fnum_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info);
+NTSTATUS cli_smb2_set_info_fnum_recv(struct tevent_req *req);
+NTSTATUS cli_smb2_set_info_fnum(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info);
+NTSTATUS cli_smb2_query_info_fnum(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t in_info_type,
+ uint8_t in_info_class,
+ uint32_t in_max_output_length,
+ const DATA_BLOB *in_input_buffer,
+ uint32_t in_additional_info,
+ uint32_t in_flags,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *outbuf);
+NTSTATUS cli_smb2_setpathinfo(struct cli_state *cli,
+ const char *name,
+ uint8_t in_info_type,
+ uint8_t in_file_info_class,
+ const DATA_BLOB *p_in_data);
+NTSTATUS cli_smb2_setatr(struct cli_state *cli,
+ const char *fname,
+ uint32_t attr,
+ time_t mtime);
+NTSTATUS cli_smb2_setattrE(struct cli_state *cli,
+ uint16_t fnum,
+ time_t change_time,
+ time_t access_time,
+ time_t write_time);
+NTSTATUS cli_smb2_dskattr(struct cli_state *cli,
+ const char *path,
+ uint64_t *bsize,
+ uint64_t *total,
+ uint64_t *avail);
+NTSTATUS cli_smb2_get_fs_attr_info(struct cli_state *cli, uint32_t *fs_attr);
+NTSTATUS cli_smb2_get_fs_full_size_info(struct cli_state *cli,
+ uint64_t *total_allocation_units,
+ uint64_t *caller_allocation_units,
+ uint64_t *actual_allocation_units,
+ uint64_t *sectors_per_allocation_unit,
+ uint64_t *bytes_per_sector);
+NTSTATUS cli_smb2_get_fs_volume_info(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ char **_volume_name,
+ uint32_t *pserial_number,
+ time_t *pdate);
+struct tevent_req *cli_smb2_query_mxac_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_smb2_query_mxac_recv(struct tevent_req *req,
+ uint32_t *mxac);
+NTSTATUS cli_smb2_query_mxac(struct cli_state *cli,
+ const char *fname,
+ uint32_t *mxac);
+struct tevent_req *cli_smb2_rename_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace);
+NTSTATUS cli_smb2_rename_recv(struct tevent_req *req);
+NTSTATUS cli_smb2_set_ea_fnum(struct cli_state *cli,
+ uint16_t fnum,
+ const char *ea_name,
+ const char *ea_val,
+ size_t ea_len);
+NTSTATUS cli_smb2_get_ea_list_path(struct cli_state *cli,
+ const char *name,
+ TALLOC_CTX *ctx,
+ size_t *pnum_eas,
+ struct ea_struct **pea_list);
+NTSTATUS cli_smb2_set_ea_path(struct cli_state *cli,
+ const char *name,
+ const char *ea_name,
+ const char *ea_val,
+ size_t ea_len);
+NTSTATUS cli_smb2_get_user_quota(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt);
+NTSTATUS cli_smb2_list_user_quota_step(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int quota_fnum,
+ SMB_NTQUOTA_LIST **pqt_list,
+ bool first);
+NTSTATUS cli_smb2_get_fs_quota_info(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt);
+NTSTATUS cli_smb2_set_user_quota(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_LIST *qtl);
+NTSTATUS cli_smb2_set_fs_quota_info(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt);
+struct tevent_req *cli_smb2_read_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ off_t offset,
+ size_t size);
+NTSTATUS cli_smb2_read_recv(struct tevent_req *req,
+ ssize_t *received,
+ uint8_t **rcvbuf);
+struct tevent_req *cli_smb2_write_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t mode,
+ const uint8_t *buf,
+ off_t offset,
+ size_t size);
+NTSTATUS cli_smb2_write_recv(struct tevent_req *req,
+ size_t *pwritten);
+struct tevent_req *cli_smb2_writeall_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t mode,
+ const uint8_t *buf,
+ off_t offset,
+ size_t size);
+NTSTATUS cli_smb2_writeall_recv(struct tevent_req *req,
+ size_t *pwritten);
+struct tevent_req *cli_smb2_splice_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t src_fnum, uint16_t dst_fnum,
+ off_t size, off_t src_offset, off_t dst_offset,
+ int (*splice_cb)(off_t n, void *priv), void *priv);
+NTSTATUS cli_smb2_splice_recv(struct tevent_req *req, off_t *written);
+NTSTATUS cli_smb2_shadow_copy_data(TALLOC_CTX *mem_ctx,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool get_names,
+ char ***pnames,
+ int *pnum_names);
+NTSTATUS cli_smb2_ftruncate(struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t newsize);
+struct tevent_req *cli_smb2_notify_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t buffer_size,
+ uint32_t completion_filter,
+ bool recursive);
+NTSTATUS cli_smb2_notify_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct notify_change **pchanges,
+ uint32_t *pnum_changes);
+NTSTATUS cli_smb2_notify(struct cli_state *cli, uint16_t fnum,
+ uint32_t buffer_size, uint32_t completion_filter,
+ bool recursive, TALLOC_CTX *mem_ctx,
+ struct notify_change **pchanges,
+ uint32_t *pnum_changes);
+
+struct tevent_req *cli_smb2_fsctl_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t ctl_code,
+ const DATA_BLOB *in,
+ uint32_t max_out);
+NTSTATUS cli_smb2_fsctl_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *out);
+
+#endif /* __SMB2CLI_FNUM_H__ */
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
new file mode 100644
index 0000000..61e3504
--- /dev/null
+++ b/source3/libsmb/cliconnect.c
@@ -0,0 +1,4026 @@
+/*
+ Unix SMB/CIFS implementation.
+ client connect/disconnect routines
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Andrew Bartlett 2001-2003
+ Copyright (C) Volker Lendecke 2011
+ Copyright (C) Jeremy Allison 2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmb/namequery.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "../libcli/auth/spnego.h"
+#include "smb_krb5.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "auth/ntlmssp/ntlmssp.h"
+#include "auth_generic.h"
+#include "libads/kerberos_proto.h"
+#include "krb5_env.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "libsmb/nmblib.h"
+#include "librpc/ndr/libndr.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "../libcli/smb/smb_seal.h"
+#include "lib/param/param.h"
+#include "../libcli/smb/smb2_negotiate_context.h"
+
+#define STAR_SMBSERVER "*SMBSERVER"
+
+static char *cli_session_setup_get_account(TALLOC_CTX *mem_ctx,
+ const char *principal);
+
+struct cli_credentials *cli_session_creds_init(TALLOC_CTX *mem_ctx,
+ const char *username,
+ const char *domain,
+ const char *realm,
+ const char *password,
+ bool use_kerberos,
+ bool fallback_after_kerberos,
+ bool use_ccache,
+ bool password_is_nt_hash)
+{
+ struct loadparm_context *lp_ctx = NULL;
+ struct cli_credentials *creds = NULL;
+ const char *principal = NULL;
+ char *tmp = NULL;
+ char *p = NULL;
+ bool ok;
+
+ creds = cli_credentials_init(mem_ctx);
+ if (creds == NULL) {
+ return NULL;
+ }
+
+ lp_ctx = loadparm_init_s3(creds, loadparm_s3_helpers());
+ if (lp_ctx == NULL) {
+ goto fail;
+ }
+ ok = cli_credentials_set_conf(creds, lp_ctx);
+ if (!ok) {
+ goto fail;
+ }
+
+ if (username == NULL) {
+ username = "";
+ }
+
+ if (strlen(username) == 0) {
+ if (password != NULL && strlen(password) == 0) {
+ /*
+ * some callers pass "" as no password
+ *
+ * gensec only handles NULL as no password.
+ */
+ password = NULL;
+ }
+ if (password == NULL) {
+ cli_credentials_set_anonymous(creds);
+ return creds;
+ }
+ }
+
+ tmp = talloc_strdup(creds, username);
+ if (tmp == NULL) {
+ goto fail;
+ }
+ username = tmp;
+
+ /* allow for workgroups as part of the username */
+ if ((p = strchr_m(tmp, '\\')) ||
+ (p = strchr_m(tmp, '/')) ||
+ (p = strchr_m(tmp, *lp_winbind_separator()))) {
+ *p = 0;
+ username = p + 1;
+ domain = tmp;
+ }
+
+ principal = username;
+ username = cli_session_setup_get_account(creds, principal);
+ if (username == NULL) {
+ goto fail;
+ }
+ ok = strequal(username, principal);
+ if (ok) {
+ /*
+ * Ok still the same, so it's not a principal
+ */
+ principal = NULL;
+ }
+
+ if (use_kerberos && fallback_after_kerberos) {
+ cli_credentials_set_kerberos_state(creds,
+ CRED_USE_KERBEROS_DESIRED,
+ CRED_SPECIFIED);
+ } else if (use_kerberos) {
+ cli_credentials_set_kerberos_state(creds,
+ CRED_USE_KERBEROS_REQUIRED,
+ CRED_SPECIFIED);
+ } else {
+ cli_credentials_set_kerberos_state(creds,
+ CRED_USE_KERBEROS_DISABLED,
+ CRED_SPECIFIED);
+ }
+
+ if (use_ccache) {
+ uint32_t features;
+
+ features = cli_credentials_get_gensec_features(creds);
+ features |= GENSEC_FEATURE_NTLM_CCACHE;
+ cli_credentials_set_gensec_features(creds,
+ features,
+ CRED_SPECIFIED);
+
+ if (password != NULL && strlen(password) == 0) {
+ /*
+ * some callers pass "" as no password
+ *
+ * GENSEC_FEATURE_NTLM_CCACHE only handles
+ * NULL as no password.
+ */
+ password = NULL;
+ }
+ }
+
+ ok = cli_credentials_set_username(creds,
+ username,
+ CRED_SPECIFIED);
+ if (!ok) {
+ goto fail;
+ }
+
+ if (domain != NULL) {
+ ok = cli_credentials_set_domain(creds,
+ domain,
+ CRED_SPECIFIED);
+ if (!ok) {
+ goto fail;
+ }
+ }
+
+ if (principal != NULL) {
+ ok = cli_credentials_set_principal(creds,
+ principal,
+ CRED_SPECIFIED);
+ if (!ok) {
+ goto fail;
+ }
+ }
+
+ if (realm != NULL) {
+ ok = cli_credentials_set_realm(creds,
+ realm,
+ CRED_SPECIFIED);
+ if (!ok) {
+ goto fail;
+ }
+ }
+
+ if (password != NULL && strlen(password) > 0) {
+ if (password_is_nt_hash) {
+ struct samr_Password nt_hash;
+ size_t converted;
+
+ converted = strhex_to_str((char *)nt_hash.hash,
+ sizeof(nt_hash.hash),
+ password,
+ strlen(password));
+ if (converted != sizeof(nt_hash.hash)) {
+ goto fail;
+ }
+
+ ok = cli_credentials_set_nt_hash(creds,
+ &nt_hash,
+ CRED_SPECIFIED);
+ if (!ok) {
+ goto fail;
+ }
+ } else {
+ ok = cli_credentials_set_password(creds,
+ password,
+ CRED_SPECIFIED);
+ if (!ok) {
+ goto fail;
+ }
+ }
+ }
+
+ return creds;
+fail:
+ TALLOC_FREE(creds);
+ return NULL;
+}
+
+NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
+ struct cli_credentials *creds)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ const char *user_principal = NULL;
+ const char *user_account = NULL;
+ const char *user_domain = NULL;
+ const char *pass = NULL;
+ char *canon_principal = NULL;
+ char *canon_realm = NULL;
+ const char *target_hostname = NULL;
+ enum credentials_use_kerberos krb5_state;
+ bool try_kerberos = false;
+ bool need_kinit = false;
+ bool auth_requested = true;
+ int ret;
+ bool ok;
+
+ target_hostname = smbXcli_conn_remote_name(cli->conn);
+
+ auth_requested = cli_credentials_authentication_requested(creds);
+ if (auth_requested) {
+ errno = 0;
+ user_principal = cli_credentials_get_principal(creds, frame);
+ if (errno != 0) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ user_account = cli_credentials_get_username(creds);
+ user_domain = cli_credentials_get_domain(creds);
+ pass = cli_credentials_get_password(creds);
+
+ krb5_state = cli_credentials_get_kerberos_state(creds);
+
+ if (krb5_state != CRED_USE_KERBEROS_DISABLED) {
+ try_kerberos = true;
+ }
+
+ if (user_principal == NULL) {
+ try_kerberos = false;
+ }
+
+ if (target_hostname == NULL) {
+ try_kerberos = false;
+ } else if (is_ipaddress(target_hostname)) {
+ try_kerberos = false;
+ } else if (strequal(target_hostname, "localhost")) {
+ try_kerberos = false;
+ } else if (strequal(target_hostname, STAR_SMBSERVER)) {
+ try_kerberos = false;
+ } else if (!auth_requested) {
+ try_kerberos = false;
+ }
+
+ if (krb5_state == CRED_USE_KERBEROS_REQUIRED && !try_kerberos) {
+ DEBUG(0, ("Kerberos auth with '%s' (%s\\%s) to access "
+ "'%s' not possible\n",
+ user_principal, user_domain, user_account,
+ target_hostname));
+ TALLOC_FREE(frame);
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (pass == NULL || strlen(pass) == 0) {
+ need_kinit = false;
+ } else if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+ need_kinit = try_kerberos;
+ } else {
+ need_kinit = try_kerberos;
+ }
+
+ if (!need_kinit) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ DBG_INFO("Doing kinit for %s to access %s\n",
+ user_principal, target_hostname);
+
+ /*
+ * TODO: This should be done within the gensec layer
+ * only if required!
+ */
+ setenv(KRB5_ENV_CCNAME, "MEMORY:cliconnect", 1);
+ ret = kerberos_kinit_password_ext(user_principal,
+ pass,
+ 0,
+ 0,
+ 0,
+ NULL,
+ false,
+ false,
+ 0,
+ frame,
+ &canon_principal,
+ &canon_realm,
+ NULL);
+ if (ret != 0) {
+ int dbglvl = DBGLVL_NOTICE;
+
+ if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+ dbglvl = DBGLVL_ERR;
+ }
+
+ DEBUG(dbglvl, ("Kinit for %s to access %s failed: %s\n",
+ user_principal, target_hostname,
+ error_message(ret)));
+ if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+ TALLOC_FREE(frame);
+ return krb5_to_nt_status(ret);
+ }
+
+ /*
+ * Ignore the error and hope that NTLM will work
+ */
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ ok = cli_credentials_set_principal(creds,
+ canon_principal,
+ CRED_SPECIFIED);
+ if (!ok) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ok = cli_credentials_set_realm(creds,
+ canon_realm,
+ CRED_SPECIFIED);
+ if (!ok) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ DBG_DEBUG("Successfully authenticated as %s (%s) to access %s using "
+ "Kerberos\n",
+ user_principal,
+ canon_principal,
+ target_hostname);
+
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS cli_state_update_after_sesssetup(struct cli_state *cli,
+ const char *native_os,
+ const char *native_lm,
+ const char *primary_domain)
+{
+#define _VALID_STR(p) ((p) != NULL && (p)[0] != '\0')
+
+ if (!_VALID_STR(cli->server_os) && _VALID_STR(native_os)) {
+ cli->server_os = talloc_strdup(cli, native_os);
+ if (cli->server_os == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ if (!_VALID_STR(cli->server_type) && _VALID_STR(native_lm)) {
+ cli->server_type = talloc_strdup(cli, native_lm);
+ if (cli->server_type == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ if (!_VALID_STR(cli->server_domain) && _VALID_STR(primary_domain)) {
+ cli->server_domain = talloc_strdup(cli, primary_domain);
+ if (cli->server_domain == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+#undef _VALID_STRING
+ return NT_STATUS_OK;
+}
+
+/********************************************************
+ Utility function to ensure we always return at least
+ a valid char * pointer to an empty string for the
+ cli->server_os, cli->server_type and cli->server_domain
+ strings.
+*******************************************************/
+
+static NTSTATUS smb_bytes_talloc_string(TALLOC_CTX *mem_ctx,
+ const uint8_t *hdr,
+ char **dest,
+ uint8_t *src,
+ size_t srclen,
+ ssize_t *destlen)
+{
+ *destlen = pull_string_talloc(mem_ctx,
+ (const char *)hdr,
+ SVAL(hdr, HDR_FLG2),
+ dest,
+ (char *)src,
+ srclen,
+ STR_TERMINATE);
+ if (*destlen == -1) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (*dest == NULL) {
+ *dest = talloc_strdup(mem_ctx, "");
+ if (*dest == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Work out suitable capabilities to offer the server.
+****************************************************************************/
+
+static uint32_t cli_session_setup_capabilities(struct cli_state *cli,
+ uint32_t sesssetup_capabilities)
+{
+ uint32_t client_capabilities = smb1cli_conn_capabilities(cli->conn);
+
+ /*
+ * We only send capabilities based on the mask for:
+ * - client only flags
+ * - flags used in both directions
+ *
+ * We do not echo the server only flags, except some legacy flags.
+ *
+ * SMB_CAP_LEGACY_CLIENT_MASK contains CAP_LARGE_READX and
+ * CAP_LARGE_WRITEX in order to allow us to do large reads
+ * against old Samba releases (<= 3.6.x).
+ */
+ client_capabilities &= (SMB_CAP_BOTH_MASK | SMB_CAP_LEGACY_CLIENT_MASK);
+
+ /*
+ * Session Setup specific flags CAP_DYNAMIC_REAUTH
+ * and CAP_EXTENDED_SECURITY are passed by the caller.
+ * We need that in order to do guest logins even if
+ * CAP_EXTENDED_SECURITY is negotiated.
+ */
+ client_capabilities &= ~(CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
+ sesssetup_capabilities &= (CAP_DYNAMIC_REAUTH|CAP_EXTENDED_SECURITY);
+ client_capabilities |= sesssetup_capabilities;
+
+ return client_capabilities;
+}
+
+/****************************************************************************
+ Do a NT1 guest session setup.
+****************************************************************************/
+
+struct cli_session_setup_guest_state {
+ struct cli_state *cli;
+ uint16_t vwv[13];
+ struct iovec bytes;
+};
+
+static void cli_session_setup_guest_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ struct tevent_req **psmbreq)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_session_setup_guest_state *state;
+ uint16_t *vwv;
+ uint8_t *bytes;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_session_setup_guest_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ vwv = state->vwv;
+
+ SCVAL(vwv+0, 0, 0xFF);
+ SCVAL(vwv+0, 1, 0);
+ SSVAL(vwv+1, 0, 0);
+ SSVAL(vwv+2, 0, CLI_BUFFER_SIZE);
+ SSVAL(vwv+3, 0, 2);
+ SSVAL(vwv+4, 0, cli_state_get_vc_num(cli));
+ SIVAL(vwv+5, 0, smb1cli_conn_server_session_key(cli->conn));
+ SSVAL(vwv+7, 0, 0);
+ SSVAL(vwv+8, 0, 0);
+ SSVAL(vwv+9, 0, 0);
+ SSVAL(vwv+10, 0, 0);
+ SIVAL(vwv+11, 0, cli_session_setup_capabilities(cli, 0));
+
+ bytes = talloc_array(state, uint8_t, 0);
+
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, /* username */
+ NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, /* workgroup */
+ NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Unix", 5, NULL);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "Samba", 6, NULL);
+
+ if (bytes == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+
+ state->bytes.iov_base = (void *)bytes;
+ state->bytes.iov_len = talloc_get_size(bytes);
+
+ subreq = cli_smb_req_create(state, ev, cli, SMBsesssetupX, 0, 0, 13,
+ vwv, 1, &state->bytes);
+ if (subreq == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ tevent_req_set_callback(subreq, cli_session_setup_guest_done, req);
+ *psmbreq = subreq;
+ return req;
+}
+
+struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *req, *subreq;
+ NTSTATUS status;
+
+ req = cli_session_setup_guest_create(mem_ctx, ev, cli, &subreq);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = smb1cli_req_chain_submit(&subreq, 1);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void cli_session_setup_guest_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_session_setup_guest_state *state = tevent_req_data(
+ req, struct cli_session_setup_guest_state);
+ struct cli_state *cli = state->cli;
+ uint32_t num_bytes;
+ uint8_t *in;
+ uint8_t *inhdr;
+ uint8_t *bytes;
+ uint8_t *p;
+ NTSTATUS status;
+ ssize_t ret;
+ uint8_t wct;
+ uint16_t *vwv;
+
+ status = cli_smb_recv(subreq, state, &in, 3, &wct, &vwv,
+ &num_bytes, &bytes);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ inhdr = in + NBT_HDR_SIZE;
+ p = bytes;
+
+ cli_state_set_uid(state->cli, SVAL(inhdr, HDR_UID));
+ smb1cli_session_set_action(cli->smb1.session, SVAL(vwv+2, 0));
+
+ status = smb_bytes_talloc_string(cli,
+ inhdr,
+ &cli->server_os,
+ p,
+ bytes+num_bytes-p,
+ &ret);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ p += ret;
+
+ status = smb_bytes_talloc_string(cli,
+ inhdr,
+ &cli->server_type,
+ p,
+ bytes+num_bytes-p,
+ &ret);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ p += ret;
+
+ status = smb_bytes_talloc_string(cli,
+ inhdr,
+ &cli->server_domain,
+ p,
+ bytes+num_bytes-p,
+ &ret);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/* The following is calculated from :
+ * (smb_size-4) = 35
+ * (smb_wcnt * 2) = 24 (smb_wcnt == 12 in cli_session_setup_blob_send() )
+ * (strlen("Unix") + 1 + strlen("Samba") + 1) * 2 = 22 (unicode strings at
+ * end of packet.
+ */
+
+#define BASE_SESSSETUP_BLOB_PACKET_SIZE (35 + 24 + 22)
+
+struct cli_sesssetup_blob_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ DATA_BLOB blob;
+ uint16_t max_blob_size;
+
+ DATA_BLOB this_blob;
+ struct iovec *recv_iov;
+
+ NTSTATUS status;
+ const uint8_t *inbuf;
+ DATA_BLOB ret_blob;
+
+ char *out_native_os;
+ char *out_native_lm;
+};
+
+static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
+ struct tevent_req **psubreq);
+static void cli_sesssetup_blob_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_sesssetup_blob_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ DATA_BLOB blob)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_sesssetup_blob_state *state;
+ uint32_t usable_space;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_sesssetup_blob_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->blob = blob;
+ state->cli = cli;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ usable_space = UINT16_MAX;
+ } else {
+ usable_space = cli_state_available_size(cli,
+ BASE_SESSSETUP_BLOB_PACKET_SIZE);
+ }
+
+ if (usable_space == 0) {
+ DEBUG(1, ("cli_session_setup_blob: cli->max_xmit too small "
+ "(not possible to send %u bytes)\n",
+ BASE_SESSSETUP_BLOB_PACKET_SIZE + 1));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+ state->max_blob_size = MIN(usable_space, 0xFFFF);
+
+ if (!cli_sesssetup_blob_next(state, &subreq)) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
+ return req;
+}
+
+static bool cli_sesssetup_blob_next(struct cli_sesssetup_blob_state *state,
+ struct tevent_req **psubreq)
+{
+ struct tevent_req *subreq;
+ uint16_t thistime;
+
+ thistime = MIN(state->blob.length, state->max_blob_size);
+
+ state->this_blob.data = state->blob.data;
+ state->this_blob.length = thistime;
+
+ state->blob.data += thistime;
+ state->blob.length -= thistime;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = smb2cli_session_setup_send(state, state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb2.session,
+ 0, /* in_flags */
+ SMB2_CAP_DFS, /* in_capabilities */
+ 0, /* in_channel */
+ 0, /* in_previous_session_id */
+ &state->this_blob);
+ if (subreq == NULL) {
+ return false;
+ }
+ } else {
+ uint16_t in_buf_size = 0;
+ uint16_t in_mpx_max = 0;
+ uint16_t in_vc_num = 0;
+ uint32_t in_sess_key = 0;
+ uint32_t in_capabilities = 0;
+ const char *in_native_os = NULL;
+ const char *in_native_lm = NULL;
+
+ in_buf_size = CLI_BUFFER_SIZE;
+ in_mpx_max = smbXcli_conn_max_requests(state->cli->conn);
+ in_vc_num = cli_state_get_vc_num(state->cli);
+ in_sess_key = smb1cli_conn_server_session_key(state->cli->conn);
+ in_capabilities = cli_session_setup_capabilities(state->cli,
+ CAP_EXTENDED_SECURITY);
+ in_native_os = "Unix";
+ in_native_lm = "Samba";
+
+ /*
+ * For now we keep the same values as before,
+ * we may remove these in a separate commit later.
+ */
+ in_mpx_max = 2;
+ in_vc_num = 1;
+ in_sess_key = 0;
+
+ subreq = smb1cli_session_setup_ext_send(state, state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->cli->smb1.pid,
+ state->cli->smb1.session,
+ in_buf_size,
+ in_mpx_max,
+ in_vc_num,
+ in_sess_key,
+ state->this_blob,
+ in_capabilities,
+ in_native_os,
+ in_native_lm);
+ if (subreq == NULL) {
+ return false;
+ }
+ }
+ *psubreq = subreq;
+ return true;
+}
+
+static void cli_sesssetup_blob_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_sesssetup_blob_state *state = tevent_req_data(
+ req, struct cli_sesssetup_blob_state);
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = smb2cli_session_setup_recv(subreq, state,
+ &state->recv_iov,
+ &state->ret_blob);
+ } else {
+ status = smb1cli_session_setup_ext_recv(subreq, state,
+ &state->recv_iov,
+ &state->inbuf,
+ &state->ret_blob,
+ &state->out_native_os,
+ &state->out_native_lm);
+ }
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)
+ && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ state->status = status;
+
+ status = cli_state_update_after_sesssetup(state->cli,
+ state->out_native_os,
+ state->out_native_lm,
+ NULL);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (state->blob.length != 0) {
+ /*
+ * More to send
+ */
+ if (!cli_sesssetup_blob_next(state, &subreq)) {
+ tevent_req_oom(req);
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_sesssetup_blob_done, req);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_sesssetup_blob_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pblob,
+ const uint8_t **pinbuf,
+ struct iovec **precv_iov)
+{
+ struct cli_sesssetup_blob_state *state = tevent_req_data(
+ req, struct cli_sesssetup_blob_state);
+ NTSTATUS status;
+ struct iovec *recv_iov;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ TALLOC_FREE(state->cli->smb2.session);
+ cli_state_set_uid(state->cli, UID_FIELD_INVALID);
+ tevent_req_received(req);
+ return status;
+ }
+
+ recv_iov = talloc_move(mem_ctx, &state->recv_iov);
+ if (pblob != NULL) {
+ *pblob = state->ret_blob;
+ }
+ if (pinbuf != NULL) {
+ *pinbuf = state->inbuf;
+ }
+ if (precv_iov != NULL) {
+ *precv_iov = recv_iov;
+ }
+ /* could be NT_STATUS_MORE_PROCESSING_REQUIRED */
+ status = state->status;
+ tevent_req_received(req);
+ return status;
+}
+
+/****************************************************************************
+ Do a spnego/NTLMSSP encrypted session setup.
+****************************************************************************/
+
+struct cli_session_setup_gensec_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ struct auth_generic_state *auth_generic;
+ bool is_anonymous;
+ DATA_BLOB blob_in;
+ const uint8_t *inbuf;
+ struct iovec *recv_iov;
+ DATA_BLOB blob_out;
+ bool local_ready;
+ bool remote_ready;
+ DATA_BLOB session_key;
+};
+
+static int cli_session_setup_gensec_state_destructor(
+ struct cli_session_setup_gensec_state *state)
+{
+ TALLOC_FREE(state->auth_generic);
+ data_blob_clear_free(&state->session_key);
+ return 0;
+}
+
+static void cli_session_setup_gensec_local_next(struct tevent_req *req);
+static void cli_session_setup_gensec_local_done(struct tevent_req *subreq);
+static void cli_session_setup_gensec_remote_next(struct tevent_req *req);
+static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq);
+static void cli_session_setup_gensec_ready(struct tevent_req *req);
+
+static struct tevent_req *cli_session_setup_gensec_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ struct cli_credentials *creds,
+ const char *target_service,
+ const char *target_hostname)
+{
+ struct tevent_req *req;
+ struct cli_session_setup_gensec_state *state;
+ NTSTATUS status;
+ const DATA_BLOB *b = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_session_setup_gensec_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ talloc_set_destructor(
+ state, cli_session_setup_gensec_state_destructor);
+
+ status = auth_generic_client_prepare(state, &state->auth_generic);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = auth_generic_set_creds(state->auth_generic, creds);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ gensec_want_feature(state->auth_generic->gensec_security,
+ GENSEC_FEATURE_SESSION_KEY);
+
+ if (target_service != NULL) {
+ status = gensec_set_target_service(
+ state->auth_generic->gensec_security,
+ target_service);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ if (target_hostname != NULL) {
+ status = gensec_set_target_hostname(
+ state->auth_generic->gensec_security,
+ target_hostname);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ b = smbXcli_conn_server_gss_blob(cli->conn);
+ if (b != NULL) {
+ state->blob_in = *b;
+ }
+
+ state->is_anonymous = cli_credentials_is_anonymous(state->auth_generic->credentials);
+
+ status = auth_generic_client_start(state->auth_generic,
+ GENSEC_OID_SPNEGO);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ state->cli->smb2.session = smbXcli_session_create(cli,
+ cli->conn);
+ if (tevent_req_nomem(state->cli->smb2.session, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ cli_session_setup_gensec_local_next(req);
+ if (!tevent_req_is_in_progress(req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ return req;
+}
+
+static void cli_session_setup_gensec_local_next(struct tevent_req *req)
+{
+ struct cli_session_setup_gensec_state *state =
+ tevent_req_data(req,
+ struct cli_session_setup_gensec_state);
+ struct tevent_req *subreq = NULL;
+
+ if (state->local_ready) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ subreq = gensec_update_send(state, state->ev,
+ state->auth_generic->gensec_security,
+ state->blob_in);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_session_setup_gensec_local_done, req);
+}
+
+static void cli_session_setup_gensec_local_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_session_setup_gensec_state *state =
+ tevent_req_data(req,
+ struct cli_session_setup_gensec_state);
+ NTSTATUS status;
+
+ status = gensec_update_recv(subreq, state, &state->blob_out);
+ TALLOC_FREE(subreq);
+ state->blob_in = data_blob_null;
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ state->local_ready = true;
+ }
+
+ if (state->local_ready && state->remote_ready) {
+ cli_session_setup_gensec_ready(req);
+ return;
+ }
+
+ cli_session_setup_gensec_remote_next(req);
+}
+
+static void cli_session_setup_gensec_remote_next(struct tevent_req *req)
+{
+ struct cli_session_setup_gensec_state *state =
+ tevent_req_data(req,
+ struct cli_session_setup_gensec_state);
+ struct tevent_req *subreq = NULL;
+
+ if (state->remote_ready) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ subreq = cli_sesssetup_blob_send(state, state->ev,
+ state->cli, state->blob_out);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_session_setup_gensec_remote_done,
+ req);
+}
+
+static void cli_session_setup_gensec_remote_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_session_setup_gensec_state *state =
+ tevent_req_data(req,
+ struct cli_session_setup_gensec_state);
+ NTSTATUS status;
+
+ state->inbuf = NULL;
+ TALLOC_FREE(state->recv_iov);
+
+ status = cli_sesssetup_blob_recv(subreq, state, &state->blob_in,
+ &state->inbuf, &state->recv_iov);
+ TALLOC_FREE(subreq);
+ data_blob_free(&state->blob_out);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ struct smbXcli_session *session = NULL;
+ bool is_guest = false;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ session = state->cli->smb2.session;
+ } else {
+ session = state->cli->smb1.session;
+ }
+
+ is_guest = smbXcli_session_is_guest(session);
+ if (is_guest) {
+ /*
+ * We can't finish the gensec handshake, we don't
+ * have a negotiated session key.
+ *
+ * So just pretend we are completely done,
+ * we need to continue as anonymous from this point,
+ * as we can't get a session key.
+ *
+ * Note that smbXcli_session_is_guest()
+ * always returns false if we require signing.
+ */
+ state->blob_in = data_blob_null;
+ state->local_ready = true;
+ state->is_anonymous = true;
+ }
+
+ state->remote_ready = true;
+ }
+
+ if (state->local_ready && state->remote_ready) {
+ cli_session_setup_gensec_ready(req);
+ return;
+ }
+
+ cli_session_setup_gensec_local_next(req);
+}
+
+static void cli_session_dump_keys(TALLOC_CTX *mem_ctx,
+ struct smbXcli_session *session,
+ DATA_BLOB session_key)
+{
+ NTSTATUS status;
+ DATA_BLOB sig = data_blob_null;
+ DATA_BLOB app = data_blob_null;
+ DATA_BLOB enc = data_blob_null;
+ DATA_BLOB dec = data_blob_null;
+ uint64_t sid = smb2cli_session_current_id(session);
+
+ status = smb2cli_session_signing_key(session, mem_ctx, &sig);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ status = smbXcli_session_application_key(session, mem_ctx, &app);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ status = smb2cli_session_encryption_key(session, mem_ctx, &enc);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ status = smb2cli_session_decryption_key(session, mem_ctx, &dec);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ DEBUG(0, ("debug encryption: dumping generated session keys\n"));
+ DEBUGADD(0, ("Session Id "));
+ dump_data(0, (uint8_t*)&sid, sizeof(sid));
+ DEBUGADD(0, ("Session Key "));
+ dump_data(0, session_key.data, session_key.length);
+ DEBUGADD(0, ("Signing Key "));
+ dump_data(0, sig.data, sig.length);
+ DEBUGADD(0, ("App Key "));
+ dump_data(0, app.data, app.length);
+
+ /* In client code, ServerIn is the encryption key */
+
+ DEBUGADD(0, ("ServerIn Key "));
+ dump_data(0, enc.data, enc.length);
+ DEBUGADD(0, ("ServerOut Key "));
+ dump_data(0, dec.data, dec.length);
+
+out:
+ data_blob_clear_free(&sig);
+ data_blob_clear_free(&app);
+ data_blob_clear_free(&enc);
+ data_blob_clear_free(&dec);
+}
+
+static void cli_session_setup_gensec_ready(struct tevent_req *req)
+{
+ struct cli_session_setup_gensec_state *state =
+ tevent_req_data(req,
+ struct cli_session_setup_gensec_state);
+ const char *server_domain = NULL;
+ NTSTATUS status;
+
+ if (state->blob_in.length != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (state->blob_out.length != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ /*
+ * gensec_ntlmssp_server_domain() returns NULL
+ * if NTLMSSP is not used.
+ *
+ * We can remove this later
+ * and leave the server domain empty for SMB2 and above
+ * in future releases.
+ */
+ server_domain = gensec_ntlmssp_server_domain(
+ state->auth_generic->gensec_security);
+
+ if (state->cli->server_domain[0] == '\0' && server_domain != NULL) {
+ TALLOC_FREE(state->cli->server_domain);
+ state->cli->server_domain = talloc_strdup(state->cli,
+ server_domain);
+ if (state->cli->server_domain == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ }
+
+ if (state->is_anonymous) {
+ /*
+ * Windows server does not set the
+ * SMB2_SESSION_FLAG_IS_NULL flag.
+ *
+ * This fix makes sure we do not try
+ * to verify a signature on the final
+ * session setup response.
+ */
+ tevent_req_done(req);
+ return;
+ }
+
+ status = gensec_session_key(state->auth_generic->gensec_security,
+ state, &state->session_key);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ struct smbXcli_session *session = state->cli->smb2.session;
+
+ status = smb2cli_session_set_session_key(session,
+ state->session_key,
+ state->recv_iov);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB3_00
+ && lp_debug_encryption())
+ {
+ cli_session_dump_keys(state, session, state->session_key);
+ }
+ } else {
+ struct smbXcli_session *session = state->cli->smb1.session;
+ bool active;
+
+ status = smb1cli_session_set_session_key(session,
+ state->session_key);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ active = smb1cli_conn_activate_signing(state->cli->conn,
+ state->session_key,
+ data_blob_null);
+ if (active) {
+ bool ok;
+
+ ok = smb1cli_conn_check_signing(state->cli->conn,
+ state->inbuf, 1);
+ if (!ok) {
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+ }
+ }
+
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_session_setup_gensec_recv(struct tevent_req *req)
+{
+ struct cli_session_setup_gensec_state *state =
+ tevent_req_data(req,
+ struct cli_session_setup_gensec_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ cli_state_set_uid(state->cli, UID_FIELD_INVALID);
+ return status;
+ }
+ return NT_STATUS_OK;
+}
+
+static char *cli_session_setup_get_account(TALLOC_CTX *mem_ctx,
+ const char *principal)
+{
+ char *account, *p;
+
+ account = talloc_strdup(mem_ctx, principal);
+ if (account == NULL) {
+ return NULL;
+ }
+ p = strchr_m(account, '@');
+ if (p != NULL) {
+ *p = '\0';
+ }
+ return account;
+}
+
+/****************************************************************************
+ Do a spnego encrypted session setup.
+
+ user_domain: The shortname of the domain the user/machine is a member of.
+ dest_realm: The realm we're connecting to, if NULL we use our default realm.
+****************************************************************************/
+
+struct cli_session_setup_spnego_state {
+ ADS_STATUS result;
+};
+
+static void cli_session_setup_spnego_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_session_setup_spnego_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ struct cli_credentials *creds)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_session_setup_spnego_state *state;
+ const char *target_service = NULL;
+ const char *target_hostname = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_session_setup_spnego_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ target_service = "cifs";
+ target_hostname = smbXcli_conn_remote_name(cli->conn);
+
+ status = cli_session_creds_prepare_krb5(cli, creds);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ DBG_INFO("Connect to %s as %s using SPNEGO\n",
+ target_hostname,
+ cli_credentials_get_principal(creds, talloc_tos()));
+
+ subreq = cli_session_setup_gensec_send(state, ev, cli, creds,
+ target_service, target_hostname);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_session_setup_spnego_done, req);
+ return req;
+}
+
+static void cli_session_setup_spnego_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_session_setup_gensec_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+static ADS_STATUS cli_session_setup_spnego_recv(struct tevent_req *req)
+{
+ struct cli_session_setup_spnego_state *state = tevent_req_data(
+ req, struct cli_session_setup_spnego_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ state->result = ADS_ERROR_NT(status);
+ }
+
+ return state->result;
+}
+
+struct cli_session_setup_creds_state {
+ struct cli_state *cli;
+ DATA_BLOB apassword_blob;
+ DATA_BLOB upassword_blob;
+ DATA_BLOB lm_session_key;
+ DATA_BLOB session_key;
+ char *out_native_os;
+ char *out_native_lm;
+ char *out_primary_domain;
+};
+
+static void cli_session_setup_creds_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state)
+{
+ struct cli_session_setup_creds_state *state = tevent_req_data(
+ req, struct cli_session_setup_creds_state);
+
+ if (req_state != TEVENT_REQ_RECEIVED) {
+ return;
+ }
+
+ /*
+ * We only call data_blob_clear() as
+ * some of the blobs point to the same memory.
+ *
+ * We let the talloc hierarchy free the memory.
+ */
+ data_blob_clear(&state->apassword_blob);
+ data_blob_clear(&state->upassword_blob);
+ data_blob_clear(&state->lm_session_key);
+ data_blob_clear(&state->session_key);
+ ZERO_STRUCTP(state);
+}
+
+static void cli_session_setup_creds_done_spnego(struct tevent_req *subreq);
+static void cli_session_setup_creds_done_nt1(struct tevent_req *subreq);
+static void cli_session_setup_creds_done_lm21(struct tevent_req *subreq);
+
+/****************************************************************************
+ Send a session setup. The username and workgroup is in UNIX character
+ format and must be converted to DOS codepage format before sending. If the
+ password is in plaintext, the same should be done.
+****************************************************************************/
+
+struct tevent_req *cli_session_setup_creds_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ struct cli_credentials *creds)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_session_setup_creds_state *state;
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
+ bool use_spnego = false;
+ int flags = 0;
+ const char *username = "";
+ const char *domain = "";
+ DATA_BLOB target_info = data_blob_null;
+ DATA_BLOB challenge = data_blob_null;
+ uint16_t in_buf_size = 0;
+ uint16_t in_mpx_max = 0;
+ uint16_t in_vc_num = 0;
+ uint32_t in_sess_key = 0;
+ const char *in_native_os = NULL;
+ const char *in_native_lm = NULL;
+ enum credentials_use_kerberos krb5_state =
+ cli_credentials_get_kerberos_state(creds);
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_session_setup_creds_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ tevent_req_set_cleanup_fn(req, cli_session_setup_creds_cleanup);
+
+ /*
+ * Now work out what sort of session setup we are going to
+ * do. I have split this into separate functions to make the flow a bit
+ * easier to understand (tridge).
+ */
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_NT1) {
+ use_spnego = false;
+ } else if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ use_spnego = true;
+ } else if (smb1cli_conn_capabilities(cli->conn) & CAP_EXTENDED_SECURITY) {
+ /*
+ * if the server supports extended security then use SPNEGO
+ * even for anonymous connections.
+ */
+ use_spnego = true;
+ } else {
+ use_spnego = false;
+ }
+
+ if (use_spnego) {
+ subreq = cli_session_setup_spnego_send(
+ state, ev, cli, creds);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_session_setup_creds_done_spnego,
+ req);
+ return req;
+ }
+
+ if (krb5_state == CRED_USE_KERBEROS_REQUIRED) {
+ DBG_WARNING("Kerberos authentication requested, but "
+ "the server does not support SPNEGO authentication\n");
+ tevent_req_nterror(req, NT_STATUS_NETWORK_CREDENTIAL_CONFLICT);
+ return tevent_req_post(req, ev);
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_LANMAN1) {
+ /*
+ * SessionSetupAndX was introduced by LANMAN 1.0. So we skip
+ * this step against older servers.
+ */
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
+ if (cli_credentials_is_anonymous(creds)) {
+ /*
+ * Do an anonymous session setup
+ */
+ goto non_spnego_creds_done;
+ }
+
+ if ((sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) == 0) {
+ /*
+ * Do an anonymous session setup,
+ * the password is passed via the tree connect.
+ */
+ goto non_spnego_creds_done;
+ }
+
+ cli_credentials_get_ntlm_username_domain(creds, state,
+ &username,
+ &domain);
+ if (tevent_req_nomem(username, req)) {
+ return tevent_req_post(req, ev);
+ }
+ if (tevent_req_nomem(domain, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ DBG_INFO("Connect to %s as %s using NTLM\n", domain, username);
+
+ if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) {
+ bool use_unicode = smbXcli_conn_use_unicode(cli->conn);
+ uint8_t *bytes = NULL;
+ size_t bytes_len = 0;
+ const char *pw = cli_credentials_get_password(creds);
+ size_t pw_len = 0;
+
+ if (pw == NULL) {
+ pw = "";
+ }
+ pw_len = strlen(pw) + 1;
+
+ if (!lp_client_plaintext_auth()) {
+ DEBUG(1, ("Server requested PLAINTEXT password but "
+ "'client plaintext auth = no'\n"));
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+
+ bytes = talloc_array(state, uint8_t, 0);
+ bytes = trans2_bytes_push_str(bytes, use_unicode,
+ pw, pw_len, &bytes_len);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (use_unicode) {
+ /*
+ * CAP_UNICODE, can only be negotiated by NT1.
+ */
+ state->upassword_blob = data_blob_const(bytes,
+ bytes_len);
+ } else {
+ state->apassword_blob = data_blob_const(bytes,
+ bytes_len);
+ }
+
+ goto non_spnego_creds_done;
+ }
+
+ challenge = data_blob_const(smb1cli_conn_server_challenge(cli->conn), 8);
+
+ if (smbXcli_conn_protocol(cli->conn) == PROTOCOL_NT1) {
+ if (lp_client_ntlmv2_auth() && lp_client_use_spnego()) {
+ /*
+ * Don't send an NTLMv2 response without NTLMSSP if we
+ * want to use spnego support.
+ */
+ DEBUG(1, ("Server does not support EXTENDED_SECURITY "
+ " but 'client use spnego = yes'"
+ " and 'client ntlmv2 auth = yes' is set\n"));
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+
+ if (lp_client_ntlmv2_auth()) {
+ flags |= CLI_CRED_NTLMv2_AUTH;
+
+ /*
+ * note that the 'domain' here is a best
+ * guess - we don't know the server's domain
+ * at this point. Windows clients also don't
+ * use hostname...
+ */
+ target_info = NTLMv2_generate_names_blob(state,
+ NULL,
+ domain);
+ if (tevent_req_nomem(target_info.data, req)) {
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ flags |= CLI_CRED_NTLM_AUTH;
+ if (lp_client_lanman_auth()) {
+ flags |= CLI_CRED_LANMAN_AUTH;
+ }
+ }
+ } else {
+ if (!lp_client_lanman_auth()) {
+ DEBUG(1, ("Server requested user level LM password but "
+ "'client lanman auth = no' is set.\n"));
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+
+ flags |= CLI_CRED_LANMAN_AUTH;
+ }
+
+ status = cli_credentials_get_ntlm_response(creds, state, &flags,
+ challenge, NULL,
+ target_info,
+ &state->apassword_blob,
+ &state->upassword_blob,
+ &state->lm_session_key,
+ &state->session_key);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+non_spnego_creds_done:
+
+ in_buf_size = CLI_BUFFER_SIZE;
+ in_mpx_max = smbXcli_conn_max_requests(cli->conn);
+ in_vc_num = cli_state_get_vc_num(cli);
+ in_sess_key = smb1cli_conn_server_session_key(cli->conn);
+ in_native_os = "Unix";
+ in_native_lm = "Samba";
+
+ if (smbXcli_conn_protocol(cli->conn) == PROTOCOL_NT1) {
+ uint32_t in_capabilities = 0;
+
+ in_capabilities = cli_session_setup_capabilities(cli, 0);
+
+ /*
+ * For now we keep the same values as before,
+ * we may remove these in a separate commit later.
+ */
+ in_mpx_max = 2;
+
+ subreq = smb1cli_session_setup_nt1_send(state, ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb1.pid,
+ cli->smb1.session,
+ in_buf_size,
+ in_mpx_max,
+ in_vc_num,
+ in_sess_key,
+ username,
+ domain,
+ state->apassword_blob,
+ state->upassword_blob,
+ in_capabilities,
+ in_native_os,
+ in_native_lm);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_session_setup_creds_done_nt1,
+ req);
+ return req;
+ }
+
+ /*
+ * For now we keep the same values as before,
+ * we may remove these in a separate commit later.
+ */
+ in_mpx_max = 2;
+ in_vc_num = 1;
+
+ subreq = smb1cli_session_setup_lm21_send(state, ev,
+ cli->conn,
+ cli->timeout,
+ cli->smb1.pid,
+ cli->smb1.session,
+ in_buf_size,
+ in_mpx_max,
+ in_vc_num,
+ in_sess_key,
+ username,
+ domain,
+ state->apassword_blob,
+ in_native_os,
+ in_native_lm);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_session_setup_creds_done_lm21,
+ req);
+ return req;
+}
+
+static void cli_session_setup_creds_done_spnego(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ ADS_STATUS status;
+
+ status = cli_session_setup_spnego_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ADS_ERR_OK(status)) {
+ DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status)));
+ tevent_req_nterror(req, ads_ntstatus(status));
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void cli_session_setup_creds_done_nt1(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_session_setup_creds_state *state = tevent_req_data(
+ req, struct cli_session_setup_creds_state);
+ struct cli_state *cli = state->cli;
+ NTSTATUS status;
+ struct iovec *recv_iov = NULL;
+ const uint8_t *inbuf = NULL;
+ bool ok;
+
+ status = smb1cli_session_setup_nt1_recv(subreq, state,
+ &recv_iov,
+ &inbuf,
+ &state->out_native_os,
+ &state->out_native_lm,
+ &state->out_primary_domain);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ DEBUG(3, ("NT1 login failed: %s\n", nt_errstr(status)));
+ return;
+ }
+
+ status = cli_state_update_after_sesssetup(state->cli,
+ state->out_native_os,
+ state->out_native_lm,
+ state->out_primary_domain);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ ok = smb1cli_conn_activate_signing(cli->conn,
+ state->session_key,
+ state->upassword_blob);
+ if (ok) {
+ ok = smb1cli_conn_check_signing(cli->conn, inbuf, 1);
+ if (!ok) {
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
+ }
+ }
+
+ if (state->session_key.data) {
+ struct smbXcli_session *session = cli->smb1.session;
+
+ status = smb1cli_session_set_session_key(session,
+ state->session_key);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ }
+
+ tevent_req_done(req);
+}
+
+static void cli_session_setup_creds_done_lm21(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_session_setup_creds_state *state = tevent_req_data(
+ req, struct cli_session_setup_creds_state);
+ NTSTATUS status;
+
+ status = smb1cli_session_setup_lm21_recv(subreq, state,
+ &state->out_native_os,
+ &state->out_native_lm);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ DEBUG(3, ("LM21 login failed: %s\n", nt_errstr(status)));
+ return;
+ }
+
+ status = cli_state_update_after_sesssetup(state->cli,
+ state->out_native_os,
+ state->out_native_lm,
+ NULL);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_session_setup_creds_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_session_setup_creds(struct cli_state *cli,
+ struct cli_credentials *creds)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_session_setup_creds_send(ev, ev, cli, creds);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_session_setup_creds_recv(req);
+ fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+NTSTATUS cli_session_setup_anon(struct cli_state *cli)
+{
+ NTSTATUS status;
+ struct cli_credentials *creds = NULL;
+
+ creds = cli_credentials_init_anon(cli);
+ if (creds == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = cli_session_setup_creds(cli, creds);
+ TALLOC_FREE(creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Send a uloggoff.
+*****************************************************************************/
+
+struct cli_ulogoff_state {
+ struct cli_state *cli;
+ uint16_t vwv[3];
+};
+
+static void cli_ulogoff_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_ulogoff_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_ulogoff_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_ulogoff_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ SCVAL(state->vwv+0, 0, 0xFF);
+ SCVAL(state->vwv+1, 0, 0);
+ SSVAL(state->vwv+2, 0, 0);
+
+ subreq = cli_smb_send(state, ev, cli, SMBulogoffX, 0, 0, 2, state->vwv,
+ 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ulogoff_done, req);
+ return req;
+}
+
+static void cli_ulogoff_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_ulogoff_state *state = tevent_req_data(
+ req, struct cli_ulogoff_state);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ cli_state_set_uid(state->cli, UID_FIELD_INVALID);
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_ulogoff_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_ulogoff(struct cli_state *cli)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ status = smb2cli_logoff(cli->conn,
+ cli->timeout,
+ cli->smb2.session);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ smb2cli_session_set_id_and_flags(cli->smb2.session,
+ UINT64_MAX, 0);
+ return NT_STATUS_OK;
+ }
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_ulogoff_send(ev, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_ulogoff_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+/****************************************************************************
+ Send a tconX.
+****************************************************************************/
+
+struct cli_tcon_andx_state {
+ struct cli_state *cli;
+ uint16_t vwv[4];
+ struct iovec bytes;
+};
+
+static void cli_tcon_andx_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *share, const char *dev,
+ const char *pass, int passlen,
+ struct tevent_req **psmbreq)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_tcon_andx_state *state;
+ uint8_t p24[24];
+ uint16_t *vwv;
+ char *tmp = NULL;
+ uint8_t *bytes;
+ uint16_t sec_mode = smb1cli_conn_server_security_mode(cli->conn);
+ uint16_t tcon_flags = 0;
+
+ *psmbreq = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ vwv = state->vwv;
+
+ TALLOC_FREE(cli->smb1.tcon);
+ cli->smb1.tcon = smbXcli_tcon_create(cli);
+ if (tevent_req_nomem(cli->smb1.tcon, req)) {
+ return tevent_req_post(req, ev);
+ }
+ smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX);
+
+ cli->share = talloc_strdup(cli, share);
+ if (!cli->share) {
+ return NULL;
+ }
+
+ /* in user level security don't send a password now */
+ if (sec_mode & NEGOTIATE_SECURITY_USER_LEVEL) {
+ passlen = 1;
+ pass = "";
+ } else if (pass == NULL) {
+ DEBUG(1, ("Server not using user level security and no "
+ "password supplied.\n"));
+ goto access_denied;
+ }
+
+ if ((sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) &&
+ *pass && passlen != 24) {
+ if (!lp_client_lanman_auth()) {
+ DEBUG(1, ("Server requested LANMAN password "
+ "(share-level security) but "
+ "'client lanman auth = no' or 'client ntlmv2 auth = yes'\n"));
+ goto access_denied;
+ }
+
+ /*
+ * Non-encrypted passwords - convert to DOS codepage before
+ * encryption.
+ */
+ SMBencrypt(pass, smb1cli_conn_server_challenge(cli->conn), p24);
+ passlen = 24;
+ pass = (const char *)p24;
+ } else {
+ if((sec_mode & (NEGOTIATE_SECURITY_USER_LEVEL
+ |NEGOTIATE_SECURITY_CHALLENGE_RESPONSE))
+ == 0) {
+ uint8_t *tmp_pass;
+
+ if (!lp_client_plaintext_auth() && (*pass)) {
+ DEBUG(1, ("Server requested PLAINTEXT "
+ "password but "
+ "'client plaintext auth = no' or 'client ntlmv2 auth = yes'\n"));
+ goto access_denied;
+ }
+
+ /*
+ * Non-encrypted passwords - convert to DOS codepage
+ * before using.
+ */
+ tmp_pass = talloc_array(talloc_tos(), uint8_t, 0);
+ if (tevent_req_nomem(tmp_pass, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tmp_pass = trans2_bytes_push_str(tmp_pass,
+ false, /* always DOS */
+ pass,
+ passlen,
+ NULL);
+ if (tevent_req_nomem(tmp_pass, req)) {
+ return tevent_req_post(req, ev);
+ }
+ pass = (const char *)tmp_pass;
+ passlen = talloc_get_size(tmp_pass);
+ }
+ }
+
+ tcon_flags |= TCONX_FLAG_EXTENDED_RESPONSE;
+ tcon_flags |= TCONX_FLAG_EXTENDED_SIGNATURES;
+
+ SCVAL(vwv+0, 0, 0xFF);
+ SCVAL(vwv+0, 1, 0);
+ SSVAL(vwv+1, 0, 0);
+ SSVAL(vwv+2, 0, tcon_flags);
+ SSVAL(vwv+3, 0, passlen);
+
+ if (passlen && pass) {
+ bytes = (uint8_t *)talloc_memdup(state, pass, passlen);
+ } else {
+ bytes = talloc_array(state, uint8_t, 0);
+ }
+
+ /*
+ * Add the sharename
+ */
+ tmp = talloc_asprintf_strupper_m(talloc_tos(), "\\\\%s\\%s",
+ smbXcli_conn_remote_name(cli->conn), share);
+ if (tmp == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), tmp, strlen(tmp)+1,
+ NULL);
+ TALLOC_FREE(tmp);
+
+ /*
+ * Add the devicetype
+ */
+ tmp = talloc_strdup_upper(talloc_tos(), dev);
+ if (tmp == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ bytes = smb_bytes_push_str(bytes, false, tmp, strlen(tmp)+1, NULL);
+ TALLOC_FREE(tmp);
+
+ if (bytes == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+
+ state->bytes.iov_base = (void *)bytes;
+ state->bytes.iov_len = talloc_get_size(bytes);
+
+ subreq = cli_smb_req_create(state, ev, cli, SMBtconX, 0, 0, 4, vwv,
+ 1, &state->bytes);
+ if (subreq == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ tevent_req_set_callback(subreq, cli_tcon_andx_done, req);
+ *psmbreq = subreq;
+ return req;
+
+ access_denied:
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+}
+
+struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *share, const char *dev,
+ const char *pass, int passlen)
+{
+ struct tevent_req *req, *subreq;
+ NTSTATUS status;
+
+ req = cli_tcon_andx_create(mem_ctx, ev, cli, share, dev, pass, passlen,
+ &subreq);
+ if (req == NULL) {
+ return NULL;
+ }
+ if (subreq == NULL) {
+ return req;
+ }
+ status = smb1cli_req_chain_submit(&subreq, 1);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void cli_tcon_andx_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_tcon_andx_state *state = tevent_req_data(
+ req, struct cli_tcon_andx_state);
+ struct cli_state *cli = state->cli;
+ uint8_t *in;
+ uint8_t *inhdr;
+ uint8_t wct;
+ uint16_t *vwv;
+ uint32_t num_bytes;
+ uint8_t *bytes;
+ NTSTATUS status;
+ uint16_t optional_support = 0;
+
+ status = cli_smb_recv(subreq, state, &in, 0, &wct, &vwv,
+ &num_bytes, &bytes);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ inhdr = in + NBT_HDR_SIZE;
+
+ if (num_bytes) {
+ if (pull_string_talloc(cli,
+ (const char *)inhdr,
+ SVAL(inhdr, HDR_FLG2),
+ &cli->dev,
+ bytes,
+ num_bytes,
+ STR_TERMINATE|STR_ASCII) == -1) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ } else {
+ cli->dev = talloc_strdup(cli, "");
+ if (cli->dev == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ }
+
+ if ((smbXcli_conn_protocol(cli->conn) >= PROTOCOL_NT1) && (num_bytes == 3)) {
+ /* almost certainly win95 - enable bug fixes */
+ cli->win95 = True;
+ }
+
+ /*
+ * Make sure that we have the optional support 16-bit field. WCT > 2.
+ * Avoids issues when connecting to Win9x boxes sharing files
+ */
+
+ if ((wct > 2) && (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN2)) {
+ optional_support = SVAL(vwv+2, 0);
+ }
+
+ if (optional_support & SMB_EXTENDED_SIGNATURES) {
+ smb1cli_session_protect_session_key(cli->smb1.session);
+ }
+
+ smb1cli_tcon_set_values(state->cli->smb1.tcon,
+ SVAL(inhdr, HDR_TID),
+ optional_support,
+ 0, /* maximal_access */
+ 0, /* guest_maximal_access */
+ NULL, /* service */
+ NULL); /* fs_type */
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_tcon_andx_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
+ const char *dev, const char *pass, int passlen)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ req = cli_tcon_andx_send(frame, ev, cli, share, dev, pass, passlen);
+ if (req == NULL) {
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_tcon_andx_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_tree_connect_state {
+ struct cli_state *cli;
+};
+
+static struct tevent_req *cli_raw_tcon_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ const char *service, const char *pass, const char *dev);
+static NTSTATUS cli_raw_tcon_recv(struct tevent_req *req,
+ uint16_t *max_xmit, uint16_t *tid);
+
+static void cli_tree_connect_smb2_done(struct tevent_req *subreq);
+static void cli_tree_connect_andx_done(struct tevent_req *subreq);
+static void cli_tree_connect_raw_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_tree_connect_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ const char *share, const char *dev, const char *pass)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_tree_connect_state *state;
+ int passlen;
+
+ if (pass == NULL) {
+ pass = "";
+ }
+ passlen = strlen(pass) + 1;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_tree_connect_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ cli->share = talloc_strdup(cli, share);
+ if (tevent_req_nomem(cli->share, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ char *unc;
+
+ TALLOC_FREE(cli->smb2.tcon);
+ cli->smb2.tcon = smbXcli_tcon_create(cli);
+ if (tevent_req_nomem(cli->smb2.tcon, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ unc = talloc_asprintf(state, "\\\\%s\\%s",
+ smbXcli_conn_remote_name(cli->conn),
+ share);
+ if (tevent_req_nomem(unc, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = smb2cli_tcon_send(state, ev, cli->conn, cli->timeout,
+ cli->smb2.session, cli->smb2.tcon,
+ 0, /* flags */
+ unc);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_tree_connect_smb2_done,
+ req);
+ return req;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_LANMAN1) {
+ subreq = cli_tcon_andx_send(state, ev, cli, share, dev,
+ pass, passlen);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_tree_connect_andx_done,
+ req);
+ return req;
+ }
+
+ subreq = cli_raw_tcon_send(state, ev, cli, share, pass, dev);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_tree_connect_raw_done, req);
+
+ return req;
+}
+
+static void cli_tree_connect_smb2_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = smb2cli_tcon_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_tree_connect_andx_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_tcon_andx_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_tree_connect_raw_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_tree_connect_state *state = tevent_req_data(
+ req, struct cli_tree_connect_state);
+ NTSTATUS status;
+ uint16_t max_xmit = 0;
+ uint16_t tid = 0;
+
+ status = cli_raw_tcon_recv(subreq, &max_xmit, &tid);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ smb1cli_tcon_set_values(state->cli->smb1.tcon,
+ tid,
+ 0, /* optional_support */
+ 0, /* maximal_access */
+ 0, /* guest_maximal_access */
+ NULL, /* service */
+ NULL); /* fs_type */
+
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_tree_connect_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share,
+ const char *dev, const char *pass)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_tree_connect_send(ev, ev, cli, share, dev, pass);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_tree_connect_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+NTSTATUS cli_tree_connect_creds(struct cli_state *cli,
+ const char *share, const char *dev,
+ struct cli_credentials *creds)
+{
+ const char *pw = NULL;
+
+ if (creds != NULL) {
+ pw = cli_credentials_get_password(creds);
+ }
+
+ return cli_tree_connect(cli, share, dev, pw);
+}
+
+/****************************************************************************
+ Send a tree disconnect.
+****************************************************************************/
+
+struct cli_tdis_state {
+ struct cli_state *cli;
+};
+
+static void cli_tdis_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_tdis_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_tdis_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_tdis_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ subreq = cli_smb_send(state, ev, cli, SMBtdis, 0, 0, 0, NULL, 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_tdis_done, req);
+ return req;
+}
+
+static void cli_tdis_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_tdis_state *state = tevent_req_data(
+ req, struct cli_tdis_state);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ TALLOC_FREE(state->cli->smb1.tcon);
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_tdis_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_tdis(struct cli_state *cli)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ status = smb2cli_tdis(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon);
+ if (NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(cli->smb2.tcon);
+ }
+ return status;
+ }
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_tdis_send(ev, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_tdis_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+struct cli_connect_sock_state {
+ const char **called_names;
+ const char **calling_names;
+ int *called_types;
+ int fd;
+ uint16_t port;
+};
+
+static void cli_connect_sock_done(struct tevent_req *subreq);
+
+/*
+ * Async only if we don't have to look up the name, i.e. "pss" is set with a
+ * nonzero address.
+ */
+
+static struct tevent_req *cli_connect_sock_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *host, int name_type, const struct sockaddr_storage *pss,
+ const char *myname, uint16_t port)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_connect_sock_state *state;
+ struct sockaddr_storage *addrs = NULL;
+ unsigned i;
+ unsigned num_addrs = 0;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_connect_sock_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if ((pss == NULL) || is_zero_addr(pss)) {
+
+ /*
+ * Here we cheat. resolve_name_list is not async at all. So
+ * this call will only be really async if the name lookup has
+ * been done externally.
+ */
+
+ status = resolve_name_list(state, host, name_type,
+ &addrs, &num_addrs);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ addrs = talloc_array(state, struct sockaddr_storage, 1);
+ if (tevent_req_nomem(addrs, req)) {
+ return tevent_req_post(req, ev);
+ }
+ addrs[0] = *pss;
+ num_addrs = 1;
+ }
+
+ state->called_names = talloc_array(state, const char *, num_addrs);
+ if (tevent_req_nomem(state->called_names, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->called_types = talloc_array(state, int, num_addrs);
+ if (tevent_req_nomem(state->called_types, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->calling_names = talloc_array(state, const char *, num_addrs);
+ if (tevent_req_nomem(state->calling_names, req)) {
+ return tevent_req_post(req, ev);
+ }
+ for (i=0; i<num_addrs; i++) {
+ state->called_names[i] = host;
+ state->called_types[i] = name_type;
+ state->calling_names[i] = myname;
+ }
+
+ subreq = smbsock_any_connect_send(
+ state, ev, addrs, state->called_names, state->called_types,
+ state->calling_names, NULL, num_addrs, port);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_connect_sock_done, req);
+ return req;
+}
+
+static void cli_connect_sock_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_connect_sock_state *state = tevent_req_data(
+ req, struct cli_connect_sock_state);
+ NTSTATUS status;
+
+ status = smbsock_any_connect_recv(subreq, &state->fd, NULL,
+ &state->port);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ set_socket_options(state->fd, lp_socket_options());
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_connect_sock_recv(struct tevent_req *req,
+ int *pfd, uint16_t *pport)
+{
+ struct cli_connect_sock_state *state = tevent_req_data(
+ req, struct cli_connect_sock_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfd = state->fd;
+ *pport = state->port;
+ return NT_STATUS_OK;
+}
+
+struct cli_connect_nb_state {
+ const char *desthost;
+ enum smb_signing_setting signing_state;
+ int flags;
+ struct cli_state *cli;
+};
+
+static void cli_connect_nb_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_connect_nb_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *host, const struct sockaddr_storage *dest_ss,
+ uint16_t port, int name_type, const char *myname,
+ enum smb_signing_setting signing_state, int flags)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_connect_nb_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_connect_nb_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->signing_state = signing_state;
+ state->flags = flags;
+
+ if (host != NULL) {
+ char *p = strchr(host, '#');
+
+ if (p != NULL) {
+ name_type = strtol(p+1, NULL, 16);
+ host = talloc_strndup(state, host, p - host);
+ if (tevent_req_nomem(host, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ state->desthost = host;
+ } else if (dest_ss != NULL) {
+ state->desthost = print_canonical_sockaddr(state, dest_ss);
+ if (tevent_req_nomem(state->desthost, req)) {
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ /* No host or dest_ss given. Error out. */
+ tevent_req_error(req, EINVAL);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_connect_sock_send(state, ev, host, name_type, dest_ss,
+ myname, port);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_connect_nb_done, req);
+ return req;
+}
+
+static void cli_connect_nb_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_connect_nb_state *state = tevent_req_data(
+ req, struct cli_connect_nb_state);
+ NTSTATUS status;
+ int fd = 0;
+ uint16_t port;
+
+ status = cli_connect_sock_recv(subreq, &fd, &port);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->cli = cli_state_create(state, fd, state->desthost,
+ state->signing_state, state->flags);
+ if (tevent_req_nomem(state->cli, req)) {
+ close(fd);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_connect_nb_recv(struct tevent_req *req,
+ struct cli_state **pcli)
+{
+ struct cli_connect_nb_state *state = tevent_req_data(
+ req, struct cli_connect_nb_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pcli = talloc_move(NULL, &state->cli);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_connect_nb(const char *host, const struct sockaddr_storage *dest_ss,
+ uint16_t port, int name_type, const char *myname,
+ enum smb_signing_setting signing_state, int flags, struct cli_state **pcli)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_connect_nb_send(ev, ev, host, dest_ss, port, name_type,
+ myname, signing_state, flags);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(20, 0))) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_connect_nb_recv(req, pcli);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+struct cli_start_connection_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ int min_protocol;
+ int max_protocol;
+ struct smb2_negotiate_contexts *negotiate_contexts;
+};
+
+static void cli_start_connection_connected(struct tevent_req *subreq);
+static void cli_start_connection_done(struct tevent_req *subreq);
+
+/**
+ establishes a connection to after the negprot.
+ @param output_cli A fully initialised cli structure, non-null only on success
+ @param dest_host The netbios name of the remote host
+ @param dest_ss (optional) The destination IP, NULL for name based lookup
+ @param port (optional) The destination port (0 for default)
+*/
+
+static struct tevent_req *cli_start_connection_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *my_name, const char *dest_host,
+ const struct sockaddr_storage *dest_ss, int port,
+ enum smb_signing_setting signing_state, int flags,
+ struct smb2_negotiate_contexts *negotiate_contexts)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_start_connection_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_start_connection_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+
+ if (flags & CLI_FULL_CONNECTION_IPC) {
+ state->min_protocol = lp_client_ipc_min_protocol();
+ state->max_protocol = lp_client_ipc_max_protocol();
+ } else {
+ state->min_protocol = lp_client_min_protocol();
+ state->max_protocol = lp_client_max_protocol();
+ }
+
+ if (flags & CLI_FULL_CONNECTION_FORCE_SMB1) {
+ state->max_protocol = MIN(state->max_protocol,
+ PROTOCOL_NT1);
+ state->min_protocol = MIN(state->min_protocol,
+ state->max_protocol);
+ }
+
+ if (flags & CLI_FULL_CONNECTION_DISABLE_SMB1) {
+ state->min_protocol = MAX(state->min_protocol,
+ PROTOCOL_SMB2_02);
+ state->max_protocol = MAX(state->max_protocol,
+ state->min_protocol);
+ }
+
+ state->negotiate_contexts = talloc_zero(
+ state, struct smb2_negotiate_contexts);
+ if (tevent_req_nomem(state->negotiate_contexts, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (flags & CLI_FULL_CONNECTION_REQUEST_POSIX) {
+ NTSTATUS status;
+
+ status = smb2_negotiate_context_add(
+ state->negotiate_contexts,
+ state->negotiate_contexts,
+ SMB2_POSIX_EXTENSIONS_AVAILABLE,
+ (const uint8_t *)SMB2_CREATE_TAG_POSIX,
+ strlen(SMB2_CREATE_TAG_POSIX));
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ if (negotiate_contexts != NULL) {
+ uint16_t i;
+
+ for (i=0; i<negotiate_contexts->num_contexts; i++) {
+ struct smb2_negotiate_context *ctx =
+ &negotiate_contexts->contexts[i];
+ NTSTATUS status;
+
+ status = smb2_negotiate_context_add(
+ state->negotiate_contexts,
+ state->negotiate_contexts,
+ ctx->type,
+ ctx->data.data,
+ ctx->data.length);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+ }
+
+ subreq = cli_connect_nb_send(state, ev, dest_host, dest_ss, port,
+ 0x20, my_name, signing_state, flags);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_start_connection_connected, req);
+ return req;
+}
+
+static void cli_start_connection_connected(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_start_connection_state *state = tevent_req_data(
+ req, struct cli_start_connection_state);
+ NTSTATUS status;
+
+ status = cli_connect_nb_recv(subreq, &state->cli);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = smbXcli_negprot_send(
+ state,
+ state->ev,
+ state->cli->conn,
+ state->cli->timeout,
+ state->min_protocol,
+ state->max_protocol,
+ WINDOWS_CLIENT_PURE_SMB2_NEGPROT_INITIAL_CREDIT_ASK,
+ state->negotiate_contexts);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_start_connection_done, req);
+}
+
+static void cli_start_connection_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_start_connection_state *state = tevent_req_data(
+ req, struct cli_start_connection_state);
+ NTSTATUS status;
+
+ status = smbXcli_negprot_recv(subreq, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ /* Ensure we ask for some initial credits. */
+ smb2cli_conn_set_max_credits(state->cli->conn,
+ DEFAULT_SMB2_MAX_CREDITS);
+ }
+
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_start_connection_recv(struct tevent_req *req,
+ struct cli_state **output_cli)
+{
+ struct cli_start_connection_state *state = tevent_req_data(
+ req, struct cli_start_connection_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *output_cli = state->cli;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_start_connection(struct cli_state **output_cli,
+ const char *my_name,
+ const char *dest_host,
+ const struct sockaddr_storage *dest_ss, int port,
+ enum smb_signing_setting signing_state, int flags)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_start_connection_send(ev, ev, my_name, dest_host, dest_ss,
+ port, signing_state, flags, NULL);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_start_connection_recv(req, output_cli);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+struct cli_smb1_setup_encryption_blob_state {
+ uint16_t setup[1];
+ uint8_t param[4];
+ NTSTATUS status;
+ DATA_BLOB out;
+ uint16_t enc_ctx_id;
+};
+
+static void cli_smb1_setup_encryption_blob_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_smb1_setup_encryption_blob_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const DATA_BLOB in)
+{
+ struct tevent_req *req = NULL;
+ struct cli_smb1_setup_encryption_blob_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb1_setup_encryption_blob_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (in.length > CLI_BUFFER_SIZE) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ SSVAL(state->setup+0, 0, TRANSACT2_SETFSINFO);
+ SSVAL(state->param, 0, 0);
+ SSVAL(state->param, 2, SMB_REQUEST_TRANSPORT_ENCRYPTION);
+
+ subreq = smb1cli_trans_send(state, ev, cli->conn,
+ SMBtrans2,
+ 0, 0, /* _flags */
+ 0, 0, /* _flags2 */
+ cli->timeout,
+ cli->smb1.pid,
+ cli->smb1.tcon,
+ cli->smb1.session,
+ NULL, /* pipe_name */
+ 0, /* fid */
+ 0, /* function */
+ 0, /* flags */
+ state->setup, 1, 0,
+ state->param, 4, 2,
+ in.data, in.length, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_smb1_setup_encryption_blob_done,
+ req);
+
+ return req;
+}
+
+static void cli_smb1_setup_encryption_blob_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_smb1_setup_encryption_blob_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_blob_state);
+ uint8_t *rparam=NULL, *rdata=NULL;
+ uint32_t num_rparam, num_rdata;
+ NTSTATUS status;
+
+ status = smb1cli_trans_recv(subreq, state,
+ NULL, /* recv_flags */
+ NULL, 0, NULL, /* rsetup */
+ &rparam, 0, &num_rparam,
+ &rdata, 0, &num_rdata);
+ TALLOC_FREE(subreq);
+ state->status = status;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ status = NT_STATUS_OK;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (num_rparam == 2) {
+ state->enc_ctx_id = SVAL(rparam, 0);
+ }
+ TALLOC_FREE(rparam);
+
+ state->out = data_blob_const(rdata, num_rdata);
+
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_smb1_setup_encryption_blob_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *out,
+ uint16_t *enc_ctx_id)
+{
+ struct cli_smb1_setup_encryption_blob_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_blob_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ status = state->status;
+
+ *out = state->out;
+ talloc_steal(mem_ctx, out->data);
+
+ *enc_ctx_id = state->enc_ctx_id;
+
+ tevent_req_received(req);
+ return status;
+}
+
+struct cli_smb1_setup_encryption_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ struct smb_trans_enc_state *es;
+ DATA_BLOB blob_in;
+ DATA_BLOB blob_out;
+ bool local_ready;
+ bool remote_ready;
+};
+
+static void cli_smb1_setup_encryption_local_next(struct tevent_req *req);
+static void cli_smb1_setup_encryption_local_done(struct tevent_req *subreq);
+static void cli_smb1_setup_encryption_remote_next(struct tevent_req *req);
+static void cli_smb1_setup_encryption_remote_done(struct tevent_req *subreq);
+static void cli_smb1_setup_encryption_ready(struct tevent_req *req);
+
+static struct tevent_req *cli_smb1_setup_encryption_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ struct cli_credentials *creds)
+{
+ struct tevent_req *req = NULL;
+ struct cli_smb1_setup_encryption_state *state = NULL;
+ struct auth_generic_state *ags = NULL;
+ const DATA_BLOB *b = NULL;
+ bool auth_requested = false;
+ const char *target_service = NULL;
+ const char *target_hostname = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb1_setup_encryption_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ auth_requested = cli_credentials_authentication_requested(creds);
+ if (!auth_requested) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
+ target_service = "cifs";
+ target_hostname = smbXcli_conn_remote_name(cli->conn);
+
+ status = cli_session_creds_prepare_krb5(cli, creds);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->es = talloc_zero(state, struct smb_trans_enc_state);
+ if (tevent_req_nomem(state->es, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ status = auth_generic_client_prepare(state->es, &ags);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ gensec_want_feature(ags->gensec_security,
+ GENSEC_FEATURE_SIGN);
+ gensec_want_feature(ags->gensec_security,
+ GENSEC_FEATURE_SEAL);
+
+ status = auth_generic_set_creds(ags, creds);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (target_service != NULL) {
+ status = gensec_set_target_service(ags->gensec_security,
+ target_service);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ if (target_hostname != NULL) {
+ status = gensec_set_target_hostname(ags->gensec_security,
+ target_hostname);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ gensec_set_max_update_size(ags->gensec_security,
+ CLI_BUFFER_SIZE);
+
+ b = smbXcli_conn_server_gss_blob(state->cli->conn);
+ if (b != NULL) {
+ state->blob_in = *b;
+ }
+
+ status = auth_generic_client_start(ags, GENSEC_OID_SPNEGO);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * We only need the gensec_security part from here.
+ */
+ state->es->gensec_security = talloc_move(state->es,
+ &ags->gensec_security);
+ TALLOC_FREE(ags);
+
+ cli_smb1_setup_encryption_local_next(req);
+ if (!tevent_req_is_in_progress(req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ return req;
+}
+
+static void cli_smb1_setup_encryption_local_next(struct tevent_req *req)
+{
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ struct tevent_req *subreq = NULL;
+
+ if (state->local_ready) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ subreq = gensec_update_send(state, state->ev,
+ state->es->gensec_security,
+ state->blob_in);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb1_setup_encryption_local_done, req);
+}
+
+static void cli_smb1_setup_encryption_local_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ NTSTATUS status;
+
+ status = gensec_update_recv(subreq, state, &state->blob_out);
+ TALLOC_FREE(subreq);
+ state->blob_in = data_blob_null;
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ state->local_ready = true;
+ }
+
+ /*
+ * We always get NT_STATUS_OK from the server even if it is not ready.
+ * So guess the server is ready when we are ready and already sent
+ * our last blob to the server.
+ */
+ if (state->local_ready && state->blob_out.length == 0) {
+ state->remote_ready = true;
+ }
+
+ if (state->local_ready && state->remote_ready) {
+ cli_smb1_setup_encryption_ready(req);
+ return;
+ }
+
+ cli_smb1_setup_encryption_remote_next(req);
+}
+
+static void cli_smb1_setup_encryption_remote_next(struct tevent_req *req)
+{
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ struct tevent_req *subreq = NULL;
+
+ if (state->remote_ready) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ subreq = cli_smb1_setup_encryption_blob_send(state, state->ev,
+ state->cli, state->blob_out);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_smb1_setup_encryption_remote_done,
+ req);
+}
+
+static void cli_smb1_setup_encryption_remote_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ NTSTATUS status;
+
+ status = cli_smb1_setup_encryption_blob_recv(subreq, state,
+ &state->blob_in,
+ &state->es->enc_ctx_num);
+ TALLOC_FREE(subreq);
+ data_blob_free(&state->blob_out);
+ if (!NT_STATUS_IS_OK(status) &&
+ !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
+ {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ /*
+ * We always get NT_STATUS_OK even if the server is not ready.
+ * So guess the server is ready when we are ready and sent
+ * our last blob to the server.
+ */
+ if (state->local_ready) {
+ state->remote_ready = true;
+ }
+
+ if (state->local_ready && state->remote_ready) {
+ cli_smb1_setup_encryption_ready(req);
+ return;
+ }
+
+ cli_smb1_setup_encryption_local_next(req);
+}
+
+static void cli_smb1_setup_encryption_ready(struct tevent_req *req)
+{
+ struct cli_smb1_setup_encryption_state *state =
+ tevent_req_data(req,
+ struct cli_smb1_setup_encryption_state);
+ struct smb_trans_enc_state *es = NULL;
+
+ if (state->blob_in.length != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (state->blob_out.length != 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ es = talloc_move(state->cli->conn, &state->es);
+ es->enc_on = true;
+ smb1cli_conn_set_encryption(state->cli->conn, es);
+ es = NULL;
+
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_smb1_setup_encryption_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_smb1_setup_encryption(struct cli_state *cli,
+ struct cli_credentials *creds)
+{
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb1_setup_encryption_send(ev, ev, cli, creds);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb1_setup_encryption_recv(req);
+ fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+/**
+ establishes a connection right up to doing tconX, password specified.
+ @param output_cli A fully initialised cli structure, non-null only on success
+ @param dest_host The netbios name of the remote host
+ @param dest_ip (optional) The the destination IP, NULL for name based lookup
+ @param port (optional) The destination port (0 for default)
+ @param service (optional) The share to make the connection to. Should be 'unqualified' in any way.
+ @param service_type The 'type' of service.
+ @param creds The used user credentials
+*/
+
+struct cli_full_connection_creds_state {
+ struct tevent_context *ev;
+ const char *service;
+ const char *service_type;
+ struct cli_credentials *creds;
+ int flags;
+ struct cli_state *cli;
+};
+
+static int cli_full_connection_creds_state_destructor(
+ struct cli_full_connection_creds_state *s)
+{
+ if (s->cli != NULL) {
+ cli_shutdown(s->cli);
+ s->cli = NULL;
+ }
+ return 0;
+}
+
+static void cli_full_connection_creds_conn_done(struct tevent_req *subreq);
+static void cli_full_connection_creds_sess_done(struct tevent_req *subreq);
+static void cli_full_connection_creds_enc_start(struct tevent_req *req);
+static void cli_full_connection_creds_enc_tcon(struct tevent_req *subreq);
+static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq);
+static void cli_full_connection_creds_enc_done(struct tevent_req *subreq);
+static void cli_full_connection_creds_enc_tdis(struct tevent_req *req);
+static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq);
+static void cli_full_connection_creds_tcon_start(struct tevent_req *req);
+static void cli_full_connection_creds_tcon_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_full_connection_creds_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *my_name, const char *dest_host,
+ const struct sockaddr_storage *dest_ss, int port,
+ const char *service, const char *service_type,
+ struct cli_credentials *creds,
+ int flags,
+ struct smb2_negotiate_contexts *negotiate_contexts)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_full_connection_creds_state *state;
+ enum smb_signing_setting signing_state;
+ enum smb_encryption_setting encryption_state =
+ cli_credentials_get_smb_encryption(creds);
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_full_connection_creds_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ talloc_set_destructor(state, cli_full_connection_creds_state_destructor);
+
+ state->ev = ev;
+ state->service = service;
+ state->service_type = service_type;
+ state->creds = creds;
+ state->flags = flags;
+
+ if (flags & CLI_FULL_CONNECTION_IPC) {
+ signing_state = cli_credentials_get_smb_ipc_signing(creds);
+ } else {
+ signing_state = cli_credentials_get_smb_signing(creds);
+ }
+
+ if (encryption_state == SMB_ENCRYPTION_REQUIRED) {
+ if (flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK) {
+ encryption_state = SMB_ENCRYPTION_DESIRED;
+ }
+ }
+
+ if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
+ signing_state = SMB_SIGNING_REQUIRED;
+ }
+
+ subreq = cli_start_connection_send(
+ state, ev, my_name, dest_host, dest_ss, port,
+ signing_state, flags,
+ negotiate_contexts);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_full_connection_creds_conn_done,
+ req);
+ return req;
+}
+
+static void cli_full_connection_creds_conn_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ NTSTATUS status;
+
+ status = cli_start_connection_recv(subreq, &state->cli);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_session_setup_creds_send(
+ state, state->ev, state->cli, state->creds);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_full_connection_creds_sess_done,
+ req);
+}
+
+static void cli_full_connection_creds_sess_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ NTSTATUS status;
+
+ status = cli_session_setup_creds_recv(subreq);
+ TALLOC_FREE(subreq);
+
+ if (!NT_STATUS_IS_OK(status) &&
+ (state->flags & CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK)) {
+
+ state->flags &= ~CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
+
+ state->creds = cli_credentials_init_anon(state);
+ if (tevent_req_nomem(state->creds, req)) {
+ return;
+ }
+
+ subreq = cli_session_setup_creds_send(
+ state, state->ev, state->cli, state->creds);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_full_connection_creds_sess_done,
+ req);
+ return;
+ }
+
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ cli_full_connection_creds_enc_start(req);
+}
+
+static void cli_full_connection_creds_enc_start(struct tevent_req *req)
+{
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ enum smb_encryption_setting encryption_state =
+ cli_credentials_get_smb_encryption(state->creds);
+ struct tevent_req *subreq = NULL;
+ NTSTATUS status;
+
+ if (encryption_state < SMB_ENCRYPTION_DESIRED) {
+ cli_full_connection_creds_tcon_start(req);
+ return;
+ }
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = smb2cli_session_encryption_on(state->cli->smb2.session);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
+ cli_full_connection_creds_tcon_start(req);
+ return;
+ }
+ d_printf("Encryption required and "
+ "server doesn't support "
+ "SMB3 encryption - failing connect\n");
+ tevent_req_nterror(req, status);
+ return;
+ } else if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "setup failed with error %s.\n",
+ nt_errstr(status));
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ cli_full_connection_creds_tcon_start(req);
+ return;
+ }
+
+ if (!SERVER_HAS_UNIX_CIFS(state->cli)) {
+ if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
+ cli_full_connection_creds_tcon_start(req);
+ return;
+ }
+
+ status = NT_STATUS_NOT_SUPPORTED;
+ d_printf("Encryption required and "
+ "server doesn't support "
+ "SMB1 Unix Extensions - failing connect\n");
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ /*
+ * We do a tcon on IPC$ just to setup the encryption,
+ * the real tcon will be encrypted then.
+ */
+ subreq = cli_tree_connect_send(state, state->ev, state->cli,
+ "IPC$", "IPC", NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_full_connection_creds_enc_tcon, req);
+}
+
+static void cli_full_connection_creds_enc_tcon(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ NTSTATUS status;
+
+ status = cli_tree_connect_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_unix_extensions_version_send(state, state->ev, state->cli);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_full_connection_creds_enc_ver, req);
+}
+
+static void cli_full_connection_creds_enc_ver(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ enum smb_encryption_setting encryption_state =
+ cli_credentials_get_smb_encryption(state->creds);
+ uint16_t major, minor;
+ uint32_t caplow, caphigh;
+ NTSTATUS status;
+
+ status = cli_unix_extensions_version_recv(subreq,
+ &major, &minor,
+ &caplow,
+ &caphigh);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
+ /* disconnect ipc$ followed by the real tree connect */
+ cli_full_connection_creds_enc_tdis(req);
+ return;
+ }
+ DEBUG(10, ("%s: cli_unix_extensions_version "
+ "returned %s\n", __func__, nt_errstr(status)));
+ tevent_req_nterror(req, NT_STATUS_UNKNOWN_REVISION);
+ return;
+ }
+
+ if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
+ if (encryption_state < SMB_ENCRYPTION_REQUIRED) {
+ /* disconnect ipc$ followed by the real tree connect */
+ cli_full_connection_creds_enc_tdis(req);
+ return;
+ }
+ DEBUG(10, ("%s: CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP "
+ "not supported\n", __func__));
+ tevent_req_nterror(req, NT_STATUS_UNSUPPORTED_COMPRESSION);
+ return;
+ }
+
+ subreq = cli_smb1_setup_encryption_send(state, state->ev,
+ state->cli,
+ state->creds);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_full_connection_creds_enc_done,
+ req);
+}
+
+static void cli_full_connection_creds_enc_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb1_setup_encryption_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /* disconnect ipc$ followed by the real tree connect */
+ cli_full_connection_creds_enc_tdis(req);
+}
+
+static void cli_full_connection_creds_enc_tdis(struct tevent_req *req)
+{
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ struct tevent_req *subreq = NULL;
+
+ subreq = cli_tdis_send(state, state->ev, state->cli);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_full_connection_creds_enc_finished,
+ req);
+}
+
+static void cli_full_connection_creds_enc_finished(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_tdis_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ cli_full_connection_creds_tcon_start(req);
+}
+
+static void cli_full_connection_creds_tcon_start(struct tevent_req *req)
+{
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ struct tevent_req *subreq = NULL;
+ const char *password = NULL;
+
+ if (state->service == NULL) {
+ tevent_req_done(req);
+ return;
+ }
+
+ password = cli_credentials_get_password(state->creds);
+
+ subreq = cli_tree_connect_send(state, state->ev,
+ state->cli,
+ state->service,
+ state->service_type,
+ password);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_full_connection_creds_tcon_done,
+ req);
+}
+
+static void cli_full_connection_creds_tcon_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_tree_connect_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_full_connection_creds_recv(struct tevent_req *req,
+ struct cli_state **output_cli)
+{
+ struct cli_full_connection_creds_state *state = tevent_req_data(
+ req, struct cli_full_connection_creds_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *output_cli = state->cli;
+ talloc_set_destructor(state, NULL);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_full_connection_creds(struct cli_state **output_cli,
+ const char *my_name,
+ const char *dest_host,
+ const struct sockaddr_storage *dest_ss, int port,
+ const char *service, const char *service_type,
+ struct cli_credentials *creds,
+ int flags)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_full_connection_creds_send(
+ ev, ev, my_name, dest_host, dest_ss, port, service,
+ service_type, creds, flags,
+ NULL);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_full_connection_creds_recv(req, output_cli);
+ fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+/****************************************************************************
+ Send an old style tcon.
+****************************************************************************/
+struct cli_raw_tcon_state {
+ uint16_t *ret_vwv;
+};
+
+static void cli_raw_tcon_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_raw_tcon_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ const char *service, const char *pass, const char *dev)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_raw_tcon_state *state;
+ uint8_t *bytes;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_raw_tcon_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (!lp_client_plaintext_auth() && (*pass)) {
+ DEBUG(1, ("Server requested PLAINTEXT password but 'client plaintext auth = no'"
+ " or 'client ntlmv2 auth = yes'\n"));
+ tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return tevent_req_post(req, ev);
+ }
+
+ TALLOC_FREE(cli->smb1.tcon);
+ cli->smb1.tcon = smbXcli_tcon_create(cli);
+ if (tevent_req_nomem(cli->smb1.tcon, req)) {
+ return tevent_req_post(req, ev);
+ }
+ smb1cli_tcon_set_id(cli->smb1.tcon, UINT16_MAX);
+
+ bytes = talloc_array(state, uint8_t, 0);
+ bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
+ service, strlen(service)+1, NULL);
+ bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
+ pass, strlen(pass)+1, NULL);
+ bytes = smb_bytes_push_bytes(bytes, 4, NULL, 0);
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn),
+ dev, strlen(dev)+1, NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBtcon, 0, 0, 0, NULL,
+ talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_raw_tcon_done, req);
+ return req;
+}
+
+static void cli_raw_tcon_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_raw_tcon_state *state = tevent_req_data(
+ req, struct cli_raw_tcon_state);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, state, NULL, 2, NULL, &state->ret_vwv,
+ NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_raw_tcon_recv(struct tevent_req *req,
+ uint16_t *max_xmit, uint16_t *tid)
+{
+ struct cli_raw_tcon_state *state = tevent_req_data(
+ req, struct cli_raw_tcon_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *max_xmit = SVAL(state->ret_vwv + 0, 0);
+ *tid = SVAL(state->ret_vwv + 1, 0);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_raw_tcon(struct cli_state *cli,
+ const char *service, const char *pass, const char *dev,
+ uint16_t *max_xmit, uint16_t *tid)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_raw_tcon_send(ev, ev, cli, service, pass, dev);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_raw_tcon_recv(req, max_xmit, tid);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+/* Return a cli_state pointing at the IPC$ share for the given server */
+
+struct cli_state *get_ipc_connect(char *server,
+ struct sockaddr_storage *server_ss,
+ struct cli_credentials *creds)
+{
+ struct cli_state *cli;
+ NTSTATUS nt_status;
+ uint32_t flags = CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK;
+
+ flags |= CLI_FULL_CONNECTION_FORCE_SMB1;
+ flags |= CLI_FULL_CONNECTION_IPC;
+
+ nt_status = cli_full_connection_creds(&cli, NULL, server, server_ss, 0, "IPC$", "IPC",
+ creds,
+ flags);
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+ return cli;
+ }
+ if (is_ipaddress(server)) {
+ /* windows 9* needs a correct NMB name for connections */
+ fstring remote_name;
+
+ if (name_status_find("*", 0, 0, server_ss, remote_name)) {
+ cli = get_ipc_connect(remote_name, server_ss, creds);
+ if (cli)
+ return cli;
+ }
+ }
+ return NULL;
+}
+
+/*
+ * Given the IP address of a master browser on the network, return its
+ * workgroup and connect to it.
+ *
+ * This function is provided to allow additional processing beyond what
+ * get_ipc_connect_master_ip_bcast() does, e.g. to retrieve the list of master
+ * browsers and obtain each master browsers' list of domains (in case the
+ * first master browser is recently on the network and has not yet
+ * synchronized with other master browsers and therefore does not yet have the
+ * entire network browse list)
+ */
+
+struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
+ struct sockaddr_storage *mb_ip,
+ struct cli_credentials *creds,
+ char **pp_workgroup_out)
+{
+ char addr[INET6_ADDRSTRLEN];
+ fstring name;
+ struct cli_state *cli;
+ struct sockaddr_storage server_ss;
+
+ *pp_workgroup_out = NULL;
+
+ print_sockaddr(addr, sizeof(addr), mb_ip);
+ DEBUG(99, ("Looking up name of master browser %s\n",
+ addr));
+
+ /*
+ * Do a name status query to find out the name of the master browser.
+ * We use <01><02>__MSBROWSE__<02>#01 if *#00 fails because a domain
+ * master browser will not respond to a wildcard query (or, at least,
+ * an NT4 server acting as the domain master browser will not).
+ *
+ * We might be able to use ONLY the query on MSBROWSE, but that's not
+ * yet been tested with all Windows versions, so until it is, leave
+ * the original wildcard query as the first choice and fall back to
+ * MSBROWSE if the wildcard query fails.
+ */
+ if (!name_status_find("*", 0, 0x1d, mb_ip, name) &&
+ !name_status_find(MSBROWSE, 1, 0x1d, mb_ip, name)) {
+
+ DEBUG(99, ("Could not retrieve name status for %s\n",
+ addr));
+ return NULL;
+ }
+
+ if (!find_master_ip(name, &server_ss)) {
+ DEBUG(99, ("Could not find master ip for %s\n", name));
+ return NULL;
+ }
+
+ *pp_workgroup_out = talloc_strdup(ctx, name);
+
+ DEBUG(4, ("found master browser %s, %s\n", name, addr));
+
+ print_sockaddr(addr, sizeof(addr), &server_ss);
+ cli = get_ipc_connect(addr, &server_ss, creds);
+
+ return cli;
+}
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
new file mode 100644
index 0000000..939b3b0
--- /dev/null
+++ b/source3/libsmb/clidfs.c
@@ -0,0 +1,1451 @@
+/*
+ Unix SMB/CIFS implementation.
+ client connect/disconnect routines
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Gerald (Jerry) Carter 2004
+ Copyright (C) Jeremy Allison 2007-2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmb/clirap.h"
+#include "msdfs.h"
+#include "trans2.h"
+#include "libsmb/nmblib.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "auth/credentials/credentials.h"
+#include "lib/param/param.h"
+#include "libcli/smb/smb2_negotiate_context.h"
+
+/********************************************************************
+ Important point.
+
+ DFS paths are *always* of the form \server\share\<pathname> (the \ characters
+ are not C escaped here).
+
+ - but if we're using POSIX paths then <pathname> may contain
+ '/' separators, not '\\' separators. So cope with '\\' or '/'
+ as a separator when looking at the pathname part.... JRA.
+********************************************************************/
+
+/********************************************************************
+ Ensure a connection is encrypted.
+********************************************************************/
+
+static NTSTATUS cli_cm_force_encryption_creds(struct cli_state *c,
+ struct cli_credentials *creds,
+ const char *sharename)
+{
+ uint16_t major, minor;
+ uint32_t caplow, caphigh;
+ NTSTATUS status;
+ bool temp_ipc = false;
+
+ if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+ status = smb2cli_session_encryption_on(c->smb2.session);
+ if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED)) {
+ d_printf("Encryption required and "
+ "server doesn't support "
+ "SMB3 encryption - failing connect\n");
+ } else if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "setup failed with error %s.\n",
+ nt_errstr(status));
+ }
+ return status;
+ }
+
+ if (!SERVER_HAS_UNIX_CIFS(c)) {
+ d_printf("Encryption required and "
+ "server that doesn't support "
+ "UNIX extensions - failing connect\n");
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ if (c->smb1.tcon == NULL) {
+ status = cli_tree_connect_creds(c, "IPC$", "IPC", creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "can't connect to IPC$ to check "
+ "UNIX CIFS extensions.\n");
+ return NT_STATUS_UNKNOWN_REVISION;
+ }
+ temp_ipc = true;
+ }
+
+ status = cli_unix_extensions_version(c, &major, &minor, &caplow,
+ &caphigh);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "can't get UNIX CIFS extensions "
+ "version from server.\n");
+ if (temp_ipc) {
+ cli_tdis(c);
+ }
+ return NT_STATUS_UNKNOWN_REVISION;
+ }
+
+ if (!(caplow & CIFS_UNIX_TRANSPORT_ENCRYPTION_CAP)) {
+ d_printf("Encryption required and "
+ "share %s doesn't support "
+ "encryption.\n", sharename);
+ if (temp_ipc) {
+ cli_tdis(c);
+ }
+ return NT_STATUS_UNSUPPORTED_COMPRESSION;
+ }
+
+ status = cli_smb1_setup_encryption(c, creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Encryption required and "
+ "setup failed with error %s.\n",
+ nt_errstr(status));
+ if (temp_ipc) {
+ cli_tdis(c);
+ }
+ return status;
+ }
+
+ if (temp_ipc) {
+ cli_tdis(c);
+ }
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ Return a connection to a server.
+********************************************************************/
+
+static NTSTATUS do_connect(TALLOC_CTX *ctx,
+ const char *server,
+ const char *share,
+ struct cli_credentials *creds,
+ const struct sockaddr_storage *dest_ss,
+ int port,
+ int name_type,
+ struct cli_state **pcli)
+{
+ struct cli_state *c = NULL;
+ char *servicename;
+ char *sharename;
+ char *newserver, *newshare;
+ NTSTATUS status;
+ int flags = 0;
+ enum protocol_types protocol = PROTOCOL_NONE;
+ enum smb_signing_setting signing_state =
+ cli_credentials_get_smb_signing(creds);
+ enum smb_encryption_setting encryption_state =
+ cli_credentials_get_smb_encryption(creds);
+ struct smb2_negotiate_contexts *in_contexts = NULL;
+ struct smb2_negotiate_contexts *out_contexts = NULL;
+
+ if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
+ signing_state = SMB_SIGNING_REQUIRED;
+ }
+
+ /* make a copy so we don't modify the global string 'service' */
+ servicename = talloc_strdup(ctx,share);
+ if (!servicename) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ sharename = servicename;
+ if (*sharename == '\\') {
+ sharename += 2;
+ if (server == NULL) {
+ server = sharename;
+ }
+ sharename = strchr_m(sharename,'\\');
+ if (!sharename) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *sharename = 0;
+ sharename++;
+ }
+ if (server == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = cli_connect_nb(
+ server, dest_ss, port, name_type, NULL,
+ signing_state,
+ flags, &c);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ DBG_ERR("NetBIOS support disabled, unable to connect\n");
+ }
+
+ DBG_WARNING("Connection to %s failed (Error %s)\n",
+ server,
+ nt_errstr(status));
+ return status;
+ }
+
+ DEBUG(4,(" session request ok\n"));
+
+ in_contexts = talloc_zero(ctx, struct smb2_negotiate_contexts);
+ if (in_contexts == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = smb2_negotiate_context_add(
+ in_contexts,
+ in_contexts,
+ SMB2_POSIX_EXTENSIONS_AVAILABLE,
+ (const uint8_t *)SMB2_CREATE_TAG_POSIX,
+ strlen(SMB2_CREATE_TAG_POSIX));
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = smbXcli_negprot(c->conn,
+ c->timeout,
+ lp_client_min_protocol(),
+ lp_client_max_protocol(),
+ in_contexts,
+ ctx,
+ &out_contexts);
+ TALLOC_FREE(in_contexts);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ d_printf("Protocol negotiation (with timeout %d ms) timed out against server %s\n",
+ c->timeout,
+ smbXcli_conn_remote_name(c->conn));
+ cli_shutdown(c);
+ return status;
+ } else if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Protocol negotiation to server %s (for a protocol between %s and %s) failed: %s\n",
+ smbXcli_conn_remote_name(c->conn),
+ lpcfg_get_smb_protocol(lp_client_min_protocol()),
+ lpcfg_get_smb_protocol(lp_client_max_protocol()),
+ nt_errstr(status));
+ cli_shutdown(c);
+ return status;
+ }
+ protocol = smbXcli_conn_protocol(c->conn);
+ DEBUG(4,(" negotiated dialect[%s] against server[%s]\n",
+ smb_protocol_types_string(protocol),
+ smbXcli_conn_remote_name(c->conn)));
+
+ if (protocol >= PROTOCOL_SMB2_02) {
+ /* Ensure we ask for some initial credits. */
+ smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
+ }
+
+ status = cli_session_setup_creds(c, creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* If a password was not supplied then
+ * try again with a null username. */
+ if (encryption_state == SMB_ENCRYPTION_REQUIRED ||
+ smbXcli_conn_signing_mandatory(c->conn) ||
+ cli_credentials_authentication_requested(creds) ||
+ cli_credentials_is_anonymous(creds) ||
+ !NT_STATUS_IS_OK(status = cli_session_setup_anon(c)))
+ {
+ d_printf("session setup failed: %s\n",
+ nt_errstr(status));
+ if (NT_STATUS_EQUAL(status,
+ NT_STATUS_MORE_PROCESSING_REQUIRED))
+ d_printf("did you forget to run kinit?\n");
+ cli_shutdown(c);
+ return status;
+ }
+ d_printf("Anonymous login successful\n");
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("cli_init_creds() failed: %s\n", nt_errstr(status)));
+ cli_shutdown(c);
+ return status;
+ }
+
+ DEBUG(4,(" session setup ok\n"));
+
+ if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
+ status = cli_cm_force_encryption_creds(c,
+ creds,
+ sharename);
+ if (!NT_STATUS_IS_OK(status)) {
+ switch (encryption_state) {
+ case SMB_ENCRYPTION_DESIRED:
+ break;
+ case SMB_ENCRYPTION_REQUIRED:
+ default:
+ cli_shutdown(c);
+ return status;
+ }
+ }
+ }
+
+ /* here's the fun part....to support 'msdfs proxy' shares
+ (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
+ here before trying to connect to the original share.
+ cli_check_msdfs_proxy() will fail if it is a normal share. */
+
+ if (smbXcli_conn_dfs_supported(c->conn) &&
+ cli_check_msdfs_proxy(ctx, c, sharename,
+ &newserver, &newshare,
+ creds)) {
+ cli_shutdown(c);
+ return do_connect(ctx, newserver,
+ newshare, creds,
+ NULL, port, name_type, pcli);
+ }
+
+ /* must be a normal share */
+
+ status = cli_tree_connect_creds(c, sharename, "?????", creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("tree connect failed: %s\n", nt_errstr(status));
+ cli_shutdown(c);
+ return status;
+ }
+
+ DEBUG(4,(" tconx ok\n"));
+ *pcli = c;
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ Add a new connection to the list.
+ referring_cli == NULL means a new initial connection.
+********************************************************************/
+
+static NTSTATUS cli_cm_connect(TALLOC_CTX *ctx,
+ struct cli_state *referring_cli,
+ const char *server,
+ const char *share,
+ struct cli_credentials *creds,
+ const struct sockaddr_storage *dest_ss,
+ int port,
+ int name_type,
+ struct cli_state **pcli)
+{
+ struct cli_state *cli = NULL;
+ NTSTATUS status;
+
+ status = do_connect(ctx, server, share,
+ creds,
+ dest_ss, port, name_type, &cli);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /*
+ * This can't happen, this test is to satisfy static
+ * checkers (clang)
+ */
+ if (cli == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Enter into the list. */
+ if (referring_cli) {
+ DLIST_ADD_END(referring_cli, cli);
+ }
+
+ if (referring_cli && referring_cli->requested_posix_capabilities) {
+ uint16_t major, minor;
+ uint32_t caplow, caphigh;
+ status = cli_unix_extensions_version(cli, &major, &minor,
+ &caplow, &caphigh);
+ if (NT_STATUS_IS_OK(status)) {
+ cli_set_unix_extensions_capabilities(cli,
+ major, minor,
+ caplow, caphigh);
+ }
+ }
+
+ *pcli = cli;
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ Return a connection to a server on a particular share.
+********************************************************************/
+
+static struct cli_state *cli_cm_find(struct cli_state *cli,
+ const char *server,
+ const char *share)
+{
+ struct cli_state *p;
+
+ if (cli == NULL) {
+ return NULL;
+ }
+
+ /* Search to the start of the list. */
+ for (p = cli; p; p = DLIST_PREV(p)) {
+ const char *remote_name =
+ smbXcli_conn_remote_name(p->conn);
+
+ if (strequal(server, remote_name) &&
+ strequal(share,p->share)) {
+ return p;
+ }
+ }
+
+ /* Search to the end of the list. */
+ for (p = cli->next; p; p = p->next) {
+ const char *remote_name =
+ smbXcli_conn_remote_name(p->conn);
+
+ if (strequal(server, remote_name) &&
+ strequal(share,p->share)) {
+ return p;
+ }
+ }
+
+ return NULL;
+}
+
+/****************************************************************************
+ Open a client connection to a \\server\share.
+****************************************************************************/
+
+NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
+ struct cli_state *referring_cli,
+ const char *server,
+ const char *share,
+ struct cli_credentials *creds,
+ const struct sockaddr_storage *dest_ss,
+ int port,
+ int name_type,
+ struct cli_state **pcli)
+{
+ /* Try to reuse an existing connection in this list. */
+ struct cli_state *c = cli_cm_find(referring_cli, server, share);
+ NTSTATUS status;
+
+ if (c) {
+ *pcli = c;
+ return NT_STATUS_OK;
+ }
+
+ if (creds == NULL) {
+ /* Can't do a new connection
+ * without auth info. */
+ d_printf("cli_cm_open() Unable to open connection [\\%s\\%s] "
+ "without client credentials\n",
+ server, share );
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = cli_cm_connect(ctx,
+ referring_cli,
+ server,
+ share,
+ creds,
+ dest_ss,
+ port,
+ name_type,
+ &c);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ *pcli = c;
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+void cli_cm_display(struct cli_state *cli)
+{
+ int i;
+
+ for (i=0; cli; cli = cli->next,i++ ) {
+ d_printf("%d:\tserver=%s, share=%s\n",
+ i, smbXcli_conn_remote_name(cli->conn), cli->share);
+ }
+}
+
+/**********************************************************************
+ split a dfs path into the server, share name, and extrapath components
+**********************************************************************/
+
+static bool split_dfs_path(TALLOC_CTX *ctx,
+ const char *nodepath,
+ char **pp_server,
+ char **pp_share,
+ char **pp_extrapath)
+{
+ char *p, *q;
+ char *path;
+
+ *pp_server = NULL;
+ *pp_share = NULL;
+ *pp_extrapath = NULL;
+
+ path = talloc_strdup(ctx, nodepath);
+ if (!path) {
+ goto fail;
+ }
+
+ if ( path[0] != '\\' ) {
+ goto fail;
+ }
+
+ p = strchr_m( path + 1, '\\' );
+ if ( !p ) {
+ goto fail;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* Look for any extra/deep path */
+ q = strchr_m(p, '\\');
+ if (q != NULL) {
+ *q = '\0';
+ q++;
+ *pp_extrapath = talloc_strdup(ctx, q);
+ } else {
+ *pp_extrapath = talloc_strdup(ctx, "");
+ }
+ if (*pp_extrapath == NULL) {
+ goto fail;
+ }
+
+ *pp_share = talloc_strdup(ctx, p);
+ if (*pp_share == NULL) {
+ goto fail;
+ }
+
+ *pp_server = talloc_strdup(ctx, &path[1]);
+ if (*pp_server == NULL) {
+ goto fail;
+ }
+
+ TALLOC_FREE(path);
+ return true;
+
+fail:
+ TALLOC_FREE(*pp_share);
+ TALLOC_FREE(*pp_extrapath);
+ TALLOC_FREE(path);
+ return false;
+}
+
+/****************************************************************************
+ Return the original path truncated at the directory component before
+ the first wildcard character. Trust the caller to provide a NULL
+ terminated string
+****************************************************************************/
+
+static char *clean_path(TALLOC_CTX *ctx, const char *path)
+{
+ size_t len;
+ char *p1, *p2, *p;
+ char *path_out;
+
+ /* No absolute paths. */
+ while (IS_DIRECTORY_SEP(*path)) {
+ path++;
+ }
+
+ path_out = talloc_strdup(ctx, path);
+ if (!path_out) {
+ return NULL;
+ }
+
+ p1 = strchr_m(path_out, '*');
+ p2 = strchr_m(path_out, '?');
+
+ if (p1 || p2) {
+ if (p1 && p2) {
+ p = MIN(p1,p2);
+ } else if (!p1) {
+ p = p2;
+ } else {
+ p = p1;
+ }
+ *p = '\0';
+
+ /* Now go back to the start of this component. */
+ p1 = strrchr_m(path_out, '/');
+ p2 = strrchr_m(path_out, '\\');
+ p = MAX(p1,p2);
+ if (p) {
+ *p = '\0';
+ }
+ }
+
+ /* Strip any trailing separator */
+
+ len = strlen(path_out);
+ if ( (len > 0) && IS_DIRECTORY_SEP(path_out[len-1])) {
+ path_out[len-1] = '\0';
+ }
+
+ return path_out;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static char *cli_dfs_make_full_path(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *dir)
+{
+ char path_sep = '\\';
+
+ /* Ensure the extrapath doesn't start with a separator. */
+ while (IS_DIRECTORY_SEP(*dir)) {
+ dir++;
+ }
+
+ if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
+ path_sep = '/';
+ }
+ return talloc_asprintf(ctx, "%c%s%c%s%c%s",
+ path_sep,
+ smbXcli_conn_remote_name(cli->conn),
+ path_sep,
+ cli->share,
+ path_sep,
+ dir);
+}
+
+/********************************************************************
+ Check if a path has already been converted to DFS.
+********************************************************************/
+
+bool cli_dfs_is_already_full_path(struct cli_state *cli, const char *path)
+{
+ const char *server = smbXcli_conn_remote_name(cli->conn);
+ size_t server_len = strlen(server);
+ bool found_server = false;
+ const char *share = cli->share;
+ size_t share_len = strlen(share);
+ bool found_share = false;
+
+ if (!IS_DIRECTORY_SEP(path[0])) {
+ return false;
+ }
+ path++;
+ found_server = (strncasecmp_m(path, server, server_len) == 0);
+ if (!found_server) {
+ return false;
+ }
+ path += server_len;
+ if (!IS_DIRECTORY_SEP(path[0])) {
+ return false;
+ }
+ path++;
+ found_share = (strncasecmp_m(path, share, share_len) == 0);
+ if (!found_share) {
+ return false;
+ }
+ path += share_len;
+ if (path[0] == '\0') {
+ return true;
+ }
+ if (IS_DIRECTORY_SEP(path[0])) {
+ return true;
+ }
+ return false;
+}
+
+/********************************************************************
+ Get the dfs referral link.
+********************************************************************/
+
+NTSTATUS cli_dfs_get_referral_ex(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *path,
+ uint16_t max_referral_level,
+ struct client_dfs_referral **refs,
+ size_t *num_refs,
+ size_t *consumed)
+{
+ unsigned int param_len = 0;
+ uint16_t recv_flags2;
+ uint8_t *param = NULL;
+ uint8_t *rdata = NULL;
+ char *p;
+ char *endp;
+ smb_ucs2_t *path_ucs;
+ char *consumed_path = NULL;
+ uint16_t consumed_ucs;
+ uint16_t num_referrals;
+ struct client_dfs_referral *referrals = NULL;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ *num_refs = 0;
+ *refs = NULL;
+
+ param = talloc_array(talloc_tos(), uint8_t, 2);
+ if (!param) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ SSVAL(param, 0, max_referral_level);
+
+ param = trans2_bytes_push_str(param, smbXcli_conn_use_unicode(cli->conn),
+ path, strlen(path)+1,
+ NULL);
+ if (!param) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ param_len = talloc_get_size(param);
+ path_ucs = (smb_ucs2_t *)&param[2];
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ DATA_BLOB in_input_buffer;
+ DATA_BLOB in_output_buffer = data_blob_null;
+ DATA_BLOB out_input_buffer = data_blob_null;
+ DATA_BLOB out_output_buffer = data_blob_null;
+
+ in_input_buffer.data = param;
+ in_input_buffer.length = param_len;
+
+ status = smb2cli_ioctl(cli->conn,
+ cli->timeout,
+ cli->smb2.session,
+ cli->smb2.tcon,
+ UINT64_MAX, /* in_fid_persistent */
+ UINT64_MAX, /* in_fid_volatile */
+ FSCTL_DFS_GET_REFERRALS,
+ 0, /* in_max_input_length */
+ &in_input_buffer,
+ CLI_BUFFER_SIZE, /* in_max_output_length */
+ &in_output_buffer,
+ SMB2_IOCTL_FLAG_IS_FSCTL,
+ talloc_tos(),
+ &out_input_buffer,
+ &out_output_buffer);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ if (out_output_buffer.length < 4) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto out;
+ }
+
+ recv_flags2 = FLAGS2_UNICODE_STRINGS;
+ rdata = out_output_buffer.data;
+ endp = (char *)rdata + out_output_buffer.length;
+ } else {
+ unsigned int data_len = 0;
+ uint16_t setup[1];
+
+ SSVAL(setup, 0, TRANSACT2_GET_DFS_REFERRAL);
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans2,
+ NULL, 0xffff, 0, 0,
+ setup, 1, 0,
+ param, param_len, 2,
+ NULL, 0, CLI_BUFFER_SIZE,
+ &recv_flags2,
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL,
+ &rdata, 4, &data_len);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
+ endp = (char *)rdata + data_len;
+ }
+
+ consumed_ucs = SVAL(rdata, 0);
+ num_referrals = SVAL(rdata, 2);
+
+ /* consumed_ucs is the number of bytes
+ * of the UCS2 path consumed not counting any
+ * terminating null. We need to convert
+ * back to unix charset and count again
+ * to get the number of bytes consumed from
+ * the incoming path. */
+
+ errno = 0;
+ if (pull_string_talloc(talloc_tos(),
+ NULL,
+ 0,
+ &consumed_path,
+ path_ucs,
+ consumed_ucs,
+ STR_UNICODE) == 0) {
+ if (errno != 0) {
+ status = map_nt_error_from_unix(errno);
+ } else {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ goto out;
+ }
+ if (consumed_path == NULL) {
+ status = map_nt_error_from_unix(errno);
+ goto out;
+ }
+ *consumed = strlen(consumed_path);
+
+ if (num_referrals != 0) {
+ uint16_t ref_version;
+ uint16_t ref_size;
+ int i;
+ uint16_t node_offset;
+
+ referrals = talloc_array(ctx, struct client_dfs_referral,
+ num_referrals);
+
+ if (!referrals) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ /* start at the referrals array */
+
+ p = (char *)rdata+8;
+ for (i=0; i<num_referrals && p < endp; i++) {
+ if (p + 18 > endp) {
+ goto out;
+ }
+ ref_version = SVAL(p, 0);
+ ref_size = SVAL(p, 2);
+ node_offset = SVAL(p, 16);
+
+ if (ref_version != 3) {
+ p += ref_size;
+ continue;
+ }
+
+ referrals[i].proximity = SVAL(p, 8);
+ referrals[i].ttl = SVAL(p, 10);
+
+ if (p + node_offset > endp) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto out;
+ }
+ pull_string_talloc(referrals,
+ (const char *)rdata,
+ recv_flags2,
+ &referrals[i].dfspath,
+ p+node_offset,
+ PTR_DIFF(endp, p+node_offset),
+ STR_TERMINATE|STR_UNICODE);
+
+ if (!referrals[i].dfspath) {
+ status = map_nt_error_from_unix(errno);
+ goto out;
+ }
+ p += ref_size;
+ }
+ if (i < num_referrals) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto out;
+ }
+ }
+
+ *num_refs = num_referrals;
+ *refs = referrals;
+
+ out:
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *path,
+ struct client_dfs_referral **refs,
+ size_t *num_refs,
+ size_t *consumed)
+{
+ return cli_dfs_get_referral_ex(ctx,
+ cli,
+ path,
+ 3,
+ refs, /* Max referral level we want */
+ num_refs,
+ consumed);
+}
+
+static bool cli_conn_have_dfs(struct cli_state *cli)
+{
+ struct smbXcli_conn *conn = cli->conn;
+ struct smbXcli_tcon *tcon = NULL;
+ bool ok;
+
+ if (smbXcli_conn_protocol(conn) < PROTOCOL_SMB2_02) {
+ uint32_t capabilities = smb1cli_conn_capabilities(conn);
+
+ if ((capabilities & CAP_STATUS32) == 0) {
+ return false;
+ }
+ if ((capabilities & CAP_UNICODE) == 0) {
+ return false;
+ }
+
+ tcon = cli->smb1.tcon;
+ } else {
+ tcon = cli->smb2.tcon;
+ }
+
+ ok = smbXcli_tcon_is_dfs_share(tcon);
+ return ok;
+}
+
+/********************************************************************
+********************************************************************/
+struct cli_dfs_path_split {
+ char *server;
+ char *share;
+ char *extrapath;
+};
+
+NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
+ const char *mountpt,
+ struct cli_credentials *creds,
+ struct cli_state *rootcli,
+ const char *path,
+ struct cli_state **targetcli,
+ char **pp_targetpath)
+{
+ struct client_dfs_referral *refs = NULL;
+ size_t num_refs = 0;
+ size_t consumed = 0;
+ struct cli_state *cli_ipc = NULL;
+ char *dfs_path = NULL;
+ char *cleanpath = NULL;
+ char *extrapath = NULL;
+ int pathlen;
+ struct cli_state *newcli = NULL;
+ struct cli_state *ccli = NULL;
+ size_t count = 0;
+ char *newpath = NULL;
+ char *newmount = NULL;
+ char *ppath = NULL;
+ SMB_STRUCT_STAT sbuf;
+ uint32_t attributes;
+ NTSTATUS status;
+ struct smbXcli_tcon *target_tcon = NULL;
+ struct cli_dfs_path_split *dfs_refs = NULL;
+ bool ok;
+ bool is_already_dfs = false;
+
+ if ( !rootcli || !path || !targetcli ) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /*
+ * Avoid more than one leading directory separator
+ */
+ while (IS_DIRECTORY_SEP(path[0]) && IS_DIRECTORY_SEP(path[1])) {
+ path++;
+ }
+
+ ok = cli_conn_have_dfs(rootcli);
+ if (!ok) {
+ *targetcli = rootcli;
+ *pp_targetpath = talloc_strdup(ctx, path);
+ if (!*pp_targetpath) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+ }
+
+ *targetcli = NULL;
+
+ is_already_dfs = cli_dfs_is_already_full_path(rootcli, path);
+ if (is_already_dfs) {
+ const char *localpath = NULL;
+ /*
+ * Given path is already converted to DFS.
+ * Convert to a local path so clean_path()
+ * can correctly strip any wildcards.
+ */
+ status = cli_dfs_target_check(ctx,
+ rootcli,
+ path,
+ &localpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ path = localpath;
+ }
+
+ /* Send a trans2_query_path_info to check for a referral. */
+
+ cleanpath = clean_path(ctx, path);
+ if (!cleanpath) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ dfs_path = cli_dfs_make_full_path(ctx, rootcli, cleanpath);
+ if (!dfs_path) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = cli_qpathinfo_basic( rootcli, dfs_path, &sbuf, &attributes);
+ if (NT_STATUS_IS_OK(status)) {
+ /* This is an ordinary path, just return it. */
+ *targetcli = rootcli;
+ *pp_targetpath = talloc_strdup(ctx, path);
+ if (!*pp_targetpath) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ goto done;
+ }
+
+ /* Special case where client asked for a path that does not exist */
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ *targetcli = rootcli;
+ *pp_targetpath = talloc_strdup(ctx, path);
+ if (!*pp_targetpath) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ goto done;
+ }
+
+ /* We got an error, check for DFS referral. */
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
+ return status;
+ }
+
+ /* Check for the referral. */
+
+ status = cli_cm_open(ctx,
+ rootcli,
+ smbXcli_conn_remote_name(rootcli->conn),
+ "IPC$",
+ creds,
+ NULL, /* dest_ss not needed, we reuse the transport */
+ 0,
+ 0x20,
+ &cli_ipc);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = cli_dfs_get_referral(ctx, cli_ipc, dfs_path, &refs,
+ &num_refs, &consumed);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!num_refs || !refs[0].dfspath) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ /*
+ * Bug#10123 - DFS referral entries can be provided in a random order,
+ * so check the connection cache for each item to avoid unnecessary
+ * reconnections.
+ */
+ dfs_refs = talloc_array(ctx, struct cli_dfs_path_split, num_refs);
+ if (dfs_refs == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (count = 0; count < num_refs; count++) {
+ if (!split_dfs_path(dfs_refs, refs[count].dfspath,
+ &dfs_refs[count].server,
+ &dfs_refs[count].share,
+ &dfs_refs[count].extrapath)) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ ccli = cli_cm_find(rootcli, dfs_refs[count].server,
+ dfs_refs[count].share);
+ if (ccli != NULL) {
+ extrapath = dfs_refs[count].extrapath;
+ *targetcli = ccli;
+ break;
+ }
+ }
+
+ /*
+ * If no cached connection was found, then connect to the first live
+ * referral server in the list.
+ */
+ for (count = 0; (ccli == NULL) && (count < num_refs); count++) {
+ /* Connect to the target server & share */
+ status = cli_cm_connect(ctx, rootcli,
+ dfs_refs[count].server,
+ dfs_refs[count].share,
+ creds,
+ NULL, /* dest_ss */
+ 0, /* port */
+ 0x20,
+ targetcli);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Unable to follow dfs referral [\\%s\\%s]\n",
+ dfs_refs[count].server,
+ dfs_refs[count].share);
+ continue;
+ } else {
+ extrapath = dfs_refs[count].extrapath;
+ break;
+ }
+ }
+
+ /* No available referral server for the connection */
+ if (*targetcli == NULL) {
+ TALLOC_FREE(dfs_refs);
+ return status;
+ }
+
+ /* Make sure to recreate the original string including any wildcards. */
+
+ dfs_path = cli_dfs_make_full_path(ctx, rootcli, path);
+ if (!dfs_path) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NO_MEMORY;
+ }
+ pathlen = strlen(dfs_path);
+ consumed = MIN(pathlen, consumed);
+ *pp_targetpath = talloc_strdup(ctx, &dfs_path[consumed]);
+ if (!*pp_targetpath) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NO_MEMORY;
+ }
+ dfs_path[consumed] = '\0';
+
+ /*
+ * *pp_targetpath is now the unconsumed part of the path.
+ * dfs_path is now the consumed part of the path
+ * (in \server\share\path format).
+ */
+
+ if (extrapath && strlen(extrapath) > 0) {
+ /* EMC Celerra NAS version 5.6.50 (at least) doesn't appear to */
+ /* put the trailing \ on the path, so to be safe we put one in if needed */
+ if (extrapath[strlen(extrapath)-1] != '\\' && **pp_targetpath != '\\') {
+ *pp_targetpath = talloc_asprintf(ctx,
+ "%s\\%s",
+ extrapath,
+ *pp_targetpath);
+ } else {
+ *pp_targetpath = talloc_asprintf(ctx,
+ "%s%s",
+ extrapath,
+ *pp_targetpath);
+ }
+ if (!*pp_targetpath) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ /* parse out the consumed mount path */
+ /* trim off the \server\share\ */
+
+ ppath = dfs_path;
+
+ if (*ppath != '\\') {
+ d_printf("cli_resolve_path: "
+ "dfs_path (%s) not in correct format.\n",
+ dfs_path );
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ ppath++; /* Now pointing at start of server name. */
+
+ if ((ppath = strchr_m( dfs_path, '\\' )) == NULL) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ ppath++; /* Now pointing at start of share name. */
+
+ if ((ppath = strchr_m( ppath+1, '\\' )) == NULL) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ ppath++; /* Now pointing at path component. */
+
+ newmount = talloc_asprintf(ctx, "%s\\%s", mountpt, ppath );
+ if (!newmount) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ /* Check for another dfs referral, note that we are not
+ checking for loops here. */
+
+ if (!strequal(*pp_targetpath, "\\") && !strequal(*pp_targetpath, "/")) {
+ status = cli_resolve_path(ctx,
+ newmount,
+ creds,
+ *targetcli,
+ *pp_targetpath,
+ &newcli,
+ &newpath);
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * When cli_resolve_path returns true here it's always
+ * returning the complete path in newpath, so we're done
+ * here.
+ */
+ *targetcli = newcli;
+ *pp_targetpath = newpath;
+ TALLOC_FREE(dfs_refs);
+ return status;
+ }
+ }
+
+ done:
+
+ if (smbXcli_conn_protocol((*targetcli)->conn) >= PROTOCOL_SMB2_02) {
+ target_tcon = (*targetcli)->smb2.tcon;
+ } else {
+ target_tcon = (*targetcli)->smb1.tcon;
+ }
+
+ /* If returning true ensure we return a dfs root full path. */
+ if (smbXcli_tcon_is_dfs_share(target_tcon)) {
+ dfs_path = talloc_strdup(ctx, *pp_targetpath);
+ if (!dfs_path) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NO_MEMORY;
+ }
+ *pp_targetpath = cli_dfs_make_full_path(ctx, *targetcli, dfs_path);
+ if (*pp_targetpath == NULL) {
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ TALLOC_FREE(dfs_refs);
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+********************************************************************/
+
+bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *sharename,
+ char **pp_newserver,
+ char **pp_newshare,
+ struct cli_credentials *creds)
+{
+ struct client_dfs_referral *refs = NULL;
+ size_t num_refs = 0;
+ size_t consumed = 0;
+ char *fullpath = NULL;
+ bool res;
+ struct smbXcli_tcon *orig_tcon = NULL;
+ char *orig_share = NULL;
+ char *newextrapath = NULL;
+ NTSTATUS status;
+ const char *remote_name;
+ enum smb_encryption_setting encryption_state =
+ cli_credentials_get_smb_encryption(creds);
+
+ if (!cli || !sharename) {
+ return false;
+ }
+
+ remote_name = smbXcli_conn_remote_name(cli->conn);
+
+ /* special case. never check for a referral on the IPC$ share */
+
+ if (strequal(sharename, "IPC$")) {
+ return false;
+ }
+
+ /* send a trans2_query_path_info to check for a referral */
+
+ fullpath = talloc_asprintf(ctx, "\\%s\\%s", remote_name, sharename);
+ if (!fullpath) {
+ return false;
+ }
+
+ /* Store tcon state. */
+ if (cli_state_has_tcon(cli)) {
+ cli_state_save_tcon_share(cli, &orig_tcon, &orig_share);
+ }
+
+ /* check for the referral */
+
+ if (!NT_STATUS_IS_OK(cli_tree_connect(cli, "IPC$", "IPC", NULL))) {
+ cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
+ return false;
+ }
+
+ if (encryption_state >= SMB_ENCRYPTION_DESIRED) {
+ status = cli_cm_force_encryption_creds(cli, creds, "IPC$");
+ if (!NT_STATUS_IS_OK(status)) {
+ switch (encryption_state) {
+ case SMB_ENCRYPTION_DESIRED:
+ break;
+ case SMB_ENCRYPTION_REQUIRED:
+ default:
+ /*
+ * Failed to set up encryption.
+ * Disconnect the temporary IPC$
+ * tcon before restoring the original
+ * tcon so we don't leak it.
+ */
+ cli_tdis(cli);
+ cli_state_restore_tcon_share(cli,
+ orig_tcon,
+ orig_share);
+ return false;
+ }
+ }
+ }
+
+ status = cli_dfs_get_referral(ctx, cli, fullpath, &refs,
+ &num_refs, &consumed);
+ res = NT_STATUS_IS_OK(status);
+
+ status = cli_tdis(cli);
+
+ cli_state_restore_tcon_share(cli, orig_tcon, orig_share);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ if (!res || !num_refs) {
+ return false;
+ }
+
+ if (!refs[0].dfspath) {
+ return false;
+ }
+
+ if (!split_dfs_path(ctx, refs[0].dfspath, pp_newserver,
+ pp_newshare, &newextrapath)) {
+ return false;
+ }
+
+ /* check that this is not a self-referral */
+
+ if (strequal(remote_name, *pp_newserver) &&
+ strequal(sharename, *pp_newshare)) {
+ return false;
+ }
+
+ return true;
+}
+
+/********************************************************************
+ Windows and NetApp (and arguably the SMB1/2/3 specs) expect a non-DFS
+ path for the targets of rename and hardlink. If we have been given
+ a DFS path for these calls, convert it back into a local path by
+ stripping off the DFS prefix.
+********************************************************************/
+
+NTSTATUS cli_dfs_target_check(TALLOC_CTX *mem_ctx,
+ struct cli_state *cli,
+ const char *fname_dst,
+ const char **fname_dst_out)
+{
+ char *dfs_prefix = NULL;
+ size_t prefix_len = 0;
+ struct smbXcli_tcon *tcon = NULL;
+
+ if (!smbXcli_conn_dfs_supported(cli->conn)) {
+ goto copy_fname_out;
+ }
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ tcon = cli->smb2.tcon;
+ } else {
+ tcon = cli->smb1.tcon;
+ }
+ if (!smbXcli_tcon_is_dfs_share(tcon)) {
+ goto copy_fname_out;
+ }
+ dfs_prefix = cli_dfs_make_full_path(mem_ctx, cli, "");
+ if (dfs_prefix == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ prefix_len = strlen(dfs_prefix);
+ if (strncmp(fname_dst, dfs_prefix, prefix_len) != 0) {
+ /*
+ * Prefix doesn't match. Assume it was
+ * already stripped or not added in the
+ * first place.
+ */
+ goto copy_fname_out;
+ }
+ /* Return the trailing name after the prefix. */
+ *fname_dst_out = &fname_dst[prefix_len];
+ TALLOC_FREE(dfs_prefix);
+ return NT_STATUS_OK;
+
+ copy_fname_out:
+
+ /*
+ * No change to the destination name. Just
+ * point it at the incoming destination name.
+ */
+ *fname_dst_out = fname_dst;
+ TALLOC_FREE(dfs_prefix);
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ Convert a pathname into a DFS path if it hasn't already been converted.
+ Always returns a talloc'ed path, makes it easy to pass const paths in.
+********************************************************************/
+
+char *smb1_dfs_share_path(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *path)
+{
+ bool is_dfs = smbXcli_conn_dfs_supported(cli->conn) &&
+ smbXcli_tcon_is_dfs_share(cli->smb1.tcon);
+ bool is_already_dfs_path = false;
+ bool posix = (cli->requested_posix_capabilities &
+ CIFS_UNIX_POSIX_PATHNAMES_CAP);
+ char sepchar = (posix ? '/' : '\\');
+
+ if (!is_dfs) {
+ return talloc_strdup(ctx, path);
+ }
+ is_already_dfs_path = cli_dfs_is_already_full_path(cli, path);
+ if (is_already_dfs_path) {
+ return talloc_strdup(ctx, path);
+ }
+ /*
+ * We don't use cli_dfs_make_full_path() as,
+ * when given a null path, cli_dfs_make_full_path
+ * deliberately adds a trailing '\\' (this is by
+ * design to check for an existing DFS prefix match).
+ */
+ if (path[0] == '\0') {
+ return talloc_asprintf(ctx,
+ "%c%s%c%s",
+ sepchar,
+ smbXcli_conn_remote_name(cli->conn),
+ sepchar,
+ cli->share);
+ }
+ while (*path == sepchar) {
+ path++;
+ }
+ return talloc_asprintf(ctx,
+ "%c%s%c%s%c%s",
+ sepchar,
+ smbXcli_conn_remote_name(cli->conn),
+ sepchar,
+ cli->share,
+ sepchar,
+ path);
+}
diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c
new file mode 100644
index 0000000..a45bdac
--- /dev/null
+++ b/source3/libsmb/clidgram.c
@@ -0,0 +1,482 @@
+/*
+ Unix SMB/CIFS implementation.
+ client dgram calls
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Richard Sharpe 2001
+ Copyright (C) John Terpstra 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "libsmb/clidgram.h"
+#include "libsmb/nmblib.h"
+#include "libsmb/unexpected.h"
+#include "messages.h"
+#include "librpc/gen_ndr/samr.h"
+#include "../lib/util/pidfile.h"
+#include "lib/util/string_wrappers.h"
+
+/*
+ * cli_send_mailslot, send a mailslot for client code ...
+ */
+
+static bool cli_prep_mailslot(bool unique, const char *mailslot,
+ uint16_t priority,
+ char *buf, int len,
+ const char *srcname, int src_type,
+ const char *dstname, int dest_type,
+ const struct sockaddr_storage *dest_ss,
+ int dgm_id,
+ struct packet_struct *p)
+{
+ struct dgram_packet *dgram = &p->packet.dgram;
+ char *ptr, *p2;
+ char tmp[4];
+ char addr[INET6_ADDRSTRLEN];
+
+ ZERO_STRUCTP(p);
+
+ /*
+ * Next, build the DGRAM ...
+ */
+
+ /* DIRECT GROUP or UNIQUE datagram. */
+ dgram->header.msg_type = unique ? 0x10 : 0x11;
+ dgram->header.flags.node_type = M_NODE;
+ dgram->header.flags.first = True;
+ dgram->header.flags.more = False;
+ dgram->header.dgm_id = dgm_id;
+ /* source ip is filled by nmbd */
+ dgram->header.dgm_length = 0; /* Let build_dgram() handle this. */
+ dgram->header.packet_offset = 0;
+
+ make_nmb_name(&dgram->source_name,srcname,src_type);
+ make_nmb_name(&dgram->dest_name,dstname,dest_type);
+
+ ptr = &dgram->data[0];
+
+ /* Setup the smb part. */
+ ptr -= 4; /* XXX Ugliness because of handling of tcp SMB length. */
+ memcpy(tmp,ptr,4);
+
+ if (smb_size + 17*2 + strlen(mailslot) + 1 + len > MAX_DGRAM_SIZE) {
+ DEBUG(0, ("cli_send_mailslot: Cannot write beyond end of packet\n"));
+ return False;
+ }
+
+ cli_set_message(ptr,17,strlen(mailslot) + 1 + len,True);
+ memcpy(ptr,tmp,4);
+
+ SCVAL(ptr,smb_com,SMBtrans);
+ SSVAL(ptr,smb_vwv1,len);
+ SSVAL(ptr,smb_vwv11,len);
+ SSVAL(ptr,smb_vwv12,70 + strlen(mailslot));
+ SSVAL(ptr,smb_vwv13,3);
+ SSVAL(ptr,smb_vwv14,1);
+ SSVAL(ptr,smb_vwv15,priority);
+ SSVAL(ptr,smb_vwv16,2);
+ p2 = smb_buf(ptr);
+ fstrcpy(p2,mailslot);
+ p2 = skip_string(ptr,MAX_DGRAM_SIZE,p2);
+ if (!p2) {
+ return False;
+ }
+
+ memcpy(p2,buf,len);
+ p2 += len;
+
+ dgram->datasize = PTR_DIFF(p2,ptr+4); /* +4 for tcp length. */
+
+ p->packet_type = DGRAM_PACKET;
+ p->ip = ((const struct sockaddr_in *)dest_ss)->sin_addr;
+ p->timestamp = time(NULL);
+
+ DEBUG(4,("send_mailslot: Sending to mailslot %s from %s ",
+ mailslot, nmb_namestr(&dgram->source_name)));
+ print_sockaddr(addr, sizeof(addr), dest_ss);
+
+ DEBUGADD(4,("to %s IP %s\n", nmb_namestr(&dgram->dest_name), addr));
+
+ return true;
+}
+
+static char *mailslot_name(TALLOC_CTX *mem_ctx, struct in_addr dc_ip)
+{
+ return talloc_asprintf(mem_ctx, "%s%X",
+ NBT_MAILSLOT_GETDC, dc_ip.s_addr);
+}
+
+static bool prep_getdc_request(const struct sockaddr_storage *dc_ss,
+ const char *account_name,
+ uint32_t account_flags,
+ const char *domain_name,
+ const struct dom_sid *sid,
+ uint32_t nt_version,
+ const char *my_mailslot,
+ int dgm_id,
+ struct packet_struct *p)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct nbt_netlogon_packet packet;
+ struct NETLOGON_SAM_LOGON_REQUEST *s;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob = data_blob_null;
+ struct dom_sid my_sid;
+ bool ret = false;
+
+ ZERO_STRUCT(packet);
+ ZERO_STRUCT(my_sid);
+
+ if (sid != NULL) {
+ my_sid = *sid;
+ }
+
+ packet.command = LOGON_SAM_LOGON_REQUEST;
+ s = &packet.req.logon;
+
+ s->request_count = 0;
+ s->computer_name = lp_netbios_name();
+ s->user_name = account_name;
+ s->mailslot_name = my_mailslot;
+ s->acct_control = account_flags;
+ s->sid = my_sid;
+ s->nt_version = nt_version;
+ s->lmnt_token = 0xffff;
+ s->lm20_token = 0xffff;
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(nbt_netlogon_packet, &packet);
+ }
+
+ ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &packet,
+ (ndr_push_flags_fn_t)ndr_push_nbt_netlogon_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ goto fail;
+ }
+
+ ret = cli_prep_mailslot(false, NBT_MAILSLOT_NTLOGON, 0,
+ (char *)blob.data, blob.length,
+ lp_netbios_name(), 0, domain_name, 0x1c,
+ dc_ss, dgm_id, p);
+fail:
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+static bool parse_getdc_response(
+ struct packet_struct *packet,
+ TALLOC_CTX *mem_ctx,
+ const char *domain_name,
+ uint32_t *nt_version,
+ const char **dc_name,
+ struct netlogon_samlogon_response **samlogon_response)
+{
+ DATA_BLOB blob;
+ struct netlogon_samlogon_response *r;
+ union dgram_message_body p;
+ enum ndr_err_code ndr_err;
+ NTSTATUS status;
+
+ const char *returned_dc = NULL;
+ const char *returned_domain = NULL;
+
+ blob = data_blob_const(packet->packet.dgram.data,
+ packet->packet.dgram.datasize);
+ if (blob.length < 4) {
+ DEBUG(1, ("invalid length: %d\n", (int)blob.length));
+ return false;
+ }
+
+ if (RIVAL(blob.data,0) != DGRAM_SMB) {
+ DEBUG(1, ("invalid packet\n"));
+ return false;
+ }
+
+ blob.data += 4;
+ blob.length -= 4;
+
+ ndr_err = ndr_pull_union_blob_all(&blob, mem_ctx, &p, DGRAM_SMB,
+ (ndr_pull_flags_fn_t)ndr_pull_dgram_smb_packet);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(1, ("failed to parse packet\n"));
+ return false;
+ }
+
+ if (p.smb.smb_command != SMB_TRANSACTION) {
+ DEBUG(1, ("invalid smb_command: %d\n", p.smb.smb_command));
+ return false;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(dgram_smb_packet, &p);
+ }
+
+ blob = p.smb.body.trans.data;
+
+ r = talloc_zero(mem_ctx, struct netlogon_samlogon_response);
+ if (!r) {
+ return false;
+ }
+
+ status = pull_netlogon_samlogon_response(&blob, r, r);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(r);
+ return false;
+ }
+
+ map_netlogon_samlogon_response(r);
+
+ /* do we still need this ? */
+ *nt_version = r->ntver;
+
+ returned_domain = r->data.nt5_ex.domain_name;
+ returned_dc = r->data.nt5_ex.pdc_name;
+
+ if (!strequal(returned_domain, domain_name)) {
+ DEBUG(3, ("GetDC: Expected domain %s, got %s\n",
+ domain_name, returned_domain));
+ TALLOC_FREE(r);
+ return false;
+ }
+
+ if (*returned_dc == '\\') returned_dc += 1;
+ if (*returned_dc == '\\') returned_dc += 1;
+
+ *dc_name = talloc_strdup(mem_ctx, returned_dc);
+ if (!*dc_name) {
+ TALLOC_FREE(r);
+ return false;
+ }
+
+ if (samlogon_response) {
+ *samlogon_response = r;
+ } else {
+ TALLOC_FREE(r);
+ }
+
+ DEBUG(10, ("GetDC gave name %s for domain %s\n",
+ *dc_name, returned_domain));
+
+ return True;
+}
+
+struct nbt_getdc_state {
+ struct tevent_context *ev;
+ struct messaging_context *msg_ctx;
+ struct nb_packet_reader *reader;
+ const char *my_mailslot;
+ pid_t nmbd_pid;
+
+ const struct sockaddr_storage *dc_addr;
+ const char *domain_name;
+ const struct dom_sid *sid;
+ uint32_t nt_version;
+ const char *dc_name;
+ struct netlogon_samlogon_response *samlogon_response;
+
+ struct packet_struct p;
+};
+
+static void nbt_getdc_got_reader(struct tevent_req *subreq);
+static void nbt_getdc_got_response(struct tevent_req *subreq);
+
+struct tevent_req *nbt_getdc_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg_ctx,
+ const struct sockaddr_storage *dc_addr,
+ const char *domain_name,
+ const struct dom_sid *sid,
+ const char *account_name,
+ uint32_t account_flags,
+ uint32_t nt_version)
+{
+ struct tevent_req *req, *subreq;
+ struct nbt_getdc_state *state;
+ uint16_t dgm_id;
+ bool ok;
+
+ req = tevent_req_create(mem_ctx, &state, struct nbt_getdc_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->msg_ctx = msg_ctx;
+ state->dc_addr = dc_addr;
+ state->domain_name = domain_name;
+ state->sid = sid;
+ state->nt_version = nt_version;
+
+ if (dc_addr->ss_family != AF_INET) {
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+ state->my_mailslot = mailslot_name(
+ state, ((const struct sockaddr_in *)dc_addr)->sin_addr);
+ if (tevent_req_nomem(state->my_mailslot, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->nmbd_pid = pidfile_pid(lp_pid_directory(), "nmbd");
+ if (state->nmbd_pid == 0) {
+ DEBUG(3, ("No nmbd found\n"));
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
+ generate_random_buffer((uint8_t *)(void *)&dgm_id, sizeof(dgm_id));
+
+ ok = prep_getdc_request(dc_addr, account_name, account_flags,
+ domain_name, sid, nt_version,
+ state->my_mailslot, dgm_id & 0x7fff,
+ &state->p);
+
+ if (!ok) {
+ DEBUG(3, ("prep_getdc_request failed\n"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = nb_packet_reader_send(state, ev, DGRAM_PACKET, -1,
+ state->my_mailslot);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, nbt_getdc_got_reader, req);
+ return req;
+}
+
+static void nbt_getdc_got_reader(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nbt_getdc_state *state = tevent_req_data(
+ req, struct nbt_getdc_state);
+ NTSTATUS status;
+
+ status = nb_packet_reader_recv(subreq, state, &state->reader);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ DEBUG(10, ("nb_packet_reader_recv returned %s\n",
+ nt_errstr(status)));
+ return;
+ }
+
+ status = messaging_send_buf(
+ state->msg_ctx, pid_to_procid(state->nmbd_pid),
+ MSG_SEND_PACKET, (uint8_t *)&state->p, sizeof(state->p));
+
+ if (tevent_req_nterror(req, status)) {
+ DEBUG(10, ("messaging_send_buf returned %s\n",
+ nt_errstr(status)));
+ return;
+ }
+ subreq = nb_packet_read_send(state, state->ev, state->reader);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nbt_getdc_got_response, req);
+}
+
+static void nbt_getdc_got_response(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nbt_getdc_state *state = tevent_req_data(
+ req, struct nbt_getdc_state);
+ struct packet_struct *p;
+ NTSTATUS status;
+ bool ret;
+
+ status = nb_packet_read_recv(subreq, state, &p);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ ret = parse_getdc_response(p, state, state->domain_name,
+ &state->nt_version, &state->dc_name,
+ &state->samlogon_response);
+ if (!ret) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS nbt_getdc_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint32_t *nt_version, const char **dc_name,
+ struct netlogon_samlogon_response **samlogon_response)
+{
+ struct nbt_getdc_state *state = tevent_req_data(
+ req, struct nbt_getdc_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (nt_version != NULL) {
+ *nt_version = state->nt_version;
+ }
+ if (dc_name != NULL) {
+ *dc_name = talloc_move(mem_ctx, &state->dc_name);
+ }
+ if (samlogon_response != NULL) {
+ *samlogon_response = talloc_move(
+ mem_ctx, &state->samlogon_response);
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS nbt_getdc(struct messaging_context *msg_ctx,
+ uint32_t timeout_in_seconds,
+ const struct sockaddr_storage *dc_addr,
+ const char *domain_name,
+ const struct dom_sid *sid,
+ const char *account_name,
+ uint32_t account_flags,
+ uint32_t nt_version,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *pnt_version,
+ const char **dc_name,
+ struct netlogon_samlogon_response **samlogon_response)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = nbt_getdc_send(ev, ev, msg_ctx, dc_addr, domain_name,
+ sid, account_name, account_flags, nt_version);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_set_endtime(req, ev,
+ timeval_current_ofs(timeout_in_seconds, 0))) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = nbt_getdc_recv(req, mem_ctx, pnt_version, dc_name,
+ samlogon_response);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/clidgram.h b/source3/libsmb/clidgram.h
new file mode 100644
index 0000000..46e11f4
--- /dev/null
+++ b/source3/libsmb/clidgram.h
@@ -0,0 +1,54 @@
+/*
+ Unix SMB/CIFS implementation.
+ client dgram calls
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Richard Sharpe 2001
+ Copyright (C) John Terpstra 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBSMB_CLIDGRAM_H_
+#define _LIBSMB_CLIDGRAM_H_
+
+#include "../libcli/netlogon/netlogon.h"
+
+/* The following definitions come from libsmb/clidgram.c */
+
+struct tevent_req *nbt_getdc_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct messaging_context *msg_ctx,
+ const struct sockaddr_storage *dc_addr,
+ const char *domain_name,
+ const struct dom_sid *sid,
+ const char *account_name,
+ uint32_t account_flags,
+ uint32_t nt_version);
+NTSTATUS nbt_getdc_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint32_t *nt_version, const char **dc_name,
+ struct netlogon_samlogon_response **samlogon_response);
+NTSTATUS nbt_getdc(struct messaging_context *msg_ctx,
+ uint32_t timeout_in_seconds,
+ const struct sockaddr_storage *dc_addr,
+ const char *domain_name,
+ const struct dom_sid *sid,
+ const char *account_name,
+ uint32_t account_flags,
+ uint32_t nt_version,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *pnt_version,
+ const char **dc_name,
+ struct netlogon_samlogon_response **samlogon_response);
+
+#endif /* _LIBSMB_CLIDGRAM_H_ */
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
new file mode 100644
index 0000000..bec1184
--- /dev/null
+++ b/source3/libsmb/clientgen.c
@@ -0,0 +1,650 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB client generic functions
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Jeremy Allison 2007.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "../libcli/smb/smb_signing.h"
+#include "../libcli/smb/smb_seal.h"
+#include "async_smb.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "../libcli/smb/smb2_negotiate_context.h"
+#include "../librpc/ndr/libndr.h"
+#include "../include/client.h"
+
+/****************************************************************************
+ Change the timeout (in milliseconds).
+****************************************************************************/
+
+unsigned int cli_set_timeout(struct cli_state *cli, unsigned int timeout)
+{
+ unsigned int old_timeout = cli->timeout;
+ DBG_DEBUG("Changing connection timeout for server '%s' from %d (ms) to "
+ "%d (ms).\n",
+ smbXcli_conn_remote_name(cli->conn),
+ cli->timeout,
+ timeout);
+ cli->timeout = timeout;
+ return old_timeout;
+}
+
+/****************************************************************************
+ Set the 'backup_intent' flag.
+****************************************************************************/
+
+bool cli_set_backup_intent(struct cli_state *cli, bool flag)
+{
+ bool old_state = cli->backup_intent;
+ cli->backup_intent = flag;
+ return old_state;
+}
+
+/****************************************************************************
+ Initialise a client structure. Always returns a talloc'ed struct.
+ Set the signing state (used from the command line).
+****************************************************************************/
+
+struct GUID cli_state_client_guid;
+
+struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
+ int fd,
+ const char *remote_name,
+ enum smb_signing_setting signing_state,
+ int flags)
+{
+ struct cli_state *cli = NULL;
+ bool use_spnego = lp_client_use_spnego();
+ bool force_dos_errors = false;
+ bool force_ascii = false;
+ bool use_level_II_oplocks = false;
+ uint32_t smb1_capabilities = 0;
+ uint32_t smb2_capabilities = 0;
+ struct smb311_capabilities smb3_capabilities =
+ smb311_capabilities_parse("client",
+ lp_client_smb3_signing_algorithms(),
+ lp_client_smb3_encryption_algorithms());
+ struct GUID client_guid;
+
+ if (!GUID_all_zero(&cli_state_client_guid)) {
+ client_guid = cli_state_client_guid;
+ } else {
+ const char *str = NULL;
+
+ str = lp_parm_const_string(-1, "libsmb", "client_guid", NULL);
+ if (str != NULL) {
+ GUID_from_string(str, &client_guid);
+ } else {
+ client_guid = GUID_random();
+ }
+ }
+
+ /* Check the effective uid - make sure we are not setuid */
+ if (is_setuid_root()) {
+ DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n"));
+ return NULL;
+ }
+
+ cli = talloc_zero(mem_ctx, struct cli_state);
+ if (!cli) {
+ return NULL;
+ }
+
+ cli->server_domain = talloc_strdup(cli, "");
+ if (!cli->server_domain) {
+ goto error;
+ }
+ cli->server_os = talloc_strdup(cli, "");
+ if (!cli->server_os) {
+ goto error;
+ }
+ cli->server_type = talloc_strdup(cli, "");
+ if (!cli->server_type) {
+ goto error;
+ }
+
+ cli->raw_status = NT_STATUS_INTERNAL_ERROR;
+ cli->map_dos_errors = true; /* remove this */
+ cli->timeout = CLIENT_TIMEOUT;
+
+ /* Set the CLI_FORCE_DOSERR environment variable to test
+ client routines using DOS errors instead of STATUS32
+ ones. This intended only as a temporary hack. */
+ if (getenv("CLI_FORCE_DOSERR")) {
+ force_dos_errors = true;
+ }
+ if (flags & CLI_FULL_CONNECTION_FORCE_DOS_ERRORS) {
+ force_dos_errors = true;
+ }
+
+ if (getenv("CLI_FORCE_ASCII")) {
+ force_ascii = true;
+ }
+ if (!lp_unicode()) {
+ force_ascii = true;
+ }
+ if (flags & CLI_FULL_CONNECTION_FORCE_ASCII) {
+ force_ascii = true;
+ }
+
+ if (flags & CLI_FULL_CONNECTION_DONT_SPNEGO) {
+ use_spnego = false;
+ }
+
+ if (flags & CLI_FULL_CONNECTION_OPLOCKS) {
+ cli->use_oplocks = true;
+ }
+ if (flags & CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS) {
+ use_level_II_oplocks = true;
+ }
+
+ if (signing_state == SMB_SIGNING_IPC_DEFAULT) {
+ /*
+ * Ensure for IPC/RPC the default is to require
+ * signing unless explicitly turned off by the
+ * administrator.
+ */
+ signing_state = lp_client_ipc_signing();
+ }
+
+ if (signing_state == SMB_SIGNING_DEFAULT) {
+ signing_state = lp_client_signing();
+ }
+
+ smb1_capabilities = 0;
+ smb1_capabilities |= CAP_LARGE_FILES;
+ smb1_capabilities |= CAP_NT_SMBS | CAP_RPC_REMOTE_APIS;
+ smb1_capabilities |= CAP_LOCK_AND_READ | CAP_NT_FIND;
+ smb1_capabilities |= CAP_DFS | CAP_W2K_SMBS;
+ smb1_capabilities |= CAP_LARGE_READX|CAP_LARGE_WRITEX;
+ smb1_capabilities |= CAP_LWIO;
+
+ if (!force_dos_errors) {
+ smb1_capabilities |= CAP_STATUS32;
+ }
+
+ if (!force_ascii) {
+ smb1_capabilities |= CAP_UNICODE;
+ }
+
+ if (use_spnego) {
+ smb1_capabilities |= CAP_EXTENDED_SECURITY;
+ }
+
+ if (use_level_II_oplocks) {
+ smb1_capabilities |= CAP_LEVEL_II_OPLOCKS;
+ }
+
+ smb2_capabilities = SMB2_CAP_ALL;
+
+ cli->conn = smbXcli_conn_create(cli, fd, remote_name,
+ signing_state,
+ smb1_capabilities,
+ &client_guid,
+ smb2_capabilities,
+ &smb3_capabilities);
+ if (cli->conn == NULL) {
+ goto error;
+ }
+
+ cli->smb1.pid = (uint32_t)getpid();
+ cli->smb1.vc_num = cli->smb1.pid;
+ cli->smb1.session = smbXcli_session_create(cli, cli->conn);
+ if (cli->smb1.session == NULL) {
+ goto error;
+ }
+
+ cli->initialised = 1;
+ return cli;
+
+ /* Clean up after malloc() error */
+
+ error:
+
+ TALLOC_FREE(cli);
+ return NULL;
+}
+
+/****************************************************************************
+ Close all pipes open on this session.
+****************************************************************************/
+
+static void cli_nt_pipes_close(struct cli_state *cli)
+{
+ while (cli->pipe_list != NULL) {
+ /*
+ * No TALLOC_FREE here!
+ */
+ talloc_free(cli->pipe_list);
+ }
+}
+
+/****************************************************************************
+ Shutdown a client structure.
+****************************************************************************/
+
+static void _cli_shutdown(struct cli_state *cli)
+{
+ cli_nt_pipes_close(cli);
+
+ /*
+ * tell our peer to free his resources. Without this, when an
+ * application attempts to do a graceful shutdown and calls
+ * smbc_free_context() to clean up all connections, some connections
+ * can remain active on the peer end, until some (long) timeout period
+ * later. This tree disconnect forces the peer to clean up, since the
+ * connection will be going away.
+ */
+ if (cli_state_has_tcon(cli)) {
+ cli_tdis(cli);
+ }
+
+ smbXcli_conn_disconnect(cli->conn, NT_STATUS_OK);
+
+ TALLOC_FREE(cli);
+}
+
+void cli_shutdown(struct cli_state *cli)
+{
+ struct cli_state *cli_head;
+ if (cli == NULL) {
+ return;
+ }
+ DLIST_HEAD(cli, cli_head);
+ if (cli_head == cli) {
+ /*
+ * head of a DFS list, shutdown all subsidiary DFS
+ * connections.
+ */
+ struct cli_state *p, *next;
+
+ for (p = cli_head->next; p; p = next) {
+ next = p->next;
+ DLIST_REMOVE(cli_head, p);
+ _cli_shutdown(p);
+ }
+ } else {
+ DLIST_REMOVE(cli_head, cli);
+ }
+
+ _cli_shutdown(cli);
+}
+
+uint16_t cli_state_get_vc_num(struct cli_state *cli)
+{
+ return cli->smb1.vc_num;
+}
+
+/****************************************************************************
+ Set the PID to use for smb messages. Return the old pid.
+****************************************************************************/
+
+uint32_t cli_setpid(struct cli_state *cli, uint32_t pid)
+{
+ uint32_t ret = cli->smb1.pid;
+ cli->smb1.pid = pid;
+ return ret;
+}
+
+uint32_t cli_getpid(struct cli_state *cli)
+{
+ return cli->smb1.pid;
+}
+
+bool cli_state_is_encryption_on(struct cli_state *cli)
+{
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ return smb1cli_conn_encryption_on(cli->conn);
+ }
+
+ if (cli->smb2.tcon == NULL) {
+ return false;
+ }
+
+ return smb2cli_tcon_is_encryption_on(cli->smb2.tcon);
+}
+
+bool cli_state_has_tcon(struct cli_state *cli)
+{
+ uint32_t tid;
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ if (cli->smb2.tcon == NULL) {
+ return false;
+ }
+ tid = cli_state_get_tid(cli);
+ if (tid == UINT32_MAX) {
+ return false;
+ }
+ } else {
+ if (cli->smb1.tcon == NULL) {
+ return false;
+ }
+ tid = cli_state_get_tid(cli);
+ if (tid == UINT16_MAX) {
+ return false;
+ }
+ }
+ return true;
+}
+
+uint32_t cli_state_get_tid(struct cli_state *cli)
+{
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return smb2cli_tcon_current_id(cli->smb2.tcon);
+ } else {
+ return (uint32_t)smb1cli_tcon_current_id(cli->smb1.tcon);
+ }
+}
+
+uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
+{
+ uint32_t ret;
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ ret = smb2cli_tcon_current_id(cli->smb2.tcon);
+ smb2cli_tcon_set_id(cli->smb2.tcon, tid);
+ } else {
+ ret = smb1cli_tcon_current_id(cli->smb1.tcon);
+ smb1cli_tcon_set_id(cli->smb1.tcon, tid);
+ }
+ return ret;
+}
+
+static struct smbXcli_tcon *cli_state_save_tcon(struct cli_state *cli)
+{
+ /*
+ * Note. This used to make a deep copy of either
+ * cli->smb2.tcon or cli->smb1.tcon, but this leaves
+ * the original pointer in place which will then get
+ * TALLOC_FREE()'d when the new connection is made on
+ * this cli_state.
+ *
+ * As there may be pipes open on the old connection with
+ * talloc'ed state allocated using the tcon pointer as a
+ * parent we can't deep copy and then free this as that
+ * closes the open pipes.
+ *
+ * This call is used to temporarily swap out a tcon pointer
+ * to allow a new tcon on the same cli_state.
+ *
+ * Just return the raw pointer and set the old value to NULL.
+ * We know we MUST be calling cli_state_restore_tcon() below
+ * to restore before closing the session.
+ *
+ * See BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
+ */
+ struct smbXcli_tcon *tcon_ret = NULL;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ tcon_ret = cli->smb2.tcon;
+ cli->smb2.tcon = NULL; /* *Not* TALLOC_FREE(). */
+ } else {
+ tcon_ret = cli->smb1.tcon;
+ cli->smb1.tcon = NULL; /* *Not* TALLOC_FREE(). */
+ }
+ return tcon_ret;
+}
+
+void cli_state_save_tcon_share(struct cli_state *cli,
+ struct smbXcli_tcon **_tcon_ret,
+ char **_sharename_ret)
+{
+ *_tcon_ret = cli_state_save_tcon(cli);
+ /*
+ * No talloc_copy as cli->share is already
+ * allocated off cli.
+ */
+ *_sharename_ret = cli->share;
+ cli->share = NULL;
+}
+
+static void cli_state_restore_tcon(struct cli_state *cli,
+ struct smbXcli_tcon *tcon)
+{
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ TALLOC_FREE(cli->smb2.tcon);
+ cli->smb2.tcon = tcon;
+ } else {
+ TALLOC_FREE(cli->smb1.tcon);
+ cli->smb1.tcon = tcon;
+ }
+}
+
+void cli_state_restore_tcon_share(struct cli_state *cli,
+ struct smbXcli_tcon *tcon,
+ char *share)
+{
+ /* cli->share will have been replaced by a cli_tree_connect() call. */
+ TALLOC_FREE(cli->share);
+ cli->share = share;
+ cli_state_restore_tcon(cli, tcon);
+}
+
+uint16_t cli_state_get_uid(struct cli_state *cli)
+{
+ return smb1cli_session_current_id(cli->smb1.session);
+}
+
+uint16_t cli_state_set_uid(struct cli_state *cli, uint16_t uid)
+{
+ uint16_t ret = smb1cli_session_current_id(cli->smb1.session);
+ smb1cli_session_set_id(cli->smb1.session, uid);
+ return ret;
+}
+
+/****************************************************************************
+ Set the case sensitivity flag on the packets. Returns old state.
+****************************************************************************/
+
+bool cli_set_case_sensitive(struct cli_state *cli, bool case_sensitive)
+{
+ bool ret;
+ uint32_t fs_attrs;
+ struct smbXcli_tcon *tcon;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ tcon = cli->smb2.tcon;
+ } else {
+ tcon = cli->smb1.tcon;
+ }
+
+ fs_attrs = smbXcli_tcon_get_fs_attributes(tcon);
+ if (fs_attrs & FILE_CASE_SENSITIVE_SEARCH) {
+ ret = true;
+ } else {
+ ret = false;
+ }
+ if (case_sensitive) {
+ fs_attrs |= FILE_CASE_SENSITIVE_SEARCH;
+ } else {
+ fs_attrs &= ~FILE_CASE_SENSITIVE_SEARCH;
+ }
+ smbXcli_tcon_set_fs_attributes(tcon, fs_attrs);
+
+ return ret;
+}
+
+uint32_t cli_state_available_size(struct cli_state *cli, uint32_t ofs)
+{
+ uint32_t ret = smb1cli_conn_max_xmit(cli->conn);
+
+ if (ofs >= ret) {
+ return 0;
+ }
+
+ ret -= ofs;
+
+ return ret;
+}
+
+time_t cli_state_server_time(struct cli_state *cli)
+{
+ NTTIME nt;
+ time_t t;
+
+ nt = smbXcli_conn_server_system_time(cli->conn);
+ t = nt_time_to_unix(nt);
+
+ return t;
+}
+
+struct cli_echo_state {
+ uint8_t dummy;
+};
+
+static void cli_echo_done1(struct tevent_req *subreq);
+static void cli_echo_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_echo_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli, uint16_t num_echos,
+ DATA_BLOB data)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_echo_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_echo_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = smb2cli_echo_send(
+ state, ev, cli->conn, cli->timeout);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_echo_done2, req);
+ return req;
+ }
+
+ subreq = smb1cli_echo_send(
+ state, ev, cli->conn, cli->timeout, num_echos, data);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_echo_done1, req);
+
+ return req;
+}
+
+static void cli_echo_done1(struct tevent_req *subreq)
+{
+ NTSTATUS status = smb1cli_echo_recv(subreq);
+ return tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_echo_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = smb2cli_echo_recv(subreq);
+ return tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+/**
+ * Get the result out from an echo request
+ * @param[in] req The async_req from cli_echo_send
+ * @retval Did the server reply correctly?
+ */
+
+NTSTATUS cli_echo_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/**
+ * @brief Send/Receive SMBEcho requests
+ * @param[in] mem_ctx The memory context to put the async_req on
+ * @param[in] ev The event context that will call us back
+ * @param[in] cli The connection to send the echo to
+ * @param[in] num_echos How many times do we want to get the reply?
+ * @param[in] data The data we want to get back
+ * @retval Did the server reply correctly?
+ */
+
+NTSTATUS cli_echo(struct cli_state *cli, uint16_t num_echos, DATA_BLOB data)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_echo_send(frame, ev, cli, num_echos, data);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_echo_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+NTSTATUS cli_smb(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint8_t smb_command, uint8_t additional_flags,
+ uint8_t wct, uint16_t *vwv,
+ uint32_t num_bytes, const uint8_t *bytes,
+ struct tevent_req **result_parent,
+ uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
+ uint32_t *pnum_bytes, uint8_t **pbytes)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(mem_ctx);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_smb_send(mem_ctx, ev, cli, smb_command, additional_flags, 0,
+ wct, vwv, num_bytes, bytes);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_smb_recv(req, NULL, NULL, min_wct, pwct, pvwv,
+ pnum_bytes, pbytes);
+fail:
+ TALLOC_FREE(ev);
+ if (NT_STATUS_IS_OK(status) && (result_parent != NULL)) {
+ *result_parent = req;
+ }
+ return status;
+}
diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c
new file mode 100644
index 0000000..afbec47
--- /dev/null
+++ b/source3/libsmb/clierror.c
@@ -0,0 +1,119 @@
+/*
+ Unix SMB/CIFS implementation.
+ client error handling routines
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Jelmer Vernooij 2003
+ Copyright (C) Jeremy Allison 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/****************************************************************************
+ Return the 32-bit NT status code from the last packet.
+****************************************************************************/
+
+NTSTATUS cli_nt_error(struct cli_state *cli)
+{
+ /* Deal with socket errors first. */
+ if (!cli_state_is_connected(cli)) {
+ return NT_STATUS_CONNECTION_DISCONNECTED;
+ }
+
+ if (NT_STATUS_IS_DOS(cli->raw_status)) {
+ int e_class = NT_STATUS_DOS_CLASS(cli->raw_status);
+ int code = NT_STATUS_DOS_CODE(cli->raw_status);
+ return dos_to_ntstatus(e_class, code);
+ }
+
+ return cli->raw_status;
+}
+
+int cli_status_to_errno(NTSTATUS status)
+{
+ int err;
+
+ if (NT_STATUS_IS_DOS(status)) {
+ uint8_t eclass = NT_STATUS_DOS_CLASS(status);
+ uint32_t ecode = NT_STATUS_DOS_CODE(status);
+ status = dos_to_ntstatus(eclass, ecode);
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK)) {
+ /*
+ * Legacy code from cli_errno, see Samba up to 4.13: A
+ * special case for this Vista error. Since its
+ * high-order byte isn't 0xc0, it won't match
+ * correctly in map_errno_from_nt_status().
+ */
+ err = EACCES;
+ } else {
+ err = map_errno_from_nt_status(status);
+ }
+
+ DBG_NOTICE("0x%"PRIx32" -> %d\n", NT_STATUS_V(status), err);
+
+ return err;
+}
+
+/* Return a UNIX errno appropriate for the error received in the last
+ packet. */
+
+int cli_errno(struct cli_state *cli)
+{
+ bool connected;
+ int err;
+
+ connected = cli_state_is_connected(cli);
+ if (!connected) {
+ return EPIPE;
+ }
+
+ err = cli_status_to_errno(cli->raw_status);
+ return err;
+}
+
+/* Return true if the last packet was in error */
+
+bool cli_is_error(struct cli_state *cli)
+{
+ /* A socket error is always an error. */
+ if (!cli_state_is_connected(cli)) {
+ return true;
+ }
+
+ if (NT_STATUS_IS_DOS(cli->raw_status)) {
+ /* Return error if error class in non-zero */
+ uint8_t rcls = NT_STATUS_DOS_CLASS(cli->raw_status);
+ return rcls != 0;
+ }
+
+ return NT_STATUS_IS_ERR(cli->raw_status);
+}
+
+bool cli_state_is_connected(struct cli_state *cli)
+{
+ if (cli == NULL) {
+ return false;
+ }
+
+ if (!cli->initialised) {
+ return false;
+ }
+
+ return smbXcli_conn_is_connected(cli->conn);
+}
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
new file mode 100644
index 0000000..cc1b4d4
--- /dev/null
+++ b/source3/libsmb/clifile.c
@@ -0,0 +1,7486 @@
+/*
+ Unix SMB/CIFS implementation.
+ client file operations
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Jeremy Allison 2001-2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "libsmb/clirap.h"
+#include "trans2.h"
+#include "ntioctl.h"
+#include "libcli/security/security.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "libcli/smb/reparse.h"
+
+struct cli_setpathinfo_state {
+ uint16_t setup;
+ uint8_t *param;
+};
+
+static void cli_setpathinfo_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_setpathinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t level,
+ const char *path,
+ uint8_t *data,
+ size_t data_len)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_setpathinfo_state *state;
+ uint16_t additional_flags2 = 0;
+ char *path_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_setpathinfo_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /* Setup setup word. */
+ SSVAL(&state->setup, 0, TRANSACT2_SETPATHINFO);
+
+ /* Setup param array. */
+ state->param = talloc_zero_array(state, uint8_t, 6);
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+ SSVAL(state->param, 0, level);
+
+ /* Check for DFS. */
+ path_cp = smb1_dfs_share_path(state, cli, path);
+ if (tevent_req_nomem(path_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->param = trans2_bytes_push_str(state->param,
+ smbXcli_conn_use_unicode(cli->conn),
+ path_cp,
+ strlen(path_cp)+1,
+ NULL);
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(path) &&
+ !INFO_LEVEL_IS_UNIX(level)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_trans_send(
+ state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ additional_flags2, /* additional_flags2 */
+ SMBtrans2, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ 0, /* function. */
+ 0, /* flags. */
+ &state->setup, /* setup. */
+ 1, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ state->param, /* param. */
+ talloc_get_size(state->param), /* num param. */
+ 2, /* max returned param. */
+ data, /* data. */
+ data_len, /* num data. */
+ 0); /* max returned data. */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_setpathinfo_done, req);
+ return req;
+}
+
+static void cli_setpathinfo_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_trans_recv(subreq, NULL, NULL, NULL, 0, NULL,
+ NULL, 0, NULL, NULL, 0, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_setpathinfo_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_setpathinfo(struct cli_state *cli,
+ uint16_t level,
+ const char *path,
+ uint8_t *data,
+ size_t data_len)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_setpathinfo_send(ev, ev, cli, level, path, data, data_len);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_setpathinfo_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_setfileinfo_state {
+ uint16_t setup;
+ uint8_t param[6];
+};
+
+static void cli_setfileinfo_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_setfileinfo_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t level,
+ uint8_t *data,
+ size_t data_len)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_setfileinfo_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_setfileinfo_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ PUSH_LE_U16(&state->setup, 0, TRANSACT2_SETFILEINFO);
+
+ PUSH_LE_U16(state->param, 0, fnum);
+ PUSH_LE_U16(state->param, 2, level);
+
+ subreq = cli_trans_send(state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ 0, /* additional_flags2 */
+ SMBtrans2, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ 0, /* function. */
+ 0, /* flags. */
+ &state->setup, /* setup. */
+ 1, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ state->param, /* param. */
+ 6, /* num param. */
+ 2, /* max returned param. */
+ data, /* data. */
+ data_len, /* num data. */
+ 0); /* max returned data. */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_setfileinfo_done, req);
+ return req;
+}
+
+static void cli_setfileinfo_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_trans_recv(
+ subreq, /* req */
+ NULL, /* mem_ctx */
+ NULL, /* recv_flags2 */
+ NULL, /* setup */
+ 0, /* min_setup */
+ NULL, /* num_setup */
+ NULL, /* param */
+ 0, /* min_param */
+ NULL, /* num_param */
+ NULL, /* data */
+ 0, /* min_data */
+ NULL); /* num_data */
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_setfileinfo_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/****************************************************************************
+ Hard/Symlink a file (UNIX extensions).
+ Creates new name (sym)linked to link_target.
+****************************************************************************/
+
+struct cli_posix_link_internal_state {
+ uint8_t *data;
+};
+
+static void cli_posix_link_internal_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_posix_link_internal_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t level,
+ const char *link_target,
+ const char *newname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_link_internal_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_posix_link_internal_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /* Setup data array. */
+ state->data = talloc_array(state, uint8_t, 0);
+ if (tevent_req_nomem(state->data, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->data = trans2_bytes_push_str(
+ state->data, smbXcli_conn_use_unicode(cli->conn),
+ link_target, strlen(link_target)+1, NULL);
+
+ subreq = cli_setpathinfo_send(
+ state, ev, cli, level, newname,
+ state->data, talloc_get_size(state->data));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_link_internal_done, req);
+ return req;
+}
+
+static void cli_posix_link_internal_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setpathinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_posix_link_internal_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/****************************************************************************
+ Symlink a file (UNIX extensions).
+****************************************************************************/
+
+struct cli_posix_symlink_state {
+ uint8_t dummy;
+};
+
+static void cli_posix_symlink_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_symlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *link_target,
+ const char *newname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_symlink_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_posix_symlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = cli_posix_link_internal_send(
+ mem_ctx, ev, cli, SMB_SET_FILE_UNIX_LINK, link_target, newname);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_symlink_done, req);
+ return req;
+}
+
+static void cli_posix_symlink_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_posix_link_internal_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_symlink_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_symlink(struct cli_state *cli,
+ const char *link_target,
+ const char *newname)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_symlink_send(frame,
+ ev,
+ cli,
+ link_target,
+ newname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_symlink_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Read a POSIX symlink.
+****************************************************************************/
+
+struct cli_posix_readlink_state {
+ struct cli_state *cli;
+ char *converted;
+};
+
+static void cli_posix_readlink_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_readlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_readlink_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_posix_readlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ subreq = cli_qpathinfo_send(
+ state,
+ ev,
+ cli,
+ fname,
+ SMB_QUERY_FILE_UNIX_LINK,
+ 1,
+ UINT16_MAX);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_readlink_done, req);
+ return req;
+}
+
+static void cli_posix_readlink_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_posix_readlink_state *state = tevent_req_data(
+ req, struct cli_posix_readlink_state);
+ NTSTATUS status;
+ uint8_t *data = NULL;
+ uint32_t num_data = 0;
+ charset_t charset;
+ size_t converted_size;
+ bool ok;
+
+ status = cli_qpathinfo_recv(subreq, state, &data, &num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ /*
+ * num_data is > 1, we've given 1 as minimum to cli_qpathinfo_send
+ */
+ if (data == NULL || data[num_data-1] != '\0') {
+ tevent_req_nterror(req, NT_STATUS_DATA_ERROR);
+ return;
+ }
+
+ charset = smbXcli_conn_use_unicode(state->cli->conn) ?
+ CH_UTF16LE : CH_DOS;
+
+ /* The returned data is a pushed string, not raw data. */
+ ok = convert_string_talloc(
+ state,
+ charset,
+ CH_UNIX,
+ data,
+ num_data,
+ &state->converted,
+ &converted_size);
+ if (!ok) {
+ tevent_req_oom(req);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_posix_readlink_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, char **target)
+{
+ struct cli_posix_readlink_state *state = tevent_req_data(
+ req, struct cli_posix_readlink_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *target = talloc_move(mem_ctx, &state->converted);
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Hard link a file (UNIX extensions).
+****************************************************************************/
+
+struct cli_posix_hardlink_state {
+ uint8_t dummy;
+};
+
+static void cli_posix_hardlink_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_hardlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *oldname,
+ const char *newname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_hardlink_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_posix_hardlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = cli_posix_link_internal_send(
+ state, ev, cli, SMB_SET_FILE_UNIX_HLINK, oldname, newname);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_hardlink_done, req);
+ return req;
+}
+
+static void cli_posix_hardlink_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_posix_link_internal_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_hardlink_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_hardlink(struct cli_state *cli,
+ const char *oldname,
+ const char *newname)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_hardlink_send(frame,
+ ev,
+ cli,
+ oldname,
+ newname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_hardlink_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Do a POSIX getacl - pathname based ACL get (UNIX extensions).
+****************************************************************************/
+
+struct getacl_state {
+ uint32_t num_data;
+ uint8_t *data;
+};
+
+static void cli_posix_getacl_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_getacl_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct getacl_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct getacl_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ subreq = cli_qpathinfo_send(state, ev, cli, fname, SMB_QUERY_POSIX_ACL,
+ 0, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_getacl_done, req);
+ return req;
+}
+
+static void cli_posix_getacl_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct getacl_state *state = tevent_req_data(
+ req, struct getacl_state);
+ NTSTATUS status;
+
+ status = cli_qpathinfo_recv(subreq, state, &state->data,
+ &state->num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_posix_getacl_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ size_t *prb_size,
+ char **retbuf)
+{
+ struct getacl_state *state = tevent_req_data(req, struct getacl_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *prb_size = (size_t)state->num_data;
+ *retbuf = (char *)talloc_move(mem_ctx, &state->data);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_posix_getacl(struct cli_state *cli,
+ const char *fname,
+ TALLOC_CTX *mem_ctx,
+ size_t *prb_size,
+ char **retbuf)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_getacl_send(frame,
+ ev,
+ cli,
+ fname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_getacl_recv(req, mem_ctx, prb_size, retbuf);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Do a POSIX setacl - pathname based ACL set (UNIX extensions).
+****************************************************************************/
+
+struct setacl_state {
+ uint8_t *data;
+};
+
+static void cli_posix_setacl_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ const void *data,
+ size_t num_data)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct setacl_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct setacl_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->data = talloc_memdup(state, data, num_data);
+ if (tevent_req_nomem(state->data, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_setpathinfo_send(state,
+ ev,
+ cli,
+ SMB_SET_POSIX_ACL,
+ fname,
+ state->data,
+ num_data);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_setacl_done, req);
+ return req;
+}
+
+static void cli_posix_setacl_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setpathinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_setacl(struct cli_state *cli,
+ const char *fname,
+ const void *acl_buf,
+ size_t acl_buf_size)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_setacl_send(frame,
+ ev,
+ cli,
+ fname,
+ acl_buf,
+ acl_buf_size);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_setacl_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Stat a file (UNIX extensions).
+****************************************************************************/
+
+struct cli_posix_stat_state {
+ struct stat_ex sbuf;
+};
+
+static void cli_posix_stat_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_stat_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct stat_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_posix_stat_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = cli_qpathinfo_send(state, ev, cli, fname,
+ SMB_QUERY_FILE_UNIX_BASIC, 100, 100);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_stat_done, req);
+ return req;
+}
+
+static void cli_posix_stat_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_posix_stat_state *state = tevent_req_data(
+ req, struct cli_posix_stat_state);
+ SMB_STRUCT_STAT *sbuf = &state->sbuf;
+ uint8_t *data;
+ uint32_t num_data = 0;
+ NTSTATUS status;
+
+ status = cli_qpathinfo_recv(subreq, state, &data, &num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (num_data != 100) {
+ /*
+ * Paranoia, cli_qpathinfo should have guaranteed
+ * this, but you never know...
+ */
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ /* total size, in bytes */
+ sbuf->st_ex_size = IVAL2_TO_SMB_BIG_UINT(data, 0);
+
+ /* number of blocks allocated */
+ sbuf->st_ex_blocks = IVAL2_TO_SMB_BIG_UINT(data,8);
+#if defined (HAVE_STAT_ST_BLOCKS) && defined(STAT_ST_BLOCKSIZE)
+ sbuf->st_ex_blocks /= STAT_ST_BLOCKSIZE;
+#else
+ /* assume 512 byte blocks */
+ sbuf->st_ex_blocks /= 512;
+#endif
+ /* time of last change */
+ sbuf->st_ex_ctime = interpret_long_date(BVAL(data, 16));
+
+ /* time of last access */
+ sbuf->st_ex_atime = interpret_long_date(BVAL(data, 24));
+
+ /* time of last modification */
+ sbuf->st_ex_mtime = interpret_long_date(BVAL(data, 32));
+
+ sbuf->st_ex_uid = (uid_t) IVAL(data, 40); /* user ID of owner */
+ sbuf->st_ex_gid = (gid_t) IVAL(data, 48); /* group ID of owner */
+ sbuf->st_ex_mode = unix_filetype_from_wire(IVAL(data, 56));
+
+#if defined(HAVE_MAKEDEV)
+ {
+ uint32_t dev_major = IVAL(data,60);
+ uint32_t dev_minor = IVAL(data,68);
+ sbuf->st_ex_rdev = makedev(dev_major, dev_minor);
+ }
+#endif
+ /* inode */
+ sbuf->st_ex_ino = (SMB_INO_T)IVAL2_TO_SMB_BIG_UINT(data, 76);
+
+ /* protection */
+ sbuf->st_ex_mode |= wire_perms_to_unix(IVAL(data, 84));
+
+ /* number of hard links */
+ sbuf->st_ex_nlink = BIG_UINT(data, 92);
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_posix_stat_recv(struct tevent_req *req, struct stat_ex *sbuf)
+{
+ struct cli_posix_stat_state *state = tevent_req_data(
+ req, struct cli_posix_stat_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *sbuf = state->sbuf;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_posix_stat(struct cli_state *cli,
+ const char *fname,
+ struct stat_ex *sbuf)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_stat_send(frame, ev, cli, fname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_stat_recv(req, sbuf);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Chmod or chown a file internal (UNIX extensions).
+****************************************************************************/
+
+struct cli_posix_chown_chmod_internal_state {
+ uint8_t data[100];
+};
+
+static void cli_posix_chown_chmod_internal_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_posix_chown_chmod_internal_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t mode,
+ uint32_t uid,
+ uint32_t gid)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_chown_chmod_internal_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_posix_chown_chmod_internal_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ memset(state->data, 0xff, 40); /* Set all sizes/times to no change. */
+ SIVAL(state->data,40,uid);
+ SIVAL(state->data,48,gid);
+ SIVAL(state->data,84,mode);
+
+ subreq = cli_setpathinfo_send(state, ev, cli, SMB_SET_FILE_UNIX_BASIC,
+ fname, state->data, sizeof(state->data));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_chown_chmod_internal_done,
+ req);
+ return req;
+}
+
+static void cli_posix_chown_chmod_internal_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setpathinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_posix_chown_chmod_internal_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/****************************************************************************
+ chmod a file (UNIX extensions).
+****************************************************************************/
+
+struct cli_posix_chmod_state {
+ uint8_t dummy;
+};
+
+static void cli_posix_chmod_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_chmod_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_chmod_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_posix_chmod_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = cli_posix_chown_chmod_internal_send(
+ state,
+ ev,
+ cli,
+ fname,
+ unix_perms_to_wire(mode),
+ SMB_UID_NO_CHANGE,
+ SMB_GID_NO_CHANGE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_chmod_done, req);
+ return req;
+}
+
+static void cli_posix_chmod_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_posix_chown_chmod_internal_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_chmod_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_chmod(struct cli_state *cli, const char *fname, mode_t mode)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_chmod_send(frame,
+ ev,
+ cli,
+ fname,
+ mode);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_chmod_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ chown a file (UNIX extensions).
+****************************************************************************/
+
+struct cli_posix_chown_state {
+ uint8_t dummy;
+};
+
+static void cli_posix_chown_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_chown_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uid_t uid,
+ gid_t gid)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_chown_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_posix_chown_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = cli_posix_chown_chmod_internal_send(
+ state,
+ ev,
+ cli,
+ fname,
+ SMB_MODE_NO_CHANGE,
+ (uint32_t)uid,
+ (uint32_t)gid);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_chown_done, req);
+ return req;
+}
+
+static void cli_posix_chown_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_posix_chown_chmod_internal_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_chown_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_chown(struct cli_state *cli,
+ const char *fname,
+ uid_t uid,
+ gid_t gid)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_chown_send(frame,
+ ev,
+ cli,
+ fname,
+ uid,
+ gid);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_chown_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_smb1_posix_mknod_state {
+ uint8_t data[100];
+};
+
+static void cli_smb1_posix_mknod_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_smb1_posix_mknod_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode,
+ dev_t dev)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb1_posix_mknod_state *state = NULL;
+ mode_t type = mode & S_IFMT;
+ uint32_t smb_unix_type = 0xFFFFFFFF;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_smb1_posix_mknod_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ /*
+ * Set all sizes/times/ids to no change.
+ */
+ memset(state->data, 0xff, 56);
+
+ switch (type) {
+ case S_IFREG:
+ smb_unix_type = UNIX_TYPE_FILE;
+ break;
+ case S_IFDIR:
+ smb_unix_type = UNIX_TYPE_DIR;
+ break;
+ case S_IFLNK:
+ smb_unix_type = UNIX_TYPE_SYMLINK;
+ break;
+ case S_IFCHR:
+ smb_unix_type = UNIX_TYPE_CHARDEV;
+ break;
+ case S_IFBLK:
+ smb_unix_type = UNIX_TYPE_BLKDEV;
+ break;
+ case S_IFIFO:
+ smb_unix_type = UNIX_TYPE_FIFO;
+ break;
+ case S_IFSOCK:
+ smb_unix_type = UNIX_TYPE_SOCKET;
+ break;
+ }
+ PUSH_LE_U32(state->data, 56, smb_unix_type);
+
+ if ((type == S_IFCHR) || (type == S_IFBLK)) {
+ PUSH_LE_U64(state->data, 60, unix_dev_major(dev));
+ PUSH_LE_U64(state->data, 68, unix_dev_minor(dev));
+ }
+
+ PUSH_LE_U32(state->data, 84, unix_perms_to_wire(mode));
+
+ subreq = cli_setpathinfo_send(
+ state,
+ ev,
+ cli,
+ SMB_SET_FILE_UNIX_BASIC,
+ fname,
+ state->data,
+ sizeof(state->data));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb1_posix_mknod_done, req);
+ return req;
+}
+
+static void cli_smb1_posix_mknod_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setpathinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_smb1_posix_mknod_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_mknod_state {
+ uint8_t buf[24];
+};
+
+static void cli_mknod_done1(struct tevent_req *subreq);
+static void cli_mknod_reparse_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_mknod_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode,
+ dev_t dev)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_mknod_state *state = NULL;
+ struct reparse_data_buffer reparse_buf = {
+ .tag = IO_REPARSE_TAG_NFS,
+ };
+ struct nfs_reparse_data_buffer *nfs = &reparse_buf.parsed.nfs;
+ ssize_t buflen;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_mknod_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (cli->requested_posix_capabilities != 0) {
+ subreq = cli_smb1_posix_mknod_send(
+ state, ev, cli, fname, mode, dev);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_mknod_done1, req);
+ return req;
+ }
+
+ /*
+ * Ignored for all but BLK and CHR
+ */
+ nfs->data.dev.major = major(dev);
+ nfs->data.dev.minor = minor(dev);
+
+ switch (mode & S_IFMT) {
+ case S_IFIFO:
+ nfs->type = NFS_SPECFILE_FIFO;
+ break;
+ case S_IFSOCK:
+ nfs->type = NFS_SPECFILE_SOCK;
+ break;
+ case S_IFCHR:
+ nfs->type = NFS_SPECFILE_CHR;
+ break;
+ case S_IFBLK:
+ nfs->type = NFS_SPECFILE_BLK;
+ break;
+ }
+
+ buflen = reparse_data_buffer_marshall(&reparse_buf,
+ state->buf,
+ sizeof(state->buf));
+ if ((buflen == -1) || (buflen > sizeof(state->buf))) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_create_reparse_point_send(state,
+ ev,
+ cli,
+ fname,
+ (DATA_BLOB){
+ .data = state->buf,
+ .length = buflen,
+ });
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_mknod_reparse_done, req);
+ return req;
+}
+
+static void cli_mknod_done1(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb1_posix_mknod_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_mknod_reparse_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_create_reparse_point_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_mknod_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS
+cli_mknod(struct cli_state *cli, const char *fname, mode_t mode, dev_t dev)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_mknod_send(ev, ev, cli, fname, mode, dev);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_mknod_recv(req);
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Rename a file.
+****************************************************************************/
+
+struct cli_smb1_rename_state {
+ uint8_t *data;
+};
+
+static void cli_smb1_rename_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_smb1_rename_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace)
+{
+ NTSTATUS status;
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb1_rename_state *state = NULL;
+ smb_ucs2_t *converted_str = NULL;
+ size_t converted_size_bytes = 0;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb1_rename_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /*
+ * Strip a MSDFS path from fname_dst if we were given one.
+ */
+ status = cli_dfs_target_check(state,
+ cli,
+ fname_dst,
+ &fname_dst);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ if (!push_ucs2_talloc(talloc_tos(), &converted_str, fname_dst,
+ &converted_size_bytes)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ /* W2K8 insists the dest name is not null
+ terminated. Remove the last 2 zero bytes
+ and reduce the name length. */
+
+ if (converted_size_bytes < 2) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ converted_size_bytes -= 2;
+
+ state->data =
+ talloc_zero_array(state, uint8_t, 12 + converted_size_bytes);
+ if (state->data == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (replace) {
+ SCVAL(state->data, 0, 1);
+ }
+
+ SIVAL(state->data, 8, converted_size_bytes);
+ memcpy(state->data + 12, converted_str, converted_size_bytes);
+
+ TALLOC_FREE(converted_str);
+
+ subreq = cli_setpathinfo_send(
+ state, ev, cli, SMB_FILE_RENAME_INFORMATION, fname_src, state->data,
+ talloc_get_size(state->data));
+ if (tevent_req_nomem(subreq, req)) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, cli_smb1_rename_done, req);
+ return req;
+
+fail:
+ TALLOC_FREE(converted_str);
+ tevent_req_nterror(req, status);
+ return tevent_req_post(req, ev);
+}
+
+static void cli_smb1_rename_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setpathinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_smb1_rename_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+static void cli_cifs_rename_done(struct tevent_req *subreq);
+
+struct cli_cifs_rename_state {
+ uint16_t vwv[1];
+};
+
+static struct tevent_req *cli_cifs_rename_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_cifs_rename_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *fname_src_cp = NULL;
+ char *fname_dst_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_cifs_rename_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (replace) {
+ /*
+ * CIFS doesn't support replace
+ */
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ SSVAL(state->vwv+0, 0, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY);
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * SMBmv on a DFS share uses DFS names for src and dst.
+ * See smbtorture3: SMB1-DFS-PATHS: test_smb1_mv().
+ */
+
+ fname_src_cp = smb1_dfs_share_path(state, cli, fname_src);
+ if (tevent_req_nomem(fname_src_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_src_cp,
+ strlen(fname_src_cp)+1,
+ NULL);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname_src)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ bytes = talloc_realloc(state, bytes, uint8_t,
+ talloc_get_size(bytes)+1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * SMBmv on a DFS share uses DFS names for src and dst.
+ * See smbtorture3: SMB1-DFS-PATHS: test_smb1_mv().
+ */
+
+ fname_dst_cp = smb1_dfs_share_path(state, cli, fname_dst);
+ if (tevent_req_nomem(fname_dst_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[talloc_get_size(bytes)-1] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_dst_cp,
+ strlen(fname_dst_cp)+1,
+ NULL);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBmv, additional_flags,
+ additional_flags2,
+ 1, state->vwv, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_cifs_rename_done, req);
+ return req;
+}
+
+static void cli_cifs_rename_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb_recv(
+ subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_cifs_rename_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_rename_state {
+ uint8_t dummy;
+};
+
+static void cli_rename_done1(struct tevent_req *subreq);
+static void cli_rename_done_cifs(struct tevent_req *subreq);
+static void cli_rename_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_rename_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_rename_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_rename_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_rename_send(
+ state, ev, cli, fname_src, fname_dst, replace);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_rename_done2, req);
+ return req;
+ }
+
+ if (replace && smbXcli_conn_support_passthrough(cli->conn)) {
+ subreq = cli_smb1_rename_send(
+ state, ev, cli, fname_src, fname_dst, replace);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_rename_done1, req);
+ return req;
+ }
+
+ subreq = cli_cifs_rename_send(
+ state, ev, cli, fname_src,fname_dst, replace);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_rename_done_cifs, req);
+ return req;
+}
+
+static void cli_rename_done1(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb1_rename_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_rename_done_cifs(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_cifs_rename_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_rename_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_rename_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_rename_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_rename(struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_rename_send(frame, ev, cli, fname_src, fname_dst, replace);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_rename_recv(req);
+ cli->raw_status = status; /* cli_smb2_rename_recv doesn't set this */
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ NT Rename a file.
+****************************************************************************/
+
+static void cli_ntrename_internal_done(struct tevent_req *subreq);
+
+struct cli_ntrename_internal_state {
+ uint16_t vwv[4];
+};
+
+static struct tevent_req *cli_ntrename_internal_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ uint16_t rename_flag)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_ntrename_internal_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *fname_src_cp = NULL;
+ char *fname_dst_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_ntrename_internal_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ SSVAL(state->vwv+0, 0 ,FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_DIRECTORY);
+ SSVAL(state->vwv+1, 0, rename_flag);
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBntrename on a DFS share uses DFS names for src and dst.
+ * See smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_rename().
+ */
+ fname_src_cp = smb1_dfs_share_path(state, cli, fname_src);
+ if (tevent_req_nomem(fname_src_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_src_cp,
+ strlen(fname_src_cp)+1,
+ NULL);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname_src)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ bytes = talloc_realloc(state, bytes, uint8_t,
+ talloc_get_size(bytes)+1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * SMBntrename on a DFS share uses DFS names for src and dst.
+ * See smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_rename().
+ * and smbtorture3: SMB1-DFS-PATHS: test_smb1_ntrename_hardlink()
+ */
+ fname_dst_cp = smb1_dfs_share_path(state, cli, fname_dst);
+ if (tevent_req_nomem(fname_dst_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[talloc_get_size(bytes)-1] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_dst_cp,
+ strlen(fname_dst_cp)+1,
+ NULL);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBntrename, additional_flags,
+ additional_flags2,
+ 4, state->vwv, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ntrename_internal_done, req);
+ return req;
+}
+
+static void cli_ntrename_internal_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb_recv(
+ subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_ntrename_internal_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct tevent_req *cli_ntrename_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst)
+{
+ return cli_ntrename_internal_send(mem_ctx,
+ ev,
+ cli,
+ fname_src,
+ fname_dst,
+ RENAME_FLAG_RENAME);
+}
+
+NTSTATUS cli_ntrename_recv(struct tevent_req *req)
+{
+ return cli_ntrename_internal_recv(req);
+}
+
+NTSTATUS cli_ntrename(struct cli_state *cli, const char *fname_src, const char *fname_dst)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_ntrename_send(frame, ev, cli, fname_src, fname_dst);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_ntrename_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ NT hardlink a file.
+****************************************************************************/
+
+static struct tevent_req *cli_nt_hardlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst)
+{
+ return cli_ntrename_internal_send(mem_ctx,
+ ev,
+ cli,
+ fname_src,
+ fname_dst,
+ RENAME_FLAG_HARD_LINK);
+}
+
+static NTSTATUS cli_nt_hardlink_recv(struct tevent_req *req)
+{
+ return cli_ntrename_internal_recv(req);
+}
+
+struct cli_smb2_hardlink_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum_src;
+ const char *fname_dst;
+ bool overwrite;
+ NTSTATUS status;
+};
+
+static void cli_smb2_hardlink_opened(struct tevent_req *subreq);
+static void cli_smb2_hardlink_info_set(struct tevent_req *subreq);
+static void cli_smb2_hardlink_closed(struct tevent_req *subreq);
+
+static struct tevent_req *cli_smb2_hardlink_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool overwrite,
+ struct smb2_create_blobs *in_cblobs)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_smb2_hardlink_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_smb2_hardlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /*
+ * Strip a MSDFS path from fname_dst if we were given one.
+ */
+ status = cli_dfs_target_check(state,
+ cli,
+ fname_dst,
+ &fname_dst);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ state->ev = ev;
+ state->cli = cli;
+ state->fname_dst = fname_dst;
+ state->overwrite = overwrite;
+
+ subreq = cli_smb2_create_fnum_send(
+ state,
+ ev,
+ cli,
+ fname_src,
+ (struct cli_smb2_create_flags){0},
+ SMB2_IMPERSONATION_IMPERSONATION,
+ FILE_WRITE_ATTRIBUTES,
+ 0, /* file attributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ FILE_NON_DIRECTORY_FILE, /* no hardlinks on directories */
+ in_cblobs);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb2_hardlink_opened, req);
+ return req;
+}
+
+static void cli_smb2_hardlink_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_hardlink_state *state = tevent_req_data(
+ req, struct cli_smb2_hardlink_state);
+ NTSTATUS status;
+ smb_ucs2_t *ucs2_dst;
+ size_t ucs2_len;
+ DATA_BLOB inbuf;
+ bool ok;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq, &state->fnum_src, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ ok = push_ucs2_talloc(state, &ucs2_dst, state->fname_dst, &ucs2_len);
+ if (!ok || (ucs2_len < 2)) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+ /* Don't 0-terminate the name */
+ ucs2_len -= 2;
+
+ inbuf = data_blob_talloc_zero(state, ucs2_len + 20);
+ if (tevent_req_nomem(inbuf.data, req)) {
+ return;
+ }
+
+ if (state->overwrite) {
+ SCVAL(inbuf.data, 0, 1);
+ }
+ SIVAL(inbuf.data, 16, ucs2_len);
+ memcpy(inbuf.data + 20, ucs2_dst, ucs2_len);
+ TALLOC_FREE(ucs2_dst);
+
+ subreq = cli_smb2_set_info_fnum_send(
+ state,
+ state->ev,
+ state->cli,
+ state->fnum_src,
+ 1, /* in_info_type */
+ SMB_FILE_LINK_INFORMATION - 1000, /* in_file_info_class */
+ &inbuf,
+ 0); /* in_additional_info */
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_hardlink_info_set, req);
+}
+
+static void cli_smb2_hardlink_info_set(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb2_hardlink_state *state = tevent_req_data(
+ req, struct cli_smb2_hardlink_state);
+
+ state->status = cli_smb2_set_info_fnum_recv(subreq);
+ TALLOC_FREE(subreq);
+
+ /* ignore error here, we need to close the file */
+
+ subreq = cli_smb2_close_fnum_send(state,
+ state->ev,
+ state->cli,
+ state->fnum_src,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb2_hardlink_closed, req);
+}
+
+static void cli_smb2_hardlink_closed(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_close_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_smb2_hardlink_recv(struct tevent_req *req)
+{
+ struct cli_smb2_hardlink_state *state = tevent_req_data(
+ req, struct cli_smb2_hardlink_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ return state->status;
+}
+
+struct cli_hardlink_state {
+ uint8_t dummy;
+};
+
+static void cli_hardlink_done(struct tevent_req *subreq);
+static void cli_hardlink_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_hardlink_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_hardlink_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_hardlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_hardlink_send(
+ state, ev, cli, fname_src, fname_dst, false, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_hardlink_done2, req);
+ return req;
+ }
+
+ subreq = cli_nt_hardlink_send(state, ev, cli, fname_src, fname_dst);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_hardlink_done, req);
+ return req;
+}
+
+static void cli_hardlink_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_nt_hardlink_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_hardlink_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_hardlink_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_hardlink_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_hardlink(
+ struct cli_state *cli, const char *fname_src, const char *fname_dst)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_hardlink_send(frame, ev, cli, fname_src, fname_dst);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_hardlink_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Delete a file.
+****************************************************************************/
+
+static void cli_unlink_done(struct tevent_req *subreq);
+static void cli_unlink_done2(struct tevent_req *subreq);
+
+struct cli_unlink_state {
+ uint16_t vwv[1];
+};
+
+struct tevent_req *cli_unlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t mayhave_attrs)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_unlink_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_unlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_unlink_send(state, ev, cli, fname, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_unlink_done2, req);
+ return req;
+ }
+
+ if (mayhave_attrs & 0xFFFF0000) {
+ /*
+ * Don't allow attributes greater than
+ * 16-bits for a 16-bit protocol value.
+ */
+ if (tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ SSVAL(state->vwv+0, 0, mayhave_attrs);
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBunlink on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBunlink, additional_flags,
+ additional_flags2,
+ 1, state->vwv, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_unlink_done, req);
+ return req;
+}
+
+static void cli_unlink_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb_recv(
+ subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_unlink_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_unlink_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_unlink_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_unlink(struct cli_state *cli, const char *fname, uint32_t mayhave_attrs)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_unlink_send(frame, ev, cli, fname, mayhave_attrs);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_unlink_recv(req);
+ cli->raw_status = status; /* cli_smb2_unlink_recv doesn't set this */
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Create a directory.
+****************************************************************************/
+
+static void cli_mkdir_done(struct tevent_req *subreq);
+static void cli_mkdir_done2(struct tevent_req *subreq);
+
+struct cli_mkdir_state {
+ int dummy;
+};
+
+struct tevent_req *cli_mkdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *dname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_mkdir_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *dname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_mkdir_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_mkdir_send(state, ev, cli, dname);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_mkdir_done2, req);
+ return req;
+ }
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBmkdir on a DFS share must use DFS names.
+ */
+ dname_cp = smb1_dfs_share_path(state, cli, dname);
+ if (tevent_req_nomem(dname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ dname_cp,
+ strlen(dname_cp)+1,
+ NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(dname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBmkdir, additional_flags,
+ additional_flags2,
+ 0, NULL, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_mkdir_done, req);
+ return req;
+}
+
+static void cli_mkdir_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void cli_mkdir_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_mkdir_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_mkdir_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_mkdir(struct cli_state *cli, const char *dname)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_mkdir_send(frame, ev, cli, dname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_mkdir_recv(req);
+ cli->raw_status = status; /* cli_smb2_mkdir_recv doesn't set this */
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Remove a directory.
+****************************************************************************/
+
+static void cli_rmdir_done(struct tevent_req *subreq);
+static void cli_rmdir_done2(struct tevent_req *subreq);
+
+struct cli_rmdir_state {
+ int dummy;
+};
+
+struct tevent_req *cli_rmdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *dname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_rmdir_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *dname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_rmdir_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_rmdir_send(state, ev, cli, dname, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_rmdir_done2, req);
+ return req;
+ }
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBrmdir on a DFS share must use DFS names.
+ */
+ dname_cp = smb1_dfs_share_path(state, cli, dname);
+ if (tevent_req_nomem(dname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ dname_cp,
+ strlen(dname_cp)+1,
+ NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(dname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBrmdir, additional_flags,
+ additional_flags2,
+ 0, NULL, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_rmdir_done, req);
+ return req;
+}
+
+static void cli_rmdir_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb_recv(
+ subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_rmdir_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_rmdir_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_rmdir_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_rmdir(struct cli_state *cli, const char *dname)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_rmdir_send(frame, ev, cli, dname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_rmdir_recv(req);
+ cli->raw_status = status; /* cli_smb2_rmdir_recv doesn't set this */
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Set or clear the delete on close flag.
+****************************************************************************/
+
+struct doc_state {
+ uint8_t data[1];
+};
+
+static void cli_nt_delete_on_close_smb1_done(struct tevent_req *subreq);
+static void cli_nt_delete_on_close_smb2_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_nt_delete_on_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool flag)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct doc_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct doc_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_delete_on_close_send(state, ev, cli,
+ fnum, flag);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_nt_delete_on_close_smb2_done,
+ req);
+ return req;
+ }
+
+ /* Setup data array. */
+ SCVAL(&state->data[0], 0, flag ? 1 : 0);
+
+ subreq = cli_setfileinfo_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ SMB_SET_FILE_DISPOSITION_INFO,
+ state->data,
+ sizeof(state->data));
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_nt_delete_on_close_smb1_done,
+ req);
+ return req;
+}
+
+static void cli_nt_delete_on_close_smb1_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setfileinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_nt_delete_on_close_smb2_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_delete_on_close_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_nt_delete_on_close_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_nt_delete_on_close(struct cli_state *cli, uint16_t fnum, bool flag)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_nt_delete_on_close_send(frame,
+ ev,
+ cli,
+ fnum,
+ flag);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_nt_delete_on_close_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_ntcreate1_state {
+ uint16_t vwv[24];
+ uint16_t fnum;
+ struct smb_create_returns cr;
+ struct tevent_req *subreq;
+};
+
+static void cli_ntcreate1_done(struct tevent_req *subreq);
+static bool cli_ntcreate1_cancel(struct tevent_req *req);
+
+static struct tevent_req *cli_ntcreate1_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint32_t ImpersonationLevel,
+ uint8_t SecurityFlags)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_ntcreate1_state *state;
+ uint16_t *vwv;
+ uint8_t *bytes;
+ size_t converted_len;
+ uint16_t additional_flags2 = 0;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_ntcreate1_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ vwv = state->vwv;
+
+ SCVAL(vwv+0, 0, 0xFF);
+ SCVAL(vwv+0, 1, 0);
+ SSVAL(vwv+1, 0, 0);
+ SCVAL(vwv+2, 0, 0);
+
+ if (cli->use_oplocks) {
+ CreatFlags |= (REQUEST_OPLOCK|REQUEST_BATCH_OPLOCK);
+ }
+ SIVAL(vwv+3, 1, CreatFlags);
+ SIVAL(vwv+5, 1, 0x0); /* RootDirectoryFid */
+ SIVAL(vwv+7, 1, DesiredAccess);
+ SIVAL(vwv+9, 1, 0x0); /* AllocationSize */
+ SIVAL(vwv+11, 1, 0x0); /* AllocationSize */
+ SIVAL(vwv+13, 1, FileAttributes);
+ SIVAL(vwv+15, 1, ShareAccess);
+ SIVAL(vwv+17, 1, CreateDisposition);
+ SIVAL(vwv+19, 1, CreateOptions |
+ (cli->backup_intent ? FILE_OPEN_FOR_BACKUP_INTENT : 0));
+ SIVAL(vwv+21, 1, ImpersonationLevel);
+ SCVAL(vwv+23, 1, SecurityFlags);
+
+ bytes = talloc_array(state, uint8_t, 0);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBntcreateX on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ &converted_len);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ /* sigh. this copes with broken netapp filer behaviour */
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "", 1, NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ SSVAL(vwv+2, 1, converted_len);
+
+ subreq = cli_smb_send(state, ev, cli, SMBntcreateX, 0,
+ additional_flags2, 24, vwv,
+ talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ntcreate1_done, req);
+
+ state->subreq = subreq;
+ tevent_req_set_cancel_fn(req, cli_ntcreate1_cancel);
+
+ return req;
+}
+
+static void cli_ntcreate1_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_ntcreate1_state *state = tevent_req_data(
+ req, struct cli_ntcreate1_state);
+ uint8_t wct;
+ uint16_t *vwv;
+ uint32_t num_bytes;
+ uint8_t *bytes;
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, state, NULL, 34, &wct, &vwv,
+ &num_bytes, &bytes);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->cr.oplock_level = CVAL(vwv+2, 0);
+ state->fnum = SVAL(vwv+2, 1);
+ state->cr.create_action = IVAL(vwv+3, 1);
+ state->cr.creation_time = BVAL(vwv+5, 1);
+ state->cr.last_access_time = BVAL(vwv+9, 1);
+ state->cr.last_write_time = BVAL(vwv+13, 1);
+ state->cr.change_time = BVAL(vwv+17, 1);
+ state->cr.file_attributes = IVAL(vwv+21, 1);
+ state->cr.allocation_size = BVAL(vwv+23, 1);
+ state->cr.end_of_file = BVAL(vwv+27, 1);
+
+ tevent_req_done(req);
+}
+
+static bool cli_ntcreate1_cancel(struct tevent_req *req)
+{
+ struct cli_ntcreate1_state *state = tevent_req_data(
+ req, struct cli_ntcreate1_state);
+ return tevent_req_cancel(state->subreq);
+}
+
+static NTSTATUS cli_ntcreate1_recv(struct tevent_req *req,
+ uint16_t *pfnum,
+ struct smb_create_returns *cr)
+{
+ struct cli_ntcreate1_state *state = tevent_req_data(
+ req, struct cli_ntcreate1_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfnum = state->fnum;
+ if (cr != NULL) {
+ *cr = state->cr;
+ }
+ return NT_STATUS_OK;
+}
+
+struct cli_ntcreate_state {
+ struct smb_create_returns cr;
+ uint16_t fnum;
+ struct tevent_req *subreq;
+};
+
+static void cli_ntcreate_done_nt1(struct tevent_req *subreq);
+static void cli_ntcreate_done_smb2(struct tevent_req *subreq);
+static bool cli_ntcreate_cancel(struct tevent_req *req);
+
+struct tevent_req *cli_ntcreate_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t create_flags,
+ uint32_t desired_access,
+ uint32_t file_attributes,
+ uint32_t share_access,
+ uint32_t create_disposition,
+ uint32_t create_options,
+ uint32_t impersonation_level,
+ uint8_t security_flags)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_ntcreate_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_ntcreate_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ struct cli_smb2_create_flags cflags = {0};
+
+ if (cli->use_oplocks) {
+ create_flags |= REQUEST_OPLOCK|REQUEST_BATCH_OPLOCK;
+ }
+
+ cflags = (struct cli_smb2_create_flags) {
+ .batch_oplock = (create_flags & REQUEST_BATCH_OPLOCK),
+ .exclusive_oplock = (create_flags & REQUEST_OPLOCK),
+ };
+
+ subreq = cli_smb2_create_fnum_send(
+ state,
+ ev,
+ cli,
+ fname,
+ cflags,
+ impersonation_level,
+ desired_access,
+ file_attributes,
+ share_access,
+ create_disposition,
+ create_options,
+ NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ntcreate_done_smb2, req);
+ } else {
+ subreq = cli_ntcreate1_send(
+ state, ev, cli, fname, create_flags, desired_access,
+ file_attributes, share_access, create_disposition,
+ create_options, impersonation_level, security_flags);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ntcreate_done_nt1, req);
+ }
+
+ state->subreq = subreq;
+ tevent_req_set_cancel_fn(req, cli_ntcreate_cancel);
+
+ return req;
+}
+
+static void cli_ntcreate_done_nt1(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_ntcreate_state *state = tevent_req_data(
+ req, struct cli_ntcreate_state);
+ NTSTATUS status;
+
+ status = cli_ntcreate1_recv(subreq, &state->fnum, &state->cr);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void cli_ntcreate_done_smb2(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_ntcreate_state *state = tevent_req_data(
+ req, struct cli_ntcreate_state);
+ NTSTATUS status;
+
+ status = cli_smb2_create_fnum_recv(
+ subreq,
+ &state->fnum,
+ &state->cr,
+ NULL,
+ NULL,
+ NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static bool cli_ntcreate_cancel(struct tevent_req *req)
+{
+ struct cli_ntcreate_state *state = tevent_req_data(
+ req, struct cli_ntcreate_state);
+ return tevent_req_cancel(state->subreq);
+}
+
+NTSTATUS cli_ntcreate_recv(struct tevent_req *req, uint16_t *fnum,
+ struct smb_create_returns *cr)
+{
+ struct cli_ntcreate_state *state = tevent_req_data(
+ req, struct cli_ntcreate_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (fnum != NULL) {
+ *fnum = state->fnum;
+ }
+ if (cr != NULL) {
+ *cr = state->cr;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_ntcreate(struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint8_t SecurityFlags,
+ uint16_t *pfid,
+ struct smb_create_returns *cr)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ uint32_t ImpersonationLevel = SMB2_IMPERSONATION_IMPERSONATION;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ req = cli_ntcreate_send(frame, ev, cli, fname, CreatFlags,
+ DesiredAccess, FileAttributes, ShareAccess,
+ CreateDisposition, CreateOptions,
+ ImpersonationLevel, SecurityFlags);
+ if (req == NULL) {
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_ntcreate_recv(req, pfid, cr);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_nttrans_create_state {
+ uint16_t fnum;
+ struct smb_create_returns cr;
+};
+
+static void cli_nttrans_create_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_nttrans_create_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint8_t SecurityFlags,
+ struct security_descriptor *secdesc,
+ struct ea_struct *eas,
+ int num_eas)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_nttrans_create_state *state;
+ uint8_t *param;
+ uint8_t *secdesc_buf;
+ size_t secdesc_len;
+ NTSTATUS status;
+ size_t converted_len;
+ uint16_t additional_flags2 = 0;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx,
+ &state, struct cli_nttrans_create_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (secdesc != NULL) {
+ status = marshall_sec_desc(talloc_tos(), secdesc,
+ &secdesc_buf, &secdesc_len);
+ if (tevent_req_nterror(req, status)) {
+ DEBUG(10, ("marshall_sec_desc failed: %s\n",
+ nt_errstr(status)));
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ secdesc_buf = NULL;
+ secdesc_len = 0;
+ }
+
+ if (num_eas != 0) {
+ /*
+ * TODO ;-)
+ */
+ tevent_req_nterror(req, NT_STATUS_NOT_IMPLEMENTED);
+ return tevent_req_post(req, ev);
+ }
+
+ param = talloc_array(state, uint8_t, 53);
+ if (tevent_req_nomem(param, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * SMBntcreateX on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ param = trans2_bytes_push_str(param,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp),
+ &converted_len);
+ if (tevent_req_nomem(param, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ SIVAL(param, 0, CreatFlags);
+ SIVAL(param, 4, 0x0); /* RootDirectoryFid */
+ SIVAL(param, 8, DesiredAccess);
+ SIVAL(param, 12, 0x0); /* AllocationSize */
+ SIVAL(param, 16, 0x0); /* AllocationSize */
+ SIVAL(param, 20, FileAttributes);
+ SIVAL(param, 24, ShareAccess);
+ SIVAL(param, 28, CreateDisposition);
+ SIVAL(param, 32, CreateOptions |
+ (cli->backup_intent ? FILE_OPEN_FOR_BACKUP_INTENT : 0));
+ SIVAL(param, 36, secdesc_len);
+ SIVAL(param, 40, 0); /* EA length*/
+ SIVAL(param, 44, converted_len);
+ SIVAL(param, 48, 0x02); /* ImpersonationLevel */
+ SCVAL(param, 52, SecurityFlags);
+
+ subreq = cli_trans_send(state, ev, cli,
+ additional_flags2, /* additional_flags2 */
+ SMBnttrans,
+ NULL, -1, /* name, fid */
+ NT_TRANSACT_CREATE, 0,
+ NULL, 0, 0, /* setup */
+ param, talloc_get_size(param), 128, /* param */
+ secdesc_buf, secdesc_len, 0); /* data */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_nttrans_create_done, req);
+ return req;
+}
+
+static void cli_nttrans_create_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_nttrans_create_state *state = tevent_req_data(
+ req, struct cli_nttrans_create_state);
+ uint8_t *param;
+ uint32_t num_param;
+ NTSTATUS status;
+
+ status = cli_trans_recv(subreq, talloc_tos(), NULL,
+ NULL, 0, NULL, /* rsetup */
+ &param, 69, &num_param,
+ NULL, 0, NULL);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->cr.oplock_level = CVAL(param, 0);
+ state->fnum = SVAL(param, 2);
+ state->cr.create_action = IVAL(param, 4);
+ state->cr.creation_time = BVAL(param, 12);
+ state->cr.last_access_time = BVAL(param, 20);
+ state->cr.last_write_time = BVAL(param, 28);
+ state->cr.change_time = BVAL(param, 36);
+ state->cr.file_attributes = IVAL(param, 44);
+ state->cr.allocation_size = BVAL(param, 48);
+ state->cr.end_of_file = BVAL(param, 56);
+
+ TALLOC_FREE(param);
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_nttrans_create_recv(struct tevent_req *req,
+ uint16_t *fnum,
+ struct smb_create_returns *cr)
+{
+ struct cli_nttrans_create_state *state = tevent_req_data(
+ req, struct cli_nttrans_create_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *fnum = state->fnum;
+ if (cr != NULL) {
+ *cr = state->cr;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_nttrans_create(struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint8_t SecurityFlags,
+ struct security_descriptor *secdesc,
+ struct ea_struct *eas,
+ int num_eas,
+ uint16_t *pfid,
+ struct smb_create_returns *cr)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_nttrans_create_send(frame, ev, cli, fname, CreatFlags,
+ DesiredAccess, FileAttributes,
+ ShareAccess, CreateDisposition,
+ CreateOptions, SecurityFlags,
+ secdesc, eas, num_eas);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_nttrans_create_recv(req, pfid, cr);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Open a file
+ WARNING: if you open with O_WRONLY then getattrE won't work!
+****************************************************************************/
+
+struct cli_openx_state {
+ const char *fname;
+ uint16_t vwv[15];
+ uint16_t fnum;
+ struct iovec bytes;
+};
+
+static void cli_openx_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_openx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, const char *fname,
+ int flags, int share_mode,
+ struct tevent_req **psmbreq)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_openx_state *state;
+ unsigned openfn;
+ unsigned accessmode;
+ uint8_t additional_flags;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_openx_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ openfn = 0;
+ if (flags & O_CREAT) {
+ openfn |= (1<<4);
+ }
+ if (!(flags & O_EXCL)) {
+ if (flags & O_TRUNC)
+ openfn |= (1<<1);
+ else
+ openfn |= (1<<0);
+ }
+
+ accessmode = (share_mode<<4);
+
+ if ((flags & O_ACCMODE) == O_RDWR) {
+ accessmode |= 2;
+ } else if ((flags & O_ACCMODE) == O_WRONLY) {
+ accessmode |= 1;
+ }
+
+#if defined(O_SYNC)
+ if ((flags & O_SYNC) == O_SYNC) {
+ accessmode |= (1<<14);
+ }
+#endif /* O_SYNC */
+
+ if (share_mode == DENY_FCB) {
+ accessmode = 0xFF;
+ }
+
+ SCVAL(state->vwv + 0, 0, 0xFF);
+ SCVAL(state->vwv + 0, 1, 0);
+ SSVAL(state->vwv + 1, 0, 0);
+ SSVAL(state->vwv + 2, 0, 0); /* no additional info */
+ SSVAL(state->vwv + 3, 0, accessmode);
+ SSVAL(state->vwv + 4, 0, FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
+ SSVAL(state->vwv + 5, 0, 0);
+ SIVAL(state->vwv + 6, 0, 0);
+ SSVAL(state->vwv + 8, 0, openfn);
+ SIVAL(state->vwv + 9, 0, 0);
+ SIVAL(state->vwv + 11, 0, 0);
+ SIVAL(state->vwv + 13, 0, 0);
+
+ additional_flags = 0;
+
+ if (cli->use_oplocks) {
+ /* if using oplocks then ask for a batch oplock via
+ core and extended methods */
+ additional_flags =
+ FLAG_REQUEST_OPLOCK|FLAG_REQUEST_BATCH_OPLOCK;
+ SSVAL(state->vwv+2, 0, SVAL(state->vwv+2, 0) | 6);
+ }
+
+ bytes = talloc_array(state, uint8_t, 0);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBopenX on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ state->bytes.iov_base = (void *)bytes;
+ state->bytes.iov_len = talloc_get_size(bytes);
+
+ subreq = cli_smb_req_create(state, ev, cli, SMBopenX, additional_flags,
+ additional_flags2, 15, state->vwv, 1, &state->bytes);
+ if (subreq == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ tevent_req_set_callback(subreq, cli_openx_done, req);
+ *psmbreq = subreq;
+ return req;
+}
+
+struct tevent_req *cli_openx_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli, const char *fname,
+ int flags, int share_mode)
+{
+ struct tevent_req *req, *subreq;
+ NTSTATUS status;
+
+ req = cli_openx_create(mem_ctx, ev, cli, fname, flags, share_mode,
+ &subreq);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = smb1cli_req_chain_submit(&subreq, 1);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void cli_openx_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_openx_state *state = tevent_req_data(
+ req, struct cli_openx_state);
+ uint8_t wct;
+ uint16_t *vwv;
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, state, NULL, 3, &wct, &vwv, NULL,
+ NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->fnum = SVAL(vwv+2, 0);
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_openx_recv(struct tevent_req *req, uint16_t *pfnum)
+{
+ struct cli_openx_state *state = tevent_req_data(
+ req, struct cli_openx_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfnum = state->fnum;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_openx(struct cli_state *cli, const char *fname, int flags,
+ int share_mode, uint16_t *pfnum)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ req = cli_openx_send(frame, ev, cli, fname, flags, share_mode);
+ if (req == NULL) {
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_openx_recv(req, pfnum);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+/****************************************************************************
+ Synchronous wrapper function that does an NtCreateX open by preference
+ and falls back to openX if this fails.
+****************************************************************************/
+
+NTSTATUS cli_open(struct cli_state *cli, const char *fname, int flags,
+ int share_mode_in, uint16_t *pfnum)
+{
+ NTSTATUS status;
+ unsigned int openfn = 0;
+ unsigned int dos_deny = 0;
+ uint32_t access_mask, share_mode, create_disposition, create_options;
+ struct smb_create_returns cr = {0};
+
+ /* Do the initial mapping into OpenX parameters. */
+ if (flags & O_CREAT) {
+ openfn |= (1<<4);
+ }
+ if (!(flags & O_EXCL)) {
+ if (flags & O_TRUNC)
+ openfn |= (1<<1);
+ else
+ openfn |= (1<<0);
+ }
+
+ dos_deny = (share_mode_in<<4);
+
+ if ((flags & O_ACCMODE) == O_RDWR) {
+ dos_deny |= 2;
+ } else if ((flags & O_ACCMODE) == O_WRONLY) {
+ dos_deny |= 1;
+ }
+
+#if defined(O_SYNC)
+ if ((flags & O_SYNC) == O_SYNC) {
+ dos_deny |= (1<<14);
+ }
+#endif /* O_SYNC */
+
+ if (share_mode_in == DENY_FCB) {
+ dos_deny = 0xFF;
+ }
+
+ if (!map_open_params_to_ntcreate(fname, dos_deny,
+ openfn, &access_mask,
+ &share_mode, &create_disposition,
+ &create_options, NULL)) {
+ goto try_openx;
+ }
+
+ status = cli_ntcreate(cli,
+ fname,
+ 0,
+ access_mask,
+ 0,
+ share_mode,
+ create_disposition,
+ create_options,
+ 0,
+ pfnum,
+ &cr);
+
+ /* Try and cope will all variants of "we don't do this call"
+ and fall back to openX. */
+
+ if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_IMPLEMENTED) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_INFO_CLASS) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_PROCEDURE_NOT_FOUND) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_LEVEL) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_PARAMETER) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_DEVICE_REQUEST) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_DEVICE_STATE) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_CTL_FILE_NOT_SUPPORTED) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_UNSUCCESSFUL)) {
+ goto try_openx;
+ }
+
+ if (NT_STATUS_IS_OK(status) &&
+ (create_options & FILE_NON_DIRECTORY_FILE) &&
+ (cr.file_attributes & FILE_ATTRIBUTE_DIRECTORY))
+ {
+ /*
+ * Some (broken) servers return a valid handle
+ * for directories even if FILE_NON_DIRECTORY_FILE
+ * is set. Just close the handle and set the
+ * error explicitly to NT_STATUS_FILE_IS_A_DIRECTORY.
+ */
+ status = cli_close(cli, *pfnum);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ status = NT_STATUS_FILE_IS_A_DIRECTORY;
+ /* Set this so libsmbclient can retrieve it. */
+ cli->raw_status = status;
+ }
+
+ return status;
+
+ try_openx:
+
+ return cli_openx(cli, fname, flags, share_mode_in, pfnum);
+}
+
+/****************************************************************************
+ Close a file.
+****************************************************************************/
+
+struct cli_smb1_close_state {
+ uint16_t vwv[3];
+};
+
+static void cli_smb1_close_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb1_close_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ struct tevent_req **psubreq)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_smb1_close_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_smb1_close_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ SSVAL(state->vwv+0, 0, fnum);
+ SIVALS(state->vwv+1, 0, -1);
+
+ subreq = cli_smb_req_create(state, ev, cli, SMBclose, 0, 0,
+ 3, state->vwv, 0, NULL);
+ if (subreq == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ tevent_req_set_callback(subreq, cli_smb1_close_done, req);
+ *psubreq = subreq;
+ return req;
+}
+
+static void cli_smb1_close_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+struct cli_close_state {
+ int dummy;
+};
+
+static void cli_close_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t flags)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_close_state *state;
+ NTSTATUS status;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_close_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_close_fnum_send(state, ev, cli, fnum, flags);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ struct tevent_req *ch_req = NULL;
+ subreq = cli_smb1_close_create(state, ev, cli, fnum, &ch_req);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ status = smb1cli_req_chain_submit(&ch_req, 1);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ tevent_req_set_callback(subreq, cli_close_done, req);
+ return req;
+}
+
+static void cli_close_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status = NT_STATUS_OK;
+ bool err = tevent_req_is_nterror(subreq, &status);
+
+ TALLOC_FREE(subreq);
+ if (err) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_close_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_close(struct cli_state *cli, uint16_t fnum)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_close_send(frame, ev, cli, fnum, 0);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_close_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Truncate a file to a specified size
+****************************************************************************/
+
+struct ftrunc_state {
+ uint8_t data[8];
+};
+
+static void cli_ftruncate_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setfileinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+struct tevent_req *cli_ftruncate_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t size)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct ftrunc_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct ftrunc_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /* Setup data array. */
+ SBVAL(state->data, 0, size);
+
+ subreq = cli_setfileinfo_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ SMB_SET_FILE_END_OF_FILE_INFO,
+ state->data,
+ sizeof(state->data));
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ftruncate_done, req);
+ return req;
+}
+
+NTSTATUS cli_ftruncate_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_ftruncate(struct cli_state *cli, uint16_t fnum, uint64_t size)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_ftruncate(cli, fnum, size);
+ }
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_ftruncate_send(frame,
+ ev,
+ cli,
+ fnum,
+ size);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_ftruncate_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+static uint8_t *cli_lockingx_put_locks(
+ uint8_t *buf,
+ bool large,
+ uint16_t num_locks,
+ const struct smb1_lock_element *locks)
+{
+ uint16_t i;
+
+ for (i=0; i<num_locks; i++) {
+ const struct smb1_lock_element *e = &locks[i];
+ if (large) {
+ SSVAL(buf, 0, e->pid);
+ SSVAL(buf, 2, 0);
+ SOFF_T_R(buf, 4, e->offset);
+ SOFF_T_R(buf, 12, e->length);
+ buf += 20;
+ } else {
+ SSVAL(buf, 0, e->pid);
+ SIVAL(buf, 2, e->offset);
+ SIVAL(buf, 6, e->length);
+ buf += 10;
+ }
+ }
+ return buf;
+}
+
+struct cli_lockingx_state {
+ uint16_t vwv[8];
+ struct iovec bytes;
+ struct tevent_req *subreq;
+};
+
+static void cli_lockingx_done(struct tevent_req *subreq);
+static bool cli_lockingx_cancel(struct tevent_req *req);
+
+struct tevent_req *cli_lockingx_create(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t typeoflock,
+ uint8_t newoplocklevel,
+ int32_t timeout,
+ uint16_t num_unlocks,
+ const struct smb1_lock_element *unlocks,
+ uint16_t num_locks,
+ const struct smb1_lock_element *locks,
+ struct tevent_req **psmbreq)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_lockingx_state *state = NULL;
+ uint16_t *vwv;
+ uint8_t *p;
+ const bool large = (typeoflock & LOCKING_ANDX_LARGE_FILES);
+ const size_t element_len = large ? 20 : 10;
+
+ /* uint16->size_t, no overflow */
+ const size_t num_elements = (size_t)num_locks + (size_t)num_unlocks;
+
+ /* at most 20*2*65535 = 2621400, no overflow */
+ const size_t num_bytes = num_elements * element_len;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_lockingx_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ vwv = state->vwv;
+
+ SCVAL(vwv + 0, 0, 0xFF);
+ SCVAL(vwv + 0, 1, 0);
+ SSVAL(vwv + 1, 0, 0);
+ SSVAL(vwv + 2, 0, fnum);
+ SCVAL(vwv + 3, 0, typeoflock);
+ SCVAL(vwv + 3, 1, newoplocklevel);
+ SIVALS(vwv + 4, 0, timeout);
+ SSVAL(vwv + 6, 0, num_unlocks);
+ SSVAL(vwv + 7, 0, num_locks);
+
+ state->bytes.iov_len = num_bytes;
+ state->bytes.iov_base = talloc_array(state, uint8_t, num_bytes);
+ if (tevent_req_nomem(state->bytes.iov_base, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ p = cli_lockingx_put_locks(
+ state->bytes.iov_base, large, num_unlocks, unlocks);
+ cli_lockingx_put_locks(p, large, num_locks, locks);
+
+ subreq = cli_smb_req_create(
+ state, ev, cli, SMBlockingX, 0, 0, 8, vwv, 1, &state->bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_lockingx_done, req);
+ *psmbreq = subreq;
+ return req;
+}
+
+struct tevent_req *cli_lockingx_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t typeoflock,
+ uint8_t newoplocklevel,
+ int32_t timeout,
+ uint16_t num_unlocks,
+ const struct smb1_lock_element *unlocks,
+ uint16_t num_locks,
+ const struct smb1_lock_element *locks)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_lockingx_state *state = NULL;
+ NTSTATUS status;
+
+ req = cli_lockingx_create(
+ mem_ctx,
+ ev,
+ cli,
+ fnum,
+ typeoflock,
+ newoplocklevel,
+ timeout,
+ num_unlocks,
+ unlocks,
+ num_locks,
+ locks,
+ &subreq);
+ if (req == NULL) {
+ return NULL;
+ }
+ state = tevent_req_data(req, struct cli_lockingx_state);
+ state->subreq = subreq;
+
+ status = smb1cli_req_chain_submit(&subreq, 1);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_cancel_fn(req, cli_lockingx_cancel);
+ return req;
+}
+
+static void cli_lockingx_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb_recv(
+ subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static bool cli_lockingx_cancel(struct tevent_req *req)
+{
+ struct cli_lockingx_state *state = tevent_req_data(
+ req, struct cli_lockingx_state);
+ if (state->subreq == NULL) {
+ return false;
+ }
+ return tevent_req_cancel(state->subreq);
+}
+
+NTSTATUS cli_lockingx_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_lockingx(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t typeoflock,
+ uint8_t newoplocklevel,
+ int32_t timeout,
+ uint16_t num_unlocks,
+ const struct smb1_lock_element *unlocks,
+ uint16_t num_locks,
+ const struct smb1_lock_element *locks)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ unsigned int set_timeout = 0;
+ unsigned int saved_timeout = 0;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ if (timeout != 0) {
+ if (timeout == -1) {
+ set_timeout = 0x7FFFFFFF;
+ } else {
+ set_timeout = timeout + 2*1000;
+ }
+ saved_timeout = cli_set_timeout(cli, set_timeout);
+ }
+
+ req = cli_lockingx_send(
+ frame,
+ ev,
+ cli,
+ fnum,
+ typeoflock,
+ newoplocklevel,
+ timeout,
+ num_unlocks,
+ unlocks,
+ num_locks,
+ locks);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_lockingx_recv(req);
+
+ if (saved_timeout != 0) {
+ cli_set_timeout(cli, saved_timeout);
+ }
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ send a lock with a specified locktype
+ this is used for testing LOCKING_ANDX_CANCEL_LOCK
+****************************************************************************/
+
+NTSTATUS cli_locktype(struct cli_state *cli, uint16_t fnum,
+ uint32_t offset, uint32_t len,
+ int timeout, unsigned char locktype)
+{
+ struct smb1_lock_element lck = {
+ .pid = cli_getpid(cli),
+ .offset = offset,
+ .length = len,
+ };
+ NTSTATUS status;
+
+ status = cli_lockingx(
+ cli, /* cli */
+ fnum, /* fnum */
+ locktype, /* typeoflock */
+ 0, /* newoplocklevel */
+ timeout, /* timeout */
+ 0, /* num_unlocks */
+ NULL, /* unlocks */
+ 1, /* num_locks */
+ &lck); /* locks */
+ return status;
+}
+
+/****************************************************************************
+ Lock a file.
+ note that timeout is in units of 2 milliseconds
+****************************************************************************/
+
+NTSTATUS cli_lock32(struct cli_state *cli, uint16_t fnum,
+ uint32_t offset, uint32_t len, int timeout,
+ enum brl_type lock_type)
+{
+ NTSTATUS status;
+
+ status = cli_locktype(cli, fnum, offset, len, timeout,
+ (lock_type == READ_LOCK? 1 : 0));
+ return status;
+}
+
+/****************************************************************************
+ Unlock a file.
+****************************************************************************/
+
+struct cli_unlock_state {
+ struct smb1_lock_element lck;
+};
+
+static void cli_unlock_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_unlock_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t offset,
+ uint64_t len)
+
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_unlock_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_unlock_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->lck = (struct smb1_lock_element) {
+ .pid = cli_getpid(cli),
+ .offset = offset,
+ .length = len,
+ };
+
+ subreq = cli_lockingx_send(
+ state, /* mem_ctx */
+ ev, /* tevent_context */
+ cli, /* cli */
+ fnum, /* fnum */
+ 0, /* typeoflock */
+ 0, /* newoplocklevel */
+ 0, /* timeout */
+ 1, /* num_unlocks */
+ &state->lck, /* unlocks */
+ 0, /* num_locks */
+ NULL); /* locks */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_unlock_done, req);
+ return req;
+}
+
+static void cli_unlock_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_lockingx_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_unlock_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_unlock(struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t offset,
+ uint32_t len)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_unlock_send(frame, ev, cli,
+ fnum, offset, len);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_unlock_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Get/unlock a POSIX lock on a file - internal function.
+****************************************************************************/
+
+struct posix_lock_state {
+ uint16_t setup;
+ uint8_t param[4];
+ uint8_t data[POSIX_LOCK_DATA_SIZE];
+};
+
+static void cli_posix_unlock_internal_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_trans_recv(subreq, NULL, NULL, NULL, 0, NULL,
+ NULL, 0, NULL, NULL, 0, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static struct tevent_req *cli_posix_lock_internal_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t offset,
+ uint64_t len,
+ bool wait_lock,
+ enum brl_type lock_type)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct posix_lock_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct posix_lock_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /* Setup setup word. */
+ SSVAL(&state->setup, 0, TRANSACT2_SETFILEINFO);
+
+ /* Setup param array. */
+ SSVAL(&state->param, 0, fnum);
+ SSVAL(&state->param, 2, SMB_SET_POSIX_LOCK);
+
+ /* Setup data array. */
+ switch (lock_type) {
+ case READ_LOCK:
+ SSVAL(&state->data, POSIX_LOCK_TYPE_OFFSET,
+ POSIX_LOCK_TYPE_READ);
+ break;
+ case WRITE_LOCK:
+ SSVAL(&state->data, POSIX_LOCK_TYPE_OFFSET,
+ POSIX_LOCK_TYPE_WRITE);
+ break;
+ case UNLOCK_LOCK:
+ SSVAL(&state->data, POSIX_LOCK_TYPE_OFFSET,
+ POSIX_LOCK_TYPE_UNLOCK);
+ break;
+ default:
+ return NULL;
+ }
+
+ if (wait_lock) {
+ SSVAL(&state->data, POSIX_LOCK_FLAGS_OFFSET,
+ POSIX_LOCK_FLAG_WAIT);
+ } else {
+ SSVAL(state->data, POSIX_LOCK_FLAGS_OFFSET,
+ POSIX_LOCK_FLAG_NOWAIT);
+ }
+
+ SIVAL(&state->data, POSIX_LOCK_PID_OFFSET, cli_getpid(cli));
+ SOFF_T(&state->data, POSIX_LOCK_START_OFFSET, offset);
+ SOFF_T(&state->data, POSIX_LOCK_LEN_OFFSET, len);
+
+ subreq = cli_trans_send(state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ 0, /* additional_flags2 */
+ SMBtrans2, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ 0, /* function. */
+ 0, /* flags. */
+ &state->setup, /* setup. */
+ 1, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ state->param, /* param. */
+ 4, /* num param. */
+ 2, /* max returned param. */
+ state->data, /* data. */
+ POSIX_LOCK_DATA_SIZE, /* num data. */
+ 0); /* max returned data. */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_unlock_internal_done, req);
+ return req;
+}
+
+/****************************************************************************
+ POSIX Lock a file.
+****************************************************************************/
+
+struct tevent_req *cli_posix_lock_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t offset,
+ uint64_t len,
+ bool wait_lock,
+ enum brl_type lock_type)
+{
+ return cli_posix_lock_internal_send(mem_ctx, ev, cli, fnum, offset, len,
+ wait_lock, lock_type);
+}
+
+NTSTATUS cli_posix_lock_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_lock(struct cli_state *cli, uint16_t fnum,
+ uint64_t offset, uint64_t len,
+ bool wait_lock, enum brl_type lock_type)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ if (lock_type != READ_LOCK && lock_type != WRITE_LOCK) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_lock_send(frame,
+ ev,
+ cli,
+ fnum,
+ offset,
+ len,
+ wait_lock,
+ lock_type);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_lock_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ POSIX Unlock a file.
+****************************************************************************/
+
+struct tevent_req *cli_posix_unlock_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t offset,
+ uint64_t len)
+{
+ return cli_posix_lock_internal_send(mem_ctx, ev, cli, fnum, offset, len,
+ false, UNLOCK_LOCK);
+}
+
+NTSTATUS cli_posix_unlock_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_unlock(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_unlock_send(frame,
+ ev,
+ cli,
+ fnum,
+ offset,
+ len);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_unlock_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Do a SMBgetattrE call.
+****************************************************************************/
+
+static void cli_getattrE_done(struct tevent_req *subreq);
+
+struct cli_getattrE_state {
+ uint16_t vwv[1];
+ int zone_offset;
+ uint32_t attr;
+ off_t size;
+ time_t change_time;
+ time_t access_time;
+ time_t write_time;
+};
+
+struct tevent_req *cli_getattrE_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_getattrE_state *state = NULL;
+ uint8_t additional_flags = 0;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_getattrE_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->zone_offset = smb1cli_conn_server_time_zone(cli->conn);
+ SSVAL(state->vwv+0,0,fnum);
+
+ subreq = cli_smb_send(state, ev, cli, SMBgetattrE, additional_flags, 0,
+ 1, state->vwv, 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_getattrE_done, req);
+ return req;
+}
+
+static void cli_getattrE_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_getattrE_state *state = tevent_req_data(
+ req, struct cli_getattrE_state);
+ uint8_t wct;
+ uint16_t *vwv = NULL;
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, state, NULL, 11, &wct, &vwv,
+ NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->size = (off_t)IVAL(vwv+6,0);
+ state->attr = SVAL(vwv+10,0);
+ state->change_time = make_unix_date2(vwv+0, state->zone_offset);
+ state->access_time = make_unix_date2(vwv+2, state->zone_offset);
+ state->write_time = make_unix_date2(vwv+4, state->zone_offset);
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_getattrE_recv(struct tevent_req *req,
+ uint32_t *pattr,
+ off_t *size,
+ time_t *change_time,
+ time_t *access_time,
+ time_t *write_time)
+{
+ struct cli_getattrE_state *state = tevent_req_data(
+ req, struct cli_getattrE_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (pattr) {
+ *pattr = state->attr;
+ }
+ if (size) {
+ *size = state->size;
+ }
+ if (change_time) {
+ *change_time = state->change_time;
+ }
+ if (access_time) {
+ *access_time = state->access_time;
+ }
+ if (write_time) {
+ *write_time = state->write_time;
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Do a SMBgetatr call
+****************************************************************************/
+
+static void cli_getatr_done(struct tevent_req *subreq);
+
+struct cli_getatr_state {
+ int zone_offset;
+ uint32_t attr;
+ off_t size;
+ time_t write_time;
+};
+
+struct tevent_req *cli_getatr_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_getatr_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_getatr_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->zone_offset = smb1cli_conn_server_time_zone(cli->conn);
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBgetatr on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBgetatr, additional_flags,
+ additional_flags2,
+ 0, NULL, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_getatr_done, req);
+ return req;
+}
+
+static void cli_getatr_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_getatr_state *state = tevent_req_data(
+ req, struct cli_getatr_state);
+ uint8_t wct;
+ uint16_t *vwv = NULL;
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, state, NULL, 4, &wct, &vwv, NULL,
+ NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->attr = SVAL(vwv+0,0);
+ state->size = (off_t)IVAL(vwv+3,0);
+ state->write_time = make_unix_date3(vwv+1, state->zone_offset);
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_getatr_recv(struct tevent_req *req,
+ uint32_t *pattr,
+ off_t *size,
+ time_t *write_time)
+{
+ struct cli_getatr_state *state = tevent_req_data(
+ req, struct cli_getatr_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (pattr) {
+ *pattr = state->attr;
+ }
+ if (size) {
+ *size = state->size;
+ }
+ if (write_time) {
+ *write_time = state->write_time;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_getatr(struct cli_state *cli,
+ const char *fname,
+ uint32_t *pattr,
+ off_t *size,
+ time_t *write_time)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ struct stat_ex sbuf = {
+ .st_ex_nlink = 0,
+ };
+ uint32_t attr;
+
+ status = cli_smb2_qpathinfo_basic(cli, fname, &sbuf, &attr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (pattr != NULL) {
+ *pattr = attr;
+ }
+ if (size != NULL) {
+ *size = sbuf.st_ex_size;
+ }
+ if (write_time != NULL) {
+ *write_time = sbuf.st_ex_mtime.tv_sec;
+ }
+ return NT_STATUS_OK;
+ }
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_getatr_send(frame, ev, cli, fname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_getatr_recv(req,
+ pattr,
+ size,
+ write_time);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Do a SMBsetattrE call.
+****************************************************************************/
+
+static void cli_setattrE_done(struct tevent_req *subreq);
+
+struct cli_setattrE_state {
+ uint16_t vwv[7];
+};
+
+struct tevent_req *cli_setattrE_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ time_t change_time,
+ time_t access_time,
+ time_t write_time)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_setattrE_state *state = NULL;
+ uint8_t additional_flags = 0;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_setattrE_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ SSVAL(state->vwv+0, 0, fnum);
+ push_dos_date2((uint8_t *)&state->vwv[1], 0, change_time,
+ smb1cli_conn_server_time_zone(cli->conn));
+ push_dos_date2((uint8_t *)&state->vwv[3], 0, access_time,
+ smb1cli_conn_server_time_zone(cli->conn));
+ push_dos_date2((uint8_t *)&state->vwv[5], 0, write_time,
+ smb1cli_conn_server_time_zone(cli->conn));
+
+ subreq = cli_smb_send(state, ev, cli, SMBsetattrE, additional_flags, 0,
+ 7, state->vwv, 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_setattrE_done, req);
+ return req;
+}
+
+static void cli_setattrE_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_setattrE_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_setattrE(struct cli_state *cli,
+ uint16_t fnum,
+ time_t change_time,
+ time_t access_time,
+ time_t write_time)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_setattrE(cli,
+ fnum,
+ change_time,
+ access_time,
+ write_time);
+ }
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_setattrE_send(frame, ev,
+ cli,
+ fnum,
+ change_time,
+ access_time,
+ write_time);
+
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_setattrE_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Do a SMBsetatr call.
+****************************************************************************/
+
+static void cli_setatr_done(struct tevent_req *subreq);
+
+struct cli_setatr_state {
+ uint16_t vwv[8];
+};
+
+struct tevent_req *cli_setatr_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t attr,
+ time_t mtime)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_setatr_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_setatr_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (attr & 0xFFFF0000) {
+ /*
+ * Don't allow attributes greater than
+ * 16-bits for a 16-bit protocol value.
+ */
+ if (tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ SSVAL(state->vwv+0, 0, attr);
+ push_dos_date3((uint8_t *)&state->vwv[1], 0, mtime, smb1cli_conn_server_time_zone(cli->conn));
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBsetatr on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ NULL);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes = talloc_realloc(state, bytes, uint8_t,
+ talloc_get_size(bytes)+1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ bytes[talloc_get_size(bytes)-1] = 4;
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(cli->conn), "",
+ 1, NULL);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBsetatr, additional_flags,
+ additional_flags2,
+ 8, state->vwv, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_setatr_done, req);
+ return req;
+}
+
+static void cli_setatr_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_setatr_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_setatr(struct cli_state *cli,
+ const char *fname,
+ uint32_t attr,
+ time_t mtime)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_setatr(cli,
+ fname,
+ attr,
+ mtime);
+ }
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_setatr_send(frame, ev, cli, fname, attr, mtime);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_setatr_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Check for existence of a dir.
+****************************************************************************/
+
+static void cli_chkpath_done(struct tevent_req *subreq);
+static void cli_chkpath_opened(struct tevent_req *subreq);
+static void cli_chkpath_closed(struct tevent_req *subreq);
+
+struct cli_chkpath_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+};
+
+struct tevent_req *cli_chkpath_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_chkpath_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_chkpath_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_NT1) {
+ subreq = cli_ntcreate_send(
+ state, /* mem_ctx */
+ state->ev, /* ev */
+ state->cli, /* cli */
+ fname, /* fname */
+ 0, /* create_flags */
+ FILE_READ_ATTRIBUTES, /* desired_access */
+ FILE_ATTRIBUTE_DIRECTORY, /* FileAttributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE|
+ FILE_SHARE_DELETE, /* share_access */
+ FILE_OPEN, /* CreateDisposition */
+ FILE_DIRECTORY_FILE, /* CreateOptions */
+ SMB2_IMPERSONATION_IMPERSONATION,
+ 0); /* SecurityFlags */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_chkpath_opened, req);
+ return req;
+ }
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBcheckpath on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ NULL);
+
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBcheckpath, additional_flags,
+ additional_flags2,
+ 0, NULL, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_chkpath_done, req);
+ return req;
+}
+
+static void cli_chkpath_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb_recv(
+ subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_chkpath_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_chkpath_state *state = tevent_req_data(
+ req, struct cli_chkpath_state);
+ NTSTATUS status;
+ uint16_t fnum;
+
+ status = cli_ntcreate_recv(subreq, &fnum, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_close_send(state, state->ev, state->cli, fnum, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_chkpath_closed, req);
+}
+
+static void cli_chkpath_closed(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_close_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_chkpath_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_chkpath(struct cli_state *cli, const char *path)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ char *path2 = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ path2 = talloc_strdup(frame, path);
+ if (!path2) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ trim_char(path2,'\0','\\');
+ if (!*path2) {
+ path2 = talloc_strdup(frame, "\\");
+ if (!path2) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_chkpath_send(frame, ev, cli, path2);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_chkpath_recv(req);
+ cli->raw_status = status; /* cli_smb2_chkpath_recv doesn't set this */
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Query disk space.
+****************************************************************************/
+
+static void cli_dskattr_done(struct tevent_req *subreq);
+
+struct cli_dskattr_state {
+ int bsize;
+ int total;
+ int avail;
+};
+
+struct tevent_req *cli_dskattr_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_dskattr_state *state = NULL;
+ uint8_t additional_flags = 0;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_dskattr_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBdskattr, additional_flags, 0,
+ 0, NULL, 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_dskattr_done, req);
+ return req;
+}
+
+static void cli_dskattr_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_dskattr_state *state = tevent_req_data(
+ req, struct cli_dskattr_state);
+ uint8_t wct;
+ uint16_t *vwv = NULL;
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, state, NULL, 4, &wct, &vwv, NULL,
+ NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->bsize = SVAL(vwv+1, 0)*SVAL(vwv+2,0);
+ state->total = SVAL(vwv+0, 0);
+ state->avail = SVAL(vwv+3, 0);
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_dskattr_recv(struct tevent_req *req, int *bsize, int *total, int *avail)
+{
+ struct cli_dskattr_state *state = tevent_req_data(
+ req, struct cli_dskattr_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *bsize = state->bsize;
+ *total = state->total;
+ *avail = state->avail;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_dskattr_send(frame, ev, cli);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_dskattr_recv(req, bsize, total, avail);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+NTSTATUS cli_disk_size(struct cli_state *cli, const char *path, uint64_t *bsize,
+ uint64_t *total, uint64_t *avail)
+{
+ uint64_t sectors_per_block;
+ uint64_t bytes_per_sector;
+ int old_bsize = 0, old_total = 0, old_avail = 0;
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_dskattr(cli, path, bsize, total, avail);
+ }
+
+ /*
+ * Try the trans2 disk full size info call first.
+ * We already use this in SMBC_fstatvfs_ctx().
+ * Ignore 'actual_available_units' as we only
+ * care about the quota for the caller.
+ */
+
+ status = cli_get_fs_full_size_info(cli,
+ total,
+ avail,
+ NULL,
+ &sectors_per_block,
+ &bytes_per_sector);
+
+ /* Try and cope will all variants of "we don't do this call"
+ and fall back to cli_dskattr. */
+
+ if (NT_STATUS_EQUAL(status,NT_STATUS_NOT_IMPLEMENTED) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_NOT_SUPPORTED) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_INFO_CLASS) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_PROCEDURE_NOT_FOUND) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_LEVEL) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_PARAMETER) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_DEVICE_REQUEST) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_INVALID_DEVICE_STATE) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_CTL_FILE_NOT_SUPPORTED) ||
+ NT_STATUS_EQUAL(status,NT_STATUS_UNSUCCESSFUL)) {
+ goto try_dskattr;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (bsize) {
+ *bsize = sectors_per_block *
+ bytes_per_sector;
+ }
+
+ return NT_STATUS_OK;
+
+ try_dskattr:
+
+ /* Old SMB1 core protocol fallback. */
+ status = cli_dskattr(cli, &old_bsize, &old_total, &old_avail);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (bsize) {
+ *bsize = (uint64_t)old_bsize;
+ }
+ if (total) {
+ *total = (uint64_t)old_total;
+ }
+ if (avail) {
+ *avail = (uint64_t)old_avail;
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Create and open a temporary file.
+****************************************************************************/
+
+static void cli_ctemp_done(struct tevent_req *subreq);
+
+struct ctemp_state {
+ uint16_t vwv[3];
+ char *ret_path;
+ uint16_t fnum;
+};
+
+struct tevent_req *cli_ctemp_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *path)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct ctemp_state *state = NULL;
+ uint8_t additional_flags = 0;
+ uint16_t additional_flags2 = 0;
+ uint8_t *bytes = NULL;
+ char *path_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct ctemp_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ SSVAL(state->vwv,0,0);
+ SIVALS(state->vwv+1,0,-1);
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ /*
+ * SMBctemp on a DFS share must use DFS names.
+ */
+ path_cp = smb1_dfs_share_path(state, cli, path);
+ if (tevent_req_nomem(path_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ path_cp,
+ strlen(path_cp)+1,
+ NULL);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(path)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_smb_send(state, ev, cli, SMBctemp, additional_flags,
+ additional_flags2,
+ 3, state->vwv, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_ctemp_done, req);
+ return req;
+}
+
+static void cli_ctemp_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct ctemp_state *state = tevent_req_data(
+ req, struct ctemp_state);
+ NTSTATUS status;
+ uint8_t wcnt;
+ uint16_t *vwv;
+ uint32_t num_bytes = 0;
+ uint8_t *bytes = NULL;
+
+ status = cli_smb_recv(subreq, state, NULL, 1, &wcnt, &vwv,
+ &num_bytes, &bytes);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->fnum = SVAL(vwv+0, 0);
+
+ /* From W2K3, the result is just the ASCII name */
+ if (num_bytes < 2) {
+ tevent_req_nterror(req, NT_STATUS_DATA_ERROR);
+ return;
+ }
+
+ if (pull_string_talloc(state,
+ NULL,
+ 0,
+ &state->ret_path,
+ bytes,
+ num_bytes,
+ STR_ASCII) == 0) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_ctemp_recv(struct tevent_req *req,
+ TALLOC_CTX *ctx,
+ uint16_t *pfnum,
+ char **outfile)
+{
+ struct ctemp_state *state = tevent_req_data(req,
+ struct ctemp_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfnum = state->fnum;
+ *outfile = talloc_strdup(ctx, state->ret_path);
+ if (!*outfile) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_ctemp(struct cli_state *cli,
+ TALLOC_CTX *ctx,
+ const char *path,
+ uint16_t *pfnum,
+ char **out_path)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_ctemp_send(frame, ev, cli, path);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_ctemp_recv(req, ctx, pfnum, out_path);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/*********************************************************
+ Set an extended attribute utility fn.
+*********************************************************/
+
+static NTSTATUS cli_set_ea(struct cli_state *cli, uint16_t setup_val,
+ uint8_t *param, unsigned int param_len,
+ const char *ea_name,
+ const char *ea_val, size_t ea_len)
+{
+ uint16_t setup[1];
+ unsigned int data_len = 0;
+ uint8_t *data = NULL;
+ char *p;
+ size_t ea_namelen = strlen(ea_name);
+ NTSTATUS status;
+
+ SSVAL(setup, 0, setup_val);
+
+ if (ea_namelen == 0 && ea_len == 0) {
+ data_len = 4;
+ data = talloc_array(talloc_tos(),
+ uint8_t,
+ data_len);
+ if (!data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ p = (char *)data;
+ SIVAL(p,0,data_len);
+ } else {
+ data_len = 4 + 4 + ea_namelen + 1 + ea_len;
+ data = talloc_array(talloc_tos(),
+ uint8_t,
+ data_len);
+ if (!data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ p = (char *)data;
+ SIVAL(p,0,data_len);
+ p += 4;
+ SCVAL(p, 0, 0); /* EA flags. */
+ SCVAL(p, 1, ea_namelen);
+ SSVAL(p, 2, ea_len);
+ memcpy(p+4, ea_name, ea_namelen+1); /* Copy in the name. */
+ memcpy(p+4+ea_namelen+1, ea_val, ea_len);
+ }
+
+ /*
+ * FIXME - if we want to do previous version path
+ * processing on an EA set call we need to turn this
+ * into calls to cli_trans_send()/cli_trans_recv()
+ * with a temporary event context, as cli_trans_send()
+ * have access to the additional_flags2 needed to
+ * send @GMT- paths. JRA.
+ */
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans2, NULL, -1, 0, 0,
+ setup, 1, 0,
+ param, param_len, 2,
+ data, data_len, 0,
+ NULL,
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL, /* rparam */
+ NULL, 0, NULL); /* rdata */
+ talloc_free(data);
+ return status;
+}
+
+/*********************************************************
+ Set an extended attribute on a pathname.
+*********************************************************/
+
+NTSTATUS cli_set_ea_path(struct cli_state *cli, const char *path,
+ const char *ea_name, const char *ea_val,
+ size_t ea_len)
+{
+ unsigned int param_len = 0;
+ uint8_t *param;
+ NTSTATUS status;
+ TALLOC_CTX *frame = NULL;
+ char *path_cp = NULL;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_set_ea_path(cli,
+ path,
+ ea_name,
+ ea_val,
+ ea_len);
+ }
+
+ frame = talloc_stackframe();
+
+ param = talloc_array(frame, uint8_t, 6);
+ if (!param) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ SSVAL(param,0,SMB_INFO_SET_EA);
+ SSVAL(param,2,0);
+ SSVAL(param,4,0);
+
+ /*
+ * TRANSACT2_SETPATHINFO on a DFS share must use DFS names.
+ */
+ path_cp = smb1_dfs_share_path(frame, cli, path);
+ if (path_cp == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ param = trans2_bytes_push_str(param,
+ smbXcli_conn_use_unicode(cli->conn),
+ path_cp,
+ strlen(path_cp)+1,
+ NULL);
+ param_len = talloc_get_size(param);
+
+ status = cli_set_ea(cli, TRANSACT2_SETPATHINFO, param, param_len,
+ ea_name, ea_val, ea_len);
+
+ fail:
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/*********************************************************
+ Set an extended attribute on an fnum.
+*********************************************************/
+
+NTSTATUS cli_set_ea_fnum(struct cli_state *cli, uint16_t fnum,
+ const char *ea_name, const char *ea_val,
+ size_t ea_len)
+{
+ uint8_t param[6] = { 0, };
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_set_ea_fnum(cli,
+ fnum,
+ ea_name,
+ ea_val,
+ ea_len);
+ }
+
+ SSVAL(param,0,fnum);
+ SSVAL(param,2,SMB_INFO_SET_EA);
+
+ return cli_set_ea(cli, TRANSACT2_SETFILEINFO, param, 6,
+ ea_name, ea_val, ea_len);
+}
+
+/*********************************************************
+ Get an extended attribute list utility fn.
+*********************************************************/
+
+static bool parse_ea_blob(TALLOC_CTX *ctx, const uint8_t *rdata,
+ size_t rdata_len,
+ size_t *pnum_eas, struct ea_struct **pea_list)
+{
+ struct ea_struct *ea_list = NULL;
+ size_t num_eas;
+ size_t ea_size;
+ const uint8_t *p;
+
+ if (rdata_len < 4) {
+ return false;
+ }
+
+ ea_size = (size_t)IVAL(rdata,0);
+ if (ea_size > rdata_len) {
+ return false;
+ }
+
+ if (ea_size == 0) {
+ /* No EA's present. */
+ *pnum_eas = 0;
+ *pea_list = NULL;
+ return true;
+ }
+
+ p = rdata + 4;
+ ea_size -= 4;
+
+ /* Validate the EA list and count it. */
+ for (num_eas = 0; ea_size >= 4; num_eas++) {
+ unsigned int ea_namelen = CVAL(p,1);
+ unsigned int ea_valuelen = SVAL(p,2);
+ if (ea_namelen == 0) {
+ return false;
+ }
+ if (4 + ea_namelen + 1 + ea_valuelen > ea_size) {
+ return false;
+ }
+ ea_size -= 4 + ea_namelen + 1 + ea_valuelen;
+ p += 4 + ea_namelen + 1 + ea_valuelen;
+ }
+
+ if (num_eas == 0) {
+ *pnum_eas = 0;
+ *pea_list = NULL;
+ return true;
+ }
+
+ *pnum_eas = num_eas;
+ if (!pea_list) {
+ /* Caller only wants number of EA's. */
+ return true;
+ }
+
+ ea_list = talloc_array(ctx, struct ea_struct, num_eas);
+ if (!ea_list) {
+ return false;
+ }
+
+ p = rdata + 4;
+
+ for (num_eas = 0; num_eas < *pnum_eas; num_eas++ ) {
+ struct ea_struct *ea = &ea_list[num_eas];
+ fstring unix_ea_name;
+ unsigned int ea_namelen = CVAL(p,1);
+ unsigned int ea_valuelen = SVAL(p,2);
+
+ ea->flags = CVAL(p,0);
+ unix_ea_name[0] = '\0';
+ pull_ascii(unix_ea_name, p + 4, sizeof(unix_ea_name), rdata_len - PTR_DIFF(p+4, rdata), STR_TERMINATE);
+ ea->name = talloc_strdup(ea_list, unix_ea_name);
+ if (!ea->name) {
+ goto fail;
+ }
+ /* Ensure the value is null terminated (in case it's a string). */
+ ea->value = data_blob_talloc(ea_list, NULL, ea_valuelen + 1);
+ if (!ea->value.data) {
+ goto fail;
+ }
+ if (ea_valuelen) {
+ memcpy(ea->value.data, p+4+ea_namelen+1, ea_valuelen);
+ }
+ ea->value.data[ea_valuelen] = 0;
+ ea->value.length--;
+ p += 4 + ea_namelen + 1 + ea_valuelen;
+ }
+
+ *pea_list = ea_list;
+ return true;
+
+fail:
+ TALLOC_FREE(ea_list);
+ return false;
+}
+
+/*********************************************************
+ Get an extended attribute list from a pathname.
+*********************************************************/
+
+struct cli_get_ea_list_path_state {
+ uint32_t num_data;
+ uint8_t *data;
+};
+
+static void cli_get_ea_list_path_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_get_ea_list_path_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_get_ea_list_path_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_get_ea_list_path_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ subreq = cli_qpathinfo_send(state, ev, cli, fname,
+ SMB_INFO_QUERY_ALL_EAS, 4,
+ CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_get_ea_list_path_done, req);
+ return req;
+}
+
+static void cli_get_ea_list_path_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_get_ea_list_path_state *state = tevent_req_data(
+ req, struct cli_get_ea_list_path_state);
+ NTSTATUS status;
+
+ status = cli_qpathinfo_recv(subreq, state, &state->data,
+ &state->num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_get_ea_list_path_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ size_t *pnum_eas, struct ea_struct **peas)
+{
+ struct cli_get_ea_list_path_state *state = tevent_req_data(
+ req, struct cli_get_ea_list_path_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (!parse_ea_blob(mem_ctx, state->data, state->num_data,
+ pnum_eas, peas)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_get_ea_list_path(struct cli_state *cli, const char *path,
+ TALLOC_CTX *ctx,
+ size_t *pnum_eas,
+ struct ea_struct **pea_list)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_get_ea_list_path(cli,
+ path,
+ ctx,
+ pnum_eas,
+ pea_list);
+ }
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_get_ea_list_path_send(frame, ev, cli, path);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_get_ea_list_path_recv(req, ctx, pnum_eas, pea_list);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Convert open "flags" arg to uint32_t on wire.
+****************************************************************************/
+
+static uint32_t open_flags_to_wire(int flags)
+{
+ int open_mode = flags & O_ACCMODE;
+ uint32_t ret = 0;
+
+ switch (open_mode) {
+ case O_WRONLY:
+ ret |= SMB_O_WRONLY;
+ break;
+ case O_RDWR:
+ ret |= SMB_O_RDWR;
+ break;
+ default:
+ case O_RDONLY:
+ ret |= SMB_O_RDONLY;
+ break;
+ }
+
+ if (flags & O_CREAT) {
+ ret |= SMB_O_CREAT;
+ }
+ if (flags & O_EXCL) {
+ ret |= SMB_O_EXCL;
+ }
+ if (flags & O_TRUNC) {
+ ret |= SMB_O_TRUNC;
+ }
+#if defined(O_SYNC)
+ if (flags & O_SYNC) {
+ ret |= SMB_O_SYNC;
+ }
+#endif /* O_SYNC */
+ if (flags & O_APPEND) {
+ ret |= SMB_O_APPEND;
+ }
+#if defined(O_DIRECT)
+ if (flags & O_DIRECT) {
+ ret |= SMB_O_DIRECT;
+ }
+#endif
+#if defined(O_DIRECTORY)
+ if (flags & O_DIRECTORY) {
+ ret |= SMB_O_DIRECTORY;
+ }
+#endif
+ return ret;
+}
+
+/****************************************************************************
+ Open a file - POSIX semantics. Returns fnum. Doesn't request oplock.
+****************************************************************************/
+
+struct cli_posix_open_internal_state {
+ uint16_t setup;
+ uint8_t *param;
+ uint8_t data[18];
+ uint16_t fnum; /* Out */
+};
+
+static void cli_posix_open_internal_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_posix_open_internal_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t wire_flags,
+ mode_t mode)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_open_internal_state *state = NULL;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_posix_open_internal_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /* Setup setup word. */
+ SSVAL(&state->setup, 0, TRANSACT2_SETPATHINFO);
+
+ /* Setup param array. */
+ state->param = talloc_zero_array(state, uint8_t, 6);
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+ SSVAL(state->param, 0, SMB_POSIX_PATH_OPEN);
+
+ /*
+ * TRANSACT2_SETPATHINFO on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->param = trans2_bytes_push_str(
+ state->param,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ NULL);
+
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ SIVAL(state->data,0,0); /* No oplock. */
+ SIVAL(state->data,4,wire_flags);
+ SIVAL(state->data,8,unix_perms_to_wire(mode));
+ SIVAL(state->data,12,0); /* Top bits of perms currently undefined. */
+ SSVAL(state->data,16,SMB_NO_INFO_LEVEL_RETURNED); /* No info level returned. */
+
+ subreq = cli_trans_send(state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ 0, /* additional_flags2 */
+ SMBtrans2, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ 0, /* function. */
+ 0, /* flags. */
+ &state->setup, /* setup. */
+ 1, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ state->param, /* param. */
+ talloc_get_size(state->param),/* num param. */
+ 2, /* max returned param. */
+ state->data, /* data. */
+ 18, /* num data. */
+ 12); /* max returned data. */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_open_internal_done, req);
+ return req;
+}
+
+static void cli_posix_open_internal_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_posix_open_internal_state *state = tevent_req_data(
+ req, struct cli_posix_open_internal_state);
+ NTSTATUS status;
+ uint8_t *data;
+ uint32_t num_data;
+
+ status = cli_trans_recv(
+ subreq,
+ state,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ &data,
+ 12,
+ &num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->fnum = SVAL(data,2);
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_posix_open_internal_recv(struct tevent_req *req,
+ uint16_t *pfnum)
+{
+ struct cli_posix_open_internal_state *state = tevent_req_data(
+ req, struct cli_posix_open_internal_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfnum = state->fnum;
+ return NT_STATUS_OK;
+}
+
+struct cli_posix_open_state {
+ uint16_t fnum;
+};
+
+static void cli_posix_open_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_open_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ int flags,
+ mode_t mode)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_open_state *state = NULL;
+ uint32_t wire_flags;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_posix_open_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ wire_flags = open_flags_to_wire(flags);
+
+ subreq = cli_posix_open_internal_send(
+ mem_ctx, ev, cli, fname, wire_flags, mode);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_open_done, req);
+ return req;
+}
+
+static void cli_posix_open_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_posix_open_state *state = tevent_req_data(
+ req, struct cli_posix_open_state);
+ NTSTATUS status;
+
+ status = cli_posix_open_internal_recv(subreq, &state->fnum);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_open_recv(struct tevent_req *req, uint16_t *pfnum)
+{
+ struct cli_posix_open_state *state = tevent_req_data(
+ req, struct cli_posix_open_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfnum = state->fnum;
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Open - POSIX semantics. Doesn't request oplock.
+****************************************************************************/
+
+NTSTATUS cli_posix_open(struct cli_state *cli, const char *fname,
+ int flags, mode_t mode, uint16_t *pfnum)
+{
+
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_posix_open_send(
+ frame, ev, cli, fname, flags, mode);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_posix_open_recv(req, pfnum);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_posix_mkdir_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+};
+
+static void cli_posix_mkdir_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_mkdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_mkdir_state *state = NULL;
+ uint32_t wire_flags;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_posix_mkdir_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ wire_flags = SMB_O_CREAT | SMB_O_DIRECTORY;
+
+ subreq = cli_posix_open_internal_send(
+ mem_ctx, ev, cli, fname, wire_flags, mode);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_mkdir_done, req);
+ return req;
+}
+
+static void cli_posix_mkdir_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+ uint16_t fnum;
+
+ status = cli_posix_open_internal_recv(subreq, &fnum);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_posix_mkdir_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_mkdir(struct cli_state *cli, const char *fname, mode_t mode)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_posix_mkdir_send(
+ frame, ev, cli, fname, mode);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_posix_mkdir_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ unlink or rmdir - POSIX semantics.
+****************************************************************************/
+
+struct cli_posix_unlink_internal_state {
+ uint8_t data[2];
+};
+
+static void cli_posix_unlink_internal_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_posix_unlink_internal_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint16_t level)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_unlink_internal_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_posix_unlink_internal_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /* Setup data word. */
+ SSVAL(state->data, 0, level);
+
+ subreq = cli_setpathinfo_send(state, ev, cli,
+ SMB_POSIX_PATH_UNLINK,
+ fname,
+ state->data, sizeof(state->data));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_unlink_internal_done, req);
+ return req;
+}
+
+static void cli_posix_unlink_internal_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setpathinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static NTSTATUS cli_posix_unlink_internal_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_posix_unlink_state {
+ uint8_t dummy;
+};
+
+static void cli_posix_unlink_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_unlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_unlink_state *state;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_posix_unlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ subreq = cli_posix_unlink_internal_send(
+ mem_ctx, ev, cli, fname, SMB_POSIX_UNLINK_FILE_TARGET);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_unlink_done, req);
+ return req;
+}
+
+static void cli_posix_unlink_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_posix_unlink_internal_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_unlink_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/****************************************************************************
+ unlink - POSIX semantics.
+****************************************************************************/
+
+NTSTATUS cli_posix_unlink(struct cli_state *cli, const char *fname)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_unlink_send(frame,
+ ev,
+ cli,
+ fname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_unlink_recv(req);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ rmdir - POSIX semantics.
+****************************************************************************/
+
+struct cli_posix_rmdir_state {
+ uint8_t dummy;
+};
+
+static void cli_posix_rmdir_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_posix_rmdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_posix_rmdir_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_posix_rmdir_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ subreq = cli_posix_unlink_internal_send(
+ mem_ctx, ev, cli, fname, SMB_POSIX_UNLINK_DIRECTORY_TARGET);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_rmdir_done, req);
+ return req;
+}
+
+static void cli_posix_rmdir_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_posix_unlink_internal_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_posix_rmdir_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_posix_rmdir(struct cli_state *cli, const char *fname)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_rmdir_send(frame,
+ ev,
+ cli,
+ fname);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_rmdir_recv(req, frame);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ filechangenotify
+****************************************************************************/
+
+struct cli_notify_state {
+ struct tevent_req *subreq;
+ uint8_t setup[8];
+ uint32_t num_changes;
+ struct notify_change *changes;
+};
+
+static void cli_notify_done(struct tevent_req *subreq);
+static void cli_notify_done_smb2(struct tevent_req *subreq);
+static bool cli_notify_cancel(struct tevent_req *req);
+
+struct tevent_req *cli_notify_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint32_t buffer_size,
+ uint32_t completion_filter, bool recursive)
+{
+ struct tevent_req *req;
+ struct cli_notify_state *state;
+ unsigned old_timeout;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_notify_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ /*
+ * Notifies should not time out
+ */
+ old_timeout = cli_set_timeout(cli, 0);
+
+ state->subreq = cli_smb2_notify_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ buffer_size,
+ completion_filter,
+ recursive);
+
+ cli_set_timeout(cli, old_timeout);
+
+ if (tevent_req_nomem(state->subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ state->subreq, cli_notify_done_smb2, req);
+ goto done;
+ }
+
+ SIVAL(state->setup, 0, completion_filter);
+ SSVAL(state->setup, 4, fnum);
+ SSVAL(state->setup, 6, recursive);
+
+ /*
+ * Notifies should not time out
+ */
+ old_timeout = cli_set_timeout(cli, 0);
+
+ state->subreq = cli_trans_send(
+ state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ 0, /* additional_flags2 */
+ SMBnttrans, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ NT_TRANSACT_NOTIFY_CHANGE, /* function. */
+ 0, /* flags. */
+ (uint16_t *)state->setup, /* setup. */
+ 4, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ NULL, /* param. */
+ 0, /* num param. */
+ buffer_size, /* max returned param. */
+ NULL, /* data. */
+ 0, /* num data. */
+ 0); /* max returned data. */
+
+ cli_set_timeout(cli, old_timeout);
+
+ if (tevent_req_nomem(state->subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->subreq, cli_notify_done, req);
+done:
+ tevent_req_set_cancel_fn(req, cli_notify_cancel);
+ return req;
+}
+
+static bool cli_notify_cancel(struct tevent_req *req)
+{
+ struct cli_notify_state *state = tevent_req_data(
+ req, struct cli_notify_state);
+ bool ok;
+
+ ok = tevent_req_cancel(state->subreq);
+ return ok;
+}
+
+static void cli_notify_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_notify_state *state = tevent_req_data(
+ req, struct cli_notify_state);
+ NTSTATUS status;
+ uint8_t *params;
+ uint32_t i, ofs, num_params;
+ uint16_t flags2;
+
+ status = cli_trans_recv(subreq, talloc_tos(), &flags2, NULL, 0, NULL,
+ &params, 0, &num_params, NULL, 0, NULL);
+ TALLOC_FREE(subreq);
+ state->subreq = NULL;
+ if (tevent_req_nterror(req, status)) {
+ DEBUG(10, ("cli_trans_recv returned %s\n", nt_errstr(status)));
+ return;
+ }
+
+ state->num_changes = 0;
+ ofs = 0;
+
+ while (num_params - ofs > 12) {
+ uint32_t next = IVAL(params, ofs);
+ state->num_changes += 1;
+
+ if ((next == 0) || (ofs+next >= num_params)) {
+ break;
+ }
+ ofs += next;
+ }
+
+ state->changes = talloc_array(state, struct notify_change,
+ state->num_changes);
+ if (tevent_req_nomem(state->changes, req)) {
+ TALLOC_FREE(params);
+ return;
+ }
+
+ ofs = 0;
+
+ for (i=0; i<state->num_changes; i++) {
+ uint32_t next = IVAL(params, ofs);
+ uint32_t len = IVAL(params, ofs+8);
+ ssize_t ret;
+ char *name;
+
+ if (smb_buffer_oob(num_params, ofs + 12, len)) {
+ TALLOC_FREE(params);
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ state->changes[i].action = IVAL(params, ofs+4);
+ ret = pull_string_talloc(state->changes,
+ (char *)params,
+ flags2,
+ &name,
+ params+ofs+12,
+ len,
+ STR_TERMINATE|STR_UNICODE);
+ if (ret == -1) {
+ TALLOC_FREE(params);
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+ state->changes[i].name = name;
+ ofs += next;
+ }
+
+ TALLOC_FREE(params);
+ tevent_req_done(req);
+}
+
+static void cli_notify_done_smb2(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_notify_state *state = tevent_req_data(
+ req, struct cli_notify_state);
+ NTSTATUS status;
+
+ status = cli_smb2_notify_recv(
+ subreq,
+ state,
+ &state->changes,
+ &state->num_changes);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_notify_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint32_t *pnum_changes,
+ struct notify_change **pchanges)
+{
+ struct cli_notify_state *state = tevent_req_data(
+ req, struct cli_notify_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ *pnum_changes = state->num_changes;
+ *pchanges = talloc_move(mem_ctx, &state->changes);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_notify(struct cli_state *cli, uint16_t fnum, uint32_t buffer_size,
+ uint32_t completion_filter, bool recursive,
+ TALLOC_CTX *mem_ctx, uint32_t *pnum_changes,
+ struct notify_change **pchanges)
+{
+ TALLOC_CTX *frame;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_notify_send(ev, ev, cli, fnum, buffer_size,
+ completion_filter, recursive);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_notify_recv(req, mem_ctx, pnum_changes, pchanges);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_qpathinfo_state {
+ uint8_t *param;
+ uint8_t *data;
+ uint16_t setup[1];
+ uint32_t min_rdata;
+ uint8_t *rdata;
+ uint32_t num_rdata;
+};
+
+static void cli_qpathinfo_done(struct tevent_req *subreq);
+static void cli_qpathinfo_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_qpathinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, const char *fname,
+ uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_qpathinfo_state *state;
+ uint16_t additional_flags2 = 0;
+ char *fname_cp = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_qpathinfo_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ uint16_t smb2_level = 0;
+
+ switch (level) {
+ case SMB_QUERY_FILE_ALT_NAME_INFO:
+ smb2_level = FSCC_FILE_ALTERNATE_NAME_INFORMATION;
+ break;
+ default:
+ tevent_req_nterror(req, NT_STATUS_INVALID_LEVEL);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_smb2_qpathinfo_send(state,
+ ev,
+ cli,
+ fname,
+ smb2_level,
+ min_rdata,
+ max_rdata);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qpathinfo_done2, req);
+ return req;
+ }
+
+ state->min_rdata = min_rdata;
+ SSVAL(state->setup, 0, TRANSACT2_QPATHINFO);
+
+ state->param = talloc_zero_array(state, uint8_t, 6);
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+ SSVAL(state->param, 0, level);
+ /*
+ * qpathinfo on a DFS share must use DFS names.
+ */
+ fname_cp = smb1_dfs_share_path(state, cli, fname);
+ if (tevent_req_nomem(fname_cp, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->param = trans2_bytes_push_str(state->param,
+ smbXcli_conn_use_unicode(cli->conn),
+ fname_cp,
+ strlen(fname_cp)+1,
+ NULL);
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(fname) &&
+ !INFO_LEVEL_IS_UNIX(level)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_trans_send(
+ state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ additional_flags2, /* additional_flags2 */
+ SMBtrans2, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ 0, /* function. */
+ 0, /* flags. */
+ state->setup, /* setup. */
+ 1, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ state->param, /* param. */
+ talloc_get_size(state->param), /* num param. */
+ 2, /* max returned param. */
+ NULL, /* data. */
+ 0, /* num data. */
+ max_rdata); /* max returned data. */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qpathinfo_done, req);
+ return req;
+}
+
+static void cli_qpathinfo_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qpathinfo_state *state = tevent_req_data(
+ req, struct cli_qpathinfo_state);
+ NTSTATUS status;
+
+ status = cli_trans_recv(subreq, state, NULL, NULL, 0, NULL,
+ NULL, 0, NULL,
+ &state->rdata, state->min_rdata,
+ &state->num_rdata);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void cli_qpathinfo_done2(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_qpathinfo_state *state =
+ tevent_req_data(req, struct cli_qpathinfo_state);
+ NTSTATUS status;
+
+ status = cli_smb2_qpathinfo_recv(subreq,
+ state,
+ &state->rdata,
+ &state->num_rdata);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_qpathinfo_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **rdata, uint32_t *num_rdata)
+{
+ struct cli_qpathinfo_state *state = tevent_req_data(
+ req, struct cli_qpathinfo_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (rdata != NULL) {
+ *rdata = talloc_move(mem_ctx, &state->rdata);
+ } else {
+ TALLOC_FREE(state->rdata);
+ }
+ if (num_rdata != NULL) {
+ *num_rdata = state->num_rdata;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_qpathinfo(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ const char *fname, uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata,
+ uint8_t **rdata, uint32_t *num_rdata)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_qpathinfo_send(frame, ev, cli, fname, level, min_rdata,
+ max_rdata);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_qpathinfo_recv(req, mem_ctx, rdata, num_rdata);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_qfileinfo_state {
+ uint16_t setup[1];
+ uint8_t param[4];
+ uint8_t *data;
+ uint16_t recv_flags2;
+ uint32_t min_rdata;
+ uint8_t *rdata;
+ uint32_t num_rdata;
+};
+
+static void cli_qfileinfo_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_qfileinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_qfileinfo_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_qfileinfo_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->min_rdata = min_rdata;
+ SSVAL(state->param, 0, fnum);
+ SSVAL(state->param, 2, level);
+ SSVAL(state->setup, 0, TRANSACT2_QFILEINFO);
+
+ subreq = cli_trans_send(
+ state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ 0, /* additional_flags2 */
+ SMBtrans2, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ 0, /* function. */
+ 0, /* flags. */
+ state->setup, /* setup. */
+ 1, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ state->param, /* param. */
+ sizeof(state->param), /* num param. */
+ 2, /* max returned param. */
+ NULL, /* data. */
+ 0, /* num data. */
+ max_rdata); /* max returned data. */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qfileinfo_done, req);
+ return req;
+}
+
+static void cli_qfileinfo_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qfileinfo_state *state = tevent_req_data(
+ req, struct cli_qfileinfo_state);
+ NTSTATUS status;
+
+ status = cli_trans_recv(subreq, state,
+ &state->recv_flags2,
+ NULL, 0, NULL,
+ NULL, 0, NULL,
+ &state->rdata, state->min_rdata,
+ &state->num_rdata);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_qfileinfo_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint16_t *recv_flags2,
+ uint8_t **rdata, uint32_t *num_rdata)
+{
+ struct cli_qfileinfo_state *state = tevent_req_data(
+ req, struct cli_qfileinfo_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (recv_flags2 != NULL) {
+ *recv_flags2 = state->recv_flags2;
+ }
+ if (rdata != NULL) {
+ *rdata = talloc_move(mem_ctx, &state->rdata);
+ }
+ if (num_rdata != NULL) {
+ *num_rdata = state->num_rdata;
+ }
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_qfileinfo(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint16_t fnum, uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata, uint16_t *recv_flags2,
+ uint8_t **rdata, uint32_t *num_rdata)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_qfileinfo_send(frame, ev, cli, fnum, level, min_rdata,
+ max_rdata);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_qfileinfo_recv(req, mem_ctx, recv_flags2, rdata, num_rdata);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_flush_state {
+ uint16_t vwv[1];
+};
+
+static void cli_flush_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_flush_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_flush_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_flush_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ SSVAL(state->vwv + 0, 0, fnum);
+
+ subreq = cli_smb_send(state, ev, cli, SMBflush, 0, 0, 1, state->vwv,
+ 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_flush_done, req);
+ return req;
+}
+
+static void cli_flush_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_flush_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_flush(TALLOC_CTX *mem_ctx, struct cli_state *cli, uint16_t fnum)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_flush_send(frame, ev, cli, fnum);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_flush_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_shadow_copy_data_state {
+ uint16_t setup[4];
+ uint8_t *data;
+ uint32_t num_data;
+ bool get_names;
+};
+
+static void cli_shadow_copy_data_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_shadow_copy_data_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool get_names)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_shadow_copy_data_state *state;
+ uint32_t ret_size;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_shadow_copy_data_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->get_names = get_names;
+ ret_size = get_names ? CLI_BUFFER_SIZE : 16;
+
+ SIVAL(state->setup + 0, 0, FSCTL_GET_SHADOW_COPY_DATA);
+ SSVAL(state->setup + 2, 0, fnum);
+ SCVAL(state->setup + 3, 0, 1); /* isFsctl */
+ SCVAL(state->setup + 3, 1, 0); /* compfilter, isFlags (WSSP) */
+
+ subreq = cli_trans_send(
+ state, ev, cli, 0, SMBnttrans, NULL, 0, NT_TRANSACT_IOCTL, 0,
+ state->setup, ARRAY_SIZE(state->setup),
+ ARRAY_SIZE(state->setup),
+ NULL, 0, 0,
+ NULL, 0, ret_size);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_shadow_copy_data_done, req);
+ return req;
+}
+
+static void cli_shadow_copy_data_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_shadow_copy_data_state *state = tevent_req_data(
+ req, struct cli_shadow_copy_data_state);
+ NTSTATUS status;
+
+ status = cli_trans_recv(subreq, state, NULL,
+ NULL, 0, NULL, /* setup */
+ NULL, 0, NULL, /* param */
+ &state->data, 12, &state->num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_shadow_copy_data_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ char ***pnames, int *pnum_names)
+{
+ struct cli_shadow_copy_data_state *state = tevent_req_data(
+ req, struct cli_shadow_copy_data_state);
+ char **names = NULL;
+ uint32_t i, num_names;
+ uint32_t dlength;
+ uint8_t *endp = NULL;
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (state->num_data < 16) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ num_names = IVAL(state->data, 4);
+ dlength = IVAL(state->data, 8);
+
+ if (num_names > 0x7FFFFFFF) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (!state->get_names) {
+ *pnum_names = (int)num_names;
+ return NT_STATUS_OK;
+ }
+
+ if (dlength + 12 < 12) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (dlength + 12 > state->num_data) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (state->num_data + (2 * sizeof(SHADOW_COPY_LABEL)) <
+ state->num_data) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ names = talloc_array(mem_ctx, char *, num_names);
+ if (names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ endp = state->data + state->num_data;
+
+ for (i=0; i<num_names; i++) {
+ bool ret;
+ uint8_t *src;
+ size_t converted_size;
+
+ src = state->data + 12 + i * 2 * sizeof(SHADOW_COPY_LABEL);
+
+ if (src + (2 * sizeof(SHADOW_COPY_LABEL)) > endp) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ ret = convert_string_talloc(
+ names, CH_UTF16LE, CH_UNIX,
+ src, 2 * sizeof(SHADOW_COPY_LABEL),
+ &names[i], &converted_size);
+ if (!ret) {
+ TALLOC_FREE(names);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ }
+ *pnum_names = (int)num_names;
+ *pnames = names;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_shadow_copy_data(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint16_t fnum, bool get_names,
+ char ***pnames, int *pnum_names)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_shadow_copy_data(mem_ctx,
+ cli,
+ fnum,
+ get_names,
+ pnames,
+ pnum_names);
+ }
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_shadow_copy_data_send(frame, ev, cli, fnum, get_names);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_shadow_copy_data_recv(req, mem_ctx, pnames, pnum_names);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_fsctl_state {
+ DATA_BLOB out;
+};
+
+static void cli_fsctl_smb1_done(struct tevent_req *subreq);
+static void cli_fsctl_smb2_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_fsctl_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t ctl_code,
+ const DATA_BLOB *in,
+ uint32_t max_out)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_fsctl_state *state = NULL;
+ uint16_t *setup = NULL;
+ uint8_t *data = NULL;
+ uint32_t num_data = 0;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_fsctl_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_fsctl_send(
+ state, ev, cli, fnum, ctl_code, in, max_out);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_fsctl_smb2_done, req);
+ return req;
+ }
+
+ setup = talloc_array(state, uint16_t, 4);
+ if (tevent_req_nomem(setup, req)) {
+ return tevent_req_post(req, ev);
+ }
+ SIVAL(setup, 0, ctl_code);
+ SSVAL(setup, 4, fnum);
+ SCVAL(setup, 6, 1); /* IsFcntl */
+ SCVAL(setup, 7, 0); /* IsFlags */
+
+ if (in) {
+ data = in->data;
+ num_data = in->length;
+ }
+
+ subreq = cli_trans_send(state,
+ ev,
+ cli,
+ 0, /* additional_flags2 */
+ SMBnttrans, /* cmd */
+ NULL, /* name */
+ -1, /* fid */
+ NT_TRANSACT_IOCTL, /* function */
+ 0, /* flags */
+ setup,
+ 4,
+ 0, /* setup */
+ NULL,
+ 0,
+ 0, /* param */
+ data,
+ num_data,
+ max_out); /* data */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_fsctl_smb1_done, req);
+ return req;
+}
+
+static void cli_fsctl_smb2_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_fsctl_state *state = tevent_req_data(
+ req, struct cli_fsctl_state);
+ NTSTATUS status;
+
+ status = cli_smb2_fsctl_recv(subreq, state, &state->out);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_fsctl_smb1_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_fsctl_state *state = tevent_req_data(
+ req, struct cli_fsctl_state);
+ uint8_t *out = NULL;
+ uint32_t out_len;
+ NTSTATUS status;
+
+ status = cli_trans_recv(
+ subreq, state, NULL,
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL, /* rparam */
+ &out, 0, &out_len);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->out = (DATA_BLOB) {
+ .data = out, .length = out_len,
+ };
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_fsctl_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *out)
+{
+ struct cli_fsctl_state *state = tevent_req_data(
+ req, struct cli_fsctl_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (out != NULL) {
+ *out = (DATA_BLOB) {
+ .data = talloc_move(mem_ctx, &state->out.data),
+ .length = state->out.length,
+ };
+ }
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
new file mode 100644
index 0000000..cc95f47
--- /dev/null
+++ b/source3/libsmb/clifsinfo.c
@@ -0,0 +1,815 @@
+/*
+ Unix SMB/CIFS implementation.
+ FS info functions
+ Copyright (C) Stefan (metze) Metzmacher 2003
+ Copyright (C) Jeremy Allison 2007
+ Copyright (C) Andrew Bartlett 2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "trans2.h"
+#include "auth_generic.h"
+#include "auth/gensec/gensec.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "auth/credentials/credentials.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+
+/****************************************************************************
+ Get UNIX extensions version info.
+****************************************************************************/
+
+struct cli_unix_extensions_version_state {
+ struct cli_state *cli;
+ uint16_t setup[1];
+ uint8_t param[2];
+ uint16_t major, minor;
+ uint32_t caplow, caphigh;
+};
+
+static void cli_unix_extensions_version_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_unix_extensions_version_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_unix_extensions_version_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_unix_extensions_version_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ SSVAL(state->setup, 0, TRANSACT2_QFSINFO);
+ SSVAL(state->param, 0, SMB_QUERY_CIFS_UNIX_INFO);
+
+ subreq = cli_trans_send(state, ev, cli, 0, SMBtrans2,
+ NULL, 0, 0, 0,
+ state->setup, 1, 0,
+ state->param, 2, 0,
+ NULL, 0, 560);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_unix_extensions_version_done, req);
+ return req;
+}
+
+static void cli_unix_extensions_version_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_unix_extensions_version_state *state = tevent_req_data(
+ req, struct cli_unix_extensions_version_state);
+ uint8_t *data;
+ uint32_t num_data;
+ NTSTATUS status;
+
+ status = cli_trans_recv(subreq, state, NULL, NULL, 0, NULL,
+ NULL, 0, NULL, &data, 12, &num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->major = SVAL(data, 0);
+ state->minor = SVAL(data, 2);
+ state->caplow = IVAL(data, 4);
+ state->caphigh = IVAL(data, 8);
+ TALLOC_FREE(data);
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_unix_extensions_version_recv(struct tevent_req *req,
+ uint16_t *pmajor, uint16_t *pminor,
+ uint32_t *pcaplow,
+ uint32_t *pcaphigh)
+{
+ struct cli_unix_extensions_version_state *state = tevent_req_data(
+ req, struct cli_unix_extensions_version_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pmajor = state->major;
+ *pminor = state->minor;
+ *pcaplow = state->caplow;
+ *pcaphigh = state->caphigh;
+ state->cli->server_posix_capabilities = *pcaplow;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_unix_extensions_version(struct cli_state *cli, uint16_t *pmajor,
+ uint16_t *pminor, uint32_t *pcaplow,
+ uint32_t *pcaphigh)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_unix_extensions_version_send(frame, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_unix_extensions_version_recv(req, pmajor, pminor, pcaplow,
+ pcaphigh);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Set UNIX extensions capabilities.
+****************************************************************************/
+
+struct cli_set_unix_extensions_capabilities_state {
+ struct cli_state *cli;
+ uint16_t setup[1];
+ uint8_t param[4];
+ uint8_t data[12];
+};
+
+static void cli_set_unix_extensions_capabilities_done(
+ struct tevent_req *subreq);
+
+struct tevent_req *cli_set_unix_extensions_capabilities_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ uint16_t major, uint16_t minor, uint32_t caplow, uint32_t caphigh)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_set_unix_extensions_capabilities_state *state;
+
+ req = tevent_req_create(
+ mem_ctx, &state,
+ struct cli_set_unix_extensions_capabilities_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->cli = cli;
+ SSVAL(state->setup+0, 0, TRANSACT2_SETFSINFO);
+
+ SSVAL(state->param, 0, 0);
+ SSVAL(state->param, 2, SMB_SET_CIFS_UNIX_INFO);
+
+ SSVAL(state->data, 0, major);
+ SSVAL(state->data, 2, minor);
+ SIVAL(state->data, 4, caplow);
+ SIVAL(state->data, 8, caphigh);
+
+ subreq = cli_trans_send(state, ev, cli, 0, SMBtrans2,
+ NULL, 0, 0, 0,
+ state->setup, 1, 0,
+ state->param, 4, 0,
+ state->data, 12, 560);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_set_unix_extensions_capabilities_done, req);
+ return req;
+}
+
+static void cli_set_unix_extensions_capabilities_done(
+ struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_set_unix_extensions_capabilities_state *state = tevent_req_data(
+ req, struct cli_set_unix_extensions_capabilities_state);
+
+ NTSTATUS status = cli_trans_recv(subreq, NULL, NULL, NULL, 0, NULL,
+ NULL, 0, NULL, NULL, 0, NULL);
+ if (NT_STATUS_IS_OK(status)) {
+ state->cli->requested_posix_capabilities = IVAL(state->data, 4);
+ }
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_set_unix_extensions_capabilities_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_set_unix_extensions_capabilities(struct cli_state *cli,
+ uint16_t major, uint16_t minor,
+ uint32_t caplow, uint32_t caphigh)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_set_unix_extensions_capabilities_send(
+ ev, ev, cli, major, minor, caplow, caphigh);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_set_unix_extensions_capabilities_recv(req);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+struct cli_get_fs_attr_info_state {
+ uint16_t setup[1];
+ uint8_t param[2];
+ uint32_t fs_attr;
+};
+
+static void cli_get_fs_attr_info_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_get_fs_attr_info_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *subreq, *req;
+ struct cli_get_fs_attr_info_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_get_fs_attr_info_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ SSVAL(state->setup+0, 0, TRANSACT2_QFSINFO);
+ SSVAL(state->param+0, 0, SMB_QUERY_FS_ATTRIBUTE_INFO);
+
+ subreq = cli_trans_send(state, ev, cli, 0, SMBtrans2,
+ NULL, 0, 0, 0,
+ state->setup, 1, 0,
+ state->param, 2, 0,
+ NULL, 0, 560);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_get_fs_attr_info_done, req);
+ return req;
+}
+
+static void cli_get_fs_attr_info_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_get_fs_attr_info_state *state = tevent_req_data(
+ req, struct cli_get_fs_attr_info_state);
+ uint8_t *data;
+ uint32_t num_data;
+ NTSTATUS status;
+
+ status = cli_trans_recv(subreq, talloc_tos(), NULL, NULL, 0, NULL,
+ NULL, 0, NULL, &data, 12, &num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->fs_attr = IVAL(data, 0);
+ TALLOC_FREE(data);
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_get_fs_attr_info_recv(struct tevent_req *req, uint32_t *fs_attr)
+{
+ struct cli_get_fs_attr_info_state *state = tevent_req_data(
+ req, struct cli_get_fs_attr_info_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *fs_attr = state->fs_attr;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_get_fs_attr_info(struct cli_state *cli, uint32_t *fs_attr)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_get_fs_attr_info(cli, fs_attr);
+ }
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_get_fs_attr_info_send(ev, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_get_fs_attr_info_recv(req, fs_attr);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+NTSTATUS cli_get_fs_volume_info(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ char **_volume_name,
+ uint32_t *pserial_number,
+ time_t *pdate)
+{
+ NTSTATUS status;
+ uint16_t recv_flags2;
+ uint16_t setup[1];
+ uint8_t param[2];
+ uint8_t *rdata;
+ uint32_t rdata_count;
+ unsigned int nlen;
+ char *volume_name = NULL;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_get_fs_volume_info(cli,
+ mem_ctx,
+ _volume_name,
+ pserial_number,
+ pdate);
+ }
+
+ SSVAL(setup, 0, TRANSACT2_QFSINFO);
+ SSVAL(param,0,SMB_QUERY_FS_VOLUME_INFO);
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans2,
+ NULL, 0, 0, 0,
+ setup, 1, 0,
+ param, 2, 0,
+ NULL, 0, 560,
+ &recv_flags2,
+ NULL, 0, NULL,
+ NULL, 0, NULL,
+ &rdata, 18, &rdata_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (pdate) {
+ struct timespec ts;
+ ts = interpret_long_date(BVAL(rdata, 0));
+ *pdate = ts.tv_sec;
+ }
+ if (pserial_number) {
+ *pserial_number = IVAL(rdata,8);
+ }
+ nlen = IVAL(rdata,12);
+ if (nlen > (rdata_count - 18)) {
+ TALLOC_FREE(rdata);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ pull_string_talloc(mem_ctx,
+ (const char *)rdata,
+ recv_flags2,
+ &volume_name,
+ rdata + 18,
+ nlen, STR_UNICODE);
+ if (volume_name == NULL) {
+ status = map_nt_error_from_unix(errno);
+ TALLOC_FREE(rdata);
+ return status;
+ }
+
+ /* todo: but not yet needed
+ * return the other stuff
+ */
+
+ *_volume_name = volume_name;
+ TALLOC_FREE(rdata);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_get_fs_full_size_info(struct cli_state *cli,
+ uint64_t *total_allocation_units,
+ uint64_t *caller_allocation_units,
+ uint64_t *actual_allocation_units,
+ uint64_t *sectors_per_allocation_unit,
+ uint64_t *bytes_per_sector)
+{
+ uint16_t setup[1];
+ uint8_t param[2];
+ uint8_t *rdata = NULL;
+ uint32_t rdata_count;
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_get_fs_full_size_info(cli,
+ total_allocation_units,
+ caller_allocation_units,
+ actual_allocation_units,
+ sectors_per_allocation_unit,
+ bytes_per_sector);
+ }
+
+ SSVAL(setup, 0, TRANSACT2_QFSINFO);
+ SSVAL(param, 0, SMB_FS_FULL_SIZE_INFORMATION);
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans2,
+ NULL, 0, 0, 0,
+ setup, 1, 0, /* setup */
+ param, 2, 0, /* param */
+ NULL, 0, 560, /* data */
+ NULL,
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL, /* rparam */
+ &rdata, 32, &rdata_count); /* rdata */
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ if (total_allocation_units) {
+ *total_allocation_units = BIG_UINT(rdata, 0);
+ }
+ if (caller_allocation_units) {
+ *caller_allocation_units = BIG_UINT(rdata,8);
+ }
+ if (actual_allocation_units) {
+ *actual_allocation_units = BIG_UINT(rdata,16);
+ }
+ if (sectors_per_allocation_unit) {
+ *sectors_per_allocation_unit = IVAL(rdata,24);
+ }
+ if (bytes_per_sector) {
+ *bytes_per_sector = IVAL(rdata,28);
+ }
+
+fail:
+ TALLOC_FREE(rdata);
+ return status;
+}
+
+NTSTATUS cli_get_posix_fs_info(struct cli_state *cli,
+ uint32_t *optimal_transfer_size,
+ uint32_t *block_size,
+ uint64_t *total_blocks,
+ uint64_t *blocks_available,
+ uint64_t *user_blocks_available,
+ uint64_t *total_file_nodes,
+ uint64_t *free_file_nodes,
+ uint64_t *fs_identifier)
+{
+ uint16_t setup[1];
+ uint8_t param[2];
+ uint8_t *rdata = NULL;
+ uint32_t rdata_count;
+ NTSTATUS status;
+
+ SSVAL(setup, 0, TRANSACT2_QFSINFO);
+ SSVAL(param,0,SMB_QUERY_POSIX_FS_INFO);
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans2, NULL, 0, 0, 0,
+ setup, 1, 0,
+ param, 2, 0,
+ NULL, 0, 560,
+ NULL,
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL, /* rparam */
+ &rdata, 56, &rdata_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (optimal_transfer_size) {
+ *optimal_transfer_size = IVAL(rdata, 0);
+ }
+ if (block_size) {
+ *block_size = IVAL(rdata,4);
+ }
+ if (total_blocks) {
+ *total_blocks = BIG_UINT(rdata,8);
+ }
+ if (blocks_available) {
+ *blocks_available = BIG_UINT(rdata,16);
+ }
+ if (user_blocks_available) {
+ *user_blocks_available = BIG_UINT(rdata,24);
+ }
+ if (total_file_nodes) {
+ *total_file_nodes = BIG_UINT(rdata,32);
+ }
+ if (free_file_nodes) {
+ *free_file_nodes = BIG_UINT(rdata,40);
+ }
+ if (fs_identifier) {
+ *fs_identifier = BIG_UINT(rdata,48);
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Do a UNIX extensions SMB_QUERY_POSIX_WHOAMI call.
+****************************************************************************/
+
+struct posix_whoami_state {
+ uint16_t setup[1];
+ uint8_t param[2];
+ uint32_t max_rdata;
+ bool guest;
+ uint64_t uid;
+ uint64_t gid;
+ uint32_t num_gids;
+ uint64_t *gids;
+ uint32_t num_sids;
+ struct dom_sid *sids;
+};
+
+static void cli_posix_whoami_done(struct tevent_req *subreq);
+
+static const uint32_t posix_whoami_max_rdata = 62*1024;
+
+struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct posix_whoami_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct posix_whoami_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /* Setup setup word. */
+ SSVAL(state->setup, 0, TRANSACT2_QFSINFO);
+ SSVAL(state->param, 0, SMB_QUERY_POSIX_WHOAMI);
+
+ state->max_rdata = posix_whoami_max_rdata;
+
+ subreq = cli_trans_send(state, /* mem ctx. */
+ ev, /* event ctx. */
+ cli, /* cli_state. */
+ 0, /* additional_flags2 */
+ SMBtrans2, /* cmd. */
+ NULL, /* pipe name. */
+ -1, /* fid. */
+ 0, /* function. */
+ 0, /* flags. */
+ state->setup, /* setup. */
+ 1, /* num setup uint16_t words. */
+ 0, /* max returned setup. */
+ state->param, /* param. */
+ 2, /* num param. */
+ 0, /* max returned param. */
+ NULL, /* data. */
+ 0, /* num data. */
+ state->max_rdata); /* max returned data. */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_posix_whoami_done, req);
+ return req;
+}
+
+static void cli_posix_whoami_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct posix_whoami_state *state = tevent_req_data(
+ req, struct posix_whoami_state);
+ uint8_t *rdata = NULL;
+ uint8_t *p = NULL;
+ uint32_t num_rdata = 0;
+ uint32_t i;
+ NTSTATUS status;
+
+ status = cli_trans_recv(subreq,
+ state,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ &rdata,
+ 40,
+ &num_rdata);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /*
+ * Not strictly needed - cli_trans_recv()
+ * will ensure at least 40 bytes here. Added
+ * as more of a reminder to be careful when
+ * parsing network packets in C.
+ */
+
+ if (num_rdata < 40 || num_rdata > posix_whoami_max_rdata) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ state->guest = (IVAL(rdata, 0) & SMB_WHOAMI_GUEST);
+ state->uid = BVAL(rdata, 8);
+ state->gid = BVAL(rdata, 16);
+ state->num_gids = IVAL(rdata, 24);
+ state->num_sids = IVAL(rdata, 28);
+
+ /* Ensure the gid array doesn't overflow */
+ if (state->num_gids > (num_rdata - 40) / sizeof(uint64_t)) {
+ tevent_req_nterror(req,
+ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ state->gids = talloc_array(state, uint64_t, state->num_gids);
+ if (tevent_req_nomem(state->gids, req)) {
+ return;
+ }
+ state->sids = talloc_array(state, struct dom_sid, state->num_sids);
+ if (tevent_req_nomem(state->sids, req)) {
+ return;
+ }
+
+ p = rdata + 40;
+
+ for (i = 0; i < state->num_gids; i++) {
+ state->gids[i] = BVAL(p, 0);
+ p += 8;
+ }
+
+ num_rdata -= (p - rdata);
+
+ for (i = 0; i < state->num_sids; i++) {
+ size_t sid_size;
+ DATA_BLOB in = data_blob_const(p, num_rdata);
+ enum ndr_err_code ndr_err;
+
+ ndr_err = ndr_pull_struct_blob(&in,
+ state,
+ &state->sids[i],
+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ tevent_req_nterror(req,
+ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ sid_size = ndr_size_dom_sid(&state->sids[i], 0);
+
+ if (sid_size > num_rdata) {
+ tevent_req_nterror(req,
+ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ p += sid_size;
+ num_rdata -= sid_size;
+ }
+
+ if (num_rdata != 0) {
+ tevent_req_nterror(req,
+ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_posix_whoami_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint64_t *puid,
+ uint64_t *pgid,
+ uint32_t *pnum_gids,
+ uint64_t **pgids,
+ uint32_t *pnum_sids,
+ struct dom_sid **psids,
+ bool *pguest)
+{
+ NTSTATUS status;
+ struct posix_whoami_state *state = tevent_req_data(
+ req, struct posix_whoami_state);
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (puid) {
+ *puid = state->uid;
+ }
+ if (pgid) {
+ *pgid = state->gid;
+ }
+ if (pnum_gids) {
+ *pnum_gids = state->num_gids;
+ }
+ if (pgids) {
+ *pgids = talloc_move(mem_ctx, &state->gids);
+ }
+ if (pnum_sids) {
+ *pnum_sids = state->num_sids;
+ }
+ if (psids) {
+ *psids = talloc_move(mem_ctx, &state->sids);
+ }
+ if (pguest) {
+ *pguest = state->guest;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_posix_whoami(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ uint64_t *puid,
+ uint64_t *pgid,
+ uint32_t *num_gids,
+ uint64_t **gids,
+ uint32_t *num_sids,
+ struct dom_sid **sids,
+ bool *pguest)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_posix_whoami_send(frame,
+ ev,
+ cli);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_posix_whoami_recv(req,
+ mem_ctx,
+ puid,
+ pgid,
+ num_gids,
+ gids,
+ num_sids,
+ sids,
+ pguest);
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
new file mode 100644
index 0000000..54b46b0
--- /dev/null
+++ b/source3/libsmb/clilist.c
@@ -0,0 +1,1255 @@
+/*
+ Unix SMB/CIFS implementation.
+ client directory list routines
+ Copyright (C) Andrew Tridgell 1994-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "trans2.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/****************************************************************************
+ Check if a returned directory name is safe.
+****************************************************************************/
+
+static NTSTATUS is_bad_name(bool windows_names, const char *name)
+{
+ const char *bad_name_p = NULL;
+
+ bad_name_p = strchr(name, '/');
+ if (bad_name_p != NULL) {
+ /*
+ * Windows and POSIX names can't have '/'.
+ * Server is attacking us.
+ */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (windows_names) {
+ bad_name_p = strchr(name, '\\');
+ if (bad_name_p != NULL) {
+ /*
+ * Windows names can't have '\\'.
+ * Server is attacking us.
+ */
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Check if a returned directory name is safe. Disconnect if server is
+ sending bad names.
+****************************************************************************/
+
+NTSTATUS is_bad_finfo_name(const struct cli_state *cli,
+ const struct file_info *finfo)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ bool windows_names = true;
+
+ if (cli->requested_posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
+ windows_names = false;
+ }
+ if (finfo->name != NULL) {
+ status = is_bad_name(windows_names, finfo->name);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("bad finfo->name\n");
+ return status;
+ }
+ }
+ if (finfo->short_name != NULL) {
+ status = is_bad_name(windows_names, finfo->short_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("bad finfo->short_name\n");
+ return status;
+ }
+ }
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Calculate a safe next_entry_offset.
+****************************************************************************/
+
+static size_t calc_next_entry_offset(const char *base, const char *pdata_end)
+{
+ size_t next_entry_offset = (size_t)IVAL(base,0);
+
+ if (next_entry_offset == 0 ||
+ base + next_entry_offset < base ||
+ base + next_entry_offset > pdata_end) {
+ next_entry_offset = pdata_end - base;
+ }
+ return next_entry_offset;
+}
+
+/****************************************************************************
+ Interpret a long filename structure - this is mostly guesses at the moment.
+ The length of the structure is returned
+ The structure of a long filename depends on the info level.
+ SMB_FIND_FILE_BOTH_DIRECTORY_INFO is used
+ by NT and SMB_FIND_EA_SIZE is used by OS/2
+****************************************************************************/
+
+static size_t interpret_long_filename(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ int level,
+ const char *base_ptr,
+ uint16_t recv_flags2,
+ const char *p,
+ const char *pdata_end,
+ struct file_info *finfo,
+ uint32_t *p_resume_key,
+ DATA_BLOB *p_last_name_raw)
+{
+ int len;
+ size_t ret;
+ const char *base = p;
+
+ data_blob_free(p_last_name_raw);
+
+ if (p_resume_key) {
+ *p_resume_key = 0;
+ }
+ ZERO_STRUCTP(finfo);
+
+ switch (level) {
+ case SMB_FIND_INFO_STANDARD: /* OS/2 understands this */
+ /* these dates are converted to GMT by
+ make_unix_date */
+ if (pdata_end - base < 27) {
+ return pdata_end - base;
+ }
+ /*
+ * What we're returning here as ctime_ts is
+ * actually the server create time.
+ */
+ finfo->btime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+4,
+ smb1cli_conn_server_time_zone(
+ cli->conn)));
+ finfo->ctime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+4, smb1cli_conn_server_time_zone(cli->conn)));
+ finfo->atime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+8, smb1cli_conn_server_time_zone(cli->conn)));
+ finfo->mtime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+12, smb1cli_conn_server_time_zone(cli->conn)));
+ finfo->size = IVAL(p,16);
+ finfo->attr = SVAL(p,24);
+ len = CVAL(p, 26);
+ p += 27;
+ if (recv_flags2 & FLAGS2_UNICODE_STRINGS) {
+ p += ucs2_align(base_ptr, p, STR_UNICODE);
+ }
+
+ /* We can safely use len here (which is required by OS/2)
+ * and the NAS-BASIC server instead of +2 or +1 as the
+ * STR_TERMINATE flag below is
+ * actually used as the length calculation.
+ * The len is merely an upper bound.
+ * Due to the explicit 2 byte null termination
+ * in cli_receive_trans/cli_receive_nt_trans
+ * we know this is safe. JRA + kukks
+ */
+
+ if (p + len > pdata_end) {
+ return pdata_end - base;
+ }
+
+ /* the len+2 below looks strange but it is
+ important to cope with the differences
+ between win2000 and win9x for this call
+ (tridge) */
+ ret = pull_string_talloc(ctx,
+ base_ptr,
+ recv_flags2,
+ &finfo->name,
+ p,
+ len+2,
+ STR_TERMINATE);
+ if (ret == (size_t)-1) {
+ return pdata_end - base;
+ }
+ p += ret;
+ return PTR_DIFF(p, base);
+
+ case SMB_FIND_EA_SIZE: /* this is what OS/2 uses mostly */
+ /* these dates are converted to GMT by
+ make_unix_date */
+ if (pdata_end - base < 31) {
+ return pdata_end - base;
+ }
+ /*
+ * What we're returning here as ctime_ts is
+ * actually the server create time.
+ */
+ finfo->btime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+4,
+ smb1cli_conn_server_time_zone(
+ cli->conn)));
+ finfo->ctime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+4, smb1cli_conn_server_time_zone(cli->conn)));
+ finfo->atime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+8, smb1cli_conn_server_time_zone(cli->conn)));
+ finfo->mtime_ts = convert_time_t_to_timespec(
+ make_unix_date2(p+12, smb1cli_conn_server_time_zone(cli->conn)));
+ finfo->size = IVAL(p,16);
+ finfo->attr = SVAL(p,24);
+ len = CVAL(p, 30);
+ p += 31;
+ /* check for unisys! */
+ if (p + len + 1 > pdata_end) {
+ return pdata_end - base;
+ }
+ ret = pull_string_talloc(ctx,
+ base_ptr,
+ recv_flags2,
+ &finfo->name,
+ p,
+ len,
+ STR_NOALIGN);
+ if (ret == (size_t)-1) {
+ return pdata_end - base;
+ }
+ p += ret;
+ return PTR_DIFF(p, base) + 1;
+
+ case SMB_FIND_FILE_BOTH_DIRECTORY_INFO: /* NT uses this, but also accepts 2 */
+ {
+ size_t namelen, slen;
+
+ if (pdata_end - base < 94) {
+ return pdata_end - base;
+ }
+
+ p += 4; /* next entry offset */
+
+ if (p_resume_key) {
+ *p_resume_key = IVAL(p,0);
+ }
+ p += 4; /* fileindex */
+
+ /* Offset zero is "create time", not "change time". */
+ p += 8;
+ finfo->atime_ts = interpret_long_date(BVAL(p, 0));
+ p += 8;
+ finfo->mtime_ts = interpret_long_date(BVAL(p, 0));
+ p += 8;
+ finfo->ctime_ts = interpret_long_date(BVAL(p, 0));
+ p += 8;
+ finfo->size = IVAL2_TO_SMB_BIG_UINT(p,0);
+ p += 8;
+ p += 8; /* alloc size */
+ finfo->attr = IVAL(p,0);
+ p += 4;
+ namelen = IVAL(p,0);
+ p += 4;
+ p += 4; /* EA size */
+ slen = CVAL(p, 0);
+ if (slen > 24) {
+ /* Bad short name length. */
+ return pdata_end - base;
+ }
+ p += 2;
+ ret = pull_string_talloc(ctx,
+ base_ptr,
+ recv_flags2,
+ &finfo->short_name,
+ p,
+ slen,
+ STR_UNICODE);
+ if (ret == (size_t)-1) {
+ return pdata_end - base;
+ }
+ p += 24; /* short name? */
+ if (p + namelen < p || p + namelen > pdata_end) {
+ return pdata_end - base;
+ }
+ ret = pull_string_talloc(ctx,
+ base_ptr,
+ recv_flags2,
+ &finfo->name,
+ p,
+ namelen,
+ 0);
+ if (ret == (size_t)-1) {
+ return pdata_end - base;
+ }
+
+ /* To be robust in the face of unicode conversion failures
+ we need to copy the raw bytes of the last name seen here.
+ Namelen doesn't include the terminating unicode null, so
+ copy it here. */
+
+ if (p_last_name_raw) {
+ *p_last_name_raw = data_blob(NULL, namelen+2);
+ memcpy(p_last_name_raw->data, p, namelen);
+ SSVAL(p_last_name_raw->data, namelen, 0);
+ }
+ return calc_next_entry_offset(base, pdata_end);
+ }
+ }
+
+ DEBUG(1,("Unknown long filename format %d\n",level));
+ return calc_next_entry_offset(base, pdata_end);
+}
+
+/****************************************************************************
+ Interpret a short filename structure.
+ The length of the structure is returned.
+****************************************************************************/
+
+static bool interpret_short_filename(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ char *p,
+ struct file_info *finfo)
+{
+ size_t ret;
+ ZERO_STRUCTP(finfo);
+
+ finfo->attr = CVAL(p,21);
+
+ /* We don't get birth time. */
+ finfo->btime_ts.tv_sec = 0;
+ finfo->btime_ts.tv_nsec = 0;
+ /* this date is converted to GMT by make_unix_date */
+ finfo->ctime_ts.tv_sec = make_unix_date(p+22, smb1cli_conn_server_time_zone(cli->conn));
+ finfo->ctime_ts.tv_nsec = 0;
+ finfo->mtime_ts.tv_sec = finfo->atime_ts.tv_sec = finfo->ctime_ts.tv_sec;
+ finfo->mtime_ts.tv_nsec = finfo->atime_ts.tv_nsec = 0;
+ finfo->size = IVAL(p,26);
+ ret = pull_string_talloc(ctx,
+ NULL,
+ 0,
+ &finfo->name,
+ p+30,
+ 12,
+ STR_ASCII);
+ if (ret == (size_t)-1) {
+ return false;
+ }
+
+ if (finfo->name) {
+ finfo->short_name = talloc_strdup(ctx, finfo->name);
+ if (finfo->short_name == NULL) {
+ return false;
+ }
+ }
+ return true;
+}
+
+struct cli_list_old_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t vwv[2];
+ char *mask;
+ int num_asked;
+ uint32_t attribute;
+ uint8_t search_status[23];
+ bool first;
+ bool done;
+ uint8_t *dirlist;
+};
+
+static void cli_list_old_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_list_old_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *mask,
+ uint32_t attribute)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_list_old_state *state;
+ uint8_t *bytes;
+ static const uint16_t zero = 0;
+ uint32_t usable_space;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_list_old_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->attribute = attribute;
+ state->first = true;
+ state->mask = talloc_strdup(state, mask);
+ if (tevent_req_nomem(state->mask, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->mask = smb1_dfs_share_path(state, cli, state->mask);
+ if (tevent_req_nomem(state->mask, req)) {
+ return tevent_req_post(req, ev);
+ }
+ usable_space = cli_state_available_size(cli, 100);
+ state->num_asked = usable_space / DIR_STRUCT_SIZE;
+
+ SSVAL(state->vwv + 0, 0, state->num_asked);
+ SSVAL(state->vwv + 1, 0, state->attribute);
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes,
+ smbXcli_conn_use_unicode(cli->conn),
+ state->mask,
+ strlen(state->mask)+1,
+ NULL);
+
+ bytes = smb_bytes_push_bytes(bytes, 5, (const uint8_t *)&zero, 2);
+ if (tevent_req_nomem(bytes, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_smb_send(state, state->ev, state->cli, SMBsearch, 0, 0,
+ 2, state->vwv, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_list_old_done, req);
+ return req;
+}
+
+static void cli_list_old_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_list_old_state *state = tevent_req_data(
+ req, struct cli_list_old_state);
+ NTSTATUS status;
+ uint8_t cmd;
+ uint8_t wct;
+ uint16_t *vwv;
+ uint32_t num_bytes;
+ uint8_t *bytes;
+ uint16_t received;
+ size_t dirlist_len;
+ uint8_t *tmp;
+
+ status = cli_smb_recv(subreq, state, NULL, 0, &wct, &vwv, &num_bytes,
+ &bytes);
+ if (!NT_STATUS_IS_OK(status)
+ && !NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRnofiles))
+ && !NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES)) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(req, status);
+ return;
+ }
+ if (NT_STATUS_EQUAL(status, NT_STATUS_DOS(ERRDOS, ERRnofiles))
+ || NT_STATUS_EQUAL(status, STATUS_NO_MORE_FILES)) {
+ received = 0;
+ } else {
+ if (wct < 1) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ received = SVAL(vwv + 0, 0);
+ }
+
+ if (received > 0) {
+ /*
+ * I don't think this can wrap. received is
+ * initialized from a 16-bit value.
+ */
+ if (num_bytes < ((uint32_t)received * DIR_STRUCT_SIZE + 3)) {
+ TALLOC_FREE(subreq);
+ tevent_req_nterror(
+ req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ dirlist_len = talloc_get_size(state->dirlist);
+
+ tmp = talloc_realloc(
+ state, state->dirlist, uint8_t,
+ dirlist_len + received * DIR_STRUCT_SIZE);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+ }
+ state->dirlist = tmp;
+ memcpy(state->dirlist + dirlist_len, bytes + 3,
+ received * DIR_STRUCT_SIZE);
+
+ SSVAL(state->search_status, 0, 21);
+ memcpy(state->search_status + 2,
+ bytes + 3 + (received-1)*DIR_STRUCT_SIZE, 21);
+ cmd = SMBsearch;
+ } else {
+ if (state->first || state->done) {
+ tevent_req_done(req);
+ return;
+ }
+ state->done = true;
+ state->num_asked = 0;
+ cmd = SMBfclose;
+ }
+ TALLOC_FREE(subreq);
+
+ state->first = false;
+
+ SSVAL(state->vwv + 0, 0, state->num_asked);
+ SSVAL(state->vwv + 1, 0, state->attribute);
+
+ bytes = talloc_array(state, uint8_t, 1);
+ if (tevent_req_nomem(bytes, req)) {
+ return;
+ }
+ bytes[0] = 4;
+ bytes = smb_bytes_push_str(bytes, smbXcli_conn_use_unicode(state->cli->conn), "",
+ 1, NULL);
+ bytes = smb_bytes_push_bytes(bytes, 5, state->search_status,
+ sizeof(state->search_status));
+ if (tevent_req_nomem(bytes, req)) {
+ return;
+ }
+ subreq = cli_smb_send(state, state->ev, state->cli, cmd, 0, 0,
+ 2, state->vwv, talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_list_old_done, req);
+}
+
+static NTSTATUS cli_list_old_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct file_info **pfinfo)
+{
+ struct cli_list_old_state *state = tevent_req_data(
+ req, struct cli_list_old_state);
+ NTSTATUS status;
+ size_t i, num_received;
+ struct file_info *finfo;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (state->dirlist == NULL) {
+ *pfinfo = NULL;
+ return NT_STATUS_OK;
+ }
+
+ num_received = talloc_array_length(state->dirlist) / DIR_STRUCT_SIZE;
+
+ finfo = talloc_array(mem_ctx, struct file_info, num_received);
+ if (finfo == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<num_received; i++) {
+ if (!interpret_short_filename(
+ finfo, state->cli,
+ (char *)state->dirlist + i * DIR_STRUCT_SIZE,
+ &finfo[i])) {
+ TALLOC_FREE(finfo);
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (finfo->name == NULL) {
+ TALLOC_FREE(finfo);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ status = is_bad_finfo_name(state->cli, finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ smbXcli_conn_disconnect(state->cli->conn, status);
+ TALLOC_FREE(finfo);
+ return status;
+ }
+ }
+ TALLOC_FREE(state->dirlist);
+ *pfinfo = finfo;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_list_old(struct cli_state *cli, const char *mask,
+ uint32_t attribute,
+ NTSTATUS (*fn)(struct file_info *,
+ const char *, void *), void *state)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ struct file_info *finfo = NULL;
+ size_t i, num_finfo;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_list_old_send(frame, ev, cli, mask, attribute);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_list_old_recv(req, frame, &finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ num_finfo = talloc_array_length(finfo);
+ for (i=0; i<num_finfo; i++) {
+ status = fn(&finfo[i], mask, state);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ }
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_list_trans_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ char *mask;
+ uint32_t attribute;
+ uint16_t info_level;
+
+ int loop_count;
+ int total_received;
+ uint16_t max_matches;
+ bool first;
+
+ int ff_eos;
+ int ff_dir_handle;
+
+ uint16_t setup[1];
+ uint8_t *param;
+
+ struct file_info *finfo;
+};
+
+static void cli_list_trans_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_list_trans_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *mask,
+ uint32_t attribute,
+ uint16_t info_level)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_list_trans_state *state;
+ size_t param_len;
+ uint16_t additional_flags2 = 0;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_list_trans_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->mask = talloc_strdup(state, mask);
+ if (tevent_req_nomem(state->mask, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->mask = smb1_dfs_share_path(state, cli, state->mask);
+ if (tevent_req_nomem(state->mask, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->attribute = attribute;
+ state->info_level = info_level;
+ state->loop_count = 0;
+ state->first = true;
+
+ state->max_matches = 1366; /* Match W2k */
+
+ SSVAL(&state->setup[0], 0, TRANSACT2_FINDFIRST);
+
+ state->param = talloc_array(state, uint8_t, 12);
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ SSVAL(state->param, 0, state->attribute);
+ SSVAL(state->param, 2, state->max_matches);
+ SSVAL(state->param, 4,
+ FLAG_TRANS2_FIND_REQUIRE_RESUME
+ |FLAG_TRANS2_FIND_CLOSE_IF_END
+ |(cli->backup_intent ? FLAG_TRANS2_FIND_BACKUP_INTENT : 0));
+ SSVAL(state->param, 6, state->info_level);
+ SIVAL(state->param, 8, 0);
+
+ state->param = trans2_bytes_push_str(state->param, smbXcli_conn_use_unicode(cli->conn),
+ state->mask, strlen(state->mask)+1,
+ NULL);
+ if (tevent_req_nomem(state->param, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (clistr_is_previous_version_path(state->mask)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ param_len = talloc_get_size(state->param);
+
+ subreq = cli_trans_send(state, state->ev, state->cli, additional_flags2,
+ SMBtrans2, NULL, -1, 0, 0,
+ state->setup, 1, 0,
+ state->param, param_len, 10,
+ NULL, 0, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_list_trans_done, req);
+ return req;
+}
+
+static void cli_list_trans_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_list_trans_state *state = tevent_req_data(
+ req, struct cli_list_trans_state);
+ NTSTATUS status;
+ uint8_t *param;
+ uint32_t num_param;
+ uint8_t *data;
+ char *data_end;
+ uint32_t num_data;
+ uint32_t min_param;
+ struct file_info *tmp;
+ size_t old_num_finfo;
+ uint16_t recv_flags2;
+ int ff_searchcount;
+ bool ff_eos;
+ char *p, *p2;
+ uint32_t resume_key = 0;
+ int i;
+ DATA_BLOB last_name_raw;
+ struct file_info *finfo = NULL;
+ size_t param_len;
+ uint16_t additional_flags2 = 0;
+
+ min_param = (state->first ? 6 : 4);
+
+ status = cli_trans_recv(subreq, talloc_tos(), &recv_flags2,
+ NULL, 0, NULL,
+ &param, min_param, &num_param,
+ &data, 0, &num_data);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * TODO: retry, OS/2 nofiles
+ */
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (state->first) {
+ state->ff_dir_handle = SVAL(param, 0);
+ ff_searchcount = SVAL(param, 2);
+ ff_eos = SVAL(param, 4) != 0;
+ } else {
+ ff_searchcount = SVAL(param, 0);
+ ff_eos = SVAL(param, 2) != 0;
+ }
+
+ old_num_finfo = talloc_array_length(state->finfo);
+
+ tmp = talloc_realloc(state, state->finfo, struct file_info,
+ old_num_finfo + ff_searchcount);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+ }
+ state->finfo = tmp;
+
+ p2 = p = (char *)data;
+ data_end = (char *)data + num_data;
+ last_name_raw = data_blob_null;
+
+ for (i=0; i<ff_searchcount; i++) {
+ if (p2 >= data_end) {
+ ff_eos = true;
+ break;
+ }
+ if ((state->info_level == SMB_FIND_FILE_BOTH_DIRECTORY_INFO)
+ && (i == ff_searchcount-1)) {
+ /* Last entry - fixup the last offset length. */
+ SIVAL(p2, 0, PTR_DIFF((data + num_data), p2));
+ }
+
+ data_blob_free(&last_name_raw);
+
+ finfo = &state->finfo[old_num_finfo + i];
+
+ p2 += interpret_long_filename(
+ state->finfo, /* Stick fname to the array as such */
+ state->cli, state->info_level,
+ (char *)data, recv_flags2, p2,
+ data_end, finfo, &resume_key, &last_name_raw);
+
+ if (finfo->name == NULL) {
+ DEBUG(1, ("cli_list: Error: unable to parse name from "
+ "info level %d\n", state->info_level));
+ tevent_req_nterror(req,
+ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ status = is_bad_finfo_name(state->cli, finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ smbXcli_conn_disconnect(state->cli->conn, status);
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if (!state->first && (state->mask[0] != '\0') &&
+ strcsequal(finfo->name, state->mask)) {
+ DEBUG(1, ("Error: Looping in FIND_NEXT as name %s has "
+ "already been seen?\n", finfo->name));
+ ff_eos = true;
+ break;
+ }
+ }
+
+ if (ff_searchcount == 0) {
+ ff_eos = true;
+ }
+
+ TALLOC_FREE(param);
+ TALLOC_FREE(data);
+
+ /*
+ * Shrink state->finfo to the real length we received
+ */
+ tmp = talloc_realloc(state, state->finfo, struct file_info,
+ old_num_finfo + i);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+ }
+ state->finfo = tmp;
+
+ state->first = false;
+
+ if (ff_eos) {
+ data_blob_free(&last_name_raw);
+ tevent_req_done(req);
+ return;
+ }
+
+ TALLOC_FREE(state->mask);
+ state->mask = talloc_strdup(state, finfo->name);
+ if (tevent_req_nomem(state->mask, req)) {
+ return;
+ }
+
+ SSVAL(&state->setup[0], 0, TRANSACT2_FINDNEXT);
+
+ param = talloc_realloc(state, state->param, uint8_t, 12);
+ if (tevent_req_nomem(param, req)) {
+ return;
+ }
+ state->param = param;
+
+ SSVAL(param, 0, state->ff_dir_handle);
+ SSVAL(param, 2, state->max_matches); /* max count */
+ SSVAL(param, 4, state->info_level);
+ /*
+ * For W2K servers serving out FAT filesystems we *must* set
+ * the resume key. If it's not FAT then it's returned as zero.
+ */
+ SIVAL(param, 6, resume_key); /* ff_resume_key */
+ /*
+ * NB. *DON'T* use continue here. If you do it seems that W2K
+ * and brethren can miss filenames. Use last filename
+ * continue instead. JRA
+ */
+ SSVAL(param, 10, (FLAG_TRANS2_FIND_REQUIRE_RESUME
+ |FLAG_TRANS2_FIND_CLOSE_IF_END
+ |(state->cli->backup_intent ? FLAG_TRANS2_FIND_BACKUP_INTENT : 0)));
+ if (last_name_raw.length) {
+ state->param = trans2_bytes_push_bytes(state->param,
+ last_name_raw.data,
+ last_name_raw.length);
+ if (tevent_req_nomem(state->param, req)) {
+ return;
+ }
+ data_blob_free(&last_name_raw);
+ } else {
+ state->param = trans2_bytes_push_str(state->param,
+ smbXcli_conn_use_unicode(state->cli->conn),
+ state->mask,
+ strlen(state->mask)+1,
+ NULL);
+ if (tevent_req_nomem(state->param, req)) {
+ return;
+ }
+ }
+ param_len = talloc_get_size(state->param);
+
+ if (clistr_is_previous_version_path(state->mask)) {
+ additional_flags2 = FLAGS2_REPARSE_PATH;
+ }
+
+ subreq = cli_trans_send(state, state->ev, state->cli, additional_flags2,
+ SMBtrans2, NULL, -1, 0, 0,
+ state->setup, 1, 0,
+ state->param, param_len, 10,
+ NULL, 0, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_list_trans_done, req);
+}
+
+static NTSTATUS cli_list_trans_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct file_info **finfo)
+{
+ struct cli_list_trans_state *state = tevent_req_data(
+ req, struct cli_list_trans_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *finfo = talloc_move(mem_ctx, &state->finfo);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_list_trans(struct cli_state *cli, const char *mask,
+ uint32_t attribute, int info_level,
+ NTSTATUS (*fn)(
+ struct file_info *finfo,
+ const char *mask,
+ void *private_data),
+ void *private_data)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ int i, num_finfo;
+ struct file_info *finfo = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_list_trans_send(frame, ev, cli, mask, attribute, info_level);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_list_trans_recv(req, frame, &finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ num_finfo = talloc_array_length(finfo);
+ for (i=0; i<num_finfo; i++) {
+ status = fn(&finfo[i], mask, private_data);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ }
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_list_state {
+ struct tevent_context *ev;
+ struct tevent_req *subreq;
+ NTSTATUS (*recv_fn)(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct file_info **finfo);
+ struct file_info *finfo;
+ size_t num_received;
+};
+
+static void cli_list_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_list_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *mask,
+ uint32_t attribute,
+ uint16_t info_level)
+{
+ struct tevent_req *req = NULL;
+ struct cli_list_state *state;
+ enum protocol_types proto = smbXcli_conn_protocol(cli->conn);
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_list_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+
+ if (proto >= PROTOCOL_SMB2_02) {
+ state->subreq = cli_smb2_list_send(state, ev, cli, mask,
+ info_level);
+ state->recv_fn = cli_smb2_list_recv;
+ } else if (proto >= PROTOCOL_LANMAN2) {
+ state->subreq = cli_list_trans_send(
+ state, ev, cli, mask, attribute, info_level);
+ state->recv_fn = cli_list_trans_recv;
+ } else {
+ state->subreq = cli_list_old_send(
+ state, ev, cli, mask, attribute);
+ state->recv_fn = cli_list_old_recv;
+ }
+ if (tevent_req_nomem(state->subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->subreq, cli_list_done, req);
+ return req;
+}
+
+static void cli_list_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_list_state *state = tevent_req_data(
+ req, struct cli_list_state);
+ NTSTATUS status;
+
+ SMB_ASSERT(subreq == state->subreq);
+
+ /*
+ * We don't want to be called by the lowerlevel routines
+ * from within state->recv_fn()
+ */
+ tevent_req_set_callback(subreq, NULL, NULL);
+
+ status = state->recv_fn(subreq, state, &state->finfo);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
+ /* We'll get back here */
+ tevent_req_set_callback(subreq, cli_list_done, req);
+ return;
+ }
+
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_notify_callback(req);
+}
+
+NTSTATUS cli_list_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct file_info **pfinfo)
+{
+ struct cli_list_state *state = tevent_req_data(
+ req, struct cli_list_state);
+ size_t num_results;
+ struct file_info *finfo = NULL;
+ NTSTATUS status;
+ bool in_progress;
+
+ in_progress = tevent_req_is_in_progress(req);
+
+ if (!in_progress) {
+ if (!tevent_req_is_nterror(req, &status)) {
+ status = NT_STATUS_NO_MORE_FILES;
+ }
+ return status;
+ }
+
+ if (state->finfo == NULL) {
+ status = state->recv_fn(state->subreq, state, &state->finfo);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_RETRY)) {
+ tevent_req_set_callback(
+ state->subreq, cli_list_done, req);
+ return NT_STATUS_RETRY;
+ }
+
+ if (NT_STATUS_IS_OK(status) && (state->finfo == NULL)) {
+ status = NT_STATUS_NO_MORE_FILES;
+ }
+
+ if (tevent_req_nterror(req, status)) {
+ return status;
+ }
+
+ state->num_received = 0;
+ }
+
+ num_results = talloc_array_length(state->finfo);
+
+ if (num_results == 1) {
+ finfo = talloc_move(mem_ctx, &state->finfo);
+ } else {
+ struct file_info *src_finfo =
+ &state->finfo[state->num_received];
+
+ finfo = talloc(mem_ctx, struct file_info);
+ if (finfo == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *finfo = *src_finfo;
+ finfo->name = talloc_move(finfo, &src_finfo->name);
+ finfo->short_name = talloc_move(finfo, &src_finfo->short_name);
+ }
+
+ state->num_received += 1;
+
+ if (state->num_received == num_results) {
+ TALLOC_FREE(state->finfo);
+ }
+
+ tevent_req_defer_callback(req, state->ev);
+ tevent_req_notify_callback(req);
+
+ *pfinfo = finfo;
+ return NT_STATUS_OK;
+}
+
+struct cli_list_sync_state {
+ const char *mask;
+ uint32_t attribute;
+ NTSTATUS (*fn)(struct file_info *finfo,
+ const char *mask,
+ void *private_data);
+ void *private_data;
+ NTSTATUS status;
+ bool processed_file;
+};
+
+static void cli_list_sync_cb(struct tevent_req *subreq)
+{
+ struct cli_list_sync_state *state =
+ tevent_req_callback_data_void(subreq);
+ struct file_info *finfo;
+ bool ok;
+
+ state->status = cli_list_recv(subreq, talloc_tos(), &finfo);
+ /* No TALLOC_FREE(subreq), we get here more than once */
+
+ if (NT_STATUS_EQUAL(state->status, NT_STATUS_RETRY)) {
+ /*
+ * The lowlevel SMB call was rearmed, we'll get back
+ * here when it's done.
+ */
+ state->status = NT_STATUS_OK;
+ return;
+ }
+
+ if (!NT_STATUS_IS_OK(state->status)) {
+ return;
+ }
+
+ ok = dir_check_ftype(finfo->attr, state->attribute);
+ if (!ok) {
+ /*
+ * Only process if attributes match. On SMB1 server
+ * does this, so on SMB2 we need to emulate in the
+ * client.
+ *
+ * https://bugzilla.samba.org/show_bug.cgi?id=10260
+ */
+ return;
+ }
+
+ state->status = state->fn(finfo, state->mask, state->private_data);
+
+ state->processed_file = true;
+
+ TALLOC_FREE(finfo);
+}
+
+NTSTATUS cli_list(struct cli_state *cli,
+ const char *mask,
+ uint32_t attribute,
+ NTSTATUS (*fn)(struct file_info *finfo,
+ const char *mask,
+ void *private_data),
+ void *private_data)
+{
+ TALLOC_CTX *frame = NULL;
+ struct cli_list_sync_state state = {
+ .mask = mask,
+ .attribute = attribute,
+ .fn = fn,
+ .private_data = private_data,
+ };
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ uint16_t info_level;
+ enum protocol_types proto = smbXcli_conn_protocol(cli->conn);
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ if (proto >= PROTOCOL_SMB2_02) {
+ info_level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO;
+ } else {
+ info_level = (smb1cli_conn_capabilities(cli->conn) & CAP_NT_SMBS)
+ ? SMB_FIND_FILE_BOTH_DIRECTORY_INFO : SMB_FIND_INFO_STANDARD;
+ }
+
+ req = cli_list_send(frame, ev, cli, mask, attribute, info_level);
+ if (req == NULL) {
+ goto fail;
+ }
+ tevent_req_set_callback(req, cli_list_sync_cb, &state);
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = state.status;
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_FILES)) {
+ status = NT_STATUS_OK;
+ }
+
+ if (NT_STATUS_IS_OK(status) && !state.processed_file) {
+ status = NT_STATUS_NO_SUCH_FILE;
+ }
+
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/climessage.c b/source3/libsmb/climessage.c
new file mode 100644
index 0000000..8563615
--- /dev/null
+++ b/source3/libsmb/climessage.c
@@ -0,0 +1,411 @@
+/*
+ Unix SMB/CIFS implementation.
+ client message handling routines
+ Copyright (C) Andrew Tridgell 1994-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "libsmb/libsmb.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+struct cli_message_start_state {
+ uint16_t grp;
+};
+
+static void cli_message_start_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_message_start_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *host,
+ const char *username)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_message_start_state *state;
+ char *htmp = NULL;
+ char *utmp = NULL;
+ size_t hlen, ulen;
+ uint8_t *bytes, *p;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_message_start_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (!convert_string_talloc(talloc_tos(), CH_UNIX, CH_DOS,
+ username, strlen(username)+1,
+ &utmp, &ulen)) {
+ goto fail;
+ }
+ if (!convert_string_talloc(talloc_tos(), CH_UNIX, CH_DOS,
+ host, strlen(host)+1,
+ &htmp, &hlen)) {
+ goto fail;
+ }
+
+ bytes = talloc_array(state, uint8_t, ulen+hlen+2);
+ if (bytes == NULL) {
+ goto fail;
+ }
+ p = bytes;
+
+ *p++ = 4;
+ memcpy(p, utmp, ulen);
+ p += ulen;
+ *p++ = 4;
+ memcpy(p, htmp, hlen);
+ TALLOC_FREE(htmp);
+ TALLOC_FREE(utmp);
+
+ subreq = cli_smb_send(state, ev, cli, SMBsendstrt, 0, 0, 0, NULL,
+ talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_message_start_done, req);
+ return req;
+fail:
+ TALLOC_FREE(htmp);
+ TALLOC_FREE(utmp);
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return tevent_req_post(req, ev);
+}
+
+static void cli_message_start_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_message_start_state *state = tevent_req_data(
+ req, struct cli_message_start_state);
+ NTSTATUS status;
+ uint8_t wct;
+ uint16_t *vwv;
+
+ status = cli_smb_recv(subreq, state, NULL, 0, &wct, &vwv,
+ NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if (wct >= 1) {
+ state->grp = SVAL(vwv+0, 0);
+ } else {
+ state->grp = 0;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_message_start_recv(struct tevent_req *req,
+ uint16_t *pgrp)
+{
+ struct cli_message_start_state *state = tevent_req_data(
+ req, struct cli_message_start_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pgrp = state->grp;
+ return NT_STATUS_OK;
+}
+
+struct cli_message_text_state {
+ uint16_t vwv;
+};
+
+static void cli_message_text_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_message_text_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t grp,
+ const char *msg,
+ int msglen)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_message_text_state *state;
+ char *tmp;
+ size_t tmplen;
+ uint8_t *bytes;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_message_text_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ SSVAL(&state->vwv, 0, grp);
+
+ if (convert_string_talloc(talloc_tos(), CH_UNIX, CH_DOS, msg, msglen,
+ &tmp, &tmplen)) {
+ msg = tmp;
+ msglen = tmplen;
+ } else {
+ DEBUG(3, ("Conversion failed, sending message in UNIX "
+ "charset\n"));
+ tmp = NULL;
+ }
+
+ bytes = talloc_array(state, uint8_t, msglen+3);
+ if (tevent_req_nomem(bytes, req)) {
+ TALLOC_FREE(tmp);
+ return tevent_req_post(req, ev);
+ }
+ SCVAL(bytes, 0, 1); /* pad */
+ SSVAL(bytes+1, 0, msglen);
+ memcpy(bytes+3, msg, msglen);
+ TALLOC_FREE(tmp);
+
+ subreq = cli_smb_send(state, ev, cli, SMBsendtxt, 0, 0, 1, &state->vwv,
+ talloc_get_size(bytes), bytes);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_message_text_done, req);
+ return req;
+}
+
+static void cli_message_text_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_message_text_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_message_end_state {
+ uint16_t vwv;
+};
+
+static void cli_message_end_done(struct tevent_req *subreq);
+
+static struct tevent_req *cli_message_end_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t grp)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_message_end_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_message_end_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ SSVAL(&state->vwv, 0, grp);
+
+ subreq = cli_smb_send(state, ev, cli, SMBsendend, 0, 0, 1, &state->vwv,
+ 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_message_end_done, req);
+ return req;
+}
+
+static void cli_message_end_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, NULL, NULL, 0, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS cli_message_end_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_message_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ size_t sent;
+ const char *message;
+ uint16_t grp;
+};
+
+static void cli_message_started(struct tevent_req *subreq);
+static void cli_message_sent(struct tevent_req *subreq);
+static void cli_message_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_message_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *host, const char *username,
+ const char *message)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_message_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_message_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->sent = 0;
+ state->message = message;
+
+ subreq = cli_message_start_send(state, ev, cli, host, username);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_message_started, req);
+ return req;
+}
+
+static void cli_message_started(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_message_state *state = tevent_req_data(
+ req, struct cli_message_state);
+ NTSTATUS status;
+ size_t thistime;
+
+ status = cli_message_start_recv(subreq, &state->grp);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ thistime = MIN(127, strlen(state->message));
+
+ subreq = cli_message_text_send(state, state->ev, state->cli,
+ state->grp, state->message, thistime);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ state->sent += thistime;
+ tevent_req_set_callback(subreq, cli_message_sent, req);
+}
+
+static void cli_message_sent(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_message_state *state = tevent_req_data(
+ req, struct cli_message_state);
+ NTSTATUS status;
+ size_t left, thistime;
+
+ status = cli_message_text_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (state->sent >= strlen(state->message)) {
+ subreq = cli_message_end_send(state, state->ev, state->cli,
+ state->grp);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_message_done, req);
+ return;
+ }
+
+ left = strlen(state->message) - state->sent;
+ thistime = MIN(127, left);
+
+ subreq = cli_message_text_send(state, state->ev, state->cli,
+ state->grp,
+ state->message + state->sent,
+ thistime);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ state->sent += thistime;
+ tevent_req_set_callback(subreq, cli_message_sent, req);
+}
+
+static void cli_message_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ NTSTATUS status;
+
+ status = cli_message_end_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_message_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_message(struct cli_state *cli, const char *host,
+ const char *username, const char *message)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_message_send(frame, ev, cli, host, username, message);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_message_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/clioplock.c b/source3/libsmb/clioplock.c
new file mode 100644
index 0000000..aee09da
--- /dev/null
+++ b/source3/libsmb/clioplock.c
@@ -0,0 +1,169 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB client oplock functions
+ Copyright (C) Andrew Tridgell 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "libsmb/libsmb.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+struct cli_smb_oplock_break_waiter_state {
+ uint16_t fnum;
+ uint8_t level;
+};
+
+static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_smb_oplock_break_waiter_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb_oplock_break_waiter_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ /*
+ * Create a fake SMB request that we will never send out. This is only
+ * used to be set into the pending queue with the right mid.
+ */
+ subreq = smb1cli_req_create(mem_ctx, ev, cli->conn, 0, 0, 0, 0, 0, 0,
+ 0, NULL, NULL, 0, NULL, 0, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ smb1cli_req_set_mid(subreq, 0xffff);
+
+ if (!smbXcli_req_set_pending(subreq)) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb_oplock_break_waiter_done, req);
+ return req;
+}
+
+static void cli_smb_oplock_break_waiter_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
+ req, struct cli_smb_oplock_break_waiter_state);
+ struct iovec *iov;
+ uint8_t wct;
+ uint16_t *vwv;
+ NTSTATUS status;
+
+ status = smb1cli_req_recv(subreq, state,
+ &iov, /* piov */
+ NULL, /* phdr */
+ &wct,
+ &vwv,
+ NULL, /* pvwv_offset */
+ NULL, /* pnum_bytes */
+ NULL, /* pbytes */
+ NULL, /* pbytes_offset */
+ NULL, /* pinbuf */
+ NULL, 0); /* expected */
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if (wct < 8) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ state->fnum = SVAL(vwv+2, 0);
+ state->level = CVAL(vwv+3, 1);
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
+ uint16_t *pfnum,
+ uint8_t *plevel)
+{
+ struct cli_smb_oplock_break_waiter_state *state = tevent_req_data(
+ req, struct cli_smb_oplock_break_waiter_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *pfnum = state->fnum;
+ *plevel = state->level;
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+send an ack for an oplock break request
+****************************************************************************/
+
+struct cli_oplock_ack_state {
+ uint8_t dummy;
+};
+
+static void cli_oplock_ack_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_oplock_ack_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum, uint8_t level)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_oplock_ack_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_oplock_ack_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ subreq = cli_lockingx_send(
+ state, /* mem_ctx */
+ ev, /* tevent_context */
+ cli, /* cli */
+ fnum, /* fnum */
+ LOCKING_ANDX_OPLOCK_RELEASE, /* typeoflock */
+ level, /* newoplocklevel */
+ 0, /* timeout */
+ 0, /* num_unlocks */
+ NULL, /* unlocks */
+ 0, /* num_locks */
+ NULL); /* locks */
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_oplock_ack_done, req);
+ return req;
+}
+
+static void cli_oplock_ack_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_lockingx_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_oplock_ack_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
diff --git a/source3/libsmb/cliprint.c b/source3/libsmb/cliprint.c
new file mode 100644
index 0000000..b354990
--- /dev/null
+++ b/source3/libsmb/cliprint.c
@@ -0,0 +1,219 @@
+/*
+ Unix SMB/CIFS implementation.
+ client print routines
+ Copyright (C) Andrew Tridgell 1994-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmb/clirap.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/util/string_wrappers.h"
+
+/*****************************************************************************
+ Convert a character pointer in a cli_call_api() response to a form we can use.
+ This function contains code to prevent core dumps if the server returns
+ invalid data.
+*****************************************************************************/
+static const char *fix_char_ptr(unsigned int datap, unsigned int converter,
+ char *rdata, int rdrcnt)
+{
+ unsigned int offset;
+
+ if (datap == 0) {
+ /* turn NULL pointers into zero length strings */
+ return "";
+ }
+
+ offset = datap - converter;
+
+ if (offset >= rdrcnt) {
+ DEBUG(1,("bad char ptr: datap=%u, converter=%u rdrcnt=%d>\n",
+ datap, converter, rdrcnt));
+ return "<ERROR>";
+ }
+ return &rdata[offset];
+}
+
+/****************************************************************************
+call fn() on each entry in a print queue
+****************************************************************************/
+
+NTSTATUS cli_print_queue(struct cli_state *cli,
+ void (*fn)(struct print_job_info *))
+{
+ uint8_t *rparam = NULL;
+ uint8_t *rdata = NULL;
+ char *p = NULL;
+ uint32_t rdrcnt, rprcnt;
+ char param[1024];
+ int converter;
+ int result_code=0;
+ int i = -1;
+ NTSTATUS status;
+
+ memset(param,'\0',sizeof(param));
+
+ p = param;
+ SSVAL(p,0,76); /* API function number 76 (DosPrintJobEnum) */
+ p += 2;
+ strlcpy_base(p,"zWrLeh", param, sizeof(param)); /* parameter description? */
+ p = skip_string(param,sizeof(param),p);
+ strlcpy_base(p,"WWzWWDDzz", param, sizeof(param)); /* returned data format */
+ p = skip_string(param,sizeof(param),p);
+ strlcpy_base(p,cli->share, param, sizeof(param)); /* name of queue */
+ p = skip_string(param,sizeof(param),p);
+ SSVAL(p,0,2); /* API function level 2, PRJINFO_2 data structure */
+ SSVAL(p,2,1000); /* size of bytes of returned data buffer */
+ p += 4;
+ strlcpy_base(p,"", param,sizeof(param)); /* subformat */
+ p = skip_string(param,sizeof(param),p);
+
+ DEBUG(4,("doing cli_print_queue for %s\n", cli->share));
+
+ status = cli_trans(
+ talloc_tos(),
+ cli,
+ SMBtrans, /* trans_cmd */
+ "\\PIPE\\LANMAN", /* name */
+ 0, /* fid */
+ 0, /* function */
+ 0, /* flags */
+ NULL, /* setup */
+ 0, /* num_setup */
+ 0, /* max_setup */
+ (uint8_t *)param, /* param */
+ PTR_DIFF(p,param), /* num_param */
+ 1024, /* max_param */
+ NULL, /* data */
+ 0, /* num_data */
+ CLI_BUFFER_SIZE, /* max_data */
+ NULL, /* recv_flags2 */
+ NULL, /* rsetup */
+ 0, /* min_rsetup */
+ NULL, /* num_rsetup */
+ &rparam, /* rparam */
+ 8, /* min_rparam */
+ &rprcnt, /* num_rparam */
+ &rdata, /* rdata */
+ 0, /* min_rdata */
+ &rdrcnt); /* num_rdata */
+ if (!NT_STATUS_IS_OK(status)) {
+ cli->raw_status = status;
+ return status;
+ }
+
+ result_code = SVAL(rparam,0);
+ converter = SVAL(rparam,2); /* conversion factor */
+
+ if (result_code == 0) {
+ struct print_job_info job;
+
+ p = (char *)rdata;
+
+ for (i = 0; i < SVAL(rparam,4); ++i) {
+ job.id = SVAL(p,0);
+ job.priority = SVAL(p,2);
+ fstrcpy(job.user,
+ fix_char_ptr(SVAL(p,4), converter,
+ (char *)rdata, rdrcnt));
+ job.t = make_unix_date3(
+ p + 12, smb1cli_conn_server_time_zone(cli->conn));
+ job.size = IVAL(p,16);
+ fstrcpy(job.name,fix_char_ptr(SVAL(p,24),
+ converter,
+ (char *)rdata, rdrcnt));
+ fn(&job);
+ p += 28;
+ }
+ }
+
+ /* If any parameters or data were returned, free the storage. */
+ TALLOC_FREE(rparam);
+ TALLOC_FREE(rdata);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ cancel a print job
+ ****************************************************************************/
+
+NTSTATUS cli_printjob_del(struct cli_state *cli, int job)
+{
+ uint8_t *rparam = NULL;
+ uint8_t *rdata = NULL;
+ char *p = NULL;
+ uint32_t rdrcnt, rprcnt;
+ int result_code;
+ char param[1024];
+ NTSTATUS status = NT_STATUS_OK;
+
+ memset(param,'\0',sizeof(param));
+
+ p = param;
+ SSVAL(p,0,81); /* DosPrintJobDel() */
+ p += 2;
+ strlcpy_base(p,"W", param,sizeof(param));
+ p = skip_string(param,sizeof(param),p);
+ strlcpy_base(p,"", param,sizeof(param));
+ p = skip_string(param,sizeof(param),p);
+ SSVAL(p,0,job);
+ p += 2;
+
+ status = cli_trans(talloc_tos(),
+ cli,
+ SMBtrans, /* trans_cmd */
+ "\\PIPE\\LANMAN", /* name */
+ 0, /* fid */
+ 0, /* function */
+ 0, /* flags */
+ NULL, /* setup */
+ 0, /* num_setup */
+ 0, /* max_setup */
+ (uint8_t *)param, /* param */
+ PTR_DIFF(p, param), /* num_param */
+ 1024, /* max_param */
+ NULL, /* data */
+ 0, /* num_data */
+ CLI_BUFFER_SIZE, /* max_data */
+ NULL, /* recv_flags2 */
+ NULL, /* rsetup */
+ 0, /* min_rsetup */
+ NULL, /* num_rsetup */
+ &rparam, /* rparam */
+ 8, /* min_rparam */
+ &rprcnt, /* num_rparam */
+ &rdata, /* rdata */
+ 0, /* min_rdata */
+ &rdrcnt); /* num_rdata */
+ if (!NT_STATUS_IS_OK(status)) {
+ cli->raw_status = status;
+ return status;
+ }
+
+ result_code = SVAL(rparam, 0);
+
+ TALLOC_FREE(rparam);
+ TALLOC_FREE(rdata);
+
+ if (result_code == ERRnosuchprintjob) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ cli->raw_status = NT_STATUS_INVALID_PARAMETER;
+ }
+
+ return status;
+}
diff --git a/source3/libsmb/cliquota.c b/source3/libsmb/cliquota.c
new file mode 100644
index 0000000..0c41272
--- /dev/null
+++ b/source3/libsmb/cliquota.c
@@ -0,0 +1,696 @@
+/*
+ Unix SMB/CIFS implementation.
+ client quota functions
+ Copyright (C) Stefan (metze) Metzmacher 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../librpc/gen_ndr/ndr_security.h"
+#include "fake_file.h"
+#include "../libcli/security/security.h"
+#include "trans2.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "librpc/gen_ndr/ndr_quota.h"
+
+NTSTATUS cli_get_quota_handle(struct cli_state *cli, uint16_t *quota_fnum)
+{
+ return cli_ntcreate(cli, FAKE_FILE_NAME_QUOTA_WIN32,
+ 0x00000016, DESIRED_ACCESS_PIPE,
+ 0x00000000, FILE_SHARE_READ|FILE_SHARE_WRITE,
+ FILE_OPEN, 0x00000000, 0x03, quota_fnum, NULL);
+}
+
+void free_ntquota_list(SMB_NTQUOTA_LIST **qt_list)
+{
+ if (!qt_list || !*qt_list) {
+ return;
+ }
+
+ if ((*qt_list)->mem_ctx)
+ talloc_destroy((*qt_list)->mem_ctx);
+
+ (*qt_list) = NULL;
+
+ return;
+}
+
+bool add_record_to_ntquota_list(TALLOC_CTX *mem_ctx,
+ SMB_NTQUOTA_STRUCT *pqt,
+ SMB_NTQUOTA_LIST **pqt_list)
+{
+ SMB_NTQUOTA_LIST *tmp_list_ent;
+
+ if ((tmp_list_ent = talloc_zero(mem_ctx, SMB_NTQUOTA_LIST)) == NULL) {
+ return false;
+ }
+
+ if ((tmp_list_ent->quotas = talloc_zero(mem_ctx, SMB_NTQUOTA_STRUCT)) ==
+ NULL) {
+ return false;
+ }
+
+ *tmp_list_ent->quotas = *pqt;
+ tmp_list_ent->mem_ctx = mem_ctx;
+
+ DLIST_ADD((*pqt_list), tmp_list_ent);
+
+ return true;
+}
+
+bool parse_user_quota_record(const uint8_t *rdata,
+ unsigned int rdata_count,
+ unsigned int *offset,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ struct file_quota_information info = {0};
+ TALLOC_CTX *frame = talloc_stackframe();
+ DATA_BLOB blob;
+ enum ndr_err_code err;
+ bool result = false;
+
+ blob.data = discard_const_p(uint8_t, rdata);
+ blob.length = rdata_count;
+ err = ndr_pull_struct_blob(
+ &blob,
+ frame,
+ &info,
+ (ndr_pull_flags_fn_t)ndr_pull_file_quota_information);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ goto out;
+ }
+
+ *offset = info.next_entry_offset;
+
+ ZERO_STRUCTP(pqt);
+ pqt->usedspace = info.quota_used;
+
+ pqt->softlim = info.quota_threshold;
+
+ pqt->hardlim = info.quota_limit;
+
+ pqt->qtype = SMB_USER_QUOTA_TYPE;
+ pqt->sid = info.sid;
+ result = true;
+out:
+ TALLOC_FREE(frame);
+ return result;
+}
+
+NTSTATUS parse_user_quota_list(const uint8_t *curdata,
+ uint32_t curdata_count,
+ TALLOC_CTX *mem_ctx,
+ SMB_NTQUOTA_LIST **pqt_list)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ unsigned offset;
+ SMB_NTQUOTA_STRUCT qt;
+
+ while (true) {
+ ZERO_STRUCT(qt);
+ if (!parse_user_quota_record(curdata, curdata_count, &offset,
+ &qt)) {
+ DEBUG(1, ("Failed to parse the quota record\n"));
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ break;
+ }
+
+ if (offset > curdata_count) {
+ DEBUG(1, ("out of bounds offset in quota record\n"));
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ break;
+ }
+
+ if (curdata + offset < curdata) {
+ DEBUG(1, ("Pointer overflow in quota record\n"));
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ break;
+ }
+
+ if (!add_record_to_ntquota_list(mem_ctx, &qt, pqt_list)) {
+ status = NT_STATUS_NO_MEMORY;
+ break;
+ }
+
+ curdata += offset;
+ curdata_count -= offset;
+
+ if (offset == 0) {
+ break;
+ }
+ }
+
+ return status;
+}
+
+NTSTATUS parse_fs_quota_buffer(const uint8_t *rdata,
+ unsigned int rdata_count,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ SMB_NTQUOTA_STRUCT qt;
+
+ ZERO_STRUCT(qt);
+
+ if (rdata_count < 48) {
+ /* minimum length is not enforced by SMB2 client.
+ */
+ DEBUG(1, ("small returned fs quota buffer\n"));
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ /* unknown_1 24 NULL bytes in pdata*/
+
+ /* the soft quotas 8 bytes (uint64_t)*/
+ qt.softlim = BVAL(rdata, 24);
+
+ /* the hard quotas 8 bytes (uint64_t)*/
+ qt.hardlim = BVAL(rdata, 32);
+
+ /* quota_flags 2 bytes **/
+ qt.qflags = SVAL(rdata, 40);
+
+ qt.qtype = SMB_USER_FS_QUOTA_TYPE;
+
+ *pqt = qt;
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS build_user_quota_buffer(SMB_NTQUOTA_LIST *qt_list,
+ uint32_t maxlen,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *outbuf,
+ SMB_NTQUOTA_LIST **end_ptr)
+{
+ return fill_quota_buffer(mem_ctx,
+ qt_list,
+ false,
+ maxlen,
+ outbuf,
+ end_ptr);
+}
+
+NTSTATUS build_fs_quota_buffer(TALLOC_CTX *mem_ctx,
+ const SMB_NTQUOTA_STRUCT *pqt,
+ DATA_BLOB *blob,
+ uint32_t maxlen)
+{
+ uint8_t *buf;
+
+ if (maxlen > 0 && maxlen < 48) {
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+
+ *blob = data_blob_talloc_zero(mem_ctx, 48);
+
+ if (!blob->data) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ buf = blob->data;
+
+ /* Unknown1 24 NULL bytes*/
+ SBIG_UINT(buf, 0, (uint64_t)0);
+ SBIG_UINT(buf, 8, (uint64_t)0);
+ SBIG_UINT(buf, 16, (uint64_t)0);
+
+ /* Default Soft Quota 8 bytes */
+ SBIG_UINT(buf, 24, pqt->softlim);
+
+ /* Default Hard Quota 8 bytes */
+ SBIG_UINT(buf, 32, pqt->hardlim);
+
+ /* Quota flag 4 bytes */
+ SIVAL(buf, 40, pqt->qflags);
+
+ /* 4 padding bytes */
+ SIVAL(buf, 44, 0);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_get_user_quota(struct cli_state *cli, int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ uint16_t setup[1];
+ uint8_t *rparam = NULL, *rdata = NULL;
+ uint32_t rparam_count, rdata_count;
+ unsigned int sid_len;
+ unsigned int offset;
+ struct nttrans_query_quota_params get_quota = {0};
+ struct file_get_quota_info info = {0};
+ enum ndr_err_code err;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ DATA_BLOB data_blob = data_blob_null;
+ DATA_BLOB param_blob = data_blob_null;
+
+ if (!cli||!pqt) {
+ smb_panic("cli_get_user_quota() called with NULL Pointer!");
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ TALLOC_FREE(frame);
+ return cli_smb2_get_user_quota(cli, quota_fnum, pqt);
+ }
+
+ get_quota.fid = quota_fnum;
+ get_quota.return_single_entry = 1;
+ get_quota.restart_scan = 0;
+
+ sid_len = ndr_size_dom_sid(&pqt->sid, 0);
+
+ info.next_entry_offset = 0;
+ info.sid_length = sid_len;
+ info.sid = pqt->sid;
+
+ err = ndr_push_struct_blob(
+ &data_blob,
+ frame,
+ &info,
+ (ndr_push_flags_fn_t)ndr_push_file_get_quota_info);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ }
+
+ get_quota.sid_list_length = data_blob.length;
+ get_quota.start_sid_offset = data_blob.length;
+
+ err = ndr_push_struct_blob(
+ &param_blob,
+ frame,
+ &get_quota,
+ (ndr_push_flags_fn_t)ndr_push_nttrans_query_quota_params);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto out;
+ }
+
+ status = cli_trans(talloc_tos(), cli, SMBnttrans,
+ NULL, -1, /* name, fid */
+ NT_TRANSACT_GET_USER_QUOTA, 0,
+ setup, 1, 0, /* setup */
+ param_blob.data, param_blob.length, 4, /* params */
+ data_blob.data, data_blob.length, 112, /* data */
+ NULL, /* recv_flags2 */
+ NULL, 0, NULL, /* rsetup */
+ &rparam, 4, &rparam_count,
+ &rdata, 8, &rdata_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("NT_TRANSACT_GET_USER_QUOTA failed: %s\n",
+ nt_errstr(status)));
+ goto out;
+ }
+
+ if (!parse_user_quota_record(rdata, rdata_count, &offset, pqt)) {
+ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ DEBUG(0,("Got INVALID NT_TRANSACT_GET_USER_QUOTA reply.\n"));
+ }
+
+out:
+ TALLOC_FREE(rparam);
+ TALLOC_FREE(rdata);
+ TALLOC_FREE(frame);
+ return status;
+}
+
+NTSTATUS
+cli_set_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST *qtl)
+{
+ uint16_t setup[1];
+ uint8_t params[2];
+ DATA_BLOB data = data_blob_null;
+ NTSTATUS status;
+
+ if (!cli || !qtl) {
+ smb_panic("cli_set_user_quota() called with NULL Pointer!");
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_set_user_quota(cli, quota_fnum, qtl);
+ }
+
+ status = build_user_quota_buffer(qtl, 0, talloc_tos(), &data, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * smb1 doesn't send NT_STATUS_NO_MORE_ENTRIES so swallow
+ * this status.
+ */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+ goto cleanup;
+ }
+ }
+
+ SSVAL(setup + 0, 0, NT_TRANSACT_SET_USER_QUOTA);
+
+ SSVAL(params,0,quota_fnum);
+
+ status = cli_trans(talloc_tos(), cli, SMBnttrans,
+ NULL, -1, /* name, fid */
+ NT_TRANSACT_SET_USER_QUOTA, 0,
+ setup, 1, 0, /* setup */
+ params, 2, 0, /* params */
+ data.data, data.length, 0, /* data */
+ NULL, /* recv_flags2 */
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL, /* rparams */
+ NULL, 0, NULL); /* rdata */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("NT_TRANSACT_SET_USER_QUOTA failed: %s\n",
+ nt_errstr(status)));
+ }
+
+cleanup:
+ data_blob_free(&data);
+ return status;
+}
+
+static NTSTATUS cli_list_user_quota_step(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ int quota_fnum,
+ SMB_NTQUOTA_LIST **pqt_list,
+ bool first)
+{
+ uint16_t setup[1];
+ DATA_BLOB params_blob = data_blob_null;
+ uint8_t *rparam=NULL, *rdata=NULL;
+ uint32_t rparam_count=0, rdata_count=0;
+ NTSTATUS status;
+ struct nttrans_query_quota_params quota_params = {0};
+ enum ndr_err_code err;
+
+ TALLOC_CTX *frame = NULL;
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_list_user_quota_step(cli, mem_ctx, quota_fnum,
+ pqt_list, first);
+ }
+ frame = talloc_stackframe();
+
+ SSVAL(setup + 0, 0, NT_TRANSACT_GET_USER_QUOTA);
+
+ quota_params.fid = quota_fnum;
+ if (first) {
+ quota_params.restart_scan = 1;
+ }
+ err = ndr_push_struct_blob(
+ &params_blob,
+ frame,
+ &quota_params,
+ (ndr_push_flags_fn_t)ndr_push_nttrans_query_quota_params);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto cleanup;
+ }
+
+ status = cli_trans(talloc_tos(), cli, SMBnttrans,
+ NULL, -1, /* name, fid */
+ NT_TRANSACT_GET_USER_QUOTA, 0,
+ setup, 1, 0, /* setup */
+ params_blob.data, params_blob.length, 4, /* params */
+ NULL, 0, 2048, /* data */
+ NULL, /* recv_flags2 */
+ NULL, 0, NULL, /* rsetup */
+ &rparam, 0, &rparam_count,
+ &rdata, 0, &rdata_count);
+
+ /* compat. with smbd + safeguard against
+ * endless loop
+ */
+ if (NT_STATUS_IS_OK(status) && rdata_count == 0) {
+ status = NT_STATUS_NO_MORE_ENTRIES;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto cleanup;
+ }
+
+ status = parse_user_quota_list(rdata, rdata_count, mem_ctx, pqt_list);
+
+cleanup:
+ TALLOC_FREE(rparam);
+ TALLOC_FREE(rdata);
+ TALLOC_FREE(frame);
+
+ return status;
+}
+
+NTSTATUS cli_list_user_quota(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_LIST **pqt_list)
+{
+ NTSTATUS status;
+ TALLOC_CTX *mem_ctx = NULL;
+ bool first = true;
+
+ if (!cli || !pqt_list) {
+ smb_panic("cli_list_user_quota() called with NULL Pointer!");
+ }
+
+ *pqt_list = NULL;
+
+ if ((mem_ctx = talloc_init("SMB_USER_QUOTA_LIST")) == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ do {
+ status = cli_list_user_quota_step(cli, mem_ctx, quota_fnum,
+ pqt_list, first);
+ first = false;
+ } while (NT_STATUS_IS_OK(status));
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+ status = NT_STATUS_OK;
+ }
+
+ if (!NT_STATUS_IS_OK(status) || *pqt_list == NULL) {
+ TALLOC_FREE(mem_ctx);
+ }
+
+ return status;
+}
+
+NTSTATUS cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ uint16_t setup[1];
+ uint8_t param[2];
+ uint8_t *rdata=NULL;
+ uint32_t rdata_count=0;
+ NTSTATUS status;
+
+ if (!cli||!pqt) {
+ smb_panic("cli_get_fs_quota_info() called with NULL Pointer!");
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_get_fs_quota_info(cli, quota_fnum, pqt);
+ }
+
+ SSVAL(setup + 0, 0, TRANSACT2_QFSINFO);
+
+ SSVAL(param,0,SMB_FS_QUOTA_INFORMATION);
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans2,
+ NULL, -1, /* name, fid */
+ 0, 0, /* function, flags */
+ setup, 1, 0, /* setup */
+ param, 2, 0, /* param */
+ NULL, 0, 560, /* data */
+ NULL, /* recv_flags2 */
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL, /* rparam */
+ &rdata, 48, &rdata_count);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("SMB_FS_QUOTA_INFORMATION failed: %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ status = parse_fs_quota_buffer(rdata, rdata_count, pqt);
+
+ TALLOC_FREE(rdata);
+ return status;
+}
+
+NTSTATUS cli_set_fs_quota_info(struct cli_state *cli, int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt)
+{
+ uint16_t setup[1];
+ uint8_t param[4];
+ DATA_BLOB data = data_blob_null;
+ NTSTATUS status;
+
+ if (!cli||!pqt) {
+ smb_panic("cli_set_fs_quota_info() called with NULL Pointer!");
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_set_fs_quota_info(cli, quota_fnum, pqt);
+ }
+
+ status = build_fs_quota_buffer(talloc_tos(), pqt, &data, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ SSVAL(setup + 0, 0,TRANSACT2_SETFSINFO);
+
+ SSVAL(param,0,quota_fnum);
+ SSVAL(param,2,SMB_FS_QUOTA_INFORMATION);
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans2,
+ NULL, -1, /* name, fid */
+ 0, 0, /* function, flags */
+ setup, 1, 0, /* setup */
+ param, 4, 0, /* param */
+ data.data, data.length, 0, /* data */
+ NULL, /* recv_flags2 */
+ NULL, 0, NULL, /* rsetup */
+ NULL, 0, NULL, /* rparam */
+ NULL, 0, NULL); /* rdata */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("SMB_FS_QUOTA_INFORMATION failed: %s\n",
+ nt_errstr(status)));
+ }
+
+ return status;
+}
+
+NTSTATUS fill_quota_buffer(TALLOC_CTX *mem_ctx,
+ SMB_NTQUOTA_LIST *qlist,
+ bool return_single,
+ uint32_t max_data,
+ DATA_BLOB *blob,
+ SMB_NTQUOTA_LIST **end_ptr)
+{
+ ndr_flags_type ndr_flags = NDR_SCALARS | NDR_BUFFERS;
+ struct ndr_push *qndr = NULL;
+ uint32_t start_offset = 0;
+ uint32_t padding = 0;
+ if (qlist == NULL) {
+ /* We must push at least one. */
+ return NT_STATUS_NO_MORE_ENTRIES;
+ }
+
+ qndr = ndr_push_init_ctx(mem_ctx);
+ if (qndr == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (;qlist != NULL; qlist = qlist->next) {
+ struct file_quota_information info = {0};
+ enum ndr_err_code err;
+ uint32_t dsize = sizeof(info.next_entry_offset)
+ + sizeof(info.sid_length)
+ + sizeof(info.change_time)
+ + sizeof(info.quota_used)
+ + sizeof(info.quota_threshold)
+ + sizeof(info.quota_limit);
+
+
+ info.sid_length = ndr_size_dom_sid(&qlist->quotas->sid, 0);
+
+ if (max_data) {
+ uint32_t curr_pos_no_padding = qndr->offset - padding;
+ uint32_t payload = dsize + info.sid_length;
+ uint32_t new_pos = (curr_pos_no_padding + payload);
+ if (new_pos < curr_pos_no_padding) {
+ /* Detect unlikely integer wrap */
+ DBG_ERR("Integer wrap while adjusting pos "
+ "0x%x by offset 0x%x\n",
+ curr_pos_no_padding, payload);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (new_pos > max_data) {
+ DBG_WARNING("Max data will be exceeded "
+ "writing next query info. "
+ "cur_pos 0x%x, sid_length 0x%x, "
+ "dsize 0x%x, max_data 0x%x\n",
+ curr_pos_no_padding,
+ info.sid_length,
+ dsize,
+ max_data);
+ break;
+ }
+ }
+
+ start_offset = qndr->offset;
+ info.sid = qlist->quotas->sid;
+ info.quota_used = qlist->quotas->usedspace;
+ info.quota_threshold = qlist->quotas->softlim;
+ info.quota_limit = qlist->quotas->hardlim;
+
+ err = ndr_push_file_quota_information(qndr,
+ ndr_flags,
+ &info);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ DBG_DEBUG("Failed to push the quota sid\n");
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ /* pidl will align to 8 bytes due to 8 byte members*/
+ /* Remember how much align padding we've used. */
+ padding = qndr->offset;
+
+ err = ndr_push_align(qndr, 8);
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ DBG_DEBUG("ndr_push_align returned %s\n",
+ ndr_map_error2string(err));
+ return ndr_map_error2ntstatus(err);
+ }
+
+ padding = qndr->offset - padding;
+
+ /*
+ * Overwrite next_entry_offset for this entry now
+ * we know what it should be. We know we're using
+ * LIBNDR_FLAG_LITTLE_ENDIAN here so we can use
+ * SIVAL.
+ */
+ info.next_entry_offset = qndr->offset - start_offset;
+ SIVAL(qndr->data, start_offset, info.next_entry_offset);
+
+ if (return_single) {
+ break;
+ }
+ }
+
+ if (end_ptr != NULL) {
+ *end_ptr = qlist;
+ }
+
+ /* Remove the padding alignment on the last element pushed. */
+ blob->length = qndr->offset - padding;
+ blob->data = qndr->data;
+
+ /*
+ * Terminate the pushed array by setting next_entry_offset
+ * for the last element to zero.
+ */
+ if (blob->length >= sizeof(uint32_t)) {
+ SIVAL(qndr->data, start_offset, 0);
+ }
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
new file mode 100644
index 0000000..21ee346
--- /dev/null
+++ b/source3/libsmb/clirap.c
@@ -0,0 +1,1853 @@
+/*
+ Unix SMB/CIFS implementation.
+ client RAP calls
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Gerald (Jerry) Carter 2004
+ Copyright (C) James Peach 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "../librpc/gen_ndr/rap.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "libsmb/libsmb.h"
+#include "libsmb/clirap.h"
+#include "trans2.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "libcli/smb/reparse.h"
+#include "cli_smb2_fnum.h"
+#include "lib/util/string_wrappers.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#define PIPE_LANMAN "\\PIPE\\LANMAN"
+
+/****************************************************************************
+ Call a remote api
+****************************************************************************/
+
+bool cli_api(struct cli_state *cli,
+ char *param, int prcnt, int mprcnt,
+ char *data, int drcnt, int mdrcnt,
+ char **rparam, unsigned int *rprcnt,
+ char **rdata, unsigned int *rdrcnt)
+{
+ NTSTATUS status;
+
+ uint8_t *my_rparam, *my_rdata;
+ uint32_t num_my_rparam, num_my_rdata;
+
+ status = cli_trans(talloc_tos(), cli, SMBtrans,
+ PIPE_LANMAN, 0, /* name, fid */
+ 0, 0, /* function, flags */
+ NULL, 0, 0, /* setup */
+ (uint8_t *)param, prcnt, mprcnt, /* Params, length, max */
+ (uint8_t *)data, drcnt, mdrcnt, /* Data, length, max */
+ NULL, /* recv_flags2 */
+ NULL, 0, NULL, /* rsetup */
+ &my_rparam, 0, &num_my_rparam,
+ &my_rdata, 0, &num_my_rdata);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ /*
+ * I know this memcpy massively hurts, but there are just tons
+ * of callers of cli_api that eventually need changing to
+ * talloc
+ */
+
+ *rparam = (char *)smb_memdup(my_rparam, num_my_rparam);
+ if (*rparam == NULL) {
+ goto fail;
+ }
+ *rprcnt = num_my_rparam;
+ TALLOC_FREE(my_rparam);
+
+ *rdata = (char *)smb_memdup(my_rdata, num_my_rdata);
+ if (*rdata == NULL) {
+ goto fail;
+ }
+ *rdrcnt = num_my_rdata;
+ TALLOC_FREE(my_rdata);
+
+ return true;
+fail:
+ TALLOC_FREE(my_rdata);
+ TALLOC_FREE(my_rparam);
+ *rparam = NULL;
+ *rprcnt = 0;
+ *rdata = NULL;
+ *rdrcnt = 0;
+ return false;
+}
+
+/****************************************************************************
+ Call a NetShareEnum - try and browse available connections on a host.
+****************************************************************************/
+
+int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32_t, const char *, void *), void *state)
+{
+ char *rparam = NULL;
+ char *rdata = NULL;
+ char *p;
+ unsigned int rdrcnt,rprcnt;
+ char param[1024];
+ int count = -1;
+ bool ok;
+ int res;
+
+ /* now send a SMBtrans command with api RNetShareEnum */
+ p = param;
+ SSVAL(p,0,0); /* api number */
+ p += 2;
+ strlcpy(p,"WrLeh",sizeof(param)-PTR_DIFF(p,param));
+ p = skip_string(param,sizeof(param),p);
+ strlcpy(p,"B13BWz",sizeof(param)-PTR_DIFF(p,param));
+ p = skip_string(param,sizeof(param),p);
+ SSVAL(p,0,1);
+ /*
+ * Win2k needs a *smaller* buffer than 0xFFFF here -
+ * it returns "out of server memory" with 0xFFFF !!! JRA.
+ */
+ SSVAL(p,2,0xFFE0);
+ p += 4;
+
+ ok = cli_api(
+ cli,
+ param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */
+ NULL, 0, 0xFFE0, /* data, length, maxlen - Win2k needs a small buffer here too ! */
+ &rparam, &rprcnt, /* return params, length */
+ &rdata, &rdrcnt); /* return data, length */
+ if (!ok) {
+ DEBUG(4,("NetShareEnum failed\n"));
+ goto done;
+ }
+
+ if (rprcnt < 6) {
+ DBG_ERR("Got invalid result: rprcnt=%u\n", rprcnt);
+ goto done;
+ }
+
+ res = rparam? SVAL(rparam,0) : -1;
+
+ if (res == 0 || res == ERRmoredata) {
+ int converter=SVAL(rparam,2);
+ int i;
+ char *rdata_end = rdata + rdrcnt;
+
+ count=SVAL(rparam,4);
+ p = rdata;
+
+ for (i=0;i<count;i++,p+=20) {
+ char *sname;
+ int type;
+ int comment_offset;
+ const char *cmnt;
+ const char *p1;
+ char *s1, *s2;
+ size_t len;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (p + 20 > rdata_end) {
+ TALLOC_FREE(frame);
+ break;
+ }
+
+ sname = p;
+ type = SVAL(p,14);
+ comment_offset = (IVAL(p,16) & 0xFFFF) - converter;
+ if (comment_offset < 0 ||
+ comment_offset > (int)rdrcnt) {
+ TALLOC_FREE(frame);
+ break;
+ }
+ cmnt = comment_offset?(rdata+comment_offset):"";
+
+ /* Work out the comment length. */
+ for (p1 = cmnt, len = 0; *p1 &&
+ p1 < rdata_end; len++)
+ p1++;
+ if (!*p1) {
+ len++;
+ }
+ pull_string_talloc(frame,rdata,0,
+ &s1,sname,14,STR_ASCII);
+ pull_string_talloc(frame,rdata,0,
+ &s2,cmnt,len,STR_ASCII);
+ if (!s1 || !s2) {
+ TALLOC_FREE(frame);
+ continue;
+ }
+
+ fn(s1, type, s2, state);
+
+ TALLOC_FREE(frame);
+ }
+ } else {
+ DEBUG(4,("NetShareEnum res=%d\n", res));
+ }
+
+done:
+ SAFE_FREE(rparam);
+ SAFE_FREE(rdata);
+
+ return count;
+}
+
+/****************************************************************************
+ Call a NetServerEnum for the specified workgroup and servertype mask. This
+ function then calls the specified callback function for each name returned.
+
+ The callback function takes 4 arguments: the machine name, the server type,
+ the comment and a state pointer.
+****************************************************************************/
+
+bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype,
+ void (*fn)(const char *, uint32_t, const char *, void *),
+ void *state)
+{
+ char *rparam = NULL;
+ char *rdata = NULL;
+ char *rdata_end = NULL;
+ unsigned int rdrcnt,rprcnt;
+ char *p;
+ char param[1024];
+ int uLevel = 1;
+ size_t len;
+ uint32_t func = RAP_NetServerEnum2;
+ char *last_entry = NULL;
+ int total_cnt = 0;
+ int return_cnt = 0;
+ int res;
+
+ errno = 0; /* reset */
+
+ /*
+ * This may take more than one transaction, so we should loop until
+ * we no longer get a more data to process or we have all of the
+ * items.
+ */
+ do {
+ /* send a SMBtrans command with api NetServerEnum */
+ p = param;
+ SIVAL(p,0,func); /* api number */
+ p += 2;
+
+ if (func == RAP_NetServerEnum3) {
+ strlcpy(p,"WrLehDzz", sizeof(param)-PTR_DIFF(p,param));
+ } else {
+ strlcpy(p,"WrLehDz", sizeof(param)-PTR_DIFF(p,param));
+ }
+
+ p = skip_string(param, sizeof(param), p);
+ strlcpy(p,"B16BBDz", sizeof(param)-PTR_DIFF(p,param));
+
+ p = skip_string(param, sizeof(param), p);
+ SSVAL(p,0,uLevel);
+ SSVAL(p,2,CLI_BUFFER_SIZE);
+ p += 4;
+ SIVAL(p,0,stype);
+ p += 4;
+
+ /* If we have more data, tell the server where
+ * to continue from.
+ */
+ len = push_ascii(p,
+ workgroup,
+ sizeof(param) - PTR_DIFF(p,param) - 1,
+ STR_TERMINATE|STR_UPPER);
+
+ if (len == 0) {
+ SAFE_FREE(last_entry);
+ return false;
+ }
+ p += len;
+
+ if (func == RAP_NetServerEnum3) {
+ len = push_ascii(p,
+ last_entry ? last_entry : "",
+ sizeof(param) - PTR_DIFF(p,param) - 1,
+ STR_TERMINATE);
+
+ if (len == 0) {
+ SAFE_FREE(last_entry);
+ return false;
+ }
+ p += len;
+ }
+
+ /* Next time through we need to use the continue api */
+ func = RAP_NetServerEnum3;
+
+ if (!cli_api(cli,
+ param, PTR_DIFF(p,param), 8, /* params, length, max */
+ NULL, 0, CLI_BUFFER_SIZE, /* data, length, max */
+ &rparam, &rprcnt, /* return params, return size */
+ &rdata, &rdrcnt)) { /* return data, return size */
+
+ /* break out of the loop on error */
+ res = -1;
+ break;
+ }
+
+ rdata_end = rdata + rdrcnt;
+
+ if (rprcnt < 6) {
+ DBG_ERR("Got invalid result: rprcnt=%u\n", rprcnt);
+ res = -1;
+ break;
+ }
+
+ res = rparam ? SVAL(rparam,0) : -1;
+
+ if (res == 0 || res == ERRmoredata ||
+ (res != -1 && cli_errno(cli) == 0)) {
+ char *sname = NULL;
+ int i, count;
+ int converter=SVAL(rparam,2);
+
+ /* Get the number of items returned in this buffer */
+ count = SVAL(rparam, 4);
+
+ /* The next field contains the number of items left,
+ * including those returned in this buffer. So the
+ * first time through this should contain all of the
+ * entries.
+ */
+ if (total_cnt == 0) {
+ total_cnt = SVAL(rparam, 6);
+ }
+
+ /* Keep track of how many we have read */
+ return_cnt += count;
+ p = rdata;
+
+ /* The last name in the previous NetServerEnum reply is
+ * sent back to server in the NetServerEnum3 request
+ * (last_entry). The next reply should repeat this entry
+ * as the first element. We have no proof that this is
+ * always true, but from traces that seems to be the
+ * behavior from Window Servers. So first lets do a lot
+ * of checking, just being paranoid. If the string
+ * matches then we already saw this entry so skip it.
+ *
+ * NOTE: sv1_name field must be null terminated and has
+ * a max size of 16 (NetBIOS Name).
+ */
+ if (last_entry && count && p &&
+ (strncmp(last_entry, p, 16) == 0)) {
+ count -= 1; /* Skip this entry */
+ return_cnt = -1; /* Not part of total, so don't count. */
+ p = rdata + 26; /* Skip the whole record */
+ }
+
+ for (i = 0; i < count; i++, p += 26) {
+ int comment_offset;
+ const char *cmnt;
+ const char *p1;
+ char *s1, *s2;
+ TALLOC_CTX *frame = talloc_stackframe();
+ uint32_t entry_stype;
+
+ if (p + 26 > rdata_end) {
+ TALLOC_FREE(frame);
+ break;
+ }
+
+ sname = p;
+ comment_offset = (IVAL(p,22) & 0xFFFF)-converter;
+ cmnt = comment_offset?(rdata+comment_offset):"";
+
+ if (comment_offset < 0 || comment_offset >= (int)rdrcnt) {
+ TALLOC_FREE(frame);
+ continue;
+ }
+
+ /* Work out the comment length. */
+ for (p1 = cmnt, len = 0; *p1 &&
+ p1 < rdata_end; len++)
+ p1++;
+ if (!*p1) {
+ len++;
+ }
+
+ entry_stype = IVAL(p,18) & ~SV_TYPE_LOCAL_LIST_ONLY;
+
+ pull_string_talloc(frame,rdata,0,
+ &s1,sname,16,STR_ASCII);
+ pull_string_talloc(frame,rdata,0,
+ &s2,cmnt,len,STR_ASCII);
+
+ if (!s1 || !s2) {
+ TALLOC_FREE(frame);
+ continue;
+ }
+
+ fn(s1, entry_stype, s2, state);
+ TALLOC_FREE(frame);
+ }
+
+ /* We are done with the old last entry, so now we can free it */
+ if (last_entry) {
+ SAFE_FREE(last_entry); /* This will set it to null */
+ }
+
+ /* We always make a copy of the last entry if we have one */
+ if (sname) {
+ last_entry = smb_xstrdup(sname);
+ }
+
+ /* If we have more data, but no last entry then error out */
+ if (!last_entry && (res == ERRmoredata)) {
+ errno = EINVAL;
+ res = 0;
+ }
+
+ }
+
+ SAFE_FREE(rparam);
+ SAFE_FREE(rdata);
+ } while ((res == ERRmoredata) && (total_cnt > return_cnt));
+
+ SAFE_FREE(rparam);
+ SAFE_FREE(rdata);
+ SAFE_FREE(last_entry);
+
+ if (res == -1) {
+ errno = cli_errno(cli);
+ } else {
+ if (!return_cnt) {
+ /* this is a very special case, when the domain master for the
+ work group isn't part of the work group itself, there is something
+ wild going on */
+ errno = ENOENT;
+ }
+ }
+
+ return(return_cnt > 0);
+}
+
+/****************************************************************************
+ Send a SamOEMChangePassword command.
+****************************************************************************/
+
+bool cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password,
+ const char *old_password)
+{
+ char param[1024];
+ unsigned char data[532];
+ char *p = param;
+ unsigned char old_pw_hash[16];
+ unsigned char new_pw_hash[16];
+ unsigned int data_len;
+ unsigned int param_len = 0;
+ char *rparam = NULL;
+ char *rdata = NULL;
+ unsigned int rprcnt, rdrcnt;
+ gnutls_cipher_hd_t cipher_hnd = NULL;
+ gnutls_datum_t old_pw_key = {
+ .data = old_pw_hash,
+ .size = sizeof(old_pw_hash),
+ };
+ int rc;
+
+ if (strlen(user) >= sizeof(fstring)-1) {
+ DEBUG(0,("cli_oem_change_password: user name %s is too long.\n", user));
+ return False;
+ }
+
+ SSVAL(p,0,214); /* SamOEMChangePassword command. */
+ p += 2;
+ strlcpy(p, "zsT", sizeof(param)-PTR_DIFF(p,param));
+ p = skip_string(param,sizeof(param),p);
+ strlcpy(p, "B516B16", sizeof(param)-PTR_DIFF(p,param));
+ p = skip_string(param,sizeof(param),p);
+ strlcpy(p,user, sizeof(param)-PTR_DIFF(p,param));
+ p = skip_string(param,sizeof(param),p);
+ SSVAL(p,0,532);
+ p += 2;
+
+ param_len = PTR_DIFF(p,param);
+
+ /*
+ * Get the Lanman hash of the old password, we
+ * use this as the key to make_oem_passwd_hash().
+ */
+ E_deshash(old_password, old_pw_hash);
+
+ encode_pw_buffer(data, new_password, STR_ASCII);
+
+#ifdef DEBUG_PASSWORD
+ DEBUG(100,("make_oem_passwd_hash\n"));
+ dump_data(100, data, 516);
+#endif
+ rc = gnutls_cipher_init(&cipher_hnd,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ &old_pw_key,
+ NULL);
+ if (rc < 0) {
+ DBG_ERR("gnutls_cipher_init failed: %s\n",
+ gnutls_strerror(rc));
+ return false;
+ }
+ rc = gnutls_cipher_encrypt(cipher_hnd,
+ data,
+ 516);
+ gnutls_cipher_deinit(cipher_hnd);
+ if (rc < 0) {
+ return false;
+ }
+
+ /*
+ * Now place the old password hash in the data.
+ */
+ E_deshash(new_password, new_pw_hash);
+
+ rc = E_old_pw_hash( new_pw_hash, old_pw_hash, (uchar *)&data[516]);
+ if (rc != 0) {
+ DBG_ERR("E_old_pw_hash failed: %s\n", gnutls_strerror(rc));
+ return false;
+ }
+
+ data_len = 532;
+
+ if (!cli_api(cli,
+ param, param_len, 4, /* param, length, max */
+ (char *)data, data_len, 0, /* data, length, max */
+ &rparam, &rprcnt,
+ &rdata, &rdrcnt)) {
+ DEBUG(0,("cli_oem_change_password: Failed to send password change for user %s\n",
+ user ));
+ return False;
+ }
+
+ if (rdrcnt < 2) {
+ cli->rap_error = ERRbadformat;
+ goto done;
+ }
+
+ if (rparam) {
+ cli->rap_error = SVAL(rparam,0);
+ }
+
+done:
+ SAFE_FREE(rparam);
+ SAFE_FREE(rdata);
+
+ return (cli->rap_error == 0);
+}
+
+static void prep_basic_information_buf(
+ uint8_t buf[40],
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint32_t attr)
+{
+ char *p = (char *)buf;
+ /*
+ * Add the create, last access, modification, and status change times
+ */
+ put_long_date_full_timespec(
+ TIMESTAMP_SET_NT_OR_BETTER, p, &create_time);
+ p += 8;
+
+ put_long_date_full_timespec(
+ TIMESTAMP_SET_NT_OR_BETTER, p, &access_time);
+ p += 8;
+
+ put_long_date_full_timespec(
+ TIMESTAMP_SET_NT_OR_BETTER, p, &write_time);
+ p += 8;
+
+ put_long_date_full_timespec(
+ TIMESTAMP_SET_NT_OR_BETTER, p, &change_time);
+ p += 8;
+
+ if (attr == (uint32_t)-1 || attr == FILE_ATTRIBUTE_NORMAL) {
+ /* No change. */
+ attr = 0;
+ } else if (attr == 0) {
+ /* Clear all existing attributes. */
+ attr = FILE_ATTRIBUTE_NORMAL;
+ }
+
+ /* Add attributes */
+ SIVAL(p, 0, attr);
+
+ p += 4;
+
+ /* Add padding */
+ SIVAL(p, 0, 0);
+ p += 4;
+
+ SMB_ASSERT(PTR_DIFF(p, buf) == 40);
+}
+
+NTSTATUS cli_setpathinfo_ext(struct cli_state *cli, const char *fname,
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint32_t attr)
+{
+ uint8_t buf[40];
+
+ prep_basic_information_buf(
+ buf,
+ create_time,
+ access_time,
+ write_time,
+ change_time,
+ attr);
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ DATA_BLOB in_data = data_blob_const(buf, sizeof(buf));
+ /*
+ * Split out SMB2 here as we need to select
+ * the correct info type and level.
+ */
+ return cli_smb2_setpathinfo(cli,
+ fname,
+ 1, /* SMB2_SETINFO_FILE */
+ SMB_FILE_BASIC_INFORMATION - 1000,
+ &in_data);
+ }
+
+ return cli_setpathinfo(
+ cli, SMB_FILE_BASIC_INFORMATION, fname, buf, sizeof(buf));
+}
+
+struct cli_setfileinfo_ext_state {
+ uint8_t data[40];
+ DATA_BLOB in_data;
+};
+
+static void cli_setfileinfo_ext_done(struct tevent_req *subreq);
+static void cli_setfileinfo_ext_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_setfileinfo_ext_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint32_t attr)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_setfileinfo_ext_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_setfileinfo_ext_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ prep_basic_information_buf(
+ state->data,
+ create_time,
+ access_time,
+ write_time,
+ change_time,
+ attr);
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ state->in_data = (DATA_BLOB) {
+ .data = state->data, .length = sizeof(state->data),
+ };
+
+ subreq = cli_smb2_set_info_fnum_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ SMB2_0_INFO_FILE,
+ SMB_FILE_BASIC_INFORMATION - 1000,
+ &state->in_data,
+ 0); /* in_additional_info */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_setfileinfo_ext_done2, req);
+ return req;
+ }
+
+ subreq = cli_setfileinfo_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ SMB_FILE_BASIC_INFORMATION,
+ state->data,
+ sizeof(state->data));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_setfileinfo_ext_done, req);
+ return req;
+}
+
+static void cli_setfileinfo_ext_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setfileinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_setfileinfo_ext_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_set_info_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_setfileinfo_ext_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_setfileinfo_ext(
+ struct cli_state *cli,
+ uint16_t fnum,
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint32_t attr)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ frame = talloc_stackframe();
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_setfileinfo_ext_send(
+ ev,
+ ev,
+ cli,
+ fnum,
+ create_time,
+ access_time,
+ write_time,
+ change_time,
+ attr);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_setfileinfo_ext_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Send a qpathinfo call with the SMB_QUERY_FILE_ALL_INFO info level.
+****************************************************************************/
+
+struct cli_qpathinfo2_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ const char *fname;
+ struct timespec create_time;
+ struct timespec access_time;
+ struct timespec write_time;
+ struct timespec change_time;
+ off_t size;
+ uint32_t attr;
+ SMB_INO_T ino;
+ mode_t mode;
+};
+
+static void cli_qpathinfo2_done2(struct tevent_req *subreq);
+static void cli_qpathinfo2_done(struct tevent_req *subreq);
+static void cli_qpathinfo2_got_reparse(struct tevent_req *subreq);
+
+struct tevent_req *cli_qpathinfo2_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_qpathinfo2_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_qpathinfo2_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->fname = fname;
+
+ state->mode = S_IFREG;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_qpathinfo_send(state,
+ ev,
+ cli,
+ fname,
+ FSCC_FILE_ALL_INFORMATION,
+ 0x60,
+ UINT16_MAX);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qpathinfo2_done2, req);
+ return req;
+ }
+ subreq = cli_qpathinfo_send(state, ev, cli, fname,
+ SMB_QUERY_FILE_ALL_INFO,
+ 68, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qpathinfo2_done, req);
+ return req;
+}
+
+static void cli_qpathinfo2_done2(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_qpathinfo2_state *state =
+ tevent_req_data(req, struct cli_qpathinfo2_state);
+ uint8_t *rdata = NULL;
+ uint32_t num_rdata;
+ NTSTATUS status;
+
+ status = cli_smb2_qpathinfo_recv(subreq, state, &rdata, &num_rdata);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->create_time = interpret_long_date(BVAL(rdata, 0x0));
+ state->access_time = interpret_long_date(BVAL(rdata, 0x8));
+ state->write_time = interpret_long_date(BVAL(rdata, 0x10));
+ state->change_time = interpret_long_date(BVAL(rdata, 0x18));
+ state->attr = PULL_LE_U32(rdata, 0x20);
+ state->size = PULL_LE_U64(rdata, 0x30);
+ state->ino = PULL_LE_U64(rdata, 0x40);
+
+ if (state->attr & FILE_ATTRIBUTE_REPARSE_POINT) {
+ subreq = cli_get_reparse_data_send(state,
+ state->ev,
+ state->cli,
+ state->fname);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_qpathinfo2_got_reparse,
+ req);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+static void cli_qpathinfo2_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qpathinfo2_state *state = tevent_req_data(
+ req, struct cli_qpathinfo2_state);
+ uint8_t *data = NULL;
+ uint32_t num_data;
+ NTSTATUS status;
+
+ status = cli_qpathinfo_recv(subreq, state, &data, &num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->create_time = interpret_long_date(BVAL(data, 0));
+ state->access_time = interpret_long_date(BVAL(data, 8));
+ state->write_time = interpret_long_date(BVAL(data, 16));
+ state->change_time = interpret_long_date(BVAL(data, 24));
+ state->attr = PULL_LE_U32(data, 32);
+ state->size = PULL_LE_U64(data, 48);
+
+ /*
+ * SMB1 qpathinfo2 uses SMB_QUERY_FILE_ALL_INFO which doesn't
+ * return an inode number (fileid). We can't change this to
+ * one of the FILE_ID info levels as only Win2003 and above
+ * support these [MS-SMB: 2.2.2.3.1] and the SMB1 code needs
+ * to support older servers.
+ */
+ state->ino = 0;
+
+ TALLOC_FREE(data);
+
+ if (state->attr & FILE_ATTRIBUTE_REPARSE_POINT) {
+ subreq = cli_get_reparse_data_send(state,
+ state->ev,
+ state->cli,
+ state->fname);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_qpathinfo2_got_reparse,
+ req);
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+static void cli_qpathinfo2_got_reparse(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_qpathinfo2_state *state =
+ tevent_req_data(req, struct cli_qpathinfo2_state);
+ uint8_t *data = NULL;
+ uint32_t num_data;
+ struct reparse_data_buffer reparse = {
+ .tag = 0,
+ };
+ NTSTATUS status;
+
+ status = cli_get_reparse_data_recv(subreq, state, &data, &num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ status = reparse_data_buffer_parse(state, &reparse, data, num_data);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_DEBUG("Ignoring unknown reparse data\n");
+ goto done;
+ }
+
+ switch (reparse.tag) {
+ case IO_REPARSE_TAG_SYMLINK:
+ state->mode = S_IFLNK;
+ break;
+ case IO_REPARSE_TAG_NFS:
+ switch (reparse.parsed.nfs.type) {
+ case NFS_SPECFILE_LNK:
+ state->mode = S_IFLNK;
+ break;
+ case NFS_SPECFILE_CHR:
+ state->mode = S_IFCHR;
+ break;
+ case NFS_SPECFILE_BLK:
+ state->mode = S_IFBLK;
+ break;
+ case NFS_SPECFILE_FIFO:
+ state->mode = S_IFIFO;
+ break;
+ case NFS_SPECFILE_SOCK:
+ state->mode = S_IFSOCK;
+ break;
+ }
+ break;
+ }
+done:
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_qpathinfo2_recv(struct tevent_req *req,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ off_t *size,
+ uint32_t *pattr,
+ SMB_INO_T *ino,
+ mode_t *mode)
+{
+ struct cli_qpathinfo2_state *state = tevent_req_data(
+ req, struct cli_qpathinfo2_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (create_time) {
+ *create_time = state->create_time;
+ }
+ if (access_time) {
+ *access_time = state->access_time;
+ }
+ if (write_time) {
+ *write_time = state->write_time;
+ }
+ if (change_time) {
+ *change_time = state->change_time;
+ }
+ if (pattr) {
+ *pattr = state->attr;
+ }
+ if (size) {
+ *size = state->size;
+ }
+ if (ino) {
+ *ino = state->ino;
+ }
+ if (mode != NULL) {
+ *mode = state->mode;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_qpathinfo2(struct cli_state *cli,
+ const char *fname,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ off_t *size,
+ uint32_t *pattr,
+ SMB_INO_T *ino,
+ mode_t *mode)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_qpathinfo2_send(frame, ev, cli, fname);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_qpathinfo2_recv(req,
+ create_time,
+ access_time,
+ write_time,
+ change_time,
+ size,
+ pattr,
+ ino,
+ mode);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Get the stream info
+****************************************************************************/
+
+struct cli_qpathinfo_streams_state {
+ uint32_t num_data;
+ uint8_t *data;
+};
+
+static void cli_qpathinfo_streams_done(struct tevent_req *subreq);
+static void cli_qpathinfo_streams_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_qpathinfo_streams_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_qpathinfo_streams_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_qpathinfo_streams_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_qpathinfo_send(state,
+ ev,
+ cli,
+ fname,
+ FSCC_FILE_STREAM_INFORMATION,
+ 0,
+ CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq,
+ cli_qpathinfo_streams_done2,
+ req);
+ return req;
+ }
+ subreq = cli_qpathinfo_send(state, ev, cli, fname,
+ SMB_FILE_STREAM_INFORMATION,
+ 0, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qpathinfo_streams_done, req);
+ return req;
+}
+
+static void cli_qpathinfo_streams_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qpathinfo_streams_state *state = tevent_req_data(
+ req, struct cli_qpathinfo_streams_state);
+ NTSTATUS status;
+
+ status = cli_qpathinfo_recv(subreq, state, &state->data,
+ &state->num_data);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_qpathinfo_streams_done2(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_qpathinfo_streams_state *state =
+ tevent_req_data(req, struct cli_qpathinfo_streams_state);
+ NTSTATUS status;
+
+ status = cli_smb2_qpathinfo_recv(subreq,
+ state,
+ &state->data,
+ &state->num_data);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_qpathinfo_streams_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams)
+{
+ struct cli_qpathinfo_streams_state *state = tevent_req_data(
+ req, struct cli_qpathinfo_streams_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (!parse_streams_blob(mem_ctx, state->data, state->num_data,
+ pnum_streams, pstreams)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_qpathinfo_streams(struct cli_state *cli, const char *fname,
+ TALLOC_CTX *mem_ctx,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_qpathinfo_streams_send(frame, ev, cli, fname);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_qpathinfo_streams_recv(req, mem_ctx, pnum_streams,
+ pstreams);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+bool parse_streams_blob(TALLOC_CTX *mem_ctx, const uint8_t *rdata,
+ size_t data_len,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams)
+{
+ unsigned int num_streams;
+ struct stream_struct *streams;
+ unsigned int ofs;
+
+ num_streams = 0;
+ streams = NULL;
+ ofs = 0;
+
+ while ((data_len > ofs) && (data_len - ofs >= 24)) {
+ uint32_t nlen, len;
+ size_t size;
+ void *vstr;
+ struct stream_struct *tmp;
+ uint8_t *tmp_buf;
+
+ tmp = talloc_realloc(mem_ctx, streams,
+ struct stream_struct,
+ num_streams+1);
+
+ if (tmp == NULL) {
+ goto fail;
+ }
+ streams = tmp;
+
+ nlen = IVAL(rdata, ofs + 0x04);
+
+ streams[num_streams].size = IVAL_TO_SMB_OFF_T(
+ rdata, ofs + 0x08);
+ streams[num_streams].alloc_size = IVAL_TO_SMB_OFF_T(
+ rdata, ofs + 0x10);
+
+ if (nlen > data_len - (ofs + 24)) {
+ goto fail;
+ }
+
+ /*
+ * We need to null-terminate src, how do I do this with
+ * convert_string_talloc??
+ */
+
+ tmp_buf = talloc_array(streams, uint8_t, nlen+2);
+ if (tmp_buf == NULL) {
+ goto fail;
+ }
+
+ memcpy(tmp_buf, rdata+ofs+24, nlen);
+ tmp_buf[nlen] = 0;
+ tmp_buf[nlen+1] = 0;
+
+ if (!convert_string_talloc(streams, CH_UTF16, CH_UNIX, tmp_buf,
+ nlen+2, &vstr, &size))
+ {
+ TALLOC_FREE(tmp_buf);
+ goto fail;
+ }
+
+ TALLOC_FREE(tmp_buf);
+ streams[num_streams].name = (char *)vstr;
+ num_streams++;
+
+ len = IVAL(rdata, ofs);
+ if (len > data_len - ofs) {
+ goto fail;
+ }
+ if (len == 0) break;
+ ofs += len;
+ }
+
+ *pnum_streams = num_streams;
+ *pstreams = streams;
+ return true;
+
+ fail:
+ TALLOC_FREE(streams);
+ return false;
+}
+
+/****************************************************************************
+ Send a qfileinfo QUERY_FILE_NAME_INFO call.
+****************************************************************************/
+
+struct cli_qfileinfo_basic_state {
+ uint32_t attr;
+ off_t size;
+ struct timespec create_time;
+ struct timespec access_time;
+ struct timespec write_time;
+ struct timespec change_time;
+ SMB_INO_T ino;
+};
+
+static void cli_qfileinfo_basic_done(struct tevent_req *subreq);
+static void cli_qfileinfo_basic_doneE(struct tevent_req *subreq);
+static void cli_qfileinfo_basic_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_qfileinfo_basic_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_qfileinfo_basic_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_qfileinfo_basic_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if ((smbXcli_conn_protocol(cli->conn) < PROTOCOL_LANMAN2) ||
+ cli->win95) {
+ /*
+ * According to
+ * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/3d9d8f3e-dc70-410d-a3fc-6f4a881e8cab
+ * SMB_COM_TRANSACTION2 used in cli_qfileinfo_send()
+ * further down was introduced with the LAN Manager
+ * 1.2 dialect, which we encode as PROTOCOL_LANMAN2.
+ *
+ * The "win95" check was introduced with commit
+ * 27e5850fd3e1c8 in 1998. Hard to check these days,
+ * but leave it in.
+ *
+ * Use a lowerlevel fallback in both cases.
+ */
+
+ subreq = cli_getattrE_send(state, ev, cli, fnum);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_qfileinfo_basic_doneE, req);
+ return req;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_query_info_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ fnum, /* fnum */
+ 1, /* in_info_type */
+ (SMB_FILE_ALL_INFORMATION - 1000), /* in_file_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ 0, /* in_additional_info */
+ 0); /* in_flags */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_qfileinfo_basic_done2, req);
+ return req;
+ }
+
+ subreq = cli_qfileinfo_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ SMB_QUERY_FILE_ALL_INFO, /* level */
+ 68, /* min_rdata */
+ CLI_BUFFER_SIZE); /* max_rdata */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qfileinfo_basic_done, req);
+ return req;
+}
+
+static void cli_qfileinfo_basic_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qfileinfo_basic_state *state = tevent_req_data(
+ req, struct cli_qfileinfo_basic_state);
+ uint8_t *rdata;
+ uint32_t num_rdata;
+ NTSTATUS status;
+
+ status = cli_qfileinfo_recv(
+ subreq, state, NULL, &rdata, &num_rdata);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->create_time = interpret_long_date(BVAL(rdata, 0));
+ state->access_time = interpret_long_date(BVAL(rdata, 8));
+ state->write_time = interpret_long_date(BVAL(rdata, 16));
+ state->change_time = interpret_long_date(BVAL(rdata, 24));
+ state->attr = PULL_LE_U32(rdata, 32);
+ state->size = PULL_LE_U64(rdata,48);
+ state->ino = PULL_LE_U32(rdata, 64);
+ TALLOC_FREE(rdata);
+
+ tevent_req_done(req);
+}
+
+static void cli_qfileinfo_basic_doneE(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qfileinfo_basic_state *state = tevent_req_data(
+ req, struct cli_qfileinfo_basic_state);
+ NTSTATUS status;
+
+ status = cli_getattrE_recv(
+ subreq,
+ &state->attr,
+ &state->size,
+ &state->change_time.tv_sec,
+ &state->access_time.tv_sec,
+ &state->write_time.tv_sec);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void cli_qfileinfo_basic_done2(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qfileinfo_basic_state *state = tevent_req_data(
+ req, struct cli_qfileinfo_basic_state);
+ DATA_BLOB outbuf = {0};
+ NTSTATUS status;
+
+ status = cli_smb2_query_info_fnum_recv(subreq, state, &outbuf);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ /* Parse the reply. */
+ if (outbuf.length < 0x60) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ state->create_time = interpret_long_date(BVAL(outbuf.data, 0x0));
+ state->access_time = interpret_long_date(BVAL(outbuf.data, 0x8));
+ state->write_time = interpret_long_date(BVAL(outbuf.data, 0x10));
+ state->change_time = interpret_long_date(BVAL(outbuf.data, 0x18));
+ state->attr = IVAL(outbuf.data, 0x20);
+ state->size = BVAL(outbuf.data, 0x30);
+ state->ino = BVAL(outbuf.data, 0x40);
+
+ data_blob_free(&outbuf);
+
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_qfileinfo_basic_recv(
+ struct tevent_req *req,
+ uint32_t *attr,
+ off_t *size,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ SMB_INO_T *ino)
+{
+ struct cli_qfileinfo_basic_state *state = tevent_req_data(
+ req, struct cli_qfileinfo_basic_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (create_time != NULL) {
+ *create_time = state->create_time;
+ }
+ if (access_time != NULL) {
+ *access_time = state->access_time;
+ }
+ if (write_time != NULL) {
+ *write_time = state->write_time;
+ }
+ if (change_time != NULL) {
+ *change_time = state->change_time;
+ }
+ if (attr != NULL) {
+ *attr = state->attr;
+ }
+ if (size != NULL) {
+ *size = state->size;
+ }
+ if (ino) {
+ *ino = state->ino;
+ }
+
+ return NT_STATUS_OK;
+}
+/****************************************************************************
+ Send a qfileinfo call.
+****************************************************************************/
+
+NTSTATUS cli_qfileinfo_basic(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t *attr,
+ off_t *size,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ SMB_INO_T *ino)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_qfileinfo_basic_send(frame, ev, cli, fnum);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_qfileinfo_basic_recv(
+ req,
+ attr,
+ size,
+ create_time,
+ access_time,
+ write_time,
+ change_time,
+ ino);
+
+ /* cli_smb2_query_info_fnum_recv doesn't set this */
+ cli->raw_status = status;
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Send a qpathinfo BASIC_INFO call.
+****************************************************************************/
+
+struct cli_qpathinfo_basic_state {
+ uint32_t num_data;
+ uint8_t *data;
+};
+
+static void cli_qpathinfo_basic_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_qpathinfo_basic_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_qpathinfo_basic_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_qpathinfo_basic_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ subreq = cli_qpathinfo_send(state, ev, cli, fname,
+ SMB_QUERY_FILE_BASIC_INFO,
+ 36, CLI_BUFFER_SIZE);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_qpathinfo_basic_done, req);
+ return req;
+}
+
+static void cli_qpathinfo_basic_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_qpathinfo_basic_state *state = tevent_req_data(
+ req, struct cli_qpathinfo_basic_state);
+ NTSTATUS status;
+
+ status = cli_qpathinfo_recv(subreq, state, &state->data,
+ &state->num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_qpathinfo_basic_recv(struct tevent_req *req,
+ SMB_STRUCT_STAT *sbuf, uint32_t *attributes)
+{
+ struct cli_qpathinfo_basic_state *state = tevent_req_data(
+ req, struct cli_qpathinfo_basic_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ sbuf->st_ex_btime = interpret_long_date(BVAL(state->data, 0));
+ sbuf->st_ex_atime = interpret_long_date(BVAL(state->data, 8));
+ sbuf->st_ex_mtime = interpret_long_date(BVAL(state->data, 16));
+ sbuf->st_ex_ctime = interpret_long_date(BVAL(state->data, 24));
+ *attributes = IVAL(state->data, 32);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_qpathinfo_basic(struct cli_state *cli, const char *name,
+ SMB_STRUCT_STAT *sbuf, uint32_t *attributes)
+{
+ TALLOC_CTX *frame = NULL;
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return cli_smb2_qpathinfo_basic(cli,
+ name,
+ sbuf,
+ attributes);
+ }
+
+ frame = talloc_stackframe();
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_qpathinfo_basic_send(frame, ev, cli, name);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_qpathinfo_basic_recv(req, sbuf, attributes);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/****************************************************************************
+ Send a qpathinfo SMB_QUERY_FILE_ALT_NAME_INFO call.
+****************************************************************************/
+
+NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstring alt_name)
+{
+ uint8_t *rdata;
+ uint32_t num_rdata;
+ unsigned int len;
+ char *converted = NULL;
+ size_t converted_size = 0;
+ NTSTATUS status;
+
+ status = cli_qpathinfo(talloc_tos(), cli, fname,
+ SMB_QUERY_FILE_ALT_NAME_INFO,
+ 4, CLI_BUFFER_SIZE, &rdata, &num_rdata);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ len = IVAL(rdata, 0);
+
+ if (len > num_rdata - 4) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ /* The returned data is a pushed string, not raw data. */
+ if (!convert_string_talloc(talloc_tos(),
+ smbXcli_conn_use_unicode(cli->conn) ? CH_UTF16LE : CH_DOS,
+ CH_UNIX,
+ rdata + 4,
+ len,
+ &converted,
+ &converted_size)) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ fstrcpy(alt_name, converted);
+
+ TALLOC_FREE(converted);
+ TALLOC_FREE(rdata);
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Send a qpathinfo SMB_QUERY_FILE_STANDARD_INFO call.
+****************************************************************************/
+
+NTSTATUS cli_qpathinfo_standard(struct cli_state *cli, const char *fname,
+ uint64_t *allocated, uint64_t *size,
+ uint32_t *nlinks,
+ bool *is_del_pending, bool *is_dir)
+{
+ uint8_t *rdata;
+ uint32_t num_rdata;
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ status = cli_qpathinfo(talloc_tos(), cli, fname,
+ SMB_QUERY_FILE_STANDARD_INFO,
+ 24, CLI_BUFFER_SIZE, &rdata, &num_rdata);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (allocated) {
+ *allocated = BVAL(rdata, 0);
+ }
+
+ if (size) {
+ *size = BVAL(rdata, 8);
+ }
+
+ if (nlinks) {
+ *nlinks = IVAL(rdata, 16);
+ }
+
+ if (is_del_pending) {
+ *is_del_pending = CVAL(rdata, 20);
+ }
+
+ if (is_dir) {
+ *is_dir = CVAL(rdata, 20);
+ }
+
+ TALLOC_FREE(rdata);
+
+ return NT_STATUS_OK;
+}
+
+
+/* like cli_qpathinfo2 but do not use SMB_QUERY_FILE_ALL_INFO with smb1 */
+NTSTATUS cli_qpathinfo3(struct cli_state *cli, const char *fname,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ off_t *size, uint32_t *pattr,
+ SMB_INO_T *ino)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ SMB_STRUCT_STAT st = { 0 };
+ uint32_t attr = 0;
+ uint64_t pos;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ /*
+ * NB. cli_qpathinfo2() checks pattr is valid before
+ * storing a value into it, so we don't need to use
+ * an intermediate attr variable as below but can
+ * pass pattr directly.
+ */
+ return cli_qpathinfo2(cli,
+ fname,
+ create_time,
+ access_time,
+ write_time,
+ change_time,
+ size,
+ pattr,
+ ino,
+ NULL);
+ }
+
+ if (create_time || access_time || write_time || change_time || pattr) {
+ /*
+ * cli_qpathinfo_basic() always indirects the passed
+ * in pointers so we use intermediate variables to
+ * collect all of them before assigning any requested
+ * below.
+ */
+ status = cli_qpathinfo_basic(cli, fname, &st, &attr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ if (size) {
+ status = cli_qpathinfo_standard(cli, fname,
+ NULL, &pos, NULL, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ *size = pos;
+ }
+
+ if (create_time) {
+ *create_time = st.st_ex_btime;
+ }
+ if (access_time) {
+ *access_time = st.st_ex_atime;
+ }
+ if (write_time) {
+ *write_time = st.st_ex_mtime;
+ }
+ if (change_time) {
+ *change_time = st.st_ex_ctime;
+ }
+ if (pattr) {
+ *pattr = attr;
+ }
+ if (ino) {
+ *ino = 0;
+ }
+
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/clirap.h b/source3/libsmb/clirap.h
new file mode 100644
index 0000000..4dc0441
--- /dev/null
+++ b/source3/libsmb/clirap.h
@@ -0,0 +1,206 @@
+/*
+ Samba Unix/Linux SMB client library
+ More client RAP (SMB Remote Procedure Calls) functions
+ Copyright (C) 2001 Steve French (sfrench@us.ibm.com)
+ Copyright (C) 2001 Jim McDonough (jmcd@us.ibm.com)
+ Copyright (C) 2007 Jeremy Allison. jra@samba.org
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Gerald (Jerry) Carter 2004
+ Copyright (C) James Peach 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBSMB_CLIRAP_H
+#define _LIBSMB_CLIRAP_H
+
+struct cli_state;
+
+/* The following definitions come from libsmb/clirap.c */
+
+bool cli_api(struct cli_state *cli,
+ char *param, int prcnt, int mprcnt,
+ char *data, int drcnt, int mdrcnt,
+ char **rparam, unsigned int *rprcnt,
+ char **rdata, unsigned int *rdrcnt);
+int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32_t, const char *, void *), void *state);
+bool cli_NetServerEnum(struct cli_state *cli, char *workgroup, uint32_t stype,
+ void (*fn)(const char *, uint32_t, const char *, void *),
+ void *state);
+bool cli_oem_change_password(struct cli_state *cli, const char *user, const char *new_password,
+ const char *old_password);
+NTSTATUS cli_setpathinfo_ext(struct cli_state *cli, const char *fname,
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint32_t attr);
+struct tevent_req *cli_setfileinfo_ext_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint32_t attr);
+NTSTATUS cli_setfileinfo_ext_recv(struct tevent_req *req);
+NTSTATUS cli_setfileinfo_ext(
+ struct cli_state *cli,
+ uint16_t fnum,
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint32_t attr);
+struct tevent_req *cli_qpathinfo2_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_qpathinfo2_recv(struct tevent_req *req,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ off_t *size,
+ uint32_t *pattr,
+ SMB_INO_T *ino,
+ mode_t *mode);
+NTSTATUS cli_qpathinfo2(struct cli_state *cli,
+ const char *fname,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ off_t *size,
+ uint32_t *pattr,
+ SMB_INO_T *ino,
+ mode_t *mode);
+NTSTATUS cli_qpathinfo3(struct cli_state *cli, const char *fname,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ off_t *size, uint32_t *pattr,
+ SMB_INO_T *ino);
+struct tevent_req *cli_qpathinfo_streams_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_qpathinfo_streams_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams);
+NTSTATUS cli_qpathinfo_streams(struct cli_state *cli, const char *fname,
+ TALLOC_CTX *mem_ctx,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams);
+bool parse_streams_blob(TALLOC_CTX *mem_ctx, const uint8_t *rdata,
+ size_t data_len,
+ unsigned int *pnum_streams,
+ struct stream_struct **pstreams);
+struct tevent_req *cli_qfileinfo_basic_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum);
+NTSTATUS cli_qfileinfo_basic_recv(
+ struct tevent_req *req,
+ uint32_t *attr,
+ off_t *size,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ SMB_INO_T *ino);
+NTSTATUS cli_qfileinfo_basic(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t *attr,
+ off_t *size,
+ struct timespec *create_time,
+ struct timespec *access_time,
+ struct timespec *write_time,
+ struct timespec *change_time,
+ SMB_INO_T *ino);
+struct tevent_req *cli_qpathinfo_basic_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_qpathinfo_basic_recv(struct tevent_req *req,
+ SMB_STRUCT_STAT *sbuf, uint32_t *attributes);
+NTSTATUS cli_qpathinfo_basic(struct cli_state *cli, const char *name,
+ SMB_STRUCT_STAT *sbuf, uint32_t *attributes);
+NTSTATUS cli_qpathinfo_standard(struct cli_state *cli, const char *fname,
+ uint64_t *allocated, uint64_t *size,
+ uint32_t *nlinks,
+ bool *is_del_pending, bool *is_dir);
+NTSTATUS cli_qpathinfo_alt_name(struct cli_state *cli, const char *fname, fstring alt_name);
+struct tevent_req *cli_qpathinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, const char *fname,
+ uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata);
+NTSTATUS cli_qpathinfo_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint8_t **rdata, uint32_t *num_rdata);
+NTSTATUS cli_qpathinfo(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ const char *fname, uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata,
+ uint8_t **rdata, uint32_t *num_rdata);
+
+struct tevent_req *cli_qfileinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata);
+NTSTATUS cli_qfileinfo_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint16_t *recv_flags2,
+ uint8_t **rdata, uint32_t *num_rdata);
+NTSTATUS cli_qfileinfo(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint16_t fnum, uint16_t level, uint32_t min_rdata,
+ uint32_t max_rdata, uint16_t *recv_flags2,
+ uint8_t **rdata, uint32_t *num_rdata);
+
+struct tevent_req *cli_flush_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum);
+NTSTATUS cli_flush_recv(struct tevent_req *req);
+NTSTATUS cli_flush(TALLOC_CTX *mem_ctx, struct cli_state *cli, uint16_t fnum);
+
+struct tevent_req *cli_shadow_copy_data_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool get_names);
+NTSTATUS cli_shadow_copy_data_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ char ***pnames, int *pnum_names);
+NTSTATUS cli_shadow_copy_data(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint16_t fnum, bool get_names,
+ char ***pnames, int *pnum_names);
+
+struct tevent_req *cli_fsctl_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t ctl_code,
+ const DATA_BLOB *in,
+ uint32_t max_out);
+NTSTATUS cli_fsctl_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, DATA_BLOB *out);
+
+
+#endif /* _LIBSMB_CLIRAP_H */
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
new file mode 100644
index 0000000..1641905
--- /dev/null
+++ b/source3/libsmb/clireadwrite.c
@@ -0,0 +1,1907 @@
+/*
+ Unix SMB/CIFS implementation.
+ client file read/write routines
+ Copyright (C) Andrew Tridgell 1994-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "trans2.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/****************************************************************************
+ Calculate the recommended read buffer size
+****************************************************************************/
+static size_t cli_read_max_bufsize(struct cli_state *cli)
+{
+ uint8_t wct = 12;
+ uint32_t min_space;
+ uint32_t data_offset;
+ uint32_t useable_space = 0;
+
+ data_offset = HDR_VWV;
+ data_offset += wct * sizeof(uint16_t);
+ data_offset += sizeof(uint16_t); /* byte count */
+ data_offset += 1; /* pad */
+
+ min_space = cli_state_available_size(cli, data_offset);
+
+ if (cli->server_posix_capabilities & CIFS_UNIX_LARGE_READ_CAP) {
+ useable_space = 0xFFFFFF - data_offset;
+
+ if (smb1cli_conn_signing_is_active(cli->conn)) {
+ return min_space;
+ }
+
+ if (smb1cli_conn_encryption_on(cli->conn)) {
+ return min_space;
+ }
+
+ return useable_space;
+ } else if (smb1cli_conn_capabilities(cli->conn) & CAP_LARGE_READX) {
+ /*
+ * Note: CAP_LARGE_READX also works with signing
+ */
+ useable_space = 0x1FFFF - data_offset;
+
+ useable_space = MIN(useable_space, UINT16_MAX);
+
+ return useable_space;
+ }
+
+ return min_space;
+}
+
+/****************************************************************************
+ Calculate the recommended write buffer size
+****************************************************************************/
+static size_t cli_write_max_bufsize(struct cli_state *cli,
+ uint16_t write_mode,
+ uint8_t wct)
+{
+ uint32_t min_space;
+ uint32_t data_offset;
+ uint32_t useable_space = 0;
+
+ data_offset = HDR_VWV;
+ data_offset += wct * sizeof(uint16_t);
+ data_offset += sizeof(uint16_t); /* byte count */
+ data_offset += 1; /* pad */
+
+ min_space = cli_state_available_size(cli, data_offset);
+
+ if (cli->server_posix_capabilities & CIFS_UNIX_LARGE_WRITE_CAP) {
+ useable_space = 0xFFFFFF - data_offset;
+ } else if (smb1cli_conn_capabilities(cli->conn) & CAP_LARGE_WRITEX) {
+ useable_space = 0x1FFFF - data_offset;
+ } else {
+ return min_space;
+ }
+
+ if (write_mode != 0) {
+ return min_space;
+ }
+
+ if (smb1cli_conn_signing_is_active(cli->conn)) {
+ return min_space;
+ }
+
+ if (smb1cli_conn_encryption_on(cli->conn)) {
+ return min_space;
+ }
+
+ if (strequal(cli->dev, "LPT1:")) {
+ return min_space;
+ }
+
+ return useable_space;
+}
+
+struct cli_read_andx_state {
+ size_t size;
+ uint16_t vwv[12];
+ NTSTATUS status;
+ size_t received;
+ uint8_t *buf;
+};
+
+static void cli_read_andx_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_read_andx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ off_t offset, size_t size,
+ struct tevent_req **psmbreq)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_read_andx_state *state;
+ uint8_t wct = 10;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_read_andx_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->size = size;
+
+ SCVAL(state->vwv + 0, 0, 0xFF);
+ SCVAL(state->vwv + 0, 1, 0);
+ SSVAL(state->vwv + 1, 0, 0);
+ SSVAL(state->vwv + 2, 0, fnum);
+ SIVAL(state->vwv + 3, 0, offset);
+ SSVAL(state->vwv + 5, 0, size);
+ SSVAL(state->vwv + 6, 0, size);
+ SSVAL(state->vwv + 7, 0, (size >> 16));
+ SSVAL(state->vwv + 8, 0, 0);
+ SSVAL(state->vwv + 9, 0, 0);
+
+ if (smb1cli_conn_capabilities(cli->conn) & CAP_LARGE_FILES) {
+ SIVAL(state->vwv + 10, 0,
+ (((uint64_t)offset)>>32) & 0xffffffff);
+ wct = 12;
+ } else {
+ if ((((uint64_t)offset) & 0xffffffff00000000LL) != 0) {
+ DEBUG(10, ("cli_read_andx_send got large offset where "
+ "the server does not support it\n"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ subreq = cli_smb_req_create(state, ev, cli, SMBreadX, 0, 0, wct,
+ state->vwv, 0, NULL);
+ if (subreq == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ tevent_req_set_callback(subreq, cli_read_andx_done, req);
+ *psmbreq = subreq;
+ return req;
+}
+
+struct tevent_req *cli_read_andx_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ off_t offset, size_t size)
+{
+ struct tevent_req *req, *subreq;
+ NTSTATUS status;
+
+ req = cli_read_andx_create(mem_ctx, ev, cli, fnum, offset, size,
+ &subreq);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = smb1cli_req_chain_submit(&subreq, 1);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void cli_read_andx_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_read_andx_state *state = tevent_req_data(
+ req, struct cli_read_andx_state);
+ uint8_t *inbuf;
+ uint8_t wct;
+ uint16_t *vwv;
+ uint32_t num_bytes;
+ uint8_t *bytes;
+
+ state->status = cli_smb_recv(subreq, state, &inbuf, 12, &wct, &vwv,
+ &num_bytes, &bytes);
+ TALLOC_FREE(subreq);
+ if (NT_STATUS_IS_ERR(state->status)) {
+ tevent_req_nterror(req, state->status);
+ return;
+ }
+
+ /* size is the number of bytes the server returned.
+ * Might be zero. */
+ state->received = SVAL(vwv + 5, 0);
+ state->received |= (((unsigned int)SVAL(vwv + 7, 0)) << 16);
+
+ if (state->received > state->size) {
+ DEBUG(5,("server returned more than we wanted!\n"));
+ tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
+ return;
+ }
+
+ /*
+ * bcc field must be valid for small reads, for large reads the 16-bit
+ * bcc field can't be correct.
+ */
+
+ if ((state->received < 0xffff) && (state->received > num_bytes)) {
+ DEBUG(5, ("server announced more bytes than sent\n"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ state->buf = discard_const_p(uint8_t, smb_base(inbuf)) + SVAL(vwv+6, 0);
+
+ if (smb_buffer_oob(smb_len_tcp(inbuf), SVAL(vwv+6, 0), state->received)
+ || ((state->received != 0) && (state->buf < bytes))) {
+ DEBUG(5, ("server returned invalid read&x data offset\n"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+/*
+ * Pull the data out of a finished async read_and_x request. rcvbuf is
+ * talloced from the request, so better make sure that you copy it away before
+ * you talloc_free(req). "rcvbuf" is NOT a talloc_ctx of its own, so do not
+ * talloc_move it!
+ */
+
+NTSTATUS cli_read_andx_recv(struct tevent_req *req, ssize_t *received,
+ uint8_t **rcvbuf)
+{
+ struct cli_read_andx_state *state = tevent_req_data(
+ req, struct cli_read_andx_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *received = state->received;
+ *rcvbuf = state->buf;
+ return NT_STATUS_OK;
+}
+
+struct cli_pull_chunk;
+
+struct cli_pull_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum;
+ off_t start_offset;
+ off_t size;
+
+ NTSTATUS (*sink)(char *buf, size_t n, void *priv);
+ void *priv;
+
+ size_t chunk_size;
+ off_t next_offset;
+ off_t remaining;
+
+ /*
+ * How many bytes did we push into "sink"?
+ */
+ off_t pushed;
+
+ /*
+ * Outstanding requests
+ *
+ * The maximum is 256:
+ * - which would be a window of 256 MByte
+ * for SMB2 with multi-credit
+ * or smb1 unix extensions.
+ */
+ uint16_t max_chunks;
+ uint16_t num_chunks;
+ uint16_t num_waiting;
+ struct cli_pull_chunk *chunks;
+};
+
+struct cli_pull_chunk {
+ struct cli_pull_chunk *prev, *next;
+ struct tevent_req *req;/* This is the main request! Not the subreq */
+ struct tevent_req *subreq;
+ off_t ofs;
+ uint8_t *buf;
+ size_t total_size;
+ size_t tmp_size;
+ bool done;
+};
+
+static void cli_pull_setup_chunks(struct tevent_req *req);
+static void cli_pull_chunk_ship(struct cli_pull_chunk *chunk);
+static void cli_pull_chunk_done(struct tevent_req *subreq);
+
+/*
+ * Parallel read support.
+ *
+ * cli_pull sends as many read&x requests as the server would allow via
+ * max_mux at a time. When replies flow back in, the data is written into
+ * the callback function "sink" in the right order.
+ */
+
+struct tevent_req *cli_pull_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum, off_t start_offset,
+ off_t size, size_t window_size,
+ NTSTATUS (*sink)(char *buf, size_t n,
+ void *priv),
+ void *priv)
+{
+ struct tevent_req *req;
+ struct cli_pull_state *state;
+ size_t page_size = 1024;
+ uint64_t tmp64;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_pull_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->ev = ev;
+ state->fnum = fnum;
+ state->start_offset = start_offset;
+ state->size = size;
+ state->sink = sink;
+ state->priv = priv;
+ state->next_offset = start_offset;
+ state->remaining = size;
+
+ if (size == 0) {
+ tevent_req_done(req);
+ return tevent_req_post(req, ev);
+ }
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ state->chunk_size = smb2cli_conn_max_read_size(cli->conn);
+ } else {
+ state->chunk_size = cli_read_max_bufsize(cli);
+ }
+ if (state->chunk_size > page_size) {
+ state->chunk_size &= ~(page_size - 1);
+ }
+
+ if (window_size == 0) {
+ /*
+ * We use 16 MByte as default window size.
+ */
+ window_size = 16 * 1024 * 1024;
+ }
+
+ tmp64 = window_size/state->chunk_size;
+ if ((window_size % state->chunk_size) > 0) {
+ tmp64 += 1;
+ }
+ tmp64 = MAX(tmp64, 1);
+ tmp64 = MIN(tmp64, 256);
+ state->max_chunks = tmp64;
+
+ /*
+ * We defer the callback because of the complex
+ * substate/subfunction logic
+ */
+ tevent_req_defer_callback(req, ev);
+
+ cli_pull_setup_chunks(req);
+ if (!tevent_req_is_in_progress(req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ return req;
+}
+
+static void cli_pull_setup_chunks(struct tevent_req *req)
+{
+ struct cli_pull_state *state =
+ tevent_req_data(req,
+ struct cli_pull_state);
+ struct cli_pull_chunk *chunk, *next = NULL;
+ size_t i;
+
+ for (chunk = state->chunks; chunk; chunk = next) {
+ /*
+ * Note that chunk might be removed from this call.
+ */
+ next = chunk->next;
+ cli_pull_chunk_ship(chunk);
+ if (!tevent_req_is_in_progress(req)) {
+ return;
+ }
+ }
+
+ for (i = state->num_chunks; i < state->max_chunks; i++) {
+
+ if (state->num_waiting > 0) {
+ return;
+ }
+
+ if (state->remaining == 0) {
+ break;
+ }
+
+ chunk = talloc_zero(state, struct cli_pull_chunk);
+ if (tevent_req_nomem(chunk, req)) {
+ return;
+ }
+ chunk->req = req;
+ chunk->ofs = state->next_offset;
+ chunk->total_size = MIN(state->remaining, state->chunk_size);
+ state->next_offset += chunk->total_size;
+ state->remaining -= chunk->total_size;
+
+ DLIST_ADD_END(state->chunks, chunk);
+ state->num_chunks++;
+ state->num_waiting++;
+
+ cli_pull_chunk_ship(chunk);
+ if (!tevent_req_is_in_progress(req)) {
+ return;
+ }
+ }
+
+ if (state->remaining > 0) {
+ return;
+ }
+
+ if (state->num_chunks > 0) {
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+static void cli_pull_chunk_ship(struct cli_pull_chunk *chunk)
+{
+ struct tevent_req *req = chunk->req;
+ struct cli_pull_state *state =
+ tevent_req_data(req,
+ struct cli_pull_state);
+ bool ok;
+ off_t ofs;
+ size_t size;
+
+ if (chunk->done) {
+ NTSTATUS status;
+
+ if (chunk != state->chunks) {
+ /*
+ * this chunk is not the
+ * first one in the list.
+ *
+ * which means we should not
+ * push it into the sink yet.
+ */
+ return;
+ }
+
+ if (chunk->tmp_size == 0) {
+ /*
+ * we got a short read, we're done
+ */
+ tevent_req_done(req);
+ return;
+ }
+
+ status = state->sink((char *)chunk->buf,
+ chunk->tmp_size,
+ state->priv);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->pushed += chunk->tmp_size;
+
+ if (chunk->tmp_size < chunk->total_size) {
+ /*
+ * we got a short read, we're done
+ */
+ tevent_req_done(req);
+ return;
+ }
+
+ DLIST_REMOVE(state->chunks, chunk);
+ SMB_ASSERT(state->num_chunks > 0);
+ state->num_chunks--;
+ TALLOC_FREE(chunk);
+
+ return;
+ }
+
+ if (chunk->subreq != NULL) {
+ return;
+ }
+
+ SMB_ASSERT(state->num_waiting > 0);
+
+ ofs = chunk->ofs + chunk->tmp_size;
+ size = chunk->total_size - chunk->tmp_size;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ uint32_t max_size;
+
+ ok = smb2cli_conn_req_possible(state->cli->conn, &max_size);
+ if (!ok) {
+ return;
+ }
+
+ /*
+ * downgrade depending on the available credits
+ */
+ size = MIN(max_size, size);
+
+ chunk->subreq = cli_smb2_read_send(chunk,
+ state->ev,
+ state->cli,
+ state->fnum,
+ ofs,
+ size);
+ if (tevent_req_nomem(chunk->subreq, req)) {
+ return;
+ }
+ } else {
+ ok = smb1cli_conn_req_possible(state->cli->conn);
+ if (!ok) {
+ return;
+ }
+
+ chunk->subreq = cli_read_andx_send(chunk,
+ state->ev,
+ state->cli,
+ state->fnum,
+ ofs,
+ size);
+ if (tevent_req_nomem(chunk->subreq, req)) {
+ return;
+ }
+ }
+ tevent_req_set_callback(chunk->subreq,
+ cli_pull_chunk_done,
+ chunk);
+
+ state->num_waiting--;
+ return;
+}
+
+static void cli_pull_chunk_done(struct tevent_req *subreq)
+{
+ struct cli_pull_chunk *chunk =
+ tevent_req_callback_data(subreq,
+ struct cli_pull_chunk);
+ struct tevent_req *req = chunk->req;
+ struct cli_pull_state *state =
+ tevent_req_data(req,
+ struct cli_pull_state);
+ NTSTATUS status;
+ size_t expected = chunk->total_size - chunk->tmp_size;
+ ssize_t received = 0;
+ uint8_t *buf = NULL;
+
+ chunk->subreq = NULL;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = cli_smb2_read_recv(subreq, &received, &buf);
+ } else {
+ status = cli_read_andx_recv(subreq, &received, &buf);
+ }
+ if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
+ received = 0;
+ status = NT_STATUS_OK;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (received > expected) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (received == 0) {
+ /*
+ * We got EOF we're done
+ */
+ chunk->done = true;
+ cli_pull_setup_chunks(req);
+ return;
+ }
+
+ if (received == chunk->total_size) {
+ /*
+ * We got it in the first run.
+ *
+ * We don't call TALLOC_FREE(subreq)
+ * here and keep the returned buffer.
+ */
+ chunk->buf = buf;
+ } else if (chunk->buf == NULL) {
+ chunk->buf = talloc_array(chunk, uint8_t, chunk->total_size);
+ if (tevent_req_nomem(chunk->buf, req)) {
+ return;
+ }
+ }
+
+ if (received != chunk->total_size) {
+ uint8_t *p = chunk->buf + chunk->tmp_size;
+ memcpy(p, buf, received);
+ TALLOC_FREE(subreq);
+ }
+
+ chunk->tmp_size += received;
+
+ if (chunk->tmp_size == chunk->total_size) {
+ chunk->done = true;
+ } else {
+ state->num_waiting++;
+ }
+
+ cli_pull_setup_chunks(req);
+}
+
+NTSTATUS cli_pull_recv(struct tevent_req *req, off_t *received)
+{
+ struct cli_pull_state *state = tevent_req_data(
+ req, struct cli_pull_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ *received = state->pushed;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_pull(struct cli_state *cli, uint16_t fnum,
+ off_t start_offset, off_t size, size_t window_size,
+ NTSTATUS (*sink)(char *buf, size_t n, void *priv),
+ void *priv, off_t *received)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_pull_send(frame, ev, cli, fnum, start_offset, size,
+ window_size, sink, priv);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_pull_recv(req, received);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_read_state {
+ struct cli_state *cli;
+ char *buf;
+ size_t buflen;
+ size_t received;
+};
+
+static void cli_read_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_read_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ char *buf,
+ off_t offset,
+ size_t size)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_read_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->buf = buf;
+ state->buflen = size;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ uint32_t max_size;
+ bool ok;
+
+ ok = smb2cli_conn_req_possible(state->cli->conn, &max_size);
+ if (!ok) {
+ tevent_req_nterror(
+ req,
+ NT_STATUS_INSUFFICIENT_RESOURCES);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * downgrade depending on the available credits
+ */
+ size = MIN(max_size, size);
+
+ subreq = cli_smb2_read_send(
+ state, ev, cli, fnum, offset, size);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ } else {
+ bool ok;
+ ok = smb1cli_conn_req_possible(state->cli->conn);
+ if (!ok) {
+ tevent_req_nterror(
+ req,
+ NT_STATUS_INSUFFICIENT_RESOURCES);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_read_andx_send(
+ state, ev, cli, fnum, offset, size);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ }
+
+ tevent_req_set_callback(subreq, cli_read_done, req);
+
+ return req;
+}
+
+static void cli_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_read_state *state = tevent_req_data(
+ req, struct cli_read_state);
+ NTSTATUS status;
+ ssize_t received;
+ uint8_t *buf = NULL;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = cli_smb2_read_recv(subreq, &received, &buf);
+ } else {
+ status = cli_read_andx_recv(subreq, &received, &buf);
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
+ received = 0;
+ status = NT_STATUS_OK;
+ }
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if ((buf == NULL) || (received < 0) || (received > state->buflen)) {
+ state->received = 0;
+ tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
+ return;
+ }
+
+ memcpy(state->buf, buf, received);
+ state->received = received;
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_read_recv(struct tevent_req *req, size_t *received)
+{
+ struct cli_read_state *state = tevent_req_data(
+ req, struct cli_read_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (received != NULL) {
+ *received = state->received;
+ }
+ return NT_STATUS_OK;
+}
+
+/*
+ * Helper function for cli_pull(). This takes a chunk of data (buf) read from
+ * a remote file and copies it into the return buffer (priv).
+ */
+NTSTATUS cli_read_sink(char *buf, size_t n, void *priv)
+{
+ char **pbuf = (char **)priv;
+ memcpy(*pbuf, buf, n);
+ *pbuf += n;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_read(struct cli_state *cli, uint16_t fnum,
+ char *buf, off_t offset, size_t size,
+ size_t *nread)
+{
+ NTSTATUS status;
+ off_t ret = 0;
+
+ status = cli_pull(cli, fnum, offset, size, size,
+ cli_read_sink, &buf, &ret);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (nread) {
+ *nread = ret;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ write to a file using a SMBwrite and not bypassing 0 byte writes
+****************************************************************************/
+
+NTSTATUS cli_smbwrite(struct cli_state *cli, uint16_t fnum, char *buf,
+ off_t offset, size_t size1, size_t *ptotal)
+{
+ uint8_t *bytes;
+ ssize_t total = 0;
+
+ /*
+ * 3 bytes prefix
+ */
+
+ bytes = talloc_array(talloc_tos(), uint8_t, 3);
+ if (bytes == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ bytes[0] = 1;
+
+ do {
+ uint32_t usable_space = cli_state_available_size(cli, 48);
+ size_t size = MIN(size1, usable_space);
+ struct tevent_req *req;
+ uint16_t vwv[5];
+ uint16_t *ret_vwv;
+ NTSTATUS status;
+
+ SSVAL(vwv+0, 0, fnum);
+ SSVAL(vwv+1, 0, size);
+ SIVAL(vwv+2, 0, offset);
+ SSVAL(vwv+4, 0, 0);
+
+ bytes = talloc_realloc(talloc_tos(), bytes, uint8_t,
+ size+3);
+ if (bytes == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ SSVAL(bytes, 1, size);
+ memcpy(bytes + 3, buf + total, size);
+
+ status = cli_smb(talloc_tos(), cli, SMBwrite, 0, 5, vwv,
+ size+3, bytes, &req, 1, NULL, &ret_vwv,
+ NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(bytes);
+ return status;
+ }
+
+ size = SVAL(ret_vwv+0, 0);
+ TALLOC_FREE(req);
+ if (size == 0) {
+ break;
+ }
+ size1 -= size;
+ total += size;
+ offset += size;
+
+ } while (size1);
+
+ TALLOC_FREE(bytes);
+
+ if (ptotal != NULL) {
+ *ptotal = total;
+ }
+ return NT_STATUS_OK;
+}
+
+/*
+ * Send a write&x request
+ */
+
+struct cli_write_andx_state {
+ size_t size;
+ uint16_t vwv[14];
+ size_t written;
+ uint8_t pad;
+ struct iovec iov[2];
+};
+
+static void cli_write_andx_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_write_andx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t mode, const uint8_t *buf,
+ off_t offset, size_t size,
+ struct tevent_req **reqs_before,
+ int num_reqs_before,
+ struct tevent_req **psmbreq)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_write_andx_state *state;
+ bool bigoffset = ((smb1cli_conn_capabilities(cli->conn) & CAP_LARGE_FILES) != 0);
+ uint8_t wct = bigoffset ? 14 : 12;
+ size_t max_write = cli_write_max_bufsize(cli, mode, wct);
+ uint16_t *vwv;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_write_andx_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ state->size = MIN(size, max_write);
+
+ vwv = state->vwv;
+
+ SCVAL(vwv+0, 0, 0xFF);
+ SCVAL(vwv+0, 1, 0);
+ SSVAL(vwv+1, 0, 0);
+ SSVAL(vwv+2, 0, fnum);
+ SIVAL(vwv+3, 0, offset);
+ SIVAL(vwv+5, 0, 0);
+ SSVAL(vwv+7, 0, mode);
+ SSVAL(vwv+8, 0, 0);
+ SSVAL(vwv+9, 0, (state->size>>16));
+ SSVAL(vwv+10, 0, state->size);
+
+ SSVAL(vwv+11, 0,
+ smb1cli_req_wct_ofs(reqs_before, num_reqs_before)
+ + 1 /* the wct field */
+ + wct * 2 /* vwv */
+ + 2 /* num_bytes field */
+ + 1 /* pad */);
+
+ if (bigoffset) {
+ SIVAL(vwv+12, 0, (((uint64_t)offset)>>32) & 0xffffffff);
+ }
+
+ state->pad = 0;
+ state->iov[0].iov_base = (void *)&state->pad;
+ state->iov[0].iov_len = 1;
+ state->iov[1].iov_base = discard_const_p(void, buf);
+ state->iov[1].iov_len = state->size;
+
+ subreq = cli_smb_req_create(state, ev, cli, SMBwriteX, 0, 0, wct, vwv,
+ 2, state->iov);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_write_andx_done, req);
+ *psmbreq = subreq;
+ return req;
+}
+
+struct tevent_req *cli_write_andx_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t mode, const uint8_t *buf,
+ off_t offset, size_t size)
+{
+ struct tevent_req *req, *subreq;
+ NTSTATUS status;
+
+ req = cli_write_andx_create(mem_ctx, ev, cli, fnum, mode, buf, offset,
+ size, NULL, 0, &subreq);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = smb1cli_req_chain_submit(&subreq, 1);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+ return req;
+}
+
+static void cli_write_andx_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_write_andx_state *state = tevent_req_data(
+ req, struct cli_write_andx_state);
+ uint8_t wct;
+ uint16_t *vwv;
+ NTSTATUS status;
+
+ status = cli_smb_recv(subreq, state, NULL, 6, &wct, &vwv,
+ NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (NT_STATUS_IS_ERR(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ state->written = SVAL(vwv+2, 0);
+ if (state->size > UINT16_MAX) {
+ /*
+ * It is important that we only set the
+ * high bits only if we asked for a large write.
+ *
+ * OS/2 print shares get this wrong and may send
+ * invalid values.
+ *
+ * See bug #5326.
+ */
+ state->written |= SVAL(vwv+4, 0)<<16;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_write_andx_recv(struct tevent_req *req, size_t *pwritten)
+{
+ struct cli_write_andx_state *state = tevent_req_data(
+ req, struct cli_write_andx_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (pwritten != 0) {
+ *pwritten = state->written;
+ }
+ return NT_STATUS_OK;
+}
+
+struct cli_write_state {
+ struct cli_state *cli;
+ size_t written;
+};
+
+static void cli_write_done(struct tevent_req *subreq);
+
+/*
+ * Used to write to a file remotely.
+ * This is similar in functionality to cli_push_send(), except this is a more
+ * finer-grain API. For example, if the data we want to write exceeds the max
+ * write size of the underlying connection, then it's the caller's
+ * responsibility to handle this.
+ * For writing a small amount of data to file, this is a simpler API to use.
+ */
+struct tevent_req *cli_write_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t mode, const uint8_t *buf,
+ off_t offset, size_t size)
+{
+ struct tevent_req *req = NULL;
+ struct cli_write_state *state = NULL;
+ struct tevent_req *subreq = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_write_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ uint32_t max_size;
+ bool ok;
+
+ ok = smb2cli_conn_req_possible(state->cli->conn, &max_size);
+ if (!ok) {
+ tevent_req_nterror(
+ req,
+ NT_STATUS_INSUFFICIENT_RESOURCES);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * downgrade depending on the available credits
+ */
+ size = MIN(max_size, size);
+
+ subreq = cli_smb2_write_send(state,
+ ev,
+ cli,
+ fnum,
+ mode,
+ buf,
+ offset,
+ size);
+ } else {
+ bool ok;
+
+ ok = smb1cli_conn_req_possible(state->cli->conn);
+ if (!ok) {
+ tevent_req_nterror(
+ req,
+ NT_STATUS_INSUFFICIENT_RESOURCES);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_write_andx_send(state,
+ ev,
+ cli,
+ fnum,
+ mode,
+ buf,
+ offset,
+ size);
+ }
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_write_done, req);
+
+ return req;
+}
+
+static void cli_write_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_write_state *state =
+ tevent_req_data(req,
+ struct cli_write_state);
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = cli_smb2_write_recv(subreq, &state->written);
+ } else {
+ status = cli_write_andx_recv(subreq, &state->written);
+ }
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_write_recv(struct tevent_req *req, size_t *pwritten)
+{
+ struct cli_write_state *state =
+ tevent_req_data(req,
+ struct cli_write_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ if (pwritten != NULL) {
+ *pwritten = state->written;
+ }
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+struct cli_smb1_writeall_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum;
+ uint16_t mode;
+ const uint8_t *buf;
+ off_t offset;
+ size_t size;
+ size_t written;
+};
+
+static void cli_smb1_writeall_written(struct tevent_req *req);
+
+static struct tevent_req *cli_smb1_writeall_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t mode,
+ const uint8_t *buf,
+ off_t offset, size_t size)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_smb1_writeall_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_smb1_writeall_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->fnum = fnum;
+ state->mode = mode;
+ state->buf = buf;
+ state->offset = offset;
+ state->size = size;
+ state->written = 0;
+
+ subreq = cli_write_andx_send(state, state->ev, state->cli, state->fnum,
+ state->mode, state->buf, state->offset,
+ state->size);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_smb1_writeall_written, req);
+ return req;
+}
+
+static void cli_smb1_writeall_written(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_smb1_writeall_state *state = tevent_req_data(
+ req, struct cli_smb1_writeall_state);
+ NTSTATUS status;
+ size_t written = 0, to_write;
+
+ status = cli_write_andx_recv(subreq, &written);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ state->written += written;
+
+ if (state->written > state->size) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ to_write = state->size - state->written;
+
+ if (to_write == 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = cli_write_andx_send(state, state->ev, state->cli, state->fnum,
+ state->mode,
+ state->buf + state->written,
+ state->offset + state->written, to_write);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_smb1_writeall_written, req);
+}
+
+static NTSTATUS cli_smb1_writeall_recv(struct tevent_req *req,
+ size_t *pwritten)
+{
+ struct cli_smb1_writeall_state *state = tevent_req_data(
+ req, struct cli_smb1_writeall_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (pwritten != NULL) {
+ *pwritten = state->written;
+ }
+ return NT_STATUS_OK;
+}
+
+struct cli_writeall_state {
+ struct cli_state *cli;
+ size_t written;
+};
+
+static void cli_writeall_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_writeall_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t mode,
+ const uint8_t *buf,
+ off_t offset,
+ size_t size)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_writeall_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_writeall_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_writeall_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ mode,
+ buf,
+ offset,
+ size);
+ } else {
+ subreq = cli_smb1_writeall_send(
+ state,
+ ev,
+ cli,
+ fnum,
+ mode,
+ buf,
+ offset,
+ size);
+ }
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_writeall_done, req);
+
+ return req;
+}
+
+static void cli_writeall_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_writeall_state *state = tevent_req_data(
+ req, struct cli_writeall_state);
+ NTSTATUS status;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = cli_smb2_writeall_recv(subreq, &state->written);
+ } else {
+ status = cli_smb1_writeall_recv(subreq, &state->written);
+ }
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_writeall_recv(struct tevent_req *req, size_t *pwritten)
+{
+ struct cli_writeall_state *state = tevent_req_data(
+ req, struct cli_writeall_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (pwritten != NULL) {
+ *pwritten = state->written;
+ }
+ return NT_STATUS_OK;
+}
+
+
+NTSTATUS cli_writeall(struct cli_state *cli, uint16_t fnum, uint16_t mode,
+ const uint8_t *buf, off_t offset, size_t size,
+ size_t *pwritten)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_writeall_send(frame, ev, cli, fnum, mode, buf, offset, size);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_writeall_recv(req, pwritten);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_push_chunk;
+
+struct cli_push_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum;
+ uint16_t mode;
+ off_t start_offset;
+
+ size_t (*source)(uint8_t *buf, size_t n, void *priv);
+ void *priv;
+
+ bool eof;
+
+ size_t chunk_size;
+ off_t next_offset;
+
+ /*
+ * Outstanding requests
+ *
+ * The maximum is 256:
+ * - which would be a window of 256 MByte
+ * for SMB2 with multi-credit
+ * or smb1 unix extensions.
+ */
+ uint16_t max_chunks;
+ uint16_t num_chunks;
+ uint16_t num_waiting;
+ struct cli_push_chunk *chunks;
+};
+
+struct cli_push_chunk {
+ struct cli_push_chunk *prev, *next;
+ struct tevent_req *req;/* This is the main request! Not the subreq */
+ struct tevent_req *subreq;
+ off_t ofs;
+ uint8_t *buf;
+ size_t total_size;
+ size_t tmp_size;
+ bool done;
+};
+
+static void cli_push_setup_chunks(struct tevent_req *req);
+static void cli_push_chunk_ship(struct cli_push_chunk *chunk);
+static void cli_push_chunk_done(struct tevent_req *subreq);
+
+/*
+ * Used to write to a file remotely.
+ * This is similar in functionality to cli_write_send(), except this API
+ * handles writing a large file by breaking the data into chunks (so we don't
+ * exceed the max write size of the underlying connection). To do this, the
+ * (*source) callback handles copying the underlying file data into a message
+ * buffer, one chunk at a time.
+ * This API is recommended when writing a potentially large amount of data,
+ * e.g. when copying a file (or doing a 'put').
+ */
+struct tevent_req *cli_push_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum, uint16_t mode,
+ off_t start_offset, size_t window_size,
+ size_t (*source)(uint8_t *buf, size_t n,
+ void *priv),
+ void *priv)
+{
+ struct tevent_req *req;
+ struct cli_push_state *state;
+ size_t page_size = 1024;
+ uint64_t tmp64;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_push_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+ state->ev = ev;
+ state->fnum = fnum;
+ state->start_offset = start_offset;
+ state->mode = mode;
+ state->source = source;
+ state->priv = priv;
+ state->next_offset = start_offset;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ state->chunk_size = smb2cli_conn_max_write_size(cli->conn);
+ } else {
+ state->chunk_size = cli_write_max_bufsize(cli, mode, 14);
+ }
+ if (state->chunk_size > page_size) {
+ state->chunk_size &= ~(page_size - 1);
+ }
+
+ if (window_size == 0) {
+ /*
+ * We use 16 MByte as default window size.
+ */
+ window_size = 16 * 1024 * 1024;
+ }
+
+ tmp64 = window_size/state->chunk_size;
+ if ((window_size % state->chunk_size) > 0) {
+ tmp64 += 1;
+ }
+ tmp64 = MAX(tmp64, 1);
+ tmp64 = MIN(tmp64, 256);
+ state->max_chunks = tmp64;
+
+ /*
+ * We defer the callback because of the complex
+ * substate/subfunction logic
+ */
+ tevent_req_defer_callback(req, ev);
+
+ cli_push_setup_chunks(req);
+ if (!tevent_req_is_in_progress(req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ return req;
+}
+
+static void cli_push_setup_chunks(struct tevent_req *req)
+{
+ struct cli_push_state *state =
+ tevent_req_data(req,
+ struct cli_push_state);
+ struct cli_push_chunk *chunk, *next = NULL;
+ size_t i;
+
+ for (chunk = state->chunks; chunk; chunk = next) {
+ /*
+ * Note that chunk might be removed from this call.
+ */
+ next = chunk->next;
+ cli_push_chunk_ship(chunk);
+ if (!tevent_req_is_in_progress(req)) {
+ return;
+ }
+ }
+
+ for (i = state->num_chunks; i < state->max_chunks; i++) {
+
+ if (state->num_waiting > 0) {
+ return;
+ }
+
+ if (state->eof) {
+ break;
+ }
+
+ chunk = talloc_zero(state, struct cli_push_chunk);
+ if (tevent_req_nomem(chunk, req)) {
+ return;
+ }
+ chunk->req = req;
+ chunk->ofs = state->next_offset;
+ chunk->buf = talloc_array(chunk,
+ uint8_t,
+ state->chunk_size);
+ if (tevent_req_nomem(chunk->buf, req)) {
+ return;
+ }
+ chunk->total_size = state->source(chunk->buf,
+ state->chunk_size,
+ state->priv);
+ if (chunk->total_size == 0) {
+ /* nothing to send */
+ talloc_free(chunk);
+ state->eof = true;
+ break;
+ }
+ state->next_offset += chunk->total_size;
+
+ DLIST_ADD_END(state->chunks, chunk);
+ state->num_chunks++;
+ state->num_waiting++;
+
+ cli_push_chunk_ship(chunk);
+ if (!tevent_req_is_in_progress(req)) {
+ return;
+ }
+ }
+
+ if (!state->eof) {
+ return;
+ }
+
+ if (state->num_chunks > 0) {
+ return;
+ }
+
+ tevent_req_done(req);
+}
+
+static void cli_push_chunk_ship(struct cli_push_chunk *chunk)
+{
+ struct tevent_req *req = chunk->req;
+ struct cli_push_state *state =
+ tevent_req_data(req,
+ struct cli_push_state);
+ bool ok;
+ const uint8_t *buf;
+ off_t ofs;
+ size_t size;
+
+ if (chunk->done) {
+ DLIST_REMOVE(state->chunks, chunk);
+ SMB_ASSERT(state->num_chunks > 0);
+ state->num_chunks--;
+ TALLOC_FREE(chunk);
+
+ return;
+ }
+
+ if (chunk->subreq != NULL) {
+ return;
+ }
+
+ SMB_ASSERT(state->num_waiting > 0);
+
+ buf = chunk->buf + chunk->tmp_size;
+ ofs = chunk->ofs + chunk->tmp_size;
+ size = chunk->total_size - chunk->tmp_size;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ uint32_t max_size;
+
+ ok = smb2cli_conn_req_possible(state->cli->conn, &max_size);
+ if (!ok) {
+ return;
+ }
+
+ /*
+ * downgrade depending on the available credits
+ */
+ size = MIN(max_size, size);
+
+ chunk->subreq = cli_smb2_write_send(chunk,
+ state->ev,
+ state->cli,
+ state->fnum,
+ state->mode,
+ buf,
+ ofs,
+ size);
+ if (tevent_req_nomem(chunk->subreq, req)) {
+ return;
+ }
+ } else {
+ ok = smb1cli_conn_req_possible(state->cli->conn);
+ if (!ok) {
+ return;
+ }
+
+ chunk->subreq = cli_write_andx_send(chunk,
+ state->ev,
+ state->cli,
+ state->fnum,
+ state->mode,
+ buf,
+ ofs,
+ size);
+ if (tevent_req_nomem(chunk->subreq, req)) {
+ return;
+ }
+ }
+ tevent_req_set_callback(chunk->subreq,
+ cli_push_chunk_done,
+ chunk);
+
+ state->num_waiting--;
+ return;
+}
+
+static void cli_push_chunk_done(struct tevent_req *subreq)
+{
+ struct cli_push_chunk *chunk =
+ tevent_req_callback_data(subreq,
+ struct cli_push_chunk);
+ struct tevent_req *req = chunk->req;
+ struct cli_push_state *state =
+ tevent_req_data(req,
+ struct cli_push_state);
+ NTSTATUS status;
+ size_t expected = chunk->total_size - chunk->tmp_size;
+ size_t written;
+
+ chunk->subreq = NULL;
+
+ if (smbXcli_conn_protocol(state->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = cli_smb2_write_recv(subreq, &written);
+ } else {
+ status = cli_write_andx_recv(subreq, &written);
+ }
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ if (written > expected) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ if (written == 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+ chunk->tmp_size += written;
+
+ if (chunk->tmp_size == chunk->total_size) {
+ chunk->done = true;
+ } else {
+ state->num_waiting++;
+ }
+
+ cli_push_setup_chunks(req);
+}
+
+NTSTATUS cli_push_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_push(struct cli_state *cli, uint16_t fnum, uint16_t mode,
+ off_t start_offset, size_t window_size,
+ size_t (*source)(uint8_t *buf, size_t n, void *priv),
+ void *priv)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ req = cli_push_send(frame, ev, cli, fnum, mode, start_offset,
+ window_size, source, priv);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+
+ status = cli_push_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+#define SPLICE_BLOCK_SIZE 1024 * 1024
+
+static NTSTATUS cli_splice_fallback(TALLOC_CTX *frame,
+ struct cli_state *srccli,
+ struct cli_state *dstcli,
+ uint16_t src_fnum, uint16_t dst_fnum,
+ off_t initial_size,
+ off_t src_offset, off_t dst_offset,
+ off_t *written,
+ int (*splice_cb)(off_t n, void *priv),
+ void *priv)
+{
+ NTSTATUS status;
+ uint8_t *buf = talloc_size(frame, SPLICE_BLOCK_SIZE);
+ size_t nread;
+ off_t remaining = initial_size;
+ *written = 0;
+
+ while (remaining) {
+ size_t to_read = MIN(remaining, SPLICE_BLOCK_SIZE);
+
+ status = cli_read(srccli, src_fnum,
+ (char *)buf, src_offset, to_read,
+ &nread);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ status = cli_writeall(dstcli, dst_fnum, 0,
+ buf, dst_offset, nread, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if ((src_offset > INT64_MAX - nread) ||
+ (dst_offset > INT64_MAX - nread)) {
+ return NT_STATUS_FILE_TOO_LARGE;
+ }
+ src_offset += nread;
+ dst_offset += nread;
+ *written += nread;
+ if (remaining < nread) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ remaining -= nread;
+ if (!splice_cb(initial_size - remaining, priv)) {
+ return NT_STATUS_CANCELLED;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_splice(struct cli_state *srccli, struct cli_state *dstcli,
+ uint16_t src_fnum, uint16_t dst_fnum,
+ off_t size,
+ off_t src_offset, off_t dst_offset,
+ off_t *written,
+ int (*splice_cb)(off_t n, void *priv), void *priv)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+ bool retry_fallback = false;
+
+ if (smbXcli_conn_has_async_calls(srccli->conn) ||
+ smbXcli_conn_has_async_calls(dstcli->conn))
+ {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+ do {
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto out;
+ }
+ if (srccli == dstcli &&
+ smbXcli_conn_protocol(srccli->conn) >= PROTOCOL_SMB2_02 &&
+ !retry_fallback)
+ {
+ req = cli_smb2_splice_send(frame, ev,
+ srccli, src_fnum, dst_fnum,
+ size, src_offset, dst_offset,
+ splice_cb, priv);
+ } else {
+ status = cli_splice_fallback(frame,
+ srccli, dstcli,
+ src_fnum, dst_fnum,
+ size,
+ src_offset, dst_offset,
+ written,
+ splice_cb, priv);
+ goto out;
+ }
+ if (req == NULL) {
+ goto out;
+ }
+ if (!tevent_req_poll(req, ev)) {
+ status = map_nt_error_from_unix(errno);
+ goto out;
+ }
+ status = cli_smb2_splice_recv(req, written);
+
+ /*
+ * Older versions of Samba don't support
+ * FSCTL_SRV_COPYCHUNK_WRITE so use the fallback.
+ */
+ retry_fallback = NT_STATUS_EQUAL(status, NT_STATUS_INVALID_DEVICE_REQUEST);
+ } while (retry_fallback);
+
+ out:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
new file mode 100644
index 0000000..d6a2661
--- /dev/null
+++ b/source3/libsmb/clisecdesc.c
@@ -0,0 +1,372 @@
+/*
+ Unix SMB/CIFS implementation.
+ client security descriptor functions
+ Copyright (C) Andrew Tridgell 2000
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../libcli/security/secdesc.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/util/tevent_ntstatus.h"
+
+struct cli_query_security_descriptor_state {
+ uint8_t param[8];
+ DATA_BLOB outbuf;
+};
+
+static void cli_query_security_descriptor_done1(struct tevent_req *subreq);
+static void cli_query_security_descriptor_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_query_security_descriptor_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_query_security_descriptor_state *state = NULL;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_query_security_descriptor_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_query_info_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ fnum, /* fnum */
+ 3, /* in_info_type */
+ 0, /* in_info_class */
+ 0xFFFF, /* in_max_output_length */
+ NULL, /* in_input_buffer */
+ sec_info, /* in_additional_info */
+ 0); /* in_flags */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_query_security_descriptor_done2, req);
+ return req;
+ }
+
+ PUSH_LE_U32(state->param, 0, fnum);
+ PUSH_LE_U32(state->param, 4, sec_info);
+
+ subreq = cli_trans_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ 0, /* additional_flags2 */
+ SMBnttrans, /* cmd */
+ NULL, /* pipe_name */
+ -1, /* fid */
+ NT_TRANSACT_QUERY_SECURITY_DESC, /* function */
+ 0, /* flags */
+ NULL, /* setup */
+ 0, /* num_setup */
+ 0, /* max_setup */
+ state->param, /* param */
+ 8, /* num_param */
+ 4, /* max_param */
+ NULL, /* data */
+ 0, /* num_data */
+ 0x10000); /* max_data */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_query_security_descriptor_done1, req);
+ return req;
+}
+
+static void cli_query_security_descriptor_done1(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_query_security_descriptor_state *state = tevent_req_data(
+ req, struct cli_query_security_descriptor_state);
+ NTSTATUS status;
+ uint32_t len;
+
+ status = cli_trans_recv(
+ subreq, /* req */
+ state, /* mem_ctx */
+ NULL, /* recv_flags2 */
+ NULL, /* setup */
+ 0, /* min_setup */
+ NULL, /* num_setup */
+ NULL, /* param */
+ 0, /* min_param */
+ NULL, /* num_param */
+ &state->outbuf.data, /* data */
+ 0, /* min_data */
+ &len); /* num_data */
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ state->outbuf.length = len; /* uint32_t -> size_t */
+ tevent_req_done(req);
+}
+
+static void cli_query_security_descriptor_done2(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_query_security_descriptor_state *state = tevent_req_data(
+ req, struct cli_query_security_descriptor_state);
+ NTSTATUS status;
+
+ status = cli_smb2_query_info_fnum_recv(subreq, state, &state->outbuf);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_query_security_descriptor_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **sd)
+{
+ struct cli_query_security_descriptor_state *state = tevent_req_data(
+ req, struct cli_query_security_descriptor_state);
+ NTSTATUS status = NT_STATUS_OK;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ goto done;
+ }
+ if (sd != NULL) {
+ status = unmarshall_sec_desc(
+ mem_ctx, state->outbuf.data, state->outbuf.length, sd);
+ }
+done:
+ tevent_req_received(req);
+ return status;
+}
+
+NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **sd)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_query_security_descriptor_send(
+ frame, ev, cli, fnum, sec_info);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_query_security_descriptor_recv(req, mem_ctx, sd);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
+ TALLOC_CTX *mem_ctx, struct security_descriptor **sd)
+{
+ uint32_t sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
+
+ return cli_query_security_descriptor(cli, fnum, sec_info, mem_ctx, sd);
+}
+
+NTSTATUS cli_query_mxac(struct cli_state *cli,
+ const char *filename,
+ uint32_t *mxac)
+{
+ if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ return cli_smb2_query_mxac(cli, filename, mxac);
+}
+
+struct cli_set_security_descriptor_state {
+ uint8_t param[8];
+ DATA_BLOB buf;
+};
+
+static void cli_set_security_descriptor_done1(struct tevent_req *subreq);
+static void cli_set_security_descriptor_done2(struct tevent_req *subreq);
+
+struct tevent_req *cli_set_security_descriptor_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ const struct security_descriptor *sd)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_set_security_descriptor_state *state = NULL;
+ NTSTATUS status;
+
+ req = tevent_req_create(
+ mem_ctx, &state, struct cli_set_security_descriptor_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ status = marshall_sec_desc(
+ state, sd, &state->buf.data, &state->buf.length);
+ if (tevent_req_nterror(req, status)) {
+ return tevent_req_post(req, ev);
+ }
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ subreq = cli_smb2_set_info_fnum_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ fnum, /* fnum */
+ 3, /* in_info_type */
+ 0, /* in_file_info_class */
+ &state->buf, /* in_input_buffer */
+ sec_info); /* in_additional_info */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_set_security_descriptor_done2, req);
+ return req;
+ }
+
+ SIVAL(state->param, 0, fnum);
+ SIVAL(state->param, 4, sec_info);
+
+ subreq = cli_trans_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ 0, /* additional_flags2 */
+ SMBnttrans, /* cmd */
+ NULL, /* pipe_name */
+ -1, /* fid */
+ NT_TRANSACT_SET_SECURITY_DESC, /* function */
+ 0, /* flags */
+ NULL, /* setup */
+ 0, /* num_setup */
+ 0, /* max_setup */
+ state->param, /* param */
+ 8, /* num_param */
+ 0, /* max_param */
+ state->buf.data, /* data */
+ state->buf.length, /* num_data */
+ 0); /* max_data */
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ subreq, cli_set_security_descriptor_done1, req);
+ return req;
+}
+
+static void cli_set_security_descriptor_done1(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_trans_recv(
+ subreq, NULL, NULL, NULL, 0, NULL, NULL, 0, NULL,
+ NULL, 0, NULL);
+ return tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_set_security_descriptor_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_smb2_set_info_fnum_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_set_security_descriptor_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+/****************************************************************************
+ set the security descriptor for a open file
+ ****************************************************************************/
+NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ const struct security_descriptor *sd)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev = NULL;
+ struct tevent_req *req = NULL;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_set_security_descriptor_send(
+ frame, ev, cli, fnum, sec_info, sd);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_set_security_descriptor_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
+ const struct security_descriptor *sd)
+{
+ uint32_t sec_info = 0;
+
+ if (sd->dacl || (sd->type & SEC_DESC_DACL_PRESENT)) {
+ sec_info |= SECINFO_DACL;
+ }
+ if (sd->sacl || (sd->type & SEC_DESC_SACL_PRESENT)) {
+ sec_info |= SECINFO_SACL;
+ }
+ if (sd->owner_sid) {
+ sec_info |= SECINFO_OWNER;
+ }
+ if (sd->group_sid) {
+ sec_info |= SECINFO_GROUP;
+ }
+
+ return cli_set_security_descriptor(cli, fnum, sec_info, sd);
+}
diff --git a/source3/libsmb/clisymlink.c b/source3/libsmb/clisymlink.c
new file mode 100644
index 0000000..d7ecf54
--- /dev/null
+++ b/source3/libsmb/clisymlink.c
@@ -0,0 +1,650 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Client implementation of setting symlinks using reparse points
+ * Copyright (C) Volker Lendecke 2011
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "system/filesys.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "libsmb/clirap.h"
+#include "trans2.h"
+#include "libcli/security/secdesc.h"
+#include "libcli/security/security.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "libcli/smb/reparse.h"
+
+struct cli_create_reparse_point_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ DATA_BLOB reparse_blob;
+ uint16_t fnum;
+ NTSTATUS set_reparse_status;
+};
+
+static void cli_create_reparse_point_opened(struct tevent_req *subreq);
+static void cli_create_reparse_point_done(struct tevent_req *subreq);
+static void cli_create_reparse_point_doc_done(struct tevent_req *subreq);
+static void cli_create_reparse_point_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_create_reparse_point_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ DATA_BLOB reparse_blob)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_create_reparse_point_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx,
+ &state,
+ struct cli_create_reparse_point_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->reparse_blob = reparse_blob;
+
+ /*
+ * The create arguments were taken from a Windows->Windows
+ * symlink create call.
+ */
+ subreq = cli_ntcreate_send(
+ state,
+ ev,
+ cli,
+ fname,
+ 0,
+ SYNCHRONIZE_ACCESS | DELETE_ACCESS | FILE_READ_ATTRIBUTES |
+ FILE_WRITE_ATTRIBUTES,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_NONE,
+ FILE_CREATE,
+ FILE_OPEN_REPARSE_POINT | FILE_SYNCHRONOUS_IO_NONALERT |
+ FILE_NON_DIRECTORY_FILE,
+ SMB2_IMPERSONATION_IMPERSONATION,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_create_reparse_point_opened, req);
+ return req;
+}
+
+static void cli_create_reparse_point_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_create_reparse_point_state *state =
+ tevent_req_data(req, struct cli_create_reparse_point_state);
+ NTSTATUS status;
+
+ status = cli_ntcreate_recv(subreq, &state->fnum, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_fsctl_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ FSCTL_SET_REPARSE_POINT,
+ &state->reparse_blob,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_create_reparse_point_done, req);
+}
+
+static void cli_create_reparse_point_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_create_reparse_point_state *state =
+ tevent_req_data(req, struct cli_create_reparse_point_state);
+
+ state->set_reparse_status = cli_fsctl_recv(subreq, NULL, NULL);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_IS_OK(state->set_reparse_status)) {
+ subreq = cli_close_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_create_reparse_point_closed,
+ req);
+ return;
+ }
+ subreq = cli_nt_delete_on_close_send(
+ state, state->ev, state->cli, state->fnum, true);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq,
+ cli_create_reparse_point_doc_done,
+ req);
+}
+
+static void cli_create_reparse_point_doc_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_create_reparse_point_state *state =
+ tevent_req_data(req, struct cli_create_reparse_point_state);
+
+ /*
+ * Ignore status, we can't do much anyway in case of failure
+ */
+
+ (void)cli_nt_delete_on_close_recv(subreq);
+ TALLOC_FREE(subreq);
+
+ subreq = cli_close_send(state, state->ev, state->cli, state->fnum, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_create_reparse_point_closed, req);
+}
+
+static void cli_create_reparse_point_closed(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_create_reparse_point_state *state =
+ tevent_req_data(req, struct cli_create_reparse_point_state);
+ NTSTATUS status;
+
+ status = cli_close_recv(subreq);
+ TALLOC_FREE(subreq);
+
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if (tevent_req_nterror(req, state->set_reparse_status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_create_reparse_point_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_symlink_state {
+ uint8_t dummy;
+};
+
+static void cli_symlink_done(struct tevent_req *subreq);
+
+struct tevent_req *cli_symlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *link_target,
+ const char *newpath,
+ uint32_t flags)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_symlink_state *state = NULL;
+ struct reparse_data_buffer reparse_buf = {
+ .tag = IO_REPARSE_TAG_SYMLINK,
+ .parsed.lnk.substitute_name =
+ discard_const_p(char, link_target),
+ .parsed.lnk.print_name = discard_const_p(char, link_target),
+ .parsed.lnk.flags = flags,
+ };
+ uint8_t *buf;
+ ssize_t buflen;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_symlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ buflen = reparse_data_buffer_marshall(&reparse_buf, NULL, 0);
+ if (buflen == -1) {
+ tevent_req_oom(req);
+ return tevent_req_post(req, ev);
+ }
+
+ buf = talloc_array(state, uint8_t, buflen);
+ if (tevent_req_nomem(buf, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ buflen = reparse_data_buffer_marshall(&reparse_buf, buf, buflen);
+ if (buflen != talloc_array_length(buf)) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_create_reparse_point_send(state,
+ ev,
+ cli,
+ newpath,
+ (DATA_BLOB){
+ .data = buf,
+ .length = buflen,
+ });
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_symlink_done, req);
+ return req;
+}
+
+static void cli_symlink_done(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_symlink_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_symlink_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+NTSTATUS cli_symlink(struct cli_state *cli, const char *link_target,
+ const char *newname, uint32_t flags)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_symlink_send(frame, ev, cli, link_target, newname, flags);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_symlink_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_get_reparse_data_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum;
+
+ NTSTATUS get_reparse_status;
+ uint8_t *data;
+ uint32_t datalen;
+};
+
+static void cli_get_reparse_data_opened(struct tevent_req *subreq);
+static void cli_get_reparse_data_done(struct tevent_req *subreq);
+static void cli_get_reparse_data_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_get_reparse_data_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_get_reparse_data_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx,
+ &state,
+ struct cli_get_reparse_data_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ subreq = cli_ntcreate_send(state,
+ ev,
+ cli,
+ fname,
+ 0,
+ FILE_READ_ATTRIBUTES | FILE_READ_EA,
+ 0,
+ FILE_SHARE_READ | FILE_SHARE_WRITE |
+ FILE_SHARE_DELETE,
+ FILE_OPEN,
+ FILE_OPEN_REPARSE_POINT,
+ SMB2_IMPERSONATION_IMPERSONATION,
+ 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_get_reparse_data_opened, req);
+ return req;
+}
+
+static void cli_get_reparse_data_opened(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_get_reparse_data_state *state =
+ tevent_req_data(req, struct cli_get_reparse_data_state);
+ NTSTATUS status;
+
+ status = cli_ntcreate_recv(subreq, &state->fnum, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ subreq = cli_fsctl_send(state,
+ state->ev,
+ state->cli,
+ state->fnum,
+ FSCTL_GET_REPARSE_POINT,
+ NULL,
+ 65536);
+
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_get_reparse_data_done, req);
+}
+
+static void cli_get_reparse_data_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_get_reparse_data_state *state =
+ tevent_req_data(req, struct cli_get_reparse_data_state);
+ DATA_BLOB out = {
+ .data = NULL,
+ };
+
+ state->get_reparse_status = cli_fsctl_recv(subreq, state, &out);
+ TALLOC_FREE(subreq);
+
+ if (NT_STATUS_IS_OK(state->get_reparse_status)) {
+ state->data = out.data;
+ state->datalen = out.length;
+ }
+
+ subreq = cli_close_send(state, state->ev, state->cli, state->fnum, 0);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_get_reparse_data_closed, req);
+}
+
+static void cli_get_reparse_data_closed(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq, struct tevent_req);
+ struct cli_get_reparse_data_state *state =
+ tevent_req_data(req, struct cli_get_reparse_data_state);
+ NTSTATUS status;
+
+ status = cli_close_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if (tevent_req_nterror(req, state->get_reparse_status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_get_reparse_data_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint8_t **_data,
+ uint32_t *_datalen)
+{
+ struct cli_get_reparse_data_state *state =
+ tevent_req_data(req, struct cli_get_reparse_data_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ *_data = talloc_move(mem_ctx, &state->data);
+ *_datalen = state->datalen;
+
+ tevent_req_received(req);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_get_reparse_data(struct cli_state *cli,
+ const char *fname,
+ TALLOC_CTX *mem_ctx,
+ uint8_t **_data,
+ uint32_t *_datalen)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_get_reparse_data_send(frame, ev, cli, fname);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_get_reparse_data_recv(req, mem_ctx, _data, _datalen);
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct cli_readlink_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum;
+
+ uint16_t setup[4];
+ uint8_t *data;
+ uint32_t num_data;
+ char *target;
+};
+
+static void cli_readlink_posix1_done(struct tevent_req *subreq);
+static void cli_readlink_got_reparse_data(struct tevent_req *subreq);
+
+struct tevent_req *cli_readlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_readlink_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_readlink_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+
+ if (cli->requested_posix_capabilities != 0) {
+ /*
+ * Only happens for negotiated SMB1 posix caps
+ */
+ subreq = cli_posix_readlink_send(state, ev, cli, fname);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_readlink_posix1_done, req);
+ return req;
+ }
+
+ subreq = cli_get_reparse_data_send(state, ev, cli, fname);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_readlink_got_reparse_data, req);
+ return req;
+}
+
+static void cli_readlink_posix1_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_readlink_state *state = tevent_req_data(
+ req, struct cli_readlink_state);
+ NTSTATUS status;
+
+ status = cli_posix_readlink_recv(subreq, state, &state->target);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static void cli_readlink_got_reparse_data(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_readlink_state *state = tevent_req_data(
+ req, struct cli_readlink_state);
+ NTSTATUS status;
+
+ status = cli_get_reparse_data_recv(subreq,
+ state,
+ &state->data,
+ &state->num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_readlink_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ char **psubstitute_name, char **pprint_name,
+ uint32_t *pflags)
+{
+ struct cli_readlink_state *state = tevent_req_data(
+ req, struct cli_readlink_state);
+ struct reparse_data_buffer buf = {
+ .tag = 0,
+ };
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (state->target != NULL) {
+ /*
+ * SMB1 posix version
+ */
+ if (psubstitute_name != NULL) {
+ *psubstitute_name = talloc_move(
+ mem_ctx, &state->target);
+ }
+ if (pprint_name != NULL) {
+ *pprint_name = NULL;
+ }
+ if (pflags != NULL) {
+ *pflags = 0;
+ }
+ return NT_STATUS_OK;
+ }
+
+ status = reparse_data_buffer_parse(state,
+ &buf,
+ state->data,
+ state->num_data);
+ if (!NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (buf.tag != IO_REPARSE_TAG_SYMLINK) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (psubstitute_name != NULL) {
+ *psubstitute_name =
+ talloc_move(mem_ctx, &buf.parsed.lnk.substitute_name);
+ }
+
+ if (pprint_name != NULL) {
+ *pprint_name =
+ talloc_move(mem_ctx, &buf.parsed.lnk.print_name);
+ }
+
+ if (pflags != NULL) {
+ *pflags = buf.parsed.lnk.flags;
+ }
+
+ tevent_req_received(req);
+
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_readlink(struct cli_state *cli, const char *fname,
+ TALLOC_CTX *mem_ctx, char **psubstitute_name,
+ char **pprint_name, uint32_t *pflags)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_readlink_send(frame, ev, cli, fname);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_readlink_recv(req, mem_ctx, psubstitute_name,
+ pprint_name, pflags);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
new file mode 100644
index 0000000..e5b4c4a
--- /dev/null
+++ b/source3/libsmb/clitrans.c
@@ -0,0 +1,224 @@
+/*
+ Unix SMB/CIFS implementation.
+ client transaction calls
+ Copyright (C) Andrew Tridgell 1994-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "async_smb.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+struct cli_trans_state {
+ struct cli_state *cli;
+ struct tevent_req *subreq;
+ uint16_t recv_flags2;
+ uint16_t *setup;
+ uint8_t num_setup;
+ uint8_t *param;
+ uint32_t num_param;
+ uint8_t *data;
+ uint32_t num_data;
+};
+
+static void cli_trans_done(struct tevent_req *subreq);
+static bool cli_trans_cancel(struct tevent_req *req);
+
+struct tevent_req *cli_trans_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli, uint16_t additional_flags2, uint8_t cmd,
+ const char *pipe_name, uint16_t fid, uint16_t function, int flags,
+ uint16_t *setup, uint8_t num_setup, uint8_t max_setup,
+ uint8_t *param, uint32_t num_param, uint32_t max_param,
+ uint8_t *data, uint32_t num_data, uint32_t max_data)
+{
+ struct tevent_req *req;
+ struct cli_trans_state *state;
+ uint8_t additional_flags = 0;
+ uint8_t clear_flags = 0;
+ uint16_t clear_flags2 = 0;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_trans_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->cli = cli;
+
+ state->subreq = smb1cli_trans_send(state, ev,
+ cli->conn, cmd,
+ additional_flags, clear_flags,
+ additional_flags2, clear_flags2,
+ cli->timeout,
+ cli->smb1.pid,
+ cli->smb1.tcon,
+ cli->smb1.session,
+ pipe_name, fid, function, flags,
+ setup, num_setup, max_setup,
+ param, num_param, max_param,
+ data, num_data, max_data);
+ if (tevent_req_nomem(state->subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->subreq, cli_trans_done, req);
+ tevent_req_set_cancel_fn(req, cli_trans_cancel);
+ return req;
+}
+
+static bool cli_trans_cancel(struct tevent_req *req)
+{
+ struct cli_trans_state *state = tevent_req_data(
+ req, struct cli_trans_state);
+ bool ok;
+
+ ok = tevent_req_cancel(state->subreq);
+ return ok;
+}
+
+static void cli_trans_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_trans_state *state = tevent_req_data(
+ req, struct cli_trans_state);
+ NTSTATUS status;
+
+ status = smb1cli_trans_recv(
+ subreq,
+ state,
+ &state->recv_flags2,
+ &state->setup, 0, &state->num_setup,
+ &state->param, 0, &state->num_param,
+ &state->data, 0, &state->num_data);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS cli_trans_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint16_t *recv_flags2,
+ uint16_t **setup, uint8_t min_setup,
+ uint8_t *num_setup,
+ uint8_t **param, uint32_t min_param,
+ uint32_t *num_param,
+ uint8_t **data, uint32_t min_data,
+ uint32_t *num_data)
+{
+ struct cli_trans_state *state = tevent_req_data(
+ req, struct cli_trans_state);
+ NTSTATUS status = NT_STATUS_OK;
+ bool map_dos_errors = true;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ goto map_error;
+ }
+
+ if ((state->num_setup < min_setup) ||
+ (state->num_param < min_param) ||
+ (state->num_data < min_data)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ if (recv_flags2 != NULL) {
+ *recv_flags2 = state->recv_flags2;
+ }
+ if (setup != NULL) {
+ *setup = talloc_move(mem_ctx, &state->setup);
+ *num_setup = state->num_setup;
+ }
+ if (param != NULL) {
+ *param = talloc_move(mem_ctx, &state->param);
+ *num_param = state->num_param;
+ }
+ if (data != NULL) {
+ *data = talloc_move(mem_ctx, &state->data);
+ *num_data = state->num_data;
+ }
+
+map_error:
+ map_dos_errors = state->cli->map_dos_errors;
+ state->cli->raw_status = status;
+
+ if (NT_STATUS_IS_DOS(status) && map_dos_errors) {
+ uint8_t eclass = NT_STATUS_DOS_CLASS(status);
+ uint16_t ecode = NT_STATUS_DOS_CODE(status);
+ /*
+ * TODO: is it really a good idea to do a mapping here?
+ *
+ * The old cli_pull_error() also does it, so I do not change
+ * the behavior yet.
+ */
+ status = dos_to_ntstatus(eclass, ecode);
+ }
+
+ return status;
+}
+
+NTSTATUS cli_trans(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint8_t trans_cmd,
+ const char *pipe_name, uint16_t fid, uint16_t function,
+ int flags,
+ uint16_t *setup, uint8_t num_setup, uint8_t max_setup,
+ uint8_t *param, uint32_t num_param, uint32_t max_param,
+ uint8_t *data, uint32_t num_data, uint32_t max_data,
+ uint16_t *recv_flags2,
+ uint16_t **rsetup, uint8_t min_rsetup, uint8_t *num_rsetup,
+ uint8_t **rparam, uint32_t min_rparam, uint32_t *num_rparam,
+ uint8_t **rdata, uint32_t min_rdata, uint32_t *num_rdata)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (smbXcli_conn_has_async_calls(cli->conn)) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto fail;
+ }
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = cli_trans_send(
+ frame, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ 0, /* additional_flags2 */
+ trans_cmd, /* cmd */
+ pipe_name, fid, function, flags,
+ setup, num_setup, max_setup,
+ param, num_param, max_param,
+ data, num_data, max_data);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = cli_trans_recv(
+ req, mem_ctx, recv_flags2,
+ rsetup, min_rsetup, num_rsetup,
+ rparam, min_rparam, num_rparam,
+ rdata, min_rdata, num_rdata);
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/conncache.c b/source3/libsmb/conncache.c
new file mode 100644
index 0000000..7310b50
--- /dev/null
+++ b/source3/libsmb/conncache.c
@@ -0,0 +1,227 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Winbind daemon connection manager
+
+ Copyright (C) Tim Potter 2001
+ Copyright (C) Andrew Bartlett 2002
+ Copyright (C) Gerald (Jerry) Carter 2003
+ Copyright (C) Marc VanHeyningen 2008
+ Copyright (C) Volker Lendecke 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "lib/gencache.h"
+
+/**
+ * @file
+ * Negative connection cache implemented in terms of gencache API
+ *
+ * The negative connection cache stores names of servers which have
+ * been unresponsive so that we don't waste time repeatedly trying
+ * to contact them. It used to use an in-memory linked list, but
+ * this limited its utility to a single process
+ */
+
+
+/**
+ * Marshalls the domain and server name into the key for the gencache
+ * record
+ *
+ * @param[in] domain required
+ * @param[in] server may be a FQDN or an IP address
+ * @return the resulting string, which the caller is responsible for
+ * SAFE_FREE()ing
+ * @retval NULL returned on error
+ */
+static char *negative_conn_cache_keystr(const char *domain, const char *server)
+{
+ char *keystr = NULL;
+
+ if (domain == NULL) {
+ return NULL;
+ }
+ if (server == NULL)
+ server = "";
+
+ keystr = talloc_asprintf(talloc_tos(), "NEG_CONN_CACHE/%s,%s",
+ domain, server);
+ if (keystr == NULL) {
+ DEBUG(0, ("negative_conn_cache_keystr: malloc error\n"));
+ }
+
+ return keystr;
+}
+
+/**
+ * Marshalls the NT status into a printable value field for the gencache
+ * record
+ *
+ * @param[in] status
+ * @return the resulting string, which the caller is responsible for
+ * SAFE_FREE()ing
+ * @retval NULL returned on error
+ */
+static char *negative_conn_cache_valuestr(NTSTATUS status)
+{
+ char *valuestr = NULL;
+
+ valuestr = talloc_asprintf(talloc_tos(), "%x", NT_STATUS_V(status));
+ if (valuestr == NULL) {
+ DEBUG(0, ("negative_conn_cache_valuestr: malloc error\n"));
+ }
+
+ return valuestr;
+}
+
+/**
+ * Un-marshalls the NT status from a printable field for the gencache
+ * record
+ *
+ * @param[in] value The value field from the record
+ * @return the decoded NT status
+ * @retval NT_STATUS_OK returned on error
+ */
+static NTSTATUS negative_conn_cache_valuedecode(const char *value)
+{
+ unsigned int v = NT_STATUS_V(NT_STATUS_INTERNAL_ERROR);
+
+ if (value == NULL) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ if (sscanf(value, "%x", &v) != 1) {
+ DEBUG(0, ("negative_conn_cache_valuedecode: unable to parse "
+ "value field '%s'\n", value));
+ }
+ return NT_STATUS(v);
+}
+
+/**
+ * Function passed to gencache_iterate to remove any matching items
+ * from the list
+ *
+ * @param[in] key Key to the record found and to be deleted
+ * @param[in] value Value to the record (ignored)
+ * @param[in] timeout Timeout remaining for the record (ignored)
+ * @param[in] dptr Handle for passing additional data (ignored)
+ */
+static void delete_matches(const char *key, const char *value,
+ time_t timeout, void *dptr)
+{
+ gencache_del(key);
+}
+
+
+/**
+ * Checks for a given domain/server record in the negative cache
+ *
+ * @param[in] domain
+ * @param[in] server may be either a FQDN or an IP address
+ * @return The cached failure status
+ * @retval NT_STATUS_OK returned if no record is found or an error occurs
+ */
+NTSTATUS check_negative_conn_cache( const char *domain, const char *server)
+{
+ NTSTATUS result = NT_STATUS_OK;
+ char *key = NULL;
+ char *value = NULL;
+
+ key = negative_conn_cache_keystr(domain, server);
+ if (key == NULL)
+ goto done;
+
+ if (gencache_get(key, talloc_tos(), &value, NULL))
+ result = negative_conn_cache_valuedecode(value);
+ done:
+ DEBUG(9,("check_negative_conn_cache returning result %d for domain %s "
+ "server %s\n", NT_STATUS_V(result), domain, server));
+ TALLOC_FREE(key);
+ TALLOC_FREE(value);
+ return result;
+}
+
+/**
+ * Add an entry to the failed connection cache
+ *
+ * @param[in] domain
+ * @param[in] server may be a FQDN or an IP addr in printable form
+ * @param[in] result error to cache; must not be NT_STATUS_OK
+ */
+void add_failed_connection_entry(const char *domain, const char *server,
+ NTSTATUS result)
+{
+ char *key = NULL;
+ char *value = NULL;
+
+ if (NT_STATUS_IS_OK(result)) {
+ /* Nothing failed here */
+ return;
+ }
+
+ key = negative_conn_cache_keystr(domain, server);
+ if (key == NULL) {
+ DEBUG(0, ("add_failed_connection_entry: key creation error\n"));
+ goto done;
+ }
+
+ value = negative_conn_cache_valuestr(result);
+ if (value == NULL) {
+ DEBUG(0, ("add_failed_connection_entry: value creation error\n"));
+ goto done;
+ }
+
+ if (gencache_set(key, value,
+ time(NULL) + FAILED_CONNECTION_CACHE_TIMEOUT))
+ DEBUG(9,("add_failed_connection_entry: added domain %s (%s) "
+ "to failed conn cache\n", domain, server ));
+ else
+ DEBUG(1,("add_failed_connection_entry: failed to add "
+ "domain %s (%s) to failed conn cache\n",
+ domain, server));
+
+ done:
+ TALLOC_FREE(key);
+ TALLOC_FREE(value);
+ return;
+}
+
+/**
+ * Deletes all records for a specified domain from the negative connection
+ * cache
+ *
+ * @param[in] domain String to match against domain portion of keys, or "*"
+ * to match all domains
+ */
+void flush_negative_conn_cache_for_domain(const char *domain)
+{
+ char *key_pattern = NULL;
+
+ key_pattern = negative_conn_cache_keystr(domain,"*");
+ if (key_pattern == NULL) {
+ DEBUG(0, ("flush_negative_conn_cache_for_domain: "
+ "key creation error\n"));
+ goto done;
+ }
+
+ gencache_iterate(delete_matches, NULL, key_pattern);
+ DEBUG(8, ("flush_negative_conn_cache_for_domain: flushed domain %s\n",
+ domain));
+
+ done:
+ TALLOC_FREE(key_pattern);
+ return;
+}
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
new file mode 100644
index 0000000..09a6e66
--- /dev/null
+++ b/source3/libsmb/dsgetdcname.c
@@ -0,0 +1,1274 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ dsgetdcname
+
+ Copyright (C) Gerald Carter 2006
+ Copyright (C) Guenther Deschner 2007-2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/dsgetdcname.h"
+#include "libsmb/namequery.h"
+#include "libads/sitename_cache.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "libads/cldap.h"
+#include "lib/addns/dnsquery_srv.h"
+#include "libsmb/clidgram.h"
+#include "lib/gencache.h"
+#include "lib/util/util_net.h"
+
+/* 15 minutes */
+#define DSGETDCNAME_CACHE_TTL 60*15
+
+struct ip_service_name {
+ struct samba_sockaddr sa;
+ const char *hostname;
+};
+
+static NTSTATUS make_dc_info_from_cldap_reply(
+ TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ const struct samba_sockaddr *sa,
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX *r,
+ struct netr_DsRGetDCNameInfo **info);
+
+/****************************************************************
+****************************************************************/
+
+static void debug_dsdcinfo_flags(int lvl, uint32_t flags)
+{
+ DEBUG(lvl,("debug_dsdcinfo_flags: 0x%08x\n\t", flags));
+
+ if (flags & DS_FORCE_REDISCOVERY)
+ DEBUGADD(lvl,("DS_FORCE_REDISCOVERY "));
+ if (flags & 0x00000002)
+ DEBUGADD(lvl,("0x00000002 "));
+ if (flags & 0x00000004)
+ DEBUGADD(lvl,("0x00000004 "));
+ if (flags & 0x00000008)
+ DEBUGADD(lvl,("0x00000008 "));
+ if (flags & DS_DIRECTORY_SERVICE_REQUIRED)
+ DEBUGADD(lvl,("DS_DIRECTORY_SERVICE_REQUIRED "));
+ if (flags & DS_DIRECTORY_SERVICE_PREFERRED)
+ DEBUGADD(lvl,("DS_DIRECTORY_SERVICE_PREFERRED "));
+ if (flags & DS_GC_SERVER_REQUIRED)
+ DEBUGADD(lvl,("DS_GC_SERVER_REQUIRED "));
+ if (flags & DS_PDC_REQUIRED)
+ DEBUGADD(lvl,("DS_PDC_REQUIRED "));
+ if (flags & DS_BACKGROUND_ONLY)
+ DEBUGADD(lvl,("DS_BACKGROUND_ONLY "));
+ if (flags & DS_IP_REQUIRED)
+ DEBUGADD(lvl,("DS_IP_REQUIRED "));
+ if (flags & DS_KDC_REQUIRED)
+ DEBUGADD(lvl,("DS_KDC_REQUIRED "));
+ if (flags & DS_TIMESERV_REQUIRED)
+ DEBUGADD(lvl,("DS_TIMESERV_REQUIRED "));
+ if (flags & DS_WRITABLE_REQUIRED)
+ DEBUGADD(lvl,("DS_WRITABLE_REQUIRED "));
+ if (flags & DS_GOOD_TIMESERV_PREFERRED)
+ DEBUGADD(lvl,("DS_GOOD_TIMESERV_PREFERRED "));
+ if (flags & DS_AVOID_SELF)
+ DEBUGADD(lvl,("DS_AVOID_SELF "));
+ if (flags & DS_ONLY_LDAP_NEEDED)
+ DEBUGADD(lvl,("DS_ONLY_LDAP_NEEDED "));
+ if (flags & DS_IS_FLAT_NAME)
+ DEBUGADD(lvl,("DS_IS_FLAT_NAME "));
+ if (flags & DS_IS_DNS_NAME)
+ DEBUGADD(lvl,("DS_IS_DNS_NAME "));
+ if (flags & DS_TRY_NEXTCLOSEST_SITE)
+ DEBUGADD(lvl,("DS_TRY_NEXTCLOSEST_SITE "));
+ if (flags & DS_DIRECTORY_SERVICE_6_REQUIRED)
+ DEBUGADD(lvl,("DS_DIRECTORY_SERVICE_6_REQUIRED "));
+ if (flags & DS_WEB_SERVICE_REQUIRED)
+ DEBUGADD(lvl,("DS_WEB_SERVICE_REQUIRED "));
+ if (flags & DS_DIRECTORY_SERVICE_8_REQUIRED)
+ DEBUGADD(lvl,("DS_DIRECTORY_SERVICE_8_REQUIRED "));
+ if (flags & DS_DIRECTORY_SERVICE_9_REQUIRED)
+ DEBUGADD(lvl,("DS_DIRECTORY_SERVICE_9_REQUIRED "));
+ if (flags & DS_DIRECTORY_SERVICE_10_REQUIRED)
+ DEBUGADD(lvl,("DS_DIRECTORY_SERVICE_10_REQUIRED "));
+ if (flags & 0x01000000)
+ DEBUGADD(lvl,("0x01000000 "));
+ if (flags & 0x02000000)
+ DEBUGADD(lvl,("0x02000000 "));
+ if (flags & 0x04000000)
+ DEBUGADD(lvl,("0x04000000 "));
+ if (flags & 0x08000000)
+ DEBUGADD(lvl,("0x08000000 "));
+ if (flags & 0x10000000)
+ DEBUGADD(lvl,("0x10000000 "));
+ if (flags & 0x20000000)
+ DEBUGADD(lvl,("0x20000000 "));
+ if (flags & DS_RETURN_DNS_NAME)
+ DEBUGADD(lvl,("DS_RETURN_DNS_NAME "));
+ if (flags & DS_RETURN_FLAT_NAME)
+ DEBUGADD(lvl,("DS_RETURN_FLAT_NAME "));
+ if (flags)
+ DEBUGADD(lvl,("\n"));
+}
+
+/****************************************************************
+****************************************************************/
+
+static char *dsgetdcname_cache_key(TALLOC_CTX *mem_ctx, const char *domain)
+{
+ if (!domain) {
+ return NULL;
+ }
+
+ return talloc_asprintf_strupper_m(mem_ctx, "DSGETDCNAME/DOMAIN/%s",
+ domain);
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS dsgetdcname_cache_delete(TALLOC_CTX *mem_ctx,
+ const char *domain_name)
+{
+ char *key;
+
+ key = dsgetdcname_cache_key(mem_ctx, domain_name);
+ if (!key) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!gencache_del(key)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS dsgetdcname_cache_store(TALLOC_CTX *mem_ctx,
+ const char *domain_name,
+ DATA_BLOB blob)
+{
+ time_t expire_time;
+ char *key;
+ bool ret = false;
+
+ key = dsgetdcname_cache_key(mem_ctx, domain_name);
+ if (!key) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ expire_time = time(NULL) + DSGETDCNAME_CACHE_TTL;
+
+ ret = gencache_set_data_blob(key, blob, expire_time);
+
+ return ret ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ struct samba_sockaddr *sa,
+ uint32_t nt_version,
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX *r)
+{
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+ NTSTATUS status;
+ char addr[INET6_ADDRSTRLEN];
+
+ print_sockaddr(addr, sizeof(addr), &sa->u.ss);
+
+ /* FIXME */
+ r->sockaddr_size = 0x10; /* the w32 winsock addr size */
+ r->sockaddr.sockaddr_family = 2; /* AF_INET */
+ r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr);
+
+ ndr_err = ndr_push_struct_blob(&blob, mem_ctx, r,
+ (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ if (r->domain_name) {
+ status = dsgetdcname_cache_store(mem_ctx, r->domain_name,
+ blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (r->client_site) {
+ sitename_store(r->domain_name, r->client_site);
+ }
+ }
+ if (r->dns_domain) {
+ status = dsgetdcname_cache_store(mem_ctx, r->dns_domain, blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ if (r->client_site) {
+ sitename_store(r->dns_domain, r->client_site);
+ }
+ }
+
+ status = NT_STATUS_OK;
+
+ done:
+ data_blob_free(&blob);
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response *r,
+ uint32_t nt_version)
+{
+ switch (nt_version & 0x0000001f) {
+ case 0:
+ case 1:
+ case 16:
+ case 17:
+ return 0;
+ case 2:
+ case 3:
+ case 18:
+ case 19:
+ return r->data.nt5.server_type;
+ case 4:
+ case 5:
+ case 6:
+ case 7:
+ return r->data.nt5_ex.server_type;
+ case 8:
+ case 9:
+ case 10:
+ case 11:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ return r->data.nt5_ex.server_type;
+ case 20:
+ case 21:
+ case 22:
+ case 23:
+ case 24:
+ case 25:
+ case 26:
+ case 27:
+ case 28:
+ return r->data.nt5_ex.server_type;
+ case 29:
+ case 30:
+ case 31:
+ return r->data.nt5_ex.server_type;
+ default:
+ return 0;
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ uint32_t flags,
+ struct netr_DsRGetDCNameInfo **info_p)
+{
+ char *key;
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+ struct netr_DsRGetDCNameInfo *info;
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX r;
+ NTSTATUS status;
+
+ key = dsgetdcname_cache_key(mem_ctx, domain_name);
+ if (!key) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!gencache_get_data_blob(key, NULL, &blob, NULL, NULL)) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ info = talloc_zero(mem_ctx, struct netr_DsRGetDCNameInfo);
+ if (!info) {
+ data_blob_free(&blob);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &r,
+ (ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX);
+
+ data_blob_free(&blob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ dsgetdcname_cache_delete(mem_ctx, domain_name);
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
+ status = make_dc_info_from_cldap_reply(mem_ctx, flags, NULL,
+ &r, &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(netr_DsRGetDCNameInfo, info);
+ }
+
+ /* check flags */
+ if (!check_cldap_reply_required_flags(info->dc_flags, flags)) {
+ DEBUG(10,("invalid flags\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if ((flags & DS_IP_REQUIRED) &&
+ (info->dc_address_type != DS_ADDRESS_TYPE_INET)) {
+ return NT_STATUS_INVALID_PARAMETER_MIX;
+ }
+
+ *info_p = info;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS dsgetdcname_cached(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ uint32_t flags,
+ const char *site_name,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ NTSTATUS status;
+
+ status = dsgetdcname_cache_fetch(mem_ctx, domain_name, domain_guid,
+ flags, info);
+ if (!NT_STATUS_IS_OK(status)
+ && !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ DEBUG(10,("dsgetdcname_cached: cache fetch failed with: %s\n",
+ nt_errstr(status)));
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ }
+
+ if (flags & DS_BACKGROUND_ONLY) {
+ return status;
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ struct netr_DsRGetDCNameInfo *dc_info;
+
+ status = dsgetdcname(mem_ctx, msg_ctx, domain_name,
+ domain_guid, site_name,
+ flags | DS_FORCE_REDISCOVERY,
+ &dc_info);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ *info = dc_info;
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static bool check_allowed_required_flags(uint32_t flags,
+ const char *site_name)
+{
+ uint32_t return_type = flags & (DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME);
+ uint32_t offered_type = flags & (DS_IS_FLAT_NAME|DS_IS_DNS_NAME);
+ uint32_t query_type = flags & (DS_BACKGROUND_ONLY|DS_FORCE_REDISCOVERY);
+
+ /* FIXME: check for DSGETDC_VALID_FLAGS and check for exclusive bits
+ * (DS_PDC_REQUIRED, DS_KDC_REQUIRED, DS_GC_SERVER_REQUIRED) */
+
+ debug_dsdcinfo_flags(10, flags);
+
+ if ((flags & DS_TRY_NEXTCLOSEST_SITE) && site_name) {
+ return false;
+ }
+
+ if (return_type == (DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME)) {
+ return false;
+ }
+
+ if (offered_type == (DS_IS_DNS_NAME|DS_IS_FLAT_NAME)) {
+ return false;
+ }
+
+ if (query_type == (DS_BACKGROUND_ONLY|DS_FORCE_REDISCOVERY)) {
+ return false;
+ }
+
+#if 0
+ if ((flags & DS_RETURN_DNS_NAME) && (!(flags & DS_IP_REQUIRED))) {
+ printf("gd: here5 \n");
+ return false;
+ }
+#endif
+ return true;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS discover_dc_netbios(TALLOC_CTX *mem_ctx,
+ const char *domain_name,
+ uint32_t flags,
+ struct ip_service_name **returned_dclist,
+ size_t *returned_count)
+{
+ NTSTATUS status;
+ enum nbt_name_type name_type = NBT_NAME_LOGON;
+ struct samba_sockaddr *salist = NULL;
+ size_t i;
+ struct ip_service_name *dclist = NULL;
+ size_t count = 0;
+ static const char *resolve_order[] = { "lmhosts", "wins", "bcast", NULL };
+
+ if (flags & DS_PDC_REQUIRED) {
+ name_type = NBT_NAME_PDC;
+ }
+
+ status = internal_resolve_name(mem_ctx,
+ domain_name,
+ name_type,
+ NULL,
+ &salist,
+ &count,
+ resolve_order);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("discover_dc_netbios: failed to find DC\n"));
+ return status;
+ }
+
+ dclist = talloc_zero_array(mem_ctx, struct ip_service_name, count);
+ if (!dclist) {
+ TALLOC_FREE(salist);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ for (i=0; i<count; i++) {
+ char addr[INET6_ADDRSTRLEN];
+ struct ip_service_name *r = &dclist[i];
+
+ print_sockaddr(addr, sizeof(addr),
+ &salist[i].u.ss);
+
+ r->sa = salist[i];
+ r->hostname = talloc_strdup(mem_ctx, addr);
+ if (!r->hostname) {
+ TALLOC_FREE(salist);
+ TALLOC_FREE(dclist);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ }
+
+ TALLOC_FREE(salist);
+
+ *returned_dclist = dclist;
+ *returned_count = count;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ uint32_t flags,
+ const char *site_name,
+ struct ip_service_name **returned_dclist,
+ size_t *return_count)
+{
+ size_t i;
+ NTSTATUS status;
+ struct dns_rr_srv *dcs = NULL;
+ size_t numdcs = 0;
+ struct ip_service_name *dclist = NULL;
+ size_t ret_count = 0;
+ char *query = NULL;
+
+ if (flags & DS_PDC_REQUIRED) {
+ query = ads_dns_query_string_pdc(mem_ctx, domain_name);
+ } else if (flags & DS_GC_SERVER_REQUIRED) {
+ query = ads_dns_query_string_gcs(mem_ctx, domain_name);
+ } else if (flags & DS_KDC_REQUIRED) {
+ query = ads_dns_query_string_kdcs(mem_ctx, domain_name);
+ } else if (flags & DS_DIRECTORY_SERVICE_REQUIRED) {
+ query = ads_dns_query_string_dcs(mem_ctx, domain_name);
+ } else if (domain_guid) {
+ query = ads_dns_query_string_dcs_guid(
+ mem_ctx, domain_guid, domain_name);
+ } else {
+ query = ads_dns_query_string_dcs(mem_ctx, domain_name);
+ }
+
+ if (query == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = ads_dns_query_srv(
+ mem_ctx,
+ lp_get_async_dns_timeout(),
+ site_name,
+ query,
+ &dcs,
+ &numdcs);
+ TALLOC_FREE(query);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (numdcs == 0) {
+ TALLOC_FREE(dcs);
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ }
+
+ /* Check for integer wrap. */
+ if (numdcs + numdcs < numdcs) {
+ TALLOC_FREE(dcs);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /*
+ * We're only returning up to 2 addresses per
+ * DC name, so just allocate size numdcs x 2.
+ */
+
+ dclist = talloc_zero_array(mem_ctx,
+ struct ip_service_name,
+ numdcs * 2);
+ if (!dclist) {
+ TALLOC_FREE(dcs);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /*
+ * First, copy the SRV record replies that
+ * have IP addresses returned with them.
+ */
+ ret_count = 0;
+ for (i = 0; i < numdcs; i++) {
+ size_t j;
+ bool have_v4_addr = false;
+ bool have_v6_addr = false;
+
+ if (dcs[i].num_ips == 0) {
+ continue;
+ }
+
+ /*
+ * Pick up to 1 address from each address
+ * family (IPv4, IPv6).
+ *
+ * This is different from the previous
+ * code which picked a 'next ip' address
+ * each time, incrementing an index.
+ * Too complex to maintain :-(.
+ */
+ for (j = 0; j < dcs[i].num_ips; j++) {
+ if ((dcs[i].ss_s[j].ss_family == AF_INET && !have_v4_addr) ||
+ (dcs[i].ss_s[j].ss_family == AF_INET6 && !have_v6_addr)) {
+ bool ok;
+ dclist[ret_count].hostname =
+ talloc_strdup(dclist, dcs[i].hostname);
+ ok = sockaddr_storage_to_samba_sockaddr(
+ &dclist[ret_count].sa,
+ &dcs[i].ss_s[j]);
+ if (!ok) {
+ TALLOC_FREE(dcs);
+ TALLOC_FREE(dclist);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ret_count++;
+ if (dcs[i].ss_s[j].ss_family == AF_INET) {
+ have_v4_addr = true;
+ } else {
+ have_v6_addr = true;
+ }
+ if (have_v4_addr && have_v6_addr) {
+ break;
+ }
+ }
+ }
+ }
+
+ TALLOC_FREE(dcs);
+
+ if (ret_count == 0) {
+ TALLOC_FREE(dclist);
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ }
+
+ *returned_dclist = dclist;
+ *return_count = ret_count;
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS make_domain_controller_info(TALLOC_CTX *mem_ctx,
+ const char *dc_unc,
+ const char *dc_address,
+ uint32_t dc_address_type,
+ const struct GUID *domain_guid,
+ const char *domain_name,
+ const char *forest_name,
+ uint32_t flags,
+ const char *dc_site_name,
+ const char *client_site_name,
+ struct netr_DsRGetDCNameInfo **info_out)
+{
+ struct netr_DsRGetDCNameInfo *info;
+
+ info = talloc_zero(mem_ctx, struct netr_DsRGetDCNameInfo);
+ NT_STATUS_HAVE_NO_MEMORY(info);
+
+ if (dc_unc) {
+ if (!(dc_unc[0] == '\\' && dc_unc[1] == '\\')) {
+ info->dc_unc = talloc_asprintf(mem_ctx, "\\\\%s",
+ dc_unc);
+ } else {
+ info->dc_unc = talloc_strdup(mem_ctx, dc_unc);
+ }
+ NT_STATUS_HAVE_NO_MEMORY(info->dc_unc);
+ }
+
+ if (dc_address) {
+ if (!(dc_address[0] == '\\' && dc_address[1] == '\\')) {
+ info->dc_address = talloc_asprintf(mem_ctx, "\\\\%s",
+ dc_address);
+ } else {
+ info->dc_address = talloc_strdup(mem_ctx, dc_address);
+ }
+ NT_STATUS_HAVE_NO_MEMORY(info->dc_address);
+ }
+
+ info->dc_address_type = dc_address_type;
+
+ if (domain_guid) {
+ info->domain_guid = *domain_guid;
+ }
+
+ if (domain_name) {
+ info->domain_name = talloc_strdup(mem_ctx, domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
+ }
+
+ if (forest_name && *forest_name) {
+ info->forest_name = talloc_strdup(mem_ctx, forest_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->forest_name);
+ flags |= DS_DNS_FOREST_ROOT;
+ }
+
+ info->dc_flags = flags;
+
+ if (dc_site_name) {
+ info->dc_site_name = talloc_strdup(mem_ctx, dc_site_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->dc_site_name);
+ }
+
+ if (client_site_name) {
+ info->client_site_name = talloc_strdup(mem_ctx,
+ client_site_name);
+ NT_STATUS_HAVE_NO_MEMORY(info->client_site_name);
+ }
+
+ *info_out = info;
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static void map_dc_and_domain_names(uint32_t flags,
+ const char *dc_name,
+ const char *domain_name,
+ const char *dns_dc_name,
+ const char *dns_domain_name,
+ uint32_t *dc_flags,
+ const char **hostname_p,
+ const char **domain_p)
+{
+ switch (flags & 0xf0000000) {
+ case DS_RETURN_FLAT_NAME:
+ if (dc_name && domain_name &&
+ *dc_name && *domain_name) {
+ *hostname_p = dc_name;
+ *domain_p = domain_name;
+ break;
+ }
+
+ FALL_THROUGH;
+ case DS_RETURN_DNS_NAME:
+ default:
+ if (dns_dc_name && dns_domain_name &&
+ *dns_dc_name && *dns_domain_name) {
+ *hostname_p = dns_dc_name;
+ *domain_p = dns_domain_name;
+ *dc_flags |= DS_DNS_DOMAIN | DS_DNS_CONTROLLER;
+ break;
+ }
+ if (dc_name && domain_name &&
+ *dc_name && *domain_name) {
+ *hostname_p = dc_name;
+ *domain_p = domain_name;
+ break;
+ }
+ }
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS make_dc_info_from_cldap_reply(
+ TALLOC_CTX *mem_ctx,
+ uint32_t flags,
+ const struct samba_sockaddr *sa,
+ struct NETLOGON_SAM_LOGON_RESPONSE_EX *r,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ const char *dc_hostname = NULL;
+ const char *dc_domain_name = NULL;
+ const char *dc_address = NULL;
+ const char *dc_forest = NULL;
+ uint32_t dc_address_type = 0;
+ uint32_t dc_flags = 0;
+ struct GUID *dc_domain_guid = NULL;
+ const char *dc_server_site = NULL;
+ const char *dc_client_site = NULL;
+
+ char addr[INET6_ADDRSTRLEN];
+
+ if (sa != NULL) {
+ print_sockaddr(addr, sizeof(addr), &sa->u.ss);
+ dc_address = addr;
+ dc_address_type = DS_ADDRESS_TYPE_INET;
+ } else {
+ if (r->sockaddr.pdc_ip) {
+ dc_address = r->sockaddr.pdc_ip;
+ dc_address_type = DS_ADDRESS_TYPE_INET;
+ } else {
+ dc_address = r->pdc_name;
+ dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
+ }
+ }
+
+ map_dc_and_domain_names(flags,
+ r->pdc_name,
+ r->domain_name,
+ r->pdc_dns_name,
+ r->dns_domain,
+ &dc_flags,
+ &dc_hostname,
+ &dc_domain_name);
+
+ dc_flags |= r->server_type;
+ dc_forest = r->forest;
+ dc_domain_guid = &r->domain_uuid;
+ dc_server_site = r->server_site;
+ dc_client_site = r->client_site;
+
+ return make_domain_controller_info(mem_ctx,
+ dc_hostname,
+ dc_address,
+ dc_address_type,
+ dc_domain_guid,
+ dc_domain_name,
+ dc_forest,
+ dc_flags,
+ dc_server_site,
+ dc_client_site,
+ info);
+}
+
+/****************************************************************
+****************************************************************/
+
+static uint32_t map_ds_flags_to_nt_version(uint32_t flags)
+{
+ uint32_t nt_version = 0;
+
+ if (flags & DS_PDC_REQUIRED) {
+ nt_version |= NETLOGON_NT_VERSION_PDC;
+ }
+
+ if (flags & DS_GC_SERVER_REQUIRED) {
+ nt_version |= NETLOGON_NT_VERSION_GC;
+ }
+
+ if (flags & DS_TRY_NEXTCLOSEST_SITE) {
+ nt_version |= NETLOGON_NT_VERSION_WITH_CLOSEST_SITE;
+ }
+
+ if (flags & DS_IP_REQUIRED) {
+ nt_version |= NETLOGON_NT_VERSION_IP;
+ }
+
+ return nt_version;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
+ const char *domain_name,
+ uint32_t flags,
+ struct ip_service_name *dclist,
+ size_t num_dcs,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ size_t i = 0;
+ bool valid_dc = false;
+ struct netlogon_samlogon_response *r = NULL;
+ uint32_t nt_version = NETLOGON_NT_VERSION_5 |
+ NETLOGON_NT_VERSION_5EX;
+ uint32_t ret_flags = 0;
+ NTSTATUS status;
+
+ nt_version |= map_ds_flags_to_nt_version(flags);
+
+ for (i=0; i<num_dcs; i++) {
+ char addr[INET6_ADDRSTRLEN];
+
+ print_sockaddr(addr, sizeof(addr), &dclist[i].sa.u.ss);
+
+ DEBUG(10,("LDAP ping to %s (%s)\n", dclist[i].hostname, addr));
+
+ if (ads_cldap_netlogon(mem_ctx, &dclist[i].sa.u.ss,
+ domain_name,
+ nt_version,
+ &r))
+ {
+ nt_version = r->ntver;
+ ret_flags = get_cldap_reply_server_flags(r, nt_version);
+
+ if (check_cldap_reply_required_flags(ret_flags, flags)) {
+ valid_dc = true;
+ break;
+ }
+ }
+
+ continue;
+ }
+
+ if (!valid_dc) {
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ }
+
+ status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].sa,
+ &r->data.nt5_ex, info);
+ if (NT_STATUS_IS_OK(status)) {
+ return store_cldap_reply(mem_ctx, flags, &dclist[i].sa,
+ nt_version, &r->data.nt5_ex);
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ uint32_t flags,
+ struct ip_service_name *dclist,
+ size_t num_dcs,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ enum nbt_name_type name_type = NBT_NAME_LOGON;
+ NTSTATUS status;
+ size_t i;
+ const char *dc_name = NULL;
+ fstring tmp_dc_name;
+ struct netlogon_samlogon_response *r = NULL;
+ bool store_cache = false;
+ uint32_t nt_version = NETLOGON_NT_VERSION_1 |
+ NETLOGON_NT_VERSION_5 |
+ NETLOGON_NT_VERSION_5EX_WITH_IP;
+ size_t len = strlen(lp_netbios_name());
+ char my_acct_name[len+2];
+
+ if (msg_ctx == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (flags & DS_PDC_REQUIRED) {
+ name_type = NBT_NAME_PDC;
+ }
+
+ nt_version |= map_ds_flags_to_nt_version(flags);
+
+ snprintf(my_acct_name,
+ sizeof(my_acct_name),
+ "%s$",
+ lp_netbios_name());
+
+ DEBUG(10,("process_dc_netbios\n"));
+
+ for (i=0; i<num_dcs; i++) {
+ uint16_t val;
+
+ generate_random_buffer((uint8_t *)&val, 2);
+
+ status = nbt_getdc(msg_ctx, 10, &dclist[i].sa.u.ss, domain_name,
+ NULL, my_acct_name, ACB_WSTRUST, nt_version,
+ mem_ctx, &nt_version, &dc_name, &r);
+ if (NT_STATUS_IS_OK(status)) {
+ store_cache = true;
+ namecache_store(dc_name,
+ NBT_NAME_SERVER,
+ 1,
+ &dclist[i].sa);
+ goto make_reply;
+ }
+
+ if (name_status_find(domain_name,
+ name_type,
+ NBT_NAME_SERVER,
+ &dclist[i].sa.u.ss,
+ tmp_dc_name))
+ {
+ struct NETLOGON_SAM_LOGON_RESPONSE_NT40 logon1;
+
+ r = talloc_zero(mem_ctx, struct netlogon_samlogon_response);
+ NT_STATUS_HAVE_NO_MEMORY(r);
+
+ ZERO_STRUCT(logon1);
+
+ nt_version = NETLOGON_NT_VERSION_1;
+
+ logon1.nt_version = nt_version;
+ logon1.pdc_name = tmp_dc_name;
+ logon1.domain_name = talloc_strdup_upper(mem_ctx, domain_name);
+ NT_STATUS_HAVE_NO_MEMORY(logon1.domain_name);
+
+ r->data.nt4 = logon1;
+ r->ntver = nt_version;
+
+ map_netlogon_samlogon_response(r);
+
+ namecache_store(tmp_dc_name,
+ NBT_NAME_SERVER,
+ 1,
+ &dclist[i].sa);
+
+ goto make_reply;
+ }
+ }
+
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+
+ make_reply:
+
+ status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].sa,
+ &r->data.nt5_ex, info);
+ if (NT_STATUS_IS_OK(status) && store_cache) {
+ return store_cldap_reply(mem_ctx, flags, &dclist[i].sa,
+ nt_version, &r->data.nt5_ex);
+ }
+
+ return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ uint32_t flags,
+ const char *site_name,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ NTSTATUS status;
+ struct ip_service_name *dclist = NULL;
+ size_t num_dcs = 0;
+
+ DEBUG(10,("dsgetdcname_rediscover\n"));
+
+ if (flags & DS_IS_FLAT_NAME) {
+
+ if (lp_disable_netbios()) {
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ status = discover_dc_netbios(mem_ctx, domain_name, flags,
+ &dclist, &num_dcs);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ return process_dc_netbios(mem_ctx, msg_ctx, domain_name, flags,
+ dclist, num_dcs, info);
+ }
+
+ if (flags & DS_IS_DNS_NAME) {
+
+ status = discover_dc_dns(mem_ctx, domain_name, domain_guid,
+ flags, site_name, &dclist, &num_dcs);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ return process_dc_dns(mem_ctx, domain_name, flags,
+ dclist, num_dcs, info);
+ }
+
+ status = discover_dc_dns(mem_ctx, domain_name, domain_guid, flags,
+ site_name, &dclist, &num_dcs);
+
+ if (NT_STATUS_IS_OK(status) && num_dcs != 0) {
+
+ status = process_dc_dns(mem_ctx, domain_name, flags, dclist,
+ num_dcs, info);
+ if (NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+
+ if (lp_disable_netbios()) {
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ }
+
+ status = discover_dc_netbios(mem_ctx, domain_name, flags, &dclist,
+ &num_dcs);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ return process_dc_netbios(mem_ctx, msg_ctx, domain_name, flags, dclist,
+ num_dcs, info);
+}
+
+static bool is_closest_site(struct netr_DsRGetDCNameInfo *info)
+{
+ if (info->dc_flags & DS_SERVER_CLOSEST) {
+ return true;
+ }
+
+ if (!info->client_site_name) {
+ return true;
+ }
+
+ if (!info->dc_site_name) {
+ return false;
+ }
+
+ if (strcmp(info->client_site_name, info->dc_site_name) == 0) {
+ return true;
+ }
+
+ return false;
+}
+
+/********************************************************************
+ Internal dsgetdcname.
+********************************************************************/
+
+static NTSTATUS dsgetdcname_internal(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ const char *site_name,
+ uint32_t flags,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ NTSTATUS status;
+ struct netr_DsRGetDCNameInfo *myinfo = NULL;
+ bool first = true;
+ struct netr_DsRGetDCNameInfo *first_info = NULL;
+
+ DEBUG(10,("dsgetdcname_internal: domain_name: %s, "
+ "domain_guid: %s, site_name: %s, flags: 0x%08x\n",
+ domain_name,
+ domain_guid ? GUID_string(mem_ctx, domain_guid) : "(null)",
+ site_name ? site_name : "(null)", flags));
+
+ *info = NULL;
+
+ if (!check_allowed_required_flags(flags, site_name)) {
+ DEBUG(0,("invalid flags specified\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (flags & DS_FORCE_REDISCOVERY) {
+ goto rediscover;
+ }
+
+ status = dsgetdcname_cached(mem_ctx, msg_ctx, domain_name, domain_guid,
+ flags, site_name, &myinfo);
+ if (NT_STATUS_IS_OK(status)) {
+ *info = myinfo;
+ goto done;
+ }
+
+ if (flags & DS_BACKGROUND_ONLY) {
+ goto done;
+ }
+
+ rediscover:
+ status = dsgetdcname_rediscover(mem_ctx, msg_ctx, domain_name,
+ domain_guid, flags, site_name,
+ &myinfo);
+
+ done:
+ if (!NT_STATUS_IS_OK(status)) {
+ if (!first) {
+ *info = first_info;
+ return NT_STATUS_OK;
+ }
+ return status;
+ }
+
+ if (!first) {
+ TALLOC_FREE(first_info);
+ } else if (!is_closest_site(myinfo)) {
+ first = false;
+ first_info = myinfo;
+ /* TODO: may use the next_closest_site here */
+ site_name = myinfo->client_site_name;
+ goto rediscover;
+ }
+
+ *info = myinfo;
+ return NT_STATUS_OK;
+}
+
+/********************************************************************
+ dsgetdcname.
+
+ This will be the only public function here.
+********************************************************************/
+
+NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ const char *site_name,
+ uint32_t flags,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ NTSTATUS status;
+ const char *query_site = NULL;
+ char *ptr_to_free = NULL;
+ bool retry_query_with_null = false;
+
+ if ((site_name == NULL) || (site_name[0] == '\0')) {
+ ptr_to_free = sitename_fetch(mem_ctx, domain_name);
+ if (ptr_to_free != NULL) {
+ retry_query_with_null = true;
+ }
+ query_site = ptr_to_free;
+ } else {
+ query_site = site_name;
+ }
+
+ status = dsgetdcname_internal(mem_ctx,
+ msg_ctx,
+ domain_name,
+ domain_guid,
+ query_site,
+ flags,
+ info);
+
+ TALLOC_FREE(ptr_to_free);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) {
+ return status;
+ }
+
+ /* Should we try again with site_name == NULL ? */
+ if (retry_query_with_null) {
+ status = dsgetdcname_internal(mem_ctx,
+ msg_ctx,
+ domain_name,
+ domain_guid,
+ NULL,
+ flags,
+ info);
+ }
+
+ return status;
+}
+
+NTSTATUS dsgetonedcname(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const char *dcname,
+ uint32_t flags,
+ struct netr_DsRGetDCNameInfo **info)
+{
+ NTSTATUS status;
+ struct sockaddr_storage *addrs;
+ unsigned int num_addrs, i;
+ const char *hostname = strip_hostname(dcname);
+
+ status = resolve_name_list(mem_ctx, hostname, 0x20,
+ &addrs, &num_addrs);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ for (i = 0; i < num_addrs; i++) {
+
+ bool ok;
+ struct ip_service_name dclist;
+
+ dclist.hostname = hostname;
+ ok = sockaddr_storage_to_samba_sockaddr(&dclist.sa, &addrs[i]);
+ if (!ok) {
+ TALLOC_FREE(addrs);
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ }
+
+ status = process_dc_dns(mem_ctx, domain_name, flags,
+ &dclist, 1, info);
+ if (NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(addrs);
+ return NT_STATUS_OK;
+ }
+
+ if (lp_disable_netbios()) {
+ continue;
+ }
+
+ status = process_dc_netbios(mem_ctx, msg_ctx, domain_name, flags,
+ &dclist, 1, info);
+ if (NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(addrs);
+ return NT_STATUS_OK;
+ }
+ }
+
+ TALLOC_FREE(addrs);
+ return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+}
diff --git a/source3/libsmb/dsgetdcname.h b/source3/libsmb/dsgetdcname.h
new file mode 100644
index 0000000..241b721
--- /dev/null
+++ b/source3/libsmb/dsgetdcname.h
@@ -0,0 +1,43 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Copyright (C) Volker Lendecke 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBSMB_DSGETDCNAME_H__
+#define __LIBSMB_DSGETDCNAME_H__
+
+#include "replace.h"
+#include <talloc.h>
+#include "librpc/gen_ndr/misc.h"
+
+struct netr_DsRGetDCNameInfo;
+struct messaging_context;
+
+NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const struct GUID *domain_guid,
+ const char *site_name,
+ uint32_t flags,
+ struct netr_DsRGetDCNameInfo **info);
+
+NTSTATUS dsgetonedcname(TALLOC_CTX *mem_ctx,
+ struct messaging_context *msg_ctx,
+ const char *domain_name,
+ const char *dcname,
+ uint32_t flags,
+ struct netr_DsRGetDCNameInfo **info);
+#endif
diff --git a/source3/libsmb/errormap.c b/source3/libsmb/errormap.c
new file mode 100644
index 0000000..fd7d6a1
--- /dev/null
+++ b/source3/libsmb/errormap.c
@@ -0,0 +1,295 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * error mapping functions
+ * Copyright (C) Andrew Tridgell 2001
+ * Copyright (C) Andrew Bartlett 2001
+ * Copyright (C) Tim Potter 2000
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+/* dos -> nt status error map */
+static const struct {
+ uint8_t dos_class;
+ uint32_t dos_code;
+ NTSTATUS ntstatus;
+} dos_to_ntstatus_map[] = {
+ {ERRDOS, ERRbadfunc, NT_STATUS_NOT_IMPLEMENTED},
+ {ERRDOS, ERRbadfile, NT_STATUS_NO_SUCH_FILE},
+ {ERRDOS, ERRbadpath, NT_STATUS_OBJECT_PATH_NOT_FOUND},
+ {ERRDOS, ERRnofids, NT_STATUS_TOO_MANY_OPENED_FILES},
+ {ERRDOS, ERRnoaccess, NT_STATUS_ACCESS_DENIED},
+ {ERRDOS, ERRbadfid, NT_STATUS_INVALID_HANDLE},
+ {ERRDOS, ERRnomem, NT_STATUS_INSUFFICIENT_RESOURCES},
+ {ERRDOS, ERRbadaccess, NT_STATUS_ACCESS_DENIED},
+ {ERRDOS, ERRbaddata, NT_STATUS_DATA_ERROR},
+ {ERRDOS, 14, NT_STATUS_SECTION_NOT_EXTENDED},
+ {ERRDOS, ERRremcd, NT_STATUS_DIRECTORY_NOT_EMPTY},
+ {ERRDOS, ERRdiffdevice, NT_STATUS_NOT_SAME_DEVICE},
+ {ERRDOS, ERRnofiles, STATUS_NO_MORE_FILES},
+ {ERRDOS, 19, NT_STATUS_MEDIA_WRITE_PROTECTED},
+ {ERRDOS, 21, NT_STATUS_NO_MEDIA_IN_DEVICE},
+ {ERRDOS, 22, NT_STATUS_INVALID_DEVICE_STATE},
+ {ERRDOS, 23, NT_STATUS_DATA_ERROR},
+ {ERRDOS, 24, NT_STATUS_DATA_ERROR},
+ {ERRDOS, 26, NT_STATUS_DISK_CORRUPT_ERROR},
+ {ERRDOS, 27, NT_STATUS_NONEXISTENT_SECTOR},
+ {ERRDOS, 28, NT_STATUS(0x8000000e)},
+ {ERRDOS, 31, NT_STATUS_UNSUCCESSFUL},
+ {ERRDOS, ERRbadshare, NT_STATUS_SHARING_VIOLATION},
+ {ERRDOS, ERRlock, NT_STATUS_FILE_LOCK_CONFLICT},
+ {ERRDOS, 34, NT_STATUS_WRONG_VOLUME},
+ {ERRDOS, 38, NT_STATUS_END_OF_FILE},
+ {ERRDOS, ERRunsup, NT_STATUS_CTL_FILE_NOT_SUPPORTED},
+ {ERRDOS, 51, NT_STATUS_REMOTE_NOT_LISTENING},
+ {ERRDOS, 52, NT_STATUS_DUPLICATE_NAME},
+ {ERRDOS, 53, NT_STATUS_BAD_NETWORK_PATH},
+ {ERRDOS, 54, NT_STATUS_NETWORK_BUSY},
+ {ERRDOS, 55, NT_STATUS_DEVICE_DOES_NOT_EXIST},
+ {ERRDOS, 56, NT_STATUS_TOO_MANY_COMMANDS},
+ {ERRDOS, 57, NT_STATUS_ADAPTER_HARDWARE_ERROR},
+ {ERRDOS, 58, NT_STATUS_INVALID_NETWORK_RESPONSE},
+ {ERRDOS, 59, NT_STATUS_UNEXPECTED_NETWORK_ERROR},
+ {ERRDOS, 60, NT_STATUS_BAD_REMOTE_ADAPTER},
+ {ERRDOS, 61, NT_STATUS_PRINT_QUEUE_FULL},
+ {ERRDOS, 62, NT_STATUS_NO_SPOOL_SPACE},
+ {ERRDOS, 63, NT_STATUS_PRINT_CANCELLED},
+ {ERRDOS, 64, NT_STATUS_NETWORK_NAME_DELETED},
+ {ERRDOS, 65, NT_STATUS_NETWORK_ACCESS_DENIED},
+ {ERRDOS, 66, NT_STATUS_BAD_DEVICE_TYPE},
+ {ERRDOS, ERRnosuchshare, NT_STATUS_BAD_NETWORK_NAME},
+ {ERRDOS, 68, NT_STATUS_TOO_MANY_GUIDS_REQUESTED},
+ {ERRDOS, 69, NT_STATUS_TOO_MANY_SESSIONS},
+ {ERRDOS, 70, NT_STATUS_SHARING_PAUSED},
+ {ERRDOS, 71, NT_STATUS_REQUEST_NOT_ACCEPTED},
+ {ERRDOS, 72, NT_STATUS_REDIRECTOR_PAUSED},
+ {ERRDOS, ERRfilexists, NT_STATUS_OBJECT_NAME_COLLISION},
+ {ERRDOS, 86, NT_STATUS_WRONG_PASSWORD},
+ {ERRDOS, 87, NT_STATUS_INVALID_INFO_CLASS},
+ {ERRDOS, 88, NT_STATUS_NET_WRITE_FAULT},
+ {ERRDOS, 109, NT_STATUS_PIPE_BROKEN},
+ {ERRDOS, 111, STATUS_MORE_ENTRIES},
+ {ERRDOS, 112, NT_STATUS_DISK_FULL},
+ {ERRDOS, 121, NT_STATUS_IO_TIMEOUT},
+ {ERRDOS, 122, NT_STATUS_BUFFER_TOO_SMALL},
+ {ERRDOS, ERRinvalidname, NT_STATUS_OBJECT_NAME_INVALID},
+ {ERRDOS, ERRunknownlevel, NT_STATUS_INVALID_LEVEL},
+ {ERRDOS, 126, NT_STATUS_DLL_NOT_FOUND},
+ {ERRDOS, 127, NT_STATUS_PROCEDURE_NOT_FOUND},
+ {ERRDOS, 145, NT_STATUS_DIRECTORY_NOT_EMPTY},
+ {ERRDOS, 154, NT_STATUS_INVALID_VOLUME_LABEL},
+ {ERRDOS, 156, NT_STATUS_SUSPEND_COUNT_EXCEEDED},
+ {ERRDOS, 158, NT_STATUS_NOT_LOCKED},
+ {ERRDOS, 161, NT_STATUS_OBJECT_PATH_INVALID},
+ {ERRDOS, 170, NT_STATUS(0x80000011)},
+ {ERRDOS, 182, NT_STATUS_ORDINAL_NOT_FOUND},
+ {ERRDOS, 183, NT_STATUS_OBJECT_NAME_COLLISION},
+ {ERRDOS, 193, NT_STATUS_BAD_INITIAL_PC},
+ {ERRDOS, 203, NT_STATUS(0xc0000100)},
+ {ERRDOS, 206, NT_STATUS_NAME_TOO_LONG},
+ {ERRDOS, ERRbadpipe, NT_STATUS_INVALID_INFO_CLASS},
+ {ERRDOS, ERRpipebusy, NT_STATUS_INSTANCE_NOT_AVAILABLE},
+ {ERRDOS, ERRpipeclosing, NT_STATUS_PIPE_CLOSING},
+ {ERRDOS, ERRnotconnected, NT_STATUS_PIPE_DISCONNECTED},
+ {ERRDOS, ERRmoredata, NT_STATUS_MORE_PROCESSING_REQUIRED},
+ {ERRDOS, 240, NT_STATUS_VIRTUAL_CIRCUIT_CLOSED},
+ {ERRDOS, 254, NT_STATUS(0x80000013)},
+ {ERRDOS, 255, NT_STATUS_EA_TOO_LARGE},
+ {ERRDOS, 259, NT_STATUS_GUIDS_EXHAUSTED},
+ {ERRDOS, 267, NT_STATUS_NOT_A_DIRECTORY},
+ {ERRDOS, 275, NT_STATUS_EA_TOO_LARGE},
+ {ERRDOS, 276, NT_STATUS_NONEXISTENT_EA_ENTRY},
+ {ERRDOS, 277, NT_STATUS_NONEXISTENT_EA_ENTRY},
+ {ERRDOS, 278, NT_STATUS_NONEXISTENT_EA_ENTRY},
+ {ERRDOS, ERReasnotsupported, NT_STATUS_EAS_NOT_SUPPORTED},
+ {ERRDOS, 288, NT_STATUS_MUTANT_NOT_OWNED},
+ {ERRDOS, 298, NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
+ {ERRDOS, 299, NT_STATUS(0x8000000d)},
+ {ERRDOS, 300, NT_STATUS_OPLOCK_NOT_GRANTED},
+ {ERRDOS, 301, NT_STATUS_INVALID_OPLOCK_PROTOCOL},
+ {ERRDOS, 487, NT_STATUS_CONFLICTING_ADDRESSES},
+ {ERRDOS, 534, NT_STATUS_INTEGER_OVERFLOW},
+ {ERRDOS, 535, NT_STATUS_PIPE_CONNECTED},
+ {ERRDOS, 536, NT_STATUS_PIPE_LISTENING},
+ {ERRDOS, 995, NT_STATUS_CANCELLED},
+ {ERRDOS, 997, NT_STATUS(0x00000103)},
+ {ERRDOS, 998, NT_STATUS_ACCESS_VIOLATION},
+ {ERRDOS, 999, NT_STATUS_IN_PAGE_ERROR},
+ {ERRDOS, 1001, NT_STATUS_BAD_INITIAL_STACK},
+ {ERRDOS, 1005, NT_STATUS_UNRECOGNIZED_VOLUME},
+ {ERRDOS, 1006, NT_STATUS_FILE_INVALID},
+ {ERRDOS, 1007, NT_STATUS_FULLSCREEN_MODE},
+ {ERRDOS, 1008, NT_STATUS_NO_TOKEN},
+ {ERRDOS, 1009, NT_STATUS_REGISTRY_CORRUPT},
+ {ERRDOS, 1016, NT_STATUS_REGISTRY_IO_FAILED},
+ {ERRDOS, 1017, NT_STATUS_NOT_REGISTRY_FILE},
+ {ERRDOS, 1018, NT_STATUS_KEY_DELETED},
+ {ERRDOS, 1019, NT_STATUS_NO_LOG_SPACE},
+ {ERRDOS, 1020, NT_STATUS_KEY_HAS_CHILDREN},
+ {ERRDOS, 1021, NT_STATUS_CHILD_MUST_BE_VOLATILE},
+ {ERRDOS, 1022, NT_STATUS(0x0000010c)},
+ {ERRSRV, ERRbadpw, NT_STATUS_WRONG_PASSWORD},
+ {ERRSRV, ERRbaduid, NT_STATUS_USER_SESSION_DELETED},
+ {ERRSRV, ERRbadtype, NT_STATUS_BAD_DEVICE_TYPE},
+ {ERRSRV, ERRaccess, NT_STATUS_NETWORK_ACCESS_DENIED},
+ {ERRSRV, ERRinvnid, NT_STATUS_NETWORK_NAME_DELETED},
+ {ERRSRV, ERRinvnetname, NT_STATUS_BAD_NETWORK_NAME},
+ {ERRSRV, ERRinvdevice, NT_STATUS_BAD_DEVICE_TYPE},
+ {ERRSRV, ERRqfull, NT_STATUS_PRINT_QUEUE_FULL},
+ {ERRSRV, ERRqtoobig, NT_STATUS_NO_SPOOL_SPACE},
+ {ERRSRV, ERRinvpfid, NT_STATUS_PRINT_CANCELLED},
+ {ERRSRV, ERRsmbcmd, NT_STATUS_NOT_IMPLEMENTED},
+ {ERRSRV, ERRbadpermits, NT_STATUS_NETWORK_ACCESS_DENIED},
+ {ERRSRV, ERRpaused, NT_STATUS_SHARING_PAUSED},
+ {ERRSRV, ERRmsgoff, NT_STATUS_REQUEST_NOT_ACCEPTED},
+ {ERRSRV, ERRnoroom, NT_STATUS_DISK_FULL},
+ {ERRSRV, ERRnoresource, NT_STATUS_REQUEST_NOT_ACCEPTED},
+ {ERRSRV, ERRtoomanyuids, NT_STATUS_TOO_MANY_SESSIONS},
+ {ERRSRV, ERRunknownsmb, NT_STATUS_NOT_IMPLEMENTED},
+ {ERRSRV, 123, NT_STATUS_OBJECT_NAME_INVALID},
+ {ERRSRV, 206, NT_STATUS_OBJECT_NAME_INVALID},
+ {ERRHRD, 1, NT_STATUS_NOT_IMPLEMENTED},
+ {ERRHRD, 2, NT_STATUS_NO_SUCH_DEVICE},
+ {ERRHRD, 3, NT_STATUS_OBJECT_PATH_NOT_FOUND},
+ {ERRHRD, 4, NT_STATUS_TOO_MANY_OPENED_FILES},
+ {ERRHRD, 5, NT_STATUS_INVALID_LOCK_SEQUENCE},
+ {ERRHRD, 6, NT_STATUS_INVALID_HANDLE},
+ {ERRHRD, 8, NT_STATUS_INSUFFICIENT_RESOURCES},
+ {ERRHRD, 12, NT_STATUS_INVALID_LOCK_SEQUENCE},
+ {ERRHRD, 13, NT_STATUS_DATA_ERROR},
+ {ERRHRD, 14, NT_STATUS_SECTION_NOT_EXTENDED},
+ {ERRHRD, 16, NT_STATUS_DIRECTORY_NOT_EMPTY},
+ {ERRHRD, 17, NT_STATUS_NOT_SAME_DEVICE},
+ {ERRHRD, 18, NT_STATUS(0x80000006)},
+ {ERRHRD, ERRnowrite, NT_STATUS_MEDIA_WRITE_PROTECTED},
+ {ERRHRD, ERRnotready, NT_STATUS_NO_MEDIA_IN_DEVICE},
+ {ERRHRD, ERRbadcmd, NT_STATUS_INVALID_DEVICE_STATE},
+ {ERRHRD, ERRdata, NT_STATUS_DATA_ERROR},
+ {ERRHRD, ERRbadreq, NT_STATUS_DATA_ERROR},
+ {ERRHRD, ERRbadmedia, NT_STATUS_DISK_CORRUPT_ERROR},
+ {ERRHRD, ERRbadsector, NT_STATUS_NONEXISTENT_SECTOR},
+ {ERRHRD, ERRnopaper, NT_STATUS(0x8000000e)},
+ {ERRHRD, ERRgeneral, NT_STATUS_UNSUCCESSFUL},
+ {ERRHRD, ERRbadshare, NT_STATUS_SHARING_VIOLATION},
+ {ERRHRD, ERRlock, NT_STATUS_FILE_LOCK_CONFLICT},
+ {ERRHRD, ERRwrongdisk, NT_STATUS_WRONG_VOLUME},
+ {ERRHRD, 38, NT_STATUS_END_OF_FILE},
+ {ERRHRD, ERRdiskfull, NT_STATUS_DISK_FULL},
+ {ERRHRD, 50, NT_STATUS_CTL_FILE_NOT_SUPPORTED},
+ {ERRHRD, 51, NT_STATUS_REMOTE_NOT_LISTENING},
+ {ERRHRD, 52, NT_STATUS_DUPLICATE_NAME},
+ {ERRHRD, 53, NT_STATUS_BAD_NETWORK_PATH},
+ {ERRHRD, 54, NT_STATUS_NETWORK_BUSY},
+ {ERRHRD, 55, NT_STATUS_DEVICE_DOES_NOT_EXIST},
+ {ERRHRD, 56, NT_STATUS_TOO_MANY_COMMANDS},
+ {ERRHRD, 57, NT_STATUS_ADAPTER_HARDWARE_ERROR},
+ {ERRHRD, 58, NT_STATUS_INVALID_NETWORK_RESPONSE},
+ {ERRHRD, 59, NT_STATUS_UNEXPECTED_NETWORK_ERROR},
+ {ERRHRD, 60, NT_STATUS_BAD_REMOTE_ADAPTER},
+ {ERRHRD, 61, NT_STATUS_PRINT_QUEUE_FULL},
+ {ERRHRD, 62, NT_STATUS_NO_SPOOL_SPACE},
+ {ERRHRD, 63, NT_STATUS_PRINT_CANCELLED},
+ {ERRHRD, 64, NT_STATUS_NETWORK_NAME_DELETED},
+ {ERRHRD, 65, NT_STATUS_NETWORK_ACCESS_DENIED},
+ {ERRHRD, 66, NT_STATUS_BAD_DEVICE_TYPE},
+ {ERRHRD, 67, NT_STATUS_BAD_NETWORK_NAME},
+ {ERRHRD, 68, NT_STATUS_TOO_MANY_GUIDS_REQUESTED},
+ {ERRHRD, 69, NT_STATUS_TOO_MANY_SESSIONS},
+ {ERRHRD, 70, NT_STATUS_SHARING_PAUSED},
+ {ERRHRD, 71, NT_STATUS_REQUEST_NOT_ACCEPTED},
+ {ERRHRD, 72, NT_STATUS_REDIRECTOR_PAUSED},
+ {ERRHRD, 80, NT_STATUS_OBJECT_NAME_COLLISION},
+ {ERRHRD, 86, NT_STATUS_WRONG_PASSWORD},
+ {ERRHRD, 87, NT_STATUS_INVALID_INFO_CLASS},
+ {ERRHRD, 88, NT_STATUS_NET_WRITE_FAULT},
+ {ERRHRD, 109, NT_STATUS_PIPE_BROKEN},
+ {ERRHRD, 111, STATUS_MORE_ENTRIES},
+ {ERRHRD, 112, NT_STATUS_DISK_FULL},
+ {ERRHRD, 121, NT_STATUS_IO_TIMEOUT},
+ {ERRHRD, 122, NT_STATUS_BUFFER_TOO_SMALL},
+ {ERRHRD, 123, NT_STATUS_OBJECT_NAME_INVALID},
+ {ERRHRD, 124, NT_STATUS_INVALID_LEVEL},
+ {ERRHRD, 126, NT_STATUS_DLL_NOT_FOUND},
+ {ERRHRD, 127, NT_STATUS_PROCEDURE_NOT_FOUND},
+ {ERRHRD, 145, NT_STATUS_DIRECTORY_NOT_EMPTY},
+ {ERRHRD, 154, NT_STATUS_INVALID_VOLUME_LABEL},
+ {ERRHRD, 156, NT_STATUS_SUSPEND_COUNT_EXCEEDED},
+ {ERRHRD, 158, NT_STATUS_NOT_LOCKED},
+ {ERRHRD, 161, NT_STATUS_OBJECT_PATH_INVALID},
+ {ERRHRD, 170, NT_STATUS(0x80000011)},
+ {ERRHRD, 182, NT_STATUS_ORDINAL_NOT_FOUND},
+ {ERRHRD, 183, NT_STATUS_OBJECT_NAME_COLLISION},
+ {ERRHRD, 193, NT_STATUS_BAD_INITIAL_PC},
+ {ERRHRD, 203, NT_STATUS(0xc0000100)},
+ {ERRHRD, 206, NT_STATUS_NAME_TOO_LONG},
+ {ERRHRD, 230, NT_STATUS_INVALID_INFO_CLASS},
+ {ERRHRD, 231, NT_STATUS_INSTANCE_NOT_AVAILABLE},
+ {ERRHRD, 232, NT_STATUS_PIPE_CLOSING},
+ {ERRHRD, 233, NT_STATUS_PIPE_DISCONNECTED},
+ {ERRHRD, 234, STATUS_MORE_ENTRIES},
+ {ERRHRD, 240, NT_STATUS_VIRTUAL_CIRCUIT_CLOSED},
+ {ERRHRD, 254, NT_STATUS(0x80000013)},
+ {ERRHRD, 255, NT_STATUS_EA_TOO_LARGE},
+ {ERRHRD, 259, NT_STATUS_GUIDS_EXHAUSTED},
+ {ERRHRD, 267, NT_STATUS_NOT_A_DIRECTORY},
+ {ERRHRD, 275, NT_STATUS_EA_TOO_LARGE},
+ {ERRHRD, 276, NT_STATUS_NONEXISTENT_EA_ENTRY},
+ {ERRHRD, 277, NT_STATUS_NONEXISTENT_EA_ENTRY},
+ {ERRHRD, 278, NT_STATUS_NONEXISTENT_EA_ENTRY},
+ {ERRHRD, ERReasnotsupported, NT_STATUS_EAS_NOT_SUPPORTED},
+ {ERRHRD, 288, NT_STATUS_MUTANT_NOT_OWNED},
+ {ERRHRD, 298, NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED},
+ {ERRHRD, 299, NT_STATUS(0x8000000d)},
+ {ERRHRD, 300, NT_STATUS_OPLOCK_NOT_GRANTED},
+ {ERRHRD, 301, NT_STATUS_INVALID_OPLOCK_PROTOCOL},
+ {ERRHRD, 487, NT_STATUS_CONFLICTING_ADDRESSES},
+ {ERRHRD, 534, NT_STATUS_INTEGER_OVERFLOW},
+ {ERRHRD, 535, NT_STATUS_PIPE_CONNECTED},
+ {ERRHRD, 536, NT_STATUS_PIPE_LISTENING},
+ {ERRHRD, 995, NT_STATUS_CANCELLED},
+ {ERRHRD, 997, NT_STATUS(0x00000103)},
+ {ERRHRD, 998, NT_STATUS_ACCESS_VIOLATION},
+ {ERRHRD, 999, NT_STATUS_IN_PAGE_ERROR},
+ {ERRHRD, 1001, NT_STATUS_BAD_INITIAL_STACK},
+ {ERRHRD, 1005, NT_STATUS_UNRECOGNIZED_VOLUME},
+ {ERRHRD, 1006, NT_STATUS_FILE_INVALID},
+ {ERRHRD, 1007, NT_STATUS_FULLSCREEN_MODE},
+ {ERRHRD, 1008, NT_STATUS_NO_TOKEN},
+ {ERRHRD, 1009, NT_STATUS_REGISTRY_CORRUPT},
+ {ERRHRD, 1016, NT_STATUS_REGISTRY_IO_FAILED},
+ {ERRHRD, 1017, NT_STATUS_NOT_REGISTRY_FILE},
+ {ERRHRD, 1018, NT_STATUS_KEY_DELETED},
+ {ERRHRD, 1019, NT_STATUS_NO_LOG_SPACE},
+ {ERRHRD, 1020, NT_STATUS_KEY_HAS_CHILDREN},
+ {ERRHRD, 1021, NT_STATUS_CHILD_MUST_BE_VOLATILE},
+ {ERRHRD, 1022, NT_STATUS(0x0000010c)},
+};
+
+/*****************************************************************************
+convert a dos eclas/ecode to a NT status32 code
+ *****************************************************************************/
+NTSTATUS dos_to_ntstatus(uint8_t eclass, uint32_t ecode)
+{
+ size_t i;
+ if (eclass == 0) return NT_STATUS_OK;
+ for (i=0; i < ARRAY_SIZE(dos_to_ntstatus_map); i++) {
+ if (eclass == dos_to_ntstatus_map[i].dos_class &&
+ ecode == dos_to_ntstatus_map[i].dos_code) {
+ return dos_to_ntstatus_map[i].ntstatus;
+ }
+ }
+ return NT_STATUS_UNSUCCESSFUL;
+}
diff --git a/source3/libsmb/errormap_wbc.c b/source3/libsmb/errormap_wbc.c
new file mode 100644
index 0000000..ad523d6
--- /dev/null
+++ b/source3/libsmb/errormap_wbc.c
@@ -0,0 +1,62 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * error mapping functions
+ * Copyright (C) Andrew Tridgell 2001
+ * Copyright (C) Andrew Bartlett 2001
+ * Copyright (C) Tim Potter 2000
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "nsswitch/libwbclient/wbclient.h"
+
+/*******************************************************************************
+ Map between wbcErr and NT status.
+*******************************************************************************/
+
+static const struct {
+ wbcErr wbc_err;
+ NTSTATUS nt_status;
+} wbcErr_ntstatus_map[] = {
+ { WBC_ERR_SUCCESS, NT_STATUS_OK },
+ { WBC_ERR_NOT_IMPLEMENTED, NT_STATUS_NOT_IMPLEMENTED },
+ { WBC_ERR_UNKNOWN_FAILURE, NT_STATUS_UNSUCCESSFUL },
+ { WBC_ERR_NO_MEMORY, NT_STATUS_NO_MEMORY },
+ { WBC_ERR_INVALID_SID, NT_STATUS_INVALID_SID },
+ { WBC_ERR_INVALID_PARAM, NT_STATUS_INVALID_PARAMETER },
+ { WBC_ERR_WINBIND_NOT_AVAILABLE, NT_STATUS_SERVER_DISABLED },
+ { WBC_ERR_DOMAIN_NOT_FOUND, NT_STATUS_NO_SUCH_DOMAIN },
+ { WBC_ERR_INVALID_RESPONSE, NT_STATUS_INVALID_NETWORK_RESPONSE },
+ { WBC_ERR_NSS_ERROR, NT_STATUS_INTERNAL_ERROR },
+ { WBC_ERR_AUTH_ERROR, NT_STATUS_LOGON_FAILURE },
+ { WBC_ERR_UNKNOWN_USER, NT_STATUS_NO_SUCH_USER },
+ { WBC_ERR_UNKNOWN_GROUP, NT_STATUS_NO_SUCH_GROUP },
+ { WBC_ERR_PWD_CHANGE_FAILED, NT_STATUS_PASSWORD_RESTRICTION }
+};
+
+NTSTATUS map_nt_error_from_wbcErr(wbcErr wbc_err)
+{
+ int i;
+
+ /* Look through list */
+ for (i=0;i<ARRAY_SIZE(wbcErr_ntstatus_map);i++) {
+ if (wbcErr_ntstatus_map[i].wbc_err == wbc_err) {
+ return wbcErr_ntstatus_map[i].nt_status;
+ }
+ }
+
+ /* Default return */
+ return NT_STATUS_UNSUCCESSFUL;
+}
diff --git a/source3/libsmb/errormap_wbc.h b/source3/libsmb/errormap_wbc.h
new file mode 100644
index 0000000..6323dee
--- /dev/null
+++ b/source3/libsmb/errormap_wbc.h
@@ -0,0 +1,29 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * error mapping functions
+ * Copyright (C) Andrew Tridgell 2001
+ * Copyright (C) Andrew Bartlett 2001
+ * Copyright (C) Tim Potter 2000
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBSMB_ERRORMAP_WBC_H_
+#define _LIBSMB_ERRORMAP_WBC_H_
+
+/* The following definitions come from libsmb/errormap_wbc.c */
+
+NTSTATUS map_nt_error_from_wbcErr(wbcErr wbc_err);
+
+#endif /* _LIBSMB_ERRORMAP_WBC_H_ */
diff --git a/source3/libsmb/libsmb.h b/source3/libsmb/libsmb.h
new file mode 100644
index 0000000..6df06ae
--- /dev/null
+++ b/source3/libsmb/libsmb.h
@@ -0,0 +1,31 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Andrew Tridgell 1992-1998,2001
+ Copyright (C) Jeremy Allison 1998
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Andrew Bartlett 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBSMB_LIBSMB_H
+#define _LIBSMB_LIBSMB_H
+
+#include "client.h"
+#include "libads/ads_status.h"
+#include "libsmb/proto.h"
+#include "libsmb/cli_smb2_fnum.h"
+
+#endif /* _LIBSMB_LIBSMB_H */
diff --git a/source3/libsmb/libsmb_cache.c b/source3/libsmb/libsmb_cache.c
new file mode 100644
index 0000000..91292b1
--- /dev/null
+++ b/source3/libsmb/libsmb_cache.c
@@ -0,0 +1,242 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB client library implementation (server cache)
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+
+/*
+ * Structure we use if internal caching mechanism is used
+ * nothing fancy here.
+ */
+struct smbc_server_cache {
+ char *server_name;
+ char *share_name;
+ char *workgroup;
+ char *username;
+ SMBCSRV *server;
+
+ struct smbc_server_cache *next, *prev;
+};
+
+
+
+/*
+ * Add a new connection to the server cache.
+ * This function is only used if the external cache is not enabled
+ */
+int
+SMBC_add_cached_server(SMBCCTX * context,
+ SMBCSRV * newsrv,
+ const char * server,
+ const char * share,
+ const char * workgroup,
+ const char * username)
+{
+ struct smbc_server_cache * srvcache = NULL;
+
+ srvcache = SMB_CALLOC_ARRAY(struct smbc_server_cache, 1);
+ if (srvcache == NULL) {
+ DEBUG(3, ("Not enough space for server cache allocation\n"));
+ errno = ENOMEM;
+ return 1;
+ }
+
+ srvcache->server = newsrv;
+
+ srvcache->server_name = SMB_STRDUP(server);
+ if (!srvcache->server_name) {
+ goto nomem;
+ }
+
+ srvcache->share_name = SMB_STRDUP(share);
+ if (!srvcache->share_name) {
+ goto nomem;
+ }
+
+ srvcache->workgroup = SMB_STRDUP(workgroup);
+ if (!srvcache->workgroup) {
+ goto nomem;
+ }
+
+ srvcache->username = SMB_STRDUP(username);
+ if (!srvcache->username) {
+ goto nomem;
+ }
+
+ DLIST_ADD(context->internal->server_cache, srvcache);
+ return 0;
+
+nomem:
+ SAFE_FREE(srvcache->server_name);
+ SAFE_FREE(srvcache->share_name);
+ SAFE_FREE(srvcache->workgroup);
+ SAFE_FREE(srvcache->username);
+ SAFE_FREE(srvcache);
+ errno = ENOMEM;
+
+ return 1;
+}
+
+
+
+/*
+ * Search the server cache for a server
+ * returns server handle on success, NULL on error (not found)
+ * This function is only used if the external cache is not enabled
+ */
+SMBCSRV *
+SMBC_get_cached_server(SMBCCTX * context,
+ const char * server,
+ const char * share,
+ const char * workgroup,
+ const char * user)
+{
+ struct smbc_server_cache * srv = NULL;
+
+ /* Search the cache lines */
+ for (srv = context->internal->server_cache; srv; srv = srv->next) {
+
+ if (strcmp(server,srv->server_name) == 0 &&
+ strcmp(workgroup,srv->workgroup) == 0 &&
+ strcmp(user, srv->username) == 0) {
+
+ /* If the share name matches, we're cool */
+ if (strcmp(share, srv->share_name) == 0) {
+ return srv->server;
+ }
+
+ /*
+ * We only return an empty share name or the attribute
+ * server on an exact match (which would have been
+ * caught above).
+ */
+ if (*share == '\0' || strcmp(share, "*IPC$") == 0)
+ continue;
+
+ /*
+ * Never return an empty share name or the attribute
+ * server if it wasn't what was requested.
+ */
+ if (*srv->share_name == '\0' ||
+ strcmp(srv->share_name, "*IPC$") == 0)
+ continue;
+
+ /*
+ * If we're only allowing one share per server, then
+ * a connection to the server (other than the
+ * attribute server connection) is cool.
+ */
+ if (smbc_getOptionOneSharePerServer(context)) {
+ NTSTATUS status;
+ /*
+ * The currently connected share name
+ * doesn't match the requested share, so
+ * disconnect from the current share.
+ */
+ status = cli_tdis(srv->server->cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Sigh. Couldn't disconnect. */
+ cli_shutdown(srv->server->cli);
+ srv->server->cli = NULL;
+ smbc_getFunctionRemoveCachedServer(context)(context, srv->server);
+ continue;
+ }
+
+ /*
+ * Save the new share name. We've
+ * disconnected from the old share, and are
+ * about to connect to the new one.
+ */
+ SAFE_FREE(srv->share_name);
+ srv->share_name = SMB_STRDUP(share);
+ if (!srv->share_name) {
+ /* Out of memory. */
+ cli_shutdown(srv->server->cli);
+ srv->server->cli = NULL;
+ smbc_getFunctionRemoveCachedServer(context)(context, srv->server);
+ continue;
+ }
+
+ return srv->server;
+ }
+ }
+ }
+
+ return NULL;
+}
+
+
+/*
+ * Search the server cache for a server and remove it
+ * returns 0 on success
+ * This function is only used if the external cache is not enabled
+ */
+int
+SMBC_remove_cached_server(SMBCCTX * context,
+ SMBCSRV * server)
+{
+ struct smbc_server_cache * srv = NULL;
+
+ for (srv = context->internal->server_cache; srv; srv = srv->next) {
+ if (server == srv->server) {
+
+ /* remove this sucker */
+ DLIST_REMOVE(context->internal->server_cache, srv);
+ SAFE_FREE(srv->server_name);
+ SAFE_FREE(srv->share_name);
+ SAFE_FREE(srv->workgroup);
+ SAFE_FREE(srv->username);
+ SAFE_FREE(srv);
+ return 0;
+ }
+ }
+ /* server not found */
+ return 1;
+}
+
+
+/*
+ * Try to remove all the servers in cache
+ * returns 1 on failure and 0 if all servers could be removed.
+ */
+int
+SMBC_purge_cached_servers(SMBCCTX * context)
+{
+ struct smbc_server_cache * srv;
+ struct smbc_server_cache * next;
+ int could_not_purge_all = 0;
+
+ for (srv = context->internal->server_cache,
+ next = (srv ? srv->next :NULL);
+ srv;
+ srv = next,
+ next = (srv ? srv->next : NULL)) {
+
+ if (SMBC_remove_unused_server(context, srv->server)) {
+ /* could not be removed */
+ could_not_purge_all = 1;
+ }
+ }
+ return could_not_purge_all;
+}
diff --git a/source3/libsmb/libsmb_compat.c b/source3/libsmb/libsmb_compat.c
new file mode 100644
index 0000000..465bb3c
--- /dev/null
+++ b/source3/libsmb/libsmb_compat.c
@@ -0,0 +1,581 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB client library implementation (Old interface compatibility)
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libsmb_internal.h"
+
+struct smbc_compat_fdlist {
+ SMBCFILE * file;
+ int fd;
+ struct smbc_compat_fdlist *next, *prev;
+};
+
+static SMBCCTX * statcont = NULL;
+static int smbc_compat_initialized = 0;
+static int smbc_compat_nextfd = 0;
+static struct smbc_compat_fdlist * smbc_compat_fd_in_use = NULL;
+static struct smbc_compat_fdlist * smbc_compat_fd_avail = NULL;
+
+/* Find an fd and return the SMBCFILE * or NULL on failure */
+static SMBCFILE *
+find_fd(int fd)
+{
+ struct smbc_compat_fdlist * f = smbc_compat_fd_in_use;
+ while (f) {
+ if (f->fd == fd)
+ return f->file;
+ f = f->next;
+ }
+ return NULL;
+}
+
+/* Add an fd, returns 0 on success, -1 on error with errno set */
+static int
+add_fd(SMBCFILE * file)
+{
+ struct smbc_compat_fdlist * f = smbc_compat_fd_avail;
+
+ if (f) {
+ /* We found one that's available */
+ DLIST_REMOVE(smbc_compat_fd_avail, f);
+ } else {
+ /*
+ * None were available, so allocate one. Keep the number of
+ * file descriptors determinate. This allows the application
+ * to allocate bitmaps or mapping of file descriptors based on
+ * a known maximum number of file descriptors that will ever
+ * be returned.
+ */
+ if (smbc_compat_nextfd >= FD_SETSIZE) {
+ errno = EMFILE;
+ return -1;
+ }
+
+ f = SMB_MALLOC_P(struct smbc_compat_fdlist);
+ if (!f) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ f->fd = SMBC_BASE_FD + smbc_compat_nextfd++;
+ }
+
+ f->file = file;
+ DLIST_ADD(smbc_compat_fd_in_use, f);
+
+ return f->fd;
+}
+
+
+
+/* Delete an fd, returns 0 on success */
+static int
+del_fd(int fd)
+{
+ struct smbc_compat_fdlist * f = smbc_compat_fd_in_use;
+
+ while (f) {
+ if (f->fd == fd)
+ break;
+ f = f->next;
+ }
+
+ if (f) {
+ /* found */
+ DLIST_REMOVE(smbc_compat_fd_in_use, f);
+ f->file = NULL;
+ DLIST_ADD(smbc_compat_fd_avail, f);
+ return 0;
+ }
+ return 1;
+}
+
+
+
+int
+smbc_init(smbc_get_auth_data_fn fn,
+ int debug)
+{
+ if (smbc_compat_initialized) {
+ return 0;
+ }
+
+ statcont = smbc_new_context();
+ if (!statcont)
+ return -1;
+
+ smbc_setDebug(statcont, debug);
+ smbc_setFunctionAuthData(statcont, fn);
+
+ if (!smbc_init_context(statcont)) {
+ smbc_free_context(statcont, False);
+ return -1;
+ }
+
+ smbc_compat_initialized = 1;
+
+ return 0;
+}
+
+
+SMBCCTX *
+smbc_set_context(SMBCCTX * context)
+{
+ SMBCCTX *old_context = statcont;
+
+ if (context) {
+ /* Save provided context. It must have been initialized! */
+ statcont = context;
+
+ /* You'd better know what you're doing. We won't help you. */
+ smbc_compat_initialized = 1;
+ }
+
+ return old_context;
+}
+
+
+int
+smbc_open(const char *furl,
+ int flags,
+ mode_t mode)
+{
+ SMBCFILE * file;
+ int fd;
+
+ file = smbc_getFunctionOpen(statcont)(statcont, furl, flags, mode);
+ if (!file)
+ return -1;
+
+ fd = add_fd(file);
+ if (fd == -1)
+ smbc_getFunctionClose(statcont)(statcont, file);
+ return fd;
+}
+
+
+int
+smbc_creat(const char *furl,
+ mode_t mode)
+{
+ SMBCFILE * file;
+ int fd;
+
+ file = smbc_getFunctionCreat(statcont)(statcont, furl, mode);
+ if (!file)
+ return -1;
+
+ fd = add_fd(file);
+ if (fd == -1) {
+ /* Hmm... should we delete the file too ? I guess we could try */
+ smbc_getFunctionClose(statcont)(statcont, file);
+ smbc_getFunctionUnlink(statcont)(statcont, furl);
+ }
+ return fd;
+}
+
+
+ssize_t
+smbc_read(int fd,
+ void *buf,
+ size_t bufsize)
+{
+ SMBCFILE * file = find_fd(fd);
+ return smbc_getFunctionRead(statcont)(statcont, file, buf, bufsize);
+}
+
+ssize_t
+smbc_write(int fd,
+ const void *buf,
+ size_t bufsize)
+{
+ SMBCFILE * file = find_fd(fd);
+ return smbc_getFunctionWrite(statcont)(statcont, file, buf, bufsize);
+}
+
+off_t
+smbc_lseek(int fd,
+ off_t offset,
+ int whence)
+{
+ SMBCFILE * file = find_fd(fd);
+ return smbc_getFunctionLseek(statcont)(statcont, file, offset, whence);
+}
+
+int
+smbc_close(int fd)
+{
+ SMBCFILE * file = find_fd(fd);
+ del_fd(fd);
+ return smbc_getFunctionClose(statcont)(statcont, file);
+}
+
+int
+smbc_unlink(const char *fname)
+{
+ return smbc_getFunctionUnlink(statcont)(statcont, fname);
+}
+
+int
+smbc_rename(const char *ourl,
+ const char *nurl)
+{
+ return smbc_getFunctionRename(statcont)(statcont, ourl,
+ statcont, nurl);
+}
+
+int
+smbc_opendir(const char *durl)
+{
+ SMBCFILE * file;
+ int fd;
+
+ file = smbc_getFunctionOpendir(statcont)(statcont, durl);
+ if (!file)
+ return -1;
+
+ fd = add_fd(file);
+ if (fd == -1)
+ smbc_getFunctionClosedir(statcont)(statcont, file);
+
+ return fd;
+}
+
+int
+smbc_closedir(int dh)
+{
+ SMBCFILE * file = find_fd(dh);
+ del_fd(dh);
+ return smbc_getFunctionClosedir(statcont)(statcont, file);
+}
+
+int
+smbc_getdents(unsigned int dh,
+ struct smbc_dirent *dirp,
+ int count)
+{
+ SMBCFILE * file = find_fd(dh);
+ return smbc_getFunctionGetdents(statcont)(statcont, file, dirp, count);
+}
+
+struct smbc_dirent *
+smbc_readdir(unsigned int dh)
+{
+ SMBCFILE * file = find_fd(dh);
+ return smbc_getFunctionReaddir(statcont)(statcont, file);
+}
+
+const struct libsmb_file_info *smbc_readdirplus(unsigned int dh)
+{
+ SMBCFILE * file = find_fd(dh);
+ return smbc_getFunctionReaddirPlus(statcont)(statcont, file);
+}
+
+const struct libsmb_file_info *smbc_readdirplus2(unsigned int dh,
+ struct stat *st)
+{
+ SMBCFILE *file = find_fd(dh);
+ return smbc_getFunctionReaddirPlus2(statcont)(statcont, file, st);
+}
+
+off_t
+smbc_telldir(int dh)
+{
+ SMBCFILE * file = find_fd(dh);
+ return smbc_getFunctionTelldir(statcont)(statcont, file);
+}
+
+int
+smbc_lseekdir(int fd,
+ off_t offset)
+{
+ SMBCFILE * file = find_fd(fd);
+ return smbc_getFunctionLseekdir(statcont)(statcont, file, offset);
+}
+
+int
+smbc_mkdir(const char *durl,
+ mode_t mode)
+{
+ return smbc_getFunctionMkdir(statcont)(statcont, durl, mode);
+}
+
+int
+smbc_rmdir(const char *durl)
+{
+ return smbc_getFunctionRmdir(statcont)(statcont, durl);
+}
+
+int
+smbc_notify(int dh, smbc_bool recursive, uint32_t completion_filter,
+ unsigned callback_timeout_ms,
+ smbc_notify_callback_fn cb, void *private_data)
+{
+ SMBCFILE *dir = find_fd(dh);
+ return smbc_getFunctionNotify(statcont)(
+ statcont, dir, recursive, completion_filter,
+ callback_timeout_ms, cb, private_data);
+}
+
+int
+smbc_stat(const char *url,
+ struct stat *st)
+{
+ return smbc_getFunctionStat(statcont)(statcont, url, st);
+}
+
+int
+smbc_fstat(int fd,
+ struct stat *st)
+{
+ SMBCFILE * file = find_fd(fd);
+ return smbc_getFunctionFstat(statcont)(statcont, file, st);
+}
+
+int
+smbc_statvfs(char *path,
+ struct statvfs *st)
+{
+ return smbc_getFunctionStatVFS(statcont)(statcont, path, st);
+}
+
+int
+smbc_fstatvfs(int fd,
+ struct statvfs *st)
+{
+ SMBCFILE * file = find_fd(fd);
+ return smbc_getFunctionFstatVFS(statcont)(statcont, file, st);
+}
+
+int
+smbc_ftruncate(int fd,
+ off_t size)
+{
+ SMBCFILE * file = find_fd(fd);
+ return smbc_getFunctionFtruncate(statcont)(statcont, file, size);
+}
+
+int
+smbc_chmod(const char *url,
+ mode_t mode)
+{
+ return smbc_getFunctionChmod(statcont)(statcont, url, mode);
+}
+
+int
+smbc_utimes(const char *fname,
+ struct timeval *tbuf)
+{
+ return smbc_getFunctionUtimes(statcont)(statcont, fname, tbuf);
+}
+
+#ifdef HAVE_UTIME_H
+int
+smbc_utime(const char *fname,
+ struct utimbuf *utbuf)
+{
+ struct timeval tv[2];
+
+ if (utbuf == NULL)
+ return smbc_getFunctionUtimes(statcont)(statcont, fname, NULL);
+
+ tv[0].tv_sec = utbuf->actime;
+ tv[1].tv_sec = utbuf->modtime;
+ tv[0].tv_usec = tv[1].tv_usec = 0;
+
+ return smbc_getFunctionUtimes(statcont)(statcont, fname, tv);
+}
+#endif
+
+int
+smbc_setxattr(const char *fname,
+ const char *name,
+ const void *value,
+ size_t size,
+ int flags)
+{
+ return smbc_getFunctionSetxattr(statcont)(statcont,
+ fname, name,
+ value, size, flags);
+}
+
+int
+smbc_lsetxattr(const char *fname,
+ const char *name,
+ const void *value,
+ size_t size,
+ int flags)
+{
+ return smbc_getFunctionSetxattr(statcont)(statcont,
+ fname, name,
+ value, size, flags);
+}
+
+int
+smbc_fsetxattr(int fd,
+ const char *name,
+ const void *value,
+ size_t size,
+ int flags)
+{
+ SMBCFILE * file = find_fd(fd);
+ if (file == NULL) {
+ errno = EBADF;
+ return -1;
+ }
+ return smbc_getFunctionSetxattr(statcont)(statcont,
+ file->fname, name,
+ value, size, flags);
+}
+
+int
+smbc_getxattr(const char *fname,
+ const char *name,
+ const void *value,
+ size_t size)
+{
+ return smbc_getFunctionGetxattr(statcont)(statcont,
+ fname, name,
+ value, size);
+}
+
+int
+smbc_lgetxattr(const char *fname,
+ const char *name,
+ const void *value,
+ size_t size)
+{
+ return smbc_getFunctionGetxattr(statcont)(statcont,
+ fname, name,
+ value, size);
+}
+
+int
+smbc_fgetxattr(int fd,
+ const char *name,
+ const void *value,
+ size_t size)
+{
+ SMBCFILE * file = find_fd(fd);
+ if (file == NULL) {
+ errno = EBADF;
+ return -1;
+ }
+ return smbc_getFunctionGetxattr(statcont)(statcont,
+ file->fname, name,
+ value, size);
+}
+
+int
+smbc_removexattr(const char *fname,
+ const char *name)
+{
+ return smbc_getFunctionRemovexattr(statcont)(statcont, fname, name);
+}
+
+int
+smbc_lremovexattr(const char *fname,
+ const char *name)
+{
+ return smbc_getFunctionRemovexattr(statcont)(statcont, fname, name);
+}
+
+int
+smbc_fremovexattr(int fd,
+ const char *name)
+{
+ SMBCFILE * file = find_fd(fd);
+ if (file == NULL) {
+ errno = EBADF;
+ return -1;
+ }
+ return smbc_getFunctionRemovexattr(statcont)(statcont,
+ file->fname, name);
+}
+
+int
+smbc_listxattr(const char *fname,
+ char *list,
+ size_t size)
+{
+ return smbc_getFunctionListxattr(statcont)(statcont,
+ fname, list, size);
+}
+
+int
+smbc_llistxattr(const char *fname,
+ char *list,
+ size_t size)
+{
+ return smbc_getFunctionListxattr(statcont)(statcont,
+ fname, list, size);
+}
+
+int
+smbc_flistxattr(int fd,
+ char *list,
+ size_t size)
+{
+ SMBCFILE * file = find_fd(fd);
+ if (file == NULL) {
+ errno = EBADF;
+ return -1;
+ }
+ return smbc_getFunctionListxattr(statcont)(statcont,
+ file->fname, list, size);
+}
+
+int
+smbc_print_file(const char *fname,
+ const char *printq)
+{
+ return smbc_getFunctionPrintFile(statcont)(statcont, fname,
+ statcont, printq);
+}
+
+int
+smbc_open_print_job(const char *fname)
+{
+ SMBCFILE * file;
+
+ file = smbc_getFunctionOpenPrintJob(statcont)(statcont, fname);
+ if (!file) return -1;
+ return file->cli_fd;
+}
+
+int
+smbc_list_print_jobs(const char *purl,
+ smbc_list_print_job_fn fn)
+{
+ return smbc_getFunctionListPrintJobs(statcont)(statcont, purl, fn);
+}
+
+int
+smbc_unlink_print_job(const char *purl,
+ int id)
+{
+ return smbc_getFunctionUnlinkPrintJob(statcont)(statcont, purl, id);
+}
+
+
diff --git a/source3/libsmb/libsmb_context.c b/source3/libsmb/libsmb_context.c
new file mode 100644
index 0000000..441dec1
--- /dev/null
+++ b/source3/libsmb/libsmb_context.c
@@ -0,0 +1,807 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+#include "secrets.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "auth/credentials/credentials.h"
+#include "auth/gensec/gensec.h"
+#include "lib/param/param.h"
+#include "../lib/util/smb_threads.h"
+#include "../lib/util/smb_threads_internal.h"
+
+/*
+ * Is the logging working / configfile read ?
+ */
+static bool SMBC_initialized = false;
+static unsigned int initialized_ctx_count = 0;
+static void *initialized_ctx_count_mutex = NULL;
+
+/*
+ * Do some module- and library-wide initializations
+ */
+static void
+SMBC_module_init(void * punused)
+{
+ bool conf_loaded = False;
+ char *home = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ setup_logging("libsmbclient", DEBUG_STDOUT);
+
+ /* Here we would open the smb.conf file if needed ... */
+
+ home = getenv("HOME");
+ if (home) {
+ char *conf = NULL;
+ if (asprintf(&conf, "%s/.smb/smb.conf", home) > 0) {
+ if (lp_load_client(conf)) {
+ conf_loaded = True;
+ } else {
+ DEBUG(5, ("Could not load config file: %s\n",
+ conf));
+ }
+ SAFE_FREE(conf);
+ }
+ }
+
+ if (!conf_loaded) {
+ /*
+ * Well, if that failed, try the get_dyn_CONFIGFILE
+ * Which points to the standard locn, and if that
+ * fails, silently ignore it and use the internal
+ * defaults ...
+ */
+
+ if (!lp_load_client(get_dyn_CONFIGFILE())) {
+ DEBUG(5, ("Could not load config file: %s\n",
+ get_dyn_CONFIGFILE()));
+ } else if (home) {
+ char *conf;
+ /*
+ * We loaded the global config file. Now lets
+ * load user-specific modifications to the
+ * global config.
+ */
+ if (asprintf(&conf,
+ "%s/.smb/smb.conf.append",
+ home) > 0) {
+ if (!lp_load_client_no_reinit(conf)) {
+ DEBUG(10,
+ ("Could not append config file: "
+ "%s\n",
+ conf));
+ }
+ SAFE_FREE(conf);
+ }
+ }
+ }
+
+ load_interfaces(); /* Load the list of interfaces ... */
+
+ reopen_logs(); /* Get logging working ... */
+
+ /*
+ * Block SIGPIPE (from lib/util_sock.c: write())
+ * It is not needed and should not stop execution
+ */
+ BlockSignals(True, SIGPIPE);
+
+ /* Create the mutex we'll use to protect initialized_ctx_count */
+ if (SMB_THREAD_CREATE_MUTEX("initialized_ctx_count_mutex",
+ initialized_ctx_count_mutex) != 0) {
+ smb_panic("SMBC_module_init: "
+ "failed to create 'initialized_ctx_count' mutex");
+ }
+
+ TALLOC_FREE(frame);
+}
+
+
+static void
+SMBC_module_terminate(void)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ secrets_shutdown();
+ gfree_all();
+ SMBC_initialized = false;
+ TALLOC_FREE(frame);
+}
+
+
+/*
+ * Get a new empty handle to fill in with your own info
+ */
+SMBCCTX *
+smbc_new_context(void)
+{
+ SMBCCTX *context;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /* The first call to this function should initialize the module */
+ SMB_THREAD_ONCE(&SMBC_initialized, SMBC_module_init, NULL);
+
+ /*
+ * All newly added context fields should be placed in
+ * SMBC_internal_data, not directly in SMBCCTX.
+ */
+ context = SMB_MALLOC_P(SMBCCTX);
+ if (!context) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ ZERO_STRUCTP(context);
+
+ context->internal = SMB_MALLOC_P(struct SMBC_internal_data);
+ if (!context->internal) {
+ TALLOC_FREE(frame);
+ SAFE_FREE(context);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ /* Initialize the context and establish reasonable defaults */
+ ZERO_STRUCTP(context->internal);
+
+ context->internal->lp_ctx = loadparm_init_s3(NULL,
+ loadparm_s3_helpers());
+ if (context->internal->lp_ctx == NULL) {
+ SAFE_FREE(context->internal);
+ SAFE_FREE(context);
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ smbc_setDebug(context, 0);
+ smbc_setTimeout(context, 20000);
+ smbc_setPort(context, 0);
+
+ smbc_setOptionFullTimeNames(context, False);
+ smbc_setOptionOpenShareMode(context, SMBC_SHAREMODE_DENY_NONE);
+ smbc_setOptionSmbEncryptionLevel(context, SMBC_ENCRYPTLEVEL_DEFAULT);
+ smbc_setOptionUseCCache(context, True);
+ smbc_setOptionCaseSensitive(context, False);
+ smbc_setOptionBrowseMaxLmbCount(context, 3); /* # LMBs to query */
+ smbc_setOptionUrlEncodeReaddirEntries(context, False);
+ smbc_setOptionOneSharePerServer(context, False);
+ smbc_setOptionPosixExtensions(context, false);
+ if (getenv("LIBSMBCLIENT_NO_CCACHE") != NULL) {
+ smbc_setOptionUseCCache(context, false);
+ }
+
+ smbc_setFunctionAuthData(context, SMBC_get_auth_data);
+ smbc_setFunctionCheckServer(context, SMBC_check_server);
+ smbc_setFunctionRemoveUnusedServer(context, SMBC_remove_unused_server);
+
+ smbc_setOptionUserData(context, NULL);
+ smbc_setFunctionAddCachedServer(context, SMBC_add_cached_server);
+ smbc_setFunctionGetCachedServer(context, SMBC_get_cached_server);
+ smbc_setFunctionRemoveCachedServer(context, SMBC_remove_cached_server);
+ smbc_setFunctionPurgeCachedServers(context, SMBC_purge_cached_servers);
+
+ smbc_setFunctionOpen(context, SMBC_open_ctx);
+ smbc_setFunctionCreat(context, SMBC_creat_ctx);
+ smbc_setFunctionRead(context, SMBC_read_ctx);
+ smbc_setFunctionSplice(context, SMBC_splice_ctx);
+ smbc_setFunctionWrite(context, SMBC_write_ctx);
+ smbc_setFunctionClose(context, SMBC_close_ctx);
+ smbc_setFunctionUnlink(context, SMBC_unlink_ctx);
+ smbc_setFunctionRename(context, SMBC_rename_ctx);
+ smbc_setFunctionLseek(context, SMBC_lseek_ctx);
+ smbc_setFunctionFtruncate(context, SMBC_ftruncate_ctx);
+ smbc_setFunctionStat(context, SMBC_stat_ctx);
+ smbc_setFunctionStatVFS(context, SMBC_statvfs_ctx);
+ smbc_setFunctionFstatVFS(context, SMBC_fstatvfs_ctx);
+ smbc_setFunctionFstat(context, SMBC_fstat_ctx);
+ smbc_setFunctionOpendir(context, SMBC_opendir_ctx);
+ smbc_setFunctionClosedir(context, SMBC_closedir_ctx);
+ smbc_setFunctionReaddir(context, SMBC_readdir_ctx);
+ smbc_setFunctionReaddirPlus(context, SMBC_readdirplus_ctx);
+ smbc_setFunctionReaddirPlus2(context, SMBC_readdirplus2_ctx);
+ smbc_setFunctionGetdents(context, SMBC_getdents_ctx);
+ smbc_setFunctionMkdir(context, SMBC_mkdir_ctx);
+ smbc_setFunctionRmdir(context, SMBC_rmdir_ctx);
+ smbc_setFunctionTelldir(context, SMBC_telldir_ctx);
+ smbc_setFunctionLseekdir(context, SMBC_lseekdir_ctx);
+ smbc_setFunctionFstatdir(context, SMBC_fstatdir_ctx);
+ smbc_setFunctionNotify(context, SMBC_notify_ctx);
+ smbc_setFunctionChmod(context, SMBC_chmod_ctx);
+ smbc_setFunctionUtimes(context, SMBC_utimes_ctx);
+ smbc_setFunctionSetxattr(context, SMBC_setxattr_ctx);
+ smbc_setFunctionGetxattr(context, SMBC_getxattr_ctx);
+ smbc_setFunctionRemovexattr(context, SMBC_removexattr_ctx);
+ smbc_setFunctionListxattr(context, SMBC_listxattr_ctx);
+
+ smbc_setFunctionOpenPrintJob(context, SMBC_open_print_job_ctx);
+ smbc_setFunctionPrintFile(context, SMBC_print_file_ctx);
+ smbc_setFunctionListPrintJobs(context, SMBC_list_print_jobs_ctx);
+ smbc_setFunctionUnlinkPrintJob(context, SMBC_unlink_print_job_ctx);
+
+ TALLOC_FREE(frame);
+ return context;
+}
+
+/*
+ * Free a context
+ *
+ * Returns 0 on success. Otherwise returns 1, the SMBCCTX is _not_ freed
+ * and thus you'll be leaking memory if not handled properly.
+ *
+ */
+int
+smbc_free_context(SMBCCTX *context,
+ int shutdown_ctx)
+{
+ TALLOC_CTX *frame;
+ if (!context) {
+ errno = EBADF;
+ return 1;
+ }
+
+ frame = talloc_stackframe();
+
+ if (shutdown_ctx) {
+ SMBCFILE * f;
+ DEBUG(1,("Performing aggressive shutdown.\n"));
+
+ f = context->internal->files;
+ while (f) {
+ SMBCFILE *next = f->next;
+ smbc_getFunctionClose(context)(context, f);
+ f = next;
+ }
+ context->internal->files = NULL;
+
+ /* First try to remove the servers the nice way. */
+ if (smbc_getFunctionPurgeCachedServers(context)(context)) {
+ SMBCSRV * s;
+ SMBCSRV * next;
+ DEBUG(1, ("Could not purge all servers, "
+ "Nice way shutdown failed.\n"));
+ s = context->internal->servers;
+ while (s) {
+ DEBUG(1, ("Forced shutdown: %p (cli=%p)\n",
+ s, s->cli));
+ cli_shutdown(s->cli);
+ smbc_getFunctionRemoveCachedServer(context)(context,
+ s);
+ next = s->next;
+ DLIST_REMOVE(context->internal->servers, s);
+ SAFE_FREE(s);
+ s = next;
+ }
+ context->internal->servers = NULL;
+ }
+ }
+ else {
+ /* This is the polite way */
+ if (smbc_getFunctionPurgeCachedServers(context)(context)) {
+ DEBUG(1, ("Could not purge all servers, "
+ "free_context failed.\n"));
+ errno = EBUSY;
+ TALLOC_FREE(frame);
+ return 1;
+ }
+ if (context->internal->servers) {
+ DEBUG(1, ("Active servers in context, "
+ "free_context failed.\n"));
+ errno = EBUSY;
+ TALLOC_FREE(frame);
+ return 1;
+ }
+ if (context->internal->files) {
+ DEBUG(1, ("Active files in context, "
+ "free_context failed.\n"));
+ errno = EBUSY;
+ TALLOC_FREE(frame);
+ return 1;
+ }
+ }
+
+ /* Things we have to clean up */
+ smbc_setWorkgroup(context, NULL);
+ smbc_setNetbiosName(context, NULL);
+ smbc_setUser(context, NULL);
+
+ DEBUG(3, ("Context %p successfully freed\n", context));
+
+ /* Free any DFS auth context. */
+ TALLOC_FREE(context->internal->creds);
+
+ TALLOC_FREE(context->internal->lp_ctx);
+ SAFE_FREE(context->internal);
+ SAFE_FREE(context);
+
+ /* Protect access to the count of contexts in use */
+ if (SMB_THREAD_LOCK(initialized_ctx_count_mutex) != 0) {
+ smb_panic("error locking 'initialized_ctx_count'");
+ }
+
+ if (initialized_ctx_count) {
+ initialized_ctx_count--;
+ }
+
+ if (initialized_ctx_count == 0) {
+ SMBC_module_terminate();
+ }
+
+ /* Unlock the mutex */
+ if (SMB_THREAD_UNLOCK(initialized_ctx_count_mutex) != 0) {
+ smb_panic("error unlocking 'initialized_ctx_count'");
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+
+/**
+ * Deprecated interface. Do not use. Instead, use the various
+ * smbc_setOption*() functions or smbc_setFunctionAuthDataWithContext().
+ */
+void
+smbc_option_set(SMBCCTX *context,
+ char *option_name,
+ ... /* option_value */)
+{
+ va_list ap;
+ union {
+ int i;
+ bool b;
+ smbc_get_auth_data_with_context_fn auth_fn;
+ void *v;
+ const char *s;
+ } option_value;
+
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ va_start(ap, option_name);
+
+ if (strcmp(option_name, "debug_to_stderr") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionDebugToStderr(context, option_value.b);
+
+ } else if (strcmp(option_name, "full_time_names") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionFullTimeNames(context, option_value.b);
+
+ } else if (strcmp(option_name, "open_share_mode") == 0) {
+ option_value.i = va_arg(ap, int);
+ smbc_setOptionOpenShareMode(context, option_value.i);
+
+ } else if (strcmp(option_name, "auth_function") == 0) {
+ option_value.auth_fn =
+ va_arg(ap, smbc_get_auth_data_with_context_fn);
+ smbc_setFunctionAuthDataWithContext(context, option_value.auth_fn);
+
+ } else if (strcmp(option_name, "user_data") == 0) {
+ option_value.v = va_arg(ap, void *);
+ smbc_setOptionUserData(context, option_value.v);
+
+ } else if (strcmp(option_name, "smb_encrypt_level") == 0) {
+ option_value.s = va_arg(ap, const char *);
+ if (strcmp(option_value.s, "none") == 0) {
+ smbc_setOptionSmbEncryptionLevel(context,
+ SMBC_ENCRYPTLEVEL_NONE);
+ } else if (strcmp(option_value.s, "request") == 0) {
+ smbc_setOptionSmbEncryptionLevel(context,
+ SMBC_ENCRYPTLEVEL_REQUEST);
+ } else if (strcmp(option_value.s, "require") == 0) {
+ smbc_setOptionSmbEncryptionLevel(context,
+ SMBC_ENCRYPTLEVEL_REQUIRE);
+ }
+
+ } else if (strcmp(option_name, "browse_max_lmb_count") == 0) {
+ option_value.i = va_arg(ap, int);
+ smbc_setOptionBrowseMaxLmbCount(context, option_value.i);
+
+ } else if (strcmp(option_name, "urlencode_readdir_entries") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionUrlEncodeReaddirEntries(context, option_value.b);
+
+ } else if (strcmp(option_name, "one_share_per_server") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionOneSharePerServer(context, option_value.b);
+
+ } else if (strcmp(option_name, "use_kerberos") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionUseKerberos(context, option_value.b);
+
+ } else if (strcmp(option_name, "fallback_after_kerberos") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionFallbackAfterKerberos(context, option_value.b);
+
+ } else if (strcmp(option_name, "use_ccache") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionUseCCache(context, option_value.b);
+
+ } else if (strcmp(option_name, "no_auto_anonymous_login") == 0) {
+ option_value.b = (bool) va_arg(ap, int);
+ smbc_setOptionNoAutoAnonymousLogin(context, option_value.b);
+ }
+
+ va_end(ap);
+ TALLOC_FREE(frame);
+}
+
+
+/*
+ * Deprecated interface. Do not use. Instead, use the various
+ * smbc_getOption*() functions.
+ */
+void *
+smbc_option_get(SMBCCTX *context,
+ char *option_name)
+{
+ if (strcmp(option_name, "debug_stderr") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionDebugToStderr(context);
+#else
+ return (void *) smbc_getOptionDebugToStderr(context);
+#endif
+
+ } else if (strcmp(option_name, "full_time_names") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionFullTimeNames(context);
+#else
+ return (void *) smbc_getOptionFullTimeNames(context);
+#endif
+
+ } else if (strcmp(option_name, "open_share_mode") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionOpenShareMode(context);
+#else
+ return (void *) smbc_getOptionOpenShareMode(context);
+#endif
+
+ } else if (strcmp(option_name, "auth_function") == 0) {
+ return (void *) smbc_getFunctionAuthDataWithContext(context);
+
+ } else if (strcmp(option_name, "user_data") == 0) {
+ return smbc_getOptionUserData(context);
+
+ } else if (strcmp(option_name, "smb_encrypt_level") == 0) {
+ switch(smbc_getOptionSmbEncryptionLevel(context))
+ {
+ case SMBC_ENCRYPTLEVEL_DEFAULT:
+ return discard_const_p(void, "default");
+ case 0:
+ return discard_const_p(void, "none");
+ case 1:
+ return discard_const_p(void, "request");
+ case 2:
+ return discard_const_p(void, "require");
+ }
+
+ } else if (strcmp(option_name, "smb_encrypt_on") == 0) {
+ SMBCSRV *s;
+ unsigned int num_servers = 0;
+
+ for (s = context->internal->servers; s; s = s->next) {
+ num_servers++;
+ if (!cli_state_is_encryption_on(s->cli)) {
+ return (void *)false;
+ }
+ }
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) (bool) (num_servers > 0);
+#else
+ return (void *) (bool) (num_servers > 0);
+#endif
+
+ } else if (strcmp(option_name, "browse_max_lmb_count") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionBrowseMaxLmbCount(context);
+#else
+ return (void *) smbc_getOptionBrowseMaxLmbCount(context);
+#endif
+
+ } else if (strcmp(option_name, "urlencode_readdir_entries") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *)(intptr_t) smbc_getOptionUrlEncodeReaddirEntries(context);
+#else
+ return (void *) (bool) smbc_getOptionUrlEncodeReaddirEntries(context);
+#endif
+
+ } else if (strcmp(option_name, "one_share_per_server") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionOneSharePerServer(context);
+#else
+ return (void *) (bool) smbc_getOptionOneSharePerServer(context);
+#endif
+
+ } else if (strcmp(option_name, "use_kerberos") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionUseKerberos(context);
+#else
+ return (void *) (bool) smbc_getOptionUseKerberos(context);
+#endif
+
+ } else if (strcmp(option_name, "fallback_after_kerberos") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *)(intptr_t) smbc_getOptionFallbackAfterKerberos(context);
+#else
+ return (void *) (bool) smbc_getOptionFallbackAfterKerberos(context);
+#endif
+
+ } else if (strcmp(option_name, "use_ccache") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionUseCCache(context);
+#else
+ return (void *) (bool) smbc_getOptionUseCCache(context);
+#endif
+
+ } else if (strcmp(option_name, "no_auto_anonymous_login") == 0) {
+#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+ return (void *) (intptr_t) smbc_getOptionNoAutoAnonymousLogin(context);
+#else
+ return (void *) (bool) smbc_getOptionNoAutoAnonymousLogin(context);
+#endif
+ }
+
+ return NULL;
+}
+
+
+/*
+ * Initialize the library, etc.
+ *
+ * We accept a struct containing handle information.
+ * valid values for info->debug from 0 to 100,
+ * and insist that info->fn must be non-null.
+ */
+SMBCCTX *
+smbc_init_context(SMBCCTX *context)
+{
+ int pid;
+ TALLOC_CTX *frame;
+
+ if (!context) {
+ errno = EBADF;
+ return NULL;
+ }
+
+ /* Do not initialise the same client twice */
+ if (context->internal->initialized) {
+ return NULL;
+ }
+
+ frame = talloc_stackframe();
+
+ if ((!smbc_getFunctionAuthData(context) &&
+ !smbc_getFunctionAuthDataWithContext(context)) ||
+ smbc_getDebug(context) < 0 ||
+ smbc_getDebug(context) > 100) {
+
+ TALLOC_FREE(frame);
+ errno = EINVAL;
+ return NULL;
+
+ }
+
+ if (!smbc_getUser(context)) {
+ /*
+ * FIXME: Is this the best way to get the user info?
+ */
+ char *user = getenv("USER");
+ /* walk around as "guest" if no username can be found */
+ if (!user) {
+ user = SMB_STRDUP("guest");
+ } else {
+ user = SMB_STRDUP(user);
+ }
+
+ if (!user) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ smbc_setUser(context, user);
+ SAFE_FREE(user);
+
+ if (!smbc_getUser(context)) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
+
+ if (!smbc_getNetbiosName(context)) {
+ /*
+ * We try to get our netbios name from the config. If that
+ * fails we fall back on constructing our netbios name from
+ * our hostname etc
+ */
+ char *netbios_name;
+ if (lp_netbios_name()) {
+ netbios_name = SMB_STRDUP(lp_netbios_name());
+ } else {
+ /*
+ * Hmmm, I want to get hostname as well, but I am too
+ * lazy for the moment
+ */
+ pid = getpid();
+ netbios_name = (char *)SMB_MALLOC(17);
+ if (!netbios_name) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+ slprintf(netbios_name, 16,
+ "smbc%s%d", smbc_getUser(context), pid);
+ }
+
+ if (!netbios_name) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ smbc_setNetbiosName(context, netbios_name);
+ SAFE_FREE(netbios_name);
+
+ if (!smbc_getNetbiosName(context)) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
+
+ DEBUG(1, ("Using netbios name %s.\n", smbc_getNetbiosName(context)));
+
+ if (!smbc_getWorkgroup(context)) {
+ const char *workgroup;
+
+ if (lp_workgroup()) {
+ workgroup = lp_workgroup();
+ } else {
+ /* TODO: Think about a decent default workgroup */
+ workgroup = "samba";
+ }
+
+ smbc_setWorkgroup(context, workgroup);
+
+ if (!smbc_getWorkgroup(context)) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
+
+ DEBUG(1, ("Using workgroup %s.\n", smbc_getWorkgroup(context)));
+
+ /* shortest timeout is 1 second */
+ if (smbc_getTimeout(context) > 0 && smbc_getTimeout(context) < 1000)
+ smbc_setTimeout(context, 1000);
+
+ context->internal->initialized = True;
+
+ /* Protect access to the count of contexts in use */
+ if (SMB_THREAD_LOCK(initialized_ctx_count_mutex) != 0) {
+ smb_panic("error locking 'initialized_ctx_count'");
+ }
+
+ initialized_ctx_count++;
+
+ /* Unlock the mutex */
+ if (SMB_THREAD_UNLOCK(initialized_ctx_count_mutex) != 0) {
+ smb_panic("error unlocking 'initialized_ctx_count'");
+ }
+
+ TALLOC_FREE(frame);
+ return context;
+}
+
+
+/* Return the version of samba, and thus libsmbclient */
+const char *
+smbc_version(void)
+{
+ return samba_version_string();
+}
+
+/*
+ * Set the credentials so DFS will work when following referrals.
+ * This function is broken and must be removed. No SMBCCTX arg...
+ * JRA.
+ */
+
+void
+smbc_set_credentials(const char *workgroup,
+ const char *user,
+ const char *password,
+ smbc_bool use_kerberos,
+ const char *signing_state)
+{
+ d_printf("smbc_set_credentials is obsolete. Replace with smbc_set_credentials_with_fallback().\n");
+}
+
+void smbc_set_credentials_with_fallback(SMBCCTX *context,
+ const char *workgroup,
+ const char *user,
+ const char *password)
+{
+ struct cli_credentials *creds = NULL;
+ enum credentials_use_kerberos kerberos_state =
+ CRED_USE_KERBEROS_DISABLED;
+
+ if (! context) {
+
+ return;
+ }
+
+ if (! workgroup || ! *workgroup) {
+ workgroup = smbc_getWorkgroup(context);
+ }
+
+ if (! user) {
+ user = smbc_getUser(context);
+ }
+
+ if (! password) {
+ password = "";
+ }
+
+ creds = cli_credentials_init(NULL);
+ if (creds == NULL) {
+ DEBUG(0, ("smbc_set_credentials_with_fallback: allocation fail\n"));
+ return;
+ }
+
+ cli_credentials_set_conf(creds, context->internal->lp_ctx);
+
+ if (smbc_getOptionUseKerberos(context)) {
+ kerberos_state = CRED_USE_KERBEROS_REQUIRED;
+
+ if (smbc_getOptionFallbackAfterKerberos(context)) {
+ kerberos_state = CRED_USE_KERBEROS_DESIRED;
+ }
+ }
+
+ cli_credentials_set_username(creds, user, CRED_SPECIFIED);
+ cli_credentials_set_password(creds, password, CRED_SPECIFIED);
+ cli_credentials_set_domain(creds, workgroup, CRED_SPECIFIED);
+ cli_credentials_set_kerberos_state(creds,
+ kerberos_state,
+ CRED_SPECIFIED);
+ if (smbc_getOptionUseCCache(context)) {
+ uint32_t gensec_features;
+
+ gensec_features = cli_credentials_get_gensec_features(creds);
+ gensec_features |= GENSEC_FEATURE_NTLM_CCACHE;
+ cli_credentials_set_gensec_features(creds,
+ gensec_features,
+ CRED_SPECIFIED);
+ }
+
+ TALLOC_FREE(context->internal->creds);
+ context->internal->creds = creds;
+}
diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
new file mode 100644
index 0000000..34d6731
--- /dev/null
+++ b/source3/libsmb/libsmb_dir.c
@@ -0,0 +1,2726 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/namequery.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+#include "rpc_client/cli_pipe.h"
+#include "../librpc/gen_ndr/ndr_srvsvc_c.h"
+#include "libsmb/nmblib.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "../libcli/security/security.h"
+#include "lib/util/tevent_ntstatus.h"
+#include "lib/util/time_basic.h"
+#include "lib/util/string_wrappers.h"
+
+/*
+ * Routine to open a directory
+ * We accept the URL syntax explained in SMBC_parse_path(), above.
+ */
+
+static void remove_dirplus(SMBCFILE *dir)
+{
+ struct smbc_dirplus_list *d = NULL;
+
+ d = dir->dirplus_list;
+ while (d != NULL) {
+ struct smbc_dirplus_list *f = d;
+ d = d->next;
+
+ SAFE_FREE(f->smb_finfo->short_name);
+ SAFE_FREE(f->smb_finfo->name);
+ SAFE_FREE(f->smb_finfo);
+ SAFE_FREE(f);
+ }
+
+ dir->dirplus_list = NULL;
+ dir->dirplus_end = NULL;
+ dir->dirplus_next = NULL;
+}
+
+static void
+remove_dir(SMBCFILE *dir)
+{
+ struct smbc_dir_list *d,*f;
+
+ d = dir->dir_list;
+ while (d) {
+
+ f = d; d = d->next;
+
+ SAFE_FREE(f->dirent);
+ SAFE_FREE(f);
+
+ }
+
+ dir->dir_list = dir->dir_end = dir->dir_next = NULL;
+
+}
+
+static int
+add_dirent(SMBCFILE *dir,
+ const char *name,
+ const char *comment,
+ uint32_t type)
+{
+ struct smbc_dirent *dirent;
+ int size;
+ int name_length = (name == NULL ? 0 : strlen(name));
+ int comment_len = (comment == NULL ? 0 : strlen(comment));
+
+ /*
+ * Allocate space for the dirent, which must be increased by the
+ * size of the name and the comment and 1 each for the null terminator.
+ */
+
+ size = sizeof(struct smbc_dirent) + name_length + comment_len + 2;
+
+ dirent = (struct smbc_dirent *)SMB_MALLOC(size);
+
+ if (!dirent) {
+
+ dir->dir_error = ENOMEM;
+ return -1;
+
+ }
+
+ ZERO_STRUCTP(dirent);
+
+ if (dir->dir_list == NULL) {
+
+ dir->dir_list = SMB_MALLOC_P(struct smbc_dir_list);
+ if (!dir->dir_list) {
+
+ SAFE_FREE(dirent);
+ dir->dir_error = ENOMEM;
+ return -1;
+
+ }
+ ZERO_STRUCTP(dir->dir_list);
+
+ dir->dir_end = dir->dir_next = dir->dir_list;
+ }
+ else {
+
+ dir->dir_end->next = SMB_MALLOC_P(struct smbc_dir_list);
+
+ if (!dir->dir_end->next) {
+
+ SAFE_FREE(dirent);
+ dir->dir_error = ENOMEM;
+ return -1;
+
+ }
+ ZERO_STRUCTP(dir->dir_end->next);
+
+ dir->dir_end = dir->dir_end->next;
+ }
+
+ dir->dir_end->next = NULL;
+ dir->dir_end->dirent = dirent;
+
+ dirent->smbc_type = type;
+ dirent->namelen = name_length;
+ dirent->commentlen = comment_len;
+ dirent->dirlen = size;
+
+ /*
+ * dirent->namelen + 1 includes the null (no null termination needed)
+ * Ditto for dirent->commentlen.
+ * The space for the two null bytes was allocated.
+ */
+ strncpy(dirent->name, (name?name:""), dirent->namelen + 1);
+ dirent->comment = (char *)(&dirent->name + dirent->namelen + 1);
+ strncpy(dirent->comment, (comment?comment:""), dirent->commentlen + 1);
+
+ return 0;
+
+}
+
+static int add_dirplus(SMBCFILE *dir, struct file_info *finfo)
+{
+ struct smbc_dirplus_list *new_entry = NULL;
+ struct libsmb_file_info *info = NULL;
+
+ new_entry = SMB_MALLOC_P(struct smbc_dirplus_list);
+ if (new_entry == NULL) {
+ dir->dir_error = ENOMEM;
+ return -1;
+ }
+ ZERO_STRUCTP(new_entry);
+ new_entry->ino = finfo->ino;
+
+ info = SMB_MALLOC_P(struct libsmb_file_info);
+ if (info == NULL) {
+ SAFE_FREE(new_entry);
+ dir->dir_error = ENOMEM;
+ return -1;
+ }
+
+ ZERO_STRUCTP(info);
+
+ info->btime_ts = finfo->btime_ts;
+ info->atime_ts = finfo->atime_ts;
+ info->ctime_ts = finfo->ctime_ts;
+ info->mtime_ts = finfo->mtime_ts;
+ info->gid = finfo->gid;
+ info->attrs = finfo->attr;
+ info->size = finfo->size;
+ info->uid = finfo->uid;
+ info->name = SMB_STRDUP(finfo->name);
+ if (info->name == NULL) {
+ SAFE_FREE(info);
+ SAFE_FREE(new_entry);
+ dir->dir_error = ENOMEM;
+ return -1;
+ }
+
+ if (finfo->short_name) {
+ info->short_name = SMB_STRDUP(finfo->short_name);
+ } else {
+ info->short_name = SMB_STRDUP("");
+ }
+
+ if (info->short_name == NULL) {
+ SAFE_FREE(info->name);
+ SAFE_FREE(info);
+ SAFE_FREE(new_entry);
+ dir->dir_error = ENOMEM;
+ return -1;
+ }
+ new_entry->smb_finfo = info;
+
+ /* Now add to the list. */
+ if (dir->dirplus_list == NULL) {
+ /* Empty list - point everything at new_entry. */
+ dir->dirplus_list = new_entry;
+ dir->dirplus_end = new_entry;
+ dir->dirplus_next = new_entry;
+ } else {
+ /* Append to list but leave the ->next cursor alone. */
+ dir->dirplus_end->next = new_entry;
+ dir->dirplus_end = new_entry;
+ }
+
+ return 0;
+}
+
+static void
+list_unique_wg_fn(const char *name,
+ uint32_t type,
+ const char *comment,
+ void *state)
+{
+ SMBCFILE *dir = (SMBCFILE *)state;
+ struct smbc_dir_list *dir_list;
+ struct smbc_dirent *dirent;
+ int dirent_type;
+ int do_remove = 0;
+
+ dirent_type = dir->dir_type;
+
+ if (add_dirent(dir, name, comment, dirent_type) < 0) {
+ /* An error occurred, what do we do? */
+ /* FIXME: Add some code here */
+ /* Change cli_NetServerEnum to take a fn
+ returning NTSTATUS... JRA. */
+ }
+
+ /* Point to the one just added */
+ dirent = dir->dir_end->dirent;
+
+ /* See if this was a duplicate */
+ for (dir_list = dir->dir_list;
+ dir_list != dir->dir_end;
+ dir_list = dir_list->next) {
+ if (! do_remove &&
+ strcmp(dir_list->dirent->name, dirent->name) == 0) {
+ /* Duplicate. End end of list need to be removed. */
+ do_remove = 1;
+ }
+
+ if (do_remove && dir_list->next == dir->dir_end) {
+ /* Found the end of the list. Remove it. */
+ dir->dir_end = dir_list;
+ free(dir_list->next);
+ free(dirent);
+ dir_list->next = NULL;
+ break;
+ }
+ }
+}
+
+static void
+list_fn(const char *name,
+ uint32_t type,
+ const char *comment,
+ void *state)
+{
+ SMBCFILE *dir = (SMBCFILE *)state;
+ int dirent_type;
+
+ /*
+ * We need to process the type a little ...
+ *
+ * Disk share = 0x00000000
+ * Print share = 0x00000001
+ * Comms share = 0x00000002 (obsolete?)
+ * IPC$ share = 0x00000003
+ *
+ * administrative shares:
+ * ADMIN$, IPC$, C$, D$, E$ ... are type |= 0x80000000
+ */
+
+ if (dir->dir_type == SMBC_FILE_SHARE) {
+ switch (type) {
+ case 0 | 0x80000000:
+ case 0:
+ dirent_type = SMBC_FILE_SHARE;
+ break;
+
+ case 1:
+ dirent_type = SMBC_PRINTER_SHARE;
+ break;
+
+ case 2:
+ dirent_type = SMBC_COMMS_SHARE;
+ break;
+
+ case 3 | 0x80000000:
+ case 3:
+ dirent_type = SMBC_IPC_SHARE;
+ break;
+
+ default:
+ dirent_type = SMBC_FILE_SHARE; /* FIXME, error? */
+ break;
+ }
+ }
+ else {
+ dirent_type = dir->dir_type;
+ }
+
+ if (add_dirent(dir, name, comment, dirent_type) < 0) {
+ /* An error occurred, what do we do? */
+ /* FIXME: Add some code here */
+ /* Change cli_NetServerEnum to take a fn
+ returning NTSTATUS... JRA. */
+ }
+}
+
+static NTSTATUS
+dir_list_fn(struct file_info *finfo,
+ const char *mask,
+ void *state)
+{
+ SMBCFILE *dirp = (SMBCFILE *)state;
+ int ret;
+
+ if (add_dirent((SMBCFILE *)state, finfo->name, "",
+ (finfo->attr&FILE_ATTRIBUTE_DIRECTORY?SMBC_DIR:SMBC_FILE)) < 0) {
+ SMBCFILE *dir = (SMBCFILE *)state;
+ return map_nt_error_from_unix(dir->dir_error);
+ }
+ ret = add_dirplus(dirp, finfo);
+ if (ret < 0) {
+ return map_nt_error_from_unix(dirp->dir_error);
+ }
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS
+net_share_enum_rpc(struct cli_state *cli,
+ void (*fn)(const char *name,
+ uint32_t type,
+ const char *comment,
+ void *state),
+ void *state)
+{
+ uint32_t i;
+ WERROR result;
+ uint32_t preferred_len = 0xffffffff;
+ uint32_t type;
+ struct srvsvc_NetShareInfoCtr info_ctr;
+ struct srvsvc_NetShareCtr1 ctr1;
+ fstring name = "";
+ fstring comment = "";
+ struct rpc_pipe_client *pipe_hnd = NULL;
+ NTSTATUS nt_status;
+ uint32_t resume_handle = 0;
+ uint32_t total_entries = 0;
+ struct dcerpc_binding_handle *b;
+
+ /* Open the server service pipe */
+ nt_status = cli_rpc_pipe_open_noauth(cli, &ndr_table_srvsvc,
+ &pipe_hnd);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1, ("net_share_enum_rpc pipe open fail!\n"));
+ goto done;
+ }
+
+ ZERO_STRUCT(info_ctr);
+ ZERO_STRUCT(ctr1);
+
+ info_ctr.level = 1;
+ info_ctr.ctr.ctr1 = &ctr1;
+
+ b = pipe_hnd->binding_handle;
+
+ /* Issue the NetShareEnum RPC call and retrieve the response */
+ nt_status = dcerpc_srvsvc_NetShareEnumAll(b, talloc_tos(),
+ pipe_hnd->desthost,
+ &info_ctr,
+ preferred_len,
+ &total_entries,
+ &resume_handle,
+ &result);
+
+ /* Was it successful? */
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ /* Nope. Go clean up. */
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(result)) {
+ /* Nope. Go clean up. */
+ nt_status = werror_to_ntstatus(result);
+ goto done;
+ }
+
+ if (total_entries == 0) {
+ /* Nope. Go clean up. */
+ nt_status = NT_STATUS_NOT_FOUND;
+ goto done;
+ }
+
+ /* For each returned entry... */
+ for (i = 0; i < info_ctr.ctr.ctr1->count; i++) {
+
+ /* pull out the share name */
+ fstrcpy(name, info_ctr.ctr.ctr1->array[i].name);
+
+ /* pull out the share's comment */
+ fstrcpy(comment, info_ctr.ctr.ctr1->array[i].comment);
+
+ /* Get the type value */
+ type = info_ctr.ctr.ctr1->array[i].type;
+
+ /* Add this share to the list */
+ (*fn)(name, type, comment, state);
+ }
+
+done:
+ /* Close the server service pipe */
+ TALLOC_FREE(pipe_hnd);
+
+ /* Tell 'em if it worked */
+ return nt_status;
+}
+
+
+/*
+ * Verify that the options specified in a URL are valid
+ */
+int
+SMBC_check_options(char *server,
+ char *share,
+ char *path,
+ char *options)
+{
+ DEBUG(4, ("SMBC_check_options(): server='%s' share='%s' "
+ "path='%s' options='%s'\n",
+ server, share, path, options));
+
+ /* No options at all is always ok */
+ if (! *options) return 0;
+
+ /* Currently, we don't support any options. */
+ return -1;
+}
+
+
+SMBCFILE *
+SMBC_opendir_ctx(SMBCCTX *context,
+ const char *fname)
+{
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *options = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ size_t path_len = 0;
+ uint16_t port = 0;
+ SMBCSRV *srv = NULL;
+ SMBCFILE *dir = NULL;
+ struct sockaddr_storage rem_ss;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ DEBUG(4, ("no valid context\n"));
+ TALLOC_FREE(frame);
+ errno = EINVAL + 8192;
+ return NULL;
+
+ }
+
+ if (!fname) {
+ DEBUG(4, ("no valid fname\n"));
+ TALLOC_FREE(frame);
+ errno = EINVAL + 8193;
+ return NULL;
+ }
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ &options)) {
+ DEBUG(4, ("no valid path\n"));
+ TALLOC_FREE(frame);
+ errno = EINVAL + 8194;
+ return NULL;
+ }
+
+ DEBUG(4, ("parsed path: fname='%s' server='%s' share='%s' "
+ "path='%s' options='%s'\n",
+ fname, server, share, path, options));
+
+ /* Ensure the options are valid */
+ if (SMBC_check_options(server, share, path, options)) {
+ DEBUG(4, ("unacceptable options (%s)\n", options));
+ TALLOC_FREE(frame);
+ errno = EINVAL + 8195;
+ return NULL;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
+
+ dir = SMB_MALLOC_P(SMBCFILE);
+
+ if (!dir) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ ZERO_STRUCTP(dir);
+
+ dir->cli_fd = 0;
+ dir->fname = SMB_STRDUP(fname);
+ if (dir->fname == NULL) {
+ SAFE_FREE(dir);
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+ dir->srv = NULL;
+ dir->offset = 0;
+ dir->file = False;
+ dir->dir_list = dir->dir_next = dir->dir_end = NULL;
+
+ if (server[0] == (char)0) {
+
+ size_t i;
+ size_t count = 0;
+ size_t max_lmb_count;
+ struct sockaddr_storage *ip_list;
+ struct sockaddr_storage server_addr;
+ struct cli_credentials *creds = NULL;
+ NTSTATUS status;
+
+ if (share[0] != (char)0 || path[0] != (char)0) {
+
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = EINVAL + 8196;
+ return NULL;
+ }
+
+ /* Determine how many local master browsers to query */
+ max_lmb_count = (smbc_getOptionBrowseMaxLmbCount(context) == 0
+ ? INT_MAX
+ : smbc_getOptionBrowseMaxLmbCount(context));
+
+ creds = cli_credentials_init(frame);
+ if (creds == NULL) {
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ (void)cli_credentials_set_username(creds, user, CRED_SPECIFIED);
+ (void)cli_credentials_set_password(creds, password, CRED_SPECIFIED);
+
+ /*
+ * We have server and share and path empty but options
+ * requesting that we scan all master browsers for their list
+ * of workgroups/domains. This implies that we must first try
+ * broadcast queries to find all master browsers, and if that
+ * doesn't work, then try our other methods which return only
+ * a single master browser.
+ */
+
+ ip_list = NULL;
+ status = name_resolve_bcast(talloc_tos(),
+ MSBROWSE,
+ 1,
+ &ip_list,
+ &count);
+ if (!NT_STATUS_IS_OK(status))
+ {
+
+ TALLOC_FREE(ip_list);
+
+ if (!find_master_ip(workgroup, &server_addr)) {
+
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = ENOENT;
+ return NULL;
+ }
+
+ ip_list = (struct sockaddr_storage *)talloc_memdup(
+ talloc_tos(), &server_addr,
+ sizeof(server_addr));
+ if (ip_list == NULL) {
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+ count = 1;
+ }
+
+ for (i = 0; i < count && i < max_lmb_count; i++) {
+ char addr[INET6_ADDRSTRLEN];
+ char *wg_ptr = NULL;
+ struct cli_state *cli = NULL;
+
+ print_sockaddr(addr, sizeof(addr), &ip_list[i]);
+ DEBUG(99, ("Found master browser %zu of %zu: %s\n",
+ i+1, MAX(count, max_lmb_count),
+ addr));
+
+ cli = get_ipc_connect_master_ip(talloc_tos(),
+ &ip_list[i],
+ creds,
+ &wg_ptr);
+ /* cli == NULL is the master browser refused to talk or
+ could not be found */
+ if (!cli) {
+ continue;
+ }
+
+ workgroup = talloc_strdup(frame, wg_ptr);
+ server = talloc_strdup(frame, smbXcli_conn_remote_name(cli->conn));
+
+ cli_shutdown(cli);
+
+ if (!workgroup || !server) {
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ DEBUG(4, ("using workgroup %s %s\n",
+ workgroup, server));
+
+ /*
+ * For each returned master browser IP address, get a
+ * connection to IPC$ on the server if we do not
+ * already have one, and determine the
+ * workgroups/domains that it knows about.
+ */
+
+ srv = SMBC_server(frame, context, True, server, port, "IPC$",
+ &workgroup, &user, &password);
+ if (!srv) {
+ continue;
+ }
+
+ if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) {
+ continue;
+ }
+
+ dir->srv = srv;
+ dir->dir_type = SMBC_WORKGROUP;
+
+ /* Now, list the stuff ... */
+
+ if (!cli_NetServerEnum(srv->cli,
+ workgroup,
+ SV_TYPE_DOMAIN_ENUM,
+ list_unique_wg_fn,
+ (void *)dir)) {
+ continue;
+ }
+ }
+
+ TALLOC_FREE(ip_list);
+ } else {
+ /*
+ * Server not an empty string ... Check the rest and see what
+ * gives
+ */
+ if (*share == '\0') {
+ if (*path != '\0') {
+
+ /* Should not have empty share with path */
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = EINVAL + 8197;
+ return NULL;
+
+ }
+
+ /*
+ * We don't know if <server> is really a server name
+ * or is a workgroup/domain name. If we already have
+ * a server structure for it, we'll use it.
+ * Otherwise, check to see if <server><1D>,
+ * <server><1B>, or <server><20> translates. We check
+ * to see if <server> is an IP address first.
+ */
+
+ /*
+ * See if we have an existing server. Do not
+ * establish a connection if one does not already
+ * exist.
+ */
+ srv = SMBC_server(frame, context, False,
+ server, port, "IPC$",
+ &workgroup, &user, &password);
+
+ /*
+ * If no existing server and not an IP addr, look for
+ * LMB or DMB
+ */
+ if (!srv &&
+ !is_ipaddress(server) &&
+ (resolve_name(server, &rem_ss, 0x1d, false) || /* LMB */
+ resolve_name(server, &rem_ss, 0x1b, false) )) { /* DMB */
+ /*
+ * "server" is actually a workgroup name,
+ * not a server. Make this clear.
+ */
+ char *wgroup = server;
+ fstring buserver;
+
+ dir->dir_type = SMBC_SERVER;
+
+ /*
+ * Get the backup list ...
+ */
+ if (!name_status_find(wgroup, 0, 0,
+ &rem_ss, buserver)) {
+ char addr[INET6_ADDRSTRLEN];
+
+ print_sockaddr(addr, sizeof(addr), &rem_ss);
+ DEBUG(0,("Could not get name of "
+ "local/domain master browser "
+ "for workgroup %s from "
+ "address %s\n",
+ wgroup,
+ addr));
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = EPERM;
+ return NULL;
+
+ }
+
+ /*
+ * Get a connection to IPC$ on the server if
+ * we do not already have one
+ */
+ srv = SMBC_server(frame, context, True,
+ buserver, port, "IPC$",
+ &workgroup,
+ &user, &password);
+ if (!srv) {
+ DEBUG(0, ("got no contact to IPC$\n"));
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+
+ }
+
+ dir->srv = srv;
+
+ if (smbXcli_conn_protocol(srv->cli->conn) > PROTOCOL_NT1) {
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ /* Now, list the servers ... */
+ if (!cli_NetServerEnum(srv->cli, wgroup,
+ 0x0000FFFE, list_fn,
+ (void *)dir)) {
+
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+ } else if (srv ||
+ (resolve_name(server, &rem_ss, 0x20, false))) {
+ NTSTATUS status;
+
+ /*
+ * If we hadn't found the server, get one now
+ */
+ if (!srv) {
+ srv = SMBC_server(frame, context, True,
+ server, port, "IPC$",
+ &workgroup,
+ &user, &password);
+ }
+
+ if (!srv) {
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+
+ }
+
+ dir->dir_type = SMBC_FILE_SHARE;
+ dir->srv = srv;
+
+ /* List the shares ... */
+
+ status = net_share_enum_rpc(srv->cli,
+ list_fn,
+ (void *)dir);
+ if (!NT_STATUS_IS_OK(status) &&
+ smbXcli_conn_protocol(srv->cli->conn) <=
+ PROTOCOL_NT1) {
+ /*
+ * Only call cli_RNetShareEnum()
+ * on SMB1 connections, not SMB2+.
+ */
+ int rc = cli_RNetShareEnum(srv->cli,
+ list_fn,
+ (void *)dir);
+ if (rc != 0) {
+ status = cli_nt_error(srv->cli);
+ } else {
+ status = NT_STATUS_OK;
+ }
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Set cli->raw_status so SMBC_errno()
+ * will correctly return the error.
+ */
+ srv->cli->raw_status = status;
+ if (dir != NULL) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ errno = map_errno_from_nt_status(
+ status);
+ return NULL;
+ }
+ } else {
+ /* Neither the workgroup nor server exists */
+ errno = ECONNREFUSED;
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ }
+ else {
+ /*
+ * The server and share are specified ... work from
+ * there ...
+ */
+ char *targetpath;
+ struct cli_state *targetcli;
+ struct cli_credentials *creds = NULL;
+ NTSTATUS status;
+
+ /* We connect to the server and list the directory */
+ dir->dir_type = SMBC_FILE_SHARE;
+
+ srv = SMBC_server(frame, context, True, server, port, share,
+ &workgroup, &user, &password);
+
+ if (!srv) {
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ dir->srv = srv;
+
+ /* Now, list the files ... */
+
+ path_len = strlen(path);
+ path = talloc_asprintf_append(path, "\\*");
+ if (!path) {
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ creds = context->internal->creds;
+
+ status = cli_resolve_path(
+ frame, "",
+ creds,
+ srv->cli, path, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path);
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ status = cli_list(targetcli, targetpath,
+ FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
+ dir_list_fn, (void *)dir);
+ if (!NT_STATUS_IS_OK(status)) {
+ int saved_errno;
+ if (dir) {
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir);
+ }
+ saved_errno = cli_status_to_errno(status);
+
+ if (saved_errno == EINVAL) {
+ struct stat sb = {0};
+ /*
+ * See if they asked to opendir
+ * something other than a directory.
+ * If so, the converted error value we
+ * got would have been EINVAL rather
+ * than ENOTDIR.
+ */
+ path[path_len] = '\0'; /* restore original path */
+
+ status = SMBC_getatr(
+ context,
+ srv,
+ path,
+ &sb);
+ if (NT_STATUS_IS_OK(status) &&
+ !S_ISDIR(sb.st_mode)) {
+
+ /* It is. Correct the error value */
+ saved_errno = ENOTDIR;
+ }
+ }
+
+ /*
+ * If there was an error and the server is no
+ * good any more...
+ */
+ if (cli_is_error(targetcli) &&
+ smbc_getFunctionCheckServer(context)(context, srv)) {
+
+ /* ... then remove it. */
+ if (smbc_getFunctionRemoveUnusedServer(context)(context,
+ srv)) {
+ /*
+ * We could not remove the
+ * server completely, remove
+ * it from the cache so we
+ * will not get it again. It
+ * will be removed when the
+ * last file/dir is closed.
+ */
+ smbc_getFunctionRemoveCachedServer(context)(context, srv);
+ }
+ }
+
+ TALLOC_FREE(frame);
+ errno = saved_errno;
+ return NULL;
+ }
+ }
+
+ }
+
+ DLIST_ADD(context->internal->files, dir);
+ TALLOC_FREE(frame);
+ return dir;
+
+}
+
+/*
+ * Routine to close a directory
+ */
+
+int
+SMBC_closedir_ctx(SMBCCTX *context,
+ SMBCFILE *dir)
+{
+ TALLOC_CTX *frame = NULL;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (dir == NULL) {
+ return 0;
+ }
+
+ frame = talloc_stackframe();
+
+ if (!SMBC_dlist_contains(context->internal->files, dir)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ remove_dir(dir); /* Clean it up */
+ remove_dirplus(dir);
+
+ DLIST_REMOVE(context->internal->files, dir);
+
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir); /* Free the space too */
+
+ TALLOC_FREE(frame);
+ return 0;
+
+}
+
+static int
+smbc_readdir_internal(SMBCCTX * context,
+ struct smbc_dirent *dest,
+ struct smbc_dirent *src,
+ int max_namebuf_len)
+{
+ if (smbc_getOptionUrlEncodeReaddirEntries(context)) {
+ int remaining_len;
+
+ /* url-encode the name. get back remaining buffer space */
+ remaining_len =
+ smbc_urlencode(dest->name, src->name, max_namebuf_len);
+
+ /* -1 means no null termination. */
+ if (remaining_len < 0) {
+ return -1;
+ }
+
+ /* We now know the name length */
+ dest->namelen = strlen(dest->name);
+
+ if (dest->namelen + 1 < 1) {
+ /* Integer wrap. */
+ return -1;
+ }
+
+ if (dest->namelen + 1 >= max_namebuf_len) {
+ /* Out of space for comment. */
+ return -1;
+ }
+
+ /* Save the pointer to the beginning of the comment */
+ dest->comment = dest->name + dest->namelen + 1;
+
+ if (remaining_len < 1) {
+ /* No room for comment null termination. */
+ return -1;
+ }
+
+ /* Copy the comment */
+ strlcpy(dest->comment, src->comment, remaining_len);
+
+ /* Save other fields */
+ dest->smbc_type = src->smbc_type;
+ dest->commentlen = strlen(dest->comment);
+ dest->dirlen = ((dest->comment + dest->commentlen + 1) -
+ (char *) dest);
+ } else {
+
+ /* No encoding. Just copy the entry as is. */
+ if (src->dirlen > max_namebuf_len) {
+ return -1;
+ }
+ memcpy(dest, src, src->dirlen);
+ if (src->namelen + 1 < 1) {
+ /* Integer wrap */
+ return -1;
+ }
+ if (src->namelen + 1 >= max_namebuf_len) {
+ /* Comment off the end. */
+ return -1;
+ }
+ dest->comment = (char *)(&dest->name + src->namelen + 1);
+ }
+ return 0;
+}
+
+/*
+ * Routine to get a directory entry
+ */
+
+struct smbc_dirent *
+SMBC_readdir_ctx(SMBCCTX *context,
+ SMBCFILE *dir)
+{
+ int maxlen;
+ int ret;
+ struct smbc_dirent *dirp, *dirent;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /* Check that all is ok first ... */
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL;
+ DEBUG(0, ("Invalid context in SMBC_readdir_ctx()\n"));
+ TALLOC_FREE(frame);
+ return NULL;
+
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, dir)) {
+
+ errno = EBADF;
+ DEBUG(0, ("Invalid dir in SMBC_readdir_ctx()\n"));
+ TALLOC_FREE(frame);
+ return NULL;
+
+ }
+
+ if (dir->file != False) { /* FIXME, should be dir, perhaps */
+
+ errno = ENOTDIR;
+ DEBUG(0, ("Found file vs directory in SMBC_readdir_ctx()\n"));
+ TALLOC_FREE(frame);
+ return NULL;
+
+ }
+
+ if (!dir->dir_next) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ dirent = dir->dir_next->dirent;
+ if (!dirent) {
+
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return NULL;
+
+ }
+
+ dirp = &context->internal->dirent;
+ maxlen = sizeof(context->internal->_dirent_name);
+
+ ret = smbc_readdir_internal(context, dirp, dirent, maxlen);
+ if (ret == -1) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ dir->dir_next = dir->dir_next->next;
+
+ /*
+ * If we are returning file entries, we
+ * have a duplicate list in dirplus.
+ *
+ * Update dirplus_next also so readdir and
+ * readdirplus are kept in sync.
+ */
+ if (dir->dirplus_list != NULL) {
+ dir->dirplus_next = dir->dirplus_next->next;
+ }
+
+ TALLOC_FREE(frame);
+ return dirp;
+}
+
+/*
+ * Routine to get a directory entry with all attributes
+ */
+
+const struct libsmb_file_info *
+SMBC_readdirplus_ctx(SMBCCTX *context,
+ SMBCFILE *dir)
+{
+ struct libsmb_file_info *smb_finfo = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /* Check that all is ok first ... */
+
+ if (context == NULL || !context->internal->initialized) {
+ DBG_ERR("Invalid context in SMBC_readdirplus_ctx()\n");
+ TALLOC_FREE(frame);
+ errno = EINVAL;
+ return NULL;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, dir)) {
+ DBG_ERR("Invalid dir in SMBC_readdirplus_ctx()\n");
+ TALLOC_FREE(frame);
+ errno = EBADF;
+ return NULL;
+ }
+
+ if (dir->dirplus_next == NULL) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ smb_finfo = dir->dirplus_next->smb_finfo;
+ if (smb_finfo == NULL) {
+ TALLOC_FREE(frame);
+ errno = ENOENT;
+ return NULL;
+ }
+ dir->dirplus_next = dir->dirplus_next->next;
+
+ /*
+ * If we are returning file entries, we
+ * have a duplicate list in dir_list
+ *
+ * Update dir_next also so readdir and
+ * readdirplus are kept in sync.
+ */
+ if (dir->dir_list) {
+ dir->dir_next = dir->dir_next->next;
+ }
+
+ TALLOC_FREE(frame);
+ return smb_finfo;
+}
+
+/*
+ * Routine to get a directory entry plus a filled in stat structure if
+ * requested.
+ */
+
+const struct libsmb_file_info *SMBC_readdirplus2_ctx(SMBCCTX *context,
+ SMBCFILE *dir,
+ struct stat *st)
+{
+ struct libsmb_file_info *smb_finfo = NULL;
+ struct smbc_dirplus_list *dp_list = NULL;
+ ino_t ino;
+ char *full_pathname = NULL;
+ char *workgroup = NULL;
+ char *server = NULL;
+ uint16_t port = 0;
+ char *share = NULL;
+ char *path = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *options = NULL;
+ int rc;
+ TALLOC_CTX *frame = NULL;
+
+ /*
+ * Allow caller to pass in NULL for stat pointer if
+ * required. This makes this call identical to
+ * smbc_readdirplus().
+ */
+
+ if (st == NULL) {
+ return SMBC_readdirplus_ctx(context, dir);
+ }
+
+ frame = talloc_stackframe();
+
+ /* Check that all is ok first ... */
+ if (context == NULL || !context->internal->initialized) {
+ DBG_ERR("Invalid context in SMBC_readdirplus2_ctx()\n");
+ TALLOC_FREE(frame);
+ errno = EINVAL;
+ return NULL;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, dir)) {
+ DBG_ERR("Invalid dir in SMBC_readdirplus2_ctx()\n");
+ TALLOC_FREE(frame);
+ errno = EBADF;
+ return NULL;
+ }
+
+ dp_list = dir->dirplus_next;
+ if (dp_list == NULL) {
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ ino = (ino_t)dp_list->ino;
+
+ smb_finfo = dp_list->smb_finfo;
+ if (smb_finfo == NULL) {
+ TALLOC_FREE(frame);
+ errno = ENOENT;
+ return NULL;
+ }
+
+ full_pathname = talloc_asprintf(frame,
+ "%s/%s",
+ dir->fname,
+ smb_finfo->name);
+ if (full_pathname == NULL) {
+ TALLOC_FREE(frame);
+ errno = ENOENT;
+ return NULL;
+ }
+
+ rc = SMBC_parse_path(frame,
+ context,
+ full_pathname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ &options);
+ if (rc != 0) {
+ TALLOC_FREE(frame);
+ errno = ENOENT;
+ return NULL;
+ }
+
+ setup_stat(st,
+ path,
+ smb_finfo->size,
+ smb_finfo->attrs,
+ ino,
+ dir->srv->dev,
+ smb_finfo->atime_ts,
+ smb_finfo->ctime_ts,
+ smb_finfo->mtime_ts);
+
+ TALLOC_FREE(full_pathname);
+
+ dir->dirplus_next = dir->dirplus_next->next;
+
+ /*
+ * If we are returning file entries, we
+ * have a duplicate list in dir_list
+ *
+ * Update dir_next also so readdir and
+ * readdirplus are kept in sync.
+ */
+ if (dir->dir_list) {
+ dir->dir_next = dir->dir_next->next;
+ }
+
+ TALLOC_FREE(frame);
+ return smb_finfo;
+}
+
+/*
+ * Routine to get directory entries
+ */
+
+int
+SMBC_getdents_ctx(SMBCCTX *context,
+ SMBCFILE *dir,
+ struct smbc_dirent *dirp,
+ int count)
+{
+ int rem = count;
+ int reqd;
+ int maxlen;
+ char *ndir = (char *)dirp;
+ struct smbc_dir_list *dirlist;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /* Check that all is ok first ... */
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, dir)) {
+
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ if (dir->file != False) { /* FIXME, should be dir, perhaps */
+
+ errno = ENOTDIR;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ /*
+ * Now, retrieve the number of entries that will fit in what was passed
+ * We have to figure out if the info is in the list, or we need to
+ * send a request to the server to get the info.
+ */
+
+ while ((dirlist = dir->dir_next)) {
+ int ret;
+ struct smbc_dirent *dirent;
+ struct smbc_dirent *currentEntry = (struct smbc_dirent *)ndir;
+
+ if (!dirlist->dirent) {
+
+ errno = ENOENT; /* Bad error */
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ /* Do urlencoding of next entry, if so selected */
+ dirent = &context->internal->dirent;
+ maxlen = sizeof(context->internal->_dirent_name);
+ ret = smbc_readdir_internal(context, dirent,
+ dirlist->dirent, maxlen);
+ if (ret == -1) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ reqd = dirent->dirlen;
+
+ if (rem < reqd) {
+
+ if (rem < count) { /* We managed to copy something */
+
+ errno = 0;
+ TALLOC_FREE(frame);
+ return count - rem;
+
+ }
+ else { /* Nothing copied ... */
+
+ errno = EINVAL; /* Not enough space ... */
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ }
+
+ memcpy(currentEntry, dirent, reqd); /* Copy the data in ... */
+
+ currentEntry->comment = &currentEntry->name[0] +
+ dirent->namelen + 1;
+
+ ndir += reqd;
+ rem -= reqd;
+
+ /* Try and align the struct for the next entry
+ on a valid pointer boundary by appending zeros */
+ while((rem > 0) && ((uintptr_t)ndir & (sizeof(void*) - 1))) {
+ *ndir = '\0';
+ rem--;
+ ndir++;
+ currentEntry->dirlen++;
+ }
+
+ dir->dir_next = dirlist = dirlist -> next;
+
+ /*
+ * If we are returning file entries, we
+ * have a duplicate list in dirplus.
+ *
+ * Update dirplus_next also so readdir and
+ * readdirplus are kept in sync.
+ */
+ if (dir->dirplus_list != NULL) {
+ dir->dirplus_next = dir->dirplus_next->next;
+ }
+ }
+
+ TALLOC_FREE(frame);
+
+ if (rem == count)
+ return 0;
+ else
+ return count - rem;
+
+}
+
+/*
+ * Routine to create a directory ...
+ */
+
+int
+SMBC_mkdir_ctx(SMBCCTX *context,
+ const char *fname,
+ mode_t mode)
+{
+ SMBCSRV *srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ char *targetpath = NULL;
+ uint16_t port = 0;
+ struct cli_state *targetcli = NULL;
+ struct cli_credentials *creds = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_mkdir(%s)\n", fname));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+
+ if (!srv) {
+
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+
+ }
+
+ creds = context->internal->creds;
+
+ /*d_printf(">>>mkdir: resolving %s\n", path);*/
+ status = cli_resolve_path(frame, "",
+ creds,
+ srv->cli, path, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path);
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ /*d_printf(">>>mkdir: resolved path as %s\n", targetpath);*/
+
+ status = cli_mkdir(targetcli, targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+
+}
+
+/*
+ * Our list function simply checks to see if a directory is not empty
+ */
+
+static NTSTATUS
+rmdir_list_fn(struct file_info *finfo,
+ const char *mask,
+ void *state)
+{
+ if (strncmp(finfo->name, ".", 1) != 0 &&
+ strncmp(finfo->name, "..", 2) != 0) {
+ bool *smbc_rmdir_dirempty = (bool *)state;
+ *smbc_rmdir_dirempty = false;
+ }
+ return NT_STATUS_OK;
+}
+
+/*
+ * Routine to remove a directory
+ */
+
+int
+SMBC_rmdir_ctx(SMBCCTX *context,
+ const char *fname)
+{
+ SMBCSRV *srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ char *targetpath = NULL;
+ uint16_t port = 0;
+ struct cli_state *targetcli = NULL;
+ struct cli_credentials *creds = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_rmdir(%s)\n", fname));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+
+ if (!srv) {
+
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+
+ }
+
+ creds = context->internal->creds;
+
+ /*d_printf(">>>rmdir: resolving %s\n", path);*/
+ status = cli_resolve_path(frame, "",
+ creds,
+ srv->cli, path, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path);
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ /*d_printf(">>>rmdir: resolved path as %s\n", targetpath);*/
+
+ status = cli_rmdir(targetcli, targetpath);
+
+ if (!NT_STATUS_IS_OK(status)) {
+
+ errno = cli_status_to_errno(status);
+
+ if (errno == EACCES) { /* Check if the dir empty or not */
+
+ /* Local storage to avoid buffer overflows */
+ char *lpath;
+ bool smbc_rmdir_dirempty = true;
+
+ lpath = talloc_asprintf(frame, "%s\\*",
+ targetpath);
+ if (!lpath) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ status = cli_list(targetcli, lpath,
+ FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN,
+ rmdir_list_fn,
+ &smbc_rmdir_dirempty);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Fix errno to ignore latest error ... */
+ DBG_INFO("cli_list returned an error: %s\n",
+ nt_errstr(status));
+ errno = EACCES;
+
+ }
+
+ if (smbc_rmdir_dirempty)
+ errno = EACCES;
+ else
+ errno = ENOTEMPTY;
+
+ }
+
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+
+}
+
+/*
+ * Routine to return the current directory position
+ */
+
+off_t
+SMBC_telldir_ctx(SMBCCTX *context,
+ SMBCFILE *dir)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, dir)) {
+
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ if (dir->file != False) { /* FIXME, should be dir, perhaps */
+
+ errno = ENOTDIR;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ /* See if we're already at the end. */
+ if (dir->dir_next == NULL) {
+ /* We are. */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ /*
+ * We return the pointer here as the offset
+ */
+ TALLOC_FREE(frame);
+ return (off_t)(long)dir->dir_next->dirent;
+}
+
+/*
+ * A routine to run down the list and see if the entry is OK
+ * Modifies the dir list and the dirplus list (if it exists)
+ * to point at the correct next entry on success.
+ */
+
+static bool update_dir_ents(SMBCFILE *dir, struct smbc_dirent *dirent)
+{
+ struct smbc_dir_list *tmp_dir = dir->dir_list;
+ struct smbc_dirplus_list *tmp_dirplus = dir->dirplus_list;
+
+ /*
+ * Run down the list looking for what we want.
+ * If we're enumerating files both dir_list
+ * and dirplus_list contain the same entry
+ * list, as they were seeded from the same
+ * cli_list callback.
+ *
+ * If we're enumerating servers then
+ * dirplus_list will be NULL, so don't
+ * update in that case.
+ */
+
+ while (tmp_dir != NULL) {
+ if (tmp_dir->dirent == dirent) {
+ dir->dir_next = tmp_dir;
+ if (tmp_dirplus != NULL) {
+ dir->dirplus_next = tmp_dirplus;
+ }
+ return true;
+ }
+ tmp_dir = tmp_dir->next;
+ if (tmp_dirplus != NULL) {
+ tmp_dirplus = tmp_dirplus->next;
+ }
+ }
+ return false;
+}
+
+/*
+ * Routine to seek on a directory
+ */
+
+int
+SMBC_lseekdir_ctx(SMBCCTX *context,
+ SMBCFILE *dir,
+ off_t offset)
+{
+ long int l_offset = offset; /* Handle problems of size */
+ struct smbc_dirent *dirent = (struct smbc_dirent *)l_offset;
+ TALLOC_CTX *frame = talloc_stackframe();
+ bool ok;
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ if (dir->file != False) { /* FIXME, should be dir, perhaps */
+
+ errno = ENOTDIR;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ /* Now, check what we were passed and see if it is OK ... */
+
+ if (dirent == NULL) { /* Seek to the beginning of the list */
+
+ dir->dir_next = dir->dir_list;
+
+ /* Do the same for dirplus. */
+ dir->dirplus_next = dir->dirplus_list;
+
+ TALLOC_FREE(frame);
+ return 0;
+
+ }
+
+ if (offset == -1) { /* Seek to the end of the list */
+ dir->dir_next = NULL;
+
+ /* Do the same for dirplus. */
+ dir->dirplus_next = NULL;
+
+ TALLOC_FREE(frame);
+ return 0;
+ }
+
+ /*
+ * Run down the list and make sure that the entry is OK.
+ * Update the position of both dir and dirplus lists.
+ */
+
+ ok = update_dir_ents(dir, dirent);
+ if (!ok) {
+ errno = EINVAL; /* Bad entry */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/*
+ * Routine to fstat a dir
+ */
+
+int
+SMBC_fstatdir_ctx(SMBCCTX *context,
+ SMBCFILE *dir,
+ struct stat *st)
+{
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL;
+ return -1;
+ }
+
+ /* No code yet ... */
+ return 0;
+}
+
+int
+SMBC_chmod_ctx(SMBCCTX *context,
+ const char *fname,
+ mode_t newmode)
+{
+ SMBCSRV *srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *targetpath = NULL;
+ struct cli_state *targetcli = NULL;
+ char *path = NULL;
+ uint32_t attr;
+ uint16_t port = 0;
+ struct cli_credentials *creds = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_chmod(%s, 0%3o)\n", fname, (unsigned int)newmode));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ creds = context->internal->creds;
+
+ /*d_printf(">>>unlink: resolving %s\n", path);*/
+ status = cli_resolve_path(frame, "",
+ creds,
+ srv->cli, path, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path);
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ attr = 0;
+
+ if (!(newmode & (S_IWUSR | S_IWGRP | S_IWOTH))) attr |= FILE_ATTRIBUTE_READONLY;
+ if ((newmode & S_IXUSR) && lp_map_archive(-1)) attr |= FILE_ATTRIBUTE_ARCHIVE;
+ if ((newmode & S_IXGRP) && lp_map_system(-1)) attr |= FILE_ATTRIBUTE_SYSTEM;
+ if ((newmode & S_IXOTH) && lp_map_hidden(-1)) attr |= FILE_ATTRIBUTE_HIDDEN;
+
+ status = cli_setatr(targetcli, targetpath, attr, 0);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+int
+SMBC_utimes_ctx(SMBCCTX *context,
+ const char *fname,
+ struct timeval *tbuf)
+{
+ SMBCSRV *srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ struct timespec access_time, write_time;
+ uint16_t port = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ bool ok;
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (tbuf == NULL) {
+ access_time = write_time = timespec_current();
+ } else {
+ access_time = convert_timeval_to_timespec(tbuf[0]);
+ write_time = convert_timeval_to_timespec(tbuf[1]);
+ }
+
+ if (DEBUGLVL(4)) {
+ struct timeval_buf abuf, wbuf;
+
+ dbgtext("smbc_utimes(%s, atime = %s mtime = %s)\n",
+ fname,
+ timespec_string_buf(&access_time, false, &abuf),
+ timespec_string_buf(&write_time, false, &wbuf));
+ }
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ ok = SMBC_setatr(
+ context,
+ srv,
+ path,
+ (struct timespec) { .tv_nsec = SAMBA_UTIME_OMIT },
+ access_time,
+ write_time,
+ (struct timespec) { .tv_nsec = SAMBA_UTIME_OMIT },
+ 0);
+ if (!ok) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_setatr */
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/*
+ * Routine to unlink() a file
+ */
+
+int
+SMBC_unlink_ctx(SMBCCTX *context,
+ const char *fname)
+{
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ char *targetpath = NULL;
+ uint16_t port = 0;
+ struct cli_state *targetcli = NULL;
+ SMBCSRV *srv = NULL;
+ struct cli_credentials *creds = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* SMBC_server sets errno */
+
+ }
+
+ creds = context->internal->creds;
+
+ /*d_printf(">>>unlink: resolving %s\n", path);*/
+ status = cli_resolve_path(frame, "",
+ creds,
+ srv->cli, path, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path);
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ /*d_printf(">>>unlink: resolved path as %s\n", targetpath);*/
+
+ status = cli_unlink(
+ targetcli,
+ targetpath,
+ FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
+
+ if (!NT_STATUS_IS_OK(status)) {
+
+ errno = cli_status_to_errno(status);
+
+ if (errno == EACCES) { /* Check if the file is a directory */
+
+ int saverr = errno;
+ struct stat sb = {0};
+
+ status = SMBC_getatr(context, srv, path, &sb);
+ if (!NT_STATUS_IS_OK(status)) {
+ /* Hmmm, bad error ... What? */
+
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+
+ }
+ else {
+
+ if (S_ISDIR(sb.st_mode))
+ errno = EISDIR;
+ else
+ errno = saverr; /* Restore this */
+
+ }
+ }
+
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ TALLOC_FREE(frame);
+ return 0; /* Success ... */
+
+}
+
+/*
+ * Routine to rename() a file
+ */
+
+int
+SMBC_rename_ctx(SMBCCTX *ocontext,
+ const char *oname,
+ SMBCCTX *ncontext,
+ const char *nname)
+{
+ char *server1 = NULL;
+ char *share1 = NULL;
+ char *server2 = NULL;
+ char *share2 = NULL;
+ char *user1 = NULL;
+ char *user2 = NULL;
+ char *password1 = NULL;
+ char *password2 = NULL;
+ char *workgroup = NULL;
+ char *path1 = NULL;
+ char *path2 = NULL;
+ char *targetpath1 = NULL;
+ char *targetpath2 = NULL;
+ struct cli_state *targetcli1 = NULL;
+ struct cli_state *targetcli2 = NULL;
+ SMBCSRV *srv = NULL;
+ uint16_t port1 = 0;
+ uint16_t port2 = 0;
+ struct cli_credentials *ocreds = NULL;
+ struct cli_credentials *ncreds = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!ocontext || !ncontext ||
+ !ocontext->internal->initialized ||
+ !ncontext->internal->initialized) {
+
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!oname || !nname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_rename(%s,%s)\n", oname, nname));
+
+ if (SMBC_parse_path(frame,
+ ocontext,
+ oname,
+ &workgroup,
+ &server1,
+ &port1,
+ &share1,
+ &path1,
+ &user1,
+ &password1,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user1 || user1[0] == (char)0) {
+ user1 = talloc_strdup(frame, smbc_getUser(ocontext));
+ if (!user1) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ if (SMBC_parse_path(frame,
+ ncontext,
+ nname,
+ NULL,
+ &server2,
+ &port2,
+ &share2,
+ &path2,
+ &user2,
+ &password2,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user2 || user2[0] == (char)0) {
+ user2 = talloc_strdup(frame, smbc_getUser(ncontext));
+ if (!user2) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ if (strcmp(server1, server2) || strcmp(share1, share2) ||
+ strcmp(user1, user2)) {
+ /* Can't rename across file systems, or users?? */
+ errno = EXDEV;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ srv = SMBC_server(frame, ocontext, True,
+ server1, port1, share1, &workgroup, &user1, &password1);
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+
+ /* set the credentials to make DFS work */
+ smbc_set_credentials_with_fallback(ocontext,
+ workgroup,
+ user1,
+ password1);
+
+ /*d_printf(">>>rename: resolving %s\n", path1);*/
+ ocreds = ocontext->internal->creds;
+
+ status = cli_resolve_path(frame, "",
+ ocreds,
+ srv->cli, path1, &targetcli1, &targetpath1);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path1);
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ /* set the credentials to make DFS work */
+ smbc_set_credentials_with_fallback(ncontext,
+ workgroup,
+ user2,
+ password2);
+
+ /*d_printf(">>>rename: resolved path as %s\n", targetpath1);*/
+ /*d_printf(">>>rename: resolving %s\n", path2);*/
+ ncreds = ncontext->internal->creds;
+
+ status = cli_resolve_path(frame, "",
+ ncreds,
+ srv->cli, path2, &targetcli2, &targetpath2);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path2);
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ /*d_printf(">>>rename: resolved path as %s\n", targetpath2);*/
+
+ if (strcmp(smbXcli_conn_remote_name(targetcli1->conn), smbXcli_conn_remote_name(targetcli2->conn)) ||
+ strcmp(targetcli1->share, targetcli2->share))
+ {
+ /* can't rename across file systems */
+ errno = EXDEV;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ status = cli_rename(targetcli1, targetpath1, targetpath2, false);
+ if (!NT_STATUS_IS_OK(status)) {
+ int eno = cli_status_to_errno(status);
+
+ if (eno != EEXIST ||
+ !NT_STATUS_IS_OK(cli_unlink(targetcli1, targetpath2,
+ FILE_ATTRIBUTE_SYSTEM |
+ FILE_ATTRIBUTE_HIDDEN)) ||
+ !NT_STATUS_IS_OK(cli_rename(targetcli1, targetpath1,
+ targetpath2, false))) {
+
+ errno = eno;
+ TALLOC_FREE(frame);
+ return -1;
+
+ }
+ }
+
+ TALLOC_FREE(frame);
+ return 0; /* Success */
+}
+
+struct smbc_notify_cb_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ uint16_t fnum;
+ bool recursive;
+ uint32_t completion_filter;
+ unsigned callback_timeout_ms;
+ smbc_notify_callback_fn cb;
+ void *private_data;
+};
+
+static void smbc_notify_cb_got_changes(struct tevent_req *subreq);
+static void smbc_notify_cb_timedout(struct tevent_req *subreq);
+
+static struct tevent_req *smbc_notify_cb_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ uint16_t fnum, bool recursive, uint32_t completion_filter,
+ unsigned callback_timeout_ms,
+ smbc_notify_callback_fn cb, void *private_data)
+{
+ struct tevent_req *req, *subreq;
+ struct smbc_notify_cb_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct smbc_notify_cb_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->fnum = fnum;
+ state->recursive = recursive;
+ state->completion_filter = completion_filter;
+ state->callback_timeout_ms = callback_timeout_ms;
+ state->cb = cb;
+ state->private_data = private_data;
+
+ subreq = cli_notify_send(
+ state, state->ev, state->cli, state->fnum, 1000,
+ state->completion_filter, state->recursive);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, smbc_notify_cb_got_changes, req);
+
+ if (state->callback_timeout_ms == 0) {
+ return req;
+ }
+
+ subreq = tevent_wakeup_send(
+ state, state->ev,
+ tevent_timeval_current_ofs(state->callback_timeout_ms/1000,
+ state->callback_timeout_ms*1000));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, smbc_notify_cb_timedout, req);
+
+ return req;
+}
+
+static void smbc_notify_cb_got_changes(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smbc_notify_cb_state *state = tevent_req_data(
+ req, struct smbc_notify_cb_state);
+ uint32_t num_changes;
+ struct notify_change *changes;
+ NTSTATUS status;
+ int cb_ret;
+
+ status = cli_notify_recv(subreq, state, &num_changes, &changes);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+
+ {
+ struct smbc_notify_callback_action actions[num_changes];
+ uint32_t i;
+
+ for (i=0; i<num_changes; i++) {
+ actions[i].action = changes[i].action;
+ actions[i].filename = changes[i].name;
+ }
+
+ cb_ret = state->cb(actions, num_changes, state->private_data);
+ }
+
+ TALLOC_FREE(changes);
+
+ if (cb_ret != 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = cli_notify_send(
+ state, state->ev, state->cli, state->fnum, 1000,
+ state->completion_filter, state->recursive);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, smbc_notify_cb_got_changes, req);
+}
+
+static void smbc_notify_cb_timedout(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smbc_notify_cb_state *state = tevent_req_data(
+ req, struct smbc_notify_cb_state);
+ int cb_ret;
+ bool ok;
+
+ ok = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ok) {
+ tevent_req_oom(req);
+ return;
+ }
+
+ cb_ret = state->cb(NULL, 0, state->private_data);
+ if (cb_ret != 0) {
+ tevent_req_done(req);
+ return;
+ }
+
+ subreq = tevent_wakeup_send(
+ state, state->ev,
+ tevent_timeval_current_ofs(state->callback_timeout_ms/1000,
+ state->callback_timeout_ms*1000));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, smbc_notify_cb_timedout, req);
+}
+
+static NTSTATUS smbc_notify_cb_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+static NTSTATUS smbc_notify_cb(struct cli_state *cli, uint16_t fnum,
+ bool recursive, uint32_t completion_filter,
+ unsigned callback_timeout_ms,
+ smbc_notify_callback_fn cb, void *private_data)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = smbc_notify_cb_send(frame, ev, cli, fnum, recursive,
+ completion_filter,
+ callback_timeout_ms, cb, private_data);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = smbc_notify_cb_recv(req);
+ TALLOC_FREE(req);
+fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+int
+SMBC_notify_ctx(SMBCCTX *context, SMBCFILE *dir, smbc_bool recursive,
+ uint32_t completion_filter, unsigned callback_timeout_ms,
+ smbc_notify_callback_fn cb, void *private_data)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct cli_state *cli;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *options = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ uint16_t port;
+ NTSTATUS status;
+ uint16_t fnum;
+
+ if ((context == NULL) || !context->internal->initialized) {
+ TALLOC_FREE(frame);
+ errno = EINVAL;
+ return -1;
+ }
+ if (!SMBC_dlist_contains(context->internal->files, dir)) {
+ TALLOC_FREE(frame);
+ errno = EBADF;
+ return -1;
+ }
+
+ if (SMBC_parse_path(frame,
+ context,
+ dir->fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ &options)) {
+ DEBUG(4, ("no valid path\n"));
+ TALLOC_FREE(frame);
+ errno = EINVAL + 8194;
+ return -1;
+ }
+
+ DEBUG(4, ("parsed path: fname='%s' server='%s' share='%s' "
+ "path='%s' options='%s'\n",
+ dir->fname, server, share, path, options));
+
+ DEBUG(4, ("%s(%p, %d, %"PRIu32")\n", __func__, dir,
+ (int)recursive, completion_filter));
+
+ cli = dir->srv->cli;
+ status = cli_ntcreate(
+ cli, path, 0, FILE_READ_DATA, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_OPEN, 0, 0, &fnum, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ status = smbc_notify_cb(cli, fnum, recursive != 0, completion_filter,
+ callback_timeout_ms, cb, private_data);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_close(cli, fnum);
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ cli_close(cli, fnum);
+
+ TALLOC_FREE(frame);
+ return 0;
+}
diff --git a/source3/libsmb/libsmb_file.c b/source3/libsmb/libsmb_file.c
new file mode 100644
index 0000000..ff18d56
--- /dev/null
+++ b/source3/libsmb/libsmb_file.c
@@ -0,0 +1,803 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/*
+ * Routine to open() a file ...
+ */
+
+SMBCFILE *
+SMBC_open_ctx(SMBCCTX *context,
+ const char *fname,
+ int flags,
+ mode_t mode)
+{
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ char *targetpath = NULL;
+ struct cli_state *targetcli = NULL;
+ SMBCSRV *srv = NULL;
+ SMBCFILE *file = NULL;
+ uint16_t fd;
+ uint16_t port = 0;
+ NTSTATUS status = NT_STATUS_OBJECT_PATH_INVALID;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+ if (!srv) {
+ if (errno == EPERM) errno = EACCES;
+ TALLOC_FREE(frame);
+ return NULL; /* SMBC_server sets errno */
+ }
+
+ /* Hmmm, the test for a directory is suspect here ... FIXME */
+
+ if (strlen(path) > 0 && path[strlen(path) - 1] == '\\') {
+ status = NT_STATUS_OBJECT_PATH_INVALID;
+ } else {
+ struct cli_credentials *creds = NULL;
+
+ file = SMB_MALLOC_P(SMBCFILE);
+ if (!file) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ ZERO_STRUCTP(file);
+
+ creds = context->internal->creds;
+ /*d_printf(">>>open: resolving %s\n", path);*/
+ status = cli_resolve_path(
+ frame, "",
+ creds,
+ srv->cli, path, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path);
+ errno = ENOENT;
+ SAFE_FREE(file);
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+ /*d_printf(">>>open: resolved %s as %s\n", path, targetpath);*/
+
+ status = cli_open(targetcli, targetpath, flags,
+ context->internal->share_mode, &fd);
+ if (!NT_STATUS_IS_OK(status)) {
+
+ /* Handle the error ... */
+
+ SAFE_FREE(file);
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return NULL;
+ }
+
+ /* Fill in file struct */
+
+ file->cli_fd = fd;
+ file->fname = SMB_STRDUP(fname);
+ file->srv = srv;
+ file->offset = 0;
+ file->file = True;
+ /*
+ * targetcli is either equal to srv->cli or
+ * is a subsidiary DFS connection. Either way
+ * file->cli_fd belongs to it so we must cache
+ * it for read/write/close, not re-resolve each time.
+ * Re-resolving is both slow and incorrect.
+ */
+ file->targetcli = targetcli;
+
+ DLIST_ADD(context->internal->files, file);
+
+ /*
+ * If the file was opened in O_APPEND mode, all write
+ * operations should be appended to the file. To do that,
+ * though, using this protocol, would require a getattrE()
+ * call for each and every write, to determine where the end
+ * of the file is. (There does not appear to be an append flag
+ * in the protocol.) Rather than add all of that overhead of
+ * retrieving the current end-of-file offset prior to each
+ * write operation, we'll assume that most append operations
+ * will continuously write, so we'll just set the offset to
+ * the end of the file now and hope that's adequate.
+ *
+ * Note to self: If this proves inadequate, and O_APPEND
+ * should, in some cases, be forced for each write, add a
+ * field in the context options structure, for
+ * "strict_append_mode" which would select between the current
+ * behavior (if FALSE) or issuing a getattrE() prior to each
+ * write and forcing the write to the end of the file (if
+ * TRUE). Adding that capability will likely require adding
+ * an "append" flag into the _SMBCFILE structure to track
+ * whether a file was opened in O_APPEND mode. -- djl
+ */
+ if (flags & O_APPEND) {
+ if (SMBC_lseek_ctx(context, file, 0, SEEK_END) < 0) {
+ (void) SMBC_close_ctx(context, file);
+ errno = ENXIO;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+ }
+
+ TALLOC_FREE(frame);
+ return file;
+ }
+
+ /* Check if opendir needed ... */
+
+ if (!NT_STATUS_IS_OK(status)) {
+ file = smbc_getFunctionOpendir(context)(context, fname);
+ TALLOC_FREE(frame);
+ if (file == NULL) {
+ errno = cli_status_to_errno(status);
+ }
+ return file;
+ }
+
+ errno = EINVAL; /* FIXME, correct errno ? */
+ TALLOC_FREE(frame);
+ return NULL;
+}
+
+/*
+ * Routine to create a file
+ */
+
+SMBCFILE *
+SMBC_creat_ctx(SMBCCTX *context,
+ const char *path,
+ mode_t mode)
+{
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ return SMBC_open_ctx(context, path,
+ O_WRONLY | O_CREAT | O_TRUNC, mode);
+}
+
+/*
+ * Routine to read() a file ...
+ */
+
+ssize_t
+SMBC_read_ctx(SMBCCTX *context,
+ SMBCFILE *file,
+ void *buf,
+ size_t count)
+{
+ size_t ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ /*
+ * offset:
+ *
+ * Compiler bug (possibly) -- gcc (GCC) 3.3.5 (Debian 1:3.3.5-2) --
+ * appears to pass file->offset (which is type off_t) differently than
+ * a local variable of type off_t. Using local variable "offset" in
+ * the call to cli_read() instead of file->offset fixes a problem
+ * retrieving data at an offset greater than 4GB.
+ */
+ off_t offset;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_read(%p, %zu)\n", file, count));
+
+ if (!SMBC_dlist_contains(context->internal->files, file)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ offset = file->offset;
+
+ /* Check that the buffer exists ... */
+
+ if (buf == NULL) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ status = cli_read(file->targetcli, file->cli_fd, (char *)buf, offset,
+ count, &ret);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ file->offset += ret;
+
+ DEBUG(4, (" --> %zu\n", ret));
+
+ TALLOC_FREE(frame);
+ return ret; /* Success, ret bytes of data ... */
+}
+
+off_t
+SMBC_splice_ctx(SMBCCTX *context,
+ SMBCFILE *srcfile,
+ SMBCFILE *dstfile,
+ off_t count,
+ int (*splice_cb)(off_t n, void *priv),
+ void *priv)
+{
+ off_t written = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, srcfile)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, dstfile)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ status = cli_splice(srcfile->targetcli, dstfile->targetcli,
+ srcfile->cli_fd, dstfile->cli_fd,
+ count, srcfile->offset, dstfile->offset, &written,
+ splice_cb, priv);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ srcfile->offset += written;
+ dstfile->offset += written;
+
+ TALLOC_FREE(frame);
+ return written;
+}
+
+/*
+ * Routine to write() a file ...
+ */
+
+ssize_t
+SMBC_write_ctx(SMBCCTX *context,
+ SMBCFILE *file,
+ const void *buf,
+ size_t count)
+{
+ off_t offset;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ /* First check all pointers before dereferencing them */
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, file)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ /* Check that the buffer exists ... */
+
+ if (buf == NULL) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ offset = file->offset; /* See "offset" comment in SMBC_read_ctx() */
+
+ status = cli_writeall(file->targetcli, file->cli_fd,
+ 0, (const uint8_t *)buf, offset, count, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = map_errno_from_nt_status(status);
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ file->offset += count;
+
+ TALLOC_FREE(frame);
+ return count; /* Success, 0 bytes of data ... */
+}
+
+/*
+ * Routine to close() a file ...
+ */
+
+int
+SMBC_close_ctx(SMBCCTX *context,
+ SMBCFILE *file)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, file)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ /* IS a dir ... */
+ if (!file->file) {
+ TALLOC_FREE(frame);
+ return smbc_getFunctionClosedir(context)(context, file);
+ }
+
+ status = cli_close(file->targetcli, file->cli_fd);
+ if (!NT_STATUS_IS_OK(status)) {
+ SMBCSRV *srv;
+ DEBUG(3, ("cli_close failed on %s. purging server.\n",
+ file->fname));
+ /* Deallocate slot and remove the server
+ * from the server cache if unused */
+ srv = file->srv;
+ DLIST_REMOVE(context->internal->files, file);
+ SAFE_FREE(file->fname);
+ SAFE_FREE(file);
+ smbc_getFunctionRemoveUnusedServer(context)(context, srv);
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ DLIST_REMOVE(context->internal->files, file);
+ SAFE_FREE(file->fname);
+ SAFE_FREE(file);
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/*
+ * Get info from an SMB server on a file. Use a qpathinfo call first
+ * and if that fails, use getatr, as Win95 sometimes refuses qpathinfo
+ */
+NTSTATUS
+SMBC_getatr(SMBCCTX * context,
+ SMBCSRV *srv,
+ const char *path,
+ struct stat *sb)
+{
+ char *fixedpath = NULL;
+ char *targetpath = NULL;
+ struct cli_state *targetcli = NULL;
+ uint32_t attr = 0;
+ off_t size = 0;
+ struct timespec create_time_ts = {0};
+ struct timespec access_time_ts = {0};
+ struct timespec write_time_ts = {0};
+ struct timespec change_time_ts = {0};
+ struct timespec w_time_ts = {0};
+ time_t write_time = 0;
+ SMB_INO_T ino = 0;
+ mode_t mode = S_IFREG;
+ struct cli_credentials *creds = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* path fixup for . and .. */
+ if (ISDOT(path) || ISDOTDOT(path)) {
+ fixedpath = talloc_strdup(frame, "\\");
+ if (!fixedpath) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ } else {
+ fixedpath = talloc_strdup(frame, path);
+ if (!fixedpath) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ trim_string(fixedpath, NULL, "\\..");
+ trim_string(fixedpath, NULL, "\\.");
+ }
+ DEBUG(4,("SMBC_getatr: sending qpathinfo\n"));
+
+ creds = context->internal->creds;
+
+ status = cli_resolve_path(frame, "",
+ creds,
+ srv->cli, fixedpath,
+ &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Couldn't resolve %s\n", path);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+
+ if (!srv->no_pathinfo2) {
+ bool not_supported_error = false;
+ status = cli_qpathinfo2(targetcli,
+ targetpath,
+ &create_time_ts,
+ &access_time_ts,
+ &write_time_ts,
+ &change_time_ts,
+ &size,
+ &attr,
+ &ino,
+ &mode);
+ if (NT_STATUS_IS_OK(status)) {
+ goto setup_stat;
+ }
+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ not_supported_error = true;
+ }
+ if (!not_supported_error) {
+ /* "Normal error". Just return it to caller. */
+ TALLOC_FREE(frame);
+ return status;
+ }
+ }
+
+ srv->no_pathinfo2 = True;
+
+ if (!srv->no_pathinfo3) {
+ bool not_supported_error = false;
+ status = cli_qpathinfo3(targetcli,
+ targetpath,
+ &create_time_ts,
+ &access_time_ts,
+ &write_time_ts,
+ &change_time_ts,
+ &size,
+ &attr,
+ &ino);
+ if (NT_STATUS_IS_OK(status)) {
+ goto setup_stat;
+ }
+ if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ not_supported_error = true;
+ }
+ if (!not_supported_error) {
+ /* "Normal error". Just return it to caller. */
+ TALLOC_FREE(frame);
+ return status;
+ }
+ }
+
+ srv->no_pathinfo3 = True;
+
+ /* if this is NT then don't bother with the getatr */
+ if (smb1cli_conn_capabilities(targetcli->conn) & CAP_NT_SMBS) {
+ goto all_failed;
+ }
+
+ status = cli_getatr(targetcli, targetpath, &attr, &size, &write_time);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto all_failed;
+ }
+ w_time_ts = convert_time_t_to_timespec(write_time);
+ access_time_ts = change_time_ts = write_time_ts = w_time_ts;
+
+setup_stat:
+ setup_stat(sb,
+ path,
+ size,
+ attr,
+ ino,
+ srv->dev,
+ access_time_ts,
+ change_time_ts,
+ write_time_ts);
+
+ if ((context->internal->posix_extensions) && (mode != S_IFREG)) {
+ sb->st_mode = (sb->st_mode & ~S_IFMT) | mode;
+ }
+
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+
+all_failed:
+ srv->no_pathinfo2 = False;
+ srv->no_pathinfo3 = False;
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/*
+ * Set file info on an SMB server. Use setpathinfo call first. If that
+ * fails, use setattrE..
+ *
+ * Access and modification time parameters are always used and must be
+ * provided. Create time, if zero, will be determined from the actual create
+ * time of the file. If non-zero, the create time will be set as well.
+ *
+ * "attr" (attributes) parameter may be set to -1 if it is not to be set.
+ */
+bool
+SMBC_setatr(SMBCCTX * context, SMBCSRV *srv, char *path,
+ struct timespec create_time,
+ struct timespec access_time,
+ struct timespec write_time,
+ struct timespec change_time,
+ uint16_t attr)
+{
+ uint16_t fd;
+ uint32_t lattr = (uint32_t)attr;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (attr == (uint16_t)-1) {
+ /*
+ * External ABI only passes in
+ * 16-bits of attribute. Make
+ * sure we correctly map to
+ * (uint32_t)-1 meaning don't
+ * change attributes if attr was
+ * passed in as 16-bit -1.
+ */
+ lattr = (uint32_t)-1;
+ }
+
+
+ /*
+ * First, try setpathinfo (if qpathinfo succeeded), for it is the
+ * modern function for "new code" to be using, and it works given a
+ * filename rather than requiring that the file be opened to have its
+ * attributes manipulated.
+ */
+ if (srv->no_pathinfo ||
+ !NT_STATUS_IS_OK(cli_setpathinfo_ext(srv->cli, path,
+ create_time,
+ access_time,
+ write_time,
+ change_time,
+ lattr))) {
+
+ /*
+ * setpathinfo is not supported; go to plan B.
+ *
+ * cli_setatr() does not work on win98, and it also doesn't
+ * support setting the access time (only the modification
+ * time), so in all cases, we open the specified file and use
+ * cli_setattrE() which should work on all OS versions, and
+ * supports both times.
+ */
+
+ /* Don't try {q,set}pathinfo() again, with this server */
+ srv->no_pathinfo = True;
+
+ /* Open the file */
+ status = cli_open(srv->cli, path, O_RDWR, DENY_NONE, &fd);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return False;
+ }
+
+ /* Set the new attributes */
+ status = cli_setattrE(
+ srv->cli,
+ fd,
+ change_time.tv_sec,
+ access_time.tv_sec,
+ write_time.tv_sec);
+
+ /* Close the file */
+ cli_close(srv->cli, fd);
+
+ /*
+ * Unfortunately, setattrE() doesn't have a provision for
+ * setting the access attr (attributes). We'll have to try
+ * cli_setatr() for that, and with only this parameter, it
+ * seems to work on win98.
+ */
+ if (NT_STATUS_IS_OK(status) && attr != (uint16_t) -1) {
+ status = cli_setatr(srv->cli, path, (uint32_t)attr, 0);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return False;
+ }
+ }
+
+ TALLOC_FREE(frame);
+ return True;
+}
+
+/*
+ * A routine to lseek() a file
+ */
+
+off_t
+SMBC_lseek_ctx(SMBCCTX *context,
+ SMBCFILE *file,
+ off_t offset,
+ int whence)
+{
+ off_t size;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, file)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!file->file) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1; /* Can't lseek a dir ... */
+ }
+
+ switch (whence) {
+ case SEEK_SET:
+ file->offset = offset;
+ break;
+ case SEEK_CUR:
+ file->offset += offset;
+ break;
+ case SEEK_END:
+ if (!NT_STATUS_IS_OK(cli_qfileinfo_basic(
+ file->targetcli, file->cli_fd, NULL,
+ &size, NULL, NULL, NULL, NULL,
+ NULL))) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ file->offset = size + offset;
+ break;
+ default:
+ errno = EINVAL;
+ break;
+ }
+
+ TALLOC_FREE(frame);
+ return file->offset;
+}
+
+
+/*
+ * Routine to truncate a file given by its file descriptor, to a specified size
+ */
+
+int
+SMBC_ftruncate_ctx(SMBCCTX *context,
+ SMBCFILE *file,
+ off_t length)
+{
+ off_t size = length;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, file)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!file->file) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!NT_STATUS_IS_OK(cli_ftruncate(file->targetcli, file->cli_fd, (uint64_t)size))) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
diff --git a/source3/libsmb/libsmb_misc.c b/source3/libsmb/libsmb_misc.c
new file mode 100644
index 0000000..4509895
--- /dev/null
+++ b/source3/libsmb/libsmb_misc.c
@@ -0,0 +1,46 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+
+
+/*
+ * check if an element is part of the list.
+ */
+bool SMBC_dlist_contains(SMBCFILE * list, SMBCFILE *p)
+{
+ if ((p == NULL) || (list == NULL)) {
+ return false;
+ }
+ do {
+ if (p == list) {
+ return true;
+ }
+ list = list->next;
+ } while (list != NULL);
+ return false;
+}
diff --git a/source3/libsmb/libsmb_path.c b/source3/libsmb/libsmb_path.c
new file mode 100644
index 0000000..615de1c
--- /dev/null
+++ b/source3/libsmb/libsmb_path.c
@@ -0,0 +1,416 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+
+
+/*
+ * smbc_urldecode()
+ * and urldecode_talloc() (internal fn.)
+ *
+ * Convert strings of %xx to their single character equivalent. Each 'x' must
+ * be a valid hexadecimal digit, or that % sequence is left undecoded.
+ *
+ * dest may, but need not be, the same pointer as src.
+ *
+ * Returns the number of % sequences which could not be converted due to lack
+ * of two following hexadecimal digits.
+ */
+static int
+urldecode_talloc(TALLOC_CTX *ctx, char **pp_dest, const char *src)
+{
+ int old_length = strlen(src);
+ int i = 0;
+ int err_count = 0;
+ size_t newlen = 1;
+ char *p, *dest;
+
+ if (old_length == 0) {
+ return 0;
+ }
+
+ *pp_dest = NULL;
+ for (i = 0; i < old_length; ) {
+ unsigned char character = src[i++];
+
+ if (character == '%') {
+ uint8_t v;
+ bool ok = hex_byte(&src[i], &v);
+ if (ok) {
+ character = v;
+ if (character == '\0') {
+ break; /* Stop at %00 */
+ }
+ i += 2;
+ } else {
+ err_count++;
+ }
+ }
+ newlen++;
+ }
+
+ dest = talloc_array(ctx, char, newlen);
+ if (!dest) {
+ return err_count;
+ }
+
+ err_count = 0;
+ for (p = dest, i = 0; i < old_length; ) {
+ unsigned char character = src[i++];
+
+ if (character == '%') {
+ uint8_t v;
+ bool ok = hex_byte(&src[i], &v);
+ if (ok) {
+ character = v;
+ if (character == '\0') {
+ break; /* Stop at %00 */
+ }
+ i += 2;
+ } else {
+ err_count++;
+ }
+ }
+ *p++ = character;
+ }
+
+ *p = '\0';
+ *pp_dest = dest;
+ return err_count;
+}
+
+int
+smbc_urldecode(char *dest,
+ char *src,
+ size_t max_dest_len)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ char *pdest;
+ int ret = urldecode_talloc(frame, &pdest, src);
+
+ if (pdest) {
+ strlcpy(dest, pdest, max_dest_len);
+ }
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/*
+ * smbc_urlencode()
+ *
+ * Convert any characters not specifically allowed in a URL into their %xx
+ * equivalent.
+ *
+ * Returns the remaining buffer length.
+ */
+int
+smbc_urlencode(char *dest,
+ char *src,
+ int max_dest_len)
+{
+ char hex[] = "0123456789ABCDEF";
+
+ for (; *src != '\0' && max_dest_len >= 3; src++) {
+
+ if ((*src < '0' &&
+ *src != '-' &&
+ *src != '.') ||
+ (*src > '9' &&
+ *src < 'A') ||
+ (*src > 'Z' &&
+ *src < 'a' &&
+ *src != '_') ||
+ (*src > 'z')) {
+ *dest++ = '%';
+ *dest++ = hex[(*src >> 4) & 0x0f];
+ *dest++ = hex[*src & 0x0f];
+ max_dest_len -= 3;
+ } else {
+ *dest++ = *src;
+ max_dest_len--;
+ }
+ }
+
+ if (max_dest_len <= 0) {
+ /* Ensure we return -1 if no null termination. */
+ return -1;
+ }
+
+ *dest++ = '\0';
+ max_dest_len--;
+
+ return max_dest_len;
+}
+
+/*
+ * Function to parse a path and turn it into components
+ *
+ * The general format of an SMB URI is explain in Christopher Hertel's CIFS
+ * book, at http://ubiqx.org/cifs/Appendix-D.html. We accept a subset of the
+ * general format ("smb:" only; we do not look for "cifs:").
+ *
+ *
+ * We accept:
+ * smb://[[[domain;]user[:password]@]server[:port][/share[/path[/file]]]]
+ * [?options]
+ *
+ * Meaning of URLs:
+ *
+ * smb:// Show all workgroups.
+ *
+ * The method of locating the list of workgroups varies
+ * depending upon the setting of the context variable
+ * context->options.browse_max_lmb_count. This value
+ * determines the maximum number of local master browsers to
+ * query for the list of workgroups. In order to ensure that
+ * a complete list of workgroups is obtained, all master
+ * browsers must be queried, but if there are many
+ * workgroups, the time spent querying can begin to add up.
+ * For small networks (not many workgroups), it is suggested
+ * that this variable be set to 0, indicating query all local
+ * master browsers. When the network has many workgroups, a
+ * reasonable setting for this variable might be around 3.
+ *
+ * smb://name/ if name<1D> or name<1B> exists, list servers in
+ * workgroup, else, if name<20> exists, list all shares
+ * for server ...
+ *
+ * If "options" are provided, this function returns the entire option list as a
+ * string, for later parsing by the caller. Note that currently, no options
+ * are supported.
+ */
+
+#define SMBC_PREFIX "smb:"
+
+int
+SMBC_parse_path(TALLOC_CTX *ctx,
+ SMBCCTX *context,
+ const char *fname,
+ char **pp_workgroup,
+ char **pp_server,
+ uint16_t *p_port,
+ char **pp_share,
+ char **pp_path,
+ char **pp_user,
+ char **pp_password,
+ char **pp_options)
+{
+ char *s;
+ const char *p;
+ char *q, *r;
+ char *workgroup = NULL;
+ int len;
+
+ /* Ensure these returns are at least valid pointers. */
+ *pp_server = talloc_strdup(ctx, "");
+ *p_port = smbc_getPort(context);
+ *pp_share = talloc_strdup(ctx, "");
+ *pp_path = talloc_strdup(ctx, "");
+ *pp_user = talloc_strdup(ctx, "");
+ *pp_password = talloc_strdup(ctx, "");
+
+ if (!*pp_server || !*pp_share || !*pp_path ||
+ !*pp_user || !*pp_password) {
+ return -1;
+ }
+
+ /*
+ * Assume we won't find an authentication domain to parse, so default
+ * to the workgroup in the provided context.
+ */
+ if (pp_workgroup != NULL) {
+ *pp_workgroup =
+ talloc_strdup(ctx, smbc_getWorkgroup(context));
+ }
+
+ if (pp_options) {
+ *pp_options = talloc_strdup(ctx, "");
+ }
+ s = talloc_strdup(ctx, fname);
+
+ /* see if it has the right prefix */
+ len = strlen(SMBC_PREFIX);
+ if (strncmp(s,SMBC_PREFIX,len) || (s[len] != '/' && s[len] != 0)) {
+ return -1; /* What about no smb: ? */
+ }
+
+ p = s + len;
+
+ /* Watch the test below, we are testing to see if we should exit */
+
+ if (strncmp(p, "//", 2) && strncmp(p, "\\\\", 2)) {
+ DEBUG(1, ("Invalid path (does not begin with smb://)\n"));
+ return -1;
+ }
+
+ p += 2; /* Skip the double slash */
+
+ /* See if any options were specified */
+ if ((q = strrchr(p, '?')) != NULL ) {
+ /* There are options. Null terminate here and point to them */
+ *q++ = '\0';
+
+ DEBUG(4, ("Found options '%s'\n", q));
+
+ /* Copy the options */
+ if (pp_options && *pp_options != NULL) {
+ TALLOC_FREE(*pp_options);
+ *pp_options = talloc_strdup(ctx, q);
+ }
+ }
+
+ if (*p == '\0') {
+ goto decoding;
+ }
+
+ if (*p == '/') {
+ *pp_server = talloc_strndup(
+ ctx, smbc_getWorkgroup(context), 16);
+ if (!*pp_server) {
+ return -1;
+ }
+ return 0;
+ }
+
+ /*
+ * ok, its for us. Now parse out the server, share etc.
+ *
+ * However, we want to parse out [[domain;]user[:password]@] if it
+ * exists ...
+ */
+
+ /* check that '@' occurs before '/', if '/' exists at all */
+ q = strchr_m(p, '@');
+ r = strchr_m(p, '/');
+ if (q && (!r || q < r)) {
+ char *userinfo = NULL;
+ const char *u;
+
+ next_token_no_ltrim_talloc(ctx, &p, &userinfo, "@");
+ if (!userinfo) {
+ return -1;
+ }
+ u = userinfo;
+
+ if (strchr_m(u, ';')) {
+ next_token_no_ltrim_talloc(ctx, &u, &workgroup, ";");
+ if (!workgroup) {
+ return -1;
+ }
+ if (pp_workgroup) {
+ *pp_workgroup = workgroup;
+ }
+ }
+
+ if (strchr_m(u, ':')) {
+ next_token_no_ltrim_talloc(ctx, &u, pp_user, ":");
+ if (!*pp_user) {
+ return -1;
+ }
+ *pp_password = talloc_strdup(ctx, u);
+ if (!*pp_password) {
+ return -1;
+ }
+ } else {
+ *pp_user = talloc_strdup(ctx, u);
+ if (!*pp_user) {
+ return -1;
+ }
+ }
+ }
+
+ if (!next_token_talloc(ctx, &p, pp_server, "/")) {
+ return -1;
+ }
+
+ /*
+ * Does *pp_server contain a ':' ? If so
+ * this denotes the port.
+ */
+ q = strchr_m(*pp_server, ':');
+ if (q != NULL) {
+ long int port;
+ char *endptr = NULL;
+ *q = '\0';
+ q++;
+ if (*q == '\0') {
+ /* Bad port. */
+ return -1;
+ }
+ port = strtol(q, &endptr, 10);
+ if (*endptr != '\0') {
+ /* Bad port. */
+ return -1;
+ }
+ *p_port = (uint16_t)port;
+ }
+
+ if (*p == (char)0) {
+ goto decoding; /* That's it ... */
+ }
+
+ if (!next_token_talloc(ctx, &p, pp_share, "/")) {
+ return -1;
+ }
+
+ /*
+ * Prepend a leading slash if there's a file path, as required by
+ * NetApp filers.
+ */
+ if (*p != '\0') {
+ *pp_path = talloc_asprintf(ctx,
+ "\\%s",
+ p);
+ } else {
+ *pp_path = talloc_strdup(ctx, "");
+ }
+ if (!*pp_path) {
+ return -1;
+ }
+ string_replace(*pp_path, '/', '\\');
+
+decoding:
+ (void) urldecode_talloc(ctx, pp_path, *pp_path);
+ (void) urldecode_talloc(ctx, pp_server, *pp_server);
+ (void) urldecode_talloc(ctx, pp_share, *pp_share);
+ (void) urldecode_talloc(ctx, pp_user, *pp_user);
+ (void) urldecode_talloc(ctx, pp_password, *pp_password);
+
+ if (!workgroup) {
+ workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
+ }
+ if (!workgroup) {
+ return -1;
+ }
+
+ /* set the credentials to make DFS work */
+ smbc_set_credentials_with_fallback(context,
+ workgroup,
+ *pp_user,
+ *pp_password);
+ return 0;
+}
+
diff --git a/source3/libsmb/libsmb_printjob.c b/source3/libsmb/libsmb_printjob.c
new file mode 100644
index 0000000..2b05dd0
--- /dev/null
+++ b/source3/libsmb/libsmb_printjob.c
@@ -0,0 +1,335 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+
+
+/*
+ * Open a print file to be written to by other calls
+ */
+
+SMBCFILE *
+SMBC_open_print_job_ctx(SMBCCTX *context,
+ const char *fname)
+{
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *path = NULL;
+ uint16_t port = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ DEBUG(4, ("SMBC_open_print_job_ctx(%s)\n", fname));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ NULL,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return NULL;
+ }
+
+ /* What if the path is empty, or the file exists? */
+
+ TALLOC_FREE(frame);
+ return smbc_getFunctionOpen(context)(context, fname, O_WRONLY, 666);
+}
+
+/*
+ * Routine to print a file on a remote server ...
+ *
+ * We open the file, which we assume to be on a remote server, and then
+ * copy it to a print file on the share specified by printq.
+ */
+
+int
+SMBC_print_file_ctx(SMBCCTX *c_file,
+ const char *fname,
+ SMBCCTX *c_print,
+ const char *printq)
+{
+ SMBCFILE *fid1;
+ SMBCFILE *fid2;
+ smbc_open_fn f_open1;
+ smbc_open_print_job_fn f_open_pj2;
+ int bytes;
+ int saverr;
+ int tot_bytes = 0;
+ char buf[4096];
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!c_file || !c_file->internal->initialized ||
+ !c_print || !c_print->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname && !printq) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ /* Try to open the file for reading ... */
+ f_open1 = smbc_getFunctionOpen(c_file);
+ if (f_open1 == NULL) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ fid1 = f_open1(c_file, fname, O_RDONLY, 0666);
+ if (fid1 == NULL) {
+ DEBUG(3, ("Error, fname=%s, errno=%i\n", fname, errno));
+ TALLOC_FREE(frame);
+ return -1; /* smbc_open sets errno */
+ }
+
+ /* Now, try to open the printer file for writing */
+ f_open_pj2 = smbc_getFunctionOpenPrintJob(c_print);
+ if (f_open_pj2 == NULL) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ fid2 = f_open_pj2(c_print, printq);
+ if (fid2 == NULL) {
+ saverr = errno; /* Save errno */
+ smbc_getFunctionClose(c_file)(c_file, fid1);
+ errno = saverr;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ while ((bytes = smbc_getFunctionRead(c_file)(c_file, fid1,
+ buf, sizeof(buf))) > 0) {
+ tot_bytes += bytes;
+
+ if ((smbc_getFunctionWrite(c_print)(c_print, fid2,
+ buf, bytes)) < 0) {
+ saverr = errno;
+ smbc_getFunctionClose(c_file)(c_file, fid1);
+ smbc_getFunctionClose(c_print)(c_print, fid2);
+ errno = saverr;
+ }
+ }
+
+ saverr = errno;
+
+ smbc_getFunctionClose(c_file)(c_file, fid1);
+ smbc_getFunctionClose(c_print)(c_print, fid2);
+
+ if (bytes < 0) {
+ errno = saverr;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return tot_bytes;
+}
+
+/*
+ * Routine to list print jobs on a printer share ...
+ */
+
+int
+SMBC_list_print_jobs_ctx(SMBCCTX *context,
+ const char *fname,
+ smbc_list_print_job_fn fn)
+{
+ SMBCSRV *srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ uint16_t port = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_list_print_jobs(%s)\n", fname));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ status = cli_print_queue(srv->cli,
+ (void (*)(struct print_job_info *))fn);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/*
+ * Delete a print job from a remote printer share
+ */
+
+int
+SMBC_unlink_print_job_ctx(SMBCCTX *context,
+ const char *fname,
+ int id)
+{
+ SMBCSRV *srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ uint16_t port = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_unlink_print_job(%s)\n", fname));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ status = cli_printjob_del(srv->cli, id);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = cli_status_to_errno(status);
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
new file mode 100644
index 0000000..69b51b8
--- /dev/null
+++ b/source3/libsmb/libsmb_server.c
@@ -0,0 +1,910 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+ Copyright (C) SATOH Fumiyasu <fumiyas@osstech.co.jp> 2009.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+#include "../librpc/gen_ndr/ndr_lsa.h"
+#include "rpc_client/cli_pipe.h"
+#include "rpc_client/cli_lsarpc.h"
+#include "libcli/security/security.h"
+#include "libsmb/nmblib.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/*
+ * Check a server for being alive and well.
+ * returns 0 if the server is in shape. Returns 1 on error
+ *
+ * Also usable outside libsmbclient to enable external cache
+ * to do some checks too.
+ */
+int
+SMBC_check_server(SMBCCTX * context,
+ SMBCSRV * server)
+{
+ time_t now;
+
+ if (!cli_state_is_connected(server->cli)) {
+ return 1;
+ }
+
+ now = time_mono(NULL);
+
+ if (server->last_echo_time == (time_t)0 ||
+ now > server->last_echo_time +
+ (server->cli->timeout/1000)) {
+ unsigned char data[16] = {0};
+ NTSTATUS status = cli_echo(server->cli,
+ 1,
+ data_blob_const(data, sizeof(data)));
+ if (!NT_STATUS_IS_OK(status)) {
+ bool ok = false;
+ /*
+ * Some SMB2 servers (not Samba or Windows)
+ * check the session status on SMB2_ECHO and return
+ * NT_STATUS_USER_SESSION_DELETED
+ * if the session was not set. That's OK, they still
+ * replied.
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13218
+ */
+ if (smbXcli_conn_protocol(server->cli->conn) >=
+ PROTOCOL_SMB2_02) {
+ if (NT_STATUS_EQUAL(status,
+ NT_STATUS_USER_SESSION_DELETED)) {
+ ok = true;
+ }
+ }
+ /*
+ * Some NetApp servers return
+ * NT_STATUS_INVALID_PARAMETER.That's OK, they still
+ * replied.
+ * BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
+ */
+ if (NT_STATUS_EQUAL(status,
+ NT_STATUS_INVALID_PARAMETER)) {
+ ok = true;
+ }
+ if (!ok) {
+ return 1;
+ }
+ }
+ server->last_echo_time = now;
+ }
+ return 0;
+}
+
+/*
+ * Remove a server from the cached server list it's unused.
+ * On success, 0 is returned. 1 is returned if the server could not be removed.
+ *
+ * Also usable outside libsmbclient
+ */
+int
+SMBC_remove_unused_server(SMBCCTX * context,
+ SMBCSRV * srv)
+{
+ SMBCFILE * file;
+
+ /* are we being fooled ? */
+ if (!context || !context->internal->initialized || !srv) {
+ return 1;
+ }
+
+ /* Check all open files/directories for a relation with this server */
+ for (file = context->internal->files; file; file = file->next) {
+ if (file->srv == srv) {
+ /* Still used */
+ DEBUG(3, ("smbc_remove_usused_server: "
+ "%p still used by %p.\n",
+ srv, file));
+ return 1;
+ }
+ }
+
+ DLIST_REMOVE(context->internal->servers, srv);
+
+ cli_shutdown(srv->cli);
+ srv->cli = NULL;
+
+ DEBUG(3, ("smbc_remove_usused_server: %p removed.\n", srv));
+
+ smbc_getFunctionRemoveCachedServer(context)(context, srv);
+
+ SAFE_FREE(srv);
+ return 0;
+}
+
+/****************************************************************
+ * Call the auth_fn with fixed size (fstring) buffers.
+ ***************************************************************/
+static void
+SMBC_call_auth_fn(TALLOC_CTX *ctx,
+ SMBCCTX *context,
+ const char *server,
+ const char *share,
+ char **pp_workgroup,
+ char **pp_username,
+ char **pp_password)
+{
+ fstring workgroup = { 0 };
+ fstring username = { 0 };
+ fstring password = { 0 };
+ smbc_get_auth_data_with_context_fn auth_with_context_fn;
+
+ if (*pp_workgroup != NULL) {
+ strlcpy(workgroup, *pp_workgroup, sizeof(workgroup));
+ }
+ if (*pp_username != NULL) {
+ strlcpy(username, *pp_username, sizeof(username));
+ }
+ if (*pp_password != NULL) {
+ strlcpy(password, *pp_password, sizeof(password));
+ }
+
+ /* See if there's an authentication with context function provided */
+ auth_with_context_fn = smbc_getFunctionAuthDataWithContext(context);
+ if (auth_with_context_fn)
+ {
+ (* auth_with_context_fn)(context,
+ server, share,
+ workgroup, sizeof(workgroup),
+ username, sizeof(username),
+ password, sizeof(password));
+ }
+ else
+ {
+ smbc_getFunctionAuthData(context)(server, share,
+ workgroup, sizeof(workgroup),
+ username, sizeof(username),
+ password, sizeof(password));
+ }
+
+ TALLOC_FREE(*pp_workgroup);
+ TALLOC_FREE(*pp_username);
+ TALLOC_FREE(*pp_password);
+
+ *pp_workgroup = talloc_strdup(ctx, workgroup);
+ *pp_username = talloc_strdup(ctx, username);
+ *pp_password = talloc_strdup(ctx, password);
+}
+
+
+void
+SMBC_get_auth_data(const char *server, const char *share,
+ char *workgroup_buf, int workgroup_buf_len,
+ char *username_buf, int username_buf_len,
+ char *password_buf, int password_buf_len)
+{
+ /* Default function just uses provided data. Nothing to do. */
+}
+
+
+
+SMBCSRV *
+SMBC_find_server(TALLOC_CTX *ctx,
+ SMBCCTX *context,
+ const char *server,
+ const char *share,
+ char **pp_workgroup,
+ char **pp_username,
+ char **pp_password)
+{
+ SMBCSRV *srv;
+ int auth_called = 0;
+
+ if (!pp_workgroup || !pp_username || !pp_password) {
+ return NULL;
+ }
+
+check_server_cache:
+
+ srv = smbc_getFunctionGetCachedServer(context)(context,
+ server, share,
+ *pp_workgroup,
+ *pp_username);
+
+ if (!auth_called && !srv && (!*pp_username || !(*pp_username)[0] ||
+ !*pp_password || !(*pp_password)[0])) {
+ SMBC_call_auth_fn(ctx, context, server, share,
+ pp_workgroup, pp_username, pp_password);
+
+ /*
+ * However, smbc_auth_fn may have picked up info relating to
+ * an existing connection, so try for an existing connection
+ * again ...
+ */
+ auth_called = 1;
+ goto check_server_cache;
+
+ }
+
+ if (srv) {
+ if (smbc_getFunctionCheckServer(context)(context, srv)) {
+ /*
+ * This server is no good anymore
+ * Try to remove it and check for more possible
+ * servers in the cache
+ */
+ if (smbc_getFunctionRemoveUnusedServer(context)(context,
+ srv)) {
+ /*
+ * We could not remove the server completely,
+ * remove it from the cache so we will not get
+ * it again. It will be removed when the last
+ * file/dir is closed.
+ */
+ smbc_getFunctionRemoveCachedServer(context)(context,
+ srv);
+ }
+
+ /*
+ * Maybe there are more cached connections to this
+ * server
+ */
+ goto check_server_cache;
+ }
+
+ return srv;
+ }
+
+ return NULL;
+}
+
+static struct cli_credentials *SMBC_auth_credentials(TALLOC_CTX *mem_ctx,
+ SMBCCTX *context,
+ const char *domain,
+ const char *username,
+ const char *password)
+{
+ struct cli_credentials *creds = NULL;
+ bool use_kerberos = false;
+ bool fallback_after_kerberos = false;
+ bool use_ccache = false;
+ bool pw_nt_hash = false;
+
+ use_kerberos = smbc_getOptionUseKerberos(context);
+ fallback_after_kerberos = smbc_getOptionFallbackAfterKerberos(context);
+ use_ccache = smbc_getOptionUseCCache(context);
+ pw_nt_hash = smbc_getOptionUseNTHash(context);
+
+ creds = cli_session_creds_init(mem_ctx,
+ username,
+ domain,
+ NULL, /* realm */
+ password,
+ use_kerberos,
+ fallback_after_kerberos,
+ use_ccache,
+ pw_nt_hash);
+ if (creds == NULL) {
+ return NULL;
+ }
+
+ switch (context->internal->smb_encryption_level) {
+ case SMBC_ENCRYPTLEVEL_DEFAULT:
+ /* Use the config option */
+ break;
+ case SMBC_ENCRYPTLEVEL_NONE:
+ (void)cli_credentials_set_smb_encryption(
+ creds,
+ SMB_ENCRYPTION_OFF,
+ CRED_SPECIFIED);
+ break;
+ case SMBC_ENCRYPTLEVEL_REQUEST:
+ (void)cli_credentials_set_smb_encryption(
+ creds,
+ SMB_ENCRYPTION_DESIRED,
+ CRED_SPECIFIED);
+ break;
+ case SMBC_ENCRYPTLEVEL_REQUIRE:
+ default:
+ (void)cli_credentials_set_smb_encryption(
+ creds,
+ SMB_ENCRYPTION_REQUIRED,
+ CRED_SPECIFIED);
+ break;
+ }
+
+
+ return creds;
+}
+
+/*
+ * Connect to a server, possibly on an existing connection
+ *
+ * Here, what we want to do is: If the server and username
+ * match an existing connection, reuse that, otherwise, establish a
+ * new connection.
+ *
+ * If we have to create a new connection, call the auth_fn to get the
+ * info we need, unless the username and password were passed in.
+ */
+
+static SMBCSRV *
+SMBC_server_internal(TALLOC_CTX *ctx,
+ SMBCCTX *context,
+ bool connect_if_not_found,
+ const char *server,
+ uint16_t port,
+ const char *share,
+ char **pp_workgroup,
+ char **pp_username,
+ char **pp_password,
+ bool *in_cache)
+{
+ SMBCSRV *srv=NULL;
+ char *workgroup = NULL;
+ struct cli_state *c = NULL;
+ const char *server_n = server;
+ int is_ipc = (share != NULL && strcmp(share, "IPC$") == 0);
+ uint32_t fs_attrs = 0;
+ const char *username_used = NULL;
+ const char *password_used = NULL;
+ NTSTATUS status;
+ char *newserver, *newshare;
+ int flags = 0;
+ struct smbXcli_tcon *tcon = NULL;
+ int signing_state = SMB_SIGNING_DEFAULT;
+ struct cli_credentials *creds = NULL;
+
+ *in_cache = false;
+
+ if (server[0] == 0) {
+ errno = EPERM;
+ return NULL;
+ }
+
+ /* Look for a cached connection */
+ srv = SMBC_find_server(ctx, context, server, share,
+ pp_workgroup, pp_username, pp_password);
+
+ /*
+ * If we found a connection and we're only allowed one share per
+ * server...
+ */
+ if (srv &&
+ share != NULL && *share != '\0' &&
+ smbc_getOptionOneSharePerServer(context)) {
+
+ /*
+ * ... then if there's no current connection to the share,
+ * connect to it. SMBC_find_server(), or rather the function
+ * pointed to by context->get_cached_srv_fn which
+ * was called by SMBC_find_server(), will have issued a tree
+ * disconnect if the requested share is not the same as the
+ * one that was already connected.
+ */
+
+ /*
+ * Use srv->cli->desthost and srv->cli->share instead of
+ * server and share below to connect to the actual share,
+ * i.e., a normal share or a referred share from
+ * 'msdfs proxy' share.
+ */
+ if (!cli_state_has_tcon(srv->cli)) {
+ /* Ensure we have accurate auth info */
+ SMBC_call_auth_fn(ctx, context,
+ smbXcli_conn_remote_name(srv->cli->conn),
+ srv->cli->share,
+ pp_workgroup,
+ pp_username,
+ pp_password);
+
+ if (!*pp_workgroup || !*pp_username || !*pp_password) {
+ errno = ENOMEM;
+ cli_shutdown(srv->cli);
+ srv->cli = NULL;
+ smbc_getFunctionRemoveCachedServer(context)(context,
+ srv);
+ return NULL;
+ }
+
+ /*
+ * We don't need to renegotiate encryption
+ * here as the encryption context is not per
+ * tid.
+ */
+
+ status = cli_tree_connect(srv->cli,
+ srv->cli->share,
+ "?????",
+ *pp_password);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_shutdown(srv->cli);
+ errno = map_errno_from_nt_status(status);
+ srv->cli = NULL;
+ smbc_getFunctionRemoveCachedServer(context)(context,
+ srv);
+ srv = NULL;
+ goto not_found;
+ }
+
+ /* Determine if this share supports case sensitivity */
+ if (is_ipc) {
+ DEBUG(4,
+ ("IPC$ so ignore case sensitivity\n"));
+ status = NT_STATUS_OK;
+ } else {
+ status = cli_get_fs_attr_info(srv->cli, &fs_attrs);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(4, ("Could not retrieve "
+ "case sensitivity flag: %s.\n",
+ nt_errstr(status)));
+
+ /*
+ * We can't determine the case sensitivity of
+ * the share. We have no choice but to use the
+ * user-specified case sensitivity setting.
+ */
+ if (smbc_getOptionCaseSensitive(context)) {
+ cli_set_case_sensitive(srv->cli, true);
+ } else {
+ cli_set_case_sensitive(srv->cli, false);
+ }
+ } else if (!is_ipc) {
+ DEBUG(4,
+ ("Case sensitive: %s\n",
+ (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
+ ? "True"
+ : "False")));
+ cli_set_case_sensitive(
+ srv->cli,
+ (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
+ ? True
+ : False));
+ }
+
+ /*
+ * Regenerate the dev value since it's based on both
+ * server and share
+ */
+ if (srv) {
+ const char *remote_name =
+ smbXcli_conn_remote_name(srv->cli->conn);
+
+ srv->dev = (dev_t)(str_checksum(remote_name) ^
+ str_checksum(srv->cli->share));
+ }
+ }
+ }
+
+ not_found:
+
+ /* If we have a connection... */
+ if (srv) {
+
+ /* ... then we're done here. Give 'em what they came for. */
+ *in_cache = true;
+ goto done;
+ }
+
+ /* If we're not asked to connect when a connection doesn't exist... */
+ if (! connect_if_not_found) {
+ /* ... then we're done here. */
+ return NULL;
+ }
+
+ if (!*pp_workgroup || !*pp_username || !*pp_password) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ DEBUG(4,("SMBC_server: server_n=[%s] server=[%s]\n", server_n, server));
+
+ DEBUG(4,(" -> server_n=[%s] server=[%s]\n", server_n, server));
+
+ status = NT_STATUS_UNSUCCESSFUL;
+
+ if (context->internal->smb_encryption_level > SMBC_ENCRYPTLEVEL_NONE) {
+ signing_state = SMB_SIGNING_REQUIRED;
+ }
+
+ if (port == 0) {
+ if (share == NULL || *share == '\0' || is_ipc) {
+ /*
+ * Try 139 first for IPC$
+ */
+ status = cli_connect_nb(server_n, NULL, NBT_SMB_PORT, 0x20,
+ smbc_getNetbiosName(context),
+ signing_state, flags, &c);
+ }
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * No IPC$ or 139 did not work
+ */
+ status = cli_connect_nb(server_n, NULL, port, 0x20,
+ smbc_getNetbiosName(context),
+ signing_state, flags, &c);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
+ DBG_ERR("NetBIOS support disabled, unable to connect\n");
+ }
+
+ errno = map_errno_from_nt_status(status);
+ return NULL;
+ }
+
+ cli_set_timeout(c, smbc_getTimeout(context));
+
+ status = smbXcli_negprot(c->conn,
+ c->timeout,
+ lp_client_min_protocol(),
+ lp_client_max_protocol(),
+ NULL,
+ NULL,
+ NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_shutdown(c);
+ errno = map_errno_from_nt_status(status);
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+ /* Ensure we ask for some initial credits. */
+ smb2cli_conn_set_max_credits(c->conn, DEFAULT_SMB2_MAX_CREDITS);
+ }
+
+ username_used = *pp_username;
+ password_used = *pp_password;
+
+ creds = SMBC_auth_credentials(c,
+ context,
+ *pp_workgroup,
+ username_used,
+ password_used);
+ if (creds == NULL) {
+ cli_shutdown(c);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ status = cli_session_setup_creds(c, creds);
+ if (!NT_STATUS_IS_OK(status)) {
+
+ /* Failed. Try an anonymous login, if allowed by flags. */
+ username_used = "";
+ password_used = "";
+
+ if (smbc_getOptionNoAutoAnonymousLogin(context) ||
+ !NT_STATUS_IS_OK(cli_session_setup_anon(c))) {
+
+ cli_shutdown(c);
+ errno = map_errno_from_nt_status(status);
+ return NULL;
+ }
+ }
+
+ DEBUG(4,(" session setup ok\n"));
+
+ /* here's the fun part....to support 'msdfs proxy' shares
+ (on Samba or windows) we have to issues a TRANS_GET_DFS_REFERRAL
+ here before trying to connect to the original share.
+ cli_check_msdfs_proxy() will fail if it is a normal share. */
+
+ if (smbXcli_conn_dfs_supported(c->conn) &&
+ cli_check_msdfs_proxy(ctx, c, share,
+ &newserver, &newshare,
+ creds)) {
+ cli_shutdown(c);
+ srv = SMBC_server_internal(ctx, context, connect_if_not_found,
+ newserver, port, newshare, pp_workgroup,
+ pp_username, pp_password, in_cache);
+ TALLOC_FREE(newserver);
+ TALLOC_FREE(newshare);
+ return srv;
+ }
+
+ /* must be a normal share */
+
+ status = cli_tree_connect_creds(c, share, "?????", creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ cli_shutdown(c);
+ errno = map_errno_from_nt_status(status);
+ return NULL;
+ }
+
+ DEBUG(4,(" tconx ok\n"));
+
+ if (smbXcli_conn_protocol(c->conn) >= PROTOCOL_SMB2_02) {
+ tcon = c->smb2.tcon;
+ } else {
+ tcon = c->smb1.tcon;
+ }
+
+ /* Determine if this share supports case sensitivity */
+ if (is_ipc) {
+ DEBUG(4, ("IPC$ so ignore case sensitivity\n"));
+ status = NT_STATUS_OK;
+ } else {
+ status = cli_get_fs_attr_info(c, &fs_attrs);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(4, ("Could not retrieve case sensitivity flag: %s.\n",
+ nt_errstr(status)));
+
+ /*
+ * We can't determine the case sensitivity of the share. We
+ * have no choice but to use the user-specified case
+ * sensitivity setting.
+ */
+ if (smbc_getOptionCaseSensitive(context)) {
+ cli_set_case_sensitive(c, True);
+ } else {
+ cli_set_case_sensitive(c, False);
+ }
+ } else if (!is_ipc) {
+ DEBUG(4, ("Case sensitive: %s\n",
+ (fs_attrs & FILE_CASE_SENSITIVE_SEARCH
+ ? "True"
+ : "False")));
+ smbXcli_tcon_set_fs_attributes(tcon, fs_attrs);
+ }
+
+ /*
+ * Ok, we have got a nice connection
+ * Let's allocate a server structure.
+ */
+
+ srv = SMB_MALLOC_P(SMBCSRV);
+ if (!srv) {
+ cli_shutdown(c);
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ ZERO_STRUCTP(srv);
+ DLIST_ADD(srv->cli, c);
+ srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
+ srv->no_pathinfo = False;
+ srv->no_pathinfo2 = False;
+ srv->no_pathinfo3 = False;
+ srv->no_nt_session = False;
+
+done:
+ if (!pp_workgroup || !*pp_workgroup || !**pp_workgroup) {
+ workgroup = talloc_strdup(ctx, smbc_getWorkgroup(context));
+ } else {
+ workgroup = *pp_workgroup;
+ }
+ if(!workgroup) {
+ if (c != NULL) {
+ cli_shutdown(c);
+ }
+ SAFE_FREE(srv);
+ return NULL;
+ }
+
+ /* set the credentials to make DFS work */
+ smbc_set_credentials_with_fallback(context,
+ workgroup,
+ *pp_username,
+ *pp_password);
+
+ return srv;
+}
+
+SMBCSRV *
+SMBC_server(TALLOC_CTX *ctx,
+ SMBCCTX *context,
+ bool connect_if_not_found,
+ const char *server,
+ uint16_t port,
+ const char *share,
+ char **pp_workgroup,
+ char **pp_username,
+ char **pp_password)
+{
+ SMBCSRV *srv=NULL;
+ bool in_cache = false;
+
+ srv = SMBC_server_internal(ctx, context, connect_if_not_found,
+ server, port, share, pp_workgroup,
+ pp_username, pp_password, &in_cache);
+
+ if (!srv) {
+ return NULL;
+ }
+ if (in_cache) {
+ return srv;
+ }
+
+ /* Now add it to the cache (internal or external) */
+ /* Let the cache function set errno if it wants to */
+ errno = 0;
+ if (smbc_getFunctionAddCachedServer(context)(context, srv,
+ server, share,
+ *pp_workgroup,
+ *pp_username)) {
+ int saved_errno = errno;
+ DEBUG(3, (" Failed to add server to cache\n"));
+ errno = saved_errno;
+ if (errno == 0) {
+ errno = ENOMEM;
+ }
+ SAFE_FREE(srv);
+ return NULL;
+ }
+
+ DEBUG(2, ("Server connect ok: //%s/%s: %p\n",
+ server, share, srv));
+
+ DLIST_ADD(context->internal->servers, srv);
+ return srv;
+}
+
+/*
+ * Connect to a server for getting/setting attributes, possibly on an existing
+ * connection. This works similarly to SMBC_server().
+ */
+SMBCSRV *
+SMBC_attr_server(TALLOC_CTX *ctx,
+ SMBCCTX *context,
+ const char *server,
+ uint16_t port,
+ const char *share,
+ char **pp_workgroup,
+ char **pp_username,
+ char **pp_password)
+{
+ int flags;
+ struct cli_state *ipc_cli = NULL;
+ struct rpc_pipe_client *pipe_hnd = NULL;
+ NTSTATUS nt_status;
+ SMBCSRV *srv=NULL;
+ SMBCSRV *ipc_srv=NULL;
+
+ /*
+ * Use srv->cli->desthost and srv->cli->share instead of
+ * server and share below to connect to the actual share,
+ * i.e., a normal share or a referred share from
+ * 'msdfs proxy' share.
+ */
+ srv = SMBC_server(ctx, context, true, server, port, share,
+ pp_workgroup, pp_username, pp_password);
+ if (!srv) {
+ return NULL;
+ }
+ server = smbXcli_conn_remote_name(srv->cli->conn);
+ share = srv->cli->share;
+
+ /*
+ * See if we've already created this special connection. Reference
+ * our "special" share name '*IPC$', which is an impossible real share
+ * name due to the leading asterisk.
+ */
+ ipc_srv = SMBC_find_server(ctx, context, server, "*IPC$",
+ pp_workgroup, pp_username, pp_password);
+ if (!ipc_srv) {
+ struct cli_credentials *creds = NULL;
+
+ /* We didn't find a cached connection. Get the password */
+ if (!*pp_password || (*pp_password)[0] == '\0') {
+ /* ... then retrieve it now. */
+ SMBC_call_auth_fn(ctx, context, server, share,
+ pp_workgroup,
+ pp_username,
+ pp_password);
+ if (!*pp_workgroup || !*pp_username || !*pp_password) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ }
+
+ flags = 0;
+
+ creds = SMBC_auth_credentials(NULL,
+ context,
+ *pp_workgroup,
+ *pp_username,
+ *pp_password);
+ if (creds == NULL) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ nt_status = cli_full_connection_creds(&ipc_cli,
+ lp_netbios_name(), server,
+ NULL, 0, "IPC$", "?????",
+ creds,
+ flags);
+ if (! NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(creds);
+ DEBUG(1,("cli_full_connection failed! (%s)\n",
+ nt_errstr(nt_status)));
+ errno = ENOTSUP;
+ return NULL;
+ }
+ talloc_steal(ipc_cli, creds);
+
+ ipc_srv = SMB_MALLOC_P(SMBCSRV);
+ if (!ipc_srv) {
+ errno = ENOMEM;
+ cli_shutdown(ipc_cli);
+ return NULL;
+ }
+
+ ZERO_STRUCTP(ipc_srv);
+ DLIST_ADD(ipc_srv->cli, ipc_cli);
+
+ nt_status = cli_rpc_pipe_open_noauth(
+ ipc_srv->cli, &ndr_table_lsarpc, &pipe_hnd);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1, ("cli_nt_session_open fail!\n"));
+ errno = ENOTSUP;
+ cli_shutdown(ipc_srv->cli);
+ free(ipc_srv);
+ return NULL;
+ }
+
+ /*
+ * Some systems don't support
+ * SEC_FLAG_MAXIMUM_ALLOWED, but NT sends 0x2000000
+ * so we might as well do it too.
+ */
+
+ nt_status = rpccli_lsa_open_policy(
+ pipe_hnd,
+ talloc_tos(),
+ True,
+ GENERIC_EXECUTE_ACCESS,
+ &ipc_srv->pol);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ cli_shutdown(ipc_srv->cli);
+ free(ipc_srv);
+ errno = cli_status_to_errno(nt_status);
+ return NULL;
+ }
+
+ /* now add it to the cache (internal or external) */
+
+ errno = 0; /* let cache function set errno if it likes */
+ if (smbc_getFunctionAddCachedServer(context)(context, ipc_srv,
+ server,
+ "*IPC$",
+ *pp_workgroup,
+ *pp_username)) {
+ DEBUG(3, (" Failed to add server to cache\n"));
+ if (errno == 0) {
+ errno = ENOMEM;
+ }
+ cli_shutdown(ipc_srv->cli);
+ free(ipc_srv);
+ return NULL;
+ }
+
+ DLIST_ADD(context->internal->servers, ipc_srv);
+ }
+
+ return ipc_srv;
+}
diff --git a/source3/libsmb/libsmb_setget.c b/source3/libsmb/libsmb_setget.c
new file mode 100644
index 0000000..7b140d6
--- /dev/null
+++ b/source3/libsmb/libsmb_setget.c
@@ -0,0 +1,1155 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#define __LIBSMBCLIENT_INTERNAL__
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+#include "lib/param/param.h"
+
+
+/** Get the netbios name used for making connections */
+const char *
+smbc_getNetbiosName(SMBCCTX *c)
+{
+ return c->netbios_name;
+}
+
+/** Set the netbios name used for making connections */
+void
+smbc_setNetbiosName(SMBCCTX *c, const char *netbios_name)
+{
+ SAFE_FREE(c->netbios_name);
+ if (netbios_name) {
+ c->netbios_name = SMB_STRDUP(netbios_name);
+ }
+}
+
+/** Get the workgroup used for making connections */
+const char *
+smbc_getWorkgroup(SMBCCTX *c)
+{
+ return c->workgroup;
+}
+
+/** Set the workgroup used for making connections */
+void
+smbc_setWorkgroup(SMBCCTX *c, const char *workgroup)
+{
+ SAFE_FREE(c->workgroup);
+ if (workgroup) {
+ c->workgroup = SMB_STRDUP(workgroup);
+ }
+}
+
+/** Get the username used for making connections */
+const char *
+smbc_getUser(SMBCCTX *c)
+{
+ return c->user;
+}
+
+/** Set the username used for making connections */
+void
+smbc_setUser(SMBCCTX *c, const char *user)
+{
+ SAFE_FREE(c->user);
+ if (user) {
+ c->user = SMB_STRDUP(user);
+ }
+}
+
+/** Get the debug level */
+int
+smbc_getDebug(SMBCCTX *c)
+{
+ return c->debug;
+}
+
+/** Set the debug level */
+void
+smbc_setDebug(SMBCCTX *c, int debug)
+{
+ char buf[32];
+ TALLOC_CTX *frame = talloc_stackframe();
+ snprintf(buf, sizeof(buf), "%d", debug);
+ c->debug = debug;
+ lpcfg_set_cmdline(c->internal->lp_ctx, "log level", buf);
+ TALLOC_FREE(frame);
+}
+
+/** set callback function which will be called for logging */
+void
+smbc_setLogCallback(SMBCCTX *c, void *private_ptr,
+ smbc_debug_callback_fn fn)
+{
+ debug_set_callback(private_ptr, fn);
+}
+
+/** set configuration file */
+int smbc_setConfiguration(SMBCCTX *c, const char *file)
+{
+ bool ok;
+
+ ok = lp_load_client_no_reinit(file);
+ if (!ok) {
+ DBG_WARNING("Could not load config file: %s\n", file);
+ errno = ENOENT;
+ return -1;
+ }
+
+ DBG_NOTICE("Configuration loaded successfully: %s\n", file);
+ return 0;
+}
+/**
+ * Get the timeout used for waiting on connections and response data
+ * (in milliseconds)
+ */
+int
+smbc_getTimeout(SMBCCTX *c)
+{
+ return c->timeout;
+}
+
+/**
+ * Set the timeout used for waiting on connections and response data
+ * (in milliseconds)
+ */
+void
+smbc_setTimeout(SMBCCTX *c, int timeout)
+{
+ c->timeout = timeout;
+}
+
+/**
+ * Get the TCP port used to connect.
+ */
+uint16_t
+smbc_getPort(SMBCCTX *c)
+{
+ return c->internal->port;
+}
+
+/**
+ * Set the TCP port used to connect.
+ */
+void
+smbc_setPort(SMBCCTX *c, uint16_t port)
+{
+ c->internal->port = port;
+}
+
+
+/** Get whether to log to standard error instead of standard output */
+smbc_bool
+smbc_getOptionDebugToStderr(SMBCCTX *c)
+{
+ smbc_bool ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /* Because this is a global concept, it is better to check
+ * what is really set, rather than what we wanted set
+ * (particularly as you cannot go back to stdout). */
+ ret = debug_get_output_is_stderr();
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/** Set whether to log to standard error instead of standard output.
+ * This option is 'sticky' - once set to true, it cannot be set to
+ * false again, as it is global to the process, as once we have been
+ * told that it is not safe to safe to write to stdout, we shouldn't
+ * go back as we don't know it was this context that set it that way.
+ */
+void
+smbc_setOptionDebugToStderr(SMBCCTX *c, smbc_bool b)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ if (b) {
+ /*
+ * We do not have a unique per-thread debug state? For
+ * now, we'll just leave it up to the user. If any one
+ * context specifies debug to stderr then all will be (and
+ * will stay that way, as it is unsafe to flip back if
+ * stdout is in use for other things)
+ */
+ setup_logging("libsmbclient", DEBUG_STDERR);
+ }
+ TALLOC_FREE(frame);
+}
+
+/**
+ * Get whether to use new-style time attribute names, e.g. WRITE_TIME rather
+ * than the old-style names such as M_TIME. This allows also setting/getting
+ * CREATE_TIME which was previously unimplemented. (Note that the old C_TIME
+ * was supposed to be CHANGE_TIME but was confused and sometimes referred to
+ * CREATE_TIME.)
+ */
+smbc_bool
+smbc_getOptionFullTimeNames(SMBCCTX *c)
+{
+ return c->internal->full_time_names;
+}
+
+/**
+ * Set whether to use new-style time attribute names, e.g. WRITE_TIME rather
+ * than the old-style names such as M_TIME. This allows also setting/getting
+ * CREATE_TIME which was previously unimplemented. (Note that the old C_TIME
+ * was supposed to be CHANGE_TIME but was confused and sometimes referred to
+ * CREATE_TIME.)
+ */
+void
+smbc_setOptionFullTimeNames(SMBCCTX *c, smbc_bool b)
+{
+ c->internal->full_time_names = b;
+}
+
+/**
+ * Get the share mode to use for files opened with SMBC_open_ctx(). The
+ * default is SMBC_SHAREMODE_DENY_NONE.
+ */
+smbc_share_mode
+smbc_getOptionOpenShareMode(SMBCCTX *c)
+{
+ return c->internal->share_mode;
+}
+
+/**
+ * Set the share mode to use for files opened with SMBC_open_ctx(). The
+ * default is SMBC_SHAREMODE_DENY_NONE.
+ */
+void
+smbc_setOptionOpenShareMode(SMBCCTX *c, smbc_share_mode share_mode)
+{
+ c->internal->share_mode = share_mode;
+}
+
+/** Retrieve a previously set user data handle */
+void *
+smbc_getOptionUserData(SMBCCTX *c)
+{
+ return c->internal->user_data;
+}
+
+/** Save a user data handle */
+void
+smbc_setOptionUserData(SMBCCTX *c, void *user_data)
+{
+ c->internal->user_data = user_data;
+}
+
+/** Get the encoded value for encryption level. */
+smbc_smb_encrypt_level
+smbc_getOptionSmbEncryptionLevel(SMBCCTX *c)
+{
+ return c->internal->smb_encryption_level;
+}
+
+/** Set the encoded value for encryption level. */
+void
+smbc_setOptionSmbEncryptionLevel(SMBCCTX *c, smbc_smb_encrypt_level level)
+{
+ c->internal->smb_encryption_level = level;
+}
+
+/**
+ * Get whether to treat file names as case-sensitive if we can't determine
+ * when connecting to the remote share whether the file system is case
+ * sensitive. This defaults to FALSE since it's most likely that if we can't
+ * retrieve the file system attributes, it's a very old file system that does
+ * not support case sensitivity.
+ */
+smbc_bool
+smbc_getOptionCaseSensitive(SMBCCTX *c)
+{
+ return c->internal->case_sensitive;
+}
+
+/**
+ * Set whether to treat file names as case-sensitive if we can't determine
+ * when connecting to the remote share whether the file system is case
+ * sensitive. This defaults to FALSE since it's most likely that if we can't
+ * retrieve the file system attributes, it's a very old file system that does
+ * not support case sensitivity.
+ */
+void
+smbc_setOptionCaseSensitive(SMBCCTX *c, smbc_bool b)
+{
+ c->internal->case_sensitive = b;
+}
+
+/**
+ * Get from how many local master browsers should the list of workgroups be
+ * retrieved. It can take up to 12 minutes or longer after a server becomes a
+ * local master browser, for it to have the entire browse list (the list of
+ * workgroups/domains) from an entire network. Since a client never knows
+ * which local master browser will be found first, the one which is found
+ * first and used to retrieve a browse list may have an incomplete or empty
+ * browse list. By requesting the browse list from multiple local master
+ * browsers, a more complete list can be generated. For small networks (few
+ * workgroups), it is recommended that this value be set to 0, causing the
+ * browse lists from all found local master browsers to be retrieved and
+ * merged. For networks with many workgroups, a suitable value for this
+ * variable is probably somewhere around 3. (Default: 3).
+ */
+int
+smbc_getOptionBrowseMaxLmbCount(SMBCCTX *c)
+{
+ return c->options.browse_max_lmb_count;
+}
+
+/**
+ * Set from how many local master browsers should the list of workgroups be
+ * retrieved. It can take up to 12 minutes or longer after a server becomes a
+ * local master browser, for it to have the entire browse list (the list of
+ * workgroups/domains) from an entire network. Since a client never knows
+ * which local master browser will be found first, the one which is found
+ * first and used to retrieve a browse list may have an incomplete or empty
+ * browse list. By requesting the browse list from multiple local master
+ * browsers, a more complete list can be generated. For small networks (few
+ * workgroups), it is recommended that this value be set to 0, causing the
+ * browse lists from all found local master browsers to be retrieved and
+ * merged. For networks with many workgroups, a suitable value for this
+ * variable is probably somewhere around 3. (Default: 3).
+ */
+void
+smbc_setOptionBrowseMaxLmbCount(SMBCCTX *c, int count)
+{
+ c->options.browse_max_lmb_count = count;
+}
+
+/**
+ * Get whether to url-encode readdir entries.
+ *
+ * There is a difference in the desired return strings from
+ * smbc_readdir() depending upon whether the filenames are to
+ * be displayed to the user, or whether they are to be
+ * appended to the path name passed to smbc_opendir() to call
+ * a further smbc_ function (e.g. open the file with
+ * smbc_open()). In the former case, the filename should be
+ * in "human readable" form. In the latter case, the smbc_
+ * functions expect a URL which must be url-encoded. Those
+ * functions decode the URL. If, for example, smbc_readdir()
+ * returned a file name of "abc%20def.txt", passing a path
+ * with this file name attached to smbc_open() would cause
+ * smbc_open to attempt to open the file "abc def.txt" since
+ * the %20 is decoded into a space.
+ *
+ * Set this option to True if the names returned by
+ * smbc_readdir() should be url-encoded such that they can be
+ * passed back to another smbc_ call. Set it to False if the
+ * names returned by smbc_readdir() are to be presented to the
+ * user.
+ *
+ * For backwards compatibility, this option defaults to False.
+ */
+smbc_bool
+smbc_getOptionUrlEncodeReaddirEntries(SMBCCTX *c)
+{
+ return c->options.urlencode_readdir_entries;
+}
+
+/**
+ * Set whether to url-encode readdir entries.
+ *
+ * There is a difference in the desired return strings from
+ * smbc_readdir() depending upon whether the filenames are to
+ * be displayed to the user, or whether they are to be
+ * appended to the path name passed to smbc_opendir() to call
+ * a further smbc_ function (e.g. open the file with
+ * smbc_open()). In the former case, the filename should be
+ * in "human readable" form. In the latter case, the smbc_
+ * functions expect a URL which must be url-encoded. Those
+ * functions decode the URL. If, for example, smbc_readdir()
+ * returned a file name of "abc%20def.txt", passing a path
+ * with this file name attached to smbc_open() would cause
+ * smbc_open to attempt to open the file "abc def.txt" since
+ * the %20 is decoded into a space.
+ *
+ * Set this option to True if the names returned by
+ * smbc_readdir() should be url-encoded such that they can be
+ * passed back to another smbc_ call. Set it to False if the
+ * names returned by smbc_readdir() are to be presented to the
+ * user.
+ *
+ * For backwards compatibility, this option defaults to False.
+ */
+void
+smbc_setOptionUrlEncodeReaddirEntries(SMBCCTX *c, smbc_bool b)
+{
+ c->options.urlencode_readdir_entries = b;
+}
+
+/**
+ * Get whether to use the same connection for all shares on a server.
+ *
+ * Some Windows versions appear to have a limit to the number
+ * of concurrent SESSIONs and/or TREE CONNECTions. In
+ * one-shot programs (i.e. the program runs and then quickly
+ * ends, thereby shutting down all connections), it is
+ * probably reasonable to establish a new connection for each
+ * share. In long-running applications, the limitation can be
+ * avoided by using only a single connection to each server,
+ * and issuing a new TREE CONNECT when the share is accessed.
+ */
+smbc_bool
+smbc_getOptionOneSharePerServer(SMBCCTX *c)
+{
+ return c->options.one_share_per_server;
+}
+
+/**
+ * Set whether to use the same connection for all shares on a server.
+ *
+ * Some Windows versions appear to have a limit to the number
+ * of concurrent SESSIONs and/or TREE CONNECTions. In
+ * one-shot programs (i.e. the program runs and then quickly
+ * ends, thereby shutting down all connections), it is
+ * probably reasonable to establish a new connection for each
+ * share. In long-running applications, the limitation can be
+ * avoided by using only a single connection to each server,
+ * and issuing a new TREE CONNECT when the share is accessed.
+ */
+void
+smbc_setOptionOneSharePerServer(SMBCCTX *c, smbc_bool b)
+{
+ c->options.one_share_per_server = b;
+}
+
+/** Get whether to enable use of kerberos */
+smbc_bool
+smbc_getOptionUseKerberos(SMBCCTX *c)
+{
+ return c->flags & SMB_CTX_FLAG_USE_KERBEROS ? True : False;
+}
+
+/** Set whether to enable use of kerberos */
+void
+smbc_setOptionUseKerberos(SMBCCTX *c, smbc_bool b)
+{
+ if (b) {
+ c->flags |= SMB_CTX_FLAG_USE_KERBEROS;
+ } else {
+ c->flags &= ~SMB_CTX_FLAG_USE_KERBEROS;
+ }
+}
+
+/** Get whether to fallback after kerberos */
+smbc_bool
+smbc_getOptionFallbackAfterKerberos(SMBCCTX *c)
+{
+ return c->flags & SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS ? True : False;
+}
+
+/** Set whether to fallback after kerberos */
+void
+smbc_setOptionFallbackAfterKerberos(SMBCCTX *c, smbc_bool b)
+{
+ if (b) {
+ c->flags |= SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS;
+ } else {
+ c->flags &= ~SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS;
+ }
+}
+
+/** Get whether to automatically select anonymous login */
+smbc_bool
+smbc_getOptionNoAutoAnonymousLogin(SMBCCTX *c)
+{
+ return c->flags & SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON ? True : False;
+}
+
+/** Set whether to automatically select anonymous login */
+void
+smbc_setOptionNoAutoAnonymousLogin(SMBCCTX *c, smbc_bool b)
+{
+ if (b) {
+ c->flags |= SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON;
+ } else {
+ c->flags &= ~SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON;
+ }
+}
+
+/** Get whether to enable use of the winbind ccache */
+smbc_bool
+smbc_getOptionUseCCache(SMBCCTX *c)
+{
+ return c->flags & SMB_CTX_FLAG_USE_CCACHE ? True : False;
+}
+
+/** Set whether to enable use of the winbind ccache */
+void
+smbc_setOptionUseCCache(SMBCCTX *c, smbc_bool b)
+{
+ if (b) {
+ c->flags |= SMB_CTX_FLAG_USE_CCACHE;
+ } else {
+ c->flags &= ~SMB_CTX_FLAG_USE_CCACHE;
+ }
+}
+
+/** Get indication whether the password supplied is the NT hash */
+smbc_bool
+smbc_getOptionUseNTHash(SMBCCTX *c)
+{
+ return (c->flags & SMB_CTX_FLAG_USE_NT_HASH) != 0;
+}
+
+/** Set indication that the password supplied is the NT hash */
+void
+smbc_setOptionUseNTHash(SMBCCTX *c, smbc_bool b)
+{
+ if (b) {
+ c->flags |= SMB_CTX_FLAG_USE_NT_HASH;
+ } else {
+ c->flags &= ~SMB_CTX_FLAG_USE_NT_HASH;
+ }
+}
+
+smbc_bool
+smbc_setOptionProtocols(SMBCCTX *c,
+ const char *min_proto,
+ const char *max_proto)
+{
+ bool ok = true;
+
+ if (min_proto != NULL) {
+ ok = lpcfg_set_cmdline(c->internal->lp_ctx,
+ "client min protocol",
+ min_proto);
+ }
+
+ if (max_proto != NULL) {
+ ok &= lpcfg_set_cmdline(c->internal->lp_ctx,
+ "client max protocol",
+ max_proto);
+ }
+
+ return ok;
+}
+
+/** Get whether to enable POSIX extensions if available */
+smbc_bool
+smbc_getOptionPosixExtensions(SMBCCTX *c)
+{
+ return c->internal->posix_extensions;
+}
+
+/** Set whether to enable POSIX extensions if available */
+void
+smbc_setOptionPosixExtensions(SMBCCTX *c, smbc_bool b)
+{
+ c->internal->posix_extensions = b;
+}
+
+/** Get the function for obtaining authentication data */
+smbc_get_auth_data_fn
+smbc_getFunctionAuthData(SMBCCTX *c)
+{
+ smbc_get_auth_data_fn ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+ ret = c->callbacks.auth_fn;
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/** Set the function for obtaining authentication data */
+void
+smbc_setFunctionAuthData(SMBCCTX *c, smbc_get_auth_data_fn fn)
+{
+ c->internal->auth_fn_with_context = NULL;
+ c->callbacks.auth_fn = fn;
+}
+
+/** Get the new-style authentication function which includes the context. */
+smbc_get_auth_data_with_context_fn
+smbc_getFunctionAuthDataWithContext(SMBCCTX *c)
+{
+ return c->internal->auth_fn_with_context;
+}
+
+/** Set the new-style authentication function which includes the context. */
+void
+smbc_setFunctionAuthDataWithContext(SMBCCTX *c,
+ smbc_get_auth_data_with_context_fn fn)
+{
+ c->callbacks.auth_fn = NULL;
+ c->internal->auth_fn_with_context = fn;
+}
+
+/** Get the function for checking if a server is still good */
+smbc_check_server_fn
+smbc_getFunctionCheckServer(SMBCCTX *c)
+{
+ return c->callbacks.check_server_fn;
+}
+
+/** Set the function for checking if a server is still good */
+void
+smbc_setFunctionCheckServer(SMBCCTX *c, smbc_check_server_fn fn)
+{
+ c->callbacks.check_server_fn = fn;
+}
+
+/** Get the function for removing a server if unused */
+smbc_remove_unused_server_fn
+smbc_getFunctionRemoveUnusedServer(SMBCCTX *c)
+{
+ return c->callbacks.remove_unused_server_fn;
+}
+
+/** Set the function for removing a server if unused */
+void
+smbc_setFunctionRemoveUnusedServer(SMBCCTX *c,
+ smbc_remove_unused_server_fn fn)
+{
+ c->callbacks.remove_unused_server_fn = fn;
+}
+
+/** Get the function for adding a cached server */
+smbc_add_cached_srv_fn
+smbc_getFunctionAddCachedServer(SMBCCTX *c)
+{
+ return c->callbacks.add_cached_srv_fn;
+}
+
+/** Set the function for adding a cached server */
+void
+smbc_setFunctionAddCachedServer(SMBCCTX *c, smbc_add_cached_srv_fn fn)
+{
+ c->callbacks.add_cached_srv_fn = fn;
+}
+
+/** Get the function for server cache lookup */
+smbc_get_cached_srv_fn
+smbc_getFunctionGetCachedServer(SMBCCTX *c)
+{
+ return c->callbacks.get_cached_srv_fn;
+}
+
+/** Set the function for server cache lookup */
+void
+smbc_setFunctionGetCachedServer(SMBCCTX *c, smbc_get_cached_srv_fn fn)
+{
+ c->callbacks.get_cached_srv_fn = fn;
+}
+
+/** Get the function for server cache removal */
+smbc_remove_cached_srv_fn
+smbc_getFunctionRemoveCachedServer(SMBCCTX *c)
+{
+ return c->callbacks.remove_cached_srv_fn;
+}
+
+/** Set the function for server cache removal */
+void
+smbc_setFunctionRemoveCachedServer(SMBCCTX *c,
+ smbc_remove_cached_srv_fn fn)
+{
+ c->callbacks.remove_cached_srv_fn = fn;
+}
+
+/**
+ * Get the function for server cache purging. This function tries to
+ * remove all cached servers (e.g. on disconnect)
+ */
+smbc_purge_cached_fn
+smbc_getFunctionPurgeCachedServers(SMBCCTX *c)
+{
+ return c->callbacks.purge_cached_fn;
+}
+
+/** Set the function to store private data of the server cache */
+void smbc_setServerCacheData(SMBCCTX *c, struct smbc_server_cache * cache)
+{
+ c->internal->server_cache = cache;
+}
+
+/** Get the function to store private data of the server cache */
+struct smbc_server_cache * smbc_getServerCacheData(SMBCCTX *c)
+{
+ return c->internal->server_cache;
+}
+
+
+/**
+ * Set the function for server cache purging. This function tries to
+ * remove all cached servers (e.g. on disconnect)
+ */
+void
+smbc_setFunctionPurgeCachedServers(SMBCCTX *c, smbc_purge_cached_fn fn)
+{
+ c->callbacks.purge_cached_fn = fn;
+}
+
+/**
+ * Callable functions for files.
+ */
+
+smbc_open_fn
+smbc_getFunctionOpen(SMBCCTX *c)
+{
+ return c->open;
+}
+
+void
+smbc_setFunctionOpen(SMBCCTX *c, smbc_open_fn fn)
+{
+ c->open = fn;
+}
+
+smbc_creat_fn
+smbc_getFunctionCreat(SMBCCTX *c)
+{
+ return c->creat;
+}
+
+void
+smbc_setFunctionCreat(SMBCCTX *c, smbc_creat_fn fn)
+{
+ c->creat = fn;
+}
+
+smbc_read_fn
+smbc_getFunctionRead(SMBCCTX *c)
+{
+ return c->read;
+}
+
+void
+smbc_setFunctionRead(SMBCCTX *c, smbc_read_fn fn)
+{
+ c->read = fn;
+}
+
+smbc_write_fn
+smbc_getFunctionWrite(SMBCCTX *c)
+{
+ return c->write;
+}
+
+void
+smbc_setFunctionWrite(SMBCCTX *c, smbc_write_fn fn)
+{
+ c->write = fn;
+}
+
+smbc_splice_fn
+smbc_getFunctionSplice(SMBCCTX *c)
+{
+ return c->internal->smb.splice_fn;
+}
+
+void
+smbc_setFunctionSplice(SMBCCTX *c, smbc_splice_fn fn)
+{
+ c->internal->smb.splice_fn = fn;
+}
+
+smbc_unlink_fn
+smbc_getFunctionUnlink(SMBCCTX *c)
+{
+ return c->unlink;
+}
+
+void
+smbc_setFunctionUnlink(SMBCCTX *c, smbc_unlink_fn fn)
+{
+ c->unlink = fn;
+}
+
+smbc_rename_fn
+smbc_getFunctionRename(SMBCCTX *c)
+{
+ return c->rename;
+}
+
+void
+smbc_setFunctionRename(SMBCCTX *c, smbc_rename_fn fn)
+{
+ c->rename = fn;
+}
+
+smbc_lseek_fn
+smbc_getFunctionLseek(SMBCCTX *c)
+{
+ return c->lseek;
+}
+
+void
+smbc_setFunctionLseek(SMBCCTX *c, smbc_lseek_fn fn)
+{
+ c->lseek = fn;
+}
+
+smbc_stat_fn
+smbc_getFunctionStat(SMBCCTX *c)
+{
+ return c->stat;
+}
+
+void
+smbc_setFunctionStat(SMBCCTX *c, smbc_stat_fn fn)
+{
+ c->stat = fn;
+}
+
+smbc_fstat_fn
+smbc_getFunctionFstat(SMBCCTX *c)
+{
+ return c->fstat;
+}
+
+void
+smbc_setFunctionFstat(SMBCCTX *c, smbc_fstat_fn fn)
+{
+ c->fstat = fn;
+}
+
+smbc_statvfs_fn
+smbc_getFunctionStatVFS(SMBCCTX *c)
+{
+ return c->internal->posix_emu.statvfs_fn;
+}
+
+void
+smbc_setFunctionStatVFS(SMBCCTX *c, smbc_statvfs_fn fn)
+{
+ c->internal->posix_emu.statvfs_fn = fn;
+}
+
+smbc_fstatvfs_fn
+smbc_getFunctionFstatVFS(SMBCCTX *c)
+{
+ return c->internal->posix_emu.fstatvfs_fn;
+}
+
+void
+smbc_setFunctionFstatVFS(SMBCCTX *c, smbc_fstatvfs_fn fn)
+{
+ c->internal->posix_emu.fstatvfs_fn = fn;
+}
+
+smbc_ftruncate_fn
+smbc_getFunctionFtruncate(SMBCCTX *c)
+{
+ return c->internal->posix_emu.ftruncate_fn;
+}
+
+void
+smbc_setFunctionFtruncate(SMBCCTX *c, smbc_ftruncate_fn fn)
+{
+ c->internal->posix_emu.ftruncate_fn = fn;
+}
+
+smbc_close_fn
+smbc_getFunctionClose(SMBCCTX *c)
+{
+ return c->close_fn;
+}
+
+void
+smbc_setFunctionClose(SMBCCTX *c, smbc_close_fn fn)
+{
+ c->close_fn = fn;
+}
+
+
+/**
+ * Callable functions for directories.
+ */
+
+smbc_opendir_fn
+smbc_getFunctionOpendir(SMBCCTX *c)
+{
+ return c->opendir;
+}
+
+void
+smbc_setFunctionOpendir(SMBCCTX *c, smbc_opendir_fn fn)
+{
+ c->opendir = fn;
+}
+
+smbc_closedir_fn
+smbc_getFunctionClosedir(SMBCCTX *c)
+{
+ return c->closedir;
+}
+
+void
+smbc_setFunctionClosedir(SMBCCTX *c, smbc_closedir_fn fn)
+{
+ c->closedir = fn;
+}
+
+smbc_readdir_fn
+smbc_getFunctionReaddir(SMBCCTX *c)
+{
+ return c->readdir;
+}
+
+void
+smbc_setFunctionReaddir(SMBCCTX *c, smbc_readdir_fn fn)
+{
+ c->readdir = fn;
+}
+
+smbc_readdirplus_fn smbc_getFunctionReaddirPlus(SMBCCTX *c)
+{
+ return c->readdirplus;
+}
+
+void smbc_setFunctionReaddirPlus(SMBCCTX *c, smbc_readdirplus_fn fn)
+{
+ c->readdirplus = fn;
+}
+
+smbc_readdirplus2_fn smbc_getFunctionReaddirPlus2(SMBCCTX *c)
+{
+ return c->readdirplus2;
+}
+
+void smbc_setFunctionReaddirPlus2(SMBCCTX *c, smbc_readdirplus2_fn fn)
+{
+ c->readdirplus2 = fn;
+}
+
+smbc_getdents_fn
+smbc_getFunctionGetdents(SMBCCTX *c)
+{
+ return c->getdents;
+}
+
+void
+smbc_setFunctionGetdents(SMBCCTX *c, smbc_getdents_fn fn)
+{
+ c->getdents = fn;
+}
+
+smbc_mkdir_fn
+smbc_getFunctionMkdir(SMBCCTX *c)
+{
+ return c->mkdir;
+}
+
+void
+smbc_setFunctionMkdir(SMBCCTX *c, smbc_mkdir_fn fn)
+{
+ c->mkdir = fn;
+}
+
+smbc_rmdir_fn
+smbc_getFunctionRmdir(SMBCCTX *c)
+{
+ return c->rmdir;
+}
+
+void
+smbc_setFunctionRmdir(SMBCCTX *c, smbc_rmdir_fn fn)
+{
+ c->rmdir = fn;
+}
+
+smbc_telldir_fn
+smbc_getFunctionTelldir(SMBCCTX *c)
+{
+ return c->telldir;
+}
+
+void
+smbc_setFunctionTelldir(SMBCCTX *c, smbc_telldir_fn fn)
+{
+ c->telldir = fn;
+}
+
+smbc_lseekdir_fn
+smbc_getFunctionLseekdir(SMBCCTX *c)
+{
+ return c->lseekdir;
+}
+
+void
+smbc_setFunctionLseekdir(SMBCCTX *c, smbc_lseekdir_fn fn)
+{
+ c->lseekdir = fn;
+}
+
+smbc_fstatdir_fn
+smbc_getFunctionFstatdir(SMBCCTX *c)
+{
+ return c->fstatdir;
+}
+
+void
+smbc_setFunctionFstatdir(SMBCCTX *c, smbc_fstatdir_fn fn)
+{
+ c->fstatdir = fn;
+}
+
+smbc_notify_fn
+smbc_getFunctionNotify(SMBCCTX *c)
+{
+ return c->internal->smb.notify_fn;
+}
+
+void
+smbc_setFunctionNotify(SMBCCTX *c, smbc_notify_fn fn)
+{
+ c->internal->smb.notify_fn = fn;
+}
+
+
+/**
+ * Callable functions applicable to both files and directories.
+ */
+
+smbc_chmod_fn
+smbc_getFunctionChmod(SMBCCTX *c)
+{
+ return c->chmod;
+}
+
+void
+smbc_setFunctionChmod(SMBCCTX *c, smbc_chmod_fn fn)
+{
+ c->chmod = fn;
+}
+
+smbc_utimes_fn
+smbc_getFunctionUtimes(SMBCCTX *c)
+{
+ return c->utimes;
+}
+
+void
+smbc_setFunctionUtimes(SMBCCTX *c, smbc_utimes_fn fn)
+{
+ c->utimes = fn;
+}
+
+smbc_setxattr_fn
+smbc_getFunctionSetxattr(SMBCCTX *c)
+{
+ return c->setxattr;
+}
+
+void
+smbc_setFunctionSetxattr(SMBCCTX *c, smbc_setxattr_fn fn)
+{
+ c->setxattr = fn;
+}
+
+smbc_getxattr_fn
+smbc_getFunctionGetxattr(SMBCCTX *c)
+{
+ return c->getxattr;
+}
+
+void
+smbc_setFunctionGetxattr(SMBCCTX *c, smbc_getxattr_fn fn)
+{
+ c->getxattr = fn;
+}
+
+smbc_removexattr_fn
+smbc_getFunctionRemovexattr(SMBCCTX *c)
+{
+ return c->removexattr;
+}
+
+void
+smbc_setFunctionRemovexattr(SMBCCTX *c, smbc_removexattr_fn fn)
+{
+ c->removexattr = fn;
+}
+
+smbc_listxattr_fn
+smbc_getFunctionListxattr(SMBCCTX *c)
+{
+ return c->listxattr;
+}
+
+void
+smbc_setFunctionListxattr(SMBCCTX *c, smbc_listxattr_fn fn)
+{
+ c->listxattr = fn;
+}
+
+
+/**
+ * Callable functions related to printing
+ */
+
+smbc_print_file_fn
+smbc_getFunctionPrintFile(SMBCCTX *c)
+{
+ return c->print_file;
+}
+
+void
+smbc_setFunctionPrintFile(SMBCCTX *c, smbc_print_file_fn fn)
+{
+ c->print_file = fn;
+}
+
+smbc_open_print_job_fn
+smbc_getFunctionOpenPrintJob(SMBCCTX *c)
+{
+ return c->open_print_job;
+}
+
+void
+smbc_setFunctionOpenPrintJob(SMBCCTX *c,
+ smbc_open_print_job_fn fn)
+{
+ c->open_print_job = fn;
+}
+
+smbc_list_print_jobs_fn
+smbc_getFunctionListPrintJobs(SMBCCTX *c)
+{
+ return c->list_print_jobs;
+}
+
+void
+smbc_setFunctionListPrintJobs(SMBCCTX *c,
+ smbc_list_print_jobs_fn fn)
+{
+ c->list_print_jobs = fn;
+}
+
+smbc_unlink_print_job_fn
+smbc_getFunctionUnlinkPrintJob(SMBCCTX *c)
+{
+ return c->unlink_print_job;
+}
+
+void
+smbc_setFunctionUnlinkPrintJob(SMBCCTX *c,
+ smbc_unlink_print_job_fn fn)
+{
+ c->unlink_print_job = fn;
+}
+
diff --git a/source3/libsmb/libsmb_stat.c b/source3/libsmb/libsmb_stat.c
new file mode 100644
index 0000000..ae18f59
--- /dev/null
+++ b/source3/libsmb/libsmb_stat.c
@@ -0,0 +1,538 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+#include "../libcli/smb/smbXcli_base.h"
+#include "lib/util/time.h"
+
+/*
+ * Generate an inode number from file name for those things that need it
+ */
+
+static ino_t generate_inode(const char *name)
+{
+ if (name == NULL) {
+ return (ino_t)-1;
+ }
+ return (ino_t)str_checksum(name);
+}
+
+/*
+ * Routine to put basic stat info into a stat structure ... Used by stat and
+ * fstat below.
+ */
+
+void setup_stat(struct stat *st,
+ const char *fname,
+ off_t size,
+ int attr,
+ ino_t ino,
+ dev_t dev,
+ struct timespec access_time_ts,
+ struct timespec change_time_ts,
+ struct timespec write_time_ts)
+{
+ st->st_mode = 0;
+
+ if (attr & FILE_ATTRIBUTE_DIRECTORY) {
+ st->st_mode = (S_IFDIR | 0555);
+ } else {
+ st->st_mode = (S_IFREG | 0444);
+ }
+
+ if (attr & FILE_ATTRIBUTE_ARCHIVE) {
+ st->st_mode |= S_IXUSR;
+ }
+ if (attr & FILE_ATTRIBUTE_SYSTEM) {
+ st->st_mode |= S_IXGRP;
+ }
+ if (attr & FILE_ATTRIBUTE_HIDDEN) {
+ st->st_mode |= S_IXOTH;
+ }
+ if (!(attr & FILE_ATTRIBUTE_READONLY)) {
+ st->st_mode |= S_IWUSR;
+ }
+
+ st->st_size = size;
+#ifdef HAVE_STAT_ST_BLKSIZE
+ st->st_blksize = 512;
+#endif
+#ifdef HAVE_STAT_ST_BLOCKS
+ st->st_blocks = (size+511)/512;
+#endif
+#ifdef HAVE_STRUCT_STAT_ST_RDEV
+ st->st_rdev = 0;
+#endif
+ st->st_uid = getuid();
+ st->st_gid = getgid();
+
+ if (attr & FILE_ATTRIBUTE_DIRECTORY) {
+ st->st_nlink = 2;
+ } else {
+ st->st_nlink = 1;
+ }
+
+ if (ino != 0) {
+ st->st_ino = ino;
+ } else {
+ st->st_ino = generate_inode(fname);
+ }
+
+ st->st_dev = dev;
+
+ st->st_atime = access_time_ts.tv_sec;
+ set_atimensec(st, access_time_ts.tv_nsec);
+
+ st->st_ctime = change_time_ts.tv_sec;
+ set_ctimensec(st, change_time_ts.tv_nsec);
+
+ st->st_mtime = write_time_ts.tv_sec;
+ set_mtimensec(st, write_time_ts.tv_nsec);
+}
+
+void setup_stat_from_stat_ex(const struct stat_ex *stex,
+ const char *fname,
+ struct stat *st)
+{
+ st->st_atime = stex->st_ex_atime.tv_sec;
+ set_atimensec(st, stex->st_ex_atime.tv_nsec);
+
+ st->st_ctime = stex->st_ex_ctime.tv_sec;
+ set_ctimensec(st, stex->st_ex_ctime.tv_nsec);
+
+ st->st_mtime = stex->st_ex_mtime.tv_sec;
+ set_mtimensec(st, stex->st_ex_mtime.tv_nsec);
+
+ st->st_mode = stex->st_ex_mode;
+ st->st_size = stex->st_ex_size;
+#ifdef HAVE_STAT_ST_BLKSIZE
+ st->st_blksize = 512;
+#endif
+#ifdef HAVE_STAT_ST_BLOCKS
+ st->st_blocks = (st->st_size + 511) / 512;
+#endif
+#ifdef HAVE_STRUCT_STAT_ST_RDEV
+ st->st_rdev = 0;
+#endif
+ st->st_uid = stex->st_ex_uid;
+ st->st_gid = stex->st_ex_gid;
+
+ st->st_nlink = stex->st_ex_nlink;
+
+ if (stex->st_ex_ino == 0) {
+ st->st_ino = 0;
+ if (fname != NULL) {
+ st->st_ino = generate_inode(fname);
+ }
+ } else {
+ st->st_ino = stex->st_ex_ino;
+ }
+
+ st->st_dev = stex->st_ex_dev;
+
+}
+
+/*
+ * Routine to stat a file given a name
+ */
+
+int
+SMBC_stat_ctx(SMBCCTX *context,
+ const char *fname,
+ struct stat *st)
+{
+ SMBCSRV *srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ uint16_t port = 0;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_stat(%s)\n", fname));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ status = SMBC_getatr(context, srv, path, st);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+/*
+ * Routine to stat a file given an fd
+ */
+
+int
+SMBC_fstat_ctx(SMBCCTX *context,
+ SMBCFILE *file,
+ struct stat *st)
+{
+ struct timespec change_time_ts;
+ struct timespec access_time_ts;
+ struct timespec write_time_ts;
+ off_t size;
+ uint32_t attr;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *path = NULL;
+ char *targetpath = NULL;
+ struct cli_state *targetcli = NULL;
+ SMB_INO_T ino = 0;
+ uint16_t port = 0;
+ struct cli_credentials *creds = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!SMBC_dlist_contains(context->internal->files, file)) {
+ errno = EBADF;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!file->file) {
+ TALLOC_FREE(frame);
+ return smbc_getFunctionFstatdir(context)(context, file, st);
+ }
+
+ /*d_printf(">>>fstat: parsing %s\n", file->fname);*/
+ if (SMBC_parse_path(frame,
+ context,
+ file->fname,
+ NULL,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ creds = context->internal->creds;
+
+ /*d_printf(">>>fstat: resolving %s\n", path);*/
+ status = cli_resolve_path(frame, "",
+ creds,
+ file->srv->cli, path,
+ &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("Could not resolve %s\n", path);
+ errno = ENOENT;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ /*d_printf(">>>fstat: resolved path as %s\n", targetpath);*/
+
+ if (!NT_STATUS_IS_OK(cli_qfileinfo_basic(
+ targetcli, file->cli_fd, &attr, &size,
+ NULL,
+ &access_time_ts,
+ &write_time_ts,
+ &change_time_ts,
+ &ino))) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ setup_stat(st,
+ path,
+ size,
+ attr,
+ ino,
+ file->srv->dev,
+ access_time_ts,
+ change_time_ts,
+ write_time_ts);
+
+ TALLOC_FREE(frame);
+ return 0;
+}
+
+
+/*
+ * Routine to obtain file system information given a path
+ */
+int
+SMBC_statvfs_ctx(SMBCCTX *context,
+ char *path,
+ struct statvfs *st)
+{
+ int ret;
+ bool bIsDir;
+ struct stat statbuf;
+ SMBCFILE * pFile;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /* Determine if the provided path is a file or a folder */
+ if (SMBC_stat_ctx(context, path, &statbuf) < 0) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ /* Is it a file or a directory? */
+ if (S_ISDIR(statbuf.st_mode)) {
+ /* It's a directory. */
+ if ((pFile = SMBC_opendir_ctx(context, path)) == NULL) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ bIsDir = true;
+ } else if (S_ISREG(statbuf.st_mode)) {
+ /* It's a file. */
+ if ((pFile = SMBC_open_ctx(context, path,
+ O_RDONLY, 0)) == NULL) {
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ bIsDir = false;
+ } else {
+ /* It's neither a file nor a directory. Not supported. */
+ TALLOC_FREE(frame);
+ errno = ENOSYS;
+ return -1;
+ }
+
+ /* Now we have an open file handle, so just use SMBC_fstatvfs */
+ ret = SMBC_fstatvfs_ctx(context, pFile, st);
+
+ /* Close the file or directory */
+ if (bIsDir) {
+ SMBC_closedir_ctx(context, pFile);
+ } else {
+ SMBC_close_ctx(context, pFile);
+ }
+
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+
+/*
+ * Routine to obtain file system information given an fd
+ */
+
+int
+SMBC_fstatvfs_ctx(SMBCCTX *context,
+ SMBCFILE *file,
+ struct statvfs *st)
+{
+ unsigned long flags = 0;
+ uint32_t fs_attrs = 0;
+ struct cli_state *cli = file->srv->cli;
+ struct smbXcli_tcon *tcon;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
+ tcon = cli->smb2.tcon;
+ } else {
+ tcon = cli->smb1.tcon;
+ }
+
+ /* Initialize all fields (at least until we actually use them) */
+ ZERO_STRUCTP(st);
+
+ /*
+ * The state of each flag is such that the same bits are unset as
+ * would typically be unset on a local file system on a POSIX OS. Thus
+ * the bit is on, for example, only for case-insensitive file systems
+ * since most POSIX file systems are case sensitive and fstatvfs()
+ * would typically return zero in these bits on such a local file
+ * system.
+ */
+
+ /* See if the server has UNIX CIFS support */
+ if (! SERVER_HAS_UNIX_CIFS(cli)) {
+ uint64_t total_allocation_units;
+ uint64_t caller_allocation_units;
+ uint64_t actual_allocation_units;
+ uint64_t sectors_per_allocation_unit;
+ uint64_t bytes_per_sector;
+ NTSTATUS status;
+
+ /* Nope. If size data is available... */
+ status = cli_get_fs_full_size_info(cli,
+ &total_allocation_units,
+ &caller_allocation_units,
+ &actual_allocation_units,
+ &sectors_per_allocation_unit,
+ &bytes_per_sector);
+ if (NT_STATUS_IS_OK(status)) {
+
+ /* ... then provide it */
+ st->f_bsize =
+ (unsigned long) bytes_per_sector;
+#ifdef HAVE_FRSIZE
+ st->f_frsize =
+ (unsigned long) sectors_per_allocation_unit;
+#endif
+ st->f_blocks =
+ (fsblkcnt_t) total_allocation_units;
+ st->f_bfree =
+ (fsblkcnt_t) actual_allocation_units;
+ st->f_bavail =
+ (fsblkcnt_t) caller_allocation_units;
+ }
+
+ flags |= SMBC_VFS_FEATURE_NO_UNIXCIFS;
+ } else {
+ uint32_t optimal_transfer_size;
+ uint32_t block_size;
+ uint64_t total_blocks;
+ uint64_t blocks_available;
+ uint64_t user_blocks_available;
+ uint64_t total_file_nodes;
+ uint64_t free_file_nodes;
+ uint64_t fs_identifier;
+ NTSTATUS status;
+
+ /* Has UNIXCIFS. If POSIX filesystem info is available... */
+ status = cli_get_posix_fs_info(cli,
+ &optimal_transfer_size,
+ &block_size,
+ &total_blocks,
+ &blocks_available,
+ &user_blocks_available,
+ &total_file_nodes,
+ &free_file_nodes,
+ &fs_identifier);
+ if (NT_STATUS_IS_OK(status)) {
+
+ /* ... then what's provided here takes precedence. */
+ st->f_bsize =
+ (unsigned long) block_size;
+ st->f_blocks =
+ (fsblkcnt_t) total_blocks;
+ st->f_bfree =
+ (fsblkcnt_t) blocks_available;
+ st->f_bavail =
+ (fsblkcnt_t) user_blocks_available;
+ st->f_files =
+ (fsfilcnt_t) total_file_nodes;
+ st->f_ffree =
+ (fsfilcnt_t) free_file_nodes;
+#ifdef HAVE_FSID_INT
+ st->f_fsid =
+ (unsigned long) fs_identifier;
+#endif
+ }
+ }
+
+ /* See if the share is case sensitive */
+ if (!NT_STATUS_IS_OK(cli_get_fs_attr_info(cli, &fs_attrs))) {
+ /*
+ * We can't determine the case sensitivity of
+ * the share. We have no choice but to use the
+ * user-specified case sensitivity setting.
+ */
+ if (! smbc_getOptionCaseSensitive(context)) {
+ flags |= SMBC_VFS_FEATURE_CASE_INSENSITIVE;
+ }
+ } else {
+ if (! (fs_attrs & FILE_CASE_SENSITIVE_SEARCH)) {
+ flags |= SMBC_VFS_FEATURE_CASE_INSENSITIVE;
+ }
+ }
+
+ /* See if DFS is supported */
+ if (smbXcli_conn_dfs_supported(cli->conn) &&
+ smbXcli_tcon_is_dfs_share(tcon))
+ {
+ flags |= SMBC_VFS_FEATURE_DFS;
+ }
+
+#if defined(HAVE_STATVFS_F_FLAG)
+ st->f_flag = flags;
+#elif defined(HAVE_STATVFS_F_FLAGS)
+ st->f_flags = flags;
+#endif
+
+ TALLOC_FREE(frame);
+ return 0;
+}
diff --git a/source3/libsmb/libsmb_thread_impl.c b/source3/libsmb/libsmb_thread_impl.c
new file mode 100644
index 0000000..8b5d859
--- /dev/null
+++ b/source3/libsmb/libsmb_thread_impl.c
@@ -0,0 +1,127 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Derrell Lipman 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+
+
+/**
+ * Initialize for an arbitrary thread implementation. The caller should
+ * provide, as parameters, pointers to functions to implement the requisite
+ * low-level thread functionality. A function must be provided for each
+ * parameter; none may be null.
+ *
+ * If the thread implementation is POSIX Threads (pthreads), then the much
+ * simpler smbc_thread_pthread() function may be used instead of this one.
+ *
+ * @param create_mutex
+ * Create a mutex. This function should expect three parameters: lockname,
+ * pplock, and location. It should create a unique mutex for each unique
+ * lockname it is provided, and return the mutex identifier in *pplock. The
+ * location parameter can be used for debugging, as it contains the
+ * compiler-provided __location__ of the call.
+ *
+ * @param destroy_mutex
+ * Destroy a mutex. This function should expect two parameters: plock and
+ * location. It should destroy the mutex associated with the identifier
+ * plock. The location parameter can be used for debugging, as it contains
+ * the compiler-provided __location__ of the call.
+ *
+ * @param lock_mutex
+ * Lock a mutex. This function should expect three parameters: plock,
+ * lock_type, and location. The mutex associated with identifier plock
+ * should be locked if lock_type is 1, and unlocked if lock_type is 2. The
+ * location parameter can be used for debugging, as it contains the
+ * compiler-provided __location__ of the call.
+ *
+ * @param create_tls
+ * Create thread local storage. This function should expect three
+ * parameters: keyname, ppkey, and location. It should allocate an
+ * implementation-specific amount of memory and assign the pointer to that
+ * allocated memory to *ppkey. The location parameter can be used for
+ * debugging, as it contains the compiler-provided __location__ of the
+ * call. This function should return 0 upon success, non-zero upon failure.
+ *
+ * @param destroy_tls
+ * Destroy thread local storage. This function should expect two parameters:
+ * ppkey and location. The ppkey parameter points to a variable containing a
+ * thread local storage key previously provided by the create_tls
+ * function. The location parameter can be used for debugging, as it
+ * contains the compiler-provided __location__ of the call.
+ *
+ * @param set_tls
+ * Set a thread local storage variable's value. This function should expect
+ * three parameters: pkey, pval, and location. The pkey parameter is a
+ * thread local storage key previously provided by the create_tls
+ * function. The (void *) pval parameter contains the value to be placed in
+ * the thread local storage variable identified by pkey. The location
+ * parameter can be used for debugging, as it contains the compiler-provided
+ * __location__ of the call. This function should return 0 upon success;
+ * non-zero otherwise.
+ *
+ * @param get_tls
+ * Retrieve a thread local storage variable's value. This function should
+ * expect two parameters: pkey and location. The pkey parameter is a thread
+ * local storage key previously provided by the create_tls function, and
+ * which has previously been used in a call to the set_tls function to
+ * initialize a thread local storage variable. The location parameter can be
+ * used for debugging, as it contains the compiler-provided __location__ of
+ * the call. This function should return the (void *) value stored in the
+ * variable identified by pkey.
+ *
+ * @return {void}
+ */
+void
+smbc_thread_impl(
+ /* Mutex functions. */
+ int (*create_mutex)(const char *lockname,
+ void **pplock,
+ const char *location),
+ void (*destroy_mutex)(void *plock,
+ const char *location),
+ int (*lock_mutex)(void *plock,
+ int lock_type,
+ const char *location),
+
+ /* Thread local storage. */
+ int (*create_tls)(const char *keyname,
+ void **ppkey,
+ const char *location),
+ void (*destroy_tls)(void **ppkey,
+ const char *location),
+ int (*set_tls)(void *pkey,
+ const void *pval,
+ const char *location),
+ void *(*get_tls)(void *pkey,
+ const char *location)
+ )
+{
+ static struct smb_thread_functions tf;
+
+ tf.create_mutex = create_mutex;
+ tf.destroy_mutex = destroy_mutex;
+ tf.lock_mutex = lock_mutex;
+ tf.create_tls = create_tls;
+ tf.destroy_tls = destroy_tls;
+ tf.set_tls = set_tls;
+ tf.get_tls = get_tls;
+
+ smb_thread_set_functions(&tf);
+}
diff --git a/source3/libsmb/libsmb_thread_posix.c b/source3/libsmb/libsmb_thread_posix.c
new file mode 100644
index 0000000..36afc02
--- /dev/null
+++ b/source3/libsmb/libsmb_thread_posix.c
@@ -0,0 +1,52 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Derrell Lipman 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#ifdef HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+
+
+/* Get rid of the malloc checker */
+#ifdef malloc
+#undef malloc
+#endif
+
+/*
+ * Define the functions which implement the pthread interface
+ */
+SMB_THREADS_DEF_PTHREAD_IMPLEMENTATION(tf);
+
+
+/**
+ * Initialize for threads using the Posix Threads (pthread)
+ * implementation. This is a built-in implementation, avoiding the need to
+ * implement the component functions of the thread interface. If this function
+ * is used, it is not necessary to call smbc_thread_impl().
+ *
+ * @return {void}
+ */
+void
+smbc_thread_posix(void)
+{
+ smb_thread_set_functions(&tf);
+}
diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c
new file mode 100644
index 0000000..dcb2f9e
--- /dev/null
+++ b/source3/libsmb/libsmb_xattr.c
@@ -0,0 +1,2406 @@
+/*
+ Unix SMB/Netbios implementation.
+ SMB client library implementation
+ Copyright (C) Andrew Tridgell 1998
+ Copyright (C) Richard Sharpe 2000, 2002
+ Copyright (C) John Terpstra 2000
+ Copyright (C) Tom Jansen (Ninja ISD) 2002
+ Copyright (C) Derrell Lipman 2003-2008
+ Copyright (C) Jeremy Allison 2007, 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/libsmb.h"
+#include "libsmbclient.h"
+#include "libsmb_internal.h"
+#include "../librpc/gen_ndr/ndr_lsa.h"
+#include "rpc_client/rpc_client.h"
+#include "rpc_client/cli_lsarpc.h"
+#include "../libcli/security/security.h"
+#include "lib/util/string_wrappers.h"
+
+/*
+ * Find an lsa pipe handle associated with a cli struct.
+ */
+static struct rpc_pipe_client *
+find_lsa_pipe_hnd(struct cli_state *ipc_cli)
+{
+ struct rpc_pipe_client *pipe_hnd;
+
+ for (pipe_hnd = ipc_cli->pipe_list;
+ pipe_hnd;
+ pipe_hnd = pipe_hnd->next) {
+ if (ndr_syntax_id_equal(&pipe_hnd->abstract_syntax,
+ &ndr_table_lsarpc.syntax_id)) {
+ return pipe_hnd;
+ }
+ }
+ return NULL;
+}
+
+/*
+ * Sort ACEs according to the documentation at
+ * http://support.microsoft.com/kb/269175, at least as far as it defines the
+ * order.
+ */
+
+static int
+ace_compare(struct security_ace *ace1,
+ struct security_ace *ace2)
+{
+ bool b1;
+ bool b2;
+
+ /* If the ACEs are equal, we have nothing more to do. */
+ if (security_ace_equal(ace1, ace2)) {
+ return 0;
+ }
+
+ /* Inherited follow non-inherited */
+ b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
+ b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
+ if (b1 != b2) {
+ return (b1 ? 1 : -1);
+ }
+
+ /*
+ * What shall we do with AUDITs and ALARMs? It's undefined. We'll
+ * sort them after DENY and ALLOW.
+ */
+ b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+ ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
+ ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
+ ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+ b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+ ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
+ ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
+ ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+ if (b1 != b2) {
+ return (b1 ? 1 : -1);
+ }
+
+ /* Allowed ACEs follow denied ACEs */
+ b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
+ ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
+ b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
+ ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
+ if (b1 != b2) {
+ return (b1 ? 1 : -1);
+ }
+
+ /*
+ * ACEs applying to an entity's object follow those applying to the
+ * entity itself
+ */
+ b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+ ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+ b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+ ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+ if (b1 != b2) {
+ return (b1 ? 1 : -1);
+ }
+
+ /*
+ * If we get this far, the ACEs are similar as far as the
+ * characteristics we typically care about (those defined by the
+ * referenced MS document). We'll now sort by characteristics that
+ * just seems reasonable.
+ */
+
+ if (ace1->type != ace2->type) {
+ return ace2->type - ace1->type;
+ }
+
+ if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
+ return dom_sid_compare(&ace1->trustee, &ace2->trustee);
+ }
+
+ if (ace1->flags != ace2->flags) {
+ return ace1->flags - ace2->flags;
+ }
+
+ if (ace1->access_mask != ace2->access_mask) {
+ return ace1->access_mask - ace2->access_mask;
+ }
+
+ if (ace1->size != ace2->size) {
+ return ace1->size - ace2->size;
+ }
+
+ return memcmp(ace1, ace2, sizeof(struct security_ace));
+}
+
+
+static void
+sort_acl(struct security_acl *the_acl)
+{
+ uint32_t i;
+ if (!the_acl) return;
+
+ TYPESAFE_QSORT(the_acl->aces, the_acl->num_aces, ace_compare);
+
+ for (i=1;i<the_acl->num_aces;) {
+ if (security_ace_equal(&the_acl->aces[i-1],
+ &the_acl->aces[i])) {
+ ARRAY_DEL_ELEMENT(
+ the_acl->aces, i, the_acl->num_aces);
+ the_acl->num_aces--;
+ } else {
+ i++;
+ }
+ }
+}
+
+/* convert a SID to a string, either numeric or username/group */
+static void
+convert_sid_to_string(struct cli_state *ipc_cli,
+ struct policy_handle *pol,
+ fstring str,
+ bool numeric,
+ struct dom_sid *sid)
+{
+ char **domains = NULL;
+ char **names = NULL;
+ enum lsa_SidType *types = NULL;
+ struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
+ TALLOC_CTX *ctx;
+
+ sid_to_fstring(str, sid);
+
+ if (numeric) {
+ return; /* no lookup desired */
+ }
+
+ if (!pipe_hnd) {
+ return;
+ }
+
+ /* Ask LSA to convert the sid to a name */
+
+ ctx = talloc_stackframe();
+
+ if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_sids(pipe_hnd, ctx,
+ pol, 1, sid, &domains,
+ &names, &types)) ||
+ !domains || !domains[0] || !names || !names[0]) {
+ TALLOC_FREE(ctx);
+ return;
+ }
+
+ /* Converted OK */
+
+ fstr_sprintf(str, "%s%s%s",
+ domains[0], lp_winbind_separator(), names[0]);
+
+ TALLOC_FREE(ctx);
+}
+
+/* convert a string to a SID, either numeric or username/group */
+static bool
+convert_string_to_sid(struct cli_state *ipc_cli,
+ struct policy_handle *pol,
+ bool numeric,
+ struct dom_sid *sid,
+ const char *str)
+{
+ enum lsa_SidType *types = NULL;
+ struct dom_sid *sids = NULL;
+ bool result = True;
+ TALLOC_CTX *ctx = NULL;
+ struct rpc_pipe_client *pipe_hnd = find_lsa_pipe_hnd(ipc_cli);
+
+ if (!pipe_hnd) {
+ return False;
+ }
+
+ if (numeric) {
+ if (strncmp(str, "S-", 2) == 0) {
+ return string_to_sid(sid, str);
+ }
+
+ result = False;
+ goto done;
+ }
+
+ ctx = talloc_stackframe();
+ if (!NT_STATUS_IS_OK(rpccli_lsa_lookup_names(pipe_hnd, ctx,
+ pol, 1, &str,
+ NULL, 1, &sids,
+ &types))) {
+ result = False;
+ goto done;
+ }
+
+ sid_copy(sid, &sids[0]);
+done:
+ TALLOC_FREE(ctx);
+ return result;
+}
+
+
+/* parse an struct security_ace in the same format as print_ace() */
+static bool
+parse_ace(struct cli_state *ipc_cli,
+ struct policy_handle *pol,
+ struct security_ace *ace,
+ bool numeric,
+ char *str)
+{
+ char *p;
+ const char *cp;
+ char *tok;
+ unsigned int atype;
+ unsigned int aflags;
+ unsigned int amask;
+ struct dom_sid sid;
+ uint32_t mask;
+ struct perm_value {
+ const char perm[7];
+ uint32_t mask;
+ };
+ size_t i;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ /* These values discovered by inspection */
+ static const struct perm_value special_values[] = {
+ { "R", 0x00120089 },
+ { "W", 0x00120116 },
+ { "X", 0x001200a0 },
+ { "D", 0x00010000 },
+ { "P", 0x00040000 },
+ { "O", 0x00080000 },
+ };
+
+ static const struct perm_value standard_values[] = {
+ { "READ", 0x001200a9 },
+ { "CHANGE", 0x001301bf },
+ { "FULL", 0x001f01ff },
+ };
+
+ ZERO_STRUCTP(ace);
+ p = strchr_m(str,':');
+ if (!p) {
+ TALLOC_FREE(frame);
+ return False;
+ }
+ *p = '\0';
+ p++;
+ /* Try to parse numeric form */
+
+ if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
+ convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
+ goto done;
+ }
+
+ /* Try to parse text form */
+
+ if (!convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ cp = p;
+ if (!next_token_talloc(frame, &cp, &tok, "/")) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ if (strncasecmp_m(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
+ atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ } else if (strncasecmp_m(tok, "DENIED", strlen("DENIED")) == 0) {
+ atype = SEC_ACE_TYPE_ACCESS_DENIED;
+ } else {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ /* Only numeric form accepted for flags at present */
+
+ if (!(next_token_talloc(frame, &cp, &tok, "/") &&
+ sscanf(tok, "%u", &aflags))) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ if (!next_token_talloc(frame, &cp, &tok, "/")) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ if (strncmp(tok, "0x", 2) == 0) {
+ if (sscanf(tok, "%u", &amask) != 1) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+ goto done;
+ }
+
+ for (i = 0; i < ARRAY_SIZE(standard_values); i++) {
+ const struct perm_value *v = &standard_values[i];
+ if (strcmp(tok, v->perm) == 0) {
+ amask = v->mask;
+ goto done;
+ }
+ }
+
+ p = tok;
+
+ while(*p) {
+ bool found = False;
+
+ for (i = 0; i < ARRAY_SIZE(special_values); i++) {
+ const struct perm_value *v = &special_values[i];
+ if (v->perm[0] == *p) {
+ amask |= v->mask;
+ found = True;
+ }
+ }
+
+ if (!found) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+ p++;
+ }
+
+ if (*p) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+done:
+ mask = amask;
+ init_sec_ace(ace, &sid, atype, mask, aflags);
+ TALLOC_FREE(frame);
+ return true;
+}
+
+/* add an struct security_ace to a list of struct security_aces in a struct security_acl */
+static bool
+add_ace(struct security_acl **the_acl,
+ const struct security_ace *ace,
+ TALLOC_CTX *ctx)
+{
+ struct security_acl *acl = *the_acl;
+
+ if (acl == NULL) {
+ acl = make_sec_acl(ctx, 3, 0, NULL);
+ if (acl == NULL) {
+ return false;
+ }
+ }
+
+ if (acl->num_aces == UINT32_MAX) {
+ return false;
+ }
+ ADD_TO_ARRAY(
+ acl, struct security_ace, *ace, &acl->aces, &acl->num_aces);
+ *the_acl = acl;
+ return True;
+}
+
+
+/* parse a ascii version of a security descriptor */
+static struct security_descriptor *
+sec_desc_parse(TALLOC_CTX *ctx,
+ struct cli_state *ipc_cli,
+ struct policy_handle *pol,
+ bool numeric,
+ const char *str)
+{
+ const char *p = str;
+ char *tok;
+ struct security_descriptor *ret = NULL;
+ size_t sd_size;
+ struct dom_sid owner_sid = { .num_auths = 0 };
+ struct dom_sid group_sid = { .num_auths = 0 };
+ bool have_owner = false, have_group = false;
+ struct security_acl *dacl=NULL;
+ int revision=1;
+
+ while (next_token_talloc(ctx, &p, &tok, "\t,\r\n")) {
+
+ if (strncasecmp_m(tok,"REVISION:", 9) == 0) {
+ revision = strtol(tok+9, NULL, 16);
+ continue;
+ }
+
+ if (strncasecmp_m(tok,"OWNER:", 6) == 0) {
+ if (have_owner) {
+ DEBUG(5,("OWNER specified more than once!\n"));
+ goto done;
+ }
+ if (!convert_string_to_sid(ipc_cli, pol,
+ numeric,
+ &owner_sid, tok+6)) {
+ DEBUG(5, ("Failed to parse owner sid\n"));
+ goto done;
+ }
+ have_owner = true;
+ continue;
+ }
+
+ if (strncasecmp_m(tok,"OWNER+:", 7) == 0) {
+ if (have_owner) {
+ DEBUG(5,("OWNER specified more than once!\n"));
+ goto done;
+ }
+ if (!convert_string_to_sid(ipc_cli, pol,
+ False,
+ &owner_sid, tok+7)) {
+ DEBUG(5, ("Failed to parse owner sid\n"));
+ goto done;
+ }
+ have_owner = true;
+ continue;
+ }
+
+ if (strncasecmp_m(tok,"GROUP:", 6) == 0) {
+ if (have_group) {
+ DEBUG(5,("GROUP specified more than once!\n"));
+ goto done;
+ }
+ if (!convert_string_to_sid(ipc_cli, pol,
+ numeric,
+ &group_sid, tok+6)) {
+ DEBUG(5, ("Failed to parse group sid\n"));
+ goto done;
+ }
+ have_group = true;
+ continue;
+ }
+
+ if (strncasecmp_m(tok,"GROUP+:", 7) == 0) {
+ if (have_group) {
+ DEBUG(5,("GROUP specified more than once!\n"));
+ goto done;
+ }
+ if (!convert_string_to_sid(ipc_cli, pol,
+ False,
+ &group_sid, tok+6)) {
+ DEBUG(5, ("Failed to parse group sid\n"));
+ goto done;
+ }
+ have_group = true;
+ continue;
+ }
+
+ if (strncasecmp_m(tok,"ACL:", 4) == 0) {
+ struct security_ace ace;
+ if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) {
+ DEBUG(5, ("Failed to parse ACL %s\n", tok));
+ goto done;
+ }
+ if(!add_ace(&dacl, &ace, ctx)) {
+ DEBUG(5, ("Failed to add ACL %s\n", tok));
+ goto done;
+ }
+ continue;
+ }
+
+ if (strncasecmp_m(tok,"ACL+:", 5) == 0) {
+ struct security_ace ace;
+ if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) {
+ DEBUG(5, ("Failed to parse ACL %s\n", tok));
+ goto done;
+ }
+ if(!add_ace(&dacl, &ace, ctx)) {
+ DEBUG(5, ("Failed to add ACL %s\n", tok));
+ goto done;
+ }
+ continue;
+ }
+
+ DEBUG(5, ("Failed to parse security descriptor\n"));
+ goto done;
+ }
+
+ ret = make_sec_desc(
+ ctx,
+ revision,
+ SEC_DESC_SELF_RELATIVE,
+ have_owner ? &owner_sid : NULL,
+ have_group ? &group_sid : NULL,
+ NULL,
+ dacl,
+ &sd_size);
+
+done:
+ return ret;
+}
+
+
+/* Obtain the current dos attributes */
+static struct DOS_ATTR_DESC *
+dos_attr_query(SMBCCTX *context,
+ TALLOC_CTX *ctx,
+ const char *filename,
+ SMBCSRV *srv)
+{
+ struct stat sb = {0};
+ struct DOS_ATTR_DESC *ret = NULL;
+ NTSTATUS status;
+
+ ret = talloc(ctx, struct DOS_ATTR_DESC);
+ if (!ret) {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ /* Obtain the DOS attributes */
+ status = SMBC_getatr(context, srv, filename, &sb);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("dos_attr_query Failed to query old attributes\n"));
+ TALLOC_FREE(ret);
+ errno = cli_status_to_errno(status);
+ return NULL;
+ }
+
+ ret->mode = sb.st_mode;
+ ret->size = sb.st_size;
+ ret->create_time = sb.st_ctime;
+ ret->access_time = sb.st_atime;
+ ret->write_time = sb.st_mtime;
+ ret->change_time = sb.st_mtime;
+ ret->inode = sb.st_ino;
+
+ return ret;
+}
+
+
+/* parse a ascii version of a security descriptor */
+static void
+dos_attr_parse(SMBCCTX *context,
+ struct DOS_ATTR_DESC *dad,
+ SMBCSRV *srv,
+ char *str)
+{
+ int n;
+ const char *p = str;
+ char *tok = NULL;
+ TALLOC_CTX *frame = NULL;
+ struct {
+ const char * create_time_attr;
+ const char * access_time_attr;
+ const char * write_time_attr;
+ const char * change_time_attr;
+ } attr_strings;
+
+ /* Determine whether to use old-style or new-style attribute names */
+ if (context->internal->full_time_names) {
+ /* new-style names */
+ attr_strings.create_time_attr = "CREATE_TIME";
+ attr_strings.access_time_attr = "ACCESS_TIME";
+ attr_strings.write_time_attr = "WRITE_TIME";
+ attr_strings.change_time_attr = "CHANGE_TIME";
+ } else {
+ /* old-style names */
+ attr_strings.create_time_attr = NULL;
+ attr_strings.access_time_attr = "A_TIME";
+ attr_strings.write_time_attr = "M_TIME";
+ attr_strings.change_time_attr = "C_TIME";
+ }
+
+ /* if this is to set the entire ACL... */
+ if (*str == '*') {
+ /* ... then increment past the first colon if there is one */
+ if ((p = strchr(str, ':')) != NULL) {
+ ++p;
+ } else {
+ p = str;
+ }
+ }
+
+ frame = talloc_stackframe();
+ while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
+ if (strncasecmp_m(tok, "MODE:", 5) == 0) {
+ long request = strtol(tok+5, NULL, 16);
+ if (request == 0) {
+ dad->mode =
+ (dad->mode & FILE_ATTRIBUTE_DIRECTORY)
+ ? FILE_ATTRIBUTE_DIRECTORY
+ : FILE_ATTRIBUTE_NORMAL;
+ } else {
+ dad->mode = request;
+ }
+ continue;
+ }
+
+ if (strncasecmp_m(tok, "SIZE:", 5) == 0) {
+ dad->size = (off_t)atof(tok+5);
+ continue;
+ }
+
+ n = strlen(attr_strings.access_time_attr);
+ if (strncasecmp_m(tok, attr_strings.access_time_attr, n) == 0) {
+ dad->access_time = (time_t)strtol(tok+n+1, NULL, 10);
+ continue;
+ }
+
+ n = strlen(attr_strings.change_time_attr);
+ if (strncasecmp_m(tok, attr_strings.change_time_attr, n) == 0) {
+ dad->change_time = (time_t)strtol(tok+n+1, NULL, 10);
+ continue;
+ }
+
+ n = strlen(attr_strings.write_time_attr);
+ if (strncasecmp_m(tok, attr_strings.write_time_attr, n) == 0) {
+ dad->write_time = (time_t)strtol(tok+n+1, NULL, 10);
+ continue;
+ }
+
+ if (attr_strings.create_time_attr != NULL) {
+ n = strlen(attr_strings.create_time_attr);
+ if (strncasecmp_m(tok, attr_strings.create_time_attr,
+ n) == 0) {
+ dad->create_time = (time_t)strtol(tok+n+1,
+ NULL, 10);
+ continue;
+ }
+ }
+
+ if (strncasecmp_m(tok, "INODE:", 6) == 0) {
+ dad->inode = (SMB_INO_T)atof(tok+6);
+ continue;
+ }
+ }
+ TALLOC_FREE(frame);
+}
+
+/*****************************************************
+ Retrieve the acls for a file.
+*******************************************************/
+
+static int
+cacl_get(SMBCCTX *context,
+ TALLOC_CTX *ctx,
+ SMBCSRV *srv,
+ struct cli_state *ipc_cli,
+ struct policy_handle *pol,
+ const char *filename,
+ const char *attr_name,
+ char *buf,
+ int bufsize)
+{
+ uint32_t i;
+ int n = 0;
+ int n_used;
+ bool all;
+ bool all_nt;
+ bool all_nt_acls;
+ bool all_dos;
+ bool some_nt;
+ bool some_dos;
+ bool exclude_nt_revision = False;
+ bool exclude_nt_owner = False;
+ bool exclude_nt_group = False;
+ bool exclude_nt_acl = False;
+ bool exclude_dos_mode = False;
+ bool exclude_dos_size = False;
+ bool exclude_dos_create_time = False;
+ bool exclude_dos_access_time = False;
+ bool exclude_dos_write_time = False;
+ bool exclude_dos_change_time = False;
+ bool exclude_dos_inode = False;
+ bool numeric = True;
+ bool determine_size = (bufsize == 0);
+ uint16_t fnum;
+ struct security_descriptor *sd;
+ fstring sidstr;
+ fstring name_sandbox;
+ char *name;
+ char *pExclude;
+ char *p;
+ struct cli_state *cli = srv->cli;
+ struct {
+ const char * create_time_attr;
+ const char * access_time_attr;
+ const char * write_time_attr;
+ const char * change_time_attr;
+ } attr_strings;
+ struct {
+ const char * create_time_attr;
+ const char * access_time_attr;
+ const char * write_time_attr;
+ const char * change_time_attr;
+ } excl_attr_strings;
+
+ /* Determine whether to use old-style or new-style attribute names */
+ if (context->internal->full_time_names) {
+ /* new-style names */
+ attr_strings.create_time_attr = "CREATE_TIME";
+ attr_strings.access_time_attr = "ACCESS_TIME";
+ attr_strings.write_time_attr = "WRITE_TIME";
+ attr_strings.change_time_attr = "CHANGE_TIME";
+
+ excl_attr_strings.create_time_attr = "CREATE_TIME";
+ excl_attr_strings.access_time_attr = "ACCESS_TIME";
+ excl_attr_strings.write_time_attr = "WRITE_TIME";
+ excl_attr_strings.change_time_attr = "CHANGE_TIME";
+ } else {
+ /* old-style names */
+ attr_strings.create_time_attr = NULL;
+ attr_strings.access_time_attr = "A_TIME";
+ attr_strings.write_time_attr = "M_TIME";
+ attr_strings.change_time_attr = "C_TIME";
+
+ excl_attr_strings.create_time_attr = NULL;
+ excl_attr_strings.access_time_attr = "dos_attr.A_TIME";
+ excl_attr_strings.write_time_attr = "dos_attr.M_TIME";
+ excl_attr_strings.change_time_attr = "dos_attr.C_TIME";
+ }
+
+ /* Copy name so we can strip off exclusions (if any are specified) */
+ fstrcpy(name_sandbox, attr_name);
+
+ /* Ensure name is null terminated */
+ name_sandbox[sizeof(name_sandbox) - 1] = '\0';
+
+ /* Play in the sandbox */
+ name = name_sandbox;
+
+ /* If there are any exclusions, point to them and mask them from name */
+ if ((pExclude = strchr(name, '!')) != NULL)
+ {
+ *pExclude++ = '\0';
+ }
+
+ all = (strncasecmp_m(name, "system.*", 8) == 0);
+ all_nt = (strncasecmp_m(name, "system.nt_sec_desc.*", 20) == 0);
+ all_nt_acls = (strncasecmp_m(name, "system.nt_sec_desc.acl.*", 24) == 0);
+ all_dos = (strncasecmp_m(name, "system.dos_attr.*", 17) == 0);
+ some_nt = (strncasecmp_m(name, "system.nt_sec_desc.", 19) == 0);
+ some_dos = (strncasecmp_m(name, "system.dos_attr.", 16) == 0);
+ numeric = (* (name + strlen(name) - 1) != '+');
+
+ /* Look for exclusions from "all" requests */
+ if (all || all_nt || all_dos) {
+ /* Exclusions are delimited by '!' */
+ for (;
+ pExclude != NULL;
+ pExclude = (p == NULL ? NULL : p + 1)) {
+
+ /* Find end of this exclusion name */
+ if ((p = strchr(pExclude, '!')) != NULL)
+ {
+ *p = '\0';
+ }
+
+ /* Which exclusion name is this? */
+ if (strcasecmp_m(pExclude,
+ "nt_sec_desc.revision") == 0) {
+ exclude_nt_revision = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ "nt_sec_desc.owner") == 0) {
+ exclude_nt_owner = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ "nt_sec_desc.group") == 0) {
+ exclude_nt_group = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ "nt_sec_desc.acl") == 0) {
+ exclude_nt_acl = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ "dos_attr.mode") == 0) {
+ exclude_dos_mode = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ "dos_attr.size") == 0) {
+ exclude_dos_size = True;
+ }
+ else if (excl_attr_strings.create_time_attr != NULL &&
+ strcasecmp_m(pExclude,
+ excl_attr_strings.change_time_attr) == 0) {
+ exclude_dos_create_time = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ excl_attr_strings.access_time_attr) == 0) {
+ exclude_dos_access_time = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ excl_attr_strings.write_time_attr) == 0) {
+ exclude_dos_write_time = True;
+ }
+ else if (strcasecmp_m(pExclude,
+ excl_attr_strings.change_time_attr) == 0) {
+ exclude_dos_change_time = True;
+ }
+ else if (strcasecmp_m(pExclude, "dos_attr.inode") == 0) {
+ exclude_dos_inode = True;
+ }
+ else {
+ DEBUG(5, ("cacl_get received unknown exclusion: %s\n",
+ pExclude));
+ errno = ENOATTR;
+ return -1;
+ }
+ }
+ }
+
+ n_used = 0;
+
+ /*
+ * If we are (possibly) talking to an NT or new system and some NT
+ * attributes have been requested...
+ */
+ if (ipc_cli && (all || some_nt || all_nt_acls)) {
+ char *targetpath = NULL;
+ struct cli_state *targetcli = NULL;
+ struct cli_credentials *creds = NULL;
+ NTSTATUS status;
+
+ /* Point to the portion after "system.nt_sec_desc." */
+ name += 19; /* if (all) this will be invalid but unused */
+
+ creds = context->internal->creds;
+
+ status = cli_resolve_path(
+ ctx, "",
+ creds,
+ cli, filename, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("cacl_get Could not resolve %s\n",
+ filename));
+ errno = ENOENT;
+ return -1;
+ }
+
+ /* ... then obtain any NT attributes which were requested */
+ status = cli_ntcreate(
+ targetcli, /* cli */
+ targetpath, /* fname */
+ 0, /* CreatFlags */
+ READ_CONTROL_ACCESS, /* DesiredAccess */
+ 0, /* FileAttributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE, /* ShareAccess */
+ FILE_OPEN, /* CreateDisposition */
+ 0x0, /* CreateOptions */
+ 0x0, /* SecurityFlags */
+ &fnum, /* pfid */
+ NULL); /* cr */
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("cacl_get failed to open %s: %s\n",
+ targetpath, nt_errstr(status)));
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ status = cli_query_secdesc(targetcli, fnum, ctx, &sd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5,("cacl_get Failed to query old descriptor "
+ "of %s: %s\n",
+ targetpath, nt_errstr(status)));
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ cli_close(targetcli, fnum);
+
+ if (! exclude_nt_revision) {
+ if (all || all_nt) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx,
+ "REVISION:%d",
+ sd->revision);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "REVISION:%d",
+ sd->revision);
+ }
+ } else if (strcasecmp_m(name, "revision") == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "%d",
+ sd->revision);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize, "%d",
+ sd->revision);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_nt_owner) {
+ /* Get owner and group sid */
+ if (sd->owner_sid) {
+ convert_sid_to_string(ipc_cli, pol,
+ sidstr,
+ numeric,
+ sd->owner_sid);
+ } else {
+ fstrcpy(sidstr, "");
+ }
+
+ if (all || all_nt) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, ",OWNER:%s",
+ sidstr);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else if (sidstr[0] != '\0') {
+ n = snprintf(buf, bufsize,
+ ",OWNER:%s", sidstr);
+ }
+ } else if (strncasecmp_m(name, "owner", 5) == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "%s", sidstr);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize, "%s",
+ sidstr);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_nt_group) {
+ if (sd->group_sid) {
+ convert_sid_to_string(ipc_cli, pol,
+ sidstr, numeric,
+ sd->group_sid);
+ } else {
+ fstrcpy(sidstr, "");
+ }
+
+ if (all || all_nt) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, ",GROUP:%s",
+ sidstr);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else if (sidstr[0] != '\0') {
+ n = snprintf(buf, bufsize,
+ ",GROUP:%s", sidstr);
+ }
+ } else if (strncasecmp_m(name, "group", 5) == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "%s", sidstr);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%s", sidstr);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_nt_acl) {
+ /* Add aces to value buffer */
+ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
+
+ struct security_ace *ace = &sd->dacl->aces[i];
+ convert_sid_to_string(ipc_cli, pol,
+ sidstr, numeric,
+ &ace->trustee);
+
+ if (all || all_nt) {
+ if (determine_size) {
+ p = talloc_asprintf(
+ ctx,
+ ",ACL:"
+ "%s:%d/%d/0x%08x",
+ sidstr,
+ ace->type,
+ ace->flags,
+ ace->access_mask);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(
+ buf, bufsize,
+ ",ACL:%s:%d/%d/0x%08x",
+ sidstr,
+ ace->type,
+ ace->flags,
+ ace->access_mask);
+ }
+ } else if ((strncasecmp_m(name, "acl", 3) == 0 &&
+ strcasecmp_m(name+3, sidstr) == 0) ||
+ (strncasecmp_m(name, "acl+", 4) == 0 &&
+ strcasecmp_m(name+4, sidstr) == 0)) {
+ if (determine_size) {
+ p = talloc_asprintf(
+ ctx,
+ "%d/%d/0x%08x",
+ ace->type,
+ ace->flags,
+ ace->access_mask);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%d/%d/0x%08x",
+ ace->type,
+ ace->flags,
+ ace->access_mask);
+ }
+ } else if (all_nt_acls) {
+ if (determine_size) {
+ p = talloc_asprintf(
+ ctx,
+ "%s%s:%d/%d/0x%08x",
+ i ? "," : "",
+ sidstr,
+ ace->type,
+ ace->flags,
+ ace->access_mask);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%s%s:%d/%d/0x%08x",
+ i ? "," : "",
+ sidstr,
+ ace->type,
+ ace->flags,
+ ace->access_mask);
+ }
+ }
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+ }
+
+ /* Restore name pointer to its original value */
+ name -= 19;
+ }
+
+ if (all || some_dos) {
+ struct stat sb = {0};
+ time_t create_time = (time_t)0;
+ time_t write_time = (time_t)0;
+ time_t access_time = (time_t)0;
+ time_t change_time = (time_t)0;
+ off_t size = 0;
+ uint16_t mode = 0;
+ SMB_INO_T ino = 0;
+ NTSTATUS status;
+
+ /* Point to the portion after "system.dos_attr." */
+ name += 16; /* if (all) this will be invalid but unused */
+
+ /* Obtain the DOS attributes */
+ status = SMBC_getatr(context, srv, filename, &sb);
+ if (!NT_STATUS_IS_OK(status)) {
+ errno = cli_status_to_errno(status);
+ return -1;
+ }
+
+ create_time = sb.st_ctime;
+ access_time = sb.st_atime;
+ write_time = sb.st_mtime;
+ change_time = sb.st_mtime;
+ size = sb.st_size;
+ mode = sb.st_mode;
+ ino = sb.st_ino;
+
+ if (! exclude_dos_mode) {
+ if (all || all_dos) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx,
+ "%sMODE:0x%x",
+ (ipc_cli &&
+ (all || some_nt)
+ ? ","
+ : ""),
+ mode);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%sMODE:0x%x",
+ (ipc_cli &&
+ (all || some_nt)
+ ? ","
+ : ""),
+ mode);
+ }
+ } else if (strcasecmp_m(name, "mode") == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "0x%x", mode);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "0x%x", mode);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_dos_size) {
+ if (all || all_dos) {
+ if (determine_size) {
+ p = talloc_asprintf(
+ ctx,
+ ",SIZE:%.0f",
+ (double)size);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ ",SIZE:%.0f",
+ (double)size);
+ }
+ } else if (strcasecmp_m(name, "size") == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(
+ ctx,
+ "%.0f",
+ (double)size);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%.0f",
+ (double)size);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_dos_create_time &&
+ attr_strings.create_time_attr != NULL) {
+ if (all || all_dos) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx,
+ ",%s:%lu",
+ attr_strings.create_time_attr,
+ (unsigned long) create_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ ",%s:%lu",
+ attr_strings.create_time_attr,
+ (unsigned long) create_time);
+ }
+ } else if (strcasecmp_m(name, attr_strings.create_time_attr) == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "%lu", (unsigned long) create_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%lu", (unsigned long) create_time);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_dos_access_time) {
+ if (all || all_dos) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx,
+ ",%s:%lu",
+ attr_strings.access_time_attr,
+ (unsigned long) access_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ ",%s:%lu",
+ attr_strings.access_time_attr,
+ (unsigned long) access_time);
+ }
+ } else if (strcasecmp_m(name, attr_strings.access_time_attr) == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "%lu", (unsigned long) access_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%lu", (unsigned long) access_time);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_dos_write_time) {
+ if (all || all_dos) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx,
+ ",%s:%lu",
+ attr_strings.write_time_attr,
+ (unsigned long) write_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ ",%s:%lu",
+ attr_strings.write_time_attr,
+ (unsigned long) write_time);
+ }
+ } else if (strcasecmp_m(name, attr_strings.write_time_attr) == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "%lu", (unsigned long) write_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%lu", (unsigned long) write_time);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_dos_change_time) {
+ if (all || all_dos) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx,
+ ",%s:%lu",
+ attr_strings.change_time_attr,
+ (unsigned long) change_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ ",%s:%lu",
+ attr_strings.change_time_attr,
+ (unsigned long) change_time);
+ }
+ } else if (strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(ctx, "%lu", (unsigned long) change_time);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%lu", (unsigned long) change_time);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ if (! exclude_dos_inode) {
+ if (all || all_dos) {
+ if (determine_size) {
+ p = talloc_asprintf(
+ ctx,
+ ",INODE:%.0f",
+ (double)ino);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ ",INODE:%.0f",
+ (double) ino);
+ }
+ } else if (strcasecmp_m(name, "inode") == 0) {
+ if (determine_size) {
+ p = talloc_asprintf(
+ ctx,
+ "%.0f",
+ (double) ino);
+ if (!p) {
+ errno = ENOMEM;
+ return -1;
+ }
+ n = strlen(p);
+ } else {
+ n = snprintf(buf, bufsize,
+ "%.0f",
+ (double) ino);
+ }
+ }
+
+ if (!determine_size && n > bufsize) {
+ errno = ERANGE;
+ return -1;
+ }
+ buf += n;
+ n_used += n;
+ bufsize -= n;
+ n = 0;
+ }
+
+ /* Restore name pointer to its original value */
+ name -= 16;
+ }
+
+ if (n_used == 0) {
+ errno = ENOATTR;
+ return -1;
+ }
+
+ return n_used;
+}
+
+/*****************************************************
+set the ACLs on a file given an ascii description
+*******************************************************/
+static int
+cacl_set(SMBCCTX *context,
+ TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ struct cli_state *ipc_cli,
+ struct policy_handle *pol,
+ const char *filename,
+ char *the_acl,
+ int mode,
+ int flags)
+{
+ uint16_t fnum = (uint16_t)-1;
+ int err = 0;
+ struct security_descriptor *sd = NULL, *old;
+ struct security_acl *dacl = NULL;
+ struct dom_sid *owner_sid = NULL;
+ struct dom_sid *group_sid = NULL;
+ uint32_t i, j;
+ size_t sd_size;
+ int ret = 0;
+ char *p;
+ bool numeric = True;
+ char *targetpath = NULL;
+ struct cli_state *targetcli = NULL;
+ struct cli_credentials *creds = NULL;
+ NTSTATUS status;
+
+ /* the_acl will be null for REMOVE_ALL operations */
+ if (the_acl) {
+ numeric = ((p = strchr(the_acl, ':')) != NULL &&
+ p > the_acl &&
+ p[-1] != '+');
+
+ /* if this is to set the entire ACL... */
+ if (*the_acl == '*') {
+ /* ... then increment past the first colon */
+ the_acl = p + 1;
+ }
+
+ sd = sec_desc_parse(ctx, ipc_cli, pol, numeric, the_acl);
+ if (!sd) {
+ errno = EINVAL;
+ return -1;
+ }
+ }
+
+ /* SMBC_XATTR_MODE_REMOVE_ALL is the only caller
+ that doesn't deref sd */
+
+ if (!sd && (mode != SMBC_XATTR_MODE_REMOVE_ALL)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ creds = context->internal->creds;
+
+ status = cli_resolve_path(ctx, "",
+ creds,
+ cli, filename, &targetcli, &targetpath);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5,("cacl_set: Could not resolve %s\n", filename));
+ errno = ENOENT;
+ return -1;
+ }
+
+ /* The desired access below is the only one I could find that works
+ with NT4, W2KP and Samba */
+
+ status = cli_ntcreate(
+ targetcli, /* cli */
+ targetpath, /* fname */
+ 0, /* CreatFlags */
+ READ_CONTROL_ACCESS, /* DesiredAccess */
+ 0, /* FileAttributes */
+ FILE_SHARE_READ|
+ FILE_SHARE_WRITE, /* ShareAccess */
+ FILE_OPEN, /* CreateDisposition */
+ 0x0, /* CreateOptions */
+ 0x0, /* SecurityFlags */
+ &fnum, /* pfid */
+ NULL); /* cr */
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("cacl_set failed to open %s: %s\n",
+ targetpath, nt_errstr(status)));
+ errno = 0;
+ return -1;
+ }
+
+ status = cli_query_secdesc(targetcli, fnum, ctx, &old);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5,("cacl_set Failed to query old descriptor of %s: %s\n",
+ targetpath, nt_errstr(status)));
+ errno = 0;
+ return -1;
+ }
+
+ cli_close(targetcli, fnum);
+
+ switch (mode) {
+ case SMBC_XATTR_MODE_REMOVE_ALL:
+ old->dacl->num_aces = 0;
+ dacl = old->dacl;
+ break;
+
+ case SMBC_XATTR_MODE_REMOVE:
+ for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
+ bool found = False;
+
+ for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
+ if (security_ace_equal(&sd->dacl->aces[i],
+ &old->dacl->aces[j])) {
+ uint32_t k;
+ for (k=j; k<old->dacl->num_aces-1;k++) {
+ old->dacl->aces[k] =
+ old->dacl->aces[k+1];
+ }
+ old->dacl->num_aces--;
+ found = True;
+ dacl = old->dacl;
+ break;
+ }
+ }
+
+ if (!found) {
+ err = ENOATTR;
+ ret = -1;
+ goto failed;
+ }
+ }
+ break;
+
+ case SMBC_XATTR_MODE_ADD:
+ for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
+ bool found = False;
+
+ for (j=0;old->dacl && j<old->dacl->num_aces;j++) {
+ if (dom_sid_equal(&sd->dacl->aces[i].trustee,
+ &old->dacl->aces[j].trustee)) {
+ if (!(flags & SMBC_XATTR_FLAG_CREATE)) {
+ err = EEXIST;
+ ret = -1;
+ goto failed;
+ }
+ old->dacl->aces[j] = sd->dacl->aces[i];
+ ret = -1;
+ found = True;
+ }
+ }
+
+ if (!found && (flags & SMBC_XATTR_FLAG_REPLACE)) {
+ err = ENOATTR;
+ ret = -1;
+ goto failed;
+ }
+
+ for (i=0;sd->dacl && i<sd->dacl->num_aces;i++) {
+ add_ace(&old->dacl, &sd->dacl->aces[i], ctx);
+ }
+ }
+ dacl = old->dacl;
+ break;
+
+ case SMBC_XATTR_MODE_SET:
+ old = sd;
+ owner_sid = old->owner_sid;
+ group_sid = old->group_sid;
+ dacl = old->dacl;
+ break;
+
+ case SMBC_XATTR_MODE_CHOWN:
+ owner_sid = sd->owner_sid;
+ break;
+
+ case SMBC_XATTR_MODE_CHGRP:
+ group_sid = sd->group_sid;
+ break;
+ }
+
+ /* Denied ACE entries must come before allowed ones */
+ sort_acl(old->dacl);
+
+ /* Create new security descriptor and set it */
+ sd = make_sec_desc(ctx, old->revision, SEC_DESC_SELF_RELATIVE,
+ owner_sid, group_sid, NULL, dacl, &sd_size);
+
+ status = cli_ntcreate(targetcli, targetpath, 0,
+ WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN,
+ 0x0, 0x0, &fnum, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("cacl_set failed to open %s: %s\n",
+ targetpath, nt_errstr(status)));
+ errno = 0;
+ return -1;
+ }
+
+ status = cli_set_secdesc(targetcli, fnum, sd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(5, ("ERROR: secdesc set failed: %s\n",
+ nt_errstr(status)));
+ ret = -1;
+ }
+
+ /* Clean up */
+
+failed:
+ cli_close(targetcli, fnum);
+
+ if (err != 0) {
+ errno = err;
+ }
+
+ return ret;
+}
+
+
+int
+SMBC_setxattr_ctx(SMBCCTX *context,
+ const char *fname,
+ const char *name,
+ const void *value,
+ size_t size,
+ int flags)
+{
+ int ret;
+ int ret2;
+ SMBCSRV *srv = NULL;
+ SMBCSRV *ipc_srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ struct DOS_ATTR_DESC *dad = NULL;
+ struct {
+ const char * create_time_attr;
+ const char * access_time_attr;
+ const char * write_time_attr;
+ const char * change_time_attr;
+ } attr_strings;
+ uint16_t port = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_setxattr(%s, %s, %.*s)\n",
+ fname, name, (int) size, (const char*)value));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ if (! srv->no_nt_session) {
+ ipc_srv = SMBC_attr_server(frame, context, server, port, share,
+ &workgroup, &user, &password);
+ if (! ipc_srv) {
+ srv->no_nt_session = True;
+ }
+ } else {
+ ipc_srv = NULL;
+ }
+
+ /*
+ * Are they asking to set the entire set of known attributes?
+ */
+ if (strcasecmp_m(name, "system.*") == 0 ||
+ strcasecmp_m(name, "system.*+") == 0) {
+ /* Yup. */
+ char *namevalue =
+ talloc_asprintf(talloc_tos(), "%s:%s",
+ name+7, (const char *) value);
+ if (! namevalue) {
+ errno = ENOMEM;
+ ret = -1;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (ipc_srv) {
+ ret = cacl_set(context, talloc_tos(), srv->cli,
+ ipc_srv->cli, &ipc_srv->pol, path,
+ namevalue,
+ (*namevalue == '*'
+ ? SMBC_XATTR_MODE_SET
+ : SMBC_XATTR_MODE_ADD),
+ flags);
+ } else {
+ ret = 0;
+ }
+
+ /* get a DOS Attribute Descriptor with current attributes */
+ dad = dos_attr_query(context, talloc_tos(), path, srv);
+ if (dad) {
+ bool ok;
+
+ /* Overwrite old with new, using what was provided */
+ dos_attr_parse(context, dad, srv, namevalue);
+
+ /* Set the new DOS attributes */
+ ok = SMBC_setatr(
+ context,
+ srv,
+ path,
+ (struct timespec) {
+ .tv_sec = dad->create_time },
+ (struct timespec) {
+ .tv_sec = dad->access_time },
+ (struct timespec) {
+ .tv_sec = dad->write_time },
+ (struct timespec) {
+ .tv_sec = dad->change_time },
+ dad->mode);
+ if (!ok) {
+ /* cause failure if NT failed too */
+ dad = NULL;
+ }
+ }
+
+ /* we only fail if both NT and DOS sets failed */
+ if (ret < 0 && ! dad) {
+ ret = -1; /* in case dad was null */
+ }
+ else {
+ ret = 0;
+ }
+
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ /*
+ * Are they asking to set an access control element or to set
+ * the entire access control list?
+ */
+ if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
+
+ /* Yup. */
+ char *namevalue =
+ talloc_asprintf(talloc_tos(), "%s:%s",
+ name+19, (const char *) value);
+
+ if (! ipc_srv) {
+ ret = -1; /* errno set by SMBC_server() */
+ }
+ else if (! namevalue) {
+ errno = ENOMEM;
+ ret = -1;
+ } else {
+ ret = cacl_set(context, talloc_tos(), srv->cli,
+ ipc_srv->cli, &ipc_srv->pol, path,
+ namevalue,
+ (*namevalue == '*'
+ ? SMBC_XATTR_MODE_SET
+ : SMBC_XATTR_MODE_ADD),
+ flags);
+ }
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ /*
+ * Are they asking to set the owner?
+ */
+ if (strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0) {
+
+ /* Yup. */
+ char *namevalue =
+ talloc_asprintf(talloc_tos(), "%s:%s",
+ name+19, (const char *) value);
+
+ if (! ipc_srv) {
+ ret = -1; /* errno set by SMBC_server() */
+ }
+ else if (! namevalue) {
+ errno = ENOMEM;
+ ret = -1;
+ } else {
+ ret = cacl_set(context, talloc_tos(), srv->cli,
+ ipc_srv->cli, &ipc_srv->pol, path,
+ namevalue, SMBC_XATTR_MODE_CHOWN, 0);
+ }
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ /*
+ * Are they asking to set the group?
+ */
+ if (strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group+") == 0) {
+
+ /* Yup. */
+ char *namevalue =
+ talloc_asprintf(talloc_tos(), "%s:%s",
+ name+19, (const char *) value);
+
+ if (! ipc_srv) {
+ /* errno set by SMBC_server() */
+ ret = -1;
+ }
+ else if (! namevalue) {
+ errno = ENOMEM;
+ ret = -1;
+ } else {
+ ret = cacl_set(context, talloc_tos(), srv->cli,
+ ipc_srv->cli, &ipc_srv->pol, path,
+ namevalue, SMBC_XATTR_MODE_CHGRP, 0);
+ }
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ /* Determine whether to use old-style or new-style attribute names */
+ if (context->internal->full_time_names) {
+ /* new-style names */
+ attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
+ attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
+ attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
+ attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
+ } else {
+ /* old-style names */
+ attr_strings.create_time_attr = NULL;
+ attr_strings.access_time_attr = "system.dos_attr.A_TIME";
+ attr_strings.write_time_attr = "system.dos_attr.M_TIME";
+ attr_strings.change_time_attr = "system.dos_attr.C_TIME";
+ }
+
+ /*
+ * Are they asking to set a DOS attribute?
+ */
+ if (strcasecmp_m(name, "system.dos_attr.*") == 0 ||
+ strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
+ (attr_strings.create_time_attr != NULL &&
+ strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
+ strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.change_time_attr) == 0) {
+
+ /* get a DOS Attribute Descriptor with current attributes */
+ dad = dos_attr_query(context, talloc_tos(), path, srv);
+ if (dad) {
+ char *namevalue =
+ talloc_asprintf(talloc_tos(), "%s:%s",
+ name+16, (const char *) value);
+ if (! namevalue) {
+ errno = ENOMEM;
+ ret = -1;
+ } else {
+ /* Overwrite old with provided new params */
+ dos_attr_parse(context, dad, srv, namevalue);
+
+ /* Set the new DOS attributes */
+ ret2 = SMBC_setatr(
+ context,
+ srv,
+ path,
+ (struct timespec) {
+ .tv_sec = dad->create_time },
+ (struct timespec) {
+ .tv_sec = dad->access_time },
+ (struct timespec) {
+ .tv_sec = dad->write_time },
+ (struct timespec) {
+ .tv_sec = dad->change_time },
+ dad->mode);
+
+ /* ret2 has True (success) / False (failure) */
+ if (ret2) {
+ ret = 0;
+ } else {
+ ret = -1;
+ }
+ }
+ } else {
+ ret = -1;
+ }
+
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ /* Unsupported attribute name */
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+}
+
+int
+SMBC_getxattr_ctx(SMBCCTX *context,
+ const char *fname,
+ const char *name,
+ const void *value,
+ size_t size)
+{
+ int ret;
+ SMBCSRV *srv = NULL;
+ SMBCSRV *ipc_srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ struct {
+ const char * create_time_attr;
+ const char * access_time_attr;
+ const char * write_time_attr;
+ const char * change_time_attr;
+ } attr_strings;
+ uint16_t port = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_getxattr(%s, %s)\n", fname, name));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == '\0') {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ if (! srv->no_nt_session) {
+ ipc_srv = SMBC_attr_server(frame, context, server, port, share,
+ &workgroup, &user, &password);
+ /*
+ * SMBC_attr_server() can cause the original
+ * server to be removed from the cache.
+ * If so we must error out here as the srv
+ * pointer has been freed.
+ */
+ if (smbc_getFunctionGetCachedServer(context)(context,
+ server,
+ share,
+ workgroup,
+ user) != srv) {
+#if defined(ECONNRESET)
+ errno = ECONNRESET;
+#else
+ errno = ETIMEDOUT;
+#endif
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ if (! ipc_srv) {
+ srv->no_nt_session = True;
+ }
+ } else {
+ ipc_srv = NULL;
+ }
+
+ /* Determine whether to use old-style or new-style attribute names */
+ if (context->internal->full_time_names) {
+ /* new-style names */
+ attr_strings.create_time_attr = "system.dos_attr.CREATE_TIME";
+ attr_strings.access_time_attr = "system.dos_attr.ACCESS_TIME";
+ attr_strings.write_time_attr = "system.dos_attr.WRITE_TIME";
+ attr_strings.change_time_attr = "system.dos_attr.CHANGE_TIME";
+ } else {
+ /* old-style names */
+ attr_strings.create_time_attr = NULL;
+ attr_strings.access_time_attr = "system.dos_attr.A_TIME";
+ attr_strings.write_time_attr = "system.dos_attr.M_TIME";
+ attr_strings.change_time_attr = "system.dos_attr.C_TIME";
+ }
+
+ /* Are they requesting a supported attribute? */
+ if (strcasecmp_m(name, "system.*") == 0 ||
+ strncasecmp_m(name, "system.*!", 9) == 0 ||
+ strcasecmp_m(name, "system.*+") == 0 ||
+ strncasecmp_m(name, "system.*+!", 10) == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.*!", 21) == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*+") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.*+!", 22) == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0 ||
+ strcasecmp_m(name, "system.dos_attr.*") == 0 ||
+ strncasecmp_m(name, "system.dos_attr.*!", 18) == 0 ||
+ strcasecmp_m(name, "system.dos_attr.mode") == 0 ||
+ strcasecmp_m(name, "system.dos_attr.size") == 0 ||
+ (attr_strings.create_time_attr != NULL &&
+ strcasecmp_m(name, attr_strings.create_time_attr) == 0) ||
+ strcasecmp_m(name, attr_strings.access_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.write_time_attr) == 0 ||
+ strcasecmp_m(name, attr_strings.change_time_attr) == 0 ||
+ strcasecmp_m(name, "system.dos_attr.inode") == 0) {
+
+ /* Yup. */
+ const char *filename = name;
+ ret = cacl_get(context, talloc_tos(), srv,
+ ipc_srv == NULL ? NULL : ipc_srv->cli,
+ &ipc_srv->pol, path,
+ filename,
+ discard_const_p(char, value),
+ size);
+ TALLOC_FREE(frame);
+ /*
+ * static function cacl_get returns a value greater than zero
+ * which is needed buffer size needed when size_t is 0.
+ */
+ return ret;
+ }
+
+ /* Unsupported attribute name */
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+}
+
+
+int
+SMBC_removexattr_ctx(SMBCCTX *context,
+ const char *fname,
+ const char *name)
+{
+ int ret;
+ SMBCSRV *srv = NULL;
+ SMBCSRV *ipc_srv = NULL;
+ char *server = NULL;
+ char *share = NULL;
+ char *user = NULL;
+ char *password = NULL;
+ char *workgroup = NULL;
+ char *path = NULL;
+ uint16_t port = 0;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (!context || !context->internal->initialized) {
+ errno = EINVAL; /* Best I can think of ... */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!fname) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ DEBUG(4, ("smbc_removexattr(%s, %s)\n", fname, name));
+
+ if (SMBC_parse_path(frame,
+ context,
+ fname,
+ &workgroup,
+ &server,
+ &port,
+ &share,
+ &path,
+ &user,
+ &password,
+ NULL)) {
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ if (!user || user[0] == (char)0) {
+ user = talloc_strdup(frame, smbc_getUser(context));
+ if (!user) {
+ errno = ENOMEM;
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ }
+
+ srv = SMBC_server(frame, context, True,
+ server, port, share, &workgroup, &user, &password);
+ if (!srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_server */
+ }
+
+ if (! srv->no_nt_session) {
+ int saved_errno;
+ ipc_srv = SMBC_attr_server(frame, context, server, port, share,
+ &workgroup, &user, &password);
+ saved_errno = errno;
+ /*
+ * SMBC_attr_server() can cause the original
+ * server to be removed from the cache.
+ * If so we must error out here as the srv
+ * pointer has been freed.
+ */
+ if (smbc_getFunctionGetCachedServer(context)(context,
+ server,
+ share,
+ workgroup,
+ user) != srv) {
+#if defined(ECONNRESET)
+ errno = ECONNRESET;
+#else
+ errno = ETIMEDOUT;
+#endif
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ if (! ipc_srv) {
+ errno = saved_errno;
+ srv->no_nt_session = True;
+ }
+ } else {
+ ipc_srv = NULL;
+ }
+
+ if (! ipc_srv) {
+ TALLOC_FREE(frame);
+ return -1; /* errno set by SMBC_attr_server */
+ }
+
+ /* Are they asking to set the entire ACL? */
+ if (strcasecmp_m(name, "system.nt_sec_desc.*") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.*+") == 0) {
+
+ /* Yup. */
+ ret = cacl_set(context, talloc_tos(), srv->cli,
+ ipc_srv->cli, &ipc_srv->pol, path,
+ NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ /*
+ * Are they asking to remove one or more specific security descriptor
+ * attributes?
+ */
+ if (strcasecmp_m(name, "system.nt_sec_desc.revision") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.owner+") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group") == 0 ||
+ strcasecmp_m(name, "system.nt_sec_desc.group+") == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl", 22) == 0 ||
+ strncasecmp_m(name, "system.nt_sec_desc.acl+", 23) == 0) {
+
+ /* Yup. */
+ ret = cacl_set(context, talloc_tos(), srv->cli,
+ ipc_srv->cli, &ipc_srv->pol, path,
+ discard_const_p(char, name) + 19,
+ SMBC_XATTR_MODE_REMOVE, 0);
+ TALLOC_FREE(frame);
+ return ret;
+ }
+
+ /* Unsupported attribute name */
+ errno = EINVAL;
+ TALLOC_FREE(frame);
+ return -1;
+}
+
+int
+SMBC_listxattr_ctx(SMBCCTX *context,
+ const char *fname,
+ char *list,
+ size_t size)
+{
+ /*
+ * This isn't quite what listxattr() is supposed to do. This returns
+ * the complete set of attribute names, always, rather than only those
+ * attribute names which actually exist for a file. Hmmm...
+ */
+ size_t retsize;
+ static const char supported_old[] =
+ "system.*\0"
+ "system.*+\0"
+ "system.nt_sec_desc.revision\0"
+ "system.nt_sec_desc.owner\0"
+ "system.nt_sec_desc.owner+\0"
+ "system.nt_sec_desc.group\0"
+ "system.nt_sec_desc.group+\0"
+ "system.nt_sec_desc.acl.*\0"
+ "system.nt_sec_desc.acl\0"
+ "system.nt_sec_desc.acl+\0"
+ "system.nt_sec_desc.*\0"
+ "system.nt_sec_desc.*+\0"
+ "system.dos_attr.*\0"
+ "system.dos_attr.mode\0"
+ "system.dos_attr.c_time\0"
+ "system.dos_attr.a_time\0"
+ "system.dos_attr.m_time\0"
+ ;
+ static const char supported_new[] =
+ "system.*\0"
+ "system.*+\0"
+ "system.nt_sec_desc.revision\0"
+ "system.nt_sec_desc.owner\0"
+ "system.nt_sec_desc.owner+\0"
+ "system.nt_sec_desc.group\0"
+ "system.nt_sec_desc.group+\0"
+ "system.nt_sec_desc.acl.*\0"
+ "system.nt_sec_desc.acl\0"
+ "system.nt_sec_desc.acl+\0"
+ "system.nt_sec_desc.*\0"
+ "system.nt_sec_desc.*+\0"
+ "system.dos_attr.*\0"
+ "system.dos_attr.mode\0"
+ "system.dos_attr.create_time\0"
+ "system.dos_attr.access_time\0"
+ "system.dos_attr.write_time\0"
+ "system.dos_attr.change_time\0"
+ ;
+ const char * supported;
+
+ if (context->internal->full_time_names) {
+ supported = supported_new;
+ retsize = sizeof(supported_new);
+ } else {
+ supported = supported_old;
+ retsize = sizeof(supported_old);
+ }
+
+ if (size == 0) {
+ return retsize;
+ }
+
+ if (retsize > size) {
+ errno = ERANGE;
+ return -1;
+ }
+
+ /* this can't be strcpy() because there are embedded null characters */
+ memcpy(list, supported, retsize);
+ return retsize;
+}
diff --git a/source3/libsmb/namecache.c b/source3/libsmb/namecache.c
new file mode 100644
index 0000000..eb59b9e
--- /dev/null
+++ b/source3/libsmb/namecache.c
@@ -0,0 +1,480 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ NetBIOS name cache module on top of gencache mechanism.
+
+ Copyright (C) Tim Potter 2002
+ Copyright (C) Rafal Szczesniak 2002
+ Copyright (C) Jeremy Allison 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "lib/gencache.h"
+#include "libsmb/namequery.h"
+
+#define IPSTR_LIST_SEP ","
+#define IPSTR_LIST_CHAR ','
+
+/**
+ * Allocate and initialise an ipstr list using samba_sockaddr ip addresses
+ * passed as arguments.
+ *
+ * @param ctx TALLOC_CTX to use
+ * @param ip_list array of ip addresses to place in the list
+ * @param ip_count number of addresses stored in ip_list
+ * @return pointer to allocated ip string
+ **/
+
+static char *ipstr_list_make_sa(TALLOC_CTX *ctx,
+ const struct samba_sockaddr *sa_list,
+ size_t ip_count)
+{
+ char *ipstr_list = NULL;
+ size_t i;
+
+ /* arguments checking */
+ if (sa_list == NULL) {
+ return NULL;
+ }
+
+ /* process ip addresses given as arguments */
+ for (i = 0; i < ip_count; i++) {
+ char addr_buf[INET6_ADDRSTRLEN];
+ char *new_str = NULL;
+
+ print_sockaddr(addr_buf,
+ sizeof(addr_buf),
+ &sa_list[i].u.ss);
+
+ if (sa_list[i].u.ss.ss_family == AF_INET) {
+ /* IPv4 - port no longer used, store 0 */
+ new_str = talloc_asprintf(ctx,
+ "%s:%d",
+ addr_buf,
+ 0);
+ } else {
+ /* IPv6 - port no longer used, store 0 */
+ new_str = talloc_asprintf(ctx,
+ "[%s]:%d",
+ addr_buf,
+ 0);
+ }
+ if (new_str == NULL) {
+ TALLOC_FREE(ipstr_list);
+ return NULL;
+ }
+
+ if (ipstr_list == NULL) {
+ /* First ip address. */
+ ipstr_list = new_str;
+ } else {
+ /*
+ * Append the separator "," and then the new
+ * ip address to the existing list.
+ *
+ * The efficiency here is horrible, but
+ * ip_count should be small enough we can
+ * live with it.
+ */
+ char *tmp = talloc_asprintf(ctx,
+ "%s%s%s",
+ ipstr_list,
+ IPSTR_LIST_SEP,
+ new_str);
+ if (tmp == NULL) {
+ TALLOC_FREE(new_str);
+ TALLOC_FREE(ipstr_list);
+ return NULL;
+ }
+ TALLOC_FREE(new_str);
+ TALLOC_FREE(ipstr_list);
+ ipstr_list = tmp;
+ }
+ }
+
+ return ipstr_list;
+}
+
+/**
+ * Parse given ip string list into array of ip addresses
+ * (as ip_service structures)
+ * e.g. [IPv6]:port,192.168.1.100:389,192.168.1.78, ...
+ *
+ * @param ipstr ip string list to be parsed
+ * @param ip_list pointer to array of ip addresses which is
+ * talloced by this function and must be freed by caller
+ * @return number of successfully parsed addresses
+ **/
+
+static int ipstr_list_parse(TALLOC_CTX *ctx,
+ const char *ipstr_list,
+ struct samba_sockaddr **sa_list_out)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct samba_sockaddr *sa_list = NULL;
+ char *token_str = NULL;
+ size_t count;
+ size_t array_size;
+
+ *sa_list_out = NULL;
+
+ array_size = count_chars(ipstr_list, IPSTR_LIST_CHAR) + 1;
+ sa_list = talloc_zero_array(frame,
+ struct samba_sockaddr,
+ array_size);
+ if (sa_list == NULL) {
+ TALLOC_FREE(frame);
+ return 0;
+ }
+
+ count = 0;
+ while (next_token_talloc(frame,
+ &ipstr_list,
+ &token_str,
+ IPSTR_LIST_SEP)) {
+ bool ok;
+ char *s = token_str;
+ char *p = strrchr(token_str, ':');
+ struct sockaddr_storage ss;
+
+ /* Ensure we don't overrun. */
+ if (count >= array_size) {
+ break;
+ }
+
+ if (p) {
+ *p = 0;
+ /* We now ignore the port. */
+ }
+
+ /* convert single token to ip address */
+ if (token_str[0] == '[') {
+ /* IPv6 address. */
+ s++;
+ p = strchr(token_str, ']');
+ if (!p) {
+ continue;
+ }
+ *p = '\0';
+ }
+ ok = interpret_string_addr(&ss, s, AI_NUMERICHOST);
+ if (!ok) {
+ continue;
+ }
+ ok = sockaddr_storage_to_samba_sockaddr(&sa_list[count],
+ &ss);
+ if (!ok) {
+ continue;
+ }
+ count++;
+ }
+ if (count > 0) {
+ *sa_list_out = talloc_move(ctx, &sa_list);
+ }
+ TALLOC_FREE(frame);
+ return count;
+}
+
+#define NBTKEY_FMT "NBT/%s#%02X"
+
+/**
+ * Generates a key for netbios name lookups on basis of
+ * netbios name and type.
+ * The caller must free returned key string when finished.
+ *
+ * @param name netbios name string (case insensitive)
+ * @param name_type netbios type of the name being looked up
+ *
+ * @return string consisted of uppercased name and appended
+ * type number
+ */
+
+static char *namecache_key(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type)
+{
+ return talloc_asprintf_strupper_m(ctx,
+ NBTKEY_FMT,
+ name,
+ name_type);
+}
+
+/**
+ * Store a name(s) in the name cache - samba_sockaddr version.
+ *
+ * @param name netbios names array
+ * @param name_type integer netbios name type
+ * @param num_names number of names being stored
+ * @param ip_list array of in_addr structures containing
+ * ip addresses being stored
+ **/
+
+bool namecache_store(const char *name,
+ int name_type,
+ size_t num_names,
+ struct samba_sockaddr *sa_list)
+{
+ time_t expiry;
+ char *key = NULL;
+ char *value_string = NULL;
+ size_t i;
+ bool ret = false;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ if (name_type > 255) {
+ /* Don't store non-real name types. */
+ goto out;
+ }
+
+ if ( DEBUGLEVEL >= 5 ) {
+ char *addr = NULL;
+
+ DBG_INFO("storing %zu address%s for %s#%02x: ",
+ num_names, num_names == 1 ? "": "es", name, name_type);
+
+ for (i = 0; i < num_names; i++) {
+ addr = print_canonical_sockaddr(frame,
+ &sa_list[i].u.ss);
+ if (!addr) {
+ continue;
+ }
+ DEBUGADD(5, ("%s%s", addr,
+ (i == (num_names - 1) ? "" : ",")));
+
+ }
+ DEBUGADD(5, ("\n"));
+ }
+
+ key = namecache_key(frame, name, name_type);
+ if (!key) {
+ goto out;
+ }
+
+ expiry = time(NULL) + lp_name_cache_timeout();
+
+ /*
+ * Generate string representation of ip addresses list
+ */
+ value_string = ipstr_list_make_sa(frame, sa_list, num_names);
+ if (value_string == NULL) {
+ goto out;
+ }
+
+ /* set the entry */
+ ret = gencache_set(key, value_string, expiry);
+
+ out:
+
+ TALLOC_FREE(key);
+ TALLOC_FREE(value_string);
+ TALLOC_FREE(frame);
+ return ret;
+}
+
+/**
+ * Look up a name in the cache.
+ *
+ * @param name netbios name to look up for
+ * @param name_type netbios name type of @param name
+ * @param ip_list talloced list of IP addresses if found in the cache,
+ * NULL otherwise
+ * @param num_names number of entries found
+ *
+ * @return true upon successful fetch or
+ * false if name isn't found in the cache or has expired
+ **/
+
+bool namecache_fetch(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type,
+ struct samba_sockaddr **sa_list,
+ size_t *num_names)
+{
+ char *key, *value;
+ time_t timeout;
+
+ if (name_type > 255) {
+ return false; /* Don't fetch non-real name types. */
+ }
+
+ *num_names = 0;
+
+ /*
+ * Use gencache interface - lookup the key
+ */
+ key = namecache_key(talloc_tos(), name, name_type);
+ if (!key) {
+ return false;
+ }
+
+ if (!gencache_get(key, talloc_tos(), &value, &timeout)) {
+ DBG_INFO("no entry for %s#%02X found.\n", name, name_type);
+ TALLOC_FREE(key);
+ return false;
+ }
+
+ DBG_INFO("name %s#%02X found.\n", name, name_type);
+
+ /*
+ * Split up the stored value into the list of IP addresses
+ */
+ *num_names = ipstr_list_parse(ctx, value, sa_list);
+
+ TALLOC_FREE(key);
+ TALLOC_FREE(value);
+
+ return *num_names > 0; /* true only if some ip has been fetched */
+}
+
+/**
+ * Remove a namecache entry. Needed for site support.
+ *
+ **/
+
+bool namecache_delete(const char *name, int name_type)
+{
+ bool ret;
+ char *key;
+
+ if (name_type > 255) {
+ return false; /* Don't fetch non-real name types. */
+ }
+
+ key = namecache_key(talloc_tos(), name, name_type);
+ if (!key) {
+ return false;
+ }
+ ret = gencache_del(key);
+ TALLOC_FREE(key);
+ return ret;
+}
+
+/**
+ * Delete single namecache entry. Look at the
+ * gencache_iterate definition.
+ *
+ **/
+
+static void flush_netbios_name(const char *key,
+ const char *value,
+ time_t timeout,
+ void *dptr)
+{
+ gencache_del(key);
+ DBG_INFO("Deleting entry %s\n", key);
+}
+
+/**
+ * Flush all names from the name cache.
+ * It's done by gencache_iterate()
+ *
+ * @return true upon successful deletion or
+ * false in case of an error
+ **/
+
+void namecache_flush(void)
+{
+ /*
+ * iterate through each NBT cache's entry and flush it
+ * by flush_netbios_name function
+ */
+ gencache_iterate(flush_netbios_name, NULL, "NBT/*");
+ DBG_INFO("Namecache flushed\n");
+}
+
+/* Construct a name status record key. */
+
+static char *namecache_status_record_key(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type1,
+ int name_type2,
+ const struct sockaddr_storage *keyip)
+{
+ char addr[INET6_ADDRSTRLEN];
+
+ print_sockaddr(addr, sizeof(addr), keyip);
+ return talloc_asprintf_strupper_m(ctx,
+ "NBT/%s#%02X.%02X.%s",
+ name,
+ name_type1,
+ name_type2,
+ addr);
+}
+
+/* Store a name status record. */
+
+bool namecache_status_store(const char *keyname, int keyname_type,
+ int name_type, const struct sockaddr_storage *keyip,
+ const char *srvname)
+{
+ char *key;
+ time_t expiry;
+ bool ret;
+
+ key = namecache_status_record_key(talloc_tos(),
+ keyname,
+ keyname_type,
+ name_type,
+ keyip);
+ if (!key)
+ return false;
+
+ expiry = time(NULL) + lp_name_cache_timeout();
+ ret = gencache_set(key, srvname, expiry);
+
+ if (ret) {
+ DBG_INFO("entry %s -> %s\n", key, srvname);
+ } else {
+ DBG_INFO("entry %s store failed.\n", key);
+ }
+
+ TALLOC_FREE(key);
+ return ret;
+}
+
+/* Fetch a name status record. */
+
+bool namecache_status_fetch(const char *keyname,
+ int keyname_type,
+ int name_type,
+ const struct sockaddr_storage *keyip,
+ char *srvname_out)
+{
+ char *key = NULL;
+ char *value = NULL;
+ time_t timeout;
+
+ key = namecache_status_record_key(talloc_tos(),
+ keyname,
+ keyname_type,
+ name_type,
+ keyip);
+ if (!key)
+ return false;
+
+ if (!gencache_get(key, talloc_tos(), &value, &timeout)) {
+ DBG_INFO("no entry for %s found.\n", key);
+ TALLOC_FREE(key);
+ return false;
+ } else {
+ DBG_INFO("key %s -> %s\n", key, value);
+ }
+
+ strlcpy(srvname_out, value, 16);
+ TALLOC_FREE(key);
+ TALLOC_FREE(value);
+ return true;
+}
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
new file mode 100644
index 0000000..e6c0c7d
--- /dev/null
+++ b/source3/libsmb/namequery.c
@@ -0,0 +1,3538 @@
+/*
+ Unix SMB/CIFS implementation.
+ name query routines
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Jeremy Allison 2007.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "libsmb/namequery.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "libads/sitename_cache.h"
+#include "../lib/addns/dnsquery.h"
+#include "../lib/addns/dnsquery_srv.h"
+#include "../libcli/netlogon/netlogon.h"
+#include "lib/async_req/async_sock.h"
+#include "lib/tsocket/tsocket.h"
+#include "libsmb/nmblib.h"
+#include "libsmb/unexpected.h"
+#include "../libcli/nbt/libnbt.h"
+#include "libads/kerberos_proto.h"
+#include "lib/gencache.h"
+#include "librpc/gen_ndr/dns.h"
+#include "lib/util/util_net.h"
+#include "lib/util/string_wrappers.h"
+
+/* nmbd.c sets this to True. */
+bool global_in_nmbd = False;
+
+/*
+ * Utility function to convert from a sockaddr_storage
+ * array to a struct samba_sockaddr array.
+ */
+
+static NTSTATUS sockaddr_array_to_samba_sockaddr_array(
+ TALLOC_CTX *ctx,
+ struct samba_sockaddr **sa_out,
+ size_t *count_out,
+ const struct sockaddr_storage *ss_in,
+ size_t count_in)
+{
+ struct samba_sockaddr *sa = NULL;
+ size_t i;
+ size_t count = 0;
+
+ if (count_in == 0) {
+ /*
+ * Zero length arrays are returned as NULL.
+ * in the name resolution code.
+ */
+ *count_out = 0;
+ *sa_out = NULL;
+ return NT_STATUS_OK;
+ }
+ sa = talloc_zero_array(ctx,
+ struct samba_sockaddr,
+ count_in);
+ if (sa == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ count = 0;
+ for (i = 0; i < count_in; i++) {
+ bool ok;
+
+ /* Filter out zero addresses. */
+ if (is_zero_addr(&ss_in[i])) {
+ continue;
+ }
+ ok = sockaddr_storage_to_samba_sockaddr(&sa[count],
+ &ss_in[i]);
+ if (!ok) {
+ continue;
+ }
+ count++;
+ }
+ if (count == 0) {
+ /*
+ * Zero length arrays are returned as NULL.
+ * in the name resolution code.
+ */
+ TALLOC_FREE(sa);
+ }
+ *count_out = count;
+ *sa_out = sa;
+ return NT_STATUS_OK;
+}
+
+/****************************
+ * SERVER AFFINITY ROUTINES *
+ ****************************/
+
+ /* Server affinity is the concept of preferring the last domain
+ controller with whom you had a successful conversation */
+
+/****************************************************************************
+****************************************************************************/
+#define SAFKEY_FMT "SAF/DOMAIN/%s"
+#define SAF_TTL 900
+#define SAFJOINKEY_FMT "SAFJOIN/DOMAIN/%s"
+#define SAFJOIN_TTL 3600
+
+static char *saf_key(TALLOC_CTX *mem_ctx, const char *domain)
+{
+ return talloc_asprintf_strupper_m(mem_ctx, SAFKEY_FMT, domain);
+}
+
+static char *saf_join_key(TALLOC_CTX *mem_ctx, const char *domain)
+{
+ return talloc_asprintf_strupper_m(mem_ctx, SAFJOINKEY_FMT, domain);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+bool saf_store( const char *domain, const char *servername )
+{
+ char *key;
+ time_t expire;
+ bool ret = False;
+
+ if ( !domain || !servername ) {
+ DEBUG(2,("saf_store: "
+ "Refusing to store empty domain or servername!\n"));
+ return False;
+ }
+
+ if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
+ DEBUG(0,("saf_store: "
+ "refusing to store 0 length domain or servername!\n"));
+ return False;
+ }
+
+ key = saf_key(talloc_tos(), domain);
+ if (key == NULL) {
+ DEBUG(1, ("saf_key() failed\n"));
+ return false;
+ }
+ expire = time( NULL ) + lp_parm_int(-1, "saf","ttl", SAF_TTL);
+
+ DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%u]\n",
+ domain, servername, (unsigned int)expire ));
+
+ ret = gencache_set( key, servername, expire );
+
+ TALLOC_FREE( key );
+
+ return ret;
+}
+
+bool saf_join_store( const char *domain, const char *servername )
+{
+ char *key;
+ time_t expire;
+ bool ret = False;
+
+ if ( !domain || !servername ) {
+ DEBUG(2,("saf_join_store: Refusing to store empty domain or servername!\n"));
+ return False;
+ }
+
+ if ( (strlen(domain) == 0) || (strlen(servername) == 0) ) {
+ DEBUG(0,("saf_join_store: refusing to store 0 length domain or servername!\n"));
+ return False;
+ }
+
+ key = saf_join_key(talloc_tos(), domain);
+ if (key == NULL) {
+ DEBUG(1, ("saf_join_key() failed\n"));
+ return false;
+ }
+ expire = time( NULL ) + lp_parm_int(-1, "saf","join ttl", SAFJOIN_TTL);
+
+ DEBUG(10,("saf_join_store: domain = [%s], server = [%s], expire = [%u]\n",
+ domain, servername, (unsigned int)expire ));
+
+ ret = gencache_set( key, servername, expire );
+
+ TALLOC_FREE( key );
+
+ return ret;
+}
+
+bool saf_delete( const char *domain )
+{
+ char *key;
+ bool ret = False;
+
+ if ( !domain ) {
+ DEBUG(2,("saf_delete: Refusing to delete empty domain\n"));
+ return False;
+ }
+
+ key = saf_join_key(talloc_tos(), domain);
+ if (key == NULL) {
+ DEBUG(1, ("saf_join_key() failed\n"));
+ return false;
+ }
+ ret = gencache_del(key);
+ TALLOC_FREE(key);
+
+ if (ret) {
+ DEBUG(10,("saf_delete[join]: domain = [%s]\n", domain ));
+ }
+
+ key = saf_key(talloc_tos(), domain);
+ if (key == NULL) {
+ DEBUG(1, ("saf_key() failed\n"));
+ return false;
+ }
+ ret = gencache_del(key);
+ TALLOC_FREE(key);
+
+ if (ret) {
+ DEBUG(10,("saf_delete: domain = [%s]\n", domain ));
+ }
+
+ return ret;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+char *saf_fetch(TALLOC_CTX *mem_ctx, const char *domain )
+{
+ char *server = NULL;
+ time_t timeout;
+ bool ret = False;
+ char *key = NULL;
+
+ if ( !domain || strlen(domain) == 0) {
+ DEBUG(2,("saf_fetch: Empty domain name!\n"));
+ return NULL;
+ }
+
+ key = saf_join_key(talloc_tos(), domain);
+ if (key == NULL) {
+ DEBUG(1, ("saf_join_key() failed\n"));
+ return NULL;
+ }
+
+ ret = gencache_get( key, mem_ctx, &server, &timeout );
+
+ TALLOC_FREE( key );
+
+ if ( ret ) {
+ DEBUG(5,("saf_fetch[join]: Returning \"%s\" for \"%s\" domain\n",
+ server, domain ));
+ return server;
+ }
+
+ key = saf_key(talloc_tos(), domain);
+ if (key == NULL) {
+ DEBUG(1, ("saf_key() failed\n"));
+ return NULL;
+ }
+
+ ret = gencache_get( key, mem_ctx, &server, &timeout );
+
+ TALLOC_FREE( key );
+
+ if ( !ret ) {
+ DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n",
+ domain ));
+ } else {
+ DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n",
+ server, domain ));
+ }
+
+ return server;
+}
+
+static void set_socket_addr_v4(struct samba_sockaddr *addr)
+{
+ if (!interpret_string_addr(&addr->u.ss, lp_nbt_client_socket_address(),
+ AI_NUMERICHOST|AI_PASSIVE)) {
+ zero_sockaddr(&addr->u.ss);
+ /* zero_sockaddr sets family to AF_INET. */
+ addr->sa_socklen = sizeof(struct sockaddr_in);
+ }
+ if (addr->u.ss.ss_family != AF_INET) {
+ zero_sockaddr(&addr->u.ss);
+ /* zero_sockaddr sets family to AF_INET. */
+ addr->sa_socklen = sizeof(struct sockaddr_in);
+ }
+}
+
+static struct in_addr my_socket_addr_v4(void)
+{
+ struct samba_sockaddr my_addr = {0};
+
+ set_socket_addr_v4(&my_addr);
+ return my_addr.u.in.sin_addr;
+}
+
+/****************************************************************************
+ Generate a random trn_id.
+****************************************************************************/
+
+static int generate_trn_id(void)
+{
+ uint16_t id;
+
+ generate_random_buffer((uint8_t *)&id, sizeof(id));
+
+ return id % (unsigned)0x7FFF;
+}
+
+/****************************************************************************
+ Parse a node status response into an array of structures.
+****************************************************************************/
+
+static struct node_status *parse_node_status(TALLOC_CTX *mem_ctx, char *p,
+ size_t *num_names,
+ struct node_status_extra *extra)
+{
+ struct node_status *ret;
+ size_t i;
+ size_t result_count = 0;
+
+ result_count = CVAL(p,0);
+
+ if (result_count == 0)
+ return NULL;
+
+ ret = talloc_array(mem_ctx, struct node_status,result_count);
+ if (!ret)
+ return NULL;
+
+ p++;
+ for (i=0;i< result_count;i++) {
+ strlcpy(ret[i].name,p,16);
+ trim_char(ret[i].name,'\0',' ');
+ ret[i].type = CVAL(p,15);
+ ret[i].flags = p[16];
+ p += 18;
+ DEBUG(10, ("%s#%02x: flags = 0x%02x\n", ret[i].name,
+ ret[i].type, ret[i].flags));
+ }
+ /*
+ * Also, pick up the MAC address ...
+ */
+ if (extra) {
+ memcpy(&extra->mac_addr, p, 6); /* Fill in the mac addr */
+ }
+ *num_names = result_count;
+ return ret;
+}
+
+struct sock_packet_read_state {
+ struct tevent_context *ev;
+ enum packet_type type;
+ int trn_id;
+
+ struct nb_packet_reader *reader;
+ struct tevent_req *reader_req;
+
+ struct tdgram_context *sock;
+ struct tevent_req *socket_req;
+ uint8_t *buf;
+ struct tsocket_address *addr;
+
+ bool (*validator)(struct packet_struct *p,
+ void *private_data);
+ void *private_data;
+
+ struct packet_struct *packet;
+};
+
+static void sock_packet_read_got_packet(struct tevent_req *subreq);
+static void sock_packet_read_got_socket(struct tevent_req *subreq);
+
+static struct tevent_req *sock_packet_read_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tdgram_context *sock,
+ struct nb_packet_reader *reader,
+ enum packet_type type,
+ int trn_id,
+ bool (*validator)(struct packet_struct *p, void *private_data),
+ void *private_data)
+{
+ struct tevent_req *req;
+ struct sock_packet_read_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct sock_packet_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->reader = reader;
+ state->sock = sock;
+ state->type = type;
+ state->trn_id = trn_id;
+ state->validator = validator;
+ state->private_data = private_data;
+
+ if (reader != NULL) {
+ state->reader_req = nb_packet_read_send(state, ev, reader);
+ if (tevent_req_nomem(state->reader_req, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ state->reader_req, sock_packet_read_got_packet, req);
+ }
+
+ state->socket_req = tdgram_recvfrom_send(state, ev, state->sock);
+ if (tevent_req_nomem(state->socket_req, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
+ req);
+
+ return req;
+}
+
+static void sock_packet_read_got_packet(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct sock_packet_read_state *state = tevent_req_data(
+ req, struct sock_packet_read_state);
+ NTSTATUS status;
+
+ status = nb_packet_read_recv(subreq, state, &state->packet);
+
+ TALLOC_FREE(state->reader_req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ if (state->socket_req != NULL) {
+ /*
+ * Still waiting for socket
+ */
+ return;
+ }
+ /*
+ * Both socket and packet reader failed
+ */
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ if ((state->validator != NULL) &&
+ !state->validator(state->packet, state->private_data)) {
+ DEBUG(10, ("validator failed\n"));
+
+ TALLOC_FREE(state->packet);
+
+ state->reader_req = nb_packet_read_send(state, state->ev,
+ state->reader);
+ if (tevent_req_nomem(state->reader_req, req)) {
+ return;
+ }
+ tevent_req_set_callback(
+ state->reader_req, sock_packet_read_got_packet, req);
+ return;
+ }
+
+ TALLOC_FREE(state->socket_req);
+ tevent_req_done(req);
+}
+
+static void sock_packet_read_got_socket(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct sock_packet_read_state *state = tevent_req_data(
+ req, struct sock_packet_read_state);
+ struct samba_sockaddr addr = {0};
+ ssize_t ret;
+ ssize_t received;
+ int err;
+ bool ok;
+
+ received = tdgram_recvfrom_recv(subreq, &err, state,
+ &state->buf, &state->addr);
+
+ TALLOC_FREE(state->socket_req);
+
+ if (received == -1) {
+ if (state->reader_req != NULL) {
+ /*
+ * Still waiting for reader
+ */
+ return;
+ }
+ /*
+ * Both socket and reader failed
+ */
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+ ok = tsocket_address_is_inet(state->addr, "ipv4");
+ if (!ok) {
+ goto retry;
+ }
+ ret = tsocket_address_bsd_sockaddr(state->addr,
+ &addr.u.sa,
+ sizeof(addr.u.in));
+ if (ret == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(errno));
+ return;
+ }
+
+ state->packet = parse_packet_talloc(
+ state, (char *)state->buf, received, state->type,
+ addr.u.in.sin_addr, addr.u.in.sin_port);
+ if (state->packet == NULL) {
+ DEBUG(10, ("parse_packet failed\n"));
+ goto retry;
+ }
+ if ((state->trn_id != -1) &&
+ (state->trn_id != packet_trn_id(state->packet))) {
+ DEBUG(10, ("Expected transaction id %d, got %d\n",
+ state->trn_id, packet_trn_id(state->packet)));
+ goto retry;
+ }
+
+ if ((state->validator != NULL) &&
+ !state->validator(state->packet, state->private_data)) {
+ DEBUG(10, ("validator failed\n"));
+ goto retry;
+ }
+
+ tevent_req_done(req);
+ return;
+
+retry:
+ TALLOC_FREE(state->packet);
+ TALLOC_FREE(state->buf);
+ TALLOC_FREE(state->addr);
+
+ state->socket_req = tdgram_recvfrom_send(state, state->ev, state->sock);
+ if (tevent_req_nomem(state->socket_req, req)) {
+ return;
+ }
+ tevent_req_set_callback(state->socket_req, sock_packet_read_got_socket,
+ req);
+}
+
+static NTSTATUS sock_packet_read_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct packet_struct **ppacket)
+{
+ struct sock_packet_read_state *state = tevent_req_data(
+ req, struct sock_packet_read_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *ppacket = talloc_move(mem_ctx, &state->packet);
+ return NT_STATUS_OK;
+}
+
+struct nb_trans_state {
+ struct tevent_context *ev;
+ struct tdgram_context *sock;
+ struct nb_packet_reader *reader;
+
+ struct tsocket_address *src_addr;
+ struct tsocket_address *dst_addr;
+ uint8_t *buf;
+ size_t buflen;
+ enum packet_type type;
+ int trn_id;
+
+ bool (*validator)(struct packet_struct *p,
+ void *private_data);
+ void *private_data;
+
+ struct packet_struct *packet;
+};
+
+static void nb_trans_got_reader(struct tevent_req *subreq);
+static void nb_trans_done(struct tevent_req *subreq);
+static void nb_trans_sent(struct tevent_req *subreq);
+static void nb_trans_send_next(struct tevent_req *subreq);
+
+static struct tevent_req *nb_trans_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct samba_sockaddr *_my_addr,
+ const struct samba_sockaddr *_dst_addr,
+ bool bcast,
+ uint8_t *buf, size_t buflen,
+ enum packet_type type, int trn_id,
+ bool (*validator)(struct packet_struct *p,
+ void *private_data),
+ void *private_data)
+{
+ const struct sockaddr *my_addr = &_my_addr->u.sa;
+ size_t my_addr_len = sizeof(_my_addr->u.in); /*We know it's AF_INET.*/
+ const struct sockaddr *dst_addr = &_dst_addr->u.sa;
+ size_t dst_addr_len = sizeof(_dst_addr->u.in); /*We know it's AF_INET.*/
+ struct tevent_req *req, *subreq;
+ struct nb_trans_state *state;
+ int ret;
+
+ req = tevent_req_create(mem_ctx, &state, struct nb_trans_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->buf = buf;
+ state->buflen = buflen;
+ state->type = type;
+ state->trn_id = trn_id;
+ state->validator = validator;
+ state->private_data = private_data;
+
+ ret = tsocket_address_bsd_from_sockaddr(state,
+ my_addr, my_addr_len,
+ &state->src_addr);
+ if (ret == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(errno));
+ return tevent_req_post(req, ev);
+ }
+
+ ret = tsocket_address_bsd_from_sockaddr(state,
+ dst_addr, dst_addr_len,
+ &state->dst_addr);
+ if (ret == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(errno));
+ return tevent_req_post(req, ev);
+ }
+
+ ret = tdgram_inet_udp_broadcast_socket(state->src_addr, state,
+ &state->sock);
+ if (ret == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(errno));
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, nb_trans_got_reader, req);
+ return req;
+}
+
+static void nb_trans_got_reader(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_trans_state *state = tevent_req_data(
+ req, struct nb_trans_state);
+ NTSTATUS status;
+
+ status = nb_packet_reader_recv(subreq, state, &state->reader);
+ TALLOC_FREE(subreq);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("nmbd not around\n"));
+ state->reader = NULL;
+ }
+
+ subreq = sock_packet_read_send(
+ state, state->ev, state->sock,
+ state->reader, state->type, state->trn_id,
+ state->validator, state->private_data);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_trans_done, req);
+
+ subreq = tdgram_sendto_send(state, state->ev,
+ state->sock,
+ state->buf, state->buflen,
+ state->dst_addr);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_trans_sent, req);
+}
+
+static void nb_trans_sent(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_trans_state *state = tevent_req_data(
+ req, struct nb_trans_state);
+ ssize_t sent;
+ int err;
+
+ sent = tdgram_sendto_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (sent == -1) {
+ DEBUG(10, ("sendto failed: %s\n", strerror(err)));
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+ subreq = tevent_wakeup_send(state, state->ev,
+ timeval_current_ofs(1, 0));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_trans_send_next, req);
+}
+
+static void nb_trans_send_next(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_trans_state *state = tevent_req_data(
+ req, struct nb_trans_state);
+ bool ret;
+
+ ret = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ret) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+ subreq = tdgram_sendto_send(state, state->ev,
+ state->sock,
+ state->buf, state->buflen,
+ state->dst_addr);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_trans_sent, req);
+}
+
+static void nb_trans_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_trans_state *state = tevent_req_data(
+ req, struct nb_trans_state);
+ NTSTATUS status;
+
+ status = sock_packet_read_recv(subreq, state, &state->packet);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+static NTSTATUS nb_trans_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct packet_struct **ppacket)
+{
+ struct nb_trans_state *state = tevent_req_data(
+ req, struct nb_trans_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *ppacket = talloc_move(mem_ctx, &state->packet);
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Do a NBT node status query on an open socket and return an array of
+ structures holding the returned names or NULL if the query failed.
+**************************************************************************/
+
+struct node_status_query_state {
+ struct samba_sockaddr my_addr;
+ struct samba_sockaddr addr;
+ uint8_t buf[1024];
+ ssize_t buflen;
+ struct packet_struct *packet;
+};
+
+static bool node_status_query_validator(struct packet_struct *p,
+ void *private_data);
+static void node_status_query_done(struct tevent_req *subreq);
+
+struct tevent_req *node_status_query_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct nmb_name *name,
+ const struct sockaddr_storage *addr)
+{
+ struct tevent_req *req, *subreq;
+ struct node_status_query_state *state;
+ struct packet_struct p;
+ struct nmb_packet *nmb = &p.packet.nmb;
+ bool ok;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct node_status_query_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (addr->ss_family != AF_INET) {
+ /* Can't do node status to IPv6 */
+ tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
+ return tevent_req_post(req, ev);
+ }
+
+ ok = sockaddr_storage_to_samba_sockaddr(&state->addr, addr);
+ if (!ok) {
+ /* node status must be IPv4 */
+ tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
+ return tevent_req_post(req, ev);
+ }
+ state->addr.u.in.sin_port = htons(NMB_PORT);
+
+ set_socket_addr_v4(&state->my_addr);
+
+ ZERO_STRUCT(p);
+ nmb->header.name_trn_id = generate_trn_id();
+ nmb->header.opcode = 0;
+ nmb->header.response = false;
+ nmb->header.nm_flags.bcast = false;
+ nmb->header.nm_flags.recursion_available = false;
+ nmb->header.nm_flags.recursion_desired = false;
+ nmb->header.nm_flags.trunc = false;
+ nmb->header.nm_flags.authoritative = false;
+ nmb->header.rcode = 0;
+ nmb->header.qdcount = 1;
+ nmb->header.ancount = 0;
+ nmb->header.nscount = 0;
+ nmb->header.arcount = 0;
+ nmb->question.question_name = *name;
+ nmb->question.question_type = 0x21;
+ nmb->question.question_class = 0x1;
+
+ state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
+ &p);
+ if (state->buflen == 0) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ DEBUG(10, ("build_packet failed\n"));
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = nb_trans_send(state,
+ ev,
+ &state->my_addr,
+ &state->addr,
+ false,
+ state->buf,
+ state->buflen,
+ NMB_PACKET,
+ nmb->header.name_trn_id,
+ node_status_query_validator,
+ NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ DEBUG(10, ("nb_trans_send failed\n"));
+ return tevent_req_post(req, ev);
+ }
+ if (!tevent_req_set_endtime(req, ev, timeval_current_ofs(10, 0))) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, node_status_query_done, req);
+ return req;
+}
+
+static bool node_status_query_validator(struct packet_struct *p,
+ void *private_data)
+{
+ struct nmb_packet *nmb = &p->packet.nmb;
+ debug_nmb_packet(p);
+
+ if (nmb->header.opcode != 0 ||
+ nmb->header.nm_flags.bcast ||
+ nmb->header.rcode ||
+ !nmb->header.ancount ||
+ nmb->answers->rr_type != 0x21) {
+ /*
+ * XXXX what do we do with this? could be a redirect,
+ * but we'll discard it for the moment
+ */
+ return false;
+ }
+ return true;
+}
+
+static void node_status_query_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct node_status_query_state *state = tevent_req_data(
+ req, struct node_status_query_state);
+ NTSTATUS status;
+
+ status = nb_trans_recv(subreq, state, &state->packet);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS node_status_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct node_status **pnode_status,
+ size_t *pnum_names,
+ struct node_status_extra *extra)
+{
+ struct node_status_query_state *state = tevent_req_data(
+ req, struct node_status_query_state);
+ struct node_status *node_status;
+ size_t num_names = 0;
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ node_status = parse_node_status(
+ mem_ctx, &state->packet->packet.nmb.answers->rdata[0],
+ &num_names, extra);
+ if (node_status == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ *pnode_status = node_status;
+ *pnum_names = num_names;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS node_status_query(TALLOC_CTX *mem_ctx, struct nmb_name *name,
+ const struct sockaddr_storage *addr,
+ struct node_status **pnode_status,
+ size_t *pnum_names,
+ struct node_status_extra *extra)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = node_status_query_send(ev, ev, name, addr);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = node_status_query_recv(req, mem_ctx, pnode_status,
+ pnum_names, extra);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+static bool name_status_lmhosts(const struct sockaddr_storage *paddr,
+ int qname_type, fstring pname)
+{
+ FILE *f;
+ char *name;
+ int name_type;
+ struct samba_sockaddr addr_in = {0};
+ struct samba_sockaddr addr = {0};
+ bool ok;
+
+ ok = sockaddr_storage_to_samba_sockaddr(&addr_in, paddr);
+ if (!ok) {
+ return false;
+ }
+ if (addr_in.u.ss.ss_family != AF_INET) {
+ return false;
+ }
+
+ f = startlmhosts(get_dyn_LMHOSTSFILE());
+ if (f == NULL) {
+ return false;
+ }
+
+ while (getlmhostsent(talloc_tos(), f, &name, &name_type, &addr.u.ss)) {
+ if (addr.u.ss.ss_family != AF_INET) {
+ continue;
+ }
+ if (name_type != qname_type) {
+ continue;
+ }
+ if (sockaddr_equal(&addr_in.u.sa, &addr.u.sa)) {
+ fstrcpy(pname, name);
+ endlmhosts(f);
+ return true;
+ }
+ }
+ endlmhosts(f);
+ return false;
+}
+
+/****************************************************************************
+ Find the first type XX name in a node status reply - used for finding
+ a servers name given its IP. Return the matched name in *name.
+**************************************************************************/
+
+bool name_status_find(const char *q_name,
+ int q_type,
+ int type,
+ const struct sockaddr_storage *to_ss,
+ fstring name)
+{
+ char addr[INET6_ADDRSTRLEN];
+ struct node_status *addrs = NULL;
+ struct nmb_name nname;
+ size_t count = 0, i;
+ bool result = false;
+ NTSTATUS status;
+
+ if (lp_disable_netbios()) {
+ DEBUG(5,("name_status_find(%s#%02x): netbios is disabled\n",
+ q_name, q_type));
+ return False;
+ }
+
+ print_sockaddr(addr, sizeof(addr), to_ss);
+
+ DEBUG(10, ("name_status_find: looking up %s#%02x at %s\n", q_name,
+ q_type, addr));
+
+ /* Check the cache first. */
+
+ if (namecache_status_fetch(q_name, q_type, type, to_ss, name)) {
+ return True;
+ }
+
+ if (to_ss->ss_family != AF_INET) {
+ /* Can't do node status to IPv6 */
+ return false;
+ }
+
+ result = name_status_lmhosts(to_ss, type, name);
+ if (result) {
+ DBG_DEBUG("Found name %s in lmhosts\n", name);
+ namecache_status_store(q_name, q_type, type, to_ss, name);
+ return true;
+ }
+
+ /* W2K PDC's seem not to respond to '*'#0. JRA */
+ make_nmb_name(&nname, q_name, q_type);
+ status = node_status_query(talloc_tos(), &nname, to_ss,
+ &addrs, &count, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ for (i=0;i<count;i++) {
+ /* Find first one of the requested type that's not a GROUP. */
+ if (addrs[i].type == type && ! (addrs[i].flags & 0x80))
+ break;
+ }
+ if (i == count)
+ goto done;
+
+ pull_ascii_nstring(name, sizeof(fstring), addrs[i].name);
+
+ /* Store the result in the cache. */
+ /* but don't store an entry for 0x1c names here. Here we have
+ a single host and DOMAIN<0x1c> names should be a list of hosts */
+
+ if ( q_type != 0x1c ) {
+ namecache_status_store(q_name, q_type, type, to_ss, name);
+ }
+
+ result = true;
+
+ done:
+ TALLOC_FREE(addrs);
+
+ DEBUG(10, ("name_status_find: name %sfound", result ? "" : "not "));
+
+ if (result)
+ DEBUGADD(10, (", name %s ip address is %s", name, addr));
+
+ DEBUG(10, ("\n"));
+
+ return result;
+}
+
+/*
+ comparison function used by sort_addr_list
+*/
+
+static int addr_compare(const struct sockaddr_storage *ss1,
+ const struct sockaddr_storage *ss2)
+{
+ int max_bits1=0, max_bits2=0;
+ int num_interfaces = iface_count();
+ int i;
+ struct samba_sockaddr sa1;
+ struct samba_sockaddr sa2;
+ bool ok;
+
+ ok = sockaddr_storage_to_samba_sockaddr(&sa1, ss1);
+ if (!ok) {
+ return 0; /* No change. */
+ }
+
+ ok = sockaddr_storage_to_samba_sockaddr(&sa2, ss2);
+ if (!ok) {
+ return 0; /* No change. */
+ }
+
+ /* Sort IPv4 addresses first. */
+ if (sa1.u.ss.ss_family != sa2.u.ss.ss_family) {
+ if (sa2.u.ss.ss_family == AF_INET) {
+ return 1;
+ } else {
+ return -1;
+ }
+ }
+
+ /* Here we know both addresses are of the same
+ * family. */
+
+ for (i=0;i<num_interfaces;i++) {
+ struct samba_sockaddr sif = {0};
+ const unsigned char *p_ss1 = NULL;
+ const unsigned char *p_ss2 = NULL;
+ const unsigned char *p_if = NULL;
+ size_t len = 0;
+ int bits1, bits2;
+
+ ok = sockaddr_storage_to_samba_sockaddr(&sif, iface_n_bcast(i));
+ if (!ok) {
+ return 0; /* No change. */
+ }
+ if (sif.u.ss.ss_family != sa1.u.ss.ss_family) {
+ /* Ignore interfaces of the wrong type. */
+ continue;
+ }
+ if (sif.u.ss.ss_family == AF_INET) {
+ p_if = (const unsigned char *)&sif.u.in.sin_addr;
+ p_ss1 = (const unsigned char *)&sa1.u.in.sin_addr;
+ p_ss2 = (const unsigned char *)&sa2.u.in.sin_addr;
+ len = 4;
+ }
+#if defined(HAVE_IPV6)
+ if (sif.u.ss.ss_family == AF_INET6) {
+ p_if = (const unsigned char *)&sif.u.in6.sin6_addr;
+ p_ss1 = (const unsigned char *)&sa1.u.in6.sin6_addr;
+ p_ss2 = (const unsigned char *)&sa2.u.in6.sin6_addr;
+ len = 16;
+ }
+#endif
+ if (!p_ss1 || !p_ss2 || !p_if || len == 0) {
+ continue;
+ }
+ bits1 = matching_len_bits(p_ss1, p_if, len);
+ bits2 = matching_len_bits(p_ss2, p_if, len);
+ max_bits1 = MAX(bits1, max_bits1);
+ max_bits2 = MAX(bits2, max_bits2);
+ }
+
+ /* Bias towards directly reachable IPs */
+ if (iface_local(&sa1.u.sa)) {
+ if (sa1.u.ss.ss_family == AF_INET) {
+ max_bits1 += 32;
+ } else {
+ max_bits1 += 128;
+ }
+ }
+ if (iface_local(&sa2.u.sa)) {
+ if (sa2.u.ss.ss_family == AF_INET) {
+ max_bits2 += 32;
+ } else {
+ max_bits2 += 128;
+ }
+ }
+ return max_bits2 - max_bits1;
+}
+
+/*
+ sort an IP list so that names that are close to one of our interfaces
+ are at the top. This prevents the problem where a WINS server returns an IP
+ that is not reachable from our subnet as the first match
+*/
+
+static void sort_addr_list(struct sockaddr_storage *sslist, size_t count)
+{
+ if (count <= 1) {
+ return;
+ }
+
+ TYPESAFE_QSORT(sslist, count, addr_compare);
+}
+
+static int samba_sockaddr_compare(struct samba_sockaddr *sa1,
+ struct samba_sockaddr *sa2)
+{
+ return addr_compare(&sa1->u.ss, &sa2->u.ss);
+}
+
+static void sort_sa_list(struct samba_sockaddr *salist, size_t count)
+{
+ if (count <= 1) {
+ return;
+ }
+
+ TYPESAFE_QSORT(salist, count, samba_sockaddr_compare);
+}
+
+/**********************************************************************
+ Remove any duplicate address/port pairs in the samba_sockaddr array.
+ *********************************************************************/
+
+size_t remove_duplicate_addrs2(struct samba_sockaddr *salist, size_t count )
+{
+ size_t i, j;
+
+ DBG_DEBUG("looking for duplicate address/port pairs\n");
+
+ /* One loop to set duplicates to a zero addr. */
+ for (i=0; i < count; i++) {
+ if (is_zero_addr(&salist[i].u.ss)) {
+ continue;
+ }
+
+ for (j=i+1; j<count; j++) {
+ if (sockaddr_equal(&salist[i].u.sa, &salist[j].u.sa)) {
+ zero_sockaddr(&salist[j].u.ss);
+ }
+ }
+ }
+
+ /* Now remove any addresses set to zero above. */
+ for (i = 0; i < count; i++) {
+ while (i < count &&
+ is_zero_addr(&salist[i].u.ss)) {
+ ARRAY_DEL_ELEMENT(salist, i, count);
+ count--;
+ }
+ }
+
+ return count;
+}
+
+static bool prioritize_ipv4_list(struct samba_sockaddr *salist, size_t count)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct samba_sockaddr *salist_new = talloc_array(frame,
+ struct samba_sockaddr,
+ count);
+ size_t i, j;
+
+ if (salist_new == NULL) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+
+ j = 0;
+
+ /* Copy IPv4 first. */
+ for (i = 0; i < count; i++) {
+ if (salist[i].u.ss.ss_family == AF_INET) {
+ salist_new[j++] = salist[i];
+ }
+ }
+
+ /* Copy IPv6. */
+ for (i = 0; i < count; i++) {
+ if (salist[i].u.ss.ss_family != AF_INET) {
+ salist_new[j++] = salist[i];
+ }
+ }
+
+ memcpy(salist, salist_new, sizeof(struct samba_sockaddr)*count);
+ TALLOC_FREE(frame);
+ return true;
+}
+
+/****************************************************************************
+ Do a netbios name query to find someones IP.
+ Returns an array of IP addresses or NULL if none.
+ *count will be set to the number of addresses returned.
+ *timed_out is set if we failed by timing out
+****************************************************************************/
+
+struct name_query_state {
+ struct samba_sockaddr my_addr;
+ struct samba_sockaddr addr;
+ bool bcast;
+ bool bcast_star_query;
+
+
+ uint8_t buf[1024];
+ ssize_t buflen;
+
+ NTSTATUS validate_error;
+ uint8_t flags;
+
+ struct sockaddr_storage *addrs;
+ size_t num_addrs;
+};
+
+static bool name_query_validator(struct packet_struct *p, void *private_data);
+static void name_query_done(struct tevent_req *subreq);
+
+struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *name, int name_type,
+ bool bcast, bool recurse,
+ const struct sockaddr_storage *addr)
+{
+ struct tevent_req *req, *subreq;
+ struct name_query_state *state;
+ struct packet_struct p;
+ struct nmb_packet *nmb = &p.packet.nmb;
+ bool ok;
+
+ req = tevent_req_create(mem_ctx, &state, struct name_query_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->bcast = bcast;
+
+ if (addr->ss_family != AF_INET) {
+ /* Can't do node status to IPv6 */
+ tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
+ return tevent_req_post(req, ev);
+ }
+
+ if (lp_disable_netbios()) {
+ DEBUG(5,("name_query(%s#%02x): netbios is disabled\n",
+ name, name_type));
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
+ ok = sockaddr_storage_to_samba_sockaddr(&state->addr, addr);
+ if (!ok) {
+ /* Node status must be IPv4 */
+ tevent_req_nterror(req, NT_STATUS_INVALID_ADDRESS);
+ return tevent_req_post(req, ev);
+ }
+ state->addr.u.in.sin_port = htons(NMB_PORT);
+
+ set_socket_addr_v4(&state->my_addr);
+
+ ZERO_STRUCT(p);
+ nmb->header.name_trn_id = generate_trn_id();
+ nmb->header.opcode = 0;
+ nmb->header.response = false;
+ nmb->header.nm_flags.bcast = bcast;
+ nmb->header.nm_flags.recursion_available = false;
+ nmb->header.nm_flags.recursion_desired = recurse;
+ nmb->header.nm_flags.trunc = false;
+ nmb->header.nm_flags.authoritative = false;
+ nmb->header.rcode = 0;
+ nmb->header.qdcount = 1;
+ nmb->header.ancount = 0;
+ nmb->header.nscount = 0;
+ nmb->header.arcount = 0;
+
+ if (bcast && (strcmp(name, "*")==0)) {
+ /*
+ * We're doing a broadcast query for all
+ * names in the area. Remember this so
+ * we will wait for all names within
+ * the timeout period.
+ */
+ state->bcast_star_query = true;
+ }
+
+ make_nmb_name(&nmb->question.question_name,name,name_type);
+
+ nmb->question.question_type = 0x20;
+ nmb->question.question_class = 0x1;
+
+ state->buflen = build_packet((char *)state->buf, sizeof(state->buf),
+ &p);
+ if (state->buflen == 0) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ DEBUG(10, ("build_packet failed\n"));
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = nb_trans_send(state,
+ ev,
+ &state->my_addr,
+ &state->addr,
+ bcast,
+ state->buf,
+ state->buflen,
+ NMB_PACKET,
+ nmb->header.name_trn_id,
+ name_query_validator,
+ state);
+ if (tevent_req_nomem(subreq, req)) {
+ DEBUG(10, ("nb_trans_send failed\n"));
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, name_query_done, req);
+ return req;
+}
+
+static bool name_query_validator(struct packet_struct *p, void *private_data)
+{
+ struct name_query_state *state = talloc_get_type_abort(
+ private_data, struct name_query_state);
+ struct nmb_packet *nmb = &p->packet.nmb;
+ struct sockaddr_storage *tmp_addrs;
+ bool got_unique_netbios_name = false;
+ int i;
+
+ debug_nmb_packet(p);
+
+ /*
+ * If we get a Negative Name Query Response from a WINS
+ * server, we should report it and give up.
+ */
+ if( 0 == nmb->header.opcode /* A query response */
+ && !state->bcast /* from a WINS server */
+ && nmb->header.rcode /* Error returned */
+ ) {
+
+ if( DEBUGLVL( 3 ) ) {
+ /* Only executed if DEBUGLEVEL >= 3 */
+ dbgtext( "Negative name query "
+ "response, rcode 0x%02x: ",
+ nmb->header.rcode );
+ switch( nmb->header.rcode ) {
+ case 0x01:
+ dbgtext("Request was invalidly formatted.\n");
+ break;
+ case 0x02:
+ dbgtext("Problem with NBNS, cannot process "
+ "name.\n");
+ break;
+ case 0x03:
+ dbgtext("The name requested does not "
+ "exist.\n");
+ break;
+ case 0x04:
+ dbgtext("Unsupported request error.\n");
+ break;
+ case 0x05:
+ dbgtext("Query refused error.\n");
+ break;
+ default:
+ dbgtext("Unrecognized error code.\n" );
+ break;
+ }
+ }
+
+ /*
+ * We accept this packet as valid, but tell the upper
+ * layers that it's a negative response.
+ */
+ state->validate_error = NT_STATUS_NOT_FOUND;
+ return true;
+ }
+
+ if (nmb->header.opcode != 0 ||
+ nmb->header.nm_flags.bcast ||
+ nmb->header.rcode ||
+ !nmb->header.ancount) {
+ /*
+ * XXXX what do we do with this? Could be a redirect,
+ * but we'll discard it for the moment.
+ */
+ return false;
+ }
+
+ tmp_addrs = talloc_realloc(
+ state, state->addrs, struct sockaddr_storage,
+ state->num_addrs + nmb->answers->rdlength/6);
+ if (tmp_addrs == NULL) {
+ state->validate_error = NT_STATUS_NO_MEMORY;
+ return true;
+ }
+ state->addrs = tmp_addrs;
+
+ DEBUG(2,("Got a positive name query response "
+ "from %s ( ", inet_ntoa(p->ip)));
+
+ for (i=0; i<nmb->answers->rdlength/6; i++) {
+ uint16_t flags;
+ struct in_addr ip;
+ struct sockaddr_storage addr;
+ struct samba_sockaddr sa = {0};
+ bool ok;
+ size_t j;
+
+ flags = RSVAL(&nmb->answers->rdata[i*6], 0);
+ got_unique_netbios_name |= ((flags & 0x8000) == 0);
+
+ putip((char *)&ip,&nmb->answers->rdata[2+i*6]);
+ in_addr_to_sockaddr_storage(&addr, ip);
+
+ ok = sockaddr_storage_to_samba_sockaddr(&sa, &addr);
+ if (!ok) {
+ continue;
+ }
+
+ if (is_zero_addr(&sa.u.ss)) {
+ continue;
+ }
+
+ for (j=0; j<state->num_addrs; j++) {
+ struct samba_sockaddr sa_j = {0};
+
+ ok = sockaddr_storage_to_samba_sockaddr(&sa_j,
+ &state->addrs[j]);
+ if (!ok) {
+ continue;
+ }
+ if (sockaddr_equal(&sa.u.sa, &sa_j.u.sa)) {
+ break;
+ }
+ }
+ if (j < state->num_addrs) {
+ /* Already got it */
+ continue;
+ }
+
+ DEBUGADD(2,("%s ",inet_ntoa(ip)));
+
+ state->addrs[state->num_addrs] = addr;
+ /* wrap check. */
+ if (state->num_addrs + 1 < state->num_addrs) {
+ return false;
+ }
+ state->num_addrs += 1;
+ }
+ DEBUGADD(2,(")\n"));
+
+ /* We add the flags back ... */
+ if (nmb->header.response)
+ state->flags |= NM_FLAGS_RS;
+ if (nmb->header.nm_flags.authoritative)
+ state->flags |= NM_FLAGS_AA;
+ if (nmb->header.nm_flags.trunc)
+ state->flags |= NM_FLAGS_TC;
+ if (nmb->header.nm_flags.recursion_desired)
+ state->flags |= NM_FLAGS_RD;
+ if (nmb->header.nm_flags.recursion_available)
+ state->flags |= NM_FLAGS_RA;
+ if (nmb->header.nm_flags.bcast)
+ state->flags |= NM_FLAGS_B;
+
+ if (state->bcast) {
+ /*
+ * We have to collect all entries coming in from broadcast
+ * queries. If we got a unique name and we are not querying
+ * all names registered within broadcast area (query
+ * for the name '*', so state->bcast_star_query is set),
+ * we're done.
+ */
+ return (got_unique_netbios_name && !state->bcast_star_query);
+ }
+ /*
+ * WINS responses are accepted when they are received
+ */
+ return true;
+}
+
+static void name_query_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct name_query_state *state = tevent_req_data(
+ req, struct name_query_state);
+ NTSTATUS status;
+ struct packet_struct *p = NULL;
+
+ status = nb_trans_recv(subreq, state, &p);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ if (!NT_STATUS_IS_OK(state->validate_error)) {
+ tevent_req_nterror(req, state->validate_error);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS name_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs, size_t *num_addrs,
+ uint8_t *flags)
+{
+ struct name_query_state *state = tevent_req_data(
+ req, struct name_query_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ if (state->bcast &&
+ NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ /*
+ * In the broadcast case we collect replies until the
+ * timeout.
+ */
+ status = NT_STATUS_OK;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ }
+ if (state->num_addrs == 0) {
+ return NT_STATUS_NOT_FOUND;
+ }
+ *addrs = talloc_move(mem_ctx, &state->addrs);
+ sort_addr_list(*addrs, state->num_addrs);
+ *num_addrs = state->num_addrs;
+ if (flags != NULL) {
+ *flags = state->flags;
+ }
+ return NT_STATUS_OK;
+}
+
+NTSTATUS name_query(const char *name, int name_type,
+ bool bcast, bool recurse,
+ const struct sockaddr_storage *to_ss,
+ TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs,
+ size_t *num_addrs, uint8_t *flags)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ struct timeval timeout;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = name_query_send(ev, ev, name, name_type, bcast, recurse, to_ss);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (bcast) {
+ timeout = timeval_current_ofs(0, 250000);
+ } else {
+ timeout = timeval_current_ofs(2, 0);
+ }
+ if (!tevent_req_set_endtime(req, ev, timeout)) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = name_query_recv(req, mem_ctx, addrs, num_addrs, flags);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct name_queries_state {
+ struct tevent_context *ev;
+ const char *name;
+ int name_type;
+ bool bcast;
+ bool recurse;
+ const struct sockaddr_storage *addrs;
+ size_t num_addrs;
+ int wait_msec;
+ int timeout_msec;
+
+ struct tevent_req **subreqs;
+ size_t num_received;
+ size_t num_sent;
+
+ size_t received_index;
+ struct sockaddr_storage *result_addrs;
+ size_t num_result_addrs;
+ uint8_t flags;
+};
+
+static void name_queries_done(struct tevent_req *subreq);
+static void name_queries_next(struct tevent_req *subreq);
+
+/*
+ * Send a name query to multiple destinations with a wait time in between
+ */
+
+static struct tevent_req *name_queries_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *name, int name_type,
+ bool bcast, bool recurse,
+ const struct sockaddr_storage *addrs,
+ size_t num_addrs, int wait_msec, int timeout_msec)
+{
+ struct tevent_req *req, *subreq;
+ struct name_queries_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct name_queries_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->name = name;
+ state->name_type = name_type;
+ state->bcast = bcast;
+ state->recurse = recurse;
+ state->addrs = addrs;
+ state->num_addrs = num_addrs;
+ state->wait_msec = wait_msec;
+ state->timeout_msec = timeout_msec;
+
+ state->subreqs = talloc_zero_array(
+ state, struct tevent_req *, num_addrs);
+ if (tevent_req_nomem(state->subreqs, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->num_sent = 0;
+
+ subreq = name_query_send(
+ state->subreqs, state->ev, name, name_type, bcast, recurse,
+ &state->addrs[state->num_sent]);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ if (!tevent_req_set_endtime(
+ subreq, state->ev,
+ timeval_current_ofs(0, state->timeout_msec * 1000))) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, name_queries_done, req);
+
+ state->subreqs[state->num_sent] = subreq;
+ state->num_sent += 1;
+
+ if (state->num_sent < state->num_addrs) {
+ subreq = tevent_wakeup_send(
+ state, state->ev,
+ timeval_current_ofs(0, state->wait_msec * 1000));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, name_queries_next, req);
+ }
+ return req;
+}
+
+static void name_queries_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct name_queries_state *state = tevent_req_data(
+ req, struct name_queries_state);
+ size_t i;
+ NTSTATUS status;
+
+ status = name_query_recv(subreq, state, &state->result_addrs,
+ &state->num_result_addrs, &state->flags);
+
+ for (i=0; i<state->num_sent; i++) {
+ if (state->subreqs[i] == subreq) {
+ break;
+ }
+ }
+ if (i == state->num_sent) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+ TALLOC_FREE(state->subreqs[i]);
+
+ /* wrap check. */
+ if (state->num_received + 1 < state->num_received) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+ state->num_received += 1;
+
+ if (!NT_STATUS_IS_OK(status)) {
+
+ if (state->num_received >= state->num_addrs) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ /*
+ * Still outstanding requests, just wait
+ */
+ return;
+ }
+ state->received_index = i;
+ tevent_req_done(req);
+}
+
+static void name_queries_next(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct name_queries_state *state = tevent_req_data(
+ req, struct name_queries_state);
+
+ if (!tevent_wakeup_recv(subreq)) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+
+ subreq = name_query_send(
+ state->subreqs, state->ev,
+ state->name, state->name_type, state->bcast, state->recurse,
+ &state->addrs[state->num_sent]);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, name_queries_done, req);
+ if (!tevent_req_set_endtime(
+ subreq, state->ev,
+ timeval_current_ofs(0, state->timeout_msec * 1000))) {
+ return;
+ }
+ state->subreqs[state->num_sent] = subreq;
+ state->num_sent += 1;
+
+ if (state->num_sent < state->num_addrs) {
+ subreq = tevent_wakeup_send(
+ state, state->ev,
+ timeval_current_ofs(0, state->wait_msec * 1000));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, name_queries_next, req);
+ }
+}
+
+static NTSTATUS name_queries_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **result_addrs,
+ size_t *num_result_addrs, uint8_t *flags,
+ size_t *received_index)
+{
+ struct name_queries_state *state = tevent_req_data(
+ req, struct name_queries_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+
+ if (result_addrs != NULL) {
+ *result_addrs = talloc_move(mem_ctx, &state->result_addrs);
+ }
+ if (num_result_addrs != NULL) {
+ *num_result_addrs = state->num_result_addrs;
+ }
+ if (flags != NULL) {
+ *flags = state->flags;
+ }
+ if (received_index != NULL) {
+ *received_index = state->received_index;
+ }
+ return NT_STATUS_OK;
+}
+
+/********************************************************
+ Resolve via "bcast" method.
+*********************************************************/
+
+struct name_resolve_bcast_state {
+ struct sockaddr_storage *addrs;
+ size_t num_addrs;
+};
+
+static void name_resolve_bcast_done(struct tevent_req *subreq);
+
+struct tevent_req *name_resolve_bcast_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *name,
+ int name_type)
+{
+ struct tevent_req *req, *subreq;
+ struct name_resolve_bcast_state *state;
+ struct sockaddr_storage *bcast_addrs;
+ size_t i, num_addrs, num_bcast_addrs;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct name_resolve_bcast_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (lp_disable_netbios()) {
+ DEBUG(5, ("name_resolve_bcast(%s#%02x): netbios is disabled\n",
+ name, name_type));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * "bcast" means do a broadcast lookup on all the local interfaces.
+ */
+
+ DEBUG(3, ("name_resolve_bcast: Attempting broadcast lookup "
+ "for name %s<0x%x>\n", name, name_type));
+
+ num_addrs = iface_count();
+ bcast_addrs = talloc_array(state, struct sockaddr_storage, num_addrs);
+ if (tevent_req_nomem(bcast_addrs, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /*
+ * Lookup the name on all the interfaces, return on
+ * the first successful match.
+ */
+ num_bcast_addrs = 0;
+
+ for (i=0; i<num_addrs; i++) {
+ const struct sockaddr_storage *pss = iface_n_bcast(i);
+
+ if (pss->ss_family != AF_INET) {
+ continue;
+ }
+ bcast_addrs[num_bcast_addrs] = *pss;
+ num_bcast_addrs += 1;
+ }
+
+ subreq = name_queries_send(state, ev, name, name_type, true, true,
+ bcast_addrs, num_bcast_addrs, 0, 250);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, name_resolve_bcast_done, req);
+ return req;
+}
+
+static void name_resolve_bcast_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct name_resolve_bcast_state *state = tevent_req_data(
+ req, struct name_resolve_bcast_state);
+ NTSTATUS status;
+
+ status = name_queries_recv(subreq, state,
+ &state->addrs, &state->num_addrs,
+ NULL, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS name_resolve_bcast_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs,
+ size_t *num_addrs)
+{
+ struct name_resolve_bcast_state *state = tevent_req_data(
+ req, struct name_resolve_bcast_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ *addrs = talloc_move(mem_ctx, &state->addrs);
+ *num_addrs = state->num_addrs;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS name_resolve_bcast(TALLOC_CTX *mem_ctx,
+ const char *name,
+ int name_type,
+ struct sockaddr_storage **return_iplist,
+ size_t *return_count)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = name_resolve_bcast_send(frame, ev, name, name_type);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = name_resolve_bcast_recv(req, mem_ctx, return_iplist,
+ return_count);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct query_wins_list_state {
+ struct tevent_context *ev;
+ const char *name;
+ uint8_t name_type;
+ struct in_addr *servers;
+ size_t num_servers;
+ struct sockaddr_storage server;
+ size_t num_sent;
+
+ struct sockaddr_storage *addrs;
+ size_t num_addrs;
+ uint8_t flags;
+};
+
+static void query_wins_list_done(struct tevent_req *subreq);
+
+/*
+ * Query a list of (replicating) wins servers in sequence, call them
+ * dead if they don't reply
+ */
+
+static struct tevent_req *query_wins_list_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct in_addr src_ip, const char *name, uint8_t name_type,
+ struct in_addr *servers, size_t num_servers)
+{
+ struct tevent_req *req, *subreq;
+ struct query_wins_list_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct query_wins_list_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->name = name;
+ state->name_type = name_type;
+ state->servers = servers;
+ state->num_servers = num_servers;
+
+ if (state->num_servers == 0) {
+ tevent_req_nterror(req, NT_STATUS_NOT_FOUND);
+ return tevent_req_post(req, ev);
+ }
+
+ in_addr_to_sockaddr_storage(
+ &state->server, state->servers[state->num_sent]);
+
+ subreq = name_query_send(state, state->ev,
+ state->name, state->name_type,
+ false, true, &state->server);
+
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ /* wrap check */
+ if (state->num_sent + 1 < state->num_sent) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ state->num_sent += 1;
+ if (!tevent_req_set_endtime(subreq, state->ev,
+ timeval_current_ofs(2, 0))) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, query_wins_list_done, req);
+ return req;
+}
+
+static void query_wins_list_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct query_wins_list_state *state = tevent_req_data(
+ req, struct query_wins_list_state);
+ NTSTATUS status;
+
+ status = name_query_recv(subreq, state,
+ &state->addrs, &state->num_addrs,
+ &state->flags);
+ TALLOC_FREE(subreq);
+ if (NT_STATUS_IS_OK(status)) {
+ tevent_req_done(req);
+ return;
+ }
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+ wins_srv_died(state->servers[state->num_sent-1],
+ my_socket_addr_v4());
+
+ if (state->num_sent == state->num_servers) {
+ tevent_req_nterror(req, NT_STATUS_NOT_FOUND);
+ return;
+ }
+
+ in_addr_to_sockaddr_storage(
+ &state->server, state->servers[state->num_sent]);
+
+ subreq = name_query_send(state, state->ev,
+ state->name, state->name_type,
+ false, true, &state->server);
+ state->num_sent += 1;
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ if (!tevent_req_set_endtime(subreq, state->ev,
+ timeval_current_ofs(2, 0))) {
+ return;
+ }
+ tevent_req_set_callback(subreq, query_wins_list_done, req);
+}
+
+static NTSTATUS query_wins_list_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs,
+ size_t *num_addrs,
+ uint8_t *flags)
+{
+ struct query_wins_list_state *state = tevent_req_data(
+ req, struct query_wins_list_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (addrs != NULL) {
+ *addrs = talloc_move(mem_ctx, &state->addrs);
+ }
+ if (num_addrs != NULL) {
+ *num_addrs = state->num_addrs;
+ }
+ if (flags != NULL) {
+ *flags = state->flags;
+ }
+ return NT_STATUS_OK;
+}
+
+struct resolve_wins_state {
+ size_t num_sent;
+ size_t num_received;
+
+ struct sockaddr_storage *addrs;
+ size_t num_addrs;
+ uint8_t flags;
+};
+
+static void resolve_wins_done(struct tevent_req *subreq);
+
+struct tevent_req *resolve_wins_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *name,
+ int name_type)
+{
+ struct tevent_req *req, *subreq;
+ struct resolve_wins_state *state;
+ char **wins_tags = NULL;
+ struct sockaddr_storage src_ss;
+ struct samba_sockaddr src_sa = {0};
+ struct in_addr src_ip;
+ size_t i, num_wins_tags;
+ bool ok;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct resolve_wins_state);
+ if (req == NULL) {
+ return NULL;
+ }
+
+ if (wins_srv_count() < 1) {
+ DEBUG(3,("resolve_wins: WINS server resolution selected "
+ "and no WINS servers listed.\n"));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ goto fail;
+ }
+
+ /* the address we will be sending from */
+ if (!interpret_string_addr(&src_ss, lp_nbt_client_socket_address(),
+ AI_NUMERICHOST|AI_PASSIVE)) {
+ zero_sockaddr(&src_ss);
+ }
+
+ ok = sockaddr_storage_to_samba_sockaddr(&src_sa, &src_ss);
+ if (!ok) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ goto fail;
+ }
+
+ if (src_sa.u.ss.ss_family != AF_INET) {
+ char addr[INET6_ADDRSTRLEN];
+ print_sockaddr(addr, sizeof(addr), &src_sa.u.ss);
+ DEBUG(3,("resolve_wins: cannot receive WINS replies "
+ "on IPv6 address %s\n",
+ addr));
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ goto fail;
+ }
+
+ src_ip = src_sa.u.in.sin_addr;
+
+ wins_tags = wins_srv_tags();
+ if (wins_tags == NULL) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ goto fail;
+ }
+
+ num_wins_tags = 0;
+ while (wins_tags[num_wins_tags] != NULL) {
+ /* wrap check. */
+ if (num_wins_tags + 1 < num_wins_tags) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ goto fail;
+ }
+ num_wins_tags += 1;
+ }
+
+ for (i=0; i<num_wins_tags; i++) {
+ size_t num_servers, num_alive;
+ struct in_addr *servers, *alive;
+ size_t j;
+
+ if (!wins_server_tag_ips(wins_tags[i], talloc_tos(),
+ &servers, &num_servers)) {
+ DEBUG(10, ("wins_server_tag_ips failed for tag %s\n",
+ wins_tags[i]));
+ continue;
+ }
+
+ alive = talloc_array(state, struct in_addr, num_servers);
+ if (tevent_req_nomem(alive, req)) {
+ goto fail;
+ }
+
+ num_alive = 0;
+ for (j=0; j<num_servers; j++) {
+ struct in_addr wins_ip = servers[j];
+
+ if (global_in_nmbd && ismyip_v4(wins_ip)) {
+ /* yikes! we'll loop forever */
+ continue;
+ }
+ /* skip any that have been unresponsive lately */
+ if (wins_srv_is_dead(wins_ip, src_ip)) {
+ continue;
+ }
+ DEBUG(3, ("resolve_wins: using WINS server %s "
+ "and tag '%s'\n",
+ inet_ntoa(wins_ip), wins_tags[i]));
+ alive[num_alive] = wins_ip;
+ num_alive += 1;
+ }
+ TALLOC_FREE(servers);
+
+ if (num_alive == 0) {
+ continue;
+ }
+
+ subreq = query_wins_list_send(
+ state, ev, src_ip, name, name_type,
+ alive, num_alive);
+ if (tevent_req_nomem(subreq, req)) {
+ goto fail;
+ }
+ tevent_req_set_callback(subreq, resolve_wins_done, req);
+ state->num_sent += 1;
+ }
+
+ if (state->num_sent == 0) {
+ tevent_req_nterror(req, NT_STATUS_NOT_FOUND);
+ goto fail;
+ }
+
+ wins_srv_tags_free(wins_tags);
+ return req;
+fail:
+ wins_srv_tags_free(wins_tags);
+ return tevent_req_post(req, ev);
+}
+
+static void resolve_wins_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct resolve_wins_state *state = tevent_req_data(
+ req, struct resolve_wins_state);
+ NTSTATUS status;
+
+ status = query_wins_list_recv(subreq, state, &state->addrs,
+ &state->num_addrs, &state->flags);
+ if (NT_STATUS_IS_OK(status)) {
+ tevent_req_done(req);
+ return;
+ }
+
+ /* wrap check. */
+ if (state->num_received + 1 < state->num_received) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return;
+ }
+
+ state->num_received += 1;
+
+ if (state->num_received < state->num_sent) {
+ /*
+ * Wait for the others
+ */
+ return;
+ }
+ tevent_req_nterror(req, status);
+}
+
+NTSTATUS resolve_wins_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs,
+ size_t *num_addrs, uint8_t *flags)
+{
+ struct resolve_wins_state *state = tevent_req_data(
+ req, struct resolve_wins_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ return status;
+ }
+ if (addrs != NULL) {
+ *addrs = talloc_move(mem_ctx, &state->addrs);
+ }
+ if (num_addrs != NULL) {
+ *num_addrs = state->num_addrs;
+ }
+ if (flags != NULL) {
+ *flags = state->flags;
+ }
+ return NT_STATUS_OK;
+}
+
+/********************************************************
+ Resolve via "wins" method.
+*********************************************************/
+
+NTSTATUS resolve_wins(TALLOC_CTX *mem_ctx,
+ const char *name,
+ int name_type,
+ struct sockaddr_storage **return_iplist,
+ size_t *return_count)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = resolve_wins_send(ev, ev, name, name_type);
+ if (req == NULL) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = resolve_wins_recv(req, mem_ctx, return_iplist, return_count,
+ NULL);
+fail:
+ TALLOC_FREE(ev);
+ return status;
+}
+
+
+/********************************************************
+ Resolve via "hosts" method.
+*********************************************************/
+
+static NTSTATUS resolve_hosts(TALLOC_CTX *mem_ctx,
+ const char *name,
+ int name_type,
+ struct sockaddr_storage **return_iplist,
+ size_t *return_count)
+{
+ /*
+ * "host" means do a localhost, or dns lookup.
+ */
+ struct addrinfo hints;
+ struct addrinfo *ailist = NULL;
+ struct addrinfo *res = NULL;
+ int ret = -1;
+ size_t i = 0;
+ size_t ret_count = 0;
+ struct sockaddr_storage *iplist = NULL;
+
+ if ( name_type != 0x20 && name_type != 0x0) {
+ DEBUG(5, ("resolve_hosts: not appropriate "
+ "for name type <0x%x>\n",
+ name_type));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ DEBUG(3,("resolve_hosts: Attempting host lookup for name %s<0x%x>\n",
+ name, name_type));
+
+ ZERO_STRUCT(hints);
+ /* By default make sure it supports TCP. */
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_ADDRCONFIG;
+
+#if !defined(HAVE_IPV6)
+ /* Unless we have IPv6, we really only want IPv4 addresses back. */
+ hints.ai_family = AF_INET;
+#endif
+
+ ret = getaddrinfo(name,
+ NULL,
+ &hints,
+ &ailist);
+ if (ret) {
+ DEBUG(3,("resolve_hosts: getaddrinfo failed for name %s [%s]\n",
+ name,
+ gai_strerror(ret) ));
+ }
+
+ for (res = ailist; res; res = res->ai_next) {
+ struct sockaddr_storage ss = {0};
+ struct sockaddr_storage *tmp = NULL;
+
+ if ((res->ai_addr == NULL) ||
+ (res->ai_addrlen == 0) ||
+ (res->ai_addrlen > sizeof(ss))) {
+ continue;
+ }
+
+ memcpy(&ss, res->ai_addr, res->ai_addrlen);
+
+ if (is_zero_addr(&ss)) {
+ continue;
+ }
+
+ /* wrap check. */
+ if (ret_count + 1 < ret_count) {
+ freeaddrinfo(ailist);
+ TALLOC_FREE(iplist);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ ret_count += 1;
+
+ tmp = talloc_realloc(
+ mem_ctx, iplist, struct sockaddr_storage,
+ ret_count);
+ if (tmp == NULL) {
+ DEBUG(3,("resolve_hosts: malloc fail !\n"));
+ freeaddrinfo(ailist);
+ TALLOC_FREE(iplist);
+ return NT_STATUS_NO_MEMORY;
+ }
+ iplist = tmp;
+ iplist[i] = ss;
+ i++;
+ }
+ if (ailist) {
+ freeaddrinfo(ailist);
+ }
+ if (ret_count == 0) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ *return_count = ret_count;
+ *return_iplist = iplist;
+ return NT_STATUS_OK;
+}
+
+/********************************************************
+ Resolve via "ADS" method.
+*********************************************************/
+
+/* Special name type used to cause a _kerberos DNS lookup. */
+#define KDC_NAME_TYPE 0xDCDC
+
+static NTSTATUS resolve_ads(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type,
+ const char *sitename,
+ struct sockaddr_storage **return_addrs,
+ size_t *return_count)
+{
+ size_t i;
+ NTSTATUS status;
+ struct dns_rr_srv *dcs = NULL;
+ size_t numdcs = 0;
+ size_t num_srv_addrs = 0;
+ struct sockaddr_storage *srv_addrs = NULL;
+ char *query = NULL;
+
+ if ((name_type != 0x1c) && (name_type != KDC_NAME_TYPE) &&
+ (name_type != 0x1b)) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ status = NT_STATUS_OK;
+
+ switch (name_type) {
+ case 0x1b:
+ DEBUG(5,("resolve_ads: Attempting to resolve "
+ "PDC for %s using DNS\n", name));
+ query = ads_dns_query_string_pdc(ctx, name);
+ break;
+
+ case 0x1c:
+ DEBUG(5,("resolve_ads: Attempting to resolve "
+ "DCs for %s using DNS\n", name));
+ query = ads_dns_query_string_dcs(ctx, name);
+ break;
+ case KDC_NAME_TYPE:
+ DEBUG(5,("resolve_ads: Attempting to resolve "
+ "KDCs for %s using DNS\n", name));
+ query = ads_dns_query_string_kdcs(ctx, name);
+ break;
+ default:
+ status = NT_STATUS_INVALID_PARAMETER;
+ break;
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+ if (query == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ DBG_DEBUG("SRV query for %s\n", query);
+
+ status = ads_dns_query_srv(
+ ctx,
+ lp_get_async_dns_timeout(),
+ sitename,
+ query,
+ &dcs,
+ &numdcs);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (numdcs == 0) {
+ *return_addrs = NULL;
+ *return_count = 0;
+ TALLOC_FREE(dcs);
+ return NT_STATUS_OK;
+ }
+
+ /* First count the sizes of each array. */
+ for(i = 0; i < numdcs; i++) {
+ if (dcs[i].ss_s == NULL) {
+ /*
+ * Nothing received or timeout in A/AAAA reqs
+ */
+ continue;
+ }
+
+ if (num_srv_addrs + dcs[i].num_ips < num_srv_addrs) {
+ /* Wrap check. */
+ TALLOC_FREE(dcs);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ /* Add in the number of addresses we got. */
+ num_srv_addrs += dcs[i].num_ips;
+ }
+
+ /* Allocate the list of IP addresses we already have. */
+ srv_addrs = talloc_zero_array(ctx,
+ struct sockaddr_storage,
+ num_srv_addrs);
+ if (srv_addrs == NULL) {
+ TALLOC_FREE(dcs);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ num_srv_addrs = 0;
+ for(i = 0; i < numdcs; i++) {
+ /* Copy all the IP addresses from the SRV response */
+ size_t j;
+ for (j = 0; j < dcs[i].num_ips; j++) {
+ char addr[INET6_ADDRSTRLEN];
+
+ srv_addrs[num_srv_addrs] = dcs[i].ss_s[j];
+ if (is_zero_addr(&srv_addrs[num_srv_addrs])) {
+ continue;
+ }
+
+ DBG_DEBUG("SRV lookup %s got IP[%zu] %s\n",
+ name,
+ j,
+ print_sockaddr(addr,
+ sizeof(addr),
+ &srv_addrs[num_srv_addrs]));
+
+ num_srv_addrs++;
+ }
+ }
+
+ TALLOC_FREE(dcs);
+
+ *return_addrs = srv_addrs;
+ *return_count = num_srv_addrs;
+ return NT_STATUS_OK;
+}
+
+static const char **filter_out_nbt_lookup(TALLOC_CTX *mem_ctx,
+ const char **resolve_order)
+{
+ size_t i, len, result_idx;
+ const char **result;
+
+ len = 0;
+ while (resolve_order[len] != NULL) {
+ len += 1;
+ }
+
+ result = talloc_array(mem_ctx, const char *, len+1);
+ if (result == NULL) {
+ return NULL;
+ }
+
+ result_idx = 0;
+
+ for (i=0; i<len; i++) {
+ const char *tok = resolve_order[i];
+
+ if (strequal(tok, "lmhosts") || strequal(tok, "wins") ||
+ strequal(tok, "bcast")) {
+ continue;
+ }
+ result[result_idx++] = tok;
+ }
+ result[result_idx] = NULL;
+
+ return result;
+}
+
+/*******************************************************************
+ Samba interface to resolve a name into an IP address.
+ Use this function if the string is either an IP address, DNS
+ or host name or NetBIOS name. This uses the name switch in the
+ smb.conf to determine the order of name resolution.
+
+ Added support for ip addr/port to support ADS ldap servers.
+ the only place we currently care about the port is in the
+ resolve_hosts() when looking up DC's via SRV RR entries in DNS
+**********************************************************************/
+
+NTSTATUS internal_resolve_name(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type,
+ const char *sitename,
+ struct samba_sockaddr **return_salist,
+ size_t *return_count,
+ const char **resolve_order)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ size_t i;
+ size_t nc_count = 0;
+ size_t ret_count = 0;
+ bool ok;
+ struct sockaddr_storage *ss_list = NULL;
+ struct samba_sockaddr *sa_list = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ DBG_DEBUG("looking up %s#%x (sitename %s)\n",
+ name, name_type, sitename ? sitename : "(null)");
+
+ if (is_ipaddress(name)) {
+ struct sockaddr_storage ss;
+
+ /* if it's in the form of an IP address then get the lib to interpret it */
+ ok = interpret_string_addr(&ss, name, AI_NUMERICHOST);
+ if (!ok) {
+ DBG_WARNING("interpret_string_addr failed on %s\n",
+ name);
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ if (is_zero_addr(&ss)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ status = sockaddr_array_to_samba_sockaddr_array(frame,
+ &sa_list,
+ &ret_count,
+ &ss,
+ 1);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ *return_salist = talloc_move(ctx, &sa_list);
+ *return_count = 1;
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ /* Check name cache */
+
+ ok = namecache_fetch(frame,
+ name,
+ name_type,
+ &sa_list,
+ &nc_count);
+ if (ok) {
+ /*
+ * remove_duplicate_addrs2() has the
+ * side effect of removing zero addresses,
+ * so use it here.
+ */
+ nc_count = remove_duplicate_addrs2(sa_list, nc_count);
+ if (nc_count == 0) {
+ TALLOC_FREE(sa_list);
+ TALLOC_FREE(frame);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ *return_count = nc_count;
+ *return_salist = talloc_move(ctx, &sa_list);
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ /* set the name resolution order */
+
+ if (resolve_order && strcmp(resolve_order[0], "NULL") == 0) {
+ DBG_DEBUG("all lookups disabled\n");
+ TALLOC_FREE(frame);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!resolve_order || !resolve_order[0]) {
+ static const char *host_order[] = { "host", NULL };
+ resolve_order = host_order;
+ }
+
+ if ((strlen(name) > MAX_NETBIOSNAME_LEN - 1) ||
+ (strchr(name, '.') != NULL)) {
+ /*
+ * Don't do NBT lookup, the name would not fit anyway
+ */
+ resolve_order = filter_out_nbt_lookup(frame, resolve_order);
+ if (resolve_order == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ /* iterate through the name resolution backends */
+
+ for (i=0; resolve_order[i]; i++) {
+ const char *tok = resolve_order[i];
+
+ if ((strequal(tok, "host") || strequal(tok, "hosts"))) {
+ status = resolve_hosts(talloc_tos(),
+ name,
+ name_type,
+ &ss_list,
+ &ret_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+ goto done;
+ }
+
+ if (strequal(tok, "kdc")) {
+ /* deal with KDC_NAME_TYPE names here.
+ * This will result in a SRV record lookup */
+ status = resolve_ads(talloc_tos(),
+ name,
+ KDC_NAME_TYPE,
+ sitename,
+ &ss_list,
+ &ret_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+ /* Ensure we don't namecache
+ * this with the KDC port. */
+ name_type = KDC_NAME_TYPE;
+ goto done;
+ }
+
+ if (strequal(tok, "ads")) {
+ /* deal with 0x1c and 0x1b names here.
+ * This will result in a SRV record lookup */
+ status = resolve_ads(talloc_tos(),
+ name,
+ name_type,
+ sitename,
+ &ss_list,
+ &ret_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+ goto done;
+ }
+
+ if (strequal(tok, "lmhosts")) {
+ status = resolve_lmhosts_file_as_sockaddr(
+ talloc_tos(),
+ get_dyn_LMHOSTSFILE(),
+ name,
+ name_type,
+ &ss_list,
+ &ret_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+ goto done;
+ }
+
+ if (strequal(tok, "wins")) {
+ /* don't resolve 1D via WINS */
+ if (name_type == 0x1D) {
+ continue;
+ }
+ status = resolve_wins(talloc_tos(),
+ name,
+ name_type,
+ &ss_list,
+ &ret_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+ goto done;
+ }
+
+ if (strequal(tok, "bcast")) {
+ status = name_resolve_bcast(
+ talloc_tos(),
+ name,
+ name_type,
+ &ss_list,
+ &ret_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+ goto done;
+ }
+
+ DBG_ERR("unknown name switch type %s\n", tok);
+ }
+
+ /* All of the resolve_* functions above have returned false. */
+
+ TALLOC_FREE(frame);
+ *return_count = 0;
+
+ return status;
+
+ done:
+
+ status = sockaddr_array_to_samba_sockaddr_array(frame,
+ &sa_list,
+ &ret_count,
+ ss_list,
+ ret_count);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /* Remove duplicate entries. Some queries, notably #1c (domain
+ controllers) return the PDC in iplist[0] and then all domain
+ controllers including the PDC in iplist[1..n]. Iterating over
+ the iplist when the PDC is down will cause two sets of timeouts. */
+
+ ret_count = remove_duplicate_addrs2(sa_list, ret_count);
+
+ /* Save in name cache */
+ if ( DEBUGLEVEL >= 100 ) {
+ for (i = 0; i < ret_count && DEBUGLEVEL == 100; i++) {
+ char addr[INET6_ADDRSTRLEN];
+ print_sockaddr(addr, sizeof(addr),
+ &sa_list[i].u.ss);
+ DEBUG(100, ("Storing name %s of type %d (%s:0)\n",
+ name,
+ name_type,
+ addr));
+ }
+ }
+
+ if (ret_count) {
+ namecache_store(name,
+ name_type,
+ ret_count,
+ sa_list);
+ }
+
+ /* Display some debugging info */
+
+ if ( DEBUGLEVEL >= 10 ) {
+ DBG_DEBUG("returning %zu addresses: ",
+ ret_count);
+
+ for (i = 0; i < ret_count; i++) {
+ char addr[INET6_ADDRSTRLEN];
+ print_sockaddr(addr, sizeof(addr),
+ &sa_list[i].u.ss);
+ DEBUGADD(10, ("%s ", addr));
+ }
+ DEBUG(10, ("\n"));
+ }
+
+ *return_count = ret_count;
+ *return_salist = talloc_move(ctx, &sa_list);
+
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/********************************************************
+ Internal interface to resolve a name into one IP address.
+ Use this function if the string is either an IP address, DNS
+ or host name or NetBIOS name. This uses the name switch in the
+ smb.conf to determine the order of name resolution.
+*********************************************************/
+
+bool resolve_name(const char *name,
+ struct sockaddr_storage *return_ss,
+ int name_type,
+ bool prefer_ipv4)
+{
+ struct samba_sockaddr *sa_list = NULL;
+ char *sitename = NULL;
+ size_t count = 0;
+ NTSTATUS status;
+ TALLOC_CTX *frame = NULL;
+
+ if (is_ipaddress(name)) {
+ return interpret_string_addr(return_ss, name, AI_NUMERICHOST);
+ }
+
+ frame = talloc_stackframe();
+
+ sitename = sitename_fetch(frame, lp_realm()); /* wild guess */
+
+ status = internal_resolve_name(frame,
+ name,
+ name_type,
+ sitename,
+ &sa_list,
+ &count,
+ lp_name_resolve_order());
+ if (NT_STATUS_IS_OK(status)) {
+ size_t i;
+
+ if (prefer_ipv4) {
+ for (i=0; i<count; i++) {
+ if (!is_broadcast_addr(&sa_list[i].u.sa) &&
+ (sa_list[i].u.ss.ss_family == AF_INET)) {
+ *return_ss = sa_list[i].u.ss;
+ TALLOC_FREE(sa_list);
+ TALLOC_FREE(frame);
+ return True;
+ }
+ }
+ }
+
+ /* only return valid addresses for TCP connections */
+ for (i=0; i<count; i++) {
+ if (!is_broadcast_addr(&sa_list[i].u.sa)) {
+ *return_ss = sa_list[i].u.ss;
+ TALLOC_FREE(sa_list);
+ TALLOC_FREE(frame);
+ return True;
+ }
+ }
+ }
+
+ TALLOC_FREE(sa_list);
+ TALLOC_FREE(frame);
+ return False;
+}
+
+/********************************************************
+ Internal interface to resolve a name into a list of IP addresses.
+ Use this function if the string is either an IP address, DNS
+ or host name or NetBIOS name. This uses the name switch in the
+ smb.conf to determine the order of name resolution.
+*********************************************************/
+
+NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type,
+ struct sockaddr_storage **return_ss_arr,
+ unsigned int *p_num_entries)
+{
+ struct samba_sockaddr *sa_list = NULL;
+ char *sitename = NULL;
+ size_t count = 0;
+ size_t i;
+ unsigned int num_entries = 0;
+ struct sockaddr_storage *result_arr = NULL;
+ NTSTATUS status;
+
+ if (is_ipaddress(name)) {
+ result_arr = talloc(ctx, struct sockaddr_storage);
+ if (result_arr == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ if (!interpret_string_addr(result_arr, name, AI_NUMERICHOST)) {
+ TALLOC_FREE(result_arr);
+ return NT_STATUS_BAD_NETWORK_NAME;
+ }
+ *p_num_entries = 1;
+ *return_ss_arr = result_arr;
+ return NT_STATUS_OK;
+ }
+
+ sitename = sitename_fetch(ctx, lp_realm()); /* wild guess */
+
+ status = internal_resolve_name(ctx,
+ name,
+ name_type,
+ sitename,
+ &sa_list,
+ &count,
+ lp_name_resolve_order());
+ TALLOC_FREE(sitename);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* only return valid addresses for TCP connections */
+ for (i=0, num_entries = 0; i<count; i++) {
+ if (!is_zero_addr(&sa_list[i].u.ss) &&
+ !is_broadcast_addr(&sa_list[i].u.sa)) {
+ num_entries++;
+ }
+ }
+ if (num_entries == 0) {
+ status = NT_STATUS_BAD_NETWORK_NAME;
+ goto done;
+ }
+
+ result_arr = talloc_array(ctx,
+ struct sockaddr_storage,
+ num_entries);
+ if (result_arr == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ for (i=0, num_entries = 0; i<count; i++) {
+ if (!is_zero_addr(&sa_list[i].u.ss) &&
+ !is_broadcast_addr(&sa_list[i].u.sa)) {
+ result_arr[num_entries++] = sa_list[i].u.ss;
+ }
+ }
+
+ if (num_entries == 0) {
+ TALLOC_FREE(result_arr);
+ status = NT_STATUS_BAD_NETWORK_NAME;
+ goto done;
+ }
+
+ status = NT_STATUS_OK;
+ *p_num_entries = num_entries;
+ *return_ss_arr = result_arr;
+done:
+ TALLOC_FREE(sa_list);
+ return status;
+}
+
+/********************************************************
+ Find the IP address of the master browser or DMB for a workgroup.
+*********************************************************/
+
+bool find_master_ip(const char *group, struct sockaddr_storage *master_ss)
+{
+ struct samba_sockaddr *sa_list = NULL;
+ size_t count = 0;
+ NTSTATUS status;
+
+ if (lp_disable_netbios()) {
+ DEBUG(5,("find_master_ip(%s): netbios is disabled\n", group));
+ return false;
+ }
+
+ status = internal_resolve_name(talloc_tos(),
+ group,
+ 0x1D,
+ NULL,
+ &sa_list,
+ &count,
+ lp_name_resolve_order());
+ if (NT_STATUS_IS_OK(status)) {
+ *master_ss = sa_list[0].u.ss;
+ TALLOC_FREE(sa_list);
+ return true;
+ }
+
+ TALLOC_FREE(sa_list);
+
+ status = internal_resolve_name(talloc_tos(),
+ group,
+ 0x1B,
+ NULL,
+ &sa_list,
+ &count,
+ lp_name_resolve_order());
+ if (NT_STATUS_IS_OK(status)) {
+ *master_ss = sa_list[0].u.ss;
+ TALLOC_FREE(sa_list);
+ return true;
+ }
+
+ TALLOC_FREE(sa_list);
+ return false;
+}
+
+/********************************************************
+ Get the IP address list of the primary domain controller
+ for a domain.
+*********************************************************/
+
+bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss)
+{
+ struct samba_sockaddr *sa_list = NULL;
+ size_t count = 0;
+ NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
+ static const char *ads_order[] = { "ads", NULL };
+ /* Look up #1B name */
+
+ if (lp_security() == SEC_ADS) {
+ status = internal_resolve_name(talloc_tos(),
+ domain,
+ 0x1b,
+ NULL,
+ &sa_list,
+ &count,
+ ads_order);
+ }
+
+ if (!NT_STATUS_IS_OK(status) || count == 0) {
+ TALLOC_FREE(sa_list);
+ status = internal_resolve_name(talloc_tos(),
+ domain,
+ 0x1b,
+ NULL,
+ &sa_list,
+ &count,
+ lp_name_resolve_order());
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(sa_list);
+ return false;
+ }
+ }
+
+ /* if we get more than 1 IP back we have to assume it is a
+ multi-homed PDC and not a mess up */
+
+ if ( count > 1 ) {
+ DBG_INFO("PDC has %zu IP addresses!\n", count);
+ sort_sa_list(sa_list, count);
+ }
+
+ *pss = sa_list[0].u.ss;
+ TALLOC_FREE(sa_list);
+ return true;
+}
+
+/* Private enum type for lookups. */
+
+enum dc_lookup_type { DC_NORMAL_LOOKUP, DC_ADS_ONLY, DC_KDC_ONLY };
+
+/********************************************************
+ Get the IP address list of the domain controllers for
+ a domain.
+*********************************************************/
+
+static NTSTATUS get_dc_list(TALLOC_CTX *ctx,
+ const char *domain,
+ const char *sitename,
+ struct samba_sockaddr **sa_list_ret,
+ size_t *ret_count,
+ enum dc_lookup_type lookup_type,
+ bool *ordered)
+{
+ const char **resolve_order = NULL;
+ char *saf_servername = NULL;
+ char *pserver = NULL;
+ const char *p;
+ char *name;
+ size_t num_addresses = 0;
+ size_t local_count = 0;
+ size_t i;
+ struct samba_sockaddr *auto_sa_list = NULL;
+ struct samba_sockaddr *return_salist = NULL;
+ bool done_auto_lookup = false;
+ size_t auto_count = 0;
+ NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
+ int auto_name_type = 0x1C;
+
+ *ordered = False;
+
+ /* if we are restricted to solely using DNS for looking
+ up a domain controller, make sure that host lookups
+ are enabled for the 'name resolve order'. If host lookups
+ are disabled and ads_only is True, then set the string to
+ NULL. */
+
+ resolve_order = lp_name_resolve_order();
+ if (!resolve_order) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+ if (lookup_type == DC_ADS_ONLY) {
+ if (str_list_check_ci(resolve_order, "host")) {
+ static const char *ads_order[] = { "ads", NULL };
+ resolve_order = ads_order;
+
+ /* DNS SRV lookups used by the ads resolver
+ are already sorted by priority and weight */
+ *ordered = true;
+ } else {
+ /* this is quite bizarre! */
+ static const char *null_order[] = { "NULL", NULL };
+ resolve_order = null_order;
+ }
+ } else if (lookup_type == DC_KDC_ONLY) {
+ static const char *kdc_order[] = { "kdc", NULL };
+ /* DNS SRV lookups used by the ads/kdc resolver
+ are already sorted by priority and weight */
+ *ordered = true;
+ resolve_order = kdc_order;
+ auto_name_type = KDC_NAME_TYPE;
+ }
+
+ /* fetch the server we have affinity for. Add the
+ 'password server' list to a search for our domain controllers */
+
+ saf_servername = saf_fetch(frame, domain);
+
+ if (strequal(domain, lp_workgroup()) || strequal(domain, lp_realm())) {
+ pserver = talloc_asprintf(frame, "%s, %s",
+ saf_servername ? saf_servername : "",
+ lp_password_server());
+ } else {
+ pserver = talloc_asprintf(frame, "%s, *",
+ saf_servername ? saf_servername : "");
+ }
+
+ TALLOC_FREE(saf_servername);
+ if (!pserver) {
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver ));
+
+ /*
+ * if '*' appears in the "password server" list then add
+ * an auto lookup to the list of manually configured
+ * DC's. If any DC is listed by name, then the list should be
+ * considered to be ordered
+ */
+
+ p = pserver;
+ while (next_token_talloc(frame, &p, &name, LIST_SEP)) {
+ if (!done_auto_lookup && strequal(name, "*")) {
+ done_auto_lookup = true;
+
+ status = internal_resolve_name(frame,
+ domain,
+ auto_name_type,
+ sitename,
+ &auto_sa_list,
+ &auto_count,
+ resolve_order);
+ if (!NT_STATUS_IS_OK(status)) {
+ continue;
+ }
+ /* Wrap check. */
+ if (num_addresses + auto_count < num_addresses) {
+ TALLOC_FREE(auto_sa_list);
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+ num_addresses += auto_count;
+ DBG_DEBUG("Adding %zu DC's from auto lookup\n",
+ auto_count);
+ } else {
+ /* Wrap check. */
+ if (num_addresses + 1 < num_addresses) {
+ TALLOC_FREE(auto_sa_list);
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+ num_addresses++;
+ }
+ }
+
+ /* if we have no addresses and haven't done the auto lookup, then
+ just return the list of DC's. Or maybe we just failed. */
+
+ if (num_addresses == 0) {
+ struct samba_sockaddr *dc_salist = NULL;
+ size_t dc_count = 0;
+
+ if (done_auto_lookup) {
+ DEBUG(4,("get_dc_list: no servers found\n"));
+ status = NT_STATUS_NO_LOGON_SERVERS;
+ goto out;
+ }
+ /* talloc off frame, only move to ctx on success. */
+ status = internal_resolve_name(frame,
+ domain,
+ auto_name_type,
+ sitename,
+ &dc_salist,
+ &dc_count,
+ resolve_order);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+ return_salist = dc_salist;
+ local_count = dc_count;
+ goto out;
+ }
+
+ return_salist = talloc_zero_array(frame,
+ struct samba_sockaddr,
+ num_addresses);
+ if (return_salist == NULL) {
+ DEBUG(3,("get_dc_list: malloc fail !\n"));
+ status = NT_STATUS_NO_MEMORY;
+ goto out;
+ }
+
+ p = pserver;
+ local_count = 0;
+
+ /* fill in the return list now with real IP's */
+
+ while ((local_count<num_addresses) &&
+ next_token_talloc(frame, &p, &name, LIST_SEP)) {
+ struct samba_sockaddr name_sa = {0};
+
+ /* copy any addresses from the auto lookup */
+
+ if (strequal(name, "*")) {
+ size_t j;
+ for (j=0; j<auto_count; j++) {
+ char addr[INET6_ADDRSTRLEN];
+ print_sockaddr(addr,
+ sizeof(addr),
+ &auto_sa_list[j].u.ss);
+ /* Check for and don't copy any
+ * known bad DC IP's. */
+ if(!NT_STATUS_IS_OK(check_negative_conn_cache(
+ domain,
+ addr))) {
+ DEBUG(5,("get_dc_list: "
+ "negative entry %s removed "
+ "from DC list\n",
+ addr));
+ continue;
+ }
+ return_salist[local_count] = auto_sa_list[j];
+ local_count++;
+ }
+ continue;
+ }
+
+ /* explicit lookup; resolve_name() will
+ * handle names & IP addresses */
+ if (resolve_name(name, &name_sa.u.ss, 0x20, true)) {
+ char addr[INET6_ADDRSTRLEN];
+ bool ok;
+
+ /*
+ * Ensure we set sa_socklen correctly.
+ * Doesn't matter now, but eventually we
+ * will remove ip_service and return samba_sockaddr
+ * arrays directly.
+ */
+ ok = sockaddr_storage_to_samba_sockaddr(
+ &name_sa,
+ &name_sa.u.ss);
+ if (!ok) {
+ status = NT_STATUS_INVALID_ADDRESS;
+ goto out;
+ }
+
+ print_sockaddr(addr,
+ sizeof(addr),
+ &name_sa.u.ss);
+
+ /* Check for and don't copy any known bad DC IP's. */
+ if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
+ addr)) ) {
+ DEBUG(5,("get_dc_list: negative entry %s "
+ "removed from DC list\n",
+ name ));
+ continue;
+ }
+
+ return_salist[local_count] = name_sa;
+ local_count++;
+ *ordered = true;
+ }
+ }
+
+ /* need to remove duplicates in the list if we have any
+ explicit password servers */
+
+ local_count = remove_duplicate_addrs2(return_salist, local_count );
+
+ /* For DC's we always prioritize IPv4 due to W2K3 not
+ * supporting LDAP, KRB5 or CLDAP over IPv6. */
+
+ if (local_count && return_salist != NULL) {
+ prioritize_ipv4_list(return_salist, local_count);
+ }
+
+ if ( DEBUGLEVEL >= 4 ) {
+ DEBUG(4,("get_dc_list: returning %zu ip addresses "
+ "in an %sordered list\n",
+ local_count,
+ *ordered ? "":"un"));
+ DEBUG(4,("get_dc_list: "));
+ for ( i=0; i<local_count; i++ ) {
+ char addr[INET6_ADDRSTRLEN];
+ print_sockaddr(addr,
+ sizeof(addr),
+ &return_salist[i].u.ss);
+ DEBUGADD(4,("%s ", addr));
+ }
+ DEBUGADD(4,("\n"));
+ }
+
+ status = (local_count != 0 ? NT_STATUS_OK : NT_STATUS_NO_LOGON_SERVERS);
+
+ out:
+
+ if (NT_STATUS_IS_OK(status)) {
+ *sa_list_ret = talloc_move(ctx, &return_salist);
+ *ret_count = local_count;
+ }
+ TALLOC_FREE(return_salist);
+ TALLOC_FREE(auto_sa_list);
+ TALLOC_FREE(frame);
+ return status;
+}
+
+/*********************************************************************
+ Small wrapper function to get the DC list and sort it if necessary.
+ Returns a samba_sockaddr array.
+*********************************************************************/
+
+NTSTATUS get_sorted_dc_list(TALLOC_CTX *ctx,
+ const char *domain,
+ const char *sitename,
+ struct samba_sockaddr **sa_list_ret,
+ size_t *ret_count,
+ bool ads_only)
+{
+ bool ordered = false;
+ NTSTATUS status;
+ enum dc_lookup_type lookup_type = DC_NORMAL_LOOKUP;
+ struct samba_sockaddr *sa_list = NULL;
+ size_t count = 0;
+
+ DBG_INFO("attempting lookup for name %s (sitename %s)\n",
+ domain,
+ sitename ? sitename : "NULL");
+
+ if (ads_only) {
+ lookup_type = DC_ADS_ONLY;
+ }
+
+ status = get_dc_list(ctx,
+ domain,
+ sitename,
+ &sa_list,
+ &count,
+ lookup_type,
+ &ordered);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_LOGON_SERVERS)
+ && sitename) {
+ DBG_WARNING("No server for domain '%s' available"
+ " in site '%s', fallback to all servers\n",
+ domain,
+ sitename);
+ status = get_dc_list(ctx,
+ domain,
+ NULL,
+ &sa_list,
+ &count,
+ lookup_type,
+ &ordered);
+ }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* only sort if we don't already have an ordered list */
+ if (!ordered) {
+ sort_sa_list(sa_list, count);
+ }
+
+ *ret_count = count;
+ *sa_list_ret = sa_list;
+ return status;
+}
+
+/*********************************************************************
+ Get the KDC list - re-use all the logic in get_dc_list.
+ Returns a samba_sockaddr array.
+*********************************************************************/
+
+NTSTATUS get_kdc_list(TALLOC_CTX *ctx,
+ const char *realm,
+ const char *sitename,
+ struct samba_sockaddr **sa_list_ret,
+ size_t *ret_count)
+{
+ size_t count = 0;
+ struct samba_sockaddr *sa_list = NULL;
+ bool ordered = false;
+ NTSTATUS status;
+
+ status = get_dc_list(ctx,
+ realm,
+ sitename,
+ &sa_list,
+ &count,
+ DC_KDC_ONLY,
+ &ordered);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /* only sort if we don't already have an ordered list */
+ if (!ordered ) {
+ sort_sa_list(sa_list, count);
+ }
+
+ *ret_count = count;
+ *sa_list_ret = sa_list;
+ return status;
+}
diff --git a/source3/libsmb/namequery.h b/source3/libsmb/namequery.h
new file mode 100644
index 0000000..16559f9
--- /dev/null
+++ b/source3/libsmb/namequery.h
@@ -0,0 +1,116 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Copyright (C) Volker Lendecke 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBSMB_NAMEQUERY_H__
+#define __LIBSMB_NAMEQUERY_H__
+
+#include "includes.h"
+#include <tevent.h>
+
+/* The following definitions come from libsmb/namequery.c */
+bool saf_store( const char *domain, const char *servername );
+bool saf_join_store( const char *domain, const char *servername );
+bool saf_delete( const char *domain );
+char *saf_fetch(TALLOC_CTX *mem_ctx, const char *domain );
+struct tevent_req *node_status_query_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct nmb_name *name,
+ const struct sockaddr_storage *addr);
+NTSTATUS node_status_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct node_status **pnode_status,
+ size_t *pnum_names,
+ struct node_status_extra *extra);
+NTSTATUS node_status_query(TALLOC_CTX *mem_ctx, struct nmb_name *name,
+ const struct sockaddr_storage *addr,
+ struct node_status **pnode_status,
+ size_t *pnum_names,
+ struct node_status_extra *extra);
+bool name_status_find(const char *q_name,
+ int q_type,
+ int type,
+ const struct sockaddr_storage *to_ss,
+ fstring name);
+size_t remove_duplicate_addrs2(struct samba_sockaddr *salist, size_t count);
+struct tevent_req *name_query_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *name, int name_type,
+ bool bcast, bool recurse,
+ const struct sockaddr_storage *addr);
+NTSTATUS name_query_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs, size_t *num_addrs,
+ uint8_t *flags);
+NTSTATUS name_query(const char *name, int name_type,
+ bool bcast, bool recurse,
+ const struct sockaddr_storage *to_ss,
+ TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs,
+ size_t *num_addrs, uint8_t *flags);
+struct tevent_req *name_resolve_bcast_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *name,
+ int name_type);
+NTSTATUS name_resolve_bcast_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs,
+ size_t *num_addrs);
+NTSTATUS name_resolve_bcast(TALLOC_CTX *mem_ctx,
+ const char *name,
+ int name_type,
+ struct sockaddr_storage **return_iplist,
+ size_t *return_count);
+struct tevent_req *resolve_wins_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const char *name,
+ int name_type);
+NTSTATUS resolve_wins_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct sockaddr_storage **addrs,
+ size_t *num_addrs, uint8_t *flags);
+NTSTATUS resolve_wins(TALLOC_CTX *mem_ctx,
+ const char *name,
+ int name_type,
+ struct sockaddr_storage **return_iplist,
+ size_t *return_count);
+NTSTATUS internal_resolve_name(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type,
+ const char *sitename,
+ struct samba_sockaddr **return_salist,
+ size_t *ret_count,
+ const char **resolve_order);
+bool resolve_name(const char *name,
+ struct sockaddr_storage *return_ss,
+ int name_type,
+ bool prefer_ipv4);
+NTSTATUS resolve_name_list(TALLOC_CTX *ctx,
+ const char *name,
+ int name_type,
+ struct sockaddr_storage **return_ss_arr,
+ unsigned int *p_num_entries);
+bool find_master_ip(const char *group, struct sockaddr_storage *master_ss);
+bool get_pdc_ip(const char *domain, struct sockaddr_storage *pss);
+NTSTATUS get_sorted_dc_list(TALLOC_CTX *ctx,
+ const char *domain,
+ const char *sitename,
+ struct samba_sockaddr **sa_list_ret,
+ size_t *ret_count,
+ bool ads_only);
+NTSTATUS get_kdc_list(TALLOC_CTX *ctx,
+ const char *realm,
+ const char *sitename,
+ struct samba_sockaddr **sa_list_ret,
+ size_t *ret_count);
+#endif
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
new file mode 100644
index 0000000..06e2c50
--- /dev/null
+++ b/source3/libsmb/namequery_dc.c
@@ -0,0 +1,262 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Winbind daemon connection manager
+
+ Copyright (C) Tim Potter 2001
+ Copyright (C) Andrew Bartlett 2002
+ Copyright (C) Gerald Carter 2003
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "libsmb/namequery.h"
+#include "libads/sitename_cache.h"
+#include "ads.h"
+#include "../librpc/gen_ndr/nbt.h"
+#include "lib/param/loadparm.h"
+#include "lib/util/string_wrappers.h"
+
+/**********************************************************************
+ Is this our primary domain ?
+**********************************************************************/
+
+#ifdef HAVE_ADS
+static bool is_our_primary_domain(const char *domain)
+{
+ int role = lp_server_role();
+
+ if ((role == ROLE_DOMAIN_MEMBER) && strequal(lp_workgroup(), domain)) {
+ return True;
+ } else if (strequal(get_global_sam_name(), domain)) {
+ return True;
+ }
+ return False;
+}
+#endif
+
+/**************************************************************************
+ Find the name and IP address for a server in the realm/domain
+ *************************************************************************/
+
+static bool ads_dc_name(const char *domain,
+ const char *realm,
+ struct sockaddr_storage *dc_ss,
+ fstring srv_name)
+{
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ bool ok = false;
+ ADS_STRUCT *ads;
+ char *sitename;
+ int i;
+ char addr[INET6_ADDRSTRLEN];
+
+ if (!realm && strequal(domain, lp_workgroup())) {
+ realm = lp_realm();
+ }
+
+ sitename = sitename_fetch(tmp_ctx, realm);
+
+ /* Try this 3 times then give up. */
+ for( i =0 ; i < 3; i++) {
+ ads = ads_init(tmp_ctx, realm, domain, NULL, ADS_SASL_PLAIN);
+ if (!ads) {
+ ok = false;
+ goto out;
+ }
+
+ DEBUG(4,("ads_dc_name: domain=%s\n", domain));
+
+#ifdef HAVE_ADS
+ /* we don't need to bind, just connect */
+ ads->auth.flags |= ADS_AUTH_NO_BIND;
+ ads_connect(ads);
+#endif
+
+ if (!ads->config.realm) {
+ ok = false;
+ goto out;
+ }
+
+ /* Now we've found a server, see if our sitename
+ has changed. If so, we need to re-do the DNS query
+ to ensure we only find servers in our site. */
+
+ if (stored_sitename_changed(realm, sitename)) {
+ sitename = sitename_fetch(tmp_ctx, realm);
+ TALLOC_FREE(ads);
+ /* Ensure we don't cache the DC we just connected to. */
+ namecache_delete(realm, 0x1C);
+ namecache_delete(domain, 0x1C);
+ continue;
+ }
+
+#ifdef HAVE_ADS
+ if (is_our_primary_domain(domain) && (ads->config.flags & NBT_SERVER_KDC)) {
+ if (ads_closest_dc(ads)) {
+ /* We're going to use this KDC for this realm/domain.
+ If we are using sites, then force the krb5 libs
+ to use this KDC. */
+
+ create_local_private_krb5_conf_for_domain(realm,
+ domain,
+ sitename,
+ &ads->ldap.ss);
+ } else {
+ create_local_private_krb5_conf_for_domain(realm,
+ domain,
+ NULL,
+ &ads->ldap.ss);
+ }
+ }
+#endif
+ break;
+ }
+
+ if (i == 3) {
+ DEBUG(1,("ads_dc_name: sitename (now \"%s\") keeps changing ???\n",
+ sitename ? sitename : ""));
+ ok = false;
+ goto out;
+ }
+
+ fstrcpy(srv_name, ads->config.ldap_server_name);
+ if (!strupper_m(srv_name)) {
+ ok = false;
+ goto out;
+ }
+#ifdef HAVE_ADS
+ *dc_ss = ads->ldap.ss;
+#else
+ zero_sockaddr(dc_ss);
+#endif
+ print_sockaddr(addr, sizeof(addr), dc_ss);
+ DEBUG(4,("ads_dc_name: using server='%s' IP=%s\n",
+ srv_name, addr));
+
+ ok = true;
+out:
+ TALLOC_FREE(tmp_ctx);
+
+ return ok;
+}
+
+/****************************************************************************
+ Utility function to return the name of a DC. The name is guaranteed to be
+ valid since we have already done a name_status_find on it
+ ***************************************************************************/
+
+static bool rpc_dc_name(const char *domain,
+ fstring srv_name,
+ struct sockaddr_storage *ss_out)
+{
+ struct samba_sockaddr *sa_list = NULL;
+ size_t count = 0;
+ struct sockaddr_storage dc_ss;
+ size_t i;
+ NTSTATUS result;
+ char addr[INET6_ADDRSTRLEN];
+
+ /* get a list of all domain controllers */
+
+ result = get_sorted_dc_list(talloc_tos(),
+ domain,
+ NULL,
+ &sa_list,
+ &count,
+ false);
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(3, ("Could not look up dc's for domain %s\n", domain));
+ return False;
+ }
+
+ /* Remove the entry we've already failed with (should be the PDC). */
+
+ for (i = 0; i < count; i++) {
+ if (is_zero_addr(&sa_list[i].u.ss))
+ continue;
+
+ if (name_status_find(domain, 0x1c, 0x20, &sa_list[i].u.ss, srv_name)) {
+ result = check_negative_conn_cache( domain, srv_name );
+ if ( NT_STATUS_IS_OK(result) ) {
+ dc_ss = sa_list[i].u.ss;
+ goto done;
+ }
+ }
+ }
+
+ TALLOC_FREE(sa_list);
+
+ /* No-one to talk to )-: */
+ return False; /* Boo-hoo */
+
+ done:
+ /* We have the netbios name and IP address of a domain controller.
+ Ideally we should sent a SAMLOGON request to determine whether
+ the DC is alive and kicking. If we can catch a dead DC before
+ performing a cli_connect() we can avoid a 30-second timeout. */
+
+ print_sockaddr(addr, sizeof(addr), &dc_ss);
+ DEBUG(3, ("rpc_dc_name: Returning DC %s (%s) for domain %s\n", srv_name,
+ addr, domain));
+
+ *ss_out = dc_ss;
+ TALLOC_FREE(sa_list);
+
+ return True;
+}
+
+/**********************************************************************
+ wrapper around ads and rpc methods of finds DC's
+**********************************************************************/
+
+bool get_dc_name(const char *domain,
+ const char *realm,
+ fstring srv_name,
+ struct sockaddr_storage *ss_out)
+{
+ struct sockaddr_storage dc_ss;
+ bool ret;
+ bool our_domain = False;
+
+ zero_sockaddr(&dc_ss);
+
+ ret = False;
+
+ if ( strequal(lp_workgroup(), domain) || strequal(lp_realm(), realm) )
+ our_domain = True;
+
+ /* always try to obey what the admin specified in smb.conf
+ (for the local domain) */
+
+ if ( (our_domain && lp_security()==SEC_ADS) || realm ) {
+ ret = ads_dc_name(domain, realm, &dc_ss, srv_name);
+ }
+
+ if (!domain) {
+ /* if we have only the realm we can't do anything else */
+ return False;
+ }
+
+ if (!ret) {
+ /* fall back on rpc methods if the ADS methods fail */
+ ret = rpc_dc_name(domain, srv_name, &dc_ss);
+ }
+
+ *ss_out = dc_ss;
+
+ return ret;
+}
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
new file mode 100644
index 0000000..c90e92e
--- /dev/null
+++ b/source3/libsmb/nmblib.c
@@ -0,0 +1,1466 @@
+/*
+ Unix SMB/CIFS implementation.
+ NBT netbios library routines
+ Copyright (C) Andrew Tridgell 1994-1998
+ Copyright (C) Jeremy Allison 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "libsmb/nmblib.h"
+#include "lib/util/string_wrappers.h"
+
+static const struct opcode_names {
+ const char *nmb_opcode_name;
+ int opcode;
+} nmb_header_opcode_names[] = {
+ {"Query", 0 },
+ {"Registration", 5 },
+ {"Release", 6 },
+ {"WACK", 7 },
+ {"Refresh", 8 },
+ {"Refresh(altcode)", 9 },
+ {"Multi-homed Registration", 15 },
+ {0, -1 }
+};
+
+/****************************************************************************
+ Lookup a nmb opcode name.
+****************************************************************************/
+
+static const char *lookup_opcode_name( int opcode )
+{
+ const struct opcode_names *op_namep;
+ int i;
+
+ for(i = 0; nmb_header_opcode_names[i].nmb_opcode_name != 0; i++) {
+ op_namep = &nmb_header_opcode_names[i];
+ if(opcode == op_namep->opcode)
+ return op_namep->nmb_opcode_name;
+ }
+ return "<unknown opcode>";
+}
+
+/****************************************************************************
+ Print out a res_rec structure.
+****************************************************************************/
+
+static void debug_nmb_res_rec(struct res_rec *res, const char *hdr)
+{
+ int i, j;
+
+ DEBUGADD( 4, ( " %s: nmb_name=%s rr_type=%d rr_class=%d ttl=%d\n",
+ hdr,
+ nmb_namestr(&res->rr_name),
+ res->rr_type,
+ res->rr_class,
+ res->ttl ) );
+
+ if (res->rdlength == 0) {
+ return;
+ }
+
+ for (i = 0; i < res->rdlength; i+= MAX_NETBIOSNAME_LEN) {
+ DEBUGADD(4, (" %s %3x char ", hdr, i));
+
+ for (j = 0; j < MAX_NETBIOSNAME_LEN; j++) {
+ unsigned char x = res->rdata[i+j];
+ if (x < 32 || x > 127)
+ x = '.';
+
+ if (i+j >= res->rdlength)
+ break;
+ DEBUGADD(4, ("%c", x));
+ }
+
+ DEBUGADD(4, (" hex "));
+
+ for (j = 0; j < MAX_NETBIOSNAME_LEN; j++) {
+ if (i+j >= res->rdlength)
+ break;
+ DEBUGADD(4, ("%02X", (unsigned char)res->rdata[i+j]));
+ }
+
+ DEBUGADD(4, ("\n"));
+ }
+}
+
+/****************************************************************************
+ Process a nmb packet.
+****************************************************************************/
+
+void debug_nmb_packet(struct packet_struct *p)
+{
+ struct nmb_packet *nmb = &p->packet.nmb;
+
+ if( DEBUGLVL( 4 ) ) {
+ dbgtext( "nmb packet from %s(%d) header: id=%d "
+ "opcode=%s(%d) response=%s\n",
+ inet_ntoa(p->ip), p->port,
+ nmb->header.name_trn_id,
+ lookup_opcode_name(nmb->header.opcode),
+ nmb->header.opcode,
+ BOOLSTR(nmb->header.response) );
+ dbgtext( " header: flags: bcast=%s rec_avail=%s "
+ "rec_des=%s trunc=%s auth=%s\n",
+ BOOLSTR(nmb->header.nm_flags.bcast),
+ BOOLSTR(nmb->header.nm_flags.recursion_available),
+ BOOLSTR(nmb->header.nm_flags.recursion_desired),
+ BOOLSTR(nmb->header.nm_flags.trunc),
+ BOOLSTR(nmb->header.nm_flags.authoritative) );
+ dbgtext( " header: rcode=%d qdcount=%d ancount=%d "
+ "nscount=%d arcount=%d\n",
+ nmb->header.rcode,
+ nmb->header.qdcount,
+ nmb->header.ancount,
+ nmb->header.nscount,
+ nmb->header.arcount );
+ }
+
+ if (nmb->header.qdcount) {
+ DEBUGADD( 4, ( " question: q_name=%s q_type=%d q_class=%d\n",
+ nmb_namestr(&nmb->question.question_name),
+ nmb->question.question_type,
+ nmb->question.question_class) );
+ }
+
+ if (nmb->answers && nmb->header.ancount) {
+ debug_nmb_res_rec(nmb->answers,"answers");
+ }
+ if (nmb->nsrecs && nmb->header.nscount) {
+ debug_nmb_res_rec(nmb->nsrecs,"nsrecs");
+ }
+ if (nmb->additional && nmb->header.arcount) {
+ debug_nmb_res_rec(nmb->additional,"additional");
+ }
+}
+
+/*******************************************************************
+ Handle "compressed" name pointers.
+******************************************************************/
+
+static bool handle_name_ptrs(unsigned char *ubuf,int *offset,int length,
+ bool *got_pointer,int *ret)
+{
+ int loop_count=0;
+
+ while ((ubuf[*offset] & 0xC0) == 0xC0) {
+ if (!*got_pointer)
+ (*ret) += 2;
+ (*got_pointer)=True;
+ if (*offset > length - 2) {
+ return False;
+ }
+ (*offset) = ((ubuf[*offset] & ~0xC0)<<8) | ubuf[(*offset)+1];
+ if (loop_count++ == 10 ||
+ (*offset) < 0 || (*offset)>(length-2)) {
+ return False;
+ }
+ }
+ return True;
+}
+
+/*******************************************************************
+ Parse a nmb name from "compressed" format to something readable
+ return the space taken by the name, or 0 if the name is invalid
+******************************************************************/
+
+static int parse_nmb_name(char *inbuf,int ofs,int length, struct nmb_name *name)
+{
+ size_t m,n=0;
+ unsigned char *ubuf = (unsigned char *)inbuf;
+ int ret = 0;
+ bool got_pointer=False;
+ size_t loop_count=0;
+ int offset = ofs;
+
+ if (length - offset < 2)
+ return(0);
+
+ /* handle initial name pointers */
+ if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
+ return(0);
+
+ m = ubuf[offset];
+
+ /* m must be 32 to exactly fill in the 16 bytes of the netbios name */
+ if (m != 32) {
+ return 0;
+ }
+ /* Cannot go past length. */
+ if (offset+m+2 > length) {
+ return 0;
+ }
+
+ memset((char *)name,'\0',sizeof(*name));
+
+ /* the "compressed" part */
+ if (!got_pointer)
+ ret += m + 2;
+ offset++;
+ while (m > 0) {
+ unsigned char c1,c2;
+ c1 = ubuf[offset++]-'A';
+ c2 = ubuf[offset++]-'A';
+ if ((c1 & 0xF0) || (c2 & 0xF0)) {
+ return(0);
+ }
+ if (n >= sizeof(name->name)) {
+ return 0;
+ }
+ name->name[n++] = (c1<<4) | c2;
+ m -= 2;
+ }
+ /*
+ * RFC1002: For a valid NetBIOS name, exiting from the above,
+ * n *must* be MAX_NETBIOSNAME_LEN (16).
+ */
+ if (n != MAX_NETBIOSNAME_LEN) {
+ return 0;
+ }
+
+ /* parse out the name type, its always
+ * in the 16th byte of the name */
+ name->name_type = ((unsigned char)name->name[15]) & 0xff;
+
+ /* remove trailing spaces */
+ name->name[15] = 0;
+ n = 14;
+ while (n && name->name[n]==' ')
+ name->name[n--] = 0;
+
+ /* now the domain parts (if any) */
+ n = 0;
+ while (ubuf[offset]) {
+ /* we can have pointers within the domain part as well */
+ if (!handle_name_ptrs(ubuf,&offset,length,&got_pointer,&ret))
+ return(0);
+
+ m = ubuf[offset];
+ /*
+ * Don't allow null domain parts.
+ */
+ if (!m)
+ return(0);
+ if (!got_pointer)
+ ret += m+1;
+ if (n)
+ name->scope[n++] = '.';
+ if (m+2+offset>length || n+m+1>sizeof(name->scope))
+ return(0);
+ offset++;
+ while (m--)
+ name->scope[n++] = (char)ubuf[offset++];
+
+ /*
+ * Watch for malicious loops.
+ */
+ if (loop_count++ == 10)
+ return 0;
+ }
+ name->scope[n++] = 0;
+
+ return(ret);
+}
+
+/****************************************************************************
+ Put a netbios name, padding(s) and a name type into a 16 character buffer.
+ name is already in DOS charset.
+ [15 bytes name + padding][1 byte name type].
+****************************************************************************/
+
+void put_name(char *dest, const char *name, int pad, unsigned int name_type)
+{
+ size_t len = strlen(name);
+
+ memcpy(dest, name, (len < MAX_NETBIOSNAME_LEN) ?
+ len : MAX_NETBIOSNAME_LEN - 1);
+ if (len < MAX_NETBIOSNAME_LEN - 1) {
+ memset(dest + len, pad, MAX_NETBIOSNAME_LEN - 1 - len);
+ }
+ dest[MAX_NETBIOSNAME_LEN - 1] = name_type;
+}
+
+/*******************************************************************
+ Put a compressed nmb name into a buffer. Return the length of the
+ compressed name.
+
+ Compressed names are really weird. The "compression" doubles the
+ size. The idea is that it also means that compressed names conform
+ to the domain name system. See RFC1002.
+
+ If buf == NULL this is a length calculation.
+******************************************************************/
+
+static int put_nmb_name(char *buf, size_t buflen, int offset,struct nmb_name *name)
+{
+ int ret,m;
+ nstring buf1;
+ char *p;
+
+ if (strcmp(name->name,"*") == 0) {
+ /* special case for wildcard name */
+ put_name(buf1, "*", '\0', name->name_type);
+ } else {
+ put_name(buf1, name->name, ' ', name->name_type);
+ }
+
+ if (buf) {
+ if (offset >= buflen) {
+ return 0;
+ }
+ buf[offset] = 0x20;
+ }
+
+ ret = 34;
+
+ for (m=0;m<MAX_NETBIOSNAME_LEN;m++) {
+ if (buf) {
+ if (offset+2+2*m >= buflen) {
+ return 0;
+ }
+ buf[offset+1+2*m] = 'A' + ((buf1[m]>>4)&0xF);
+ buf[offset+2+2*m] = 'A' + (buf1[m]&0xF);
+ }
+ }
+ offset += 33;
+
+ if (buf) {
+ if (offset >= buflen) {
+ return 0;
+ }
+ buf[offset] = 0;
+ }
+
+ if (name->scope[0]) {
+ /* XXXX this scope handling needs testing */
+ size_t scopenamelen = strlen(name->scope) + 1;
+ ret += scopenamelen;
+ if (buf) {
+ if (offset+1+scopenamelen >= buflen) {
+ return 0;
+ }
+ strlcpy(&buf[offset+1],name->scope,
+ buflen - (offset+1));
+
+ p = &buf[offset+1];
+ while ((p = strchr_m(p,'.'))) {
+ buf[offset] = PTR_DIFF(p,&buf[offset+1]);
+ offset += (buf[offset] + 1);
+ if (offset+1 >= buflen) {
+ return 0;
+ }
+ p = &buf[offset+1];
+ }
+ buf[offset] = strlen(&buf[offset+1]);
+ }
+ }
+
+ return ret;
+}
+
+/*******************************************************************
+ Useful for debugging messages.
+******************************************************************/
+
+char *nmb_namestr(const struct nmb_name *n)
+{
+ fstring name;
+ char *result;
+
+ pull_ascii_fstring(name, n->name);
+ if (!n->scope[0])
+ result = talloc_asprintf(talloc_tos(), "%s<%02x>", name,
+ n->name_type);
+ else
+ result = talloc_asprintf(talloc_tos(), "%s<%02x>.%s", name,
+ n->name_type, n->scope);
+
+ SMB_ASSERT(result != NULL);
+ return result;
+}
+
+/*******************************************************************
+ Allocate and parse some resource records.
+******************************************************************/
+
+static bool parse_alloc_res_rec(char *inbuf,int *offset,int length,
+ struct res_rec **recs, int count)
+{
+ int i;
+
+ *recs = SMB_MALLOC_ARRAY(struct res_rec, count);
+ if (!*recs)
+ return(False);
+
+ memset((char *)*recs,'\0',sizeof(**recs)*count);
+
+ for (i=0;i<count;i++) {
+ int l = parse_nmb_name(inbuf,*offset,length,
+ &(*recs)[i].rr_name);
+ (*offset) += l;
+ if (!l || (*offset)+10 > length) {
+ SAFE_FREE(*recs);
+ return(False);
+ }
+ (*recs)[i].rr_type = RSVAL(inbuf,(*offset));
+ (*recs)[i].rr_class = RSVAL(inbuf,(*offset)+2);
+ (*recs)[i].ttl = RIVAL(inbuf,(*offset)+4);
+ (*recs)[i].rdlength = RSVAL(inbuf,(*offset)+8);
+ (*offset) += 10;
+ if ((*recs)[i].rdlength>sizeof((*recs)[i].rdata) ||
+ (*offset)+(*recs)[i].rdlength > length) {
+ SAFE_FREE(*recs);
+ return(False);
+ }
+ memcpy((*recs)[i].rdata,inbuf+(*offset),(*recs)[i].rdlength);
+ (*offset) += (*recs)[i].rdlength;
+ }
+ return(True);
+}
+
+/*******************************************************************
+ Put a resource record into a packet.
+ If buf == NULL this is a length calculation.
+******************************************************************/
+
+static int put_res_rec(char *buf, size_t buflen, int offset,struct res_rec *recs,int count)
+{
+ int ret=0;
+ int i;
+
+ for (i=0;i<count;i++) {
+ int l = put_nmb_name(buf,buflen,offset,&recs[i].rr_name);
+ offset += l;
+ ret += l;
+ if (buf) {
+ RSSVAL(buf,offset,recs[i].rr_type);
+ RSSVAL(buf,offset+2,recs[i].rr_class);
+ RSIVAL(buf,offset+4,(unsigned int)recs[i].ttl);
+ RSSVAL(buf,offset+8,recs[i].rdlength);
+ memcpy(buf+offset+10,recs[i].rdata,recs[i].rdlength);
+ }
+ offset += 10+recs[i].rdlength;
+ ret += 10+recs[i].rdlength;
+ }
+
+ return ret;
+}
+
+/*******************************************************************
+ Put a compressed name pointer record into a packet.
+ If buf == NULL this is a length calculation.
+******************************************************************/
+
+static int put_compressed_name_ptr(unsigned char *buf,
+ int offset,
+ struct res_rec *rec,
+ int ptr_offset)
+{
+ int ret=offset;
+ if (buf) {
+ buf[offset] = (0xC0 | ((ptr_offset >> 8) & 0xFF));
+ buf[offset+1] = (ptr_offset & 0xFF);
+ }
+ offset += 2;
+ if (buf) {
+ RSSVAL(buf,offset,rec->rr_type);
+ RSSVAL(buf,offset+2,rec->rr_class);
+ RSIVAL(buf,offset+4,rec->ttl);
+ RSSVAL(buf,offset+8,rec->rdlength);
+ memcpy(buf+offset+10,rec->rdata,rec->rdlength);
+ }
+ offset += 10+rec->rdlength;
+ ret = (offset - ret);
+
+ return ret;
+}
+
+/*******************************************************************
+ Parse a dgram packet. Return False if the packet can't be parsed
+ or is invalid for some reason, True otherwise.
+
+ This is documented in section 4.4.1 of RFC1002.
+******************************************************************/
+
+static bool parse_dgram(char *inbuf,int length,struct dgram_packet *dgram)
+{
+ size_t offset;
+ int flags;
+
+ memset((char *)dgram,'\0',sizeof(*dgram));
+
+ if (length < 14)
+ return(False);
+
+ dgram->header.msg_type = CVAL(inbuf,0);
+ flags = CVAL(inbuf,1);
+ dgram->header.flags.node_type = (enum node_type)((flags>>2)&3);
+ if (flags & 1)
+ dgram->header.flags.more = True;
+ if (flags & 2)
+ dgram->header.flags.first = True;
+ dgram->header.dgm_id = RSVAL(inbuf,2);
+ putip((char *)&dgram->header.source_ip,inbuf+4);
+ dgram->header.source_port = RSVAL(inbuf,8);
+ dgram->header.dgm_length = RSVAL(inbuf,10);
+ dgram->header.packet_offset = RSVAL(inbuf,12);
+
+ offset = 14;
+
+ if (dgram->header.msg_type == 0x10 ||
+ dgram->header.msg_type == 0x11 ||
+ dgram->header.msg_type == 0x12) {
+ offset += parse_nmb_name(inbuf,offset,length,
+ &dgram->source_name);
+ offset += parse_nmb_name(inbuf,offset,length,
+ &dgram->dest_name);
+ }
+
+ if (offset >= length || (length-offset > sizeof(dgram->data)))
+ return(False);
+
+ dgram->datasize = length-offset;
+ memcpy(dgram->data,inbuf+offset,dgram->datasize);
+
+ /* Paranioa. Ensure the last 2 bytes in the dgram buffer are
+ zero. This should be true anyway, just enforce it for
+ paranioa sake. JRA. */
+ SMB_ASSERT(dgram->datasize <= (sizeof(dgram->data)-2));
+ memset(&dgram->data[sizeof(dgram->data)-2], '\0', 2);
+
+ return(True);
+}
+
+/*******************************************************************
+ Parse a nmb packet. Return False if the packet can't be parsed
+ or is invalid for some reason, True otherwise.
+******************************************************************/
+
+static bool parse_nmb(char *inbuf,int length,struct nmb_packet *nmb)
+{
+ int nm_flags,offset;
+
+ memset((char *)nmb,'\0',sizeof(*nmb));
+
+ if (length < 12)
+ return(False);
+
+ /* parse the header */
+ nmb->header.name_trn_id = RSVAL(inbuf,0);
+
+ DEBUG(10,("parse_nmb: packet id = %d\n", nmb->header.name_trn_id));
+
+ nmb->header.opcode = (CVAL(inbuf,2) >> 3) & 0xF;
+ nmb->header.response = ((CVAL(inbuf,2)>>7)&1)?True:False;
+ nm_flags = ((CVAL(inbuf,2) & 0x7) << 4) + (CVAL(inbuf,3)>>4);
+ nmb->header.nm_flags.bcast = (nm_flags&1)?True:False;
+ nmb->header.nm_flags.recursion_available = (nm_flags&8)?True:False;
+ nmb->header.nm_flags.recursion_desired = (nm_flags&0x10)?True:False;
+ nmb->header.nm_flags.trunc = (nm_flags&0x20)?True:False;
+ nmb->header.nm_flags.authoritative = (nm_flags&0x40)?True:False;
+ nmb->header.rcode = CVAL(inbuf,3) & 0xF;
+ nmb->header.qdcount = RSVAL(inbuf,4);
+ nmb->header.ancount = RSVAL(inbuf,6);
+ nmb->header.nscount = RSVAL(inbuf,8);
+ nmb->header.arcount = RSVAL(inbuf,10);
+
+ if (nmb->header.qdcount) {
+ offset = parse_nmb_name(inbuf,12,length,
+ &nmb->question.question_name);
+ if (!offset)
+ return(False);
+
+ if (length - (12+offset) < 4)
+ return(False);
+ nmb->question.question_type = RSVAL(inbuf,12+offset);
+ nmb->question.question_class = RSVAL(inbuf,12+offset+2);
+
+ offset += 12+4;
+ } else {
+ offset = 12;
+ }
+
+ /* and any resource records */
+ if (nmb->header.ancount &&
+ !parse_alloc_res_rec(inbuf,&offset,length,&nmb->answers,
+ nmb->header.ancount))
+ return(False);
+
+ if (nmb->header.nscount &&
+ !parse_alloc_res_rec(inbuf,&offset,length,&nmb->nsrecs,
+ nmb->header.nscount))
+ return(False);
+
+ if (nmb->header.arcount &&
+ !parse_alloc_res_rec(inbuf,&offset,length,
+ &nmb->additional, nmb->header.arcount))
+ return(False);
+
+ return(True);
+}
+
+/*******************************************************************
+ 'Copy constructor' for an nmb packet.
+******************************************************************/
+
+static struct packet_struct *copy_nmb_packet(struct packet_struct *packet)
+{
+ struct nmb_packet *nmb;
+ struct nmb_packet *copy_nmb;
+ struct packet_struct *pkt_copy;
+
+ if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
+ DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
+ return NULL;
+ }
+
+ /* Structure copy of entire thing. */
+
+ *pkt_copy = *packet;
+
+ /* Ensure this copy is not locked. */
+ pkt_copy->locked = False;
+ pkt_copy->recv_fd = -1;
+ pkt_copy->send_fd = -1;
+
+ /* Ensure this copy has no resource records. */
+ nmb = &packet->packet.nmb;
+ copy_nmb = &pkt_copy->packet.nmb;
+
+ copy_nmb->answers = NULL;
+ copy_nmb->nsrecs = NULL;
+ copy_nmb->additional = NULL;
+
+ /* Now copy any resource records. */
+
+ if (nmb->answers) {
+ if((copy_nmb->answers = SMB_MALLOC_ARRAY(
+ struct res_rec,nmb->header.ancount)) == NULL)
+ goto free_and_exit;
+ memcpy((char *)copy_nmb->answers, (char *)nmb->answers,
+ nmb->header.ancount * sizeof(struct res_rec));
+ }
+ if (nmb->nsrecs) {
+ if((copy_nmb->nsrecs = SMB_MALLOC_ARRAY(
+ struct res_rec, nmb->header.nscount)) == NULL)
+ goto free_and_exit;
+ memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs,
+ nmb->header.nscount * sizeof(struct res_rec));
+ }
+ if (nmb->additional) {
+ if((copy_nmb->additional = SMB_MALLOC_ARRAY(
+ struct res_rec, nmb->header.arcount)) == NULL)
+ goto free_and_exit;
+ memcpy((char *)copy_nmb->additional, (char *)nmb->additional,
+ nmb->header.arcount * sizeof(struct res_rec));
+ }
+
+ return pkt_copy;
+
+ free_and_exit:
+
+ SAFE_FREE(copy_nmb->answers);
+ SAFE_FREE(copy_nmb->nsrecs);
+ SAFE_FREE(copy_nmb->additional);
+ SAFE_FREE(pkt_copy);
+
+ DEBUG(0,("copy_nmb_packet: malloc fail in resource records.\n"));
+ return NULL;
+}
+
+/*******************************************************************
+ 'Copy constructor' for a dgram packet.
+******************************************************************/
+
+static struct packet_struct *copy_dgram_packet(struct packet_struct *packet)
+{
+ struct packet_struct *pkt_copy;
+
+ if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
+ DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
+ return NULL;
+ }
+
+ /* Structure copy of entire thing. */
+
+ *pkt_copy = *packet;
+
+ /* Ensure this copy is not locked. */
+ pkt_copy->locked = False;
+ pkt_copy->recv_fd = -1;
+ pkt_copy->send_fd = -1;
+
+ /* There are no additional pointers in a dgram packet,
+ we are finished. */
+ return pkt_copy;
+}
+
+/*******************************************************************
+ 'Copy constructor' for a generic packet.
+******************************************************************/
+
+struct packet_struct *copy_packet(struct packet_struct *packet)
+{
+ if(packet->packet_type == NMB_PACKET)
+ return copy_nmb_packet(packet);
+ else if (packet->packet_type == DGRAM_PACKET)
+ return copy_dgram_packet(packet);
+ return NULL;
+}
+
+/*******************************************************************
+ Free up any resources associated with an nmb packet.
+******************************************************************/
+
+static void free_nmb_packet(struct nmb_packet *nmb)
+{
+ SAFE_FREE(nmb->answers);
+ SAFE_FREE(nmb->nsrecs);
+ SAFE_FREE(nmb->additional);
+}
+
+/*******************************************************************
+ Free up any resources associated with a dgram packet.
+******************************************************************/
+
+static void free_dgram_packet(struct dgram_packet *nmb)
+{
+ /* We have nothing to do for a dgram packet. */
+}
+
+/*******************************************************************
+ Free up any resources associated with a packet.
+******************************************************************/
+
+void free_packet(struct packet_struct *packet)
+{
+ if (packet->locked)
+ return;
+ if (packet->packet_type == NMB_PACKET)
+ free_nmb_packet(&packet->packet.nmb);
+ else if (packet->packet_type == DGRAM_PACKET)
+ free_dgram_packet(&packet->packet.dgram);
+ ZERO_STRUCTPN(packet);
+ SAFE_FREE(packet);
+}
+
+int packet_trn_id(struct packet_struct *p)
+{
+ int result;
+ switch (p->packet_type) {
+ case NMB_PACKET:
+ result = p->packet.nmb.header.name_trn_id;
+ break;
+ case DGRAM_PACKET:
+ result = p->packet.dgram.header.dgm_id;
+ break;
+ default:
+ result = -1;
+ }
+ return result;
+}
+
+/*******************************************************************
+ Parse a packet buffer into a packet structure.
+******************************************************************/
+
+struct packet_struct *parse_packet(char *buf,int length,
+ enum packet_type packet_type,
+ struct in_addr ip,
+ int port)
+{
+ struct packet_struct *p;
+ bool ok=False;
+
+ p = SMB_MALLOC_P(struct packet_struct);
+ if (!p)
+ return(NULL);
+
+ ZERO_STRUCTP(p); /* initialize for possible padding */
+
+ p->next = NULL;
+ p->prev = NULL;
+ p->ip = ip;
+ p->port = port;
+ p->locked = False;
+ p->timestamp = time(NULL);
+ p->packet_type = packet_type;
+
+ switch (packet_type) {
+ case NMB_PACKET:
+ ok = parse_nmb(buf,length,&p->packet.nmb);
+ break;
+
+ case DGRAM_PACKET:
+ ok = parse_dgram(buf,length,&p->packet.dgram);
+ break;
+ }
+
+ if (!ok) {
+ free_packet(p);
+ return NULL;
+ }
+
+ return p;
+}
+
+static struct packet_struct *copy_packet_talloc(
+ TALLOC_CTX *mem_ctx, const struct packet_struct *src)
+{
+ struct packet_struct *pkt;
+
+ pkt = talloc_memdup(mem_ctx, src, sizeof(struct packet_struct));
+ if (pkt == NULL) {
+ return NULL;
+ }
+ pkt->locked = false;
+ pkt->recv_fd = -1;
+ pkt->send_fd = -1;
+
+ if (src->packet_type == NMB_PACKET) {
+ const struct nmb_packet *nsrc = &src->packet.nmb;
+ struct nmb_packet *ndst = &pkt->packet.nmb;
+
+ if (nsrc->answers != NULL) {
+ ndst->answers = talloc_memdup(
+ pkt, nsrc->answers,
+ sizeof(struct res_rec) * nsrc->header.ancount);
+ if (ndst->answers == NULL) {
+ goto fail;
+ }
+ }
+ if (nsrc->nsrecs != NULL) {
+ ndst->nsrecs = talloc_memdup(
+ pkt, nsrc->nsrecs,
+ sizeof(struct res_rec) * nsrc->header.nscount);
+ if (ndst->nsrecs == NULL) {
+ goto fail;
+ }
+ }
+ if (nsrc->additional != NULL) {
+ ndst->additional = talloc_memdup(
+ pkt, nsrc->additional,
+ sizeof(struct res_rec) * nsrc->header.arcount);
+ if (ndst->additional == NULL) {
+ goto fail;
+ }
+ }
+ }
+
+ return pkt;
+
+ /*
+ * DGRAM packets have no substructures
+ */
+
+fail:
+ TALLOC_FREE(pkt);
+ return NULL;
+}
+
+struct packet_struct *parse_packet_talloc(TALLOC_CTX *mem_ctx,
+ char *buf,int length,
+ enum packet_type packet_type,
+ struct in_addr ip,
+ int port)
+{
+ struct packet_struct *pkt, *result;
+
+ pkt = parse_packet(buf, length, packet_type, ip, port);
+ if (pkt == NULL) {
+ return NULL;
+ }
+ result = copy_packet_talloc(mem_ctx, pkt);
+ free_packet(pkt);
+ return result;
+}
+
+/*******************************************************************
+ Send a udp packet on a already open socket.
+******************************************************************/
+
+static bool send_udp(int fd,char *buf,int len,struct in_addr ip,int port)
+{
+ bool ret = False;
+ int i;
+ struct sockaddr_in sock_out;
+
+ /* set the address and port */
+ memset((char *)&sock_out,'\0',sizeof(sock_out));
+ putip((char *)&sock_out.sin_addr,(char *)&ip);
+ sock_out.sin_port = htons( port );
+ sock_out.sin_family = AF_INET;
+
+ DEBUG( 5, ( "Sending a packet of len %d to (%s) on port %d\n",
+ len, inet_ntoa(ip), port ) );
+
+ /*
+ * Patch to fix asynch error notifications from Linux kernel.
+ */
+
+ for (i = 0; i < 5; i++) {
+ ret = (sendto(fd,buf,len,0,(struct sockaddr *)&sock_out,
+ sizeof(sock_out)) >= 0);
+ if (ret || errno != ECONNREFUSED)
+ break;
+ }
+
+ if (!ret)
+ DEBUG(0,("Packet send failed to %s(%d) ERRNO=%s\n",
+ inet_ntoa(ip),port,strerror(errno)));
+
+ return(ret);
+}
+
+/*******************************************************************
+ Build a dgram packet ready for sending.
+ If buf == NULL this is a length calculation.
+******************************************************************/
+
+static int build_dgram(char *buf, size_t len, struct dgram_packet *dgram)
+{
+ unsigned char *ubuf = (unsigned char *)buf;
+ int offset=0;
+
+ /* put in the header */
+ if (buf) {
+ ubuf[0] = dgram->header.msg_type;
+ ubuf[1] = (((int)dgram->header.flags.node_type)<<2);
+ if (dgram->header.flags.more)
+ ubuf[1] |= 1;
+ if (dgram->header.flags.first)
+ ubuf[1] |= 2;
+ RSSVAL(ubuf,2,dgram->header.dgm_id);
+ putip(ubuf+4,(char *)&dgram->header.source_ip);
+ RSSVAL(ubuf,8,dgram->header.source_port);
+ RSSVAL(ubuf,12,dgram->header.packet_offset);
+ }
+
+ offset = 14;
+
+ if (dgram->header.msg_type == 0x10 ||
+ dgram->header.msg_type == 0x11 ||
+ dgram->header.msg_type == 0x12) {
+ offset += put_nmb_name((char *)ubuf,len,offset,&dgram->source_name);
+ offset += put_nmb_name((char *)ubuf,len,offset,&dgram->dest_name);
+ }
+
+ if (buf) {
+ memcpy(ubuf+offset,dgram->data,dgram->datasize);
+ }
+ offset += dgram->datasize;
+
+ /* automatically set the dgm_length
+ * NOTE: RFC1002 says the dgm_length does *not*
+ * include the fourteen-byte header. crh
+ */
+ dgram->header.dgm_length = (offset - 14);
+ if (buf) {
+ RSSVAL(ubuf,10,dgram->header.dgm_length);
+ }
+
+ return offset;
+}
+
+/*******************************************************************
+ Build a nmb name
+*******************************************************************/
+
+void make_nmb_name( struct nmb_name *n, const char *name, int type)
+{
+ fstring unix_name;
+ memset( (char *)n, '\0', sizeof(struct nmb_name) );
+ fstrcpy(unix_name, name);
+ (void)strupper_m(unix_name);
+ push_ascii(n->name, unix_name, sizeof(n->name), STR_TERMINATE);
+ n->name_type = (unsigned int)type & 0xFF;
+ push_ascii(n->scope, lp_netbios_scope(), 64, STR_TERMINATE);
+}
+
+/*******************************************************************
+ Compare two nmb names
+******************************************************************/
+
+bool nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2)
+{
+ return ((n1->name_type == n2->name_type) &&
+ strequal(n1->name ,n2->name ) &&
+ strequal(n1->scope,n2->scope));
+}
+
+/*******************************************************************
+ Build a nmb packet ready for sending.
+ If buf == NULL this is a length calculation.
+******************************************************************/
+
+static int build_nmb(char *buf, size_t len, struct nmb_packet *nmb)
+{
+ unsigned char *ubuf = (unsigned char *)buf;
+ int offset=0;
+
+ if (len && len < 12) {
+ return 0;
+ }
+
+ /* put in the header */
+ if (buf) {
+ RSSVAL(ubuf,offset,nmb->header.name_trn_id);
+ ubuf[offset+2] = (nmb->header.opcode & 0xF) << 3;
+ if (nmb->header.response)
+ ubuf[offset+2] |= (1<<7);
+ if (nmb->header.nm_flags.authoritative &&
+ nmb->header.response)
+ ubuf[offset+2] |= 0x4;
+ if (nmb->header.nm_flags.trunc)
+ ubuf[offset+2] |= 0x2;
+ if (nmb->header.nm_flags.recursion_desired)
+ ubuf[offset+2] |= 0x1;
+ if (nmb->header.nm_flags.recursion_available &&
+ nmb->header.response)
+ ubuf[offset+3] |= 0x80;
+ if (nmb->header.nm_flags.bcast)
+ ubuf[offset+3] |= 0x10;
+ ubuf[offset+3] |= (nmb->header.rcode & 0xF);
+
+ RSSVAL(ubuf,offset+4,nmb->header.qdcount);
+ RSSVAL(ubuf,offset+6,nmb->header.ancount);
+ RSSVAL(ubuf,offset+8,nmb->header.nscount);
+ RSSVAL(ubuf,offset+10,nmb->header.arcount);
+ }
+
+ offset += 12;
+ if (nmb->header.qdcount) {
+ /* XXXX this doesn't handle a qdcount of > 1 */
+ if (len) {
+ /* Length check. */
+ int extra = put_nmb_name(NULL,0,offset,
+ &nmb->question.question_name);
+ if (offset + extra > len) {
+ return 0;
+ }
+ }
+ offset += put_nmb_name((char *)ubuf,len,offset,
+ &nmb->question.question_name);
+ if (buf) {
+ RSSVAL(ubuf,offset,nmb->question.question_type);
+ RSSVAL(ubuf,offset+2,nmb->question.question_class);
+ }
+ offset += 4;
+ }
+
+ if (nmb->header.ancount) {
+ if (len) {
+ /* Length check. */
+ int extra = put_res_rec(NULL,0,offset,nmb->answers,
+ nmb->header.ancount);
+ if (offset + extra > len) {
+ return 0;
+ }
+ }
+ offset += put_res_rec((char *)ubuf,len,offset,nmb->answers,
+ nmb->header.ancount);
+ }
+
+ if (nmb->header.nscount) {
+ if (len) {
+ /* Length check. */
+ int extra = put_res_rec(NULL,0,offset,nmb->nsrecs,
+ nmb->header.nscount);
+ if (offset + extra > len) {
+ return 0;
+ }
+ }
+ offset += put_res_rec((char *)ubuf,len,offset,nmb->nsrecs,
+ nmb->header.nscount);
+ }
+
+ /*
+ * The spec says we must put compressed name pointers
+ * in the following outgoing packets :
+ * NAME_REGISTRATION_REQUEST, NAME_REFRESH_REQUEST,
+ * NAME_RELEASE_REQUEST.
+ */
+
+ if((nmb->header.response == False) &&
+ ((nmb->header.opcode == NMB_NAME_REG_OPCODE) ||
+ (nmb->header.opcode == NMB_NAME_RELEASE_OPCODE) ||
+ (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_8) ||
+ (nmb->header.opcode == NMB_NAME_REFRESH_OPCODE_9) ||
+ (nmb->header.opcode == NMB_NAME_MULTIHOMED_REG_OPCODE)) &&
+ (nmb->header.arcount == 1)) {
+
+ if (len) {
+ /* Length check. */
+ int extra = put_compressed_name_ptr(NULL,offset,
+ nmb->additional,12);
+ if (offset + extra > len) {
+ return 0;
+ }
+ }
+ offset += put_compressed_name_ptr(ubuf,offset,
+ nmb->additional,12);
+ } else if (nmb->header.arcount) {
+ if (len) {
+ /* Length check. */
+ int extra = put_res_rec(NULL,0,offset,nmb->additional,
+ nmb->header.arcount);
+ if (offset + extra > len) {
+ return 0;
+ }
+ }
+ offset += put_res_rec((char *)ubuf,len,offset,nmb->additional,
+ nmb->header.arcount);
+ }
+ return offset;
+}
+
+/*******************************************************************
+ Linearise a packet.
+******************************************************************/
+
+int build_packet(char *buf, size_t buflen, struct packet_struct *p)
+{
+ int len = 0;
+
+ switch (p->packet_type) {
+ case NMB_PACKET:
+ len = build_nmb(buf,buflen,&p->packet.nmb);
+ break;
+
+ case DGRAM_PACKET:
+ len = build_dgram(buf,buflen,&p->packet.dgram);
+ break;
+ }
+
+ return len;
+}
+
+/*******************************************************************
+ Send a packet_struct.
+******************************************************************/
+
+bool send_packet(struct packet_struct *p)
+{
+ char buf[1024];
+ int len=0;
+
+ memset(buf,'\0',sizeof(buf));
+
+ len = build_packet(buf, sizeof(buf), p);
+
+ if (!len)
+ return(False);
+
+ return(send_udp(p->send_fd,buf,len,p->ip,p->port));
+}
+
+/****************************************************************************
+ Receive a UDP/138 packet either via UDP or from the unexpected packet
+ queue. The packet must be a reply packet and have the specified mailslot name
+ The timeout is in milliseconds.
+***************************************************************************/
+
+/****************************************************************************
+ See if a datagram has the right mailslot name.
+***************************************************************************/
+
+bool match_mailslot_name(struct packet_struct *p, const char *mailslot_name)
+{
+ struct dgram_packet *dgram = &p->packet.dgram;
+ char *buf;
+
+ buf = &dgram->data[0];
+ buf -= 4;
+
+ buf = smb_buf(buf);
+
+ if (memcmp(buf, mailslot_name, strlen(mailslot_name)+1) == 0) {
+ return True;
+ }
+
+ return False;
+}
+
+/****************************************************************************
+ Return the number of bits that match between two len character buffers
+***************************************************************************/
+
+int matching_len_bits(const unsigned char *p1, const unsigned char *p2, size_t len)
+{
+ size_t i, j;
+ int ret = 0;
+ for (i=0; i<len; i++) {
+ if (p1[i] != p2[i])
+ break;
+ ret += 8;
+ }
+
+ if (i==len)
+ return ret;
+
+ for (j=0; j<8; j++) {
+ if ((p1[i] & (1<<(7-j))) != (p2[i] & (1<<(7-j))))
+ break;
+ ret++;
+ }
+
+ return ret;
+}
+
+static unsigned char sort_ip[4];
+
+/****************************************************************************
+ Compare two query reply records.
+***************************************************************************/
+
+static int name_query_comp(unsigned char *p1, unsigned char *p2)
+{
+ return matching_len_bits(p2+2, sort_ip, 4) -
+ matching_len_bits(p1+2, sort_ip, 4);
+}
+
+/****************************************************************************
+ Sort a set of 6 byte name query response records so that the IPs that
+ have the most leading bits in common with the specified address come first.
+***************************************************************************/
+
+void sort_query_replies(char *data, int n, struct in_addr ip)
+{
+ if (n <= 1)
+ return;
+
+ putip(sort_ip, (char *)&ip);
+
+ /* TODO:
+ this can't use TYPESAFE_QSORT() as the types are wrong.
+ It should be fixed to use a real type instead of char*
+ */
+ qsort(data, n, 6, QSORT_CAST name_query_comp);
+}
+
+/****************************************************************************
+ Interpret the weird netbios "name" into a unix fstring. Return the name type.
+ Returns -1 on error.
+****************************************************************************/
+
+static int name_interpret(unsigned char *buf, size_t buf_len,
+ unsigned char *in, fstring name)
+{
+ unsigned char *end_ptr = buf + buf_len;
+ int ret;
+ unsigned int len;
+ fstring out_string;
+ unsigned char *out = (unsigned char *)out_string;
+
+ *out=0;
+
+ if (in >= end_ptr) {
+ return -1;
+ }
+ len = (*in++) / 2;
+
+ if (len<1) {
+ return -1;
+ }
+
+ while (len--) {
+ if (&in[1] >= end_ptr) {
+ return -1;
+ }
+ if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
+ *out = 0;
+ return(0);
+ }
+ *out = ((in[0]-'A')<<4) + (in[1]-'A');
+ in += 2;
+ out++;
+ if (PTR_DIFF(out,out_string) >= sizeof(fstring)) {
+ return -1;
+ }
+ }
+ ret = out[-1];
+ out[-1] = 0;
+
+ pull_ascii_fstring(name, out_string);
+
+ return(ret);
+}
+
+/****************************************************************************
+ Mangle a name into netbios format.
+ Note: <Out> must be (33 + strlen(scope) + 2) bytes long, at minimum.
+****************************************************************************/
+
+char *name_mangle(TALLOC_CTX *mem_ctx, const char *In, char name_type)
+{
+ int i;
+ int len;
+ nstring buf;
+ char *result;
+ char *p;
+
+ result = talloc_array(mem_ctx, char, 33 + strlen(lp_netbios_scope()) + 2);
+ if (result == NULL) {
+ return NULL;
+ }
+ p = result;
+
+ /* Safely copy the input string, In, into buf[]. */
+ if (strcmp(In,"*") == 0)
+ put_name(buf, "*", '\0', 0x00);
+ else {
+ /* We use an fstring here as mb dos names can expend x3 when
+ going to utf8. */
+ fstring buf_unix;
+ nstring buf_dos;
+
+ pull_ascii_fstring(buf_unix, In);
+ if (!strupper_m(buf_unix)) {
+ return NULL;
+ }
+
+ push_ascii_nstring(buf_dos, buf_unix);
+ put_name(buf, buf_dos, ' ', name_type);
+ }
+
+ /* Place the length of the first field into the output buffer. */
+ p[0] = 32;
+ p++;
+
+ /* Now convert the name to the rfc1001/1002 format. */
+ for( i = 0; i < MAX_NETBIOSNAME_LEN; i++ ) {
+ p[i*2] = ( (buf[i] >> 4) & 0x000F ) + 'A';
+ p[(i*2)+1] = (buf[i] & 0x000F) + 'A';
+ }
+ p += 32;
+ p[0] = '\0';
+
+ /* Add the scope string. */
+ for( i = 0, len = 0; *(lp_netbios_scope()) != '\0'; i++, len++ ) {
+ switch( (lp_netbios_scope())[i] ) {
+ case '\0':
+ p[0] = len;
+ if( len > 0 )
+ p[len+1] = 0;
+ return result;
+ case '.':
+ p[0] = len;
+ p += (len + 1);
+ len = -1;
+ break;
+ default:
+ p[len+1] = (lp_netbios_scope())[i];
+ break;
+ }
+ }
+
+ return result;
+}
+
+/****************************************************************************
+ Find a pointer to a netbios name.
+****************************************************************************/
+
+static unsigned char *name_ptr(unsigned char *buf, size_t buf_len, unsigned int ofs)
+{
+ unsigned char c = 0;
+
+ if (ofs > buf_len || buf_len < 1) {
+ return NULL;
+ }
+
+ c = *(unsigned char *)(buf+ofs);
+ if ((c & 0xC0) == 0xC0) {
+ uint16_t l = 0;
+
+ if (ofs > buf_len - 1) {
+ return NULL;
+ }
+ l = RSVAL(buf, ofs) & 0x3FFF;
+ if (l > buf_len) {
+ return NULL;
+ }
+ DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l));
+ return(buf + l);
+ } else {
+ return(buf+ofs);
+ }
+}
+
+/****************************************************************************
+ Extract a netbios name from a buf (into a unix string) return name type.
+ Returns -1 on error.
+****************************************************************************/
+
+int name_extract(unsigned char *buf, size_t buf_len, unsigned int ofs, fstring name)
+{
+ unsigned char *p = name_ptr(buf,buf_len,ofs);
+
+ name[0] = '\0';
+ if (p == NULL) {
+ return -1;
+ }
+ return(name_interpret(buf,buf_len,p,name));
+}
+
+/****************************************************************************
+ Return the total storage length of a mangled name.
+ Returns -1 on error.
+****************************************************************************/
+
+int name_len(unsigned char *s1, size_t buf_len)
+{
+ /* NOTE: this argument _must_ be unsigned */
+ unsigned char *s = (unsigned char *)s1;
+ int len = 0;
+
+ if (buf_len < 1) {
+ return -1;
+ }
+ /* If the two high bits of the byte are set, return 2. */
+ if (0xC0 == (*s & 0xC0)) {
+ if (buf_len < 2) {
+ return -1;
+ }
+ return(2);
+ }
+
+ /* Add up the length bytes. */
+ for (len = 1; (*s); s += (*s) + 1) {
+ len += *s + 1;
+ if (len > buf_len) {
+ return -1;
+ }
+ }
+
+ return(len);
+}
+
+/*******************************************************************
+ Setup the word count and byte count for a client smb message.
+********************************************************************/
+
+int cli_set_message(char *buf,int num_words,int num_bytes,bool zero)
+{
+ if (zero && (num_words || num_bytes)) {
+ memset(buf + smb_size,'\0',num_words*2 + num_bytes);
+ }
+ SCVAL(buf,smb_wct,num_words);
+ SSVAL(buf,smb_vwv + num_words*SIZEOFWORD,num_bytes);
+ smb_setlen(buf,smb_size + num_words*2 + num_bytes - 4);
+ return (smb_size + num_words*2 + num_bytes);
+}
diff --git a/source3/libsmb/nmblib.h b/source3/libsmb/nmblib.h
new file mode 100644
index 0000000..52600a4
--- /dev/null
+++ b/source3/libsmb/nmblib.h
@@ -0,0 +1,59 @@
+/*
+ Unix SMB/CIFS implementation.
+ handle unexpected packets
+ NBT netbios library routines
+ Copyright (C) Andrew Tridgell 1994-1998, 2000
+ Copyright (C) Jeremy Allison 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#ifndef _LIBSMB_NMBLIB_H_
+#define _LIBSMB_NMBLIB_H_
+
+/* The following definitions come from libsmb/unexpected.c */
+
+#include "nameserv.h"
+
+/* The following definitions come from libsmb/nmblib.c */
+
+void debug_nmb_packet(struct packet_struct *p);
+void put_name(char *dest, const char *name, int pad, unsigned int name_type);
+char *nmb_namestr(const struct nmb_name *n);
+struct packet_struct *copy_packet(struct packet_struct *packet);
+void free_packet(struct packet_struct *packet);
+int packet_trn_id(struct packet_struct *p);
+struct packet_struct *parse_packet(char *buf,int length,
+ enum packet_type packet_type,
+ struct in_addr ip,
+ int port);
+struct packet_struct *parse_packet_talloc(TALLOC_CTX *mem_ctx,
+ char *buf,int length,
+ enum packet_type packet_type,
+ struct in_addr ip,
+ int port);
+void make_nmb_name( struct nmb_name *n, const char *name, int type);
+bool nmb_name_equal(struct nmb_name *n1, struct nmb_name *n2);
+int build_packet(char *buf, size_t buflen, struct packet_struct *p);
+bool send_packet(struct packet_struct *p);
+bool match_mailslot_name(struct packet_struct *p, const char *mailslot_name);
+int matching_len_bits(const unsigned char *p1, const unsigned char *p2, size_t len);
+void sort_query_replies(char *data, int n, struct in_addr ip);
+char *name_mangle(TALLOC_CTX *mem_ctx, const char *In, char name_type);
+int name_extract(unsigned char *buf,size_t buf_len, unsigned int ofs, fstring name);
+int name_len(unsigned char *s1, size_t buf_len);
+int cli_set_message(char *buf,int num_words,int num_bytes,bool zero);
+
+#endif /* _LIBSMB_NMBLIB_H_ */
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
new file mode 100644
index 0000000..b3304ed
--- /dev/null
+++ b/source3/libsmb/passchange.c
@@ -0,0 +1,323 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB client password change routine
+ Copyright (C) Andrew Tridgell 1994-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../librpc/gen_ndr/ndr_samr.h"
+#include "rpc_client/cli_pipe.h"
+#include "rpc_client/cli_samr.h"
+#include "libsmb/libsmb.h"
+#include "libsmb/clirap.h"
+#include "libsmb/nmblib.h"
+#include "../libcli/smb/smbXcli_base.h"
+
+/*************************************************************
+ Change a password on a remote machine using IPC calls.
+*************************************************************/
+
+NTSTATUS remote_password_change(const char *remote_machine,
+ const char *domain, const char *user_name,
+ const char *old_passwd, const char *new_passwd,
+ char **err_str)
+{
+ struct cli_state *cli = NULL;
+ struct cli_credentials *creds = NULL;
+ struct rpc_pipe_client *pipe_hnd = NULL;
+ NTSTATUS status;
+ NTSTATUS result;
+ bool pass_must_change = False;
+
+ *err_str = NULL;
+
+ result = cli_connect_nb(remote_machine, NULL, 0, 0x20, NULL,
+ SMB_SIGNING_IPC_DEFAULT, 0, &cli);
+ if (!NT_STATUS_IS_OK(result)) {
+ if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) {
+ if (asprintf(err_str, "Unable to connect to SMB server on "
+ "machine %s. NetBIOS support disabled\n",
+ remote_machine) == -1) {
+ *err_str = NULL;
+ }
+ } else {
+ if (asprintf(err_str, "Unable to connect to SMB server on "
+ "machine %s. Error was : %s.\n",
+ remote_machine, nt_errstr(result))==-1) {
+ *err_str = NULL;
+ }
+ }
+ return result;
+ }
+
+ creds = cli_session_creds_init(cli,
+ user_name,
+ domain,
+ NULL, /* realm */
+ old_passwd,
+ false, /* use_kerberos */
+ false, /* fallback_after_kerberos */
+ false, /* use_ccache */
+ false); /* password_is_nt_hash */
+ SMB_ASSERT(creds != NULL);
+
+ result = smbXcli_negprot(cli->conn,
+ cli->timeout,
+ lp_client_ipc_min_protocol(),
+ lp_client_ipc_max_protocol(),
+ NULL,
+ NULL,
+ NULL);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ if (asprintf(err_str, "machine %s rejected the negotiate "
+ "protocol. Error was : %s.\n",
+ remote_machine, nt_errstr(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+
+ /* Given things like SMB signing, restrict anonymous and the like,
+ try an authenticated connection first */
+ result = cli_session_setup_creds(cli, creds);
+
+ if (!NT_STATUS_IS_OK(result)) {
+
+ /* Password must change or Password expired are the only valid
+ * error conditions here from where we can proceed, the rest like
+ * account locked out or logon failure will lead to errors later
+ * anyway */
+
+ if (!NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_MUST_CHANGE) &&
+ !NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_EXPIRED)) {
+ if (asprintf(err_str, "Could not connect to machine %s: "
+ "%s\n", remote_machine, nt_errstr(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+
+ pass_must_change = True;
+
+ /*
+ * We should connect as the anonymous user here, in case
+ * the server has "must change password" checked...
+ * Thanks to <Nicholas.S.Jenkins@cdc.com> for this fix.
+ */
+
+ result = cli_session_setup_anon(cli);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ if (asprintf(err_str, "machine %s rejected the session "
+ "setup. Error was : %s.\n",
+ remote_machine, nt_errstr(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+ }
+
+ result = cli_tree_connect(cli, "IPC$", "IPC", NULL);
+ if (!NT_STATUS_IS_OK(result)) {
+ if (asprintf(err_str, "machine %s rejected the tconX on the "
+ "IPC$ share. Error was : %s.\n",
+ remote_machine, nt_errstr(result))) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+
+ /* Try not to give the password away too easily */
+
+ if (!pass_must_change) {
+ const struct sockaddr_storage *remote_sockaddr =
+ smbXcli_conn_remote_sockaddr(cli->conn);
+
+ result = cli_rpc_pipe_open_with_creds(cli,
+ &ndr_table_samr,
+ NCACN_NP,
+ DCERPC_AUTH_TYPE_NTLMSSP,
+ DCERPC_AUTH_LEVEL_PRIVACY,
+ remote_machine,
+ remote_sockaddr,
+ creds,
+ &pipe_hnd);
+ } else {
+ /*
+ * If the user password must be changed the ntlmssp bind will
+ * fail the same way as the session setup above did. The
+ * difference is that with a pipe bind we don't get a good
+ * error message, the result will be that the rpc call below
+ * will just fail. So we do it anonymously, there's no other
+ * way.
+ */
+ result = cli_rpc_pipe_open_noauth(
+ cli, &ndr_table_samr, &pipe_hnd);
+ }
+
+ if (!NT_STATUS_IS_OK(result)) {
+ if (lp_client_lanman_auth()) {
+ /* Use the old RAP method. */
+ if (!cli_oem_change_password(cli, user_name, new_passwd, old_passwd)) {
+ result = cli_nt_error(cli);
+ if (asprintf(err_str, "machine %s rejected the "
+ "password change: Error was : %s.\n",
+ remote_machine, nt_errstr(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+ } else {
+ if (asprintf(err_str, "SAMR connection to machine %s "
+ "failed. Error was %s, but LANMAN password "
+ "changes are disabled\n",
+ remote_machine, nt_errstr(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+ }
+
+ status = dcerpc_samr_chgpasswd_user4(pipe_hnd->binding_handle,
+ talloc_tos(),
+ pipe_hnd->srv_name_slash,
+ user_name,
+ old_passwd,
+ new_passwd,
+ &result);
+ if (NT_STATUS_IS_OK(status) && NT_STATUS_IS_OK(result)) {
+ /* All good, password successfully changed. */
+ cli_shutdown(cli);
+ return NT_STATUS_OK;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status,
+ NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+ /* DO NOT FALLBACK TO RC4 */
+ if (lp_weak_crypto() == SAMBA_WEAK_CRYPTO_DISALLOWED) {
+ cli_shutdown(cli);
+ return NT_STATUS_STRONG_CRYPTO_NOT_SUPPORTED;
+ }
+ }
+ } else {
+ if (!NT_STATUS_IS_OK(result)) {
+ int rc = asprintf(
+ err_str,
+ "machine %s rejected to change the password"
+ "with error: %s",
+ remote_machine,
+ get_friendly_nt_error_msg(result));
+ if (rc <= 0) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+ }
+
+ result = rpccli_samr_chgpasswd_user2(pipe_hnd, talloc_tos(),
+ user_name, new_passwd, old_passwd);
+ if (NT_STATUS_IS_OK(result)) {
+ /* Great - it all worked! */
+ cli_shutdown(cli);
+ return NT_STATUS_OK;
+
+ } else if (!(NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)
+ || NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))) {
+ /* it failed, but for reasons such as wrong password, too short etc ... */
+
+ if (asprintf(err_str, "machine %s rejected the password change: "
+ "Error was : %s.\n",
+ remote_machine, get_friendly_nt_error_msg(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+
+ /* OK, that failed, so try again... */
+ TALLOC_FREE(pipe_hnd);
+
+ /* Try anonymous NTLMSSP... */
+ result = NT_STATUS_UNSUCCESSFUL;
+
+ /* OK, this is ugly, but... try an anonymous pipe. */
+ result = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr,
+ &pipe_hnd);
+
+ if ( NT_STATUS_IS_OK(result) &&
+ (NT_STATUS_IS_OK(result = rpccli_samr_chgpasswd_user2(
+ pipe_hnd, talloc_tos(), user_name,
+ new_passwd, old_passwd)))) {
+ /* Great - it all worked! */
+ cli_shutdown(cli);
+ return NT_STATUS_OK;
+ } else {
+ if (!(NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED)
+ || NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL))) {
+ /* it failed, but again it was due to things like new password too short */
+
+ if (asprintf(err_str, "machine %s rejected the "
+ "(anonymous) password change: Error was : "
+ "%s.\n", remote_machine,
+ get_friendly_nt_error_msg(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ }
+
+ /* We have failed to change the user's password, and we think the server
+ just might not support SAMR password changes, so fall back */
+
+ if (lp_client_lanman_auth()) {
+ /* Use the old RAP method. */
+ if (cli_oem_change_password(cli, user_name, new_passwd, old_passwd)) {
+ /* SAMR failed, but the old LanMan protocol worked! */
+
+ cli_shutdown(cli);
+ return NT_STATUS_OK;
+ }
+
+ result = cli_nt_error(cli);
+ if (asprintf(err_str, "machine %s rejected the password "
+ "change: Error was : %s.\n",
+ remote_machine, nt_errstr(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return result;
+ } else {
+ if (asprintf(err_str, "SAMR connection to machine %s "
+ "failed. Error was %s, but LANMAN password "
+ "changes are disabled\n",
+ remote_machine, nt_errstr(result)) == -1) {
+ *err_str = NULL;
+ }
+ cli_shutdown(cli);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+}
diff --git a/source3/libsmb/proto.h b/source3/libsmb/proto.h
new file mode 100644
index 0000000..35b6577
--- /dev/null
+++ b/source3/libsmb/proto.h
@@ -0,0 +1,1080 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Copyright (C) Andrew Bartlett 2001-2003
+ Copyright (C) Andrew Tridgell 1994-1998,2000-2001
+ Copyright (C) Gerald (Jerry) Carter 2004
+ Copyright (C) Jelmer Vernooij 2003
+ Copyright (C) Jeremy Allison 2001-2009,2011
+ Copyright (C) Stefan Metzmacher 2003,2009
+ Copyright (C) Volker Lendecke 2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBSMB_PROTO_H_
+#define _LIBSMB_PROTO_H_
+
+struct smb_trans_enc_state;
+struct cli_credentials;
+struct cli_state;
+struct file_info;
+struct print_job_info;
+
+/* The following definitions come from libsmb/cliconnect.c */
+
+struct cli_credentials *cli_session_creds_init(TALLOC_CTX *mem_ctx,
+ const char *username,
+ const char *domain,
+ const char *realm,
+ const char *password,
+ bool use_kerberos,
+ bool fallback_after_kerberos,
+ bool use_ccache,
+ bool password_is_nt_hash);
+NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli,
+ struct cli_credentials *creds);
+struct tevent_req *cli_session_setup_creds_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ struct cli_credentials *creds);
+NTSTATUS cli_session_setup_creds_recv(struct tevent_req *req);
+NTSTATUS cli_session_setup_creds(struct cli_state *cli,
+ struct cli_credentials *creds);
+NTSTATUS cli_session_setup_anon(struct cli_state *cli);
+struct tevent_req *cli_session_setup_guest_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ struct tevent_req **psmbreq);
+struct tevent_req *cli_session_setup_guest_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_session_setup_guest_recv(struct tevent_req *req);
+NTSTATUS cli_ulogoff(struct cli_state *cli);
+struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *share, const char *dev,
+ const char *pass, int passlen,
+ struct tevent_req **psmbreq);
+struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *share, const char *dev,
+ const char *pass, int passlen);
+NTSTATUS cli_tcon_andx_recv(struct tevent_req *req);
+NTSTATUS cli_tcon_andx(struct cli_state *cli, const char *share,
+ const char *dev, const char *pass, int passlen);
+NTSTATUS cli_tree_connect_creds(struct cli_state *cli,
+ const char *share, const char *dev,
+ struct cli_credentials *creds);
+NTSTATUS cli_tree_connect(struct cli_state *cli, const char *share,
+ const char *dev, const char *pass);
+NTSTATUS cli_tdis(struct cli_state *cli);
+NTSTATUS cli_connect_nb(const char *host, const struct sockaddr_storage *dest_ss,
+ uint16_t port, int name_type, const char *myname,
+ enum smb_signing_setting signing_state, int flags, struct cli_state **pcli);
+NTSTATUS cli_start_connection(struct cli_state **output_cli,
+ const char *my_name,
+ const char *dest_host,
+ const struct sockaddr_storage *dest_ss, int port,
+ enum smb_signing_setting signing_state, int flags);
+NTSTATUS cli_smb1_setup_encryption(struct cli_state *cli,
+ struct cli_credentials *creds);
+
+struct smb2_negotiate_contexts;
+struct tevent_req *cli_full_connection_creds_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ const char *my_name, const char *dest_host,
+ const struct sockaddr_storage *dest_ss, int port,
+ const char *service, const char *service_type,
+ struct cli_credentials *creds,
+ int flags,
+ struct smb2_negotiate_contexts *negotiate_contexts);
+NTSTATUS cli_full_connection_creds_recv(struct tevent_req *req,
+ struct cli_state **output_cli);
+NTSTATUS cli_full_connection_creds(struct cli_state **output_cli,
+ const char *my_name,
+ const char *dest_host,
+ const struct sockaddr_storage *dest_ss, int port,
+ const char *service, const char *service_type,
+ struct cli_credentials *creds,
+ int flags);
+NTSTATUS cli_raw_tcon(struct cli_state *cli,
+ const char *service, const char *pass, const char *dev,
+ uint16_t *max_xmit, uint16_t *tid);
+struct cli_state *get_ipc_connect(char *server,
+ struct sockaddr_storage *server_ss,
+ struct cli_credentials *creds);
+struct cli_state *get_ipc_connect_master_ip(TALLOC_CTX *ctx,
+ struct sockaddr_storage *mb_ip,
+ struct cli_credentials *creds,
+ char **pp_workgroup_out);
+
+/* The following definitions come from libsmb/clidfs.c */
+
+NTSTATUS cli_cm_open(TALLOC_CTX *ctx,
+ struct cli_state *referring_cli,
+ const char *server,
+ const char *share,
+ struct cli_credentials *creds,
+ const struct sockaddr_storage *dest_ss,
+ int port,
+ int name_type,
+ struct cli_state **pcli);
+void cli_cm_display(struct cli_state *c);
+struct client_dfs_referral;
+bool cli_dfs_is_already_full_path(struct cli_state *cli, const char *path);
+NTSTATUS cli_dfs_get_referral_ex(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *path,
+ uint16_t max_referral_level,
+ struct client_dfs_referral **refs,
+ size_t *num_refs,
+ size_t *consumed);
+NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *path,
+ struct client_dfs_referral **refs,
+ size_t *num_refs,
+ size_t *consumed);
+NTSTATUS cli_resolve_path(TALLOC_CTX *ctx,
+ const char *mountpt,
+ struct cli_credentials *creds,
+ struct cli_state *rootcli,
+ const char *path,
+ struct cli_state **targetcli,
+ char **pp_targetpath);
+
+bool cli_check_msdfs_proxy(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *sharename,
+ char **pp_newserver,
+ char **pp_newshare,
+ struct cli_credentials *creds);
+
+NTSTATUS cli_dfs_target_check(TALLOC_CTX *mem_ctx,
+ struct cli_state *cli,
+ const char *fname_dst,
+ const char **fname_dst_out);
+char *smb1_dfs_share_path(TALLOC_CTX *ctx,
+ struct cli_state *cli,
+ const char *path);
+
+/* The following definitions come from libsmb/clientgen.c */
+
+unsigned int cli_set_timeout(struct cli_state *cli, unsigned int timeout);
+bool cli_set_backup_intent(struct cli_state *cli, bool flag);
+extern struct GUID cli_state_client_guid;
+struct cli_state *cli_state_create(TALLOC_CTX *mem_ctx,
+ int fd,
+ const char *remote_name,
+ enum smb_signing_setting signing_state,
+ int flags);
+void cli_shutdown(struct cli_state *cli);
+uint16_t cli_state_get_vc_num(struct cli_state *cli);
+uint32_t cli_setpid(struct cli_state *cli, uint32_t pid);
+uint32_t cli_getpid(struct cli_state *cli);
+bool cli_state_is_encryption_on(struct cli_state *cli);
+bool cli_state_has_tcon(struct cli_state *cli);
+uint32_t cli_state_get_tid(struct cli_state *cli);
+uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid);
+struct smbXcli_tcon;
+void cli_state_save_tcon_share(struct cli_state *cli,
+ struct smbXcli_tcon **_tcon_ret,
+ char **_share_ret);
+void cli_state_restore_tcon_share(struct cli_state *cli,
+ struct smbXcli_tcon *tcon,
+ char *share);
+uint16_t cli_state_get_uid(struct cli_state *cli);
+uint16_t cli_state_set_uid(struct cli_state *cli, uint16_t uid);
+bool cli_set_case_sensitive(struct cli_state *cli, bool case_sensitive);
+uint32_t cli_state_available_size(struct cli_state *cli, uint32_t ofs);
+time_t cli_state_server_time(struct cli_state *cli);
+struct tevent_req *cli_echo_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli, uint16_t num_echos,
+ DATA_BLOB data);
+NTSTATUS cli_echo_recv(struct tevent_req *req);
+NTSTATUS cli_echo(struct cli_state *cli, uint16_t num_echos, DATA_BLOB data);
+NTSTATUS cli_smb(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint8_t smb_command, uint8_t additional_flags,
+ uint8_t wct, uint16_t *vwv,
+ uint32_t num_bytes, const uint8_t *bytes,
+ struct tevent_req **result_parent,
+ uint8_t min_wct, uint8_t *pwct, uint16_t **pvwv,
+ uint32_t *pnum_bytes, uint8_t **pbytes);
+
+/* The following definitions come from libsmb/clierror.c */
+
+NTSTATUS cli_nt_error(struct cli_state *cli);
+int cli_status_to_errno(NTSTATUS status);
+int cli_errno(struct cli_state *cli);
+bool cli_is_error(struct cli_state *cli);
+bool cli_state_is_connected(struct cli_state *cli);
+
+/* The following definitions come from libsmb/clifile.c */
+
+struct tevent_req *cli_setpathinfo_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t level,
+ const char *path,
+ uint8_t *data,
+ size_t data_len);
+NTSTATUS cli_setpathinfo_recv(struct tevent_req *req);
+NTSTATUS cli_setpathinfo(struct cli_state *cli,
+ uint16_t level,
+ const char *path,
+ uint8_t *data,
+ size_t data_len);
+struct tevent_req *cli_setfileinfo_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t level,
+ uint8_t *data,
+ size_t data_len);
+NTSTATUS cli_setfileinfo_recv(struct tevent_req *req);
+
+struct tevent_req *cli_posix_symlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *oldname,
+ const char *newname);
+NTSTATUS cli_posix_symlink_recv(struct tevent_req *req);
+NTSTATUS cli_posix_symlink(struct cli_state *cli,
+ const char *oldname,
+ const char *newname);
+struct tevent_req *cli_posix_readlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_posix_readlink_recv(
+ struct tevent_req *req, TALLOC_CTX *mem_ctx, char **target);
+struct tevent_req *cli_posix_hardlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *oldname,
+ const char *newname);
+NTSTATUS cli_posix_hardlink_recv(struct tevent_req *req);
+NTSTATUS cli_posix_hardlink(struct cli_state *cli,
+ const char *oldname,
+ const char *newname);
+uint32_t unix_perms_to_wire(mode_t perms);
+mode_t wire_perms_to_unix(uint32_t perms);
+struct tevent_req *cli_posix_getacl_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_posix_getacl_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ size_t *prb_size,
+ char **retbuf);
+NTSTATUS cli_posix_getacl(struct cli_state *cli,
+ const char *fname,
+ TALLOC_CTX *mem_ctx,
+ size_t *prb_size,
+ char **retbuf);
+struct tevent_req *cli_posix_setacl_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ const void *acl_buf,
+ size_t acl_buf_size);
+NTSTATUS cli_posix_setacl_recv(struct tevent_req *req);
+NTSTATUS cli_posix_setacl(struct cli_state *cli,
+ const char *fname,
+ const void *acl_buf,
+ size_t acl_buf_size);
+struct tevent_req *cli_posix_stat_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_posix_stat_recv(struct tevent_req *req, struct stat_ex *sbuf);
+NTSTATUS cli_posix_stat(struct cli_state *cli,
+ const char *fname,
+ struct stat_ex *sbuf);
+struct tevent_req *cli_posix_chmod_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode);
+NTSTATUS cli_posix_chmod_recv(struct tevent_req *req);
+NTSTATUS cli_posix_chmod(struct cli_state *cli, const char *fname, mode_t mode);
+struct tevent_req *cli_posix_chown_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uid_t uid,
+ gid_t gid);
+NTSTATUS cli_posix_chown_recv(struct tevent_req *req);
+NTSTATUS cli_posix_chown(struct cli_state *cli,
+ const char *fname,
+ uid_t uid,
+ gid_t gid);
+struct tevent_req *cli_mknod_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode,
+ dev_t dev);
+NTSTATUS cli_mknod_recv(struct tevent_req *req);
+NTSTATUS
+cli_mknod(struct cli_state *cli, const char *fname, mode_t mode, dev_t dev);
+struct tevent_req *cli_rename_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace);
+NTSTATUS cli_rename_recv(struct tevent_req *req);
+NTSTATUS cli_rename(struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst,
+ bool replace);
+struct tevent_req *cli_ntrename_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst);
+NTSTATUS cli_ntrename_recv(struct tevent_req *req);
+NTSTATUS cli_ntrename(struct cli_state *cli, const char *fname_src, const char *fname_dst);
+
+struct tevent_req *cli_hardlink_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst);
+NTSTATUS cli_hardlink_recv(struct tevent_req *req);
+NTSTATUS cli_hardlink(
+ struct cli_state *cli,
+ const char *fname_src,
+ const char *fname_dst);
+
+struct tevent_req *cli_unlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t mayhave_attrs);
+NTSTATUS cli_unlink_recv(struct tevent_req *req);
+NTSTATUS cli_unlink(struct cli_state *cli, const char *fname, uint32_t mayhave_attrs);
+
+struct tevent_req *cli_mkdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *dname);
+NTSTATUS cli_mkdir_recv(struct tevent_req *req);
+NTSTATUS cli_mkdir(struct cli_state *cli, const char *dname);
+struct tevent_req *cli_rmdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *dname);
+NTSTATUS cli_rmdir_recv(struct tevent_req *req);
+NTSTATUS cli_rmdir(struct cli_state *cli, const char *dname);
+struct tevent_req *cli_nt_delete_on_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ bool flag);
+NTSTATUS cli_nt_delete_on_close_recv(struct tevent_req *req);
+NTSTATUS cli_nt_delete_on_close(struct cli_state *cli, uint16_t fnum, bool flag);
+struct tevent_req *cli_ntcreate_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint32_t ImpersonationLevel,
+ uint8_t SecurityFlags);
+NTSTATUS cli_ntcreate_recv(struct tevent_req *req,
+ uint16_t *pfnum,
+ struct smb_create_returns *cr);
+NTSTATUS cli_ntcreate(struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint8_t SecurityFlags,
+ uint16_t *pfid,
+ struct smb_create_returns *cr);
+struct tevent_req *cli_openx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, const char *fname,
+ int flags, int share_mode,
+ struct tevent_req **psmbreq);
+struct tevent_req *cli_openx_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli, const char *fname,
+ int flags, int share_mode);
+NTSTATUS cli_openx_recv(struct tevent_req *req, uint16_t *fnum);
+NTSTATUS cli_openx(struct cli_state *cli, const char *fname, int flags, int share_mode, uint16_t *pfnum);
+NTSTATUS cli_open(struct cli_state *cli, const char *fname, int flags, int share_mode, uint16_t *pfnum);
+struct tevent_req *cli_smb1_close_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ struct tevent_req **psubreq);
+struct tevent_req *cli_close_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t flags);
+NTSTATUS cli_close_recv(struct tevent_req *req);
+NTSTATUS cli_close(struct cli_state *cli, uint16_t fnum);
+struct tevent_req *cli_ftruncate_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t size);
+NTSTATUS cli_ftruncate_recv(struct tevent_req *req);
+NTSTATUS cli_ftruncate(struct cli_state *cli, uint16_t fnum, uint64_t size);
+NTSTATUS cli_locktype(struct cli_state *cli, uint16_t fnum,
+ uint32_t offset, uint32_t len,
+ int timeout, unsigned char locktype);
+struct smb1_lock_element {
+ uint16_t pid;
+ uint64_t offset;
+ uint64_t length;
+};
+
+struct tevent_req *cli_lockingx_create(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t typeoflock,
+ uint8_t newoplocklevel,
+ int32_t timeout,
+ uint16_t num_unlocks,
+ const struct smb1_lock_element *unlocks,
+ uint16_t num_locks,
+ const struct smb1_lock_element *locks,
+ struct tevent_req **psmbreq);
+struct tevent_req *cli_lockingx_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t typeoflock,
+ uint8_t newoplocklevel,
+ int32_t timeout,
+ uint16_t num_unlocks,
+ const struct smb1_lock_element *unlocks,
+ uint16_t num_locks,
+ const struct smb1_lock_element *locks);
+NTSTATUS cli_lockingx_recv(struct tevent_req *req);
+NTSTATUS cli_lockingx(
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint8_t typeoflock,
+ uint8_t newoplocklevel,
+ int32_t timeout,
+ uint16_t num_unlocks,
+ const struct smb1_lock_element *unlocks,
+ uint16_t num_locks,
+ const struct smb1_lock_element *locks);
+
+NTSTATUS cli_lock32(struct cli_state *cli, uint16_t fnum, uint32_t offset,
+ uint32_t len, int timeout, enum brl_type lock_type);
+struct tevent_req *cli_unlock_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t offset,
+ uint64_t len);
+NTSTATUS cli_unlock_recv(struct tevent_req *req);
+NTSTATUS cli_unlock(struct cli_state *cli, uint16_t fnum, uint32_t offset, uint32_t len);
+struct tevent_req *cli_posix_lock_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t offset,
+ uint64_t len,
+ bool wait_lock,
+ enum brl_type lock_type);
+NTSTATUS cli_posix_lock_recv(struct tevent_req *req);
+NTSTATUS cli_posix_lock(struct cli_state *cli, uint16_t fnum,
+ uint64_t offset, uint64_t len,
+ bool wait_lock, enum brl_type lock_type);
+struct tevent_req *cli_posix_unlock_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint64_t offset,
+ uint64_t len);
+NTSTATUS cli_posix_unlock_recv(struct tevent_req *req);
+NTSTATUS cli_posix_unlock(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len);
+struct tevent_req *cli_getattrE_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum);
+NTSTATUS cli_getattrE_recv(struct tevent_req *req,
+ uint32_t *pattr,
+ off_t *size,
+ time_t *change_time,
+ time_t *access_time,
+ time_t *write_time);
+struct tevent_req *cli_setattrE_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ time_t change_time,
+ time_t access_time,
+ time_t write_time);
+NTSTATUS cli_setattrE_recv(struct tevent_req *req);
+NTSTATUS cli_setattrE(struct cli_state *cli,
+ uint16_t fnum,
+ time_t change_time,
+ time_t access_time,
+ time_t write_time);
+struct tevent_req *cli_getatr_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_getatr_recv(struct tevent_req *req,
+ uint32_t *pattr,
+ off_t *size,
+ time_t *write_time);
+NTSTATUS cli_getatr(struct cli_state *cli,
+ const char *fname,
+ uint32_t *pattr,
+ off_t *size,
+ time_t *write_time);
+struct tevent_req *cli_setatr_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t attr,
+ time_t mtime);
+NTSTATUS cli_setatr_recv(struct tevent_req *req);
+NTSTATUS cli_setatr(struct cli_state *cli,
+ const char *fname,
+ uint32_t attr,
+ time_t mtime);
+struct tevent_req *cli_chkpath_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_chkpath_recv(struct tevent_req *req);
+NTSTATUS cli_chkpath(struct cli_state *cli, const char *path);
+struct tevent_req *cli_dskattr_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_dskattr_recv(struct tevent_req *req, int *bsize, int *total,
+ int *avail);
+NTSTATUS cli_dskattr(struct cli_state *cli, int *bsize, int *total, int *avail);
+NTSTATUS cli_disk_size(struct cli_state *cli, const char *path, uint64_t *bsize,
+ uint64_t *total, uint64_t *avail);
+struct tevent_req *cli_ctemp_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *path);
+NTSTATUS cli_ctemp_recv(struct tevent_req *req,
+ TALLOC_CTX *ctx,
+ uint16_t *pfnum,
+ char **outfile);
+NTSTATUS cli_ctemp(struct cli_state *cli,
+ TALLOC_CTX *ctx,
+ const char *path,
+ uint16_t *pfnum,
+ char **out_path);
+NTSTATUS cli_set_ea_path(struct cli_state *cli, const char *path,
+ const char *ea_name, const char *ea_val,
+ size_t ea_len);
+NTSTATUS cli_set_ea_fnum(struct cli_state *cli, uint16_t fnum,
+ const char *ea_name, const char *ea_val,
+ size_t ea_len);
+struct tevent_req *cli_get_ea_list_path_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_get_ea_list_path_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ size_t *pnum_eas, struct ea_struct **peas);
+NTSTATUS cli_get_ea_list_path(struct cli_state *cli, const char *path,
+ TALLOC_CTX *ctx,
+ size_t *pnum_eas,
+ struct ea_struct **pea_list);
+struct tevent_req *cli_posix_open_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ int flags,
+ mode_t mode);
+NTSTATUS cli_posix_open_recv(struct tevent_req *req, uint16_t *pfnum);
+NTSTATUS cli_posix_open(struct cli_state *cli, const char *fname,
+ int flags, mode_t mode, uint16_t *fnum);
+struct tevent_req *cli_posix_mkdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode);
+NTSTATUS cli_posix_mkdir_recv(struct tevent_req *req);
+NTSTATUS cli_posix_mkdir(struct cli_state *cli, const char *fname, mode_t mode);
+
+struct tevent_req *cli_posix_unlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_posix_unlink_recv(struct tevent_req *req);
+NTSTATUS cli_posix_unlink(struct cli_state *cli, const char *fname);
+
+struct tevent_req *cli_posix_rmdir_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_posix_rmdir_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx);
+NTSTATUS cli_posix_rmdir(struct cli_state *cli, const char *fname);
+struct tevent_req *cli_notify_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint32_t buffer_size,
+ uint32_t completion_filter, bool recursive);
+NTSTATUS cli_notify_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint32_t *pnum_changes,
+ struct notify_change **pchanges);
+NTSTATUS cli_notify(struct cli_state *cli, uint16_t fnum, uint32_t buffer_size,
+ uint32_t completion_filter, bool recursive,
+ TALLOC_CTX *mem_ctx, uint32_t *pnum_changes,
+ struct notify_change **pchanges);
+
+struct tevent_req *cli_nttrans_create_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint8_t SecurityFlags,
+ struct security_descriptor *secdesc,
+ struct ea_struct *eas,
+ int num_eas);
+NTSTATUS cli_nttrans_create_recv(struct tevent_req *req,
+ uint16_t *fnum,
+ struct smb_create_returns *cr);
+NTSTATUS cli_nttrans_create(struct cli_state *cli,
+ const char *fname,
+ uint32_t CreatFlags,
+ uint32_t DesiredAccess,
+ uint32_t FileAttributes,
+ uint32_t ShareAccess,
+ uint32_t CreateDisposition,
+ uint32_t CreateOptions,
+ uint8_t SecurityFlags,
+ struct security_descriptor *secdesc,
+ struct ea_struct *eas,
+ int num_eas,
+ uint16_t *pfid,
+ struct smb_create_returns *cr);
+
+/* The following definitions come from libsmb/clifsinfo.c */
+
+struct tevent_req *cli_unix_extensions_version_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_unix_extensions_version_recv(struct tevent_req *req,
+ uint16_t *pmajor, uint16_t *pminor,
+ uint32_t *pcaplow,
+ uint32_t *pcaphigh);
+NTSTATUS cli_unix_extensions_version(struct cli_state *cli, uint16_t *pmajor,
+ uint16_t *pminor, uint32_t *pcaplow,
+ uint32_t *pcaphigh);
+struct tevent_req *cli_set_unix_extensions_capabilities_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct cli_state *cli,
+ uint16_t major, uint16_t minor, uint32_t caplow, uint32_t caphigh);
+NTSTATUS cli_set_unix_extensions_capabilities_recv(struct tevent_req *req);
+NTSTATUS cli_set_unix_extensions_capabilities(struct cli_state *cli,
+ uint16_t major, uint16_t minor,
+ uint32_t caplow, uint32_t caphigh);
+struct tevent_req *cli_get_fs_attr_info_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_get_fs_attr_info_recv(struct tevent_req *req, uint32_t *fs_attr);
+NTSTATUS cli_get_fs_attr_info(struct cli_state *cli, uint32_t *fs_attr);
+NTSTATUS cli_get_fs_volume_info(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx, char **volume_name,
+ uint32_t *pserial_number, time_t *pdate);
+NTSTATUS cli_get_fs_full_size_info(struct cli_state *cli,
+ uint64_t *total_allocation_units,
+ uint64_t *caller_allocation_units,
+ uint64_t *actual_allocation_units,
+ uint64_t *sectors_per_allocation_unit,
+ uint64_t *bytes_per_sector);
+NTSTATUS cli_get_posix_fs_info(struct cli_state *cli,
+ uint32_t *optimal_transfer_size,
+ uint32_t *block_size,
+ uint64_t *total_blocks,
+ uint64_t *blocks_available,
+ uint64_t *user_blocks_available,
+ uint64_t *total_file_nodes,
+ uint64_t *free_file_nodes,
+ uint64_t *fs_identifier);
+struct tevent_req *cli_posix_whoami_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_posix_whoami_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint64_t *puid,
+ uint64_t *pgid,
+ uint32_t *pnum_gids,
+ uint64_t **pgids,
+ uint32_t *pnum_sids,
+ struct dom_sid **psids,
+ bool *pguest);
+NTSTATUS cli_posix_whoami(struct cli_state *cli,
+ TALLOC_CTX *mem_ctx,
+ uint64_t *puid,
+ uint64_t *pgid,
+ uint32_t *num_gids,
+ uint64_t **gids,
+ uint32_t *num_sids,
+ struct dom_sid **sids,
+ bool *pguest);
+
+/* The following definitions come from libsmb/clilist.c */
+
+NTSTATUS is_bad_finfo_name(const struct cli_state *cli,
+ const struct file_info *finfo);
+
+NTSTATUS cli_list_old(struct cli_state *cli,const char *Mask,uint32_t attribute,
+ NTSTATUS (*fn)(struct file_info *,
+ const char *, void *), void *state);
+NTSTATUS cli_list_trans(struct cli_state *cli, const char *mask,
+ uint32_t attribute, int info_level,
+ NTSTATUS (*fn)(
+ struct file_info *finfo,
+ const char *mask,
+ void *private_data),
+ void *private_data);
+struct tevent_req *cli_list_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *mask,
+ uint32_t attribute,
+ uint16_t info_level);
+NTSTATUS cli_list_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct file_info **pfinfo);
+NTSTATUS cli_list(struct cli_state *cli,
+ const char *mask,
+ uint32_t attribute,
+ NTSTATUS (*fn)(struct file_info *finfo,
+ const char *mask,
+ void *private_data),
+ void *private_data);
+
+/* The following definitions come from libsmb/climessage.c */
+
+struct tevent_req *cli_message_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *host, const char *username,
+ const char *message);
+NTSTATUS cli_message_recv(struct tevent_req *req);
+NTSTATUS cli_message(struct cli_state *cli, const char *host,
+ const char *username, const char *message);
+
+/* The following definitions come from libsmb/clioplock.c */
+
+struct tevent_req *cli_smb_oplock_break_waiter_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_smb_oplock_break_waiter_recv(struct tevent_req *req,
+ uint16_t *pfnum,
+ uint8_t *plevel);
+
+struct tevent_req *cli_oplock_ack_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum, uint8_t level);
+NTSTATUS cli_oplock_ack_recv(struct tevent_req *req);
+
+/* The following definitions come from libsmb/cliprint.c */
+
+NTSTATUS cli_print_queue(struct cli_state *cli,
+ void (*fn)(struct print_job_info *));
+NTSTATUS cli_printjob_del(struct cli_state *cli, int job);
+
+/* The following definitions come from libsmb/cliquota.c */
+
+NTSTATUS cli_get_quota_handle(struct cli_state *cli, uint16_t *quota_fnum);
+void free_ntquota_list(SMB_NTQUOTA_LIST **qt_list);
+bool parse_user_quota_record(const uint8_t *rdata,
+ unsigned int rdata_count,
+ unsigned int *offset,
+ SMB_NTQUOTA_STRUCT *pqt);
+bool add_record_to_ntquota_list(TALLOC_CTX *mem_ctx,
+ SMB_NTQUOTA_STRUCT *pqt,
+ SMB_NTQUOTA_LIST **pqt_list);
+NTSTATUS parse_user_quota_list(const uint8_t *curdata,
+ uint32_t curdata_size,
+ TALLOC_CTX *mem_ctx,
+ SMB_NTQUOTA_LIST **pqt_list);
+NTSTATUS parse_fs_quota_buffer(const uint8_t *rdata,
+ unsigned int rdata_count,
+ SMB_NTQUOTA_STRUCT *pqt);
+NTSTATUS build_user_quota_buffer(SMB_NTQUOTA_LIST *qt_list,
+ uint32_t maxlen,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *outbuf,
+ SMB_NTQUOTA_LIST **end_ptr);
+NTSTATUS build_fs_quota_buffer(TALLOC_CTX *mem_ctx,
+ const SMB_NTQUOTA_STRUCT *pqt,
+ DATA_BLOB *blob,
+ uint32_t maxlen);
+NTSTATUS cli_get_user_quota(struct cli_state *cli, int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt);
+NTSTATUS cli_set_user_quota(struct cli_state *cli,
+ int quota_fnum,
+ SMB_NTQUOTA_LIST *qtl);
+NTSTATUS cli_list_user_quota(struct cli_state *cli, int quota_fnum,
+ SMB_NTQUOTA_LIST **pqt_list);
+NTSTATUS cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt);
+NTSTATUS cli_set_fs_quota_info(struct cli_state *cli, int quota_fnum,
+ SMB_NTQUOTA_STRUCT *pqt);
+
+/* The following definitions come from libsmb/clireadwrite.c */
+
+struct tevent_req *cli_read_andx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ off_t offset, size_t size,
+ struct tevent_req **psmbreq);
+struct tevent_req *cli_read_andx_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ off_t offset, size_t size);
+NTSTATUS cli_read_andx_recv(struct tevent_req *req, ssize_t *received,
+ uint8_t **rcvbuf);
+struct tevent_req *cli_pull_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum, off_t start_offset,
+ off_t size, size_t window_size,
+ NTSTATUS (*sink)(char *buf, size_t n,
+ void *priv),
+ void *priv);
+NTSTATUS cli_pull_recv(struct tevent_req *req, off_t *received);
+NTSTATUS cli_pull(struct cli_state *cli, uint16_t fnum,
+ off_t start_offset, off_t size, size_t window_size,
+ NTSTATUS (*sink)(char *buf, size_t n, void *priv),
+ void *priv, off_t *received);
+NTSTATUS cli_read_sink(char *buf, size_t n, void *priv);
+struct tevent_req *cli_read_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ char *buf,
+ off_t offset,
+ size_t size);
+NTSTATUS cli_read_recv(struct tevent_req *req, size_t *received);
+NTSTATUS cli_read(struct cli_state *cli, uint16_t fnum,
+ char *buf, off_t offset, size_t size,
+ size_t *nread);
+NTSTATUS cli_smbwrite(struct cli_state *cli, uint16_t fnum, char *buf,
+ off_t offset, size_t size1, size_t *ptotal);
+struct tevent_req *cli_write_andx_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t mode, const uint8_t *buf,
+ off_t offset, size_t size,
+ struct tevent_req **reqs_before,
+ int num_reqs_before,
+ struct tevent_req **psmbreq);
+struct tevent_req *cli_write_andx_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t mode, const uint8_t *buf,
+ off_t offset, size_t size);
+NTSTATUS cli_write_andx_recv(struct tevent_req *req, size_t *pwritten);
+
+struct tevent_req *cli_write_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli, uint16_t fnum,
+ uint16_t mode, const uint8_t *buf,
+ off_t offset, size_t size);
+NTSTATUS cli_write_recv(struct tevent_req *req, size_t *pwritten);
+
+struct tevent_req *cli_writeall_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint16_t mode,
+ const uint8_t *buf,
+ off_t offset,
+ size_t size);
+NTSTATUS cli_writeall_recv(struct tevent_req *req, size_t *pwritten);
+NTSTATUS cli_writeall(struct cli_state *cli, uint16_t fnum, uint16_t mode,
+ const uint8_t *buf, off_t offset, size_t size,
+ size_t *pwritten);
+
+struct tevent_req *cli_push_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum, uint16_t mode,
+ off_t start_offset, size_t window_size,
+ size_t (*source)(uint8_t *buf, size_t n,
+ void *priv),
+ void *priv);
+NTSTATUS cli_push_recv(struct tevent_req *req);
+NTSTATUS cli_push(struct cli_state *cli, uint16_t fnum, uint16_t mode,
+ off_t start_offset, size_t window_size,
+ size_t (*source)(uint8_t *buf, size_t n, void *priv),
+ void *priv);
+
+NTSTATUS cli_splice(struct cli_state *srccli, struct cli_state *dstcli,
+ uint16_t src_fnum, uint16_t dst_fnum,
+ off_t size,
+ off_t src_offset, off_t dst_offset,
+ off_t *written,
+ int (*splice_cb)(off_t n, void *priv), void *priv);
+
+/* The following definitions come from libsmb/clisecdesc.c */
+
+struct tevent_req *cli_query_security_descriptor_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info);
+NTSTATUS cli_query_security_descriptor_recv(
+ struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **sd);
+NTSTATUS cli_query_security_descriptor(struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **sd);
+NTSTATUS cli_query_secdesc(struct cli_state *cli, uint16_t fnum,
+ TALLOC_CTX *mem_ctx, struct security_descriptor **sd);
+struct tevent_req *cli_set_security_descriptor_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ const struct security_descriptor *sd);
+NTSTATUS cli_set_security_descriptor_recv(struct tevent_req *req);
+NTSTATUS cli_set_security_descriptor(struct cli_state *cli,
+ uint16_t fnum,
+ uint32_t sec_info,
+ const struct security_descriptor *sd);
+NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
+ const struct security_descriptor *sd);
+
+NTSTATUS cli_query_mxac(struct cli_state *cli,
+ const char *filename,
+ uint32_t *mxac);
+
+/* The following definitions come from libsmb/clitrans.c */
+
+struct tevent_req *cli_trans_send(
+ TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct cli_state *cli, uint16_t additional_flags2, uint8_t cmd,
+ const char *pipe_name, uint16_t fid, uint16_t function, int flags,
+ uint16_t *setup, uint8_t num_setup, uint8_t max_setup,
+ uint8_t *param, uint32_t num_param, uint32_t max_param,
+ uint8_t *data, uint32_t num_data, uint32_t max_data);
+NTSTATUS cli_trans_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ uint16_t *recv_flags2,
+ uint16_t **setup, uint8_t min_setup,
+ uint8_t *num_setup,
+ uint8_t **param, uint32_t min_param,
+ uint32_t *num_param,
+ uint8_t **data, uint32_t min_data,
+ uint32_t *num_data);
+NTSTATUS cli_trans(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+ uint8_t trans_cmd,
+ const char *pipe_name, uint16_t fid, uint16_t function,
+ int flags,
+ uint16_t *setup, uint8_t num_setup, uint8_t max_setup,
+ uint8_t *param, uint32_t num_param, uint32_t max_param,
+ uint8_t *data, uint32_t num_data, uint32_t max_data,
+ uint16_t *recv_flags2,
+ uint16_t **rsetup, uint8_t min_rsetup, uint8_t *num_rsetup,
+ uint8_t **rparam, uint32_t min_rparam, uint32_t *num_rparam,
+ uint8_t **rdata, uint32_t min_rdata, uint32_t *num_rdata);
+
+/* The following definitions come from libsmb/clisymlink.c */
+
+struct tevent_req *cli_create_reparse_point_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ DATA_BLOB reparse_blob);
+NTSTATUS cli_create_reparse_point_recv(struct tevent_req *req);
+
+struct tevent_req *cli_symlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *oldpath,
+ const char *newpath,
+ uint32_t flags);
+NTSTATUS cli_symlink_recv(struct tevent_req *req);
+NTSTATUS cli_symlink(struct cli_state *cli, const char *oldname,
+ const char *newname, uint32_t flags);
+
+struct tevent_req *cli_get_reparse_data_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_get_reparse_data_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint8_t **_data,
+ uint32_t *_datalen);
+NTSTATUS cli_get_reparse_data(struct cli_state *cli,
+ const char *fname,
+ TALLOC_CTX *mem_ctx,
+ uint8_t **_data,
+ uint32_t *_datalen);
+
+struct tevent_req *cli_readlink_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname);
+NTSTATUS cli_readlink_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ char **psubstitute_name, char **pprint_name,
+ uint32_t *pflags);
+NTSTATUS cli_readlink(struct cli_state *cli, const char *fname,
+ TALLOC_CTX *mem_ctx, char **psubstitute_name,
+ char **pprint_name, uint32_t *pflags);
+
+NTSTATUS fill_quota_buffer(TALLOC_CTX *mem_ctx,
+ SMB_NTQUOTA_LIST *tmp_list,
+ bool return_single,
+ uint32_t max_data,
+ DATA_BLOB *blob,
+ SMB_NTQUOTA_LIST **end_ptr);
+/* The following definitions come from libsmb/passchange.c */
+
+NTSTATUS remote_password_change(const char *remote_machine,
+ const char *domain, const char *user_name,
+ const char *old_passwd, const char *new_passwd,
+ char **err_str);
+
+#endif /* _LIBSMB_PROTO_H_ */
diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c
new file mode 100644
index 0000000..52ba449
--- /dev/null
+++ b/source3/libsmb/pylibsmb.c
@@ -0,0 +1,3030 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * SMB client Python bindings used internally by Samba (for things like
+ * samba-tool). These Python bindings may change without warning, and so
+ * should not be used outside of the Samba codebase.
+ *
+ * Copyright (C) Volker Lendecke 2012
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+Template code to use this library:
+
+-------------------------
+from samba.samba3 import libsmb_samba_internal as libsmb
+from samba.samba3 import param as s3param
+from samba import (credentials,NTSTATUSError)
+
+lp = s3param.get_context()
+lp.load("/etc/samba/smb.conf");
+
+creds = credentials.Credentials()
+creds.guess(lp)
+creds.set_username("administrator")
+creds.set_password("1234")
+
+c = libsmb.Conn("127.0.0.1",
+ "tmp",
+ lp,
+ creds,
+ multi_threaded=True)
+-------------------------
+*/
+
+#include "lib/replace/system/python.h"
+#include "includes.h"
+#include "python/py3compat.h"
+#include "python/modules.h"
+#include "libcli/smb/smbXcli_base.h"
+#include "libcli/smb/smb2_negotiate_context.h"
+#include "libcli/smb/reparse.h"
+#include "libsmb/libsmb.h"
+#include "libcli/security/security.h"
+#include "system/select.h"
+#include "source4/libcli/util/pyerrors.h"
+#include "auth/credentials/pycredentials.h"
+#include "trans2.h"
+#include "libsmb/clirap.h"
+#include "librpc/rpc/pyrpc_util.h"
+
+#define LIST_ATTRIBUTE_MASK \
+ (FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_SYSTEM|FILE_ATTRIBUTE_HIDDEN)
+
+static PyTypeObject *dom_sid_Type = NULL;
+
+static PyTypeObject *get_pytype(const char *module, const char *type)
+{
+ PyObject *mod;
+ PyTypeObject *result;
+
+ mod = PyImport_ImportModule(module);
+ if (mod == NULL) {
+ PyErr_Format(PyExc_RuntimeError,
+ "Unable to import %s to check type %s",
+ module, type);
+ return NULL;
+ }
+ result = (PyTypeObject *)PyObject_GetAttrString(mod, type);
+ Py_DECREF(mod);
+ if (result == NULL) {
+ PyErr_Format(PyExc_RuntimeError,
+ "Unable to find type %s in module %s",
+ module, type);
+ return NULL;
+ }
+ return result;
+}
+
+/*
+ * We're using "const char * const *" for keywords,
+ * PyArg_ParseTupleAndKeywords expects a "char **". Confine the
+ * inevitable warnings to just one place.
+ */
+static int ParseTupleAndKeywords(PyObject *args, PyObject *kw,
+ const char *format, const char * const *keywords,
+ ...)
+{
+ char **_keywords = discard_const_p(char *, keywords);
+ va_list a;
+ int ret;
+ va_start(a, keywords);
+ ret = PyArg_VaParseTupleAndKeywords(args, kw, format,
+ _keywords, a);
+ va_end(a);
+ return ret;
+}
+
+struct py_cli_thread;
+
+struct py_cli_oplock_break {
+ uint16_t fnum;
+ uint8_t level;
+};
+
+struct py_cli_state {
+ PyObject_HEAD
+ struct cli_state *cli;
+ struct tevent_context *ev;
+ int (*req_wait_fn)(struct tevent_context *ev,
+ struct tevent_req *req);
+ struct py_cli_thread *thread_state;
+
+ struct tevent_req *oplock_waiter;
+ struct py_cli_oplock_break *oplock_breaks;
+ struct py_tevent_cond *oplock_cond;
+};
+
+#ifdef HAVE_PTHREAD
+
+#include <pthread.h>
+
+struct py_cli_thread {
+
+ /*
+ * Pipe to make the poll thread wake up in our destructor, so
+ * that we can exit and join the thread.
+ */
+ int shutdown_pipe[2];
+ struct tevent_fd *shutdown_fde;
+ bool do_shutdown;
+ pthread_t id;
+
+ /*
+ * Thread state to release the GIL during the poll(2) syscall
+ */
+ PyThreadState *py_threadstate;
+};
+
+static void *py_cli_state_poll_thread(void *private_data)
+{
+ struct py_cli_state *self = (struct py_cli_state *)private_data;
+ struct py_cli_thread *t = self->thread_state;
+ PyGILState_STATE gstate;
+
+ gstate = PyGILState_Ensure();
+
+ while (!t->do_shutdown) {
+ int ret;
+ ret = tevent_loop_once(self->ev);
+ assert(ret == 0);
+ }
+ PyGILState_Release(gstate);
+ return NULL;
+}
+
+static void py_cli_state_trace_callback(enum tevent_trace_point point,
+ void *private_data)
+{
+ struct py_cli_state *self = (struct py_cli_state *)private_data;
+ struct py_cli_thread *t = self->thread_state;
+
+ switch(point) {
+ case TEVENT_TRACE_BEFORE_WAIT:
+ assert(t->py_threadstate == NULL);
+ t->py_threadstate = PyEval_SaveThread();
+ break;
+ case TEVENT_TRACE_AFTER_WAIT:
+ assert(t->py_threadstate != NULL);
+ PyEval_RestoreThread(t->py_threadstate);
+ t->py_threadstate = NULL;
+ break;
+ default:
+ break;
+ }
+}
+
+static void py_cli_state_shutdown_handler(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data)
+{
+ struct py_cli_state *self = (struct py_cli_state *)private_data;
+ struct py_cli_thread *t = self->thread_state;
+
+ if ((flags & TEVENT_FD_READ) == 0) {
+ return;
+ }
+ TALLOC_FREE(t->shutdown_fde);
+ t->do_shutdown = true;
+}
+
+static int py_cli_thread_destructor(struct py_cli_thread *t)
+{
+ char c = 0;
+ ssize_t written;
+ int ret;
+
+ do {
+ /*
+ * This will wake the poll thread from the poll(2)
+ */
+ written = write(t->shutdown_pipe[1], &c, 1);
+ } while ((written == -1) && (errno == EINTR));
+
+ /*
+ * Allow the poll thread to do its own cleanup under the GIL
+ */
+ Py_BEGIN_ALLOW_THREADS
+ ret = pthread_join(t->id, NULL);
+ Py_END_ALLOW_THREADS
+ assert(ret == 0);
+
+ if (t->shutdown_pipe[0] != -1) {
+ close(t->shutdown_pipe[0]);
+ t->shutdown_pipe[0] = -1;
+ }
+ if (t->shutdown_pipe[1] != -1) {
+ close(t->shutdown_pipe[1]);
+ t->shutdown_pipe[1] = -1;
+ }
+ return 0;
+}
+
+static int py_tevent_cond_req_wait(struct tevent_context *ev,
+ struct tevent_req *req);
+
+static bool py_cli_state_setup_mt_ev(struct py_cli_state *self)
+{
+ struct py_cli_thread *t = NULL;
+ int ret;
+
+ self->ev = tevent_context_init_byname(NULL, "poll_mt");
+ if (self->ev == NULL) {
+ goto fail;
+ }
+ samba_tevent_set_debug(self->ev, "pylibsmb_tevent_mt");
+ tevent_set_trace_callback(self->ev, py_cli_state_trace_callback, self);
+
+ self->req_wait_fn = py_tevent_cond_req_wait;
+
+ self->thread_state = talloc_zero(NULL, struct py_cli_thread);
+ if (self->thread_state == NULL) {
+ goto fail;
+ }
+ t = self->thread_state;
+
+ ret = pipe(t->shutdown_pipe);
+ if (ret == -1) {
+ goto fail;
+ }
+ t->shutdown_fde = tevent_add_fd(
+ self->ev, self->ev, t->shutdown_pipe[0], TEVENT_FD_READ,
+ py_cli_state_shutdown_handler, self);
+ if (t->shutdown_fde == NULL) {
+ goto fail;
+ }
+
+ PyEval_InitThreads();
+
+ ret = pthread_create(&t->id, NULL, py_cli_state_poll_thread, self);
+ if (ret != 0) {
+ goto fail;
+ }
+ talloc_set_destructor(self->thread_state, py_cli_thread_destructor);
+ return true;
+
+fail:
+ if (t != NULL) {
+ TALLOC_FREE(t->shutdown_fde);
+
+ if (t->shutdown_pipe[0] != -1) {
+ close(t->shutdown_pipe[0]);
+ t->shutdown_pipe[0] = -1;
+ }
+ if (t->shutdown_pipe[1] != -1) {
+ close(t->shutdown_pipe[1]);
+ t->shutdown_pipe[1] = -1;
+ }
+ }
+
+ TALLOC_FREE(self->thread_state);
+ TALLOC_FREE(self->ev);
+ return false;
+}
+
+struct py_tevent_cond {
+ pthread_mutex_t mutex;
+ pthread_cond_t cond;
+ bool is_done;
+};
+
+static void py_tevent_signalme(struct tevent_req *req);
+
+static int py_tevent_cond_wait(struct py_tevent_cond *cond)
+{
+ int ret, result;
+
+ result = pthread_mutex_init(&cond->mutex, NULL);
+ if (result != 0) {
+ goto fail;
+ }
+ result = pthread_cond_init(&cond->cond, NULL);
+ if (result != 0) {
+ goto fail_mutex;
+ }
+
+ result = pthread_mutex_lock(&cond->mutex);
+ if (result != 0) {
+ goto fail_cond;
+ }
+
+ cond->is_done = false;
+
+ while (!cond->is_done) {
+
+ Py_BEGIN_ALLOW_THREADS
+ result = pthread_cond_wait(&cond->cond, &cond->mutex);
+ Py_END_ALLOW_THREADS
+
+ if (result != 0) {
+ goto fail_unlock;
+ }
+ }
+
+fail_unlock:
+ ret = pthread_mutex_unlock(&cond->mutex);
+ assert(ret == 0);
+fail_cond:
+ ret = pthread_cond_destroy(&cond->cond);
+ assert(ret == 0);
+fail_mutex:
+ ret = pthread_mutex_destroy(&cond->mutex);
+ assert(ret == 0);
+fail:
+ return result;
+}
+
+static int py_tevent_cond_req_wait(struct tevent_context *ev,
+ struct tevent_req *req)
+{
+ struct py_tevent_cond cond;
+ tevent_req_set_callback(req, py_tevent_signalme, &cond);
+ return py_tevent_cond_wait(&cond);
+}
+
+static void py_tevent_cond_signal(struct py_tevent_cond *cond)
+{
+ int ret;
+
+ ret = pthread_mutex_lock(&cond->mutex);
+ assert(ret == 0);
+
+ cond->is_done = true;
+
+ ret = pthread_cond_signal(&cond->cond);
+ assert(ret == 0);
+ ret = pthread_mutex_unlock(&cond->mutex);
+ assert(ret == 0);
+}
+
+static void py_tevent_signalme(struct tevent_req *req)
+{
+ struct py_tevent_cond *cond = (struct py_tevent_cond *)
+ tevent_req_callback_data_void(req);
+
+ py_tevent_cond_signal(cond);
+}
+
+#endif
+
+static int py_tevent_req_wait(struct tevent_context *ev,
+ struct tevent_req *req);
+
+static bool py_cli_state_setup_ev(struct py_cli_state *self)
+{
+ self->ev = tevent_context_init(NULL);
+ if (self->ev == NULL) {
+ return false;
+ }
+
+ samba_tevent_set_debug(self->ev, "pylibsmb_tevent");
+
+ self->req_wait_fn = py_tevent_req_wait;
+
+ return true;
+}
+
+static int py_tevent_req_wait(struct tevent_context *ev,
+ struct tevent_req *req)
+{
+ while (tevent_req_is_in_progress(req)) {
+ int ret;
+
+ ret = tevent_loop_once(ev);
+ if (ret != 0) {
+ return ret;
+ }
+ }
+ return 0;
+}
+
+static bool py_tevent_req_wait_exc(struct py_cli_state *self,
+ struct tevent_req *req)
+{
+ int ret;
+
+ if (req == NULL) {
+ PyErr_NoMemory();
+ return false;
+ }
+ ret = self->req_wait_fn(self->ev, req);
+ if (ret != 0) {
+ TALLOC_FREE(req);
+ errno = ret;
+ PyErr_SetFromErrno(PyExc_RuntimeError);
+ return false;
+ }
+ return true;
+}
+
+static PyObject *py_cli_state_new(PyTypeObject *type, PyObject *args,
+ PyObject *kwds)
+{
+ struct py_cli_state *self;
+
+ self = (struct py_cli_state *)type->tp_alloc(type, 0);
+ if (self == NULL) {
+ return NULL;
+ }
+ self->cli = NULL;
+ self->ev = NULL;
+ self->thread_state = NULL;
+ self->oplock_waiter = NULL;
+ self->oplock_cond = NULL;
+ self->oplock_breaks = NULL;
+ return (PyObject *)self;
+}
+
+static struct smb2_negotiate_contexts *py_cli_get_negotiate_contexts(
+ TALLOC_CTX *mem_ctx, PyObject *list)
+{
+ struct smb2_negotiate_contexts *ctxs = NULL;
+ Py_ssize_t i, len;
+ int ret;
+
+ ret = PyList_Check(list);
+ if (!ret) {
+ goto fail;
+ }
+
+ len = PyList_Size(list);
+ if (len == 0) {
+ goto fail;
+ }
+
+ ctxs = talloc_zero(mem_ctx, struct smb2_negotiate_contexts);
+ if (ctxs == NULL) {
+ goto fail;
+ }
+
+ for (i=0; i<len; i++) {
+ NTSTATUS status;
+
+ PyObject *t = PyList_GetItem(list, i);
+ Py_ssize_t tlen;
+
+ PyObject *ptype = NULL;
+ long type;
+
+ PyObject *pdata = NULL;
+ DATA_BLOB data = { .data = NULL, };
+
+ if (t == NULL) {
+ goto fail;
+ }
+
+ ret = PyTuple_Check(t);
+ if (!ret) {
+ goto fail;
+ }
+
+ tlen = PyTuple_Size(t);
+ if (tlen != 2) {
+ goto fail;
+ }
+
+ ptype = PyTuple_GetItem(t, 0);
+ if (ptype == NULL) {
+ goto fail;
+ }
+ type = PyLong_AsLong(ptype);
+ if ((type < 0) || (type > UINT16_MAX)) {
+ goto fail;
+ }
+
+ pdata = PyTuple_GetItem(t, 1);
+
+ ret = PyBytes_Check(pdata);
+ if (!ret) {
+ goto fail;
+ }
+
+ data.data = (uint8_t *)PyBytes_AsString(pdata);
+ data.length = PyBytes_Size(pdata);
+
+ status = smb2_negotiate_context_add(
+ ctxs, ctxs, type, data.data, data.length);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ }
+ return ctxs;
+
+fail:
+ TALLOC_FREE(ctxs);
+ return NULL;
+}
+
+static void py_cli_got_oplock_break(struct tevent_req *req);
+
+static int py_cli_state_init(struct py_cli_state *self, PyObject *args,
+ PyObject *kwds)
+{
+ NTSTATUS status;
+ char *host, *share;
+ PyObject *creds = NULL;
+ struct cli_credentials *cli_creds;
+ PyObject *py_lp = Py_None;
+ PyObject *py_multi_threaded = Py_False;
+ bool multi_threaded = false;
+ PyObject *py_force_smb1 = Py_False;
+ bool force_smb1 = false;
+ PyObject *py_ipc = Py_False;
+ PyObject *py_posix = Py_False;
+ PyObject *py_negotiate_contexts = NULL;
+ struct smb2_negotiate_contexts *negotiate_contexts = NULL;
+ bool use_ipc = false;
+ bool request_posix = false;
+ struct tevent_req *req;
+ bool ret;
+ int flags = 0;
+
+ static const char *kwlist[] = {
+ "host", "share", "lp", "creds",
+ "multi_threaded", "force_smb1",
+ "ipc",
+ "posix",
+ "negotiate_contexts",
+ NULL
+ };
+
+ PyTypeObject *py_type_Credentials = get_pytype(
+ "samba.credentials", "Credentials");
+ if (py_type_Credentials == NULL) {
+ return -1;
+ }
+
+ ret = ParseTupleAndKeywords(
+ args, kwds, "ssO|O!OOOOO", kwlist,
+ &host, &share, &py_lp,
+ py_type_Credentials, &creds,
+ &py_multi_threaded,
+ &py_force_smb1,
+ &py_ipc,
+ &py_posix,
+ &py_negotiate_contexts);
+
+ Py_DECREF(py_type_Credentials);
+
+ if (!ret) {
+ return -1;
+ }
+
+ multi_threaded = PyObject_IsTrue(py_multi_threaded);
+ force_smb1 = PyObject_IsTrue(py_force_smb1);
+
+ if (force_smb1) {
+ /*
+ * As most of the cli_*_send() function
+ * don't support SMB2 (it's only plugged
+ * into the sync wrapper functions currently)
+ * we have a way to force SMB1.
+ */
+ flags = CLI_FULL_CONNECTION_FORCE_SMB1;
+ }
+
+ use_ipc = PyObject_IsTrue(py_ipc);
+ if (use_ipc) {
+ flags |= CLI_FULL_CONNECTION_IPC;
+ }
+
+ request_posix = PyObject_IsTrue(py_posix);
+ if (request_posix) {
+ flags |= CLI_FULL_CONNECTION_REQUEST_POSIX;
+ }
+
+ if (py_negotiate_contexts != NULL) {
+ negotiate_contexts = py_cli_get_negotiate_contexts(
+ talloc_tos(), py_negotiate_contexts);
+ if (negotiate_contexts == NULL) {
+ return -1;
+ }
+ }
+
+ if (multi_threaded) {
+#ifdef HAVE_PTHREAD
+ ret = py_cli_state_setup_mt_ev(self);
+ if (!ret) {
+ return -1;
+ }
+#else
+ PyErr_SetString(PyExc_RuntimeError,
+ "No PTHREAD support available");
+ return -1;
+#endif
+ } else {
+ ret = py_cli_state_setup_ev(self);
+ if (!ret) {
+ return -1;
+ }
+ }
+
+ if (creds == NULL) {
+ cli_creds = cli_credentials_init_anon(NULL);
+ } else {
+ cli_creds = PyCredentials_AsCliCredentials(creds);
+ }
+
+ req = cli_full_connection_creds_send(
+ NULL, self->ev, "myname", host, NULL, 0, share, "?????",
+ cli_creds, flags,
+ negotiate_contexts);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return -1;
+ }
+ status = cli_full_connection_creds_recv(req, &self->cli);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return -1;
+ }
+
+ /*
+ * Oplocks require a multi threaded connection
+ */
+ if (self->thread_state == NULL) {
+ return 0;
+ }
+
+ self->oplock_waiter = cli_smb_oplock_break_waiter_send(
+ self->ev, self->ev, self->cli);
+ if (self->oplock_waiter == NULL) {
+ PyErr_NoMemory();
+ return -1;
+ }
+ tevent_req_set_callback(self->oplock_waiter, py_cli_got_oplock_break,
+ self);
+ return 0;
+}
+
+static void py_cli_got_oplock_break(struct tevent_req *req)
+{
+ struct py_cli_state *self = (struct py_cli_state *)
+ tevent_req_callback_data_void(req);
+ struct py_cli_oplock_break b;
+ struct py_cli_oplock_break *tmp;
+ size_t num_breaks;
+ NTSTATUS status;
+
+ status = cli_smb_oplock_break_waiter_recv(req, &b.fnum, &b.level);
+ TALLOC_FREE(req);
+ self->oplock_waiter = NULL;
+
+ if (!NT_STATUS_IS_OK(status)) {
+ return;
+ }
+
+ num_breaks = talloc_array_length(self->oplock_breaks);
+ tmp = talloc_realloc(self->ev, self->oplock_breaks,
+ struct py_cli_oplock_break, num_breaks+1);
+ if (tmp == NULL) {
+ return;
+ }
+ self->oplock_breaks = tmp;
+ self->oplock_breaks[num_breaks] = b;
+
+ if (self->oplock_cond != NULL) {
+ py_tevent_cond_signal(self->oplock_cond);
+ }
+
+ self->oplock_waiter = cli_smb_oplock_break_waiter_send(
+ self->ev, self->ev, self->cli);
+ if (self->oplock_waiter == NULL) {
+ return;
+ }
+ tevent_req_set_callback(self->oplock_waiter, py_cli_got_oplock_break,
+ self);
+}
+
+static PyObject *py_cli_get_oplock_break(struct py_cli_state *self,
+ PyObject *args)
+{
+ size_t num_oplock_breaks;
+
+ if (!PyArg_ParseTuple(args, "")) {
+ return NULL;
+ }
+
+ if (self->thread_state == NULL) {
+ PyErr_SetString(PyExc_RuntimeError,
+ "get_oplock_break() only possible on "
+ "a multi_threaded connection");
+ return NULL;
+ }
+
+ if (self->oplock_cond != NULL) {
+ errno = EBUSY;
+ PyErr_SetFromErrno(PyExc_RuntimeError);
+ return NULL;
+ }
+
+ num_oplock_breaks = talloc_array_length(self->oplock_breaks);
+
+ if (num_oplock_breaks == 0) {
+ struct py_tevent_cond cond;
+ int ret;
+
+ self->oplock_cond = &cond;
+ ret = py_tevent_cond_wait(&cond);
+ self->oplock_cond = NULL;
+
+ if (ret != 0) {
+ errno = ret;
+ PyErr_SetFromErrno(PyExc_RuntimeError);
+ return NULL;
+ }
+ }
+
+ num_oplock_breaks = talloc_array_length(self->oplock_breaks);
+ if (num_oplock_breaks > 0) {
+ PyObject *result;
+
+ result = Py_BuildValue(
+ "{s:i,s:i}",
+ "fnum", self->oplock_breaks[0].fnum,
+ "level", self->oplock_breaks[0].level);
+
+ memmove(&self->oplock_breaks[0], &self->oplock_breaks[1],
+ sizeof(self->oplock_breaks[0]) *
+ (num_oplock_breaks - 1));
+ self->oplock_breaks = talloc_realloc(
+ NULL, self->oplock_breaks, struct py_cli_oplock_break,
+ num_oplock_breaks - 1);
+
+ return result;
+ }
+ Py_RETURN_NONE;
+}
+
+static void py_cli_state_dealloc(struct py_cli_state *self)
+{
+ TALLOC_FREE(self->thread_state);
+ TALLOC_FREE(self->oplock_waiter);
+ TALLOC_FREE(self->ev);
+
+ if (self->cli != NULL) {
+ cli_shutdown(self->cli);
+ self->cli = NULL;
+ }
+ Py_TYPE(self)->tp_free((PyObject *)self);
+}
+
+static PyObject *py_cli_settimeout(struct py_cli_state *self, PyObject *args)
+{
+ unsigned int nmsecs = 0;
+ unsigned int omsecs = 0;
+
+ if (!PyArg_ParseTuple(args, "I", &nmsecs)) {
+ return NULL;
+ }
+
+ omsecs = cli_set_timeout(self->cli, nmsecs);
+
+ return PyLong_FromLong(omsecs);
+}
+
+static PyObject *py_cli_echo(struct py_cli_state *self,
+ PyObject *Py_UNUSED(ignored))
+{
+ DATA_BLOB data = data_blob_string_const("keepalive");
+ struct tevent_req *req = NULL;
+ NTSTATUS status;
+
+ req = cli_echo_send(NULL, self->ev, self->cli, 1, data);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_echo_recv(req);
+ TALLOC_FREE(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_cli_create(struct py_cli_state *self, PyObject *args,
+ PyObject *kwds)
+{
+ char *fname;
+ unsigned CreateFlags = 0;
+ unsigned DesiredAccess = FILE_GENERIC_READ;
+ unsigned FileAttributes = 0;
+ unsigned ShareAccess = 0;
+ unsigned CreateDisposition = FILE_OPEN;
+ unsigned CreateOptions = 0;
+ unsigned ImpersonationLevel = SMB2_IMPERSONATION_IMPERSONATION;
+ unsigned SecurityFlags = 0;
+ uint16_t fnum;
+ struct tevent_req *req;
+ NTSTATUS status;
+
+ static const char *kwlist[] = {
+ "Name", "CreateFlags", "DesiredAccess", "FileAttributes",
+ "ShareAccess", "CreateDisposition", "CreateOptions",
+ "ImpersonationLevel", "SecurityFlags", NULL };
+
+ if (!ParseTupleAndKeywords(
+ args, kwds, "s|IIIIIIII", kwlist,
+ &fname, &CreateFlags, &DesiredAccess, &FileAttributes,
+ &ShareAccess, &CreateDisposition, &CreateOptions,
+ &ImpersonationLevel, &SecurityFlags)) {
+ return NULL;
+ }
+
+ req = cli_ntcreate_send(NULL, self->ev, self->cli, fname, CreateFlags,
+ DesiredAccess, FileAttributes, ShareAccess,
+ CreateDisposition, CreateOptions,
+ ImpersonationLevel, SecurityFlags);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_ntcreate_recv(req, &fnum, NULL);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+ return Py_BuildValue("I", (unsigned)fnum);
+}
+
+static struct smb2_create_blobs *py_cli_get_create_contexts(
+ TALLOC_CTX *mem_ctx, PyObject *list)
+{
+ struct smb2_create_blobs *ctxs = NULL;
+ Py_ssize_t i, len;
+ int ret;
+
+ ret = PyList_Check(list);
+ if (!ret) {
+ goto fail;
+ }
+
+ len = PyList_Size(list);
+ if (len == 0) {
+ goto fail;
+ }
+
+ ctxs = talloc_zero(mem_ctx, struct smb2_create_blobs);
+ if (ctxs == NULL) {
+ goto fail;
+ }
+
+ for (i=0; i<len; i++) {
+ NTSTATUS status;
+
+ PyObject *t = NULL;
+ Py_ssize_t tlen;
+
+ PyObject *pname = NULL;
+ char *name = NULL;
+
+ PyObject *pdata = NULL;
+ DATA_BLOB data = { .data = NULL, };
+
+ t = PyList_GetItem(list, i);
+ if (t == NULL) {
+ goto fail;
+ }
+
+ ret = PyTuple_Check(t);
+ if (!ret) {
+ goto fail;
+ }
+
+ tlen = PyTuple_Size(t);
+ if (tlen != 2) {
+ goto fail;
+ }
+
+ pname = PyTuple_GetItem(t, 0);
+ if (pname == NULL) {
+ goto fail;
+ }
+ ret = PyBytes_Check(pname);
+ if (!ret) {
+ goto fail;
+ }
+ name = PyBytes_AsString(pname);
+
+ pdata = PyTuple_GetItem(t, 1);
+ if (pdata == NULL) {
+ goto fail;
+ }
+ ret = PyBytes_Check(pdata);
+ if (!ret) {
+ goto fail;
+ }
+ data = (DATA_BLOB) {
+ .data = (uint8_t *)PyBytes_AsString(pdata),
+ .length = PyBytes_Size(pdata),
+ };
+ status = smb2_create_blob_add(ctxs, ctxs, name, data);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ }
+ return ctxs;
+
+fail:
+ TALLOC_FREE(ctxs);
+ return NULL;
+}
+
+static PyObject *py_cli_create_contexts(const struct smb2_create_blobs *blobs)
+{
+ PyObject *py_blobs = NULL;
+ uint32_t i;
+
+ if (blobs == NULL) {
+ Py_RETURN_NONE;
+ }
+
+ py_blobs = PyList_New(blobs->num_blobs);
+ if (py_blobs == NULL) {
+ return NULL;
+ }
+
+ for (i=0; i<blobs->num_blobs; i++) {
+ struct smb2_create_blob *blob = &blobs->blobs[i];
+ PyObject *py_blob = NULL;
+ int ret;
+
+ py_blob = Py_BuildValue(
+ "(yy#)",
+ blob->tag,
+ blob->data.data,
+ (int)blob->data.length);
+ if (py_blob == NULL) {
+ goto fail;
+ }
+
+ ret = PyList_SetItem(py_blobs, i, py_blob);
+ if (ret == -1) {
+ Py_XDECREF(py_blob);
+ goto fail;
+ }
+ }
+ return py_blobs;
+
+fail:
+ Py_XDECREF(py_blobs);
+ return NULL;
+}
+
+static PyObject *py_cli_create_returns(const struct smb_create_returns *r)
+{
+ PyObject *v = NULL;
+
+ v = Py_BuildValue(
+ "{sLsLsLsLsLsLsLsLsLsL}",
+ "oplock_level",
+ (unsigned long long)r->oplock_level,
+ "flags",
+ (unsigned long long)r->flags,
+ "create_action",
+ (unsigned long long)r->create_action,
+ "creation_time",
+ (unsigned long long)r->creation_time,
+ "last_access_time",
+ (unsigned long long)r->last_access_time,
+ "last_write_time",
+ (unsigned long long)r->last_write_time,
+ "change_time",
+ (unsigned long long)r->change_time,
+ "allocation_size",
+ (unsigned long long)r->allocation_size,
+ "end_of_file",
+ (unsigned long long)r->end_of_file,
+ "file_attributes",
+ (unsigned long long)r->file_attributes);
+ return v;
+}
+
+static PyObject *py_cli_symlink_error(const struct symlink_reparse_struct *s)
+{
+ char *subst_utf8 = NULL, *print_utf8 = NULL;
+ size_t subst_utf8_len, print_utf8_len;
+ PyObject *v = NULL;
+ bool ok = true;
+
+ /*
+ * Python wants utf-8, regardless of our unix charset (which
+ * most likely is utf-8 these days, but you never know).
+ */
+
+ ok = convert_string_talloc(
+ talloc_tos(),
+ CH_UNIX,
+ CH_UTF8,
+ s->substitute_name,
+ strlen(s->substitute_name),
+ &subst_utf8,
+ &subst_utf8_len);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = convert_string_talloc(
+ talloc_tos(),
+ CH_UNIX,
+ CH_UTF8,
+ s->print_name,
+ strlen(s->print_name),
+ &print_utf8,
+ &print_utf8_len);
+ if (!ok) {
+ goto fail;
+ }
+
+ v = Py_BuildValue(
+ "{sLsssssL}",
+ "unparsed_path_length",
+ (unsigned long long)s->unparsed_path_length,
+ "substitute_name",
+ subst_utf8,
+ "print_name",
+ print_utf8,
+ "flags",
+ (unsigned long long)s->flags);
+
+fail:
+ TALLOC_FREE(subst_utf8);
+ TALLOC_FREE(print_utf8);
+ return v;
+}
+
+static PyObject *py_cli_create_ex(
+ struct py_cli_state *self, PyObject *args, PyObject *kwds)
+{
+ char *fname = NULL;
+ unsigned CreateFlags = 0;
+ unsigned DesiredAccess = FILE_GENERIC_READ;
+ unsigned FileAttributes = 0;
+ unsigned ShareAccess = 0;
+ unsigned CreateDisposition = FILE_OPEN;
+ unsigned CreateOptions = 0;
+ unsigned ImpersonationLevel = SMB2_IMPERSONATION_IMPERSONATION;
+ unsigned SecurityFlags = 0;
+ PyObject *py_create_contexts_in = NULL;
+ PyObject *py_create_contexts_out = NULL;
+ struct smb2_create_blobs *create_contexts_in = NULL;
+ struct smb2_create_blobs create_contexts_out = { .num_blobs = 0 };
+ struct smb_create_returns cr = { .create_action = 0, };
+ struct symlink_reparse_struct *symlink = NULL;
+ PyObject *py_cr = NULL;
+ uint16_t fnum;
+ struct tevent_req *req;
+ NTSTATUS status;
+ int ret;
+ bool ok;
+ PyObject *v = NULL;
+
+ static const char *kwlist[] = {
+ "Name",
+ "CreateFlags",
+ "DesiredAccess",
+ "FileAttributes",
+ "ShareAccess",
+ "CreateDisposition",
+ "CreateOptions",
+ "ImpersonationLevel",
+ "SecurityFlags",
+ "CreateContexts",
+ NULL };
+
+ ret = ParseTupleAndKeywords(
+ args,
+ kwds,
+ "s|IIIIIIIIO",
+ kwlist,
+ &fname,
+ &CreateFlags,
+ &DesiredAccess,
+ &FileAttributes,
+ &ShareAccess,
+ &CreateDisposition,
+ &CreateOptions,
+ &ImpersonationLevel,
+ &SecurityFlags,
+ &py_create_contexts_in);
+ if (!ret) {
+ return NULL;
+ }
+
+ if (py_create_contexts_in != NULL) {
+ create_contexts_in = py_cli_get_create_contexts(
+ NULL, py_create_contexts_in);
+ if (create_contexts_in == NULL) {
+ errno = EINVAL;
+ PyErr_SetFromErrno(PyExc_RuntimeError);
+ return NULL;
+ }
+ }
+
+ if (smbXcli_conn_protocol(self->cli->conn) >= PROTOCOL_SMB2_02) {
+ struct cli_smb2_create_flags cflags = {
+ .batch_oplock = (CreateFlags & REQUEST_BATCH_OPLOCK),
+ .exclusive_oplock = (CreateFlags & REQUEST_OPLOCK),
+ };
+
+ req = cli_smb2_create_fnum_send(
+ NULL,
+ self->ev,
+ self->cli,
+ fname,
+ cflags,
+ ImpersonationLevel,
+ DesiredAccess,
+ FileAttributes,
+ ShareAccess,
+ CreateDisposition,
+ CreateOptions,
+ create_contexts_in);
+ } else {
+ req = cli_ntcreate_send(
+ NULL,
+ self->ev,
+ self->cli,
+ fname,
+ CreateFlags,
+ DesiredAccess,
+ FileAttributes,
+ ShareAccess,
+ CreateDisposition,
+ CreateOptions,
+ ImpersonationLevel,
+ SecurityFlags);
+ }
+
+ TALLOC_FREE(create_contexts_in);
+
+ ok = py_tevent_req_wait_exc(self, req);
+ if (!ok) {
+ return NULL;
+ }
+
+ if (smbXcli_conn_protocol(self->cli->conn) >= PROTOCOL_SMB2_02) {
+ status = cli_smb2_create_fnum_recv(
+ req,
+ &fnum,
+ &cr,
+ NULL,
+ &create_contexts_out,
+ &symlink);
+ } else {
+ status = cli_ntcreate_recv(req, &fnum, &cr);
+ }
+
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+
+ SMB_ASSERT(symlink == NULL);
+
+ py_create_contexts_out = py_cli_create_contexts(&create_contexts_out);
+ TALLOC_FREE(create_contexts_out.blobs);
+ if (py_create_contexts_out == NULL) {
+ goto nomem;
+ }
+
+ py_cr = py_cli_create_returns(&cr);
+ if (py_cr == NULL) {
+ goto nomem;
+ }
+
+ v = Py_BuildValue("(IOO)",
+ (unsigned)fnum,
+ py_cr,
+ py_create_contexts_out);
+ return v;
+nomem:
+ status = NT_STATUS_NO_MEMORY;
+fail:
+ Py_XDECREF(py_create_contexts_out);
+ Py_XDECREF(py_cr);
+ Py_XDECREF(v);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_STOPPED_ON_SYMLINK) &&
+ (symlink != NULL)) {
+ PyErr_SetObject(
+ PyObject_GetAttrString(
+ PyImport_ImportModule("samba"),
+ "NTSTATUSError"),
+ Py_BuildValue(
+ "I,s,O",
+ NT_STATUS_V(status),
+ get_friendly_nt_error_msg(status),
+ py_cli_symlink_error(symlink)));
+ } else {
+ PyErr_SetNTSTATUS(status);
+ }
+ return NULL;
+}
+
+static PyObject *py_cli_close(struct py_cli_state *self, PyObject *args)
+{
+ struct tevent_req *req;
+ int fnum;
+ int flags = 0;
+ NTSTATUS status;
+
+ if (!PyArg_ParseTuple(args, "i|i", &fnum, &flags)) {
+ return NULL;
+ }
+
+ req = cli_close_send(NULL, self->ev, self->cli, fnum, flags);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_close_recv(req);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_cli_rename(
+ struct py_cli_state *self, PyObject *args, PyObject *kwds)
+{
+ char *fname_src = NULL, *fname_dst = NULL;
+ int replace = false;
+ struct tevent_req *req = NULL;
+ NTSTATUS status;
+ bool ok;
+
+ static const char *kwlist[] = { "src", "dst", "replace", NULL };
+
+ ok = ParseTupleAndKeywords(
+ args, kwds, "ss|p", kwlist, &fname_src, &fname_dst, &replace);
+ if (!ok) {
+ return NULL;
+ }
+
+ req = cli_rename_send(
+ NULL, self->ev, self->cli, fname_src, fname_dst, replace);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_rename_recv(req);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
+
+struct push_state {
+ char *data;
+ off_t nread;
+ off_t total_data;
+};
+
+/*
+ * cli_push() helper to write a chunk of data to a remote file
+ */
+static size_t push_data(uint8_t *buf, size_t n, void *priv)
+{
+ struct push_state *state = (struct push_state *)priv;
+ char *curr_ptr = NULL;
+ off_t remaining;
+ size_t copied_bytes;
+
+ if (state->nread >= state->total_data) {
+ return 0;
+ }
+
+ curr_ptr = state->data + state->nread;
+ remaining = state->total_data - state->nread;
+ copied_bytes = MIN(remaining, n);
+
+ memcpy(buf, curr_ptr, copied_bytes);
+ state->nread += copied_bytes;
+ return copied_bytes;
+}
+
+/*
+ * Writes a file with the contents specified
+ */
+static PyObject *py_smb_savefile(struct py_cli_state *self, PyObject *args)
+{
+ uint16_t fnum;
+ const char *filename = NULL;
+ char *data = NULL;
+ Py_ssize_t size = 0;
+ NTSTATUS status;
+ struct tevent_req *req = NULL;
+ struct push_state state;
+
+ if (!PyArg_ParseTuple(args, "s"PYARG_BYTES_LEN":savefile", &filename,
+ &data, &size)) {
+ return NULL;
+ }
+
+ /* create a new file handle for writing to */
+ req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0,
+ FILE_WRITE_DATA, FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ FILE_OVERWRITE_IF, FILE_NON_DIRECTORY_FILE,
+ SMB2_IMPERSONATION_IMPERSONATION, 0);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_ntcreate_recv(req, &fnum, NULL);
+ TALLOC_FREE(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ /* write the new file contents */
+ state.data = data;
+ state.nread = 0;
+ state.total_data = size;
+
+ req = cli_push_send(NULL, self->ev, self->cli, fnum, 0, 0, 0,
+ push_data, &state);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_push_recv(req);
+ TALLOC_FREE(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ /* close the file handle */
+ req = cli_close_send(NULL, self->ev, self->cli, fnum, 0);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_close_recv(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_cli_write(struct py_cli_state *self, PyObject *args,
+ PyObject *kwds)
+{
+ int fnum;
+ unsigned mode = 0;
+ char *buf;
+ Py_ssize_t buflen;
+ unsigned long long offset;
+ struct tevent_req *req;
+ NTSTATUS status;
+ size_t written;
+
+ static const char *kwlist[] = {
+ "fnum", "buffer", "offset", "mode", NULL };
+
+ if (!ParseTupleAndKeywords(
+ args, kwds, "i" PYARG_BYTES_LEN "K|I", kwlist,
+ &fnum, &buf, &buflen, &offset, &mode)) {
+ return NULL;
+ }
+
+ req = cli_write_send(NULL, self->ev, self->cli, fnum, mode,
+ (uint8_t *)buf, offset, buflen);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_write_recv(req, &written);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+ return Py_BuildValue("K", (unsigned long long)written);
+}
+
+/*
+ * Returns the size of the given file
+ */
+static NTSTATUS py_smb_filesize(struct py_cli_state *self, uint16_t fnum,
+ off_t *size)
+{
+ NTSTATUS status;
+ struct tevent_req *req = NULL;
+
+ req = cli_qfileinfo_basic_send(NULL, self->ev, self->cli, fnum);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ status = cli_qfileinfo_basic_recv(
+ req, NULL, size, NULL, NULL, NULL, NULL, NULL);
+ TALLOC_FREE(req);
+ return status;
+}
+
+/*
+ * Loads the specified file's contents and returns it
+ */
+static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ const char *filename = NULL;
+ struct tevent_req *req = NULL;
+ uint16_t fnum;
+ off_t size;
+ char *buf = NULL;
+ off_t nread = 0;
+ PyObject *result = NULL;
+
+ if (!PyArg_ParseTuple(args, "s:loadfile", &filename)) {
+ return NULL;
+ }
+
+ /* get a read file handle */
+ req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0,
+ FILE_READ_DATA | FILE_READ_ATTRIBUTES,
+ FILE_ATTRIBUTE_NORMAL,
+ FILE_SHARE_READ, FILE_OPEN, 0,
+ SMB2_IMPERSONATION_IMPERSONATION, 0);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_ntcreate_recv(req, &fnum, NULL);
+ TALLOC_FREE(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ /* get a buffer to hold the file contents */
+ status = py_smb_filesize(self, fnum, &size);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ result = PyBytes_FromStringAndSize(NULL, size);
+ if (result == NULL) {
+ return NULL;
+ }
+
+ /* read the file contents */
+ buf = PyBytes_AS_STRING(result);
+ req = cli_pull_send(NULL, self->ev, self->cli, fnum, 0, size,
+ size, cli_read_sink, &buf);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ Py_XDECREF(result);
+ return NULL;
+ }
+ status = cli_pull_recv(req, &nread);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ Py_XDECREF(result);
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ /* close the file handle */
+ req = cli_close_send(NULL, self->ev, self->cli, fnum, 0);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ Py_XDECREF(result);
+ return NULL;
+ }
+ status = cli_close_recv(req);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ Py_XDECREF(result);
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ /* sanity-check we read the expected number of bytes */
+ if (nread > size) {
+ Py_XDECREF(result);
+ PyErr_Format(PyExc_IOError,
+ "read invalid - got %zu requested %zu",
+ nread, size);
+ return NULL;
+ }
+
+ if (nread < size) {
+ if (_PyBytes_Resize(&result, nread) < 0) {
+ return NULL;
+ }
+ }
+
+ return result;
+}
+
+static PyObject *py_cli_read(struct py_cli_state *self, PyObject *args,
+ PyObject *kwds)
+{
+ int fnum;
+ unsigned long long offset;
+ unsigned size;
+ struct tevent_req *req;
+ NTSTATUS status;
+ char *buf;
+ size_t received;
+ PyObject *result;
+
+ static const char *kwlist[] = {
+ "fnum", "offset", "size", NULL };
+
+ if (!ParseTupleAndKeywords(
+ args, kwds, "iKI", kwlist, &fnum, &offset,
+ &size)) {
+ return NULL;
+ }
+
+ result = PyBytes_FromStringAndSize(NULL, size);
+ if (result == NULL) {
+ return NULL;
+ }
+ buf = PyBytes_AS_STRING(result);
+
+ req = cli_read_send(NULL, self->ev, self->cli, fnum,
+ buf, offset, size);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ Py_XDECREF(result);
+ return NULL;
+ }
+ status = cli_read_recv(req, &received);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ Py_XDECREF(result);
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ if (received > size) {
+ Py_XDECREF(result);
+ PyErr_Format(PyExc_IOError,
+ "read invalid - got %zu requested %u",
+ received, size);
+ return NULL;
+ }
+
+ if (received < size) {
+ if (_PyBytes_Resize(&result, received) < 0) {
+ return NULL;
+ }
+ }
+
+ return result;
+}
+
+static PyObject *py_cli_ftruncate(struct py_cli_state *self, PyObject *args,
+ PyObject *kwds)
+{
+ int fnum;
+ unsigned long long size;
+ struct tevent_req *req;
+ NTSTATUS status;
+
+ static const char *kwlist[] = {
+ "fnum", "size", NULL };
+
+ if (!ParseTupleAndKeywords(
+ args, kwds, "IK", kwlist, &fnum, &size)) {
+ return NULL;
+ }
+
+ req = cli_ftruncate_send(NULL, self->ev, self->cli, fnum, size);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_ftruncate_recv(req);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_cli_delete_on_close(struct py_cli_state *self,
+ PyObject *args,
+ PyObject *kwds)
+{
+ unsigned fnum, flag;
+ struct tevent_req *req;
+ NTSTATUS status;
+
+ static const char *kwlist[] = {
+ "fnum", "flag", NULL };
+
+ if (!ParseTupleAndKeywords(
+ args, kwds, "II", kwlist, &fnum, &flag)) {
+ return NULL;
+ }
+
+ req = cli_nt_delete_on_close_send(NULL, self->ev, self->cli, fnum,
+ flag);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_nt_delete_on_close_recv(req);
+ TALLOC_FREE(req);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
+struct py_cli_notify_state {
+ PyObject_HEAD
+ struct py_cli_state *py_cli_state;
+ struct tevent_req *req;
+};
+
+static void py_cli_notify_state_dealloc(struct py_cli_notify_state *self)
+{
+ TALLOC_FREE(self->req);
+ Py_CLEAR(self->py_cli_state);
+ Py_TYPE(self)->tp_free(self);
+}
+
+static PyTypeObject py_cli_notify_state_type;
+
+static PyObject *py_cli_notify(struct py_cli_state *self,
+ PyObject *args,
+ PyObject *kwds)
+{
+ static const char *kwlist[] = {
+ "fnum",
+ "buffer_size",
+ "completion_filter",
+ "recursive",
+ NULL
+ };
+ unsigned fnum = 0;
+ unsigned buffer_size = 0;
+ unsigned completion_filter = 0;
+ PyObject *py_recursive = Py_False;
+ bool recursive = false;
+ struct tevent_req *req = NULL;
+ struct tevent_queue *send_queue = NULL;
+ struct tevent_req *flush_req = NULL;
+ bool ok;
+ struct py_cli_notify_state *py_notify_state = NULL;
+ struct timeval endtime;
+
+ ok = ParseTupleAndKeywords(args,
+ kwds,
+ "IIIO",
+ kwlist,
+ &fnum,
+ &buffer_size,
+ &completion_filter,
+ &py_recursive);
+ if (!ok) {
+ return NULL;
+ }
+
+ recursive = PyObject_IsTrue(py_recursive);
+
+ req = cli_notify_send(NULL,
+ self->ev,
+ self->cli,
+ fnum,
+ buffer_size,
+ completion_filter,
+ recursive);
+ if (req == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
+ /*
+ * Just wait for the request being submitted to
+ * the kernel/socket/wire.
+ */
+ send_queue = smbXcli_conn_send_queue(self->cli->conn);
+ flush_req = tevent_queue_wait_send(req,
+ self->ev,
+ send_queue);
+ endtime = timeval_current_ofs_msec(self->cli->timeout);
+ ok = tevent_req_set_endtime(flush_req,
+ self->ev,
+ endtime);
+ if (!ok) {
+ TALLOC_FREE(req);
+ PyErr_NoMemory();
+ return NULL;
+ }
+ ok = py_tevent_req_wait_exc(self, flush_req);
+ if (!ok) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ TALLOC_FREE(flush_req);
+
+ py_notify_state = (struct py_cli_notify_state *)
+ py_cli_notify_state_type.tp_alloc(&py_cli_notify_state_type, 0);
+ if (py_notify_state == NULL) {
+ TALLOC_FREE(req);
+ PyErr_NoMemory();
+ return NULL;
+ }
+ Py_INCREF(self);
+ py_notify_state->py_cli_state = self;
+ py_notify_state->req = req;
+
+ return (PyObject *)py_notify_state;
+}
+
+static PyObject *py_cli_notify_get_changes(struct py_cli_notify_state *self,
+ PyObject *args,
+ PyObject *kwds)
+{
+ struct py_cli_state *py_cli_state = self->py_cli_state;
+ struct tevent_req *req = self->req;
+ uint32_t i;
+ uint32_t num_changes = 0;
+ struct notify_change *changes = NULL;
+ PyObject *result = NULL;
+ NTSTATUS status;
+ bool ok;
+ static const char *kwlist[] = {
+ "wait",
+ NULL
+ };
+ PyObject *py_wait = Py_False;
+ bool wait = false;
+ bool pending;
+
+ ok = ParseTupleAndKeywords(args,
+ kwds,
+ "O",
+ kwlist,
+ &py_wait);
+ if (!ok) {
+ return NULL;
+ }
+
+ wait = PyObject_IsTrue(py_wait);
+
+ if (req == NULL) {
+ PyErr_SetString(PyExc_RuntimeError,
+ "TODO req == NULL "
+ "- missing change notify request?");
+ return NULL;
+ }
+
+ pending = tevent_req_is_in_progress(req);
+ if (pending && !wait) {
+ Py_RETURN_NONE;
+ }
+
+ if (pending) {
+ struct timeval endtime;
+
+ endtime = timeval_current_ofs_msec(py_cli_state->cli->timeout);
+ ok = tevent_req_set_endtime(req,
+ py_cli_state->ev,
+ endtime);
+ if (!ok) {
+ TALLOC_FREE(req);
+ PyErr_NoMemory();
+ return NULL;
+ }
+ }
+
+ ok = py_tevent_req_wait_exc(py_cli_state, req);
+ self->req = NULL;
+ Py_CLEAR(self->py_cli_state);
+ if (!ok) {
+ return NULL;
+ }
+
+ status = cli_notify_recv(req, req, &num_changes, &changes);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(req);
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ result = Py_BuildValue("[]");
+ if (result == NULL) {
+ TALLOC_FREE(req);
+ return NULL;
+ }
+
+ for (i = 0; i < num_changes; i++) {
+ PyObject *change = NULL;
+ int ret;
+
+ change = Py_BuildValue("{s:s,s:I}",
+ "name", changes[i].name,
+ "action", changes[i].action);
+ if (change == NULL) {
+ Py_XDECREF(result);
+ TALLOC_FREE(req);
+ return NULL;
+ }
+
+ ret = PyList_Append(result, change);
+ Py_DECREF(change);
+ if (ret == -1) {
+ Py_XDECREF(result);
+ TALLOC_FREE(req);
+ return NULL;
+ }
+ }
+
+ TALLOC_FREE(req);
+ return result;
+}
+
+static PyMethodDef py_cli_notify_state_methods[] = {
+ {
+ .ml_name = "get_changes",
+ .ml_meth = (PyCFunction)py_cli_notify_get_changes,
+ .ml_flags = METH_VARARGS|METH_KEYWORDS,
+ .ml_doc = "Wait for change notifications: \n"
+ "N.get_changes(wait=BOOLEAN) -> "
+ "change notifications as a dictionary\n"
+ "\t\tList contents of a directory. The keys are, \n"
+ "\t\t\tname: name of changed object\n"
+ "\t\t\taction: type of the change\n"
+ "None is returned if there's no response yet and "
+ "wait=False is passed"
+ },
+ {
+ .ml_name = NULL
+ }
+};
+
+static PyTypeObject py_cli_notify_state_type = {
+ PyVarObject_HEAD_INIT(NULL, 0)
+ .tp_name = "libsmb_samba_cwrapper.Notify",
+ .tp_basicsize = sizeof(struct py_cli_notify_state),
+ .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+ .tp_doc = "notify request",
+ .tp_dealloc = (destructor)py_cli_notify_state_dealloc,
+ .tp_methods = py_cli_notify_state_methods,
+};
+
+/*
+ * Helper to add posix directory listing entries to an overall Python list
+ */
+static NTSTATUS list_posix_helper(struct file_info *finfo,
+ const char *mask, void *state)
+{
+ PyObject *result = (PyObject *)state;
+ PyObject *file = NULL;
+ int ret;
+
+ /*
+ * Build a dictionary representing the file info.
+ */
+ file = Py_BuildValue("{s:s,s:I,"
+ "s:K,s:K,"
+ "s:l,s:l,s:l,s:l,"
+ "s:i,s:K,s:i,s:i,s:I,"
+ "s:s,s:s}",
+ "name", finfo->name,
+ "attrib", finfo->attr,
+
+ "size", finfo->size,
+ "allocaction_size", finfo->allocated_size,
+
+ "btime",
+ convert_timespec_to_time_t(finfo->btime_ts),
+ "atime",
+ convert_timespec_to_time_t(finfo->atime_ts),
+ "mtime",
+ convert_timespec_to_time_t(finfo->mtime_ts),
+ "ctime",
+ convert_timespec_to_time_t(finfo->ctime_ts),
+
+ "perms", finfo->st_ex_mode,
+ "ino", finfo->ino,
+ "dev", finfo->st_ex_dev,
+ "nlink", finfo->st_ex_nlink,
+ "reparse_tag", finfo->reparse_tag,
+
+ "owner_sid",
+ dom_sid_string(finfo, &finfo->owner_sid),
+ "group_sid",
+ dom_sid_string(finfo, &finfo->group_sid));
+ if (file == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ret = PyList_Append(result, file);
+ Py_CLEAR(file);
+ if (ret == -1) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/*
+ * Helper to add directory listing entries to an overall Python list
+ */
+static NTSTATUS list_helper(struct file_info *finfo,
+ const char *mask, void *state)
+{
+ PyObject *result = (PyObject *)state;
+ PyObject *file = NULL;
+ PyObject *size = NULL;
+ int ret;
+
+ /* suppress '.' and '..' in the results we return */
+ if (ISDOT(finfo->name) || ISDOTDOT(finfo->name)) {
+ return NT_STATUS_OK;
+ }
+ size = PyLong_FromUnsignedLongLong(finfo->size);
+ /*
+ * Build a dictionary representing the file info.
+ * Note: Windows does not always return short_name (so it may be None)
+ */
+ file = Py_BuildValue("{s:s,s:i,s:s,s:O,s:l}",
+ "name", finfo->name,
+ "attrib", (int)finfo->attr,
+ "short_name", finfo->short_name,
+ "size", size,
+ "mtime",
+ convert_timespec_to_time_t(finfo->mtime_ts));
+
+ Py_CLEAR(size);
+
+ if (file == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (finfo->attr & FILE_ATTRIBUTE_REPARSE_POINT) {
+ unsigned long tag = finfo->reparse_tag;
+
+ ret = PyDict_SetItemString(
+ file,
+ "reparse_tag",
+ PyLong_FromUnsignedLong(tag));
+ if (ret == -1) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ }
+
+ ret = PyList_Append(result, file);
+ Py_CLEAR(file);
+ if (ret == -1) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ return NT_STATUS_OK;
+}
+
+struct do_listing_state {
+ const char *mask;
+ NTSTATUS (*callback_fn)(
+ struct file_info *finfo,
+ const char *mask,
+ void *private_data);
+ void *private_data;
+ NTSTATUS status;
+};
+
+static void do_listing_cb(struct tevent_req *subreq)
+{
+ struct do_listing_state *state = tevent_req_callback_data_void(subreq);
+ struct file_info *finfo = NULL;
+
+ state->status = cli_list_recv(subreq, NULL, &finfo);
+ if (!NT_STATUS_IS_OK(state->status)) {
+ return;
+ }
+ state->callback_fn(finfo, state->mask, state->private_data);
+ TALLOC_FREE(finfo);
+}
+
+static NTSTATUS do_listing(struct py_cli_state *self,
+ const char *base_dir, const char *user_mask,
+ uint16_t attribute,
+ unsigned int info_level,
+ NTSTATUS (*callback_fn)(struct file_info *,
+ const char *, void *),
+ void *priv)
+{
+ char *mask = NULL;
+ struct do_listing_state state = {
+ .mask = mask,
+ .callback_fn = callback_fn,
+ .private_data = priv,
+ };
+ struct tevent_req *req = NULL;
+ NTSTATUS status;
+
+ if (user_mask == NULL) {
+ mask = talloc_asprintf(NULL, "%s\\*", base_dir);
+ } else {
+ mask = talloc_asprintf(NULL, "%s\\%s", base_dir, user_mask);
+ }
+
+ if (mask == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ dos_format(mask);
+
+ req = cli_list_send(NULL, self->ev, self->cli, mask, attribute,
+ info_level);
+ if (req == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ tevent_req_set_callback(req, do_listing_cb, &state);
+
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+ TALLOC_FREE(req);
+
+ status = state.status;
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_FILES)) {
+ status = NT_STATUS_OK;
+ }
+
+done:
+ TALLOC_FREE(mask);
+ return status;
+}
+
+static PyObject *py_cli_list(struct py_cli_state *self,
+ PyObject *args,
+ PyObject *kwds)
+{
+ char *base_dir;
+ char *user_mask = NULL;
+ unsigned int attribute = LIST_ATTRIBUTE_MASK;
+ unsigned int info_level = 0;
+ NTSTATUS status;
+ enum protocol_types proto = smbXcli_conn_protocol(self->cli->conn);
+ PyObject *result = NULL;
+ const char *kwlist[] = { "directory", "mask", "attribs",
+ "info_level", NULL };
+ NTSTATUS (*callback_fn)(struct file_info *, const char *, void *) =
+ &list_helper;
+
+ if (!ParseTupleAndKeywords(args, kwds, "z|sII:list", kwlist,
+ &base_dir, &user_mask, &attribute,
+ &info_level)) {
+ return NULL;
+ }
+
+ result = Py_BuildValue("[]");
+ if (result == NULL) {
+ return NULL;
+ }
+
+ if (!info_level) {
+ if (proto >= PROTOCOL_SMB2_02) {
+ info_level = SMB2_FIND_ID_BOTH_DIRECTORY_INFO;
+ } else {
+ info_level = SMB_FIND_FILE_BOTH_DIRECTORY_INFO;
+ }
+ }
+
+ if (info_level == SMB2_FIND_POSIX_INFORMATION) {
+ callback_fn = &list_posix_helper;
+ }
+ status = do_listing(self, base_dir, user_mask, attribute,
+ info_level, callback_fn, result);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ Py_XDECREF(result);
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ return result;
+}
+
+static PyObject *py_smb_unlink(struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ const char *filename = NULL;
+ struct tevent_req *req = NULL;
+ const uint32_t attrs = (FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_HIDDEN);
+
+ if (!PyArg_ParseTuple(args, "s:unlink", &filename)) {
+ return NULL;
+ }
+
+ req = cli_unlink_send(NULL, self->ev, self->cli, filename, attrs);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_unlink_recv(req);
+ TALLOC_FREE(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_smb_rmdir(struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ struct tevent_req *req = NULL;
+ const char *dirname = NULL;
+
+ if (!PyArg_ParseTuple(args, "s:rmdir", &dirname)) {
+ return NULL;
+ }
+
+ req = cli_rmdir_send(NULL, self->ev, self->cli, dirname);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_rmdir_recv(req);
+ TALLOC_FREE(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+/*
+ * Create a directory
+ */
+static PyObject *py_smb_mkdir(struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ const char *dirname = NULL;
+ struct tevent_req *req = NULL;
+
+ if (!PyArg_ParseTuple(args, "s:mkdir", &dirname)) {
+ return NULL;
+ }
+
+ req = cli_mkdir_send(NULL, self->ev, self->cli, dirname);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_mkdir_recv(req);
+ TALLOC_FREE(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+/*
+ * Does a whoami call
+ */
+static PyObject *py_smb_posix_whoami(struct py_cli_state *self,
+ PyObject *Py_UNUSED(ignored))
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
+ struct tevent_req *req = NULL;
+ uint64_t uid;
+ uint64_t gid;
+ uint32_t num_gids;
+ uint64_t *gids = NULL;
+ uint32_t num_sids;
+ struct dom_sid *sids = NULL;
+ bool guest;
+ PyObject *py_gids = NULL;
+ PyObject *py_sids = NULL;
+ PyObject *py_guest = NULL;
+ PyObject *py_ret = NULL;
+ Py_ssize_t i;
+
+ req = cli_posix_whoami_send(frame, self->ev, self->cli);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ goto fail;
+ }
+ status = cli_posix_whoami_recv(req,
+ frame,
+ &uid,
+ &gid,
+ &num_gids,
+ &gids,
+ &num_sids,
+ &sids,
+ &guest);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ goto fail;
+ }
+ if (num_gids > PY_SSIZE_T_MAX) {
+ PyErr_SetString(PyExc_OverflowError, "posix_whoami: Too many GIDs");
+ goto fail;
+ }
+ if (num_sids > PY_SSIZE_T_MAX) {
+ PyErr_SetString(PyExc_OverflowError, "posix_whoami: Too many SIDs");
+ goto fail;
+ }
+
+ py_gids = PyList_New(num_gids);
+ if (!py_gids) {
+ goto fail;
+ }
+ for (i = 0; i < num_gids; ++i) {
+ int ret;
+ PyObject *py_item = PyLong_FromUnsignedLongLong(gids[i]);
+ if (!py_item) {
+ goto fail2;
+ }
+
+ ret = PyList_SetItem(py_gids, i, py_item);
+ if (ret) {
+ goto fail2;
+ }
+ }
+ py_sids = PyList_New(num_sids);
+ if (!py_sids) {
+ goto fail2;
+ }
+ for (i = 0; i < num_sids; ++i) {
+ int ret;
+ struct dom_sid *sid;
+ PyObject *py_item;
+
+ sid = dom_sid_dup(frame, &sids[i]);
+ if (!sid) {
+ PyErr_NoMemory();
+ goto fail3;
+ }
+
+ py_item = pytalloc_steal(dom_sid_Type, sid);
+ if (!py_item) {
+ PyErr_NoMemory();
+ goto fail3;
+ }
+
+ ret = PyList_SetItem(py_sids, i, py_item);
+ if (ret) {
+ goto fail3;
+ }
+ }
+
+ py_guest = guest ? Py_True : Py_False;
+
+ py_ret = Py_BuildValue("KKNNO",
+ uid,
+ gid,
+ py_gids,
+ py_sids,
+ py_guest);
+ if (!py_ret) {
+ goto fail3;
+ }
+
+ TALLOC_FREE(frame);
+ return py_ret;
+
+fail3:
+ Py_CLEAR(py_sids);
+
+fail2:
+ Py_CLEAR(py_gids);
+
+fail:
+ TALLOC_FREE(frame);
+ return NULL;
+}
+
+/*
+ * Checks existence of a directory
+ */
+static bool check_dir_path(struct py_cli_state *self, const char *path)
+{
+ NTSTATUS status;
+ struct tevent_req *req = NULL;
+
+ req = cli_chkpath_send(NULL, self->ev, self->cli, path);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return false;
+ }
+ status = cli_chkpath_recv(req);
+ TALLOC_FREE(req);
+
+ return NT_STATUS_IS_OK(status);
+}
+
+static PyObject *py_smb_chkpath(struct py_cli_state *self, PyObject *args)
+{
+ const char *path = NULL;
+ bool dir_exists;
+
+ if (!PyArg_ParseTuple(args, "s:chkpath", &path)) {
+ return NULL;
+ }
+
+ dir_exists = check_dir_path(self, path);
+ return PyBool_FromLong(dir_exists);
+}
+
+static PyObject *py_smb_have_posix(struct py_cli_state *self,
+ PyObject *Py_UNUSED(ignored))
+{
+ bool posix = smbXcli_conn_have_posix(self->cli->conn);
+
+ if (posix) {
+ Py_RETURN_TRUE;
+ }
+ Py_RETURN_FALSE;
+}
+
+static PyObject *py_smb_protocol(struct py_cli_state *self,
+ PyObject *Py_UNUSED(ignored))
+{
+ enum protocol_types proto = smbXcli_conn_protocol(self->cli->conn);
+ PyObject *result = PyLong_FromLong(proto);
+ return result;
+}
+
+static PyObject *py_smb_get_sd(struct py_cli_state *self, PyObject *args)
+{
+ int fnum;
+ unsigned sinfo;
+ struct tevent_req *req = NULL;
+ struct security_descriptor *sd = NULL;
+ NTSTATUS status;
+
+ if (!PyArg_ParseTuple(args, "iI:get_acl", &fnum, &sinfo)) {
+ return NULL;
+ }
+
+ req = cli_query_security_descriptor_send(
+ NULL, self->ev, self->cli, fnum, sinfo);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_query_security_descriptor_recv(req, NULL, &sd);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ return py_return_ndr_struct(
+ "samba.dcerpc.security", "descriptor", sd, sd);
+}
+
+static PyObject *py_smb_set_sd(struct py_cli_state *self, PyObject *args)
+{
+ PyObject *py_sd = NULL;
+ struct tevent_req *req = NULL;
+ struct security_descriptor *sd = NULL;
+ uint16_t fnum;
+ unsigned int sinfo;
+ NTSTATUS status;
+
+ if (!PyArg_ParseTuple(args, "iOI:set_sd", &fnum, &py_sd, &sinfo)) {
+ return NULL;
+ }
+
+ sd = pytalloc_get_type(py_sd, struct security_descriptor);
+ if (!sd) {
+ PyErr_Format(PyExc_TypeError,
+ "Expected dcerpc.security.descriptor as argument, got %s",
+ pytalloc_get_name(py_sd));
+ return NULL;
+ }
+
+ req = cli_set_security_descriptor_send(
+ NULL, self->ev, self->cli, fnum, sinfo, sd);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+
+ status = cli_set_security_descriptor_recv(req);
+ PyErr_NTSTATUS_NOT_OK_RAISE(status);
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_smb_smb1_posix(
+ struct py_cli_state *self, PyObject *Py_UNUSED(ignored))
+{
+ NTSTATUS status;
+ struct tevent_req *req = NULL;
+ uint16_t major, minor;
+ uint32_t caplow, caphigh;
+ PyObject *result = NULL;
+
+ req = cli_unix_extensions_version_send(NULL, self->ev, self->cli);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_unix_extensions_version_recv(
+ req, &major, &minor, &caplow, &caphigh);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ req = cli_set_unix_extensions_capabilities_send(
+ NULL, self->ev, self->cli, major, minor, caplow, caphigh);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_set_unix_extensions_capabilities_recv(req);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ result = Py_BuildValue(
+ "[IIII]",
+ (unsigned)minor,
+ (unsigned)major,
+ (unsigned)caplow,
+ (unsigned)caphigh);
+ return result;
+}
+
+static PyObject *py_smb_smb1_readlink(
+ struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ const char *filename = NULL;
+ struct tevent_req *req = NULL;
+ char *target = NULL;
+ PyObject *result = NULL;
+
+ if (!PyArg_ParseTuple(args, "s:smb1_readlink", &filename)) {
+ return NULL;
+ }
+
+ req = cli_posix_readlink_send(NULL, self->ev, self->cli, filename);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_posix_readlink_recv(req, NULL, &target);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ result = PyBytes_FromString(target);
+ TALLOC_FREE(target);
+ return result;
+}
+
+static PyObject *py_smb_smb1_symlink(
+ struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ const char *target = NULL, *newname = NULL;
+ struct tevent_req *req = NULL;
+
+ if (!PyArg_ParseTuple(args, "ss:smb1_symlink", &target, &newname)) {
+ return NULL;
+ }
+
+ req = cli_posix_symlink_send(
+ NULL, self->ev, self->cli, target, newname);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_posix_symlink_recv(req);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_smb_smb1_stat(
+ struct py_cli_state *self, PyObject *args)
+{
+ NTSTATUS status;
+ const char *fname = NULL;
+ struct tevent_req *req = NULL;
+ struct stat_ex sbuf = { .st_ex_nlink = 0, };
+
+ if (!PyArg_ParseTuple(args, "s:smb1_stat", &fname)) {
+ return NULL;
+ }
+
+ req = cli_posix_stat_send(NULL, self->ev, self->cli, fname);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_posix_stat_recv(req, &sbuf);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ return Py_BuildValue(
+ "{sLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsL}",
+ "dev",
+ (unsigned long long)sbuf.st_ex_dev,
+ "ino",
+ (unsigned long long)sbuf.st_ex_ino,
+ "mode",
+ (unsigned long long)sbuf.st_ex_mode,
+ "nlink",
+ (unsigned long long)sbuf.st_ex_nlink,
+ "uid",
+ (unsigned long long)sbuf.st_ex_uid,
+ "gid",
+ (unsigned long long)sbuf.st_ex_gid,
+ "rdev",
+ (unsigned long long)sbuf.st_ex_size,
+ "atime_sec",
+ (unsigned long long)sbuf.st_ex_atime.tv_sec,
+ "atime_nsec",
+ (unsigned long long)sbuf.st_ex_atime.tv_nsec,
+ "mtime_sec",
+ (unsigned long long)sbuf.st_ex_mtime.tv_sec,
+ "mtime_nsec",
+ (unsigned long long)sbuf.st_ex_mtime.tv_nsec,
+ "ctime_sec",
+ (unsigned long long)sbuf.st_ex_ctime.tv_sec,
+ "ctime_nsec",
+ (unsigned long long)sbuf.st_ex_ctime.tv_nsec,
+ "btime_sec",
+ (unsigned long long)sbuf.st_ex_btime.tv_sec,
+ "btime_nsec",
+ (unsigned long long)sbuf.st_ex_btime.tv_nsec,
+ "cached_dos_attributes",
+ (unsigned long long)sbuf.cached_dos_attributes,
+ "blksize",
+ (unsigned long long)sbuf.st_ex_blksize,
+ "blocks",
+ (unsigned long long)sbuf.st_ex_blocks,
+ "flags",
+ (unsigned long long)sbuf.st_ex_flags,
+ "iflags",
+ (unsigned long long)sbuf.st_ex_iflags);
+}
+
+static PyObject *py_cli_mknod(
+ struct py_cli_state *self, PyObject *args, PyObject *kwds)
+{
+ char *fname = NULL;
+ int mode = 0, major = 0, minor = 0, dev = 0;
+ struct tevent_req *req = NULL;
+ static const char *kwlist[] = {
+ "fname", "mode", "major", "minor", NULL,
+ };
+ NTSTATUS status;
+ bool ok;
+
+ ok = ParseTupleAndKeywords(
+ args,
+ kwds,
+ "sI|II:mknod",
+ kwlist,
+ &fname,
+ &mode,
+ &major,
+ &minor);
+ if (!ok) {
+ return NULL;
+ }
+
+#if defined(HAVE_MAKEDEV)
+ dev = makedev(major, minor);
+#endif
+
+ req = cli_mknod_send(
+ NULL, self->ev, self->cli, fname, mode, dev);
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+ status = cli_mknod_recv(req);
+ TALLOC_FREE(req);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+ Py_RETURN_NONE;
+}
+
+static PyObject *py_cli_fsctl(
+ struct py_cli_state *self, PyObject *args, PyObject *kwds)
+{
+ int fnum, ctl_code;
+ int max_out = 0;
+ char *buf = NULL;
+ Py_ssize_t buflen;
+ DATA_BLOB in = { .data = NULL, };
+ DATA_BLOB out = { .data = NULL, };
+ struct tevent_req *req = NULL;
+ PyObject *result = NULL;
+ static const char *kwlist[] = {
+ "fnum", "ctl_code", "in", "max_out", NULL,
+ };
+ NTSTATUS status;
+ bool ok;
+
+ ok = ParseTupleAndKeywords(
+ args,
+ kwds,
+ "ii" PYARG_BYTES_LEN "i",
+ kwlist,
+ &fnum,
+ &ctl_code,
+ &buf,
+ &buflen,
+ &max_out);
+ if (!ok) {
+ return NULL;
+ }
+
+ in = (DATA_BLOB) { .data = (uint8_t *)buf, .length = buflen, };
+
+ req = cli_fsctl_send(
+ NULL, self->ev, self->cli, fnum, ctl_code, &in, max_out);
+
+ if (!py_tevent_req_wait_exc(self, req)) {
+ return NULL;
+ }
+
+ status = cli_fsctl_recv(req, NULL, &out);
+ if (!NT_STATUS_IS_OK(status)) {
+ PyErr_SetNTSTATUS(status);
+ return NULL;
+ }
+
+ result = PyBytes_FromStringAndSize((char *)out.data, out.length);
+ data_blob_free(&out);
+ return result;
+}
+
+static PyMethodDef py_cli_state_methods[] = {
+ { "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS,
+ "settimeout(new_timeout_msecs) => return old_timeout_msecs" },
+ { "echo", (PyCFunction)py_cli_echo, METH_NOARGS,
+ "Ping the server connection" },
+ { "create", PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_create),
+ METH_VARARGS|METH_KEYWORDS,
+ "Open a file" },
+ { "create_ex",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_create_ex),
+ METH_VARARGS|METH_KEYWORDS,
+ "Open a file, SMB2 version returning create contexts" },
+ { "close", (PyCFunction)py_cli_close, METH_VARARGS,
+ "Close a file handle" },
+ { "write", PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_write),
+ METH_VARARGS|METH_KEYWORDS,
+ "Write to a file handle" },
+ { "read", PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_read),
+ METH_VARARGS|METH_KEYWORDS,
+ "Read from a file handle" },
+ { "truncate", PY_DISCARD_FUNC_SIG(PyCFunction,
+ py_cli_ftruncate),
+ METH_VARARGS|METH_KEYWORDS,
+ "Truncate a file" },
+ { "delete_on_close", PY_DISCARD_FUNC_SIG(PyCFunction,
+ py_cli_delete_on_close),
+ METH_VARARGS|METH_KEYWORDS,
+ "Set/Reset the delete on close flag" },
+ { "notify", PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_notify),
+ METH_VARARGS|METH_KEYWORDS,
+ "Wait for change notifications: \n"
+ "notify(fnum, buffer_size, completion_filter...) -> "
+ "libsmb_samba_internal.Notify request handle\n" },
+ { "list", PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_list),
+ METH_VARARGS|METH_KEYWORDS,
+ "list(directory, mask='*', attribs=DEFAULT_ATTRS) -> "
+ "directory contents as a dictionary\n"
+ "\t\tDEFAULT_ATTRS: FILE_ATTRIBUTE_SYSTEM | "
+ "FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_ARCHIVE\n\n"
+ "\t\tList contents of a directory. The keys are, \n"
+ "\t\t\tname: Long name of the directory item\n"
+ "\t\t\tshort_name: Short name of the directory item\n"
+ "\t\t\tsize: File size in bytes\n"
+ "\t\t\tattrib: Attributes\n"
+ "\t\t\tmtime: Modification time\n" },
+ { "get_oplock_break", (PyCFunction)py_cli_get_oplock_break,
+ METH_VARARGS, "Wait for an oplock break" },
+ { "unlink", (PyCFunction)py_smb_unlink,
+ METH_VARARGS,
+ "unlink(path) -> None\n\n \t\tDelete a file." },
+ { "mkdir", (PyCFunction)py_smb_mkdir, METH_VARARGS,
+ "mkdir(path) -> None\n\n \t\tCreate a directory." },
+ { "posix_whoami", (PyCFunction)py_smb_posix_whoami, METH_NOARGS,
+ "posix_whoami() -> (uid, gid, gids, sids, guest)" },
+ { "rmdir", (PyCFunction)py_smb_rmdir, METH_VARARGS,
+ "rmdir(path) -> None\n\n \t\tDelete a directory." },
+ { "rename",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_rename),
+ METH_VARARGS|METH_KEYWORDS,
+ "rename(src,dst) -> None\n\n \t\tRename a file." },
+ { "chkpath", (PyCFunction)py_smb_chkpath, METH_VARARGS,
+ "chkpath(dir_path) -> True or False\n\n"
+ "\t\tReturn true if directory exists, false otherwise." },
+ { "savefile", (PyCFunction)py_smb_savefile, METH_VARARGS,
+ "savefile(path, bytes) -> None\n\n"
+ "\t\tWrite bytes to file." },
+ { "loadfile", (PyCFunction)py_smb_loadfile, METH_VARARGS,
+ "loadfile(path) -> file contents as a bytes object"
+ "\n\n\t\tRead contents of a file." },
+ { "get_sd", (PyCFunction)py_smb_get_sd, METH_VARARGS,
+ "get_sd(fnum[, security_info=0]) -> security_descriptor object\n\n"
+ "\t\tGet security descriptor for opened file." },
+ { "set_sd", (PyCFunction)py_smb_set_sd, METH_VARARGS,
+ "set_sd(fnum, security_descriptor[, security_info=0]) -> None\n\n"
+ "\t\tSet security descriptor for opened file." },
+ { "protocol",
+ (PyCFunction)py_smb_protocol,
+ METH_NOARGS,
+ "protocol() -> Number"
+ },
+ { "have_posix",
+ (PyCFunction)py_smb_have_posix,
+ METH_NOARGS,
+ "have_posix() -> True/False\n\n"
+ "\t\tReturn if the server has posix extensions"
+ },
+ { "smb1_posix",
+ (PyCFunction)py_smb_smb1_posix,
+ METH_NOARGS,
+ "Negotiate SMB1 posix extensions",
+ },
+ { "smb1_readlink",
+ (PyCFunction)py_smb_smb1_readlink,
+ METH_VARARGS,
+ "smb1_readlink(path) -> link target",
+ },
+ { "smb1_symlink",
+ (PyCFunction)py_smb_smb1_symlink,
+ METH_VARARGS,
+ "smb1_symlink(target, newname) -> None",
+ },
+ { "smb1_stat",
+ (PyCFunction)py_smb_smb1_stat,
+ METH_VARARGS,
+ "smb1_stat(path) -> stat info",
+ },
+ { "fsctl",
+ (PyCFunction)py_cli_fsctl,
+ METH_VARARGS|METH_KEYWORDS,
+ "fsctl(fnum, ctl_code, in_bytes, max_out) -> out_bytes",
+ },
+ { "mknod",
+ PY_DISCARD_FUNC_SIG(PyCFunction, py_cli_mknod),
+ METH_VARARGS|METH_KEYWORDS,
+ "mknod(path, mode | major, minor)",
+ },
+ { NULL, NULL, 0, NULL }
+};
+
+static PyTypeObject py_cli_state_type = {
+ PyVarObject_HEAD_INIT(NULL, 0)
+ .tp_name = "libsmb_samba_cwrapper.LibsmbCConn",
+ .tp_basicsize = sizeof(struct py_cli_state),
+ .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+ .tp_doc = "libsmb cwrapper connection",
+ .tp_new = py_cli_state_new,
+ .tp_init = (initproc)py_cli_state_init,
+ .tp_dealloc = (destructor)py_cli_state_dealloc,
+ .tp_methods = py_cli_state_methods,
+};
+
+static PyMethodDef py_libsmb_methods[] = {
+ {0},
+};
+
+void initlibsmb_samba_cwrapper(void);
+
+static struct PyModuleDef moduledef = {
+ PyModuleDef_HEAD_INIT,
+ .m_name = "libsmb_samba_cwrapper",
+ .m_doc = "libsmb wrapper",
+ .m_size = -1,
+ .m_methods = py_libsmb_methods,
+};
+
+MODULE_INIT_FUNC(libsmb_samba_cwrapper)
+{
+ PyObject *m = NULL;
+ PyObject *mod = NULL;
+
+ talloc_stackframe();
+
+ if (PyType_Ready(&py_cli_state_type) < 0) {
+ return NULL;
+ }
+ if (PyType_Ready(&py_cli_notify_state_type) < 0) {
+ return NULL;
+ }
+
+ m = PyModule_Create(&moduledef);
+ if (m == NULL) {
+ return m;
+ }
+
+ /* Import dom_sid type from dcerpc.security */
+ mod = PyImport_ImportModule("samba.dcerpc.security");
+ if (mod == NULL) {
+ return NULL;
+ }
+
+ dom_sid_Type = (PyTypeObject *)PyObject_GetAttrString(mod, "dom_sid");
+ if (dom_sid_Type == NULL) {
+ Py_DECREF(mod);
+ return NULL;
+ }
+
+ Py_INCREF(&py_cli_state_type);
+ PyModule_AddObject(m, "LibsmbCConn", (PyObject *)&py_cli_state_type);
+
+#define ADD_FLAGS(val) PyModule_AddObject(m, #val, PyLong_FromLong(val))
+
+ ADD_FLAGS(PROTOCOL_NONE);
+ ADD_FLAGS(PROTOCOL_CORE);
+ ADD_FLAGS(PROTOCOL_COREPLUS);
+ ADD_FLAGS(PROTOCOL_LANMAN1);
+ ADD_FLAGS(PROTOCOL_LANMAN2);
+ ADD_FLAGS(PROTOCOL_NT1);
+ ADD_FLAGS(PROTOCOL_SMB2_02);
+ ADD_FLAGS(PROTOCOL_SMB2_10);
+ ADD_FLAGS(PROTOCOL_SMB3_00);
+ ADD_FLAGS(PROTOCOL_SMB3_02);
+ ADD_FLAGS(PROTOCOL_SMB3_11);
+
+ ADD_FLAGS(FILE_ATTRIBUTE_READONLY);
+ ADD_FLAGS(FILE_ATTRIBUTE_HIDDEN);
+ ADD_FLAGS(FILE_ATTRIBUTE_SYSTEM);
+ ADD_FLAGS(FILE_ATTRIBUTE_VOLUME);
+ ADD_FLAGS(FILE_ATTRIBUTE_DIRECTORY);
+ ADD_FLAGS(FILE_ATTRIBUTE_ARCHIVE);
+ ADD_FLAGS(FILE_ATTRIBUTE_DEVICE);
+ ADD_FLAGS(FILE_ATTRIBUTE_NORMAL);
+ ADD_FLAGS(FILE_ATTRIBUTE_TEMPORARY);
+ ADD_FLAGS(FILE_ATTRIBUTE_SPARSE);
+ ADD_FLAGS(FILE_ATTRIBUTE_REPARSE_POINT);
+ ADD_FLAGS(FILE_ATTRIBUTE_COMPRESSED);
+ ADD_FLAGS(FILE_ATTRIBUTE_OFFLINE);
+ ADD_FLAGS(FILE_ATTRIBUTE_NONINDEXED);
+ ADD_FLAGS(FILE_ATTRIBUTE_ENCRYPTED);
+ ADD_FLAGS(FILE_ATTRIBUTE_ALL_MASK);
+
+ ADD_FLAGS(FILE_DIRECTORY_FILE);
+ ADD_FLAGS(FILE_WRITE_THROUGH);
+ ADD_FLAGS(FILE_SEQUENTIAL_ONLY);
+ ADD_FLAGS(FILE_NO_INTERMEDIATE_BUFFERING);
+ ADD_FLAGS(FILE_SYNCHRONOUS_IO_ALERT);
+ ADD_FLAGS(FILE_SYNCHRONOUS_IO_NONALERT);
+ ADD_FLAGS(FILE_NON_DIRECTORY_FILE);
+ ADD_FLAGS(FILE_CREATE_TREE_CONNECTION);
+ ADD_FLAGS(FILE_COMPLETE_IF_OPLOCKED);
+ ADD_FLAGS(FILE_NO_EA_KNOWLEDGE);
+ ADD_FLAGS(FILE_EIGHT_DOT_THREE_ONLY);
+ ADD_FLAGS(FILE_RANDOM_ACCESS);
+ ADD_FLAGS(FILE_DELETE_ON_CLOSE);
+ ADD_FLAGS(FILE_OPEN_BY_FILE_ID);
+ ADD_FLAGS(FILE_OPEN_FOR_BACKUP_INTENT);
+ ADD_FLAGS(FILE_NO_COMPRESSION);
+ ADD_FLAGS(FILE_RESERVER_OPFILTER);
+ ADD_FLAGS(FILE_OPEN_REPARSE_POINT);
+ ADD_FLAGS(FILE_OPEN_NO_RECALL);
+ ADD_FLAGS(FILE_OPEN_FOR_FREE_SPACE_QUERY);
+
+ ADD_FLAGS(FILE_SHARE_READ);
+ ADD_FLAGS(FILE_SHARE_WRITE);
+ ADD_FLAGS(FILE_SHARE_DELETE);
+
+ /* change notify completion filter flags */
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_FILE_NAME);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_DIR_NAME);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_ATTRIBUTES);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_SIZE);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_LAST_WRITE);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_LAST_ACCESS);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_CREATION);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_EA);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_SECURITY);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_STREAM_NAME);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_STREAM_SIZE);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_STREAM_WRITE);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_NAME);
+ ADD_FLAGS(FILE_NOTIFY_CHANGE_ALL);
+
+ /* change notify action results */
+ ADD_FLAGS(NOTIFY_ACTION_ADDED);
+ ADD_FLAGS(NOTIFY_ACTION_REMOVED);
+ ADD_FLAGS(NOTIFY_ACTION_MODIFIED);
+ ADD_FLAGS(NOTIFY_ACTION_OLD_NAME);
+ ADD_FLAGS(NOTIFY_ACTION_NEW_NAME);
+ ADD_FLAGS(NOTIFY_ACTION_ADDED_STREAM);
+ ADD_FLAGS(NOTIFY_ACTION_REMOVED_STREAM);
+ ADD_FLAGS(NOTIFY_ACTION_MODIFIED_STREAM);
+
+ /* CreateDisposition values */
+ ADD_FLAGS(FILE_SUPERSEDE);
+ ADD_FLAGS(FILE_OPEN);
+ ADD_FLAGS(FILE_CREATE);
+ ADD_FLAGS(FILE_OPEN_IF);
+ ADD_FLAGS(FILE_OVERWRITE);
+ ADD_FLAGS(FILE_OVERWRITE_IF);
+
+ ADD_FLAGS(FSCTL_DFS_GET_REFERRALS);
+ ADD_FLAGS(FSCTL_DFS_GET_REFERRALS_EX);
+ ADD_FLAGS(FSCTL_REQUEST_OPLOCK_LEVEL_1);
+ ADD_FLAGS(FSCTL_REQUEST_OPLOCK_LEVEL_2);
+ ADD_FLAGS(FSCTL_REQUEST_BATCH_OPLOCK);
+ ADD_FLAGS(FSCTL_OPLOCK_BREAK_ACKNOWLEDGE);
+ ADD_FLAGS(FSCTL_OPBATCH_ACK_CLOSE_PENDING);
+ ADD_FLAGS(FSCTL_OPLOCK_BREAK_NOTIFY);
+ ADD_FLAGS(FSCTL_GET_COMPRESSION);
+ ADD_FLAGS(FSCTL_FILESYS_GET_STATISTICS);
+ ADD_FLAGS(FSCTL_GET_NTFS_VOLUME_DATA);
+ ADD_FLAGS(FSCTL_IS_VOLUME_DIRTY);
+ ADD_FLAGS(FSCTL_FIND_FILES_BY_SID);
+ ADD_FLAGS(FSCTL_SET_OBJECT_ID);
+ ADD_FLAGS(FSCTL_GET_OBJECT_ID);
+ ADD_FLAGS(FSCTL_DELETE_OBJECT_ID);
+ ADD_FLAGS(FSCTL_SET_REPARSE_POINT);
+ ADD_FLAGS(FSCTL_GET_REPARSE_POINT);
+ ADD_FLAGS(FSCTL_DELETE_REPARSE_POINT);
+ ADD_FLAGS(FSCTL_SET_OBJECT_ID_EXTENDED);
+ ADD_FLAGS(FSCTL_CREATE_OR_GET_OBJECT_ID);
+ ADD_FLAGS(FSCTL_SET_SPARSE);
+ ADD_FLAGS(FSCTL_SET_ZERO_DATA);
+ ADD_FLAGS(FSCTL_SET_ZERO_ON_DEALLOCATION);
+ ADD_FLAGS(FSCTL_READ_FILE_USN_DATA);
+ ADD_FLAGS(FSCTL_WRITE_USN_CLOSE_RECORD);
+ ADD_FLAGS(FSCTL_QUERY_ALLOCATED_RANGES);
+ ADD_FLAGS(FSCTL_QUERY_ON_DISK_VOLUME_INFO);
+ ADD_FLAGS(FSCTL_QUERY_SPARING_INFO);
+ ADD_FLAGS(FSCTL_FILE_LEVEL_TRIM);
+ ADD_FLAGS(FSCTL_OFFLOAD_READ);
+ ADD_FLAGS(FSCTL_OFFLOAD_WRITE);
+ ADD_FLAGS(FSCTL_SET_INTEGRITY_INFORMATION);
+ ADD_FLAGS(FSCTL_DUP_EXTENTS_TO_FILE);
+ ADD_FLAGS(FSCTL_DUPLICATE_EXTENTS_TO_FILE_EX);
+ ADD_FLAGS(FSCTL_STORAGE_QOS_CONTROL);
+ ADD_FLAGS(FSCTL_SVHDX_SYNC_TUNNEL_REQUEST);
+ ADD_FLAGS(FSCTL_QUERY_SHARED_VIRTUAL_DISK_SUPPORT);
+ ADD_FLAGS(FSCTL_PIPE_PEEK);
+ ADD_FLAGS(FSCTL_NAMED_PIPE_READ_WRITE);
+ ADD_FLAGS(FSCTL_PIPE_TRANSCEIVE);
+ ADD_FLAGS(FSCTL_PIPE_WAIT);
+ ADD_FLAGS(FSCTL_GET_SHADOW_COPY_DATA);
+ ADD_FLAGS(FSCTL_SRV_ENUM_SNAPS);
+ ADD_FLAGS(FSCTL_SRV_REQUEST_RESUME_KEY);
+ ADD_FLAGS(FSCTL_SRV_COPYCHUNK);
+ ADD_FLAGS(FSCTL_SRV_COPYCHUNK_WRITE);
+ ADD_FLAGS(FSCTL_SRV_READ_HASH);
+ ADD_FLAGS(FSCTL_LMR_REQ_RESILIENCY);
+ ADD_FLAGS(FSCTL_LMR_SET_LINK_TRACKING_INFORMATION);
+ ADD_FLAGS(FSCTL_QUERY_NETWORK_INTERFACE_INFO);
+
+ ADD_FLAGS(SYMLINK_ERROR_TAG);
+ ADD_FLAGS(SYMLINK_FLAG_RELATIVE);
+ ADD_FLAGS(SYMLINK_ADMIN);
+ ADD_FLAGS(SYMLINK_UNTRUSTED);
+ ADD_FLAGS(SYMLINK_TRUST_UNKNOWN);
+ ADD_FLAGS(SYMLINK_TRUST_MASK);
+
+ ADD_FLAGS(IO_REPARSE_TAG_RESERVED_ZERO);
+ ADD_FLAGS(IO_REPARSE_TAG_SYMLINK);
+ ADD_FLAGS(IO_REPARSE_TAG_MOUNT_POINT);
+ ADD_FLAGS(IO_REPARSE_TAG_HSM);
+ ADD_FLAGS(IO_REPARSE_TAG_SIS);
+ ADD_FLAGS(IO_REPARSE_TAG_DFS);
+ ADD_FLAGS(IO_REPARSE_TAG_NFS);
+
+#define ADD_STRING(val) PyModule_AddObject(m, #val, PyBytes_FromString(val))
+
+ ADD_STRING(SMB2_CREATE_TAG_EXTA);
+ ADD_STRING(SMB2_CREATE_TAG_MXAC);
+ ADD_STRING(SMB2_CREATE_TAG_SECD);
+ ADD_STRING(SMB2_CREATE_TAG_DHNQ);
+ ADD_STRING(SMB2_CREATE_TAG_DHNC);
+ ADD_STRING(SMB2_CREATE_TAG_ALSI);
+ ADD_STRING(SMB2_CREATE_TAG_TWRP);
+ ADD_STRING(SMB2_CREATE_TAG_QFID);
+ ADD_STRING(SMB2_CREATE_TAG_RQLS);
+ ADD_STRING(SMB2_CREATE_TAG_DH2Q);
+ ADD_STRING(SMB2_CREATE_TAG_DH2C);
+ ADD_STRING(SMB2_CREATE_TAG_AAPL);
+ ADD_STRING(SMB2_CREATE_TAG_APP_INSTANCE_ID);
+ ADD_STRING(SVHDX_OPEN_DEVICE_CONTEXT);
+ ADD_STRING(SMB2_CREATE_TAG_POSIX);
+ ADD_FLAGS(SMB2_FIND_POSIX_INFORMATION);
+ ADD_FLAGS(FILE_SUPERSEDE);
+ ADD_FLAGS(FILE_OPEN);
+ ADD_FLAGS(FILE_CREATE);
+ ADD_FLAGS(FILE_OPEN_IF);
+ ADD_FLAGS(FILE_OVERWRITE);
+ ADD_FLAGS(FILE_OVERWRITE_IF);
+ ADD_FLAGS(FILE_DIRECTORY_FILE);
+
+ ADD_FLAGS(SMB2_CLOSE_FLAGS_FULL_INFORMATION);
+
+ return m;
+}
diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
new file mode 100644
index 0000000..ab81b43
--- /dev/null
+++ b/source3/libsmb/samlogon_cache.c
@@ -0,0 +1,405 @@
+/*
+ Unix SMB/CIFS implementation.
+ Net_sam_logon info3 helpers
+ Copyright (C) Alexander Bokovoy 2002.
+ Copyright (C) Andrew Bartlett 2002.
+ Copyright (C) Gerald Carter 2003.
+ Copyright (C) Tim Potter 2003.
+ Copyright (C) Guenther Deschner 2008.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "samlogon_cache.h"
+#include "system/filesys.h"
+#include "system/time.h"
+#include "lib/util/debug.h"
+#include "lib/util/talloc_stack.h"
+#include "lib/util/memory.h" /* for SAFE_FREE() */
+#include "source3/lib/util_path.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "../libcli/security/security.h"
+#include "util_tdb.h"
+
+#define NETSAMLOGON_TDB "netsamlogon_cache.tdb"
+
+static TDB_CONTEXT *netsamlogon_tdb = NULL;
+
+/***********************************************************************
+ open the tdb
+ ***********************************************************************/
+
+bool netsamlogon_cache_init(void)
+{
+ bool first_try = true;
+ char *path = NULL;
+ int ret;
+ struct tdb_context *tdb;
+
+ if (netsamlogon_tdb) {
+ return true;
+ }
+
+ path = cache_path(talloc_tos(), NETSAMLOGON_TDB);
+ if (path == NULL) {
+ return false;
+ }
+again:
+ tdb = tdb_open_log(path, 0, TDB_DEFAULT|TDB_INCOMPATIBLE_HASH,
+ O_RDWR | O_CREAT, 0600);
+ if (tdb == NULL) {
+ DEBUG(0,("tdb_open_log('%s') - failed\n", path));
+ goto clear;
+ }
+
+ ret = tdb_check(tdb, NULL, NULL);
+ if (ret != 0) {
+ tdb_close(tdb);
+ DEBUG(0,("tdb_check('%s') - failed\n", path));
+ goto clear;
+ }
+
+ netsamlogon_tdb = tdb;
+ talloc_free(path);
+ return true;
+
+clear:
+ if (!first_try) {
+ talloc_free(path);
+ return false;
+ }
+ first_try = false;
+
+ DEBUG(0,("retry after truncate for '%s'\n", path));
+ ret = truncate(path, 0);
+ if (ret == -1) {
+ DBG_ERR("truncate failed: %s\n", strerror(errno));
+ talloc_free(path);
+ return false;
+ }
+
+ goto again;
+}
+
+/***********************************************************************
+ Clear cache getpwnam and getgroups entries from the winbindd cache
+***********************************************************************/
+
+void netsamlogon_clear_cached_user(const struct dom_sid *user_sid)
+{
+ struct dom_sid_buf keystr;
+
+ if (!netsamlogon_cache_init()) {
+ DEBUG(0,("netsamlogon_clear_cached_user: cannot open "
+ "%s for write!\n",
+ NETSAMLOGON_TDB));
+ return;
+ }
+
+ /* Prepare key as DOMAIN-SID/USER-RID string */
+ dom_sid_str_buf(user_sid, &keystr);
+
+ DBG_DEBUG("SID [%s]\n", keystr.buf);
+
+ tdb_delete_bystring(netsamlogon_tdb, keystr.buf);
+}
+
+/***********************************************************************
+ Store a netr_SamInfo3 structure in a tdb for later user
+ username should be in UTF-8 format
+***********************************************************************/
+
+bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
+{
+ uint8_t dummy = 0;
+ TDB_DATA data = { .dptr = &dummy, .dsize = sizeof(dummy) };
+ struct dom_sid_buf keystr;
+ bool result = false;
+ struct dom_sid user_sid;
+ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ DATA_BLOB blob;
+ enum ndr_err_code ndr_err;
+ struct netsamlogoncache_entry r;
+ int ret;
+
+ if (!info3) {
+ goto fail;
+ }
+
+ if (!netsamlogon_cache_init()) {
+ D_WARNING("netsamlogon_cache_store: cannot open %s for write!\n",
+ NETSAMLOGON_TDB);
+ goto fail;
+ }
+
+ /*
+ * First write a record with just the domain sid for
+ * netsamlogon_cache_domain_known. Use TDB_INSERT to avoid
+ * overwriting potentially other data. We're just interested
+ * in the existence of that record.
+ */
+ dom_sid_str_buf(info3->base.domain_sid, &keystr);
+
+ ret = tdb_store_bystring(netsamlogon_tdb, keystr.buf, data, TDB_INSERT);
+
+ if ((ret == -1) && (tdb_error(netsamlogon_tdb) != TDB_ERR_EXISTS)) {
+ D_WARNING("Could not store domain marker for %s: %s\n",
+ keystr.buf, tdb_errorstr(netsamlogon_tdb));
+ goto fail;
+ }
+
+ sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
+
+ /* Prepare key as DOMAIN-SID/USER-RID string */
+ dom_sid_str_buf(&user_sid, &keystr);
+
+ DBG_DEBUG("SID [%s]\n", keystr.buf);
+
+ /* Prepare data */
+
+ if (info3->base.full_name.string == NULL) {
+ struct netr_SamInfo3 *cached_info3;
+ const char *full_name = NULL;
+
+ cached_info3 = netsamlogon_cache_get(tmp_ctx, &user_sid);
+ if (cached_info3 != NULL) {
+ full_name = cached_info3->base.full_name.string;
+ }
+
+ if (full_name != NULL) {
+ info3->base.full_name.string = talloc_strdup(info3, full_name);
+ if (info3->base.full_name.string == NULL) {
+ goto fail;
+ }
+ }
+ }
+
+ /* only Samba fills in the username, not sure why NT doesn't */
+ /* so we fill it in since winbindd_getpwnam() makes use of it */
+
+ if (!info3->base.account_name.string) {
+ info3->base.account_name.string = talloc_strdup(info3, username);
+ if (info3->base.account_name.string == NULL) {
+ goto fail;
+ }
+ }
+
+ r.timestamp = time(NULL);
+ r.info3 = *info3;
+
+ /* avoid storing secret information */
+ ZERO_STRUCT(r.info3.base.key);
+ ZERO_STRUCT(r.info3.base.LMSessKey);
+
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
+ }
+
+ ndr_err = ndr_push_struct_blob(&blob, tmp_ctx, &r,
+ (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DBG_WARNING("failed to push entry to cache: %s\n",
+ ndr_errstr(ndr_err));
+ goto fail;
+ }
+
+ data.dsize = blob.length;
+ data.dptr = blob.data;
+
+ if (tdb_store_bystring(netsamlogon_tdb, keystr.buf, data, TDB_REPLACE) == 0) {
+ result = true;
+ }
+
+fail:
+ TALLOC_FREE(tmp_ctx);
+ return result;
+}
+
+/***********************************************************************
+ Retrieves a netr_SamInfo3 structure from a tdb. Caller must
+ free the user_info struct (talloced memory)
+***********************************************************************/
+
+struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const struct dom_sid *user_sid)
+{
+ struct netr_SamInfo3 *info3 = NULL;
+ TDB_DATA data;
+ struct dom_sid_buf keystr;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB blob;
+ struct netsamlogoncache_entry r;
+
+ if (!netsamlogon_cache_init()) {
+ DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n",
+ NETSAMLOGON_TDB));
+ return NULL;
+ }
+
+ /* Prepare key as DOMAIN-SID/USER-RID string */
+ dom_sid_str_buf(user_sid, &keystr);
+ DBG_DEBUG("SID [%s]\n", keystr.buf);
+ data = tdb_fetch_bystring( netsamlogon_tdb, keystr.buf );
+
+ if (!data.dptr) {
+ D_DEBUG("tdb fetch for %s is empty\n", keystr.buf);
+ return NULL;
+ }
+
+ info3 = talloc_zero(mem_ctx, struct netr_SamInfo3);
+ if (!info3) {
+ goto done;
+ }
+
+ blob = data_blob_const(data.dptr, data.dsize);
+
+ ndr_err = ndr_pull_struct_blob_all(
+ &blob, mem_ctx, &r,
+ (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ D_WARNING("netsamlogon_cache_get: failed to pull entry from cache\n");
+ tdb_delete_bystring(netsamlogon_tdb, keystr.buf);
+ TALLOC_FREE(info3);
+ goto done;
+ }
+
+ NDR_PRINT_DEBUG_LEVEL(DBGLVL_DEBUG, netsamlogoncache_entry, &r);
+
+ info3 = (struct netr_SamInfo3 *)talloc_memdup(mem_ctx, &r.info3,
+ sizeof(r.info3));
+
+ done:
+ SAFE_FREE(data.dptr);
+
+ return info3;
+}
+
+bool netsamlogon_cache_have(const struct dom_sid *sid)
+{
+ struct dom_sid_buf keystr;
+ bool ok;
+
+ if (!netsamlogon_cache_init()) {
+ DBG_WARNING("Cannot open %s\n", NETSAMLOGON_TDB);
+ return false;
+ }
+
+ dom_sid_str_buf(sid, &keystr);
+
+ ok = tdb_exists(netsamlogon_tdb, string_term_tdb_data(keystr.buf));
+ return ok;
+}
+
+struct netsamlog_cache_forall_state {
+ TALLOC_CTX *mem_ctx;
+ int (*cb)(const char *sid_str,
+ time_t when_cached,
+ struct netr_SamInfo3 *,
+ void *private_data);
+ void *private_data;
+};
+
+static int netsamlog_cache_traverse_cb(struct tdb_context *tdb,
+ TDB_DATA key,
+ TDB_DATA data,
+ void *private_data)
+{
+ struct netsamlog_cache_forall_state *state =
+ (struct netsamlog_cache_forall_state *)private_data;
+ TALLOC_CTX *mem_ctx = NULL;
+ DATA_BLOB blob;
+ const char *sid_str = NULL;
+ struct dom_sid sid;
+ struct netsamlogoncache_entry r;
+ enum ndr_err_code ndr_err;
+ int ret;
+ bool ok;
+
+ if (key.dsize == 0) {
+ return 0;
+ }
+ if (key.dptr[key.dsize - 1] != '\0') {
+ return 0;
+ }
+ if (data.dptr == NULL) {
+ return 0;
+ }
+ sid_str = (char *)key.dptr;
+
+ ok = string_to_sid(&sid, sid_str);
+ if (!ok) {
+ DBG_ERR("String to SID failed for %s\n", sid_str);
+ return -1;
+ }
+
+ if (sid.num_auths != 5) {
+ return 0;
+ }
+
+ mem_ctx = talloc_new(state->mem_ctx);
+ if (mem_ctx == NULL) {
+ return -1;
+ }
+
+ blob = data_blob_const(data.dptr, data.dsize);
+
+ ndr_err = ndr_pull_struct_blob(
+ &blob, state->mem_ctx, &r,
+ (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DBG_ERR("failed to pull entry from cache\n");
+ return -1;
+ }
+
+ ret = state->cb(sid_str, r.timestamp, &r.info3, state->private_data);
+
+ TALLOC_FREE(mem_ctx);
+ return ret;
+}
+
+int netsamlog_cache_for_all(int (*cb)(const char *sid_str,
+ time_t when_cached,
+ struct netr_SamInfo3 *,
+ void *private_data),
+ void *private_data)
+{
+ int ret;
+ TALLOC_CTX *mem_ctx = NULL;
+ struct netsamlog_cache_forall_state state;
+
+ if (!netsamlogon_cache_init()) {
+ DBG_ERR("Cannot open %s\n", NETSAMLOGON_TDB);
+ return -1;
+ }
+
+ mem_ctx = talloc_init("netsamlog_cache_for_all");
+ if (mem_ctx == NULL) {
+ return -1;
+ }
+
+ state = (struct netsamlog_cache_forall_state) {
+ .mem_ctx = mem_ctx,
+ .cb = cb,
+ .private_data = private_data,
+ };
+
+ ret = tdb_traverse_read(netsamlogon_tdb,
+ netsamlog_cache_traverse_cb,
+ &state);
+
+ TALLOC_FREE(state.mem_ctx);
+ return ret;
+}
diff --git a/source3/libsmb/samlogon_cache.h b/source3/libsmb/samlogon_cache.h
new file mode 100644
index 0000000..29e0cea
--- /dev/null
+++ b/source3/libsmb/samlogon_cache.h
@@ -0,0 +1,46 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Net_sam_logon info3 helpers
+ * Copyright (C) Alexander Bokovoy 2002.
+ * Copyright (C) Andrew Bartlett 2002.
+ * Copyright (C) Gerald Carter 2003.
+ * Copyright (C) Tim Potter 2003.
+ * Copyright (C) Guenther Deschner 2008.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBSMB_SAMLOGON_CACHE_H__
+#define __LIBSMB_SAMLOGON_CACHE_H__
+
+#include "replace.h"
+#include <talloc.h>
+
+struct dom_sid;
+struct netr_SamInfo3;
+
+bool netsamlogon_cache_init(void);
+void netsamlogon_clear_cached_user(const struct dom_sid *user_sid);
+bool netsamlogon_cache_store(const char *username,
+ struct netr_SamInfo3 *info3);
+struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx,
+ const struct dom_sid *user_sid);
+bool netsamlogon_cache_have(const struct dom_sid *sid);
+int netsamlog_cache_for_all(int (*cb)(const char *sid_str,
+ time_t when_cached,
+ struct netr_SamInfo3 *,
+ void *private_data),
+ void *private_data);
+
+#endif
diff --git a/source3/libsmb/smbclient.pc.in b/source3/libsmb/smbclient.pc.in
new file mode 100644
index 0000000..bcef2f2
--- /dev/null
+++ b/source3/libsmb/smbclient.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: smbclient
+Description: A SMB library interface
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -lsmbclient
+Cflags: -I${includedir}
+URL: http://www.samba.org/
diff --git a/source3/libsmb/smberr.c b/source3/libsmb/smberr.c
new file mode 100644
index 0000000..167c796
--- /dev/null
+++ b/source3/libsmb/smberr.c
@@ -0,0 +1,224 @@
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Andrew Tridgell 1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+/* error code stuff - put together by Merik Karman
+ merik@blackadder.dsh.oz.au */
+
+
+/* There is a big list of error codes and their meanings at:
+
+ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/errlist_7oz7.asp
+
+ and if you don't like MSDN try:
+
+ http://www.siris.gr/computers/library/error.htm
+
+*/
+
+typedef const struct
+{
+ const char *name;
+ int code;
+ const char *message;
+} err_code_struct;
+
+/* Dos Error Messages */
+static err_code_struct dos_msgs[] = {
+ {"ERRbadfunc",ERRbadfunc,"Invalid function."},
+ {"ERRbadfile",ERRbadfile,"File not found."},
+ {"ERRbadpath",ERRbadpath,"Directory invalid."},
+ {"ERRnofids",ERRnofids,"No file descriptors available"},
+ {"ERRnoaccess",ERRnoaccess,"Access denied."},
+ {"ERRbadfid",ERRbadfid,"Invalid file handle."},
+ {"ERRbadmcb",ERRbadmcb,"Memory control blocks destroyed."},
+ {"ERRnomem",ERRnomem,"Insufficient server memory to perform the requested function."},
+ {"ERRbadmem",ERRbadmem,"Invalid memory block address."},
+ {"ERRbadenv",ERRbadenv,"Invalid environment."},
+ {"ERRbadformat",11,"Invalid format."},
+ {"ERRbadaccess",ERRbadaccess,"Invalid open mode."},
+ {"ERRbaddata",ERRbaddata,"Invalid data."},
+ {"ERRres",ERRres,"reserved."},
+ {"ERRbaddrive",ERRbaddrive,"Invalid drive specified."},
+ {"ERRremcd",ERRremcd,"A Delete Directory request attempted to remove the server's current directory."},
+ {"ERRdiffdevice",ERRdiffdevice,"Not same device."},
+ {"ERRnofiles",ERRnofiles,"A File Search command can find no more files matching the specified criteria."},
+ {"ERRbadshare",ERRbadshare,"The sharing mode specified for an Open conflicts with existing FIDs on the file."},
+ {"ERRlock",ERRlock,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."},
+ {"ERRunsup", ERRunsup, "The operation is unsupported"},
+ {"ERRnosuchshare", ERRnosuchshare, "You specified an invalid share name"},
+ {"ERRfilexists",ERRfilexists,"The file named in a Create Directory, Make New File or Link request already exists."},
+ {"ERRinvalidname",ERRinvalidname, "Invalid name"},
+ {"ERRbadpipe",ERRbadpipe,"Pipe invalid."},
+ {"ERRpipebusy",ERRpipebusy,"All instances of the requested pipe are busy."},
+ {"ERRpipeclosing",ERRpipeclosing,"Pipe close in progress."},
+ {"ERRnotconnected",ERRnotconnected,"No process on other end of pipe."},
+ {"ERRmoredata",ERRmoredata,"There is more data to be returned."},
+ {"ERRinvgroup",ERRinvgroup,"Invalid workgroup (try the -W option)"},
+ {"ERRlogonfailure",ERRlogonfailure,"Logon failure"},
+ {"ERRdiskfull",ERRdiskfull,"Disk full"},
+ {"ERRgeneral",ERRgeneral, "General failure"},
+ {"ERRbaddirectory", ERRbaddirectory, "Bad directory name"},
+ {"ERRunknownlevel",ERRunknownlevel, "Unknown info level"},
+ {NULL,-1,NULL}};
+
+/* Server Error Messages */
+static err_code_struct server_msgs[] = {
+ {"ERRerror",1,"Non-specific error code."},
+ {"ERRbadpw",2,"Bad password - name/password pair in a Tree Connect or Session Setup are invalid."},
+ {"ERRbadtype",3,"reserved."},
+ {"ERRaccess",4,"The requester does not have the necessary access rights within the specified context for the requested function. The context is defined by the TID or the UID."},
+ {"ERRinvnid",5,"The tree ID (TID) specified in a command was invalid."},
+ {"ERRinvnetname",6,"Invalid network name in tree connect."},
+ {"ERRinvdevice",7,"Invalid device - printer request made to non-printer connection or non-printer request made to printer connection."},
+ {"ERRqfull",49,"Print queue full (files) -- returned by open print file."},
+ {"ERRqtoobig",50,"Print queue full -- no space."},
+ {"ERRqeof",51,"EOF on print queue dump."},
+ {"ERRinvpfid",52,"Invalid print file FID."},
+ {"ERRsmbcmd",64,"The server did not recognize the command received."},
+ {"ERRsrverror",65,"The server encountered an internal error, e.g., system file unavailable."},
+ {"ERRfilespecs",67,"The file handle (FID) and pathname parameters contained an invalid combination of values."},
+ {"ERRreserved",68,"reserved."},
+ {"ERRbadpermits",69,"The access permissions specified for a file or directory are not a valid combination. The server cannot set the requested attribute."},
+ {"ERRreserved",70,"reserved."},
+ {"ERRsetattrmode",71,"The attribute mode in the Set File Attribute request is invalid."},
+ {"ERRpaused",81,"Server is paused."},
+ {"ERRmsgoff",82,"Not receiving messages."},
+ {"ERRnoroom",83,"No room to buffer message."},
+ {"ERRrmuns",87,"Too many remote user names."},
+ {"ERRtimeout",88,"Operation timed out."},
+ {"ERRnoresource",89,"No resources currently available for request."},
+ {"ERRtoomanyuids",90,"Too many UIDs active on this session."},
+ {"ERRbaduid",91,"The UID is not known as a valid ID on this session."},
+ {"ERRusempx",250,"Temp unable to support Raw, use MPX mode."},
+ {"ERRusestd",251,"Temp unable to support Raw, use standard read/write."},
+ {"ERRcontmpx",252,"Continue in MPX mode."},
+ {"ERRreserved",253,"reserved."},
+ {"ERRreserved",254,"reserved."},
+ {"ERRnosupport",0xFFFF,"Function not supported."},
+ {NULL,-1,NULL}};
+
+/* Hard Error Messages */
+static err_code_struct hard_msgs[] = {
+ {"ERRnowrite",19,"Attempt to write on write-protected diskette."},
+ {"ERRbadunit",20,"Unknown unit."},
+ {"ERRnotready",21,"Drive not ready."},
+ {"ERRbadcmd",22,"Unknown command."},
+ {"ERRdata",23,"Data error (CRC)."},
+ {"ERRbadreq",24,"Bad request structure length."},
+ {"ERRseek",25 ,"Seek error."},
+ {"ERRbadmedia",26,"Unknown media type."},
+ {"ERRbadsector",27,"Sector not found."},
+ {"ERRnopaper",28,"Printer out of paper."},
+ {"ERRwrite",29,"Write fault."},
+ {"ERRread",30,"Read fault."},
+ {"ERRgeneral",31,"General failure."},
+ {"ERRbadshare",32,"An open conflicts with an existing open."},
+ {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."},
+ {"ERRwrongdisk",34,"The wrong disk was found in a drive."},
+ {"ERRFCBUnavail",35,"No FCBs are available to process request."},
+ {"ERRsharebufexc",36,"A sharing buffer has been exceeded."},
+ {NULL,-1,NULL}};
+
+
+static const struct
+{
+ int code;
+ const char *e_class;
+ err_code_struct *err_msgs;
+} err_classes[] = {
+ {0,"SUCCESS",NULL},
+ {0x01,"ERRDOS",dos_msgs},
+ {0x02,"ERRSRV",server_msgs},
+ {0x03,"ERRHRD",hard_msgs},
+ {0x04,"ERRXOS",NULL},
+ {0xE1,"ERRRMX1",NULL},
+ {0xE2,"ERRRMX2",NULL},
+ {0xE3,"ERRRMX3",NULL},
+ {0xFF,"ERRCMD",NULL},
+ {-1,NULL,NULL}};
+
+
+/****************************************************************************
+return a SMB error name from a class and code
+****************************************************************************/
+const char *smb_dos_err_name(uint8_t e_class, uint16_t num)
+{
+ char *result;
+ int i,j;
+
+ for (i=0;err_classes[i].e_class;i++)
+ if (err_classes[i].code == e_class) {
+ if (err_classes[i].err_msgs) {
+ err_code_struct *err = err_classes[i].err_msgs;
+ for (j=0;err[j].name;j++)
+ if (num == err[j].code) {
+ return err[j].name;
+ }
+ }
+ result = talloc_asprintf(talloc_tos(), "%d", num);
+ SMB_ASSERT(result != NULL);
+ return result;
+ }
+
+ result = talloc_asprintf(talloc_tos(), "Error: Unknown error class "
+ "(%d,%d)", e_class,num);
+ SMB_ASSERT(result != NULL);
+ return result;
+}
+
+/* Return a string for a DOS error */
+
+const char *get_dos_error_msg(WERROR result)
+{
+ uint16_t errnum;
+
+ errnum = W_ERROR_V(result);
+
+ return smb_dos_err_name(ERRDOS, errnum);
+}
+
+/****************************************************************************
+return a SMB error class name as a string.
+****************************************************************************/
+const char *smb_dos_err_class(uint8_t e_class)
+{
+ char *result;
+ int i;
+
+ for (i=0;err_classes[i].e_class;i++) {
+ if (err_classes[i].code == e_class) {
+ return err_classes[i].e_class;
+ }
+ }
+
+ result = talloc_asprintf(talloc_tos(), "Error: Unknown class (%d)",
+ e_class);
+ SMB_ASSERT(result != NULL);
+ return result;
+}
+
+/*****************************************************************************
+map a unix errno to a win32 error
+ *****************************************************************************/
+WERROR map_werror_from_unix(int error)
+{
+ NTSTATUS status = map_nt_error_from_unix(error);
+ return ntstatus_to_werror(status);
+}
diff --git a/source3/libsmb/smbsock_connect.c b/source3/libsmb/smbsock_connect.c
new file mode 100644
index 0000000..7f0baad
--- /dev/null
+++ b/source3/libsmb/smbsock_connect.c
@@ -0,0 +1,870 @@
+/*
+ Unix SMB/CIFS implementation.
+ Connect to 445 and 139/nbsesssetup
+ Copyright (C) Volker Lendecke 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "../lib/async_req/async_sock.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "../lib/util/tevent_unix.h"
+#include "client.h"
+#include "async_smb.h"
+#include "../libcli/smb/read_smb.h"
+#include "libsmb/nmblib.h"
+
+struct cli_session_request_state {
+ struct tevent_context *ev;
+ int sock;
+ uint32_t len_hdr;
+ struct iovec iov[3];
+ uint8_t nb_session_response;
+};
+
+static void cli_session_request_sent(struct tevent_req *subreq);
+static void cli_session_request_recvd(struct tevent_req *subreq);
+
+static struct tevent_req *cli_session_request_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ int sock,
+ const struct nmb_name *called,
+ const struct nmb_name *calling)
+{
+ struct tevent_req *req, *subreq;
+ struct cli_session_request_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct cli_session_request_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->sock = sock;
+
+ state->iov[1].iov_base = name_mangle(
+ state, called->name, called->name_type);
+ if (tevent_req_nomem(state->iov[1].iov_base, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->iov[1].iov_len = name_len(
+ (unsigned char *)state->iov[1].iov_base,
+ talloc_get_size(state->iov[1].iov_base));
+
+ state->iov[2].iov_base = name_mangle(
+ state, calling->name, calling->name_type);
+ if (tevent_req_nomem(state->iov[2].iov_base, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->iov[2].iov_len = name_len(
+ (unsigned char *)state->iov[2].iov_base,
+ talloc_get_size(state->iov[2].iov_base));
+
+ _smb_setlen(((char *)&state->len_hdr),
+ state->iov[1].iov_len + state->iov[2].iov_len);
+ SCVAL((char *)&state->len_hdr, 0, 0x81);
+
+ state->iov[0].iov_base = &state->len_hdr;
+ state->iov[0].iov_len = sizeof(state->len_hdr);
+
+ subreq = writev_send(state, ev, NULL, sock, true, state->iov, 3);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_session_request_sent, req);
+ return req;
+}
+
+static void cli_session_request_sent(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_session_request_state *state = tevent_req_data(
+ req, struct cli_session_request_state);
+ ssize_t ret;
+ int err;
+
+ ret = writev_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ tevent_req_error(req, err);
+ return;
+ }
+ subreq = read_smb_send(state, state->ev, state->sock);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, cli_session_request_recvd, req);
+}
+
+static void cli_session_request_recvd(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct cli_session_request_state *state = tevent_req_data(
+ req, struct cli_session_request_state);
+ uint8_t *buf;
+ ssize_t ret;
+ int err;
+
+ ret = read_smb_recv(subreq, talloc_tos(), &buf, &err);
+ TALLOC_FREE(subreq);
+
+ if (ret < 4) {
+ ret = -1;
+ err = EIO;
+ }
+ if (ret == -1) {
+ tevent_req_error(req, err);
+ return;
+ }
+ /*
+ * In case of an error there is more information in the data
+ * portion according to RFC1002. We're not subtle enough to
+ * respond to the different error conditions, so drop the
+ * error info here.
+ */
+ state->nb_session_response = CVAL(buf, 0);
+ tevent_req_done(req);
+}
+
+static bool cli_session_request_recv(struct tevent_req *req, int *err, uint8_t *resp)
+{
+ struct cli_session_request_state *state = tevent_req_data(
+ req, struct cli_session_request_state);
+
+ if (tevent_req_is_unix_error(req, err)) {
+ return false;
+ }
+ *resp = state->nb_session_response;
+ return true;
+}
+
+struct nb_connect_state {
+ struct tevent_context *ev;
+ const struct sockaddr_storage *addr;
+ const char *called_name;
+ int sock;
+ struct tevent_req *session_subreq;
+ struct nmb_name called;
+ struct nmb_name calling;
+};
+
+static void nb_connect_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state);
+static void nb_connect_connected(struct tevent_req *subreq);
+static void nb_connect_done(struct tevent_req *subreq);
+
+static struct tevent_req *nb_connect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct sockaddr_storage *addr,
+ const char *called_name,
+ int called_type,
+ const char *calling_name,
+ int calling_type)
+{
+ struct tevent_req *req, *subreq;
+ struct nb_connect_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct nb_connect_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->called_name = called_name;
+ state->addr = addr;
+
+ state->sock = -1;
+ make_nmb_name(&state->called, called_name, called_type);
+ make_nmb_name(&state->calling, calling_name, calling_type);
+
+ tevent_req_set_cleanup_fn(req, nb_connect_cleanup);
+
+ subreq = open_socket_out_send(state, ev, addr, NBT_SMB_PORT, 5000);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, nb_connect_connected, req);
+ return req;
+}
+
+static void nb_connect_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state)
+{
+ struct nb_connect_state *state = tevent_req_data(
+ req, struct nb_connect_state);
+
+ /*
+ * we need to free a pending request before closing the
+ * socket, see bug #11141
+ */
+ TALLOC_FREE(state->session_subreq);
+
+ if (req_state == TEVENT_REQ_DONE) {
+ /*
+ * we keep the socket open for the caller to use
+ */
+ return;
+ }
+
+ if (state->sock != -1) {
+ close(state->sock);
+ state->sock = -1;
+ }
+
+ return;
+}
+
+static void nb_connect_connected(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_connect_state *state = tevent_req_data(
+ req, struct nb_connect_state);
+ NTSTATUS status;
+
+ status = open_socket_out_recv(subreq, &state->sock);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
+ subreq = cli_session_request_send(state, state->ev, state->sock,
+ &state->called, &state->calling);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_connect_done, req);
+ state->session_subreq = subreq;
+}
+
+static void nb_connect_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_connect_state *state = tevent_req_data(
+ req, struct nb_connect_state);
+ bool ret;
+ int err;
+ uint8_t resp;
+
+ state->session_subreq = NULL;
+
+ ret = cli_session_request_recv(subreq, &err, &resp);
+ TALLOC_FREE(subreq);
+ if (!ret) {
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+
+ /*
+ * RFC1002: 0x82 - POSITIVE SESSION RESPONSE
+ */
+
+ if (resp != 0x82) {
+ /*
+ * The server did not like our session request
+ */
+ close(state->sock);
+ state->sock = -1;
+
+ if (strequal(state->called_name, "*SMBSERVER")) {
+ /*
+ * Here we could try a name status request and
+ * use the first 0x20 type name.
+ */
+ tevent_req_nterror(
+ req, NT_STATUS_RESOURCE_NAME_NOT_FOUND);
+ return;
+ }
+
+ /*
+ * We could be subtle and distinguish between
+ * different failure modes, but what we do here
+ * instead is just retry with *SMBSERVER type 0x20.
+ */
+ state->called_name = "*SMBSERVER";
+ make_nmb_name(&state->called, state->called_name, 0x20);
+
+ subreq = open_socket_out_send(state, state->ev, state->addr,
+ NBT_SMB_PORT, 5000);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_connect_connected, req);
+ return;
+ }
+
+ tevent_req_done(req);
+ return;
+}
+
+static NTSTATUS nb_connect_recv(struct tevent_req *req, int *sock)
+{
+ struct nb_connect_state *state = tevent_req_data(
+ req, struct nb_connect_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ *sock = state->sock;
+ state->sock = -1;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+struct smbsock_connect_state {
+ struct tevent_context *ev;
+ const struct sockaddr_storage *addr;
+ const char *called_name;
+ uint8_t called_type;
+ const char *calling_name;
+ uint8_t calling_type;
+ struct tevent_req *req_139;
+ struct tevent_req *req_445;
+ int sock;
+ uint16_t port;
+};
+
+static void smbsock_connect_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state);
+static void smbsock_connect_connected(struct tevent_req *subreq);
+static void smbsock_connect_do_139(struct tevent_req *subreq);
+
+struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct sockaddr_storage *addr,
+ uint16_t port,
+ const char *called_name,
+ int called_type,
+ const char *calling_name,
+ int calling_type)
+{
+ struct tevent_req *req;
+ struct smbsock_connect_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct smbsock_connect_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->addr = addr;
+ state->sock = -1;
+ state->called_name =
+ (called_name != NULL) ? called_name : "*SMBSERVER";
+ state->called_type =
+ (called_type != -1) ? called_type : 0x20;
+ state->calling_name =
+ (calling_name != NULL) ? calling_name : lp_netbios_name();
+ state->calling_type =
+ (calling_type != -1) ? calling_type : 0x00;
+
+ tevent_req_set_cleanup_fn(req, smbsock_connect_cleanup);
+
+ if (port == NBT_SMB_PORT) {
+ if (lp_disable_netbios()) {
+ tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED);
+ return tevent_req_post(req, ev);
+ }
+
+ state->req_139 = nb_connect_send(state, state->ev, state->addr,
+ state->called_name,
+ state->called_type,
+ state->calling_name,
+ state->calling_type);
+ if (tevent_req_nomem(state->req_139, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ state->req_139, smbsock_connect_connected, req);
+ return req;
+ }
+ if (port != 0) {
+ state->req_445 = open_socket_out_send(state, ev, addr, port,
+ 5000);
+ if (tevent_req_nomem(state->req_445, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(
+ state->req_445, smbsock_connect_connected, req);
+ return req;
+ }
+
+ /*
+ * port==0, try both
+ */
+
+ state->req_445 = open_socket_out_send(state, ev, addr, TCP_SMB_PORT, 5000);
+ if (tevent_req_nomem(state->req_445, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->req_445, smbsock_connect_connected,
+ req);
+
+ /*
+ * Check for disable_netbios
+ */
+ if (lp_disable_netbios()) {
+ return req;
+ }
+
+ /*
+ * After 5 msecs, fire the 139 (NBT) request
+ */
+ state->req_139 = tevent_wakeup_send(
+ state, ev, timeval_current_ofs(0, 5000));
+ if (tevent_req_nomem(state->req_139, req)) {
+ TALLOC_FREE(state->req_445);
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(state->req_139, smbsock_connect_do_139,
+ req);
+ return req;
+}
+
+static void smbsock_connect_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state)
+{
+ struct smbsock_connect_state *state = tevent_req_data(
+ req, struct smbsock_connect_state);
+
+ /*
+ * we need to free a pending request before closing the
+ * socket, see bug #11141
+ */
+ TALLOC_FREE(state->req_445);
+ TALLOC_FREE(state->req_139);
+
+ if (req_state == TEVENT_REQ_DONE) {
+ /*
+ * we keep the socket open for the caller to use
+ */
+ return;
+ }
+
+ if (state->sock != -1) {
+ close(state->sock);
+ state->sock = -1;
+ }
+
+ return;
+}
+
+static void smbsock_connect_do_139(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smbsock_connect_state *state = tevent_req_data(
+ req, struct smbsock_connect_state);
+ bool ret;
+
+ ret = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ret) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+ state->req_139 = nb_connect_send(state, state->ev, state->addr,
+ state->called_name,
+ state->called_type,
+ state->calling_name,
+ state->calling_type);
+ if (tevent_req_nomem(state->req_139, req)) {
+ return;
+ }
+ tevent_req_set_callback(state->req_139, smbsock_connect_connected,
+ req);
+}
+
+static void smbsock_connect_connected(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smbsock_connect_state *state = tevent_req_data(
+ req, struct smbsock_connect_state);
+ struct tevent_req *unfinished_req;
+ NTSTATUS status;
+
+ if (subreq == state->req_445) {
+
+ status = open_socket_out_recv(subreq, &state->sock);
+ TALLOC_FREE(state->req_445);
+ unfinished_req = state->req_139;
+ state->port = TCP_SMB_PORT;
+
+ } else if (subreq == state->req_139) {
+
+ status = nb_connect_recv(subreq, &state->sock);
+ TALLOC_FREE(state->req_139);
+ unfinished_req = state->req_445;
+ state->port = NBT_SMB_PORT;
+
+ } else {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+
+ if (NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(unfinished_req);
+ state->req_139 = NULL;
+ state->req_445 = NULL;
+ tevent_req_done(req);
+ return;
+ }
+ if (unfinished_req == NULL) {
+ /*
+ * Both requests failed
+ */
+ tevent_req_nterror(req, status);
+ return;
+ }
+ /*
+ * Do nothing, wait for the second request to come here.
+ */
+}
+
+NTSTATUS smbsock_connect_recv(struct tevent_req *req, int *sock,
+ uint16_t *ret_port)
+{
+ struct smbsock_connect_state *state = tevent_req_data(
+ req, struct smbsock_connect_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ *sock = state->sock;
+ state->sock = -1;
+ if (ret_port != NULL) {
+ *ret_port = state->port;
+ }
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS smbsock_connect(const struct sockaddr_storage *addr, uint16_t port,
+ const char *called_name, int called_type,
+ const char *calling_name, int calling_type,
+ int *pfd, uint16_t *ret_port, int sec_timeout)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = smbsock_connect_send(frame, ev, addr, port,
+ called_name, called_type,
+ calling_name, calling_type);
+ if (req == NULL) {
+ goto fail;
+ }
+ if ((sec_timeout != 0) &&
+ !tevent_req_set_endtime(
+ req, ev, timeval_current_ofs(sec_timeout, 0))) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = smbsock_connect_recv(req, pfd, ret_port);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
+
+struct smbsock_any_connect_state {
+ struct tevent_context *ev;
+ const struct sockaddr_storage *addrs;
+ const char **called_names;
+ int *called_types;
+ const char **calling_names;
+ int *calling_types;
+ size_t num_addrs;
+ uint16_t port;
+
+ struct tevent_req **requests;
+ size_t num_sent;
+ size_t num_received;
+
+ int fd;
+ uint16_t chosen_port;
+ size_t chosen_index;
+};
+
+static void smbsock_any_connect_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state);
+static bool smbsock_any_connect_send_next(
+ struct tevent_req *req, struct smbsock_any_connect_state *state);
+static void smbsock_any_connect_trynext(struct tevent_req *subreq);
+static void smbsock_any_connect_connected(struct tevent_req *subreq);
+
+struct tevent_req *smbsock_any_connect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct sockaddr_storage *addrs,
+ const char **called_names,
+ int *called_types,
+ const char **calling_names,
+ int *calling_types,
+ size_t num_addrs, uint16_t port)
+{
+ struct tevent_req *req, *subreq;
+ struct smbsock_any_connect_state *state;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct smbsock_any_connect_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->addrs = addrs;
+ state->num_addrs = num_addrs;
+ state->called_names = called_names;
+ state->called_types = called_types;
+ state->calling_names = calling_names;
+ state->calling_types = calling_types;
+ state->port = port;
+ state->fd = -1;
+
+ tevent_req_set_cleanup_fn(req, smbsock_any_connect_cleanup);
+
+ if (num_addrs == 0) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
+ state->requests = talloc_zero_array(state, struct tevent_req *,
+ num_addrs);
+ if (tevent_req_nomem(state->requests, req)) {
+ return tevent_req_post(req, ev);
+ }
+ if (!smbsock_any_connect_send_next(req, state)) {
+ return tevent_req_post(req, ev);
+ }
+ if (state->num_sent >= state->num_addrs) {
+ return req;
+ }
+ subreq = tevent_wakeup_send(state, ev, timeval_current_ofs(0, 10000));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, smbsock_any_connect_trynext, req);
+ return req;
+}
+
+static void smbsock_any_connect_cleanup(struct tevent_req *req,
+ enum tevent_req_state req_state)
+{
+ struct smbsock_any_connect_state *state = tevent_req_data(
+ req, struct smbsock_any_connect_state);
+
+ TALLOC_FREE(state->requests);
+
+ if (req_state == TEVENT_REQ_DONE) {
+ /*
+ * Keep the socket open for the caller.
+ */
+ return;
+ }
+
+ if (state->fd != -1) {
+ close(state->fd);
+ state->fd = -1;
+ }
+}
+
+static void smbsock_any_connect_trynext(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smbsock_any_connect_state *state = tevent_req_data(
+ req, struct smbsock_any_connect_state);
+ bool ret;
+
+ ret = tevent_wakeup_recv(subreq);
+ TALLOC_FREE(subreq);
+ if (!ret) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+ if (!smbsock_any_connect_send_next(req, state)) {
+ return;
+ }
+ if (state->num_sent >= state->num_addrs) {
+ return;
+ }
+ subreq = tevent_wakeup_send(state, state->ev,
+ tevent_timeval_set(0, 10000));
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, smbsock_any_connect_trynext, req);
+}
+
+static bool smbsock_any_connect_send_next(
+ struct tevent_req *req, struct smbsock_any_connect_state *state)
+{
+ struct tevent_req *subreq;
+
+ if (state->num_sent >= state->num_addrs) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return false;
+ }
+ subreq = smbsock_connect_send(
+ state->requests, state->ev, &state->addrs[state->num_sent],
+ state->port,
+ (state->called_names != NULL)
+ ? state->called_names[state->num_sent] : NULL,
+ (state->called_types != NULL)
+ ? state->called_types[state->num_sent] : -1,
+ (state->calling_names != NULL)
+ ? state->calling_names[state->num_sent] : NULL,
+ (state->calling_types != NULL)
+ ? state->calling_types[state->num_sent] : -1);
+ if (tevent_req_nomem(subreq, req)) {
+ return false;
+ }
+ tevent_req_set_callback(subreq, smbsock_any_connect_connected, req);
+
+ state->requests[state->num_sent] = subreq;
+ state->num_sent += 1;
+
+ return true;
+}
+
+static void smbsock_any_connect_connected(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct smbsock_any_connect_state *state = tevent_req_data(
+ req, struct smbsock_any_connect_state);
+ NTSTATUS status;
+ int fd = 0;
+ uint16_t chosen_port = 0;
+ size_t i;
+ size_t chosen_index = 0;
+
+ for (i=0; i<state->num_sent; i++) {
+ if (state->requests[i] == subreq) {
+ chosen_index = i;
+ break;
+ }
+ }
+ if (i == state->num_sent) {
+ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
+ return;
+ }
+
+ status = smbsock_connect_recv(subreq, &fd, &chosen_port);
+
+ TALLOC_FREE(subreq);
+ state->requests[chosen_index] = NULL;
+
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+ * tevent_req_done() will kill all the other requests
+ * via smbsock_any_connect_cleanup().
+ */
+ state->fd = fd;
+ state->chosen_port = chosen_port;
+ state->chosen_index = chosen_index;
+ tevent_req_done(req);
+ return;
+ }
+
+ state->num_received += 1;
+ if (state->num_received < state->num_addrs) {
+ /*
+ * More addrs pending, wait for the others
+ */
+ return;
+ }
+
+ /*
+ * This is the last response, none succeeded.
+ */
+ tevent_req_nterror(req, status);
+ return;
+}
+
+NTSTATUS smbsock_any_connect_recv(struct tevent_req *req, int *pfd,
+ size_t *chosen_index,
+ uint16_t *chosen_port)
+{
+ struct smbsock_any_connect_state *state = tevent_req_data(
+ req, struct smbsock_any_connect_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ *pfd = state->fd;
+ state->fd = -1;
+ if (chosen_index != NULL) {
+ *chosen_index = state->chosen_index;
+ }
+ if (chosen_port != NULL) {
+ *chosen_port = state->chosen_port;
+ }
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+NTSTATUS smbsock_any_connect(const struct sockaddr_storage *addrs,
+ const char **called_names,
+ int *called_types,
+ const char **calling_names,
+ int *calling_types,
+ size_t num_addrs,
+ uint16_t port,
+ int sec_timeout,
+ int *pfd, size_t *chosen_index,
+ uint16_t *chosen_port)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+ req = smbsock_any_connect_send(frame, ev, addrs,
+ called_names, called_types,
+ calling_names, calling_types,
+ num_addrs, port);
+ if (req == NULL) {
+ goto fail;
+ }
+ if ((sec_timeout != 0) &&
+ !tevent_req_set_endtime(
+ req, ev, timeval_current_ofs(sec_timeout, 0))) {
+ goto fail;
+ }
+ if (!tevent_req_poll_ntstatus(req, ev, &status)) {
+ goto fail;
+ }
+ status = smbsock_any_connect_recv(req, pfd, chosen_index, chosen_port);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
+}
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
new file mode 100644
index 0000000..c40eb79
--- /dev/null
+++ b/source3/libsmb/trusts_util.c
@@ -0,0 +1,630 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Routines to operate on various trust relationships
+ * Copyright (C) Andrew Bartlett 2001
+ * Copyright (C) Rafal Szczesniak 2003
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "../libcli/auth/libcli_auth.h"
+#include "../libcli/auth/netlogon_creds_cli.h"
+#include "rpc_client/cli_netlogon.h"
+#include "rpc_client/cli_pipe.h"
+#include "../librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/secrets.h"
+#include "secrets.h"
+#include "passdb.h"
+#include "libsmb/libsmb.h"
+#include "source3/include/messages.h"
+#include "source3/include/g_lock.h"
+#include "lib/util/util_tdb.h"
+
+/*********************************************************
+ Change the domain password on the PDC.
+ Do most of the legwork ourselves. Caller must have
+ already setup the connection to the NETLOGON pipe
+**********************************************************/
+
+struct trust_pw_change_state {
+ struct g_lock_ctx *g_ctx;
+ char *g_lock_key;
+};
+
+static int trust_pw_change_state_destructor(struct trust_pw_change_state *state)
+{
+ g_lock_unlock(state->g_ctx,
+ string_term_tdb_data(state->g_lock_key));
+ return 0;
+}
+
+char *trust_pw_new_value(TALLOC_CTX *mem_ctx,
+ enum netr_SchannelType sec_channel_type,
+ int security)
+{
+ /*
+ * use secure defaults, which match
+ * what windows uses for computer passwords.
+ *
+ * We used to have min=128 and max=255 here, but
+ * it's a bad idea because of bugs in the Windows
+ * RODC/RWDC PasswordUpdateForward handling via
+ * NetrLogonSendToSam.
+ *
+ * See https://bugzilla.samba.org/show_bug.cgi?id=14984
+ */
+ size_t min = 120;
+ size_t max = 120;
+
+ switch (sec_channel_type) {
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_BDC:
+ if (security == SEC_DOMAIN) {
+ /*
+ * The maximum length of a trust account password.
+ * Used when we randomly create it, 15 char passwords
+ * exceed NT4's max password length.
+ */
+ min = 14;
+ max = 14;
+ }
+ break;
+ case SEC_CHAN_DNS_DOMAIN:
+ /*
+ * new_len * 2 = 498 bytes is the largest possible length
+ * NL_PASSWORD_VERSION consumes the rest of the possible 512 bytes
+ * and a confounder with at least 2 bytes is required.
+ *
+ * Windows uses new_len = 120 => 240 bytes (utf16)
+ */
+ min = 120;
+ max = 120;
+ break;
+ case SEC_CHAN_DOMAIN:
+ /*
+ * The maximum length of a trust account password.
+ * Used when we randomly create it, 15 char passwords
+ * exceed NT4's max password length.
+ */
+ min = 14;
+ max = 14;
+ break;
+ default:
+ break;
+ }
+
+ /*
+ * Create a random machine account password
+ * We create a random buffer and convert that to utf8.
+ * This is similar to what windows is doing.
+ */
+ return generate_random_machine_password(mem_ctx, min, max);
+}
+
+/*
+ * Temporary function to wrap cli_auth in a lck
+ */
+
+static NTSTATUS netlogon_creds_cli_lck_auth(
+ struct netlogon_creds_cli_context *context,
+ struct dcerpc_binding_handle *b,
+ uint8_t num_nt_hashes,
+ const struct samr_Password * const *nt_hashes,
+ uint8_t *idx_nt_hashes)
+{
+ struct netlogon_creds_cli_lck *lck;
+ NTSTATUS status;
+
+ status = netlogon_creds_cli_lck(
+ context, NETLOGON_CREDS_CLI_LCK_EXCLUSIVE,
+ talloc_tos(), &lck);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("netlogon_creds_cli_lck failed: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ status = netlogon_creds_cli_auth(context, b, num_nt_hashes, nt_hashes,
+ idx_nt_hashes);
+ TALLOC_FREE(lck);
+
+ return status;
+}
+
+NTSTATUS trust_pw_change(struct netlogon_creds_cli_context *context,
+ struct messaging_context *msg_ctx,
+ struct dcerpc_binding_handle *b,
+ const char *domain,
+ const char *dcname,
+ bool force)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ const char *context_name = NULL;
+ struct trust_pw_change_state *state;
+ struct cli_credentials *creds = NULL;
+ struct secrets_domain_info1 *info = NULL;
+ struct secrets_domain_info1_change *prev = NULL;
+ const struct samr_Password *current_nt_hash = NULL;
+ const struct samr_Password *previous_nt_hash = NULL;
+ uint8_t num_nt_hashes = 0;
+ uint8_t idx = 0;
+ const struct samr_Password *nt_hashes[1+3] = { NULL, };
+ uint8_t idx_nt_hashes = 0;
+ uint8_t idx_current = UINT8_MAX;
+ enum netr_SchannelType sec_channel_type = SEC_CHAN_NULL;
+ time_t pass_last_set_time;
+ uint32_t old_version = 0;
+ struct pdb_trusted_domain *td = NULL;
+ struct timeval g_timeout = { 0, };
+ int timeout = 0;
+ struct timeval tv = { 0, };
+ char *new_trust_pw_str = NULL;
+ size_t len = 0;
+ DATA_BLOB new_trust_pw_blob = data_blob_null;
+ uint32_t new_version = 0;
+ uint32_t *new_trust_version = NULL;
+ NTSTATUS status;
+ bool ok;
+
+ state = talloc_zero(frame, struct trust_pw_change_state);
+ if (state == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ state->g_ctx = g_lock_ctx_init(state, msg_ctx);
+ if (state->g_ctx == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ state->g_lock_key = talloc_asprintf(state,
+ "trust_password_change_%s",
+ domain);
+ if (state->g_lock_key == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ g_timeout = timeval_current_ofs(10, 0);
+ status = g_lock_lock(state->g_ctx,
+ string_term_tdb_data(state->g_lock_key),
+ G_LOCK_WRITE, g_timeout, NULL, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("could not get g_lock on [%s]!\n",
+ state->g_lock_key));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ talloc_set_destructor(state, trust_pw_change_state_destructor);
+
+ status = pdb_get_trust_credentials(domain, NULL, frame, &creds);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("could not fetch domain creds for domain %s - %s!\n",
+ domain, nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+
+ current_nt_hash = cli_credentials_get_nt_hash(creds, frame);
+ if (current_nt_hash == NULL) {
+ DEBUG(0, ("cli_credentials_get_nt_hash failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+ previous_nt_hash = cli_credentials_get_old_nt_hash(creds, frame);
+
+ old_version = cli_credentials_get_kvno(creds);
+ pass_last_set_time = cli_credentials_get_password_last_changed_time(creds);
+ sec_channel_type = cli_credentials_get_secure_channel_type(creds);
+
+ new_version = old_version + 1;
+
+ switch (sec_channel_type) {
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_BDC:
+ break;
+ case SEC_CHAN_DNS_DOMAIN:
+ case SEC_CHAN_DOMAIN:
+ status = pdb_get_trusted_domain(frame, domain, &td);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("pdb_get_trusted_domain() failed for domain %s - %s!\n",
+ domain, nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ new_trust_version = &new_version;
+ break;
+ default:
+ TALLOC_FREE(frame);
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
+ timeout = lp_machine_password_timeout();
+ if (timeout == 0) {
+ if (!force) {
+ DEBUG(10,("machine password never expires\n"));
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+ }
+
+ tv.tv_sec = pass_last_set_time;
+ DEBUG(10, ("password last changed %s\n",
+ timeval_string(talloc_tos(), &tv, false)));
+ tv.tv_sec += timeout;
+ DEBUGADD(10, ("password valid until %s\n",
+ timeval_string(talloc_tos(), &tv, false)));
+
+ if (!force && !timeval_expired(&tv)) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ context_name = netlogon_creds_cli_debug_string(context, talloc_tos());
+ if (context_name == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ /*
+ * Create a random machine account password
+ * We create a random buffer and convert that to utf8.
+ * This is similar to what windows is doing.
+ */
+ new_trust_pw_str = trust_pw_new_value(frame, sec_channel_type,
+ lp_security());
+ if (new_trust_pw_str == NULL) {
+ DEBUG(0, ("trust_pw_new_value() failed\n"));
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ len = strlen(new_trust_pw_str);
+ ok = convert_string_talloc(frame, CH_UNIX, CH_UTF16,
+ new_trust_pw_str, len,
+ (void **)&new_trust_pw_blob.data,
+ &new_trust_pw_blob.length);
+ if (!ok) {
+ status = NT_STATUS_UNMAPPABLE_CHARACTER;
+ if (errno == ENOMEM) {
+ status = NT_STATUS_NO_MEMORY;
+ }
+ DBG_ERR("convert_string_talloc(CH_UTF16MUNGED, CH_UNIX) "
+ "failed for of %s - %s\n",
+ domain, nt_errstr(status));
+ TALLOC_FREE(frame);
+ return status;
+ }
+ talloc_keep_secret(new_trust_pw_blob.data);
+
+ switch (sec_channel_type) {
+
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_BDC:
+ status = secrets_prepare_password_change(domain, dcname,
+ new_trust_pw_str,
+ frame, &info, &prev);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("secrets_prepare_password_change() failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ TALLOC_FREE(new_trust_pw_str);
+
+ if (prev != NULL) {
+ /*
+ * We had a failure before we changed the password.
+ */
+ nt_hashes[idx++] = &prev->password->nt_hash;
+
+ DEBUG(0,("%s : %s(%s): A password change was already "
+ "started against '%s' at %s. Trying to "
+ "recover...\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain,
+ prev->password->change_server,
+ nt_time_string(talloc_tos(),
+ prev->password->change_time)));
+ DEBUG(0,("%s : %s(%s): Last failure local[%s] remote[%s] "
+ "against '%s' at %s.\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain,
+ nt_errstr(prev->local_status),
+ nt_errstr(prev->remote_status),
+ prev->change_server,
+ nt_time_string(talloc_tos(),
+ prev->change_time)));
+ }
+
+ idx_current = idx;
+ nt_hashes[idx++] = &info->password->nt_hash;
+ if (info->old_password != NULL) {
+ nt_hashes[idx++] = &info->old_password->nt_hash;
+ }
+ if (info->older_password != NULL) {
+ nt_hashes[idx++] = &info->older_password->nt_hash;
+ }
+
+ /*
+ * We use the password that's already persistent in
+ * our database in order to handle failures.
+ */
+ data_blob_free(&new_trust_pw_blob);
+ new_trust_pw_blob = info->next_change->password->cleartext_blob;
+ break;
+
+ case SEC_CHAN_DNS_DOMAIN:
+ case SEC_CHAN_DOMAIN:
+ idx_current = idx;
+ nt_hashes[idx++] = current_nt_hash;
+ if (previous_nt_hash != NULL) {
+ nt_hashes[idx++] = previous_nt_hash;
+ }
+ break;
+
+ default:
+ smb_panic("Unsupported secure channel type");
+ break;
+ }
+ num_nt_hashes = idx;
+
+ DEBUG(0,("%s : %s(%s): Verifying passwords remotely %s.\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
+ /*
+ * Check which password the dc knows about.
+ *
+ * TODO:
+ * If the previous password is the only password in common with the dc,
+ * we better skip the password change, or use something like
+ * ServerTrustPasswordsGet() or netr_ServerGetTrustInfo() to fix our
+ * local secrets before doing the change.
+ */
+ status = netlogon_creds_cli_lck_auth(context, b,
+ num_nt_hashes,
+ nt_hashes,
+ &idx_nt_hashes);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("netlogon_creds_cli_auth(%s) failed for old passwords (%u) - %s!\n",
+ context_name, num_nt_hashes, nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ if (prev != NULL && idx_nt_hashes == 0) {
+ DEBUG(0,("%s : %s(%s): Verified new password remotely "
+ "without changing %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
+ status = secrets_finish_password_change(prev->password->change_server,
+ prev->password->change_time,
+ info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("secrets_prepare_password_change() failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ DEBUG(0,("%s : %s(%s): Recovered previous password change.\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
+
+ if (idx_nt_hashes != idx_current) {
+ DEBUG(0,("%s : %s(%s): Verified older password remotely "
+ "skip changing %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
+ if (info == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+
+ status = secrets_defer_password_change(dcname,
+ NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE,
+ NT_STATUS_NOT_COMMITTED,
+ info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("secrets_defer_password_change() failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ TALLOC_FREE(frame);
+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+
+ DEBUG(0,("%s : %s(%s): Verified old password remotely using %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
+ /*
+ * Return the result of trying to write the new password
+ * back into the trust account file.
+ */
+
+ switch (sec_channel_type) {
+
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_BDC:
+ /*
+ * we called secrets_prepare_password_change() above.
+ */
+ break;
+
+ case SEC_CHAN_DNS_DOMAIN:
+ case SEC_CHAN_DOMAIN:
+ /*
+ * we need to get the sid first for the
+ * pdb_set_trusteddom_pw call
+ */
+ ok = pdb_set_trusteddom_pw(domain, new_trust_pw_str,
+ &td->security_identifier);
+ if (!ok) {
+ DEBUG(0, ("pdb_set_trusteddom_pw() failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ TALLOC_FREE(new_trust_pw_str);
+ break;
+
+ default:
+ smb_panic("Unsupported secure channel type");
+ break;
+ }
+
+ DEBUG(0,("%s : %s(%s): Changed password locally\n",
+ current_timestring(talloc_tos(), false), __func__, domain));
+
+ status = netlogon_creds_cli_ServerPasswordSet(context, b,
+ &new_trust_pw_blob,
+ new_trust_version);
+ if (!NT_STATUS_IS_OK(status)) {
+ NTSTATUS status2;
+ const char *fn = NULL;
+
+ ok = dcerpc_binding_handle_is_connected(b);
+
+ DEBUG(0,("%s : %s(%s) remote password change with %s failed "
+ "- %s (%s)\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name,
+ nt_errstr(status),
+ ok ? "connected": "disconnected"));
+
+ if (!ok) {
+ /*
+ * The connection is broken, we don't
+ * know if the password was changed,
+ * we hope to have more luck next time.
+ */
+ status2 = secrets_failed_password_change(dcname,
+ NT_STATUS_NOT_COMMITTED,
+ status,
+ info);
+ fn = "secrets_failed_password_change";
+ } else {
+ /*
+ * The server rejected the change, we don't
+ * retry and defer the change to the next
+ * "machine password timeout" interval.
+ */
+ status2 = secrets_defer_password_change(dcname,
+ NT_STATUS_NOT_COMMITTED,
+ status,
+ info);
+ fn = "secrets_defer_password_change";
+ }
+ if (!NT_STATUS_IS_OK(status2)) {
+ DEBUG(0, ("%s() failed for domain %s!\n",
+ fn, domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ DEBUG(0,("%s : %s(%s): Changed password remotely using %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
+ switch (sec_channel_type) {
+
+ case SEC_CHAN_WKSTA:
+ case SEC_CHAN_BDC:
+ status = secrets_finish_password_change(
+ info->next_change->change_server,
+ info->next_change->change_time,
+ info);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("secrets_finish_password_change() failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ DEBUG(0,("%s : %s(%s): Finished password change.\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain));
+ break;
+
+ case SEC_CHAN_DNS_DOMAIN:
+ case SEC_CHAN_DOMAIN:
+ /*
+ * we used pdb_set_trusteddom_pw().
+ */
+ break;
+
+ default:
+ smb_panic("Unsupported secure channel type");
+ break;
+ }
+
+ ok = cli_credentials_set_utf16_password(creds,
+ &new_trust_pw_blob,
+ CRED_SPECIFIED);
+ if (!ok) {
+ DEBUG(0, ("cli_credentials_set_password failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ current_nt_hash = cli_credentials_get_nt_hash(creds, frame);
+ if (current_nt_hash == NULL) {
+ DEBUG(0, ("cli_credentials_get_nt_hash failed for domain %s!\n",
+ domain));
+ TALLOC_FREE(frame);
+ return NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE;
+ }
+
+ /*
+ * Now we verify the new password.
+ */
+ idx = 0;
+ nt_hashes[idx++] = current_nt_hash;
+ num_nt_hashes = idx;
+ status = netlogon_creds_cli_lck_auth(context, b,
+ num_nt_hashes,
+ nt_hashes,
+ &idx_nt_hashes);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("netlogon_creds_cli_auth(%s) failed for new password - %s!\n",
+ context_name, nt_errstr(status)));
+ TALLOC_FREE(frame);
+ return status;
+ }
+
+ DEBUG(0,("%s : %s(%s): Verified new password remotely using %s\n",
+ current_timestring(talloc_tos(), false),
+ __func__, domain, context_name));
+
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
new file mode 100644
index 0000000..b81d379
--- /dev/null
+++ b/source3/libsmb/unexpected.c
@@ -0,0 +1,751 @@
+/*
+ Unix SMB/CIFS implementation.
+ handle unexpected packets
+ Copyright (C) Andrew Tridgell 2000
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "libsmb/unexpected.h"
+#include "../lib/util/tevent_ntstatus.h"
+#include "lib/util_tsock.h"
+#include "libsmb/nmblib.h"
+#include "lib/tsocket/tsocket.h"
+#include "lib/util/sys_rw.h"
+
+static const char *nmbd_socket_dir(void)
+{
+ return lp_parm_const_string(-1, "nmbd", "socket dir",
+ get_dyn_NMBDSOCKETDIR());
+}
+
+struct nb_packet_query {
+ enum packet_type type;
+ size_t mailslot_namelen;
+ int trn_id;
+};
+
+struct nb_packet_client;
+
+struct nb_packet_server {
+ struct tevent_context *ev;
+ int listen_sock;
+ struct tevent_fd *listen_fde;
+ int max_clients;
+ int num_clients;
+ struct nb_packet_client *clients;
+};
+
+struct nb_packet_client {
+ struct nb_packet_client *prev, *next;
+ struct nb_packet_server *server;
+
+ enum packet_type type;
+ int trn_id;
+ char *mailslot_name;
+
+ struct {
+ uint8_t byte;
+ struct iovec iov[1];
+ } ack;
+
+ struct tstream_context *sock;
+ struct tevent_queue *out_queue;
+};
+
+static int nb_packet_server_destructor(struct nb_packet_server *s);
+static void nb_packet_server_listener(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data);
+
+NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ int max_clients,
+ struct nb_packet_server **presult)
+{
+ struct nb_packet_server *result;
+ NTSTATUS status;
+ int rc;
+
+ result = talloc_zero(mem_ctx, struct nb_packet_server);
+ if (result == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+ result->ev = ev;
+ result->max_clients = max_clients;
+
+ result->listen_sock = create_pipe_sock(
+ nmbd_socket_dir(), "unexpected", 0755);
+ if (result->listen_sock == -1) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+ rc = listen(result->listen_sock, 5);
+ if (rc < 0) {
+ status = map_nt_error_from_unix(errno);
+ goto fail;
+ }
+ talloc_set_destructor(result, nb_packet_server_destructor);
+
+ result->listen_fde = tevent_add_fd(ev, result,
+ result->listen_sock,
+ TEVENT_FD_READ,
+ nb_packet_server_listener,
+ result);
+ if (result->listen_fde == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ *presult = result;
+ return NT_STATUS_OK;
+fail:
+ TALLOC_FREE(result);
+ return status;
+}
+
+static int nb_packet_server_destructor(struct nb_packet_server *s)
+{
+ TALLOC_FREE(s->listen_fde);
+
+ if (s->listen_sock != -1) {
+ close(s->listen_sock);
+ s->listen_sock = -1;
+ }
+ return 0;
+}
+
+static int nb_packet_client_destructor(struct nb_packet_client *c);
+static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
+ void *private_data);
+static void nb_packet_got_query(struct tevent_req *req);
+static void nb_packet_client_ack_done(struct tevent_req *req);
+static void nb_packet_client_read_done(struct tevent_req *req);
+
+static void nb_packet_server_listener(struct tevent_context *ev,
+ struct tevent_fd *fde,
+ uint16_t flags,
+ void *private_data)
+{
+ struct nb_packet_server *server = talloc_get_type_abort(
+ private_data, struct nb_packet_server);
+ struct nb_packet_client *client;
+ struct tevent_req *req;
+ struct sockaddr_un sunaddr;
+ socklen_t len;
+ int sock;
+ int ret;
+
+ len = sizeof(sunaddr);
+
+ sock = accept(server->listen_sock, (struct sockaddr *)(void *)&sunaddr,
+ &len);
+ if (sock == -1) {
+ return;
+ }
+ smb_set_close_on_exec(sock);
+ DEBUG(6,("accepted socket %d\n", sock));
+
+ client = talloc_zero(server, struct nb_packet_client);
+ if (client == NULL) {
+ DEBUG(10, ("talloc failed\n"));
+ close(sock);
+ return;
+ }
+ ret = tstream_bsd_existing_socket(client, sock, &client->sock);
+ if (ret != 0) {
+ DEBUG(10, ("tstream_bsd_existing_socket failed\n"));
+ TALLOC_FREE(client);
+ close(sock);
+ return;
+ }
+ /* as server we want to fail early */
+ tstream_bsd_fail_readv_first_error(client->sock, true);
+
+ client->server = server;
+
+ client->out_queue = tevent_queue_create(
+ client, "unexpected packet output");
+ if (client->out_queue == NULL) {
+ DEBUG(10, ("tevent_queue_create failed\n"));
+ TALLOC_FREE(client);
+ return;
+ }
+
+ req = tstream_read_packet_send(client, ev, client->sock,
+ sizeof(struct nb_packet_query),
+ nb_packet_client_more, NULL);
+ if (req == NULL) {
+ DEBUG(10, ("tstream_read_packet_send failed\n"));
+ TALLOC_FREE(client);
+ return;
+ }
+ tevent_req_set_callback(req, nb_packet_got_query, client);
+
+ DLIST_ADD(server->clients, client);
+ server->num_clients += 1;
+
+ talloc_set_destructor(client, nb_packet_client_destructor);
+
+ if (server->num_clients > server->max_clients) {
+ DEBUG(10, ("Too many clients, dropping oldest\n"));
+
+ /*
+ * no TALLOC_FREE here, don't mess with the list structs
+ */
+ talloc_free(server->clients->prev);
+ }
+}
+
+static ssize_t nb_packet_client_more(uint8_t *buf, size_t buflen,
+ void *private_data)
+{
+ struct nb_packet_query q;
+ if (buflen > sizeof(struct nb_packet_query)) {
+ return 0;
+ }
+ /* Take care of alignment */
+ memcpy(&q, buf, sizeof(q));
+ if (q.mailslot_namelen > 1024) {
+ DEBUG(10, ("Got invalid mailslot namelen %d\n",
+ (int)q.mailslot_namelen));
+ return -1;
+ }
+ return q.mailslot_namelen;
+}
+
+static int nb_packet_client_destructor(struct nb_packet_client *c)
+{
+ tevent_queue_stop(c->out_queue);
+ TALLOC_FREE(c->sock);
+
+ DLIST_REMOVE(c->server->clients, c);
+ c->server->num_clients -= 1;
+ return 0;
+}
+
+static void nb_packet_got_query(struct tevent_req *req)
+{
+ struct nb_packet_client *client = tevent_req_callback_data(
+ req, struct nb_packet_client);
+ struct nb_packet_query q;
+ uint8_t *buf;
+ ssize_t nread;
+ int err;
+
+ nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
+ TALLOC_FREE(req);
+ if (nread < (ssize_t)sizeof(struct nb_packet_query)) {
+ DEBUG(10, ("read_packet_recv returned %d (%s)\n",
+ (int)nread,
+ (nread == -1) ? strerror(err) : "wrong length"));
+ TALLOC_FREE(client);
+ return;
+ }
+
+ /* Take care of alignment */
+ memcpy(&q, buf, sizeof(q));
+
+ if ((size_t)nread !=
+ sizeof(struct nb_packet_query) + q.mailslot_namelen) {
+ DEBUG(10, ("nb_packet_got_query: Invalid mailslot namelength\n"));
+ TALLOC_FREE(client);
+ return;
+ }
+
+ client->trn_id = q.trn_id;
+ client->type = q.type;
+ if (q.mailslot_namelen > 0) {
+ client->mailslot_name = talloc_strndup(
+ client, (char *)buf + sizeof(q),
+ q.mailslot_namelen);
+ if (client->mailslot_name == NULL) {
+ TALLOC_FREE(client);
+ return;
+ }
+ }
+
+ client->ack.byte = 0;
+ client->ack.iov[0].iov_base = &client->ack.byte;
+ client->ack.iov[0].iov_len = 1;
+ req = tstream_writev_queue_send(client, client->server->ev,
+ client->sock,
+ client->out_queue,
+ client->ack.iov, 1);
+ if (req == NULL) {
+ DEBUG(10, ("tstream_writev_queue_send failed\n"));
+ TALLOC_FREE(client);
+ return;
+ }
+ tevent_req_set_callback(req, nb_packet_client_ack_done, client);
+
+ req = tstream_read_packet_send(client, client->server->ev,
+ client->sock, 1, NULL, NULL);
+ if (req == NULL) {
+ DEBUG(10, ("Could not activate reader for client exit "
+ "detection\n"));
+ TALLOC_FREE(client);
+ return;
+ }
+ tevent_req_set_callback(req, nb_packet_client_read_done,
+ client);
+}
+
+static void nb_packet_client_ack_done(struct tevent_req *req)
+{
+ struct nb_packet_client *client = tevent_req_callback_data(
+ req, struct nb_packet_client);
+ ssize_t nwritten;
+ int err;
+
+ nwritten = tstream_writev_queue_recv(req, &err);
+
+ TALLOC_FREE(req);
+
+ if (nwritten == -1) {
+ DEBUG(10, ("tstream_writev_queue_recv failed: %s\n",
+ strerror(err)));
+ TALLOC_FREE(client);
+ return;
+ }
+}
+
+static void nb_packet_client_read_done(struct tevent_req *req)
+{
+ struct nb_packet_client *client = tevent_req_callback_data(
+ req, struct nb_packet_client);
+ ssize_t nread;
+ uint8_t *buf;
+ int err;
+
+ nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
+ TALLOC_FREE(req);
+ if (nread == 1) {
+ DEBUG(10, ("Protocol error, received data on write-only "
+ "unexpected socket: 0x%2.2x\n", (*buf)));
+ }
+ TALLOC_FREE(client);
+}
+
+static void nb_packet_client_send(struct nb_packet_client *client,
+ struct packet_struct *p);
+
+void nb_packet_dispatch(struct nb_packet_server *server,
+ struct packet_struct *p)
+{
+ struct nb_packet_client *c;
+ uint16_t trn_id;
+
+ switch (p->packet_type) {
+ case NMB_PACKET:
+ trn_id = p->packet.nmb.header.name_trn_id;
+ break;
+ case DGRAM_PACKET:
+ trn_id = p->packet.dgram.header.dgm_id;
+ break;
+ default:
+ DEBUG(10, ("Got invalid packet type %d\n",
+ (int)p->packet_type));
+ return;
+ }
+ for (c = server->clients; c != NULL; c = c->next) {
+
+ if (c->type != p->packet_type) {
+ DEBUG(10, ("client expects packet %d, got %d\n",
+ c->type, p->packet_type));
+ continue;
+ }
+
+ if (p->packet_type == NMB_PACKET) {
+ /*
+ * See if the client specified transaction
+ * ID. Filter if it did.
+ */
+ if ((c->trn_id != -1) &&
+ (c->trn_id != trn_id)) {
+ DEBUG(10, ("client expects trn %d, got %d\n",
+ c->trn_id, trn_id));
+ continue;
+ }
+ } else {
+ /*
+ * See if the client specified a mailslot
+ * name. Filter if it did.
+ */
+ if ((c->mailslot_name != NULL) &&
+ !match_mailslot_name(p, c->mailslot_name)) {
+ continue;
+ }
+ }
+ nb_packet_client_send(c, p);
+ }
+}
+
+struct nb_packet_client_header {
+ size_t len;
+ enum packet_type type;
+ time_t timestamp;
+ struct in_addr ip;
+ int port;
+};
+
+struct nb_packet_client_state {
+ struct nb_packet_client *client;
+ struct iovec iov[2];
+ struct nb_packet_client_header hdr;
+ char buf[1024];
+};
+
+static void nb_packet_client_send_done(struct tevent_req *req);
+
+static void nb_packet_client_send(struct nb_packet_client *client,
+ struct packet_struct *p)
+{
+ struct nb_packet_client_state *state;
+ struct tevent_req *req;
+
+ if (tevent_queue_length(client->out_queue) > 10) {
+ /*
+ * Skip clients that don't listen anyway, some form of DoS
+ * protection
+ */
+ return;
+ }
+
+ state = talloc_zero(client, struct nb_packet_client_state);
+ if (state == NULL) {
+ DEBUG(10, ("talloc failed\n"));
+ return;
+ }
+
+ state->client = client;
+
+ state->hdr.ip = p->ip;
+ state->hdr.port = p->port;
+ state->hdr.timestamp = p->timestamp;
+ state->hdr.type = p->packet_type;
+ state->hdr.len = build_packet(state->buf, sizeof(state->buf), p);
+
+ state->iov[0].iov_base = (char *)&state->hdr;
+ state->iov[0].iov_len = sizeof(state->hdr);
+ state->iov[1].iov_base = state->buf;
+ state->iov[1].iov_len = state->hdr.len;
+
+ req = tstream_writev_queue_send(state, client->server->ev,
+ client->sock,
+ client->out_queue,
+ state->iov, 2);
+ if (req == NULL) {
+ DEBUG(10, ("tstream_writev_queue_send failed\n"));
+ return;
+ }
+ tevent_req_set_callback(req, nb_packet_client_send_done, state);
+}
+
+static void nb_packet_client_send_done(struct tevent_req *req)
+{
+ struct nb_packet_client_state *state = tevent_req_callback_data(
+ req, struct nb_packet_client_state);
+ struct nb_packet_client *client = state->client;
+ ssize_t nwritten;
+ int err;
+
+ nwritten = tstream_writev_queue_recv(req, &err);
+
+ TALLOC_FREE(req);
+ TALLOC_FREE(state);
+
+ if (nwritten == -1) {
+ DEBUG(10, ("tstream_writev_queue failed: %s\n", strerror(err)));
+ TALLOC_FREE(client);
+ return;
+ }
+}
+
+struct nb_packet_reader {
+ struct tstream_context *sock;
+};
+
+struct nb_packet_reader_state {
+ struct tevent_context *ev;
+ struct nb_packet_query query;
+ const char *mailslot_name;
+ struct iovec iov[2];
+ struct nb_packet_reader *reader;
+};
+
+static void nb_packet_reader_connected(struct tevent_req *subreq);
+static void nb_packet_reader_sent_query(struct tevent_req *subreq);
+static void nb_packet_reader_got_ack(struct tevent_req *subreq);
+
+struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ enum packet_type type,
+ int trn_id,
+ const char *mailslot_name)
+{
+ struct tevent_req *req, *subreq;
+ struct nb_packet_reader_state *state;
+ struct tsocket_address *laddr;
+ char *rpath;
+ struct tsocket_address *raddr;
+ int ret;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct nb_packet_reader_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->query.trn_id = trn_id;
+ state->query.type = type;
+ state->mailslot_name = mailslot_name;
+
+ if (mailslot_name != NULL) {
+ state->query.mailslot_namelen = strlen(mailslot_name);
+ }
+
+ state->reader = talloc_zero(state, struct nb_packet_reader);
+ if (tevent_req_nomem(state->reader, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ ret = tsocket_address_unix_from_path(state, NULL, &laddr);
+ if (ret != 0) {
+ tevent_req_nterror(req, map_nt_error_from_unix(errno));
+ return tevent_req_post(req, ev);
+ }
+ rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir(),
+ "unexpected");
+ if (tevent_req_nomem(rpath, req)) {
+ return tevent_req_post(req, ev);
+ }
+ ret = tsocket_address_unix_from_path(state, rpath, &raddr);
+ if (ret != 0) {
+ tevent_req_nterror(req, map_nt_error_from_unix(errno));
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = tstream_unix_connect_send(state, ev, laddr, raddr);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, nb_packet_reader_connected, req);
+ return req;
+}
+
+static void nb_packet_reader_connected(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_packet_reader_state *state = tevent_req_data(
+ req, struct nb_packet_reader_state);
+ int res, err;
+ int num_iovecs = 1;
+
+ res = tstream_unix_connect_recv(subreq, &err, state->reader,
+ &state->reader->sock);
+ TALLOC_FREE(subreq);
+ if (res == -1) {
+ DEBUG(10, ("tstream_unix_connect failed: %s\n", strerror(err)));
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+
+ state->iov[0].iov_base = (char *)&state->query;
+ state->iov[0].iov_len = sizeof(state->query);
+
+ if (state->mailslot_name != NULL) {
+ num_iovecs = 2;
+ state->iov[1].iov_base = discard_const_p(
+ char, state->mailslot_name);
+ state->iov[1].iov_len = state->query.mailslot_namelen;
+ }
+
+ subreq = tstream_writev_send(state, state->ev, state->reader->sock,
+ state->iov, num_iovecs);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_packet_reader_sent_query, req);
+}
+
+static void nb_packet_reader_sent_query(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_packet_reader_state *state = tevent_req_data(
+ req, struct nb_packet_reader_state);
+ ssize_t written;
+ int err;
+
+ written = tstream_writev_recv(subreq, &err);
+ TALLOC_FREE(subreq);
+ if (written == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+ if ((size_t)written !=
+ sizeof(state->query) + state->query.mailslot_namelen) {
+ tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
+ return;
+ }
+ subreq = tstream_read_packet_send(state, state->ev,
+ state->reader->sock,
+ 1, NULL, NULL);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, nb_packet_reader_got_ack, req);
+}
+
+static void nb_packet_reader_got_ack(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_packet_reader_state *state = tevent_req_data(
+ req, struct nb_packet_reader_state);
+ ssize_t nread;
+ int err;
+ uint8_t *buf;
+
+ nread = tstream_read_packet_recv(subreq, state, &buf, &err);
+ TALLOC_FREE(subreq);
+ if (nread == -1) {
+ DEBUG(10, ("read_packet_recv returned %s\n",
+ strerror(err)));
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+ if (nread != 1) {
+ DBG_DEBUG("read = %zd, expected 1\n", nread);
+ tevent_req_nterror(req, NT_STATUS_UNEXPECTED_IO_ERROR);
+ return;
+ }
+ tevent_req_done(req);
+}
+
+NTSTATUS nb_packet_reader_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct nb_packet_reader **preader)
+{
+ struct nb_packet_reader_state *state = tevent_req_data(
+ req, struct nb_packet_reader_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+ *preader = talloc_move(mem_ctx, &state->reader);
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
+struct nb_packet_read_state {
+ struct nb_packet_client_header hdr;
+ uint8_t *buf;
+ size_t buflen;
+};
+
+static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p);
+static void nb_packet_read_done(struct tevent_req *subreq);
+
+struct tevent_req *nb_packet_read_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct nb_packet_reader *reader)
+{
+ struct tevent_req *req, *subreq;
+ struct nb_packet_read_state *state;
+
+ req = tevent_req_create(mem_ctx, &state, struct nb_packet_read_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ subreq = tstream_read_packet_send(state, ev, reader->sock,
+ sizeof(struct nb_packet_client_header),
+ nb_packet_read_more, state);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, nb_packet_read_done, req);
+ return req;
+}
+
+static ssize_t nb_packet_read_more(uint8_t *buf, size_t buflen, void *p)
+{
+ struct nb_packet_read_state *state = talloc_get_type_abort(
+ p, struct nb_packet_read_state);
+
+ if (buflen > sizeof(struct nb_packet_client_header)) {
+ /*
+ * Been here, done
+ */
+ return 0;
+ }
+ memcpy(&state->hdr, buf, sizeof(struct nb_packet_client_header));
+ return state->hdr.len;
+}
+
+static void nb_packet_read_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct nb_packet_read_state *state = tevent_req_data(
+ req, struct nb_packet_read_state);
+ ssize_t nread;
+ int err;
+
+ nread = tstream_read_packet_recv(subreq, state, &state->buf, &err);
+ if (nread == -1) {
+ tevent_req_nterror(req, map_nt_error_from_unix(err));
+ return;
+ }
+ state->buflen = nread;
+ tevent_req_done(req);
+}
+
+NTSTATUS nb_packet_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct packet_struct **ppacket)
+{
+ struct nb_packet_read_state *state = tevent_req_data(
+ req, struct nb_packet_read_state);
+ struct nb_packet_client_header hdr;
+ struct packet_struct *packet;
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ memcpy(&hdr, state->buf, sizeof(hdr));
+
+ packet = parse_packet_talloc(
+ mem_ctx,
+ (char *)state->buf + sizeof(struct nb_packet_client_header),
+ state->buflen - sizeof(struct nb_packet_client_header),
+ state->hdr.type, state->hdr.ip, state->hdr.port);
+ if (packet == NULL) {
+ tevent_req_received(req);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ *ppacket = packet;
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/unexpected.h b/source3/libsmb/unexpected.h
new file mode 100644
index 0000000..270976b
--- /dev/null
+++ b/source3/libsmb/unexpected.h
@@ -0,0 +1,49 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Copyright (C) Volker Lendecke 2018
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBSMB_UNEXPECTED_H__
+#define __LIBSMB_UNEXPECTED_H__
+
+#include "replace.h"
+#include <tevent.h>
+#include "libcli/util/ntstatus.h"
+#include "nameserv.h"
+
+struct nb_packet_server;
+struct nb_packet_reader;
+
+NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ int max_clients,
+ struct nb_packet_server **presult);
+void nb_packet_dispatch(struct nb_packet_server *server,
+ struct packet_struct *p);
+struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ enum packet_type type,
+ int trn_id,
+ const char *mailslot_name);
+NTSTATUS nb_packet_reader_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct nb_packet_reader **preader);
+struct tevent_req *nb_packet_read_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct nb_packet_reader *reader);
+NTSTATUS nb_packet_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ struct packet_struct **ppacket);
+
+#endif
diff --git a/source3/libsmb/wscript b/source3/libsmb/wscript
new file mode 100644
index 0000000..8ffdec6
--- /dev/null
+++ b/source3/libsmb/wscript
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+def build(bld):
+ bld.SAMBA3_LIBRARY('smbclient',
+ source='''
+ libsmb_cache.c
+ libsmb_compat.c
+ libsmb_context.c
+ libsmb_dir.c
+ libsmb_file.c
+ libsmb_misc.c
+ libsmb_path.c
+ libsmb_printjob.c
+ libsmb_server.c
+ libsmb_stat.c
+ libsmb_xattr.c
+ libsmb_setget.c''',
+ public_deps='''
+ pthread
+ talloc
+ smbconf
+ libsmb
+ KRBCLIENT
+ msrpc3
+ libcli_lsa3''',
+ public_headers='../include/libsmbclient.h',
+ abi_directory='ABI',
+ abi_match='smbc_*',
+ vnum='0.8.0',
+ pc_files='smbclient.pc')
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-12 15:32:06 +0000