The branch, master has been updated via 6961048... s4-smbtorture: in extended setvalue winreg test, reduce max random buffer length to 16 bytes. via 17ddefe... s3-docs: try to make "default case" explanation a little clearer. via 6625aad... s3-libsmb: move change_trust_account_password out of smbd into libsmb. via e1c185d... s4-smbtorture: enable QueryMultipleValues{2} torture tests against samba3. via 2a4bd64... s3-winreg: implement _winreg_QueryMultipleValues(). via de0d9e0... s3-winreg: implement _winreg_QueryMultipleValues2(). via 21869f5... s3-registry: add reg_querymultiplevalues() to reg_api. via a329dd0... s4-smbtorture: add some more multiple_values_tests to RPC-WINREG. from 14f8953... s4:dsdb: move dsdb python tests from lib/ldb/ to dsdb/
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 69610484872bb8c9d52cd1b12c56a3bf99be78ae Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 17:13:42 2010 +0200 s4-smbtorture: in extended setvalue winreg test, reduce max random buffer length to 16 bytes. Guenther commit 17ddefef8a3dd299fd318a9e3908396beba62cbb Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 13:25:28 2010 +0200 s3-docs: try to make "default case" explanation a little clearer. Guenther commit 6625aada8174d61f52d6ef22d49edefa15f4a9bb Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 12:10:55 2010 +0200 s3-libsmb: move change_trust_account_password out of smbd into libsmb. Guenther commit e1c185d07db69827435812227a392e711bc06db0 Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 02:07:15 2010 +0200 s4-smbtorture: enable QueryMultipleValues{2} torture tests against samba3. Guenther commit 2a4bd64973252d87b34f90e14872285ed12135ed Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 16:31:46 2010 +0200 s3-winreg: implement _winreg_QueryMultipleValues(). Guenther commit de0d9e0bff7d39c3f784112bd043095aeaa1042a Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 02:03:27 2010 +0200 s3-winreg: implement _winreg_QueryMultipleValues2(). Guenther commit 21869f5ed00af5a05f1d109339cd8b725fcc7d61 Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 02:02:43 2010 +0200 s3-registry: add reg_querymultiplevalues() to reg_api. Guenther commit a329dd02674010e673fbcc7acf369a19befb6738 Author: Günther Deschner <g...@samba.org> Date: Wed Jun 30 17:13:14 2010 +0200 s4-smbtorture: add some more multiple_values_tests to RPC-WINREG. Guenther ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages-3/smb.conf.5.xml | 10 ++-- source3/Makefile.in | 2 +- source3/include/proto.h | 5 +- source3/include/registry.h | 6 ++ source3/libsmb/trusts_util.c | 74 +++++++++++++++++++ source3/registry/reg_api.c | 50 +++++++++++++ source3/rpc_server/srv_winreg_nt.c | 138 +++++++++++++++++++++++++++++++++--- source3/smbd/change_trust_pw.c | 102 -------------------------- source4/torture/rpc/winreg.c | 20 ++++-- 9 files changed, 280 insertions(+), 127 deletions(-) delete mode 100644 source3/smbd/change_trust_pw.c Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages-3/smb.conf.5.xml index 5df579e..7423fc4 100644 --- a/docs-xml/manpages-3/smb.conf.5.xml +++ b/docs-xml/manpages-3/smb.conf.5.xml @@ -628,11 +628,11 @@ chmod 1770 /usr/local/samba/lib/usershares <term>default case = upper/lower</term> <listitem><para> controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem). - Default <emphasis>lower</emphasis>. IMPORTANT NOTE: This option will be used to modify the case of - <emphasis>all</emphasis> incoming client filenames, not just new filenames if the options <smbconfoption - name="case sensitive">yes</smbconfoption>, <smbconfoption name="preserve case">No</smbconfoption>, - <smbconfoption name="short preserve case">No</smbconfoption> are set. This change is needed as part of the - optimisations for directories containing large numbers of files. + Default <emphasis>lower</emphasis>. IMPORTANT NOTE: As part of the optimizations for directories containing + large numbers of files, the following special case applies. If the options + <smbconfoption name="case sensitive">yes</smbconfoption>, <smbconfoption name="preserve case">No</smbconfoption>, and + <smbconfoption name="short preserve case">No</smbconfoption> are set, then the case of <emphasis>all</emphasis> + incoming client filenames, not just new filenames, will be modified. See additional notes below. </para></listitem> </varlistentry> diff --git a/source3/Makefile.in b/source3/Makefile.in index 07b07df..905ab4c 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -801,7 +801,7 @@ SMBD_OBJ_SRV = smbd/server_reload.o \ smbd/process.o smbd/service.o smbd/error.o \ printing/printfsp.o lib/sysquotas.o lib/sysquotas_linux.o \ lib/sysquotas_xfs.o lib/sysquotas_4A.o \ - smbd/change_trust_pw.o smbd/fake_file.o \ + smbd/fake_file.o \ smbd/quotas.o smbd/ntquotas.o $(AFS_OBJ) smbd/msdfs.o \ $(AFS_SETTOKEN_OBJ) smbd/aio.o smbd/statvfs.o \ smbd/dmapi.o smbd/signing.o \ diff --git a/source3/include/proto.h b/source3/include/proto.h index a654495..28feec3 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3256,6 +3256,7 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli, bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain, char ***domain_names, uint32 *num_domains, struct dom_sid **sids ); +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine); /* The following definitions come from libsmb/unexpected.c */ @@ -5378,10 +5379,6 @@ struct blocking_lock_record *blocking_lock_cancel_smb1(files_struct *fsp, unsigned char locktype, NTSTATUS err); -/* The following definitions come from smbd/change_trust_pw.c */ - -NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine); - /* The following definitions come from smbd/close.c */ void set_close_write_time(struct files_struct *fsp, struct timespec ts); diff --git a/source3/include/registry.h b/source3/include/registry.h index 703176f..00c27cf 100644 --- a/source3/include/registry.h +++ b/source3/include/registry.h @@ -163,6 +163,12 @@ WERROR reg_enumvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, uint32 idx, char **pname, struct registry_value **pval); WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, const char *name, struct registry_value **pval); +WERROR reg_querymultiplevalues(TALLOC_CTX *mem_ctx, + struct registry_key *key, + uint32_t num_names, + const char **names, + uint32_t *pnum_vals, + struct registry_value **pvals); WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys, uint32_t *max_subkeylen, uint32_t *max_subkeysize, uint32_t *num_values, uint32_t *max_valnamelen, diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 3a2d6d7..2daacec 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -23,6 +23,7 @@ #include "../librpc/gen_ndr/cli_lsa.h" #include "rpc_client/cli_lsarpc.h" #include "rpc_client/cli_netlogon.h" +#include "../librpc/gen_ndr/ndr_netlogon.h" /********************************************************* Change the domain password on the PDC. @@ -222,3 +223,76 @@ done: return NT_STATUS_IS_OK(result); } + +NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) +{ + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct sockaddr_storage pdc_ss; + fstring dc_name; + struct cli_state *cli = NULL; + struct rpc_pipe_client *netlogon_pipe = NULL; + + DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", + domain)); + + if (remote_machine == NULL || !strcmp(remote_machine, "*")) { + /* Use the PDC *only* for this */ + + if ( !get_pdc_ip(domain, &pdc_ss) ) { + DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); + goto failed; + } + + if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) ) + goto failed; + } else { + /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ + fstrcpy( dc_name, remote_machine ); + } + + /* if this next call fails, then give up. We can't do + password changes on BDC's --jerry */ + + if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name, + NULL, 0, + "IPC$", "IPC", + "", "", + "", 0, Undefined, NULL))) { + DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name)); + nt_status = NT_STATUS_UNSUCCESSFUL; + goto failed; + } + + /* + * Ok - we have an anonymous connection to the IPC$ share. + * Now start the NT Domain stuff :-). + */ + + /* Shouldn't we open this with schannel ? JRA. */ + + nt_status = cli_rpc_pipe_open_noauth( + cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", + dc_name, nt_errstr(nt_status))); + cli_shutdown(cli); + cli = NULL; + goto failed; + } + + nt_status = trust_pw_find_change_and_store_it( + netlogon_pipe, netlogon_pipe, domain); + + cli_shutdown(cli); + cli = NULL; + +failed: + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", + current_timestring(talloc_tos(), False), domain)); + } + else + DEBUG(5,("change_trust_account_password: sucess!\n")); + + return nt_status; +} diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c index 79b9a1e..1954fb5 100644 --- a/source3/registry/reg_api.c +++ b/source3/registry/reg_api.c @@ -402,6 +402,56 @@ WERROR reg_queryvalue(TALLOC_CTX *mem_ctx, struct registry_key *key, return WERR_BADFILE; } +WERROR reg_querymultiplevalues(TALLOC_CTX *mem_ctx, + struct registry_key *key, + uint32_t num_names, + const char **names, + uint32_t *pnum_vals, + struct registry_value **pvals) +{ + WERROR err; + uint32_t i, n, found = 0; + struct registry_value *vals; + + if (num_names == 0) { + return WERR_OK; + } + + if (!(key->key->access_granted & KEY_QUERY_VALUE)) { + return WERR_ACCESS_DENIED; + } + + if (!(W_ERROR_IS_OK(err = fill_value_cache(key)))) { + return err; + } + + vals = talloc_zero_array(mem_ctx, struct registry_value, num_names); + if (vals == NULL) { + return WERR_NOMEM; + } + + for (n=0; n < num_names; n++) { + for (i=0; i < regval_ctr_numvals(key->values); i++) { + struct regval_blob *blob; + blob = regval_ctr_specific_value(key->values, i); + if (strequal(regval_name(blob), names[n])) { + struct registry_value *v; + err = reg_enumvalue(mem_ctx, key, i, NULL, &v); + if (!W_ERROR_IS_OK(err)) { + return err; + } + vals[n] = *v; + found++; + } + } + } + + *pvals = vals; + *pnum_vals = found; + + return WERR_OK; +} + WERROR reg_queryinfokey(struct registry_key *key, uint32_t *num_subkeys, uint32_t *max_subkeylen, uint32_t *max_subkeysize, uint32_t *num_values, uint32_t *max_valnamelen, diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 28d5ac9..1cf0903 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -968,26 +968,144 @@ WERROR _winreg_NotifyChangeKeyValue(pipes_struct *p, struct winreg_NotifyChangeK _winreg_QueryMultipleValues ********************************************************************/ -WERROR _winreg_QueryMultipleValues(pipes_struct *p, struct winreg_QueryMultipleValues *r) +WERROR _winreg_QueryMultipleValues(pipes_struct *p, + struct winreg_QueryMultipleValues *r) { - /* fill in your code here if you think this call should - do anything */ + struct winreg_QueryMultipleValues2 r2; + uint32_t needed; + + r2.in.key_handle = r->in.key_handle; + r2.in.values_in = r->in.values_in; + r2.in.num_values = r->in.num_values; + r2.in.offered = r->in.buffer_size; + r2.in.buffer = r->in.buffer; + r2.out.values_out = r->out.values_out; + r2.out.needed = &needed; + r2.out.buffer = r->out.buffer; + + return _winreg_QueryMultipleValues2(p, &r2); +} - p->rng_fault_state = True; - return WERR_NOT_SUPPORTED; +/******************************************************************* + ********************************************************************/ + +static WERROR construct_multiple_entry(TALLOC_CTX *mem_ctx, + const char *valuename, + uint32_t value_length, + uint32_t offset, + enum winreg_Type type, + struct QueryMultipleValue *r) +{ + r->ve_valuename = talloc_zero(mem_ctx, struct winreg_ValNameBuf); + if (r->ve_valuename == NULL) { + return WERR_NOMEM; + } + + r->ve_valuename->name = talloc_strdup(r->ve_valuename, valuename ? valuename : ""); + if (r->ve_valuename->name == NULL) { + return WERR_NOMEM; + } + + r->ve_valuename->size = strlen_m_term(r->ve_valuename->name)*2; + r->ve_valuelen = value_length; + r->ve_valueptr = offset; + r->ve_type = type; + + return WERR_OK; } /******************************************************************* _winreg_QueryMultipleValues2 ********************************************************************/ -WERROR _winreg_QueryMultipleValues2(pipes_struct *p, struct winreg_QueryMultipleValues2 *r) +WERROR _winreg_QueryMultipleValues2(pipes_struct *p, + struct winreg_QueryMultipleValues2 *r) { - /* fill in your code here if you think this call should - do anything */ + struct registry_key *regkey = find_regkey_by_hnd(p, r->in.key_handle); + struct registry_value *vals = NULL; + const char **names = NULL; + uint32_t offset = 0, num_vals = 0; + DATA_BLOB result; + int i; + WERROR err; - p->rng_fault_state = True; - return WERR_NOT_SUPPORTED; + if (!regkey) { + return WERR_BADFID; + } + + names = talloc_zero_array(p->mem_ctx, const char *, r->in.num_values); + if (names == NULL) { + return WERR_NOMEM; + } + + for (i=0; i < r->in.num_values; i++) { + if (r->in.values_in[i].ve_valuename && + r->in.values_in[i].ve_valuename->name) { + names[i] = talloc_strdup(names, + r->in.values_in[i].ve_valuename->name); + if (names[i] == NULL) { + return WERR_NOMEM; + } + } + } + + err = reg_querymultiplevalues(p->mem_ctx, regkey, + r->in.num_values, names, + &num_vals, &vals); + if (!W_ERROR_IS_OK(err)) { + return err; + } + + result = data_blob_talloc(p->mem_ctx, NULL, 0); + + for (i=0; i < r->in.num_values; i++) { + const char *valuename = NULL; + DATA_BLOB blob = data_blob_null; + + if (vals[i].type != REG_NONE) { + err = registry_push_value(p->mem_ctx, &vals[i], &blob); + if (!W_ERROR_IS_OK(err)) { + return err; + } + + if (!data_blob_append(p->mem_ctx, &result, + blob.data, blob.length)) { + return WERR_NOMEM; + } + } + + if (r->in.values_in[i].ve_valuename && + r->in.values_in[i].ve_valuename->name) { + valuename = r->in.values_in[i].ve_valuename->name; + } + + err = construct_multiple_entry(r->out.values_out, + valuename, + blob.length, + offset, + vals[i].type, + &r->out.values_out[i]); + if (!W_ERROR_IS_OK(err)) { + return err; + } + + offset += blob.length; + } + + *r->out.needed = result.length; + + if (r->in.num_values != num_vals) { + return WERR_BADFILE; + } + + if (*r->in.offered >= *r->out.needed) { + if (r->out.buffer) { + memcpy(r->out.buffer, result.data, MIN(result.length, *r->in.offered)); + } + return WERR_OK; + } else { + return WERR_MORE_DATA; + } } /******************************************************************* diff --git a/source3/smbd/change_trust_pw.c b/source3/smbd/change_trust_pw.c deleted file mode 100644 index d02de7a..0000000 --- a/source3/smbd/change_trust_pw.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * Periodic Trust account password changing. - * Copyright (C) Andrew Tridgell 1992-1997, - * Copyright (C) Luke Kenneth Casson Leighton 1996-1997, - * Copyright (C) Paul Ashton 1997. - * Copyright (C) Jeremy Allison 1998. - * Copyright (C) Andrew Bartlett 2001. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" -#include "../librpc/gen_ndr/ndr_netlogon.h" - -/************************************************************************ - Change the trust account password for a domain. -************************************************************************/ - -NTSTATUS change_trust_account_password( const char *domain, const char *remote_machine) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct sockaddr_storage pdc_ss; - fstring dc_name; - struct cli_state *cli = NULL; - struct rpc_pipe_client *netlogon_pipe = NULL; - - DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", - domain)); - - if (remote_machine == NULL || !strcmp(remote_machine, "*")) { - /* Use the PDC *only* for this */ - - if ( !get_pdc_ip(domain, &pdc_ss) ) { - DEBUG(0,("Can't get IP for PDC for domain %s\n", domain)); - goto failed; - } - - if ( !name_status_find( domain, 0x1b, 0x20, &pdc_ss, dc_name) ) - goto failed; - } else { - /* supoport old deprecated "smbpasswd -j DOMAIN -r MACHINE" behavior */ - fstrcpy( dc_name, remote_machine ); - } - - /* if this next call fails, then give up. We can't do - password changes on BDC's --jerry */ - - if (!NT_STATUS_IS_OK(cli_full_connection(&cli, global_myname(), dc_name, - NULL, 0, - "IPC$", "IPC", - "", "", - "", 0, Undefined, NULL))) { - DEBUG(0,("modify_trust_password: Connection to %s failed!\n", dc_name)); - nt_status = NT_STATUS_UNSUCCESSFUL; - goto failed; - } - - /* - * Ok - we have an anonymous connection to the IPC$ share. - * Now start the NT Domain stuff :-). - */ - - /* Shouldn't we open this with schannel ? JRA. */ - - nt_status = cli_rpc_pipe_open_noauth( - cli, &ndr_table_netlogon.syntax_id, &netlogon_pipe); - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0,("modify_trust_password: unable to open the domain client session to machine %s. Error was : %s.\n", - dc_name, nt_errstr(nt_status))); - cli_shutdown(cli); - cli = NULL; - goto failed; - } - - nt_status = trust_pw_find_change_and_store_it( - netlogon_pipe, netlogon_pipe, domain); - - cli_shutdown(cli); - cli = NULL; - -failed: - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0,("%s : change_trust_account_password: Failed to change password for domain %s.\n", - current_timestring(talloc_tos(), False), domain)); - } - else - DEBUG(5,("change_trust_account_password: sucess!\n")); - - return nt_status; -} diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index 0960440..92404d3 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -2279,7 +2279,7 @@ static bool test_SetValue_extended(struct dcerpc_binding_handle *b, torture_comment(tctx, "Testing SetValue (extended formats)\n"); for (t=0; t < ARRAY_SIZE(types); t++) { - for (l=0; l < 32; l++) { -- Samba Shared Repository