search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
torture3: Add some brlock entries in cleanup2
[Samba.git] / source3 / utils / profiles.c
blob0f274ad604a2aa94cf2cbcc29ee2f138ea58d9ae
1 /*
2 Samba Unix/Linux SMB client utility profiles.c
3
4 Copyright (C) Richard Sharpe, <rsharpe@richardsharpe.com> 2002
5 Copyright (C) Jelmer Vernooij (conversion to popt) 2003
6 Copyright (C) Gerald (Jerry) Carter 2005
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23 #include "system/filesys.h"
24 #include "popt_common.h"
25 #include "registry/reg_objects.h"
26 #include "registry/regfio.h"
27 #include "../libcli/security/security.h"
28
29 /* GLOBAL VARIABLES */
30
31 struct dom_sid old_sid, new_sid;
32 int change = 0, new_val = 0;
33 int opt_verbose = False;
34
35 /********************************************************************
36 ********************************************************************/
37
38 static void verbose_output(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
39 static void verbose_output(const char *format, ...)
40 {
41 va_list args;
42 char *var = NULL;
43
44 if (!opt_verbose) {
45 return;
46 }
47
48 va_start(args, format);
49 if ((vasprintf(&var, format, args)) == -1) {
50 va_end(args);
51 return;
52 }
53
54 fprintf(stdout, "%s", var);
55 va_end(args);
56 SAFE_FREE(var);
57 }
58
59 /********************************************************************
60 ********************************************************************/
61
62 static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, struct dom_sid *s2 )
63 {
64 struct security_acl *theacl;
65 int i;
66 bool update = False;
67
68 verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid));
69 if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
70 sid_copy( sd->owner_sid, s2 );
71 update = True;
72 verbose_output(" New Owner SID: %s\n",
73 sid_string_tos(sd->owner_sid));
74
75 }
76
77 verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid));
78 if ( dom_sid_equal( sd->group_sid, s1 ) ) {
79 sid_copy( sd->group_sid, s2 );
80 update = True;
81 verbose_output(" New Group SID: %s\n",
82 sid_string_tos(sd->group_sid));
83 }
84
85 theacl = sd->dacl;
86 verbose_output(" DACL: %d entries:\n", theacl->num_aces);
87 for ( i=0; i<theacl->num_aces; i++ ) {
88 verbose_output(" Trustee SID: %s\n",
89 sid_string_tos(&theacl->aces[i].trustee));
90 if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
91 sid_copy( &theacl->aces[i].trustee, s2 );
92 update = True;
93 verbose_output(" New Trustee SID: %s\n",
94 sid_string_tos(&theacl->aces[i].trustee));
95 }
96 }
97
98 #if 0
99 theacl = sd->sacl;
100 verbose_output(" SACL: %d entries: \n", theacl->num_aces);
101 for ( i=0; i<theacl->num_aces; i++ ) {
102 verbose_output(" Trustee SID: %s\n",
103 sid_string_tos(&theacl->aces[i].trustee));
104 if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
105 sid_copy( &theacl->aces[i].trustee, s2 );
106 update = True;
107 verbose_output(" New Trustee SID: %s\n",
108 sid_string_tos(&theacl->aces[i].trustee));
109 }
110 }
111 #endif
112 return update;
113 }
114
115 /********************************************************************
116 ********************************************************************/
117
118 static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
119 REGF_NK_REC *parent, REGF_FILE *outfile,
120 const char *parentpath )
121 {
122 REGF_NK_REC *key, *subkey;
123 struct security_descriptor *new_sd;
124 struct regval_ctr *values;
125 struct regsubkey_ctr *subkeys;
126 int i;
127 char *path;
128 WERROR werr;
129
130 /* swap out the SIDs in the security descriptor */
131
132 if (nk->sec_desc->sec_desc == NULL) {
133 fprintf(stderr, "Invalid (NULL) security descriptor!\n");
134 return false;
135 }
136
137 new_sd = security_descriptor_copy(outfile->mem_ctx,
138 nk->sec_desc->sec_desc);
139 if (new_sd == NULL) {
140 fprintf(stderr, "Failed to copy security descriptor!\n");
141 return False;
142 }
143
144 verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname);
145 swap_sid_in_acl( new_sd, &old_sid, &new_sid );
146
147 werr = regsubkey_ctr_init(NULL, &subkeys);
148 if (!W_ERROR_IS_OK(werr)) {
149 DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
150 return False;
151 }
152
153 werr = regval_ctr_init(subkeys, &values);
154 if (!W_ERROR_IS_OK(werr)) {
155 TALLOC_FREE( subkeys );
156 DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
157 return False;
158 }
159
160 /* copy values into the struct regval_ctr */
161
162 for ( i=0; i<nk->num_values; i++ ) {
163 regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type,
164 nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) );
165 }
166
167 /* copy subkeys into the struct regsubkey_ctr */
168
169 while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
170 regsubkey_ctr_addkey( subkeys, subkey->keyname );
171 }
172
173 key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent );
174
175 /* write each one of the subkeys out */
176
177 path = talloc_asprintf(subkeys, "%s%s%s",
178 parentpath, parent ? "\\" : "",nk->keyname);
179 if (!path) {
180 TALLOC_FREE( subkeys );
181 return false;
182 }
183
184 nk->subkey_index = 0;
185 while ((subkey = regfio_fetch_subkey(infile, nk))) {
186 if (!copy_registry_tree( infile, subkey, key, outfile, path)) {
187 TALLOC_FREE(subkeys);
188 return false;
189 }
190 }
191
192 /* values is a talloc()'d child of subkeys here so just throw it all away */
193
194 TALLOC_FREE( subkeys );
195
196 verbose_output("[%s]\n", path);
197
198 return True;
199 }
200
201 /*********************************************************************
202 *********************************************************************/
203
204 int main( int argc, const char *argv[] )
205 {
206 TALLOC_CTX *frame = talloc_stackframe();
207 int opt;
208 REGF_FILE *infile, *outfile;
209 REGF_NK_REC *nk;
210 char *orig_filename, *new_filename;
211 struct poptOption long_options[] = {
212 POPT_AUTOHELP
213 { "change-sid", 'c', POPT_ARG_STRING, NULL, 'c', "Provides SID to change" },
214 { "new-sid", 'n', POPT_ARG_STRING, NULL, 'n', "Provides SID to change to" },
215 { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 'v', "Verbose output" },
216 POPT_COMMON_SAMBA
217 POPT_COMMON_VERSION
218 POPT_TABLEEND
219 };
220 poptContext pc;
221
222 load_case_tables();
223
224 /* setup logging options */
225
226 setup_logging( "profiles", DEBUG_STDERR);
227
228 pc = poptGetContext("profiles", argc, argv, long_options,
229 POPT_CONTEXT_KEEP_FIRST);
230
231 poptSetOtherOptionHelp(pc, "<profilefile>");
232
233 /* Now, process the arguments */
234
235 while ((opt = poptGetNextOpt(pc)) != -1) {
236 switch (opt) {
237 case 'c':
238 change = 1;
239 if (!string_to_sid(&old_sid, poptGetOptArg(pc))) {
240 fprintf(stderr, "Argument to -c should be a SID in form of S-1-5-...\n");
241 poptPrintUsage(pc, stderr, 0);
242 exit(254);
243 }
244 break;
245
246 case 'n':
247 new_val = 1;
248 if (!string_to_sid(&new_sid, poptGetOptArg(pc))) {
249 fprintf(stderr, "Argument to -n should be a SID in form of S-1-5-...\n");
250 poptPrintUsage(pc, stderr, 0);
251 exit(253);
252 }
253 break;
254
255 }
256 }
257
258 poptGetArg(pc);
259
260 if (!poptPeekArg(pc)) {
261 poptPrintUsage(pc, stderr, 0);
262 exit(1);
263 }
264
265 if ((!change && new_val) || (change && !new_val)) {
266 fprintf(stderr, "You must specify both -c and -n if one or the other is set!\n");
267 poptPrintUsage(pc, stderr, 0);
268 exit(252);
269 }
270
271 orig_filename = talloc_strdup(frame, poptPeekArg(pc));
272 if (!orig_filename) {
273 exit(ENOMEM);
274 }
275 new_filename = talloc_asprintf(frame,
276 "%s.new",
277 orig_filename);
278 if (!new_filename) {
279 exit(ENOMEM);
280 }
281
282 if (!(infile = regfio_open( orig_filename, O_RDONLY, 0))) {
283 fprintf( stderr, "Failed to open %s!\n", orig_filename );
284 fprintf( stderr, "Error was (%s)\n", strerror(errno) );
285 exit (1);
286 }
287
288 if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC),
289 (S_IRUSR|S_IWUSR) )) ) {
290 fprintf( stderr, "Failed to open new file %s!\n", new_filename );
291 fprintf( stderr, "Error was (%s)\n", strerror(errno) );
292 exit (1);
293 }
294
295 /* actually do the update now */
296
297 if ((nk = regfio_rootkey( infile )) == NULL) {
298 fprintf(stderr, "Could not get rootkey\n");
299 exit(3);
300 }
301
302 if (!copy_registry_tree( infile, nk, NULL, outfile, "")) {
303 fprintf(stderr, "Failed to write updated registry file!\n");
304 exit(2);
305 }
306
307 /* cleanup */
308
309 regfio_close(infile);
310 regfio_close(outfile);
311
312 poptFreeContext(pc);
313
314 TALLOC_FREE(frame);
315 return 0;
316 }
Samba GIT mirror