summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2003-11-17 16:11:16 +0000
committerGerald Carter <jerry@samba.org>2003-11-17 16:11:16 +0000
commit8b9622f50de1f46c5e6870466a5ef8a37bf08df1 (patch)
treeaea56803aef474b5931bd86531a6c27f7a625a35
parent2274603a86bfa0a91037a1fbaad3497c7083e2f4 (diff)
downloadsamba-8b9622f50de1f46c5e6870466a5ef8a37bf08df1.tar.gz
samba-8b9622f50de1f46c5e6870466a5ef8a37bf08df1.tar.bz2
samba-8b9622f50de1f46c5e6870466a5ef8a37bf08df1.zip
* make sure we only enumerate group mapping entries
(not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0 (This used to be commit 3b75e862dfba42c95e2279c300c06bb981f52993)
-rw-r--r--source3/param/loadparm.c3
-rw-r--r--source3/passdb/passdb.c14
-rw-r--r--source3/rpc_server/srv_samr_nt.c179
3 files changed, 44 insertions, 152 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 3aeb80b7f0..2fb53100f3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -282,7 +282,6 @@ typedef struct
BOOL bDebugPid;
BOOL bDebugUid;
BOOL bHostMSDfs;
- BOOL bHideLocalUsers;
BOOL bUnicode;
BOOL bUseMmap;
BOOL bHostnameLookups;
@@ -1137,7 +1136,6 @@ static struct parm_struct parm_table[] = {
{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, FLAG_ADVANCED},
- {"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL, NULL, FLAG_ADVANCED},
{N_("VFS module options"), P_SEP, P_SEPARATOR},
@@ -1903,7 +1901,6 @@ FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)
FN_LOCAL_INTEGER(lp_block_size, iBlock_size)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
-FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 48f7546394..7ac8d12198 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -725,14 +725,6 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
return True;
}
- /*
- * Don't try to convert the rid to a name if
- * running in appliance mode
- */
-
- if (lp_hide_local_users())
- return False;
-
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
return False;
}
@@ -852,12 +844,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
return True;
}
- /*
- * Don't lookup local unix users if running in appliance mode
- */
- if (lp_hide_local_users())
- return False;
-
(void)map_username(user);
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index b3e6478c88..1cfa8b2853 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -875,140 +875,11 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST
/*******************************************************************
Get the group entries - similar to get_sampwd_entries().
- ********************************************************************/
-
-static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
- uint32 *p_num_entries, uint32 max_entries)
-{
- fstring sid_str;
- uint32 num_entries = 0;
- int i;
- GROUP_MAP smap;
- GROUP_MAP *map = NULL;
-
- sid_to_string(sid_str, sid);
- DEBUG(5, ("get_group_alias_entries: enumerating aliases on SID: %s\n", sid_str));
-
- *p_num_entries = 0;
-
- /* well-known aliases */
- if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
-
- become_root();
- pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED);
- unbecome_root();
-
- if (num_entries != 0) {
- *d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
- if (*d_grp==NULL)
- return NT_STATUS_NO_MEMORY;
-
- for(i=0; i<num_entries && i<max_entries; i++) {
- fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
- sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
-
- }
- }
- SAFE_FREE(map);
-
- } else if (sid_equal(sid, get_global_sam_sid()) && !lp_hide_local_users()) {
- struct sys_grent *glist;
- struct sys_grent *grp;
- gid_t winbind_gid_low, winbind_gid_high;
- BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
- BOOL ret;
-
- /* local aliases */
- /* we return the UNIX groups here. This seems to be the right */
- /* thing to do, since NT member servers return their local */
- /* groups in the same situation. */
-
- /* use getgrent_list() to retrieve the list of groups to avoid
- * problems with getgrent possible infinite loop by internal
- * libc grent structures overwrites by called functions */
- grp = glist = getgrent_list();
- if (grp == NULL)
- return NT_STATUS_NO_MEMORY;
-
- for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
- uint32 trid;
-
- become_root();
- ret = pdb_getgrgid(&smap, grp->gr_gid);
- unbecome_root();
- if( !ret )
- continue;
-
- if (smap.sid_name_use!=SID_NAME_ALIAS) {
- continue;
- }
-
- sid_split_rid(&smap.sid, &trid);
-
- if (!sid_equal(sid, &smap.sid))
- continue;
-
- /* Don't return winbind groups as they are not local! */
- if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) {
- DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name ));
- continue;
- }
-
- /* Don't return user private groups... */
-
- if (Get_Pwnam(smap.nt_name) != 0) {
- DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name ));
- continue;
- }
-
- for( i = 0; i < num_entries; i++)
- if ( (*d_grp)[i].rid == trid )
- break;
-
- if ( i < num_entries ) {
- continue; /* rid was there, dup! */
- }
-
- /* JRA - added this for large group db enumeration... */
-
- if (start_idx > 0) {
- /* skip the requested number of entries.
- not very efficient, but hey...
- */
- start_idx--;
- continue;
- }
-
- *d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP));
- if (*d_grp==NULL) {
- grent_free(glist);
- return NT_STATUS_NO_MEMORY;
- }
-
- fstrcpy((*d_grp)[num_entries].name, smap.nt_name);
- (*d_grp)[num_entries].rid = trid;
- num_entries++;
- DEBUG(10,("get_group_alias_entries: added entry %d, rid:%d\n", num_entries, trid));
- }
-
- grent_free(glist);
- }
-
- *p_num_entries = num_entries;
-
- DEBUG(10,("get_group_alias_entries: returning %d entries\n", *p_num_entries));
-
- if (num_entries >= max_entries)
- return STATUS_MORE_ENTRIES;
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Get the group entries - similar to get_sampwd_entries().
- ********************************************************************/
+ ******************************************************************/
-static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
- uint32 *p_num_entries, uint32 max_entries)
+static NTSTATUS get_group_entries( enum SID_NAME_USE type, TALLOC_CTX *ctx,
+ DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
+ uint32 *p_num_entries, uint32 max_entries )
{
GROUP_MAP *map=NULL;
int i;
@@ -1021,7 +892,7 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
needed for some passdb backends to enumerate groups */
become_root();
- pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
+ pdb_enum_group_mapping(type, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
unbecome_root();
num_entries=group_entries-start_idx;
@@ -1042,13 +913,51 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment);
sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
- (*d_grp)[i].attr=SID_NAME_DOM_GRP;
+ (*d_grp)[i].attr=type;
}
SAFE_FREE(map);
*p_num_entries = num_entries;
+ DEBUG(10,("get_group_entries: returning %d entries\n", *p_num_entries));
+
+ return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ Wrapper for enuemrating domain groups
+ ******************************************************************/
+
+static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
+ DOM_SID *sid, uint32 start_idx,
+ uint32 *p_num_entries, uint32 max_entries )
+{
+ return get_group_entries( SID_NAME_DOM_GRP, ctx, d_grp, sid, start_idx,
+ p_num_entries, max_entries );
+}
+
+/*******************************************************************
+ Wrapper for enumerating local groups
+ ******************************************************************/
+
+static NTSTATUS get_group_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
+ DOM_SID *sid, uint32 start_idx,
+ uint32 *p_num_entries, uint32 max_entries)
+{
+ if ( sid_equal(sid, &global_sid_Builtin) ) {
+ return get_group_entries( SID_NAME_WKN_GRP, ctx, d_grp,
+ sid, start_idx, p_num_entries, max_entries );
+ }
+ else if ( sid_equal(sid, get_global_sam_sid()) ) {
+ return get_group_entries( SID_NAME_ALIAS, ctx, d_grp,
+ sid, start_idx, p_num_entries, max_entries );
+ }
+
+ /* can't do anything with this SID */
+
+ *p_num_entries = 0;
+
return NT_STATUS_OK;
}