summaryrefslogtreecommitdiff
path: root/source3/groupdb
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-11-17 16:19:04 +0000
committerLuke Leighton <lkcl@samba.org>1998-11-17 16:19:04 +0000
commit74d539f5573a3ed3ff1b96c54752a389da4c3e14 (patch)
treecc4cee5bc8c5ff3e7ebfef04c4ed3ff6a199df48 /source3/groupdb
parentb7c4cd9fc6460c2138750237ee4525f929e93a76 (diff)
downloadsamba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.tar.gz
samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.tar.bz2
samba-74d539f5573a3ed3ff1b96c54752a389da4c3e14.zip
- group database API. oops and oh dear, the threat has been carried out:
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)
Diffstat (limited to 'source3/groupdb')
-rw-r--r--source3/groupdb/aliasfile.c24
-rw-r--r--source3/groupdb/groupfile.c28
2 files changed, 46 insertions, 6 deletions
diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c
index 4b8bbe3079..fc87b47c47 100644
--- a/source3/groupdb/aliasfile.c
+++ b/source3/groupdb/aliasfile.c
@@ -130,24 +130,36 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members
{
DOM_SID sid;
uint8 type;
+ BOOL found = False;
- if (lookup_sid(name, &sid, &type))
+ if (strnequal(name, "S-", 2))
{
- (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
- (*num_mem)++;
+ /* sid entered directly */
+ string_to_sid(&sid, name);
+ found = lookup_name(&sid, name, &type) == 0x0;
}
else
{
+ found = lookup_sid(name, &sid, &type) == 0x0;
+ }
+
+ if (!found)
+ {
DEBUG(0,("alias database: could not resolve alias named %s\n", name));
continue;
}
+
+ (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
+
if ((*members) == NULL)
{
return NULL;
}
- fstrcpy((*members)[(*num_mem)-1].name, name);
- (*members)[(*num_mem)-1].sid_use = type;
- sid_copy(&(*members)[(*num_mem)-1].sid, &sid);
+
+ fstrcpy((*members)[*num_mem].name, name);
+ (*members)[*num_mem].sid_use = type;
+ sid_copy(&(*members)[*num_mem].sid, &sid);
+ (*num_mem)++;
}
return p;
}
diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c
index 88d362e7d4..8044071391 100644
--- a/source3/groupdb/groupfile.c
+++ b/source3/groupdb/groupfile.c
@@ -26,6 +26,9 @@ extern int DEBUGLEVEL;
static char s_readbuf[1024];
+extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
+
/***************************************************************
Start to enumerate the grppasswd list. Returns a void pointer
to ensure no modification outside this module.
@@ -128,11 +131,36 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member
while (next_token(&p, name, ",", sizeof(fstring)))
{
+ DOM_SID sid;
+ uint8 type;
+ BOOL found = False;
+
+ if (isdigit(name))
+ {
+ uint32 rid = get_number(name);
+ sid_copy(&sid, &global_sam_sid);
+ sid_append_rid(&sid, rid);
+
+ found = lookup_name(&sid, name, &type) == 0x0;
+ }
+ else
+ {
+ found = lookup_sid(name, &sid, &type) == 0x0;
+ }
+
+ if (!found)
+ {
+ DEBUG(0,("alias database: could not resolve name %s in domain %s\n",
+ name, global_sam_name));
+ continue;
+ }
+
(*members) = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER));
if ((*members) == NULL)
{
return NULL;
}
+
fstrcpy((*members)[(*num_mem)].name, name);
(*members)[(*num_mem)].attr = 0x07;
(*num_mem)++;