summaryrefslogtreecommitdiff
path: root/source3/passdb/passdb.c
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-12-04 21:53:47 +0000
committerJean-François Micouleau <jfm@samba.org>2001-12-04 21:53:47 +0000
commit922eb763d7365716fd3c20aa069746fc9bfb8ab3 (patch)
tree5aa576e627be2c74803509ec298881dbc3c57864 /source3/passdb/passdb.c
parent4d3ec230b4319510826b2cccc0b957096d8a53fe (diff)
downloadsamba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.gz
samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.bz2
samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.zip
added a boolean to the group mapping functions to specify if we need or
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
Diffstat (limited to 'source3/passdb/passdb.c')
-rw-r--r--source3/passdb/passdb.c46
1 files changed, 19 insertions, 27 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index e469718b5c..f54121cf63 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -143,8 +143,7 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
/* call the mapping code here */
- if(get_group_map_from_gid(pwd->pw_gid, &map)) {
- free_privilege(&map.priv_set);
+ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_peek_rid(&map.sid, &rid);
} else
rid=pdb_gid_to_group_rid(pwd->pw_gid);
@@ -405,8 +404,7 @@ BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
/* absolutely no idea what to do about the unix GID to Domain RID mapping */
/* map it ! */
- if (get_group_map_from_gid(pw->pw_gid, &map)) {
- free_privilege(&map.priv_set);
+ if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_peek_rid(&map.sid, g_rid);
} else
*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
@@ -491,13 +489,16 @@ BOOL pdb_rid_is_user(uint32 rid)
Convert a rid into a name. Used in the lookup SID rpc.
********************************************************************/
-BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
+BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use)
{
- BOOL is_user = pdb_rid_is_user(rid);
+ uint32 rid;
+ BOOL is_user;
+ sid_peek_rid(sid, &rid);
+ is_user = pdb_rid_is_user(rid);
*psid_name_use = SID_NAME_UNKNOWN;
- DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user ? "user" :
+ DEBUG(5,("local_lookup_sid: looking up %s RID %u.\n", is_user ? "user" :
"group", (unsigned int)rid));
if(is_user) {
@@ -529,7 +530,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
*psid_name_use = SID_NAME_USER;
- DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
+ DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid,
pass ? "succeeded" : "failed" ));
if(!pass) {
@@ -539,7 +540,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
fstrcpy(name, pass->pw_name);
- DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
+ DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name,
(unsigned int)rid ));
}
@@ -547,11 +548,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
gid_t gid;
struct group *gr;
GROUP_MAP map;
- DOM_SID local_sid;
- sid_copy(&local_sid, &global_sam_sid);
- sid_append_rid(&local_sid, rid);
-
/*
* Don't try to convert the rid to a name if running
* in appliance mode
@@ -561,10 +558,9 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
return False;
/* check if it's a mapped group */
- if (get_group_map_from_sid(local_sid, &map)) {
- free_privilege(&map.priv_set);
+ if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) {
if (map.gid!=-1) {
- DEBUG(5,("local_local_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
+ DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
fstrcpy(name, map.nt_name);
*psid_name_use = map.sid_name_use;
return True;
@@ -576,17 +572,17 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
*psid_name_use = SID_NAME_ALIAS;
- DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid,
+ DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid,
gr ? "succeeded" : "failed" ));
if(!gr) {
slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
- return True;
+ return False;
}
fstrcpy( name, gr->gr_name);
- DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
+ DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name,
(unsigned int)rid ));
}
@@ -647,8 +643,7 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid,
GROUP_MAP map;
/* check if it's a mapped group */
- if (get_group_map_from_ntname(user, &map)) {
- free_privilege(&map.priv_set);
+ if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) {
if (map.gid!=-1) {
/* yes it's a mapped group to a valid unix group */
sid_copy(&local_sid, &map.sid);
@@ -675,8 +670,7 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid,
* JFM, 30/11/2001
*/
- if(get_group_map_from_gid(grp->gr_gid, &map)){
- free_privilege(&map.priv_set);
+ if(get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){
return False;
}
@@ -759,8 +753,7 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
sid_copy(psid, &global_sam_sid);
- if (get_group_map_from_gid(gid, &map)) {
- free_privilege(&map.priv_set);
+ if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
sid_copy(psid, &map.sid);
}
else {
@@ -801,8 +794,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
if (pdb_rid_is_user(rid))
return False;
- if (get_group_map_from_sid(*psid, &map)) {
- free_privilege(&map.priv_set);
+ if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
/* the SID is in the mapping table but not mapped */
if (map.gid==-1)