added a boolean to the group mapping functions to specify if we need or

not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
author: Jean-François Micouleau <jfm@samba.org> 2001-12-04 21:53:47 +0000
committer: Jean-François Micouleau <jfm@samba.org> 2001-12-04 21:53:47 +0000
commit: 922eb763d7365716fd3c20aa069746fc9bfb8ab3 (patch)
tree: 5aa576e627be2c74803509ec298881dbc3c57864 /source3/passdb
parent: 4d3ec230b4319510826b2cccc0b957096d8a53fe (diff)
download: samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.gz
samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.bz2
samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.zip
5 files changed, 23 insertions, 35 deletions
diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c
index 0f41b47549..3b7b90307d 100644
--- a/source3/passdb/nispass.c
+++ b/source3/passdb/nispass.c
@@ -308,8 +308,7 @@ static BOOL make_sam_from_nisp_object(struct sam_passwd *pw_buf, nis_object *obj
 	  else {
 	  	GROUP_MAP map;
 		
-		if (get_group_map_from_gid(pw_buf->smb_grpid, &map)) {
-			free_privileges(&map.priv_set);
+		if (get_group_map_from_gid(pw_buf->smb_grpid, &map, MAPPING_WITHOUT_PRIV)) {
 			pw_buf->group_rid = map.rid;
 		}
 		else
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index e469718b5c..f54121cf63 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -143,8 +143,7 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd)
 	pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
 
 	/* call the mapping code here */
-	if(get_group_map_from_gid(pwd->pw_gid, &map)) {
-		free_privilege(&map.priv_set);
+	if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
 		sid_peek_rid(&map.sid, &rid);
 	} else
 		rid=pdb_gid_to_group_rid(pwd->pw_gid);
@@ -405,8 +404,7 @@ BOOL pdb_name_to_rid(const char *user_name, uint32 *u_rid, uint32 *g_rid)
 
 	/* absolutely no idea what to do about the unix GID to Domain RID mapping */
 	/* map it ! */
-	if (get_group_map_from_gid(pw->pw_gid, &map)) {
-		free_privilege(&map.priv_set);
+	if (get_group_map_from_gid(pw->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
 		sid_peek_rid(&map.sid, g_rid);
 	} else 
 		*g_rid = pdb_gid_to_group_rid(pw->pw_gid);
@@ -491,13 +489,16 @@ BOOL pdb_rid_is_user(uint32 rid)
  Convert a rid into a name. Used in the lookup SID rpc.
  ********************************************************************/
 
-BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
+BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use)
 {
-	BOOL is_user = pdb_rid_is_user(rid);
+	uint32 rid;
+	BOOL is_user;
 
+	sid_peek_rid(sid, &rid);
+	is_user = pdb_rid_is_user(rid);
 	*psid_name_use = SID_NAME_UNKNOWN;
 
-	DEBUG(5,("local_lookup_rid: looking up %s RID %u.\n", is_user ? "user" :
+	DEBUG(5,("local_lookup_sid: looking up %s RID %u.\n", is_user ? "user" :
 			"group", (unsigned int)rid));
 
 	if(is_user) {
@@ -529,7 +530,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 
 			*psid_name_use = SID_NAME_USER;
 
-			DEBUG(5,("local_lookup_rid: looking up uid %u %s\n", (unsigned int)uid,
+			DEBUG(5,("local_lookup_sid: looking up uid %u %s\n", (unsigned int)uid,
 				pass ? "succeeded" : "failed" ));
 
 			if(!pass) {
@@ -539,7 +540,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 
 			fstrcpy(name, pass->pw_name);
 
-			DEBUG(5,("local_lookup_rid: found user %s for rid %u\n", name,
+			DEBUG(5,("local_lookup_sid: found user %s for rid %u\n", name,
 				(unsigned int)rid ));
 		}
 
@@ -547,11 +548,7 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 		gid_t gid;
 		struct group *gr; 
 		GROUP_MAP map;
-		DOM_SID local_sid;
 		
-		sid_copy(&local_sid, &global_sam_sid);
-		sid_append_rid(&local_sid, rid);
-
 		/* 
 		 * Don't try to convert the rid to a name if running
 		 * in appliance mode
@@ -561,10 +558,9 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 			return False;
 
 		/* check if it's a mapped group */
-		if (get_group_map_from_sid(local_sid, &map)) {
-			free_privilege(&map.priv_set);
+		if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) {
 			if (map.gid!=-1) {
-				DEBUG(5,("local_local_rid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
+				DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
 				fstrcpy(name, map.nt_name);
 				*psid_name_use = map.sid_name_use;
 				return True;
@@ -576,17 +572,17 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 
 		*psid_name_use = SID_NAME_ALIAS;
 
-		DEBUG(5,("local_local_rid: looking up gid %u %s\n", (unsigned int)gid,
+		DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid,
 			gr ? "succeeded" : "failed" ));
 
 		if(!gr) {
 			slprintf(name, sizeof(fstring)-1, "unix_group.%u", (unsigned int)gid);
-			return True;
+			return False;
 		}
 
 		fstrcpy( name, gr->gr_name);
 
-		DEBUG(5,("local_lookup_rid: found group %s for rid %u\n", name,
+		DEBUG(5,("local_lookup_sid: found group %s for rid %u\n", name,
 			(unsigned int)rid ));
 	}
 
@@ -647,8 +643,7 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid,
 		GROUP_MAP map;
 		
 		/* check if it's a mapped group */
-		if (get_group_map_from_ntname(user, &map)) {
-			free_privilege(&map.priv_set);
+		if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) {
 			if (map.gid!=-1) {
 				/* yes it's a mapped group to a valid unix group */
 				sid_copy(&local_sid, &map.sid);
@@ -675,8 +670,7 @@ BOOL local_lookup_name(const char *c_domain, const char *c_user, DOM_SID *psid,
 			 * JFM, 30/11/2001
 			 */
 			
-			if(get_group_map_from_gid(grp->gr_gid, &map)){
-				free_privilege(&map.priv_set);
+			if(get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){
 				return False;
 			}
 
@@ -759,8 +753,7 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
 
 	sid_copy(psid, &global_sam_sid);
 	
-	if (get_group_map_from_gid(gid, &map)) {
-		free_privilege(&map.priv_set);
+	if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
 		sid_copy(psid, &map.sid);
 	}
 	else {
@@ -801,8 +794,7 @@ BOOL local_sid_to_gid(gid_t *pgid, DOM_SID *psid, enum SID_NAME_USE *name_type)
 	if (pdb_rid_is_user(rid))
 		return False;
 
-	if (get_group_map_from_sid(*psid, &map)) {
-		free_privilege(&map.priv_set);
+	if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
 
 		/* the SID is in the mapping table but not mapped */
 		if (map.gid==-1)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index d0eebbed89..f426f926b1 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -585,8 +585,7 @@ static BOOL init_ldap_from_sam (LDAPMod *** mods, int ldap_state, const SAM_ACCO
 	if ( !sampass->group_rid) {
 		GROUP_MAP map;
 	
-		if (get_group_map_from_gid(pdb_get_gid(sampass), &map)) {
-			free_privilege(&map.priv_set);
+		if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) {
 			sid_peek_rid(&map.sid, &sampass->group_rid);
 		}
 		else 
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c
index aff0870a8d..9fc4a0a65a 100644
--- a/source3/passdb/pdb_nisplus.c
+++ b/source3/passdb/pdb_nisplus.c
@@ -501,8 +501,7 @@ static BOOL init_nisp_from_sam(nis_object *obj, const SAM_ACCOUNT *sampass,
 		rid=pdb_get_group_rid(sampass);
 
 		if (rid==0) {
-			if (get_group_map_from_gid(pdb_get_gid(sampass), &map)) {
-				free_privilege(&map.priv_set);
+			if (get_group_map_from_gid(pdb_get_gid(sampass), &map, MAPPING_WITHOUT_PRIV)) {
 				sid_peek_rid(&map.sid, &rid);
 			} else 
 				rid=pdb_gid_to_group_rid(pdb_get_gid(sampass));
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index c189d9a9b7..e5b1ec97f7 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1225,8 +1225,7 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw
 		uint32 rid;
 		GROUP_MAP map;
 	
-		if (get_group_map_from_gid(pwfile->pw_gid, &map)) {
-			free_privilege(&map.priv_set);
+		if (get_group_map_from_gid(pwfile->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
 			sid_peek_rid(&map.sid, &rid);
 		}
 		else
author	Jean-François Micouleau <jfm@samba.org>	2001-12-04 21:53:47 +0000
committer	Jean-François Micouleau <jfm@samba.org>	2001-12-04 21:53:47 +0000
commit	922eb763d7365716fd3c20aa069746fc9bfb8ab3 (patch)
tree	5aa576e627be2c74803509ec298881dbc3c57864 /source3/passdb
parent	4d3ec230b4319510826b2cccc0b957096d8a53fe (diff)
download	samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.gz samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.bz2 samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.zip