summaryrefslogtreecommitdiff
path: root/source3/utils
diff options
context:
space:
mode:
authorJean-François Micouleau <jfm@samba.org>2001-12-04 21:53:47 +0000
committerJean-François Micouleau <jfm@samba.org>2001-12-04 21:53:47 +0000
commit922eb763d7365716fd3c20aa069746fc9bfb8ab3 (patch)
tree5aa576e627be2c74803509ec298881dbc3c57864 /source3/utils
parent4d3ec230b4319510826b2cccc0b957096d8a53fe (diff)
downloadsamba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.gz
samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.tar.bz2
samba-922eb763d7365716fd3c20aa069746fc9bfb8ab3.zip
added a boolean to the group mapping functions to specify if we need or
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
Diffstat (limited to 'source3/utils')
-rw-r--r--source3/utils/smbgroupedit.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/source3/utils/smbgroupedit.c b/source3/utils/smbgroupedit.c
index 58ed0a8294..f32f7b7129 100644
--- a/source3/utils/smbgroupedit.c
+++ b/source3/utils/smbgroupedit.c
@@ -89,9 +89,12 @@ int addgroup(char *group, enum SID_NAME_USE sid_type, char *ntgroup, char *ntcom
if (privilege!=NULL)
convert_priv_from_text(&se_priv, privilege);
- if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv, PR_ACCESS_FROM_NETWORK))
+ if(!add_initial_entry(gid, string_sid, sid_type, name, comment, se_priv, PR_ACCESS_FROM_NETWORK)) {
+ free_privilege(&se_priv);
return -1;
+ }
+ free_privilege(&se_priv);
return 0;
}
@@ -103,12 +106,11 @@ int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char
DOM_SID sid;
GROUP_MAP map;
gid_t gid;
- PRIVILEGE_SET se_priv;
string_to_sid(&sid, sid_string);
/* Get the current mapping from the database */
- if(!get_group_map_from_sid(sid, &map)) {
+ if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) {
printf("This SID does not exist in the database\n");
return -1;
}
@@ -145,9 +147,11 @@ int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type, char
if (!add_mapping_entry(&map, TDB_REPLACE)) {
printf("Count not update group database\n");
+ free_privilege(&map.priv_set);
return -1;
}
-
+
+ free_privilege(&map.priv_set);
return 0;
}
@@ -180,7 +184,7 @@ int listgroup(enum SID_NAME_USE sid_type, BOOL long_list)
if (!long_list)
printf("NT group (SID) -> Unix group\n");
- if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED))
+ if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
return -1;
for (i=0; i<entries; i++) {