diff options
author | Simo Sorce <idra@samba.org> | 2011-09-26 17:55:47 -0400 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2011-10-12 19:28:12 +0200 |
commit | 995d1567265be178b4e45f79ea4562a7041ffa52 (patch) | |
tree | 97eed8a77f5332f0aa73109454037e6f87250cdb /source3 | |
parent | fc320551d84508371ab1c082752515d538648f49 (diff) | |
download | samba-995d1567265be178b4e45f79ea4562a7041ffa52.tar.gz samba-995d1567265be178b4e45f79ea4562a7041ffa52.tar.bz2 samba-995d1567265be178b4e45f79ea4562a7041ffa52.zip |
s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r-- | source3/groupdb/mapping.c | 220 | ||||
-rw-r--r-- | source3/groupdb/mapping.h | 2 | ||||
-rw-r--r-- | source3/groupdb/mapping_tdb.c | 153 | ||||
-rw-r--r-- | source3/groupdb/proto.h | 8 | ||||
-rw-r--r-- | source3/include/mapping.h | 4 | ||||
-rw-r--r-- | source3/include/passdb.h | 2 | ||||
-rw-r--r-- | source3/libnet/libnet_dssync_passdb.c | 200 | ||||
-rw-r--r-- | source3/libnet/libnet_samsync_passdb.c | 144 | ||||
-rw-r--r-- | source3/passdb/lookup_sid.c | 12 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 20 | ||||
-rw-r--r-- | source3/passdb/pdb_ads.c | 21 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 144 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 47 | ||||
-rw-r--r-- | source3/passdb/pdb_samba4.c | 16 | ||||
-rw-r--r-- | source3/passdb/pdb_wbc_sam.c | 7 | ||||
-rw-r--r-- | source3/passdb/proto.h | 7 | ||||
-rw-r--r-- | source3/passdb/py_passdb.c | 8 | ||||
-rw-r--r-- | source3/rpc_server/lsa/srv_lsa_nt.c | 16 | ||||
-rw-r--r-- | source3/rpc_server/samr/srv_samr_nt.c | 52 | ||||
-rw-r--r-- | source3/utils/net_groupmap.c | 190 | ||||
-rw-r--r-- | source3/utils/net_sam.c | 111 | ||||
-rw-r--r-- | source3/utils/pdbedit.c | 6 |
22 files changed, 935 insertions, 455 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 907d40fe2a..2c0fea0cb9 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -51,24 +51,48 @@ initialise first time the mapping list ****************************************************************************/ NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment) { - GROUP_MAP map; + NTSTATUS status; + GROUP_MAP *map; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_UNSUCCESSFUL; } - map.gid=gid; - if (!string_to_sid(&map.sid, sid)) { + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + map->gid=gid; + if (!string_to_sid(&map->sid, sid)) { DEBUG(0, ("string_to_sid failed: %s", sid)); - return NT_STATUS_UNSUCCESSFUL; + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + map->sid_name_use=sid_name_use; + map->nt_name = talloc_strdup(map, nt_name); + if (!map->nt_name) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + if (comment) { + map->comment = talloc_strdup(map, comment); + } else { + map->comment = talloc_strdup(map, ""); + } + if (!map->comment) { + status = NT_STATUS_NO_MEMORY; + goto done; } - map.sid_name_use=sid_name_use; - fstrcpy(map.nt_name, nt_name); - fstrcpy(map.comment, comment); + status = pdb_add_group_mapping_entry(map); - return pdb_add_group_mapping_entry(&map); +done: + TALLOC_FREE(map); + return status; } static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members, @@ -133,8 +157,14 @@ bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map) sid_peek_rid( &sid, &rid ); if ( rid == DOMAIN_RID_USERS ) { - fstrcpy( map->nt_name, "None" ); - fstrcpy( map->comment, "Ordinary Users" ); + map->nt_name = talloc_strdup(map, "None"); + if (!map->nt_name) { + return false; + } + map->comment = talloc_strdup(map, "Ordinary Users"); + if (!map->comment) { + return false; + } sid_copy( &map->sid, &sid ); map->sid_name_use = SID_NAME_DOM_GRP; map->gid = (gid_t)-1; @@ -453,9 +483,11 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, } NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, - const struct dom_sid *sid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, size_t *p_num_entries, - bool unix_only) + const struct dom_sid *sid, + enum lsa_SidType sid_name_use, + GROUP_MAP ***pp_rmap, + size_t *p_num_entries, + bool unix_only) { if (!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); @@ -473,7 +505,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, uint32 new_rid; gid_t gid; bool exists; - GROUP_MAP map; + GROUP_MAP *map; TALLOC_CTX *mem_ctx; NTSTATUS status; @@ -486,15 +518,16 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL, NULL, NULL, &sid, &type); - TALLOC_FREE(mem_ctx); if (exists) { - return NT_STATUS_ALIAS_EXISTS; + status = NT_STATUS_ALIAS_EXISTS; + goto done; } if (!pdb_new_rid(&new_rid)) { DEBUG(0, ("Could not allocate a RID.\n")); - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto done; } sid_compose(&sid, get_global_sam_sid(), new_rid); @@ -502,29 +535,46 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, if (!winbind_allocate_gid(&gid)) { DEBUG(3, ("Could not get a gid out of winbind - " "wasted a rid :-(\n")); - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto done; } DEBUG(10, ("Creating alias %s with gid %u and rid %u\n", name, (unsigned int)gid, (unsigned int)new_rid)); - map.gid = gid; - sid_copy(&map.sid, &sid); - map.sid_name_use = SID_NAME_ALIAS; - fstrcpy(map.nt_name, name); - fstrcpy(map.comment, ""); + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + map->gid = gid; + sid_copy(&map->sid, &sid); + map->sid_name_use = SID_NAME_ALIAS; + map->nt_name = talloc_strdup(map, name); + if (!map->nt_name) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + map->comment = talloc_strdup(map, ""); + if (!map->comment) { + status = NT_STATUS_NO_MEMORY; + goto done; + } - status = pdb_add_group_mapping_entry(&map); + status = pdb_add_group_mapping_entry(map); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("Could not add group mapping entry for alias %s " "(%s)\n", name, nt_errstr(status))); - return status; + goto done; } *rid = new_rid; - return NT_STATUS_OK; +done: + TALLOC_FREE(mem_ctx); + return status; } NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, @@ -537,44 +587,78 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, const struct dom_sid *sid, struct acct_info *info) { - GROUP_MAP map; + NTSTATUS status = NT_STATUS_OK; + GROUP_MAP *map; - if (!pdb_getgrsid(&map, *sid)) - return NT_STATUS_NO_SUCH_ALIAS; + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_getgrsid(map, *sid)) { + status = NT_STATUS_NO_SUCH_ALIAS; + goto done; + } - if ((map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP)) { + if ((map->sid_name_use != SID_NAME_ALIAS) && + (map->sid_name_use != SID_NAME_WKN_GRP)) { DEBUG(2, ("%s is a %s, expected an alias\n", sid_string_dbg(sid), - sid_type_lookup(map.sid_name_use))); - return NT_STATUS_NO_SUCH_ALIAS; + sid_type_lookup(map->sid_name_use))); + status = NT_STATUS_NO_SUCH_ALIAS; + goto done; } - info->acct_name = talloc_strdup(info, map.nt_name); + info->acct_name = talloc_move(info, &map->nt_name); if (!info->acct_name) { - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto done; } - info->acct_desc = talloc_strdup(info, map.comment); + info->acct_desc = talloc_move(info, &map->comment); if (!info->acct_desc) { - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto done; } - sid_peek_rid(&map.sid, &info->rid); - return NT_STATUS_OK; + sid_peek_rid(&map->sid, &info->rid); + +done: + TALLOC_FREE(map); + return status; } NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, const struct dom_sid *sid, struct acct_info *info) { - GROUP_MAP map; + NTSTATUS status = NT_STATUS_OK; + GROUP_MAP *map; - if (!pdb_getgrsid(&map, *sid)) - return NT_STATUS_NO_SUCH_ALIAS; + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } - fstrcpy(map.nt_name, info->acct_name); - fstrcpy(map.comment, info->acct_desc); + if (!pdb_getgrsid(map, *sid)) { + status = NT_STATUS_NO_SUCH_ALIAS; + goto done; + } + + map->nt_name = talloc_strdup(map, info->acct_name); + if (!map->nt_name) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + map->comment = talloc_strdup(map, info->acct_desc); + if (!map->comment) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + status = pdb_update_group_mapping_entry(map); - return pdb_update_group_mapping_entry(&map); +done: + TALLOC_FREE(map); + return status; } NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, @@ -715,11 +799,9 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid) struct dom_sid sid; enum lsa_SidType type; gid_t gid; - GROUP_MAP map; - TALLOC_CTX *mem_ctx; + GROUP_MAP *map; NTSTATUS status; const char *name = NULL; - fstring groupname; DEBUG(10, ("Trying to create builtin alias %d\n", rid)); @@ -727,40 +809,48 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid) return NT_STATUS_NO_SUCH_ALIAS; } - if ( (mem_ctx = talloc_new(NULL)) == NULL ) { + /* use map as overall temp mem context */ + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { return NT_STATUS_NO_MEMORY; } - if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) { - TALLOC_FREE( mem_ctx ); - return NT_STATUS_NO_SUCH_ALIAS; + if (!lookup_sid(map, &sid, NULL, &name, &type)) { + status = NT_STATUS_NO_SUCH_ALIAS; + goto done; } - /* validate RID so copy the name and move on */ - - fstrcpy( groupname, name ); - TALLOC_FREE( mem_ctx ); - if (!winbind_allocate_gid(&gid)) { DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n")); - return NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_ACCESS_DENIED; + goto done; } - DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid)); + DEBUG(10, ("Creating alias %s with gid %u\n", name, (unsigned)gid)); - map.gid = gid; - sid_copy(&map.sid, &sid); - map.sid_name_use = SID_NAME_ALIAS; - strlcpy(map.nt_name, groupname, sizeof(map.nt_name)); - strlcpy(map.comment, "", sizeof(map.comment)); + map->gid = gid; + sid_copy(&map->sid, &sid); + map->sid_name_use = SID_NAME_ALIAS; + map->nt_name = talloc_strdup(map, name); + if (!map->nt_name) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + map->comment = talloc_strdup(map, ""); + if (!map->comment) { + status = NT_STATUS_NO_MEMORY; + goto done; + } - status = pdb_add_group_mapping_entry(&map); + status = pdb_add_group_mapping_entry(map); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d " "(%s)\n", rid, nt_errstr(status))); } +done: + TALLOC_FREE(map); return status; } diff --git a/source3/groupdb/mapping.h b/source3/groupdb/mapping.h index 045721d67e..bb6cc02ed8 100644 --- a/source3/groupdb/mapping.h +++ b/source3/groupdb/mapping.h @@ -45,7 +45,7 @@ struct mapping_backend { bool (*get_group_map_from_ntname)(const char *name, GROUP_MAP *map); bool (*group_map_remove)(const struct dom_sid *sid); bool (*enum_group_mapping)(const struct dom_sid *domsid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only); NTSTATUS (*one_alias_membership)(const struct dom_sid *member, struct dom_sid **sids, size_t *num); diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index 0c4b2fa405..394a2f0b22 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -34,7 +34,7 @@ static struct db_context *db; /* used for driver files */ static bool enum_group_mapping(const struct dom_sid *domsid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only); static bool group_map_remove(const struct dom_sid *sid); @@ -175,6 +175,8 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map) char *key; int ret = 0; NTSTATUS status; + fstring nt_name; + fstring comment; /* the key is the SID, retrieving is direct */ @@ -191,7 +193,7 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map) ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", &map->gid, &map->sid_name_use, - &map->nt_name, &map->comment); + &nt_name, &comment); TALLOC_FREE(key); @@ -202,6 +204,15 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map) sid_copy(&map->sid, &sid); + map->nt_name = talloc_strdup(map, nt_name); + if (!map->nt_name) { + return false; + } + map->comment = talloc_strdup(map, comment); + if (!map->comment) { + return false; + } + return true; } @@ -209,6 +220,9 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map) { TDB_DATA key = dbwrap_record_get_key(rec); TDB_DATA value = dbwrap_record_get_value(rec); + int ret = 0; + fstring nt_name; + fstring comment; if ((key.dsize < strlen(GROUP_PREFIX)) || (strncmp((char *)key.dptr, GROUP_PREFIX, @@ -221,9 +235,25 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map) return False; } - return tdb_unpack(value.dptr, value.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, - &map->comment) != -1; + ret = tdb_unpack(value.dptr, value.dsize, "ddff", + &map->gid, &map->sid_name_use, + &nt_name, &comment); + + if (ret == -1) { + DEBUG(3, ("dbrec2map: tdb_unpack failure\n")); + return false; + } + + map->nt_name = talloc_strdup(map, nt_name); + if (!map->nt_name) { + return false; + } + map->comment = talloc_strdup(map, comment); + if (!map->comment) { + return false; + } + + return true; } struct find_map_state { @@ -323,55 +353,67 @@ struct enum_map_state { bool unix_only; size_t num_maps; - GROUP_MAP *maps; + GROUP_MAP **maps; }; static int collect_map(struct db_record *rec, void *private_data) { struct enum_map_state *state = (struct enum_map_state *)private_data; - GROUP_MAP map; - GROUP_MAP *tmp; + GROUP_MAP *map; + GROUP_MAP **tmp; + + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + DEBUG(0, ("Unable to allocate group map!\n")); + return 1; + } - if (!dbrec2map(rec, &map)) { + if (!dbrec2map(rec, map)) { + TALLOC_FREE(map); return 0; } /* list only the type or everything if UNKNOWN */ if (state->sid_name_use != SID_NAME_UNKNOWN - && state->sid_name_use != map.sid_name_use) { + && state->sid_name_use != map->sid_name_use) { DEBUG(11,("enum_group_mapping: group %s is not of the " - "requested type\n", map.nt_name)); + "requested type\n", map->nt_name)); + TALLOC_FREE(map); return 0; } - if ((state->unix_only == ENUM_ONLY_MAPPED) && (map.gid == -1)) { + if ((state->unix_only == ENUM_ONLY_MAPPED) && (map->gid == -1)) { DEBUG(11,("enum_group_mapping: group %s is non mapped\n", - map.nt_name)); + map->nt_name)); + TALLOC_FREE(map); return 0; } if ((state->domsid != NULL) && - (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) { + (dom_sid_compare_domain(state->domsid, &map->sid) != 0)) { DEBUG(11,("enum_group_mapping: group %s is not in domain\n", - sid_string_dbg(&map.sid))); + sid_string_dbg(&map->sid))); + TALLOC_FREE(map); return 0; } - if (!(tmp = SMB_REALLOC_ARRAY(state->maps, GROUP_MAP, - state->num_maps+1))) { + tmp = talloc_realloc(NULL, state->maps, GROUP_MAP *, + state->num_maps + 1); + if (!tmp) { DEBUG(0,("enum_group_mapping: Unable to enlarge group " "map!\n")); + TALLOC_FREE(map); return 1; } state->maps = tmp; - state->maps[state->num_maps] = map; + state->maps[state->num_maps] = talloc_move(state->maps, &map); state->num_maps++; return 0; } static bool enum_group_mapping(const struct dom_sid *domsid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only) { struct enum_map_state state; @@ -385,6 +427,7 @@ static bool enum_group_mapping(const struct dom_sid *domsid, status = dbwrap_traverse_read(db, collect_map, (void *)&state, NULL); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(state.maps); return false; } @@ -479,7 +522,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) { - GROUP_MAP map; + GROUP_MAP *map; char *key; fstring string_sid; char *new_memberstring; @@ -487,12 +530,23 @@ static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid * NTSTATUS status; TDB_DATA value; - if (!get_group_map_from_sid(*alias, &map)) + map = talloc_zero(talloc_tos(), GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!get_group_map_from_sid(*alias, map)) { + TALLOC_FREE(map); return NT_STATUS_NO_SUCH_ALIAS; + } - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) + if ((map->sid_name_use != SID_NAME_ALIAS) && + (map->sid_name_use != SID_NAME_WKN_GRP)) { + TALLOC_FREE(map); return NT_STATUS_NO_SUCH_ALIAS; + } + + TALLOC_FREE(map); if (is_aliasmem(alias, member)) return NT_STATUS_MEMBER_IN_ALIAS; @@ -629,15 +683,26 @@ static int collect_aliasmem(struct db_record *rec, void *priv) static NTSTATUS enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx, struct dom_sid **sids, size_t *num) { - GROUP_MAP map; + GROUP_MAP *map; struct aliasmem_state state; - if (!get_group_map_from_sid(*alias, &map)) + map = talloc_zero(talloc_tos(), GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!get_group_map_from_sid(*alias, map)) { + TALLOC_FREE(map); return NT_STATUS_NO_SUCH_ALIAS; + } - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) + if ((map->sid_name_use != SID_NAME_ALIAS) && + (map->sid_name_use != SID_NAME_WKN_GRP)) { + TALLOC_FREE(map); return NT_STATUS_NO_SUCH_ALIAS; + } + + TALLOC_FREE(map); *sids = NULL; *num = 0; @@ -774,7 +839,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, TDB_DATA data, void *ptr) { TALLOC_CTX *tmp_ctx = talloc_tos(); - GROUP_MAP map; + GROUP_MAP *map = NULL; uint8_t *p; uint32_t format; uint32_t num_el; @@ -839,7 +904,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, goto failed; } - ZERO_STRUCT(map); + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + errno = ENOMEM; + goto failed; + } for (i = 0; i < num_el; i++) { uint32_t num_vals; @@ -896,28 +965,34 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, /* we ignore unknown or uninteresting attributes * (objectclass, etc.) */ if (strcasecmp_m(name, "gidNumber") == 0) { - map.gid = strtoul(val, &q, 10); + map->gid = strtoul(val, &q, 10); if (*q) { errno = EIO; goto failed; } } else if (strcasecmp_m(name, "sid") == 0) { - if (!string_to_sid(&map.sid, val)) { + if (!string_to_sid(&map->sid, val)) { errno = EIO; goto failed; } } else if (strcasecmp_m(name, "sidNameUse") == 0) { - map.sid_name_use = strtoul(val, &q, 10); + map->sid_name_use = strtoul(val, &q, 10); if (*q) { errno = EIO; goto failed; } } else if (strcasecmp_m(name, "ntname") == 0) { - strlcpy(map.nt_name, val, - sizeof(map.nt_name)); + map->nt_name = talloc_strdup(map, val); + if (!map->nt_name) { + errno = ENOMEM; + goto failed; + } } else if (strcasecmp_m(name, "comment") == 0) { - strlcpy(map.comment, val, - sizeof(map.comment)); + map->comment = talloc_strdup(map, val); + if (!map->comment) { + errno = ENOMEM; + goto failed; + } } else if (strcasecmp_m(name, "member") == 0) { if (!string_to_sid(&members[j], val)) { errno = EIO; @@ -931,7 +1006,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, TALLOC_FREE(name); } - if (!add_mapping_entry(&map, 0)) { + if (!add_mapping_entry(map, 0)) { errno = EIO; goto failed; } @@ -939,7 +1014,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, if (num_mem) { for (j = 0; j < num_mem; j++) { NTSTATUS status; - status = add_aliasmem(&map.sid, &members[j]); + status = add_aliasmem(&map->sid, &members[j]); if (!NT_STATUS_IS_OK(status)) { errno = EIO; goto failed; @@ -952,9 +1027,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, remaining)); } + TALLOC_FREE(map); return 0; failed: + TALLOC_FREE(map); return -1; } diff --git a/source3/groupdb/proto.h b/source3/groupdb/proto.h index ddcdf7a3b9..75d5c3963d 100644 --- a/source3/groupdb/proto.h +++ b/source3/groupdb/proto.h @@ -46,9 +46,11 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, struct dom_sid sid); NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, - const struct dom_sid *sid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, size_t *p_num_entries, - bool unix_only); + const struct dom_sid *sid, + enum lsa_SidType sid_name_use, + GROUP_MAP ***pp_rmap, + size_t *p_num_entries, + bool unix_only); NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, const char *name, uint32 *rid); NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, diff --git a/source3/include/mapping.h b/source3/include/mapping.h index 7454d19af8..41275ff7ed 100644 --- a/source3/include/mapping.h +++ b/source3/include/mapping.h @@ -26,8 +26,8 @@ typedef struct _GROUP_MAP { gid_t gid; struct dom_sid sid; enum lsa_SidType sid_name_use; - fstring nt_name; - fstring comment; + char *nt_name; + char *comment; } GROUP_MAP; #include "groupdb/proto.h" diff --git a/source3/include/passdb.h b/source3/include/passdb.h index ea53279d42..59eedd8563 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -375,7 +375,7 @@ struct pdb_methods NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods, const struct dom_sid *sid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, size_t *p_num_entries, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only); NTSTATUS (*enum_group_members)(struct pdb_methods *methods, diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c index be44cbaa86..b56c2d4451 100644 --- a/source3/libnet/libnet_dssync_passdb.c +++ b/source3/libnet/libnet_dssync_passdb.c @@ -452,7 +452,7 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec, struct dom_sid member_sid; struct samu *member = NULL; const char *member_dn = NULL; - GROUP_MAP map; + GROUP_MAP *map; struct group *grp; uint32_t rid; bool is_unix_member = false; @@ -508,19 +508,29 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec, break; } - if (!get_domain_group_from_sid(group_sid, &map)) { + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return -1; + } + + if (!get_domain_group_from_sid(group_sid, map)) { DEBUG(0, ("Could not find global group %s\n", sid_string_dbg(&group_sid))); //return NT_STATUS_NO_SUCH_GROUP; + TALLOC_FREE(map); return -1; } - if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); + if (!(grp = getgrgid(map->gid))) { + DEBUG(0, ("Could not find unix group %lu\n", + (unsigned long)map->gid)); //return NT_STATUS_NO_SUCH_GROUP; + TALLOC_FREE(map); return -1; } + TALLOC_FREE(map); + DEBUG(0,("Group members of %s: ", grp->gr_name)); if ( !(member = samu_new(talloc_tos())) ) { @@ -1348,7 +1358,7 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx, NTSTATUS status; fstring account; struct samu *sam_account=NULL; - GROUP_MAP map; + GROUP_MAP *map; struct group *grp; struct dom_sid user_sid; struct dom_sid group_sid; @@ -1430,14 +1440,19 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx, group_sid = *pdb_get_group_sid(sam_account); - if (!pdb_getgrsid(&map, group_sid)) { + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_getgrsid(map, group_sid)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); } else { - if (map.gid != passwd->pw_gid) { - if (!(grp = getgrgid(map.gid))) { + if (map->gid != passwd->pw_gid) { + if (!(grp = getgrgid(map->gid))) { DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", - (unsigned long)map.gid, pdb_get_username(sam_account), + (unsigned long)map->gid, pdb_get_username(sam_account), sid_string_dbg(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); @@ -1445,6 +1460,8 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx, } } + TALLOC_FREE(map); + if ( !passwd ) { DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account))); @@ -1463,14 +1480,12 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx, { struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur; NTSTATUS status; - fstring name; - fstring comment; struct group *grp = NULL; struct dom_sid group_sid; uint32_t rid = 0; struct dom_sid *dom_sid = NULL; fstring sid_string; - GROUP_MAP map; + GROUP_MAP *map; bool insert = true; const char *sAMAccountName; @@ -1496,23 +1511,43 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx, return status; } - fstrcpy(name, sAMAccountName); - fstrcpy(comment, description); - dom_sid_split_rid(mem_ctx, &group_sid, &dom_sid, &rid); + map = talloc_zero(mem_ctx, GROUP_MAP); + if (map == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + map->nt_name = talloc_strdup(map, sAMAccountName); + if (map->nt_name == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + if (description) { + map->comment = talloc_strdup(map, description); + } else { + map->comment = talloc_strdup(map, ""); + } + if (map->comment == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + sid_to_fstring(sid_string, &group_sid); DEBUG(0,("Creating alias[%s] - %s members[%u]\n", - name, sid_string, num_members)); + map->nt_name, sid_string, num_members)); status = dssync_insert_obj(pctx, pctx->aliases, obj); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } - if (pdb_getgrsid(&map, group_sid)) { - if ( map.gid != -1 ) - grp = getgrgid(map.gid); + if (pdb_getgrsid(map, group_sid)) { + if (map->gid != -1) { + grp = getgrgid(map->gid); + } insert = false; } @@ -1520,22 +1555,27 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx, gid_t gid; /* No group found from mapping, find it from its name. */ - if ((grp = getgrnam(name)) == NULL) { + if ((grp = getgrnam(map->nt_name)) == NULL) { /* No appropriate group found, create one */ - DEBUG(0,("Creating unix group: '%s'\n", name)); + DEBUG(0, ("Creating unix group: '%s'\n", + map->nt_name)); - if (smb_create_group(name, &gid) != 0) - return NT_STATUS_ACCESS_DENIED; + if (smb_create_group(map->nt_name, &gid) != 0) { + status = NT_STATUS_ACCESS_DENIED; + goto done; + } - if ((grp = getgrgid(gid)) == NULL) - return NT_STATUS_ACCESS_DENIED; + if ((grp = getgrgid(gid)) == NULL) { + status = NT_STATUS_ACCESS_DENIED; + goto done; + } } } - map.gid = grp->gr_gid; - map.sid = group_sid; + map->gid = grp->gr_gid; + map->sid = group_sid; if (dom_sid_equal(dom_sid, &global_sid_Builtin)) { /* @@ -1543,23 +1583,17 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx, * * map.sid_name_use = SID_NAME_WKN_GRP; */ - map.sid_name_use = SID_NAME_ALIAS; + map->sid_name_use = SID_NAME_ALIAS; } else { - map.sid_name_use = SID_NAME_ALIAS; + map->sid_name_use = SID_NAME_ALIAS; } - strlcpy(map.nt_name, name, sizeof(map.nt_name)); - if (description) { - strlcpy(map.comment, comment, sizeof(map.comment)); + if (insert) { + pdb_add_group_mapping_entry(map); } else { - strlcpy(map.comment, "", sizeof(map.comment)); + pdb_update_group_mapping_entry(map); } - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); - for (i=0; i < num_members; i++) { struct dssync_passdb_mem *mem; @@ -1567,11 +1601,15 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx, true /* active */, &members[i], &mem); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } } - return NT_STATUS_OK; + status = NT_STATUS_OK; + +done: + TALLOC_FREE(map); + return status; } /**************************************************************** @@ -1583,12 +1621,10 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx, { struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur; NTSTATUS status; - fstring name; - fstring comment; struct group *grp = NULL; struct dom_sid group_sid; fstring sid_string; - GROUP_MAP map; + GROUP_MAP *map; bool insert = true; const char *sAMAccountName; @@ -1614,21 +1650,39 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx, return status; } - fstrcpy(name, sAMAccountName); - fstrcpy(comment, description); + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + map->nt_name = talloc_strdup(map, sAMAccountName); + if (!map->nt_name) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + if (description) { + map->comment = talloc_strdup(map, description); + } else { + map->comment = talloc_strdup(map, ""); + } + if (!map->comment) { + status = NT_STATUS_NO_MEMORY; + goto done; + } sid_to_fstring(sid_string, &group_sid); DEBUG(0,("Creating group[%s] - %s members [%u]\n", - name, sid_string, num_members)); + map->nt_name, sid_string, num_members)); status = dssync_insert_obj(pctx, pctx->groups, obj); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } - if (pdb_getgrsid(&map, group_sid)) { - if ( map.gid != -1 ) - grp = getgrgid(map.gid); + if (pdb_getgrsid(map, group_sid)) { + if (map->gid != -1) { + grp = getgrgid(map->gid); + } insert = false; } @@ -1636,35 +1690,35 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx, gid_t gid; /* No group found from mapping, find it from its name. */ - if ((grp = getgrnam(name)) == NULL) { + if ((grp = getgrnam(map->nt_name)) == NULL) { /* No appropriate group found, create one */ - DEBUG(0,("Creating unix group: '%s'\n", name)); + DEBUG(0, ("Creating unix group: '%s'\n", + map->nt_name)); - if (smb_create_group(name, &gid) != 0) - return NT_STATUS_ACCESS_DENIED; + if (smb_create_group(map->nt_name, &gid) != 0) { + status = NT_STATUS_ACCESS_DENIED; + goto done; + } - if ((grp = getgrnam(name)) == NULL) - return NT_STATUS_ACCESS_DENIED; + if ((grp = getgrnam(map->nt_name)) == NULL) { + status = NT_STATUS_ACCESS_DENIED; + goto done; + } } } - map.gid = grp->gr_gid; - map.sid = group_sid; - map.sid_name_use = SID_NAME_DOM_GRP; - strlcpy(map.nt_name, name, sizeof(map.nt_name)); - if (description) { - strlcpy(map.comment, comment, sizeof(map.comment)); + map->gid = grp->gr_gid; + map->sid = group_sid; + map->sid_name_use = SID_NAME_DOM_GRP; + + if (insert) { + pdb_add_group_mapping_entry(map); } else { - strlcpy(map.comment, "", sizeof(map.comment)); + pdb_update_group_mapping_entry(map); } - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); - for (i=0; i < num_members; i++) { struct dssync_passdb_mem *mem; @@ -1672,11 +1726,15 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx, true /* active */, &members[i], &mem); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } } - return NT_STATUS_OK; + status = NT_STATUS_OK; + +done: + TALLOC_FREE(map); + return status; } /**************************************************************** diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 0cf2ed3323..cf47934475 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -301,7 +301,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx, NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; fstring account; struct samu *sam_account=NULL; - GROUP_MAP map; + GROUP_MAP *map = NULL; struct group *grp; struct dom_sid user_sid; struct dom_sid group_sid; @@ -355,14 +355,19 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx, group_sid = *pdb_get_group_sid(sam_account); - if (!pdb_getgrsid(&map, group_sid)) { + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_getgrsid(map, group_sid)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); } else { - if (map.gid != passwd->pw_gid) { - if (!(grp = getgrgid(map.gid))) { + if (map->gid != passwd->pw_gid) { + if (!(grp = getgrgid(map->gid))) { DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", - (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); + (unsigned long)map->gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); } @@ -376,6 +381,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx, done: TALLOC_FREE(sam_account); + TALLOC_FREE(map); return nt_ret; } @@ -386,60 +392,65 @@ static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx, uint32_t rid, struct netr_DELTA_GROUP *r) { - fstring name; - fstring comment; struct group *grp = NULL; struct dom_sid group_sid; fstring sid_string; - GROUP_MAP map; + GROUP_MAP *map; bool insert = true; - fstrcpy(name, r->group_name.string); - fstrcpy(comment, r->description.string); - + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } /* add the group to the mapping table */ sid_compose(&group_sid, get_global_sam_sid(), rid); sid_to_fstring(sid_string, &group_sid); - if (pdb_getgrsid(&map, group_sid)) { - if ( map.gid != -1 ) - grp = getgrgid(map.gid); + if (pdb_getgrsid(map, group_sid)) { + if (map->gid != -1) { + grp = getgrgid(map->gid); + } insert = false; } + map->nt_name = talloc_strdup(map, r->group_name.string); + if (!map->nt_name) { + return NT_STATUS_NO_MEMORY; + } + map->comment = talloc_strdup(map, r->description.string); + if (!map->comment) { + return NT_STATUS_NO_MEMORY; + } + if (grp == NULL) { gid_t gid; /* No group found from mapping, find it from its name. */ - if ((grp = getgrnam(name)) == NULL) { + if ((grp = getgrnam(map->nt_name)) == NULL) { /* No appropriate group found, create one */ - d_printf("Creating unix group: '%s'\n", name); + d_printf("Creating unix group: '%s'\n", map->nt_name); - if (smb_create_group(name, &gid) != 0) + if (smb_create_group(map->nt_name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; - if ((grp = getgrnam(name)) == NULL) + if ((grp = getgrnam(map->nt_name)) == NULL) return NT_STATUS_ACCESS_DENIED; } } - map.gid = grp->gr_gid; - map.sid = group_sid; - map.sid_name_use = SID_NAME_DOM_GRP; - strlcpy(map.nt_name, name, sizeof(map.nt_name)); - if (r->description.string) { - strlcpy(map.comment, comment, sizeof(map.comment)); + map->gid = grp->gr_gid; + map->sid = group_sid; + map->sid_name_use = SID_NAME_DOM_GRP; + + if (insert) { + pdb_add_group_mapping_entry(map); } else { - strlcpy(map.comment, "", sizeof(map.comment)); + pdb_update_group_mapping_entry(map); } - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); - + TALLOC_FREE(map); return NT_STATUS_OK; } @@ -454,7 +465,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx, char **nt_members = NULL; char **unix_members; struct dom_sid group_sid; - GROUP_MAP map; + GROUP_MAP *map; struct group *grp; if (r->num_rids == 0) { @@ -463,16 +474,26 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx, sid_compose(&group_sid, get_global_sam_sid(), rid); - if (!get_domain_group_from_sid(group_sid, &map)) { + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!get_domain_group_from_sid(group_sid, map)) { DEBUG(0, ("Could not find global group %d\n", rid)); + TALLOC_FREE(map); return NT_STATUS_NO_SUCH_GROUP; } - if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); + if (!(grp = getgrgid(map->gid))) { + DEBUG(0, ("Could not find unix group %lu\n", + (unsigned long)map->gid)); + TALLOC_FREE(map); return NT_STATUS_NO_SUCH_GROUP; } + TALLOC_FREE(map); + d_printf("Group members of %s: ", grp->gr_name); if (r->num_rids) { @@ -575,56 +596,65 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx, struct netr_DELTA_ALIAS *r, const struct dom_sid *dom_sid) { - fstring name; - fstring comment; struct group *grp = NULL; struct dom_sid alias_sid; fstring sid_string; - GROUP_MAP map; + GROUP_MAP *map; bool insert = true; - fstrcpy(name, r->alias_name.string); - fstrcpy(comment, r->description.string); + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } /* Find out whether the group is already mapped */ sid_compose(&alias_sid, dom_sid, rid); sid_to_fstring(sid_string, &alias_sid); - if (pdb_getgrsid(&map, alias_sid)) { - grp = getgrgid(map.gid); + if (pdb_getgrsid(map, alias_sid)) { + grp = getgrgid(map->gid); insert = false; } + map->nt_name = talloc_strdup(map, r->alias_name.string); + if (!map->nt_name) { + return NT_STATUS_NO_MEMORY; + } + map->comment = talloc_strdup(map, r->description.string); + if (!map->comment) { + return NT_STATUS_NO_MEMORY; + } + if (grp == NULL) { gid_t gid; /* No group found from mapping, find it from its name. */ - if ((grp = getgrnam(name)) == NULL) { + if ((grp = getgrnam(map->nt_name)) == NULL) { /* No appropriate group found, create one */ - d_printf("Creating unix group: '%s'\n", name); - if (smb_create_group(name, &gid) != 0) + d_printf("Creating unix group: '%s'\n", map->nt_name); + if (smb_create_group(map->nt_name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; if ((grp = getgrgid(gid)) == NULL) return NT_STATUS_ACCESS_DENIED; } } - map.gid = grp->gr_gid; - map.sid = alias_sid; + map->gid = grp->gr_gid; + map->sid = alias_sid; - if (dom_sid_equal(dom_sid, &global_sid_Builtin)) - map.sid_name_use = SID_NAME_WKN_GRP; - else - map.sid_name_use = SID_NAME_ALIAS; - - strlcpy(map.nt_name, name, sizeof(map.nt_name)); - strlcpy(map.comment, comment, sizeof(map.comment)); + if (dom_sid_equal(dom_sid, &global_sid_Builtin)) { + map->sid_name_use = SID_NAME_WKN_GRP; + } else { + map->sid_name_use = SID_NAME_ALIAS; + } - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); + if (insert) { + pdb_add_group_mapping_entry(map); + } else { + pdb_update_group_mapping_entry(map); + } + TALLOC_FREE(map); return NT_STATUS_OK; } diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 4c2e73befd..a02c941d8e 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1233,20 +1233,25 @@ done: static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) { - GROUP_MAP map; + GROUP_MAP *map; union unid_t id; enum lsa_SidType type; + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return false; + } + if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { bool ret; become_root(); - ret = pdb_getgrsid(&map, *psid); + ret = pdb_getgrsid(map, *psid); unbecome_root(); if (ret) { - *pgid = map.gid; + *pgid = map->gid; goto done; } DEBUG(10,("LEGACY: mapping failed for sid %s\n", @@ -1286,6 +1291,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) store_gid_sid_cache(psid, *pgid); + TALLOC_FREE(map); return true; } diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 62dcb5dedd..276e0314c8 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -591,7 +591,7 @@ bool algorithmic_pdb_rid_is_user(uint32_t rid) bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid, enum lsa_SidType *type) { - GROUP_MAP map; + GROUP_MAP *map; bool ret; /* Windows treats "MACHINE\None" as a special name for @@ -645,24 +645,32 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid, * Maybe it is a group ? */ + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return false; + } + become_root(); - ret = pdb_getgrnam(&map, name); + ret = pdb_getgrnam(map, name); unbecome_root(); if (!ret) { + TALLOC_FREE(map); return False; } /* BUILTIN groups are looked up elsewhere */ - if (!sid_check_is_in_our_domain(&map.sid)) { + if (!sid_check_is_in_our_domain(&map->sid)) { DEBUG(10, ("Found group %s (%s) not in our domain -- " - "ignoring.", name, sid_string_dbg(&map.sid))); + "ignoring.", name, sid_string_dbg(&map->sid))); + TALLOC_FREE(map); return False; } /* yes it's a mapped group */ - sid_peek_rid(&map.sid, rid); - *type = map.sid_name_use; + sid_peek_rid(&map->sid, rid); + *type = map->sid_name_use; + TALLOC_FREE(map); return True; } diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 3746da3a4f..57425349f8 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -798,16 +798,14 @@ static NTSTATUS pdb_ads_getgrfilter(struct pdb_methods *m, GROUP_MAP *map, if (str == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } - fstrcpy(map->nt_name, str); - TALLOC_FREE(str); + map->nt_name = talloc_move(map, &str); str = tldap_talloc_single_attribute(group[0], "description", talloc_tos()); if (str != NULL) { - fstrcpy(map->comment, str); - TALLOC_FREE(str); + map->comment = talloc_move(map, &str); } else { - map->comment[0] = '\0'; + map->comment = talloc_strdup(map, ""); } if (pmsg != NULL) { @@ -1017,7 +1015,7 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m, char *filter; struct tldap_message *existing; char *dn; - GROUP_MAP existing_map; + GROUP_MAP *existing_map; int rc, num_mods = 0; bool ret; NTSTATUS status; @@ -1033,8 +1031,15 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m, if (filter == NULL) { return NT_STATUS_NO_MEMORY; } - status = pdb_ads_getgrfilter(m, &existing_map, filter, + + existing_map = talloc_zero(talloc_tos(), GROUP_MAP); + if (!existing_map) { + return NT_STATUS_NO_MEMORY; + } + + status = pdb_ads_getgrfilter(m, existing_map, filter, talloc_tos(), &existing); + TALLOC_FREE(existing_map); TALLOC_FREE(filter); if (!tldap_entry_dn(existing, &dn)) { @@ -1079,7 +1084,7 @@ static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m, static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m, const struct dom_sid *sid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only) { diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 7a0279e1fb..03d9821012 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -777,32 +777,39 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, uint32_t rid) { struct dom_sid group_sid; - GROUP_MAP map; + GROUP_MAP *map; NTSTATUS status; struct group *grp; const char *grp_name; + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + /* coverity */ - map.gid = (gid_t) -1; + map->gid = (gid_t) -1; sid_compose(&group_sid, get_global_sam_sid(), rid); - if (!get_domain_group_from_sid(group_sid, &map)) { + if (!get_domain_group_from_sid(group_sid, map)) { DEBUG(10, ("Could not find group for rid %d\n", rid)); return NT_STATUS_NO_SUCH_GROUP; } /* We need the group name for the smb_delete_group later on */ - if (map.gid == (gid_t)-1) { + if (map->gid == (gid_t)-1) { return NT_STATUS_NO_SUCH_GROUP; } - grp = getgrgid(map.gid); + grp = getgrgid(map->gid); if (grp == NULL) { return NT_STATUS_NO_SUCH_GROUP; } + TALLOC_FREE(map); + /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */ grp_name = talloc_strdup(mem_ctx, grp->gr_name); @@ -847,8 +854,11 @@ NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid) return pdb->delete_group_mapping_entry(pdb, sid); } -bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, - size_t *p_num_entries, bool unix_only) +bool pdb_enum_group_mapping(const struct dom_sid *sid, + enum lsa_SidType sid_name_use, + GROUP_MAP ***pp_rmap, + size_t *p_num_entries, + bool unix_only) { struct pdb_methods *pdb = pdb_get_methods(); return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use, @@ -954,24 +964,31 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods, { struct dom_sid group_sid, member_sid; struct samu *account = NULL; - GROUP_MAP map; + GROUP_MAP *map; struct group *grp; struct passwd *pwd; const char *group_name; uid_t uid; + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + /* coverity */ - map.gid = (gid_t) -1; + map->gid = (gid_t) -1; sid_compose(&group_sid, get_global_sam_sid(), group_rid); sid_compose(&member_sid, get_global_sam_sid(), member_rid); - if (!get_domain_group_from_sid(group_sid, &map) || - (map.gid == (gid_t)-1) || - ((grp = getgrgid(map.gid)) == NULL)) { + if (!get_domain_group_from_sid(group_sid, map) || + (map->gid == (gid_t)-1) || + ((grp = getgrgid(map->gid)) == NULL)) { return NT_STATUS_NO_SUCH_GROUP; } + TALLOC_FREE(map); + group_name = talloc_strdup(mem_ctx, grp->gr_name); if (group_name == NULL) { return NT_STATUS_NO_MEMORY; @@ -1019,21 +1036,28 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods, { struct dom_sid group_sid, member_sid; struct samu *account = NULL; - GROUP_MAP map; + GROUP_MAP *map; struct group *grp; struct passwd *pwd; const char *group_name; uid_t uid; + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + sid_compose(&group_sid, get_global_sam_sid(), group_rid); sid_compose(&member_sid, get_global_sam_sid(), member_rid); - if (!get_domain_group_from_sid(group_sid, &map) || - (map.gid == (gid_t)-1) || - ((grp = getgrgid(map.gid)) == NULL)) { + if (!get_domain_group_from_sid(group_sid, map) || + (map->gid == (gid_t)-1) || + ((grp = getgrgid(map->gid)) == NULL)) { return NT_STATUS_NO_SUCH_GROUP; } + TALLOC_FREE(map); + group_name = talloc_strdup(mem_ctx, grp->gr_name); if (group_name == NULL) { return NT_STATUS_NO_MEMORY; @@ -1397,14 +1421,21 @@ static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid, static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid, struct dom_sid *sid) { - GROUP_MAP map; + GROUP_MAP *map; - if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) { - return False; + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return false; } - sid_copy(sid, &map.sid); - return True; + if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) { + TALLOC_FREE(map); + return false; + } + + sid_copy(sid, &map->sid); + TALLOC_FREE(map); + return true; } static bool pdb_default_sid_to_id(struct pdb_methods *methods, @@ -1452,21 +1483,28 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods, if (sid_check_is_in_builtin(sid) || sid_check_is_in_wellknown_domain(sid)) { /* Here we only have aliases */ - GROUP_MAP map; - if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) { + GROUP_MAP *map; + + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + ret = false; + goto done; + } + + if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) { DEBUG(10, ("Could not find map for sid %s\n", sid_string_dbg(sid))); goto done; } - if ((map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP)) { + if ((map->sid_name_use != SID_NAME_ALIAS) && + (map->sid_name_use != SID_NAME_WKN_GRP)) { DEBUG(10, ("Map for sid %s is a %s, expected an " "alias\n", sid_string_dbg(sid), - sid_type_lookup(map.sid_name_use))); + sid_type_lookup(map->sid_name_use))); goto done; } - id->gid = map.gid; + id->gid = map->gid; *type = SID_NAME_ALIAS; ret = True; goto done; @@ -1634,7 +1672,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid, union unid_t *unix_id) { struct samu *sam_account = NULL; - GROUP_MAP map; + GROUP_MAP *map = NULL; bool ret; struct dom_sid sid; @@ -1651,12 +1689,28 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid, return False; } + map = talloc_zero(mem_ctx, GROUP_MAP); + if (!map) { + return false; + } + /* BEING ROOT BLOCK */ become_root(); - if (pdb_getsampwsid(sam_account, &sid)) { + ret = pdb_getsampwsid(sam_account, &sid); + if (!ret) { + TALLOC_FREE(sam_account); + ret = pdb_getgrsid(map, sid); + } + unbecome_root(); + /* END BECOME_ROOT BLOCK */ + + if (sam_account || !ret) { + TALLOC_FREE(map); + } + + if (sam_account) { struct passwd *pw; - unbecome_root(); /* -----> EXIT BECOME_ROOT() */ *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account)); if (!*name) { TALLOC_FREE(sam_account); @@ -1678,27 +1732,25 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid, unix_id->uid = pw->pw_uid; TALLOC_FREE(pw); return True; - } - TALLOC_FREE(sam_account); - ret = pdb_getgrsid(&map, sid); - unbecome_root(); - /* END BECOME_ROOT BLOCK */ + } else if (map && (map->gid != (gid_t)-1)) { - /* do not resolve SIDs to a name unless there is a valid - gid associated with it */ + /* do not resolve SIDs to a name unless there is a valid + gid associated with it */ - if ( ret && (map.gid != (gid_t)-1) ) { - *name = talloc_strdup(mem_ctx, map.nt_name); - *psid_name_use = map.sid_name_use; + *name = talloc_steal(mem_ctx, map->nt_name); + *psid_name_use = map->sid_name_use; if ( unix_id ) { - unix_id->gid = map.gid; + unix_id->gid = map->gid; } + TALLOC_FREE(map); return True; } + TALLOC_FREE(map); + /* Windows will always map RID 513 to something. On a non-domain controller, this gets mapped to SERVER\None. */ @@ -1901,7 +1953,7 @@ static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid, } struct group_search { - GROUP_MAP *groups; + GROUP_MAP **groups; size_t num_groups, current_group; }; @@ -1910,11 +1962,13 @@ static bool next_entry_groups(struct pdb_search *s, { struct group_search *state = (struct group_search *)s->private_data; uint32_t rid; - GROUP_MAP *map = &state->groups[state->current_group]; + GROUP_MAP *map; if (state->current_group == state->num_groups) return False; + map = state->groups[state->current_group]; + sid_peek_rid(&map->sid, &rid); fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry); @@ -1927,7 +1981,7 @@ static void search_end_groups(struct pdb_search *search) { struct group_search *state = (struct group_search *)search->private_data; - SAFE_FREE(state->groups); + TALLOC_FREE(state->groups); } static bool pdb_search_grouptype(struct pdb_methods *methods, @@ -1936,7 +1990,7 @@ static bool pdb_search_grouptype(struct pdb_methods *methods, { struct group_search *state; - state = talloc(search, struct group_search); + state = talloc_zero(search, struct group_search); if (state == NULL) { DEBUG(0, ("talloc failed\n")); return False; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 3d3d16c789..dd46f8f87f 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2471,7 +2471,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid)); return false; } } - fstrcpy(map->nt_name, temp); + map->nt_name = talloc_strdup(map, temp); + if (!map->nt_name) { + TALLOC_FREE(ctx); + return false; + } TALLOC_FREE(temp); temp = smbldap_talloc_single_attribute( @@ -2487,7 +2491,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid)); return false; } } - fstrcpy(map->comment, temp); + map->comment = talloc_strdup(map, temp); + if (!map->comment) { + TALLOC_FREE(ctx); + return false; + } if (lp_parm_bool(-1, "ldapsam", "trusted", false)) { store_gid_sid_cache(&map->sid, map->gid); @@ -3470,15 +3478,15 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods, static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, const struct dom_sid *domsid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only) { - GROUP_MAP map = { 0, }; + GROUP_MAP *map = NULL; size_t entries = 0; *p_num_entries = 0; - *pp_rmap = NULL; + **pp_rmap = NULL; if (!NT_STATUS_IS_OK(ldapsam_setsamgrent(methods, False))) { DEBUG(0, ("ldapsam_enum_group_mapping: Unable to open " @@ -3486,31 +3494,44 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_ACCESS_DENIED; } - while (NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, &map))) { + while (true) { + + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, map))) { + TALLOC_FREE(map); + break; + } + if (sid_name_use != SID_NAME_UNKNOWN && - sid_name_use != map.sid_name_use) { + sid_name_use != map->sid_name_use) { DEBUG(11,("ldapsam_enum_group_mapping: group %s is " - "not of the requested type\n", map.nt_name)); + "not of the requested type\n", + map->nt_name)); continue; } - if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { + if (unix_only == ENUM_ONLY_MAPPED && map->gid == -1) { DEBUG(11,("ldapsam_enum_group_mapping: group %s is " - "non mapped\n", map.nt_name)); + "non mapped\n", map->nt_name)); continue; } - (*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); + *pp_rmap = talloc_realloc(NULL, *pp_rmap, + GROUP_MAP *, entries + 1); if (!(*pp_rmap)) { DEBUG(0,("ldapsam_enum_group_mapping: Unable to " "enlarge group map!\n")); return NT_STATUS_UNSUCCESSFUL; } - (*pp_rmap)[entries] = map; + (*pp_rmap)[entries] = talloc_move((*pp_rmap), &map); entries += 1; - } + ldapsam_endsamgrent(methods); *p_num_entries = entries; diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c index 5e680ad2a1..af252143cd 100644 --- a/source3/passdb/pdb_samba4.c +++ b/source3/passdb/pdb_samba4.c @@ -901,14 +901,22 @@ static NTSTATUS pdb_samba4_getgrfilter(struct pdb_methods *m, GROUP_MAP *map, talloc_free(tmp_ctx); return NT_STATUS_INTERNAL_DB_CORRUPTION; } - fstrcpy(map->nt_name, str); + map->nt_name = talloc_strdup(map, str); + if (!map->nt_name) { + talloc_free(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } str = ldb_msg_find_attr_as_string(msg, "description", NULL); if (str != NULL) { - fstrcpy(map->comment, str); + map->comment = talloc_strdup(map, str); } else { - map->comment[0] = '\0'; + map->comment = talloc_strdup(map, ""); + } + if (!map->comment) { + talloc_free(tmp_ctx); + return NT_STATUS_NO_MEMORY; } talloc_free(tmp_ctx); @@ -1071,7 +1079,7 @@ static NTSTATUS pdb_samba4_delete_group_mapping_entry(struct pdb_methods *m, static NTSTATUS pdb_samba4_enum_group_mapping(struct pdb_methods *m, const struct dom_sid *sid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only) { diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c index 399d7580fa..655890f807 100644 --- a/source3/passdb/pdb_wbc_sam.c +++ b/source3/passdb/pdb_wbc_sam.c @@ -228,8 +228,11 @@ static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods, static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map) { - snprintf(map->nt_name, sizeof(map->nt_name), "%s%c%s", + map->nt_name = talloc_asprintf(map, "%s%c%s", domain, *lp_winbind_separator(), name); + if (!map->nt_name) { + return false; + } map->sid_name_use = name_type; map->sid = *sid; map->gid = gid; @@ -354,7 +357,7 @@ done: static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods, const struct dom_sid *sid, enum lsa_SidType sid_name_use, - GROUP_MAP **pp_rmap, size_t *p_num_entries, + GROUP_MAP ***pp_rmap, size_t *p_num_entries, bool unix_only) { return NT_STATUS_NOT_IMPLEMENTED; diff --git a/source3/passdb/proto.h b/source3/passdb/proto.h index 36acc313f6..fc5fd9c0f5 100644 --- a/source3/passdb/proto.h +++ b/source3/passdb/proto.h @@ -229,8 +229,11 @@ NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid); NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map); NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map); NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid); -bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, - size_t *p_num_entries, bool unix_only); +bool pdb_enum_group_mapping(const struct dom_sid *sid, + enum lsa_SidType sid_name_use, + GROUP_MAP ***pp_rmap, + size_t *p_num_entries, + bool unix_only); NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, uint32_t **pp_member_rids, diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c index 48b151387a..025e82812c 100644 --- a/source3/passdb/py_passdb.c +++ b/source3/passdb/py_passdb.c @@ -1805,7 +1805,7 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args int unix_only = 0; PyObject *py_domain_sid; struct dom_sid *domain_sid = NULL; - GROUP_MAP *gmap, *group_map; + GROUP_MAP **gmap, *group_map; size_t num_entries; PyObject *py_gmap_list, *py_group_map; int i; @@ -1852,13 +1852,15 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args py_group_map = py_groupmap_new(&PyGroupmap, NULL, NULL); if (py_group_map) { group_map = pytalloc_get_ptr(py_group_map); - *group_map = gmap[i]; + *group_map = *gmap[i]; + talloc_steal(group_map, gmap[i]->nt_name); + talloc_steal(group_map, gmap[i]->comment); PyList_Append(py_gmap_list, py_group_map); } } - free(gmap); + talloc_free(gmap); talloc_free(tframe); return py_gmap_list; diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index 17f873bca9..c78f23815c 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -3023,7 +3023,8 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p, struct lsa_SetSystemAccessAccount *r) { struct lsa_info *info=NULL; - GROUP_MAP map; + NTSTATUS status; + GROUP_MAP *map; /* find the connection policy handle. */ if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info)) @@ -3037,10 +3038,19 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - if (!pdb_getgrsid(&map, info->sid)) + map = talloc_zero(p->mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_getgrsid(map, info->sid)) { + TALLOC_FREE(map); return NT_STATUS_NO_SUCH_GROUP; + } - return pdb_update_group_mapping_entry(&map); + status = pdb_update_group_mapping_entry(map); + TALLOC_FREE(map); + return status; } /*************************************************************************** diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c index 567265d323..58892b7443 100644 --- a/source3/rpc_server/samr/srv_samr_nt.c +++ b/source3/rpc_server/samr/srv_samr_nt.c @@ -5966,7 +5966,7 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p, { struct samr_group_info *ginfo; NTSTATUS status; - GROUP_MAP map; + GROUP_MAP *map; union samr_GroupInfo *info = NULL; bool ret; uint32_t attributes = SE_GROUP_MANDATORY | @@ -5982,15 +5982,21 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p, return status; } + map = talloc_zero(p->mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + become_root(); - ret = get_domain_group_from_sid(ginfo->sid, &map); + ret = get_domain_group_from_sid(ginfo->sid, map); unbecome_root(); if (!ret) return NT_STATUS_INVALID_HANDLE; - /* FIXME: map contains fstrings */ - group_name = talloc_strdup(r, map.nt_name); - group_description = talloc_strdup(r, map.comment); + group_name = talloc_move(r, &map->nt_name); + group_description = talloc_move(r, &map->comment); + + TALLOC_FREE(map); info = talloc_zero(p->mem_ctx, union samr_GroupInfo); if (!info) { @@ -6068,7 +6074,7 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p, struct samr_SetGroupInfo *r) { struct samr_group_info *ginfo; - GROUP_MAP map; + GROUP_MAP *map; NTSTATUS status; bool ret; @@ -6079,20 +6085,33 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p, return status; } + map = talloc_zero(p->mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + become_root(); - ret = get_domain_group_from_sid(ginfo->sid, &map); + ret = get_domain_group_from_sid(ginfo->sid, map); unbecome_root(); if (!ret) return NT_STATUS_NO_SUCH_GROUP; switch (r->in.level) { case 2: - fstrcpy(map.nt_name, r->in.info->name.string); + map->nt_name = talloc_strdup(map, + r->in.info->name.string); + if (!map->nt_name) { + return NT_STATUS_NO_MEMORY; + } break; case 3: break; case 4: - fstrcpy(map.comment, r->in.info->description.string); + map->comment = talloc_strdup(map, + r->in.info->description.string); + if (!map->comment) { + return NT_STATUS_NO_MEMORY; + } break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -6101,11 +6120,13 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p, /******** BEGIN SeAddUsers BLOCK *********/ become_root(); - status = pdb_update_group_mapping_entry(&map); + status = pdb_update_group_mapping_entry(map); unbecome_root(); /******** End SeAddUsers BLOCK *********/ + TALLOC_FREE(map); + if (NT_STATUS_IS_OK(status)) { force_flush_samr_cache(&ginfo->sid); } @@ -6269,7 +6290,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, { struct dom_sid info_sid; - GROUP_MAP map; + GROUP_MAP *map; struct samr_domain_info *dinfo; struct samr_group_info *ginfo; struct security_descriptor *psd = NULL; @@ -6312,13 +6333,20 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n", sid_string_dbg(&info_sid))); + map = talloc_zero(p->mem_ctx, GROUP_MAP); + if (!map) { + return NT_STATUS_NO_MEMORY; + } + /* check if that group really exists */ become_root(); - ret = get_domain_group_from_sid(info_sid, &map); + ret = get_domain_group_from_sid(info_sid, map); unbecome_root(); if (!ret) return NT_STATUS_NO_SUCH_GROUP; + TALLOC_FREE(map); + ginfo = policy_handle_create(p, r->out.group_handle, acc_granted, struct samr_group_info, &status); diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c index 09f4bfd33a..f6802f2644 100644 --- a/source3/utils/net_groupmap.c +++ b/source3/utils/net_groupmap.c @@ -33,24 +33,32 @@ **********************************************************/ static bool get_sid_from_input(struct dom_sid *sid, char *input) { - GROUP_MAP map; + GROUP_MAP *map; + + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return false; + } if (strncasecmp_m( input, "S-", 2)) { /* Perhaps its the NT group name? */ - if (!pdb_getgrnam(&map, input)) { + if (!pdb_getgrnam(map, input)) { printf(_("NT Group %s doesn't exist in mapping DB\n"), input); + TALLOC_FREE(map); return false; } else { - *sid = map.sid; + *sid = map->sid; } } else { if (!string_to_sid(sid, input)) { printf(_("converting sid %s from a string failed!\n"), input); + TALLOC_FREE(map); return false; } } + TALLOC_FREE(map); return true; } @@ -127,7 +135,7 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv) /* list a single group is given a name */ if ( ntgroup[0] || sid_string[0] ) { struct dom_sid sid; - GROUP_MAP map; + GROUP_MAP *map; if ( sid_string[0] ) strlcpy(ntgroup, sid_string, sizeof(ntgroup)); @@ -136,27 +144,39 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv) return -1; } + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return -1; + } + /* Get the current mapping from the database */ - if(!pdb_getgrsid(&map, sid)) { + if(!pdb_getgrsid(map, sid)) { d_fprintf(stderr, _("Failure to local group SID in the " "database\n")); + TALLOC_FREE(map); return -1; } - print_map_entry(&map, long_list ); + print_map_entry(map, long_list ); + TALLOC_FREE(map); } else { - GROUP_MAP *map=NULL; + GROUP_MAP **maps = NULL; + bool ok = false; /* enumerate all group mappings */ - if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED)) + ok = pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, + &maps, &entries, + ENUM_ALL_MAPPED); + if (!ok) { return -1; + } for (i=0; i<entries; i++) { - print_map_entry(&map[i], long_list); + print_map_entry(maps[i], long_list); } - SAFE_FREE(map); + TALLOC_FREE(maps); } return 0; @@ -178,7 +198,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv) uint32 rid = 0; gid_t gid; int i; - GROUP_MAP map; + GROUP_MAP *map; const char *name_type; const char add_usage_str[] = N_("net groupmap add " @@ -188,10 +208,6 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv) "[ntgroup=<string>] " "[comment=<string>]"); - ZERO_STRUCT(map); - - /* Default is domain group. */ - map.sid_name_use = SID_NAME_DOM_GRP; name_type = "domain group"; if (c->display_usage) { @@ -280,13 +296,19 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv) return -1; } - { - if (pdb_getgrgid(&map, gid)) { - d_printf(_("Unix group %s already mapped to SID %s\n"), - unixgrp, sid_string_tos(&map.sid)); - return -1; - } + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return -1; } + /* Default is domain group. */ + map->sid_name_use = SID_NAME_DOM_GRP; + if (pdb_getgrgid(map, gid)) { + d_printf(_("Unix group %s already mapped to SID %s\n"), + unixgrp, sid_string_tos(&map->sid)); + TALLOC_FREE(map); + return -1; + } + TALLOC_FREE(map); if ( (rid == 0) && (string_sid[0] == '\0') ) { d_printf(_("No rid or sid specified, choosing a RID\n")); @@ -339,7 +361,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv) static int net_groupmap_modify(struct net_context *c, int argc, const char **argv) { struct dom_sid sid; - GROUP_MAP map; + GROUP_MAP *map = NULL; fstring ntcomment = ""; fstring type = ""; fstring ntgroup = ""; @@ -430,10 +452,16 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg } } + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + return -1; + } + /* Get the current mapping from the database */ - if(!pdb_getgrsid(&map, sid)) { + if(!pdb_getgrsid(map, sid)) { d_fprintf(stderr, _("Failed to find local group SID in the database\n")); + TALLOC_FREE(map); return -1; } @@ -443,24 +471,36 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg */ if (sid_type == SID_NAME_UNKNOWN) { d_fprintf(stderr, _("Can't map to an unknown group type.\n")); + TALLOC_FREE(map); return -1; } - if (map.sid_name_use == SID_NAME_WKN_GRP) { + if (map->sid_name_use == SID_NAME_WKN_GRP) { d_fprintf(stderr, _("You can only change between domain and local " "groups.\n")); + TALLOC_FREE(map); return -1; } - map.sid_name_use=sid_type; + map->sid_name_use = sid_type; /* Change comment if new one */ - if ( ntcomment[0] ) - strlcpy(map.comment, ntcomment, sizeof(map.comment)); + if (ntcomment[0]) { + map->comment = talloc_strdup(map, ntcomment); + if (!map->comment) { + d_fprintf(stderr, _("Out of memory!\n")); + return -1; + } + } - if ( ntgroup[0] ) - strlcpy(map.nt_name, ntgroup, sizeof(map.nt_name)); + if (ntgroup[0]) { + map->nt_name = talloc_strdup(map, ntgroup); + if (!map->nt_name) { + d_fprintf(stderr, _("Out of memory!\n")); + return -1; + } + } if ( unixgrp[0] ) { gid = nametogid( unixgrp ); @@ -468,19 +508,22 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg d_fprintf(stderr, _("Unable to lookup UNIX group %s. " "Make sure the group exists.\n"), unixgrp); + TALLOC_FREE(map); return -1; } - map.gid = gid; + map->gid = gid; } - if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) { + if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not update group database\n")); + TALLOC_FREE(map); return -1; } - d_printf(_("Updated mapping entry for %s\n"), map.nt_name); + d_printf(_("Updated mapping entry for %s\n"), map->nt_name); + TALLOC_FREE(map); return 0; } @@ -552,7 +595,7 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv) { const char *ntgroup = NULL; struct group *grp = NULL; - GROUP_MAP map; + GROUP_MAP *map; bool have_map = false; if ((argc < 1) || (argc > 2) || c->display_usage) { @@ -580,13 +623,19 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv) } } - have_map = pdb_getgrnam(&map, ntgroup); + map = talloc_zero(NULL, GROUP_MAP); + if (!map) { + d_printf(_("Out of memory!\n")); + return -1; + } + + have_map = pdb_getgrnam(map, ntgroup); if (!have_map) { struct dom_sid sid; have_map = ( (strncmp(ntgroup, "S-", 2) == 0) && string_to_sid(&sid, ntgroup) && - pdb_getgrsid(&map, sid) ); + pdb_getgrsid(map, sid) ); } if (!have_map) { @@ -597,33 +646,41 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv) d_fprintf(stderr, _("Could not find group mapping for %s\n"), ntgroup); + TALLOC_FREE(map); return -1; } - map.gid = grp->gr_gid; + map->gid = grp->gr_gid; if (c->opt_rid == 0) { if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) { if ( !pdb_new_rid((uint32*)&c->opt_rid) ) { d_fprintf( stderr, _("Could not allocate new RID\n")); + TALLOC_FREE(map); return -1; } } else { - c->opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid); + c->opt_rid = algorithmic_pdb_gid_to_group_rid(map->gid); } } - sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid); + sid_compose(&map->sid, get_global_sam_sid(), c->opt_rid); - map.sid_name_use = SID_NAME_DOM_GRP; - fstrcpy(map.nt_name, ntgroup); - fstrcpy(map.comment, ""); + map->sid_name_use = SID_NAME_DOM_GRP; + map->nt_name = talloc_strdup(map, ntgroup); + map->comment = talloc_strdup(map, ""); + if (!map->nt_name || !map->comment) { + d_printf(_("Out of memory!\n")); + TALLOC_FREE(map); + return -1; + } - if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) { + if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not add mapping entry for %s\n"), ntgroup); + TALLOC_FREE(map); return -1; } } @@ -631,46 +688,59 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv) /* Now we have a mapping entry, update that stuff */ if ( c->opt_localgroup || c->opt_domaingroup ) { - if (map.sid_name_use == SID_NAME_WKN_GRP) { + if (map->sid_name_use == SID_NAME_WKN_GRP) { d_fprintf(stderr, _("Can't change type of the BUILTIN " "group %s\n"), - map.nt_name); + map->nt_name); + TALLOC_FREE(map); return -1; } } if (c->opt_localgroup) - map.sid_name_use = SID_NAME_ALIAS; + map->sid_name_use = SID_NAME_ALIAS; if (c->opt_domaingroup) - map.sid_name_use = SID_NAME_DOM_GRP; + map->sid_name_use = SID_NAME_DOM_GRP; /* The case (opt_domaingroup && opt_localgroup) was tested for above */ if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) { - fstrcpy(map.comment, c->opt_comment); + map->comment = talloc_strdup(map, c->opt_comment); + if (!map->comment) { + d_printf(_("Out of memory!\n")); + TALLOC_FREE(map); + return -1; + } } if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) { - fstrcpy(map.nt_name, c->opt_newntname); + map->nt_name = talloc_strdup(map, c->opt_newntname); + if (!map->nt_name) { + d_printf(_("Out of memory!\n")); + TALLOC_FREE(map); + return -1; + } } if (grp != NULL) - map.gid = grp->gr_gid; + map->gid = grp->gr_gid; - if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map))) { + if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) { d_fprintf(stderr, _("Could not update group mapping for %s\n"), ntgroup); + TALLOC_FREE(map); return -1; } + TALLOC_FREE(map); return 0; } static int net_groupmap_cleanup(struct net_context *c, int argc, const char **argv) { - GROUP_MAP *map = NULL; + GROUP_MAP **maps = NULL; size_t i, entries; if (c->display_usage) { @@ -682,7 +752,7 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar return 0; } - if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, + if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &maps, &entries, ENUM_ALL_MAPPED)) { d_fprintf(stderr, _("Could not list group mappings\n")); return -1; @@ -690,19 +760,19 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar for (i=0; i<entries; i++) { - if (map[i].gid == -1) - printf(_("Group %s is not mapped\n"), map[i].nt_name); + if (maps[i]->gid == -1) + printf(_("Group %s is not mapped\n"), + maps[i]->nt_name); - if (!sid_check_is_in_our_domain(&map[i].sid)) { + if (!sid_check_is_in_our_domain(&maps[i]->sid)) { printf(_("Deleting mapping for NT Group %s, sid %s\n"), - map[i].nt_name, - sid_string_tos(&map[i].sid)); - pdb_delete_group_mapping_entry(map[i].sid); + maps[i]->nt_name, + sid_string_tos(&maps[i]->sid)); + pdb_delete_group_mapping_entry(maps[i]->sid); } } - SAFE_FREE(map); - + TALLOC_FREE(maps); return 0; } diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 467e441f60..4ebd8a9e69 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -299,7 +299,7 @@ static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc, static int net_sam_set_comment(struct net_context *c, int argc, const char **argv) { - GROUP_MAP map; + GROUP_MAP *map; struct dom_sid sid; enum lsa_SidType type; const char *dom, *name; @@ -330,14 +330,24 @@ static int net_sam_set_comment(struct net_context *c, int argc, return -1; } - if (!pdb_getgrsid(&map, sid)) { + map = talloc_zero(talloc_tos(), GROUP_MAP); + if (!map) { + d_fprintf(stderr, _("Out of memory!\n")); + return -1; + } + + if (!pdb_getgrsid(map, sid)) { d_fprintf(stderr, _("Could not load group %s\n"), argv[0]); return -1; } - fstrcpy(map.comment, argv[1]); + map->comment = talloc_strdup(map, argv[1]); + if (!map->comment) { + d_fprintf(stderr, _("Out of memory!\n")); + return -1; + } - status = pdb_update_group_mapping_entry(&map); + status = pdb_update_group_mapping_entry(map); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Updating group mapping entry failed with " @@ -348,6 +358,7 @@ static int net_sam_set_comment(struct net_context *c, int argc, d_printf("Updated comment of group %s\\%s to %s\n", dom, name, argv[1]); + TALLOC_FREE(map); return 0; } @@ -807,39 +818,33 @@ static int net_sam_rights(struct net_context *c, int argc, const char **argv) * Map a unix group to a domain group */ -static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) +static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *map) { - NTSTATUS status; - GROUP_MAP map; - const char *grpname, *dom, *name; + const char *dom, *name; uint32 rid; - if (pdb_getgrgid(&map, grp->gr_gid)) { + if (pdb_getgrgid(map, grp->gr_gid)) { return NT_STATUS_GROUP_EXISTS; } - map.gid = grp->gr_gid; - grpname = grp->gr_name; + map->gid = grp->gr_gid; - if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL, + if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL, &dom, &name, NULL, NULL)) { - const char *tmp = talloc_asprintf( - talloc_tos(), "Unix Group %s", grp->gr_name); + map->nt_name = talloc_asprintf(map, "Unix Group %s", + grp->gr_name); DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n", - grpname, dom, name, tmp)); - grpname = tmp; + grp->gr_name, dom, name, map->nt_name)); } - if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL, + if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL, NULL, NULL, NULL, NULL)) { DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name)); return NT_STATUS_GROUP_EXISTS; } - fstrcpy(map.nt_name, grpname); - if (pdb_capabilities() & PDB_CAP_STORE_RIDS) { if (!pdb_new_rid(&rid)) { DEBUG(3, ("Could not get a new RID for %s\n", @@ -850,22 +855,17 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); } - sid_compose(&map.sid, get_global_sam_sid(), rid); - map.sid_name_use = SID_NAME_DOM_GRP; - fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s", - grp->gr_name)); + sid_compose(&map->sid, get_global_sam_sid(), rid); + map->sid_name_use = SID_NAME_DOM_GRP; + map->comment = talloc_asprintf(map, "Unix Group %s", grp->gr_name); - status = pdb_add_group_mapping_entry(&map); - if (NT_STATUS_IS_OK(status)) { - *pmap = map; - } - return status; + return pdb_add_group_mapping_entry(map); } static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **argv) { NTSTATUS status; - GROUP_MAP map; + GROUP_MAP *map; struct group *grp; if (argc != 1 || c->display_usage) { @@ -881,7 +881,13 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar return -1; } - status = map_unix_group(grp, &map); + map = talloc_zero(talloc_tos(), GROUP_MAP); + if (!map) { + d_fprintf(stderr, _("Out of memory!\n")); + return -1; + } + + status = map_unix_group(grp, map); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Mapping group %s failed with %s\n"), @@ -890,8 +896,9 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar } d_printf(_("Mapped unix group %s to SID %s\n"), argv[0], - sid_string_tos(&map.sid)); + sid_string_tos(&map->sid)); + TALLOC_FREE(map); return 0; } @@ -899,24 +906,17 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar * Remove a group mapping */ -static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap) +static NTSTATUS unmap_unix_group(const struct group *grp) { - GROUP_MAP map; - const char *grpname; struct dom_sid dom_sid; - map.gid = grp->gr_gid; - grpname = grp->gr_name; - - if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL, + if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL, NULL, NULL, NULL, NULL)) { DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name)); return NT_STATUS_NO_SUCH_GROUP; } - fstrcpy(map.nt_name, grpname); - - if (!pdb_gid_to_sid(map.gid, &dom_sid)) { + if (!pdb_gid_to_sid(grp->gr_gid, &dom_sid)) { return NT_STATUS_UNSUCCESSFUL; } @@ -926,7 +926,6 @@ static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap) static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **argv) { NTSTATUS status; - GROUP_MAP map; struct group *grp; if (argc != 1 || c->display_usage) { @@ -943,7 +942,7 @@ static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char ** return -1; } - status = unmap_unix_group(grp, &map); + status = unmap_unix_group(grp); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, _("Unmapping group %s failed with %s.\n"), @@ -1583,7 +1582,7 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv) char *ldap_uri = NULL; char *p; struct smbldap_state *ls; - GROUP_MAP gmap; + GROUP_MAP *gmap = NULL; struct dom_sid gsid; gid_t domusers_gid = -1; gid_t domadmins_gid = -1; @@ -1653,7 +1652,13 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv) sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_USERS); - if (!pdb_getgrsid(&gmap, gsid)) { + gmap = talloc_zero(tc, GROUP_MAP); + if (!gmap) { + d_printf(_("Out of memory!\n")); + goto failed; + } + + if (!pdb_getgrsid(gmap, gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -1710,16 +1715,16 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv) } if (is_ipa) { - if (!pdb_getgrsid(&gmap, gsid)) { + if (!pdb_getgrsid(gmap, gsid)) { d_fprintf(stderr, _("Failed to read just " "created domain group.\n")); goto failed; } else { - domusers_gid = gmap.gid; + domusers_gid = gmap->gid; } } } else { - domusers_gid = gmap.gid; + domusers_gid = gmap->gid; d_printf(_("found!\n")); } @@ -1729,7 +1734,7 @@ domu_done: sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_ADMINS); - if (!pdb_getgrsid(&gmap, gsid)) { + if (!pdb_getgrsid(gmap, gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -1786,16 +1791,16 @@ domu_done: } if (is_ipa) { - if (!pdb_getgrsid(&gmap, gsid)) { + if (!pdb_getgrsid(gmap, gsid)) { d_fprintf(stderr, _("Failed to read just " "created domain group.\n")); goto failed; } else { - domadmins_gid = gmap.gid; + domadmins_gid = gmap->gid; } } } else { - domadmins_gid = gmap.gid; + domadmins_gid = gmap->gid; d_printf(_("found!\n")); } @@ -2039,7 +2044,7 @@ doma_done: goto done; } - if (!pdb_getgrgid(&gmap, pwd->pw_gid)) { + if (!pdb_getgrgid(gmap, pwd->pw_gid)) { LDAPMod **mods = NULL; char *dn; char *uname; diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index cec65a9db7..06eed201f4 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -175,7 +175,7 @@ static int export_database (struct pdb_methods *in, static int export_groups (struct pdb_methods *in, struct pdb_methods *out) { - GROUP_MAP *maps = NULL; + GROUP_MAP **maps = NULL; size_t i, entries = 0; NTSTATUS status; @@ -188,10 +188,10 @@ static int export_groups (struct pdb_methods *in, struct pdb_methods *out) } for (i=0; i<entries; i++) { - out->add_group_mapping_entry(out, &(maps[i])); + out->add_group_mapping_entry(out, maps[i]); } - SAFE_FREE( maps ); + TALLOC_FREE(maps); return 0; } |