summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2011-09-26 17:55:47 -0400
committerGünther Deschner <gd@samba.org>2011-10-12 19:28:12 +0200
commit995d1567265be178b4e45f79ea4562a7041ffa52 (patch)
tree97eed8a77f5332f0aa73109454037e6f87250cdb /source3
parentfc320551d84508371ab1c082752515d538648f49 (diff)
downloadsamba-995d1567265be178b4e45f79ea4562a7041ffa52.tar.gz
samba-995d1567265be178b4e45f79ea4562a7041ffa52.tar.bz2
samba-995d1567265be178b4e45f79ea4562a7041ffa52.zip
s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r--source3/groupdb/mapping.c220
-rw-r--r--source3/groupdb/mapping.h2
-rw-r--r--source3/groupdb/mapping_tdb.c153
-rw-r--r--source3/groupdb/proto.h8
-rw-r--r--source3/include/mapping.h4
-rw-r--r--source3/include/passdb.h2
-rw-r--r--source3/libnet/libnet_dssync_passdb.c200
-rw-r--r--source3/libnet/libnet_samsync_passdb.c144
-rw-r--r--source3/passdb/lookup_sid.c12
-rw-r--r--source3/passdb/passdb.c20
-rw-r--r--source3/passdb/pdb_ads.c21
-rw-r--r--source3/passdb/pdb_interface.c144
-rw-r--r--source3/passdb/pdb_ldap.c47
-rw-r--r--source3/passdb/pdb_samba4.c16
-rw-r--r--source3/passdb/pdb_wbc_sam.c7
-rw-r--r--source3/passdb/proto.h7
-rw-r--r--source3/passdb/py_passdb.c8
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c16
-rw-r--r--source3/rpc_server/samr/srv_samr_nt.c52
-rw-r--r--source3/utils/net_groupmap.c190
-rw-r--r--source3/utils/net_sam.c111
-rw-r--r--source3/utils/pdbedit.c6
22 files changed, 935 insertions, 455 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 907d40fe2a..2c0fea0cb9 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -51,24 +51,48 @@ initialise first time the mapping list
****************************************************************************/
NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment)
{
- GROUP_MAP map;
+ NTSTATUS status;
+ GROUP_MAP *map;
if(!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- map.gid=gid;
- if (!string_to_sid(&map.sid, sid)) {
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ map->gid=gid;
+ if (!string_to_sid(&map->sid, sid)) {
DEBUG(0, ("string_to_sid failed: %s", sid));
- return NT_STATUS_UNSUCCESSFUL;
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ map->sid_name_use=sid_name_use;
+ map->nt_name = talloc_strdup(map, nt_name);
+ if (!map->nt_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if (comment) {
+ map->comment = talloc_strdup(map, comment);
+ } else {
+ map->comment = talloc_strdup(map, "");
+ }
+ if (!map->comment) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
- map.sid_name_use=sid_name_use;
- fstrcpy(map.nt_name, nt_name);
- fstrcpy(map.comment, comment);
+ status = pdb_add_group_mapping_entry(map);
- return pdb_add_group_mapping_entry(&map);
+done:
+ TALLOC_FREE(map);
+ return status;
}
static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members,
@@ -133,8 +157,14 @@ bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map)
sid_peek_rid( &sid, &rid );
if ( rid == DOMAIN_RID_USERS ) {
- fstrcpy( map->nt_name, "None" );
- fstrcpy( map->comment, "Ordinary Users" );
+ map->nt_name = talloc_strdup(map, "None");
+ if (!map->nt_name) {
+ return false;
+ }
+ map->comment = talloc_strdup(map, "Ordinary Users");
+ if (!map->comment) {
+ return false;
+ }
sid_copy( &map->sid, &sid );
map->sid_name_use = SID_NAME_DOM_GRP;
map->gid = (gid_t)-1;
@@ -453,9 +483,11 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
}
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
- const struct dom_sid *sid, enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap, size_t *p_num_entries,
- bool unix_only)
+ const struct dom_sid *sid,
+ enum lsa_SidType sid_name_use,
+ GROUP_MAP ***pp_rmap,
+ size_t *p_num_entries,
+ bool unix_only)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
@@ -473,7 +505,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
uint32 new_rid;
gid_t gid;
bool exists;
- GROUP_MAP map;
+ GROUP_MAP *map;
TALLOC_CTX *mem_ctx;
NTSTATUS status;
@@ -486,15 +518,16 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
NULL, NULL, &sid, &type);
- TALLOC_FREE(mem_ctx);
if (exists) {
- return NT_STATUS_ALIAS_EXISTS;
+ status = NT_STATUS_ALIAS_EXISTS;
+ goto done;
}
if (!pdb_new_rid(&new_rid)) {
DEBUG(0, ("Could not allocate a RID.\n"));
- return NT_STATUS_ACCESS_DENIED;
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
}
sid_compose(&sid, get_global_sam_sid(), new_rid);
@@ -502,29 +535,46 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
if (!winbind_allocate_gid(&gid)) {
DEBUG(3, ("Could not get a gid out of winbind - "
"wasted a rid :-(\n"));
- return NT_STATUS_ACCESS_DENIED;
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
}
DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
name, (unsigned int)gid, (unsigned int)new_rid));
- map.gid = gid;
- sid_copy(&map.sid, &sid);
- map.sid_name_use = SID_NAME_ALIAS;
- fstrcpy(map.nt_name, name);
- fstrcpy(map.comment, "");
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ map->gid = gid;
+ sid_copy(&map->sid, &sid);
+ map->sid_name_use = SID_NAME_ALIAS;
+ map->nt_name = talloc_strdup(map, name);
+ if (!map->nt_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ map->comment = talloc_strdup(map, "");
+ if (!map->comment) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
- status = pdb_add_group_mapping_entry(&map);
+ status = pdb_add_group_mapping_entry(map);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("Could not add group mapping entry for alias %s "
"(%s)\n", name, nt_errstr(status)));
- return status;
+ goto done;
}
*rid = new_rid;
- return NT_STATUS_OK;
+done:
+ TALLOC_FREE(mem_ctx);
+ return status;
}
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
@@ -537,44 +587,78 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
const struct dom_sid *sid,
struct acct_info *info)
{
- GROUP_MAP map;
+ NTSTATUS status = NT_STATUS_OK;
+ GROUP_MAP *map;
- if (!pdb_getgrsid(&map, *sid))
- return NT_STATUS_NO_SUCH_ALIAS;
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!pdb_getgrsid(map, *sid)) {
+ status = NT_STATUS_NO_SUCH_ALIAS;
+ goto done;
+ }
- if ((map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP)) {
+ if ((map->sid_name_use != SID_NAME_ALIAS) &&
+ (map->sid_name_use != SID_NAME_WKN_GRP)) {
DEBUG(2, ("%s is a %s, expected an alias\n",
sid_string_dbg(sid),
- sid_type_lookup(map.sid_name_use)));
- return NT_STATUS_NO_SUCH_ALIAS;
+ sid_type_lookup(map->sid_name_use)));
+ status = NT_STATUS_NO_SUCH_ALIAS;
+ goto done;
}
- info->acct_name = talloc_strdup(info, map.nt_name);
+ info->acct_name = talloc_move(info, &map->nt_name);
if (!info->acct_name) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
- info->acct_desc = talloc_strdup(info, map.comment);
+ info->acct_desc = talloc_move(info, &map->comment);
if (!info->acct_desc) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
- sid_peek_rid(&map.sid, &info->rid);
- return NT_STATUS_OK;
+ sid_peek_rid(&map->sid, &info->rid);
+
+done:
+ TALLOC_FREE(map);
+ return status;
}
NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
const struct dom_sid *sid,
struct acct_info *info)
{
- GROUP_MAP map;
+ NTSTATUS status = NT_STATUS_OK;
+ GROUP_MAP *map;
- if (!pdb_getgrsid(&map, *sid))
- return NT_STATUS_NO_SUCH_ALIAS;
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
- fstrcpy(map.nt_name, info->acct_name);
- fstrcpy(map.comment, info->acct_desc);
+ if (!pdb_getgrsid(map, *sid)) {
+ status = NT_STATUS_NO_SUCH_ALIAS;
+ goto done;
+ }
+
+ map->nt_name = talloc_strdup(map, info->acct_name);
+ if (!map->nt_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ map->comment = talloc_strdup(map, info->acct_desc);
+ if (!map->comment) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ status = pdb_update_group_mapping_entry(map);
- return pdb_update_group_mapping_entry(&map);
+done:
+ TALLOC_FREE(map);
+ return status;
}
NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
@@ -715,11 +799,9 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid)
struct dom_sid sid;
enum lsa_SidType type;
gid_t gid;
- GROUP_MAP map;
- TALLOC_CTX *mem_ctx;
+ GROUP_MAP *map;
NTSTATUS status;
const char *name = NULL;
- fstring groupname;
DEBUG(10, ("Trying to create builtin alias %d\n", rid));
@@ -727,40 +809,48 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid)
return NT_STATUS_NO_SUCH_ALIAS;
}
- if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
+ /* use map as overall temp mem context */
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
return NT_STATUS_NO_MEMORY;
}
- if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) {
- TALLOC_FREE( mem_ctx );
- return NT_STATUS_NO_SUCH_ALIAS;
+ if (!lookup_sid(map, &sid, NULL, &name, &type)) {
+ status = NT_STATUS_NO_SUCH_ALIAS;
+ goto done;
}
- /* validate RID so copy the name and move on */
-
- fstrcpy( groupname, name );
- TALLOC_FREE( mem_ctx );
-
if (!winbind_allocate_gid(&gid)) {
DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n"));
- return NT_STATUS_ACCESS_DENIED;
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
}
- DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid));
+ DEBUG(10, ("Creating alias %s with gid %u\n", name, (unsigned)gid));
- map.gid = gid;
- sid_copy(&map.sid, &sid);
- map.sid_name_use = SID_NAME_ALIAS;
- strlcpy(map.nt_name, groupname, sizeof(map.nt_name));
- strlcpy(map.comment, "", sizeof(map.comment));
+ map->gid = gid;
+ sid_copy(&map->sid, &sid);
+ map->sid_name_use = SID_NAME_ALIAS;
+ map->nt_name = talloc_strdup(map, name);
+ if (!map->nt_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ map->comment = talloc_strdup(map, "");
+ if (!map->comment) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
- status = pdb_add_group_mapping_entry(&map);
+ status = pdb_add_group_mapping_entry(map);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
"(%s)\n", rid, nt_errstr(status)));
}
+done:
+ TALLOC_FREE(map);
return status;
}
diff --git a/source3/groupdb/mapping.h b/source3/groupdb/mapping.h
index 045721d67e..bb6cc02ed8 100644
--- a/source3/groupdb/mapping.h
+++ b/source3/groupdb/mapping.h
@@ -45,7 +45,7 @@ struct mapping_backend {
bool (*get_group_map_from_ntname)(const char *name, GROUP_MAP *map);
bool (*group_map_remove)(const struct dom_sid *sid);
bool (*enum_group_mapping)(const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap,
+ GROUP_MAP ***pp_rmap,
size_t *p_num_entries, bool unix_only);
NTSTATUS (*one_alias_membership)(const struct dom_sid *member,
struct dom_sid **sids, size_t *num);
diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c
index 0c4b2fa405..394a2f0b22 100644
--- a/source3/groupdb/mapping_tdb.c
+++ b/source3/groupdb/mapping_tdb.c
@@ -34,7 +34,7 @@ static struct db_context *db; /* used for driver files */
static bool enum_group_mapping(const struct dom_sid *domsid,
enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap,
+ GROUP_MAP ***pp_rmap,
size_t *p_num_entries,
bool unix_only);
static bool group_map_remove(const struct dom_sid *sid);
@@ -175,6 +175,8 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
char *key;
int ret = 0;
NTSTATUS status;
+ fstring nt_name;
+ fstring comment;
/* the key is the SID, retrieving is direct */
@@ -191,7 +193,7 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
&map->gid, &map->sid_name_use,
- &map->nt_name, &map->comment);
+ &nt_name, &comment);
TALLOC_FREE(key);
@@ -202,6 +204,15 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
sid_copy(&map->sid, &sid);
+ map->nt_name = talloc_strdup(map, nt_name);
+ if (!map->nt_name) {
+ return false;
+ }
+ map->comment = talloc_strdup(map, comment);
+ if (!map->comment) {
+ return false;
+ }
+
return true;
}
@@ -209,6 +220,9 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map)
{
TDB_DATA key = dbwrap_record_get_key(rec);
TDB_DATA value = dbwrap_record_get_value(rec);
+ int ret = 0;
+ fstring nt_name;
+ fstring comment;
if ((key.dsize < strlen(GROUP_PREFIX))
|| (strncmp((char *)key.dptr, GROUP_PREFIX,
@@ -221,9 +235,25 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map)
return False;
}
- return tdb_unpack(value.dptr, value.dsize, "ddff",
- &map->gid, &map->sid_name_use, &map->nt_name,
- &map->comment) != -1;
+ ret = tdb_unpack(value.dptr, value.dsize, "ddff",
+ &map->gid, &map->sid_name_use,
+ &nt_name, &comment);
+
+ if (ret == -1) {
+ DEBUG(3, ("dbrec2map: tdb_unpack failure\n"));
+ return false;
+ }
+
+ map->nt_name = talloc_strdup(map, nt_name);
+ if (!map->nt_name) {
+ return false;
+ }
+ map->comment = talloc_strdup(map, comment);
+ if (!map->comment) {
+ return false;
+ }
+
+ return true;
}
struct find_map_state {
@@ -323,55 +353,67 @@ struct enum_map_state {
bool unix_only;
size_t num_maps;
- GROUP_MAP *maps;
+ GROUP_MAP **maps;
};
static int collect_map(struct db_record *rec, void *private_data)
{
struct enum_map_state *state = (struct enum_map_state *)private_data;
- GROUP_MAP map;
- GROUP_MAP *tmp;
+ GROUP_MAP *map;
+ GROUP_MAP **tmp;
+
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ DEBUG(0, ("Unable to allocate group map!\n"));
+ return 1;
+ }
- if (!dbrec2map(rec, &map)) {
+ if (!dbrec2map(rec, map)) {
+ TALLOC_FREE(map);
return 0;
}
/* list only the type or everything if UNKNOWN */
if (state->sid_name_use != SID_NAME_UNKNOWN
- && state->sid_name_use != map.sid_name_use) {
+ && state->sid_name_use != map->sid_name_use) {
DEBUG(11,("enum_group_mapping: group %s is not of the "
- "requested type\n", map.nt_name));
+ "requested type\n", map->nt_name));
+ TALLOC_FREE(map);
return 0;
}
- if ((state->unix_only == ENUM_ONLY_MAPPED) && (map.gid == -1)) {
+ if ((state->unix_only == ENUM_ONLY_MAPPED) && (map->gid == -1)) {
DEBUG(11,("enum_group_mapping: group %s is non mapped\n",
- map.nt_name));
+ map->nt_name));
+ TALLOC_FREE(map);
return 0;
}
if ((state->domsid != NULL) &&
- (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
+ (dom_sid_compare_domain(state->domsid, &map->sid) != 0)) {
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
- sid_string_dbg(&map.sid)));
+ sid_string_dbg(&map->sid)));
+ TALLOC_FREE(map);
return 0;
}
- if (!(tmp = SMB_REALLOC_ARRAY(state->maps, GROUP_MAP,
- state->num_maps+1))) {
+ tmp = talloc_realloc(NULL, state->maps, GROUP_MAP *,
+ state->num_maps + 1);
+ if (!tmp) {
DEBUG(0,("enum_group_mapping: Unable to enlarge group "
"map!\n"));
+ TALLOC_FREE(map);
return 1;
}
state->maps = tmp;
- state->maps[state->num_maps] = map;
+ state->maps[state->num_maps] = talloc_move(state->maps, &map);
state->num_maps++;
return 0;
}
static bool enum_group_mapping(const struct dom_sid *domsid,
enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap,
+ GROUP_MAP ***pp_rmap,
size_t *p_num_entries, bool unix_only)
{
struct enum_map_state state;
@@ -385,6 +427,7 @@ static bool enum_group_mapping(const struct dom_sid *domsid,
status = dbwrap_traverse_read(db, collect_map, (void *)&state, NULL);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(state.maps);
return false;
}
@@ -479,7 +522,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe
static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
char *key;
fstring string_sid;
char *new_memberstring;
@@ -487,12 +530,23 @@ static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *
NTSTATUS status;
TDB_DATA value;
- if (!get_group_map_from_sid(*alias, &map))
+ map = talloc_zero(talloc_tos(), GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!get_group_map_from_sid(*alias, map)) {
+ TALLOC_FREE(map);
return NT_STATUS_NO_SUCH_ALIAS;
+ }
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
+ if ((map->sid_name_use != SID_NAME_ALIAS) &&
+ (map->sid_name_use != SID_NAME_WKN_GRP)) {
+ TALLOC_FREE(map);
return NT_STATUS_NO_SUCH_ALIAS;
+ }
+
+ TALLOC_FREE(map);
if (is_aliasmem(alias, member))
return NT_STATUS_MEMBER_IN_ALIAS;
@@ -629,15 +683,26 @@ static int collect_aliasmem(struct db_record *rec, void *priv)
static NTSTATUS enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
struct dom_sid **sids, size_t *num)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
struct aliasmem_state state;
- if (!get_group_map_from_sid(*alias, &map))
+ map = talloc_zero(talloc_tos(), GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!get_group_map_from_sid(*alias, map)) {
+ TALLOC_FREE(map);
return NT_STATUS_NO_SUCH_ALIAS;
+ }
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
+ if ((map->sid_name_use != SID_NAME_ALIAS) &&
+ (map->sid_name_use != SID_NAME_WKN_GRP)) {
+ TALLOC_FREE(map);
return NT_STATUS_NO_SUCH_ALIAS;
+ }
+
+ TALLOC_FREE(map);
*sids = NULL;
*num = 0;
@@ -774,7 +839,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
TDB_DATA data, void *ptr)
{
TALLOC_CTX *tmp_ctx = talloc_tos();
- GROUP_MAP map;
+ GROUP_MAP *map = NULL;
uint8_t *p;
uint32_t format;
uint32_t num_el;
@@ -839,7 +904,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
goto failed;
}
- ZERO_STRUCT(map);
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ errno = ENOMEM;
+ goto failed;
+ }
for (i = 0; i < num_el; i++) {
uint32_t num_vals;
@@ -896,28 +965,34 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
/* we ignore unknown or uninteresting attributes
* (objectclass, etc.) */
if (strcasecmp_m(name, "gidNumber") == 0) {
- map.gid = strtoul(val, &q, 10);
+ map->gid = strtoul(val, &q, 10);
if (*q) {
errno = EIO;
goto failed;
}
} else if (strcasecmp_m(name, "sid") == 0) {
- if (!string_to_sid(&map.sid, val)) {
+ if (!string_to_sid(&map->sid, val)) {
errno = EIO;
goto failed;
}
} else if (strcasecmp_m(name, "sidNameUse") == 0) {
- map.sid_name_use = strtoul(val, &q, 10);
+ map->sid_name_use = strtoul(val, &q, 10);
if (*q) {
errno = EIO;
goto failed;
}
} else if (strcasecmp_m(name, "ntname") == 0) {
- strlcpy(map.nt_name, val,
- sizeof(map.nt_name));
+ map->nt_name = talloc_strdup(map, val);
+ if (!map->nt_name) {
+ errno = ENOMEM;
+ goto failed;
+ }
} else if (strcasecmp_m(name, "comment") == 0) {
- strlcpy(map.comment, val,
- sizeof(map.comment));
+ map->comment = talloc_strdup(map, val);
+ if (!map->comment) {
+ errno = ENOMEM;
+ goto failed;
+ }
} else if (strcasecmp_m(name, "member") == 0) {
if (!string_to_sid(&members[j], val)) {
errno = EIO;
@@ -931,7 +1006,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
TALLOC_FREE(name);
}
- if (!add_mapping_entry(&map, 0)) {
+ if (!add_mapping_entry(map, 0)) {
errno = EIO;
goto failed;
}
@@ -939,7 +1014,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
if (num_mem) {
for (j = 0; j < num_mem; j++) {
NTSTATUS status;
- status = add_aliasmem(&map.sid, &members[j]);
+ status = add_aliasmem(&map->sid, &members[j]);
if (!NT_STATUS_IS_OK(status)) {
errno = EIO;
goto failed;
@@ -952,9 +1027,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
remaining));
}
+ TALLOC_FREE(map);
return 0;
failed:
+ TALLOC_FREE(map);
return -1;
}
diff --git a/source3/groupdb/proto.h b/source3/groupdb/proto.h
index ddcdf7a3b9..75d5c3963d 100644
--- a/source3/groupdb/proto.h
+++ b/source3/groupdb/proto.h
@@ -46,9 +46,11 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
struct dom_sid sid);
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
- const struct dom_sid *sid, enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap, size_t *p_num_entries,
- bool unix_only);
+ const struct dom_sid *sid,
+ enum lsa_SidType sid_name_use,
+ GROUP_MAP ***pp_rmap,
+ size_t *p_num_entries,
+ bool unix_only);
NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
const char *name, uint32 *rid);
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
diff --git a/source3/include/mapping.h b/source3/include/mapping.h
index 7454d19af8..41275ff7ed 100644
--- a/source3/include/mapping.h
+++ b/source3/include/mapping.h
@@ -26,8 +26,8 @@ typedef struct _GROUP_MAP {
gid_t gid;
struct dom_sid sid;
enum lsa_SidType sid_name_use;
- fstring nt_name;
- fstring comment;
+ char *nt_name;
+ char *comment;
} GROUP_MAP;
#include "groupdb/proto.h"
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index ea53279d42..59eedd8563 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -375,7 +375,7 @@ struct pdb_methods
NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods,
const struct dom_sid *sid, enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap, size_t *p_num_entries,
+ GROUP_MAP ***pp_rmap, size_t *p_num_entries,
bool unix_only);
NTSTATUS (*enum_group_members)(struct pdb_methods *methods,
diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c
index be44cbaa86..b56c2d4451 100644
--- a/source3/libnet/libnet_dssync_passdb.c
+++ b/source3/libnet/libnet_dssync_passdb.c
@@ -452,7 +452,7 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
struct dom_sid member_sid;
struct samu *member = NULL;
const char *member_dn = NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
uint32_t rid;
bool is_unix_member = false;
@@ -508,19 +508,29 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
break;
}
- if (!get_domain_group_from_sid(group_sid, &map)) {
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
+ }
+
+ if (!get_domain_group_from_sid(group_sid, map)) {
DEBUG(0, ("Could not find global group %s\n",
sid_string_dbg(&group_sid)));
//return NT_STATUS_NO_SUCH_GROUP;
+ TALLOC_FREE(map);
return -1;
}
- if (!(grp = getgrgid(map.gid))) {
- DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
+ if (!(grp = getgrgid(map->gid))) {
+ DEBUG(0, ("Could not find unix group %lu\n",
+ (unsigned long)map->gid));
//return NT_STATUS_NO_SUCH_GROUP;
+ TALLOC_FREE(map);
return -1;
}
+ TALLOC_FREE(map);
+
DEBUG(0,("Group members of %s: ", grp->gr_name));
if ( !(member = samu_new(talloc_tos())) ) {
@@ -1348,7 +1358,7 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
NTSTATUS status;
fstring account;
struct samu *sam_account=NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
struct dom_sid user_sid;
struct dom_sid group_sid;
@@ -1430,14 +1440,19 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
group_sid = *pdb_get_group_sid(sam_account);
- if (!pdb_getgrsid(&map, group_sid)) {
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!pdb_getgrsid(map, group_sid)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
} else {
- if (map.gid != passwd->pw_gid) {
- if (!(grp = getgrgid(map.gid))) {
+ if (map->gid != passwd->pw_gid) {
+ if (!(grp = getgrgid(map->gid))) {
DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
- (unsigned long)map.gid, pdb_get_username(sam_account),
+ (unsigned long)map->gid, pdb_get_username(sam_account),
sid_string_dbg(&group_sid)));
} else {
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
@@ -1445,6 +1460,8 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
}
}
+ TALLOC_FREE(map);
+
if ( !passwd ) {
DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
pdb_get_username(sam_account)));
@@ -1463,14 +1480,12 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
{
struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
NTSTATUS status;
- fstring name;
- fstring comment;
struct group *grp = NULL;
struct dom_sid group_sid;
uint32_t rid = 0;
struct dom_sid *dom_sid = NULL;
fstring sid_string;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool insert = true;
const char *sAMAccountName;
@@ -1496,23 +1511,43 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
return status;
}
- fstrcpy(name, sAMAccountName);
- fstrcpy(comment, description);
-
dom_sid_split_rid(mem_ctx, &group_sid, &dom_sid, &rid);
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (map == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ map->nt_name = talloc_strdup(map, sAMAccountName);
+ if (map->nt_name == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if (description) {
+ map->comment = talloc_strdup(map, description);
+ } else {
+ map->comment = talloc_strdup(map, "");
+ }
+ if (map->comment == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
sid_to_fstring(sid_string, &group_sid);
DEBUG(0,("Creating alias[%s] - %s members[%u]\n",
- name, sid_string, num_members));
+ map->nt_name, sid_string, num_members));
status = dssync_insert_obj(pctx, pctx->aliases, obj);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
- if (pdb_getgrsid(&map, group_sid)) {
- if ( map.gid != -1 )
- grp = getgrgid(map.gid);
+ if (pdb_getgrsid(map, group_sid)) {
+ if (map->gid != -1) {
+ grp = getgrgid(map->gid);
+ }
insert = false;
}
@@ -1520,22 +1555,27 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
gid_t gid;
/* No group found from mapping, find it from its name. */
- if ((grp = getgrnam(name)) == NULL) {
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
/* No appropriate group found, create one */
- DEBUG(0,("Creating unix group: '%s'\n", name));
+ DEBUG(0, ("Creating unix group: '%s'\n",
+ map->nt_name));
- if (smb_create_group(name, &gid) != 0)
- return NT_STATUS_ACCESS_DENIED;
+ if (smb_create_group(map->nt_name, &gid) != 0) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
- if ((grp = getgrgid(gid)) == NULL)
- return NT_STATUS_ACCESS_DENIED;
+ if ((grp = getgrgid(gid)) == NULL) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
}
}
- map.gid = grp->gr_gid;
- map.sid = group_sid;
+ map->gid = grp->gr_gid;
+ map->sid = group_sid;
if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
/*
@@ -1543,23 +1583,17 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
*
* map.sid_name_use = SID_NAME_WKN_GRP;
*/
- map.sid_name_use = SID_NAME_ALIAS;
+ map->sid_name_use = SID_NAME_ALIAS;
} else {
- map.sid_name_use = SID_NAME_ALIAS;
+ map->sid_name_use = SID_NAME_ALIAS;
}
- strlcpy(map.nt_name, name, sizeof(map.nt_name));
- if (description) {
- strlcpy(map.comment, comment, sizeof(map.comment));
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
} else {
- strlcpy(map.comment, "", sizeof(map.comment));
+ pdb_update_group_mapping_entry(map);
}
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
-
for (i=0; i < num_members; i++) {
struct dssync_passdb_mem *mem;
@@ -1567,11 +1601,15 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
true /* active */,
&members[i], &mem);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
}
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(map);
+ return status;
}
/****************************************************************
@@ -1583,12 +1621,10 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
{
struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
NTSTATUS status;
- fstring name;
- fstring comment;
struct group *grp = NULL;
struct dom_sid group_sid;
fstring sid_string;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool insert = true;
const char *sAMAccountName;
@@ -1614,21 +1650,39 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
return status;
}
- fstrcpy(name, sAMAccountName);
- fstrcpy(comment, description);
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ map->nt_name = talloc_strdup(map, sAMAccountName);
+ if (!map->nt_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ if (description) {
+ map->comment = talloc_strdup(map, description);
+ } else {
+ map->comment = talloc_strdup(map, "");
+ }
+ if (!map->comment) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
sid_to_fstring(sid_string, &group_sid);
DEBUG(0,("Creating group[%s] - %s members [%u]\n",
- name, sid_string, num_members));
+ map->nt_name, sid_string, num_members));
status = dssync_insert_obj(pctx, pctx->groups, obj);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
- if (pdb_getgrsid(&map, group_sid)) {
- if ( map.gid != -1 )
- grp = getgrgid(map.gid);
+ if (pdb_getgrsid(map, group_sid)) {
+ if (map->gid != -1) {
+ grp = getgrgid(map->gid);
+ }
insert = false;
}
@@ -1636,35 +1690,35 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
gid_t gid;
/* No group found from mapping, find it from its name. */
- if ((grp = getgrnam(name)) == NULL) {
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
/* No appropriate group found, create one */
- DEBUG(0,("Creating unix group: '%s'\n", name));
+ DEBUG(0, ("Creating unix group: '%s'\n",
+ map->nt_name));
- if (smb_create_group(name, &gid) != 0)
- return NT_STATUS_ACCESS_DENIED;
+ if (smb_create_group(map->nt_name, &gid) != 0) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
- if ((grp = getgrnam(name)) == NULL)
- return NT_STATUS_ACCESS_DENIED;
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
}
}
- map.gid = grp->gr_gid;
- map.sid = group_sid;
- map.sid_name_use = SID_NAME_DOM_GRP;
- strlcpy(map.nt_name, name, sizeof(map.nt_name));
- if (description) {
- strlcpy(map.comment, comment, sizeof(map.comment));
+ map->gid = grp->gr_gid;
+ map->sid = group_sid;
+ map->sid_name_use = SID_NAME_DOM_GRP;
+
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
} else {
- strlcpy(map.comment, "", sizeof(map.comment));
+ pdb_update_group_mapping_entry(map);
}
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
-
for (i=0; i < num_members; i++) {
struct dssync_passdb_mem *mem;
@@ -1672,11 +1726,15 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
true /* active */,
&members[i], &mem);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
}
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(map);
+ return status;
}
/****************************************************************
diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c
index 0cf2ed3323..cf47934475 100644
--- a/source3/libnet/libnet_samsync_passdb.c
+++ b/source3/libnet/libnet_samsync_passdb.c
@@ -301,7 +301,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL;
fstring account;
struct samu *sam_account=NULL;
- GROUP_MAP map;
+ GROUP_MAP *map = NULL;
struct group *grp;
struct dom_sid user_sid;
struct dom_sid group_sid;
@@ -355,14 +355,19 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
group_sid = *pdb_get_group_sid(sam_account);
- if (!pdb_getgrsid(&map, group_sid)) {
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!pdb_getgrsid(map, group_sid)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
} else {
- if (map.gid != passwd->pw_gid) {
- if (!(grp = getgrgid(map.gid))) {
+ if (map->gid != passwd->pw_gid) {
+ if (!(grp = getgrgid(map->gid))) {
DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
- (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
+ (unsigned long)map->gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
} else {
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
}
@@ -376,6 +381,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
done:
TALLOC_FREE(sam_account);
+ TALLOC_FREE(map);
return nt_ret;
}
@@ -386,60 +392,65 @@ static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx,
uint32_t rid,
struct netr_DELTA_GROUP *r)
{
- fstring name;
- fstring comment;
struct group *grp = NULL;
struct dom_sid group_sid;
fstring sid_string;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool insert = true;
- fstrcpy(name, r->group_name.string);
- fstrcpy(comment, r->description.string);
-
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* add the group to the mapping table */
sid_compose(&group_sid, get_global_sam_sid(), rid);
sid_to_fstring(sid_string, &group_sid);
- if (pdb_getgrsid(&map, group_sid)) {
- if ( map.gid != -1 )
- grp = getgrgid(map.gid);
+ if (pdb_getgrsid(map, group_sid)) {
+ if (map->gid != -1) {
+ grp = getgrgid(map->gid);
+ }
insert = false;
}
+ map->nt_name = talloc_strdup(map, r->group_name.string);
+ if (!map->nt_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ map->comment = talloc_strdup(map, r->description.string);
+ if (!map->comment) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
if (grp == NULL) {
gid_t gid;
/* No group found from mapping, find it from its name. */
- if ((grp = getgrnam(name)) == NULL) {
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
/* No appropriate group found, create one */
- d_printf("Creating unix group: '%s'\n", name);
+ d_printf("Creating unix group: '%s'\n", map->nt_name);
- if (smb_create_group(name, &gid) != 0)
+ if (smb_create_group(map->nt_name, &gid) != 0)
return NT_STATUS_ACCESS_DENIED;
- if ((grp = getgrnam(name)) == NULL)
+ if ((grp = getgrnam(map->nt_name)) == NULL)
return NT_STATUS_ACCESS_DENIED;
}
}
- map.gid = grp->gr_gid;
- map.sid = group_sid;
- map.sid_name_use = SID_NAME_DOM_GRP;
- strlcpy(map.nt_name, name, sizeof(map.nt_name));
- if (r->description.string) {
- strlcpy(map.comment, comment, sizeof(map.comment));
+ map->gid = grp->gr_gid;
+ map->sid = group_sid;
+ map->sid_name_use = SID_NAME_DOM_GRP;
+
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
} else {
- strlcpy(map.comment, "", sizeof(map.comment));
+ pdb_update_group_mapping_entry(map);
}
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
-
+ TALLOC_FREE(map);
return NT_STATUS_OK;
}
@@ -454,7 +465,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
char **nt_members = NULL;
char **unix_members;
struct dom_sid group_sid;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
if (r->num_rids == 0) {
@@ -463,16 +474,26 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
sid_compose(&group_sid, get_global_sam_sid(), rid);
- if (!get_domain_group_from_sid(group_sid, &map)) {
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!get_domain_group_from_sid(group_sid, map)) {
DEBUG(0, ("Could not find global group %d\n", rid));
+ TALLOC_FREE(map);
return NT_STATUS_NO_SUCH_GROUP;
}
- if (!(grp = getgrgid(map.gid))) {
- DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
+ if (!(grp = getgrgid(map->gid))) {
+ DEBUG(0, ("Could not find unix group %lu\n",
+ (unsigned long)map->gid));
+ TALLOC_FREE(map);
return NT_STATUS_NO_SUCH_GROUP;
}
+ TALLOC_FREE(map);
+
d_printf("Group members of %s: ", grp->gr_name);
if (r->num_rids) {
@@ -575,56 +596,65 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
struct netr_DELTA_ALIAS *r,
const struct dom_sid *dom_sid)
{
- fstring name;
- fstring comment;
struct group *grp = NULL;
struct dom_sid alias_sid;
fstring sid_string;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool insert = true;
- fstrcpy(name, r->alias_name.string);
- fstrcpy(comment, r->description.string);
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
/* Find out whether the group is already mapped */
sid_compose(&alias_sid, dom_sid, rid);
sid_to_fstring(sid_string, &alias_sid);
- if (pdb_getgrsid(&map, alias_sid)) {
- grp = getgrgid(map.gid);
+ if (pdb_getgrsid(map, alias_sid)) {
+ grp = getgrgid(map->gid);
insert = false;
}
+ map->nt_name = talloc_strdup(map, r->alias_name.string);
+ if (!map->nt_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ map->comment = talloc_strdup(map, r->description.string);
+ if (!map->comment) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
if (grp == NULL) {
gid_t gid;
/* No group found from mapping, find it from its name. */
- if ((grp = getgrnam(name)) == NULL) {
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
/* No appropriate group found, create one */
- d_printf("Creating unix group: '%s'\n", name);
- if (smb_create_group(name, &gid) != 0)
+ d_printf("Creating unix group: '%s'\n", map->nt_name);
+ if (smb_create_group(map->nt_name, &gid) != 0)
return NT_STATUS_ACCESS_DENIED;
if ((grp = getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
}
}
- map.gid = grp->gr_gid;
- map.sid = alias_sid;
+ map->gid = grp->gr_gid;
+ map->sid = alias_sid;
- if (dom_sid_equal(dom_sid, &global_sid_Builtin))
- map.sid_name_use = SID_NAME_WKN_GRP;
- else
- map.sid_name_use = SID_NAME_ALIAS;
-
- strlcpy(map.nt_name, name, sizeof(map.nt_name));
- strlcpy(map.comment, comment, sizeof(map.comment));
+ if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
+ map->sid_name_use = SID_NAME_WKN_GRP;
+ } else {
+ map->sid_name_use = SID_NAME_ALIAS;
+ }
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
+ } else {
+ pdb_update_group_mapping_entry(map);
+ }
+ TALLOC_FREE(map);
return NT_STATUS_OK;
}
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 4c2e73befd..a02c941d8e 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1233,20 +1233,25 @@ done:
static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
union unid_t id;
enum lsa_SidType type;
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return false;
+ }
+
if ((sid_check_is_in_builtin(psid) ||
sid_check_is_in_wellknown_domain(psid))) {
bool ret;
become_root();
- ret = pdb_getgrsid(&map, *psid);
+ ret = pdb_getgrsid(map, *psid);
unbecome_root();
if (ret) {
- *pgid = map.gid;
+ *pgid = map->gid;
goto done;
}
DEBUG(10,("LEGACY: mapping failed for sid %s\n",
@@ -1286,6 +1291,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
store_gid_sid_cache(psid, *pgid);
+ TALLOC_FREE(map);
return true;
}
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 62dcb5dedd..276e0314c8 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -591,7 +591,7 @@ bool algorithmic_pdb_rid_is_user(uint32_t rid)
bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
enum lsa_SidType *type)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
bool ret;
/* Windows treats "MACHINE\None" as a special name for
@@ -645,24 +645,32 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
* Maybe it is a group ?
*/
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return false;
+ }
+
become_root();
- ret = pdb_getgrnam(&map, name);
+ ret = pdb_getgrnam(map, name);
unbecome_root();
if (!ret) {
+ TALLOC_FREE(map);
return False;
}
/* BUILTIN groups are looked up elsewhere */
- if (!sid_check_is_in_our_domain(&map.sid)) {
+ if (!sid_check_is_in_our_domain(&map->sid)) {
DEBUG(10, ("Found group %s (%s) not in our domain -- "
- "ignoring.", name, sid_string_dbg(&map.sid)));
+ "ignoring.", name, sid_string_dbg(&map->sid)));
+ TALLOC_FREE(map);
return False;
}
/* yes it's a mapped group */
- sid_peek_rid(&map.sid, rid);
- *type = map.sid_name_use;
+ sid_peek_rid(&map->sid, rid);
+ *type = map->sid_name_use;
+ TALLOC_FREE(map);
return True;
}
diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 3746da3a4f..57425349f8 100644
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -798,16 +798,14 @@ static NTSTATUS pdb_ads_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
if (str == NULL) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- fstrcpy(map->nt_name, str);
- TALLOC_FREE(str);
+ map->nt_name = talloc_move(map, &str);
str = tldap_talloc_single_attribute(group[0], "description",
talloc_tos());
if (str != NULL) {
- fstrcpy(map->comment, str);
- TALLOC_FREE(str);
+ map->comment = talloc_move(map, &str);
} else {
- map->comment[0] = '\0';
+ map->comment = talloc_strdup(map, "");
}
if (pmsg != NULL) {
@@ -1017,7 +1015,7 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m,
char *filter;
struct tldap_message *existing;
char *dn;
- GROUP_MAP existing_map;
+ GROUP_MAP *existing_map;
int rc, num_mods = 0;
bool ret;
NTSTATUS status;
@@ -1033,8 +1031,15 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m,
if (filter == NULL) {
return NT_STATUS_NO_MEMORY;
}
- status = pdb_ads_getgrfilter(m, &existing_map, filter,
+
+ existing_map = talloc_zero(talloc_tos(), GROUP_MAP);
+ if (!existing_map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = pdb_ads_getgrfilter(m, existing_map, filter,
talloc_tos(), &existing);
+ TALLOC_FREE(existing_map);
TALLOC_FREE(filter);
if (!tldap_entry_dn(existing, &dn)) {
@@ -1079,7 +1084,7 @@ static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m,
static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m,
const struct dom_sid *sid,
enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap,
+ GROUP_MAP ***pp_rmap,
size_t *p_num_entries,
bool unix_only)
{
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 7a0279e1fb..03d9821012 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -777,32 +777,39 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
uint32_t rid)
{
struct dom_sid group_sid;
- GROUP_MAP map;
+ GROUP_MAP *map;
NTSTATUS status;
struct group *grp;
const char *grp_name;
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* coverity */
- map.gid = (gid_t) -1;
+ map->gid = (gid_t) -1;
sid_compose(&group_sid, get_global_sam_sid(), rid);
- if (!get_domain_group_from_sid(group_sid, &map)) {
+ if (!get_domain_group_from_sid(group_sid, map)) {
DEBUG(10, ("Could not find group for rid %d\n", rid));
return NT_STATUS_NO_SUCH_GROUP;
}
/* We need the group name for the smb_delete_group later on */
- if (map.gid == (gid_t)-1) {
+ if (map->gid == (gid_t)-1) {
return NT_STATUS_NO_SUCH_GROUP;
}
- grp = getgrgid(map.gid);
+ grp = getgrgid(map->gid);
if (grp == NULL) {
return NT_STATUS_NO_SUCH_GROUP;
}
+ TALLOC_FREE(map);
+
/* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
grp_name = talloc_strdup(mem_ctx, grp->gr_name);
@@ -847,8 +854,11 @@ NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid)
return pdb->delete_group_mapping_entry(pdb, sid);
}
-bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
- size_t *p_num_entries, bool unix_only)
+bool pdb_enum_group_mapping(const struct dom_sid *sid,
+ enum lsa_SidType sid_name_use,
+ GROUP_MAP ***pp_rmap,
+ size_t *p_num_entries,
+ bool unix_only)
{
struct pdb_methods *pdb = pdb_get_methods();
return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
@@ -954,24 +964,31 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
{
struct dom_sid group_sid, member_sid;
struct samu *account = NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
struct passwd *pwd;
const char *group_name;
uid_t uid;
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* coverity */
- map.gid = (gid_t) -1;
+ map->gid = (gid_t) -1;
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
- if (!get_domain_group_from_sid(group_sid, &map) ||
- (map.gid == (gid_t)-1) ||
- ((grp = getgrgid(map.gid)) == NULL)) {
+ if (!get_domain_group_from_sid(group_sid, map) ||
+ (map->gid == (gid_t)-1) ||
+ ((grp = getgrgid(map->gid)) == NULL)) {
return NT_STATUS_NO_SUCH_GROUP;
}
+ TALLOC_FREE(map);
+
group_name = talloc_strdup(mem_ctx, grp->gr_name);
if (group_name == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -1019,21 +1036,28 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
{
struct dom_sid group_sid, member_sid;
struct samu *account = NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
struct passwd *pwd;
const char *group_name;
uid_t uid;
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
- if (!get_domain_group_from_sid(group_sid, &map) ||
- (map.gid == (gid_t)-1) ||
- ((grp = getgrgid(map.gid)) == NULL)) {
+ if (!get_domain_group_from_sid(group_sid, map) ||
+ (map->gid == (gid_t)-1) ||
+ ((grp = getgrgid(map->gid)) == NULL)) {
return NT_STATUS_NO_SUCH_GROUP;
}
+ TALLOC_FREE(map);
+
group_name = talloc_strdup(mem_ctx, grp->gr_name);
if (group_name == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -1397,14 +1421,21 @@ static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
struct dom_sid *sid)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
- if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
- return False;
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return false;
}
- sid_copy(sid, &map.sid);
- return True;
+ if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) {
+ TALLOC_FREE(map);
+ return false;
+ }
+
+ sid_copy(sid, &map->sid);
+ TALLOC_FREE(map);
+ return true;
}
static bool pdb_default_sid_to_id(struct pdb_methods *methods,
@@ -1452,21 +1483,28 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
if (sid_check_is_in_builtin(sid) ||
sid_check_is_in_wellknown_domain(sid)) {
/* Here we only have aliases */
- GROUP_MAP map;
- if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
+ GROUP_MAP *map;
+
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ ret = false;
+ goto done;
+ }
+
+ if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
DEBUG(10, ("Could not find map for sid %s\n",
sid_string_dbg(sid)));
goto done;
}
- if ((map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP)) {
+ if ((map->sid_name_use != SID_NAME_ALIAS) &&
+ (map->sid_name_use != SID_NAME_WKN_GRP)) {
DEBUG(10, ("Map for sid %s is a %s, expected an "
"alias\n", sid_string_dbg(sid),
- sid_type_lookup(map.sid_name_use)));
+ sid_type_lookup(map->sid_name_use)));
goto done;
}
- id->gid = map.gid;
+ id->gid = map->gid;
*type = SID_NAME_ALIAS;
ret = True;
goto done;
@@ -1634,7 +1672,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
union unid_t *unix_id)
{
struct samu *sam_account = NULL;
- GROUP_MAP map;
+ GROUP_MAP *map = NULL;
bool ret;
struct dom_sid sid;
@@ -1651,12 +1689,28 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
return False;
}
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (!map) {
+ return false;
+ }
+
/* BEING ROOT BLOCK */
become_root();
- if (pdb_getsampwsid(sam_account, &sid)) {
+ ret = pdb_getsampwsid(sam_account, &sid);
+ if (!ret) {
+ TALLOC_FREE(sam_account);
+ ret = pdb_getgrsid(map, sid);
+ }
+ unbecome_root();
+ /* END BECOME_ROOT BLOCK */
+
+ if (sam_account || !ret) {
+ TALLOC_FREE(map);
+ }
+
+ if (sam_account) {
struct passwd *pw;
- unbecome_root(); /* -----> EXIT BECOME_ROOT() */
*name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
if (!*name) {
TALLOC_FREE(sam_account);
@@ -1678,27 +1732,25 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
unix_id->uid = pw->pw_uid;
TALLOC_FREE(pw);
return True;
- }
- TALLOC_FREE(sam_account);
- ret = pdb_getgrsid(&map, sid);
- unbecome_root();
- /* END BECOME_ROOT BLOCK */
+ } else if (map && (map->gid != (gid_t)-1)) {
- /* do not resolve SIDs to a name unless there is a valid
- gid associated with it */
+ /* do not resolve SIDs to a name unless there is a valid
+ gid associated with it */
- if ( ret && (map.gid != (gid_t)-1) ) {
- *name = talloc_strdup(mem_ctx, map.nt_name);
- *psid_name_use = map.sid_name_use;
+ *name = talloc_steal(mem_ctx, map->nt_name);
+ *psid_name_use = map->sid_name_use;
if ( unix_id ) {
- unix_id->gid = map.gid;
+ unix_id->gid = map->gid;
}
+ TALLOC_FREE(map);
return True;
}
+ TALLOC_FREE(map);
+
/* Windows will always map RID 513 to something. On a non-domain
controller, this gets mapped to SERVER\None. */
@@ -1901,7 +1953,7 @@ static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid,
}
struct group_search {
- GROUP_MAP *groups;
+ GROUP_MAP **groups;
size_t num_groups, current_group;
};
@@ -1910,11 +1962,13 @@ static bool next_entry_groups(struct pdb_search *s,
{
struct group_search *state = (struct group_search *)s->private_data;
uint32_t rid;
- GROUP_MAP *map = &state->groups[state->current_group];
+ GROUP_MAP *map;
if (state->current_group == state->num_groups)
return False;
+ map = state->groups[state->current_group];
+
sid_peek_rid(&map->sid, &rid);
fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
@@ -1927,7 +1981,7 @@ static void search_end_groups(struct pdb_search *search)
{
struct group_search *state =
(struct group_search *)search->private_data;
- SAFE_FREE(state->groups);
+ TALLOC_FREE(state->groups);
}
static bool pdb_search_grouptype(struct pdb_methods *methods,
@@ -1936,7 +1990,7 @@ static bool pdb_search_grouptype(struct pdb_methods *methods,
{
struct group_search *state;
- state = talloc(search, struct group_search);
+ state = talloc_zero(search, struct group_search);
if (state == NULL) {
DEBUG(0, ("talloc failed\n"));
return False;
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 3d3d16c789..dd46f8f87f 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -2471,7 +2471,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid));
return false;
}
}
- fstrcpy(map->nt_name, temp);
+ map->nt_name = talloc_strdup(map, temp);
+ if (!map->nt_name) {
+ TALLOC_FREE(ctx);
+ return false;
+ }
TALLOC_FREE(temp);
temp = smbldap_talloc_single_attribute(
@@ -2487,7 +2491,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid));
return false;
}
}
- fstrcpy(map->comment, temp);
+ map->comment = talloc_strdup(map, temp);
+ if (!map->comment) {
+ TALLOC_FREE(ctx);
+ return false;
+ }
if (lp_parm_bool(-1, "ldapsam", "trusted", false)) {
store_gid_sid_cache(&map->sid, map->gid);
@@ -3470,15 +3478,15 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap,
+ GROUP_MAP ***pp_rmap,
size_t *p_num_entries,
bool unix_only)
{
- GROUP_MAP map = { 0, };
+ GROUP_MAP *map = NULL;
size_t entries = 0;
*p_num_entries = 0;
- *pp_rmap = NULL;
+ **pp_rmap = NULL;
if (!NT_STATUS_IS_OK(ldapsam_setsamgrent(methods, False))) {
DEBUG(0, ("ldapsam_enum_group_mapping: Unable to open "
@@ -3486,31 +3494,44 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
return NT_STATUS_ACCESS_DENIED;
}
- while (NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, &map))) {
+ while (true) {
+
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, map))) {
+ TALLOC_FREE(map);
+ break;
+ }
+
if (sid_name_use != SID_NAME_UNKNOWN &&
- sid_name_use != map.sid_name_use) {
+ sid_name_use != map->sid_name_use) {
DEBUG(11,("ldapsam_enum_group_mapping: group %s is "
- "not of the requested type\n", map.nt_name));
+ "not of the requested type\n",
+ map->nt_name));
continue;
}
- if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
+ if (unix_only == ENUM_ONLY_MAPPED && map->gid == -1) {
DEBUG(11,("ldapsam_enum_group_mapping: group %s is "
- "non mapped\n", map.nt_name));
+ "non mapped\n", map->nt_name));
continue;
}
- (*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
+ *pp_rmap = talloc_realloc(NULL, *pp_rmap,
+ GROUP_MAP *, entries + 1);
if (!(*pp_rmap)) {
DEBUG(0,("ldapsam_enum_group_mapping: Unable to "
"enlarge group map!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- (*pp_rmap)[entries] = map;
+ (*pp_rmap)[entries] = talloc_move((*pp_rmap), &map);
entries += 1;
-
}
+
ldapsam_endsamgrent(methods);
*p_num_entries = entries;
diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c
index 5e680ad2a1..af252143cd 100644
--- a/source3/passdb/pdb_samba4.c
+++ b/source3/passdb/pdb_samba4.c
@@ -901,14 +901,22 @@ static NTSTATUS pdb_samba4_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
talloc_free(tmp_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- fstrcpy(map->nt_name, str);
+ map->nt_name = talloc_strdup(map, str);
+ if (!map->nt_name) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
str = ldb_msg_find_attr_as_string(msg, "description",
NULL);
if (str != NULL) {
- fstrcpy(map->comment, str);
+ map->comment = talloc_strdup(map, str);
} else {
- map->comment[0] = '\0';
+ map->comment = talloc_strdup(map, "");
+ }
+ if (!map->comment) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
}
talloc_free(tmp_ctx);
@@ -1071,7 +1079,7 @@ static NTSTATUS pdb_samba4_delete_group_mapping_entry(struct pdb_methods *m,
static NTSTATUS pdb_samba4_enum_group_mapping(struct pdb_methods *m,
const struct dom_sid *sid,
enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap,
+ GROUP_MAP ***pp_rmap,
size_t *p_num_entries,
bool unix_only)
{
diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
index 399d7580fa..655890f807 100644
--- a/source3/passdb/pdb_wbc_sam.c
+++ b/source3/passdb/pdb_wbc_sam.c
@@ -228,8 +228,11 @@ static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map)
{
- snprintf(map->nt_name, sizeof(map->nt_name), "%s%c%s",
+ map->nt_name = talloc_asprintf(map, "%s%c%s",
domain, *lp_winbind_separator(), name);
+ if (!map->nt_name) {
+ return false;
+ }
map->sid_name_use = name_type;
map->sid = *sid;
map->gid = gid;
@@ -354,7 +357,7 @@ done:
static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods,
const struct dom_sid *sid, enum lsa_SidType sid_name_use,
- GROUP_MAP **pp_rmap, size_t *p_num_entries,
+ GROUP_MAP ***pp_rmap, size_t *p_num_entries,
bool unix_only)
{
return NT_STATUS_NOT_IMPLEMENTED;
diff --git a/source3/passdb/proto.h b/source3/passdb/proto.h
index 36acc313f6..fc5fd9c0f5 100644
--- a/source3/passdb/proto.h
+++ b/source3/passdb/proto.h
@@ -229,8 +229,11 @@ NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid);
NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map);
NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map);
NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid);
-bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
- size_t *p_num_entries, bool unix_only);
+bool pdb_enum_group_mapping(const struct dom_sid *sid,
+ enum lsa_SidType sid_name_use,
+ GROUP_MAP ***pp_rmap,
+ size_t *p_num_entries,
+ bool unix_only);
NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
uint32_t **pp_member_rids,
diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
index 48b151387a..025e82812c 100644
--- a/source3/passdb/py_passdb.c
+++ b/source3/passdb/py_passdb.c
@@ -1805,7 +1805,7 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args
int unix_only = 0;
PyObject *py_domain_sid;
struct dom_sid *domain_sid = NULL;
- GROUP_MAP *gmap, *group_map;
+ GROUP_MAP **gmap, *group_map;
size_t num_entries;
PyObject *py_gmap_list, *py_group_map;
int i;
@@ -1852,13 +1852,15 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args
py_group_map = py_groupmap_new(&PyGroupmap, NULL, NULL);
if (py_group_map) {
group_map = pytalloc_get_ptr(py_group_map);
- *group_map = gmap[i];
+ *group_map = *gmap[i];
+ talloc_steal(group_map, gmap[i]->nt_name);
+ talloc_steal(group_map, gmap[i]->comment);
PyList_Append(py_gmap_list, py_group_map);
}
}
- free(gmap);
+ talloc_free(gmap);
talloc_free(tframe);
return py_gmap_list;
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 17f873bca9..c78f23815c 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -3023,7 +3023,8 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p,
struct lsa_SetSystemAccessAccount *r)
{
struct lsa_info *info=NULL;
- GROUP_MAP map;
+ NTSTATUS status;
+ GROUP_MAP *map;
/* find the connection policy handle. */
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
@@ -3037,10 +3038,19 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- if (!pdb_getgrsid(&map, info->sid))
+ map = talloc_zero(p->mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!pdb_getgrsid(map, info->sid)) {
+ TALLOC_FREE(map);
return NT_STATUS_NO_SUCH_GROUP;
+ }
- return pdb_update_group_mapping_entry(&map);
+ status = pdb_update_group_mapping_entry(map);
+ TALLOC_FREE(map);
+ return status;
}
/***************************************************************************
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 567265d323..58892b7443 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -5966,7 +5966,7 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p,
{
struct samr_group_info *ginfo;
NTSTATUS status;
- GROUP_MAP map;
+ GROUP_MAP *map;
union samr_GroupInfo *info = NULL;
bool ret;
uint32_t attributes = SE_GROUP_MANDATORY |
@@ -5982,15 +5982,21 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p,
return status;
}
+ map = talloc_zero(p->mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
become_root();
- ret = get_domain_group_from_sid(ginfo->sid, &map);
+ ret = get_domain_group_from_sid(ginfo->sid, map);
unbecome_root();
if (!ret)
return NT_STATUS_INVALID_HANDLE;
- /* FIXME: map contains fstrings */
- group_name = talloc_strdup(r, map.nt_name);
- group_description = talloc_strdup(r, map.comment);
+ group_name = talloc_move(r, &map->nt_name);
+ group_description = talloc_move(r, &map->comment);
+
+ TALLOC_FREE(map);
info = talloc_zero(p->mem_ctx, union samr_GroupInfo);
if (!info) {
@@ -6068,7 +6074,7 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
struct samr_SetGroupInfo *r)
{
struct samr_group_info *ginfo;
- GROUP_MAP map;
+ GROUP_MAP *map;
NTSTATUS status;
bool ret;
@@ -6079,20 +6085,33 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
return status;
}
+ map = talloc_zero(p->mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
become_root();
- ret = get_domain_group_from_sid(ginfo->sid, &map);
+ ret = get_domain_group_from_sid(ginfo->sid, map);
unbecome_root();
if (!ret)
return NT_STATUS_NO_SUCH_GROUP;
switch (r->in.level) {
case 2:
- fstrcpy(map.nt_name, r->in.info->name.string);
+ map->nt_name = talloc_strdup(map,
+ r->in.info->name.string);
+ if (!map->nt_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
break;
case 3:
break;
case 4:
- fstrcpy(map.comment, r->in.info->description.string);
+ map->comment = talloc_strdup(map,
+ r->in.info->description.string);
+ if (!map->comment) {
+ return NT_STATUS_NO_MEMORY;
+ }
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
@@ -6101,11 +6120,13 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
/******** BEGIN SeAddUsers BLOCK *********/
become_root();
- status = pdb_update_group_mapping_entry(&map);
+ status = pdb_update_group_mapping_entry(map);
unbecome_root();
/******** End SeAddUsers BLOCK *********/
+ TALLOC_FREE(map);
+
if (NT_STATUS_IS_OK(status)) {
force_flush_samr_cache(&ginfo->sid);
}
@@ -6269,7 +6290,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
{
struct dom_sid info_sid;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct samr_domain_info *dinfo;
struct samr_group_info *ginfo;
struct security_descriptor *psd = NULL;
@@ -6312,13 +6333,20 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n",
sid_string_dbg(&info_sid)));
+ map = talloc_zero(p->mem_ctx, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* check if that group really exists */
become_root();
- ret = get_domain_group_from_sid(info_sid, &map);
+ ret = get_domain_group_from_sid(info_sid, map);
unbecome_root();
if (!ret)
return NT_STATUS_NO_SUCH_GROUP;
+ TALLOC_FREE(map);
+
ginfo = policy_handle_create(p, r->out.group_handle,
acc_granted,
struct samr_group_info, &status);
diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index 09f4bfd33a..f6802f2644 100644
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -33,24 +33,32 @@
**********************************************************/
static bool get_sid_from_input(struct dom_sid *sid, char *input)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
+
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return false;
+ }
if (strncasecmp_m( input, "S-", 2)) {
/* Perhaps its the NT group name? */
- if (!pdb_getgrnam(&map, input)) {
+ if (!pdb_getgrnam(map, input)) {
printf(_("NT Group %s doesn't exist in mapping DB\n"),
input);
+ TALLOC_FREE(map);
return false;
} else {
- *sid = map.sid;
+ *sid = map->sid;
}
} else {
if (!string_to_sid(sid, input)) {
printf(_("converting sid %s from a string failed!\n"),
input);
+ TALLOC_FREE(map);
return false;
}
}
+ TALLOC_FREE(map);
return true;
}
@@ -127,7 +135,7 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
/* list a single group is given a name */
if ( ntgroup[0] || sid_string[0] ) {
struct dom_sid sid;
- GROUP_MAP map;
+ GROUP_MAP *map;
if ( sid_string[0] )
strlcpy(ntgroup, sid_string, sizeof(ntgroup));
@@ -136,27 +144,39 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
return -1;
}
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
+ }
+
/* Get the current mapping from the database */
- if(!pdb_getgrsid(&map, sid)) {
+ if(!pdb_getgrsid(map, sid)) {
d_fprintf(stderr,
_("Failure to local group SID in the "
"database\n"));
+ TALLOC_FREE(map);
return -1;
}
- print_map_entry(&map, long_list );
+ print_map_entry(map, long_list );
+ TALLOC_FREE(map);
}
else {
- GROUP_MAP *map=NULL;
+ GROUP_MAP **maps = NULL;
+ bool ok = false;
/* enumerate all group mappings */
- if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))
+ ok = pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN,
+ &maps, &entries,
+ ENUM_ALL_MAPPED);
+ if (!ok) {
return -1;
+ }
for (i=0; i<entries; i++) {
- print_map_entry(&map[i], long_list);
+ print_map_entry(maps[i], long_list);
}
- SAFE_FREE(map);
+ TALLOC_FREE(maps);
}
return 0;
@@ -178,7 +198,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
uint32 rid = 0;
gid_t gid;
int i;
- GROUP_MAP map;
+ GROUP_MAP *map;
const char *name_type;
const char add_usage_str[] = N_("net groupmap add "
@@ -188,10 +208,6 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
"[ntgroup=<string>] "
"[comment=<string>]");
- ZERO_STRUCT(map);
-
- /* Default is domain group. */
- map.sid_name_use = SID_NAME_DOM_GRP;
name_type = "domain group";
if (c->display_usage) {
@@ -280,13 +296,19 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
return -1;
}
- {
- if (pdb_getgrgid(&map, gid)) {
- d_printf(_("Unix group %s already mapped to SID %s\n"),
- unixgrp, sid_string_tos(&map.sid));
- return -1;
- }
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
}
+ /* Default is domain group. */
+ map->sid_name_use = SID_NAME_DOM_GRP;
+ if (pdb_getgrgid(map, gid)) {
+ d_printf(_("Unix group %s already mapped to SID %s\n"),
+ unixgrp, sid_string_tos(&map->sid));
+ TALLOC_FREE(map);
+ return -1;
+ }
+ TALLOC_FREE(map);
if ( (rid == 0) && (string_sid[0] == '\0') ) {
d_printf(_("No rid or sid specified, choosing a RID\n"));
@@ -339,7 +361,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
static int net_groupmap_modify(struct net_context *c, int argc, const char **argv)
{
struct dom_sid sid;
- GROUP_MAP map;
+ GROUP_MAP *map = NULL;
fstring ntcomment = "";
fstring type = "";
fstring ntgroup = "";
@@ -430,10 +452,16 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
}
}
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
+ }
+
/* Get the current mapping from the database */
- if(!pdb_getgrsid(&map, sid)) {
+ if(!pdb_getgrsid(map, sid)) {
d_fprintf(stderr,
_("Failed to find local group SID in the database\n"));
+ TALLOC_FREE(map);
return -1;
}
@@ -443,24 +471,36 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
*/
if (sid_type == SID_NAME_UNKNOWN) {
d_fprintf(stderr, _("Can't map to an unknown group type.\n"));
+ TALLOC_FREE(map);
return -1;
}
- if (map.sid_name_use == SID_NAME_WKN_GRP) {
+ if (map->sid_name_use == SID_NAME_WKN_GRP) {
d_fprintf(stderr,
_("You can only change between domain and local "
"groups.\n"));
+ TALLOC_FREE(map);
return -1;
}
- map.sid_name_use=sid_type;
+ map->sid_name_use = sid_type;
/* Change comment if new one */
- if ( ntcomment[0] )
- strlcpy(map.comment, ntcomment, sizeof(map.comment));
+ if (ntcomment[0]) {
+ map->comment = talloc_strdup(map, ntcomment);
+ if (!map->comment) {
+ d_fprintf(stderr, _("Out of memory!\n"));
+ return -1;
+ }
+ }
- if ( ntgroup[0] )
- strlcpy(map.nt_name, ntgroup, sizeof(map.nt_name));
+ if (ntgroup[0]) {
+ map->nt_name = talloc_strdup(map, ntgroup);
+ if (!map->nt_name) {
+ d_fprintf(stderr, _("Out of memory!\n"));
+ return -1;
+ }
+ }
if ( unixgrp[0] ) {
gid = nametogid( unixgrp );
@@ -468,19 +508,22 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
d_fprintf(stderr, _("Unable to lookup UNIX group %s. "
"Make sure the group exists.\n"),
unixgrp);
+ TALLOC_FREE(map);
return -1;
}
- map.gid = gid;
+ map->gid = gid;
}
- if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
+ if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
d_fprintf(stderr, _("Could not update group database\n"));
+ TALLOC_FREE(map);
return -1;
}
- d_printf(_("Updated mapping entry for %s\n"), map.nt_name);
+ d_printf(_("Updated mapping entry for %s\n"), map->nt_name);
+ TALLOC_FREE(map);
return 0;
}
@@ -552,7 +595,7 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
{
const char *ntgroup = NULL;
struct group *grp = NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool have_map = false;
if ((argc < 1) || (argc > 2) || c->display_usage) {
@@ -580,13 +623,19 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
}
}
- have_map = pdb_getgrnam(&map, ntgroup);
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ d_printf(_("Out of memory!\n"));
+ return -1;
+ }
+
+ have_map = pdb_getgrnam(map, ntgroup);
if (!have_map) {
struct dom_sid sid;
have_map = ( (strncmp(ntgroup, "S-", 2) == 0) &&
string_to_sid(&sid, ntgroup) &&
- pdb_getgrsid(&map, sid) );
+ pdb_getgrsid(map, sid) );
}
if (!have_map) {
@@ -597,33 +646,41 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
d_fprintf(stderr,
_("Could not find group mapping for %s\n"),
ntgroup);
+ TALLOC_FREE(map);
return -1;
}
- map.gid = grp->gr_gid;
+ map->gid = grp->gr_gid;
if (c->opt_rid == 0) {
if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) {
if ( !pdb_new_rid((uint32*)&c->opt_rid) ) {
d_fprintf( stderr,
_("Could not allocate new RID\n"));
+ TALLOC_FREE(map);
return -1;
}
} else {
- c->opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid);
+ c->opt_rid = algorithmic_pdb_gid_to_group_rid(map->gid);
}
}
- sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid);
+ sid_compose(&map->sid, get_global_sam_sid(), c->opt_rid);
- map.sid_name_use = SID_NAME_DOM_GRP;
- fstrcpy(map.nt_name, ntgroup);
- fstrcpy(map.comment, "");
+ map->sid_name_use = SID_NAME_DOM_GRP;
+ map->nt_name = talloc_strdup(map, ntgroup);
+ map->comment = talloc_strdup(map, "");
+ if (!map->nt_name || !map->comment) {
+ d_printf(_("Out of memory!\n"));
+ TALLOC_FREE(map);
+ return -1;
+ }
- if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
+ if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(map))) {
d_fprintf(stderr,
_("Could not add mapping entry for %s\n"),
ntgroup);
+ TALLOC_FREE(map);
return -1;
}
}
@@ -631,46 +688,59 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
/* Now we have a mapping entry, update that stuff */
if ( c->opt_localgroup || c->opt_domaingroup ) {
- if (map.sid_name_use == SID_NAME_WKN_GRP) {
+ if (map->sid_name_use == SID_NAME_WKN_GRP) {
d_fprintf(stderr,
_("Can't change type of the BUILTIN "
"group %s\n"),
- map.nt_name);
+ map->nt_name);
+ TALLOC_FREE(map);
return -1;
}
}
if (c->opt_localgroup)
- map.sid_name_use = SID_NAME_ALIAS;
+ map->sid_name_use = SID_NAME_ALIAS;
if (c->opt_domaingroup)
- map.sid_name_use = SID_NAME_DOM_GRP;
+ map->sid_name_use = SID_NAME_DOM_GRP;
/* The case (opt_domaingroup && opt_localgroup) was tested for above */
if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) {
- fstrcpy(map.comment, c->opt_comment);
+ map->comment = talloc_strdup(map, c->opt_comment);
+ if (!map->comment) {
+ d_printf(_("Out of memory!\n"));
+ TALLOC_FREE(map);
+ return -1;
+ }
}
if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) {
- fstrcpy(map.nt_name, c->opt_newntname);
+ map->nt_name = talloc_strdup(map, c->opt_newntname);
+ if (!map->nt_name) {
+ d_printf(_("Out of memory!\n"));
+ TALLOC_FREE(map);
+ return -1;
+ }
}
if (grp != NULL)
- map.gid = grp->gr_gid;
+ map->gid = grp->gr_gid;
- if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map))) {
+ if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
d_fprintf(stderr, _("Could not update group mapping for %s\n"),
ntgroup);
+ TALLOC_FREE(map);
return -1;
}
+ TALLOC_FREE(map);
return 0;
}
static int net_groupmap_cleanup(struct net_context *c, int argc, const char **argv)
{
- GROUP_MAP *map = NULL;
+ GROUP_MAP **maps = NULL;
size_t i, entries;
if (c->display_usage) {
@@ -682,7 +752,7 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar
return 0;
}
- if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries,
+ if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &maps, &entries,
ENUM_ALL_MAPPED)) {
d_fprintf(stderr, _("Could not list group mappings\n"));
return -1;
@@ -690,19 +760,19 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar
for (i=0; i<entries; i++) {
- if (map[i].gid == -1)
- printf(_("Group %s is not mapped\n"), map[i].nt_name);
+ if (maps[i]->gid == -1)
+ printf(_("Group %s is not mapped\n"),
+ maps[i]->nt_name);
- if (!sid_check_is_in_our_domain(&map[i].sid)) {
+ if (!sid_check_is_in_our_domain(&maps[i]->sid)) {
printf(_("Deleting mapping for NT Group %s, sid %s\n"),
- map[i].nt_name,
- sid_string_tos(&map[i].sid));
- pdb_delete_group_mapping_entry(map[i].sid);
+ maps[i]->nt_name,
+ sid_string_tos(&maps[i]->sid));
+ pdb_delete_group_mapping_entry(maps[i]->sid);
}
}
- SAFE_FREE(map);
-
+ TALLOC_FREE(maps);
return 0;
}
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 467e441f60..4ebd8a9e69 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -299,7 +299,7 @@ static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc,
static int net_sam_set_comment(struct net_context *c, int argc,
const char **argv)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
struct dom_sid sid;
enum lsa_SidType type;
const char *dom, *name;
@@ -330,14 +330,24 @@ static int net_sam_set_comment(struct net_context *c, int argc,
return -1;
}
- if (!pdb_getgrsid(&map, sid)) {
+ map = talloc_zero(talloc_tos(), GROUP_MAP);
+ if (!map) {
+ d_fprintf(stderr, _("Out of memory!\n"));
+ return -1;
+ }
+
+ if (!pdb_getgrsid(map, sid)) {
d_fprintf(stderr, _("Could not load group %s\n"), argv[0]);
return -1;
}
- fstrcpy(map.comment, argv[1]);
+ map->comment = talloc_strdup(map, argv[1]);
+ if (!map->comment) {
+ d_fprintf(stderr, _("Out of memory!\n"));
+ return -1;
+ }
- status = pdb_update_group_mapping_entry(&map);
+ status = pdb_update_group_mapping_entry(map);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Updating group mapping entry failed with "
@@ -348,6 +358,7 @@ static int net_sam_set_comment(struct net_context *c, int argc,
d_printf("Updated comment of group %s\\%s to %s\n", dom, name,
argv[1]);
+ TALLOC_FREE(map);
return 0;
}
@@ -807,39 +818,33 @@ static int net_sam_rights(struct net_context *c, int argc, const char **argv)
* Map a unix group to a domain group
*/
-static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
+static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *map)
{
- NTSTATUS status;
- GROUP_MAP map;
- const char *grpname, *dom, *name;
+ const char *dom, *name;
uint32 rid;
- if (pdb_getgrgid(&map, grp->gr_gid)) {
+ if (pdb_getgrgid(map, grp->gr_gid)) {
return NT_STATUS_GROUP_EXISTS;
}
- map.gid = grp->gr_gid;
- grpname = grp->gr_name;
+ map->gid = grp->gr_gid;
- if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+ if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
&dom, &name, NULL, NULL)) {
- const char *tmp = talloc_asprintf(
- talloc_tos(), "Unix Group %s", grp->gr_name);
+ map->nt_name = talloc_asprintf(map, "Unix Group %s",
+ grp->gr_name);
DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
- grpname, dom, name, tmp));
- grpname = tmp;
+ grp->gr_name, dom, name, map->nt_name));
}
- if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+ if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, NULL)) {
DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
return NT_STATUS_GROUP_EXISTS;
}
- fstrcpy(map.nt_name, grpname);
-
if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
if (!pdb_new_rid(&rid)) {
DEBUG(3, ("Could not get a new RID for %s\n",
@@ -850,22 +855,17 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
}
- sid_compose(&map.sid, get_global_sam_sid(), rid);
- map.sid_name_use = SID_NAME_DOM_GRP;
- fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s",
- grp->gr_name));
+ sid_compose(&map->sid, get_global_sam_sid(), rid);
+ map->sid_name_use = SID_NAME_DOM_GRP;
+ map->comment = talloc_asprintf(map, "Unix Group %s", grp->gr_name);
- status = pdb_add_group_mapping_entry(&map);
- if (NT_STATUS_IS_OK(status)) {
- *pmap = map;
- }
- return status;
+ return pdb_add_group_mapping_entry(map);
}
static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **argv)
{
NTSTATUS status;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
if (argc != 1 || c->display_usage) {
@@ -881,7 +881,13 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
return -1;
}
- status = map_unix_group(grp, &map);
+ map = talloc_zero(talloc_tos(), GROUP_MAP);
+ if (!map) {
+ d_fprintf(stderr, _("Out of memory!\n"));
+ return -1;
+ }
+
+ status = map_unix_group(grp, map);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Mapping group %s failed with %s\n"),
@@ -890,8 +896,9 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
}
d_printf(_("Mapped unix group %s to SID %s\n"), argv[0],
- sid_string_tos(&map.sid));
+ sid_string_tos(&map->sid));
+ TALLOC_FREE(map);
return 0;
}
@@ -899,24 +906,17 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
* Remove a group mapping
*/
-static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
+static NTSTATUS unmap_unix_group(const struct group *grp)
{
- GROUP_MAP map;
- const char *grpname;
struct dom_sid dom_sid;
- map.gid = grp->gr_gid;
- grpname = grp->gr_name;
-
- if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+ if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
NULL, NULL, NULL, NULL)) {
DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name));
return NT_STATUS_NO_SUCH_GROUP;
}
- fstrcpy(map.nt_name, grpname);
-
- if (!pdb_gid_to_sid(map.gid, &dom_sid)) {
+ if (!pdb_gid_to_sid(grp->gr_gid, &dom_sid)) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -926,7 +926,6 @@ static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **argv)
{
NTSTATUS status;
- GROUP_MAP map;
struct group *grp;
if (argc != 1 || c->display_usage) {
@@ -943,7 +942,7 @@ static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **
return -1;
}
- status = unmap_unix_group(grp, &map);
+ status = unmap_unix_group(grp);
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, _("Unmapping group %s failed with %s.\n"),
@@ -1583,7 +1582,7 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
char *ldap_uri = NULL;
char *p;
struct smbldap_state *ls;
- GROUP_MAP gmap;
+ GROUP_MAP *gmap = NULL;
struct dom_sid gsid;
gid_t domusers_gid = -1;
gid_t domadmins_gid = -1;
@@ -1653,7 +1652,13 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_USERS);
- if (!pdb_getgrsid(&gmap, gsid)) {
+ gmap = talloc_zero(tc, GROUP_MAP);
+ if (!gmap) {
+ d_printf(_("Out of memory!\n"));
+ goto failed;
+ }
+
+ if (!pdb_getgrsid(gmap, gsid)) {
LDAPMod **mods = NULL;
char *dn;
char *uname;
@@ -1710,16 +1715,16 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
}
if (is_ipa) {
- if (!pdb_getgrsid(&gmap, gsid)) {
+ if (!pdb_getgrsid(gmap, gsid)) {
d_fprintf(stderr, _("Failed to read just "
"created domain group.\n"));
goto failed;
} else {
- domusers_gid = gmap.gid;
+ domusers_gid = gmap->gid;
}
}
} else {
- domusers_gid = gmap.gid;
+ domusers_gid = gmap->gid;
d_printf(_("found!\n"));
}
@@ -1729,7 +1734,7 @@ domu_done:
sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
- if (!pdb_getgrsid(&gmap, gsid)) {
+ if (!pdb_getgrsid(gmap, gsid)) {
LDAPMod **mods = NULL;
char *dn;
char *uname;
@@ -1786,16 +1791,16 @@ domu_done:
}
if (is_ipa) {
- if (!pdb_getgrsid(&gmap, gsid)) {
+ if (!pdb_getgrsid(gmap, gsid)) {
d_fprintf(stderr, _("Failed to read just "
"created domain group.\n"));
goto failed;
} else {
- domadmins_gid = gmap.gid;
+ domadmins_gid = gmap->gid;
}
}
} else {
- domadmins_gid = gmap.gid;
+ domadmins_gid = gmap->gid;
d_printf(_("found!\n"));
}
@@ -2039,7 +2044,7 @@ doma_done:
goto done;
}
- if (!pdb_getgrgid(&gmap, pwd->pw_gid)) {
+ if (!pdb_getgrgid(gmap, pwd->pw_gid)) {
LDAPMod **mods = NULL;
char *dn;
char *uname;
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index cec65a9db7..06eed201f4 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -175,7 +175,7 @@ static int export_database (struct pdb_methods *in,
static int export_groups (struct pdb_methods *in, struct pdb_methods *out)
{
- GROUP_MAP *maps = NULL;
+ GROUP_MAP **maps = NULL;
size_t i, entries = 0;
NTSTATUS status;
@@ -188,10 +188,10 @@ static int export_groups (struct pdb_methods *in, struct pdb_methods *out)
}
for (i=0; i<entries; i++) {
- out->add_group_mapping_entry(out, &(maps[i]));
+ out->add_group_mapping_entry(out, maps[i]);
}
- SAFE_FREE( maps );
+ TALLOC_FREE(maps);
return 0;
}