diff options
-rw-r--r-- | source3/winbindd/winbindd_group.c | 465 |
1 files changed, 255 insertions, 210 deletions
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 20b90e3283..69e3a6a555 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -45,7 +45,9 @@ static void add_member(const char *domain, const char *user, Add member users resulting from sid. Expand if it is a domain group. **********************************************************************/ -static void add_expanded_sid(const DOM_SID *sid, char **pp_members, size_t *p_num_members) +static void add_expanded_sid(const DOM_SID *sid, + char **pp_members, + size_t *p_num_members) { DOM_SID dom_sid; uint32 rid; @@ -143,8 +145,8 @@ static void add_expanded_sid(const DOM_SID *sid, char **pp_members, size_t *p_nu } static bool fill_passdb_alias_grmem(struct winbindd_domain *domain, - DOM_SID *group_sid, - size_t *num_gr_mem, char **gr_mem, size_t *gr_mem_len) + DOM_SID *group_sid, size_t *num_gr_mem, + char **gr_mem, size_t *gr_mem_len) { DOM_SID *members; size_t i, num_members; @@ -177,7 +179,7 @@ static bool fill_passdb_alias_grmem(struct winbindd_domain *domain, /* Fill a grent structure from various other information */ -static bool fill_grent(struct winbindd_gr *gr, const char *dom_name, +static bool fill_grent(struct winbindd_gr *gr, const char *dom_name, const char *gr_name, gid_t unix_gid) { fstring full_group_name; @@ -185,9 +187,9 @@ static bool fill_grent(struct winbindd_gr *gr, const char *dom_name, fill_domain_username( full_group_name, dom_name, gr_name, True ); gr->gr_gid = unix_gid; - + /* Group name and password */ - + safe_strcpy(gr->gr_name, full_group_name, sizeof(gr->gr_name) - 1); safe_strcpy(gr->gr_passwd, "x", sizeof(gr->gr_passwd) - 1); @@ -208,7 +210,7 @@ static bool fill_grent_mem_domusers( TALLOC_CTX *mem_ctx, struct winbindd_cli_state *state, DOM_SID *group_sid, enum lsa_SidType group_name_type, - size_t *num_gr_mem, char **gr_mem, + size_t *num_gr_mem, char **gr_mem, size_t *gr_mem_len) { DOM_SID querying_user_sid; @@ -232,7 +234,8 @@ static bool fill_grent_mem_domusers( TALLOC_CTX *mem_ctx, status = idmap_uid_to_sid(&querying_user_sid, ret_uid); if (NT_STATUS_IS_OK(status)) { pquerying_user_sid = &querying_user_sid; - DEBUG(10,("fill_grent_mem_domain_users: querying uid %u -> %s\n", + DEBUG(10,("fill_grent_mem_domain_users: " + "querying uid %u -> %s\n", (unsigned int)ret_uid, sid_string_dbg(pquerying_user_sid))); } @@ -242,22 +245,23 @@ static bool fill_grent_mem_domusers( TALLOC_CTX *mem_ctx, /* Only look up if it was a winbindd user in this domain. */ if (pquerying_user_sid && (sid_compare_domain(pquerying_user_sid, &domain->sid) == 0)) { - + DEBUG(10,("fill_grent_mem_domain_users: querying user = %s\n", sid_string_dbg(pquerying_user_sid) )); - + status = domain->methods->lookup_usergroups(domain, mem_ctx, pquerying_user_sid, &num_groups, &user_sids); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("fill_grent_mem_domain_users: lookup_usergroups failed " - "for sid %s in domain %s (error: %s)\n", + DEBUG(1, ("fill_grent_mem_domain_users: " + "lookup_usergroups failed " + "for sid %s in domain %s (error: %s)\n", sid_string_dbg(pquerying_user_sid), domain->name, nt_errstr(status))); - return False; + return False; } for (i = 0; i < num_groups; i++) { @@ -269,18 +273,19 @@ static bool fill_grent_mem_domusers( TALLOC_CTX *mem_ctx, } } } - + if (u_in_group) { size_t len = 0; char *domainname = NULL; char *username = NULL; fstring name; enum lsa_SidType type; - - DEBUG(10,("fill_grent_mem_domain_users: sid %s in 'Domain Users' in domain %s\n", + + DEBUG(10,("fill_grent_mem_domain_users: " + "sid %s in 'Domain Users' in domain %s\n", sid_string_dbg(pquerying_user_sid), domain->name )); - + status = domain->methods->sid_to_name(domain, mem_ctx, pquerying_user_sid, &domainname, @@ -288,38 +293,39 @@ static bool fill_grent_mem_domusers( TALLOC_CTX *mem_ctx, &type); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("could not lookup username for user " - "sid %s in domain %s (error: %s)\n", + "sid %s in domain %s (error: %s)\n", sid_string_dbg(pquerying_user_sid), domain->name, nt_errstr(status))); - return False; + return False; } fill_domain_username(name, domain->name, username, True); len = strlen(name); buf_len = len + 1; if (!(buf = (char *)SMB_MALLOC(buf_len))) { DEBUG(1, ("out of memory\n")); - return False; + return False; } memcpy(buf, name, buf_len); - + DEBUG(10,("fill_grent_mem_domain_users: user %s in " "'Domain Users' in domain %s\n", name, domain->name )); - + /* user is the only member */ *num_gr_mem = 1; } - + *gr_mem = buf; *gr_mem_len = buf_len; - - DEBUG(10, ("fill_grent_mem_domain_users: num_mem = %u, len = %u, mem = %s\n", - (unsigned int)*num_gr_mem, - (unsigned int)buf_len, *num_gr_mem ? buf : "NULL")); + + DEBUG(10, ("fill_grent_mem_domain_users: " + "num_mem = %u, len = %u, mem = %s\n", + (unsigned int)*num_gr_mem, + (unsigned int)buf_len, *num_gr_mem ? buf : "NULL")); return True; -} +} /*********************************************************************** Add names to a list. Assumes a canonical version of the string @@ -328,28 +334,29 @@ static bool fill_grent_mem_domusers( TALLOC_CTX *mem_ctx, static int namecmp( const void *a, const void *b ) { - return StrCaseCmp( * (char * const *) a, * (char * const *) b); + return StrCaseCmp( * (char * const *) a, * (char * const *) b); } -static NTSTATUS add_names_to_list( TALLOC_CTX *ctx, - char ***list, uint32 *n_list, +static NTSTATUS add_names_to_list( TALLOC_CTX *ctx, + char ***list, uint32 *n_list, char **names, uint32 n_names ) { - char **new_list = NULL; - uint32 n_new_list = 0; - int i, j; + char **new_list = NULL; + uint32 n_new_list = 0; + int i, j; if ( !names || (n_names == 0) ) return NT_STATUS_OK; - + /* Alloc the maximum size we'll need */ if ( *list == NULL ) { - if ( (new_list = TALLOC_ARRAY( ctx, char *, n_names )) == NULL ) + if ((new_list = TALLOC_ARRAY(ctx, char *, n_names)) == NULL) { return NT_STATUS_NO_MEMORY; - n_new_list = n_names; + } + n_new_list = n_names; } else { - new_list = TALLOC_REALLOC_ARRAY( ctx, *list, char *, + new_list = TALLOC_REALLOC_ARRAY( ctx, *list, char *, (*n_list) + n_names ); if ( !new_list ) return NT_STATUS_NO_MEMORY; @@ -364,33 +371,33 @@ static NTSTATUS add_names_to_list( TALLOC_CTX *ctx, /* search for duplicates for sorting and looking for matching neighbors */ - + qsort( new_list, n_new_list, sizeof(char*), QSORT_CAST namecmp ); - + for ( i=1; i<n_new_list; i++ ) { - if ( strcmp( new_list[i-1], new_list[i] ) == 0 ) { - memmove( &new_list[i-1], &new_list[i], + if ( strcmp( new_list[i-1], new_list[i] ) == 0 ) { + memmove( &new_list[i-1], &new_list[i], sizeof(char*)*(n_new_list-i) ); n_new_list--; } } *list = new_list; - *n_list = n_new_list; + *n_list = n_new_list; - return NT_STATUS_OK; + return NT_STATUS_OK; } /*********************************************************************** ***********************************************************************/ -static NTSTATUS expand_groups( TALLOC_CTX *ctx, +static NTSTATUS expand_groups( TALLOC_CTX *ctx, struct winbindd_domain *d, DOM_SID *glist, uint32 n_glist, DOM_SID **new_glist, uint32 *n_new_glist, char ***members, uint32 *n_members ) { - int i, j; + int i, j; NTSTATUS status = NT_STATUS_OK; uint32 num_names = 0; uint32 *name_types = NULL; @@ -398,25 +405,25 @@ static NTSTATUS expand_groups( TALLOC_CTX *ctx, DOM_SID *sid_mem = NULL; TALLOC_CTX *tmp_ctx = NULL; DOM_SID *new_groups = NULL; - size_t new_groups_size = 0; - + size_t new_groups_size = 0; + *members = NULL; - *n_members = 0; + *n_members = 0; *new_glist = NULL; - *n_new_glist = 0; - + *n_new_glist = 0; + for ( i=0; i<n_glist; i++ ) { tmp_ctx = talloc_new( ctx ); /* Lookup the group membership */ - status = d->methods->lookup_groupmem(d, tmp_ctx, + status = d->methods->lookup_groupmem(d, tmp_ctx, &glist[i], &num_names, - &sid_mem, &names, + &sid_mem, &names, &name_types); - if ( !NT_STATUS_IS_OK(status) ) + if ( !NT_STATUS_IS_OK(status) ) goto out; - + /* Separate users and groups into two lists */ for ( j=0; j<num_names; j++ ) { @@ -425,14 +432,14 @@ static NTSTATUS expand_groups( TALLOC_CTX *ctx, if ( name_types[j] == SID_NAME_USER || name_types[j] == SID_NAME_COMPUTER ) { - status = add_names_to_list( ctx, members, + status = add_names_to_list( ctx, members, n_members, names+j, 1 ); if ( !NT_STATUS_IS_OK(status) ) goto out; - continue; - } + continue; + } /* Groups */ if ( name_types[j] == SID_NAME_DOM_GRP || @@ -454,12 +461,12 @@ static NTSTATUS expand_groups( TALLOC_CTX *ctx, } *new_glist = new_groups; - *n_new_glist = (uint32)new_groups_size; - + *n_new_glist = (uint32)new_groups_size; + out: TALLOC_FREE( tmp_ctx ); - - return status; + + return status; } /*********************************************************************** @@ -468,9 +475,10 @@ static NTSTATUS expand_groups( TALLOC_CTX *ctx, static bool fill_grent_mem(struct winbindd_domain *domain, struct winbindd_cli_state *state, - DOM_SID *group_sid, - enum lsa_SidType group_name_type, - size_t *num_gr_mem, char **gr_mem, size_t *gr_mem_len) + DOM_SID *group_sid, + enum lsa_SidType group_name_type, + size_t *num_gr_mem, char **gr_mem, + size_t *gr_mem_len) { uint32 num_names = 0; unsigned int buf_len = 0, buf_ndx = 0, i; @@ -480,8 +488,8 @@ static bool fill_grent_mem(struct winbindd_domain *domain, uint32 group_rid; DOM_SID *glist = NULL; DOM_SID *new_glist = NULL; - uint32 n_glist, n_new_glist; - int max_depth = lp_winbind_expand_groups(); + uint32 n_glist, n_new_glist; + int max_depth = lp_winbind_expand_groups(); if (!(mem_ctx = talloc_init("fill_grent_mem(%s)", domain->name))) return False; @@ -508,7 +516,7 @@ static bool fill_grent_mem(struct winbindd_domain *domain, if ( !((group_name_type==SID_NAME_DOM_GRP) || ((group_name_type==SID_NAME_ALIAS) && domain->primary)) ) { - DEBUG(1, ("SID %s in domain %s isn't a domain group (%d)\n", + DEBUG(1, ("SID %s in domain %s isn't a domain group (%d)\n", sid_string_dbg(group_sid), domain->name, group_name_type)); goto done; @@ -519,15 +527,15 @@ static bool fill_grent_mem(struct winbindd_domain *domain, sid_peek_rid( group_sid, &group_rid ); if (!lp_winbind_enum_users() && group_rid == DOMAIN_GROUP_RID_USERS) { - result = fill_grent_mem_domusers( mem_ctx, domain, state, + result = fill_grent_mem_domusers( mem_ctx, domain, state, group_sid, group_name_type, num_gr_mem, gr_mem, gr_mem_len ); - goto done; + goto done; } /* Real work goes here. Create a list of group names to - expand startign with the initial one. Pass that to + expand startign with the initial one. Pass that to expand_groups() which returns a list of more group names to expand. Do this up to the max search depth. */ @@ -536,33 +544,33 @@ static bool fill_grent_mem(struct winbindd_domain *domain, DEBUG(0,("fill_grent_mem: talloc failure!\n")); goto done; } - sid_copy( &glist[0], group_sid ); - n_glist = 1; + sid_copy( &glist[0], group_sid ); + n_glist = 1; for ( i=0; i<max_depth && glist; i++ ) { uint32 n_members = 0; char **members = NULL; - NTSTATUS nt_status; + NTSTATUS nt_status; nt_status = expand_groups( mem_ctx, domain, - glist, n_glist, + glist, n_glist, &new_glist, &n_new_glist, &members, &n_members); if ( !NT_STATUS_IS_OK(nt_status) ) { - result = False; + result = False; goto done; - } - + } + /* Add new group members to list */ - nt_status = add_names_to_list( mem_ctx, &names, &num_names, + nt_status = add_names_to_list( mem_ctx, &names, &num_names, members, n_members ); if ( !NT_STATUS_IS_OK(nt_status) ) { - result = False; + result = False; goto done; } - - TALLOC_FREE( members ); + + TALLOC_FREE( members ); /* If we have no more groups to expand, break out early */ @@ -575,8 +583,8 @@ static bool fill_grent_mem(struct winbindd_domain *domain, glist = new_glist; n_glist = n_new_glist; } - TALLOC_FREE( glist ); - + TALLOC_FREE( glist ); + DEBUG(10, ("looked up %d names\n", num_names)); again: @@ -584,11 +592,11 @@ static bool fill_grent_mem(struct winbindd_domain *domain, for (i = 0; i < num_names; i++) { int len; - + DEBUG(10, ("processing name %s\n", names[i])); len = strlen(names[i]); - + /* Add to list or calculate buffer length */ if (!buf) { @@ -596,7 +604,8 @@ static bool fill_grent_mem(struct winbindd_domain *domain, (*num_gr_mem)++; DEBUG(10, ("buf_len + %d = %d\n", len + 1, buf_len)); } else { - DEBUG(10, ("appending %s at ndx %d\n", names[i], buf_ndx)); + DEBUG(10, ("appending %s at ndx %d\n", + names[i], buf_ndx)); safe_strcpy(&buf[buf_ndx], names[i], len); buf_ndx += len; buf[buf_ndx] = ','; @@ -625,26 +634,27 @@ static bool fill_grent_mem(struct winbindd_domain *domain, *gr_mem = buf; *gr_mem_len = buf_len; - DEBUG(10, ("num_mem = %u, len = %u, mem = %s\n", (unsigned int)*num_gr_mem, - (unsigned int)buf_len, *num_gr_mem ? buf : "NULL")); + DEBUG(10, ("num_mem = %u, len = %u, mem = %s\n", + (unsigned int)*num_gr_mem, + (unsigned int)buf_len, *num_gr_mem ? buf : "NULL")); result = True; done: talloc_destroy(mem_ctx); - + DEBUG(10, ("fill_grent_mem returning %d\n", result)); return result; } -static void winbindd_getgrsid( struct winbindd_cli_state *state, DOM_SID group_sid ); +static void winbindd_getgrsid(struct winbindd_cli_state *state, DOM_SID group_sid); -static void getgrnam_recv( void *private_data, bool success, const DOM_SID *sid, +static void getgrnam_recv( void *private_data, bool success, const DOM_SID *sid, enum lsa_SidType type ) { struct winbindd_cli_state *state = (struct winbindd_cli_state*)private_data; - + if (!success) { DEBUG(5,("getgrnam_recv: lookupname failed!\n")); request_error(state); @@ -655,12 +665,12 @@ static void getgrnam_recv( void *private_data, bool success, const DOM_SID *sid, DEBUG(5,("getgrnam_recv: not a group!\n")); request_error(state); return; - } + } winbindd_getgrsid( state, *sid ); } - + /* Return a group structure from a group name */ void winbindd_getgrnam(struct winbindd_cli_state *state) @@ -668,7 +678,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) struct winbindd_domain *domain; fstring name_domain, name_group; char *tmp; - + /* Ensure null termination */ state->request.data.groupname[sizeof(state->request.data.groupname)-1]='\0'; @@ -676,14 +686,14 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) state->request.data.groupname)); /* Parse domain and groupname */ - + memset(name_group, 0, sizeof(fstring)); tmp = state->request.data.groupname; name_domain[0] = '\0'; name_group[0] = '\0'; - + parse_domain_user(tmp, name_domain, name_group); /* if no domain or our local domain and no local tdb group, default to @@ -702,7 +712,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) return; } /* should we deal with users for our domain? */ - + if ( lp_winbind_trusted_domains_only() && domain->primary) { DEBUG(7,("winbindd_getgrnam: My domain -- rejecting " "getgrnam() for %s\\%s.\n", name_domain, name_group)); @@ -713,7 +723,7 @@ void winbindd_getgrnam(struct winbindd_cli_state *state) /* Get rid and name type from name */ ws_name_replace( name_group, WB_REPLACE_CHAR ); - + winbindd_lookupname_async( state->mem_ctx, domain->name, name_group, getgrnam_recv, WINBINDD_GETGRNAM, state ); } @@ -722,7 +732,7 @@ struct getgrsid_state { struct winbindd_cli_state *state; struct winbindd_domain *domain; char *group_name; - enum lsa_SidType group_type; + enum lsa_SidType group_type; uid_t gid; DOM_SID group_sid; }; @@ -735,7 +745,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) size_t gr_mem_len; size_t num_gr_mem; char *gr_mem; - fstring dom_name, group_name; + fstring dom_name, group_name; if (!success) { DEBUG(5,("getgrsid_sid2gid_recv: sid2gid failed!\n")); @@ -751,7 +761,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) return; } - + /* Fill in group structure */ if ( (domain = find_domain_from_name_noinit(dom_name)) == NULL ) { @@ -762,7 +772,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) if (!fill_grent(&s->state->response.data.gr, dom_name, group_name, gid) || !fill_grent_mem(domain, s->state, &s->group_sid, s->group_type, - &num_gr_mem, &gr_mem, &gr_mem_len)) + &num_gr_mem, &gr_mem, &gr_mem_len)) { request_error(s->state); return; @@ -777,7 +787,7 @@ static void getgrsid_sid2gid_recv(void *private_data, bool success, gid_t gid) s->state->response.length += gr_mem_len; s->state->response.extra_data.data = gr_mem; - request_ok(s->state); + request_ok(s->state); } static void getgrsid_lookupsid_recv( void *private_data, bool success, @@ -796,16 +806,16 @@ static void getgrsid_lookupsid_recv( void *private_data, bool success, local group in an internal domain */ if ( !( (name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && + ((name_type==SID_NAME_ALIAS) && (s->domain->primary || s->domain->internal)) ) ) { - DEBUG(1, ("name '%s\\%s' is not a local or domain group: %d\n", + DEBUG(1, ("name '%s\\%s' is not a local or domain group: %d\n", dom_name, name, name_type)); request_error(s->state); return; } - if ( (s->group_name = talloc_asprintf( s->state->mem_ctx, + if ( (s->group_name = talloc_asprintf( s->state->mem_ctx, "%s%c%s", dom_name, *lp_winbind_separator(), @@ -843,7 +853,7 @@ static void winbindd_getgrsid( struct winbindd_cli_state *state, const DOM_SID g sid_copy(&s->group_sid, &group_sid); - winbindd_lookupsid_async( s->state->mem_ctx, &group_sid, + winbindd_lookupsid_async( s->state->mem_ctx, &group_sid, getgrsid_lookupsid_recv, s ); } @@ -874,7 +884,7 @@ static void getgrgid_recv(void *private_data, bool success, const char *sid) return; } - DEBUG(1, ("could not convert gid %lu to sid\n", + DEBUG(1, ("could not convert gid %lu to sid\n", (unsigned long)state->request.data.gid)); request_error(state); } @@ -882,11 +892,14 @@ static void getgrgid_recv(void *private_data, bool success, const char *sid) /* Return a group structure from a gid number */ void winbindd_getgrgid(struct winbindd_cli_state *state) { - DEBUG(3, ("[%5lu]: getgrgid %lu\n", (unsigned long)state->pid, - (unsigned long)state->request.data.gid)); + gid_t gid = state->request.data.gid; + + DEBUG(3, ("[%5lu]: getgrgid %lu\n", + (unsigned long)state->pid, + (unsigned long)gid)); /* always use the async interface */ - winbindd_gid2sid_async(state->mem_ctx, state->request.data.gid, getgrgid_recv, state); + winbindd_gid2sid_async(state->mem_ctx, gid, getgrgid_recv, state); } /* @@ -905,45 +918,46 @@ static bool winbindd_setgrent_internal(struct winbindd_cli_state *state) if (!lp_winbind_enum_groups()) { return False; - } + } /* Free old static data if it exists */ - + if (state->getgrent_state != NULL) { free_getent_state(state->getgrent_state); state->getgrent_state = NULL; } - + /* Create sam pipes for each domain we know about */ - + for (domain = domain_list(); domain != NULL; domain = domain->next) { struct getent_state *domain_state; - + /* Create a state record for this domain */ - /* don't add our domaina if we are a PDC or if we + /* don't add our domaina if we are a PDC or if we are a member of a Samba domain */ - + if ( lp_winbind_trusted_domains_only() && domain->primary ) { continue; } - - - if ((domain_state = SMB_MALLOC_P(struct getent_state)) == NULL) { - DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n")); + + domain_state = SMB_MALLOC_P(struct getent_state); + if (!domain_state) { + DEBUG(1, ("winbindd_setgrent: " + "malloc failed for domain_state!\n")); return False; } - + ZERO_STRUCTP(domain_state); - + fstrcpy(domain_state->domain_name, domain->name); /* Add to list of open domains */ - + DLIST_ADD(state->getgrent_state, domain_state); } - + state->getgrent_initialized = True; return True; } @@ -970,7 +984,7 @@ void winbindd_endgrent(struct winbindd_cli_state *state) } /* Get the list of domain groups and domain aliases for a domain. We fill in - the sam_entries and num_sam_entries fields with domain group information. + the sam_entries and num_sam_entries fields with domain group information. Return True if some groups were returned, False otherwise. */ bool get_sam_group_entries(struct getent_state *ent) @@ -982,16 +996,17 @@ bool get_sam_group_entries(struct getent_state *ent) bool result = False; struct acct_info *sam_grp_entries = NULL; struct winbindd_domain *domain; - + if (ent->got_sam_entries) return False; if (!(mem_ctx = talloc_init("get_sam_group_entries(%s)", ent->domain_name))) { - DEBUG(1, ("get_sam_group_entries: could not create talloc context!\n")); + DEBUG(1, ("get_sam_group_entries: " + "could not create talloc context!\n")); return False; } - + /* Free any existing group info */ SAFE_FREE(ent->sam_entries); @@ -1003,16 +1018,20 @@ bool get_sam_group_entries(struct getent_state *ent) num_entries = 0; if (!(domain = find_domain_from_name(ent->domain_name))) { - DEBUG(3, ("no such domain %s in get_sam_group_entries\n", ent->domain_name)); + DEBUG(3, ("no such domain %s in get_sam_group_entries\n", + ent->domain_name)); goto done; } /* always get the domain global groups */ - status = domain->methods->enum_dom_groups(domain, mem_ctx, &num_entries, &sam_grp_entries); - + status = domain->methods->enum_dom_groups(domain, mem_ctx, &num_entries, + &sam_grp_entries); + if (!NT_STATUS_IS_OK(status)) { - DEBUG(3, ("get_sam_group_entries: could not enumerate domain groups! Error: %s\n", nt_errstr(status))); + DEBUG(3, ("get_sam_group_entries: " + "could not enumerate domain groups! Error: %s\n", + nt_errstr(status))); result = False; goto done; } @@ -1020,29 +1039,36 @@ bool get_sam_group_entries(struct getent_state *ent) /* Copy entries into return buffer */ if (num_entries) { - if ( !(name_list = SMB_MALLOC_ARRAY(struct acct_info, num_entries)) ) { - DEBUG(0,("get_sam_group_entries: Failed to malloc memory for %d domain groups!\n", - num_entries)); + name_list = SMB_MALLOC_ARRAY(struct acct_info, num_entries); + if (!name_list) { + DEBUG(0,("get_sam_group_entries: Failed to malloc " + "memory for %d domain groups!\n", + num_entries)); result = False; goto done; } - memcpy( name_list, sam_grp_entries, num_entries * sizeof(struct acct_info) ); + memcpy(name_list, sam_grp_entries, + num_entries * sizeof(struct acct_info)); } - + ent->num_sam_entries = num_entries; - - /* get the domain local groups if we are a member of a native win2k domain - and are not using LDAP to get the groups */ - - if ( ( lp_security() != SEC_ADS && domain->native_mode + + /* get the domain local groups if we are a member of a native win2k + * domain and are not using LDAP to get the groups */ + + if ( ( lp_security() != SEC_ADS && domain->native_mode && domain->primary) || domain->internal ) { - DEBUG(4,("get_sam_group_entries: %s domain; enumerating local groups as well\n", - domain->native_mode ? "Native Mode 2k":"BUILTIN or local")); - - status = domain->methods->enum_local_groups(domain, mem_ctx, &num_entries, &sam_grp_entries); - - if ( !NT_STATUS_IS_OK(status) ) { + DEBUG(4,("get_sam_group_entries: %s domain; " + "enumerating local groups as well\n", + domain->native_mode ? "Native Mode 2k": + "BUILTIN or local")); + + status = domain->methods->enum_local_groups(domain, mem_ctx, + &num_entries, + &sam_grp_entries); + + if ( !NT_STATUS_IS_OK(status) ) { DEBUG(3,("get_sam_group_entries: " "Failed to enumerate " "domain local groups with error %s!\n", @@ -1050,27 +1076,35 @@ bool get_sam_group_entries(struct getent_state *ent) num_entries = 0; } else - DEBUG(4,("get_sam_group_entries: Returned %d local groups\n", num_entries)); - + DEBUG(4,("get_sam_group_entries: " + "Returned %d local groups\n", + num_entries)); + /* Copy entries into return buffer */ if ( num_entries ) { - if ( !(name_list = SMB_REALLOC_ARRAY( name_list, struct acct_info, ent->num_sam_entries+num_entries)) ) - { - DEBUG(0,("get_sam_group_entries: Failed to realloc more memory for %d local groups!\n", - num_entries)); + name_list = SMB_REALLOC_ARRAY(name_list, + struct acct_info, + ent->num_sam_entries+ + num_entries); + if (!name_list) { + DEBUG(0,("get_sam_group_entries: " + "Failed to realloc more memory " + "for %d local groups!\n", + num_entries)); result = False; goto done; } - - memcpy( &name_list[ent->num_sam_entries], sam_grp_entries, - num_entries * sizeof(struct acct_info) ); + + memcpy(&name_list[ent->num_sam_entries], + sam_grp_entries, + num_entries * sizeof(struct acct_info)); } - + ent->num_sam_entries += num_entries; } - - + + /* Fill in remaining fields */ ent->sam_entries = name_list; @@ -1111,18 +1145,19 @@ void winbindd_getgrent(struct winbindd_cli_state *state) return; } - if ((state->response.extra_data.data = SMB_MALLOC_ARRAY(struct winbindd_gr, num_groups)) == NULL) { + group_list = SMB_MALLOC_ARRAY(struct winbindd_gr, num_groups); + if (!group_list) { request_error(state); return; } + /* will be freed by process_request() */ + state->response.extra_data.data = group_list; memset(state->response.extra_data.data, '\0', num_groups * sizeof(struct winbindd_gr) ); state->response.data.num_entries = 0; - group_list = (struct winbindd_gr *)state->response.extra_data.data; - if (!state->getgrent_initialized) winbindd_setgrent_internal(state); @@ -1142,7 +1177,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) char *gr_mem; DOM_SID group_sid; struct winbindd_domain *domain; - + /* Do we need to fetch another chunk of groups? */ tryagain: @@ -1155,7 +1190,8 @@ void winbindd_getgrent(struct winbindd_cli_state *state) while(ent && !get_sam_group_entries(ent)) { struct getent_state *next_ent; - DEBUG(10, ("freeing state info for domain %s\n", ent->domain_name)); + DEBUG(10, ("freeing state info for domain %s\n", + ent->domain_name)); /* Free state information for this domain */ @@ -1163,28 +1199,28 @@ void winbindd_getgrent(struct winbindd_cli_state *state) next_ent = ent->next; DLIST_REMOVE(state->getgrent_state, ent); - + SAFE_FREE(ent); ent = next_ent; } /* No more domains */ - if (!ent) + if (!ent) break; } - + name_list = (struct acct_info *)ent->sam_entries; - - if (!(domain = - find_domain_from_name(ent->domain_name))) { - DEBUG(3, ("No such domain %s in winbindd_getgrent\n", ent->domain_name)); + + if (!(domain = find_domain_from_name(ent->domain_name))) { + DEBUG(3, ("No such domain %s in winbindd_getgrent\n", + ent->domain_name)); result = False; goto done; } /* Lookup group info */ - + sid_copy(&group_sid, &domain->sid); sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid); @@ -1196,9 +1232,8 @@ void winbindd_getgrent(struct winbindd_cli_state *state) sid_string_dbg(&group_sid))); if (!pdb_sid_to_id(&group_sid, &id, &type)) { - DEBUG(1, ("could not look up gid for group " - "%s\n", - name_list[ent->sam_entry_index].acct_name)); + DEBUG(1,("could not look up gid for group %s\n", + name_list[ent->sam_entry_index].acct_name)); ent->sam_entry_index++; goto tryagain; } @@ -1215,15 +1250,16 @@ void winbindd_getgrent(struct winbindd_cli_state *state) group_gid = id.gid; } - DEBUG(10, ("got gid %lu for group %lu\n", (unsigned long)group_gid, + DEBUG(10, ("got gid %lu for group %lu\n", + (unsigned long)group_gid, (unsigned long)name_list[ent->sam_entry_index].rid)); - + /* Fill in group entry */ - fill_domain_username(domain_group_name, ent->domain_name, + fill_domain_username(domain_group_name, ent->domain_name, name_list[ent->sam_entry_index].acct_name, True); - result = fill_grent(&group_list[group_list_ndx], + result = fill_grent(&group_list[group_list_ndx], ent->domain_name, name_list[ent->sam_entry_index].acct_name, group_gid); @@ -1236,8 +1272,8 @@ void winbindd_getgrent(struct winbindd_cli_state *state) group_list[group_list_ndx].num_gr_mem = 0; gr_mem = NULL; gr_mem_len = 0; - - /* Get group membership */ + + /* Get group membership */ if (state->request.cmd == WINBINDD_GETGRLST) { result = True; } else { @@ -1260,7 +1296,8 @@ void winbindd_getgrent(struct winbindd_cli_state *state) gr_mem_list = (char *)SMB_REALLOC( gr_mem_list, gr_mem_list_len + gr_mem_len); - if (!gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) { + if (!gr_mem_list && + (group_list[group_list_ndx].num_gr_mem != 0)) { DEBUG(0, ("out of memory\n")); gr_mem_list_len = 0; break; @@ -1274,16 +1311,16 @@ void winbindd_getgrent(struct winbindd_cli_state *state) SAFE_FREE(gr_mem); - group_list[group_list_ndx].gr_mem_ofs = + group_list[group_list_ndx].gr_mem_ofs = gr_mem_list_len; gr_mem_list_len += gr_mem_len; } ent->sam_entry_index++; - + /* Add group to return list */ - + if (result) { DEBUG(10, ("adding group num_entries = %d\n", @@ -1291,12 +1328,12 @@ void winbindd_getgrent(struct winbindd_cli_state *state) group_list_ndx++; state->response.data.num_entries++; - + state->response.length += sizeof(struct winbindd_gr); - + } else { - DEBUG(0, ("could not lookup domain group %s\n", + DEBUG(0, ("could not lookup domain group %s\n", domain_group_name)); } } @@ -1319,7 +1356,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) } memcpy(&((char *)state->response.extra_data.data) - [group_list_ndx * sizeof(struct winbindd_gr)], + [group_list_ndx * sizeof(struct winbindd_gr)], gr_mem_list, gr_mem_list_len); state->response.length += gr_mem_list_len; @@ -1408,25 +1445,27 @@ void winbindd_getgroups(struct winbindd_cli_state *state) return; } - s->domname = talloc_strdup( state->mem_ctx, get_global_sam_name() ); - s->username = talloc_strdup( state->mem_ctx, state->request.data.username ); + s->domname = talloc_strdup(state->mem_ctx, + get_global_sam_name()); + s->username = talloc_strdup(state->mem_ctx, + state->request.data.username); } - - /* Get info for the domain (either by short domain name or + + /* Get info for the domain (either by short domain name or DNS name in the case of a UPN) */ s->domain = find_domain_from_name_noinit(s->domname); if (!s->domain) { char *p = strchr(s->username, '@'); - + if (p) { - s->domain = find_domain_from_name_noinit(p+1); + s->domain = find_domain_from_name_noinit(p+1); } - + } if (s->domain == NULL) { - DEBUG(7, ("could not find domain entry for domain %s\n", + DEBUG(7, ("could not find domain entry for domain %s\n", s->domname)); request_error(state); return; @@ -1438,12 +1477,14 @@ void winbindd_getgroups(struct winbindd_cli_state *state) s->username)); request_error(state); return; - } + } /* Get rid and name type from name. The following costs 1 packet */ - winbindd_lookupname_async(state->mem_ctx, s->domname, s->username, - getgroups_usersid_recv, WINBINDD_GETGROUPS, s); + winbindd_lookupname_async(state->mem_ctx, + s->domname, s->username, + getgroups_usersid_recv, + WINBINDD_GETGROUPS, s); } static void getgroups_usersid_recv(void *private_data, bool success, @@ -1518,7 +1559,9 @@ static void getgroups_sid2gid_recv(void *private_data, bool success, gid_t gid) s->state->response.data.num_entries = s->num_token_gids; if (s->num_token_gids) { /* s->token_gids are talloced */ - s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t)); + s->state->response.extra_data.data = + smb_xmemdup(s->token_gids, + s->num_token_gids * sizeof(gid_t)); s->state->response.length += s->num_token_gids * sizeof(gid_t); } request_ok(s->state); @@ -1529,7 +1572,7 @@ static void getgroups_sid2gid_recv(void *private_data, bool success, gid_t gid) rather than a NAME->SID->SIDS->GIDS mapping, which means we avoid idmap. This call is designed to be used with applications that need to do ACL evaluation themselves. Note that the cached info3 data is - not used + not used this function assumes that the SID that comes in is a user SID. If you pass in another type of SID then you may get unpredictable @@ -1622,9 +1665,9 @@ void winbindd_getuserdomgroups(struct winbindd_cli_state *state) return; } - /* Get info for the domain */ + /* Get info for the domain */ if ((domain = find_domain_from_sid_noinit(&user_sid)) == NULL) { - DEBUG(0,("could not find domain entry for sid %s\n", + DEBUG(0,("could not find domain entry for sid %s\n", sid_string_dbg(&user_sid))); request_error(state); return; @@ -1665,7 +1708,9 @@ enum winbindd_result winbindd_dual_getuserdomgroups(struct winbindd_domain *doma return WINBINDD_OK; } - if (!print_sidlist(state->mem_ctx, groups, num_groups, &sidstring, &len)) { + if (!print_sidlist(state->mem_ctx, + groups, num_groups, + &sidstring, &len)) { DEBUG(0, ("talloc failed\n")); return WINBINDD_ERROR; } |