diff options
-rw-r--r-- | source3/auth/auth_util.c | 17 | ||||
-rw-r--r-- | source3/auth/token_util.c | 7 | ||||
-rw-r--r-- | source3/include/proto.h | 4 | ||||
-rw-r--r-- | source3/passdb/lookup_sid.c | 171 | ||||
-rw-r--r-- | source3/winbindd/winbindd_passdb.c | 28 |
5 files changed, 110 insertions, 117 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5b2c3045c3..9220df01c0 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1086,6 +1086,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, NTSTATUS status; struct samu *sampass = NULL; gid_t *gids; + char *qualified_name = NULL; TALLOC_CTX *mem_ctx = NULL; DOM_SID u_sid; enum lsa_SidType type; @@ -1151,10 +1152,18 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - if (!lookup_domain_name(mem_ctx, - unix_users_domain_name(), unix_username, - LOOKUP_NAME_ALL, - NULL, NULL, &u_sid, &type)) { + qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", + unix_users_domain_name(), + unix_username ); + if (!qualified_name) { + TALLOC_FREE(result); + TALLOC_FREE(mem_ctx); + return NT_STATUS_NO_MEMORY; + } + + if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL, + NULL, NULL, + &u_sid, &type)) { TALLOC_FREE(result); TALLOC_FREE(mem_ctx); return NT_STATUS_NO_SUCH_USER; diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 2b55af779e..d6cd2ea3a8 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -291,6 +291,7 @@ NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid) { NTSTATUS status; DOM_SID dom_admins, root_sid; + fstring root_name; enum lsa_SidType type; TALLOC_CTX *ctx; bool ret; @@ -316,9 +317,9 @@ NTSTATUS create_builtin_administrators(const DOM_SID *dom_sid) if ( (ctx = talloc_init("create_builtin_administrators")) == NULL ) { return NT_STATUS_NO_MEMORY; } - ret = lookup_domain_name(ctx, get_global_sam_name(), "root", - LOOKUP_NAME_DOMAIN, - NULL, NULL, &root_sid, &type); + fstr_sprintf( root_name, "%s\\root", get_global_sam_name() ); + ret = lookup_name(ctx, root_name, LOOKUP_NAME_DOMAIN, NULL, NULL, + &root_sid, &type); TALLOC_FREE( ctx ); if ( ret ) { diff --git a/source3/include/proto.h b/source3/include/proto.h index a81375c2db..291afac44d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6199,10 +6199,6 @@ bool lookup_name(TALLOC_CTX *mem_ctx, const char *full_name, int flags, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, enum lsa_SidType *ret_type); -bool lookup_domain_name(TALLOC_CTX *mem_ctx, - const char *domain, const char *name, int flags, - const char **ret_domain, const char **ret_name, - DOM_SID *ret_sid, enum lsa_SidType *ret_type); bool lookup_name_smbconf(TALLOC_CTX *mem_ctx, const char *full_name, int flags, const char **ret_domain, const char **ret_name, diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 9813101bc1..3861c8e229 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -29,72 +29,44 @@ to do guesswork. *****************************************************************/ -#define LN_CHECK_TALLOC(var, memctx) do { \ - if (var == NULL) { \ - DEBUG(0, ("talloc failed\n")); \ - TALLOC_FREE(memctx); \ - return false; \ - } \ -} while(0) - bool lookup_name(TALLOC_CTX *mem_ctx, const char *full_name, int flags, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, enum lsa_SidType *ret_type) { - char *domain, *name; - bool res; char *p; + const char *tmp; + const char *domain = NULL; + const char *name = NULL; + uint32 rid; + DOM_SID sid; + enum lsa_SidType type; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + + if (tmp_ctx == NULL) { + DEBUG(0, ("talloc_new failed\n")); + return false; + } p = strchr_m(full_name, '\\'); if (p != NULL) { - domain = talloc_strndup(mem_ctx, full_name, + domain = talloc_strndup(tmp_ctx, full_name, PTR_DIFF(p, full_name)); - name = talloc_strdup(mem_ctx, p+1); + name = talloc_strdup(tmp_ctx, p+1); } else { - domain = NULL; - name = talloc_strdup(mem_ctx, full_name); + domain = talloc_strdup(tmp_ctx, ""); + name = talloc_strdup(tmp_ctx, full_name); } - if (((p != NULL) && (domain == NULL)) || (name == NULL)) { + if ((domain == NULL) || (name == NULL)) { DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(tmp_ctx); return false; } - DEBUG(10,("lookup_domain_name: %s => %s (domain), %s (name)\n", - full_name, domain, name)); - - res = lookup_domain_name(mem_ctx, domain, name, flags, - ret_domain, ret_name, ret_sid, ret_type); - - talloc_free(domain); - talloc_free(name); - - return res; -} - -bool lookup_domain_name(TALLOC_CTX *mem_ctx, - const char *domain, const char *name, int flags, - const char **ret_domain, const char **ret_name, - DOM_SID *ret_sid, enum lsa_SidType *ret_type) -{ - const char *tmp; - const char *domain_new = NULL; - uint32 rid; - DOM_SID sid; - enum lsa_SidType type; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(mem_ctx); - if (tmp_ctx == NULL) { - DEBUG(0, ("talloc_new failed\n")); - return false; - } - - if (!domain) domain = talloc_strdup(tmp_ctx, ""); - LN_CHECK_TALLOC(domain, tmp_ctx); - + DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n", + full_name, domain, name)); DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags)); if ((flags & LOOKUP_NAME_DOMAIN) && @@ -126,7 +98,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, } /* Try the explicit winbind lookup first, don't let it guess the - * domain at this point yet. This comes later. */ + * domain yet at this point yet. This comes later. */ if ((domain[0] != '\0') && (flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) && @@ -165,10 +137,9 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, /* 1. well-known names */ if ((flags & LOOKUP_NAME_WKN) && - lookup_wellknown_name(tmp_ctx, name, &sid, &domain_new)) + lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) { type = SID_NAME_WKN_GRP; - LN_CHECK_TALLOC(domain_new, tmp_ctx); goto ok; } @@ -228,13 +199,12 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, goto ok; } - /* 6. Builtin aliases */ + /* 6. Builtin aliases */ if ((flags & LOOKUP_NAME_BUILTIN) && lookup_builtin_name(name, &rid)) { - domain_new = talloc_strdup(tmp_ctx, builtin_domain_name()); - LN_CHECK_TALLOC(domain_new, tmp_ctx); + domain = talloc_strdup(tmp_ctx, builtin_domain_name()); sid_copy(&sid, &global_sid_Builtin); sid_append_rid(&sid, rid); type = SID_NAME_ALIAS; @@ -249,8 +219,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, if ((flags & LOOKUP_NAME_DOMAIN) && lookup_global_sam_name(name, flags, &rid, &type)) { - domain_new = talloc_strdup(tmp_ctx, get_global_sam_name()); - LN_CHECK_TALLOC(domain_new, tmp_ctx); + domain = talloc_strdup(tmp_ctx, get_global_sam_name()); sid_copy(&sid, get_global_sam_sid()); sid_append_rid(&sid, rid); goto ok; @@ -268,8 +237,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, if (!IS_DC && (winbind_lookup_name(lp_workgroup(), name, &sid, &type))) { - domain_new = talloc_strdup(tmp_ctx, lp_workgroup()); - LN_CHECK_TALLOC(domain_new, tmp_ctx); + domain = talloc_strdup(tmp_ctx, lp_workgroup()); goto ok; } @@ -282,7 +250,7 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, DOM_SID dom_sid; uint32 tmp_rid; enum lsa_SidType domain_type; - + if (type == SID_NAME_DOMAIN) { /* Swap name and type */ tmp = name; name = domain; domain = tmp; @@ -304,7 +272,6 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, TALLOC_FREE(tmp_ctx); return false; } - LN_CHECK_TALLOC(domain_new, tmp_ctx); goto ok; } @@ -314,15 +281,13 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, Unmapped users and unmapped groups */ if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_user_name(name, &sid)) { - domain_new = talloc_strdup(tmp_ctx, unix_users_domain_name()); - LN_CHECK_TALLOC(domain_new, tmp_ctx); + domain = talloc_strdup(tmp_ctx, unix_users_domain_name()); type = SID_NAME_USER; goto ok; } if (!(flags & LOOKUP_NAME_EXPLICIT) && lookup_unix_group_name(name, &sid)) { - domain_new = talloc_strdup(tmp_ctx, unix_groups_domain_name()); - LN_CHECK_TALLOC(domain_new, tmp_ctx); + domain = talloc_strdup(tmp_ctx, unix_groups_domain_name()); type = SID_NAME_DOM_GRP; goto ok; } @@ -335,6 +300,12 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, return false; ok: + if ((domain == NULL) || (name == NULL)) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(tmp_ctx); + return false; + } + /* * Hand over the results to the talloc context we've been given. */ @@ -348,14 +319,11 @@ bool lookup_domain_name(TALLOC_CTX *mem_ctx, if (ret_domain != NULL) { char *tmp_dom; - - if (domain_new) { - tmp_dom = talloc_steal(mem_ctx, (char *)domain_new); - } else { - tmp_dom = talloc_strdup(mem_ctx, domain); + if (!(tmp_dom = talloc_strdup(mem_ctx, domain))) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(tmp_ctx); + return false; } - LN_CHECK_TALLOC(tmp_dom, tmp_ctx); - strupper_m(tmp_dom); *ret_domain = tmp_dom; } @@ -383,42 +351,59 @@ bool lookup_name_smbconf(TALLOC_CTX *mem_ctx, const char **ret_domain, const char **ret_name, DOM_SID *ret_sid, enum lsa_SidType *ret_type) { - char *p; + char *qualified_name; + const char *p; - p = strchr_m(full_name, *lp_winbind_separator()); - if (p != NULL) { - char *name; - bool res; + /* NB. No winbindd_separator here as lookup_name needs \\' */ + if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) { - name = talloc_strdup(mem_ctx, full_name); - if (!name) { - DEBUG(0, ("Out of memory!\n")); - return false; + /* The name is already qualified with a domain. */ + + if (*lp_winbind_separator() != '\\') { + char *tmp; + + /* lookup_name() needs '\\' as a separator */ + + tmp = talloc_strdup(mem_ctx, full_name); + if (!tmp) { + return false; + } + tmp[p - full_name] = '\\'; + full_name = tmp; } - name[PTR_DIFF(p, full_name)] = '\\'; - res = lookup_name(mem_ctx, name, flags, - ret_domain, ret_name, - ret_sid, ret_type); - talloc_free(name); - return res; + return lookup_name(mem_ctx, full_name, flags, + ret_domain, ret_name, + ret_sid, ret_type); } /* Try with our own SAM name. */ - if (lookup_domain_name(mem_ctx, - get_global_sam_name(), full_name, flags, - ret_domain, ret_name, ret_sid, ret_type)) { - return true; + qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", + get_global_sam_name(), + full_name ); + if (!qualified_name) { + return false; } + if (lookup_name(mem_ctx, qualified_name, flags, + ret_domain, ret_name, + ret_sid, ret_type)) { + return true; + } + /* Finally try with "Unix Users" or "Unix Group" */ - return lookup_domain_name(mem_ctx, + qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", flags & LOOKUP_NAME_GROUP ? unix_groups_domain_name() : unix_users_domain_name(), - full_name, flags, - ret_domain, ret_name, ret_sid, ret_type); + full_name ); + if (!qualified_name) { + return false; + } + return lookup_name(mem_ctx, qualified_name, flags, + ret_domain, ret_name, + ret_sid, ret_type); } static bool wb_lookup_rids(TALLOC_CTX *mem_ctx, diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index fbe4a27abf..5677c01be1 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -94,8 +94,8 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, DOM_SID *sid, enum lsa_SidType *type) { + const char *fullname; uint32 flags = LOOKUP_NAME_ALL; - bool res; switch ( original_cmd ) { case WINBINDD_LOOKUPNAME: @@ -107,26 +107,28 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, DEBUG(10,("winbindd_passdb: limiting name_to_sid() to explicit mappings\n")); break; } - - DEBUG(10, ("looking up name [%s\\%s] (domain\\name) \n", - domain_name?domain_name:"(NULL)", name)); - - if (strchr_m(name, '\\')) { - res = lookup_name(mem_ctx, name, flags, NULL, NULL, sid, type); + + if (domain_name && domain_name[0] && strchr_m(name, '\\') == NULL) { + fullname = talloc_asprintf(mem_ctx, "%s\\%s", + domain_name, name); + if (fullname == NULL) { + return NT_STATUS_NO_MEMORY; + } } else { - res = lookup_domain_name(mem_ctx, domain_name, name, flags, - NULL, NULL, sid, type); + fullname = name; } - if (!res) { + DEBUG(10, ("Finding fullname %s\n", fullname)); + + if ( !lookup_name( mem_ctx, fullname, flags, NULL, NULL, sid, type ) ) { return NT_STATUS_NONE_MAPPED; } - DEBUG(10, ("name_to_sid for [%s\\%s] returned %s (%s)\n", - domain_name?domain_name:"(NULL)", name, + DEBUG(10, ("name_to_sid for %s returned %s (%s)\n", + fullname, sid_string_dbg(sid), sid_type_lookup((uint32)*type))); - + return NT_STATUS_OK; } |