summaryrefslogtreecommitdiff
path: root/source3/groupdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/groupdb')
-rw-r--r--source3/groupdb/mapping.c166
1 files changed, 94 insertions, 72 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index a25566a6a8..2bff6e9699 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -144,10 +144,72 @@ char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use)
}
/****************************************************************************
+initialise first time the mapping list - called from init_group_mapping()
+****************************************************************************/
+static BOOL default_group_mapping(void)
+{
+ DOM_SID sid_admins;
+ DOM_SID sid_users;
+ DOM_SID sid_guests;
+ fstring str_admins;
+ fstring str_users;
+ fstring str_guests;
+ LUID_ATTR set;
+
+ PRIVILEGE_SET privilege_none;
+ PRIVILEGE_SET privilege_all;
+ PRIVILEGE_SET privilege_print_op;
+
+ init_privilege(&privilege_none);
+ init_privilege(&privilege_all);
+ init_privilege(&privilege_print_op);
+
+ set.attr=0;
+ set.luid.high=0;
+ set.luid.low=SE_PRIV_PRINT_OPERATOR;
+ add_privilege(&privilege_print_op, set);
+
+ add_all_privilege(&privilege_all);
+
+ /* Add the Wellknown groups */
+
+ add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+ add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+ add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+ add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+ add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+
+ /* Add the defaults domain groups */
+
+ sid_copy(&sid_admins, &global_sam_sid);
+ sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
+ sid_to_string(str_admins, &sid_admins);
+ add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+ sid_copy(&sid_users, &global_sam_sid);
+ sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
+ sid_to_string(str_users, &sid_users);
+ add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
+
+ sid_copy(&sid_guests, &global_sam_sid);
+ sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
+ sid_to_string(str_guests, &sid_guests);
+ add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
+
+ return True;
+}
+
+/****************************************************************************
Open the group mapping tdb.
****************************************************************************/
-BOOL init_group_mapping(void)
+static BOOL init_group_mapping(void)
{
static pid_t local_pid;
char *vstring = "INFO/version";
@@ -239,6 +301,11 @@ BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use,
{
GROUP_MAP map;
+ if(!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping"));
+ return(False);
+ }
+
map.gid=gid;
string_to_sid(&map.sid, sid);
map.sid_name_use=sid_name_use;
@@ -343,11 +410,7 @@ check if the privilege list is empty
****************************************************************************/
BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
{
-
- if (priv_set->count!=0)
- return False;
-
- return True;
+ return (priv_set->count == 0);
}
/****************************************************************************
@@ -438,69 +501,6 @@ BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
}
/****************************************************************************
-initialise first time the mapping list
-****************************************************************************/
-BOOL default_group_mapping(void)
-{
- DOM_SID sid_admins;
- DOM_SID sid_users;
- DOM_SID sid_guests;
- fstring str_admins;
- fstring str_users;
- fstring str_guests;
- LUID_ATTR set;
-
- PRIVILEGE_SET privilege_none;
- PRIVILEGE_SET privilege_all;
- PRIVILEGE_SET privilege_print_op;
-
- init_privilege(&privilege_none);
- init_privilege(&privilege_all);
- init_privilege(&privilege_print_op);
-
- set.attr=0;
- set.luid.high=0;
- set.luid.low=SE_PRIV_PRINT_OPERATOR;
- add_privilege(&privilege_print_op, set);
-
- add_all_privilege(&privilege_all);
-
- /* Add the Wellknown groups */
-
- add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
- add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
-
- add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
- add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
-
- add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK);
-
- /* Add the defaults domain groups */
-
- sid_copy(&sid_admins, &global_sam_sid);
- sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS);
- sid_to_string(str_admins, &sid_admins);
- add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
-
- sid_copy(&sid_users, &global_sam_sid);
- sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS);
- sid_to_string(str_users, &sid_users);
- add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);
-
- sid_copy(&sid_guests, &global_sam_sid);
- sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS);
- sid_to_string(str_guests, &sid_guests);
- add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK);
-
- return True;
-}
-
-
-/****************************************************************************
return the sid and the type of the unix group
****************************************************************************/
BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
@@ -910,6 +910,11 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
{
struct group *grp;
+ if(!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping"));
+ return(False);
+ }
+
DEBUG(10, ("get_domain_group_from_sid\n"));
/* if the group is NOT in the database, it CAN NOT be a domain group */
@@ -954,6 +959,11 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
{
struct group *grp;
+ if(!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping"));
+ return(False);
+ }
+
/* The group is in the mapping table */
if(get_group_map_from_sid(sid, map, with_priv)) {
if (map->sid_name_use!=SID_NAME_ALIAS) {
@@ -1004,6 +1014,11 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
{
struct group *grp;
+ if(!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping"));
+ return(False);
+ }
+
if(!get_group_map_from_sid(sid, map, with_priv))
return False;
@@ -1037,6 +1052,11 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
{
struct group *grp;
+ if(!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping"));
+ return(False);
+ }
+
if ( (grp=getgrgid(gid)) == NULL)
return False;
@@ -1084,6 +1104,11 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
char *gr;
uid_t *u;
+ if(!init_group_mapping()) {
+ DEBUG(0,("failed to initialize group mapping"));
+ return(False);
+ }
+
*num_uids = 0;
*uid=NULL;
@@ -1199,6 +1224,3 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user)
DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
return ret;
}
-
-
-