summaryrefslogtreecommitdiff
path: root/source3/groupdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/groupdb')
-rw-r--r--source3/groupdb/mapping.c216
1 files changed, 103 insertions, 113 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 643c6e517c..589cd3c282 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -38,15 +38,17 @@ static TDB_CONTEXT *tdb; /* used for driver files */
#define MEMBEROF_PREFIX "MEMBEROF/"
-static BOOL enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap,
- size_t *p_num_entries, BOOL unix_only);
+static NTSTATUS enum_group_mapping(const DOM_SID *sid,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **pp_rmap,
+ size_t *p_num_entries, BOOL unix_only);
static BOOL group_map_remove(const DOM_SID *sid);
/****************************************************************************
Open the group mapping tdb.
****************************************************************************/
-static BOOL init_group_mapping(void)
+static NTSTATUS init_group_mapping(void)
{
const char *vstring = "INFO/version";
int32 vers_id;
@@ -54,12 +56,13 @@ static BOOL init_group_mapping(void)
size_t num_entries = 0;
if (tdb)
- return True;
+ return NT_STATUS_OK;
- tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600);
+ tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT,
+ O_RDWR|O_CREAT, 0600);
if (!tdb) {
DEBUG(0,("Failed to open group mapping database\n"));
- return False;
+ return map_nt_error_from_unix(errno);
}
/* handle a Samba upgrade */
@@ -84,7 +87,9 @@ static BOOL init_group_mapping(void)
/* cleanup any map entries with a gid == -1 */
- if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, &num_entries, False ) ) {
+ if ( NT_STATUS_IS_OK(enum_group_mapping( NULL, SID_NAME_UNKNOWN,
+ &map_table, &num_entries,
+ False ))) {
int i;
for ( i=0; i<num_entries; i++ ) {
@@ -97,21 +102,24 @@ static BOOL init_group_mapping(void)
}
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
****************************************************************************/
-static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
+static NTSTATUS add_mapping_entry(GROUP_MAP *map, int flag)
{
TDB_DATA kbuf, dbuf;
pstring key, buf;
fstring string_sid="";
int len;
+ NTSTATUS status;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
+ status = init_group_mapping();
+ if(!NT_STATUS_IS_OK(status)) {
+ DEBUG(0,("failed to initialize group mapping: %s\n",
+ nt_errstr(status)));
+ return status;
}
sid_to_string(string_sid, &map->sid);
@@ -120,7 +128,7 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
map->gid, map->sid_name_use, map->nt_name, map->comment);
if (len > sizeof(buf))
- return False;
+ return NT_STATUS_NO_MEMORY;
slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
@@ -128,9 +136,11 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag)
kbuf.dptr = key;
dbuf.dsize = len;
dbuf.dptr = buf;
- if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False;
+ if (tdb_store(tdb, kbuf, dbuf, flag) != 0) {
+ return map_ntstatus_from_tdb(tdb);
+ }
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
@@ -195,16 +205,19 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
Return the sid and the type of the unix group.
****************************************************************************/
-static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map)
+static NTSTATUS get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf;
pstring key;
fstring string_sid;
int ret = 0;
+ NTSTATUS status;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
+ status = init_group_mapping();
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("failed to initialize group mapping: %s\n",
+ nt_errstr(status)));
+ return status;
}
/* the key is the SID, retrieving is direct */
@@ -216,8 +229,9 @@ static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map)
kbuf.dsize = strlen(key)+1;
dbuf = tdb_fetch(tdb, kbuf);
- if (!dbuf.dptr)
- return False;
+ if (!dbuf.dptr) {
+ return NT_STATUS_NOT_FOUND;
+ }
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
&map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
@@ -226,27 +240,30 @@ static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map)
if ( ret == -1 ) {
DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n"));
- return False;
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
sid_copy(&map->sid, sid);
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
Return the sid and the type of the unix group.
****************************************************************************/
-static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
+static NTSTATUS get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
int ret;
+ NTSTATUS status;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
+ status = init_group_mapping();
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("failed to initialize group mapping: %s\n",
+ nt_errstr(status)));
+ return status;
}
/* we need to enumerate the TDB to find the GID */
@@ -272,31 +289,34 @@ static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
if ( ret == -1 ) {
DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n"));
- return False;
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if (gid==map->gid) {
SAFE_FREE(kbuf.dptr);
- return True;
+ return NT_STATUS_OK;
}
}
- return False;
+ return NT_STATUS_NOT_FOUND;
}
/****************************************************************************
Return the sid and the type of the unix group.
****************************************************************************/
-static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
+static NTSTATUS get_group_map_from_ntname(const char *name, GROUP_MAP *map)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
int ret;
+ NTSTATUS status;
- if(!init_group_mapping()) {
- DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n"));
- return(False);
+ status = init_group_mapping();
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("get_group_map_from_ntname: failed to initialize "
+ "group mapping: %s\n", nt_errstr(status)));
+ return status;
}
/* we need to enumerate the TDB to find the name */
@@ -322,16 +342,16 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
if ( ret == -1 ) {
DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n"));
- return False;
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
if ( strequal(name, map->nt_name) ) {
SAFE_FREE(kbuf.dptr);
- return True;
+ return NT_STATUS_OK;
}
}
- return False;
+ return NT_STATUS_NOT_FOUND;
}
/****************************************************************************
@@ -344,7 +364,7 @@ static BOOL group_map_remove(const DOM_SID *sid)
pstring key;
fstring string_sid;
- if(!init_group_mapping()) {
+ if(!NT_STATUS_IS_OK(init_group_mapping())) {
DEBUG(0,("failed to initialize group mapping\n"));
return(False);
}
@@ -373,8 +393,10 @@ static BOOL group_map_remove(const DOM_SID *sid)
Enumerate the group mapping.
****************************************************************************/
-static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap,
- size_t *p_num_entries, BOOL unix_only)
+static NTSTATUS enum_group_mapping(const DOM_SID *domsid,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **pp_rmap,
+ size_t *p_num_entries, BOOL unix_only)
{
TDB_DATA kbuf, dbuf, newkey;
fstring string_sid;
@@ -384,10 +406,13 @@ static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name
size_t entries=0;
DOM_SID grpsid;
uint32 rid;
+ NTSTATUS status;
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
+ status = init_group_mapping();
+ if(!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("failed to initialize group mapping: %s\n",
+ nt_errstr(status)));
+ return status;
}
*p_num_entries=0;
@@ -447,7 +472,7 @@ static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name
(*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
if (!(*pp_rmap)) {
DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
- return False;
+ return NT_STATUS_NO_MEMORY;
}
mapt = (*pp_rmap);
@@ -464,7 +489,7 @@ static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name
*p_num_entries=entries;
- return True;
+ return NT_STATUS_OK;
}
/* This operation happens on session setup, so it should better be fast. We
@@ -477,7 +502,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
TDB_DATA kbuf, dbuf;
const char *p;
- if (!init_group_mapping()) {
+ if (!NT_STATUS_IS_OK(init_group_mapping())) {
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_ACCESS_DENIED;
}
@@ -558,12 +583,12 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
char *new_memberstring;
int result;
- if(!init_group_mapping()) {
+ if(!NT_STATUS_IS_OK(init_group_mapping())) {
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_ACCESS_DENIED;
}
- if (!get_group_map_from_sid(alias, &map))
+ if (!NT_STATUS_IS_OK(get_group_map_from_sid(alias, &map)))
return NT_STATUS_NO_SUCH_ALIAS;
if ( (map.sid_name_use != SID_NAME_ALIAS) &&
@@ -661,12 +686,12 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
GROUP_MAP map;
struct aliasmem_closure closure;
- if(!init_group_mapping()) {
+ if(!NT_STATUS_IS_OK(init_group_mapping())) {
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_ACCESS_DENIED;
}
- if (!get_group_map_from_sid(alias, &map))
+ if (!NT_STATUS_IS_OK(get_group_map_from_sid(alias, &map)))
return NT_STATUS_NO_SUCH_ALIAS;
if ( (map.sid_name_use != SID_NAME_ALIAS) &&
@@ -771,14 +796,16 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
/* get a domain group from it's SID */
-BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map)
+NTSTATUS get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map)
{
struct group *grp;
- BOOL ret;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
+ NTSTATUS status;
+
+ status = init_group_mapping();
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("failed to initialize group mapping: %s\n",
+ nt_errstr(status)));
+ return status;
}
DEBUG(10, ("get_domain_group_from_sid\n"));
@@ -786,12 +813,12 @@ BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map)
/* if the group is NOT in the database, it CAN NOT be a domain group */
become_root();
- ret = NT_STATUS_IS_OK(pdb_getgrsid(map, sid));
+ status = pdb_getgrsid(map, sid);
unbecome_root();
/* special case check for rid 513 */
- if ( !ret ) {
+ if ( !NT_STATUS_IS_OK(status) ) {
uint32 rid;
sid_peek_rid( sid, &rid );
@@ -802,23 +829,23 @@ BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map)
sid_copy( &map->sid, sid );
map->sid_name_use = SID_NAME_DOM_GRP;
- return True;
+ return NT_STATUS_OK;
}
- return False;
+ return status;
}
DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
/* if it's not a domain group, continue */
if (map->sid_name_use!=SID_NAME_DOM_GRP) {
- return False;
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
}
DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
if (map->gid==-1) {
- return False;
+ return NT_STATUS_NOT_FOUND;
}
DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
@@ -826,12 +853,12 @@ BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map)
grp = getgrgid(map->gid);
if ( !grp ) {
DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
- return False;
+ return NT_STATUS_NOT_FOUND;
}
DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
@@ -975,36 +1002,31 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user)
NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
const DOM_SID *sid)
{
- return get_group_map_from_sid(sid, map) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return get_group_map_from_sid(sid, map);
}
NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid)
{
- return get_group_map_from_gid(gid, map) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return get_group_map_from_gid(gid, map);
}
NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
const char *name)
{
- return get_group_map_from_ntname(name, map) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return get_group_map_from_ntname(name, map);
}
NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
- return add_mapping_entry(map, TDB_INSERT) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return add_mapping_entry(map, TDB_INSERT);
}
NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
- return add_mapping_entry(map, TDB_REPLACE) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return add_mapping_entry(map, TDB_REPLACE);
}
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
@@ -1015,12 +1037,14 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
}
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
- const DOM_SID *sid, enum SID_NAME_USE sid_name_use,
- GROUP_MAP **pp_rmap, size_t *p_num_entries,
- BOOL unix_only)
+ const DOM_SID *sid,
+ enum SID_NAME_USE sid_name_use,
+ GROUP_MAP **pp_rmap,
+ size_t *p_num_entries,
+ BOOL unix_only)
{
- return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ?
- NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+ return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries,
+ unix_only);
}
NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
@@ -1187,40 +1211,6 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
return NT_STATUS_OK;
}
-/****************************************************************************
- These need to be redirected through pdb_interface.c
-****************************************************************************/
-BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info)
-{
- GROUP_MAP map;
- BOOL res;
-
- become_root();
- res = get_domain_group_from_sid(sid, &map);
- unbecome_root();
-
- if (!res)
- return False;
-
- fstrcpy(info->acct_name, map.nt_name);
- fstrcpy(info->acct_desc, map.comment);
- sid_peek_rid(sid, &info->rid);
- return True;
-}
-
-BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info)
-{
- GROUP_MAP map;
-
- if (!get_domain_group_from_sid(sid, &map))
- return False;
-
- fstrcpy(map.nt_name, info->acct_name);
- fstrcpy(map.comment, info->acct_desc);
-
- return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map));
-}
-
/********************************************************************
Really just intended to be called by smbd
********************************************************************/