diff options
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/groupname.c | 606 | ||||
| -rw-r--r-- | source3/smbd/nttrans.c | 4 | ||||
| -rw-r--r-- | source3/smbd/server.c | 20 |
3 files changed, 3 insertions, 627 deletions
diff --git a/source3/smbd/groupname.c b/source3/smbd/groupname.c deleted file mode 100644 index 44625cf54a..0000000000 --- a/source3/smbd/groupname.c +++ /dev/null @@ -1,606 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Groupname handling - Copyright (C) Jeremy Allison 1998. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - * UNIX gid and Local or Domain SID resolution. This module resolves - * only those entries in the map files, it is *NOT* responsible for - * resolving UNIX groups not listed: that is an entirely different - * matter, altogether... - */ - -/* - * - * - - format of the file is: - - unixname NT Group name - unixname Domain Admins (well-known Domain Group) - unixname DOMAIN_NAME\NT Group name - unixname OTHER_DOMAIN_NAME\NT Group name - unixname DOMAIN_NAME\Domain Admins (well-known Domain Group) - .... - - if the DOMAIN_NAME\ component is left off, then your own domain is assumed. - - * - * - */ - - -#include "includes.h" -extern int DEBUGLEVEL; - -/* we can map either local aliases or domain groups */ -typedef enum -{ - GROUP_LOCAL, - GROUP_DOMAIN - -} GROUP_TYPE; - -/************************************************************************** - Groupname map functionality. The code loads a groupname map file and - (currently) loads it into a linked list. This is slow and memory - hungry, but can be changed into a more efficient storage format - if the demands on it become excessive. -***************************************************************************/ - -typedef struct group_name_info -{ - char *nt_name; - char *nt_domain; - char *unix_name; - - DOM_SID sid; - gid_t unix_gid; - -} GROUP_NAME_INFO; - -typedef struct name_map -{ - ubi_slNode next; - GROUP_NAME_INFO grp; - -} name_map_entry; - -static ubi_slList groupname_map_list; -static ubi_slList aliasname_map_list; - -static void delete_name_entry(name_map_entry *gmep) -{ - if (gmep->grp.nt_name) - { - free(gmep->grp.nt_name); - } - if (gmep->grp.nt_domain) - { - free(gmep->grp.nt_domain); - } - if (gmep->grp.unix_name) - { - free(gmep->grp.unix_name); - } - free((char*)gmep); -} - -/************************************************************************** - Delete all the entries in the name map list. -***************************************************************************/ - -static void delete_map_list(ubi_slList *map_list) -{ - name_map_entry *gmep; - - while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL) - { - delete_name_entry(gmep); - } -} - - -/************************************************************************** - makes a group sid out of a domain sid and a _unix_ gid. -***************************************************************************/ -static BOOL make_mydomain_sid(GROUP_NAME_INFO *grp, GROUP_TYPE type) -{ - uint32 tmp_rid; - uint8 tmp_type; - - DEBUG(10,("make_mydomain_sid\n")); - - if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) - { - DEBUG(0,("make_mydomain_sid: unknown domain %s\n", - grp->nt_domain)); - return False; - } - else if (lookup_wk_group_rid(grp->nt_name, &tmp_rid, &tmp_type)) - { - return sid_append_rid(&grp->sid, tmp_rid); - } - else - { - if (type == GROUP_DOMAIN) - { - tmp_rid = pwdb_gid_to_group_rid(grp->unix_gid); - } - else - { - tmp_rid = pwdb_gid_to_alias_rid(grp->unix_gid); - } - return sid_append_rid(&(grp->sid), tmp_rid); - } -} - -/************************************************************************** - makes a group sid out of an nt domain, nt group name or a unix group name. -***************************************************************************/ -static BOOL unix_name_to_group_info(GROUP_NAME_INFO *grp, GROUP_TYPE type) -{ - extern fstring global_sam_name; - struct group *gptr = NULL; - - /* - * Attempt to get the unix gid_t for this name. - */ - - DEBUG(5,("unix_name_to_group_info: unix_name:%s\n", grp->unix_name)); - - gptr = (struct group *)getgrnam(grp->unix_name); - if (gptr == NULL) - { - DEBUG(0,("unix_name_to_group_info: getgrnam for group %s\ -failed. Error was %s.\n", grp->unix_name, strerror(errno) )); - return False; - } - - grp->unix_gid = (gid_t)gptr->gr_gid; - - DEBUG(5,("unix_name_to_group_info: unix gid:%d\n", grp->unix_gid)); - - /* - * Now map the name to an NT SID+RID. - */ - - if (grp->nt_domain != NULL && !strequal(grp->nt_domain, global_sam_name)) - { - /* Must add client-call lookup code here, to - * resolve remote domain's sid and the group's rid, - * in that domain. - * - * NOTE: it is _incorrect_ to put code here that assumes - * that we can call pwdb_gid_to_group_rid() or _alias_rid(): - * it is a totally different domain for which we are *NOT* - * responsible. - * for foriegn domains for which we are *NOT* the PDC, all - * we can be responsible for is the unix * gid_t to which - * the foriegn SID+rid maps to, on this _local_ machine. - */ - - if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain))) - { - DEBUG(0,("unix_name_to_group_info: no known sid for %s\n", - grp->nt_domain)); - return False; - } - - DEBUG(0,("unix_name_to_group_info: cannot resolve domain %s\n", - grp->nt_domain)); - - return False; - } - else - { - return make_mydomain_sid(grp, type); - } -} - -static BOOL make_name_entry(name_map_entry **new_ep, - char *nt_domain, char *nt_group, char *unix_group, - GROUP_TYPE type) -{ - /* - * Create the list entry and add it onto the list. - */ - - DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group)); - - (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry)); - if ((*new_ep) == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n")); - return False; - } - - ZERO_STRUCTP(*new_ep); - - (*new_ep)->grp.nt_name = strdup(nt_group ); - (*new_ep)->grp.nt_domain = strdup(nt_domain ); - (*new_ep)->grp.unix_name = strdup(unix_group); - - if ((*new_ep)->grp.nt_name == NULL || - (*new_ep)->grp.unix_name == NULL) - { - DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n")); - delete_name_entry((*new_ep)); - return False; - } - - /* - * look up the group names, make the Group-SID and unix gid - */ - - if (!unix_name_to_group_info(&(*new_ep)->grp, type)) - { - delete_name_entry((*new_ep)); - return False; - } - - return True; -} - -/************************************************************************** - Load a name map file. Sets last accessed timestamp. -***************************************************************************/ -static void load_name_map(GROUP_TYPE type) -{ - static time_t groupmap_file_last_modified = (time_t)0; - static time_t aliasmap_file_last_modified = (time_t)0; - static BOOL initialised_group = False; - static BOOL initialised_alias = False; - char *groupname_map_file = lp_groupname_map(); - char *aliasname_map_file = lp_aliasname_map(); - - SMB_STRUCT_STAT st; - FILE *fp; - char *s; - pstring buf; - name_map_entry *new_ep; - - time_t *file_last_modified; - int *initialised; - char *map_file; - ubi_slList *map_list; - - if (type == GROUP_DOMAIN) - { - file_last_modified = &groupmap_file_last_modified; - initialised = &initialised_group; - map_file = groupname_map_file; - map_list = &groupname_map_list; - } - else - { - file_last_modified = &aliasmap_file_last_modified; - initialised = &initialised_alias; - map_file = aliasname_map_file; - map_list = &aliasname_map_list; - } - - DEBUG(10,("load_name_map : %s\n", map_file)); - - if (!(*initialised)) - { - ubi_slInitList(map_list); - (*initialised) = True; - } - - if (!*map_file) - { - return; - } - - if (sys_stat(map_file, &st) != 0) - { - DEBUG(0, ("load_name_map: Unable to stat file %s. Error was %s\n", - map_file, strerror(errno) )); - return; - } - - /* - * Check if file has changed. - */ - if (st.st_mtime <= (*file_last_modified)) - { - return; - } - - (*file_last_modified) = st.st_mtime; - - /* - * Load the file. - */ - - fp = sys_fopen(map_file,"r"); - if (!fp) - { - DEBUG(0,("load_name_map: can't open name map %s. Error was %s\n", - map_file, strerror(errno))); - return; - } - - /* - * Throw away any previous list. - */ - delete_map_list(map_list); - - DEBUG(4,("load_name_map: Scanning name map %s\n",map_file)); - - while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL) - { - pstring unixname; - pstring nt_name; - fstring nt_domain; - fstring nt_group; - char *p; - - DEBUG(10,("Read line |%s|\n", s)); - - memset(nt_name, 0, sizeof(nt_name)); - - if (!*s || strchr("#;",*s)) - continue; - - if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname))) - continue; - - if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name))) - continue; - - trim_string(unixname, " ", " "); - trim_string(nt_name, " ", " "); - - if (!*nt_name) - continue; - - if (!*unixname) - continue; - - DEBUG(5,("unixname = %s, ntname = %s.\n", - unixname, nt_name)); - - p = strchr(nt_name, '\\'); - - if (p == NULL) - { - memset(nt_domain, 0, sizeof(nt_domain)); - fstrcpy(nt_group, nt_name); - } - else - { - *p = 0; - p++; - fstrcpy(nt_domain, nt_name); - fstrcpy(nt_group , p); - } - - if (make_name_entry(&new_ep, nt_domain, nt_name, unixname, type)) - { - ubi_slAddHead(map_list, (ubi_slNode *)new_ep); - } - } - - DEBUG(10,("load_name_map: Added %ld entries to name map.\n", - ubi_slCount(map_list))); - - fclose(fp); -} - -/*********************************************************** - Lookup a gid_t by SID -************************************************************/ -static BOOL map_sid_to_gid(GROUP_TYPE type, ubi_slList *map_list, - DOM_SID *psid, gid_t *gid) -{ - name_map_entry *gmep; - - /* - * Initialize and load if not already loaded. - */ - load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (sid_equal(&gmep->grp.sid, psid)) - { - *gid = gmep->grp.unix_gid; - DEBUG(7,("map_sid_to_gid: Mapping unix group %s to nt group %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -/*********************************************************** - Lookup a SID entry by nt name. -************************************************************/ -static BOOL map_sid_to_ntname(GROUP_TYPE type, ubi_slList *map_list, - DOM_SID *psid, char *ntname, char *ntdomain) -{ - name_map_entry *gmep; - - /* - * Initialize and load if not already loaded. - */ - load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(&map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (sid_equal(&gmep->grp.sid, psid)) - { - if (ntname != NULL) - { - fstrcpy(ntname, gmep->grp.nt_name); - } - if (ntdomain != NULL) - { - fstrcpy(ntname, gmep->grp.nt_domain); - } - DEBUG(7,("map_sid_to_ntname: Mapping unix group %s to nt group \\%s\\%s\n", - gmep->grp.unix_name, - gmep->grp.nt_domain, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -/*********************************************************** - Lookup a SID entry by nt name. -************************************************************/ -static BOOL map_ntname_to_sid(GROUP_TYPE type, ubi_slList *map_list, - char * ntname, DOM_SID *psid) -{ - name_map_entry *gmep; - - /* - * Initialize and load if not already loaded. - */ - load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(&map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (strequal(gmep->grp.nt_name, ntname)) - { - *psid = gmep->grp.sid; - DEBUG(7,("map_ntname_to_sid: Mapping unix group %s to nt group %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -/*********************************************************** - Lookup a SID entry by gid_t. -************************************************************/ -static BOOL map_gid_to_sid(GROUP_TYPE type, ubi_slList *map_list, - gid_t gid, DOM_SID *psid) -{ - name_map_entry *gmep; - - /* - * Initialize and load if not already loaded. - */ - load_name_map(type); - - for (gmep = (name_map_entry *)ubi_slFirst(&map_list); - gmep != NULL; - gmep = (name_map_entry *)ubi_slNext(gmep )) - { - if (gmep->grp.unix_gid == gid) - { - *psid = gmep->grp.sid; - DEBUG(7,("map_gid_to_sid: Mapping unix group %s to nt group %s.\n", - gmep->grp.unix_name, gmep->grp.nt_name )); - return True; - } - } - - return False; -} - -/* - * Call these four functions to resolve unix group ids and either - * local group SIDs or domain group SIDs listed in the local group - * or domain group map files. - * - * Note that it is *NOT* the responsibility of these functions to - * resolve entries that are not in the map files. - * - * Any SID can be in the map files (i.e from any Domain). - */ - -/*********************************************************** - Lookup a Group entry by sid. -************************************************************/ -BOOL map_group_sid_to_name(DOM_SID *psid, char *group_name, char *nt_domain) -{ - return map_sid_to_ntname(GROUP_DOMAIN, &groupname_map_list, psid, group_name, nt_domain); -} - -/*********************************************************** - Lookup an Alias SID entry by name. -************************************************************/ -BOOL map_alias_sid_to_name(DOM_SID *psid, char *alias_name, char *nt_domain) -{ - return map_sid_to_ntname(GROUP_LOCAL, &aliasname_map_list, psid, alias_name, nt_domain); -} - -/*********************************************************** - Lookup a Group SID entry by name. -************************************************************/ -BOOL map_group_name_to_sid(char *group_name, DOM_SID *psid) -{ - return map_ntname_to_sid(GROUP_DOMAIN, &groupname_map_list, group_name, psid); -} - -/*********************************************************** - Lookup an Alias SID entry by name. -************************************************************/ -BOOL map_alias_name_to_sid(char *alias_name, DOM_SID *psid) -{ - return map_ntname_to_sid(GROUP_LOCAL, &aliasname_map_list, alias_name, psid); -} - -/*********************************************************** - Lookup an Alias SID entry by gid_t. -************************************************************/ -BOOL map_gid_to_alias_sid(gid_t gid, DOM_SID *psid) -{ - return map_gid_to_sid(GROUP_LOCAL, &aliasname_map_list, gid, psid); -} - -/*********************************************************** - Lookup a Group SID entry by gid_t. -************************************************************/ -BOOL map_gid_to_group_sid( gid_t gid, DOM_SID *psid) -{ - return map_gid_to_sid(GROUP_DOMAIN, &groupname_map_list, gid, psid); -} - -/*********************************************************** - Lookup a Group gid_t by SID -************************************************************/ -BOOL map_group_sid_to_gid( DOM_SID *psid, gid_t *gid) -{ - return map_sid_to_gid(GROUP_DOMAIN, &groupname_map_list, psid, gid); -} - -/*********************************************************** - Lookup an Alias gid_t by SID -************************************************************/ -BOOL map_alias_sid_to_gid( DOM_SID *psid, gid_t *gid) -{ - return map_sid_to_gid(GROUP_LOCAL, &aliasname_map_list, psid, gid); -} - diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 8aacfa3867..60620c9854 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -615,8 +615,8 @@ int reply_ntcreate_and_X(connection_struct *conn, /* If it's an IPC, use the pipe handler. */ - if (IS_IPC(conn) && lp_nt_pipe_support()) { - + if (IS_IPC(conn) && lp_nt_pipe_support() && lp_security() != SEC_SHARE) + { int ret = nt_open_pipe(fname, conn, inbuf, outbuf, &pnum); if(ret != 0) return ret; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 49816e5d47..e064b52dfa 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -652,26 +652,8 @@ static void usage(char *pname) codepage_initialise(lp_client_code_page()); fstrcpy(global_myworkgroup, lp_workgroup()); - memset(global_sam_name, 0, sizeof(global_sam_name)); - if (lp_domain_logons()) - { - if (lp_security() == SEC_USER) - { - /* we are PDC (or BDC) for a Domain */ - fstrcpy(global_sam_name, lp_workgroup()); - } - else if (lp_security() == SEC_DOMAIN) - { - /* we are a "PDC", but FOR LOCAL SAM DATABASE ONLY */ - fstrcpy(global_sam_name, global_myname); - } - else if (lp_security() == SEC_SHARE) - { - DEBUG(0,("ERROR: no Domain functionality in security = share\n")); - exit(1); - } - } + get_sam_domain_name(); generate_wellknown_sids(); |