diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 10 | ||||
-rw-r--r-- | source3/groupdb/mapping.c | 981 | ||||
-rw-r--r-- | source3/include/passdb.h | 8 | ||||
-rw-r--r-- | source3/include/smb.h | 5 | ||||
-rw-r--r-- | source3/lib/talloc.c | 40 | ||||
-rw-r--r-- | source3/lib/tdb_multikey.c | 588 | ||||
-rw-r--r-- | source3/passdb/lookup_sid.c | 4 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 2 | ||||
-rw-r--r-- | source3/passdb/pdb_interface.c | 56 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 4 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 6 | ||||
-rwxr-xr-x | source3/script/tests/test_smbtorture_s3.sh | 3 | ||||
-rw-r--r-- | source3/tdb/tdbutil.c | 12 | ||||
-rw-r--r-- | source3/tdb/tdbutil.h | 2 | ||||
-rw-r--r-- | source3/torture/local-groupmap.c | 64 | ||||
-rw-r--r-- | source3/torture/local-multikey.c | 211 | ||||
-rw-r--r-- | source3/torture/torture.c | 7 | ||||
-rw-r--r-- | source3/utils/net_groupmap.c | 85 | ||||
-rw-r--r-- | source3/utils/net_rpc_samsync.c | 10 | ||||
-rw-r--r-- | source3/utils/net_sam.c | 8 |
21 files changed, 595 insertions, 1513 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 1f5a39d9da..0ff5872063 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -225,7 +225,7 @@ LIB_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \ lib/md5.o lib/hmacmd5.o lib/arc4.o lib/iconv.o \ nsswitch/wb_client.o $(WBCOMMON_OBJ) \ lib/pam_errors.o intl/lang_tdb.o \ - lib/adt_tree.o lib/gencache.o $(TDB_OBJ) lib/tdb_multikey.o \ + lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \ lib/secdesc.o lib/util_seaccess.o lib/secace.o lib/secacl.o @SOCKWRAP@ \ libads/krb5_errs.o lib/system_smbd.o lib/audit.o @@ -608,12 +608,10 @@ NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) $(RPC_PARSE_OBJ1) $ $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ - torture/denytest.o torture/mangle_test.o \ - torture/local-multikey.o torture/local-groupmap.o + torture/denytest.o torture/mangle_test.o SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) \ - $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) \ - $(PASSDB_OBJ) $(GROUPDB_OBJ) $(SMBLDAP_OBJ) + $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ) @@ -1015,7 +1013,7 @@ bin/nmblookup@EXEEXT@: $(NMBLOOKUP_OBJ) @BUILD_POPT@ bin/.dummy bin/smbtorture@EXEEXT@: $(SMBTORTURE_OBJ) bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) + @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) bin/talloctort@EXEEXT@: $(TALLOCTORT_OBJ) bin/.dummy @echo Linking $@ diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index b617e34565..c701ef165d 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean Francois Micouleau 1998-2001. + * Copyright (C) Jean François Micouleau 1998-2001. * Copyright (C) Volker Lendecke 2006. * Copyright (C) Gerald Carter 2006. * @@ -27,7 +27,6 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ #define DATABASE_VERSION_V2 2 /* le format. */ -#define DATABASE_VERSION_V3 3 /* Indexed format */ #define GROUP_PREFIX "UNIXGROUP/" @@ -38,243 +37,125 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" -static BOOL pack_group_map(TALLOC_CTX *mem_ctx, const GROUP_MAP *map, - TDB_DATA *data) -{ - return tdb_pack_append(mem_ctx, &data->dptr, &data->dsize, "fddff", - sid_string_static(&map->sid), map->gid, - map->sid_name_use, map->nt_name, map->comment); -} - -static BOOL unpack_group_map(TDB_DATA data, GROUP_MAP *map) -{ - fstring sidstr; - - if (!tdb_unpack(data.dptr, data.dsize, "fddff", sidstr, &map->gid, - &map->sid_name_use, &map->nt_name, &map->comment)) { - DEBUG(0, ("tdb_unpack failed\n")); - return False; - } - if (!string_to_sid(&map->sid, sidstr)) { - DEBUG(0, ("sid_string %s invalid\n", sidstr)); - return False; - } - - return True; -} - -/* - * Calculate keys from the group mapping record - * - * We've got 3 keys: SID, Name (uppercased) and gid - */ - -#define KEYNUM_SID (0) -#define KEYNUM_NAME (1) -#define KEYNUM_GID (2) - -static char **group_mapping_keys(TALLOC_CTX *mem_ctx, TDB_DATA data, - void *private_data) -{ - char **result; - GROUP_MAP map; - GROUP_MAP *mapp = (GROUP_MAP *)private_data; - - if (mapp == NULL) { - if (!unpack_group_map(data, &map)) { - DEBUG(0, ("unpack_groupmap failed\n")); - return NULL; - } - mapp = ↦ - } - - result = TALLOC_ARRAY(mem_ctx, char *, 4); - if (result == NULL) { - DEBUG(0, ("talloc_array failed\n")); - return NULL; - } - - result[KEYNUM_SID] = talloc_strdup(result, - sid_string_static(&mapp->sid)); - result[KEYNUM_NAME] = talloc_strdup(result, mapp->nt_name); - result[KEYNUM_GID] = talloc_asprintf(result, "%d", (int)mapp->gid); - result[3] = NULL; - - if ((result[0] == NULL) || (result[1] == NULL) || - (result[2] == NULL)) { - DEBUG(0, ("talloc failed\n")); - TALLOC_FREE(result); - return NULL; - } - - /* name lookups are case insensitive, store the key in upper case */ - strupper_m(result[KEYNUM_NAME]); - - return result; -} - -static NTSTATUS upgrade_groupdb_to_v3(struct tdb_context *groupdb) -{ - TDB_DATA kbuf, newkey; - NTSTATUS status; - - for (kbuf = tdb_firstkey(groupdb); - kbuf.dptr; - newkey = tdb_nextkey(groupdb, kbuf), safe_free(kbuf.dptr), - kbuf=newkey) { - - fstring string_sid; - TDB_DATA data, newdata; - GROUP_MAP map; - int ret; - - if (strncmp(kbuf.dptr, GROUP_PREFIX, - strlen(GROUP_PREFIX)) != 0) { - continue; - } - - data = tdb_fetch(groupdb, kbuf); - if (!data.dptr) { - continue; - } - - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - - ret = tdb_unpack(data.dptr, data.dsize, "ddff", - &map.gid, &map.sid_name_use, &map.nt_name, - &map.comment); - SAFE_FREE(data.dptr); - - if ( ret == -1 ) { - DEBUG(3,("upgrade_groupdb_to_v3: tdb_unpack " - "failure\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - if (!string_to_sid(&map.sid, string_sid)) { - DEBUG(3, ("Got invalid sid: %s\n", string_sid)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - if (tdb_delete(groupdb, kbuf) < 0) { - status = map_ntstatus_from_tdb(groupdb); - DEBUG(3, ("tdb_delete failed: %s\n", - nt_errstr(status))); - return status; - } - - if (map.gid == -1) { - DEBUG(3, ("Deleting umapped group %s\n", map.nt_name)); - continue; - } - - ZERO_STRUCT(newdata); - - if (!pack_group_map(NULL, &map, &newdata)) { - DEBUG(0, ("pack_group_map_failed\n")); - return NT_STATUS_NO_MEMORY; - } - - status = tdb_add_keyed(groupdb, group_mapping_keys, - newdata, &map); - TALLOC_FREE(newdata.dptr); - - if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECTID_EXISTS)) { - DEBUG(0, ("mapping for gid %d / name %s maps to " - "multiple SIDs -- rejected\n", - map.gid, map.nt_name)); - return status; - } - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(5, ("tdb_add_keyed failed: %s\n", - nt_errstr(status))); - return status; - } - } - - return NT_STATUS_OK; -} +static BOOL enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only); +static BOOL group_map_remove(const DOM_SID *sid); /**************************************************************************** Open the group mapping tdb. ****************************************************************************/ -static NTSTATUS init_group_mapping(void) +static BOOL init_group_mapping(void) { const char *vstring = "INFO/version"; int32 vers_id; - NTSTATUS status; + GROUP_MAP *map_table = NULL; + size_t num_entries = 0; if (tdb) - return NT_STATUS_OK; + return True; - tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, - O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { - DEBUG(0,("Failed to open group mapping database: %s\n", - strerror(errno))); - return map_nt_error_from_unix(errno); + DEBUG(0,("Failed to open group mapping database\n")); + return False; } - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - tdb_close(tdb); - tdb = NULL; - return status; - } + /* handle a Samba upgrade */ + tdb_lock_bystring(tdb, vstring); /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(tdb, vstring); - - if (vers_id == DATABASE_VERSION_V3) { - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - return NT_STATUS_OK; + if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { + /* Written on a bigendian machine with old fetch_int code. Save as le. */ + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); + vers_id = DATABASE_VERSION_V2; } - if (vers_id < 0) { - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V3); - } - - if ((vers_id == DATABASE_VERSION_V1) || - (IREV(vers_id) == DATABASE_VERSION_V1)) { - - /* Written on a bigendian machine with old fetch_int - * code. Save as le. */ + /* if its an unknown version we remove everthing in the db */ + + if (vers_id != DATABASE_VERSION_V2) { + tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - vers_id = DATABASE_VERSION_V2; } - if (vers_id == DATABASE_VERSION_V2) { - status = upgrade_groupdb_to_v3(tdb); - if (!NT_STATUS_IS_OK(status)) { - goto fail; + tdb_unlock_bystring(tdb, vstring); + + /* cleanup any map entries with a gid == -1 */ + + if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, &num_entries, False ) ) { + int i; + + for ( i=0; i<num_entries; i++ ) { + if ( map_table[i].gid == -1 ) { + group_map_remove( &map_table[i].sid ); + } } - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V3); + + SAFE_FREE( map_table ); } - if (tdb_transaction_commit(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_transaction_commit failed: %s\n", - nt_errstr(status))); - goto fail; + + return True; +} + +/**************************************************************************** +****************************************************************************/ +static BOOL add_mapping_entry(GROUP_MAP *map, int flag) +{ + TDB_DATA kbuf, dbuf; + pstring key, buf; + fstring string_sid=""; + int len; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return(False); } + + sid_to_string(string_sid, &map->sid); - return NT_STATUS_OK; + len = tdb_pack(buf, sizeof(buf), "ddff", + map->gid, map->sid_name_use, map->nt_name, map->comment); + + if (len > sizeof(buf)) + return False; - fail: - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dsize = strlen(key)+1; + kbuf.dptr = key; + dbuf.dsize = len; + dbuf.dptr = buf; + if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; + + return True; +} + +/**************************************************************************** +initialise first time the mapping list +****************************************************************************/ +NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) +{ + GROUP_MAP map; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; } - tdb_close(tdb); - tdb = NULL; + + map.gid=gid; + if (!string_to_sid(&map.sid, sid)) { + DEBUG(0, ("string_to_sid failed: %s", sid)); + return NT_STATUS_UNSUCCESSFUL; + } + + map.sid_name_use=sid_name_use; + fstrcpy(map.nt_name, nt_name); + fstrcpy(map.comment, comment); - return status; + return pdb_add_group_mapping_entry(&map); } /**************************************************************************** @@ -287,7 +168,7 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) const char *grpname, *dom, *name; uint32 rid; - if (NT_STATUS_IS_OK(pdb_getgrgid(&map, grp->gr_gid))) { + if (pdb_getgrgid(&map, grp->gr_gid)) { return NT_STATUS_GROUP_EXISTS; } @@ -339,172 +220,248 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) Return the sid and the type of the unix group. ****************************************************************************/ -static NTSTATUS get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) +static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + int ret = 0; + + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; + return(False); } - status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, sid_string_static(sid), - &data, NULL); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + /* the key is the SID, retrieving is direct */ - status = unpack_group_map(data, map) ? - NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); - TALLOC_FREE(data.dptr); - return status; + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + return False; + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + + SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); + return False; + } + + sid_copy(&map->sid, &sid); + + return True; } /**************************************************************************** Return the sid and the type of the unix group. ****************************************************************************/ -static NTSTATUS get_group_map_from_gid(gid_t gid, GROUP_MAP *map) +static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - char *gidstr; + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; + return(False); } - if (asprintf(&gidstr, "%d", (int)gid) < 0) { - DEBUG(0, ("asprintf failed\n")); - return NT_STATUS_NO_MEMORY; - } + /* we need to enumerate the TDB to find the GID */ - status = tdb_find_keyed(NULL, tdb, KEYNUM_GID, gidstr, &data, NULL); - SAFE_FREE(gidstr); + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - if (!NT_STATUS_IS_OK(status)) { - return status; - } + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + continue; - status = unpack_group_map(data, map) ? - NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - TALLOC_FREE(data.dptr); - return status; + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + + SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n")); + return False; + } + + if (gid==map->gid) { + SAFE_FREE(kbuf.dptr); + return True; + } + } + + return False; } /**************************************************************************** Return the sid and the type of the unix group. ****************************************************************************/ -static NTSTATUS get_group_map_from_ntname(const char *name, GROUP_MAP *map) +static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - char *tmp; + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { - DEBUG(0,("failed to initialize group mapping\n")); - return status; + if(!init_group_mapping()) { + DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n")); + return(False); } - tmp = SMB_STRDUP(name); - if (tmp == NULL) { - DEBUG(0, ("strdup failed\n")); - return NT_STATUS_NO_MEMORY; - } + /* we need to enumerate the TDB to find the name */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + continue; - /* - * The name is stored uppercase to make the search case insensitive - */ + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - strupper_m(tmp); + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); - status = tdb_find_keyed(NULL, tdb, KEYNUM_NAME, tmp, &data, NULL); - SAFE_FREE(tmp); + SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n")); + return False; + } - if (!NT_STATUS_IS_OK(status)) { - return status; + if ( strequal(name, map->nt_name) ) { + SAFE_FREE(kbuf.dptr); + return True; + } } - status = unpack_group_map(data, map) ? - NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; + return False; +} + +/**************************************************************************** + Remove a group mapping entry. +****************************************************************************/ - TALLOC_FREE(data.dptr); - return status; +static BOOL group_map_remove(const DOM_SID *sid) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return(False); + } + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + return False; + + SAFE_FREE(dbuf.dptr); + + if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) + return False; + + return True; } /**************************************************************************** Enumerate the group mapping. ****************************************************************************/ -static NTSTATUS enum_group_mapping(const DOM_SID *domsid, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only) +static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only) { - struct tdb_keyed_iterator *iterator; - TDB_DATA dbuf; - NTSTATUS status; + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + GROUP_MAP map; + GROUP_MAP *mapt; + int ret; + size_t entries=0; + DOM_SID grpsid; + uint32 rid; - status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; + return(False); } *p_num_entries=0; *pp_rmap=NULL; - iterator = tdb_enum_keyed(NULL, tdb); - if (iterator == NULL) { - DEBUG(0, ("tdb_enum_keyed failed\n")); - return NT_STATUS_NO_MEMORY; - } - - while (tdb_next_keyed(iterator, &dbuf)) { + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - GROUP_MAP map; - DOM_SID grpsid; - uint32 rid; + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) + continue; - if (!unpack_group_map(dbuf, &map)) { - DEBUG(5, ("Got invalid group mapping entry\n")); - TALLOC_FREE(dbuf.dptr); + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; - } + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); SAFE_FREE(dbuf.dptr); + if ( ret == -1 ) { + DEBUG(3,("enum_group_mapping: tdb_unpack failure\n")); + continue; + } + /* list only the type or everything if UNKNOWN */ - if (sid_name_use!=SID_NAME_UNKNOWN && - sid_name_use!=map.sid_name_use) { - DEBUG(11,("enum_group_mapping: group %s is not of the " - "requested type\n", map.nt_name)); + if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { + DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); continue; } if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { - DEBUG(11,("enum_group_mapping: group %s is non " - "mapped\n", map.nt_name)); + DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); continue; } - sid_copy( &grpsid, &map.sid ); + string_to_sid(&grpsid, string_sid); + sid_copy( &map.sid, &grpsid ); + sid_split_rid( &grpsid, &rid ); /* Only check the domain if we were given one */ if ( domsid && !sid_equal( domsid, &grpsid ) ) { - DEBUG(11,("enum_group_mapping: group %s is not in " - "domain %s\n", sid_string_static(&map.sid), - sid_string_static(domsid))); + DEBUG(11,("enum_group_mapping: group %s is not in domain %s\n", + string_sid, sid_string_static(domsid))); continue; } @@ -512,14 +469,27 @@ static NTSTATUS enum_group_mapping(const DOM_SID *domsid, "type %s\n", map.nt_name, sid_type_lookup(map.sid_name_use))); - ADD_TO_ARRAY(NULL, GROUP_MAP, map, pp_rmap, p_num_entries); - if (*pp_rmap == NULL) { - DEBUG(0, ("ADD_TO_ARRAY failed\n")); - return NT_STATUS_NO_MEMORY; + (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); + if (!(*pp_rmap)) { + DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + return False; } + + mapt = (*pp_rmap); + + mapt[entries].gid = map.gid; + sid_copy( &mapt[entries].sid, &map.sid); + mapt[entries].sid_name_use = map.sid_name_use; + fstrcpy(mapt[entries].nt_name, map.nt_name); + fstrcpy(mapt[entries].comment, map.comment); + + entries++; + } - return NT_STATUS_OK; + *p_num_entries=entries; + + return True; } /* This operation happens on session setup, so it should better be fast. We @@ -532,7 +502,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member, TDB_DATA kbuf, dbuf; const char *p; - if (!NT_STATUS_IS_OK(init_group_mapping())) { + if (!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } @@ -611,41 +581,22 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) pstring key; fstring string_sid; char *new_memberstring; - NTSTATUS status; + int result; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; - } - - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - return status; - } - - status = get_group_map_from_sid(alias, &map); - - if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { - status = NT_STATUS_NO_SUCH_ALIAS; + return NT_STATUS_ACCESS_DENIED; } - if (!NT_STATUS_IS_OK(status)) { - goto fail; - } + if (!get_group_map_from_sid(*alias, &map)) + return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) { - status = NT_STATUS_NO_SUCH_ALIAS; - goto fail; - } + (map.sid_name_use != SID_NAME_WKN_GRP) ) + return NT_STATUS_NO_SUCH_ALIAS; - if (is_aliasmem(alias, member)) { - status = NT_STATUS_MEMBER_IN_ALIAS; - goto fail; - } + if (is_aliasmem(alias, member)) + return NT_STATUS_MEMBER_IN_ALIAS; sid_to_string(string_sid, member); slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); @@ -664,38 +615,18 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) new_memberstring = SMB_STRDUP(string_sid); } - if (new_memberstring == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } + if (new_memberstring == NULL) + return NT_STATUS_NO_MEMORY; SAFE_FREE(dbuf.dptr); dbuf.dsize = strlen(new_memberstring)+1; dbuf.dptr = new_memberstring; - if (tdb_store(tdb, kbuf, dbuf, 0) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_store failed: %s\n", nt_errstr(status))); - SAFE_FREE(new_memberstring); - goto fail; - } + result = tdb_store(tdb, kbuf, dbuf, 0); SAFE_FREE(new_memberstring); - if (tdb_transaction_commit(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_transaction_commit failed: %s\n", - nt_errstr(status))); - goto fail; - } - - return NT_STATUS_OK; - - fail: - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - return status; + return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED); } struct aliasmem_closure { @@ -750,18 +681,17 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, return 0; } -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, - size_t *num) +static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) { GROUP_MAP map; struct aliasmem_closure closure; - if(!NT_STATUS_IS_OK(init_group_mapping())) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } - if (!NT_STATUS_IS_OK(get_group_map_from_sid(alias, &map))) + if (!get_group_map_from_sid(*alias, &map)) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && @@ -781,33 +711,19 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) { - NTSTATUS status; - DOM_SID *sids = NULL; + NTSTATUS result; + DOM_SID *sids; size_t i, num; BOOL found = False; - char *member_string = NULL; + char *member_string; TDB_DATA kbuf, dbuf; pstring key; fstring sid_string; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { - DEBUG(0,("failed to initialize group mapping\n")); - return status; - } - - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - return status; - } - - status = alias_memberships(member, 1, &sids, &num); + result = alias_memberships(member, 1, &sids, &num); - if (!NT_STATUS_IS_OK(status)) { - goto fail; - } + if (!NT_STATUS_IS_OK(result)) + return result; for (i=0; i<num; i++) { if (sid_compare(&sids[i], alias) == 0) { @@ -818,8 +734,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) if (!found) { SAFE_FREE(sids); - status = NT_STATUS_MEMBER_NOT_IN_ALIAS; - goto fail; + return NT_STATUS_MEMBER_NOT_IN_ALIAS; } if (i < num) @@ -833,21 +748,15 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) kbuf.dsize = strlen(key)+1; kbuf.dptr = key; - if (num == 0) { - if (tdb_delete(tdb, kbuf) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_delete failed: %s\n", - nt_errstr(status))); - goto fail; - } - goto ok; - } + if (num == 0) + return tdb_delete(tdb, kbuf) == 0 ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; member_string = SMB_STRDUP(""); if (member_string == NULL) { SAFE_FREE(sids); - status = NT_STATUS_NO_MEMORY; + return NT_STATUS_NO_MEMORY; } for (i=0; i<num; i++) { @@ -859,43 +768,20 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) SAFE_FREE(s); if (member_string == NULL) { SAFE_FREE(sids); - status = NT_STATUS_NO_MEMORY; - goto fail; + return NT_STATUS_NO_MEMORY; } } dbuf.dsize = strlen(member_string)+1; dbuf.dptr = member_string; - if (tdb_store(tdb, kbuf, dbuf, 0) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_store failed: %s\n", nt_errstr(status))); - SAFE_FREE(sids); - SAFE_FREE(member_string); - goto fail; - } - - ok: - SAFE_FREE(sids); - SAFE_FREE(member_string); - - if (tdb_transaction_commit(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_transaction_commit failed: %s\n", - nt_errstr(status))); - goto fail; - } - - return NT_STATUS_OK; + result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ? + NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; - fail: SAFE_FREE(sids); SAFE_FREE(member_string); - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - return status; + return result; } /* @@ -910,16 +796,14 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) /* get a domain group from it's SID */ -NTSTATUS get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) +BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; - NTSTATUS status; - - status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("failed to initialize group mapping: %s\n", - nt_errstr(status))); - return status; + BOOL ret; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return(False); } DEBUG(10, ("get_domain_group_from_sid\n")); @@ -927,55 +811,52 @@ NTSTATUS get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) /* if the group is NOT in the database, it CAN NOT be a domain group */ become_root(); - status = pdb_getgrsid(map, sid); + ret = pdb_getgrsid(map, sid); unbecome_root(); /* special case check for rid 513 */ - if ( !NT_STATUS_IS_OK(status) ) { + if ( !ret ) { uint32 rid; - sid_peek_rid( sid, &rid ); + sid_peek_rid( &sid, &rid ); if ( rid == DOMAIN_GROUP_RID_USERS ) { fstrcpy( map->nt_name, "None" ); fstrcpy( map->comment, "Ordinary Users" ); - sid_copy( &map->sid, sid ); + sid_copy( &map->sid, &sid ); map->sid_name_use = SID_NAME_DOM_GRP; - return NT_STATUS_OK; + return True; } - return status; + return False; } DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); /* if it's not a domain group, continue */ if (map->sid_name_use!=SID_NAME_DOM_GRP) { - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return False; } DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); if (map->gid==-1) { - return NT_STATUS_NOT_FOUND; + return False; } - DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n", - (unsigned long)map->gid)); + DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); grp = getgrgid(map->gid); if ( !grp ) { - DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in " - "UNIX security\n")); - return NT_STATUS_NOT_FOUND; + DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); + return False; } - DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX " - "security\n")); + DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); - return NT_STATUS_OK; + return True; } /**************************************************************************** @@ -1117,114 +998,70 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - const DOM_SID *sid) + DOM_SID sid) { - return get_group_map_from_sid(sid, map); + return get_group_map_from_sid(sid, map) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid) { - return get_group_map_from_gid(gid, map); + return get_group_map_from_gid(gid, map) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, const char *name) { - return get_group_map_from_ntname(name, map); + return get_group_map_from_ntname(name, map) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - - status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("failed to initialize group mapping\n")); - return status; - } - - ZERO_STRUCT(data); - if (!pack_group_map(NULL, map, &data)) { - DEBUG(0, ("pack_group_map failed\n")); - return NT_STATUS_NO_MEMORY; - } - - status = tdb_add_keyed(tdb, group_mapping_keys, data, map); - TALLOC_FREE(data.dptr); - - return status; + return add_mapping_entry(map, TDB_INSERT) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - TDB_DATA data; - char *primary_key; - NTSTATUS status; - - status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, - sid_string_static(&map->sid), - &data, &primary_key); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - TALLOC_FREE(data.dptr); - ZERO_STRUCT(data); - - if (!pack_group_map(NULL, map, &data)) { - DEBUG(0, ("pack_group_map failed\n")); - SAFE_FREE(primary_key); - return NT_STATUS_NO_MEMORY; - } - - status = tdb_update_keyed(tdb, primary_key, group_mapping_keys, - data, NULL); - TALLOC_FREE(data.dptr); - TALLOC_FREE(primary_key); - return status; + return add_mapping_entry(map, TDB_REPLACE) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, - DOM_SID sid) + DOM_SID sid) { - TDB_DATA data; - char *primary_key; - NTSTATUS status; - GROUP_MAP map; - - status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, sid_string_static(&sid), - &data, &primary_key); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + return group_map_remove(&sid) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} - if (!unpack_group_map(data, &map)) { - DEBUG(0, ("unpack_group_map failed\n")); - TALLOC_FREE(data.dptr); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } +NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, + const DOM_SID *sid, enum SID_NAME_USE sid_name_use, + GROUP_MAP **pp_rmap, size_t *p_num_entries, + BOOL unix_only) +{ + return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} - TALLOC_FREE(data.dptr); +NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, + const char *name, DOM_SID *sid) +{ + GROUP_MAP map; - status = tdb_del_keyed(tdb, group_mapping_keys, primary_key, &map); + if (!pdb_getgrnam(&map, name)) + return NT_STATUS_NO_SUCH_ALIAS; - TALLOC_FREE(primary_key); - return status; -} + if ((map.sid_name_use != SID_NAME_WKN_GRP) && + (map.sid_name_use != SID_NAME_ALIAS)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; -NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, - const DOM_SID *sid, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **pp_rmap, - size_t *p_num_entries, - BOOL unix_only) -{ - return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, - unix_only); + sid_copy(sid, &map.sid); + return NT_STATUS_OK; } NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, @@ -1301,7 +1138,7 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, sid))) + if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; if ((map.sid_name_use != SID_NAME_ALIAS) && @@ -1324,7 +1161,7 @@ NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, sid))) + if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; fstrcpy(map.nt_name, info->acct_name); @@ -1391,6 +1228,88 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, return NT_STATUS_OK; } +/********************************************************************** + no ops for passdb backends that don't implement group mapping + *********************************************************************/ + +NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + const char *name) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, + DOM_SID sid) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, size_t *num_entries, + BOOL unix_only) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +/**************************************************************************** + These need to be redirected through pdb_interface.c +****************************************************************************/ +BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) +{ + GROUP_MAP map; + BOOL res; + + become_root(); + res = get_domain_group_from_sid(*sid, &map); + unbecome_root(); + + if (!res) + return False; + + fstrcpy(info->acct_name, map.nt_name); + fstrcpy(info->acct_desc, map.comment); + sid_peek_rid(sid, &info->rid); + return True; +} + +BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) +{ + GROUP_MAP map; + + if (!get_domain_group_from_sid(*sid, &map)) + return False; + + fstrcpy(map.nt_name, info->acct_name); + fstrcpy(map.comment, info->acct_desc); + + return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)); +} + /******************************************************************** Really just intended to be called by smbd ********************************************************************/ diff --git a/source3/include/passdb.h b/source3/include/passdb.h index d8d0a54c3c..35bb93aa31 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -244,7 +244,7 @@ struct pdb_search { * enum SID_NAME_USE rather than uint32. */ -#define PASSDB_INTERFACE_VERSION 15 +#define PASSDB_INTERFACE_VERSION 14 struct pdb_methods { @@ -277,8 +277,7 @@ struct pdb_methods NTSTATUS (*update_login_attempts)(struct pdb_methods *methods, struct samu *sam_acct, BOOL success); - NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, - const DOM_SID *sid); + NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid); @@ -329,6 +328,9 @@ struct pdb_methods TALLOC_CTX *mem_ctx, uint32 group_rid, uint32 member_rid); + NTSTATUS (*find_alias)(struct pdb_methods *methods, + const char *name, DOM_SID *sid); + NTSTATUS (*create_alias)(struct pdb_methods *methods, const char *name, uint32 *rid); diff --git a/source3/include/smb.h b/source3/include/smb.h index c80c029f3e..1a55bef428 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1853,9 +1853,4 @@ enum usershare_err { /* Different reasons for closing a file. */ enum file_close_type {NORMAL_CLOSE=0,SHUTDOWN_CLOSE,ERROR_CLOSE}; -struct tdb_keyed_iterator { - struct tdb_context *tdb; - TDB_DATA key; -}; - #endif /* _SMB_H */ diff --git a/source3/lib/talloc.c b/source3/lib/talloc.c index 35c4ddaf31..0e223e8bbe 100644 --- a/source3/lib/talloc.c +++ b/source3/lib/talloc.c @@ -1136,46 +1136,6 @@ char *talloc_asprintf(const void *t, const char *fmt, ...) return ret; } -int talloc_vasprintf_len(const void *t, char **res, const char *fmt, - va_list ap) -{ - int len; - va_list ap2; - char c; - - VA_COPY(ap2, ap); - - /* this call looks strange, but it makes it work on older solaris boxes */ - if ((len = vsnprintf(&c, 1, fmt, ap2)) < 0) { - return len; - } - - *res = (char *)_talloc(t, len+1); - if (*res) { - VA_COPY(ap2, ap); - vsnprintf(*res, len+1, fmt, ap2); - talloc_set_name_const(*res, *res); - } - - return len; -} - - -/* - Perform string formatting, and return a pointer to newly allocated - memory holding the result, inside a memory pool. - */ -int talloc_asprintf_len(const void *t, char **res, const char *fmt, ...) -{ - va_list ap; - int len; - - va_start(ap, fmt); - len = talloc_vasprintf_len(t, res, fmt, ap); - va_end(ap); - return len; -} - /** * Realloc @p s to append the formatted result of @p fmt and @p ap, diff --git a/source3/lib/tdb_multikey.c b/source3/lib/tdb_multikey.c deleted file mode 100644 index 7a4c8e1d5c..0000000000 --- a/source3/lib/tdb_multikey.c +++ /dev/null @@ -1,588 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * TDB multi-key wrapper - * Copyright (C) Volker Lendecke 2006 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -static struct { enum TDB_ERROR t; NTSTATUS n; } tdb_to_ntstatus_map[] = { - { TDB_ERR_CORRUPT, NT_STATUS_INTERNAL_DB_CORRUPTION }, - { TDB_ERR_IO, NT_STATUS_UNEXPECTED_IO_ERROR }, - { TDB_ERR_LOCK, NT_STATUS_FILE_LOCK_CONFLICT }, - { TDB_ERR_OOM, NT_STATUS_NO_MEMORY }, - { TDB_ERR_EXISTS, NT_STATUS_OBJECTID_EXISTS }, - { TDB_ERR_NOLOCK, NT_STATUS_NOT_LOCKED }, - { TDB_ERR_LOCK_TIMEOUT, NT_STATUS_IO_TIMEOUT }, - { TDB_ERR_NOEXIST, NT_STATUS_NOT_FOUND }, - { TDB_ERR_EINVAL, NT_STATUS_INVALID_PARAMETER }, - { TDB_ERR_RDONLY, NT_STATUS_ACCESS_DENIED }, - { 0, NT_STATUS_OK }, -}; - -NTSTATUS map_ntstatus_from_tdb(struct tdb_context *t) -{ - enum TDB_ERROR err = tdb_error(t); - int i = 0; - - while (tdb_to_ntstatus_map[i].t != 0) { - if (tdb_to_ntstatus_map[i].t == err) { - return tdb_to_ntstatus_map[i].n; - } - i += 1; - } - - return NT_STATUS_INTERNAL_ERROR; -} - -#define KEY_VERSION (1) -#define PRIMARY_KEY_LENGTH (24) - -/* - * Check that the keying version is acceptable. Change operations are very - * expensive under transactions anyway, so we do this upon every change to - * avoid damage when someone changes the key format while we have the db open. - * - * To be called only within a transaction, we don't do locking here. - */ - -static BOOL tdb_check_keyversion(struct tdb_context *tdb) -{ - const char *versionkey = "KEYVERSION"; - TDB_DATA key, data; - NTSTATUS status; - unsigned long version; - char *endptr; - - key.dptr = CONST_DISCARD(char *, versionkey); - key.dsize = strlen(versionkey)+1; - - data = tdb_fetch(tdb, key); - if (data.dptr == NULL) { - char *vstr; - int res; - - asprintf(&vstr, "%d", KEY_VERSION); - if (vstr == NULL) { - DEBUG(0, ("asprintf failed\n")); - return False; - } - data.dptr = vstr; - data.dsize = strlen(vstr)+1; - - res = tdb_store(tdb, key, data, TDB_INSERT); - SAFE_FREE(vstr); - - if (res < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not store key: %s\n", - nt_errstr(status))); - return False; - } - - return True; - } - - /* - * We have a key, check it - */ - - SMB_ASSERT(data.dsize > 0); - if (data.dptr[data.dsize-1] != '\0') { - DEBUG(1, ("Key field not NUL terminated\n")); - SAFE_FREE(data.dptr); - return False; - } - - version = strtoul(data.dptr, &endptr, 10); - if (endptr != data.dptr+data.dsize-1) { - DEBUG(1, ("Invalid version string\n")); - SAFE_FREE(data.dptr); - return False; - } - SAFE_FREE(data.dptr); - - if (version != KEY_VERSION) { - DEBUG(1, ("Wrong key version: %ld, expected %d\n", - version, KEY_VERSION)); - return False; - } - - return True; -} - -/* - * Find a record according to a key and value expected in that key. The - * primary_key is returned for later reference in tdb_idx_update or - * tdb_idx_delete. - */ - -NTSTATUS tdb_find_keyed(TALLOC_CTX *ctx, struct tdb_context *tdb, - int keynumber, const char *value, - TDB_DATA *result, char **primary_key) -{ - TDB_DATA key, prim, data; - NTSTATUS status; - - prim.dptr = data.dptr = NULL; - - key.dsize = talloc_asprintf_len(ctx, &key.dptr, "KEY/%d/%s", keynumber, - value); - if (key.dptr == NULL) { - DEBUG(0, ("talloc_asprintf failed\n")); - status = NT_STATUS_NO_MEMORY; - goto fail; - } - key.dsize += 1; - - prim = tdb_fetch(tdb, key); - if (prim.dptr == NULL) { - status = NT_STATUS_NOT_FOUND; - goto fail; - } - - data = tdb_fetch(tdb, prim); - if (data.dptr == NULL) { - DEBUG(1, ("Did not find record %s for key %s\n", - prim.dptr, key.dptr)); - status = NT_STATUS_NOT_FOUND; - goto fail; - } - - if (primary_key != NULL) { - *primary_key = talloc_strndup(ctx, prim.dptr, prim.dsize); - if (*primary_key == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - } - - /* - * The following copy will be removed when tdb_fetch takes a - * TALLOC_CTX as parameter. - */ - - result->dptr = (char *)talloc_memdup(ctx, data.dptr, data.dsize); - if (result->dptr == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - result->dsize = data.dsize; - - status = NT_STATUS_OK; - - fail: - TALLOC_FREE(key.dptr); - SAFE_FREE(prim.dptr); - SAFE_FREE(data.dptr); - return status; -} - -/* - * Store all the key entries for a data entry. Best called within a tdb - * transaction. - */ - -static NTSTATUS set_keys(struct tdb_context *tdb, - char **(*getkeys)(TALLOC_CTX *mem_ctx, TDB_DATA data, - void *private_data), - TDB_DATA primary_key, TDB_DATA user_data, - void *private_data) -{ - int i; - char **keys = getkeys(NULL, user_data, private_data); - - if (keys == NULL) { - DEBUG(5, ("Could not get keys\n")); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; keys[i] != NULL; i++) { - NTSTATUS status; - TDB_DATA key; - - key.dsize = talloc_asprintf_len(keys, &key.dptr, "KEY/%d/%s", - i, keys[i]); - if (key.dptr == NULL) { - DEBUG(0, ("talloc_asprintf failed\n")); - TALLOC_FREE(keys); - return NT_STATUS_NO_MEMORY; - } - key.dsize += 1; - - if (tdb_store(tdb, key, primary_key, TDB_INSERT) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not store key %d: %s\n", i, - nt_errstr(status))); - TALLOC_FREE(keys); - return status; - } - } - - TALLOC_FREE(keys); - return NT_STATUS_OK; -} - -/* - * Delete all the key entries for a data entry. Best called within a tdb - * transaction. - */ - -static NTSTATUS del_keys(struct tdb_context *tdb, - char **(*getkeys)(TALLOC_CTX *mem_ctx, TDB_DATA data, - void *private_data), - TDB_DATA primary_key, void *private_data) -{ - TDB_DATA data; - int i; - char **keys; - - /* - * We need the data record to be able to fetch all the keys, so pull - * the user data - */ - - data = tdb_fetch(tdb, primary_key); - if (data.dptr == NULL) { - DEBUG(5, ("Could not find record for key %s\n", - primary_key.dptr)); - return NT_STATUS_NOT_FOUND; - } - - keys = getkeys(NULL, data, private_data); - if (keys == NULL) { - DEBUG(5, ("Could not get keys\n")); - return NT_STATUS_NO_MEMORY; - } - - SAFE_FREE(data.dptr); - - for (i=0; keys[i] != NULL; i++) { - NTSTATUS status; - TDB_DATA key; - - key.dsize = talloc_asprintf_len(keys, &key.dptr, "KEY/%d/%s", - i, keys[i]); - if (key.dptr == NULL) { - DEBUG(0, ("talloc_asprintf failed\n")); - TALLOC_FREE(keys); - return NT_STATUS_NO_MEMORY; - } - key.dsize += 1; - - if (tdb_delete(tdb, key) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not delete key %d: %s\n", i, - nt_errstr(status))); - TALLOC_FREE(keys); - return status; - } - } - - TALLOC_FREE(keys); - return NT_STATUS_OK; -} - -/* - * Generate a unique primary key - */ - -static TDB_DATA new_primary_key(struct tdb_context *tdb) -{ - TDB_DATA key; - int i; - - /* - * Generate a new primary key, the for loop is for the very unlikely - * collisions. - */ - - for (i=0; i<20; i++) { - TDB_DATA data; - asprintf(&key.dptr, "KEYPRIM/%s", generate_random_str(16)); - if (key.dptr == NULL) { - DEBUG(0, ("talloc_asprintf failed\n")); - return key; - } - -#ifdef DEVELOPER - SMB_ASSERT(strlen(key.dptr) == PRIMARY_KEY_LENGTH); -#endif - key.dsize = PRIMARY_KEY_LENGTH+1; - - data = tdb_fetch(tdb, key); - if (data.dptr == NULL) { - return key; - } - SAFE_FREE(key.dptr); - SAFE_FREE(data.dptr); - } - - DEBUG(0, ("Did not find a unique key string!\n")); - key.dptr = NULL; - key.dsize = 0; - return key; -} - -/* - * Add a new record to the database - */ - -NTSTATUS tdb_add_keyed(struct tdb_context *tdb, - char **(*getkeys)(TALLOC_CTX *mem_ctx, TDB_DATA data, - void *private_data), - TDB_DATA data, void *private_data) -{ - NTSTATUS status = NT_STATUS_OK; - TDB_DATA key; - - key.dptr = NULL; - - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - return status; - } - - if (!tdb_check_keyversion(tdb)) { - status = NT_STATUS_INTERNAL_DB_CORRUPTION; - goto fail; - } - - key = new_primary_key(tdb); - if (key.dptr == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } - - if (tdb_store(tdb, key, data, TDB_INSERT) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not store record: %s\n", nt_errstr(status))); - goto fail; - } - - status = set_keys(tdb, getkeys, key, data, private_data); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(5, ("set_keys failed: %s\n", nt_errstr(status))); - goto fail; - } - - if (tdb_transaction_commit(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_transaction_commit failed: %s\n", - nt_errstr(status))); - goto fail; - } - - SAFE_FREE(key.dptr); - return NT_STATUS_OK; - - fail: - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - - SAFE_FREE(key.dptr); - return status; -} - -/* - * Delete a record from the database, given its primary key - */ - -NTSTATUS tdb_del_keyed(struct tdb_context *tdb, - char **(*getkeys)(TALLOC_CTX *mem_ctx, TDB_DATA data, - void *private_data), - const char *primary_key, void *private_data) -{ - NTSTATUS status = NT_STATUS_OK; - TDB_DATA key; - - if ((primary_key == NULL) || - (strlen(primary_key) != PRIMARY_KEY_LENGTH) || - (strncmp(primary_key, "KEYPRIM/", 7) != 0)) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - return status; - } - - if (!tdb_check_keyversion(tdb)) { - status = NT_STATUS_INTERNAL_DB_CORRUPTION; - goto fail; - } - - key.dptr = CONST_DISCARD(char *, primary_key); - key.dsize = PRIMARY_KEY_LENGTH+1; - - status = del_keys(tdb, getkeys, key, private_data); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("del_keys failed: %s\n", nt_errstr(status))); - goto fail; - } - - if (tdb_delete(tdb, key) < 0) { - DEBUG(5, ("Could not delete record %s\n", primary_key)); - status = NT_STATUS_INTERNAL_DB_CORRUPTION; - goto fail; - } - - if (tdb_transaction_commit(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_transaction_commit failed: %s\n", - nt_errstr(status))); - goto fail; - } - - return NT_STATUS_OK; - - fail: - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - - return status; -} - -/* - * Update a record that has previously been fetched and then changed. - */ - -NTSTATUS tdb_update_keyed(struct tdb_context *tdb, const char *primary_key, - char **(*getkeys)(TALLOC_CTX *mem_ctx, - TDB_DATA data, void *private_data), - TDB_DATA data, void *private_data) -{ - NTSTATUS status = NT_STATUS_OK; - TDB_DATA key; - - if ((primary_key == NULL) || - (strlen(primary_key) != PRIMARY_KEY_LENGTH) || - (strncmp(primary_key, "KEYPRIM/", 8) != 0)) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - return status; - } - - if (!tdb_check_keyversion(tdb)) { - status = NT_STATUS_INTERNAL_DB_CORRUPTION; - goto fail; - } - - key.dptr = CONST_DISCARD(char *, primary_key); - key.dsize = PRIMARY_KEY_LENGTH+1; - - status = del_keys(tdb, getkeys, key, private_data); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(5, ("del_keys failed: %s\n", nt_errstr(status))); - goto fail; - } - - if (tdb_store(tdb, key, data, TDB_REPLACE) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not store new record: %s\n", - nt_errstr(status))); - goto fail; - } - - status = set_keys(tdb, getkeys, key, data, private_data); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(5, ("set_keys failed: %s\n", nt_errstr(status))); - goto fail; - } - - if (tdb_transaction_commit(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_transaction_commit failed: %s\n", - nt_errstr(status))); - goto fail; - } - - return NT_STATUS_OK; - - fail: - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - - return status; -} - -static int iterator_destructor(void *p) -{ - struct tdb_keyed_iterator *i = (struct tdb_keyed_iterator *)p; - SAFE_FREE(i->key.dptr); - return 0; -} - -struct tdb_keyed_iterator *tdb_enum_keyed(TALLOC_CTX *mem_ctx, - struct tdb_context *tdb) -{ - struct tdb_keyed_iterator *result = TALLOC_P( - mem_ctx, struct tdb_keyed_iterator); - - if (result == NULL) { - DEBUG(0, ("talloc failed\n")); - return result; - } - - result->tdb = tdb; - result->key = tdb_firstkey(tdb); - talloc_set_destructor(result, iterator_destructor); - return result; -} - -BOOL tdb_next_keyed(struct tdb_keyed_iterator *it, TDB_DATA *data) -{ - if (it->key.dptr == NULL) { - return False; - } - - while (True) { - TDB_DATA tmp; - - if ((it->key.dsize == PRIMARY_KEY_LENGTH+1) && - (strncmp(it->key.dptr, "KEYPRIM/", 8) == 0)) { - - *data = tdb_fetch(it->tdb, it->key); - - tmp = tdb_nextkey(it->tdb, it->key); - SAFE_FREE(it->key.dptr); - it->key = tmp; - - return (data->dptr != NULL); - } - - tmp = tdb_nextkey(it->tdb, it->key); - SAFE_FREE(it->key.dptr); - it->key = tmp; - - if (it->key.dptr == NULL) { - return False; - } - } -} diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index acfccfdd26..f612cff092 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -142,7 +142,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, GROUP_MAP map; - if (NT_STATUS_IS_OK(pdb_getgrgid(&map, grp->gr_gid))) { + if (pdb_getgrgid(&map, grp->gr_gid)) { /* The hack gets worse. Handle the case where we have * 'force group = +unixgroup' but "unixgroup" has a * group mapping */ @@ -1352,7 +1352,7 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) if ((sid_check_is_in_builtin(psid) || sid_check_is_in_wellknown_domain(psid))) { - if (NT_STATUS_IS_OK(pdb_getgrsid(&map, psid))) { + if (pdb_getgrsid(&map, *psid)) { *pgid = map.gid; goto done; } diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index ab8844f599..f74b1fbe3b 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -604,7 +604,7 @@ BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid, */ become_root(); - ret = NT_STATUS_IS_OK(pdb_getgrnam(&map, user)); + ret = pdb_getgrnam(&map, user); unbecome_root(); if (!ret) { diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 7bc78af36b..7f2a8f25b3 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -561,22 +561,22 @@ NTSTATUS pdb_update_login_attempts(struct samu *sam_acct, BOOL success) return pdb->update_login_attempts(pdb, sam_acct, success); } -NTSTATUS pdb_getgrsid(GROUP_MAP *map, const DOM_SID *sid) +BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->getgrsid(pdb, map, sid); + return NT_STATUS_IS_OK(pdb->getgrsid(pdb, map, sid)); } -NTSTATUS pdb_getgrgid(GROUP_MAP *map, gid_t gid) +BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->getgrgid(pdb, map, gid); + return NT_STATUS_IS_OK(pdb->getgrgid(pdb, map, gid)); } -NTSTATUS pdb_getgrnam(GROUP_MAP *map, const char *name) +BOOL pdb_getgrnam(GROUP_MAP *map, const char *name) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->getgrnam(pdb, map, name); + return NT_STATUS_IS_OK(pdb->getgrnam(pdb, map, name)); } static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods, @@ -584,7 +584,7 @@ static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods, const char *name, uint32 *rid) { - GROUP_MAP map; + DOM_SID group_sid; struct group *grp; grp = getgrnam(name); @@ -611,12 +611,10 @@ static NTSTATUS pdb_default_create_dom_group(struct pdb_methods *methods, } } - map.gid = grp->gr_gid; - map.sid_name_use = SID_NAME_DOM_GRP; - sid_compose(&map.sid, get_global_sam_sid(), *rid); - fstrcpy(map.nt_name, name); - map.comment[0] = '\0'; - return pdb_add_group_mapping_entry(&map); + sid_compose(&group_sid, get_global_sam_sid(), *rid); + + return add_initial_entry(grp->gr_gid, sid_string_static(&group_sid), + SID_NAME_DOM_GRP, name, NULL); } NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name, @@ -638,7 +636,7 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, sid_compose(&group_sid, get_global_sam_sid(), rid); - if (!NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map))) { + if (!get_domain_group_from_sid(group_sid, &map)) { DEBUG(10, ("Could not find group for rid %d\n", rid)); return NT_STATUS_NO_SUCH_GROUP; } @@ -698,14 +696,12 @@ NTSTATUS pdb_delete_group_mapping_entry(DOM_SID sid) return pdb->delete_group_mapping_entry(pdb, sid); } -NTSTATUS pdb_enum_group_mapping(const DOM_SID *sid, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only) +BOOL pdb_enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only) { struct pdb_methods *pdb = pdb_get_methods(); - return pdb->enum_group_mapping(pdb, sid, sid_name_use, - pp_rmap, p_num_entries, unix_only); + return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use, + pp_rmap, p_num_entries, unix_only)); } NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, @@ -816,7 +812,7 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods, sid_compose(&group_sid, get_global_sam_sid(), group_rid); sid_compose(&member_sid, get_global_sam_sid(), member_rid); - if (!NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map)) || + if (!get_domain_group_from_sid(group_sid, &map) || (map.gid == (gid_t)-1) || ((grp = getgrgid(map.gid)) == NULL)) { return NT_STATUS_NO_SUCH_GROUP; @@ -878,7 +874,7 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods, sid_compose(&group_sid, get_global_sam_sid(), group_rid); sid_compose(&member_sid, get_global_sam_sid(), member_rid); - if (!NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map)) || + if (!get_domain_group_from_sid(group_sid, &map) || (map.gid == (gid_t)-1) || ((grp = getgrgid(map.gid)) == NULL)) { return NT_STATUS_NO_SUCH_GROUP; @@ -924,6 +920,12 @@ NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid, return pdb->del_groupmem(pdb, mem_ctx, group_rid, member_rid); } +BOOL pdb_find_alias(const char *name, DOM_SID *sid) +{ + struct pdb_methods *pdb = pdb_get_methods(); + return NT_STATUS_IS_OK(pdb->find_alias(pdb, name, sid)); +} + NTSTATUS pdb_create_alias(const char *name, uint32 *rid) { struct pdb_methods *pdb = pdb_get_methods(); @@ -1274,7 +1276,7 @@ static BOOL pdb_default_sid_to_id(struct pdb_methods *methods, if (sid_peek_check_rid(&global_sid_Builtin, sid, &rid)) { /* Here we only have aliases */ GROUP_MAP map; - if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, sid))) { + if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) { DEBUG(10, ("Could not find map for sid %s\n", sid_string_static(sid))); goto done; @@ -1520,7 +1522,7 @@ static BOOL lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid, } TALLOC_FREE(sam_account); - ret = NT_STATUS_IS_OK(pdb_getgrsid(&map, &sid)); + ret = pdb_getgrsid(&map, sid); unbecome_root(); /* END BECOME_ROOT BLOCK */ @@ -1850,9 +1852,8 @@ static BOOL pdb_search_grouptype(struct pdb_search *search, return False; } - if (!NT_STATUS_IS_OK(pdb_enum_group_mapping(sid, type, &state->groups, - &state->num_groups, - True))) { + if (!pdb_enum_group_mapping(sid, type, &state->groups, &state->num_groups, + True)) { DEBUG(0, ("Could not enum groups\n")); return False; } @@ -2031,6 +2032,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) (*methods)->set_unix_primary_group = pdb_default_set_unix_primary_group; (*methods)->add_groupmem = pdb_default_add_groupmem; (*methods)->del_groupmem = pdb_default_del_groupmem; + (*methods)->find_alias = pdb_default_find_alias; (*methods)->create_alias = pdb_default_create_alias; (*methods)->delete_alias = pdb_default_delete_alias; (*methods)->get_aliasinfo = pdb_default_get_aliasinfo; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 3e9f321ce2..afc95fe90f 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -2245,14 +2245,14 @@ static NTSTATUS ldapsam_getgroup(struct pdb_methods *methods, *********************************************************************/ static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - const DOM_SID *sid) + DOM_SID sid) { pstring filter; pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", LDAP_OBJ_GROUPMAP, get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), - sid_string_static(sid)); + sid_string_static(&sid)); return ldapsam_getgroup(methods, filter, map); } diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index adccc76275..41df870414 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1730,7 +1730,7 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, &info->sid))) + if (!pdb_getgrsid(&map, info->sid)) return NT_STATUS_NO_SUCH_GROUP; return pdb_update_group_mapping_entry(&map); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index a70a49652e..31e434cbfb 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -4438,7 +4438,7 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM } become_root(); - ret = NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map)); + ret = get_domain_group_from_sid(group_sid, &map); unbecome_root(); if (!ret) return NT_STATUS_INVALID_HANDLE; @@ -4535,7 +4535,7 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ } become_root(); - result = NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map)); + result = get_domain_group_from_sid(group_sid, &map); unbecome_root(); if (!result) return NT_STATUS_NO_SUCH_GROUP; @@ -4754,7 +4754,7 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G /* check if that group really exists */ become_root(); - ret = NT_STATUS_IS_OK(get_domain_group_from_sid(&info->sid, &map)); + ret = get_domain_group_from_sid(info->sid, &map); unbecome_root(); if (!ret) return NT_STATUS_NO_SUCH_GROUP; diff --git a/source3/script/tests/test_smbtorture_s3.sh b/source3/script/tests/test_smbtorture_s3.sh index 2ee2584b22..842d914ecf 100755 --- a/source3/script/tests/test_smbtorture_s3.sh +++ b/source3/script/tests/test_smbtorture_s3.sh @@ -25,7 +25,6 @@ tests="$tests OPLOCK1 OPLOCK2 OPLOCK3" tests="$tests DIR DIR1 TCON TCONDEV RW1 RW2 RW3" tests="$tests OPEN XCOPY RENAME DELETE PROPERTIES W2K" tests="$tests PIPE_NUMBER TCON2 IOCTL CHKPATH FDSESS LOCAL-SUBSTITUTE" -tests="$tests LOCAL-MULTIKEY LOCAL-GROUPMAP" skipped1="RANDOMIPC NEGNOWAIT NBENCH ERRMAPEXTRACT TRANS2SCAN NTTRANSSCAN" skipped2="DENY1 DENY2 OPENATTR CASETABLE EATEST" @@ -42,7 +41,7 @@ for t in $tests; do fi start="" name="$t" - testit "$name" $VALGRIND $SRCDIR/bin/smbtorture $ADDARGS $unc -U"$username"%"$password" -S "$CONFFILE" $t || failed=`expr $failed + 1` + testit "$name" $VALGRIND $SRCDIR/bin/smbtorture $ADDARGS $unc -U"$username"%"$password" $t || failed=`expr $failed + 1` done testok $0 $failed diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c index 21d593a26a..b946f856aa 100644 --- a/source3/tdb/tdbutil.c +++ b/source3/tdb/tdbutil.c @@ -505,10 +505,9 @@ size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...) return result; } -BOOL tdb_pack_append(void *_mem_ctx, char **buf, size_t *len, +BOOL tdb_pack_append(TALLOC_CTX *mem_ctx, uint8 **buf, size_t *len, const char *fmt, ...) { - TALLOC_CTX *mem_ctx = (void *)_mem_ctx; va_list ap; size_t len1, len2; @@ -516,8 +515,13 @@ BOOL tdb_pack_append(void *_mem_ctx, char **buf, size_t *len, len1 = tdb_pack_va(NULL, 0, fmt, ap); va_end(ap); - *buf = TALLOC_REALLOC_ARRAY(mem_ctx, *buf, char, - (*len) + len1); + if (mem_ctx != NULL) { + *buf = TALLOC_REALLOC_ARRAY(mem_ctx, *buf, uint8, + (*len) + len1); + } else { + *buf = SMB_REALLOC_ARRAY(*buf, uint8, (*len) + len1); + } + if (*buf == NULL) { return False; } diff --git a/source3/tdb/tdbutil.h b/source3/tdb/tdbutil.h index 60107adacb..44351619f4 100644 --- a/source3/tdb/tdbutil.h +++ b/source3/tdb/tdbutil.h @@ -54,8 +54,6 @@ struct tdb_context *tdb_open_log(const char *name, int hash_size, int tdb_flags, int open_flags, mode_t mode); int tdb_unpack(char *buf, int bufsize, const char *fmt, ...); size_t tdb_pack(char *buf, int bufsize, const char *fmt, ...); -BOOL tdb_pack_append(void *_mem_ctx, char **buf, size_t *len, - const char *fmt, ...); TDB_DATA make_tdb_data(const char *dptr, size_t dsize); TDB_DATA string_tdb_data(const char *string); int tdb_trans_store(struct tdb_context *tdb, TDB_DATA key, TDB_DATA dbuf, diff --git a/source3/torture/local-groupmap.c b/source3/torture/local-groupmap.c index 007d107e12..bd6f060e71 100644 --- a/source3/torture/local-groupmap.c +++ b/source3/torture/local-groupmap.c @@ -151,6 +151,8 @@ static BOOL groupmap_diff(const GROUP_MAP *m1, const GROUP_MAP *m2) (strcmp(m1->comment, m2->comment) != 0)); } +#undef GROUPDB_V3 + BOOL run_local_groupmap(int dummy) { TALLOC_CTX *mem_ctx; @@ -166,6 +168,7 @@ BOOL run_local_groupmap(int dummy) return False; } +#ifdef GROUPDB_V3 status = create_v2_db(True); if (!NT_STATUS_IS_OK(status)) { goto fail; @@ -173,12 +176,13 @@ BOOL run_local_groupmap(int dummy) { GROUP_MAP map; - if (NT_STATUS_IS_OK(pdb_getgrgid(&map, 10001))) { + if (pdb_getgrgid(&map, 10001)) { d_fprintf(stderr, "(%s) upgrading an invalid group db " "worked\n", __location__); goto fail; } } +#endif status = create_v2_db(False); if (!NT_STATUS_IS_OK(status)) { @@ -187,9 +191,8 @@ BOOL run_local_groupmap(int dummy) /* This tests upgrading the database, as well as listing */ - if (!NT_STATUS_IS_OK(pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, - &maps, &num_maps, - False))) { + if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &maps, &num_maps, + False)) { d_fprintf(stderr, "(%s) pdb_enum_group_mapping failed\n", __location__); goto fail; @@ -209,18 +212,16 @@ BOOL run_local_groupmap(int dummy) string_to_sid(&sid, "S-1-5-32-545"); ZERO_STRUCT(map); - status = pdb_getgrsid(&map, &sid); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "(%s) pdb_getgrsid failed: %s\n", - __location__, nt_errstr(status)); + if (!pdb_getgrsid(&map, &sid)) { + d_fprintf(stderr, "(%s) pdb_getgrsid failed\n", + __location__); goto fail; } ZERO_STRUCT(map1); - status = pdb_getgrgid(&map1, map.gid); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "(%s) pdb_getgrgid failed: %s\n", - __location__, nt_errstr(status)); + if (!pdb_getgrgid(&map1, map.gid)) { + d_fprintf(stderr, "(%s) pdb_getgrgid failed\n", + __location__); goto fail; } @@ -231,10 +232,9 @@ BOOL run_local_groupmap(int dummy) } ZERO_STRUCT(map1); - status = pdb_getgrnam(&map1, map.nt_name); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "(%s) pdb_getgrnam failed: %s\n", - __location__, nt_errstr(status)); + if (!pdb_getgrnam(&map1, map.nt_name)) { + d_fprintf(stderr, "(%s) pdb_getgrnam failed\n", + __location__); goto fail; } @@ -252,31 +252,34 @@ BOOL run_local_groupmap(int dummy) GROUP_MAP map, map1; string_to_sid(&sid, "S-1-5-32-545"); - status = pdb_getgrsid(&map, &sid); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "(%s) did not find S-1-5-32-545: " - "%s\n", __location__, nt_errstr(status)); + if (!pdb_getgrsid(&map, &sid)) { + d_fprintf(stderr, "(%s) did not find S-1-5-32-545\n", + __location__); goto fail; } status = pdb_delete_group_mapping_entry(sid); CHECK_STATUS(status, NT_STATUS_OK); status = pdb_delete_group_mapping_entry(sid); +#ifdef GROUPDB_V3 CHECK_STATUS(status, NT_STATUS_NOT_FOUND); +#else + CHECK_STATUS(status, NT_STATUS_UNSUCCESSFUL); +#endif - if (NT_STATUS_IS_OK(pdb_getgrsid(&map1, &sid))) { + if (pdb_getgrsid(&map1, &sid)) { d_fprintf(stderr, "(%s) getgrsid found deleted " "entry\n", __location__); goto fail; } - if (NT_STATUS_IS_OK(pdb_getgrgid(&map1, map.gid))) { + if (pdb_getgrgid(&map1, map.gid)) { d_fprintf(stderr, "(%s) getgrgid found deleted " "entry\n", __location__); goto fail; } - if (NT_STATUS_IS_OK(pdb_getgrnam(&map1, map.nt_name))) { + if (pdb_getgrnam(&map1, map.nt_name)) { d_fprintf(stderr, "(%s) getgrnam found deleted " "entry\n", __location__); goto fail; @@ -292,10 +295,9 @@ BOOL run_local_groupmap(int dummy) GROUP_MAP map, map1; string_to_sid(&sid, "S-1-5-32-544"); - status = pdb_getgrsid(&map, &sid); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "(%s) did not find S-1-5-32-544: " - "%s\n", __location__, nt_errstr(status)); + if (!pdb_getgrsid(&map, &sid)) { + d_fprintf(stderr, "(%s) did not find S-1-5-32-544\n", + __location__); goto fail; } @@ -305,7 +307,7 @@ BOOL run_local_groupmap(int dummy) status = pdb_update_group_mapping_entry(&map); CHECK_STATUS(status, NT_STATUS_OK); - if (NT_STATUS_IS_OK(pdb_getgrgid(&map1, oldgid))) { + if (pdb_getgrgid(&map1, oldgid)) { d_fprintf(stderr, "(%s) getgrgid found outdated " "entry\n", __location__); goto fail; @@ -315,12 +317,16 @@ BOOL run_local_groupmap(int dummy) map.gid = 1000; status = pdb_update_group_mapping_entry(&map); +#ifdef GROUPDB_V3 CHECK_STATUS(status, NT_STATUS_OBJECTID_EXISTS); - if (!NT_STATUS_IS_OK(pdb_getgrgid(&map1, 4711))) { + if (!pdb_getgrgid(&map1, 4711)) { d_fprintf(stderr, "(%s) update_group changed entry " "upon failure\n", __location__); goto fail; } +#else + CHECK_STATUS(status, NT_STATUS_OK); +#endif } ret = True; diff --git a/source3/torture/local-multikey.c b/source3/torture/local-multikey.c deleted file mode 100644 index 83de2f0b40..0000000000 --- a/source3/torture/local-multikey.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Run some local tests on the local tdb multikey wrapper - Copyright (C) Volker Lendecke 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -static char **key_fn(TALLOC_CTX *mem_ctx, TDB_DATA data, - void *private_data) -{ - fstring key, value; - char **result; - - result = TALLOC_ARRAY(mem_ctx, char *, 3); - if (result == NULL) { - return NULL; - } - - if (tdb_unpack(data.dptr, data.dsize, "ff", key, value) < 0) { - d_fprintf(stderr, "tdb_unpack failed\n"); - TALLOC_FREE(result); - return NULL; - } - result[0] = talloc_strdup(result, key); - result[1] = talloc_strdup(result, value); - result[2] = NULL; - - if ((result[0] == NULL) || (result[1] == NULL)) { - d_fprintf(stderr, "talloc_strdup failed\n"); - TALLOC_FREE(result); - return NULL; - } - - return result; -} - -static NTSTATUS multikey_add(struct tdb_context *tdb, const char *key, - const char *value) -{ - NTSTATUS status; - TDB_DATA data; - - data.dptr = NULL; - data.dsize = 0; - - if (!tdb_pack_append(NULL, &data.dptr, &data.dsize, - "ff", key, value)) { - return NT_STATUS_NO_MEMORY; - } - - status = tdb_add_keyed(tdb, key_fn, data, NULL); - TALLOC_FREE(data.dptr); - return status; -} - -#define CHECK_STATUS(_status, _expected) do { \ - if (!NT_STATUS_EQUAL(_status, _expected)) { \ - printf("(%d) Incorrect status %s - should be %s\n", \ - __LINE__, nt_errstr(status), nt_errstr(_expected)); \ - ret = False; \ - goto fail; \ - }} while (0) - -#define NUM_ELEMENTS (50) - -BOOL run_local_multikey(int dummy) -{ - TALLOC_CTX *mem_ctx; - char *prim; - const char *tdbname = "multi_key_test.tdb"; - struct tdb_context *tdb = NULL; - NTSTATUS status; - BOOL ret = False; - TDB_DATA data; - int i; - fstring key,value; - - unlink(tdbname); - - mem_ctx = talloc_init("run_local_multikey"); - if (mem_ctx == NULL) { - d_fprintf(stderr, "talloc_init failed\n"); - return False; - } - - tdb = tdb_open(tdbname, 0, 0, O_CREAT|O_RDWR, 0644); - if (tdb == NULL) { - d_fprintf(stderr, "tdb_open failed: %s\n", strerror(errno)); - goto fail; - } - - for (i=0; i<NUM_ELEMENTS; i++) { - fstr_sprintf(key, "KEY%d", i); - fstr_sprintf(value, "VAL%d", i); - - status = multikey_add(tdb, key, value); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "tdb_add_keyed failed: %s\n", - nt_errstr(status)); - goto fail; - } - } - - { - struct tdb_keyed_iterator *it = tdb_enum_keyed(mem_ctx, tdb); - if (it == NULL) { - d_printf("tdb_enum_keyed failed\n"); - goto fail; - } - - i = 0; - - while (tdb_next_keyed(it, &data)) { - i += 1; - if (i > 1000) { - d_printf("tdb_next_keyed overrun\n"); - goto fail; - } - } - - if (i != NUM_ELEMENTS) { - d_printf("counted %d, elements, expected %d\n", - i, NUM_ELEMENTS); - goto fail; - } - } - - status = multikey_add(tdb, "KEY35", "FOOO"); - CHECK_STATUS(status, NT_STATUS_OBJECTID_EXISTS); - status = multikey_add(tdb, "KEY42", "VAL45"); - CHECK_STATUS(status, NT_STATUS_OBJECTID_EXISTS); - status = multikey_add(tdb, "FOO", "VAL45"); - CHECK_STATUS(status, NT_STATUS_OBJECTID_EXISTS); - - for (i=0; i<NUM_ELEMENTS; i++) { - fstr_sprintf(key, "KEY%d", i); - fstr_sprintf(value, "VAL%d", i); - - status = tdb_find_keyed(mem_ctx, tdb, 0, key, &data, &prim); - CHECK_STATUS(status, NT_STATUS_OK); - status = tdb_find_keyed(mem_ctx, tdb, 1, value, &data, &prim); - CHECK_STATUS(status, NT_STATUS_OK); - status = tdb_find_keyed(mem_ctx, tdb, 1, key, &data, &prim); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - status = tdb_find_keyed(mem_ctx, tdb, 0, value, &data, &prim); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - } - - status = tdb_find_keyed(mem_ctx, tdb, 0, "FOO", &data, &prim); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - status = tdb_find_keyed(mem_ctx, tdb, 1, "BAR", &data, &prim); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - - status = tdb_find_keyed(mem_ctx, tdb, 0, "KEY0", &data, &prim); - CHECK_STATUS(status, NT_STATUS_OK); - - ZERO_STRUCT(data); - if (tdb_pack_append(mem_ctx, &data.dptr, &data.dsize, "ff", - "NEWKEY", "NEWVAL") < 0) { - d_printf("tdb_pack_alloc failed\n"); - goto fail; - } - - status = tdb_update_keyed(tdb, prim, key_fn, data, NULL); - CHECK_STATUS(status, NT_STATUS_OK); - - status = tdb_find_keyed(mem_ctx, tdb, 0, "KEY0", &data, &prim); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - status = tdb_find_keyed(mem_ctx, tdb, 1, "VAL0", &data, &prim); - CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - status = tdb_find_keyed(mem_ctx, tdb, 0, "NEWKEY", &data, &prim); - CHECK_STATUS(status, NT_STATUS_OK); - status = tdb_find_keyed(mem_ctx, tdb, 1, "NEWVAL", &data, &prim); - CHECK_STATUS(status, NT_STATUS_OK); - - status = tdb_del_keyed(tdb, key_fn, prim, NULL); - CHECK_STATUS(status, NT_STATUS_OK); - - for (i=1; i<NUM_ELEMENTS; i++) { - fstr_sprintf(key, "KEY%d", i); - status = tdb_find_keyed(mem_ctx, tdb, 0, key, &data, &prim); - CHECK_STATUS(status, NT_STATUS_OK); - status = tdb_del_keyed(tdb, key_fn, prim, NULL); - CHECK_STATUS(status, NT_STATUS_OK); - } - - ret = True; - fail: - if (tdb != NULL) { - tdb_close(tdb); - } - unlink(tdbname); - TALLOC_FREE(mem_ctx); - return ret; -} - diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 67d13068bb..5876707d62 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -4948,8 +4948,6 @@ static struct { {"FDSESS", run_fdsesstest, 0}, { "EATEST", run_eatest, 0}, { "LOCAL-SUBSTITUTE", run_local_substitute, 0}, - { "LOCAL-MULTIKEY", run_local_multikey, 0}, - { "LOCAL-GROUPMAP", run_local_groupmap, 0}, {NULL, NULL, 0}}; @@ -5098,7 +5096,7 @@ static void usage(void) fstrcpy(workgroup, lp_workgroup()); - while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Ac:ks:b:S:")) != EOF) { + while ((opt = getopt(argc, argv, "p:hW:U:n:N:O:o:m:Ld:Ac:ks:b:")) != EOF) { switch (opt) { case 'p': port_to_use = atoi(optarg); @@ -5106,9 +5104,6 @@ static void usage(void) case 's': srandom(atoi(optarg)); break; - case 'S': - lp_load(optarg,True,False,False,True); - break; case 'W': fstrcpy(workgroup,optarg); break; diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c index b95e8c65e4..df13a93de6 100644 --- a/source3/utils/net_groupmap.c +++ b/source3/utils/net_groupmap.c @@ -66,7 +66,7 @@ static BOOL get_sid_from_input(DOM_SID *sid, char *input) if (StrnCaseCmp( input, "S-", 2)) { /* Perhaps its the NT group name? */ - if (!NT_STATUS_IS_OK(pdb_getgrnam(&map, input))) { + if (!pdb_getgrnam(&map, input)) { printf("NT Group %s doesn't exist in mapping DB\n", input); return False; } else { @@ -153,7 +153,7 @@ static int net_groupmap_list(int argc, const char **argv) } /* Get the current mapping from the database */ - if(!NT_STATUS_IS_OK(pdb_getgrsid(&map, &sid))) { + if(!pdb_getgrsid(&map, sid)) { d_fprintf(stderr, "Failure to local group SID in the database\n"); return -1; } @@ -163,7 +163,7 @@ static int net_groupmap_list(int argc, const char **argv) else { GROUP_MAP *map=NULL; /* enumerate all group mappings */ - if (!NT_STATUS_IS_OK(pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))) + if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED)) return -1; for (i=0; i<entries; i++) { @@ -182,12 +182,18 @@ static int net_groupmap_list(int argc, const char **argv) static int net_groupmap_add(int argc, const char **argv) { + DOM_SID sid; + fstring ntgroup = ""; fstring unixgrp = ""; fstring string_sid = ""; fstring type = ""; + fstring ntcomment = ""; + enum SID_NAME_USE sid_type = SID_NAME_DOM_GRP; uint32 rid = 0; + gid_t gid; int i; GROUP_MAP map; + const char *name_type; ZERO_STRUCT(map); @@ -213,8 +219,8 @@ static int net_groupmap_add(int argc, const char **argv) } } else if ( !StrnCaseCmp(argv[i], "ntgroup", strlen("ntgroup")) ) { - fstrcpy( map.nt_name, get_string_param( argv[i] ) ); - if ( !map.nt_name[0] ) { + fstrcpy( ntgroup, get_string_param( argv[i] ) ); + if ( !ntgroup[0] ) { d_fprintf(stderr, "must supply a name\n"); return -1; } @@ -224,16 +230,11 @@ static int net_groupmap_add(int argc, const char **argv) if ( !string_sid[0] ) { d_fprintf(stderr, "must supply a SID\n"); return -1; - } - if (!string_to_sid(&map.sid, string_sid)) { - d_fprintf(stderr, "%s is not a valid SID\n", - string_sid); - return -1; - } + } } else if ( !StrnCaseCmp(argv[i], "comment", strlen("comment")) ) { - fstrcpy( map.comment, get_string_param( argv[i] ) ); - if ( !map.comment[0] ) { + fstrcpy( ntcomment, get_string_param( argv[i] ) ); + if ( !ntcomment[0] ) { d_fprintf(stderr, "must supply a comment string\n"); return -1; } @@ -243,17 +244,17 @@ static int net_groupmap_add(int argc, const char **argv) switch ( type[0] ) { case 'b': case 'B': - map.sid_name_use = SID_NAME_WKN_GRP; + sid_type = SID_NAME_WKN_GRP; name_type = "wellknown group"; break; case 'd': case 'D': - map.sid_name_use = SID_NAME_DOM_GRP; + sid_type = SID_NAME_DOM_GRP; name_type = "domain group"; break; case 'l': case 'L': - map.sid_name_use = SID_NAME_ALIAS; + sid_type = SID_NAME_ALIAS; name_type = "alias (local) group"; break; default: @@ -272,13 +273,13 @@ static int net_groupmap_add(int argc, const char **argv) return -1; } - if ( (map.gid = nametogid(unixgrp)) == (gid_t)-1 ) { + if ( (gid = nametogid(unixgrp)) == (gid_t)-1 ) { d_fprintf(stderr, "Can't lookup UNIX group %s\n", unixgrp); return -1; } { - if (NT_STATUS_IS_OK(pdb_getgrgid(&map, map.gid))) { + if (pdb_getgrgid(&map, gid)) { d_printf("Unix group %s already mapped to SID %s\n", unixgrp, sid_string_static(&map.sid)); return -1; @@ -288,7 +289,7 @@ static int net_groupmap_add(int argc, const char **argv) if ( (rid == 0) && (string_sid[0] == '\0') ) { d_printf("No rid or sid specified, choosing a RID\n"); if (pdb_rid_algorithm()) { - rid = pdb_gid_to_group_rid(map.gid); + rid = pdb_gid_to_group_rid(gid); } else { if (!pdb_new_rid(&rid)) { d_printf("Could not get new RID\n"); @@ -299,38 +300,39 @@ static int net_groupmap_add(int argc, const char **argv) /* append the rid to our own domain/machine SID if we don't have a full SID */ if ( !string_sid[0] ) { - sid_copy(&map.sid, get_global_sam_sid()); - sid_append_rid(&map.sid, rid); + sid_copy(&sid, get_global_sam_sid()); + sid_append_rid(&sid, rid); + sid_to_string(string_sid, &sid); } - if (!map.comment[0]) { - switch (map.sid_name_use) { + if (!ntcomment[0]) { + switch (sid_type) { case SID_NAME_WKN_GRP: - fstrcpy(map.comment, "Wellknown Unix group"); + fstrcpy(ntcomment, "Wellknown Unix group"); break; case SID_NAME_DOM_GRP: - fstrcpy(map.comment, "Domain Unix group"); + fstrcpy(ntcomment, "Domain Unix group"); break; case SID_NAME_ALIAS: - fstrcpy(map.comment, "Local Unix group"); + fstrcpy(ntcomment, "Local Unix group"); break; default: - fstrcpy(map.comment, "Unix group"); + fstrcpy(ntcomment, "Unix group"); break; } } - if (!map.nt_name[0] ) - fstrcpy( map.nt_name, unixgrp ); - - if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) { - d_fprintf(stderr, "adding entry for group %s failed!\n", - map.nt_name); + if (!ntgroup[0] ) + fstrcpy( ntgroup, unixgrp ); + + + if (!NT_STATUS_IS_OK(add_initial_entry(gid, string_sid, sid_type, ntgroup, ntcomment))) { + d_fprintf(stderr, "adding entry for group %s failed!\n", ntgroup); return -1; } d_printf("Successfully added group %s to the mapping db as a %s\n", - map.nt_name, name_type); + ntgroup, name_type); return 0; } @@ -417,7 +419,7 @@ static int net_groupmap_modify(int argc, const char **argv) } /* Get the current mapping from the database */ - if(!NT_STATUS_IS_OK(pdb_getgrsid(&map, &sid))) { + if(!pdb_getgrsid(&map, sid)) { d_fprintf(stderr, "Failure to local group SID in the database\n"); return -1; } @@ -426,17 +428,16 @@ static int net_groupmap_modify(int argc, const char **argv) * Allow changing of group type only between domain and local * We disallow changing Builtin groups !!! (SID problem) */ - if (sid_type == SID_NAME_UNKNOWN) { d_fprintf(stderr, "Can't map to an unknown group type.\n"); return -1; - } + } if (map.sid_name_use == SID_NAME_WKN_GRP) { d_fprintf(stderr, "You can only change between domain and local groups.\n"); return -1; } - + map.sid_name_use=sid_type; /* Change comment if new one */ @@ -550,13 +551,13 @@ static int net_groupmap_set(int argc, const char **argv) } } - have_map = NT_STATUS_IS_OK(pdb_getgrnam(&map, ntgroup)); + have_map = pdb_getgrnam(&map, ntgroup); if (!have_map) { DOM_SID sid; have_map = ( (strncmp(ntgroup, "S-", 2) == 0) && string_to_sid(&sid, ntgroup) && - NT_STATUS_IS_OK(pdb_getgrsid(&map, &sid)) ); + pdb_getgrsid(&map, sid) ); } if (!have_map) { @@ -629,8 +630,8 @@ static int net_groupmap_cleanup(int argc, const char **argv) GROUP_MAP *map = NULL; size_t i, entries; - if (!NT_STATUS_IS_OK(pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, - ENUM_ALL_MAPPED))) { + if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, + ENUM_ALL_MAPPED)) { d_fprintf(stderr, "Could not list group mappings\n"); return -1; } diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 7cf3bb6e1d..bbe09a3b35 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -588,7 +588,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) group_sid = *pdb_get_group_sid(sam_account); - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, &group_sid))) { + if (!pdb_getgrsid(&map, group_sid)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); } else { @@ -630,7 +630,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - if (NT_STATUS_IS_OK(pdb_getgrsid(&map, &group_sid))) { + if (pdb_getgrsid(&map, group_sid)) { if ( map.gid != -1 ) grp = getgrgid(map.gid); insert = False; @@ -689,7 +689,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) sid_copy(&group_sid, get_global_sam_sid()); sid_append_rid(&group_sid, rid); - if (!NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map))) { + if (!get_domain_group_from_sid(group_sid, &map)) { DEBUG(0, ("Could not find global group %d\n", rid)); return NT_STATUS_NO_SUCH_GROUP; } @@ -805,6 +805,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, fstring comment; struct group *grp = NULL; DOM_SID alias_sid; + fstring sid_string; GROUP_MAP map; BOOL insert = True; @@ -814,8 +815,9 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); sid_append_rid(&alias_sid, rid); + sid_to_string(sid_string, &alias_sid); - if (NT_STATUS_IS_OK(pdb_getgrsid(&map, &alias_sid))) { + if (pdb_getgrsid(&map, alias_sid)) { grp = getgrgid(map.gid); insert = False; } diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index 16f7b1b25b..654c9ec5b2 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -330,7 +330,7 @@ static int net_sam_set_comment(int argc, const char **argv) return -1; } - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, &sid))) { + if (!pdb_getgrsid(&map, sid)) { d_fprintf(stderr, "Could not load group %s\n", argv[0]); return -1; } @@ -882,7 +882,7 @@ static int net_sam_provision(int argc, const char **argv) sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS); - if (!NT_STATUS_IS_OK(pdb_getgrsid(&gmap, &gsid))) { + if (!pdb_getgrsid(&gmap, gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -935,7 +935,7 @@ domu_done: sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS); - if (!NT_STATUS_IS_OK(pdb_getgrsid(&gmap, &gsid))) { + if (!pdb_getgrsid(&gmap, gsid)) { LDAPMod **mods = NULL; char *dn; char *uname; @@ -1153,7 +1153,7 @@ doma_done: goto done; } - if (!NT_STATUS_IS_OK(pdb_getgrgid(&gmap, pwd->pw_gid))) { + if (!pdb_getgrgid(&gmap, pwd->pw_gid)) { LDAPMod **mods = NULL; char *dn; char *uname; |