summaryrefslogtreecommitdiff
path: root/source3/groupdb/mapping.c
AgeCommit message (Collapse)AuthorFilesLines
2010-08-14s3:groupdb: allocate a gid after allocating a rid in pdb_default_create_alias()Michael Adam1-6/+7
Michael
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-24/+24
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-rpc_misc: clean out include/rpc_misc.h.Günther Deschner1-1/+1
Well known rids don't really belong into an rpc header, just use the ones defined in security.idl. Guenther
2010-03-14s3: Fix some nonempty blank linesVolker Lendecke1-17/+15
2010-03-01s3:groupmap revert to tdb storageSimo Sorce1-19/+1
Group mapping needs to be cluster aware, and this means using the tdb backend. Remove ldb group mapping as this is not cluster aware.
2010-01-10s3: Replace most calls to sid_append_rid() by sid_compose()Volker Lendecke1-2/+1
2009-06-08Pass a talloc_ctx to pdb_enum_aliasmemVolker Lendecke1-3/+4
2009-05-11Fix a bunch of compiler warnings about wrong format types.Jeremy Allison1-3/+3
Should make Solaris 10 builds look cleaner. Jeremy.
2008-07-14Add fix from Simo for bug #5540 - missing code to substituteJeremy Allison1-3/+6
%u. Make this the same as other uses. Jeremy. (This used to be commit c4a137e9789b06047ce53e5828fb5e1bb76aca06)
2008-04-12groupdb: readd groupdb:backend parametric optionStefan Metzmacher1-2/+20
This reverts c5adb92c020e38644baf1afc8fc570a518cd6307. The reason is that ldb doesn't work for cluster setups yet. metze (This used to be commit 5f5d90ef76b969ecbe564399368a7450c4e3d155)
2007-12-17Fix flags in call of lookup_name() in pdb_default_create_alias().Michael Adam1-1/+1
Use new flag LOOKUP_NAME_LOCAL. Michael (This used to be commit 280d6cb6c8e834ce0a08769e9187b0f40321716f)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-1/+1
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-11-13Remove all pstring from groupdb/Jeremy Allison1-34/+95
Jeremy. (This used to be commit 6959c5c7e3e95604c66788b86d5789757e18cc36)
2007-10-24[crash fix] don't use already free'ed memoryStefan Metzmacher1-2/+2
(found by "make valgrindtest" and my "start winbindd on make test" patch) metze (cherry picked from commit fe21e48489852720a05b305b251e4f5cbb200f7a) (cherry picked from commit 26d8a1ad20c10da495970c584983fbd261b4946e) (This used to be commit a128a8805e172738334ec6854548f138c335058b)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-9/+9
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25405: Fix formatting as per metze's commentsGerald Carter1-1/+1
(This used to be commit 45fa393358926117e0209970414678547d8504a6)
2007-10-10r25393: Removed unused variableGerald Carter1-2/+0
(This used to be commit 11894a62e3a41f3387fac1a578258321333085ac)
2007-10-10r25380: Remove the groupdb:mapping parameter as discussed in the following ↵Gerald Carter1-14/+2
thread: http://lists.samba.org/archive/samba-technical/2007-June/053747.html (This used to be commit c5adb92c020e38644baf1afc8fc570a518cd6307)
2007-10-10r25024: Fix a whole bunch of Coverity bugsVolker Lendecke1-0/+1
The callers of get_domain_group_from_sid() with some justification expected map->gid to be initialized when get_domain_group_from_sid returned True. (This used to be commit bc8b74dbfec965ede7bf45118d1a863b28d000fd)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach1-1/+1
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23323: merged ldb changes from 3.0.26Andrew Tridgell1-11/+87
(This used to be commit 7c9a5c2a3f012a06e9550dc0de7df460c2fd943b)
2007-10-10r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "netVolker Lendecke1-64/+0
sam unmapunixgroup" (This used to be commit 55e2f35fad8bda3ff2c2ace5323ddeaee87d783e)
2007-10-10r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and changeVolker Lendecke1-16/+0
return values of some alias-releated pdb functions from BOOL to NTSTATUS Thanks :-) (This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d)
2007-10-10r22554: Fix an assumption that TALLOC_ARRAY(.., 0) != NULL.Volker Lendecke1-2/+7
Volker (This used to be commit 1f15a8f371f7c56d1a6e67e52f0f184bbd270c84)
2007-10-10r20090: Fix a class of bugs found by James Peach. EnsureJeremy Allison1-1/+1
we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2007-10-10r18867: change the group mapping code to use ldb instead of tdbAndrew Tridgell1-648/+1
See the discussion of this on the samba-technical list (This used to be commit 4ad1436ceae0128e187222fce0fc79adb3049d3f)
2007-10-10r18703: Fix the annoying effect that happens when nscd is running:Günther Deschner1-1/+16
We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21)
2007-10-10r18271: Big change:Gerald Carter1-7/+7
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-1/+1
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17554: CleanupVolker Lendecke1-531/+450
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17550: Fix a few bugs in the tdb_multikey code. Thanks to tridge for ↵Volker Lendecke1-4/+4
pointing them out. Volker (This used to be commit 6bf5e7080a51c416d1d1466b1ca84c8f23a6bf2c)
2007-10-10r17470: This is the group mapping rewrite announced a few days ago. I'm ↵Volker Lendecke1-293/+473
afraid it's more than 1000 lines of patch, but doing it in smaller pieces is hardly possible. Anybody interested please look over this. The patch is not really interesting, just look at the new groupdb/mapping.c file. Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we have overlapping mappings in group_mapping.tdb. With the old db a unix gid can be mapped to two different SIDs. This will be refused with the new code. Volker (This used to be commit f0f0e893ca41d35b58b35929de78dcb911b3c7dc)
2007-10-10r17468: To minimize the diff later on, pre-commit some changes ↵Volker Lendecke1-113/+103
independently: Change internal mapping.c functions to return NTSTATUS instead of BOOL. Volker (This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a)
2007-10-10r17465: Get rid of add_initial_entry. In the two places it was called in it ↵Volker Lendecke1-25/+0
seemed a bit pointless to me. Volker (This used to be commit 244b25ae49d3c635fc54498dbee29f5b649ea1fa)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke1-68/+4
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as anVolker Lendecke1-13/+13
argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
2007-10-10r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring ↵Volker Lendecke1-1/+1
does not have the timeout argument in Samba4. Add a new routine tdb_lock_bystring_with_timeout. Volker (This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f)
2007-10-10r14634: Many bug fixes thanks to train rides and overnight stays in airportsGerald Carter1-0/+1
* Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)
2007-10-10r14457: Add a few more special cases for RID 513 in the samr code.Gerald Carter1-1/+17
Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)
2007-10-10r14403: * modifies create_local_nt_token() to create a BUILTIN\AdministratorsGerald Carter1-52/+102
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)
2007-10-10r13955: Fix Coverity ID 139.Volker Lendecke1-1/+1
Not a bug in the strictest sense, more a clarification. This whole routine assumes new_gid != NULL anyway, so there's no point in checking. Volker (This used to be commit dfbf09c772b9588271e2d8e053c7494bb087c544)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-5/+4
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-1/+1
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-9/+8
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-105/+90
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12438: Remove an unused functionVolker Lendecke1-28/+0
(This used to be commit 561e351d25b58fda4b050525aa03d18e4d88cc6c)
2007-10-10r12185: Cosmetic cleanupVolker Lendecke1-32/+3
(This used to be commit d1e8f9afffecf986a428bfac29b22dcbce610016)
2007-10-10r12182: Cosmetic cleanupVolker Lendecke1-35/+25
(This used to be commit 81c358b511457fbc6304845acb4bfbf1b4adf062)