summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2012-12-03s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()Michael Adam1-0/+5
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()Michael Adam1-3/+3
instead of sid_check_sid_is_in_our_sam). This allows for builtin sids, wellknown sids and "Unix User" and "Unix Group" domains. This broadens up the check moved here in commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: add sid_check_object_is_for_passdb()Michael Adam3-0/+35
Variant of sid_check_is_for_passdb() that only checks for objects in the various domains, not for the domain sids themselves. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of ↵Michael Adam2-16/+35
pdb_default_sid_to_id() The special treatment of the "Unix User" and "Unix Group" pseudo domains can be reused. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our samMichael Adam1-5/+0
This code treats the own sam, builtin, wellknown, and sids from the "Unix User" and "Unix Group" pseudo-domains. This reverts part of commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: use the new sid_check_is_for_passdb() in ↵Michael Adam1-6/+2
idmap_find_domain_with_sid() This is more correct than the original one: It also hands the wellknown and "Unix Users" and "Unix Groups" sids to passdb for id mapping. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03build the new sid_check_is_for_passdb() function into passdbMichael Adam3-0/+3
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:lib: add utility function sid_check_is_for_passdb()Michael Adam2-0/+102
This function checks whether the given sid should be treated by passdb (e.g. for id mapping). Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove unused function idmap_backends_sid_to_unixid()Michael Adam2-43/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:test:wbinfo_sids2xids: test the results with singular calls with filled ↵Michael Adam2-11/+29
and with empty cache Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.shMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mappingMichael Adam1-0/+3
This is to remove problems with the same unix-id being used both as a uid and a gid. The autorid backend will map a given number to the same SID, no matter whether this is a uid or a gid. This will prime the idmap cache with mappings. The sid-to-u/gid mapping, when not going through the cache, instead checks for the type of the sid and only allows unix ids of the corresponding type. Hence the rid backend will give different results, depending on whether the cache is filled or not. This patch lets the autorid backend always create sid->id mappings of type both. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mappingMichael Adam1-0/+2
This is to remove problems with the same unix-id being used both as a uid and a gid. The rid backend will map a given number to the same SID, no matter whether this is a uid or a gid. This will prime the idmap cache with mappings. The sid-to-u/gid mapping, when not going through the cache, instead checks for the type of the sid and only allows unix ids of the corresponding type. Hence the rid backend will give different results, depending on whether the cache is filled or not. This patch lets the rid backend always create sid->id mappings of type both. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove unused idmap_sid_to_gid()Michael Adam2-75/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove unused idmap_sid_to_uid()Michael Adam2-75/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove unused server implementation of wbint_Sid2Gid()Michael Adam1-14/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove unused server implementation of wbint_Sid2Uid()Michael Adam1-14/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove wbint_Sid2Gid from the wbint.idlMichael Adam1-6/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove wbint_Sid2Uid() from the wbint.idlMichael Adam1-6/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modulesMichael Adam5-346/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: change winbindd_getgroups to use wb_sids2xids instead of wb_sid2gidMichael Adam1-5/+14
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: change wb_getgrsid to use wb_sids2xids instead of wb_sid2gidMichael Adam1-2/+17
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: change wb_fill_pwent to use wb_sids2xids instead of wb_sid2[ug]idMichael Adam1-4/+32
We can optimize this later and just do one wb_sids2xids_send/recv call. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: make idmap_find_domain() static.Michael Adam2-2/+1
idmap_find_domain_with_sid() should be used instead Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: also use idmap_passdb for own sam and builtin in ↵Michael Adam1-3/+3
wbint_Sids2UnixIDs() This is the way the singular calls work and how they should (currently) work. The two code paths need to give the same results. It is important to use the passdb backend, otherwise groups don't work. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: add idmap_find_domain_with_sid()Michael Adam2-0/+18
This will return the passdb domain if the given sid is in our sam or builtin or is the domain sid of those domains. Otherwise it returns the idmap domain that results from the idmap configuration. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: rename idmap_init_passdb_domain() -> idmap_passdb_domain()Michael Adam1-3/+3
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: use struct unixid instead of uint64 in Sids2Xids parent<->childMichael Adam3-5/+8
This implicitly also hands the type of the resulting unix-id that the idmap backend has created back to the caller. This is important for backends that would set a broader type than the requested one, e.g. rid backend returning BOTH instead of UID or GID. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()Michael Adam1-0/+3
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()Michael Adam1-0/+5
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: use wb_sids2xids instead of wb_sid2gid in winbindd_sid_to_gidMichael Adam1-2/+16
The main purpose of the change is to hand the sid into the idmap backend and handle responsiblity for handling the sid-type correctly to the idmap backend instead of failing directly when the sid is not of group type. Hence backends like rid who are sid-type agnostic, can return gids also for sids of other types. This is an important fix to make sid_to_gid behave the consistently with and without the presence of cache entries. We need to additionally filter the result for id type GID or more general (BOTH) to keep the behaviour. This is a step towards using only one codepath to id_mapping. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: use wb_sids2xids instead of wb_sid2uid in winbindd_sid_to_uidMichael Adam1-2/+16
The main purpose of the change is to hand the sid into the idmap backend and handle responsiblity for handling the sid-type correctly to the idmap backend instead of failing directly when the sid is not of type user. Hence backends like rid who are sid-type agnostic, can return uids also for sids of other types. This is an important fix to make sid_to_uid behave the consistently with and without the presence of cache entries. We need to additionally filter the result for id type UID or more general (BOTH) to keep the behaviour. This is a step towards using only one codepath to id_mapping. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: factor winbindd_sids_to_xids into external and internal partMichael Adam5-165/+286
- external part takes winbindd request/reponse structs (with sid strings) - internal part takes sid lists The new internal part implements functions wb_sids2xids_* that are moved into the new module wb_sids2xids.c. The purpose of this change is to use wb_sids2xids in winbindd_sid_to_uid and winbindd_sid_to_gid instead of the currently used wb_sid2uid and wb_sid2gid. We should just have one code path into id mapping and not several that behave differently. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: convert some spaces to tabs in winbindd_sids_to_xids_send()Michael Adam1-4/+4
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: add explaining comment winbindd_sids_to_xids_send()Michael Adam1-0/+5
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: factor lsa_SidType_to_id_type() out of ↵Michael Adam1-14/+25
winbindd_sids_to_xids_lookupsids_done() for readability Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd: simplify winbindd_sids_to_xids_recv() a bit.Michael Adam1-40/+25
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-03s3:winbindd:util: add a comment explaining the function parse_sidlist()Michael Adam1-0/+9
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-02s3:smbcacls: add --query-security-info and --set-security-info optionsStefan Metzmacher1-10/+55
This allows the caller to specify the security_information flags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flagsStefan Metzmacher2-16/+49
In order to set and get security_descriptors it's important to specify the sec_info flags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a ↵Stefan Metzmacher1-0/+54
group Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: try the primary sid (user) as group_sid if the token has just ↵Stefan Metzmacher1-1/+5
one sid Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: use Builtin_Administrators as owner of files (if possible)Stefan Metzmacher1-4/+41
We do this if the idmap layer resolves Builtin_Administrators as ID_TYPE_BOTH and if the current token has the Builtin_Administrators SID or it's SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s3-reg: Fix copy and paste error in debug message.Andreas Schneider1-2/+2
Found by coverity.
2012-11-30s3:popt_common: Fix password processing.Stefan Metzmacher1-11/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Nov 30 14:01:08 CET 2012 on sn-devel-104
2012-11-30s3:util: fix usage of popt_burn_cmdline_password()Stefan Metzmacher2-2/+0
We should only call popt_burn_cmdline_password() after poptFreeContext(), otherwise we remove the password to early. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbind: use new reconnect logic in rpc_lookup_sids() also.Günther Deschner1-16/+7
Volker, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: rework reconnect logic in winbindd_lookup_names().Günther Deschner1-12/+13
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: rework reconnect logic in winbindd_lookup_sids().Günther Deschner1-12/+14
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: remove lookup_sids_fn_t.Günther Deschner1-21/+12
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>