From 0053bd8b80cc08d65948c97f8ab0b4e2b829f083 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 23 Mar 2001 00:50:31 +0000 Subject: first pass of the new group mapping code J.F. (This used to be commit 7154deb026d53cb0cd503562174c3332a372be63) --- source3/groupdb/mapping.c | 754 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 754 insertions(+) create mode 100644 source3/groupdb/mapping.c (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c new file mode 100644 index 0000000000..df4552e103 --- /dev/null +++ b/source3/groupdb/mapping.c @@ -0,0 +1,754 @@ +/* + * Unix SMB/Netbios implementation. + * Version 1.9. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Jean François Micouleau 1998-2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; + +static TDB_CONTEXT *tdb; /* used for driver files */ + +#define DATABASE_VERSION 1 +#define GROUP_PREFIX "UNIXGROUP/" + +PRIVS privs[] = { + {SE_PRIV_NONE, "no_privs", "No privilege"}, + {SE_PRIV_ADD_USERS, "add_users", "add users"}, + {SE_PRIV_ADD_MACHINES, "add_computers", ""}, + {SE_PRIV_PRINT_OPERATOR, "print_op", ""}, + {SE_PRIV_ALL, "all_privs", ""} +}; +/* +PRIVS privs[] = { + { 2, "SeCreateTokenPrivilege" }, + { 3, "SeAssignPrimaryTokenPrivilege" }, + { 4, "SeLockMemoryPrivilege" }, + { 5, "SeIncreaseQuotaPrivilege" }, + { 6, "SeMachineAccountPrivilege" }, + { 7, "SeTcbPrivilege" }, + { 8, "SeSecurityPrivilege" }, + { 9, "SeTakeOwnershipPrivilege" }, + { 10, "SeLoadDriverPrivilege" }, + { 11, "SeSystemProfilePrivilege" }, + { 12, "SeSystemtimePrivilege" }, + { 13, "SeProfileSingleProcessPrivilege" }, + { 14, "SeIncreaseBasePriorityPrivilege" }, + { 15, "SeCreatePagefilePrivilege" }, + { 16, "SeCreatePermanentPrivilege" }, + { 17, "SeBackupPrivilege" }, + { 18, "SeRestorePrivilege" }, + { 19, "SeShutdownPrivilege" }, + { 20, "SeDebugPrivilege" }, + { 21, "SeAuditPrivilege" }, + { 22, "SeSystemEnvironmentPrivilege" }, + { 23, "SeChangeNotifyPrivilege" }, + { 24, "SeRemoteShutdownPrivilege" }, +}; +*/ + +#if 0 +/**************************************************************************** +check if the user has the required privilege. +****************************************************************************/ +static BOOL se_priv_access_check(NT_USER_TOKEN *token, uint32 privilege) +{ + /* no token, no privilege */ + if (token==NULL) + return False; + + if ((token->privilege & privilege)==privilege) + return True; + + return False; +} +#endif + +/**************************************************************************** +dump the mapping group mapping to a text file +****************************************************************************/ +char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use) +{ + static fstring group_type; + + switch(name_use) { + case SID_NAME_USER: + fstrcpy(group_type,"User"); + break; + case SID_NAME_DOM_GRP: + fstrcpy(group_type,"Domain group"); + break; + case SID_NAME_DOMAIN: + fstrcpy(group_type,"Domain"); + break; + case SID_NAME_ALIAS: + fstrcpy(group_type,"Local group"); + break; + case SID_NAME_WKN_GRP: + fstrcpy(group_type,"Builtin group"); + break; + case SID_NAME_DELETED: + fstrcpy(group_type,"Deleted"); + break; + case SID_NAME_INVALID: + fstrcpy(group_type,"Invalid"); + break; + case SID_NAME_UNKNOWN: + default: + fstrcpy(group_type,"Unknown type"); + break; + } + + fstrcpy(group, group_type); + return group_type; +} + +/**************************************************************************** +open the group mapping tdb +****************************************************************************/ +BOOL init_group_mapping(void) +{ + static pid_t local_pid; + char *vstring = "INFO/version"; + + if (tdb && local_pid == sys_getpid()) return True; + tdb = tdb_open(lock_path("group_mapping.tdb"), 0, 0, O_RDWR|O_CREAT, 0600); + if (!tdb) { + DEBUG(0,("Failed to open group mapping database\n")); + return False; + } + + local_pid = sys_getpid(); + + /* handle a Samba upgrade */ + tdb_lock_bystring(tdb, vstring); + if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) { + tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL); + tdb_store_int(tdb, vstring, DATABASE_VERSION); + } + tdb_unlock_bystring(tdb, vstring); + + + return True; +} + +/**************************************************************************** +****************************************************************************/ +BOOL add_mapping_entry(GROUP_MAP *map, int flag) +{ + TDB_DATA kbuf, dbuf; + pstring key, buf; + fstring string_sid; + int len; + + sid_to_string(string_sid, &map->sid); + + len = tdb_pack(buf, sizeof(buf), "ddffd", + map->gid, map->sid_name_use, map->nt_name, map->comment, map->privilege); + + if (len > sizeof(buf)) return False; + + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dsize = strlen(key)+1; + kbuf.dptr = key; + dbuf.dsize = len; + dbuf.dptr = buf; + if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; + + return True; +} + +/**************************************************************************** +initialise first time the mapping list +****************************************************************************/ +BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, + fstring nt_name, fstring comment, uint32 privilege) +{ + GROUP_MAP map; + + map.gid=gid; + string_to_sid(&map.sid, sid); + map.sid_name_use=sid_name_use; + fstrcpy(map.nt_name, nt_name); + fstrcpy(map.comment, comment); + map.privilege=privilege; + + add_mapping_entry(&map, TDB_INSERT); + + return True; +} + +/**************************************************************************** +initialise first time the mapping list +****************************************************************************/ +BOOL default_group_mapping() +{ + DOM_SID sid_admins; + DOM_SID sid_users; + DOM_SID sid_guests; + fstring str_admins; + fstring str_users; + fstring str_guests; + + + /* Add the Wellknown groups */ + + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", SE_PRIV_ALL); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", SE_PRIV_NONE); + + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", SE_PRIV_NONE); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", SE_PRIV_PRINT_OPERATOR); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", SE_PRIV_NONE); + + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", SE_PRIV_NONE); + + /* Add the defaults domain groups */ + + sid_copy(&sid_admins, &global_sam_sid); + sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); + sid_to_string(str_admins, &sid_admins); + add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", SE_PRIV_ALL); + + sid_copy(&sid_users, &global_sam_sid); + sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); + sid_to_string(str_users, &sid_users); + add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", SE_PRIV_NONE); + + sid_copy(&sid_guests, &global_sam_sid); + sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); + sid_to_string(str_guests, &sid_guests); + add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", SE_PRIV_NONE); + + return True; +} + + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + int ret; + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) return False; + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) { + DEBUG(0,("get_group_map_from_sid: mapping TDB corrupted ?\n")); + return False; + } + + sid_copy(&map->sid, &sid); + + return True; +} + + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; + + /* we need to enumerate the TDB to find the GID */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) continue; + + if (gid==map->gid) + return True; + } + + return False; +} + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; + + /* we need to enumerate the TDB to find the GID */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) continue; + + if (StrCaseCmp(name, map->nt_name)==0) + return True; + + } + + return False; +} + +/**************************************************************************** +enumerate the group mapping +****************************************************************************/ +BOOL group_map_remove(DOM_SID sid) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) return False; + + safe_free(dbuf.dptr); + + if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) + return False; + + return True; +} + + +/**************************************************************************** +enumerate the group mapping +****************************************************************************/ +BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + fstring group_type; + GROUP_MAP map; + GROUP_MAP *mapt=NULL; + int ret; + int entries=0; + + *num_entries=0; + *rmap=NULL; + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.privilege); + + safe_free(dbuf.dptr); + if (ret != dbuf.dsize) continue; + + /* list only the type or everything if UNKNOWN */ + if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) continue; + + string_to_sid(&map.sid, string_sid); + + decode_sid_name_use(group_type, map.sid_name_use); + + mapt=(GROUP_MAP *)Realloc(mapt, (entries+1)*sizeof(GROUP_MAP)); + + mapt[entries].gid = map.gid; + sid_copy( &mapt[entries].sid, &map.sid); + mapt[entries].sid_name_use = map.sid_name_use; + fstrcpy(mapt[entries].nt_name, map.nt_name); + fstrcpy(mapt[entries].comment, map.comment); + mapt[entries].privilege = map.privilege; + + entries++; + } + + *rmap=mapt; + *num_entries=entries; + return True; +} + + +/**************************************************************************** +convert a privilege list to a privilege value +****************************************************************************/ +void convert_priv_from_text(uint32 *se_priv, char *privilege) +{ + pstring tok; + char *p = privilege; + int i; + + /* By default no privilege */ + (*se_priv)=0x0; + + if (privilege==NULL) + return; + + while(next_token(&p, tok, " ", sizeof(tok)) ) { + for (i=0; i<=PRIV_ALL_INDEX; i++) { + if (StrCaseCmp(privs[i].priv, tok)==0) + (*se_priv)+=privs[i].se_priv; + } + } +} + +/**************************************************************************** +convert a privilege value to a privilege list +****************************************************************************/ +void convert_priv_to_text(uint32 se_priv, char *privilege) +{ + int i; + + if (privilege==NULL) + return; + + ZERO_STRUCTP(privilege); + + if (se_priv==SE_PRIV_NONE) { + fstrcat(privilege, privs[0].priv); + return; + } + + if (se_priv==SE_PRIV_ALL) { + fstrcat(privilege, privs[PRIV_ALL_INDEX].priv); + return; + } + + for (i=1; privs[i].se_priv!=SE_PRIV_ALL; i++) { + if ( (se_priv & privs[i].se_priv) == privs[i].se_priv) { + fstrcat(privilege, privs[i].priv); + fstrcat(privilege, " "); + } + } +} + + +/* + * + * High level functions + * better to use them than the lower ones. + * + * we are checking if the group is in the mapping file + * and if the group is an existing unix group + * + */ + +/* get a domain group from it's SID */ + +BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + struct group *grp; + + /* if the group is NOT in the database, it CAN NOT be a domain group */ + if(!get_group_map_from_sid(sid, map)) + return False; + + /* if it's not a domain group, continue */ + if (map->sid_name_use!=SID_NAME_DOM_GRP) + return False; + + if (map->gid==-1) + return False; + + if ( (grp=getgrgid(map->gid)) == NULL) + return False; + + return True; +} + + +/* get a local (alias) group from it's SID */ + +BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + struct group *grp; + + /* The group is in the mapping table */ + if(get_group_map_from_sid(sid, map)) { + if (map->sid_name_use!=SID_NAME_ALIAS) + return False; + + if (map->gid==-1) + return False; + + if ( (grp=getgrgid(map->gid)) == NULL) + return False; + } else { + /* the group isn't in the mapping table. + * make one based on the unix information */ + uint32 alias_rid; + + sid_split_rid(&sid, &alias_rid); + map->gid=pdb_user_rid_to_gid(alias_rid); + + if ((grp=getgrgid(map->gid)) == NULL) + return False; + + map->sid_name_use=SID_NAME_ALIAS; + + fstrcpy(map->nt_name, grp->gr_name); + fstrcpy(map->comment, "Local Unix Group"); + + map->privilege=SE_PRIV_NONE; + + } + + return True; +} + +/* get a builtin group from it's SID */ + +BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) +{ + struct group *grp; + + if(!get_group_map_from_sid(sid, map)) + return False; + + if (map->sid_name_use!=SID_NAME_WKN_GRP) + return False; + + if (map->gid==-1) + return False; + + if ( (grp=getgrgid(map->gid)) == NULL) + return False; + + return True; +} + + + +/**************************************************************************** +Returns a GROUP_MAP struct based on the gid. +****************************************************************************/ +BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) +{ + struct group *grp; + DOM_SID sid; + uint32 rid; + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + /* + * make a group map from scratch if doesn't exist. + */ + if (!get_group_map_from_gid(gid, map)) { + map->gid=gid; + map->sid_name_use=SID_NAME_ALIAS; + map->privilege=SE_PRIV_NONE; + + rid=pdb_gid_to_group_rid(gid); + sid_copy(&sid, &global_sam_sid); + sid_append_rid(&sid, rid); + + fstrcpy(map->nt_name, grp->gr_name); + fstrcpy(map->comment, "Local Unix Group"); + } + + return True; +} + + + + +/**************************************************************************** + Get the member users of a group and + all the users who have that group as primary. + + give back an array of uid + return the grand number of users + + + TODO: sort the list and remove duplicate. JFM. + +****************************************************************************/ + +BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) +{ + struct group *grp; + struct passwd *pwd; + int i=0; + char *gr; + + *num_uids = 0; + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + gr = grp->gr_mem[0]; + DEBUG(10, ("getting members\n")); + + while (gr && (*gr != (char)NULL)) { + (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + + if( (pwd=getpwnam(gr)) !=NULL) { + (*uid)[*num_uids]=pwd->pw_uid; + (*num_uids)++; + } + gr = grp->gr_mem[++i]; + } + DEBUG(10, ("got [%d] members\n", *num_uids)); + + setpwent(); + while ((pwd=getpwent()) != NULL) { + if (pwd->pw_gid==gid) { + (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + (*uid)[*num_uids]=pwd->pw_uid; + + (*num_uids)++; + } + } + endpwent(); + DEBUG(10, ("got primary groups, members: [%d]\n", *num_uids)); + + return True; +} + +/**************************************************************************** + Create a UNIX group on demand. +****************************************************************************/ + +int smb_create_group(char *unix_group) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_addgroup_script()); + if (! *add_script) return -1; + pstring_sub(add_script, "%g", unix_group); + ret = smbrun(add_script,NULL,False); + DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Delete a UNIX group on demand. +****************************************************************************/ + +int smb_delete_group(char *unix_group) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_delgroup_script()); + if (! *del_script) return -1; + pstring_sub(del_script, "%g", unix_group); + ret = smbrun(del_script,NULL,False); + DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + +/**************************************************************************** + Create a UNIX group on demand. +****************************************************************************/ + +int smb_add_user_group(char *unix_group, char *unix_user) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_addusertogroup_script()); + if (! *add_script) return -1; + pstring_sub(add_script, "%g", unix_group); + pstring_sub(add_script, "%u", unix_user); + ret = smbrun(add_script,NULL,False); + DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Delete a UNIX group on demand. +****************************************************************************/ + +int smb_delete_user_group(char *unix_group, char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluserfromgroup_script()); + if (! *del_script) return -1; + pstring_sub(del_script, "%g", unix_group); + pstring_sub(del_script, "%u", unix_user); + ret = smbrun(del_script,NULL,False); + DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + + + -- cgit From da8805b377e361a7cab399b3c786a25f7175e7cf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 23 Mar 2001 02:14:08 +0000 Subject: groupdb/mapping.c: include/proto.h: Fix missing (void) in proto. rpc_server/srv_samr_nt.c: Fix user private group problem by filtering out groups that clash with users. smbd/posix_acls.c: Ensure default ACE's are sensible. utils/pdbedit.c: Fix from Simo Sorce. Jeremy. (This used to be commit 29414fe0d6665642d9b5f88a35e712426376c47f) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index df4552e103..303ac820bb 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -200,7 +200,7 @@ BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, /**************************************************************************** initialise first time the mapping list ****************************************************************************/ -BOOL default_group_mapping() +BOOL default_group_mapping(void) { DOM_SID sid_admins; DOM_SID sid_users; -- cgit From 2ef68c7e92d4661664f0410509f7cb551e74a198 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Apr 2001 19:12:06 +0000 Subject: Merge of Andrew's changes in 2.2. Jeremy. (This used to be commit fc76681812b1469208ad6c8847afdfc68bc6db49) --- source3/groupdb/mapping.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 303ac820bb..435d315518 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -692,7 +692,7 @@ int smb_create_group(char *unix_group) pstrcpy(add_script, lp_addgroup_script()); if (! *add_script) return -1; pstring_sub(add_script, "%g", unix_group); - ret = smbrun(add_script,NULL,False); + ret = smbrun(add_script,NULL); DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); return ret; } @@ -709,7 +709,7 @@ int smb_delete_group(char *unix_group) pstrcpy(del_script, lp_delgroup_script()); if (! *del_script) return -1; pstring_sub(del_script, "%g", unix_group); - ret = smbrun(del_script,NULL,False); + ret = smbrun(del_script,NULL); DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } @@ -727,7 +727,7 @@ int smb_add_user_group(char *unix_group, char *unix_user) if (! *add_script) return -1; pstring_sub(add_script, "%g", unix_group); pstring_sub(add_script, "%u", unix_user); - ret = smbrun(add_script,NULL,False); + ret = smbrun(add_script,NULL); DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); return ret; } @@ -745,7 +745,7 @@ int smb_delete_user_group(char *unix_group, char *unix_user) if (! *del_script) return -1; pstring_sub(del_script, "%g", unix_group); pstring_sub(del_script, "%u", unix_user); - ret = smbrun(del_script,NULL,False); + ret = smbrun(del_script,NULL); DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } -- cgit From f35157f39293f9fa240a28642c41708b55d301c8 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 4 May 2001 15:44:27 +0000 Subject: Big cleanup of passdb and backends. I did some basic tests but I have probably broken something. Notably the password changing. So don't cry ;-) J.F. (This used to be commit a4a4c02b12f030a3b9e6225b999c90689dfc4719) --- source3/groupdb/mapping.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 435d315518..bc5ac3e9eb 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -388,7 +388,8 @@ BOOL group_map_remove(DOM_SID sid) /**************************************************************************** enumerate the group mapping ****************************************************************************/ -BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries) +BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, + int *num_entries, BOOL unix_only) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -405,10 +406,12 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *n kbuf.dptr; newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) + continue; dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) continue; + if (!dbuf.dptr) + continue; fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); @@ -416,10 +419,15 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *n &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.privilege); safe_free(dbuf.dptr); - if (ret != dbuf.dsize) continue; + if (ret != dbuf.dsize) + continue; /* list only the type or everything if UNKNOWN */ - if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) continue; + if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) + continue; + + if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) + continue; string_to_sid(&map.sid, string_sid); @@ -513,19 +521,29 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; + DEBUG(10, ("get_domain_group_from_sid\n")); + /* if the group is NOT in the database, it CAN NOT be a domain group */ if(!get_group_map_from_sid(sid, map)) return False; + DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); + /* if it's not a domain group, continue */ if (map->sid_name_use!=SID_NAME_DOM_GRP) return False; + + DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); if (map->gid==-1) return False; + DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid)); + if ( (grp=getgrgid(map->gid)) == NULL) - return False; + return False; + + DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); return True; } @@ -599,8 +617,6 @@ Returns a GROUP_MAP struct based on the gid. BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) { struct group *grp; - DOM_SID sid; - uint32 rid; if ( (grp=getgrgid(gid)) == NULL) return False; @@ -613,9 +629,8 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) map->sid_name_use=SID_NAME_ALIAS; map->privilege=SE_PRIV_NONE; - rid=pdb_gid_to_group_rid(gid); - sid_copy(&sid, &global_sam_sid); - sid_append_rid(&sid, rid); + sid_copy(&map->sid, &global_sam_sid); + sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); fstrcpy(map->nt_name, grp->gr_name); fstrcpy(map->comment, "Local Unix Group"); -- cgit From b6a6b4b02ef923ce71a8be8258ccee1cbb439c6f Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Tue, 8 May 2001 16:33:18 +0000 Subject: fixes to the group mapping code. Not ready yet. J.F. (This used to be commit 62a7a567fdea230b77cc97a3f74d868542c34700) --- source3/groupdb/mapping.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index bc5ac3e9eb..5b844e93d2 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -662,6 +662,7 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) char *gr; *num_uids = 0; + *uid=NULL; if ( (grp=getgrgid(gid)) == NULL) return False; -- cgit From 8c4d6548a91961ecc2a177f4f6f95fbea4035cd3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 17 May 2001 00:24:34 +0000 Subject: groupdb/mapping.c: Fix gcc compiler warning. smbd/connection.c: Sync up with code in 2.2 Jeremy. (This used to be commit 87025c223dd33f2e02060c2a5cd45502946c87c6) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5b844e93d2..2f258ea724 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -670,7 +670,7 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) gr = grp->gr_mem[0]; DEBUG(10, ("getting members\n")); - while (gr && (*gr != (char)NULL)) { + while (gr && (*gr != (char)'\0')) { (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); if( (pwd=getpwnam(gr)) !=NULL) { -- cgit From 05fc3e578c895f632b351969d09cd00feb7599c7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 4 Jun 2001 05:13:59 +0000 Subject: use LDSHFLAGS not -shared in several places (This used to be commit 8ec9c87b5d1a7dae17d5b1a30f58effaf5e69e4b) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 2f258ea724..8623e0ce3d 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -130,7 +130,7 @@ BOOL init_group_mapping(void) char *vstring = "INFO/version"; if (tdb && local_pid == sys_getpid()) return True; - tdb = tdb_open(lock_path("group_mapping.tdb"), 0, 0, O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, 0, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open group mapping database\n")); return False; -- cgit From 554a455d4074161bd990722df9bc61756687e2a3 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Mon, 9 Jul 2001 18:17:00 +0000 Subject: when retrieving by sid fill also the map.sid field (This used to be commit f47797fa9595fb19d9e29ef43c5d0135268db455) --- source3/groupdb/mapping.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 8623e0ce3d..a86283b556 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -33,9 +33,9 @@ static TDB_CONTEXT *tdb; /* used for driver files */ PRIVS privs[] = { {SE_PRIV_NONE, "no_privs", "No privilege"}, {SE_PRIV_ADD_USERS, "add_users", "add users"}, - {SE_PRIV_ADD_MACHINES, "add_computers", ""}, - {SE_PRIV_PRINT_OPERATOR, "print_op", ""}, - {SE_PRIV_ALL, "all_privs", ""} + {SE_PRIV_ADD_MACHINES, "add_computers", "add computers to domain"}, + {SE_PRIV_PRINT_OPERATOR, "print_op", "printer operator"}, + {SE_PRIV_ALL, "all_privs", "all privileges"} }; /* PRIVS privs[] = { @@ -156,7 +156,7 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) { TDB_DATA kbuf, dbuf; pstring key, buf; - fstring string_sid; + fstring string_sid=""; int len; sid_to_string(string_sid, &map->sid); @@ -570,7 +570,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) * make one based on the unix information */ uint32 alias_rid; - sid_split_rid(&sid, &alias_rid); + sid_peek_rid(&sid, &alias_rid); map->gid=pdb_user_rid_to_gid(alias_rid); if ((grp=getgrgid(map->gid)) == NULL) @@ -583,6 +583,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) map->privilege=SE_PRIV_NONE; + sid_copy(&map->sid, &sid); } return True; -- cgit From 996719cce26700c68ff0e456e6a25d20085d091f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 30 Jul 2001 22:21:31 +0000 Subject: Added "use mmap" for HPUX. Jeremy. (This used to be commit 840802f10677cb0009cb4df4c37c7d01aa5edacd) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index a86283b556..97e7551586 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -130,7 +130,7 @@ BOOL init_group_mapping(void) char *vstring = "INFO/version"; if (tdb && local_pid == sys_getpid()) return True; - tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, 0, O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, USE_TDB_MMAP_FLAG, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open group mapping database\n")); return False; -- cgit From 2e783a47076bd0994b6ce86df7ec967bc1c2da63 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 12 Aug 2001 17:30:01 +0000 Subject: this is a big global fix for the ptr = Realloc(ptr, size) bug. many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9) --- source3/groupdb/mapping.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 97e7551586..268a1b1bd4 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -395,7 +395,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, fstring string_sid; fstring group_type; GROUP_MAP map; - GROUP_MAP *mapt=NULL; + GROUP_MAP *mapt; int ret; int entries=0; @@ -433,7 +433,14 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, decode_sid_name_use(group_type, map.sid_name_use); - mapt=(GROUP_MAP *)Realloc(mapt, (entries+1)*sizeof(GROUP_MAP)); + mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); + if (!mapt) { + DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + if (*rmap) free(*rmap); + *rmap=NULL; + return False; + } + else (*rmap) = mapt; mapt[entries].gid = map.gid; sid_copy( &mapt[entries].sid, &map.sid); @@ -445,7 +452,6 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, entries++; } - *rmap=mapt; *num_entries=entries; return True; } @@ -661,6 +667,7 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) struct passwd *pwd; int i=0; char *gr; + uid_t *u; *num_uids = 0; *uid=NULL; @@ -672,7 +679,12 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) DEBUG(10, ("getting members\n")); while (gr && (*gr != (char)'\0')) { - (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + if (!u) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + return False; + } + else (*uid) = u; if( (pwd=getpwnam(gr)) !=NULL) { (*uid)[*num_uids]=pwd->pw_uid; @@ -685,7 +697,12 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) setpwent(); while ((pwd=getpwent()) != NULL) { if (pwd->pw_gid==gid) { - (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + if (!u) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + return False; + } + else (*uid) = u; (*uid)[*num_uids]=pwd->pw_uid; (*num_uids)++; -- cgit From 9a9ac2739bbdc993ecdfa78298bdd9c059328378 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 6 Sep 2001 22:08:19 +0000 Subject: got rid of USE_TDB_MMAP_FLAG as its not needed any more (This used to be commit c26e0d3f27a05ecc8bd2390f9aab7f9451524e47) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 268a1b1bd4..129f0940a2 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -130,7 +130,7 @@ BOOL init_group_mapping(void) char *vstring = "INFO/version"; if (tdb && local_pid == sys_getpid()) return True; - tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, USE_TDB_MMAP_FLAG, O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open group mapping database\n")); return False; -- cgit From 31c3f7a8b2ff62d4cfc1ed9d831b95eba0da525f Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 17 Sep 2001 00:58:15 +0000 Subject: move to SAFE_FREE() (This used to be commit 89833bbbd8508dcdca70dff2c94e1d8f22535f1f) --- source3/groupdb/mapping.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 129f0940a2..5be6442173 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -269,7 +269,7 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); - safe_free(dbuf.dptr); + SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) { DEBUG(0,("get_group_map_from_sid: mapping TDB corrupted ?\n")); return False; @@ -294,7 +294,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), SAFE_FREE(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; @@ -308,7 +308,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); - safe_free(dbuf.dptr); + SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) continue; if (gid==map->gid) @@ -331,7 +331,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), SAFE_FREE(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; @@ -345,7 +345,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); - safe_free(dbuf.dptr); + SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) continue; if (StrCaseCmp(name, map->nt_name)==0) @@ -376,7 +376,7 @@ BOOL group_map_remove(DOM_SID sid) dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) return False; - safe_free(dbuf.dptr); + SAFE_FREE(dbuf.dptr); if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) return False; @@ -404,7 +404,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), SAFE_FREE(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; @@ -418,7 +418,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.privilege); - safe_free(dbuf.dptr); + SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) continue; @@ -436,8 +436,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); if (!mapt) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); - if (*rmap) free(*rmap); - *rmap=NULL; + SAFE_FREE(*rmap); return False; } else (*rmap) = mapt; -- cgit From 7f641b46763c2ea21f2bb04e3bc3ded49c5007b5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Sep 2001 03:40:55 +0000 Subject: fixed compilation of groupdb (This used to be commit 23e2561a1c303942cfceae8929e0806db91b4aa4) --- source3/groupdb/mapping.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5be6442173..fee6bf248a 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -294,7 +294,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), SAFE_FREE(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; @@ -331,7 +331,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), SAFE_FREE(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; @@ -404,7 +404,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), SAFE_FREE(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; -- cgit From 81fdc3c3f76075babe3e1f4bf43ed2cfd5723472 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 17 Sep 2001 04:16:35 +0000 Subject: move to SAFE_FREE() (This used to be commit e61aec84edaf55b9ee087b076d2f1311033dc839) --- source3/groupdb/mapping.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index fee6bf248a..a6a63cbc2a 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -294,7 +294,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), free(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; @@ -331,7 +331,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), free(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; @@ -404,7 +404,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, for (kbuf = tdb_firstkey(tdb); kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), free(kbuf.dptr), kbuf=newkey) { + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/groupdb/mapping.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index a6a63cbc2a..5173132af8 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -22,7 +22,6 @@ #include "includes.h" -extern int DEBUGLEVEL; extern DOM_SID global_sam_sid; static TDB_CONTEXT *tdb; /* used for driver files */ -- cgit From 2527f5ef52400294c98b4f4345a4f18b981ff22f Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 23 Nov 2001 15:11:22 +0000 Subject: Changed how the privileges are stored in the group mapping code. It's now an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c) --- source3/groupdb/mapping.c | 215 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 163 insertions(+), 52 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5173132af8..678824d812 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -30,11 +30,13 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define GROUP_PREFIX "UNIXGROUP/" PRIVS privs[] = { - {SE_PRIV_NONE, "no_privs", "No privilege"}, - {SE_PRIV_ADD_USERS, "add_users", "add users"}, - {SE_PRIV_ADD_MACHINES, "add_computers", "add computers to domain"}, - {SE_PRIV_PRINT_OPERATOR, "print_op", "printer operator"}, - {SE_PRIV_ALL, "all_privs", "all privileges"} + {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ + {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, + {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" }, + {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" }, + {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" }, + {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, + {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } }; /* PRIVS privs[] = { @@ -61,6 +63,9 @@ PRIVS privs[] = { { 22, "SeSystemEnvironmentPrivilege" }, { 23, "SeChangeNotifyPrivilege" }, { 24, "SeRemoteShutdownPrivilege" }, + { 25, "SeUndockPrivilege" }, + { 26, "SeSyncAgentPrivilege" }, + { 27, "SeEnableDelegationPrivilege" }, }; */ @@ -157,11 +162,15 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) pstring key, buf; fstring string_sid=""; int len; + int i; sid_to_string(string_sid, &map->sid); - len = tdb_pack(buf, sizeof(buf), "ddffd", - map->gid, map->sid_name_use, map->nt_name, map->comment, map->privilege); + len = tdb_pack(buf, sizeof(buf), "ddff", + map->gid, map->sid_name_use, map->nt_name, map->comment); + + for (i=0; iprivileges[i]); if (len > sizeof(buf)) return False; @@ -180,22 +189,97 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) initialise first time the mapping list ****************************************************************************/ BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, - fstring nt_name, fstring comment, uint32 privilege) + fstring nt_name, fstring comment, uint32 *privilege) { GROUP_MAP map; + int i; map.gid=gid; string_to_sid(&map.sid, sid); map.sid_name_use=sid_name_use; fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); - map.privilege=privilege; + for (i=0; igid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + + for (i=0; iprivileges[i]); SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) { - DEBUG(0,("get_group_map_from_sid: mapping TDB corrupted ?\n")); + DEBUG(0,("get_group_map_from_sid: group mapping TDB corrupted ?\n")); return False; } @@ -288,6 +388,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; + int i; /* we need to enumerate the TDB to find the GID */ @@ -304,8 +405,11 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) string_to_sid(&map->sid, string_sid); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + + for (i=0; iprivileges[i]); SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) continue; @@ -325,8 +429,9 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; + int i; - /* we need to enumerate the TDB to find the GID */ + /* we need to enumerate the TDB to find the SID */ for (kbuf = tdb_firstkey(tdb); kbuf.dptr; @@ -341,8 +446,11 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) string_to_sid(&map->sid, string_sid); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->privilege); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + + for (i=0; iprivileges[i]); SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) continue; @@ -397,6 +505,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, GROUP_MAP *mapt; int ret; int entries=0; + int i; *num_entries=0; *rmap=NULL; @@ -414,8 +523,11 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", - &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.privilege); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); + + for (i=0; int_name, grp->gr_name); fstrcpy(map->comment, "Local Unix Group"); - map->privilege=SE_PRIV_NONE; + init_privilege(map->privileges); sid_copy(&map->sid, &sid); } @@ -632,7 +743,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) if (!get_group_map_from_gid(gid, map)) { map->gid=gid; map->sid_name_use=SID_NAME_ALIAS; - map->privilege=SE_PRIV_NONE; + init_privilege(map->privileges); sid_copy(&map->sid, &global_sam_sid); sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); -- cgit From ca477a61e7a202ba7df756780149a14c1159a73f Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Sat, 24 Nov 2001 00:13:41 +0000 Subject: added lsaenumprivsaccount and lsalookupprivvalue to rpcclient and more to come ... J.F. (This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494) --- source3/groupdb/mapping.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 678824d812..92a98ff7a4 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -66,6 +66,16 @@ PRIVS privs[] = { { 25, "SeUndockPrivilege" }, { 26, "SeSyncAgentPrivilege" }, { 27, "SeEnableDelegationPrivilege" }, +SeNetworkLogonRight +SeUnsolicitedInputPrivilege +SeBatchLogonRight +SeServiceLogonRight +SeInteractiveLogonRight +SeDenyInteractiveLogonRight +SeDenyNetworkLogonRight +SeDenyBatchLogonRight +SeDenyBatchLogonRight + }; */ -- cgit From ad2974cd05b4d08c8b92f505bf95aa8e8533235f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 24 Nov 2001 14:16:41 +0000 Subject: added "net join" command this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12) --- source3/groupdb/mapping.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 92a98ff7a4..c39bb8cdff 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -233,7 +233,7 @@ add a privilege to a privilege array ****************************************************************************/ BOOL add_privilege(uint32 *privilege, uint32 priv) { - int i; + int i=0; while (i Date: Thu, 29 Nov 2001 16:05:05 +0000 Subject: Changed again how the privilege list is handled in the group mapping code. This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F. (This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3) --- source3/groupdb/mapping.c | 411 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 307 insertions(+), 104 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index c39bb8cdff..21c9564bd0 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -66,19 +66,25 @@ PRIVS privs[] = { { 25, "SeUndockPrivilege" }, { 26, "SeSyncAgentPrivilege" }, { 27, "SeEnableDelegationPrivilege" }, -SeNetworkLogonRight -SeUnsolicitedInputPrivilege -SeBatchLogonRight -SeServiceLogonRight -SeInteractiveLogonRight -SeDenyInteractiveLogonRight -SeDenyNetworkLogonRight -SeDenyBatchLogonRight -SeDenyBatchLogonRight - }; */ + /* + * Those are not really privileges like the other ones. + * They are handled in a special case and called + * system privileges. + * + * SeNetworkLogonRight + * SeUnsolicitedInputPrivilege + * SeBatchLogonRight + * SeServiceLogonRight + * SeInteractiveLogonRight + * SeDenyInteractiveLogonRight + * SeDenyNetworkLogonRight + * SeDenyBatchLogonRight + * SeDenyBatchLogonRight + */ + #if 0 /**************************************************************************** check if the user has the required privilege. @@ -173,16 +179,23 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) fstring string_sid=""; int len; int i; + PRIVILEGE_SET *set; sid_to_string(string_sid, &map->sid); - len = tdb_pack(buf, sizeof(buf), "ddff", - map->gid, map->sid_name_use, map->nt_name, map->comment); + len = tdb_pack(buf, sizeof(buf), "ddffd", + map->gid, map->sid_name_use, map->nt_name, map->comment, map->systemaccount); - for (i=0; iprivileges[i]); + /* write the privilege list in the TDB database */ - if (len > sizeof(buf)) return False; + set=&map->priv_set; + len += tdb_pack(buf+len, sizeof(buf)-len, "d", set->count); + for (i=0; icount; i++) + len += tdb_pack(buf+len, sizeof(buf)-len, "ddd", + set->set[i].luid.low, set->set[i].luid.high, set->set[i].attr); + + if (len > sizeof(buf)) + return False; slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); @@ -199,18 +212,19 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) initialise first time the mapping list ****************************************************************************/ BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, - fstring nt_name, fstring comment, uint32 *privilege) + fstring nt_name, fstring comment, PRIVILEGE_SET priv_set, uint32 systemaccount) { GROUP_MAP map; - int i; map.gid=gid; string_to_sid(&map.sid, sid); map.sid_name_use=sid_name_use; fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); - for (i=0; icount=0; + priv_set->control=0; + priv_set->set=NULL; +} - for (i=0; icount==0) { + DEBUG(10,("free_privilege: count=0, nothing to clear ?\n")); + return False; + } + + if (priv_set->set==NULL) { + DEBUG(0,("free_privilege: list ptr is NULL, very strange !\n")); + return False; + } + + safe_free(priv_set->set); + priv_set->count=0; + priv_set->control=0; + priv_set->set=NULL; } /**************************************************************************** add a privilege to a privilege array ****************************************************************************/ -BOOL add_privilege(uint32 *privilege, uint32 priv) +BOOL add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) { - int i=0; - - while (iset, (priv_set->count+1)*(sizeof(LUID_ATTR))); + if (new_set==NULL) { + DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n")); return False; } - if (privilege[i]==0) - privilege[i]=priv; + new_set[priv_set->count].luid.high=set.luid.high; + new_set[priv_set->count].luid.low=set.luid.low; + new_set[priv_set->count].attr=set.attr; + + priv_set->count++; + priv_set->set=new_set; return True; } @@ -257,40 +294,124 @@ BOOL add_privilege(uint32 *privilege, uint32 priv) /**************************************************************************** add all the privileges to a privilege array ****************************************************************************/ -BOOL add_all_privilege(uint32 *privilege) +BOOL add_all_privilege(PRIVILEGE_SET *priv_set) { - add_privilege(privilege, SE_PRIV_ADD_USERS); - add_privilege(privilege, SE_PRIV_ADD_MACHINES); - add_privilege(privilege, SE_PRIV_PRINT_OPERATOR); + LUID_ATTR set; + + set.attr=0; + set.luid.high=0; + + set.luid.low=SE_PRIV_ADD_USERS; + add_privilege(priv_set, set); + + set.luid.low=SE_PRIV_ADD_MACHINES; + add_privilege(priv_set, set); + + set.luid.low=SE_PRIV_PRINT_OPERATOR; + add_privilege(priv_set, set); + return True; } /**************************************************************************** check if the privilege list is empty ****************************************************************************/ -BOOL check_empty_privilege(uint32 *privilege) +BOOL check_empty_privilege(PRIVILEGE_SET *priv_set) { - int i; - for (i=0; icount!=0) + return False; + return True; } /**************************************************************************** check if the privilege is in the privilege list ****************************************************************************/ -BOOL check_priv_in_privilege(uint32 *privilege, uint32 priv) +BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) { int i; - for (i=0; icount; i++) { + LUID_ATTR *cur_set; + + cur_set=&priv_set->set[i]; + /* check only the low and high part. Checking the attr field has no meaning */ + if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) ) return True; + } + return False; } +/**************************************************************************** +remove a privilege to a privilege array +****************************************************************************/ +BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + LUID_ATTR *new_set; + LUID_ATTR *old_set; + int i,j; + + /* check if the privilege is in the list */ + if (!check_priv_in_privilege(priv_set, set)) + return False; + + /* special case if it's the only privilege in the list */ + if (priv_set->count==1) { + free_privilege(priv_set); + init_privilege(priv_set); + + return True; + } + + /* + * the privilege is there, create a new list, + * and copy the other privileges + */ + + old_set=priv_set->set; + + new_set=(LUID_ATTR *)malloc((priv_set->count-1)*(sizeof(LUID_ATTR))); + if (new_set==NULL) { + DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); + return False; + } + + for (i=0, j=0; icount; i++) { + if ((old_set[i].luid.low==set.luid.low) && + (old_set[i].luid.high==set.luid.high)) { + continue; + } + + new_set[j].luid.low=old_set[i].luid.low; + new_set[j].luid.high=old_set[i].luid.high; + new_set[j].attr=old_set[i].attr; + + j++; + } + + if (j!=priv_set->count-1) { + DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); + DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); + safe_free(new_set); + return False; + } + + /* ok everything is fine */ + + priv_set->count--; + priv_set->set=new_set; + + safe_free(old_set); + + return True; +} + /**************************************************************************** initialise first time the mapping list ****************************************************************************/ @@ -302,49 +423,53 @@ BOOL default_group_mapping(void) fstring str_admins; fstring str_users; fstring str_guests; + LUID_ATTR set; - uint32 privilege_none[PRIV_ALL_INDEX]; - uint32 privilege_all[PRIV_ALL_INDEX]; - uint32 privilege_print_op[PRIV_ALL_INDEX]; + PRIVILEGE_SET privilege_none; + PRIVILEGE_SET privilege_all; + PRIVILEGE_SET privilege_print_op; - init_privilege(privilege_none); - init_privilege(privilege_all); - init_privilege(privilege_print_op); + init_privilege(&privilege_none); + init_privilege(&privilege_all); + init_privilege(&privilege_print_op); - add_privilege(privilege_print_op, SE_PRIV_PRINT_OPERATOR); + set.attr=0; + set.luid.high=0; + set.luid.low=SE_PRIV_PRINT_OPERATOR; + add_privilege(&privilege_print_op, set); - add_all_privilege(privilege_all); + add_all_privilege(&privilege_all); /* Add the Wellknown groups */ - add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all); - add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none); - add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none); - add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none); + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none); - add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none); - add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op); - add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none); + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none); + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); /* Add the defaults domain groups */ sid_copy(&sid_admins, &global_sam_sid); sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); sid_to_string(str_admins, &sid_admins); - add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all); + add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); sid_copy(&sid_users, &global_sam_sid); sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); sid_to_string(str_users, &sid_users); - add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none); + add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); sid_copy(&sid_guests, &global_sam_sid); sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); sid_to_string(str_guests, &sid_guests); - add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none); + add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); return True; } @@ -360,6 +485,7 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) fstring string_sid; int ret; int i; + PRIVILEGE_SET *set; /* the key is the SID, retrieving is direct */ @@ -372,15 +498,29 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) return False; - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); + + set=&map->priv_set; + init_privilege(set); + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); - for (i=0; iprivileges[i]); + DEBUG(10,("get_group_map_from_sid: %d privileges\n", map->priv_set.count)); + + set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); + if (set->set==NULL) { + DEBUG(0,("get_group_map_from_sid: could not allocate memory for privileges\n")); + return False; + } + + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) { DEBUG(0,("get_group_map_from_sid: group mapping TDB corrupted ?\n")); + free_privilege(set); return False; } @@ -399,6 +539,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) fstring string_sid; int ret; int i; + PRIVILEGE_SET *set; /* we need to enumerate the TDB to find the GID */ @@ -415,17 +556,32 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) string_to_sid(&map->sid, string_sid); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); + + set=&map->priv_set; + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); + + set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); + if (set->set==NULL) { + DEBUG(0,("get_group_map_from_sid: could not allocate memory for privileges\n")); + return False; + } - for (i=0; iprivileges[i]); + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); SAFE_FREE(dbuf.dptr); - if (ret != dbuf.dsize) continue; + if (ret != dbuf.dsize){ + free_privilege(set); + continue; + } if (gid==map->gid) return True; + + free_privilege(set); } return False; @@ -440,8 +596,9 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) fstring string_sid; int ret; int i; + PRIVILEGE_SET *set; - /* we need to enumerate the TDB to find the SID */ + /* we need to enumerate the TDB to find the name */ for (kbuf = tdb_firstkey(tdb); kbuf.dptr; @@ -456,25 +613,39 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) string_to_sid(&map->sid, string_sid); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); - for (i=0; iprivileges[i]); + set=&map->priv_set; + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); + + set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); + if (set->set==NULL) { + DEBUG(0,("get_group_map_from_sid: could not allocate memory for privileges\n")); + return False; + } + + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); SAFE_FREE(dbuf.dptr); - if (ret != dbuf.dsize) continue; + if (ret != dbuf.dsize) { + free_privilege(set); + continue; + } if (StrCaseCmp(name, map->nt_name)==0) return True; + free_privilege(set); } return False; } /**************************************************************************** -enumerate the group mapping + remove a group mapping entry ****************************************************************************/ BOOL group_map_remove(DOM_SID sid) { @@ -516,6 +687,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int ret; int entries=0; int i; + PRIVILEGE_SET *set; *num_entries=0; *rmap=NULL; @@ -533,22 +705,42 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.systemaccount); - for (i=0; icount); + + if (set->count!=0) { + set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); + if (set->set==NULL) { + DEBUG(0,("enum_group_mapping: could not allocate memory for privileges\n")); + return False; + } + } + + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); SAFE_FREE(dbuf.dptr); - if (ret != dbuf.dsize) + if (ret != dbuf.dsize) { + free_privilege(set); continue; + } /* list only the type or everything if UNKNOWN */ - if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) + if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { + free_privilege(set); continue; - - if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) + } + + if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { + free_privilege(set); continue; + } string_to_sid(&map.sid, string_sid); @@ -558,17 +750,21 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, if (!mapt) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); SAFE_FREE(*rmap); + free_privilege(set); return False; } - else (*rmap) = mapt; + else + (*rmap) = mapt; mapt[entries].gid = map.gid; sid_copy( &mapt[entries].sid, &map.sid); mapt[entries].sid_name_use = map.sid_name_use; fstrcpy(mapt[entries].nt_name, map.nt_name); fstrcpy(mapt[entries].comment, map.comment); - for (i=0; icount; + mapt[entries].priv_set.control=set->control; + mapt[entries].priv_set.set=set->set; entries++; } @@ -581,11 +777,12 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, /**************************************************************************** convert a privilege string to a privilege array ****************************************************************************/ -void convert_priv_from_text(uint32 *se_priv, char *privilege) +void convert_priv_from_text(PRIVILEGE_SET *se_priv, char *privilege) { pstring tok; char *p = privilege; int i; + LUID_ATTR set; /* By default no privilege */ init_privilege(se_priv); @@ -595,8 +792,12 @@ void convert_priv_from_text(uint32 *se_priv, char *privilege) while(next_token(&p, tok, " ", sizeof(tok)) ) { for (i=0; i<=PRIV_ALL_INDEX; i++) { - if (StrCaseCmp(privs[i].priv, tok)==0) - add_privilege(se_priv, privs[i].se_priv); + if (StrCaseCmp(privs[i].priv, tok)==0) { + set.attr=0; + set.luid.high=0; + set.luid.low=privs[i].se_priv; + add_privilege(se_priv, set); + } } } } @@ -604,9 +805,9 @@ void convert_priv_from_text(uint32 *se_priv, char *privilege) /**************************************************************************** convert a privilege array to a privilege string ****************************************************************************/ -void convert_priv_to_text(uint32 *se_priv, char *privilege) +void convert_priv_to_text(PRIVILEGE_SET *se_priv, char *privilege) { - int i=0,j; + int i,j; if (privilege==NULL) return; @@ -618,14 +819,14 @@ void convert_priv_to_text(uint32 *se_priv, char *privilege) return; } - while(icount; i++) { j=1; - while (privs[j].se_priv!=se_priv[i]) + while (privs[j].se_priv!=se_priv->set[i].luid.low && j<=PRIV_ALL_INDEX) { j++; + } fstrcat(privilege, privs[j].priv); fstrcat(privilege, " "); - i++; } } @@ -702,11 +903,12 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) return False; map->sid_name_use=SID_NAME_ALIAS; + map->systemaccount=PR_ACCESS_FROM_NETWORK; fstrcpy(map->nt_name, grp->gr_name); fstrcpy(map->comment, "Local Unix Group"); - init_privilege(map->privileges); + init_privilege(&map->priv_set); sid_copy(&map->sid, &sid); } @@ -753,7 +955,8 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) if (!get_group_map_from_gid(gid, map)) { map->gid=gid; map->sid_name_use=SID_NAME_ALIAS; - init_privilege(map->privileges); + map->systemaccount=PR_ACCESS_FROM_NETWORK; + init_privilege(&map->priv_set); sid_copy(&map->sid, &global_sam_sid); sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); -- cgit From 0d5f30fe5f8f37f1673a5adc9e6ce375a969016c Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 30 Nov 2001 00:46:40 +0000 Subject: Missing return in free_privilege() (This used to be commit b35d90cd89849f0a01e8c79f0962ec9388673ad1) --- source3/groupdb/mapping.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 21c9564bd0..3e3ee1b329 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -260,6 +260,8 @@ BOOL free_privilege(PRIVILEGE_SET *priv_set) priv_set->count=0; priv_set->control=0; priv_set->set=NULL; + + return True; } /**************************************************************************** -- cgit From 92a2d1d463f9068f02e2c70582664b72867a65e6 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Sat, 1 Dec 2001 23:56:05 +0000 Subject: groups in the Builtin domain S-5-32 are alias and not well-known groups J.F. (This used to be commit 192978e3fc96bc60fc3ceaad8f024bc91bf69da7) --- source3/groupdb/mapping.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 3e3ee1b329..32a5286408 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -444,17 +444,17 @@ BOOL default_group_mapping(void) /* Add the Wellknown groups */ - add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); - add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); /* Add the defaults domain groups */ @@ -868,8 +868,10 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid)); - if ( (grp=getgrgid(map->gid)) == NULL) + if ( (grp=getgrgid(map->gid)) == NULL) { + DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); return False; + } DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); @@ -899,7 +901,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) uint32 alias_rid; sid_peek_rid(&sid, &alias_rid); - map->gid=pdb_user_rid_to_gid(alias_rid); + map->gid=pdb_group_rid_to_gid(alias_rid); if ((grp=getgrgid(map->gid)) == NULL) return False; @@ -960,6 +962,8 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) map->systemaccount=PR_ACCESS_FROM_NETWORK; init_privilege(&map->priv_set); + /* interim solution until we have a last RID allocated */ + sid_copy(&map->sid, &global_sam_sid); sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); -- cgit From e101224d831904f35303682c095e0c6aef8de5df Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 3 Dec 2001 00:00:43 +0000 Subject: init group db before use this fixes the smbpasswd segvs (This used to be commit d2bcdfd995b9562872d865e723b23ed84247a73f) --- source3/groupdb/mapping.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 32a5286408..a0f6148e90 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -180,6 +180,8 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) int len; int i; PRIVILEGE_SET *set; + + init_group_mapping(); sid_to_string(string_sid, &map->sid); @@ -489,6 +491,8 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) int i; PRIVILEGE_SET *set; + init_group_mapping(); + /* the key is the SID, retrieving is direct */ sid_to_string(string_sid, &sid); @@ -543,6 +547,8 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) int i; PRIVILEGE_SET *set; + init_group_mapping(); + /* we need to enumerate the TDB to find the GID */ for (kbuf = tdb_firstkey(tdb); @@ -600,6 +606,8 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) int i; PRIVILEGE_SET *set; + init_group_mapping(); + /* we need to enumerate the TDB to find the name */ for (kbuf = tdb_firstkey(tdb); @@ -655,6 +663,8 @@ BOOL group_map_remove(DOM_SID sid) pstring key; fstring string_sid; + init_group_mapping(); + /* the key is the SID, retrieving is direct */ sid_to_string(string_sid, &sid); @@ -691,6 +701,8 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int i; PRIVILEGE_SET *set; + init_group_mapping(); + *num_entries=0; *rmap=NULL; -- cgit From cdf9b42754b7e97faa7fc4eb1ec69e32c0bfd1a0 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Mon, 3 Dec 2001 17:14:23 +0000 Subject: added a tdb to store the account policy informations. You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21) --- source3/groupdb/mapping.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index a0f6148e90..137f971228 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -166,6 +166,9 @@ BOOL init_group_mapping(void) } tdb_unlock_bystring(tdb, vstring); + /* write a list of default groups */ + if(!default_group_mapping()) + return False; return True; } -- cgit From 922eb763d7365716fd3c20aa069746fc9bfb8ab3 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Tue, 4 Dec 2001 21:53:47 +0000 Subject: added a boolean to the group mapping functions to specify if we need or not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c) --- source3/groupdb/mapping.c | 96 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 69 insertions(+), 27 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 137f971228..06fc30ad47 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -252,7 +252,7 @@ free a privilege list BOOL free_privilege(PRIVILEGE_SET *priv_set) { if (priv_set->count==0) { - DEBUG(10,("free_privilege: count=0, nothing to clear ?\n")); + DEBUG(100,("free_privilege: count=0, nothing to clear ?\n")); return False; } @@ -485,7 +485,7 @@ BOOL default_group_mapping(void) /**************************************************************************** return the sid and the type of the unix group ****************************************************************************/ -BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf; pstring key; @@ -533,6 +533,10 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) return False; } + /* we don't want the privileges */ + if (with_priv==MAPPING_WITHOUT_PRIV) + free_privilege(set); + sid_copy(&map->sid, &sid); return True; @@ -542,7 +546,7 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) /**************************************************************************** return the sid and the type of the unix group ****************************************************************************/ -BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) +BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -575,7 +579,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); if (set->set==NULL) { - DEBUG(0,("get_group_map_from_sid: could not allocate memory for privileges\n")); + DEBUG(0,("get_group_map_from_gid: could not allocate memory for privileges\n")); return False; } @@ -589,9 +593,12 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) continue; } - if (gid==map->gid) + if (gid==map->gid) { + if (!with_priv) + free_privilege(&map->priv_set); return True; - + } + free_privilege(set); } @@ -601,7 +608,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) /**************************************************************************** return the sid and the type of the unix group ****************************************************************************/ -BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) +BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -634,7 +641,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); if (set->set==NULL) { - DEBUG(0,("get_group_map_from_sid: could not allocate memory for privileges\n")); + DEBUG(0,("get_group_map_from_ntname: could not allocate memory for privileges\n")); return False; } @@ -648,8 +655,11 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map) continue; } - if (StrCaseCmp(name, map->nt_name)==0) + if (StrCaseCmp(name, map->nt_name)==0) { + if (!with_priv) + free_privilege(&map->priv_set); return True; + } free_privilege(set); } @@ -692,7 +702,7 @@ BOOL group_map_remove(DOM_SID sid) enumerate the group mapping ****************************************************************************/ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, - int *num_entries, BOOL unix_only) + int *num_entries, BOOL unix_only, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -744,17 +754,20 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, SAFE_FREE(dbuf.dptr); if (ret != dbuf.dsize) { + DEBUG(11,("enum_group_mapping: error in memory size\n")); free_privilege(set); continue; } /* list only the type or everything if UNKNOWN */ if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { + DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); free_privilege(set); continue; } if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { + DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); free_privilege(set); continue; } @@ -762,6 +775,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, string_to_sid(&map.sid, string_sid); decode_sid_name_use(group_type, map.sid_name_use); + DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type)); mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); if (!mapt) { @@ -782,6 +796,8 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, mapt[entries].priv_set.count=set->count; mapt[entries].priv_set.control=set->control; mapt[entries].priv_set.set=set->set; + if (!with_priv) + free_privilege(&(mapt[entries].priv_set)); entries++; } @@ -860,31 +876,39 @@ void convert_priv_to_text(PRIVILEGE_SET *se_priv, char *privilege) /* get a domain group from it's SID */ -BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ - if(!get_group_map_from_sid(sid, map)) + if(!get_group_map_from_sid(sid, map, with_priv)) return False; DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); /* if it's not a domain group, continue */ - if (map->sid_name_use!=SID_NAME_DOM_GRP) + if (map->sid_name_use!=SID_NAME_DOM_GRP) { + if (with_priv) + free_privilege(&map->priv_set); return False; + } DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); - if (map->gid==-1) + if (map->gid==-1) { + if (with_priv) + free_privilege(&map->priv_set); return False; + } DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid)); if ( (grp=getgrgid(map->gid)) == NULL) { DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); + if (with_priv) + free_privilege(&map->priv_set); return False; } @@ -896,20 +920,29 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* get a local (alias) group from it's SID */ -BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; /* The group is in the mapping table */ - if(get_group_map_from_sid(sid, map)) { - if (map->sid_name_use!=SID_NAME_ALIAS) + if(get_group_map_from_sid(sid, map, with_priv)) { + if (map->sid_name_use!=SID_NAME_ALIAS) { + if (with_priv) + free_privilege(&map->priv_set); return False; - - if (map->gid==-1) + } + + if (map->gid==-1) { + if (with_priv) + free_privilege(&map->priv_set); return False; + } - if ( (grp=getgrgid(map->gid)) == NULL) + if ( (grp=getgrgid(map->gid)) == NULL) { + if (with_priv) + free_privilege(&map->priv_set); return False; + } } else { /* the group isn't in the mapping table. * make one based on the unix information */ @@ -937,21 +970,30 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* get a builtin group from it's SID */ -BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; - if(!get_group_map_from_sid(sid, map)) + if(!get_group_map_from_sid(sid, map, with_priv)) return False; - if (map->sid_name_use!=SID_NAME_WKN_GRP) + if (map->sid_name_use!=SID_NAME_WKN_GRP) { + if (with_priv) + free_privilege(&map->priv_set); return False; + } - if (map->gid==-1) + if (map->gid==-1) { + if (with_priv) + free_privilege(&map->priv_set); return False; + } - if ( (grp=getgrgid(map->gid)) == NULL) + if ( (grp=getgrgid(map->gid)) == NULL) { + if (with_priv) + free_privilege(&map->priv_set); return False; + } return True; } @@ -961,7 +1003,7 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) /**************************************************************************** Returns a GROUP_MAP struct based on the gid. ****************************************************************************/ -BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) +BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; @@ -971,7 +1013,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) /* * make a group map from scratch if doesn't exist. */ - if (!get_group_map_from_gid(gid, map)) { + if (!get_group_map_from_gid(gid, map, with_priv)) { map->gid=gid; map->sid_name_use=SID_NAME_ALIAS; map->systemaccount=PR_ACCESS_FROM_NETWORK; -- cgit From a3f891dbd2e9ee1681e3c8295cd62a877c727d4f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Jan 2002 07:41:54 +0000 Subject: Actually enforce the passdb API. Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 06fc30ad47..39445d8d4e 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1155,7 +1155,7 @@ int smb_add_user_group(char *unix_group, char *unix_user) Delete a UNIX group on demand. ****************************************************************************/ -int smb_delete_user_group(char *unix_group, char *unix_user) +int smb_delete_user_group(const char *unix_group, const char *unix_user) { pstring del_script; int ret; -- cgit From eca99f5c226f9518d1ab5c0ba3e586e3d59564d7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 3 Jan 2002 22:48:48 +0000 Subject: Fixed nasty cast of tdb_delete in traversals. Jeremy. (This used to be commit a0cdec3acc82d1ce0292fadd4b8dac23638450f3) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 39445d8d4e..7b44596256 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -161,7 +161,7 @@ BOOL init_group_mapping(void) /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring); if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) { - tdb_traverse(tdb, (tdb_traverse_func)tdb_delete, NULL); + tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); tdb_store_int(tdb, vstring, DATABASE_VERSION); } tdb_unlock_bystring(tdb, vstring); -- cgit From 91536cc901088232074ad8dd7ae16e0f6026f25e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Jan 2002 04:13:30 +0000 Subject: Fixed all uses of tdb_fetch/store/_int to use explicit int32 little endian in tdb's. All except winbindd_idmap.... Hmmmmmm. Jeremy. (This used to be commit ec71f1732b6b27bd2d65b250a6f3720a235dc38d) --- source3/groupdb/mapping.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7b44596256..7093f14eca 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -142,14 +142,17 @@ char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use) } /**************************************************************************** -open the group mapping tdb + Open the group mapping tdb. ****************************************************************************/ + BOOL init_group_mapping(void) { static pid_t local_pid; char *vstring = "INFO/version"; - - if (tdb && local_pid == sys_getpid()) return True; + int32 vers_id; + + if (tdb && local_pid == sys_getpid()) + return True; tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open group mapping database\n")); @@ -160,10 +163,20 @@ BOOL init_group_mapping(void) /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring); - if (tdb_fetch_int(tdb, vstring) != DATABASE_VERSION) { + + /* Cope with byte-reversed older versions of the db. */ + vers_id = tdb_fetch_int32(tdb, vstring); + if ((vers_id != DATABASE_VERSION) && (IREV(vers_id) == DATABASE_VERSION)) { + /* Written on a bigendian machine with old fetch_int code. Save as le. */ + tdb_store_int32(tdb, vstring, DATABASE_VERSION); + vers_id = DATABASE_VERSION; + } + + if (vers_id != DATABASE_VERSION) { tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int(tdb, vstring, DATABASE_VERSION); + tdb_store_int32(tdb, vstring, DATABASE_VERSION); } + tdb_unlock_bystring(tdb, vstring); /* write a list of default groups */ -- cgit From a842a3d4582b556c77fcfb593af193b4d1225751 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Jan 2002 05:24:07 +0000 Subject: When re-writing tdb version numbers as little endian int32, we must change the version number also. Jeremy. (This used to be commit 3dec9cf99a82bd15626eb99e7d937ff00183cc05) --- source3/groupdb/mapping.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7093f14eca..e732f26c15 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -26,7 +26,9 @@ extern DOM_SID global_sam_sid; static TDB_CONTEXT *tdb; /* used for driver files */ -#define DATABASE_VERSION 1 +#define DATABASE_VERSION_V1 1 /* native byte format. */ +#define DATABASE_VERSION_V2 2 /* le format. */ + #define GROUP_PREFIX "UNIXGROUP/" PRIVS privs[] = { @@ -166,15 +168,15 @@ BOOL init_group_mapping(void) /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(tdb, vstring); - if ((vers_id != DATABASE_VERSION) && (IREV(vers_id) == DATABASE_VERSION)) { + if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { /* Written on a bigendian machine with old fetch_int code. Save as le. */ - tdb_store_int32(tdb, vstring, DATABASE_VERSION); - vers_id = DATABASE_VERSION; + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); + vers_id = DATABASE_VERSION_V2; } - if (vers_id != DATABASE_VERSION) { + if (vers_id != DATABASE_VERSION_V2) { tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int32(tdb, vstring, DATABASE_VERSION); + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); } tdb_unlock_bystring(tdb, vstring); -- cgit From 2f4a6d60ef3c332c4379337a6354f9d5b78646c6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 13 Jan 2002 11:46:04 +0000 Subject: don't try to allocate zero bytes (This used to be commit d09616da6823b69a03a8a008987c4eb02ca0061b) --- source3/groupdb/mapping.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index e732f26c15..c4166ac259 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -530,11 +530,10 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); DEBUG(10,("get_group_map_from_sid: %d privileges\n", map->priv_set.count)); - - set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); - if (set->set==NULL) { - DEBUG(0,("get_group_map_from_sid: could not allocate memory for privileges\n")); - return False; + + set->set = NULL; + if (set->count) { + set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR)); } for (i=0; icount; i++) @@ -591,11 +590,9 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) set=&map->priv_set; ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); - - set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); - if (set->set==NULL) { - DEBUG(0,("get_group_map_from_gid: could not allocate memory for privileges\n")); - return False; + set->set = NULL; + if (set->count) { + set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR)); } for (i=0; icount; i++) -- cgit From c311d24ce32d2a8aa244f126bcec67ec03549727 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 17 Jan 2002 08:45:58 +0000 Subject: A nice *big* change to the fundemental way we do things. Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da) --- source3/groupdb/mapping.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index c4166ac259..f71a184bb8 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1083,10 +1083,11 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) } else (*uid) = u; - if( (pwd=getpwnam(gr)) !=NULL) { + if( (pwd=getpwnam_alloc(gr)) !=NULL) { (*uid)[*num_uids]=pwd->pw_uid; (*num_uids)++; } + passwd_free(&pwd); gr = grp->gr_mem[++i]; } DEBUG(10, ("got [%d] members\n", *num_uids)); -- cgit From de03bb6160df8e4091ac43d282d5011f514899cb Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 27 Jan 2002 10:53:43 +0000 Subject: Patch from Kevin Stefanik to do some more error checking for group mapping init failures. (This used to be commit cd6a2dad4e3092a19f784b6548fce49ecd8bb549) --- source3/groupdb/mapping.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index f71a184bb8..a25566a6a8 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -199,7 +199,10 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) int i; PRIVILEGE_SET *set; - init_group_mapping(); + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } sid_to_string(string_sid, &map->sid); @@ -509,7 +512,10 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) int i; PRIVILEGE_SET *set; - init_group_mapping(); + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } /* the key is the SID, retrieving is direct */ @@ -568,7 +574,10 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) int i; PRIVILEGE_SET *set; - init_group_mapping(); + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } /* we need to enumerate the TDB to find the GID */ @@ -628,7 +637,10 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) int i; PRIVILEGE_SET *set; - init_group_mapping(); + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } /* we need to enumerate the TDB to find the name */ @@ -688,7 +700,10 @@ BOOL group_map_remove(DOM_SID sid) pstring key; fstring string_sid; - init_group_mapping(); + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } /* the key is the SID, retrieving is direct */ @@ -726,7 +741,10 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int i; PRIVILEGE_SET *set; - init_group_mapping(); + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } *num_entries=0; *rmap=NULL; -- cgit From 86aa1d20f907babecf36660e16d6181310520764 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 29 Jan 2002 01:01:14 +0000 Subject: Since we have dynamic initialisation in the group mapping code, make init_group_mapping() a static function and don't call it from any client programs. Not sure whether I've made a bigger mess here or not... (This used to be commit 3c887d9021269aaa9fc0bc771af8589077e6208e) --- source3/groupdb/mapping.c | 166 ++++++++++++++++++++++++++-------------------- 1 file changed, 94 insertions(+), 72 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index a25566a6a8..2bff6e9699 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -143,11 +143,73 @@ char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use) return group_type; } +/**************************************************************************** +initialise first time the mapping list - called from init_group_mapping() +****************************************************************************/ +static BOOL default_group_mapping(void) +{ + DOM_SID sid_admins; + DOM_SID sid_users; + DOM_SID sid_guests; + fstring str_admins; + fstring str_users; + fstring str_guests; + LUID_ATTR set; + + PRIVILEGE_SET privilege_none; + PRIVILEGE_SET privilege_all; + PRIVILEGE_SET privilege_print_op; + + init_privilege(&privilege_none); + init_privilege(&privilege_all); + init_privilege(&privilege_print_op); + + set.attr=0; + set.luid.high=0; + set.luid.low=SE_PRIV_PRINT_OPERATOR; + add_privilege(&privilege_print_op, set); + + add_all_privilege(&privilege_all); + + /* Add the Wellknown groups */ + + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); + + /* Add the defaults domain groups */ + + sid_copy(&sid_admins, &global_sam_sid); + sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); + sid_to_string(str_admins, &sid_admins); + add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + sid_copy(&sid_users, &global_sam_sid); + sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); + sid_to_string(str_users, &sid_users); + add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + sid_copy(&sid_guests, &global_sam_sid); + sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); + sid_to_string(str_guests, &sid_guests); + add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + + return True; +} + /**************************************************************************** Open the group mapping tdb. ****************************************************************************/ -BOOL init_group_mapping(void) +static BOOL init_group_mapping(void) { static pid_t local_pid; char *vstring = "INFO/version"; @@ -239,6 +301,11 @@ BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, { GROUP_MAP map; + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + map.gid=gid; string_to_sid(&map.sid, sid); map.sid_name_use=sid_name_use; @@ -343,11 +410,7 @@ check if the privilege list is empty ****************************************************************************/ BOOL check_empty_privilege(PRIVILEGE_SET *priv_set) { - - if (priv_set->count!=0) - return False; - - return True; + return (priv_set->count == 0); } /**************************************************************************** @@ -437,69 +500,6 @@ BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) return True; } -/**************************************************************************** -initialise first time the mapping list -****************************************************************************/ -BOOL default_group_mapping(void) -{ - DOM_SID sid_admins; - DOM_SID sid_users; - DOM_SID sid_guests; - fstring str_admins; - fstring str_users; - fstring str_guests; - LUID_ATTR set; - - PRIVILEGE_SET privilege_none; - PRIVILEGE_SET privilege_all; - PRIVILEGE_SET privilege_print_op; - - init_privilege(&privilege_none); - init_privilege(&privilege_all); - init_privilege(&privilege_print_op); - - set.attr=0; - set.luid.high=0; - set.luid.low=SE_PRIV_PRINT_OPERATOR; - add_privilege(&privilege_print_op, set); - - add_all_privilege(&privilege_all); - - /* Add the Wellknown groups */ - - add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); - add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - - add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - - add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); - - /* Add the defaults domain groups */ - - sid_copy(&sid_admins, &global_sam_sid); - sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); - sid_to_string(str_admins, &sid_admins); - add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - - sid_copy(&sid_users, &global_sam_sid); - sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); - sid_to_string(str_users, &sid_users); - add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - - sid_copy(&sid_guests, &global_sam_sid); - sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); - sid_to_string(str_guests, &sid_guests); - add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); - - return True; -} - - /**************************************************************************** return the sid and the type of the unix group ****************************************************************************/ @@ -910,6 +910,11 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ @@ -954,6 +959,11 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + /* The group is in the mapping table */ if(get_group_map_from_sid(sid, map, with_priv)) { if (map->sid_name_use!=SID_NAME_ALIAS) { @@ -1004,6 +1014,11 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + if(!get_group_map_from_sid(sid, map, with_priv)) return False; @@ -1037,6 +1052,11 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) { struct group *grp; + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + if ( (grp=getgrgid(gid)) == NULL) return False; @@ -1084,6 +1104,11 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) char *gr; uid_t *u; + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + *num_uids = 0; *uid=NULL; @@ -1199,6 +1224,3 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } - - - -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/groupdb/mapping.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 2bff6e9699..99ccffb464 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1,6 +1,5 @@ /* - * Unix SMB/Netbios implementation. - * Version 1.9. + * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Jean François Micouleau 1998-2001. -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/groupdb/mapping.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 99ccffb464..70d6317a77 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -21,8 +21,6 @@ #include "includes.h" -extern DOM_SID global_sam_sid; - static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ @@ -186,17 +184,17 @@ static BOOL default_group_mapping(void) /* Add the defaults domain groups */ - sid_copy(&sid_admins, &global_sam_sid); + sid_copy(&sid_admins, get_global_sam_sid()); sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); sid_to_string(str_admins, &sid_admins); add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - sid_copy(&sid_users, &global_sam_sid); + sid_copy(&sid_users, get_global_sam_sid()); sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); sid_to_string(str_users, &sid_users); add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - sid_copy(&sid_guests, &global_sam_sid); + sid_copy(&sid_guests, get_global_sam_sid()); sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); sid_to_string(str_guests, &sid_guests); add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); @@ -637,7 +635,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) PRIVILEGE_SET *set; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping")); return(False); } @@ -1070,7 +1068,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) /* interim solution until we have a last RID allocated */ - sid_copy(&map->sid, &global_sam_sid); + sid_copy(&map->sid, get_global_sam_sid()); sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); fstrcpy(map->nt_name, grp->gr_name); -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/groupdb/mapping.c | 54 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 49 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 70d6317a77..5641431246 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -434,7 +434,7 @@ BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) } /**************************************************************************** -remove a privilege to a privilege array +remove a privilege from a privilege array ****************************************************************************/ BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) { @@ -1156,16 +1156,42 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) Create a UNIX group on demand. ****************************************************************************/ -int smb_create_group(char *unix_group) +int smb_create_group(char *unix_group, gid_t *new_gid) { pstring add_script; int ret; + int fd = 0; pstrcpy(add_script, lp_addgroup_script()); if (! *add_script) return -1; pstring_sub(add_script, "%g", unix_group); - ret = smbrun(add_script,NULL); + ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL); DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); + if (ret != 0) + return ret; + + if (fd != 0) { + fstring output; + + *new_gid = 0; + if (read(fd, output, sizeof(output)) > 0) { + *new_gid = (gid_t)strtoul(output, NULL, 10); + } + close(fd); + + if (*new_gid == 0) { + /* The output was garbage. We assume nobody + will create group 0 via smbd. Now we try to + get the group via getgrnam. */ + + struct group *grp = getgrnam(unix_group); + if (grp != NULL) + *new_gid = grp->gr_gid; + else + return 1; + } + } + return ret; } @@ -1187,7 +1213,25 @@ int smb_delete_group(char *unix_group) } /**************************************************************************** - Create a UNIX group on demand. + Set a user's primary UNIX group. +****************************************************************************/ +int smb_set_primary_group(const char *unix_group, const char* unix_user) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_setprimarygroup_script()); + if (! *add_script) return -1; + all_string_sub(add_script, "%g", unix_group, sizeof(add_script)); + all_string_sub(add_script, "%u", unix_user, sizeof(add_script)); + ret = smbrun(add_script,NULL); + DEBUG(3,("smb_set_primary_group: " + "Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Add a user to a UNIX group. ****************************************************************************/ int smb_add_user_group(char *unix_group, char *unix_user) @@ -1205,7 +1249,7 @@ int smb_add_user_group(char *unix_group, char *unix_user) } /**************************************************************************** - Delete a UNIX group on demand. + Delete a user from a UNIX group ****************************************************************************/ int smb_delete_user_group(const char *unix_group, const char *unix_user) -- cgit From 3665777a5bc7ffa92f64ba17daf4cc66c3607198 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 4 Oct 2002 22:53:18 +0000 Subject: Add a timeout to tdb_lock_bystring(). Ensure we never have more than MAX_PRINT_JOBS in a queue. Jeremy. (This used to be commit 9fe3c0b90d4bff2217e3cb5a34b4683ca314c06e) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5641431246..0f05316949 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -223,7 +223,7 @@ static BOOL init_group_mapping(void) local_pid = sys_getpid(); /* handle a Samba upgrade */ - tdb_lock_bystring(tdb, vstring); + tdb_lock_bystring(tdb, vstring, 0); /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(tdb, vstring); -- cgit From 6d7195d1d79c43f5ccc8dc4a9215c02177d5fa89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 2 Nov 2002 03:47:48 +0000 Subject: Merge passdb from HEAD -> 3.0 The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f) --- source3/groupdb/mapping.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 0f05316949..f1f9fdafc1 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -313,7 +313,7 @@ BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, map.priv_set.count=priv_set.count; map.priv_set.set=priv_set.set; - add_mapping_entry(&map, TDB_INSERT); + pdb_add_group_mapping_entry(&map); return True; } @@ -915,7 +915,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ - if(!get_group_map_from_sid(sid, map, with_priv)) + if(!pdb_getgrsid(map, sid, with_priv)) return False; DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); @@ -962,7 +962,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) } /* The group is in the mapping table */ - if(get_group_map_from_sid(sid, map, with_priv)) { + if(pdb_getgrsid(map, sid, with_priv)) { if (map->sid_name_use!=SID_NAME_ALIAS) { if (with_priv) free_privilege(&map->priv_set); @@ -1016,7 +1016,7 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) return(False); } - if(!get_group_map_from_sid(sid, map, with_priv)) + if(!pdb_getgrsid(map, sid, with_priv)) return False; if (map->sid_name_use!=SID_NAME_WKN_GRP) { @@ -1060,7 +1060,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) /* * make a group map from scratch if doesn't exist. */ - if (!get_group_map_from_gid(gid, map, with_priv)) { + if (!pdb_getgrgid(map, gid, with_priv)) { map->gid=gid; map->sid_name_use=SID_NAME_ALIAS; map->systemaccount=PR_ACCESS_FROM_NETWORK; -- cgit From 2f194322d419350f35a48dff750066894d68eccf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 12 Nov 2002 23:20:50 +0000 Subject: Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index f1f9fdafc1..0a2c1f3239 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -840,7 +840,7 @@ convert a privilege string to a privilege array void convert_priv_from_text(PRIVILEGE_SET *se_priv, char *privilege) { pstring tok; - char *p = privilege; + const char *p = privilege; int i; LUID_ATTR set; -- cgit From de474974ea25df7738dd175126e3f1de0df47ea6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 23 Nov 2002 02:52:36 +0000 Subject: Lots of fixes for error paths where tdb_fetch() data need freeing. Found via a post from Arcady Chernyak . Jeremy. (This used to be commit 5d5762d1787db4392d2dff16024097c638b2d494) --- source3/groupdb/mapping.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 0a2c1f3239..943183c061 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -498,8 +498,9 @@ BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) } /**************************************************************************** -return the sid and the type of the unix group + Return the sid and the type of the unix group. ****************************************************************************/ + BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf; @@ -523,7 +524,8 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) kbuf.dsize = strlen(key)+1; dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) return False; + if (!dbuf.dptr) + return False; ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); @@ -559,10 +561,10 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) return True; } - /**************************************************************************** -return the sid and the type of the unix group + Return the sid and the type of the unix group. ****************************************************************************/ + BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; @@ -585,7 +587,8 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) continue; + if (!dbuf.dptr) + continue; fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); @@ -624,8 +627,9 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) } /**************************************************************************** -return the sid and the type of the unix group + Return the sid and the type of the unix group. ****************************************************************************/ + BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; @@ -648,7 +652,8 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) continue; + if (!dbuf.dptr) + continue; fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); @@ -689,8 +694,9 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) } /**************************************************************************** - remove a group mapping entry + Remove a group mapping entry. ****************************************************************************/ + BOOL group_map_remove(DOM_SID sid) { TDB_DATA kbuf, dbuf; @@ -711,7 +717,8 @@ BOOL group_map_remove(DOM_SID sid) kbuf.dsize = strlen(key)+1; dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) return False; + if (!dbuf.dptr) + return False; SAFE_FREE(dbuf.dptr); @@ -721,10 +728,10 @@ BOOL group_map_remove(DOM_SID sid) return True; } - /**************************************************************************** -enumerate the group mapping + Enumerate the group mapping. ****************************************************************************/ + BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries, BOOL unix_only, BOOL with_priv) { -- cgit From 634c54310c92c48dd4eceec602e230a021bdcfc5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Jan 2003 08:28:12 +0000 Subject: Merge from HEAD - make Samba compile with -Wwrite-strings without additional warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c) --- source3/groupdb/mapping.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 943183c061..3809abc37a 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -209,7 +209,7 @@ static BOOL default_group_mapping(void) static BOOL init_group_mapping(void) { static pid_t local_pid; - char *vstring = "INFO/version"; + const char *vstring = "INFO/version"; int32 vers_id; if (tdb && local_pid == sys_getpid()) @@ -293,8 +293,8 @@ BOOL add_mapping_entry(GROUP_MAP *map, int flag) /**************************************************************************** initialise first time the mapping list ****************************************************************************/ -BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, - fstring nt_name, fstring comment, PRIVILEGE_SET priv_set, uint32 systemaccount) +BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, + const char *nt_name, const char *comment, PRIVILEGE_SET priv_set, uint32 systemaccount) { GROUP_MAP map; -- cgit From 188c5195ede9825f30845f4aab549390ac67887e Mon Sep 17 00:00:00 2001 From: Martin Pool Date: Tue, 18 Feb 2003 07:05:02 +0000 Subject: Check return code of string_to_sid. (Merge from HEAD) (This used to be commit 5d09aea6f78aa247dbd77617c93c2a1dd2e2702f) --- source3/groupdb/mapping.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 3809abc37a..272783608c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -304,7 +304,11 @@ BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_us } map.gid=gid; - string_to_sid(&map.sid, sid); + if (!string_to_sid(&map.sid, sid)) { + DEBUG(0, ("string_to_sid failed: %s", sid)); + return False; + } + map.sid_name_use=sid_name_use; fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); -- cgit From 3d8c50c87482d75d18b21bee954911951f471e2a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 22 Mar 2003 09:03:46 +0000 Subject: Thanks to volker, merge passdb changes from HEAD: - pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6) --- source3/groupdb/mapping.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 272783608c..02fc23418f 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -841,6 +841,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, } *num_entries=entries; + return True; } @@ -1276,3 +1277,57 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } + + +NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid, BOOL with_priv) +{ + return get_group_map_from_sid(sid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid, BOOL with_priv) +{ + return get_group_map_from_gid(gid, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + char *name, BOOL with_priv) +{ + return get_group_map_from_ntname(name, map, with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return add_mapping_entry(map, TDB_INSERT) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return add_mapping_entry(map, TDB_REPLACE) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, + DOM_SID sid) +{ + return group_map_remove(sid) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, int *num_entries, + BOOL unix_only, BOOL with_priv) +{ + return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only, + with_priv) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} + -- cgit From eaf3fbe642d3c84fa5aeaacb11f9676a05a26b31 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Mar 2003 11:45:01 +0000 Subject: The group mapping functions are not called directly anymore, but instead through the passdb interface. So we can make them static. Volker (This used to be commit 99da1119a7a7fc0879e63f7e11cb4500419359e8) --- source3/groupdb/mapping.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 02fc23418f..61c0dfb4b8 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -249,7 +249,7 @@ static BOOL init_group_mapping(void) /**************************************************************************** ****************************************************************************/ -BOOL add_mapping_entry(GROUP_MAP *map, int flag) +static BOOL add_mapping_entry(GROUP_MAP *map, int flag) { TDB_DATA kbuf, dbuf; pstring key, buf; @@ -505,7 +505,7 @@ BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) Return the sid and the type of the unix group. ****************************************************************************/ -BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf; pstring key; @@ -569,7 +569,7 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) Return the sid and the type of the unix group. ****************************************************************************/ -BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) +static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -634,7 +634,7 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) Return the sid and the type of the unix group. ****************************************************************************/ -BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) +static BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -701,7 +701,7 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) Remove a group mapping entry. ****************************************************************************/ -BOOL group_map_remove(DOM_SID sid) +static BOOL group_map_remove(DOM_SID sid) { TDB_DATA kbuf, dbuf; pstring key; @@ -736,7 +736,7 @@ BOOL group_map_remove(DOM_SID sid) Enumerate the group mapping. ****************************************************************************/ -BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, +static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries, BOOL unix_only, BOOL with_priv) { TDB_DATA kbuf, dbuf, newkey; -- cgit From e30c2e18f60c4a611b32706d3a18aa60991ce7e6 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 29 Apr 2003 05:31:06 +0000 Subject: don't implement any group mapping functions in the guest sam module (This used to be commit a354bf4b7eadec3e6aa5f5547b58c7856fda3471) --- source3/groupdb/mapping.c | 48 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 61c0dfb4b8..b718f42f93 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1331,3 +1331,51 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } +/********************************************************************** + no ops for passdb backends that don't implement group mapping + *********************************************************************/ + +NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid, BOOL with_priv) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid, BOOL with_priv) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + char *name, BOOL with_priv) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, + DOM_SID sid) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, int *num_entries, + BOOL unix_only, BOOL with_priv) +{ + return NT_STATUS_UNSUCCESSFUL; +} + -- cgit From c823b191ab476fc2583d6d6aaa1e2edb09cbb88e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 12 May 2003 18:12:31 +0000 Subject: And finally IDMAP in 3_0 We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d) --- source3/groupdb/mapping.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index b718f42f93..2b7a852688 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -170,17 +170,17 @@ static BOOL default_group_mapping(void) /* Add the Wellknown groups */ - add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); - add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); /* Add the defaults domain groups */ @@ -763,7 +763,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; - + dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) continue; @@ -803,7 +803,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, free_privilege(set); continue; } - + if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); free_privilege(set); @@ -838,6 +838,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, free_privilege(&(mapt[entries].priv_set)); entries++; + } *num_entries=entries; -- cgit From 1eb644772768dff6252f89aadf2560f556449809 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Jun 2003 12:31:02 +0000 Subject: And more other memory leaks. One new (idmap) and one ancient (groupdb). Volker (This used to be commit 2392f460aeb11f32759e84faf1e7ace73c5db281) --- source3/groupdb/mapping.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 2b7a852688..5b5d0b0cc3 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -199,6 +199,10 @@ static BOOL default_group_mapping(void) sid_to_string(str_guests, &sid_guests); add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + free_privilege(&privilege_none); + free_privilege(&privilege_all); + free_privilege(&privilege_print_op); + return True; } -- cgit From e6fd597fce61787789b76c323c56edc979e4e1fc Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 18 Jun 2003 12:00:52 +0000 Subject: And some more memory leaks in mapping.c and pdb_tdb.c. tdb_nextkey mallocs its key, so we should free it after use. Volker (This used to be commit 9750799ba2e1aaa59fa255f23880c9c618195c3d) --- source3/groupdb/mapping.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5b5d0b0cc3..e13730b141 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -625,6 +625,7 @@ static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) if (gid==map->gid) { if (!with_priv) free_privilege(&map->priv_set); + SAFE_FREE(kbuf.dptr); return True; } @@ -692,6 +693,7 @@ static BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv if (StrCaseCmp(name, map->nt_name)==0) { if (!with_priv) free_privilege(&map->priv_set); + SAFE_FREE(kbuf.dptr); return True; } -- cgit From 75a5c0b307a79536316b651273d3f6983323f5ce Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 18 Jun 2003 15:24:10 +0000 Subject: Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e) --- source3/groupdb/mapping.c | 557 ++++------------------------------------------ 1 file changed, 47 insertions(+), 510 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index e13730b141..ef243ecfc0 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -37,69 +37,7 @@ PRIVS privs[] = { {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } }; -/* -PRIVS privs[] = { - { 2, "SeCreateTokenPrivilege" }, - { 3, "SeAssignPrimaryTokenPrivilege" }, - { 4, "SeLockMemoryPrivilege" }, - { 5, "SeIncreaseQuotaPrivilege" }, - { 6, "SeMachineAccountPrivilege" }, - { 7, "SeTcbPrivilege" }, - { 8, "SeSecurityPrivilege" }, - { 9, "SeTakeOwnershipPrivilege" }, - { 10, "SeLoadDriverPrivilege" }, - { 11, "SeSystemProfilePrivilege" }, - { 12, "SeSystemtimePrivilege" }, - { 13, "SeProfileSingleProcessPrivilege" }, - { 14, "SeIncreaseBasePriorityPrivilege" }, - { 15, "SeCreatePagefilePrivilege" }, - { 16, "SeCreatePermanentPrivilege" }, - { 17, "SeBackupPrivilege" }, - { 18, "SeRestorePrivilege" }, - { 19, "SeShutdownPrivilege" }, - { 20, "SeDebugPrivilege" }, - { 21, "SeAuditPrivilege" }, - { 22, "SeSystemEnvironmentPrivilege" }, - { 23, "SeChangeNotifyPrivilege" }, - { 24, "SeRemoteShutdownPrivilege" }, - { 25, "SeUndockPrivilege" }, - { 26, "SeSyncAgentPrivilege" }, - { 27, "SeEnableDelegationPrivilege" }, -}; -*/ - - /* - * Those are not really privileges like the other ones. - * They are handled in a special case and called - * system privileges. - * - * SeNetworkLogonRight - * SeUnsolicitedInputPrivilege - * SeBatchLogonRight - * SeServiceLogonRight - * SeInteractiveLogonRight - * SeDenyInteractiveLogonRight - * SeDenyNetworkLogonRight - * SeDenyBatchLogonRight - * SeDenyBatchLogonRight - */ -#if 0 -/**************************************************************************** -check if the user has the required privilege. -****************************************************************************/ -static BOOL se_priv_access_check(NT_USER_TOKEN *token, uint32 privilege) -{ - /* no token, no privilege */ - if (token==NULL) - return False; - - if ((token->privilege & privilege)==privilege) - return True; - - return False; -} -#endif /**************************************************************************** dump the mapping group mapping to a text file @@ -151,57 +89,35 @@ static BOOL default_group_mapping(void) fstring str_admins; fstring str_users; fstring str_guests; - LUID_ATTR set; - - PRIVILEGE_SET privilege_none; - PRIVILEGE_SET privilege_all; - PRIVILEGE_SET privilege_print_op; - - init_privilege(&privilege_none); - init_privilege(&privilege_all); - init_privilege(&privilege_print_op); - - set.attr=0; - set.luid.high=0; - set.luid.low=SE_PRIV_PRINT_OPERATOR; - add_privilege(&privilege_print_op, set); - - add_all_privilege(&privilege_all); /* Add the Wellknown groups */ - add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); - add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - - add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); - - add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", ""); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", ""); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", ""); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", ""); + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", ""); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", ""); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", ""); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", ""); + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", ""); /* Add the defaults domain groups */ sid_copy(&sid_admins, get_global_sam_sid()); sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); sid_to_string(str_admins, &sid_admins); - add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", ""); sid_copy(&sid_users, get_global_sam_sid()); sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); sid_to_string(str_users, &sid_users); - add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", ""); sid_copy(&sid_guests, get_global_sam_sid()); sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); sid_to_string(str_guests, &sid_guests); - add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); - - free_privilege(&privilege_none); - free_privilege(&privilege_all); - free_privilege(&privilege_print_op); + add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", ""); return True; } @@ -259,8 +175,6 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) pstring key, buf; fstring string_sid=""; int len; - int i; - PRIVILEGE_SET *set; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); @@ -269,16 +183,8 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) sid_to_string(string_sid, &map->sid); - len = tdb_pack(buf, sizeof(buf), "ddffd", - map->gid, map->sid_name_use, map->nt_name, map->comment, map->systemaccount); - - /* write the privilege list in the TDB database */ - - set=&map->priv_set; - len += tdb_pack(buf+len, sizeof(buf)-len, "d", set->count); - for (i=0; icount; i++) - len += tdb_pack(buf+len, sizeof(buf)-len, "ddd", - set->set[i].luid.low, set->set[i].luid.high, set->set[i].attr); + len = tdb_pack(buf, sizeof(buf), "ddff", + map->gid, map->sid_name_use, map->nt_name, map->comment); if (len > sizeof(buf)) return False; @@ -297,8 +203,7 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) /**************************************************************************** initialise first time the mapping list ****************************************************************************/ -BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, - const char *nt_name, const char *comment, PRIVILEGE_SET priv_set, uint32 systemaccount) +BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) { GROUP_MAP map; @@ -316,207 +221,22 @@ BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_us map.sid_name_use=sid_name_use; fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); - map.systemaccount=systemaccount; - - map.priv_set.count=priv_set.count; - map.priv_set.set=priv_set.set; pdb_add_group_mapping_entry(&map); return True; } -/**************************************************************************** -initialise a privilege list -****************************************************************************/ -void init_privilege(PRIVILEGE_SET *priv_set) -{ - priv_set->count=0; - priv_set->control=0; - priv_set->set=NULL; -} - -/**************************************************************************** -free a privilege list -****************************************************************************/ -BOOL free_privilege(PRIVILEGE_SET *priv_set) -{ - if (priv_set->count==0) { - DEBUG(100,("free_privilege: count=0, nothing to clear ?\n")); - return False; - } - - if (priv_set->set==NULL) { - DEBUG(0,("free_privilege: list ptr is NULL, very strange !\n")); - return False; - } - - safe_free(priv_set->set); - priv_set->count=0; - priv_set->control=0; - priv_set->set=NULL; - - return True; -} - -/**************************************************************************** -add a privilege to a privilege array -****************************************************************************/ -BOOL add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) -{ - LUID_ATTR *new_set; - - /* check if the privilege is not already in the list */ - if (check_priv_in_privilege(priv_set, set)) - return False; - - /* we can allocate memory to add the new privilege */ - - new_set=(LUID_ATTR *)Realloc(priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n")); - return False; - } - - new_set[priv_set->count].luid.high=set.luid.high; - new_set[priv_set->count].luid.low=set.luid.low; - new_set[priv_set->count].attr=set.attr; - - priv_set->count++; - priv_set->set=new_set; - - return True; -} - -/**************************************************************************** -add all the privileges to a privilege array -****************************************************************************/ -BOOL add_all_privilege(PRIVILEGE_SET *priv_set) -{ - LUID_ATTR set; - - set.attr=0; - set.luid.high=0; - - set.luid.low=SE_PRIV_ADD_USERS; - add_privilege(priv_set, set); - - set.luid.low=SE_PRIV_ADD_MACHINES; - add_privilege(priv_set, set); - - set.luid.low=SE_PRIV_PRINT_OPERATOR; - add_privilege(priv_set, set); - - return True; -} - -/**************************************************************************** -check if the privilege list is empty -****************************************************************************/ -BOOL check_empty_privilege(PRIVILEGE_SET *priv_set) -{ - return (priv_set->count == 0); -} - -/**************************************************************************** -check if the privilege is in the privilege list -****************************************************************************/ -BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) -{ - int i; - - /* if the list is empty, obviously we can't have it */ - if (check_empty_privilege(priv_set)) - return False; - - for (i=0; icount; i++) { - LUID_ATTR *cur_set; - - cur_set=&priv_set->set[i]; - /* check only the low and high part. Checking the attr field has no meaning */ - if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) ) - return True; - } - - return False; -} - -/**************************************************************************** -remove a privilege from a privilege array -****************************************************************************/ -BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) -{ - LUID_ATTR *new_set; - LUID_ATTR *old_set; - int i,j; - - /* check if the privilege is in the list */ - if (!check_priv_in_privilege(priv_set, set)) - return False; - - /* special case if it's the only privilege in the list */ - if (priv_set->count==1) { - free_privilege(priv_set); - init_privilege(priv_set); - - return True; - } - - /* - * the privilege is there, create a new list, - * and copy the other privileges - */ - - old_set=priv_set->set; - - new_set=(LUID_ATTR *)malloc((priv_set->count-1)*(sizeof(LUID_ATTR))); - if (new_set==NULL) { - DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); - return False; - } - - for (i=0, j=0; icount; i++) { - if ((old_set[i].luid.low==set.luid.low) && - (old_set[i].luid.high==set.luid.high)) { - continue; - } - - new_set[j].luid.low=old_set[i].luid.low; - new_set[j].luid.high=old_set[i].luid.high; - new_set[j].attr=old_set[i].attr; - - j++; - } - - if (j!=priv_set->count-1) { - DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); - DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); - safe_free(new_set); - return False; - } - - /* ok everything is fine */ - - priv_set->count--; - priv_set->set=new_set; - - safe_free(old_set); - - return True; -} - /**************************************************************************** Return the sid and the type of the unix group. ****************************************************************************/ -static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) { TDB_DATA kbuf, dbuf; pstring key; fstring string_sid; int ret; - int i; - PRIVILEGE_SET *set; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); @@ -535,34 +255,10 @@ static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) if (!dbuf.dptr) return False; - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); - - set=&map->priv_set; - init_privilege(set); - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); - - DEBUG(10,("get_group_map_from_sid: %d privileges\n", map->priv_set.count)); - - set->set = NULL; - if (set->count) { - set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR)); - } - - for (i=0; icount; i++) - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", - &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); - if (ret != dbuf.dsize) { - DEBUG(0,("get_group_map_from_sid: group mapping TDB corrupted ?\n")); - free_privilege(set); - return False; - } - - /* we don't want the privileges */ - if (with_priv==MAPPING_WITHOUT_PRIV) - free_privilege(set); sid_copy(&map->sid, &sid); @@ -573,13 +269,11 @@ static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) Return the sid and the type of the unix group. ****************************************************************************/ -static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) +static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; - int i; - PRIVILEGE_SET *set; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); @@ -602,34 +296,15 @@ static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) string_to_sid(&map->sid, string_sid); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); - - set=&map->priv_set; - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); - set->set = NULL; - if (set->count) { - set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR)); - } - - for (i=0; icount; i++) - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", - &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); - if (ret != dbuf.dsize){ - free_privilege(set); - continue; - } if (gid==map->gid) { - if (!with_priv) - free_privilege(&map->priv_set); SAFE_FREE(kbuf.dptr); return True; } - - free_privilege(set); } return False; @@ -639,13 +314,11 @@ static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) Return the sid and the type of the unix group. ****************************************************************************/ -static BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) +static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; - int i; - PRIVILEGE_SET *set; if(!init_group_mapping()) { DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping")); @@ -668,36 +341,15 @@ static BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv string_to_sid(&map->sid, string_sid); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); - - set=&map->priv_set; - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); - - set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); - if (set->set==NULL) { - DEBUG(0,("get_group_map_from_ntname: could not allocate memory for privileges\n")); - return False; - } - - for (i=0; icount; i++) - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", - &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); - if (ret != dbuf.dsize) { - free_privilege(set); - continue; - } if (StrCaseCmp(name, map->nt_name)==0) { - if (!with_priv) - free_privilege(&map->priv_set); SAFE_FREE(kbuf.dptr); return True; } - - free_privilege(set); } return False; @@ -743,7 +395,7 @@ static BOOL group_map_remove(DOM_SID sid) ****************************************************************************/ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, - int *num_entries, BOOL unix_only, BOOL with_priv) + int *num_entries, BOOL unix_only) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -752,8 +404,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, GROUP_MAP *mapt; int ret; int entries=0; - int i; - PRIVILEGE_SET *set; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); @@ -776,43 +426,19 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", - &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.systemaccount); - - set=&map.priv_set; - init_privilege(set); - - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); - - if (set->count!=0) { - set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); - if (set->set==NULL) { - DEBUG(0,("enum_group_mapping: could not allocate memory for privileges\n")); - return False; - } - } - - for (i=0; icount; i++) - ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", - &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); SAFE_FREE(dbuf.dptr); - if (ret != dbuf.dsize) { - DEBUG(11,("enum_group_mapping: error in memory size\n")); - free_privilege(set); - continue; - } /* list only the type or everything if UNKNOWN */ if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); - free_privilege(set); continue; } if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); - free_privilege(set); continue; } @@ -825,7 +451,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, if (!mapt) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); SAFE_FREE(*rmap); - free_privilege(set); return False; } else @@ -836,12 +461,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, mapt[entries].sid_name_use = map.sid_name_use; fstrcpy(mapt[entries].nt_name, map.nt_name); fstrcpy(mapt[entries].comment, map.comment); - mapt[entries].systemaccount=map.systemaccount; - mapt[entries].priv_set.count=set->count; - mapt[entries].priv_set.control=set->control; - mapt[entries].priv_set.set=set->set; - if (!with_priv) - free_privilege(&(mapt[entries].priv_set)); entries++; @@ -852,64 +471,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, return True; } - -/**************************************************************************** -convert a privilege string to a privilege array -****************************************************************************/ -void convert_priv_from_text(PRIVILEGE_SET *se_priv, char *privilege) -{ - pstring tok; - const char *p = privilege; - int i; - LUID_ATTR set; - - /* By default no privilege */ - init_privilege(se_priv); - - if (privilege==NULL) - return; - - while(next_token(&p, tok, " ", sizeof(tok)) ) { - for (i=0; i<=PRIV_ALL_INDEX; i++) { - if (StrCaseCmp(privs[i].priv, tok)==0) { - set.attr=0; - set.luid.high=0; - set.luid.low=privs[i].se_priv; - add_privilege(se_priv, set); - } - } - } -} - -/**************************************************************************** -convert a privilege array to a privilege string -****************************************************************************/ -void convert_priv_to_text(PRIVILEGE_SET *se_priv, char *privilege) -{ - int i,j; - - if (privilege==NULL) - return; - - ZERO_STRUCTP(privilege); - - if (check_empty_privilege(se_priv)) { - fstrcat(privilege, "No privilege"); - return; - } - - for(i=0; icount; i++) { - j=1; - while (privs[j].se_priv!=se_priv->set[i].luid.low && j<=PRIV_ALL_INDEX) { - j++; - } - - fstrcat(privilege, privs[j].priv); - fstrcat(privilege, " "); - } -} - - /* * * High level functions @@ -922,7 +483,7 @@ void convert_priv_to_text(PRIVILEGE_SET *se_priv, char *privilege) /* get a domain group from it's SID */ -BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; @@ -934,23 +495,19 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ - if(!pdb_getgrsid(map, sid, with_priv)) + if(!pdb_getgrsid(map, sid)) return False; DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); /* if it's not a domain group, continue */ if (map->sid_name_use!=SID_NAME_DOM_GRP) { - if (with_priv) - free_privilege(&map->priv_set); return False; } DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); if (map->gid==-1) { - if (with_priv) - free_privilege(&map->priv_set); return False; } @@ -958,8 +515,6 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) if ( (grp=getgrgid(map->gid)) == NULL) { DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); - if (with_priv) - free_privilege(&map->priv_set); return False; } @@ -971,7 +526,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) /* get a local (alias) group from it's SID */ -BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; @@ -981,22 +536,16 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) } /* The group is in the mapping table */ - if(pdb_getgrsid(map, sid, with_priv)) { + if(pdb_getgrsid(map, sid)) { if (map->sid_name_use!=SID_NAME_ALIAS) { - if (with_priv) - free_privilege(&map->priv_set); return False; } if (map->gid==-1) { - if (with_priv) - free_privilege(&map->priv_set); return False; } if ( (grp=getgrgid(map->gid)) == NULL) { - if (with_priv) - free_privilege(&map->priv_set); return False; } } else { @@ -1011,13 +560,10 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) return False; map->sid_name_use=SID_NAME_ALIAS; - map->systemaccount=PR_ACCESS_FROM_NETWORK; fstrcpy(map->nt_name, grp->gr_name); fstrcpy(map->comment, "Local Unix Group"); - init_privilege(&map->priv_set); - sid_copy(&map->sid, &sid); } @@ -1026,7 +572,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) /* get a builtin group from it's SID */ -BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; @@ -1035,24 +581,18 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) return(False); } - if(!pdb_getgrsid(map, sid, with_priv)) + if(!pdb_getgrsid(map, sid)) return False; if (map->sid_name_use!=SID_NAME_WKN_GRP) { - if (with_priv) - free_privilege(&map->priv_set); return False; } if (map->gid==-1) { - if (with_priv) - free_privilege(&map->priv_set); return False; } if ( (grp=getgrgid(map->gid)) == NULL) { - if (with_priv) - free_privilege(&map->priv_set); return False; } @@ -1064,7 +604,7 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) /**************************************************************************** Returns a GROUP_MAP struct based on the gid. ****************************************************************************/ -BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) +BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) { struct group *grp; @@ -1079,11 +619,9 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) /* * make a group map from scratch if doesn't exist. */ - if (!pdb_getgrgid(map, gid, with_priv)) { + if (!pdb_getgrgid(map, gid)) { map->gid=gid; map->sid_name_use=SID_NAME_ALIAS; - map->systemaccount=PR_ACCESS_FROM_NETWORK; - init_privilege(&map->priv_set); /* interim solution until we have a last RID allocated */ @@ -1287,23 +825,23 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - DOM_SID sid, BOOL with_priv) + DOM_SID sid) { - return get_group_map_from_sid(sid, map, with_priv) ? + return get_group_map_from_sid(sid, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, - gid_t gid, BOOL with_priv) + gid_t gid) { - return get_group_map_from_gid(gid, map, with_priv) ? + return get_group_map_from_gid(gid, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, - char *name, BOOL with_priv) + const char *name) { - return get_group_map_from_ntname(name, map, with_priv) ? + return get_group_map_from_ntname(name, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -1331,10 +869,9 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries, - BOOL unix_only, BOOL with_priv) + BOOL unix_only) { - return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only, - with_priv) ? + return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -1343,19 +880,19 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, *********************************************************************/ NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - DOM_SID sid, BOOL with_priv) + DOM_SID sid) { return NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, - gid_t gid, BOOL with_priv) + gid_t gid) { return NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, - char *name, BOOL with_priv) + const char *name) { return NT_STATUS_UNSUCCESSFUL; } @@ -1381,7 +918,7 @@ NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int *num_entries, - BOOL unix_only, BOOL with_priv) + BOOL unix_only) { return NT_STATUS_UNSUCCESSFUL; } -- cgit From cd6687673a2d741c32997c8d3ce1df8bc61915fa Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Fri, 4 Jul 2003 09:56:50 +0000 Subject: Fix memleak in groupdb. Spotted by Metze (This used to be commit 5280c6953195c2664628ecaab59ea82b4863e8f7) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index ef243ecfc0..5d2d28f152 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -683,8 +683,8 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) if( (pwd=getpwnam_alloc(gr)) !=NULL) { (*uid)[*num_uids]=pwd->pw_uid; (*num_uids)++; + passwd_free(&pwd); } - passwd_free(&pwd); gr = grp->gr_mem[++i]; } DEBUG(10, ("got [%d] members\n", *num_uids)); -- cgit From 16ff7b26f6b9d288cbd1d39e075b637e24da13a6 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 9 Jul 2003 16:44:47 +0000 Subject: Large set of changes to add UNIX account/group management to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6) --- source3/groupdb/mapping.c | 177 +++++++++++++++++++++++++++++++--------------- 1 file changed, 121 insertions(+), 56 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5d2d28f152..e769b4dd9d 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -719,37 +719,50 @@ int smb_create_group(char *unix_group, gid_t *new_gid) int ret; int fd = 0; - pstrcpy(add_script, lp_addgroup_script()); - if (! *add_script) return -1; - pstring_sub(add_script, "%g", unix_group); - ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL); - DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); - if (ret != 0) - return ret; - - if (fd != 0) { - fstring output; - - *new_gid = 0; - if (read(fd, output, sizeof(output)) > 0) { - *new_gid = (gid_t)strtoul(output, NULL, 10); - } - close(fd); - - if (*new_gid == 0) { - /* The output was garbage. We assume nobody - will create group 0 via smbd. Now we try to - get the group via getgrnam. */ - - struct group *grp = getgrnam(unix_group); - if (grp != NULL) - *new_gid = grp->gr_gid; - else - return 1; + /* defer to scripts */ + + if ( *lp_addgroup_script() ) { + pstrcpy(add_script, lp_addgroup_script()); + pstring_sub(add_script, "%g", unix_group); + ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL); + DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); + if (ret != 0) + return ret; + + if (fd != 0) { + fstring output; + + *new_gid = 0; + if (read(fd, output, sizeof(output)) > 0) { + *new_gid = (gid_t)strtoul(output, NULL, 10); + } + close(fd); + + if (*new_gid == 0) { + /* The output was garbage. We assume nobody + will create group 0 via smbd. Now we try to + get the group via getgrnam. */ + + struct group *grp = getgrnam(unix_group); + if (grp != NULL) + *new_gid = grp->gr_gid; + else + return 1; + } } + + return 0; } - return ret; + /* Try winbindd */ + + if ( winbind_create_group( unix_group ) ) { + DEBUG(3,("smb_create_group: winbindd created the group (%s)\n", + unix_group)); + return 0; + } + + return -1; } /**************************************************************************** @@ -761,12 +774,25 @@ int smb_delete_group(char *unix_group) pstring del_script; int ret; - pstrcpy(del_script, lp_delgroup_script()); - if (! *del_script) return -1; - pstring_sub(del_script, "%g", unix_group); - ret = smbrun(del_script,NULL); - DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); - return ret; + /* defer to scripts */ + + if ( *lp_delgroup_script() ) { + pstrcpy(del_script, lp_delgroup_script()); + pstring_sub(del_script, "%g", unix_group); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; + } +#if 0 + if ( winbind_delete_group( unix_group ) ) { + DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n", + unix_group)); + return 0; + } + +#endif + + return -1; } /**************************************************************************** @@ -777,14 +803,27 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) pstring add_script; int ret; - pstrcpy(add_script, lp_setprimarygroup_script()); - if (! *add_script) return -1; - all_string_sub(add_script, "%g", unix_group, sizeof(add_script)); - all_string_sub(add_script, "%u", unix_user, sizeof(add_script)); - ret = smbrun(add_script,NULL); - DEBUG(3,("smb_set_primary_group: " - "Running the command `%s' gave %d\n",add_script,ret)); - return ret; + /* defer to scripts */ + + if ( *lp_setprimarygroup_script() ) { + pstrcpy(add_script, lp_setprimarygroup_script()); + all_string_sub(add_script, "%g", unix_group, sizeof(add_script)); + all_string_sub(add_script, "%u", unix_user, sizeof(add_script)); + ret = smbrun(add_script,NULL); + DEBUG(3,("smb_set_primary_group: " + "Running the command `%s' gave %d\n",add_script,ret)); + return ret; + } + + /* Try winbindd */ + + if ( winbind_set_user_primary_group( unix_user, unix_group ) ) { + DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n", + unix_group, unix_user)); + return 0; + } + + return -1; } /**************************************************************************** @@ -796,13 +835,26 @@ int smb_add_user_group(char *unix_group, char *unix_user) pstring add_script; int ret; - pstrcpy(add_script, lp_addusertogroup_script()); - if (! *add_script) return -1; - pstring_sub(add_script, "%g", unix_group); - pstring_sub(add_script, "%u", unix_user); - ret = smbrun(add_script,NULL); - DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); - return ret; + /* defer to scripts */ + + if ( *lp_addusertogroup_script() ) { + pstrcpy(add_script, lp_addusertogroup_script()); + pstring_sub(add_script, "%g", unix_group); + pstring_sub(add_script, "%u", unix_user); + ret = smbrun(add_script,NULL); + DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); + return ret; + } + + /* Try winbindd */ + + if ( winbind_add_user_to_group( unix_user, unix_group ) ) { + DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group (%s)\n", + unix_user, unix_group)); + return -1; + } + + return -1; } /**************************************************************************** @@ -814,13 +866,26 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) pstring del_script; int ret; - pstrcpy(del_script, lp_deluserfromgroup_script()); - if (! *del_script) return -1; - pstring_sub(del_script, "%g", unix_group); - pstring_sub(del_script, "%u", unix_user); - ret = smbrun(del_script,NULL); - DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); - return ret; + /* defer to scripts */ + + if ( *lp_deluserfromgroup_script() ) { + pstrcpy(del_script, lp_deluserfromgroup_script()); + pstring_sub(del_script, "%g", unix_group); + pstring_sub(del_script, "%u", unix_user); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; + } + + /* Try winbindd */ + + if ( winbind_remove_user_from_group( unix_user, unix_group ) ) { + DEBUG(3,("smb_delete_group: winbindd removed user (%s) from the group (%s)\n", + unix_user, unix_group)); + return 0; + } + + return -1; } -- cgit From 03d5867d529f126da368ebda70bf2d997aa602e0 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 11 Jul 2003 05:33:40 +0000 Subject: moving more code around. * move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d) --- source3/groupdb/mapping.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index e769b4dd9d..8a6f514860 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -756,7 +756,7 @@ int smb_create_group(char *unix_group, gid_t *new_gid) /* Try winbindd */ - if ( winbind_create_group( unix_group ) ) { + if ( winbind_create_group( unix_group, NULL ) ) { DEBUG(3,("smb_create_group: winbindd created the group (%s)\n", unix_group)); return 0; @@ -783,15 +783,13 @@ int smb_delete_group(char *unix_group) DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } -#if 0 + if ( winbind_delete_group( unix_group ) ) { DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n", unix_group)); return 0; } -#endif - return -1; } -- cgit From e9e3421db90c41d9839cf5d3cba494e0c32d7a42 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Jul 2003 17:23:36 +0000 Subject: We should report if a group mapping fails. This should fix bug#225. Jerry, this is assigned to you. Do you want to answer it? However, we have to decide what to do if a mapping is to be done for a unix group not in LDAP.... Volker (This used to be commit bf449d467cfe4987df17010490a16ab0472c0803) --- source3/groupdb/mapping.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 8a6f514860..951361f4d4 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -222,9 +222,7 @@ BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_us fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); - pdb_add_group_mapping_entry(&map); - - return True; + return pdb_add_group_mapping_entry(&map); } /**************************************************************************** -- cgit From a84270ce115e7fa0674c163de708333816184dca Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 16 Jul 2003 02:20:53 +0000 Subject: fixes for 'net rpc vampire'. I can now take a blank Samba host and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e) --- source3/groupdb/mapping.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 951361f4d4..3d2af5d0ba 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -714,8 +714,10 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) int smb_create_group(char *unix_group, gid_t *new_gid) { pstring add_script; - int ret; - int fd = 0; + int ret = -1; + int fd = 0; + + *new_gid = 0; /* defer to scripts */ @@ -734,22 +736,9 @@ int smb_create_group(char *unix_group, gid_t *new_gid) if (read(fd, output, sizeof(output)) > 0) { *new_gid = (gid_t)strtoul(output, NULL, 10); } + close(fd); - - if (*new_gid == 0) { - /* The output was garbage. We assume nobody - will create group 0 via smbd. Now we try to - get the group via getgrnam. */ - - struct group *grp = getgrnam(unix_group); - if (grp != NULL) - *new_gid = grp->gr_gid; - else - return 1; - } } - - return 0; } /* Try winbindd */ @@ -757,10 +746,17 @@ int smb_create_group(char *unix_group, gid_t *new_gid) if ( winbind_create_group( unix_group, NULL ) ) { DEBUG(3,("smb_create_group: winbindd created the group (%s)\n", unix_group)); - return 0; + ret = 0; + } + + if (*new_gid == 0) { + struct group *grp = getgrnam(unix_group); + + if (grp != NULL) + *new_gid = grp->gr_gid; } - return -1; + return ret; } /**************************************************************************** -- cgit From 80c1f1d865b13a63c7a60876b63458119566e044 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 22 Jul 2003 04:31:20 +0000 Subject: Fixup a bunch of printf-style functions and debugs to use unsigned long when displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 3d2af5d0ba..cd903fa28b 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -509,7 +509,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) return False; } - DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid)); + DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); if ( (grp=getgrgid(map->gid)) == NULL) { DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); -- cgit From dff37bed45b320043f5c9d5aa1c233bc1c11c69b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 15 Aug 2003 17:01:49 +0000 Subject: fix compile warnings on IRIX (This used to be commit b9779ba590a62acac12fa268c0e9dbe054176ae4) --- source3/groupdb/mapping.c | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index cd903fa28b..58d04f0dde 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -234,7 +234,7 @@ static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) TDB_DATA kbuf, dbuf; pstring key; fstring string_sid; - int ret; + int ret = 0; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); @@ -257,6 +257,11 @@ static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); + return False; + } sid_copy(&map->sid, &sid); @@ -299,6 +304,11 @@ static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) SAFE_FREE(dbuf.dptr); + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n")); + return False; + } + if (gid==map->gid) { SAFE_FREE(kbuf.dptr); return True; @@ -343,6 +353,11 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n")); + return False; + } if (StrCaseCmp(name, map->nt_name)==0) { SAFE_FREE(kbuf.dptr); @@ -429,6 +444,11 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, SAFE_FREE(dbuf.dptr); + if ( ret == -1 ) { + DEBUG(3,("enum_group_mapping: tdb_unpack failure\n")); + continue; + } + /* list only the type or everything if UNKNOWN */ if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); @@ -510,8 +530,9 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) } DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); - - if ( (grp=getgrgid(map->gid)) == NULL) { + + grp = getgrgid(map->gid) + if ( !grp ) { DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); return False; } @@ -553,9 +574,12 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) sid_peek_rid(&sid, &alias_rid); map->gid=pdb_group_rid_to_gid(alias_rid); - - if ((grp=getgrgid(map->gid)) == NULL) + + grp = getgrgid(map->gid); + if ( !grp ) { + DEBUG(3,("get_local_group_from_sid: No unix group for [%ul]\n", map->gid)); return False; + } map->sid_name_use=SID_NAME_ALIAS; -- cgit From 22ecf22068fdd25c613fd264c86af38733fef5d4 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 15 Aug 2003 17:38:11 +0000 Subject: Fix syntax error! (This used to be commit cd0b6f74baa01dbe43c29cdadf1505083cdc878f) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 58d04f0dde..7a07b5c344 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -531,7 +531,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); - grp = getgrgid(map->gid) + grp = getgrgid(map->gid); if ( !grp ) { DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); return False; -- cgit From c39f5fea4ad7b57ee8ad4d2b115163f76753f853 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 24 Nov 2003 17:31:38 +0000 Subject: more access fixes for group enumeration in LDAP; bug 281 (This used to be commit 68283407e0f366d8315f4be6caed67eb6fe84b85) --- source3/groupdb/mapping.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7a07b5c344..8f534d779e 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -629,6 +629,7 @@ Returns a GROUP_MAP struct based on the gid. BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) { struct group *grp; + BOOL ret; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); @@ -641,7 +642,12 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) /* * make a group map from scratch if doesn't exist. */ - if (!pdb_getgrgid(map, gid)) { + + become_root(); + ret = pdb_getgrgid(map, gid); + unbecome_root(); + + if ( !ret ) { map->gid=gid; map->sid_name_use=SID_NAME_ALIAS; -- cgit From 3d929b1ce67d945979552fe1ea2c70f6d3925326 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 4 Dec 2003 03:35:46 +0000 Subject: * fix RemoveSidForeignDomain() ; bug 252 * don't fall back to unmapped UNIX group for get_local_group_from_sid() * remove an extra become/unbecome_root() pair from group enumeration (This used to be commit da12bbdb0dd9179b1ed457fa009679e2da4a8440) --- source3/groupdb/mapping.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 8f534d779e..b1c260581e 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -547,27 +547,28 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) { - struct group *grp; - if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } /* The group is in the mapping table */ - if(pdb_getgrsid(map, sid)) { - if (map->sid_name_use!=SID_NAME_ALIAS) { - return False; - } + + if( !pdb_getgrsid(map, sid) ) + return False; - if (map->gid==-1) { - return False; - } - - if ( (grp=getgrgid(map->gid)) == NULL) { - return False; - } - } else { + if ( (map->sid_name_use != SID_NAME_ALIAS) + || (map->gid == -1) + || (getgrgid(map->gid) == NULL) ) + { + return False; + } + +#if 0 /* JERRY */ + /* local groups only exist in the group mapping DB so this + is not necessary */ + + else { /* the group isn't in the mapping table. * make one based on the unix information */ uint32 alias_rid; @@ -588,6 +589,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) sid_copy(&map->sid, &sid); } +#endif return True; } -- cgit From 87fddf6a988dfcdb3f1d3a715df585b6c6efa9d7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 10 Dec 2003 16:40:17 +0000 Subject: more group lookup access fixes on the neverending bug 281 (This used to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d) --- source3/groupdb/mapping.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index b1c260581e..08ac6a25a5 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -504,7 +504,8 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; - + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); @@ -513,7 +514,12 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) DEBUG(10, ("get_domain_group_from_sid\n")); /* if the group is NOT in the database, it CAN NOT be a domain group */ - if(!pdb_getgrsid(map, sid)) + + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); + + if ( !ret ) return False; DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); @@ -547,14 +553,19 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) { + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } /* The group is in the mapping table */ + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); - if( !pdb_getgrsid(map, sid) ) + if ( !ret ) return False; if ( (map->sid_name_use != SID_NAME_ALIAS) @@ -564,7 +575,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) return False; } -#if 0 /* JERRY */ +#if 1 /* JERRY */ /* local groups only exist in the group mapping DB so this is not necessary */ @@ -572,6 +583,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* the group isn't in the mapping table. * make one based on the unix information */ uint32 alias_rid; + struct group *grp; sid_peek_rid(&sid, &alias_rid); map->gid=pdb_group_rid_to_gid(alias_rid); @@ -599,13 +611,19 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; + BOOL ret; + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } - if(!pdb_getgrsid(map, sid)) + become_root(); + ret = pdb_getgrsid(map, sid); + unbecome_root(); + + if ( !ret ) return False; if (map->sid_name_use!=SID_NAME_WKN_GRP) { -- cgit From b4593e92ff75f006982d7f49337a0a94f44d4218 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 2 Jan 2004 05:32:07 +0000 Subject: JHT came up with a nasty (broken) torture case in preparing examples for his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0) --- source3/groupdb/mapping.c | 91 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 63 insertions(+), 28 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 08ac6a25a5..97abbd46e3 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -551,7 +551,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* get a local (alias) group from it's SID */ -BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map) { BOOL ret; @@ -562,7 +562,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* The group is in the mapping table */ become_root(); - ret = pdb_getgrsid(map, sid); + ret = pdb_getgrsid(map, *sid); unbecome_root(); if ( !ret ) @@ -585,7 +585,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) uint32 alias_rid; struct group *grp; - sid_peek_rid(&sid, &alias_rid); + sid_peek_rid(sid, &alias_rid); map->gid=pdb_group_rid_to_gid(alias_rid); grp = getgrgid(map->gid); @@ -599,7 +599,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) fstrcpy(map->nt_name, grp->gr_name); fstrcpy(map->comment, "Local Unix Group"); - sid_copy(&map->sid, &sid); + sid_copy(&map->sid, sid); } #endif @@ -608,7 +608,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map) /* get a builtin group from it's SID */ -BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map) { struct group *grp; BOOL ret; @@ -620,7 +620,7 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map) } become_root(); - ret = pdb_getgrsid(map, sid); + ret = pdb_getgrsid(map, *sid); unbecome_root(); if ( !ret ) @@ -690,7 +690,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) Get the member users of a group and all the users who have that group as primary. - give back an array of uid + give back an array of SIDS return the grand number of users @@ -698,21 +698,21 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) ****************************************************************************/ -BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) +BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) { struct group *grp; struct passwd *pwd; int i=0; char *gr; - uid_t *u; + DOM_SID *s; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); return(False); } - *num_uids = 0; - *uid=NULL; + *num_sids = 0; + *sids=NULL; if ( (grp=getgrgid(gid)) == NULL) return False; @@ -721,39 +721,74 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) DEBUG(10, ("getting members\n")); while (gr && (*gr != (char)'\0')) { - u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); - if (!u) { - DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + SAM_ACCOUNT *group_member_acct = NULL; + BOOL found_user; + s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); + if (!s) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge SID list!\n")); return False; } - else (*uid) = u; + else (*sids) = s; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { + continue; + } - if( (pwd=getpwnam_alloc(gr)) !=NULL) { - (*uid)[*num_uids]=pwd->pw_uid; - (*num_uids)++; - passwd_free(&pwd); + become_root(); + found_user = pdb_getsampwnam(group_member_acct, gr); + unbecome_root(); + + if (found_user) { + sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct)); + (*num_sids)++; } + + pdb_free_sam(&group_member_acct); + gr = grp->gr_mem[++i]; } - DEBUG(10, ("got [%d] members\n", *num_uids)); + DEBUG(10, ("got [%d] members\n", *num_sids)); + + winbind_off(); setpwent(); while ((pwd=getpwent()) != NULL) { if (pwd->pw_gid==gid) { - u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); - if (!u) { - DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + SAM_ACCOUNT *group_member_acct = NULL; + BOOL found_user; + s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); + if (!s) { + DEBUG(0,("get_sid_list_of_group: unable to enlarge SID list!\n")); + winbind_on(); return False; } - else (*uid) = u; - (*uid)[*num_uids]=pwd->pw_uid; - - (*num_uids)++; + else (*sids) = s; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { + continue; + } + + become_root(); + found_user = pdb_getsampwnam(group_member_acct, pwd->pw_name); + unbecome_root(); + + if (found_user) { + sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct)); + (*num_sids)++; + } else { + DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] has no samba account\n", + pwd->pw_name, (unsigned long)pwd->pw_uid)); + if (algorithmic_uid_to_sid(&(*sids)[*num_sids], pwd->pw_uid)) + (*num_sids)++; + } + + pdb_free_sam(&group_member_acct); } } endpwent(); - DEBUG(10, ("got primary groups, members: [%d]\n", *num_uids)); + DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids)); + winbind_on(); return True; } -- cgit From 4d6b478b19dd583cb4df3db2d59a4815236c593c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 25 Jan 2004 10:04:10 +0000 Subject: On my SuSE 8.2 (glibc 2.3.2) the getpwnam inside pdb_getsampwnam reset the surrounding getpwent loop to the first entry. So smbd went into an endless loop. Volker (This used to be commit 1797b16fadd61ef1f30a1be950e3afe7a2e1d791) --- source3/groupdb/mapping.c | 73 ++++++++++++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 30 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 97abbd46e3..7513f3b141 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -701,10 +701,12 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) { struct group *grp; - struct passwd *pwd; int i=0; char *gr; DOM_SID *s; + + struct sys_pwent *userlist; + struct sys_pwent *user; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping")); @@ -751,41 +753,52 @@ BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) winbind_off(); - setpwent(); - while ((pwd=getpwent()) != NULL) { - if (pwd->pw_gid==gid) { - SAM_ACCOUNT *group_member_acct = NULL; - BOOL found_user; - s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); - if (!s) { - DEBUG(0,("get_sid_list_of_group: unable to enlarge SID list!\n")); - winbind_on(); - return False; - } - else (*sids) = s; + user = userlist = getpwent_list(); + + while (user != NULL) { + + SAM_ACCOUNT *group_member_acct = NULL; + BOOL found_user; + + if (user->pw_gid != gid) { + user = user->next; + continue; + } + + s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); + if (!s) { + DEBUG(0,("get_sid_list_of_group: unable to enlarge " + "SID list!\n")); + winbind_on(); + return False; + } + else (*sids) = s; - if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { - continue; - } + if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { + continue; + } - become_root(); - found_user = pdb_getsampwnam(group_member_acct, pwd->pw_name); - unbecome_root(); + become_root(); + found_user = pdb_getsampwnam(group_member_acct, user->pw_name); + unbecome_root(); - if (found_user) { - sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct)); + if (found_user) { + sid_copy(&(*sids)[*num_sids], + pdb_get_user_sid(group_member_acct)); + (*num_sids)++; + } else { + DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] " + "has no samba account\n", + user->pw_name, (unsigned long)user->pw_uid)); + if (algorithmic_uid_to_sid(&(*sids)[*num_sids], + user->pw_uid)) (*num_sids)++; - } else { - DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] has no samba account\n", - pwd->pw_name, (unsigned long)pwd->pw_uid)); - if (algorithmic_uid_to_sid(&(*sids)[*num_sids], pwd->pw_uid)) - (*num_sids)++; - } - - pdb_free_sam(&group_member_acct); } + pdb_free_sam(&group_member_acct); + + user = user->next; } - endpwent(); + pwent_free(userlist); DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids)); winbind_on(); -- cgit From 7ff912521a74eaf21411441e4dd7320bc246e882 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 25 Jan 2004 10:14:50 +0000 Subject: Fix memleak just introduced. Thanks to abartlet :-) Volker (This used to be commit be485eea81c6bab8067642c26e41a14652ce7ee6) --- source3/groupdb/mapping.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7513f3b141..048a6c5db0 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -769,6 +769,7 @@ BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) if (!s) { DEBUG(0,("get_sid_list_of_group: unable to enlarge " "SID list!\n")); + pwent_free(userlist); winbind_on(); return False; } -- cgit From 8f3507338e3bb31c96e9073c2a894c72518388c3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 17 Feb 2004 21:25:42 +0000 Subject: When creating a group via a script, don't let winbind do it as well. Volker (This used to be commit 6a229f1488c2f0935c24e223614e4c88b36d15c0) --- source3/groupdb/mapping.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 048a6c5db0..71ef38e6c8 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -838,11 +838,9 @@ int smb_create_group(char *unix_group, gid_t *new_gid) close(fd); } - } - /* Try winbindd */ + } else if ( winbind_create_group( unix_group, NULL ) ) { - if ( winbind_create_group( unix_group, NULL ) ) { DEBUG(3,("smb_create_group: winbindd created the group (%s)\n", unix_group)); ret = 0; -- cgit From 1fabcf0a12fabf5ab1f4df3298fbf24d990f60cc Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Tue, 9 Mar 2004 18:58:19 +0000 Subject: Fix to debug message lacking termination with '\n'. rafal (This used to be commit 2a7dd469430459d124cb48d516b82766a2a249bc) --- source3/groupdb/mapping.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 71ef38e6c8..d10a7decb7 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -177,7 +177,7 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) int len; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -208,7 +208,7 @@ BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_us GROUP_MAP map; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -237,7 +237,7 @@ static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) int ret = 0; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -279,7 +279,7 @@ static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) int ret; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -329,7 +329,7 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) int ret; if(!init_group_mapping()) { - DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping")); + DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n")); return(False); } @@ -379,7 +379,7 @@ static BOOL group_map_remove(DOM_SID sid) fstring string_sid; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -419,7 +419,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, int entries=0; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -507,7 +507,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) BOOL ret; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -556,7 +556,7 @@ BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map) BOOL ret; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -615,7 +615,7 @@ BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map) if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -652,7 +652,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) BOOL ret; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -709,7 +709,7 @@ BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) struct sys_pwent *user; if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping")); + DEBUG(0,("failed to initialize group mapping\n")); return(False); } -- cgit From 7af3777ab32ee220700ed3367d07ca18b2bbdd47 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 7 Apr 2004 12:43:44 +0000 Subject: r116: volker's patch for local group and group nesting (This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f) --- source3/groupdb/mapping.c | 460 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 459 insertions(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index d10a7decb7..548651dfd5 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -28,6 +28,13 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define GROUP_PREFIX "UNIXGROUP/" +/* Alias memberships are stored reverse, as memberships. The performance + * critical operation is to determine the aliases a SID is member of, not + * listing alias members. So we store a list of alias SIDs a SID is member of + * hanging of the member as key. + */ +#define MEMBEROF_PREFIX "MEMBEROF/" + PRIVS privs[] = { {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, @@ -489,6 +496,284 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, return True; } +/* This operation happens on session setup, so it should better be fast. We + * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ + +static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) +{ + fstring key, string_sid; + TDB_DATA kbuf, dbuf; + const char *p; + + *num = 0; + *sids = NULL; + + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_ACCESS_DENIED; + } + + sid_to_string(string_sid, sid); + slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); + + kbuf.dsize = strlen(key)+1; + kbuf.dptr = key; + + dbuf = tdb_fetch(tdb, kbuf); + + if (dbuf.dptr == NULL) { + return NT_STATUS_OK; + } + + p = dbuf.dptr; + + while (next_token(&p, string_sid, " ", sizeof(string_sid))) { + + DOM_SID alias; + + if (!string_to_sid(&alias, string_sid)) + continue; + + add_sid_to_array(&alias, sids, num); + + if (sids == NULL) + return NT_STATUS_NO_MEMORY; + } + + SAFE_FREE(dbuf.dptr); + return NT_STATUS_OK; +} + +static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member) +{ + DOM_SID *sids; + int i, num; + + /* This feels the wrong way round, but the on-disk data structure + * dictates it this way. */ + if (!NT_STATUS_IS_OK(alias_memberships(member, &sids, &num))) + return False; + + for (i=0; ialias, &alias) != 0) + continue; + + /* Ok, we found the alias we're looking for in the membership + * list currently scanned. The key represents the alias + * member. Add that. */ + + member_string = strchr(key.dptr, '/'); + + /* Above we tested for MEMBEROF_PREFIX which includes the + * slash. */ + + SMB_ASSERT(member_string != NULL); + member_string += 1; + + if (!string_to_sid(&member, member_string)) + continue; + + add_sid_to_array(&member, closure->sids, closure->num); + } + + return 0; +} + +static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num) +{ + GROUP_MAP map; + struct aliasmem_closure closure; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (!get_group_map_from_sid(*alias, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + if ( (map.sid_name_use != SID_NAME_ALIAS) && + (map.sid_name_use != SID_NAME_WKN_GRP) ) + return NT_STATUS_NO_SUCH_ALIAS; + + *sids = NULL; + *num = 0; + + closure.alias = alias; + closure.sids = sids; + closure.num = num; + + tdb_traverse(tdb, collect_aliasmem, &closure); + return NT_STATUS_OK; +} + +static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) +{ + NTSTATUS result; + DOM_SID *sids; + int i, num; + BOOL found = False; + char *member_string; + TDB_DATA kbuf, dbuf; + pstring key; + fstring sid_string; + + result = alias_memberships(member, &sids, &num); + + if (!NT_STATUS_IS_OK(result)) + return result; + + for (i=0; isid_name_use != SID_NAME_ALIAS) + if ( ( (map->sid_name_use != SID_NAME_ALIAS) && + (map->sid_name_use != SID_NAME_WKN_GRP) ) || (map->gid == -1) || (getgrgid(map->gid) == NULL) ) { @@ -1029,6 +1315,178 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } +NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, + const char *name, DOM_SID *sid) +{ + GROUP_MAP map; + + if (!pdb_getgrnam(&map, name)) + return NT_STATUS_NO_SUCH_ALIAS; + + if ((map.sid_name_use != SID_NAME_WKN_GRP) && + (map.sid_name_use != SID_NAME_ALIAS)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + + sid_copy(sid, &map.sid); + return NT_STATUS_OK; +} + +NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, + const char *name, uint32 *rid) +{ + DOM_SID sid; + enum SID_NAME_USE type; + uint32 new_rid; + gid_t gid; + + GROUP_MAP map; + + if (lookup_name(get_global_sam_name(), name, &sid, &type)) + return NT_STATUS_ALIAS_EXISTS; + + if (!winbind_allocate_rid(&new_rid)) + return NT_STATUS_ACCESS_DENIED; + + sid_copy(&sid, get_global_sam_sid()); + sid_append_rid(&sid, new_rid); + + /* Here we allocate the gid */ + if (!winbind_sid_to_gid(&gid, &sid)) { + DEBUG(0, ("Could not get gid for new RID\n")); + return NT_STATUS_ACCESS_DENIED; + } + + map.gid = gid; + sid_copy(&map.sid, &sid); + map.sid_name_use = SID_NAME_ALIAS; + fstrcpy(map.nt_name, name); + fstrcpy(map.comment, ""); + + if (!pdb_add_group_mapping_entry(&map)) { + DEBUG(0, ("Could not add group mapping entry for alias %s\n", + name)); + return NT_STATUS_ACCESS_DENIED; + } + + *rid = new_rid; + + return NT_STATUS_OK; +} + +NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, + const DOM_SID *sid) +{ + return pdb_delete_group_mapping_entry(*sid) ? + NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; +} + +NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods, + const DOM_SID *sid, + uint32 start_idx, uint32 max_entries, + uint32 *num_aliases, + struct acct_info **info) +{ + extern DOM_SID global_sid_Builtin; + + GROUP_MAP *map; + int i, num_maps; + enum SID_NAME_USE type = SID_NAME_UNKNOWN; + + if (sid_compare(sid, get_global_sam_sid()) == 0) + type = SID_NAME_ALIAS; + + if (sid_compare(sid, &global_sid_Builtin) == 0) + type = SID_NAME_WKN_GRP; + + if (!pdb_enum_group_mapping(type, &map, &num_maps, False) || + (num_maps == 0)) { + *num_aliases = 0; + *info = NULL; + goto done; + } + + if (start_idx > num_maps) { + *num_aliases = 0; + *info = NULL; + goto done; + } + + *num_aliases = num_maps - start_idx; + + if (*num_aliases > max_entries) + *num_aliases = max_entries; + + *info = malloc(sizeof(struct acct_info) * (*num_aliases)); + + for (i=0; i<*num_aliases; i++) { + fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name); + fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment); + sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid); + } + + done: + SAFE_FREE(map); + return NT_STATUS_OK; +} + +NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, + const DOM_SID *sid, + struct acct_info *info) +{ + GROUP_MAP map; + + if (!pdb_getgrsid(&map, *sid)) + return NT_STATUS_NO_SUCH_ALIAS; + + fstrcpy(info->acct_name, map.nt_name); + fstrcpy(info->acct_desc, map.comment); + sid_peek_rid(&map.sid, &info->rid); + return NT_STATUS_OK; +} + +NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, + const DOM_SID *sid, + struct acct_info *info) +{ + GROUP_MAP map; + + if (!pdb_getgrsid(&map, *sid)) + return NT_STATUS_NO_SUCH_ALIAS; + + fstrcpy(map.comment, info->acct_desc); + + if (!pdb_update_group_mapping_entry(&map)) + return NT_STATUS_ACCESS_DENIED; + + return NT_STATUS_OK; +} + +NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, + const DOM_SID *alias, const DOM_SID *member) +{ + return add_aliasmem(alias, member); +} + +NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods, + const DOM_SID *alias, const DOM_SID *member) +{ + return del_aliasmem(alias, member); +} + +NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, + const DOM_SID *alias, DOM_SID **members, + int *num_members) +{ + return enum_aliasmem(alias, members, num_members); +} + +NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, + const DOM_SID *sid, + DOM_SID **aliases, int *num) +{ + return alias_memberships(sid, aliases, num); +} + /********************************************************************** no ops for passdb backends that don't implement group mapping *********************************************************************/ -- cgit From 823936d180765e6eac59ba906aaf08438c7b5f7e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 29 Sep 2004 15:26:38 +0000 Subject: r2753: Workaround for the (rather broken) _samr_query_useraliases rpc-call. _samr_query_useraliases shows up with all kind of very weird memberships (global-groups, machine-accounts, etc.). Sometimes even if there is no alias-membership at all. One of the biggest mistakes is to convert any unix-group the user is a member of, into an alias by default in get_group_from_gid. get_alias_user_groups should be rewritten to use pdb_enum_alias_memberships. Guenther (This used to be commit 73ab2d2a74d3992167d9304dd41f60ad0805dd67) --- source3/groupdb/mapping.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 548651dfd5..6725165c3c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -945,25 +945,12 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) if ( (grp=getgrgid(gid)) == NULL) return False; - /* - * make a group map from scratch if doesn't exist. - */ - become_root(); ret = pdb_getgrgid(map, gid); unbecome_root(); if ( !ret ) { - map->gid=gid; - map->sid_name_use=SID_NAME_ALIAS; - - /* interim solution until we have a last RID allocated */ - - sid_copy(&map->sid, get_global_sam_sid()); - sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); - - fstrcpy(map->nt_name, grp->gr_name); - fstrcpy(map->comment, "Local Unix Group"); + return False; } return True; -- cgit From 3d502114809854a49fab0ff6c14cb6a51a07ab85 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 8 Oct 2004 13:00:47 +0000 Subject: r2865: Add static and remove unused functions that only cload the blame-game in finding out who is causing the massive performance problems with large LDAP directories. Andrew Bartlett (This used to be commit f16ed2616a67c412bc9b78354a5faf673e64cf42) --- source3/groupdb/mapping.c | 122 ---------------------------------------------- 1 file changed, 122 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 6725165c3c..d189f447d0 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -957,128 +957,6 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) } - - -/**************************************************************************** - Get the member users of a group and - all the users who have that group as primary. - - give back an array of SIDS - return the grand number of users - - - TODO: sort the list and remove duplicate. JFM. - -****************************************************************************/ - -BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) -{ - struct group *grp; - int i=0; - char *gr; - DOM_SID *s; - - struct sys_pwent *userlist; - struct sys_pwent *user; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - *num_sids = 0; - *sids=NULL; - - if ( (grp=getgrgid(gid)) == NULL) - return False; - - gr = grp->gr_mem[0]; - DEBUG(10, ("getting members\n")); - - while (gr && (*gr != (char)'\0')) { - SAM_ACCOUNT *group_member_acct = NULL; - BOOL found_user; - s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); - if (!s) { - DEBUG(0,("get_uid_list_of_group: unable to enlarge SID list!\n")); - return False; - } - else (*sids) = s; - - if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { - continue; - } - - become_root(); - found_user = pdb_getsampwnam(group_member_acct, gr); - unbecome_root(); - - if (found_user) { - sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct)); - (*num_sids)++; - } - - pdb_free_sam(&group_member_acct); - - gr = grp->gr_mem[++i]; - } - DEBUG(10, ("got [%d] members\n", *num_sids)); - - winbind_off(); - - user = userlist = getpwent_list(); - - while (user != NULL) { - - SAM_ACCOUNT *group_member_acct = NULL; - BOOL found_user; - - if (user->pw_gid != gid) { - user = user->next; - continue; - } - - s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); - if (!s) { - DEBUG(0,("get_sid_list_of_group: unable to enlarge " - "SID list!\n")); - pwent_free(userlist); - winbind_on(); - return False; - } - else (*sids) = s; - - if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { - continue; - } - - become_root(); - found_user = pdb_getsampwnam(group_member_acct, user->pw_name); - unbecome_root(); - - if (found_user) { - sid_copy(&(*sids)[*num_sids], - pdb_get_user_sid(group_member_acct)); - (*num_sids)++; - } else { - DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] " - "has no samba account\n", - user->pw_name, (unsigned long)user->pw_uid)); - if (algorithmic_uid_to_sid(&(*sids)[*num_sids], - user->pw_uid)) - (*num_sids)++; - } - pdb_free_sam(&group_member_acct); - - user = user->next; - } - pwent_free(userlist); - DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids)); - - winbind_on(); - return True; -} - /**************************************************************************** Create a UNIX group on demand. ****************************************************************************/ -- cgit From 9c61daf667ca0ac939f4bd724d1c0f708983f82a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 5 Nov 2004 21:55:21 +0000 Subject: r3561: Since we have tdb_reopen_all() after all forks, the local_pid logic is not correct anymore. If we actually open the tdb before the fork, we end up opening the tdb twice. Jerry, jra, this also happens in the locking and printing subsystems. You might want to check it there (not that it actually happens right now, but this gave me some confusion lately...). Volker (This used to be commit 40cad9dcc14ddec0ce74bb9010d13bd82e4d10af) --- source3/groupdb/mapping.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index d189f447d0..50064415f9 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -135,11 +135,10 @@ static BOOL default_group_mapping(void) static BOOL init_group_mapping(void) { - static pid_t local_pid; const char *vstring = "INFO/version"; int32 vers_id; - if (tdb && local_pid == sys_getpid()) + if (tdb) return True; tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { @@ -147,8 +146,6 @@ static BOOL init_group_mapping(void) return False; } - local_pid = sys_getpid(); - /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring, 0); -- cgit From 154d5f913b4ce60f731227eb1bb3650c45fcde93 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 5 Nov 2004 23:34:00 +0000 Subject: r3566: Completely replace the queryuseraliases call. The previous implementation does not exactly match what you would expect. XP workstations during login actually do this, so we should better become a bit more correct. The LDAP query issued is not really fully optimal, but it is a lot faster and more correct than what was there before. The change in passdb.h makes it possible that queryuseraliases is done with a single ldap query. Volker (This used to be commit 2508d4ed1e16c268fc9f3676b0c6a122e070f93d) --- source3/groupdb/mapping.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 50064415f9..072304ed18 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -496,21 +496,19 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, /* This operation happens on session setup, so it should better be fast. We * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ -static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) +static NTSTATUS one_alias_membership(const DOM_SID *member, + DOM_SID **sids, int *num) { fstring key, string_sid; TDB_DATA kbuf, dbuf; const char *p; - *num = 0; - *sids = NULL; - if (!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } - sid_to_string(string_sid, sid); + sid_to_string(string_sid, member); slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); kbuf.dsize = strlen(key)+1; @@ -531,7 +529,7 @@ static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) if (!string_to_sid(&alias, string_sid)) continue; - add_sid_to_array(&alias, sids, num); + add_sid_to_array_unique(&alias, sids, num); if (sids == NULL) return NT_STATUS_NO_MEMORY; @@ -541,6 +539,22 @@ static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) return NT_STATUS_OK; } +static NTSTATUS alias_memberships(const DOM_SID *members, int num_members, + DOM_SID **sids, int *num) +{ + int i; + + *num = 0; + *sids = NULL; + + for (i=0; i Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/groupdb/mapping.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 072304ed18..7095997dc8 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -469,7 +469,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, decode_sid_name_use(group_type, map.sid_name_use); DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type)); - mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); + mapt= SMB_REALLOC_ARRAY((*rmap), GROUP_MAP, entries+1); if (!mapt) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); SAFE_FREE(*rmap); @@ -613,7 +613,7 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr), string_sid); } else { - new_memberstring = strdup(string_sid); + new_memberstring = SMB_STRDUP(string_sid); } if (new_memberstring == NULL) @@ -753,7 +753,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) return tdb_delete(tdb, kbuf) == 0 ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - member_string = strdup(""); + member_string = SMB_STRDUP(""); if (member_string == NULL) { SAFE_FREE(sids); @@ -1292,7 +1292,7 @@ NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods, if (*num_aliases > max_entries) *num_aliases = max_entries; - *info = malloc(sizeof(struct acct_info) * (*num_aliases)); + *info = SMB_MALLOC_ARRAY(struct acct_info, *num_aliases); for (i=0; i<*num_aliases; i++) { fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name); -- cgit From d94d87472ca2f3875caa146424caa178ce20274f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 13 Jan 2005 18:20:37 +0000 Subject: r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c) --- source3/groupdb/mapping.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7095997dc8..e574a7cf20 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. + * Copyright (C) Jean François Micouleau 1998-2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,17 +35,6 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" -PRIVS privs[] = { - {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ - {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, - {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" }, - {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" }, - {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" }, - {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, - {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } -}; - - /**************************************************************************** dump the mapping group mapping to a text file ****************************************************************************/ -- cgit From 5f54cc9bd3fa76e62926de0670f832f7b0e3739d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Feb 2005 18:20:06 +0000 Subject: r5264: Log with loglevel 0 when account-administration scripts fail. Guenther (This used to be commit 3d391ef149639750db376b05528a27422f8a3321) --- source3/groupdb/mapping.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index e574a7cf20..1c29cc77c4 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -975,7 +975,7 @@ int smb_create_group(char *unix_group, gid_t *new_gid) pstrcpy(add_script, lp_addgroup_script()); pstring_sub(add_script, "%g", unix_group); ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL); - DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); + DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); if (ret != 0) return ret; @@ -1022,7 +1022,7 @@ int smb_delete_group(char *unix_group) pstrcpy(del_script, lp_delgroup_script()); pstring_sub(del_script, "%g", unix_group); ret = smbrun(del_script,NULL); - DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); + DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } @@ -1050,7 +1050,7 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) all_string_sub(add_script, "%g", unix_group, sizeof(add_script)); all_string_sub(add_script, "%u", unix_user, sizeof(add_script)); ret = smbrun(add_script,NULL); - DEBUG(3,("smb_set_primary_group: " + DEBUG(ret ? 0 : 3,("smb_set_primary_group: " "Running the command `%s' gave %d\n",add_script,ret)); return ret; } @@ -1082,7 +1082,7 @@ int smb_add_user_group(char *unix_group, char *unix_user) pstring_sub(add_script, "%g", unix_group); pstring_sub(add_script, "%u", unix_user); ret = smbrun(add_script,NULL); - DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); + DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); return ret; } @@ -1113,7 +1113,7 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) pstring_sub(del_script, "%g", unix_group); pstring_sub(del_script, "%u", unix_user); ret = smbrun(del_script,NULL); - DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); + DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } -- cgit From 140752fd35bd5701b3078abf695f811d933fe893 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 3 Mar 2005 16:52:44 +0000 Subject: r5647: Caches are good for performance, but you get a consistency problem. Fix bug # 2401. Volker (This used to be commit eb4ef94f244d28fe531d0b9f724a66ed3834b687) --- source3/groupdb/mapping.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 1c29cc77c4..5613240a12 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1050,6 +1050,7 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) all_string_sub(add_script, "%g", unix_group, sizeof(add_script)); all_string_sub(add_script, "%u", unix_user, sizeof(add_script)); ret = smbrun(add_script,NULL); + flush_pwnam_cache(); DEBUG(ret ? 0 : 3,("smb_set_primary_group: " "Running the command `%s' gave %d\n",add_script,ret)); return ret; @@ -1060,6 +1061,7 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) if ( winbind_set_user_primary_group( unix_user, unix_group ) ) { DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n", unix_group, unix_user)); + flush_pwnam_cache(); return 0; } -- cgit From e84ead0cfdc5e45a577387cc54dceb4c3f32948a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 27 Mar 2005 16:33:04 +0000 Subject: r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f) --- source3/groupdb/mapping.c | 41 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5613240a12..83ba575759 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -518,7 +518,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member, if (!string_to_sid(&alias, string_sid)) continue; - add_sid_to_array_unique(&alias, sids, num); + add_sid_to_array_unique(NULL, &alias, sids, num); if (sids == NULL) return NT_STATUS_NO_MEMORY; @@ -665,7 +665,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, if (!string_to_sid(&member, member_string)) continue; - add_sid_to_array(&member, closure->sids, closure->num); + add_sid_to_array(NULL, &member, closure->sids, closure->num); } return 0; @@ -1348,11 +1348,42 @@ NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, } NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, - const DOM_SID *members, + TALLOC_CTX *mem_ctx, + const DOM_SID *domain_sid, + const DOM_SID const *members, int num_members, - DOM_SID **aliases, int *num) + uint32 **alias_rids, + int *num_alias_rids) { - return alias_memberships(members, num_members, aliases, num); + DOM_SID *alias_sids; + int i, num_alias_sids; + NTSTATUS result; + + alias_sids = NULL; + num_alias_sids = 0; + + result = alias_memberships(members, num_members, + &alias_sids, &num_alias_sids); + + if (!NT_STATUS_IS_OK(result)) + return result; + + *alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids); + if ((alias_sids != 0) && (*alias_rids == NULL)) + return NT_STATUS_NO_MEMORY; + + *num_alias_rids = 0; + + for (i=0; i Date: Mon, 28 Mar 2005 03:27:44 +0000 Subject: r6092: This much const causes the compiler on Fedora Core 2 to throw up. Jeremy. (This used to be commit 051f0ed8075a3616484888ab22d68ca11aa1dd36) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 83ba575759..244cbd8fe7 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1350,7 +1350,7 @@ NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, - const DOM_SID const *members, + const DOM_SID *members, int num_members, uint32 **alias_rids, int *num_alias_rids) -- cgit From 978ca8486031e43754a3c23757f361bf3a85f335 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Wed, 6 Apr 2005 16:28:04 +0000 Subject: r6225: get rid of warnings from my compiler about nested externs (This used to be commit efea76ac71412f8622cd233912309e91b9ea52da) --- source3/groupdb/mapping.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 244cbd8fe7..d02c512054 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -21,6 +21,8 @@ #include "includes.h" +extern DOM_SID global_sid_Builtin; + static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ @@ -1253,8 +1255,6 @@ NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods, uint32 *num_aliases, struct acct_info **info) { - extern DOM_SID global_sid_Builtin; - GROUP_MAP *map; int i, num_maps; enum SID_NAME_USE type = SID_NAME_UNKNOWN; -- cgit From 83e11ba86c2401ece3c845fd10c22b84e6be7811 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 9 Apr 2005 11:46:40 +0000 Subject: r6263: Get rid of generate_wellknown_sids, they are const static and initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9) --- source3/groupdb/mapping.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index d02c512054..6e9d9b8e6c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -21,8 +21,6 @@ #include "includes.h" -extern DOM_SID global_sid_Builtin; - static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ -- cgit From d3d6126d94d55a69c45b2f7a63a7fa9b561baf48 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 15 Apr 2005 13:41:49 +0000 Subject: r6351: This is quite a large and intrusive patch, but there are not many pieces that can be taken out of it, so I decided to commit this in one lump. It changes the passdb enumerating functions to use ldap paged results where possible. In particular the samr calls querydispinfo, enumdomusers and friends have undergone significant internal changes. I have tested this extensively with rpcclient and a bit with usrmgr.exe. More tests and the merge to trunk will follow later. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The code is based on a first implementation by Günther Deschner, but has evolved quite a bit since then. Volker (This used to be commit f0bb44ac58e190e19eb4e92928979b0446e611c9) --- source3/groupdb/mapping.c | 47 ----------------------------------------------- 1 file changed, 47 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 6e9d9b8e6c..459c66bdf7 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1247,53 +1247,6 @@ NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; } -NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - GROUP_MAP *map; - int i, num_maps; - enum SID_NAME_USE type = SID_NAME_UNKNOWN; - - if (sid_compare(sid, get_global_sam_sid()) == 0) - type = SID_NAME_ALIAS; - - if (sid_compare(sid, &global_sid_Builtin) == 0) - type = SID_NAME_WKN_GRP; - - if (!pdb_enum_group_mapping(type, &map, &num_maps, False) || - (num_maps == 0)) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - if (start_idx > num_maps) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - *num_aliases = num_maps - start_idx; - - if (*num_aliases > max_entries) - *num_aliases = max_entries; - - *info = SMB_MALLOC_ARRAY(struct acct_info, *num_aliases); - - for (i=0; i<*num_aliases; i++) { - fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name); - fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment); - sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid); - } - - done: - SAFE_FREE(map); - return NT_STATUS_OK; -} - NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, const DOM_SID *sid, struct acct_info *info) -- cgit From 70490aae0ca36608e4b230a03faa4d8aba36d91d Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Fri, 13 May 2005 07:46:29 +0000 Subject: r6769: Fix bugzilla #2538 and #2527. Unused variables found by Jason Mader. (This used to be commit 68b1c1f533e5c91634f5da21659c8e5793cb77f7) --- source3/groupdb/mapping.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 459c66bdf7..7c032ef93d 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -896,7 +896,6 @@ BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map) BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map) { - struct group *grp; BOOL ret; @@ -920,7 +919,7 @@ BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map) return False; } - if ( (grp=getgrgid(map->gid)) == NULL) { + if ( getgrgid(map->gid) == NULL) { return False; } @@ -934,7 +933,6 @@ Returns a GROUP_MAP struct based on the gid. ****************************************************************************/ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) { - struct group *grp; BOOL ret; if(!init_group_mapping()) { @@ -942,7 +940,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) return(False); } - if ( (grp=getgrgid(gid)) == NULL) + if ( getgrgid(gid) == NULL) return False; become_root(); -- cgit From 450e8d5749504f8392c0cfe8b79218f03b88076a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 31 May 2005 02:23:47 +0000 Subject: r7130: remove 'winbind enable local accounts' code from the 3.0 tree (This used to be commit 318c3db4cb1c85be40b2f812f781bcf5f1da5c19) --- source3/groupdb/mapping.c | 38 +------------------------------------- 1 file changed, 1 insertion(+), 37 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7c032ef93d..a30e8eed78 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -988,12 +988,7 @@ int smb_create_group(char *unix_group, gid_t *new_gid) close(fd); } - } else if ( winbind_create_group( unix_group, NULL ) ) { - - DEBUG(3,("smb_create_group: winbindd created the group (%s)\n", - unix_group)); - ret = 0; - } + } if (*new_gid == 0) { struct group *grp = getgrnam(unix_group); @@ -1024,12 +1019,6 @@ int smb_delete_group(char *unix_group) return ret; } - if ( winbind_delete_group( unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd deleted the group (%s)\n", - unix_group)); - return 0; - } - return -1; } @@ -1054,15 +1043,6 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) return ret; } - /* Try winbindd */ - - if ( winbind_set_user_primary_group( unix_user, unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd set the group (%s) as the primary group for user (%s)\n", - unix_group, unix_user)); - flush_pwnam_cache(); - return 0; - } - return -1; } @@ -1086,14 +1066,6 @@ int smb_add_user_group(char *unix_group, char *unix_user) return ret; } - /* Try winbindd */ - - if ( winbind_add_user_to_group( unix_user, unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd added user (%s) to the group (%s)\n", - unix_user, unix_group)); - return -1; - } - return -1; } @@ -1117,14 +1089,6 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) return ret; } - /* Try winbindd */ - - if ( winbind_remove_user_from_group( unix_user, unix_group ) ) { - DEBUG(3,("smb_delete_group: winbindd removed user (%s) from the group (%s)\n", - unix_user, unix_group)); - return 0; - } - return -1; } -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/groupdb/mapping.c | 60 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 16 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index a30e8eed78..3ca074581c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. + * Copyright (C) Jean François Micouleau 1998-2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -365,7 +365,7 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) Remove a group mapping entry. ****************************************************************************/ -static BOOL group_map_remove(DOM_SID sid) +static BOOL group_map_remove(const DOM_SID *sid) { TDB_DATA kbuf, dbuf; pstring key; @@ -378,7 +378,7 @@ static BOOL group_map_remove(DOM_SID sid) /* the key is the SID, retrieving is direct */ - sid_to_string(string_sid, &sid); + sid_to_string(string_sid, sid); slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dptr = key; @@ -954,7 +954,6 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) return True; } - /**************************************************************************** Create a UNIX group on demand. ****************************************************************************/ @@ -988,8 +987,8 @@ int smb_create_group(char *unix_group, gid_t *new_gid) close(fd); } - } - + } + if (*new_gid == 0) { struct group *grp = getgrnam(unix_group); @@ -1018,7 +1017,7 @@ int smb_delete_group(char *unix_group) DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); return ret; } - + return -1; } @@ -1131,7 +1130,7 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, DOM_SID sid) { - return group_map_remove(sid) ? + return group_map_remove(&sid) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -1173,18 +1172,12 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, if (lookup_name(get_global_sam_name(), name, &sid, &type)) return NT_STATUS_ALIAS_EXISTS; - if (!winbind_allocate_rid(&new_rid)) + if (!winbind_allocate_rid_and_gid(&new_rid, &gid)) return NT_STATUS_ACCESS_DENIED; sid_copy(&sid, get_global_sam_sid()); sid_append_rid(&sid, new_rid); - /* Here we allocate the gid */ - if (!winbind_sid_to_gid(&gid, &sid)) { - DEBUG(0, ("Could not get gid for new RID\n")); - return NT_STATUS_ACCESS_DENIED; - } - map.gid = gid; sid_copy(&map.sid, &sid); map.sid_name_use = SID_NAME_ALIAS; @@ -1282,7 +1275,7 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, return result; *alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids); - if ((alias_sids != 0) && (*alias_rids == NULL)) + if (*alias_rids == NULL) return NT_STATUS_NO_MEMORY; *num_alias_rids = 0; @@ -1347,3 +1340,38 @@ NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_UNSUCCESSFUL; } +/**************************************************************************** + These need to be redirected through pdb_interface.c +****************************************************************************/ +BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) +{ + GROUP_MAP map; + BOOL res; + + become_root(); + res = get_domain_group_from_sid(*sid, &map); + unbecome_root(); + + if (!res) + return False; + + fstrcpy(info->acct_name, map.nt_name); + fstrcpy(info->acct_desc, map.comment); + sid_peek_rid(sid, &info->rid); + return True; +} + +BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) +{ + GROUP_MAP map; + + if (!get_domain_group_from_sid(*sid, &map)) + return False; + + fstrcpy(map.nt_name, info->acct_name); + fstrcpy(map.comment, info->acct_desc); + + return pdb_update_group_mapping_entry(&map); +} + + -- cgit From 8d7c88667190fe286971ac4fffb64ee5bd9eeeb0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Oct 2005 03:24:00 +0000 Subject: r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208) --- source3/groupdb/mapping.c | 64 +++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 32 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 3ca074581c..1e8586786c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -400,8 +400,8 @@ static BOOL group_map_remove(const DOM_SID *sid) Enumerate the group mapping. ****************************************************************************/ -static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, - int *num_entries, BOOL unix_only) +static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -409,15 +409,15 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, GROUP_MAP map; GROUP_MAP *mapt; int ret; - int entries=0; + size_t entries=0; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } - *num_entries=0; - *rmap=NULL; + *p_num_entries=0; + *pp_rmap=NULL; for (kbuf = tdb_firstkey(tdb); kbuf.dptr; @@ -458,14 +458,14 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, decode_sid_name_use(group_type, map.sid_name_use); DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type)); - mapt= SMB_REALLOC_ARRAY((*rmap), GROUP_MAP, entries+1); + mapt= SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); if (!mapt) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); - SAFE_FREE(*rmap); + SAFE_FREE(*pp_rmap); return False; } else - (*rmap) = mapt; + (*pp_rmap) = mapt; mapt[entries].gid = map.gid; sid_copy( &mapt[entries].sid, &map.sid); @@ -477,7 +477,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, } - *num_entries=entries; + *p_num_entries=entries; return True; } @@ -486,7 +486,7 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ static NTSTATUS one_alias_membership(const DOM_SID *member, - DOM_SID **sids, int *num) + DOM_SID **sids, size_t *num) { fstring key, string_sid; TDB_DATA kbuf, dbuf; @@ -528,10 +528,10 @@ static NTSTATUS one_alias_membership(const DOM_SID *member, return NT_STATUS_OK; } -static NTSTATUS alias_memberships(const DOM_SID *members, int num_members, - DOM_SID **sids, int *num) +static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members, + DOM_SID **sids, size_t *num) { - int i; + size_t i; *num = 0; *sids = NULL; @@ -547,7 +547,7 @@ static NTSTATUS alias_memberships(const DOM_SID *members, int num_members, static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member) { DOM_SID *sids; - int i, num; + size_t i, num; /* This feels the wrong way round, but the on-disk data structure * dictates it this way. */ @@ -622,7 +622,7 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) struct aliasmem_closure { const DOM_SID *alias; DOM_SID **sids; - int *num; + size_t *num; }; static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, @@ -671,7 +671,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, return 0; } -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num) +static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) { GROUP_MAP map; struct aliasmem_closure closure; @@ -703,7 +703,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) { NTSTATUS result; DOM_SID *sids; - int i, num; + size_t i, num; BOOL found = False; char *member_string; TDB_DATA kbuf, dbuf; @@ -1136,10 +1136,10 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, enum SID_NAME_USE sid_name_use, - GROUP_MAP **rmap, int *num_entries, + GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { - return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only) ? + return enum_group_mapping(sid_name_use, pp_rmap, p_num_entries, unix_only) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -1247,22 +1247,22 @@ NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods, } NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members) + const DOM_SID *alias, DOM_SID **pp_members, + size_t *p_num_members) { - return enum_aliasmem(alias, members, num_members); + return enum_aliasmem(alias, pp_members, p_num_members); } NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, const DOM_SID *members, - int num_members, - uint32 **alias_rids, - int *num_alias_rids) + size_t num_members, + uint32 **pp_alias_rids, + size_t *p_num_alias_rids) { DOM_SID *alias_sids; - int i, num_alias_sids; + size_t i, num_alias_sids; NTSTATUS result; alias_sids = NULL; @@ -1274,17 +1274,17 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, if (!NT_STATUS_IS_OK(result)) return result; - *alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids); - if (*alias_rids == NULL) + *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids); + if (*pp_alias_rids == NULL) return NT_STATUS_NO_MEMORY; - *num_alias_rids = 0; + *p_num_alias_rids = 0; for (i=0; i Date: Sat, 3 Dec 2005 18:34:13 +0000 Subject: r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7) --- source3/groupdb/mapping.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 1e8586786c..14040e4f52 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1166,11 +1166,22 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, enum SID_NAME_USE type; uint32 new_rid; gid_t gid; - + BOOL exists; GROUP_MAP map; - if (lookup_name(get_global_sam_name(), name, &sid, &type)) + TALLOC_CTX *mem_ctx = talloc_new(NULL); + + if (mem_ctx == NULL) { + return NT_STATUS_NO_MEMORY; + } + + exists = lookup_name(mem_ctx, name, LOOKUP_NAME_ISOLATED, + NULL, NULL, &sid, &type); + talloc_free(mem_ctx); + + if (exists) { return NT_STATUS_ALIAS_EXISTS; + } if (!winbind_allocate_rid_and_gid(&new_rid, &gid)) return NT_STATUS_ACCESS_DENIED; -- cgit From 4d03fc55df2a3253f5b5b3086264439b6a174340 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 Dec 2005 16:55:28 +0000 Subject: r12182: Cosmetic cleanup (This used to be commit 81c358b511457fbc6304845acb4bfbf1b4adf062) --- source3/groupdb/mapping.c | 60 ++++++++++++++++++++--------------------------- 1 file changed, 25 insertions(+), 35 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 14040e4f52..9e547aa69c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -35,43 +35,34 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" +static struct sid_name_mapping { + enum SID_NAME_USE type; + const char *name; +} sid_name_use_strings[] = { + { SID_NAME_USE_NONE, "Not initialized" }, + { SID_NAME_USER, "User" }, + { SID_NAME_DOM_GRP, "Domain group" }, + { SID_NAME_DOMAIN, "Domain" }, + { SID_NAME_ALIAS, "Local group" }, + { SID_NAME_WKN_GRP, "Builtin group" }, + { SID_NAME_DELETED, "Deleted" }, + { SID_NAME_INVALID, "Invalid" }, + { 0, NULL } +}; + /**************************************************************************** dump the mapping group mapping to a text file ****************************************************************************/ -char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use) -{ - static fstring group_type; +const char *decode_sid_name_use(enum SID_NAME_USE name_use) +{ + struct sid_name_mapping *m; - switch(name_use) { - case SID_NAME_USER: - fstrcpy(group_type,"User"); - break; - case SID_NAME_DOM_GRP: - fstrcpy(group_type,"Domain group"); - break; - case SID_NAME_DOMAIN: - fstrcpy(group_type,"Domain"); - break; - case SID_NAME_ALIAS: - fstrcpy(group_type,"Local group"); - break; - case SID_NAME_WKN_GRP: - fstrcpy(group_type,"Builtin group"); - break; - case SID_NAME_DELETED: - fstrcpy(group_type,"Deleted"); - break; - case SID_NAME_INVALID: - fstrcpy(group_type,"Invalid"); - break; - case SID_NAME_UNKNOWN: - default: - fstrcpy(group_type,"Unknown type"); - break; + for (m = sid_name_use_strings; m->name != NULL; m++) { + if (m->type == name_use) + return m->name; } - - fstrcpy(group, group_type); - return group_type; + + return "Unknown type"; } /**************************************************************************** @@ -405,7 +396,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; - fstring group_type; GROUP_MAP map; GROUP_MAP *mapt; int ret; @@ -455,8 +445,8 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm string_to_sid(&map.sid, string_sid); - decode_sid_name_use(group_type, map.sid_name_use); - DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type)); + DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", + map.nt_name, decode_sid_name_use(map.sid_name_use))); mapt= SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); if (!mapt) { -- cgit From db6eea0fb4fe1665120306689ace3fa2f8b9dea7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 11 Dec 2005 21:59:58 +0000 Subject: r12185: Cosmetic cleanup (This used to be commit d1e8f9afffecf986a428bfac29b22dcbce610016) --- source3/groupdb/mapping.c | 35 +++-------------------------------- 1 file changed, 3 insertions(+), 32 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 9e547aa69c..97a3d6ab0e 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -35,36 +35,6 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" -static struct sid_name_mapping { - enum SID_NAME_USE type; - const char *name; -} sid_name_use_strings[] = { - { SID_NAME_USE_NONE, "Not initialized" }, - { SID_NAME_USER, "User" }, - { SID_NAME_DOM_GRP, "Domain group" }, - { SID_NAME_DOMAIN, "Domain" }, - { SID_NAME_ALIAS, "Local group" }, - { SID_NAME_WKN_GRP, "Builtin group" }, - { SID_NAME_DELETED, "Deleted" }, - { SID_NAME_INVALID, "Invalid" }, - { 0, NULL } -}; - -/**************************************************************************** -dump the mapping group mapping to a text file -****************************************************************************/ -const char *decode_sid_name_use(enum SID_NAME_USE name_use) -{ - struct sid_name_mapping *m; - - for (m = sid_name_use_strings; m->name != NULL; m++) { - if (m->type == name_use) - return m->name; - } - - return "Unknown type"; -} - /**************************************************************************** initialise first time the mapping list - called from init_group_mapping() ****************************************************************************/ @@ -445,8 +415,9 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm string_to_sid(&map.sid, string_sid); - DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", - map.nt_name, decode_sid_name_use(map.sid_name_use))); + DEBUG(11,("enum_group_mapping: returning group %s of " + "type %s\n", map.nt_name, + sid_type_lookup(map.sid_name_use))); mapt= SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); if (!mapt) { -- cgit From 88d3b0814794bd0beeccef38734f98124fffa761 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 22 Dec 2005 20:57:47 +0000 Subject: r12438: Remove an unused function (This used to be commit 561e351d25b58fda4b050525aa03d18e4d88cc6c) --- source3/groupdb/mapping.c | 28 ---------------------------- 1 file changed, 28 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 97a3d6ab0e..7dc0426c44 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -887,34 +887,6 @@ BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map) return True; } - - -/**************************************************************************** -Returns a GROUP_MAP struct based on the gid. -****************************************************************************/ -BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) -{ - BOOL ret; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - if ( getgrgid(gid) == NULL) - return False; - - become_root(); - ret = pdb_getgrgid(map, gid); - unbecome_root(); - - if ( !ret ) { - return False; - } - - return True; -} - /**************************************************************************** Create a UNIX group on demand. ****************************************************************************/ -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/groupdb/mapping.c | 195 +++++++++++++++++++++------------------------- 1 file changed, 90 insertions(+), 105 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 7dc0426c44..2790d47587 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -176,7 +176,65 @@ BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_us fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); - return pdb_add_group_mapping_entry(&map); + return NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map)); +} + +/**************************************************************************** + Map a unix group to a newly created mapping +****************************************************************************/ +NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) +{ + NTSTATUS status; + GROUP_MAP map; + const char *grpname, *dom, *name; + uint32 rid; + + if (pdb_getgrgid(&map, grp->gr_gid)) { + return NT_STATUS_GROUP_EXISTS; + } + + map.gid = grp->gr_gid; + grpname = grp->gr_name; + + if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + &dom, &name, NULL, NULL)) { + + const char *tmp = talloc_asprintf( + tmp_talloc_ctx(), "Unix Group %s", grp->gr_name); + + DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n", + grpname, dom, name, tmp)); + grpname = tmp; + } + + if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + NULL, NULL, NULL, NULL)) { + DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name)); + return NT_STATUS_GROUP_EXISTS; + } + + fstrcpy(map.nt_name, grpname); + + if (pdb_rid_algorithm()) { + rid = pdb_gid_to_group_rid( grp->gr_gid ); + } else { + if (!pdb_new_rid(&rid)) { + DEBUG(3, ("Could not get a new RID for %s\n", + grp->gr_name)); + return NT_STATUS_ACCESS_DENIED; + } + } + + sid_compose(&map.sid, get_global_sam_sid(), rid); + map.sid_name_use = SID_NAME_DOM_GRP; + fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s", + grp->gr_name)); + + status = pdb_add_group_mapping_entry(&map); + if (NT_STATUS_IS_OK(status)) { + *pmap = map; + } + return status; } /**************************************************************************** @@ -794,99 +852,6 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) return True; } - -/* get a local (alias) group from it's SID */ - -BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map) -{ - BOOL ret; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - /* The group is in the mapping table */ - become_root(); - ret = pdb_getgrsid(map, *sid); - unbecome_root(); - - if ( !ret ) - return False; - - if ( ( (map->sid_name_use != SID_NAME_ALIAS) && - (map->sid_name_use != SID_NAME_WKN_GRP) ) - || (map->gid == -1) - || (getgrgid(map->gid) == NULL) ) - { - return False; - } - -#if 1 /* JERRY */ - /* local groups only exist in the group mapping DB so this - is not necessary */ - - else { - /* the group isn't in the mapping table. - * make one based on the unix information */ - uint32 alias_rid; - struct group *grp; - - sid_peek_rid(sid, &alias_rid); - map->gid=pdb_group_rid_to_gid(alias_rid); - - grp = getgrgid(map->gid); - if ( !grp ) { - DEBUG(3,("get_local_group_from_sid: No unix group for [%ul]\n", map->gid)); - return False; - } - - map->sid_name_use=SID_NAME_ALIAS; - - fstrcpy(map->nt_name, grp->gr_name); - fstrcpy(map->comment, "Local Unix Group"); - - sid_copy(&map->sid, sid); - } -#endif - - return True; -} - -/* get a builtin group from it's SID */ - -BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map) -{ - BOOL ret; - - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - become_root(); - ret = pdb_getgrsid(map, *sid); - unbecome_root(); - - if ( !ret ) - return False; - - if (map->sid_name_use!=SID_NAME_WKN_GRP) { - return False; - } - - if (map->gid==-1) { - return False; - } - - if ( getgrgid(map->gid) == NULL) { - return False; - } - - return True; -} - /**************************************************************************** Create a UNIX group on demand. ****************************************************************************/ @@ -1101,9 +1066,12 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, gid_t gid; BOOL exists; GROUP_MAP map; + TALLOC_CTX *mem_ctx; + NTSTATUS status; - TALLOC_CTX *mem_ctx = talloc_new(NULL); + DEBUG(10, ("Trying to create alias %s\n", name)); + mem_ctx = talloc_new(NULL); if (mem_ctx == NULL) { return NT_STATUS_NO_MEMORY; } @@ -1116,8 +1084,18 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, return NT_STATUS_ALIAS_EXISTS; } - if (!winbind_allocate_rid_and_gid(&new_rid, &gid)) + if (!winbind_allocate_gid(&gid)) { + DEBUG(3, ("Could not get a gid out of winbind\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (!pdb_new_rid(&new_rid)) { + DEBUG(0, ("Could not allocate a RID -- wasted a gid :-(\n")); return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(10, ("Creating alias %s with gid %d and rid %d\n", + name, gid, new_rid)); sid_copy(&sid, get_global_sam_sid()); sid_append_rid(&sid, new_rid); @@ -1128,10 +1106,12 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, fstrcpy(map.nt_name, name); fstrcpy(map.comment, ""); - if (!pdb_add_group_mapping_entry(&map)) { - DEBUG(0, ("Could not add group mapping entry for alias %s\n", - name)); - return NT_STATUS_ACCESS_DENIED; + status = pdb_add_group_mapping_entry(&map); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("Could not add group mapping entry for alias %s " + "(%s)\n", name, nt_errstr(status))); + return status; } *rid = new_rid; @@ -1155,6 +1135,14 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; + if ((map.sid_name_use != SID_NAME_ALIAS) && + (map.sid_name_use != SID_NAME_WKN_GRP)) { + DEBUG(2, ("%s is a %s, expected an alias\n", + sid_string_static(sid), + sid_type_lookup(map.sid_name_use))); + return NT_STATUS_NO_SUCH_ALIAS; + } + fstrcpy(info->acct_name, map.nt_name); fstrcpy(info->acct_desc, map.comment); sid_peek_rid(&map.sid, &info->rid); @@ -1172,10 +1160,7 @@ NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, fstrcpy(map.comment, info->acct_desc); - if (!pdb_update_group_mapping_entry(&map)) - return NT_STATUS_ACCESS_DENIED; - - return NT_STATUS_OK; + return pdb_update_group_mapping_entry(&map); } NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, @@ -1315,7 +1300,7 @@ BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) fstrcpy(map.nt_name, info->acct_name); fstrcpy(map.comment, info->acct_desc); - return pdb_update_group_mapping_entry(&map); + return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)); } -- cgit From 301d51e13a1aa4e633e2da161b0dd260a8a499cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 13 Feb 2006 17:08:25 +0000 Subject: r13494: Merge the stuff I've done in head the last days. Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899) --- source3/groupdb/mapping.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 2790d47587..07116f41fb 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -157,26 +157,26 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) /**************************************************************************** initialise first time the mapping list ****************************************************************************/ -BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) +NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) { GROUP_MAP map; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return(False); + return NT_STATUS_UNSUCCESSFUL; } map.gid=gid; if (!string_to_sid(&map.sid, sid)) { DEBUG(0, ("string_to_sid failed: %s", sid)); - return False; + return NT_STATUS_UNSUCCESSFUL; } map.sid_name_use=sid_name_use; fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); - return NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map)); + return pdb_add_group_mapping_entry(&map); } /**************************************************************************** @@ -856,7 +856,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) Create a UNIX group on demand. ****************************************************************************/ -int smb_create_group(char *unix_group, gid_t *new_gid) +int smb_create_group(const char *unix_group, gid_t *new_gid) { pstring add_script; int ret = -1; @@ -901,7 +901,7 @@ int smb_create_group(char *unix_group, gid_t *new_gid) Delete a UNIX group on demand. ****************************************************************************/ -int smb_delete_group(char *unix_group) +int smb_delete_group(const char *unix_group) { pstring del_script; int ret; @@ -947,7 +947,7 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) Add a user to a UNIX group. ****************************************************************************/ -int smb_add_user_group(char *unix_group, char *unix_user) +int smb_add_user_group(const char *unix_group, const char *unix_user) { pstring add_script; int ret; @@ -1122,8 +1122,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, const DOM_SID *sid) { - return pdb_delete_group_mapping_entry(*sid) ? - NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; + return pdb_delete_group_mapping_entry(*sid); } NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, -- cgit From fb5362c069b5b6548478b2217a0519c56d856705 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Feb 2006 17:59:58 +0000 Subject: r13571: Replace all calls to talloc_free() with thye TALLOC_FREE() macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 07116f41fb..4aa1c627b7 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1078,7 +1078,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, exists = lookup_name(mem_ctx, name, LOOKUP_NAME_ISOLATED, NULL, NULL, &sid, &type); - talloc_free(mem_ctx); + TALLOC_FREE(mem_ctx); if (exists) { return NT_STATUS_ALIAS_EXISTS; -- cgit From 894358a8f3e338b339b6c37233edef794b312087 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Mar 2006 06:31:04 +0000 Subject: r13915: Fixed a very interesting class of realloc() bugs found by Coverity. realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0) --- source3/groupdb/mapping.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 4aa1c627b7..5ebc9eb4f5 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -477,14 +477,13 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm "type %s\n", map.nt_name, sid_type_lookup(map.sid_name_use))); - mapt= SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); - if (!mapt) { + (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); + if (!(*pp_rmap)) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); - SAFE_FREE(*pp_rmap); return False; } - else - (*pp_rmap) = mapt; + + mapt = (*pp_rmap); mapt[entries].gid = map.gid; sid_copy( &mapt[entries].sid, &map.sid); -- cgit From fde330498171c6215a78a72df8be0a20b51cdb32 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 7 Mar 2006 16:28:05 +0000 Subject: r13955: Fix Coverity ID 139. Not a bug in the strictest sense, more a clarification. This whole routine assumes new_gid != NULL anyway, so there's no point in checking. Volker (This used to be commit dfbf09c772b9588271e2d8e053c7494bb087c544) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5ebc9eb4f5..93e7169204 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -868,7 +868,7 @@ int smb_create_group(const char *unix_group, gid_t *new_gid) if ( *lp_addgroup_script() ) { pstrcpy(add_script, lp_addgroup_script()); pstring_sub(add_script, "%g", unix_group); - ret = smbrun(add_script, (new_gid!=NULL) ? &fd : NULL); + ret = smbrun(add_script, &fd); DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); if (ret != 0) return ret; -- cgit From 0ce53f8ba5110381ad6f910abe581a69019135b8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Mar 2006 00:10:38 +0000 Subject: r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes' * Add a SID domain to the group mapping enumeration passdb call to fix the checks for local and builtin groups. The SID can be NULL if you want the old semantics for internal maintenance. I only updated the tdb group mapping code. * remove any group mapping from the tdb that have a gid of -1 for better consistency with pdb_ldap.c. The fixes the problem with calling add_group_map() in the tdb code for unmapped groups which might have had a record present. * Ensure that we distinguish between groups in the BUILTIN and local machine domains via getgrnam() Other wise BUILTIN\Administrators & SERVER\Administrators would resolve to the same gid. * Doesn't strip the global_sam_name() from groups in the local machine's domain (this is required to work with 'winbind default domain' code) Still todo. * Fix fallback Administrators membership for root and domain Admins if nested groups = no or winbindd is not running * issues with "su - user -c 'groups'" command * There are a few outstanding issues with BUILTIN\Users that Windows apparently tends to assume. I worked around this presently with a manual group mapping but I do not think this is a good solution. So I'll probably add some similar as I did for Administrators. (This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83) --- source3/groupdb/mapping.c | 154 ++++++++++++++++++++++++++++++---------------- 1 file changed, 102 insertions(+), 52 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 93e7169204..04471f9d43 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -3,6 +3,8 @@ * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Jean François Micouleau 1998-2001. + * Copyright (C) Volker Lendecke 2006. + * Copyright (C) Gerald Carter 2006. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,50 +37,11 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" -/**************************************************************************** -initialise first time the mapping list - called from init_group_mapping() -****************************************************************************/ -static BOOL default_group_mapping(void) -{ - DOM_SID sid_admins; - DOM_SID sid_users; - DOM_SID sid_guests; - fstring str_admins; - fstring str_users; - fstring str_guests; - - /* Add the Wellknown groups */ - - add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", ""); - add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", ""); - add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", ""); - add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", ""); - add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", ""); - add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", ""); - add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", ""); - add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", ""); - add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", ""); - - /* Add the defaults domain groups */ - - sid_copy(&sid_admins, get_global_sam_sid()); - sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); - sid_to_string(str_admins, &sid_admins); - add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", ""); - - sid_copy(&sid_users, get_global_sam_sid()); - sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); - sid_to_string(str_users, &sid_users); - add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", ""); - - sid_copy(&sid_guests, get_global_sam_sid()); - sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); - sid_to_string(str_guests, &sid_guests); - add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", ""); - - return True; -} +static BOOL enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only); +static BOOL group_map_remove(const DOM_SID *sid); + /**************************************************************************** Open the group mapping tdb. ****************************************************************************/ @@ -87,9 +50,12 @@ static BOOL init_group_mapping(void) { const char *vstring = "INFO/version"; int32 vers_id; + GROUP_MAP *map_table = NULL; + size_t num_entries = 0; if (tdb) return True; + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open group mapping database\n")); @@ -107,6 +73,8 @@ static BOOL init_group_mapping(void) vers_id = DATABASE_VERSION_V2; } + /* if its an unknown version we remove everthing in the db */ + if (vers_id != DATABASE_VERSION_V2) { tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); @@ -114,9 +82,20 @@ static BOOL init_group_mapping(void) tdb_unlock_bystring(tdb, vstring); - /* write a list of default groups */ - if(!default_group_mapping()) - return False; + /* cleanup any map entries with a gid == -1 */ + + if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, &num_entries, False ) ) { + int i; + + for ( i=0; isid, &sid); return True; @@ -371,7 +350,7 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) return False; } - if (StrCaseCmp(name, map->nt_name)==0) { + if ( strequal(name, map->nt_name) ) { SAFE_FREE(kbuf.dptr); return True; } @@ -419,7 +398,7 @@ static BOOL group_map_remove(const DOM_SID *sid) Enumerate the group mapping. ****************************************************************************/ -static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, +static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { TDB_DATA kbuf, dbuf, newkey; @@ -428,6 +407,8 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm GROUP_MAP *mapt; int ret; size_t entries=0; + DOM_SID grpsid; + uint32 rid; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); @@ -471,8 +452,19 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm continue; } - string_to_sid(&map.sid, string_sid); + string_to_sid(&grpsid, string_sid); + sid_copy( &map.sid, &grpsid ); + sid_split_rid( &grpsid, &rid ); + + /* Only check the domain if we were given one */ + + if ( domsid && !sid_equal( domsid, &grpsid ) ) { + DEBUG(11,("enum_group_mapping: group %s is not in domain %s\n", + string_sid, sid_string_static(domsid))); + continue; + } + DEBUG(11,("enum_group_mapping: returning group %s of " "type %s\n", map.nt_name, sid_type_lookup(map.sid_name_use))); @@ -1032,11 +1024,11 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, } NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, - enum SID_NAME_USE sid_name_use, + const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { - return enum_group_mapping(sid_name_use, pp_rmap, p_num_entries, unix_only) ? + return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -1301,4 +1293,62 @@ BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)); } +/******************************************************************** + Really just intended to be called by smbd +********************************************************************/ + +NTSTATUS pdb_create_builtin_alias(uint32 rid) +{ + DOM_SID sid; + enum SID_NAME_USE type; + gid_t gid; + GROUP_MAP map; + TALLOC_CTX *mem_ctx; + NTSTATUS status; + const char *name = NULL; + fstring groupname; + + DEBUG(10, ("Trying to create builtin alias %d\n", rid)); + + if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) { + return NT_STATUS_NO_SUCH_ALIAS; + } + + if ( (mem_ctx = talloc_new(NULL)) == NULL ) { + return NT_STATUS_NO_MEMORY; + } + + if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) { + TALLOC_FREE( mem_ctx ); + return NT_STATUS_NO_SUCH_ALIAS; + } + + /* validate RID so copy the name and move on */ + + fstrcpy( groupname, name ); + TALLOC_FREE( mem_ctx ); + + if (!winbind_allocate_gid(&gid)) { + DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n")); + return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(10,("Creating alias %s with gid %d\n", name, gid)); + + map.gid = gid; + sid_copy(&map.sid, &sid); + map.sid_name_use = SID_NAME_ALIAS; + fstrcpy(map.nt_name, name); + fstrcpy(map.comment, ""); + + status = pdb_add_group_mapping_entry(&map); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d " + "(%s)\n", rid, nt_errstr(status))); + } + + return status; +} + -- cgit From 41a0da4cfc3e0bb37b81ea22fc2eb15aa89298e1 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 15 Mar 2006 17:40:28 +0000 Subject: r14457: Add a few more special cases for RID 513 in the samr code. Now that I know what all the requirements for this group are I can generalize the code some more and make it cleaner. But at least this is working with lusrmgr.msc on XP and 2k now. (This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0) --- source3/groupdb/mapping.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 04471f9d43..830584979b 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -814,8 +814,24 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) ret = pdb_getgrsid(map, sid); unbecome_root(); - if ( !ret ) + /* special case check for rid 513 */ + + if ( !ret ) { + uint32 rid; + + sid_peek_rid( &sid, &rid ); + + if ( rid == DOMAIN_GROUP_RID_USERS ) { + fstrcpy( map->nt_name, "None" ); + fstrcpy( map->comment, "Ordinary Users" ); + sid_copy( &map->sid, &sid ); + map->sid_name_use = SID_NAME_DOM_GRP; + + return True; + } + return False; + } DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); -- cgit From 1839b4be14e905428257eb999def184d73dcf08f Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 22 Mar 2006 08:04:13 +0000 Subject: r14634: Many bug fixes thanks to train rides and overnight stays in airports * Finally fix parsing idmap uid/gid ranges not to break with spaces surrounding the '-' * Allow local groups to renamed by adding info level 2 to _samr_set_aliasinfo() * Fix parsing bug in _samr_del_dom_alias() reply * Prevent root from being deleted via Samba * Prevent builting groups from being renamed or deleted * Fix bug in pdb_tdb that broke renaming user accounts * Make sure winbindd is running when trying to create the Administrators and Users BUILTIN groups automatically from smbd (and not just check the winbind nexted groups parameter value). * Have the top level rid allocator verify that the RID it is about to grant is not already assigned in our own SAM (retries up to 250 times). This fixes passdb with existing SIDs assigned to users from the RID algorithm but not monotonically allocating the RIDs from passdb. (This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f) --- source3/groupdb/mapping.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 830584979b..5569dbf4ed 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -1164,6 +1164,7 @@ NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; + fstrcpy(map.nt_name, info->acct_name); fstrcpy(map.comment, info->acct_desc); return pdb_update_group_mapping_entry(&map); -- cgit From e17302200c138eec7df504a7f4b2bde46073a810 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 17 Apr 2006 11:49:06 +0000 Subject: r15101: Little step towards getting Samba4 tdb into 3: tdb_lock_bystring does not have the timeout argument in Samba4. Add a new routine tdb_lock_bystring_with_timeout. Volker (This used to be commit b9c6e3f55602fa505859a4b2cd137b74105d685f) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 5569dbf4ed..c701ef165d 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -63,7 +63,7 @@ static BOOL init_group_mapping(void) } /* handle a Samba upgrade */ - tdb_lock_bystring(tdb, vstring, 0); + tdb_lock_bystring(tdb, vstring); /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(tdb, vstring); -- cgit From ff7c0a7c357ab8a0ff9de6d18988933e0b398780 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 8 Aug 2006 08:26:40 +0000 Subject: r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f) --- source3/groupdb/mapping.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index c701ef165d..20bc63e56e 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -220,7 +220,7 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) Return the sid and the type of the unix group. ****************************************************************************/ -static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) +static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) { TDB_DATA kbuf, dbuf; pstring key; @@ -234,7 +234,7 @@ static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) /* the key is the SID, retrieving is direct */ - sid_to_string(string_sid, &sid); + sid_to_string(string_sid, sid); slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dptr = key; @@ -254,7 +254,7 @@ static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) return False; } - sid_copy(&map->sid, &sid); + sid_copy(&map->sid, sid); return True; } @@ -588,7 +588,7 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) return NT_STATUS_ACCESS_DENIED; } - if (!get_group_map_from_sid(*alias, &map)) + if (!get_group_map_from_sid(alias, &map)) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && @@ -691,7 +691,7 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) return NT_STATUS_ACCESS_DENIED; } - if (!get_group_map_from_sid(*alias, &map)) + if (!get_group_map_from_sid(alias, &map)) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && @@ -796,7 +796,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) /* get a domain group from it's SID */ -BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) +BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) { struct group *grp; BOOL ret; @@ -819,12 +819,12 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) if ( !ret ) { uint32 rid; - sid_peek_rid( &sid, &rid ); + sid_peek_rid( sid, &rid ); if ( rid == DOMAIN_GROUP_RID_USERS ) { fstrcpy( map->nt_name, "None" ); fstrcpy( map->comment, "Ordinary Users" ); - sid_copy( &map->sid, &sid ); + sid_copy( &map->sid, sid ); map->sid_name_use = SID_NAME_DOM_GRP; return True; @@ -998,7 +998,7 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - DOM_SID sid) + const DOM_SID *sid) { return get_group_map_from_sid(sid, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; @@ -1138,7 +1138,7 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!pdb_getgrsid(&map, *sid)) + if (!pdb_getgrsid(&map, sid)) return NT_STATUS_NO_SUCH_ALIAS; if ((map.sid_name_use != SID_NAME_ALIAS) && @@ -1161,7 +1161,7 @@ NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!pdb_getgrsid(&map, *sid)) + if (!pdb_getgrsid(&map, sid)) return NT_STATUS_NO_SUCH_ALIAS; fstrcpy(map.nt_name, info->acct_name); @@ -1285,7 +1285,7 @@ BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) BOOL res; become_root(); - res = get_domain_group_from_sid(*sid, &map); + res = get_domain_group_from_sid(sid, &map); unbecome_root(); if (!res) @@ -1301,7 +1301,7 @@ BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) { GROUP_MAP map; - if (!get_domain_group_from_sid(*sid, &map)) + if (!get_domain_group_from_sid(sid, &map)) return False; fstrcpy(map.nt_name, info->acct_name); -- cgit From e1e62d89999629d41cc2b66b12eb37ce190d5db0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 8 Aug 2006 19:29:34 +0000 Subject: r17463: A bit of cleanup work: Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc) --- source3/groupdb/mapping.c | 72 +++-------------------------------------------- 1 file changed, 4 insertions(+), 68 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 20bc63e56e..67b550680c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -168,7 +168,7 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) const char *grpname, *dom, *name; uint32 rid; - if (pdb_getgrgid(&map, grp->gr_gid)) { + if (NT_STATUS_IS_OK(pdb_getgrgid(&map, grp->gr_gid))) { return NT_STATUS_GROUP_EXISTS; } @@ -811,7 +811,7 @@ BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) /* if the group is NOT in the database, it CAN NOT be a domain group */ become_root(); - ret = pdb_getgrsid(map, sid); + ret = NT_STATUS_IS_OK(pdb_getgrsid(map, sid)); unbecome_root(); /* special case check for rid 513 */ @@ -1048,22 +1048,6 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, - const char *name, DOM_SID *sid) -{ - GROUP_MAP map; - - if (!pdb_getgrnam(&map, name)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ((map.sid_name_use != SID_NAME_WKN_GRP) && - (map.sid_name_use != SID_NAME_ALIAS)) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - sid_copy(sid, &map.sid); - return NT_STATUS_OK; -} - NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, const char *name, uint32 *rid) { @@ -1138,7 +1122,7 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!pdb_getgrsid(&map, sid)) + if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, sid))) return NT_STATUS_NO_SUCH_ALIAS; if ((map.sid_name_use != SID_NAME_ALIAS) && @@ -1161,7 +1145,7 @@ NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!pdb_getgrsid(&map, sid)) + if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, sid))) return NT_STATUS_NO_SUCH_ALIAS; fstrcpy(map.nt_name, info->acct_name); @@ -1228,54 +1212,6 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, return NT_STATUS_OK; } -/********************************************************************** - no ops for passdb backends that don't implement group mapping - *********************************************************************/ - -NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - DOM_SID sid) -{ - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, - gid_t gid) -{ - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, - const char *name) -{ - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) -{ - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) -{ - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, - DOM_SID sid) -{ - return NT_STATUS_UNSUCCESSFUL; -} - -NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **rmap, size_t *num_entries, - BOOL unix_only) -{ - return NT_STATUS_UNSUCCESSFUL; -} - /**************************************************************************** These need to be redirected through pdb_interface.c ****************************************************************************/ -- cgit From d802774e02ed4a68d61b9fa3b95164221dd50112 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 8 Aug 2006 20:50:35 +0000 Subject: r17465: Get rid of add_initial_entry. In the two places it was called in it seemed a bit pointless to me. Volker (This used to be commit 244b25ae49d3c635fc54498dbee29f5b649ea1fa) --- source3/groupdb/mapping.c | 25 ------------------------- 1 file changed, 25 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 67b550680c..643c6e517c 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -133,31 +133,6 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) return True; } -/**************************************************************************** -initialise first time the mapping list -****************************************************************************/ -NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) -{ - GROUP_MAP map; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - map.gid=gid; - if (!string_to_sid(&map.sid, sid)) { - DEBUG(0, ("string_to_sid failed: %s", sid)); - return NT_STATUS_UNSUCCESSFUL; - } - - map.sid_name_use=sid_name_use; - fstrcpy(map.nt_name, nt_name); - fstrcpy(map.comment, comment); - - return pdb_add_group_mapping_entry(&map); -} - /**************************************************************************** Map a unix group to a newly created mapping ****************************************************************************/ -- cgit From 76362d0d33892df39c0a370f1f64c8581daaf166 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 9 Aug 2006 15:25:26 +0000 Subject: r17468: To minimize the diff later on, pre-commit some changes independently: Change internal mapping.c functions to return NTSTATUS instead of BOOL. Volker (This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a) --- source3/groupdb/mapping.c | 216 ++++++++++++++++++++++------------------------ 1 file changed, 103 insertions(+), 113 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 643c6e517c..589cd3c282 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -38,15 +38,17 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define MEMBEROF_PREFIX "MEMBEROF/" -static BOOL enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only); +static NTSTATUS enum_group_mapping(const DOM_SID *sid, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only); static BOOL group_map_remove(const DOM_SID *sid); /**************************************************************************** Open the group mapping tdb. ****************************************************************************/ -static BOOL init_group_mapping(void) +static NTSTATUS init_group_mapping(void) { const char *vstring = "INFO/version"; int32 vers_id; @@ -54,12 +56,13 @@ static BOOL init_group_mapping(void) size_t num_entries = 0; if (tdb) - return True; + return NT_STATUS_OK; - tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, + O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open group mapping database\n")); - return False; + return map_nt_error_from_unix(errno); } /* handle a Samba upgrade */ @@ -84,7 +87,9 @@ static BOOL init_group_mapping(void) /* cleanup any map entries with a gid == -1 */ - if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, &num_entries, False ) ) { + if ( NT_STATUS_IS_OK(enum_group_mapping( NULL, SID_NAME_UNKNOWN, + &map_table, &num_entries, + False ))) { int i; for ( i=0; isid); @@ -120,7 +128,7 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) map->gid, map->sid_name_use, map->nt_name, map->comment); if (len > sizeof(buf)) - return False; + return NT_STATUS_NO_MEMORY; slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); @@ -128,9 +136,11 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) kbuf.dptr = key; dbuf.dsize = len; dbuf.dptr = buf; - if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; + if (tdb_store(tdb, kbuf, dbuf, flag) != 0) { + return map_ntstatus_from_tdb(tdb); + } - return True; + return NT_STATUS_OK; } /**************************************************************************** @@ -195,16 +205,19 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) Return the sid and the type of the unix group. ****************************************************************************/ -static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) +static NTSTATUS get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) { TDB_DATA kbuf, dbuf; pstring key; fstring string_sid; int ret = 0; + NTSTATUS status; - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); + status = init_group_mapping(); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("failed to initialize group mapping: %s\n", + nt_errstr(status))); + return status; } /* the key is the SID, retrieving is direct */ @@ -216,8 +229,9 @@ static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) kbuf.dsize = strlen(key)+1; dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - return False; + if (!dbuf.dptr) { + return NT_STATUS_NOT_FOUND; + } ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); @@ -226,27 +240,30 @@ static BOOL get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) if ( ret == -1 ) { DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); - return False; + return NT_STATUS_INTERNAL_DB_CORRUPTION; } sid_copy(&map->sid, sid); - return True; + return NT_STATUS_OK; } /**************************************************************************** Return the sid and the type of the unix group. ****************************************************************************/ -static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) +static NTSTATUS get_group_map_from_gid(gid_t gid, GROUP_MAP *map) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; + NTSTATUS status; - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); + status = init_group_mapping(); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("failed to initialize group mapping: %s\n", + nt_errstr(status))); + return status; } /* we need to enumerate the TDB to find the GID */ @@ -272,31 +289,34 @@ static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) if ( ret == -1 ) { DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n")); - return False; + return NT_STATUS_INTERNAL_DB_CORRUPTION; } if (gid==map->gid) { SAFE_FREE(kbuf.dptr); - return True; + return NT_STATUS_OK; } } - return False; + return NT_STATUS_NOT_FOUND; } /**************************************************************************** Return the sid and the type of the unix group. ****************************************************************************/ -static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) +static NTSTATUS get_group_map_from_ntname(const char *name, GROUP_MAP *map) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; + NTSTATUS status; - if(!init_group_mapping()) { - DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n")); - return(False); + status = init_group_mapping(); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("get_group_map_from_ntname: failed to initialize " + "group mapping: %s\n", nt_errstr(status))); + return status; } /* we need to enumerate the TDB to find the name */ @@ -322,16 +342,16 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) if ( ret == -1 ) { DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n")); - return False; + return NT_STATUS_INTERNAL_DB_CORRUPTION; } if ( strequal(name, map->nt_name) ) { SAFE_FREE(kbuf.dptr); - return True; + return NT_STATUS_OK; } } - return False; + return NT_STATUS_NOT_FOUND; } /**************************************************************************** @@ -344,7 +364,7 @@ static BOOL group_map_remove(const DOM_SID *sid) pstring key; fstring string_sid; - if(!init_group_mapping()) { + if(!NT_STATUS_IS_OK(init_group_mapping())) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } @@ -373,8 +393,10 @@ static BOOL group_map_remove(const DOM_SID *sid) Enumerate the group mapping. ****************************************************************************/ -static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only) +static NTSTATUS enum_group_mapping(const DOM_SID *domsid, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only) { TDB_DATA kbuf, dbuf, newkey; fstring string_sid; @@ -384,10 +406,13 @@ static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name size_t entries=0; DOM_SID grpsid; uint32 rid; + NTSTATUS status; - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); + status = init_group_mapping(); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("failed to initialize group mapping: %s\n", + nt_errstr(status))); + return status; } *p_num_entries=0; @@ -447,7 +472,7 @@ static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); if (!(*pp_rmap)) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); - return False; + return NT_STATUS_NO_MEMORY; } mapt = (*pp_rmap); @@ -464,7 +489,7 @@ static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name *p_num_entries=entries; - return True; + return NT_STATUS_OK; } /* This operation happens on session setup, so it should better be fast. We @@ -477,7 +502,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member, TDB_DATA kbuf, dbuf; const char *p; - if (!init_group_mapping()) { + if (!NT_STATUS_IS_OK(init_group_mapping())) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } @@ -558,12 +583,12 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) char *new_memberstring; int result; - if(!init_group_mapping()) { + if(!NT_STATUS_IS_OK(init_group_mapping())) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } - if (!get_group_map_from_sid(alias, &map)) + if (!NT_STATUS_IS_OK(get_group_map_from_sid(alias, &map))) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && @@ -661,12 +686,12 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) GROUP_MAP map; struct aliasmem_closure closure; - if(!init_group_mapping()) { + if(!NT_STATUS_IS_OK(init_group_mapping())) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } - if (!get_group_map_from_sid(alias, &map)) + if (!NT_STATUS_IS_OK(get_group_map_from_sid(alias, &map))) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && @@ -771,14 +796,16 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) /* get a domain group from it's SID */ -BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) +NTSTATUS get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) { struct group *grp; - BOOL ret; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); + NTSTATUS status; + + status = init_group_mapping(); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("failed to initialize group mapping: %s\n", + nt_errstr(status))); + return status; } DEBUG(10, ("get_domain_group_from_sid\n")); @@ -786,12 +813,12 @@ BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) /* if the group is NOT in the database, it CAN NOT be a domain group */ become_root(); - ret = NT_STATUS_IS_OK(pdb_getgrsid(map, sid)); + status = pdb_getgrsid(map, sid); unbecome_root(); /* special case check for rid 513 */ - if ( !ret ) { + if ( !NT_STATUS_IS_OK(status) ) { uint32 rid; sid_peek_rid( sid, &rid ); @@ -802,23 +829,23 @@ BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) sid_copy( &map->sid, sid ); map->sid_name_use = SID_NAME_DOM_GRP; - return True; + return NT_STATUS_OK; } - return False; + return status; } DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); /* if it's not a domain group, continue */ if (map->sid_name_use!=SID_NAME_DOM_GRP) { - return False; + return NT_STATUS_OBJECT_TYPE_MISMATCH; } DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); if (map->gid==-1) { - return False; + return NT_STATUS_NOT_FOUND; } DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); @@ -826,12 +853,12 @@ BOOL get_domain_group_from_sid(const DOM_SID *sid, GROUP_MAP *map) grp = getgrgid(map->gid); if ( !grp ) { DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); - return False; + return NT_STATUS_NOT_FOUND; } DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); - return True; + return NT_STATUS_OK; } /**************************************************************************** @@ -975,36 +1002,31 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, const DOM_SID *sid) { - return get_group_map_from_sid(sid, map) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return get_group_map_from_sid(sid, map); } NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid) { - return get_group_map_from_gid(gid, map) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return get_group_map_from_gid(gid, map); } NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, const char *name) { - return get_group_map_from_ntname(name, map) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return get_group_map_from_ntname(name, map); } NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { - return add_mapping_entry(map, TDB_INSERT) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return add_mapping_entry(map, TDB_INSERT); } NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { - return add_mapping_entry(map, TDB_REPLACE) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return add_mapping_entry(map, TDB_REPLACE); } NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, @@ -1015,12 +1037,14 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, } NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, - const DOM_SID *sid, enum SID_NAME_USE sid_name_use, - GROUP_MAP **pp_rmap, size_t *p_num_entries, - BOOL unix_only) + const DOM_SID *sid, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **pp_rmap, + size_t *p_num_entries, + BOOL unix_only) { - return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, + unix_only); } NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, @@ -1187,40 +1211,6 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, return NT_STATUS_OK; } -/**************************************************************************** - These need to be redirected through pdb_interface.c -****************************************************************************/ -BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) -{ - GROUP_MAP map; - BOOL res; - - become_root(); - res = get_domain_group_from_sid(sid, &map); - unbecome_root(); - - if (!res) - return False; - - fstrcpy(info->acct_name, map.nt_name); - fstrcpy(info->acct_desc, map.comment); - sid_peek_rid(sid, &info->rid); - return True; -} - -BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) -{ - GROUP_MAP map; - - if (!get_domain_group_from_sid(sid, &map)) - return False; - - fstrcpy(map.nt_name, info->acct_name); - fstrcpy(map.comment, info->acct_desc); - - return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)); -} - /******************************************************************** Really just intended to be called by smbd ********************************************************************/ -- cgit From 108009f2681726691da4dfbad1e1a628f6a53f44 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 9 Aug 2006 20:25:13 +0000 Subject: r17470: This is the group mapping rewrite announced a few days ago. I'm afraid it's more than 1000 lines of patch, but doing it in smaller pieces is hardly possible. Anybody interested please look over this. The patch is not really interesting, just look at the new groupdb/mapping.c file. Jerry, one entry for the 3.0.24 release notes: smbd will refuse to start if we have overlapping mappings in group_mapping.tdb. With the old db a unix gid can be mapped to two different SIDs. This will be refused with the new code. Volker (This used to be commit f0f0e893ca41d35b58b35929de78dcb911b3c7dc) --- source3/groupdb/mapping.c | 766 ++++++++++++++++++++++++++++------------------ 1 file changed, 473 insertions(+), 293 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 589cd3c282..f688de38ed 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. + * Copyright (C) Jean Francois Micouleau 1998-2001. * Copyright (C) Volker Lendecke 2006. * Copyright (C) Gerald Carter 2006. * @@ -27,6 +27,7 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ #define DATABASE_VERSION_V2 2 /* le format. */ +#define DATABASE_VERSION_V3 3 /* Indexed format */ #define GROUP_PREFIX "UNIXGROUP/" @@ -37,12 +38,164 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" +static BOOL pack_group_map(TALLOC_CTX *mem_ctx, const GROUP_MAP *map, + TDB_DATA *data) +{ + return tdb_pack_append(mem_ctx, &data->dptr, &data->dsize, "fddff", + sid_string_static(&map->sid), map->gid, + map->sid_name_use, map->nt_name, map->comment); +} -static NTSTATUS enum_group_mapping(const DOM_SID *sid, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only); -static BOOL group_map_remove(const DOM_SID *sid); +static BOOL unpack_group_map(TDB_DATA data, GROUP_MAP *map) +{ + fstring sidstr; + + if (!tdb_unpack(data.dptr, data.dsize, "fddff", sidstr, &map->gid, + &map->sid_name_use, &map->nt_name, &map->comment)) { + DEBUG(0, ("tdb_unpack failed\n")); + return False; + } + + if (!string_to_sid(&map->sid, sidstr)) { + DEBUG(0, ("sid_string %s invalid\n", sidstr)); + return False; + } + + return True; +} + +/* + * Calculate keys from the group mapping record + * + * We've got 3 keys: SID, Name (uppercased) and gid + */ + +#define KEYNUM_SID (0) +#define KEYNUM_NAME (1) +#define KEYNUM_GID (2) + +static char **group_mapping_keys(TALLOC_CTX *mem_ctx, TDB_DATA data, + void *private_data) +{ + char **result; + GROUP_MAP map; + GROUP_MAP *mapp = (GROUP_MAP *)private_data; + + if (mapp == NULL) { + if (!unpack_group_map(data, &map)) { + DEBUG(0, ("unpack_groupmap failed\n")); + return NULL; + } + mapp = ↦ + } + + result = TALLOC_ARRAY(mem_ctx, char *, 4); + if (result == NULL) { + DEBUG(0, ("talloc_array failed\n")); + return NULL; + } + + result[KEYNUM_SID] = talloc_strdup(mem_ctx, + sid_string_static(&mapp->sid)); + result[KEYNUM_NAME] = talloc_strdup(mem_ctx, mapp->nt_name); + result[KEYNUM_GID] = talloc_asprintf(mem_ctx, "%d", (int)mapp->gid); + result[3] = NULL; + + if ((result[0] == NULL) || (result[1] == NULL) || + (result[2] == NULL)) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(result); + return NULL; + } + + /* name lookups are case insensitive, store the key in upper case */ + strupper_m(result[1]); + + return result; +} + +static NTSTATUS upgrade_groupdb_to_v3(struct tdb_context *groupdb) +{ + TDB_DATA kbuf, newkey; + NTSTATUS status; + + for (kbuf = tdb_firstkey(groupdb); + kbuf.dptr; + newkey = tdb_nextkey(groupdb, kbuf), safe_free(kbuf.dptr), + kbuf=newkey) { + + fstring string_sid; + TDB_DATA data, newdata; + GROUP_MAP map; + int ret; + + if (strncmp(kbuf.dptr, GROUP_PREFIX, + strlen(GROUP_PREFIX)) != 0) { + continue; + } + + data = tdb_fetch(groupdb, kbuf); + if (!data.dptr) { + continue; + } + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + ret = tdb_unpack(data.dptr, data.dsize, "ddff", + &map.gid, &map.sid_name_use, &map.nt_name, + &map.comment); + SAFE_FREE(data.dptr); + + if ( ret == -1 ) { + DEBUG(3,("upgrade_groupdb_to_v3: tdb_unpack " + "failure\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (!string_to_sid(&map.sid, string_sid)) { + DEBUG(3, ("Got invalid sid: %s\n", string_sid)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (tdb_delete(groupdb, kbuf) < 0) { + status = map_ntstatus_from_tdb(groupdb); + DEBUG(3, ("tdb_delete failed: %s\n", + nt_errstr(status))); + return status; + } + + if (map.gid == -1) { + DEBUG(3, ("Deleting umapped group %s\n", map.nt_name)); + continue; + } + + ZERO_STRUCT(newdata); + + if (!pack_group_map(NULL, &map, &newdata)) { + DEBUG(0, ("pack_group_map_failed\n")); + return NT_STATUS_NO_MEMORY; + } + + status = tdb_add_keyed(groupdb, group_mapping_keys, + newdata, &map); + TALLOC_FREE(newdata.dptr); + + if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECTID_EXISTS)) { + DEBUG(0, ("mapping for gid %d / name %s maps to " + "multiple SIDs -- rejected\n", + map.gid, map.nt_name)); + return status; + } + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(5, ("tdb_add_keyed failed: %s\n", + nt_errstr(status))); + return status; + } + } + + return NT_STATUS_OK; +} /**************************************************************************** Open the group mapping tdb. @@ -52,8 +205,7 @@ static NTSTATUS init_group_mapping(void) { const char *vstring = "INFO/version"; int32 vers_id; - GROUP_MAP *map_table = NULL; - size_t num_entries = 0; + NTSTATUS status; if (tdb) return NT_STATUS_OK; @@ -61,86 +213,68 @@ static NTSTATUS init_group_mapping(void) tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { - DEBUG(0,("Failed to open group mapping database\n")); + DEBUG(0,("Failed to open group mapping database: %s\n", + strerror(errno))); return map_nt_error_from_unix(errno); } - /* handle a Samba upgrade */ - tdb_lock_bystring(tdb, vstring); + if (tdb_transaction_start(tdb) < 0) { + status = map_ntstatus_from_tdb(tdb); + DEBUG(5, ("Could not start transaction: %s\n", + nt_errstr(status))); + tdb_close(tdb); + tdb = NULL; + return status; + } /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(tdb, vstring); - if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { - /* Written on a bigendian machine with old fetch_int code. Save as le. */ - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - vers_id = DATABASE_VERSION_V2; - } - /* if its an unknown version we remove everthing in the db */ - - if (vers_id != DATABASE_VERSION_V2) { - tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - } - - tdb_unlock_bystring(tdb, vstring); - - /* cleanup any map entries with a gid == -1 */ - - if ( NT_STATUS_IS_OK(enum_group_mapping( NULL, SID_NAME_UNKNOWN, - &map_table, &num_entries, - False ))) { - int i; - - for ( i=0; isid); - len = tdb_pack(buf, sizeof(buf), "ddff", - map->gid, map->sid_name_use, map->nt_name, map->comment); + if (vers_id == DATABASE_VERSION_V2) { + status = upgrade_groupdb_to_v3(tdb); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V3); + } - if (len > sizeof(buf)) - return NT_STATUS_NO_MEMORY; + if (tdb_transaction_commit(tdb) < 0) { + status = map_ntstatus_from_tdb(tdb); + DEBUG(5, ("tdb_transaction_commit failed: %s\n", + nt_errstr(status))); + goto fail; + } - slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + return NT_STATUS_OK; - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - dbuf.dsize = len; - dbuf.dptr = buf; - if (tdb_store(tdb, kbuf, dbuf, flag) != 0) { - return map_ntstatus_from_tdb(tdb); + fail: + if (tdb_transaction_cancel(tdb) < 0) { + smb_panic("tdb_cancel_transaction failed\n"); } + tdb_close(tdb); + tdb = NULL; - return NT_STATUS_OK; + return status; } /**************************************************************************** @@ -207,45 +341,26 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) static NTSTATUS get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) { - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - int ret = 0; + TDB_DATA data; NTSTATUS status; - + status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("failed to initialize group mapping: %s\n", - nt_errstr(status))); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0,("failed to initialize group mapping\n")); return status; } - /* the key is the SID, retrieving is direct */ - - sid_to_string(string_sid, sid); - slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); - - kbuf.dptr = key; - kbuf.dsize = strlen(key)+1; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) { - return NT_STATUS_NOT_FOUND; + status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, sid_string_static(sid), + &data, NULL); + if (!NT_STATUS_IS_OK(status)) { + return status; } - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + status = unpack_group_map(data, map) ? + NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; - SAFE_FREE(dbuf.dptr); - - if ( ret == -1 ) { - DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - sid_copy(&map->sid, sid); - - return NT_STATUS_OK; + TALLOC_FREE(data.dptr); + return status; } /**************************************************************************** @@ -254,51 +369,33 @@ static NTSTATUS get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) static NTSTATUS get_group_map_from_gid(gid_t gid, GROUP_MAP *map) { - TDB_DATA kbuf, dbuf, newkey; - fstring string_sid; - int ret; + TDB_DATA data; NTSTATUS status; + char *gidstr; status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("failed to initialize group mapping: %s\n", - nt_errstr(status))); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0,("failed to initialize group mapping\n")); return status; } - /* we need to enumerate the TDB to find the GID */ - - for (kbuf = tdb_firstkey(tdb); - kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - - if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - continue; - - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + if (asprintf(&gidstr, "%d", (int)gid) < 0) { + DEBUG(0, ("asprintf failed\n")); + return NT_STATUS_NO_MEMORY; + } - string_to_sid(&map->sid, string_sid); - - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + status = tdb_find_keyed(NULL, tdb, KEYNUM_GID, gidstr, &data, NULL); + SAFE_FREE(gidstr); - SAFE_FREE(dbuf.dptr); - - if ( ret == -1 ) { - DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - if (gid==map->gid) { - SAFE_FREE(kbuf.dptr); - return NT_STATUS_OK; - } + if (!NT_STATUS_IS_OK(status)) { + return status; } - return NT_STATUS_NOT_FOUND; + status = unpack_group_map(data, map) ? + NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; + + TALLOC_FREE(data.dptr); + return status; } /**************************************************************************** @@ -307,86 +404,40 @@ static NTSTATUS get_group_map_from_gid(gid_t gid, GROUP_MAP *map) static NTSTATUS get_group_map_from_ntname(const char *name, GROUP_MAP *map) { - TDB_DATA kbuf, dbuf, newkey; - fstring string_sid; - int ret; + TDB_DATA data; NTSTATUS status; + char *tmp; status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("get_group_map_from_ntname: failed to initialize " - "group mapping: %s\n", nt_errstr(status))); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0,("failed to initialize group mapping\n")); return status; } - /* we need to enumerate the TDB to find the name */ - - for (kbuf = tdb_firstkey(tdb); - kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - - if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - continue; - - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - - string_to_sid(&map->sid, string_sid); - - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); - - SAFE_FREE(dbuf.dptr); - - if ( ret == -1 ) { - DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - if ( strequal(name, map->nt_name) ) { - SAFE_FREE(kbuf.dptr); - return NT_STATUS_OK; - } + tmp = SMB_STRDUP(name); + if (tmp == NULL) { + DEBUG(0, ("strdup failed\n")); + return NT_STATUS_NO_MEMORY; } - return NT_STATUS_NOT_FOUND; -} + /* + * The name is stored uppercase to make the search case insensitive + */ -/**************************************************************************** - Remove a group mapping entry. -****************************************************************************/ + strupper_m(tmp); -static BOOL group_map_remove(const DOM_SID *sid) -{ - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - - if(!NT_STATUS_IS_OK(init_group_mapping())) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - /* the key is the SID, retrieving is direct */ - - sid_to_string(string_sid, sid); - slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + status = tdb_find_keyed(NULL, tdb, KEYNUM_NAME, tmp, &data, NULL); + SAFE_FREE(tmp); - kbuf.dptr = key; - kbuf.dsize = strlen(key)+1; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - return False; - - SAFE_FREE(dbuf.dptr); + if (!NT_STATUS_IS_OK(status)) { + return status; + } - if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) - return False; + status = unpack_group_map(data, map) ? + NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; - return True; + TALLOC_FREE(data.dptr); + return status; } /**************************************************************************** @@ -398,70 +449,62 @@ static NTSTATUS enum_group_mapping(const DOM_SID *domsid, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { - TDB_DATA kbuf, dbuf, newkey; - fstring string_sid; - GROUP_MAP map; - GROUP_MAP *mapt; - int ret; - size_t entries=0; - DOM_SID grpsid; - uint32 rid; + struct tdb_keyed_iterator *iterator; + TDB_DATA dbuf; NTSTATUS status; status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("failed to initialize group mapping: %s\n", - nt_errstr(status))); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("failed to initialize group mapping\n")); return status; } *p_num_entries=0; *pp_rmap=NULL; - for (kbuf = tdb_firstkey(tdb); - kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + iterator = tdb_enum_keyed(NULL, tdb); + if (iterator == NULL) { + DEBUG(0, ("tdb_enum_keyed failed\n")); + return NT_STATUS_NO_MEMORY; + } - if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) - continue; + while (tdb_next_keyed(iterator, &dbuf)) { - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - continue; + GROUP_MAP map; + DOM_SID grpsid; + uint32 rid; - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); + if (!unpack_group_map(dbuf, &map)) { + DEBUG(5, ("Got invalid group mapping entry\n")); + TALLOC_FREE(dbuf.dptr); + continue; + } SAFE_FREE(dbuf.dptr); - if ( ret == -1 ) { - DEBUG(3,("enum_group_mapping: tdb_unpack failure\n")); - continue; - } - /* list only the type or everything if UNKNOWN */ - if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { - DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); + if (sid_name_use!=SID_NAME_UNKNOWN && + sid_name_use!=map.sid_name_use) { + DEBUG(11,("enum_group_mapping: group %s is not of the " + "requested type\n", map.nt_name)); continue; } if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { - DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); + DEBUG(11,("enum_group_mapping: group %s is non " + "mapped\n", map.nt_name)); continue; } - string_to_sid(&grpsid, string_sid); - sid_copy( &map.sid, &grpsid ); - + sid_copy( &grpsid, &map.sid ); sid_split_rid( &grpsid, &rid ); /* Only check the domain if we were given one */ if ( domsid && !sid_equal( domsid, &grpsid ) ) { - DEBUG(11,("enum_group_mapping: group %s is not in domain %s\n", - string_sid, sid_string_static(domsid))); + DEBUG(11,("enum_group_mapping: group %s is not in " + "domain %s\n", sid_string_static(&map.sid), + sid_string_static(domsid))); continue; } @@ -469,26 +512,13 @@ static NTSTATUS enum_group_mapping(const DOM_SID *domsid, "type %s\n", map.nt_name, sid_type_lookup(map.sid_name_use))); - (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); - if (!(*pp_rmap)) { - DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + ADD_TO_ARRAY(NULL, GROUP_MAP, map, pp_rmap, p_num_entries); + if (*pp_rmap == NULL) { + DEBUG(0, ("ADD_TO_ARRAY failed\n")); return NT_STATUS_NO_MEMORY; } - - mapt = (*pp_rmap); - - mapt[entries].gid = map.gid; - sid_copy( &mapt[entries].sid, &map.sid); - mapt[entries].sid_name_use = map.sid_name_use; - fstrcpy(mapt[entries].nt_name, map.nt_name); - fstrcpy(mapt[entries].comment, map.comment); - - entries++; - } - *p_num_entries=entries; - return NT_STATUS_OK; } @@ -581,22 +611,41 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) pstring key; fstring string_sid; char *new_memberstring; - int result; + NTSTATUS status; - if(!NT_STATUS_IS_OK(init_group_mapping())) { + status = init_group_mapping(); + if(!NT_STATUS_IS_OK(status)) { DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; + return status; } - if (!NT_STATUS_IS_OK(get_group_map_from_sid(alias, &map))) - return NT_STATUS_NO_SUCH_ALIAS; + if (tdb_transaction_start(tdb) < 0) { + status = map_ntstatus_from_tdb(tdb); + DEBUG(5, ("Could not start transaction: %s\n", + nt_errstr(status))); + return status; + } + + status = get_group_map_from_sid(alias, &map); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + status = NT_STATUS_NO_SUCH_ALIAS; + } + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; + (map.sid_name_use != SID_NAME_WKN_GRP) ) { + status = NT_STATUS_NO_SUCH_ALIAS; + goto fail; + } - if (is_aliasmem(alias, member)) - return NT_STATUS_MEMBER_IN_ALIAS; + if (is_aliasmem(alias, member)) { + status = NT_STATUS_MEMBER_IN_ALIAS; + goto fail; + } sid_to_string(string_sid, member); slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); @@ -615,18 +664,38 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) new_memberstring = SMB_STRDUP(string_sid); } - if (new_memberstring == NULL) - return NT_STATUS_NO_MEMORY; + if (new_memberstring == NULL) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } SAFE_FREE(dbuf.dptr); dbuf.dsize = strlen(new_memberstring)+1; dbuf.dptr = new_memberstring; - result = tdb_store(tdb, kbuf, dbuf, 0); + if (tdb_store(tdb, kbuf, dbuf, 0) < 0) { + status = map_ntstatus_from_tdb(tdb); + DEBUG(5, ("tdb_store failed: %s\n", nt_errstr(status))); + SAFE_FREE(new_memberstring); + goto fail; + } SAFE_FREE(new_memberstring); - return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED); + if (tdb_transaction_commit(tdb) < 0) { + status = map_ntstatus_from_tdb(tdb); + DEBUG(5, ("tdb_transaction_commit failed: %s\n", + nt_errstr(status))); + goto fail; + } + + return NT_STATUS_OK; + + fail: + if (tdb_transaction_cancel(tdb) < 0) { + smb_panic("tdb_cancel_transaction failed\n"); + } + return status; } struct aliasmem_closure { @@ -681,7 +750,8 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, return 0; } -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) +static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, + size_t *num) { GROUP_MAP map; struct aliasmem_closure closure; @@ -711,19 +781,33 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) { - NTSTATUS result; - DOM_SID *sids; + NTSTATUS status; + DOM_SID *sids = NULL; size_t i, num; BOOL found = False; - char *member_string; + char *member_string = NULL; TDB_DATA kbuf, dbuf; pstring key; fstring sid_string; - result = alias_memberships(member, 1, &sids, &num); + status = init_group_mapping(); + if(!NT_STATUS_IS_OK(status)) { + DEBUG(0,("failed to initialize group mapping\n")); + return status; + } - if (!NT_STATUS_IS_OK(result)) - return result; + if (tdb_transaction_start(tdb) < 0) { + status = map_ntstatus_from_tdb(tdb); + DEBUG(5, ("Could not start transaction: %s\n", + nt_errstr(status))); + return status; + } + + status = alias_memberships(member, 1, &sids, &num); + + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } for (i=0; igid)); + DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n", + (unsigned long)map->gid)); grp = getgrgid(map->gid); if ( !grp ) { - DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); + DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in " + "UNIX security\n")); return NT_STATUS_NOT_FOUND; } - DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); + DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX " + "security\n")); return NT_STATUS_OK; } @@ -1018,22 +1135,85 @@ NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, } NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - return add_mapping_entry(map, TDB_INSERT); + TDB_DATA data; + NTSTATUS status; + + status = init_group_mapping(); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("failed to initialize group mapping\n")); + return status; + } + + ZERO_STRUCT(data); + if (!pack_group_map(NULL, map, &data)) { + DEBUG(0, ("pack_group_map failed\n")); + return NT_STATUS_NO_MEMORY; + } + + status = tdb_add_keyed(tdb, group_mapping_keys, data, map); + TALLOC_FREE(data.dptr); + + return status; } NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - return add_mapping_entry(map, TDB_REPLACE); + TDB_DATA data; + char *primary_key; + NTSTATUS status; + + status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, + sid_string_static(&map->sid), + &data, &primary_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + TALLOC_FREE(data.dptr); + ZERO_STRUCT(data); + + if (!pack_group_map(NULL, map, &data)) { + DEBUG(0, ("pack_group_map failed\n")); + SAFE_FREE(primary_key); + return NT_STATUS_NO_MEMORY; + } + + status = tdb_update_keyed(tdb, primary_key, group_mapping_keys, + data, NULL); + TALLOC_FREE(data.dptr); + TALLOC_FREE(primary_key); + return status; } NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, - DOM_SID sid) + DOM_SID sid) { - return group_map_remove(&sid) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; + TDB_DATA data; + char *primary_key; + NTSTATUS status; + GROUP_MAP map; + + status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, sid_string_static(&sid), + &data, &primary_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!unpack_group_map(data, &map)) { + DEBUG(0, ("unpack_group_map failed\n")); + TALLOC_FREE(data.dptr); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + TALLOC_FREE(data.dptr); + + status = tdb_del_keyed(tdb, group_mapping_keys, primary_key, &map); + + TALLOC_FREE(primary_key); + return status; } NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, -- cgit From 0c53b0ab722ffd8bac7157274b14f56f4c4a31e8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Aug 2006 08:05:52 +0000 Subject: r17550: Fix a few bugs in the tdb_multikey code. Thanks to tridge for pointing them out. Volker (This used to be commit 6bf5e7080a51c416d1d1466b1ca84c8f23a6bf2c) --- source3/groupdb/mapping.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index f688de38ed..b617e34565 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -95,10 +95,10 @@ static char **group_mapping_keys(TALLOC_CTX *mem_ctx, TDB_DATA data, return NULL; } - result[KEYNUM_SID] = talloc_strdup(mem_ctx, + result[KEYNUM_SID] = talloc_strdup(result, sid_string_static(&mapp->sid)); - result[KEYNUM_NAME] = talloc_strdup(mem_ctx, mapp->nt_name); - result[KEYNUM_GID] = talloc_asprintf(mem_ctx, "%d", (int)mapp->gid); + result[KEYNUM_NAME] = talloc_strdup(result, mapp->nt_name); + result[KEYNUM_GID] = talloc_asprintf(result, "%d", (int)mapp->gid); result[3] = NULL; if ((result[0] == NULL) || (result[1] == NULL) || @@ -109,7 +109,7 @@ static char **group_mapping_keys(TALLOC_CTX *mem_ctx, TDB_DATA data, } /* name lookups are case insensitive, store the key in upper case */ - strupper_m(result[1]); + strupper_m(result[KEYNUM_NAME]); return result; } -- cgit From 03e3cd1d5a005ad5fd2bc97f9863abf675efd09f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Aug 2006 14:07:15 +0000 Subject: r17554: Cleanup (This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9) --- source3/groupdb/mapping.c | 981 +++++++++++++++++++++------------------------- 1 file changed, 450 insertions(+), 531 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index b617e34565..c701ef165d 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean Francois Micouleau 1998-2001. + * Copyright (C) Jean François Micouleau 1998-2001. * Copyright (C) Volker Lendecke 2006. * Copyright (C) Gerald Carter 2006. * @@ -27,7 +27,6 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define DATABASE_VERSION_V1 1 /* native byte format. */ #define DATABASE_VERSION_V2 2 /* le format. */ -#define DATABASE_VERSION_V3 3 /* Indexed format */ #define GROUP_PREFIX "UNIXGROUP/" @@ -38,243 +37,125 @@ static TDB_CONTEXT *tdb; /* used for driver files */ */ #define MEMBEROF_PREFIX "MEMBEROF/" -static BOOL pack_group_map(TALLOC_CTX *mem_ctx, const GROUP_MAP *map, - TDB_DATA *data) -{ - return tdb_pack_append(mem_ctx, &data->dptr, &data->dsize, "fddff", - sid_string_static(&map->sid), map->gid, - map->sid_name_use, map->nt_name, map->comment); -} - -static BOOL unpack_group_map(TDB_DATA data, GROUP_MAP *map) -{ - fstring sidstr; - - if (!tdb_unpack(data.dptr, data.dsize, "fddff", sidstr, &map->gid, - &map->sid_name_use, &map->nt_name, &map->comment)) { - DEBUG(0, ("tdb_unpack failed\n")); - return False; - } - if (!string_to_sid(&map->sid, sidstr)) { - DEBUG(0, ("sid_string %s invalid\n", sidstr)); - return False; - } - - return True; -} - -/* - * Calculate keys from the group mapping record - * - * We've got 3 keys: SID, Name (uppercased) and gid - */ - -#define KEYNUM_SID (0) -#define KEYNUM_NAME (1) -#define KEYNUM_GID (2) - -static char **group_mapping_keys(TALLOC_CTX *mem_ctx, TDB_DATA data, - void *private_data) -{ - char **result; - GROUP_MAP map; - GROUP_MAP *mapp = (GROUP_MAP *)private_data; - - if (mapp == NULL) { - if (!unpack_group_map(data, &map)) { - DEBUG(0, ("unpack_groupmap failed\n")); - return NULL; - } - mapp = ↦ - } - - result = TALLOC_ARRAY(mem_ctx, char *, 4); - if (result == NULL) { - DEBUG(0, ("talloc_array failed\n")); - return NULL; - } - - result[KEYNUM_SID] = talloc_strdup(result, - sid_string_static(&mapp->sid)); - result[KEYNUM_NAME] = talloc_strdup(result, mapp->nt_name); - result[KEYNUM_GID] = talloc_asprintf(result, "%d", (int)mapp->gid); - result[3] = NULL; - - if ((result[0] == NULL) || (result[1] == NULL) || - (result[2] == NULL)) { - DEBUG(0, ("talloc failed\n")); - TALLOC_FREE(result); - return NULL; - } - - /* name lookups are case insensitive, store the key in upper case */ - strupper_m(result[KEYNUM_NAME]); - - return result; -} - -static NTSTATUS upgrade_groupdb_to_v3(struct tdb_context *groupdb) -{ - TDB_DATA kbuf, newkey; - NTSTATUS status; - - for (kbuf = tdb_firstkey(groupdb); - kbuf.dptr; - newkey = tdb_nextkey(groupdb, kbuf), safe_free(kbuf.dptr), - kbuf=newkey) { - - fstring string_sid; - TDB_DATA data, newdata; - GROUP_MAP map; - int ret; - - if (strncmp(kbuf.dptr, GROUP_PREFIX, - strlen(GROUP_PREFIX)) != 0) { - continue; - } - - data = tdb_fetch(groupdb, kbuf); - if (!data.dptr) { - continue; - } - - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - - ret = tdb_unpack(data.dptr, data.dsize, "ddff", - &map.gid, &map.sid_name_use, &map.nt_name, - &map.comment); - SAFE_FREE(data.dptr); - - if ( ret == -1 ) { - DEBUG(3,("upgrade_groupdb_to_v3: tdb_unpack " - "failure\n")); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - if (!string_to_sid(&map.sid, string_sid)) { - DEBUG(3, ("Got invalid sid: %s\n", string_sid)); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - - if (tdb_delete(groupdb, kbuf) < 0) { - status = map_ntstatus_from_tdb(groupdb); - DEBUG(3, ("tdb_delete failed: %s\n", - nt_errstr(status))); - return status; - } - - if (map.gid == -1) { - DEBUG(3, ("Deleting umapped group %s\n", map.nt_name)); - continue; - } - - ZERO_STRUCT(newdata); - - if (!pack_group_map(NULL, &map, &newdata)) { - DEBUG(0, ("pack_group_map_failed\n")); - return NT_STATUS_NO_MEMORY; - } - - status = tdb_add_keyed(groupdb, group_mapping_keys, - newdata, &map); - TALLOC_FREE(newdata.dptr); - - if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECTID_EXISTS)) { - DEBUG(0, ("mapping for gid %d / name %s maps to " - "multiple SIDs -- rejected\n", - map.gid, map.nt_name)); - return status; - } - - if (!NT_STATUS_IS_OK(status)) { - DEBUG(5, ("tdb_add_keyed failed: %s\n", - nt_errstr(status))); - return status; - } - } - - return NT_STATUS_OK; -} +static BOOL enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only); +static BOOL group_map_remove(const DOM_SID *sid); /**************************************************************************** Open the group mapping tdb. ****************************************************************************/ -static NTSTATUS init_group_mapping(void) +static BOOL init_group_mapping(void) { const char *vstring = "INFO/version"; int32 vers_id; - NTSTATUS status; + GROUP_MAP *map_table = NULL; + size_t num_entries = 0; if (tdb) - return NT_STATUS_OK; + return True; - tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, - O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { - DEBUG(0,("Failed to open group mapping database: %s\n", - strerror(errno))); - return map_nt_error_from_unix(errno); + DEBUG(0,("Failed to open group mapping database\n")); + return False; } - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - tdb_close(tdb); - tdb = NULL; - return status; - } + /* handle a Samba upgrade */ + tdb_lock_bystring(tdb, vstring); /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(tdb, vstring); - - if (vers_id == DATABASE_VERSION_V3) { - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - return NT_STATUS_OK; + if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { + /* Written on a bigendian machine with old fetch_int code. Save as le. */ + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); + vers_id = DATABASE_VERSION_V2; } - if (vers_id < 0) { - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V3); - } - - if ((vers_id == DATABASE_VERSION_V1) || - (IREV(vers_id) == DATABASE_VERSION_V1)) { - - /* Written on a bigendian machine with old fetch_int - * code. Save as le. */ + /* if its an unknown version we remove everthing in the db */ + + if (vers_id != DATABASE_VERSION_V2) { + tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - vers_id = DATABASE_VERSION_V2; } - if (vers_id == DATABASE_VERSION_V2) { - status = upgrade_groupdb_to_v3(tdb); - if (!NT_STATUS_IS_OK(status)) { - goto fail; + tdb_unlock_bystring(tdb, vstring); + + /* cleanup any map entries with a gid == -1 */ + + if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, &num_entries, False ) ) { + int i; + + for ( i=0; isid); - return NT_STATUS_OK; + len = tdb_pack(buf, sizeof(buf), "ddff", + map->gid, map->sid_name_use, map->nt_name, map->comment); + + if (len > sizeof(buf)) + return False; - fail: - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dsize = strlen(key)+1; + kbuf.dptr = key; + dbuf.dsize = len; + dbuf.dptr = buf; + if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; + + return True; +} + +/**************************************************************************** +initialise first time the mapping list +****************************************************************************/ +NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) +{ + GROUP_MAP map; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; } - tdb_close(tdb); - tdb = NULL; + + map.gid=gid; + if (!string_to_sid(&map.sid, sid)) { + DEBUG(0, ("string_to_sid failed: %s", sid)); + return NT_STATUS_UNSUCCESSFUL; + } + + map.sid_name_use=sid_name_use; + fstrcpy(map.nt_name, nt_name); + fstrcpy(map.comment, comment); - return status; + return pdb_add_group_mapping_entry(&map); } /**************************************************************************** @@ -287,7 +168,7 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) const char *grpname, *dom, *name; uint32 rid; - if (NT_STATUS_IS_OK(pdb_getgrgid(&map, grp->gr_gid))) { + if (pdb_getgrgid(&map, grp->gr_gid)) { return NT_STATUS_GROUP_EXISTS; } @@ -339,172 +220,248 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) Return the sid and the type of the unix group. ****************************************************************************/ -static NTSTATUS get_group_map_from_sid(const DOM_SID *sid, GROUP_MAP *map) +static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + int ret = 0; + + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; + return(False); } - status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, sid_string_static(sid), - &data, NULL); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + /* the key is the SID, retrieving is direct */ - status = unpack_group_map(data, map) ? - NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); - TALLOC_FREE(data.dptr); - return status; + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + return False; + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + + SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); + return False; + } + + sid_copy(&map->sid, &sid); + + return True; } /**************************************************************************** Return the sid and the type of the unix group. ****************************************************************************/ -static NTSTATUS get_group_map_from_gid(gid_t gid, GROUP_MAP *map) +static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - char *gidstr; + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; + return(False); } - if (asprintf(&gidstr, "%d", (int)gid) < 0) { - DEBUG(0, ("asprintf failed\n")); - return NT_STATUS_NO_MEMORY; - } + /* we need to enumerate the TDB to find the GID */ - status = tdb_find_keyed(NULL, tdb, KEYNUM_GID, gidstr, &data, NULL); - SAFE_FREE(gidstr); + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - if (!NT_STATUS_IS_OK(status)) { - return status; - } + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + continue; - status = unpack_group_map(data, map) ? - NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - TALLOC_FREE(data.dptr); - return status; + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); + + SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n")); + return False; + } + + if (gid==map->gid) { + SAFE_FREE(kbuf.dptr); + return True; + } + } + + return False; } /**************************************************************************** Return the sid and the type of the unix group. ****************************************************************************/ -static NTSTATUS get_group_map_from_ntname(const char *name, GROUP_MAP *map) +static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - char *tmp; + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { - DEBUG(0,("failed to initialize group mapping\n")); - return status; + if(!init_group_mapping()) { + DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n")); + return(False); } - tmp = SMB_STRDUP(name); - if (tmp == NULL) { - DEBUG(0, ("strdup failed\n")); - return NT_STATUS_NO_MEMORY; - } + /* we need to enumerate the TDB to find the name */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + continue; - /* - * The name is stored uppercase to make the search case insensitive - */ + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - strupper_m(tmp); + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); - status = tdb_find_keyed(NULL, tdb, KEYNUM_NAME, tmp, &data, NULL); - SAFE_FREE(tmp); + SAFE_FREE(dbuf.dptr); + + if ( ret == -1 ) { + DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n")); + return False; + } - if (!NT_STATUS_IS_OK(status)) { - return status; + if ( strequal(name, map->nt_name) ) { + SAFE_FREE(kbuf.dptr); + return True; + } } - status = unpack_group_map(data, map) ? - NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION; + return False; +} + +/**************************************************************************** + Remove a group mapping entry. +****************************************************************************/ - TALLOC_FREE(data.dptr); - return status; +static BOOL group_map_remove(const DOM_SID *sid) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return(False); + } + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + return False; + + SAFE_FREE(dbuf.dptr); + + if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) + return False; + + return True; } /**************************************************************************** Enumerate the group mapping. ****************************************************************************/ -static NTSTATUS enum_group_mapping(const DOM_SID *domsid, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only) +static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, + size_t *p_num_entries, BOOL unix_only) { - struct tdb_keyed_iterator *iterator; - TDB_DATA dbuf; - NTSTATUS status; + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + GROUP_MAP map; + GROUP_MAP *mapt; + int ret; + size_t entries=0; + DOM_SID grpsid; + uint32 rid; - status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; + return(False); } *p_num_entries=0; *pp_rmap=NULL; - iterator = tdb_enum_keyed(NULL, tdb); - if (iterator == NULL) { - DEBUG(0, ("tdb_enum_keyed failed\n")); - return NT_STATUS_NO_MEMORY; - } - - while (tdb_next_keyed(iterator, &dbuf)) { + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - GROUP_MAP map; - DOM_SID grpsid; - uint32 rid; + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) + continue; - if (!unpack_group_map(dbuf, &map)) { - DEBUG(5, ("Got invalid group mapping entry\n")); - TALLOC_FREE(dbuf.dptr); + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; - } + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); SAFE_FREE(dbuf.dptr); + if ( ret == -1 ) { + DEBUG(3,("enum_group_mapping: tdb_unpack failure\n")); + continue; + } + /* list only the type or everything if UNKNOWN */ - if (sid_name_use!=SID_NAME_UNKNOWN && - sid_name_use!=map.sid_name_use) { - DEBUG(11,("enum_group_mapping: group %s is not of the " - "requested type\n", map.nt_name)); + if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { + DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); continue; } if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { - DEBUG(11,("enum_group_mapping: group %s is non " - "mapped\n", map.nt_name)); + DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); continue; } - sid_copy( &grpsid, &map.sid ); + string_to_sid(&grpsid, string_sid); + sid_copy( &map.sid, &grpsid ); + sid_split_rid( &grpsid, &rid ); /* Only check the domain if we were given one */ if ( domsid && !sid_equal( domsid, &grpsid ) ) { - DEBUG(11,("enum_group_mapping: group %s is not in " - "domain %s\n", sid_string_static(&map.sid), - sid_string_static(domsid))); + DEBUG(11,("enum_group_mapping: group %s is not in domain %s\n", + string_sid, sid_string_static(domsid))); continue; } @@ -512,14 +469,27 @@ static NTSTATUS enum_group_mapping(const DOM_SID *domsid, "type %s\n", map.nt_name, sid_type_lookup(map.sid_name_use))); - ADD_TO_ARRAY(NULL, GROUP_MAP, map, pp_rmap, p_num_entries); - if (*pp_rmap == NULL) { - DEBUG(0, ("ADD_TO_ARRAY failed\n")); - return NT_STATUS_NO_MEMORY; + (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); + if (!(*pp_rmap)) { + DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + return False; } + + mapt = (*pp_rmap); + + mapt[entries].gid = map.gid; + sid_copy( &mapt[entries].sid, &map.sid); + mapt[entries].sid_name_use = map.sid_name_use; + fstrcpy(mapt[entries].nt_name, map.nt_name); + fstrcpy(mapt[entries].comment, map.comment); + + entries++; + } - return NT_STATUS_OK; + *p_num_entries=entries; + + return True; } /* This operation happens on session setup, so it should better be fast. We @@ -532,7 +502,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member, TDB_DATA kbuf, dbuf; const char *p; - if (!NT_STATUS_IS_OK(init_group_mapping())) { + if (!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } @@ -611,41 +581,22 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) pstring key; fstring string_sid; char *new_memberstring; - NTSTATUS status; + int result; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); - return status; - } - - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - return status; - } - - status = get_group_map_from_sid(alias, &map); - - if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { - status = NT_STATUS_NO_SUCH_ALIAS; + return NT_STATUS_ACCESS_DENIED; } - if (!NT_STATUS_IS_OK(status)) { - goto fail; - } + if (!get_group_map_from_sid(*alias, &map)) + return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) { - status = NT_STATUS_NO_SUCH_ALIAS; - goto fail; - } + (map.sid_name_use != SID_NAME_WKN_GRP) ) + return NT_STATUS_NO_SUCH_ALIAS; - if (is_aliasmem(alias, member)) { - status = NT_STATUS_MEMBER_IN_ALIAS; - goto fail; - } + if (is_aliasmem(alias, member)) + return NT_STATUS_MEMBER_IN_ALIAS; sid_to_string(string_sid, member); slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); @@ -664,38 +615,18 @@ static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) new_memberstring = SMB_STRDUP(string_sid); } - if (new_memberstring == NULL) { - status = NT_STATUS_NO_MEMORY; - goto fail; - } + if (new_memberstring == NULL) + return NT_STATUS_NO_MEMORY; SAFE_FREE(dbuf.dptr); dbuf.dsize = strlen(new_memberstring)+1; dbuf.dptr = new_memberstring; - if (tdb_store(tdb, kbuf, dbuf, 0) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_store failed: %s\n", nt_errstr(status))); - SAFE_FREE(new_memberstring); - goto fail; - } + result = tdb_store(tdb, kbuf, dbuf, 0); SAFE_FREE(new_memberstring); - if (tdb_transaction_commit(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("tdb_transaction_commit failed: %s\n", - nt_errstr(status))); - goto fail; - } - - return NT_STATUS_OK; - - fail: - if (tdb_transaction_cancel(tdb) < 0) { - smb_panic("tdb_cancel_transaction failed\n"); - } - return status; + return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED); } struct aliasmem_closure { @@ -750,18 +681,17 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, return 0; } -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, - size_t *num) +static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) { GROUP_MAP map; struct aliasmem_closure closure; - if(!NT_STATUS_IS_OK(init_group_mapping())) { + if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return NT_STATUS_ACCESS_DENIED; } - if (!NT_STATUS_IS_OK(get_group_map_from_sid(alias, &map))) + if (!get_group_map_from_sid(*alias, &map)) return NT_STATUS_NO_SUCH_ALIAS; if ( (map.sid_name_use != SID_NAME_ALIAS) && @@ -781,33 +711,19 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) { - NTSTATUS status; - DOM_SID *sids = NULL; + NTSTATUS result; + DOM_SID *sids; size_t i, num; BOOL found = False; - char *member_string = NULL; + char *member_string; TDB_DATA kbuf, dbuf; pstring key; fstring sid_string; - status = init_group_mapping(); - if(!NT_STATUS_IS_OK(status)) { - DEBUG(0,("failed to initialize group mapping\n")); - return status; - } - - if (tdb_transaction_start(tdb) < 0) { - status = map_ntstatus_from_tdb(tdb); - DEBUG(5, ("Could not start transaction: %s\n", - nt_errstr(status))); - return status; - } - - status = alias_memberships(member, 1, &sids, &num); + result = alias_memberships(member, 1, &sids, &num); - if (!NT_STATUS_IS_OK(status)) { - goto fail; - } + if (!NT_STATUS_IS_OK(result)) + return result; for (i=0; int_name, "None" ); fstrcpy( map->comment, "Ordinary Users" ); - sid_copy( &map->sid, sid ); + sid_copy( &map->sid, &sid ); map->sid_name_use = SID_NAME_DOM_GRP; - return NT_STATUS_OK; + return True; } - return status; + return False; } DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); /* if it's not a domain group, continue */ if (map->sid_name_use!=SID_NAME_DOM_GRP) { - return NT_STATUS_OBJECT_TYPE_MISMATCH; + return False; } DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); if (map->gid==-1) { - return NT_STATUS_NOT_FOUND; + return False; } - DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n", - (unsigned long)map->gid)); + DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); grp = getgrgid(map->gid); if ( !grp ) { - DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in " - "UNIX security\n")); - return NT_STATUS_NOT_FOUND; + DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); + return False; } - DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX " - "security\n")); + DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); - return NT_STATUS_OK; + return True; } /**************************************************************************** @@ -1117,114 +998,70 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - const DOM_SID *sid) + DOM_SID sid) { - return get_group_map_from_sid(sid, map); + return get_group_map_from_sid(sid, map) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid) { - return get_group_map_from_gid(gid, map); + return get_group_map_from_gid(gid, map) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, const char *name) { - return get_group_map_from_ntname(name, map); + return get_group_map_from_ntname(name, map) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - TDB_DATA data; - NTSTATUS status; - - status = init_group_mapping(); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("failed to initialize group mapping\n")); - return status; - } - - ZERO_STRUCT(data); - if (!pack_group_map(NULL, map, &data)) { - DEBUG(0, ("pack_group_map failed\n")); - return NT_STATUS_NO_MEMORY; - } - - status = tdb_add_keyed(tdb, group_mapping_keys, data, map); - TALLOC_FREE(data.dptr); - - return status; + return add_mapping_entry(map, TDB_INSERT) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) + GROUP_MAP *map) { - TDB_DATA data; - char *primary_key; - NTSTATUS status; - - status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, - sid_string_static(&map->sid), - &data, &primary_key); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - TALLOC_FREE(data.dptr); - ZERO_STRUCT(data); - - if (!pack_group_map(NULL, map, &data)) { - DEBUG(0, ("pack_group_map failed\n")); - SAFE_FREE(primary_key); - return NT_STATUS_NO_MEMORY; - } - - status = tdb_update_keyed(tdb, primary_key, group_mapping_keys, - data, NULL); - TALLOC_FREE(data.dptr); - TALLOC_FREE(primary_key); - return status; + return add_mapping_entry(map, TDB_REPLACE) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, - DOM_SID sid) + DOM_SID sid) { - TDB_DATA data; - char *primary_key; - NTSTATUS status; - GROUP_MAP map; - - status = tdb_find_keyed(NULL, tdb, KEYNUM_SID, sid_string_static(&sid), - &data, &primary_key); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + return group_map_remove(&sid) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} - if (!unpack_group_map(data, &map)) { - DEBUG(0, ("unpack_group_map failed\n")); - TALLOC_FREE(data.dptr); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } +NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, + const DOM_SID *sid, enum SID_NAME_USE sid_name_use, + GROUP_MAP **pp_rmap, size_t *p_num_entries, + BOOL unix_only) +{ + return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ? + NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; +} - TALLOC_FREE(data.dptr); +NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, + const char *name, DOM_SID *sid) +{ + GROUP_MAP map; - status = tdb_del_keyed(tdb, group_mapping_keys, primary_key, &map); + if (!pdb_getgrnam(&map, name)) + return NT_STATUS_NO_SUCH_ALIAS; - TALLOC_FREE(primary_key); - return status; -} + if ((map.sid_name_use != SID_NAME_WKN_GRP) && + (map.sid_name_use != SID_NAME_ALIAS)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; -NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, - const DOM_SID *sid, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **pp_rmap, - size_t *p_num_entries, - BOOL unix_only) -{ - return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, - unix_only); + sid_copy(sid, &map.sid); + return NT_STATUS_OK; } NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, @@ -1301,7 +1138,7 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, sid))) + if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; if ((map.sid_name_use != SID_NAME_ALIAS) && @@ -1324,7 +1161,7 @@ NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, { GROUP_MAP map; - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, sid))) + if (!pdb_getgrsid(&map, *sid)) return NT_STATUS_NO_SUCH_ALIAS; fstrcpy(map.nt_name, info->acct_name); @@ -1391,6 +1228,88 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, return NT_STATUS_OK; } +/********************************************************************** + no ops for passdb backends that don't implement group mapping + *********************************************************************/ + +NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, + DOM_SID sid) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, + gid_t gid) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, + const char *name) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_add_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_update_group_mapping_entry(struct pdb_methods *methods, + GROUP_MAP *map) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, + DOM_SID sid) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, + enum SID_NAME_USE sid_name_use, + GROUP_MAP **rmap, size_t *num_entries, + BOOL unix_only) +{ + return NT_STATUS_UNSUCCESSFUL; +} + +/**************************************************************************** + These need to be redirected through pdb_interface.c +****************************************************************************/ +BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) +{ + GROUP_MAP map; + BOOL res; + + become_root(); + res = get_domain_group_from_sid(*sid, &map); + unbecome_root(); + + if (!res) + return False; + + fstrcpy(info->acct_name, map.nt_name); + fstrcpy(info->acct_desc, map.comment); + sid_peek_rid(sid, &info->rid); + return True; +} + +BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) +{ + GROUP_MAP map; + + if (!get_domain_group_from_sid(*sid, &map)) + return False; + + fstrcpy(map.nt_name, info->acct_name); + fstrcpy(map.comment, info->acct_desc); + + return NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)); +} + /******************************************************************** Really just intended to be called by smbd ********************************************************************/ -- cgit From c9f9c6505091aa1bf469c06c779040689c0737f7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 21 Aug 2006 20:04:01 +0000 Subject: r17669: Remove RID algorithm support from unmapped users and groups when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index c701ef165d..b1c5275bc1 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -195,7 +195,7 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) fstrcpy(map.nt_name, grpname); if (pdb_rid_algorithm()) { - rid = pdb_gid_to_group_rid( grp->gr_gid ); + rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); } else { if (!pdb_new_rid(&rid)) { DEBUG(3, ("Could not get a new RID for %s\n", -- cgit From 2b27c93a9a8471693d7dcb5fdbe8afe65b22ff66 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 8 Sep 2006 14:28:06 +0000 Subject: r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951) --- source3/groupdb/mapping.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index b1c5275bc1..3d7b9f3f91 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -38,7 +38,7 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define MEMBEROF_PREFIX "MEMBEROF/" -static BOOL enum_group_mapping(const DOM_SID *sid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, +static BOOL enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only); static BOOL group_map_remove(const DOM_SID *sid); @@ -136,7 +136,7 @@ static BOOL add_mapping_entry(GROUP_MAP *map, int flag) /**************************************************************************** initialise first time the mapping list ****************************************************************************/ -NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment) +NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment) { GROUP_MAP map; @@ -398,7 +398,7 @@ static BOOL group_map_remove(const DOM_SID *sid) Enumerate the group mapping. ****************************************************************************/ -static BOOL enum_group_mapping(const DOM_SID *domsid, enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, +static BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { TDB_DATA kbuf, dbuf, newkey; @@ -1040,7 +1040,7 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, } NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, - const DOM_SID *sid, enum SID_NAME_USE sid_name_use, + const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { @@ -1068,7 +1068,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, const char *name, uint32 *rid) { DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; uint32 new_rid; gid_t gid; BOOL exists; @@ -1269,7 +1269,7 @@ NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, } NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, - enum SID_NAME_USE sid_name_use, + enum lsa_SidType sid_name_use, GROUP_MAP **rmap, size_t *num_entries, BOOL unix_only) { @@ -1317,7 +1317,7 @@ BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) NTSTATUS pdb_create_builtin_alias(uint32 rid) { DOM_SID sid; - enum SID_NAME_USE type; + enum lsa_SidType type; gid_t gid; GROUP_MAP map; TALLOC_CTX *mem_ctx; -- cgit From a3e1f7e44d2d6a5ef801badc189b3dcf19dc72d9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 20 Sep 2006 00:15:50 +0000 Subject: r18703: Fix the annoying effect that happens when nscd is running: We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21) --- source3/groupdb/mapping.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 3d7b9f3f91..1d7934e9bf 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -878,9 +878,12 @@ int smb_create_group(const char *unix_group, gid_t *new_gid) pstring_sub(add_script, "%g", unix_group); ret = smbrun(add_script, &fd); DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); + if (ret == 0) { + smb_nscd_flush_group_cache(); + } if (ret != 0) return ret; - + if (fd != 0) { fstring output; @@ -920,6 +923,9 @@ int smb_delete_group(const char *unix_group) pstring_sub(del_script, "%g", unix_group); ret = smbrun(del_script,NULL); DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); + if (ret == 0) { + smb_nscd_flush_group_cache(); + } return ret; } @@ -944,6 +950,9 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) flush_pwnam_cache(); DEBUG(ret ? 0 : 3,("smb_set_primary_group: " "Running the command `%s' gave %d\n",add_script,ret)); + if (ret == 0) { + smb_nscd_flush_group_cache(); + } return ret; } @@ -967,6 +976,9 @@ int smb_add_user_group(const char *unix_group, const char *unix_user) pstring_sub(add_script, "%u", unix_user); ret = smbrun(add_script,NULL); DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); + if (ret == 0) { + smb_nscd_flush_group_cache(); + } return ret; } @@ -990,6 +1002,9 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) pstring_sub(del_script, "%u", unix_user); ret = smbrun(del_script,NULL); DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); + if (ret == 0) { + smb_nscd_flush_group_cache(); + } return ret; } -- cgit From 8761f5dcc4db5c825a600fe25792ec47cb6cbdc7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 24 Sep 2006 02:52:25 +0000 Subject: r18867: change the group mapping code to use ldb instead of tdb See the discussion of this on the samba-technical list (This used to be commit 4ad1436ceae0128e187222fce0fc79adb3049d3f) --- source3/groupdb/mapping.c | 649 +--------------------------------------------- 1 file changed, 1 insertion(+), 648 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 1d7934e9bf..ba1a7d1dee 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -22,116 +22,7 @@ */ #include "includes.h" - -static TDB_CONTEXT *tdb; /* used for driver files */ - -#define DATABASE_VERSION_V1 1 /* native byte format. */ -#define DATABASE_VERSION_V2 2 /* le format. */ - -#define GROUP_PREFIX "UNIXGROUP/" - -/* Alias memberships are stored reverse, as memberships. The performance - * critical operation is to determine the aliases a SID is member of, not - * listing alias members. So we store a list of alias SIDs a SID is member of - * hanging of the member as key. - */ -#define MEMBEROF_PREFIX "MEMBEROF/" - - -static BOOL enum_group_mapping(const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only); -static BOOL group_map_remove(const DOM_SID *sid); - -/**************************************************************************** - Open the group mapping tdb. -****************************************************************************/ - -static BOOL init_group_mapping(void) -{ - const char *vstring = "INFO/version"; - int32 vers_id; - GROUP_MAP *map_table = NULL; - size_t num_entries = 0; - - if (tdb) - return True; - - tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); - if (!tdb) { - DEBUG(0,("Failed to open group mapping database\n")); - return False; - } - - /* handle a Samba upgrade */ - tdb_lock_bystring(tdb, vstring); - - /* Cope with byte-reversed older versions of the db. */ - vers_id = tdb_fetch_int32(tdb, vstring); - if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { - /* Written on a bigendian machine with old fetch_int code. Save as le. */ - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - vers_id = DATABASE_VERSION_V2; - } - - /* if its an unknown version we remove everthing in the db */ - - if (vers_id != DATABASE_VERSION_V2) { - tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - } - - tdb_unlock_bystring(tdb, vstring); - - /* cleanup any map entries with a gid == -1 */ - - if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, &num_entries, False ) ) { - int i; - - for ( i=0; isid); - - len = tdb_pack(buf, sizeof(buf), "ddff", - map->gid, map->sid_name_use, map->nt_name, map->comment); - - if (len > sizeof(buf)) - return False; - - slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - dbuf.dsize = len; - dbuf.dptr = buf; - if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; - - return True; -} +#include "groupdb/mapping.h" /**************************************************************************** initialise first time the mapping list @@ -216,327 +107,11 @@ NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) return status; } -/**************************************************************************** - Return the sid and the type of the unix group. -****************************************************************************/ - -static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) -{ - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - int ret = 0; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - /* the key is the SID, retrieving is direct */ - - sid_to_string(string_sid, &sid); - slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); - - kbuf.dptr = key; - kbuf.dsize = strlen(key)+1; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - return False; - - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); - - SAFE_FREE(dbuf.dptr); - - if ( ret == -1 ) { - DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); - return False; - } - - sid_copy(&map->sid, &sid); - - return True; -} - -/**************************************************************************** - Return the sid and the type of the unix group. -****************************************************************************/ - -static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map) -{ - TDB_DATA kbuf, dbuf, newkey; - fstring string_sid; - int ret; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - /* we need to enumerate the TDB to find the GID */ - - for (kbuf = tdb_firstkey(tdb); - kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - - if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - continue; - - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - - string_to_sid(&map->sid, string_sid); - - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); - - SAFE_FREE(dbuf.dptr); - - if ( ret == -1 ) { - DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n")); - return False; - } - - if (gid==map->gid) { - SAFE_FREE(kbuf.dptr); - return True; - } - } - - return False; -} - -/**************************************************************************** - Return the sid and the type of the unix group. -****************************************************************************/ - -static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) -{ - TDB_DATA kbuf, dbuf, newkey; - fstring string_sid; - int ret; - - if(!init_group_mapping()) { - DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n")); - return(False); - } - - /* we need to enumerate the TDB to find the name */ - for (kbuf = tdb_firstkey(tdb); - kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - continue; - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - string_to_sid(&map->sid, string_sid); - - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); - SAFE_FREE(dbuf.dptr); - - if ( ret == -1 ) { - DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n")); - return False; - } - - if ( strequal(name, map->nt_name) ) { - SAFE_FREE(kbuf.dptr); - return True; - } - } - - return False; -} - -/**************************************************************************** - Remove a group mapping entry. -****************************************************************************/ - -static BOOL group_map_remove(const DOM_SID *sid) -{ - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - /* the key is the SID, retrieving is direct */ - - sid_to_string(string_sid, sid); - slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); - - kbuf.dptr = key; - kbuf.dsize = strlen(key)+1; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - return False; - - SAFE_FREE(dbuf.dptr); - - if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) - return False; - - return True; -} - -/**************************************************************************** - Enumerate the group mapping. -****************************************************************************/ - -static BOOL enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, - size_t *p_num_entries, BOOL unix_only) -{ - TDB_DATA kbuf, dbuf, newkey; - fstring string_sid; - GROUP_MAP map; - GROUP_MAP *mapt; - int ret; - size_t entries=0; - DOM_SID grpsid; - uint32 rid; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return(False); - } - - *p_num_entries=0; - *pp_rmap=NULL; - - for (kbuf = tdb_firstkey(tdb); - kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - - if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) - continue; - - dbuf = tdb_fetch(tdb, kbuf); - if (!dbuf.dptr) - continue; - - fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); - - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", - &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); - - SAFE_FREE(dbuf.dptr); - - if ( ret == -1 ) { - DEBUG(3,("enum_group_mapping: tdb_unpack failure\n")); - continue; - } - - /* list only the type or everything if UNKNOWN */ - if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { - DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); - continue; - } - - if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { - DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); - continue; - } - - string_to_sid(&grpsid, string_sid); - sid_copy( &map.sid, &grpsid ); - - sid_split_rid( &grpsid, &rid ); - - /* Only check the domain if we were given one */ - - if ( domsid && !sid_equal( domsid, &grpsid ) ) { - DEBUG(11,("enum_group_mapping: group %s is not in domain %s\n", - string_sid, sid_string_static(domsid))); - continue; - } - - DEBUG(11,("enum_group_mapping: returning group %s of " - "type %s\n", map.nt_name, - sid_type_lookup(map.sid_name_use))); - - (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); - if (!(*pp_rmap)) { - DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); - return False; - } - - mapt = (*pp_rmap); - - mapt[entries].gid = map.gid; - sid_copy( &mapt[entries].sid, &map.sid); - mapt[entries].sid_name_use = map.sid_name_use; - fstrcpy(mapt[entries].nt_name, map.nt_name); - fstrcpy(mapt[entries].comment, map.comment); - - entries++; - - } - - *p_num_entries=entries; - - return True; -} - -/* This operation happens on session setup, so it should better be fast. We - * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ - -static NTSTATUS one_alias_membership(const DOM_SID *member, - DOM_SID **sids, size_t *num) -{ - fstring key, string_sid; - TDB_DATA kbuf, dbuf; - const char *p; - - if (!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - sid_to_string(string_sid, member); - slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - dbuf = tdb_fetch(tdb, kbuf); - - if (dbuf.dptr == NULL) { - return NT_STATUS_OK; - } - - p = dbuf.dptr; - - while (next_token(&p, string_sid, " ", sizeof(string_sid))) { - - DOM_SID alias; - - if (!string_to_sid(&alias, string_sid)) - continue; - - add_sid_to_array_unique(NULL, &alias, sids, num); - - if (sids == NULL) - return NT_STATUS_NO_MEMORY; - } - - SAFE_FREE(dbuf.dptr); - return NT_STATUS_OK; -} static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members, DOM_SID **sids, size_t *num) @@ -554,235 +129,13 @@ static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members, return NT_STATUS_OK; } -static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - DOM_SID *sids; - size_t i, num; - - /* This feels the wrong way round, but the on-disk data structure - * dictates it this way. */ - if (!NT_STATUS_IS_OK(alias_memberships(member, 1, &sids, &num))) - return False; - - for (i=0; ialias, &alias) != 0) - continue; - - /* Ok, we found the alias we're looking for in the membership - * list currently scanned. The key represents the alias - * member. Add that. */ - - member_string = strchr(key.dptr, '/'); - - /* Above we tested for MEMBEROF_PREFIX which includes the - * slash. */ - - SMB_ASSERT(member_string != NULL); - member_string += 1; - - if (!string_to_sid(&member, member_string)) - continue; - - add_sid_to_array(NULL, &member, closure->sids, closure->num); - } - - return 0; -} - -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num) -{ - GROUP_MAP map; - struct aliasmem_closure closure; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!get_group_map_from_sid(*alias, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; - - *sids = NULL; - *num = 0; - - closure.alias = alias; - closure.sids = sids; - closure.num = num; - - tdb_traverse(tdb, collect_aliasmem, &closure); - return NT_STATUS_OK; -} - -static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - NTSTATUS result; - DOM_SID *sids; - size_t i, num; - BOOL found = False; - char *member_string; - TDB_DATA kbuf, dbuf; - pstring key; - fstring sid_string; - - result = alias_memberships(member, 1, &sids, &num); - - if (!NT_STATUS_IS_OK(result)) - return result; - - for (i=0; i Date: Sat, 9 Dec 2006 02:58:18 +0000 Subject: r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index ba1a7d1dee..54cffd1588 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -591,7 +591,7 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, *p_num_alias_rids += 1; } - SAFE_FREE(alias_sids); + TALLOC_FREE(alias_sids); return NT_STATUS_OK; } -- cgit From 2724ce625c5b081e923f838755aa26ad1cd4c487 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 28 Apr 2007 13:52:49 +0000 Subject: r22554: Fix an assumption that TALLOC_ARRAY(.., 0) != NULL. Volker (This used to be commit 1f15a8f371f7c56d1a6e67e52f0f184bbd270c84) --- source3/groupdb/mapping.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 54cffd1588..46e27d4de6 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -578,12 +578,17 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, if (!NT_STATUS_IS_OK(result)) return result; + *p_num_alias_rids = 0; + + if (num_alias_sids == 0) { + TALLOC_FREE(alias_sids); + return NT_STATUS_OK; + } + *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids); if (*pp_alias_rids == NULL) return NT_STATUS_NO_MEMORY; - *p_num_alias_rids = 0; - for (i=0; i Date: Fri, 11 May 2007 08:46:54 +0000 Subject: r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change return values of some alias-releated pdb functions from BOOL to NTSTATUS Thanks :-) (This used to be commit 590d2164b3a33250410338771e160f6ebd1aa89d) --- source3/groupdb/mapping.c | 16 ---------------- 1 file changed, 16 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 46e27d4de6..a27aa30014 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -416,22 +416,6 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, - const char *name, DOM_SID *sid) -{ - GROUP_MAP map; - - if (!pdb_getgrnam(&map, name)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ((map.sid_name_use != SID_NAME_WKN_GRP) && - (map.sid_name_use != SID_NAME_ALIAS)) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - sid_copy(sid, &map.sid); - return NT_STATUS_OK; -} - NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, const char *name, uint32 *rid) { -- cgit From 1cb8a948b3ce558506fe3ee084e8d0682cf4d3ed Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 11 May 2007 08:59:01 +0000 Subject: r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net sam unmapunixgroup" (This used to be commit 55e2f35fad8bda3ff2c2ace5323ddeaee87d783e) --- source3/groupdb/mapping.c | 64 ----------------------------------------------- 1 file changed, 64 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index a27aa30014..514b44f5b4 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -49,70 +49,6 @@ NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name return pdb_add_group_mapping_entry(&map); } -/**************************************************************************** - Map a unix group to a newly created mapping -****************************************************************************/ -NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) -{ - NTSTATUS status; - GROUP_MAP map; - const char *grpname, *dom, *name; - uint32 rid; - - if (pdb_getgrgid(&map, grp->gr_gid)) { - return NT_STATUS_GROUP_EXISTS; - } - - map.gid = grp->gr_gid; - grpname = grp->gr_name; - - if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, - &dom, &name, NULL, NULL)) { - - const char *tmp = talloc_asprintf( - tmp_talloc_ctx(), "Unix Group %s", grp->gr_name); - - DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n", - grpname, dom, name, tmp)); - grpname = tmp; - } - - if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, - NULL, NULL, NULL, NULL)) { - DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name)); - return NT_STATUS_GROUP_EXISTS; - } - - fstrcpy(map.nt_name, grpname); - - if (pdb_rid_algorithm()) { - rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid ); - } else { - if (!pdb_new_rid(&rid)) { - DEBUG(3, ("Could not get a new RID for %s\n", - grp->gr_name)); - return NT_STATUS_ACCESS_DENIED; - } - } - - sid_compose(&map.sid, get_global_sam_sid(), rid); - map.sid_name_use = SID_NAME_DOM_GRP; - fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), "Unix Group %s", - grp->gr_name)); - - status = pdb_add_group_mapping_entry(&map); - if (NT_STATUS_IS_OK(status)) { - *pmap = map; - } - return status; -} - - - - - - - static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members, DOM_SID **sids, size_t *num) { -- cgit From 248a82c0f28a5e1df957726558b795cf98d29097 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 4 Jun 2007 01:51:18 +0000 Subject: r23323: merged ldb changes from 3.0.26 (This used to be commit 7c9a5c2a3f012a06e9550dc0de7df460c2fd943b) --- source3/groupdb/mapping.c | 98 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 87 insertions(+), 11 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 514b44f5b4..9ead1c6317 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -24,6 +24,37 @@ #include "includes.h" #include "groupdb/mapping.h" +static const struct mapping_backend *backend; + +/* + initialise a group mapping backend + */ +static BOOL init_group_mapping(void) +{ + const char *backend_string; + + if (backend != NULL) { + /* already initialised */ + return True; + } + + /* default to using the ldb backend. This parameter should + disappear in future versions of Samba3, but for now it + provides a safety net in case any major problems are + discovered with ldb after the release */ + backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb"); + + if (strcmp(backend_string, "ldb") == 0) { + backend = groupdb_ldb_init(); + } else if (strcmp(backend_string, "tdb") == 0) { + backend = groupdb_tdb_init(); + } else { + DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string)); + smb_panic("Unknown groupdb backend\n"); + } + return backend != NULL; +} + /**************************************************************************** initialise first time the mapping list ****************************************************************************/ @@ -58,7 +89,7 @@ static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members, *sids = NULL; for (i=0; ione_alias_membership(&members[i], sids, num); if (!NT_STATUS_IS_OK(status)) return status; } @@ -304,42 +335,66 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid) { - return get_group_map_from_sid(sid, map) ? + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->get_group_map_from_sid(sid, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid) { - return get_group_map_from_gid(gid, map) ? + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->get_group_map_from_gid(gid, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, const char *name) { - return get_group_map_from_ntname(name, map) ? + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->get_group_map_from_ntname(name, map) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_add_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { - return add_mapping_entry(map, TDB_INSERT) ? + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->add_mapping_entry(map, TDB_INSERT) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, GROUP_MAP *map) { - return add_mapping_entry(map, TDB_REPLACE) ? + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->add_mapping_entry(map, TDB_REPLACE) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, DOM_SID sid) { - return group_map_remove(&sid) ? + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->group_map_remove(&sid) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -348,7 +403,11 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only) { - return enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ? + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->enum_group_mapping(sid, sid_name_use, pp_rmap, p_num_entries, unix_only) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -461,20 +520,32 @@ NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, const DOM_SID *alias, const DOM_SID *member) { - return add_aliasmem(alias, member); + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->add_aliasmem(alias, member); } NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods, const DOM_SID *alias, const DOM_SID *member) { - return del_aliasmem(alias, member); + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->del_aliasmem(alias, member); } NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, const DOM_SID *alias, DOM_SID **pp_members, size_t *p_num_members) { - return enum_aliasmem(alias, pp_members, p_num_members); + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + return backend->enum_aliasmem(alias, pp_members, p_num_members); } NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, @@ -489,6 +560,11 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, size_t i, num_alias_sids; NTSTATUS result; + if (!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return NT_STATUS_UNSUCCESSFUL; + } + alias_sids = NULL; num_alias_sids = 0; -- cgit From b1ce226af8b61ad7e3c37860a59c6715012e738b Mon Sep 17 00:00:00 2001 From: James Peach Date: Fri, 15 Jun 2007 21:58:49 +0000 Subject: r23510: Tidy calls to smb_panic by removing trailing newlines. Print the failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 9ead1c6317..4d0d01b898 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -50,7 +50,7 @@ static BOOL init_group_mapping(void) backend = groupdb_tdb_init(); } else { DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string)); - smb_panic("Unknown groupdb backend\n"); + smb_panic("Unknown groupdb backend"); } return backend != NULL; } -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 4d0d01b898..4736c4d259 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -8,7 +8,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/groupdb/mapping.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 4736c4d259..e14ad7d509 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -17,8 +17,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From 56a029258f75da967f73e7151292d8cdaf3fecdf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Sep 2007 09:15:08 +0000 Subject: r25024: Fix a whole bunch of Coverity bugs The callers of get_domain_group_from_sid() with some justification expected map->gid to be initialized when get_domain_group_from_sid returned True. (This used to be commit bc8b74dbfec965ede7bf45118d1a863b28d000fd) --- source3/groupdb/mapping.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index e14ad7d509..0a733dded9 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -145,6 +145,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) fstrcpy( map->comment, "Ordinary Users" ); sid_copy( &map->sid, &sid ); map->sid_name_use = SID_NAME_DOM_GRP; + map->gid = (gid_t)-1; return True; } -- cgit From d7a4d51eadaa9c01fb91375e855db0bffe7dd2bd Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 27 Sep 2007 20:12:40 +0000 Subject: r25380: Remove the groupdb:mapping parameter as discussed in the following thread: http://lists.samba.org/archive/samba-technical/2007-June/053747.html (This used to be commit c5adb92c020e38644baf1afc8fc570a518cd6307) --- source3/groupdb/mapping.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 0a733dded9..2e9658fec9 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -37,20 +37,8 @@ static BOOL init_group_mapping(void) return True; } - /* default to using the ldb backend. This parameter should - disappear in future versions of Samba3, but for now it - provides a safety net in case any major problems are - discovered with ldb after the release */ - backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb"); - - if (strcmp(backend_string, "ldb") == 0) { - backend = groupdb_ldb_init(); - } else if (strcmp(backend_string, "tdb") == 0) { - backend = groupdb_tdb_init(); - } else { - DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string)); - smb_panic("Unknown groupdb backend"); - } + backend = groupdb_ldb_init(); + return backend != NULL; } -- cgit From 1f4e302dc2c8f88720fc9e98a0370fa9768d7262 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 27 Sep 2007 23:33:35 +0000 Subject: r25393: Removed unused variable (This used to be commit 11894a62e3a41f3387fac1a578258321333085ac) --- source3/groupdb/mapping.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 2e9658fec9..3a4f7abbcd 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -30,8 +30,6 @@ static const struct mapping_backend *backend; */ static BOOL init_group_mapping(void) { - const char *backend_string; - if (backend != NULL) { /* already initialised */ return True; -- cgit From 5335a5d0c4b41bb1c518fa9966cd75cbf4643e7a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 28 Sep 2007 18:09:50 +0000 Subject: r25405: Fix formatting as per metze's comments (This used to be commit 45fa393358926117e0209970414678547d8504a6) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 3a4f7abbcd..8ba436cfc2 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -35,7 +35,7 @@ static BOOL init_group_mapping(void) return True; } - backend = groupdb_ldb_init(); + backend = groupdb_ldb_init(); return backend != NULL; } -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/groupdb/mapping.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 8ba436cfc2..bd0d775fc5 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -28,7 +28,7 @@ static const struct mapping_backend *backend; /* initialise a group mapping backend */ -static BOOL init_group_mapping(void) +static bool init_group_mapping(void) { if (backend != NULL) { /* already initialised */ @@ -101,10 +101,10 @@ struct aliasmem_closure { /* get a domain group from it's SID */ -BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) +bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) { struct group *grp; - BOOL ret; + bool ret; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); @@ -387,7 +387,7 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, const DOM_SID *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, - BOOL unix_only) + bool unix_only) { if (!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); @@ -404,7 +404,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, enum lsa_SidType type; uint32 new_rid; gid_t gid; - BOOL exists; + bool exists; GROUP_MAP map; TALLOC_CTX *mem_ctx; NTSTATUS status; @@ -626,7 +626,7 @@ NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, enum lsa_SidType sid_name_use, GROUP_MAP **rmap, size_t *num_entries, - BOOL unix_only) + bool unix_only) { return NT_STATUS_UNSUCCESSFUL; } @@ -634,10 +634,10 @@ NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, /**************************************************************************** These need to be redirected through pdb_interface.c ****************************************************************************/ -BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) +bool pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) { GROUP_MAP map; - BOOL res; + bool res; become_root(); res = get_domain_group_from_sid(*sid, &map); @@ -652,7 +652,7 @@ BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) return True; } -BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) +bool pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) { GROUP_MAP map; -- cgit From cd8a2b5ffeb88923d3e233e00aaa5f7f049d9b16 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Oct 2007 14:29:06 +0200 Subject: [crash fix] don't use already free'ed memory (found by "make valgrindtest" and my "start winbindd on make test" patch) metze (cherry picked from commit fe21e48489852720a05b305b251e4f5cbb200f7a) (cherry picked from commit 26d8a1ad20c10da495970c584983fbd261b4946e) (This used to be commit a128a8805e172738334ec6854548f138c335058b) --- source3/groupdb/mapping.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index bd0d775fc5..6f54e3d550 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -705,12 +705,12 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid) return NT_STATUS_ACCESS_DENIED; } - DEBUG(10,("Creating alias %s with gid %d\n", name, gid)); + DEBUG(10,("Creating alias %s with gid %d\n", groupname, gid)); map.gid = gid; sid_copy(&map.sid, &sid); map.sid_name_use = SID_NAME_ALIAS; - fstrcpy(map.nt_name, name); + fstrcpy(map.nt_name, groupname); fstrcpy(map.comment, ""); status = pdb_add_group_mapping_entry(&map); -- cgit From e2eaf24f7b04984fd3ea0514c32b743e9ca479c9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Nov 2007 15:00:48 -0800 Subject: Remove all pstring from groupdb/ Jeremy. (This used to be commit 6959c5c7e3e95604c66788b86d5789757e18cc36) --- source3/groupdb/mapping.c | 129 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 95 insertions(+), 34 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 6f54e3d550..78643da64e 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -171,17 +171,28 @@ bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map) int smb_create_group(const char *unix_group, gid_t *new_gid) { - pstring add_script; + char *add_script = NULL; int ret = -1; int fd = 0; - + *new_gid = 0; /* defer to scripts */ - + if ( *lp_addgroup_script() ) { - pstrcpy(add_script, lp_addgroup_script()); - pstring_sub(add_script, "%g", unix_group); + TALLOC_CTX *ctx = talloc_tos(); + + add_script = talloc_strdup(ctx, + lp_addgroup_script()); + if (!add_script) { + return -1; + } + add_script = talloc_string_sub(ctx, + add_script, "%g", unix_group); + if (!add_script) { + return -1; + } + ret = smbrun(add_script, &fd); DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); if (ret == 0) { @@ -197,7 +208,7 @@ int smb_create_group(const char *unix_group, gid_t *new_gid) if (read(fd, output, sizeof(output)) > 0) { *new_gid = (gid_t)strtoul(output, NULL, 10); } - + close(fd); } @@ -209,8 +220,8 @@ int smb_create_group(const char *unix_group, gid_t *new_gid) if (grp != NULL) *new_gid = grp->gr_gid; } - - return ret; + + return ret; } /**************************************************************************** @@ -219,14 +230,24 @@ int smb_create_group(const char *unix_group, gid_t *new_gid) int smb_delete_group(const char *unix_group) { - pstring del_script; - int ret; + char *del_script = NULL; + int ret = -1; /* defer to scripts */ - + if ( *lp_delgroup_script() ) { - pstrcpy(del_script, lp_delgroup_script()); - pstring_sub(del_script, "%g", unix_group); + TALLOC_CTX *ctx = talloc_tos(); + + del_script = talloc_strdup(ctx, + lp_delgroup_script()); + if (!del_script) { + return -1; + } + del_script = talloc_string_sub(ctx, + del_script, "%g", unix_group); + if (!del_script) { + return -1; + } ret = smbrun(del_script,NULL); DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); if (ret == 0) { @@ -234,24 +255,36 @@ int smb_delete_group(const char *unix_group) } return ret; } - + return -1; } /**************************************************************************** Set a user's primary UNIX group. ****************************************************************************/ + int smb_set_primary_group(const char *unix_group, const char* unix_user) { - pstring add_script; - int ret; + char *add_script = NULL; + int ret = -1; /* defer to scripts */ - + if ( *lp_setprimarygroup_script() ) { - pstrcpy(add_script, lp_setprimarygroup_script()); - all_string_sub(add_script, "%g", unix_group, sizeof(add_script)); - all_string_sub(add_script, "%u", unix_user, sizeof(add_script)); + TALLOC_CTX *ctx = talloc_tos(); + + add_script = talloc_strdup(ctx, + lp_setprimarygroup_script()); + if (!add_script) { + return -1; + } + add_script = talloc_all_string_sub(ctx, + add_script, + "%g", + unix_group); + if (!add_script) { + return -1; + } ret = smbrun(add_script,NULL); flush_pwnam_cache(); DEBUG(ret ? 0 : 3,("smb_set_primary_group: " @@ -271,15 +304,29 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) int smb_add_user_group(const char *unix_group, const char *unix_user) { - pstring add_script; - int ret; + char *add_script = NULL; + int ret = -1; /* defer to scripts */ - + if ( *lp_addusertogroup_script() ) { - pstrcpy(add_script, lp_addusertogroup_script()); - pstring_sub(add_script, "%g", unix_group); - pstring_sub(add_script, "%u", unix_user); + TALLOC_CTX *ctx = talloc_tos(); + + add_script = talloc_strdup(ctx, + lp_addusertogroup_script()); + if (!add_script) { + return -1; + } + add_script = talloc_string_sub(ctx, + add_script, "%g", unix_group); + if (!add_script) { + return -1; + } + add_script = talloc_string_sub(ctx, + add_script, "%u", unix_user); + if (!add_script) { + return -1; + } ret = smbrun(add_script,NULL); DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); if (ret == 0) { @@ -287,7 +334,7 @@ int smb_add_user_group(const char *unix_group, const char *unix_user) } return ret; } - + return -1; } @@ -297,15 +344,29 @@ int smb_add_user_group(const char *unix_group, const char *unix_user) int smb_delete_user_group(const char *unix_group, const char *unix_user) { - pstring del_script; - int ret; + char *del_script = NULL; + int ret = -1; /* defer to scripts */ - + if ( *lp_deluserfromgroup_script() ) { - pstrcpy(del_script, lp_deluserfromgroup_script()); - pstring_sub(del_script, "%g", unix_group); - pstring_sub(del_script, "%u", unix_user); + TALLOC_CTX *ctx = talloc_tos(); + + del_script = talloc_strdup(ctx, + lp_deluserfromgroup_script()); + if (!del_script) { + return -1; + } + del_script = talloc_string_sub(ctx, + del_script, "%g", unix_group); + if (!del_script) { + return -1; + } + del_script = talloc_string_sub(ctx, + del_script, "%u", unix_user); + if (!del_script) { + return -1; + } ret = smbrun(del_script,NULL); DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); if (ret == 0) { @@ -313,7 +374,7 @@ int smb_delete_user_group(const char *unix_group, const char *unix_user) } return ret; } - + return -1; } -- cgit From 900288a2b86abd247f9eb4cd15dc5617a17cfef1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:11:36 +0100 Subject: Replace sid_string_static by sid_string_dbg in DEBUGs (This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 78643da64e..3a3da0a128 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -538,7 +538,7 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, if ((map.sid_name_use != SID_NAME_ALIAS) && (map.sid_name_use != SID_NAME_WKN_GRP)) { DEBUG(2, ("%s is a %s, expected an alias\n", - sid_string_static(sid), + sid_string_dbg(sid), sid_type_lookup(map.sid_name_use))); return NT_STATUS_NO_SUCH_ALIAS; } -- cgit From 286b050e1555473e0fbe9c98d4a2351c02a7777f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Dec 2007 10:55:37 +0100 Subject: Fix flags in call of lookup_name() in pdb_default_create_alias(). Use new flag LOOKUP_NAME_LOCAL. Michael (This used to be commit 280d6cb6c8e834ce0a08769e9187b0f40321716f) --- source3/groupdb/mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 3a3da0a128..1ddda583df 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -477,7 +477,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, return NT_STATUS_NO_MEMORY; } - exists = lookup_name(mem_ctx, name, LOOKUP_NAME_ISOLATED, + exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL, NULL, NULL, &sid, &type); TALLOC_FREE(mem_ctx); -- cgit From 37fbe55eea3cbd7fc74ef2da84549eecfa55be8c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 28 Mar 2008 08:24:28 +0100 Subject: groupdb: readd groupdb:backend parametric option This reverts c5adb92c020e38644baf1afc8fc570a518cd6307. The reason is that ldb doesn't work for cluster setups yet. metze (This used to be commit 5f5d90ef76b969ecbe564399368a7450c4e3d155) --- source3/groupdb/mapping.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 1ddda583df..ce66bfa64f 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -30,12 +30,30 @@ static const struct mapping_backend *backend; */ static bool init_group_mapping(void) { + const char *backend_string; + if (backend != NULL) { /* already initialised */ return True; } - - backend = groupdb_ldb_init(); + + /* + * default to using the ldb backend. This parameter should + * disappear in future versions of Samba3. + * + * But it's needed for cluster setups, because it's + * not yet possible to distribute a ldb inside a cluster. + */ + backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb"); + + if (strcmp(backend_string, "ldb") == 0) { + backend = groupdb_ldb_init(); + } else if (strcmp(backend_string, "tdb") == 0) { + backend = groupdb_tdb_init(); + } else { + DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string)); + smb_panic("Unknown groupdb backend"); + } return backend != NULL; } -- cgit From b6344d1d459479063fee85c0f12bb9f0f3292dcf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 14 Jul 2008 12:40:33 -0700 Subject: Add fix from Simo for bug #5540 - missing code to substitute %u. Make this the same as other uses. Jeremy. (This used to be commit c4a137e9789b06047ce53e5828fb5e1bb76aca06) --- source3/groupdb/mapping.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3/groupdb/mapping.c') diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index ce66bfa64f..b952cda523 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -297,9 +297,12 @@ int smb_set_primary_group(const char *unix_group, const char* unix_user) return -1; } add_script = talloc_all_string_sub(ctx, - add_script, - "%g", - unix_group); + add_script, "%g", unix_group); + if (!add_script) { + return -1; + } + add_script = talloc_string_sub(ctx, + add_script, "%u", unix_user); if (!add_script) { return -1; } -- cgit