sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
84758bd1f8
samba-mirror/source3/lib/util_sid.c

673 lines
18 KiB
C
Raw Normal View History

util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
/*
Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-30 09:08:46 +03:00
Unix SMB/CIFS implementation.
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
Samba utility functions
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
Copyright (C) Jeremy Allison 1999
Copyright (C) Stefan (metze) Metzmacher 2002
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
Copyright (C) Simo Sorce 2002
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
/*
* Some useful sids
*/
r6263: Get rid of generate_wellknown_sids, they are const static and initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2005-04-09 15:46:40 +04:00
const DOM_SID global_sid_World_Domain = /* Everyone domain */
{ 1, 0, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_World = /* Everyone */
{ 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Creator_Owner_Domain = /* Creator Owner domain */
{ 1, 0, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_NT_Authority = /* NT Authority */
{ 1, 0, {0,0,0,0,0,5}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_System = /* System */
{ 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_NULL = /* NULL sid */
{ 1, 1, {0,0,0,0,0,0}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Authenticated_Users = /* All authenticated rids */
{ 1, 1, {0,0,0,0,0,5}, {11,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Network = /* Network rids */
{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Creator_Owner = /* Creator Owner */
{ 1, 1, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Creator_Group = /* Creator Group */
{ 1, 1, {0,0,0,0,0,3}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Anonymous = /* Anonymous login */
{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin = /* Local well-known domain */
{ 1, 1, {0,0,0,0,0,5}, {32,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Administrators = /* Builtin administrators */
{ 1, 2, {0,0,0,0,0,5}, {32,544,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Users = /* Builtin users */
{ 1, 2, {0,0,0,0,0,5}, {32,545,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Guests = /* Builtin guest users */
{ 1, 2, {0,0,0,0,0,5}, {32,546,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Power_Users = /* Builtin power users */
{ 1, 2, {0,0,0,0,0,5}, {32,547,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Account_Operators = /* Builtin account operators */
{ 1, 2, {0,0,0,0,0,5}, {32,548,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Server_Operators = /* Builtin server operators */
{ 1, 2, {0,0,0,0,0,5}, {32,549,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Print_Operators = /* Builtin print operators */
{ 1, 2, {0,0,0,0,0,5}, {32,550,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Backup_Operators = /* Builtin backup operators */
{ 1, 2, {0,0,0,0,0,5}, {32,551,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Builtin_Replicator = /* Builtin replicator */
{ 1, 2, {0,0,0,0,0,5}, {32,552,0,0,0,0,0,0,0,0,0,0,0,0,0}};
r15251: Adding PreWin2kAccess builtin sid. Guenther (This used to be commit 4330d1b74cba14501c2864105b2fae53ccf9475f)
2006-04-26 00:14:46 +04:00
const DOM_SID global_sid_Builtin_PreWin2kAccess = /* Builtin pre win2k access */
{ 1, 2, {0,0,0,0,0,5}, {32,554,0,0,0,0,0,0,0,0,0,0,0,0,0}};
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2006-02-04 01:19:41 +03:00
const DOM_SID global_sid_Unix_Users = /* Unmapped Unix users */
{ 1, 1, {0,0,0,0,0,22}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
const DOM_SID global_sid_Unix_Groups = /* Unmapped Unix groups */
{ 1, 1, {0,0,0,0,0,22}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
/* Unused, left here for documentary purposes */
#if 0
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
#define SECURITY_NULL_SID_AUTHORITY 0
#define SECURITY_WORLD_SID_AUTHORITY 1
#define SECURITY_LOCAL_SID_AUTHORITY 2
#define SECURITY_CREATOR_SID_AUTHORITY 3
#define SECURITY_NT_AUTHORITY 5
r12051: Merge across the lookup_name and lookup_sid work. Lets see how the build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2005-12-03 21:34:13 +03:00
#endif
sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-09-25 19:19:00 +04:00
Removed the special casing of SIDs in se_access_check. This is now done (correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
2000-12-12 05:36:14 +03:00
/*
* An NT compatible anonymous token.
*/
r6263: Get rid of generate_wellknown_sids, they are const static and initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2005-04-09 15:46:40 +04:00
static DOM_SID anon_sid_array[3] =
{ { 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
NT_USER_TOKEN anonymous_token = { 3, anon_sid_array, SE_NONE };
Removed the special casing of SIDs in se_access_check. This is now done (correctly) when the NT_USER_TOKEN is *created*. Jeremy. (This used to be commit 27d72ed1cf8ece2bede812341279ba5a7262ace4)
2000-12-12 05:36:14 +03:00
r6263: Get rid of generate_wellknown_sids, they are const static and initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2005-04-09 15:46:40 +04:00
static DOM_SID system_sid_array[1] =
{ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
NT_USER_TOKEN system_token = { 1, system_sid_array, SE_ALL_PRIVS };
syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-10-01 22:26:00 +04:00
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
/****************************************************************************
Lookup string names for SID types.
****************************************************************************/
Merge from HEAD - make Samba compile with -Wwrite-strings without additional warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2003-01-03 11:28:12 +03:00
static const struct {
r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2006-09-08 18:28:06 +04:00
enum lsa_SidType sid_type;
Merge from HEAD - make Samba compile with -Wwrite-strings without additional warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2003-01-03 11:28:12 +03:00
const char *string;
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
} sid_name_type[] = {
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
{SID_NAME_USER, "User"},
{SID_NAME_DOM_GRP, "Domain Group"},
{SID_NAME_DOMAIN, "Domain"},
{SID_NAME_ALIAS, "Local Group"},
{SID_NAME_WKN_GRP, "Well-known Group"},
{SID_NAME_DELETED, "Deleted Account"},
{SID_NAME_INVALID, "Invalid Account"},
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
{SID_NAME_UNKNOWN, "UNKNOWN"},
Merge of new sid type (SID_NAME_COMPUTER) and tidyup. (This used to be commit c91cf2b38df9f51dd6cb46f0742e1c57bb36b508)
2003-04-14 06:26:41 +04:00
{SID_NAME_COMPUTER, "Computer"},
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
r18271: Big change: * autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2006-09-08 18:28:06 +04:00
{(enum lsa_SidType)0, NULL}
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
};
const char *sid_type_lookup(uint32 sid_type)
Merging Gerald's PDC SAM name fix. Jeremy. (This used to be commit d31799850440c6c2267a4edb217d447df75aab5a)
2001-05-03 06:50:11 +04:00
{
int i = 0;
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
/* Look through list */
while(sid_name_type[i].sid_type != 0) {
if (sid_name_type[i].sid_type == sid_type)
return sid_name_type[i].string;
Merging Gerald's PDC SAM name fix. Jeremy. (This used to be commit d31799850440c6c2267a4edb217d447df75aab5a)
2001-05-03 06:50:11 +04:00
i++;
}
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
/* Default return */
return "SID *TYPE* is INVALID";
Merging Gerald's PDC SAM name fix. Jeremy. (This used to be commit d31799850440c6c2267a4edb217d447df75aab5a)
2001-05-03 06:50:11 +04:00
}
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
/**************************************************************************
Create the SYSTEM token.
***************************************************************************/
syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-10-01 22:26:00 +04:00
NT_USER_TOKEN *get_system_token(void)
{
return &system_token;
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
}
r316: Fix split_domain_name. This defaulted to get_myname() instead of get_global_sam_name(). Error case: Adding a domain user to a XP local group did a lsalookupname on the user without domain prefix, and this then failed. Jerry: This is a must-fix before 3.0.3. Volker (This used to be commit f35e353454b6825da1de138a3f0d8106787e938b)
2004-04-21 19:04:05 +04:00
/******************************************************************
get the default domain/netbios name to be used when dealing
with our passdb list of accounts
******************************************************************/
const char *get_global_sam_name(void)
{
if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
return lp_workgroup();
}
return global_myname();
}
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
/*****************************************************************
Convert a SID to an ascii string.
*****************************************************************/
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
char *sid_to_string(fstring sidstr_out, const DOM_SID *sid)
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
{
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
char subauth[16];
int i;
uint32 ia;
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
if (!sid) {
fstrcpy(sidstr_out, "(NULL SID)");
return sidstr_out;
}
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
/*
* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32
* in a range of 2^48.
*/
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
ia = (sid->id_auth[5]) +
(sid->id_auth[4] << 8 ) +
(sid->id_auth[3] << 16) +
(sid->id_auth[2] << 24);
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
slprintf(sidstr_out, sizeof(fstring) - 1, "S-%u-%lu", (unsigned int)sid->sid_rev_num, (unsigned long)ia);
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
for (i = 0; i < sid->num_auths; i++) {
slprintf(subauth, sizeof(subauth)-1, "-%lu", (unsigned long)sid->sub_auths[i]);
fstrcat(sidstr_out, subauth);
}
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
return sidstr_out;
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
}
Start to merge the new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. Jeremy. (This used to be commit 597c4610090d711fd30c1ffacc97212cf399a264)
2002-10-18 23:46:32 +04:00
/*****************************************************************
Useful function for debug lines.
*****************************************************************/
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
const char *sid_string_static(const DOM_SID *sid)
fixed sid_compare_domain() (This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-19 11:37:03 +03:00
{
static fstring sid_str;
sid_to_string(sid_str, sid);
return sid_str;
}
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
/*****************************************************************
Convert a string to a SID. Returns True on success, False on fail.
*****************************************************************/
Fixup JF's weird SID return :-). Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-18 22:44:14 +03:00
BOOL string_to_sid(DOM_SID *sidout, const char *sidstr)
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
{
Removed global_myworkgroup, global_myname, global_myscope. Added liberal dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-13 02:20:50 +03:00
const char *p;
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
char *q;
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
/* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
uint32 conv;
util_sid.c - respect a const variabile (addedd strdup) cli_reg.c - indentation pdb_ldap.c - some checks on init fns parameters pdb_tdb.c - some checks on init fns parameters + make sure we close the db on failure (This used to be commit 49f5cb7a3df6d673f86e6769319aa657e30d8380)
2001-12-30 22:21:25 +03:00
r11229: an even bigger speedup spotted by Volker. string_to_sid() is now taking 1/5th the time it used to. Replace strcasecmp with invididual char checks for "S-" sid prefix. (This used to be commit de3d0094b78cb20da7ed958e8d3a428583694309)
2005-10-20 20:05:12 +04:00
if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-') {
r12387: Make string_to_sid a little more silent. Jeremy. (This used to be commit 7ccff8071abf2bd85f4022abace1f96c7f7f0d29)
2005-12-20 03:16:18 +03:00
DEBUG(3,("string_to_sid: Sid %s does not start with 'S-'.\n", sidstr));
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
return False;
}
r11230: Remove the '//' i was using to test something...oops (This used to be commit cda5a81bbe52308a81a79eb0354aea63027a9701)
2005-10-20 20:07:36 +04:00
ZERO_STRUCTP(sidout);
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
/* Get the revision number. */
p = sidstr + 2;
conv = (uint32) strtoul(p, &q, 10);
if (!q || (*q != '-')) {
r12387: Make string_to_sid a little more silent. Jeremy. (This used to be commit 7ccff8071abf2bd85f4022abace1f96c7f7f0d29)
2005-12-20 03:16:18 +03:00
DEBUG(3,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
return False;
}
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
sidout->sid_rev_num = (uint8) conv;
q++;
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
/* get identauth */
conv = (uint32) strtoul(q, &q, 10);
if (!q || (*q != '-')) {
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n", sidstr));
return False;
}
/* identauth in decimal should be < 2^32 */
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
/* NOTE - the conv value is in big-endian format. */
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
sidout->id_auth[0] = 0;
sidout->id_auth[1] = 0;
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
sidout->id_auth[2] = (conv & 0xff000000) >> 24;
sidout->id_auth[3] = (conv & 0x00ff0000) >> 16;
sidout->id_auth[4] = (conv & 0x0000ff00) >> 8;
sidout->id_auth[5] = (conv & 0x000000ff);
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
q++;
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
sidout->num_auths = 0;
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
for(conv = (uint32) strtoul(q, &q, 10);
q && (*q =='-' || *q =='\0') && (sidout->num_auths < MAXSUBAUTHS);
conv = (uint32) strtoul(q, &q, 10)) {
sid_append_rid(sidout, conv);
if (*q == '\0')
break;
q++;
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
}
r11228: Speed up string_to_sid by removing next_token calls, thus eliminating the need for allocating memory to duplicate the string. (This used to be commit e5cc94f13ff2dacb219c8a56fa13853d620ecda6)
2005-10-20 19:09:41 +04:00
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
return True;
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
}
r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2005-03-27 20:33:04 +04:00
DOM_SID *string_sid_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
{
DOM_SID *result = TALLOC_P(mem_ctx, DOM_SID);
if (result == NULL)
return NULL;
if (!string_to_sid(result, sidstr))
return NULL;
return result;
}
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
/*****************************************************************
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
Add a rid to the end of a sid
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
*****************************************************************/
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
BOOL sid_append_rid(DOM_SID *sid, uint32 rid)
{
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
if (sid->num_auths < MAXSUBAUTHS) {
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
sid->sub_auths[sid->num_auths++] = rid;
return True;
}
return False;
}
r7415: * big change -- volker's new async winbindd from trunk (This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2005-06-09 02:10:34 +04:00
BOOL sid_compose(DOM_SID *dst, const DOM_SID *domain_sid, uint32 rid)
{
sid_copy(dst, domain_sid);
return sid_append_rid(dst, rid);
}
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
/*****************************************************************
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
Removes the last rid from the end of a sid
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
*****************************************************************/
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
BOOL sid_split_rid(DOM_SID *sid, uint32 *rid)
{
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
if (sid->num_auths > 0) {
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
sid->num_auths--;
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
*rid = sid->sub_auths[sid->num_auths];
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
return True;
}
return False;
}
Added sid_peek_rid() function to return the rid of a sid. Saves mucking around with copying a sid to a temporary variable and using sid_split_rid(). (This used to be commit 9ee43d61be1284b72fd04054c44545847c73120f)
2001-05-10 04:48:06 +04:00
/*****************************************************************
Return the last rid from the end of a sid
*****************************************************************/
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
BOOL sid_peek_rid(const DOM_SID *sid, uint32 *rid)
Added sid_peek_rid() function to return the rid of a sid. Saves mucking around with copying a sid to a temporary variable and using sid_split_rid(). (This used to be commit 9ee43d61be1284b72fd04054c44545847c73120f)
2001-05-10 04:48:06 +04:00
{
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
if (!sid || !rid)
return False;
Added sid_peek_rid() function to return the rid of a sid. Saves mucking around with copying a sid to a temporary variable and using sid_split_rid(). (This used to be commit 9ee43d61be1284b72fd04054c44545847c73120f)
2001-05-10 04:48:06 +04:00
if (sid->num_auths > 0) {
*rid = sid->sub_auths[sid->num_auths - 1];
return True;
}
return False;
}
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
/*****************************************************************
Return the last rid from the end of a sid
and check the sid against the exp_dom_sid
*****************************************************************/
BOOL sid_peek_check_rid(const DOM_SID *exp_dom_sid, const DOM_SID *sid, uint32 *rid)
{
if (!exp_dom_sid || !sid || !rid)
return False;
When checking if a SID is in a domain, make sure that indeed the user RID is one element longer than the domain sid. Andrew Bartlett (This used to be commit c61e5e38776d2de53d120b592a6685158e79ebb8)
2003-05-09 13:33:51 +04:00
if (sid->num_auths != (exp_dom_sid->num_auths+1)) {
return False;
}
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
if (sid_compare_domain(exp_dom_sid, sid)!=0){
*rid=(-1);
return False;
}
return sid_peek_rid(sid, rid);
}
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
/*****************************************************************
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
Copies a sid
util_file.c: split some routines out of various places (e.g smbpass.c) because they now get used in more than one location. util_sid.c: need sid_copy, compare, split rid, append rid etc etc... (This used to be commit 71dfaa307ec954041c09ed157594a46503fb6db8)
1998-11-05 19:51:34 +03:00
*****************************************************************/
simple mods to add msrpc pipe redirection. default behaviour: fall back to using internal msrpc code in smbd. (This used to be commit 8976e26d46cb991710bc77463f7f928ac00dd4d8)
2000-01-03 22:19:48 +03:00
void sid_copy(DOM_SID *dst, const DOM_SID *src)
weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-29 23:03:33 +03:00
{
int i;
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
ZERO_STRUCTP(dst);
lib/util_sid.c: Uninitialized memory read. rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC... rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group when doing file access with no winbindd running. This is a partial fix - more when I have analysed this more. rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah ! Jeremy. (This used to be commit 151b131ee01ef916c072bcdaa9943a2e984a0f45)
2000-06-24 04:15:08 +04:00
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
dst->sid_rev_num = src->sid_rev_num;
dst->num_auths = src->num_auths;
weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-29 23:03:33 +03:00
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
memcpy(&dst->id_auth[0], &src->id_auth[0], sizeof(src->id_auth));
weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-29 23:03:33 +03:00
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
for (i = 0; i < src->num_auths; i++)
dst->sub_auths[i] = src->sub_auths[i];
weekend work. user / group database API. - split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-29 23:03:33 +03:00
}
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
/*****************************************************************
Write a sid out into on-the-wire format.
*****************************************************************/
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-10-01 22:26:00 +04:00
BOOL sid_linearize(char *outbuf, size_t len, const DOM_SID *sid)
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
{
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
size_t i;
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
put sid_to_name behind the winbindd backend interface I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03 14:11:14 +03:00
if (len < sid_size(sid))
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
return False;
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
SCVAL(outbuf,0,sid->sid_rev_num);
SCVAL(outbuf,1,sid->num_auths);
memcpy(&outbuf[2], sid->id_auth, 6);
for(i = 0; i < sid->num_auths; i++)
SIVAL(outbuf, 8 + (i*4), sid->sub_auths[i]);
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
return True;
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
}
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
added a basic ADS backend to winbind. More work needed, but at least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-12-03 09:04:18 +03:00
/*****************************************************************
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
Parse a on-the-wire SID to a DOM_SID.
added a basic ADS backend to winbind. More work needed, but at least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-12-03 09:04:18 +03:00
*****************************************************************/
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-10-01 22:26:00 +04:00
BOOL sid_parse(const char *inbuf, size_t len, DOM_SID *sid)
added a basic ADS backend to winbind. More work needed, but at least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-12-03 09:04:18 +03:00
{
int i;
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
if (len < 8)
return False;
sync 3.0 branch with head (This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-08-17 21:00:51 +04:00
ZERO_STRUCTP(sid);
added a basic ADS backend to winbind. More work needed, but at least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-12-03 09:04:18 +03:00
sid->sid_rev_num = CVAL(inbuf, 0);
sid->num_auths = CVAL(inbuf, 1);
memcpy(sid->id_auth, inbuf+2, 6);
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
if (len < 8 + sid->num_auths*4)
return False;
for (i=0;i<sid->num_auths;i++)
added a basic ADS backend to winbind. More work needed, but at least basic operations work (This used to be commit 88241cab983b2c7db7d477c6c4654694a7a56cd3)
2001-12-03 09:04:18 +03:00
sid->sub_auths[i] = IVAL(inbuf, 8+i*4);
return True;
}
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
/*****************************************************************
fixed sid_compare_domain() (This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-19 11:37:03 +03:00
Compare the auth portion of two sids.
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
*****************************************************************/
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-07-15 14:35:28 +04:00
static int sid_compare_auth(const DOM_SID *sid1, const DOM_SID *sid2)
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
{
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
int i;
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
if (sid1 == sid2)
return 0;
if (!sid1)
return -1;
if (!sid2)
return 1;
if the sids are not the same pointer and either of the sids are NULL then the two sids are not equal (This used to be commit 9ccf3b1dc5baf0e00d032d8b932ab0fb5b1e11b1)
2000-07-26 00:26:50 +04:00
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
if (sid1->sid_rev_num != sid2->sid_rev_num)
- fixed the sort_acl bug, sorting now works right - don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-02-23 10:20:11 +03:00
return sid1->sid_rev_num - sid2->sid_rev_num;
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
for (i = 0; i < 6; i++)
if (sid1->id_auth[i] != sid2->id_auth[i])
- fixed the sort_acl bug, sorting now works right - don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-02-23 10:20:11 +03:00
return sid1->id_auth[i] - sid2->id_auth[i];
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
- fixed the sort_acl bug, sorting now works right - don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-02-23 10:20:11 +03:00
return 0;
}
/*****************************************************************
Compare two sids.
*****************************************************************/
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
put sid_to_name behind the winbindd backend interface I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03 14:11:14 +03:00
int sid_compare(const DOM_SID *sid1, const DOM_SID *sid2)
{
int i;
- fixed the sort_acl bug, sorting now works right - don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-02-23 10:20:11 +03:00
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
if (sid1 == sid2)
return 0;
if (!sid1)
return -1;
if (!sid2)
return 1;
put sid_to_name behind the winbindd backend interface I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03 14:11:14 +03:00
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
/* Compare most likely different rids, first: i.e start at end */
put sid_to_name behind the winbindd backend interface I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03 14:11:14 +03:00
if (sid1->num_auths != sid2->num_auths)
return sid1->num_auths - sid2->num_auths;
for (i = sid1->num_auths-1; i >= 0; --i)
if (sid1->sub_auths[i] != sid2->sub_auths[i])
return sid1->sub_auths[i] - sid2->sub_auths[i];
fixed sid_compare_domain() (This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-19 11:37:03 +03:00
return sid_compare_auth(sid1, sid2);
put sid_to_name behind the winbindd backend interface I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03 14:11:14 +03:00
}
fixed sid_compare_domain() (This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-19 11:37:03 +03:00
/*****************************************************************
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
See if 2 SIDs are in the same domain
this just compares the leading sub-auths
fixed sid_compare_domain() (This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-19 11:37:03 +03:00
*****************************************************************/
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
fixed sid_compare_domain() (This used to be commit c11c27b2812ceb06a52afbb7662f82a8676b1707)
2001-12-19 11:37:03 +03:00
int sid_compare_domain(const DOM_SID *sid1, const DOM_SID *sid2)
{
int n, i;
n = MIN(sid1->num_auths, sid2->num_auths);
for (i = n-1; i >= 0; --i)
if (sid1->sub_auths[i] != sid2->sub_auths[i])
return sid1->sub_auths[i] - sid2->sub_auths[i];
return sid_compare_auth(sid1, sid2);
}
put sid_to_name behind the winbindd backend interface I spent quite a while trying to work out how to make this call via ldap and failed. I then found that MS servers seem use rpc for sid_to_name, and it works even when in native mode, I ended up just implementing it via rpc (This used to be commit 789833b44e342c0b5de463ed8f9b5f7474a99f27)
2001-12-03 14:11:14 +03:00
/*****************************************************************
Compare two sids.
*****************************************************************/
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
- fixed the sort_acl bug, sorting now works right - don't allow setting of duplicate ACEs - fixed a ACE delete bug (This used to be commit 61293979ce2aded58a5ef2a54b3b05d1d278f7cf)
2001-02-23 10:20:11 +03:00
BOOL sid_equal(const DOM_SID *sid1, const DOM_SID *sid2)
{
return sid_compare(sid1, sid2) == 0;
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
}
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
/*****************************************************************
Calculates size of a sid.
*****************************************************************/
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-10-01 22:26:00 +04:00
size_t sid_size(const DOM_SID *sid)
first pass at updating head branch to be to be the same as the SAMBA_2_0 branch (This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-13 16:27:58 +03:00
{
if (sid == NULL)
return 0;
return sid->num_auths * sizeof(uint32) + 8;
doing a code reshuffle. want to add code to establish trust relationships. (This used to be commit 3ec269b402ba6898d905ea1029c427e1b645faf4)
1999-11-20 22:43:37 +03:00
}
Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set. Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)
2001-09-22 10:45:24 +04:00
/*****************************************************************
Returns true if SID is internal (and non-mappable).
*****************************************************************/
BOOL non_mappable_sid(DOM_SID *sid)
{
DOM_SID dom;
uint32 rid;
sid_copy(&dom, sid);
sid_split_rid(&dom, &rid);
if (sid_equal(&dom, &global_sid_Builtin))
return True;
if (sid_equal(&dom, &global_sid_NT_Authority))
return True;
return False;
}
make sid_binstring available without HAVE_ADS (This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-10 03:39:01 +03:00
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
/*****************************************************************
Return the binary string representation of a DOM_SID.
Caller must free.
*****************************************************************/
syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f)
2002-10-01 22:26:00 +04:00
char *sid_binstring(const DOM_SID *sid)
r15305: Let winbind search by sid directly (or in windows terms: "bind to a sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2006-04-28 18:44:43 +04:00
{
char *buf, *s;
int len = sid_size(sid);
r17316: More C++ warnings -- 456 left (This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2006-07-30 20:36:56 +04:00
buf = (char *)SMB_MALLOC(len);
r15305: Let winbind search by sid directly (or in windows terms: "bind to a sid"); works in all AD versions I tested. Also add "net ads sid" search tool. Guenther (This used to be commit 5557ada6943b817d28a5471c613c7291febe2ad5)
2006-04-28 18:44:43 +04:00
if (!buf)
return NULL;
sid_linearize(buf, len, sid);
s = binary_string_rfc2254(buf, len);
free(buf);
return s;
}
/*****************************************************************
Return the binary string representation of a DOM_SID.
Caller must free.
*****************************************************************/
char *sid_binstring_hex(const DOM_SID *sid)
make sid_binstring available without HAVE_ADS (This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-10 03:39:01 +03:00
{
char *buf, *s;
int len = sid_size(sid);
r17316: More C++ warnings -- 456 left (This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2006-07-30 20:36:56 +04:00
buf = (char *)SMB_MALLOC(len);
First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>. This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-23 05:22:32 +04:00
if (!buf)
return NULL;
make sid_binstring available without HAVE_ADS (This used to be commit 4a6d29768665f71b72cf48ee34ee9a9c451232f6)
2001-12-10 03:39:01 +03:00
sid_linearize(buf, len, sid);
s = binary_string(buf, len);
free(buf);
return s;
}
Merge HEAD's winbind into 3.0. This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-23 15:54:56 +04:00
/*******************************************************************
Tallocs a duplicate SID.
********************************************************************/
split some security related functions in their own files. (no need to include all of smbd files to use some basic sec functions) also minor compile fixes couldn't compile to test these due to some kerberos problems wirh 3.0, but on HEAD they're working well, so I suppose it's ok to commit (This used to be commit c78f2d0bd15ecd2ba643bb141cc35a3405787aa1)
2003-10-06 05:38:46 +04:00
DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
Merge HEAD's winbind into 3.0. This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-23 15:54:56 +04:00
{
DOM_SID *dst;
if(!src)
return NULL;
r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2004-12-07 21:25:53 +03:00
if((dst = TALLOC_ZERO_P(ctx, DOM_SID)) != NULL) {
Merge HEAD's winbind into 3.0. This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code, the winbind_idmap abstraction (not idmap proper, but the stuff that held up the winbind LDAP backend in HEAD). Andrew Bartlett (This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
2003-04-23 15:54:56 +04:00
sid_copy( dst, src);
}
return dst;
}
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
/********************************************************************
Add SID to an array SIDs
********************************************************************/
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
BOOL add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2005-10-18 07:24:00 +04:00
DOM_SID **sids, size_t *num)
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
{
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
*sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID,
r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f)
2005-03-27 20:33:04 +04:00
(*num)+1);
r13915: Fixed a very interesting class of realloc() bugs found by Coverity. realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 09:31:04 +03:00
if (*sids == NULL) {
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
*num = 0;
return False;
r13915: Fixed a very interesting class of realloc() bugs found by Coverity. realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 09:31:04 +03:00
}
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
sid_copy(&((*sids)[*num]), sid);
*num += 1;
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
return True;
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
}
/********************************************************************
Add SID to an array SIDs ensuring that it is not already there
********************************************************************/
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
BOOL add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2005-10-18 07:24:00 +04:00
DOM_SID **sids, size_t *num_sids)
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
{
r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2005-10-18 07:24:00 +04:00
size_t i;
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
for (i=0; i<(*num_sids); i++) {
if (sid_compare(sid, &(*sids)[i]) == 0)
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
return True;
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
}
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
return add_sid_to_array(mem_ctx, sid, sids, num_sids);
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
}
/********************************************************************
Remove SID from an array
********************************************************************/
r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2005-10-18 07:24:00 +04:00
void del_sid_from_array(const DOM_SID *sid, DOM_SID **sids, size_t *num)
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
{
DOM_SID *sid_list = *sids;
r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2005-10-18 07:24:00 +04:00
size_t i;
r4724: Add support for Windows privileges in Samba 3.0 (based on Simo's code in trunk). Rewritten with the following changes: * privilege set is based on a 32-bit mask instead of strings (plans are to extend this to a 64 or 128-bit mask before the next 3.0.11preX release). * Remove the privilege code from the passdb API (replication to come later) * Only support the minimum amount of privileges that make sense. * Rewrite the domain join checks to use the SeMachineAccountPrivilege instead of the 'is a member of "Domain Admins"?' check that started all this. Still todo: * Utilize the SePrintOperatorPrivilege in addition to the 'printer admin' parameter * Utilize the SeAddUserPrivilege for adding users and groups * Fix some of the hard coded _lsa_*() calls * Start work on enough of SAM replication to get privileges from one Samba DC to another. * Come up with some management tool for manipultaing privileges instead of user manager since it is buggy when run on a 2k client (haven't tried xp). Works ok on NT4. (This used to be commit 77c10ff9aa6414a31eece6dfec00793f190a9d6c)
2005-01-13 21:20:37 +03:00
for ( i=0; i<*num; i++ ) {
/* if we find the SID, then decrement the count
and break out of the loop */
if ( sid_equal(sid, &sid_list[i]) ) {
*num -= 1;
break;
}
}
/* This loop will copy the remainder of the array
if i < num of sids ni the array */
for ( ; i<*num; i++ )
sid_copy( &sid_list[i], &sid_list[i+1] );
return;
}
r13024: Add is_null_sid. GUenther (This used to be commit 3a6e41a0cb2872a656ea79c8d4fc4b8bce436492)
2006-01-19 03:03:07 +03:00
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
BOOL add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
r16350: Fix the build. GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2006-06-19 20:25:19 +04:00
uint32 rid, uint32 **pp_rids, size_t *p_num)
{
size_t i;
for (i=0; i<*p_num; i++) {
if ((*pp_rids)[i] == rid)
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
return True;
r16350: Fix the build. GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2006-06-19 20:25:19 +04:00
}
*pp_rids = TALLOC_REALLOC_ARRAY(mem_ctx, *pp_rids, uint32, *p_num+1);
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
if (*pp_rids == NULL) {
*p_num = 0;
return False;
}
r16350: Fix the build. GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2006-06-19 20:25:19 +04:00
(*pp_rids)[*p_num] = rid;
*p_num += 1;
r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
2006-12-09 05:58:18 +03:00
return True;
r16350: Fix the build. GUenther (This used to be commit 3203ce3b49e6f21ed690e9d7393e98419de54c27)
2006-06-19 20:25:19 +04:00
}
r13024: Add is_null_sid. GUenther (This used to be commit 3a6e41a0cb2872a656ea79c8d4fc4b8bce436492)
2006-01-19 03:03:07 +03:00
BOOL is_null_sid(const DOM_SID *sid)
{
static const DOM_SID null_sid = {0};
return sid_equal(sid, &null_sid);
}
Copy Permalink