mirror of
https://github.com/samba-team/samba.git
synced 2025-03-09 08:58:35 +03:00
* make sure we only enumerate group mapping entries
(not /etc/group) even when doing local aliases * remove "hide local users" parameter; we have this behavior built into 3.0 (This used to be commit a7685a069766ac720f0b26fe01b0e17fc388fca3)
This commit is contained in:
Gerald Carter
parent
f8350a9b50
commit
4097f5ec8d
@ -280,7 +280,6 @@ typedef struct
|
||||
BOOL bDebugPid;
|
||||
BOOL bDebugUid;
|
||||
BOOL bHostMSDfs;
|
||||
BOOL bHideLocalUsers;
|
||||
BOOL bUnicode;
|
||||
BOOL bUseMmap;
|
||||
BOOL bHostnameLookups;
|
||||
@ -1133,7 +1132,6 @@ static struct parm_struct parm_table[] = {
|
||||
|
||||
{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
|
||||
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, FLAG_ADVANCED},
|
||||
{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL, NULL, FLAG_ADVANCED},
|
||||
|
||||
{N_("VFS module options"), P_SEP, P_SEPARATOR},
|
||||
|
||||
@ -1894,7 +1892,6 @@ FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)
|
||||
FN_LOCAL_INTEGER(lp_block_size, iBlock_size)
|
||||
FN_LOCAL_CHAR(lp_magicchar, magic_char)
|
||||
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
|
||||
FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
|
||||
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
|
||||
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
|
||||
FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)
|
||||
|
||||
@ -725,14 +725,6 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
|
||||
return True;
|
||||
}
|
||||
|
||||
/*
|
||||
* Don't try to convert the rid to a name if
|
||||
* running in appliance mode
|
||||
*/
|
||||
|
||||
if (lp_hide_local_users())
|
||||
return False;
|
||||
|
||||
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
|
||||
return False;
|
||||
}
|
||||
@ -852,12 +844,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
|
||||
return True;
|
||||
}
|
||||
|
||||
/*
|
||||
* Don't lookup local unix users if running in appliance mode
|
||||
*/
|
||||
if (lp_hide_local_users())
|
||||
return False;
|
||||
|
||||
(void)map_username(user);
|
||||
|
||||
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
|
||||
|
||||
@ -875,140 +875,11 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST
|
||||
|
||||
/*******************************************************************
|
||||
Get the group entries - similar to get_sampwd_entries().
|
||||
********************************************************************/
|
||||
******************************************************************/
|
||||
|
||||
static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
|
||||
uint32 *p_num_entries, uint32 max_entries)
|
||||
{
|
||||
fstring sid_str;
|
||||
uint32 num_entries = 0;
|
||||
int i;
|
||||
GROUP_MAP smap;
|
||||
GROUP_MAP *map = NULL;
|
||||
|
||||
sid_to_string(sid_str, sid);
|
||||
DEBUG(5, ("get_group_alias_entries: enumerating aliases on SID: %s\n", sid_str));
|
||||
|
||||
*p_num_entries = 0;
|
||||
|
||||
/* well-known aliases */
|
||||
if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
|
||||
|
||||
become_root();
|
||||
pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED);
|
||||
unbecome_root();
|
||||
|
||||
if (num_entries != 0) {
|
||||
*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
|
||||
if (*d_grp==NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
for(i=0; i<num_entries && i<max_entries; i++) {
|
||||
fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
|
||||
sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
|
||||
|
||||
}
|
||||
}
|
||||
SAFE_FREE(map);
|
||||
|
||||
} else if (sid_equal(sid, get_global_sam_sid()) && !lp_hide_local_users()) {
|
||||
struct sys_grent *glist;
|
||||
struct sys_grent *grp;
|
||||
gid_t winbind_gid_low, winbind_gid_high;
|
||||
BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
|
||||
BOOL ret;
|
||||
|
||||
/* local aliases */
|
||||
/* we return the UNIX groups here. This seems to be the right */
|
||||
/* thing to do, since NT member servers return their local */
|
||||
/* groups in the same situation. */
|
||||
|
||||
/* use getgrent_list() to retrieve the list of groups to avoid
|
||||
* problems with getgrent possible infinite loop by internal
|
||||
* libc grent structures overwrites by called functions */
|
||||
grp = glist = getgrent_list();
|
||||
if (grp == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
|
||||
uint32 trid;
|
||||
|
||||
become_root();
|
||||
ret = pdb_getgrgid(&smap, grp->gr_gid);
|
||||
unbecome_root();
|
||||
if( !ret )
|
||||
continue;
|
||||
|
||||
if (smap.sid_name_use!=SID_NAME_ALIAS) {
|
||||
continue;
|
||||
}
|
||||
|
||||
sid_split_rid(&smap.sid, &trid);
|
||||
|
||||
if (!sid_equal(sid, &smap.sid))
|
||||
continue;
|
||||
|
||||
/* Don't return winbind groups as they are not local! */
|
||||
if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) {
|
||||
DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name ));
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Don't return user private groups... */
|
||||
|
||||
if (Get_Pwnam(smap.nt_name) != 0) {
|
||||
DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name ));
|
||||
continue;
|
||||
}
|
||||
|
||||
for( i = 0; i < num_entries; i++)
|
||||
if ( (*d_grp)[i].rid == trid )
|
||||
break;
|
||||
|
||||
if ( i < num_entries ) {
|
||||
continue; /* rid was there, dup! */
|
||||
}
|
||||
|
||||
/* JRA - added this for large group db enumeration... */
|
||||
|
||||
if (start_idx > 0) {
|
||||
/* skip the requested number of entries.
|
||||
not very efficient, but hey...
|
||||
*/
|
||||
start_idx--;
|
||||
continue;
|
||||
}
|
||||
|
||||
*d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP));
|
||||
if (*d_grp==NULL) {
|
||||
grent_free(glist);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
fstrcpy((*d_grp)[num_entries].name, smap.nt_name);
|
||||
(*d_grp)[num_entries].rid = trid;
|
||||
num_entries++;
|
||||
DEBUG(10,("get_group_alias_entries: added entry %d, rid:%d\n", num_entries, trid));
|
||||
}
|
||||
|
||||
grent_free(glist);
|
||||
}
|
||||
|
||||
*p_num_entries = num_entries;
|
||||
|
||||
DEBUG(10,("get_group_alias_entries: returning %d entries\n", *p_num_entries));
|
||||
|
||||
if (num_entries >= max_entries)
|
||||
return STATUS_MORE_ENTRIES;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Get the group entries - similar to get_sampwd_entries().
|
||||
********************************************************************/
|
||||
|
||||
static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
|
||||
uint32 *p_num_entries, uint32 max_entries)
|
||||
static NTSTATUS get_group_entries( enum SID_NAME_USE type, TALLOC_CTX *ctx,
|
||||
DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
|
||||
uint32 *p_num_entries, uint32 max_entries )
|
||||
{
|
||||
GROUP_MAP *map=NULL;
|
||||
int i;
|
||||
@ -1021,7 +892,7 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
|
||||
needed for some passdb backends to enumerate groups */
|
||||
|
||||
become_root();
|
||||
pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
|
||||
pdb_enum_group_mapping(type, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
|
||||
unbecome_root();
|
||||
|
||||
num_entries=group_entries-start_idx;
|
||||
@ -1042,13 +913,51 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
|
||||
fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
|
||||
fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment);
|
||||
sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
|
||||
(*d_grp)[i].attr=SID_NAME_DOM_GRP;
|
||||
(*d_grp)[i].attr=type;
|
||||
}
|
||||
|
||||
SAFE_FREE(map);
|
||||
|
||||
*p_num_entries = num_entries;
|
||||
|
||||
DEBUG(10,("get_group_entries: returning %d entries\n", *p_num_entries));
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Wrapper for enuemrating domain groups
|
||||
******************************************************************/
|
||||
|
||||
static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
|
||||
DOM_SID *sid, uint32 start_idx,
|
||||
uint32 *p_num_entries, uint32 max_entries )
|
||||
{
|
||||
return get_group_entries( SID_NAME_DOM_GRP, ctx, d_grp, sid, start_idx,
|
||||
p_num_entries, max_entries );
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
Wrapper for enumerating local groups
|
||||
******************************************************************/
|
||||
|
||||
static NTSTATUS get_group_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
|
||||
DOM_SID *sid, uint32 start_idx,
|
||||
uint32 *p_num_entries, uint32 max_entries)
|
||||
{
|
||||
if ( sid_equal(sid, &global_sid_Builtin) ) {
|
||||
return get_group_entries( SID_NAME_WKN_GRP, ctx, d_grp,
|
||||
sid, start_idx, p_num_entries, max_entries );
|
||||
}
|
||||
else if ( sid_equal(sid, get_global_sam_sid()) ) {
|
||||
return get_group_entries( SID_NAME_ALIAS, ctx, d_grp,
|
||||
sid, start_idx, p_num_entries, max_entries );
|
||||
}
|
||||
|
||||
/* can't do anything with this SID */
|
||||
|
||||
*p_num_entries = 0;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user