sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

* make sure we only enumerate group mapping entries

Browse Source 
(not /etc/group) even when doing local aliases

* remove "hide local users" parameter; we have this
  behavior built into 3.0
(This used to be commit a7685a069766ac720f0b26fe01b0e17fc388fca3)
This commit is contained in:
Gerald Carter 2003-11-17 16:06:10 +00:00
parent f8350a9b50
commit 4097f5ec8d
3 changed files with 44 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source3/param/loadparm.c
View File

@ -280,7 +280,6 @@ typedef struct
BOOL bDebugPid; BOOL bDebugPid;
BOOL bDebugUid; BOOL bDebugUid;
BOOL bHostMSDfs; BOOL bHostMSDfs;
BOOL bHideLocalUsers;
BOOL bUnicode; BOOL bUnicode;
BOOL bUseMmap; BOOL bUseMmap;
BOOL bHostnameLookups; BOOL bHostnameLookups;
@ -1133,7 +1132,6 @@ static struct parm_struct parm_table[] = {
{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, FLAG_ADVANCED}, {"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, FLAG_ADVANCED},
{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL, NULL, FLAG_ADVANCED},
{N_("VFS module options"), P_SEP, P_SEPARATOR}, {N_("VFS module options"), P_SEP, P_SEPARATOR},
@ -1894,7 +1892,6 @@ FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)
FN_LOCAL_INTEGER(lp_block_size, iBlock_size) FN_LOCAL_INTEGER(lp_block_size, iBlock_size)
FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase) FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout) FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing) FN_GLOBAL_INTEGER(lp_client_signing, &Globals.client_signing)

14
source3/passdb/passdb.c
View File

@ -725,14 +725,6 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
return True; return True;
} }
/*
* Don't try to convert the rid to a name if
* running in appliance mode
*/
if (lp_hide_local_users())
return False;
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) { if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
return False; return False;
} }
@ -852,12 +844,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
return True; return True;
} }
/*
* Don't lookup local unix users if running in appliance mode
*/
if (lp_hide_local_users())
return False;
(void)map_username(user); (void)map_username(user);
if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) { if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {

179
source3/rpc_server/srv_samr_nt.c
View File

@ -875,140 +875,11 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST
/******************************************************************* /*******************************************************************
Get the group entries - similar to get_sampwd_entries(). Get the group entries - similar to get_sampwd_entries().
********************************************************************/ ******************************************************************/
static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, static NTSTATUS get_group_entries( enum SID_NAME_USE type, TALLOC_CTX *ctx,
uint32 *p_num_entries, uint32 max_entries) DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
{ uint32 *p_num_entries, uint32 max_entries )
fstring sid_str;
uint32 num_entries = 0;
int i;
GROUP_MAP smap;
GROUP_MAP *map = NULL;
sid_to_string(sid_str, sid);
DEBUG(5, ("get_group_alias_entries: enumerating aliases on SID: %s\n", sid_str));
*p_num_entries = 0;
/* well-known aliases */
if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
become_root();
pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED);
unbecome_root();
if (num_entries != 0) {
*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
if (*d_grp==NULL)
return NT_STATUS_NO_MEMORY;
for(i=0; i<num_entries && i<max_entries; i++) {
fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
}
}
SAFE_FREE(map);
} else if (sid_equal(sid, get_global_sam_sid()) && !lp_hide_local_users()) {
struct sys_grent *glist;
struct sys_grent *grp;
gid_t winbind_gid_low, winbind_gid_high;
BOOL winbind_groups_exist = lp_idmap_gid(&winbind_gid_low, &winbind_gid_high);
BOOL ret;
/* local aliases */
/* we return the UNIX groups here. This seems to be the right */
/* thing to do, since NT member servers return their local */
/* groups in the same situation. */
/* use getgrent_list() to retrieve the list of groups to avoid
* problems with getgrent possible infinite loop by internal
* libc grent structures overwrites by called functions */
grp = glist = getgrent_list();
if (grp == NULL)
return NT_STATUS_NO_MEMORY;
for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
uint32 trid;
become_root();
ret = pdb_getgrgid(&smap, grp->gr_gid);
unbecome_root();
if( !ret )
continue;
if (smap.sid_name_use!=SID_NAME_ALIAS) {
continue;
}
sid_split_rid(&smap.sid, &trid);
if (!sid_equal(sid, &smap.sid))
continue;
/* Don't return winbind groups as they are not local! */
if (winbind_groups_exist && (grp->gr_gid >= winbind_gid_low)&&(grp->gr_gid <= winbind_gid_high)) {
DEBUG(10,("get_group_alias_entries: not returing %s, not local.\n", smap.nt_name ));
continue;
}
/* Don't return user private groups... */
if (Get_Pwnam(smap.nt_name) != 0) {
DEBUG(10,("get_group_alias_entries: not returing %s, clashes with user.\n", smap.nt_name ));
continue;
}
for( i = 0; i < num_entries; i++)
if ( (*d_grp)[i].rid == trid )
break;
if ( i < num_entries ) {
continue; /* rid was there, dup! */
}
/* JRA - added this for large group db enumeration... */
if (start_idx > 0) {
/* skip the requested number of entries.
not very efficient, but hey...
*/
start_idx--;
continue;
}
*d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP));
if (*d_grp==NULL) {
grent_free(glist);
return NT_STATUS_NO_MEMORY;
}
fstrcpy((*d_grp)[num_entries].name, smap.nt_name);
(*d_grp)[num_entries].rid = trid;
num_entries++;
DEBUG(10,("get_group_alias_entries: added entry %d, rid:%d\n", num_entries, trid));
}
grent_free(glist);
}
*p_num_entries = num_entries;
DEBUG(10,("get_group_alias_entries: returning %d entries\n", *p_num_entries));
if (num_entries >= max_entries)
return STATUS_MORE_ENTRIES;
return NT_STATUS_OK;
}
/*******************************************************************
Get the group entries - similar to get_sampwd_entries().
********************************************************************/
static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
uint32 *p_num_entries, uint32 max_entries)
{ {
GROUP_MAP *map=NULL; GROUP_MAP *map=NULL;
int i; int i;
@ -1021,7 +892,7 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
needed for some passdb backends to enumerate groups */ needed for some passdb backends to enumerate groups */
become_root(); become_root();
pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED); pdb_enum_group_mapping(type, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
unbecome_root(); unbecome_root();
num_entries=group_entries-start_idx; num_entries=group_entries-start_idx;
@ -1042,13 +913,51 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name); fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment); fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment);
sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid); sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
(*d_grp)[i].attr=SID_NAME_DOM_GRP; (*d_grp)[i].attr=type;
} }
SAFE_FREE(map); SAFE_FREE(map);
*p_num_entries = num_entries; *p_num_entries = num_entries;
DEBUG(10,("get_group_entries: returning %d entries\n", *p_num_entries));
return NT_STATUS_OK;
}
/*******************************************************************
Wrapper for enuemrating domain groups
******************************************************************/
static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
DOM_SID *sid, uint32 start_idx,
uint32 *p_num_entries, uint32 max_entries )
{
return get_group_entries( SID_NAME_DOM_GRP, ctx, d_grp, sid, start_idx,
p_num_entries, max_entries );
}
/*******************************************************************
Wrapper for enumerating local groups
******************************************************************/
static NTSTATUS get_group_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
DOM_SID *sid, uint32 start_idx,
uint32 *p_num_entries, uint32 max_entries)
{
if ( sid_equal(sid, &global_sid_Builtin) ) {
return get_group_entries( SID_NAME_WKN_GRP, ctx, d_grp,
sid, start_idx, p_num_entries, max_entries );
}
else if ( sid_equal(sid, get_global_sam_sid()) ) {
return get_group_entries( SID_NAME_ALIAS, ctx, d_grp,
sid, start_idx, p_num_entries, max_entries );
}
/* can't do anything with this SID */
*p_num_entries = 0;
return NT_STATUS_OK; return NT_STATUS_OK;
} }