mirror of
https://github.com/samba-team/samba.git
synced 2025-03-27 22:50:26 +03:00
s3-group-mapping: Remove fstrings from GROUP_MAP.
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104
This commit is contained in:
Simo Sorce
Günther Deschner
parent
fc320551d8
commit
995d156726
@ -51,24 +51,48 @@ initialise first time the mapping list
|
||||
****************************************************************************/
|
||||
NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
NTSTATUS status;
|
||||
GROUP_MAP *map;
|
||||
|
||||
if(!init_group_mapping()) {
|
||||
DEBUG(0,("failed to initialize group mapping\n"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
map.gid=gid;
|
||||
if (!string_to_sid(&map.sid, sid)) {
|
||||
DEBUG(0, ("string_to_sid failed: %s", sid));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
map.sid_name_use=sid_name_use;
|
||||
fstrcpy(map.nt_name, nt_name);
|
||||
fstrcpy(map.comment, comment);
|
||||
map->gid=gid;
|
||||
if (!string_to_sid(&map->sid, sid)) {
|
||||
DEBUG(0, ("string_to_sid failed: %s", sid));
|
||||
status = NT_STATUS_UNSUCCESSFUL;
|
||||
goto done;
|
||||
}
|
||||
|
||||
return pdb_add_group_mapping_entry(&map);
|
||||
map->sid_name_use=sid_name_use;
|
||||
map->nt_name = talloc_strdup(map, nt_name);
|
||||
if (!map->nt_name) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (comment) {
|
||||
map->comment = talloc_strdup(map, comment);
|
||||
} else {
|
||||
map->comment = talloc_strdup(map, "");
|
||||
}
|
||||
if (!map->comment) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = pdb_add_group_mapping_entry(map);
|
||||
|
||||
done:
|
||||
TALLOC_FREE(map);
|
||||
return status;
|
||||
}
|
||||
|
||||
static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members,
|
||||
@ -133,8 +157,14 @@ bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map)
|
||||
sid_peek_rid( &sid, &rid );
|
||||
|
||||
if ( rid == DOMAIN_RID_USERS ) {
|
||||
fstrcpy( map->nt_name, "None" );
|
||||
fstrcpy( map->comment, "Ordinary Users" );
|
||||
map->nt_name = talloc_strdup(map, "None");
|
||||
if (!map->nt_name) {
|
||||
return false;
|
||||
}
|
||||
map->comment = talloc_strdup(map, "Ordinary Users");
|
||||
if (!map->comment) {
|
||||
return false;
|
||||
}
|
||||
sid_copy( &map->sid, &sid );
|
||||
map->sid_name_use = SID_NAME_DOM_GRP;
|
||||
map->gid = (gid_t)-1;
|
||||
@ -453,9 +483,11 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
|
||||
}
|
||||
|
||||
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
|
||||
const struct dom_sid *sid, enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap, size_t *p_num_entries,
|
||||
bool unix_only)
|
||||
const struct dom_sid *sid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only)
|
||||
{
|
||||
if (!init_group_mapping()) {
|
||||
DEBUG(0,("failed to initialize group mapping\n"));
|
||||
@ -473,7 +505,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
|
||||
uint32 new_rid;
|
||||
gid_t gid;
|
||||
bool exists;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
TALLOC_CTX *mem_ctx;
|
||||
NTSTATUS status;
|
||||
|
||||
@ -486,15 +518,16 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
|
||||
|
||||
exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
|
||||
NULL, NULL, &sid, &type);
|
||||
TALLOC_FREE(mem_ctx);
|
||||
|
||||
if (exists) {
|
||||
return NT_STATUS_ALIAS_EXISTS;
|
||||
status = NT_STATUS_ALIAS_EXISTS;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!pdb_new_rid(&new_rid)) {
|
||||
DEBUG(0, ("Could not allocate a RID.\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
sid_compose(&sid, get_global_sam_sid(), new_rid);
|
||||
@ -502,29 +535,46 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
|
||||
if (!winbind_allocate_gid(&gid)) {
|
||||
DEBUG(3, ("Could not get a gid out of winbind - "
|
||||
"wasted a rid :-(\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
|
||||
name, (unsigned int)gid, (unsigned int)new_rid));
|
||||
|
||||
map.gid = gid;
|
||||
sid_copy(&map.sid, &sid);
|
||||
map.sid_name_use = SID_NAME_ALIAS;
|
||||
fstrcpy(map.nt_name, name);
|
||||
fstrcpy(map.comment, "");
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = pdb_add_group_mapping_entry(&map);
|
||||
map->gid = gid;
|
||||
sid_copy(&map->sid, &sid);
|
||||
map->sid_name_use = SID_NAME_ALIAS;
|
||||
map->nt_name = talloc_strdup(map, name);
|
||||
if (!map->nt_name) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
map->comment = talloc_strdup(map, "");
|
||||
if (!map->comment) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = pdb_add_group_mapping_entry(map);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("Could not add group mapping entry for alias %s "
|
||||
"(%s)\n", name, nt_errstr(status)));
|
||||
return status;
|
||||
goto done;
|
||||
}
|
||||
|
||||
*rid = new_rid;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
done:
|
||||
TALLOC_FREE(mem_ctx);
|
||||
return status;
|
||||
}
|
||||
|
||||
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
|
||||
@ -537,44 +587,78 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
|
||||
const struct dom_sid *sid,
|
||||
struct acct_info *info)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
NTSTATUS status = NT_STATUS_OK;
|
||||
GROUP_MAP *map;
|
||||
|
||||
if (!pdb_getgrsid(&map, *sid))
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if ((map.sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map.sid_name_use != SID_NAME_WKN_GRP)) {
|
||||
if (!pdb_getgrsid(map, *sid)) {
|
||||
status = NT_STATUS_NO_SUCH_ALIAS;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((map->sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map->sid_name_use != SID_NAME_WKN_GRP)) {
|
||||
DEBUG(2, ("%s is a %s, expected an alias\n",
|
||||
sid_string_dbg(sid),
|
||||
sid_type_lookup(map.sid_name_use)));
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
sid_type_lookup(map->sid_name_use)));
|
||||
status = NT_STATUS_NO_SUCH_ALIAS;
|
||||
goto done;
|
||||
}
|
||||
|
||||
info->acct_name = talloc_strdup(info, map.nt_name);
|
||||
info->acct_name = talloc_move(info, &map->nt_name);
|
||||
if (!info->acct_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
info->acct_desc = talloc_strdup(info, map.comment);
|
||||
info->acct_desc = talloc_move(info, &map->comment);
|
||||
if (!info->acct_desc) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
sid_peek_rid(&map.sid, &info->rid);
|
||||
return NT_STATUS_OK;
|
||||
sid_peek_rid(&map->sid, &info->rid);
|
||||
|
||||
done:
|
||||
TALLOC_FREE(map);
|
||||
return status;
|
||||
}
|
||||
|
||||
NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
|
||||
const struct dom_sid *sid,
|
||||
struct acct_info *info)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
NTSTATUS status = NT_STATUS_OK;
|
||||
GROUP_MAP *map;
|
||||
|
||||
if (!pdb_getgrsid(&map, *sid))
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
fstrcpy(map.nt_name, info->acct_name);
|
||||
fstrcpy(map.comment, info->acct_desc);
|
||||
if (!pdb_getgrsid(map, *sid)) {
|
||||
status = NT_STATUS_NO_SUCH_ALIAS;
|
||||
goto done;
|
||||
}
|
||||
|
||||
return pdb_update_group_mapping_entry(&map);
|
||||
map->nt_name = talloc_strdup(map, info->acct_name);
|
||||
if (!map->nt_name) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
map->comment = talloc_strdup(map, info->acct_desc);
|
||||
if (!map->comment) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = pdb_update_group_mapping_entry(map);
|
||||
|
||||
done:
|
||||
TALLOC_FREE(map);
|
||||
return status;
|
||||
}
|
||||
|
||||
NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
|
||||
@ -715,11 +799,9 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid)
|
||||
struct dom_sid sid;
|
||||
enum lsa_SidType type;
|
||||
gid_t gid;
|
||||
GROUP_MAP map;
|
||||
TALLOC_CTX *mem_ctx;
|
||||
GROUP_MAP *map;
|
||||
NTSTATUS status;
|
||||
const char *name = NULL;
|
||||
fstring groupname;
|
||||
|
||||
DEBUG(10, ("Trying to create builtin alias %d\n", rid));
|
||||
|
||||
@ -727,40 +809,48 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid)
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
}
|
||||
|
||||
if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
|
||||
/* use map as overall temp mem context */
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) {
|
||||
TALLOC_FREE( mem_ctx );
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
if (!lookup_sid(map, &sid, NULL, &name, &type)) {
|
||||
status = NT_STATUS_NO_SUCH_ALIAS;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* validate RID so copy the name and move on */
|
||||
|
||||
fstrcpy( groupname, name );
|
||||
TALLOC_FREE( mem_ctx );
|
||||
|
||||
if (!winbind_allocate_gid(&gid)) {
|
||||
DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n"));
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid));
|
||||
DEBUG(10, ("Creating alias %s with gid %u\n", name, (unsigned)gid));
|
||||
|
||||
map.gid = gid;
|
||||
sid_copy(&map.sid, &sid);
|
||||
map.sid_name_use = SID_NAME_ALIAS;
|
||||
strlcpy(map.nt_name, groupname, sizeof(map.nt_name));
|
||||
strlcpy(map.comment, "", sizeof(map.comment));
|
||||
map->gid = gid;
|
||||
sid_copy(&map->sid, &sid);
|
||||
map->sid_name_use = SID_NAME_ALIAS;
|
||||
map->nt_name = talloc_strdup(map, name);
|
||||
if (!map->nt_name) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
map->comment = talloc_strdup(map, "");
|
||||
if (!map->comment) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = pdb_add_group_mapping_entry(&map);
|
||||
status = pdb_add_group_mapping_entry(map);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
|
||||
"(%s)\n", rid, nt_errstr(status)));
|
||||
}
|
||||
|
||||
done:
|
||||
TALLOC_FREE(map);
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
@ -45,7 +45,7 @@ struct mapping_backend {
|
||||
bool (*get_group_map_from_ntname)(const char *name, GROUP_MAP *map);
|
||||
bool (*group_map_remove)(const struct dom_sid *sid);
|
||||
bool (*enum_group_mapping)(const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries, bool unix_only);
|
||||
NTSTATUS (*one_alias_membership)(const struct dom_sid *member,
|
||||
struct dom_sid **sids, size_t *num);
|
||||
|
||||
@ -34,7 +34,7 @@ static struct db_context *db; /* used for driver files */
|
||||
|
||||
static bool enum_group_mapping(const struct dom_sid *domsid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only);
|
||||
static bool group_map_remove(const struct dom_sid *sid);
|
||||
@ -175,6 +175,8 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
|
||||
char *key;
|
||||
int ret = 0;
|
||||
NTSTATUS status;
|
||||
fstring nt_name;
|
||||
fstring comment;
|
||||
|
||||
/* the key is the SID, retrieving is direct */
|
||||
|
||||
@ -191,7 +193,7 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
|
||||
|
||||
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
|
||||
&map->gid, &map->sid_name_use,
|
||||
&map->nt_name, &map->comment);
|
||||
&nt_name, &comment);
|
||||
|
||||
TALLOC_FREE(key);
|
||||
|
||||
@ -202,6 +204,15 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
|
||||
|
||||
sid_copy(&map->sid, &sid);
|
||||
|
||||
map->nt_name = talloc_strdup(map, nt_name);
|
||||
if (!map->nt_name) {
|
||||
return false;
|
||||
}
|
||||
map->comment = talloc_strdup(map, comment);
|
||||
if (!map->comment) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -209,6 +220,9 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map)
|
||||
{
|
||||
TDB_DATA key = dbwrap_record_get_key(rec);
|
||||
TDB_DATA value = dbwrap_record_get_value(rec);
|
||||
int ret = 0;
|
||||
fstring nt_name;
|
||||
fstring comment;
|
||||
|
||||
if ((key.dsize < strlen(GROUP_PREFIX))
|
||||
|| (strncmp((char *)key.dptr, GROUP_PREFIX,
|
||||
@ -221,9 +235,25 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map)
|
||||
return False;
|
||||
}
|
||||
|
||||
return tdb_unpack(value.dptr, value.dsize, "ddff",
|
||||
&map->gid, &map->sid_name_use, &map->nt_name,
|
||||
&map->comment) != -1;
|
||||
ret = tdb_unpack(value.dptr, value.dsize, "ddff",
|
||||
&map->gid, &map->sid_name_use,
|
||||
&nt_name, &comment);
|
||||
|
||||
if (ret == -1) {
|
||||
DEBUG(3, ("dbrec2map: tdb_unpack failure\n"));
|
||||
return false;
|
||||
}
|
||||
|
||||
map->nt_name = talloc_strdup(map, nt_name);
|
||||
if (!map->nt_name) {
|
||||
return false;
|
||||
}
|
||||
map->comment = talloc_strdup(map, comment);
|
||||
if (!map->comment) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
struct find_map_state {
|
||||
@ -323,55 +353,67 @@ struct enum_map_state {
|
||||
bool unix_only;
|
||||
|
||||
size_t num_maps;
|
||||
GROUP_MAP *maps;
|
||||
GROUP_MAP **maps;
|
||||
};
|
||||
|
||||
static int collect_map(struct db_record *rec, void *private_data)
|
||||
{
|
||||
struct enum_map_state *state = (struct enum_map_state *)private_data;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *tmp;
|
||||
GROUP_MAP *map;
|
||||
GROUP_MAP **tmp;
|
||||
|
||||
if (!dbrec2map(rec, &map)) {
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
DEBUG(0, ("Unable to allocate group map!\n"));
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!dbrec2map(rec, map)) {
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
/* list only the type or everything if UNKNOWN */
|
||||
if (state->sid_name_use != SID_NAME_UNKNOWN
|
||||
&& state->sid_name_use != map.sid_name_use) {
|
||||
&& state->sid_name_use != map->sid_name_use) {
|
||||
DEBUG(11,("enum_group_mapping: group %s is not of the "
|
||||
"requested type\n", map.nt_name));
|
||||
"requested type\n", map->nt_name));
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((state->unix_only == ENUM_ONLY_MAPPED) && (map.gid == -1)) {
|
||||
if ((state->unix_only == ENUM_ONLY_MAPPED) && (map->gid == -1)) {
|
||||
DEBUG(11,("enum_group_mapping: group %s is non mapped\n",
|
||||
map.nt_name));
|
||||
map->nt_name));
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if ((state->domsid != NULL) &&
|
||||
(dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
|
||||
(dom_sid_compare_domain(state->domsid, &map->sid) != 0)) {
|
||||
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
|
||||
sid_string_dbg(&map.sid)));
|
||||
sid_string_dbg(&map->sid)));
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!(tmp = SMB_REALLOC_ARRAY(state->maps, GROUP_MAP,
|
||||
state->num_maps+1))) {
|
||||
tmp = talloc_realloc(NULL, state->maps, GROUP_MAP *,
|
||||
state->num_maps + 1);
|
||||
if (!tmp) {
|
||||
DEBUG(0,("enum_group_mapping: Unable to enlarge group "
|
||||
"map!\n"));
|
||||
TALLOC_FREE(map);
|
||||
return 1;
|
||||
}
|
||||
|
||||
state->maps = tmp;
|
||||
state->maps[state->num_maps] = map;
|
||||
state->maps[state->num_maps] = talloc_move(state->maps, &map);
|
||||
state->num_maps++;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool enum_group_mapping(const struct dom_sid *domsid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries, bool unix_only)
|
||||
{
|
||||
struct enum_map_state state;
|
||||
@ -385,6 +427,7 @@ static bool enum_group_mapping(const struct dom_sid *domsid,
|
||||
|
||||
status = dbwrap_traverse_read(db, collect_map, (void *)&state, NULL);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
TALLOC_FREE(state.maps);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -479,7 +522,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe
|
||||
|
||||
static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
char *key;
|
||||
fstring string_sid;
|
||||
char *new_memberstring;
|
||||
@ -487,12 +530,23 @@ static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *
|
||||
NTSTATUS status;
|
||||
TDB_DATA value;
|
||||
|
||||
if (!get_group_map_from_sid(*alias, &map))
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
map = talloc_zero(talloc_tos(), GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if ( (map.sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map.sid_name_use != SID_NAME_WKN_GRP) )
|
||||
if (!get_group_map_from_sid(*alias, map)) {
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
}
|
||||
|
||||
if ((map->sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map->sid_name_use != SID_NAME_WKN_GRP)) {
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
if (is_aliasmem(alias, member))
|
||||
return NT_STATUS_MEMBER_IN_ALIAS;
|
||||
@ -629,15 +683,26 @@ static int collect_aliasmem(struct db_record *rec, void *priv)
|
||||
static NTSTATUS enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
|
||||
struct dom_sid **sids, size_t *num)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct aliasmem_state state;
|
||||
|
||||
if (!get_group_map_from_sid(*alias, &map))
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
map = talloc_zero(talloc_tos(), GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if ( (map.sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map.sid_name_use != SID_NAME_WKN_GRP) )
|
||||
if (!get_group_map_from_sid(*alias, map)) {
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
}
|
||||
|
||||
if ((map->sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map->sid_name_use != SID_NAME_WKN_GRP)) {
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_NO_SUCH_ALIAS;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
*sids = NULL;
|
||||
*num = 0;
|
||||
@ -774,7 +839,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
|
||||
TDB_DATA data, void *ptr)
|
||||
{
|
||||
TALLOC_CTX *tmp_ctx = talloc_tos();
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map = NULL;
|
||||
uint8_t *p;
|
||||
uint32_t format;
|
||||
uint32_t num_el;
|
||||
@ -839,7 +904,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ZERO_STRUCT(map);
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
errno = ENOMEM;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
for (i = 0; i < num_el; i++) {
|
||||
uint32_t num_vals;
|
||||
@ -896,28 +965,34 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
|
||||
/* we ignore unknown or uninteresting attributes
|
||||
* (objectclass, etc.) */
|
||||
if (strcasecmp_m(name, "gidNumber") == 0) {
|
||||
map.gid = strtoul(val, &q, 10);
|
||||
map->gid = strtoul(val, &q, 10);
|
||||
if (*q) {
|
||||
errno = EIO;
|
||||
goto failed;
|
||||
}
|
||||
} else if (strcasecmp_m(name, "sid") == 0) {
|
||||
if (!string_to_sid(&map.sid, val)) {
|
||||
if (!string_to_sid(&map->sid, val)) {
|
||||
errno = EIO;
|
||||
goto failed;
|
||||
}
|
||||
} else if (strcasecmp_m(name, "sidNameUse") == 0) {
|
||||
map.sid_name_use = strtoul(val, &q, 10);
|
||||
map->sid_name_use = strtoul(val, &q, 10);
|
||||
if (*q) {
|
||||
errno = EIO;
|
||||
goto failed;
|
||||
}
|
||||
} else if (strcasecmp_m(name, "ntname") == 0) {
|
||||
strlcpy(map.nt_name, val,
|
||||
sizeof(map.nt_name));
|
||||
map->nt_name = talloc_strdup(map, val);
|
||||
if (!map->nt_name) {
|
||||
errno = ENOMEM;
|
||||
goto failed;
|
||||
}
|
||||
} else if (strcasecmp_m(name, "comment") == 0) {
|
||||
strlcpy(map.comment, val,
|
||||
sizeof(map.comment));
|
||||
map->comment = talloc_strdup(map, val);
|
||||
if (!map->comment) {
|
||||
errno = ENOMEM;
|
||||
goto failed;
|
||||
}
|
||||
} else if (strcasecmp_m(name, "member") == 0) {
|
||||
if (!string_to_sid(&members[j], val)) {
|
||||
errno = EIO;
|
||||
@ -931,7 +1006,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
|
||||
TALLOC_FREE(name);
|
||||
}
|
||||
|
||||
if (!add_mapping_entry(&map, 0)) {
|
||||
if (!add_mapping_entry(map, 0)) {
|
||||
errno = EIO;
|
||||
goto failed;
|
||||
}
|
||||
@ -939,7 +1014,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
|
||||
if (num_mem) {
|
||||
for (j = 0; j < num_mem; j++) {
|
||||
NTSTATUS status;
|
||||
status = add_aliasmem(&map.sid, &members[j]);
|
||||
status = add_aliasmem(&map->sid, &members[j]);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
errno = EIO;
|
||||
goto failed;
|
||||
@ -952,9 +1027,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
|
||||
remaining));
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
|
||||
failed:
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@ -46,9 +46,11 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
|
||||
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
|
||||
struct dom_sid sid);
|
||||
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
|
||||
const struct dom_sid *sid, enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap, size_t *p_num_entries,
|
||||
bool unix_only);
|
||||
const struct dom_sid *sid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only);
|
||||
NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
|
||||
const char *name, uint32 *rid);
|
||||
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
|
||||
|
||||
@ -26,8 +26,8 @@ typedef struct _GROUP_MAP {
|
||||
gid_t gid;
|
||||
struct dom_sid sid;
|
||||
enum lsa_SidType sid_name_use;
|
||||
fstring nt_name;
|
||||
fstring comment;
|
||||
char *nt_name;
|
||||
char *comment;
|
||||
} GROUP_MAP;
|
||||
|
||||
#include "groupdb/proto.h"
|
||||
|
||||
@ -375,7 +375,7 @@ struct pdb_methods
|
||||
|
||||
NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods,
|
||||
const struct dom_sid *sid, enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap, size_t *p_num_entries,
|
||||
GROUP_MAP ***pp_rmap, size_t *p_num_entries,
|
||||
bool unix_only);
|
||||
|
||||
NTSTATUS (*enum_group_members)(struct pdb_methods *methods,
|
||||
|
||||
@ -452,7 +452,7 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
|
||||
struct dom_sid member_sid;
|
||||
struct samu *member = NULL;
|
||||
const char *member_dn = NULL;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct group *grp;
|
||||
uint32_t rid;
|
||||
bool is_unix_member = false;
|
||||
@ -508,19 +508,29 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
|
||||
break;
|
||||
}
|
||||
|
||||
if (!get_domain_group_from_sid(group_sid, &map)) {
|
||||
DEBUG(0, ("Could not find global group %s\n",
|
||||
sid_string_dbg(&group_sid)));
|
||||
//return NT_STATUS_NO_SUCH_GROUP;
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!(grp = getgrgid(map.gid))) {
|
||||
DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
|
||||
if (!get_domain_group_from_sid(group_sid, map)) {
|
||||
DEBUG(0, ("Could not find global group %s\n",
|
||||
sid_string_dbg(&group_sid)));
|
||||
//return NT_STATUS_NO_SUCH_GROUP;
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!(grp = getgrgid(map->gid))) {
|
||||
DEBUG(0, ("Could not find unix group %lu\n",
|
||||
(unsigned long)map->gid));
|
||||
//return NT_STATUS_NO_SUCH_GROUP;
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
DEBUG(0,("Group members of %s: ", grp->gr_name));
|
||||
|
||||
if ( !(member = samu_new(talloc_tos())) ) {
|
||||
@ -1348,7 +1358,7 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
|
||||
NTSTATUS status;
|
||||
fstring account;
|
||||
struct samu *sam_account=NULL;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct group *grp;
|
||||
struct dom_sid user_sid;
|
||||
struct dom_sid group_sid;
|
||||
@ -1430,14 +1440,19 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
|
||||
|
||||
group_sid = *pdb_get_group_sid(sam_account);
|
||||
|
||||
if (!pdb_getgrsid(&map, group_sid)) {
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (!pdb_getgrsid(map, group_sid)) {
|
||||
DEBUG(0, ("Primary group of %s has no mapping!\n",
|
||||
pdb_get_username(sam_account)));
|
||||
} else {
|
||||
if (map.gid != passwd->pw_gid) {
|
||||
if (!(grp = getgrgid(map.gid))) {
|
||||
if (map->gid != passwd->pw_gid) {
|
||||
if (!(grp = getgrgid(map->gid))) {
|
||||
DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
|
||||
(unsigned long)map.gid, pdb_get_username(sam_account),
|
||||
(unsigned long)map->gid, pdb_get_username(sam_account),
|
||||
sid_string_dbg(&group_sid)));
|
||||
} else {
|
||||
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
|
||||
@ -1445,6 +1460,8 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
|
||||
}
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
if ( !passwd ) {
|
||||
DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
|
||||
pdb_get_username(sam_account)));
|
||||
@ -1463,14 +1480,12 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
|
||||
{
|
||||
struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
|
||||
NTSTATUS status;
|
||||
fstring name;
|
||||
fstring comment;
|
||||
struct group *grp = NULL;
|
||||
struct dom_sid group_sid;
|
||||
uint32_t rid = 0;
|
||||
struct dom_sid *dom_sid = NULL;
|
||||
fstring sid_string;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
bool insert = true;
|
||||
|
||||
const char *sAMAccountName;
|
||||
@ -1496,23 +1511,43 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
|
||||
return status;
|
||||
}
|
||||
|
||||
fstrcpy(name, sAMAccountName);
|
||||
fstrcpy(comment, description);
|
||||
|
||||
dom_sid_split_rid(mem_ctx, &group_sid, &dom_sid, &rid);
|
||||
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (map == NULL) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
map->nt_name = talloc_strdup(map, sAMAccountName);
|
||||
if (map->nt_name == NULL) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (description) {
|
||||
map->comment = talloc_strdup(map, description);
|
||||
} else {
|
||||
map->comment = talloc_strdup(map, "");
|
||||
}
|
||||
if (map->comment == NULL) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
sid_to_fstring(sid_string, &group_sid);
|
||||
DEBUG(0,("Creating alias[%s] - %s members[%u]\n",
|
||||
name, sid_string, num_members));
|
||||
map->nt_name, sid_string, num_members));
|
||||
|
||||
status = dssync_insert_obj(pctx, pctx->aliases, obj);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (pdb_getgrsid(&map, group_sid)) {
|
||||
if ( map.gid != -1 )
|
||||
grp = getgrgid(map.gid);
|
||||
if (pdb_getgrsid(map, group_sid)) {
|
||||
if (map->gid != -1) {
|
||||
grp = getgrgid(map->gid);
|
||||
}
|
||||
insert = false;
|
||||
}
|
||||
|
||||
@ -1520,22 +1555,27 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
|
||||
gid_t gid;
|
||||
|
||||
/* No group found from mapping, find it from its name. */
|
||||
if ((grp = getgrnam(name)) == NULL) {
|
||||
if ((grp = getgrnam(map->nt_name)) == NULL) {
|
||||
|
||||
/* No appropriate group found, create one */
|
||||
|
||||
DEBUG(0,("Creating unix group: '%s'\n", name));
|
||||
DEBUG(0, ("Creating unix group: '%s'\n",
|
||||
map->nt_name));
|
||||
|
||||
if (smb_create_group(name, &gid) != 0)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
if (smb_create_group(map->nt_name, &gid) != 0) {
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((grp = getgrgid(gid)) == NULL)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
if ((grp = getgrgid(gid)) == NULL) {
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
map.gid = grp->gr_gid;
|
||||
map.sid = group_sid;
|
||||
map->gid = grp->gr_gid;
|
||||
map->sid = group_sid;
|
||||
|
||||
if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
|
||||
/*
|
||||
@ -1543,23 +1583,17 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
|
||||
*
|
||||
* map.sid_name_use = SID_NAME_WKN_GRP;
|
||||
*/
|
||||
map.sid_name_use = SID_NAME_ALIAS;
|
||||
map->sid_name_use = SID_NAME_ALIAS;
|
||||
} else {
|
||||
map.sid_name_use = SID_NAME_ALIAS;
|
||||
map->sid_name_use = SID_NAME_ALIAS;
|
||||
}
|
||||
|
||||
strlcpy(map.nt_name, name, sizeof(map.nt_name));
|
||||
if (description) {
|
||||
strlcpy(map.comment, comment, sizeof(map.comment));
|
||||
if (insert) {
|
||||
pdb_add_group_mapping_entry(map);
|
||||
} else {
|
||||
strlcpy(map.comment, "", sizeof(map.comment));
|
||||
pdb_update_group_mapping_entry(map);
|
||||
}
|
||||
|
||||
if (insert)
|
||||
pdb_add_group_mapping_entry(&map);
|
||||
else
|
||||
pdb_update_group_mapping_entry(&map);
|
||||
|
||||
for (i=0; i < num_members; i++) {
|
||||
struct dssync_passdb_mem *mem;
|
||||
|
||||
@ -1567,11 +1601,15 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
|
||||
true /* active */,
|
||||
&members[i], &mem);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
status = NT_STATUS_OK;
|
||||
|
||||
done:
|
||||
TALLOC_FREE(map);
|
||||
return status;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
@ -1583,12 +1621,10 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
|
||||
{
|
||||
struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
|
||||
NTSTATUS status;
|
||||
fstring name;
|
||||
fstring comment;
|
||||
struct group *grp = NULL;
|
||||
struct dom_sid group_sid;
|
||||
fstring sid_string;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
bool insert = true;
|
||||
|
||||
const char *sAMAccountName;
|
||||
@ -1614,21 +1650,39 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
|
||||
return status;
|
||||
}
|
||||
|
||||
fstrcpy(name, sAMAccountName);
|
||||
fstrcpy(comment, description);
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
map->nt_name = talloc_strdup(map, sAMAccountName);
|
||||
if (!map->nt_name) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
if (description) {
|
||||
map->comment = talloc_strdup(map, description);
|
||||
} else {
|
||||
map->comment = talloc_strdup(map, "");
|
||||
}
|
||||
if (!map->comment) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
sid_to_fstring(sid_string, &group_sid);
|
||||
DEBUG(0,("Creating group[%s] - %s members [%u]\n",
|
||||
name, sid_string, num_members));
|
||||
map->nt_name, sid_string, num_members));
|
||||
|
||||
status = dssync_insert_obj(pctx, pctx->groups, obj);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (pdb_getgrsid(&map, group_sid)) {
|
||||
if ( map.gid != -1 )
|
||||
grp = getgrgid(map.gid);
|
||||
if (pdb_getgrsid(map, group_sid)) {
|
||||
if (map->gid != -1) {
|
||||
grp = getgrgid(map->gid);
|
||||
}
|
||||
insert = false;
|
||||
}
|
||||
|
||||
@ -1636,34 +1690,34 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
|
||||
gid_t gid;
|
||||
|
||||
/* No group found from mapping, find it from its name. */
|
||||
if ((grp = getgrnam(name)) == NULL) {
|
||||
if ((grp = getgrnam(map->nt_name)) == NULL) {
|
||||
|
||||
/* No appropriate group found, create one */
|
||||
|
||||
DEBUG(0,("Creating unix group: '%s'\n", name));
|
||||
DEBUG(0, ("Creating unix group: '%s'\n",
|
||||
map->nt_name));
|
||||
|
||||
if (smb_create_group(name, &gid) != 0)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
if (smb_create_group(map->nt_name, &gid) != 0) {
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((grp = getgrnam(name)) == NULL)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
if ((grp = getgrnam(map->nt_name)) == NULL) {
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
map.gid = grp->gr_gid;
|
||||
map.sid = group_sid;
|
||||
map.sid_name_use = SID_NAME_DOM_GRP;
|
||||
strlcpy(map.nt_name, name, sizeof(map.nt_name));
|
||||
if (description) {
|
||||
strlcpy(map.comment, comment, sizeof(map.comment));
|
||||
} else {
|
||||
strlcpy(map.comment, "", sizeof(map.comment));
|
||||
}
|
||||
map->gid = grp->gr_gid;
|
||||
map->sid = group_sid;
|
||||
map->sid_name_use = SID_NAME_DOM_GRP;
|
||||
|
||||
if (insert)
|
||||
pdb_add_group_mapping_entry(&map);
|
||||
else
|
||||
pdb_update_group_mapping_entry(&map);
|
||||
if (insert) {
|
||||
pdb_add_group_mapping_entry(map);
|
||||
} else {
|
||||
pdb_update_group_mapping_entry(map);
|
||||
}
|
||||
|
||||
for (i=0; i < num_members; i++) {
|
||||
struct dssync_passdb_mem *mem;
|
||||
@ -1672,11 +1726,15 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
|
||||
true /* active */,
|
||||
&members[i], &mem);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
status = NT_STATUS_OK;
|
||||
|
||||
done:
|
||||
TALLOC_FREE(map);
|
||||
return status;
|
||||
}
|
||||
|
||||
/****************************************************************
|
||||
|
||||
@ -301,7 +301,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL;
|
||||
fstring account;
|
||||
struct samu *sam_account=NULL;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map = NULL;
|
||||
struct group *grp;
|
||||
struct dom_sid user_sid;
|
||||
struct dom_sid group_sid;
|
||||
@ -355,14 +355,19 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
|
||||
|
||||
group_sid = *pdb_get_group_sid(sam_account);
|
||||
|
||||
if (!pdb_getgrsid(&map, group_sid)) {
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (!pdb_getgrsid(map, group_sid)) {
|
||||
DEBUG(0, ("Primary group of %s has no mapping!\n",
|
||||
pdb_get_username(sam_account)));
|
||||
} else {
|
||||
if (map.gid != passwd->pw_gid) {
|
||||
if (!(grp = getgrgid(map.gid))) {
|
||||
if (map->gid != passwd->pw_gid) {
|
||||
if (!(grp = getgrgid(map->gid))) {
|
||||
DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
|
||||
(unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
|
||||
(unsigned long)map->gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
|
||||
} else {
|
||||
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
|
||||
}
|
||||
@ -376,6 +381,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
|
||||
|
||||
done:
|
||||
TALLOC_FREE(sam_account);
|
||||
TALLOC_FREE(map);
|
||||
return nt_ret;
|
||||
}
|
||||
|
||||
@ -386,60 +392,65 @@ static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx,
|
||||
uint32_t rid,
|
||||
struct netr_DELTA_GROUP *r)
|
||||
{
|
||||
fstring name;
|
||||
fstring comment;
|
||||
struct group *grp = NULL;
|
||||
struct dom_sid group_sid;
|
||||
fstring sid_string;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
bool insert = true;
|
||||
|
||||
fstrcpy(name, r->group_name.string);
|
||||
fstrcpy(comment, r->description.string);
|
||||
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
/* add the group to the mapping table */
|
||||
sid_compose(&group_sid, get_global_sam_sid(), rid);
|
||||
sid_to_fstring(sid_string, &group_sid);
|
||||
|
||||
if (pdb_getgrsid(&map, group_sid)) {
|
||||
if ( map.gid != -1 )
|
||||
grp = getgrgid(map.gid);
|
||||
if (pdb_getgrsid(map, group_sid)) {
|
||||
if (map->gid != -1) {
|
||||
grp = getgrgid(map->gid);
|
||||
}
|
||||
insert = false;
|
||||
}
|
||||
|
||||
map->nt_name = talloc_strdup(map, r->group_name.string);
|
||||
if (!map->nt_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
map->comment = talloc_strdup(map, r->description.string);
|
||||
if (!map->comment) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (grp == NULL) {
|
||||
gid_t gid;
|
||||
|
||||
/* No group found from mapping, find it from its name. */
|
||||
if ((grp = getgrnam(name)) == NULL) {
|
||||
if ((grp = getgrnam(map->nt_name)) == NULL) {
|
||||
|
||||
/* No appropriate group found, create one */
|
||||
|
||||
d_printf("Creating unix group: '%s'\n", name);
|
||||
d_printf("Creating unix group: '%s'\n", map->nt_name);
|
||||
|
||||
if (smb_create_group(name, &gid) != 0)
|
||||
if (smb_create_group(map->nt_name, &gid) != 0)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
|
||||
if ((grp = getgrnam(name)) == NULL)
|
||||
if ((grp = getgrnam(map->nt_name)) == NULL)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
map.gid = grp->gr_gid;
|
||||
map.sid = group_sid;
|
||||
map.sid_name_use = SID_NAME_DOM_GRP;
|
||||
strlcpy(map.nt_name, name, sizeof(map.nt_name));
|
||||
if (r->description.string) {
|
||||
strlcpy(map.comment, comment, sizeof(map.comment));
|
||||
map->gid = grp->gr_gid;
|
||||
map->sid = group_sid;
|
||||
map->sid_name_use = SID_NAME_DOM_GRP;
|
||||
|
||||
if (insert) {
|
||||
pdb_add_group_mapping_entry(map);
|
||||
} else {
|
||||
strlcpy(map.comment, "", sizeof(map.comment));
|
||||
pdb_update_group_mapping_entry(map);
|
||||
}
|
||||
|
||||
if (insert)
|
||||
pdb_add_group_mapping_entry(&map);
|
||||
else
|
||||
pdb_update_group_mapping_entry(&map);
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
@ -454,7 +465,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
|
||||
char **nt_members = NULL;
|
||||
char **unix_members;
|
||||
struct dom_sid group_sid;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct group *grp;
|
||||
|
||||
if (r->num_rids == 0) {
|
||||
@ -463,16 +474,26 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
|
||||
|
||||
sid_compose(&group_sid, get_global_sam_sid(), rid);
|
||||
|
||||
if (!get_domain_group_from_sid(group_sid, &map)) {
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (!get_domain_group_from_sid(group_sid, map)) {
|
||||
DEBUG(0, ("Could not find global group %d\n", rid));
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
if (!(grp = getgrgid(map.gid))) {
|
||||
DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
|
||||
if (!(grp = getgrgid(map->gid))) {
|
||||
DEBUG(0, ("Could not find unix group %lu\n",
|
||||
(unsigned long)map->gid));
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
d_printf("Group members of %s: ", grp->gr_name);
|
||||
|
||||
if (r->num_rids) {
|
||||
@ -575,56 +596,65 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
|
||||
struct netr_DELTA_ALIAS *r,
|
||||
const struct dom_sid *dom_sid)
|
||||
{
|
||||
fstring name;
|
||||
fstring comment;
|
||||
struct group *grp = NULL;
|
||||
struct dom_sid alias_sid;
|
||||
fstring sid_string;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
bool insert = true;
|
||||
|
||||
fstrcpy(name, r->alias_name.string);
|
||||
fstrcpy(comment, r->description.string);
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* Find out whether the group is already mapped */
|
||||
sid_compose(&alias_sid, dom_sid, rid);
|
||||
sid_to_fstring(sid_string, &alias_sid);
|
||||
|
||||
if (pdb_getgrsid(&map, alias_sid)) {
|
||||
grp = getgrgid(map.gid);
|
||||
if (pdb_getgrsid(map, alias_sid)) {
|
||||
grp = getgrgid(map->gid);
|
||||
insert = false;
|
||||
}
|
||||
|
||||
map->nt_name = talloc_strdup(map, r->alias_name.string);
|
||||
if (!map->nt_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
map->comment = talloc_strdup(map, r->description.string);
|
||||
if (!map->comment) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (grp == NULL) {
|
||||
gid_t gid;
|
||||
|
||||
/* No group found from mapping, find it from its name. */
|
||||
if ((grp = getgrnam(name)) == NULL) {
|
||||
if ((grp = getgrnam(map->nt_name)) == NULL) {
|
||||
/* No appropriate group found, create one */
|
||||
d_printf("Creating unix group: '%s'\n", name);
|
||||
if (smb_create_group(name, &gid) != 0)
|
||||
d_printf("Creating unix group: '%s'\n", map->nt_name);
|
||||
if (smb_create_group(map->nt_name, &gid) != 0)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
if ((grp = getgrgid(gid)) == NULL)
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
}
|
||||
|
||||
map.gid = grp->gr_gid;
|
||||
map.sid = alias_sid;
|
||||
map->gid = grp->gr_gid;
|
||||
map->sid = alias_sid;
|
||||
|
||||
if (dom_sid_equal(dom_sid, &global_sid_Builtin))
|
||||
map.sid_name_use = SID_NAME_WKN_GRP;
|
||||
else
|
||||
map.sid_name_use = SID_NAME_ALIAS;
|
||||
if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
|
||||
map->sid_name_use = SID_NAME_WKN_GRP;
|
||||
} else {
|
||||
map->sid_name_use = SID_NAME_ALIAS;
|
||||
}
|
||||
|
||||
strlcpy(map.nt_name, name, sizeof(map.nt_name));
|
||||
strlcpy(map.comment, comment, sizeof(map.comment));
|
||||
|
||||
if (insert)
|
||||
pdb_add_group_mapping_entry(&map);
|
||||
else
|
||||
pdb_update_group_mapping_entry(&map);
|
||||
if (insert) {
|
||||
pdb_add_group_mapping_entry(map);
|
||||
} else {
|
||||
pdb_update_group_mapping_entry(map);
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
|
||||
@ -1233,20 +1233,25 @@ done:
|
||||
|
||||
static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
union unid_t id;
|
||||
enum lsa_SidType type;
|
||||
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if ((sid_check_is_in_builtin(psid) ||
|
||||
sid_check_is_in_wellknown_domain(psid))) {
|
||||
bool ret;
|
||||
|
||||
become_root();
|
||||
ret = pdb_getgrsid(&map, *psid);
|
||||
ret = pdb_getgrsid(map, *psid);
|
||||
unbecome_root();
|
||||
|
||||
if (ret) {
|
||||
*pgid = map.gid;
|
||||
*pgid = map->gid;
|
||||
goto done;
|
||||
}
|
||||
DEBUG(10,("LEGACY: mapping failed for sid %s\n",
|
||||
@ -1286,6 +1291,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
|
||||
|
||||
store_gid_sid_cache(psid, *pgid);
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@ -591,7 +591,7 @@ bool algorithmic_pdb_rid_is_user(uint32_t rid)
|
||||
bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
|
||||
enum lsa_SidType *type)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
bool ret;
|
||||
|
||||
/* Windows treats "MACHINE\None" as a special name for
|
||||
@ -645,24 +645,32 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
|
||||
* Maybe it is a group ?
|
||||
*/
|
||||
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return false;
|
||||
}
|
||||
|
||||
become_root();
|
||||
ret = pdb_getgrnam(&map, name);
|
||||
ret = pdb_getgrnam(map, name);
|
||||
unbecome_root();
|
||||
|
||||
if (!ret) {
|
||||
TALLOC_FREE(map);
|
||||
return False;
|
||||
}
|
||||
|
||||
/* BUILTIN groups are looked up elsewhere */
|
||||
if (!sid_check_is_in_our_domain(&map.sid)) {
|
||||
if (!sid_check_is_in_our_domain(&map->sid)) {
|
||||
DEBUG(10, ("Found group %s (%s) not in our domain -- "
|
||||
"ignoring.", name, sid_string_dbg(&map.sid)));
|
||||
"ignoring.", name, sid_string_dbg(&map->sid)));
|
||||
TALLOC_FREE(map);
|
||||
return False;
|
||||
}
|
||||
|
||||
/* yes it's a mapped group */
|
||||
sid_peek_rid(&map.sid, rid);
|
||||
*type = map.sid_name_use;
|
||||
sid_peek_rid(&map->sid, rid);
|
||||
*type = map->sid_name_use;
|
||||
TALLOC_FREE(map);
|
||||
return True;
|
||||
}
|
||||
|
||||
|
||||
@ -798,16 +798,14 @@ static NTSTATUS pdb_ads_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
|
||||
if (str == NULL) {
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
fstrcpy(map->nt_name, str);
|
||||
TALLOC_FREE(str);
|
||||
map->nt_name = talloc_move(map, &str);
|
||||
|
||||
str = tldap_talloc_single_attribute(group[0], "description",
|
||||
talloc_tos());
|
||||
if (str != NULL) {
|
||||
fstrcpy(map->comment, str);
|
||||
TALLOC_FREE(str);
|
||||
map->comment = talloc_move(map, &str);
|
||||
} else {
|
||||
map->comment[0] = '\0';
|
||||
map->comment = talloc_strdup(map, "");
|
||||
}
|
||||
|
||||
if (pmsg != NULL) {
|
||||
@ -1017,7 +1015,7 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m,
|
||||
char *filter;
|
||||
struct tldap_message *existing;
|
||||
char *dn;
|
||||
GROUP_MAP existing_map;
|
||||
GROUP_MAP *existing_map;
|
||||
int rc, num_mods = 0;
|
||||
bool ret;
|
||||
NTSTATUS status;
|
||||
@ -1033,8 +1031,15 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m,
|
||||
if (filter == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
status = pdb_ads_getgrfilter(m, &existing_map, filter,
|
||||
|
||||
existing_map = talloc_zero(talloc_tos(), GROUP_MAP);
|
||||
if (!existing_map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
status = pdb_ads_getgrfilter(m, existing_map, filter,
|
||||
talloc_tos(), &existing);
|
||||
TALLOC_FREE(existing_map);
|
||||
TALLOC_FREE(filter);
|
||||
|
||||
if (!tldap_entry_dn(existing, &dn)) {
|
||||
@ -1079,7 +1084,7 @@ static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m,
|
||||
static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m,
|
||||
const struct dom_sid *sid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only)
|
||||
{
|
||||
|
||||
@ -777,32 +777,39 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
|
||||
uint32_t rid)
|
||||
{
|
||||
struct dom_sid group_sid;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
NTSTATUS status;
|
||||
struct group *grp;
|
||||
const char *grp_name;
|
||||
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* coverity */
|
||||
map.gid = (gid_t) -1;
|
||||
map->gid = (gid_t) -1;
|
||||
|
||||
sid_compose(&group_sid, get_global_sam_sid(), rid);
|
||||
|
||||
if (!get_domain_group_from_sid(group_sid, &map)) {
|
||||
if (!get_domain_group_from_sid(group_sid, map)) {
|
||||
DEBUG(10, ("Could not find group for rid %d\n", rid));
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
/* We need the group name for the smb_delete_group later on */
|
||||
|
||||
if (map.gid == (gid_t)-1) {
|
||||
if (map->gid == (gid_t)-1) {
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
grp = getgrgid(map.gid);
|
||||
grp = getgrgid(map->gid);
|
||||
if (grp == NULL) {
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
/* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
|
||||
|
||||
grp_name = talloc_strdup(mem_ctx, grp->gr_name);
|
||||
@ -847,8 +854,11 @@ NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid)
|
||||
return pdb->delete_group_mapping_entry(pdb, sid);
|
||||
}
|
||||
|
||||
bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
|
||||
size_t *p_num_entries, bool unix_only)
|
||||
bool pdb_enum_group_mapping(const struct dom_sid *sid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only)
|
||||
{
|
||||
struct pdb_methods *pdb = pdb_get_methods();
|
||||
return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
|
||||
@ -954,24 +964,31 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
|
||||
{
|
||||
struct dom_sid group_sid, member_sid;
|
||||
struct samu *account = NULL;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct group *grp;
|
||||
struct passwd *pwd;
|
||||
const char *group_name;
|
||||
uid_t uid;
|
||||
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* coverity */
|
||||
map.gid = (gid_t) -1;
|
||||
map->gid = (gid_t) -1;
|
||||
|
||||
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
|
||||
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
|
||||
|
||||
if (!get_domain_group_from_sid(group_sid, &map) ||
|
||||
(map.gid == (gid_t)-1) ||
|
||||
((grp = getgrgid(map.gid)) == NULL)) {
|
||||
if (!get_domain_group_from_sid(group_sid, map) ||
|
||||
(map->gid == (gid_t)-1) ||
|
||||
((grp = getgrgid(map->gid)) == NULL)) {
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
group_name = talloc_strdup(mem_ctx, grp->gr_name);
|
||||
if (group_name == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
@ -1019,21 +1036,28 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
|
||||
{
|
||||
struct dom_sid group_sid, member_sid;
|
||||
struct samu *account = NULL;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct group *grp;
|
||||
struct passwd *pwd;
|
||||
const char *group_name;
|
||||
uid_t uid;
|
||||
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
|
||||
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
|
||||
|
||||
if (!get_domain_group_from_sid(group_sid, &map) ||
|
||||
(map.gid == (gid_t)-1) ||
|
||||
((grp = getgrgid(map.gid)) == NULL)) {
|
||||
if (!get_domain_group_from_sid(group_sid, map) ||
|
||||
(map->gid == (gid_t)-1) ||
|
||||
((grp = getgrgid(map->gid)) == NULL)) {
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
group_name = talloc_strdup(mem_ctx, grp->gr_name);
|
||||
if (group_name == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
@ -1397,14 +1421,21 @@ static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
|
||||
static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
|
||||
struct dom_sid *sid)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
|
||||
if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
|
||||
return False;
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return false;
|
||||
}
|
||||
|
||||
sid_copy(sid, &map.sid);
|
||||
return True;
|
||||
if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) {
|
||||
TALLOC_FREE(map);
|
||||
return false;
|
||||
}
|
||||
|
||||
sid_copy(sid, &map->sid);
|
||||
TALLOC_FREE(map);
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool pdb_default_sid_to_id(struct pdb_methods *methods,
|
||||
@ -1452,21 +1483,28 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
|
||||
if (sid_check_is_in_builtin(sid) ||
|
||||
sid_check_is_in_wellknown_domain(sid)) {
|
||||
/* Here we only have aliases */
|
||||
GROUP_MAP map;
|
||||
if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
|
||||
GROUP_MAP *map;
|
||||
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
ret = false;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
|
||||
DEBUG(10, ("Could not find map for sid %s\n",
|
||||
sid_string_dbg(sid)));
|
||||
goto done;
|
||||
}
|
||||
if ((map.sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map.sid_name_use != SID_NAME_WKN_GRP)) {
|
||||
if ((map->sid_name_use != SID_NAME_ALIAS) &&
|
||||
(map->sid_name_use != SID_NAME_WKN_GRP)) {
|
||||
DEBUG(10, ("Map for sid %s is a %s, expected an "
|
||||
"alias\n", sid_string_dbg(sid),
|
||||
sid_type_lookup(map.sid_name_use)));
|
||||
sid_type_lookup(map->sid_name_use)));
|
||||
goto done;
|
||||
}
|
||||
|
||||
id->gid = map.gid;
|
||||
id->gid = map->gid;
|
||||
*type = SID_NAME_ALIAS;
|
||||
ret = True;
|
||||
goto done;
|
||||
@ -1634,7 +1672,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
|
||||
union unid_t *unix_id)
|
||||
{
|
||||
struct samu *sam_account = NULL;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map = NULL;
|
||||
bool ret;
|
||||
struct dom_sid sid;
|
||||
|
||||
@ -1651,12 +1689,28 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
|
||||
return False;
|
||||
}
|
||||
|
||||
map = talloc_zero(mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/* BEING ROOT BLOCK */
|
||||
become_root();
|
||||
if (pdb_getsampwsid(sam_account, &sid)) {
|
||||
ret = pdb_getsampwsid(sam_account, &sid);
|
||||
if (!ret) {
|
||||
TALLOC_FREE(sam_account);
|
||||
ret = pdb_getgrsid(map, sid);
|
||||
}
|
||||
unbecome_root();
|
||||
/* END BECOME_ROOT BLOCK */
|
||||
|
||||
if (sam_account || !ret) {
|
||||
TALLOC_FREE(map);
|
||||
}
|
||||
|
||||
if (sam_account) {
|
||||
struct passwd *pw;
|
||||
|
||||
unbecome_root(); /* -----> EXIT BECOME_ROOT() */
|
||||
*name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
|
||||
if (!*name) {
|
||||
TALLOC_FREE(sam_account);
|
||||
@ -1678,27 +1732,25 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
|
||||
unix_id->uid = pw->pw_uid;
|
||||
TALLOC_FREE(pw);
|
||||
return True;
|
||||
}
|
||||
TALLOC_FREE(sam_account);
|
||||
|
||||
ret = pdb_getgrsid(&map, sid);
|
||||
unbecome_root();
|
||||
/* END BECOME_ROOT BLOCK */
|
||||
} else if (map && (map->gid != (gid_t)-1)) {
|
||||
|
||||
/* do not resolve SIDs to a name unless there is a valid
|
||||
gid associated with it */
|
||||
/* do not resolve SIDs to a name unless there is a valid
|
||||
gid associated with it */
|
||||
|
||||
if ( ret && (map.gid != (gid_t)-1) ) {
|
||||
*name = talloc_strdup(mem_ctx, map.nt_name);
|
||||
*psid_name_use = map.sid_name_use;
|
||||
*name = talloc_steal(mem_ctx, map->nt_name);
|
||||
*psid_name_use = map->sid_name_use;
|
||||
|
||||
if ( unix_id ) {
|
||||
unix_id->gid = map.gid;
|
||||
unix_id->gid = map->gid;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return True;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
/* Windows will always map RID 513 to something. On a non-domain
|
||||
controller, this gets mapped to SERVER\None. */
|
||||
|
||||
@ -1901,7 +1953,7 @@ static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid,
|
||||
}
|
||||
|
||||
struct group_search {
|
||||
GROUP_MAP *groups;
|
||||
GROUP_MAP **groups;
|
||||
size_t num_groups, current_group;
|
||||
};
|
||||
|
||||
@ -1910,11 +1962,13 @@ static bool next_entry_groups(struct pdb_search *s,
|
||||
{
|
||||
struct group_search *state = (struct group_search *)s->private_data;
|
||||
uint32_t rid;
|
||||
GROUP_MAP *map = &state->groups[state->current_group];
|
||||
GROUP_MAP *map;
|
||||
|
||||
if (state->current_group == state->num_groups)
|
||||
return False;
|
||||
|
||||
map = state->groups[state->current_group];
|
||||
|
||||
sid_peek_rid(&map->sid, &rid);
|
||||
|
||||
fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
|
||||
@ -1927,7 +1981,7 @@ static void search_end_groups(struct pdb_search *search)
|
||||
{
|
||||
struct group_search *state =
|
||||
(struct group_search *)search->private_data;
|
||||
SAFE_FREE(state->groups);
|
||||
TALLOC_FREE(state->groups);
|
||||
}
|
||||
|
||||
static bool pdb_search_grouptype(struct pdb_methods *methods,
|
||||
@ -1936,7 +1990,7 @@ static bool pdb_search_grouptype(struct pdb_methods *methods,
|
||||
{
|
||||
struct group_search *state;
|
||||
|
||||
state = talloc(search, struct group_search);
|
||||
state = talloc_zero(search, struct group_search);
|
||||
if (state == NULL) {
|
||||
DEBUG(0, ("talloc failed\n"));
|
||||
return False;
|
||||
|
||||
@ -2471,7 +2471,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
fstrcpy(map->nt_name, temp);
|
||||
map->nt_name = talloc_strdup(map, temp);
|
||||
if (!map->nt_name) {
|
||||
TALLOC_FREE(ctx);
|
||||
return false;
|
||||
}
|
||||
|
||||
TALLOC_FREE(temp);
|
||||
temp = smbldap_talloc_single_attribute(
|
||||
@ -2487,7 +2491,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
fstrcpy(map->comment, temp);
|
||||
map->comment = talloc_strdup(map, temp);
|
||||
if (!map->comment) {
|
||||
TALLOC_FREE(ctx);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (lp_parm_bool(-1, "ldapsam", "trusted", false)) {
|
||||
store_gid_sid_cache(&map->sid, map->gid);
|
||||
@ -3470,15 +3478,15 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
|
||||
|
||||
static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
|
||||
const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only)
|
||||
{
|
||||
GROUP_MAP map = { 0, };
|
||||
GROUP_MAP *map = NULL;
|
||||
size_t entries = 0;
|
||||
|
||||
*p_num_entries = 0;
|
||||
*pp_rmap = NULL;
|
||||
**pp_rmap = NULL;
|
||||
|
||||
if (!NT_STATUS_IS_OK(ldapsam_setsamgrent(methods, False))) {
|
||||
DEBUG(0, ("ldapsam_enum_group_mapping: Unable to open "
|
||||
@ -3486,31 +3494,44 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
while (NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, &map))) {
|
||||
while (true) {
|
||||
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, map))) {
|
||||
TALLOC_FREE(map);
|
||||
break;
|
||||
}
|
||||
|
||||
if (sid_name_use != SID_NAME_UNKNOWN &&
|
||||
sid_name_use != map.sid_name_use) {
|
||||
sid_name_use != map->sid_name_use) {
|
||||
DEBUG(11,("ldapsam_enum_group_mapping: group %s is "
|
||||
"not of the requested type\n", map.nt_name));
|
||||
"not of the requested type\n",
|
||||
map->nt_name));
|
||||
continue;
|
||||
}
|
||||
if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
|
||||
if (unix_only == ENUM_ONLY_MAPPED && map->gid == -1) {
|
||||
DEBUG(11,("ldapsam_enum_group_mapping: group %s is "
|
||||
"non mapped\n", map.nt_name));
|
||||
"non mapped\n", map->nt_name));
|
||||
continue;
|
||||
}
|
||||
|
||||
(*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
|
||||
*pp_rmap = talloc_realloc(NULL, *pp_rmap,
|
||||
GROUP_MAP *, entries + 1);
|
||||
if (!(*pp_rmap)) {
|
||||
DEBUG(0,("ldapsam_enum_group_mapping: Unable to "
|
||||
"enlarge group map!\n"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
(*pp_rmap)[entries] = map;
|
||||
(*pp_rmap)[entries] = talloc_move((*pp_rmap), &map);
|
||||
|
||||
entries += 1;
|
||||
|
||||
}
|
||||
|
||||
ldapsam_endsamgrent(methods);
|
||||
|
||||
*p_num_entries = entries;
|
||||
|
||||
@ -901,14 +901,22 @@ static NTSTATUS pdb_samba4_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
|
||||
talloc_free(tmp_ctx);
|
||||
return NT_STATUS_INTERNAL_DB_CORRUPTION;
|
||||
}
|
||||
fstrcpy(map->nt_name, str);
|
||||
map->nt_name = talloc_strdup(map, str);
|
||||
if (!map->nt_name) {
|
||||
talloc_free(tmp_ctx);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
str = ldb_msg_find_attr_as_string(msg, "description",
|
||||
NULL);
|
||||
if (str != NULL) {
|
||||
fstrcpy(map->comment, str);
|
||||
map->comment = talloc_strdup(map, str);
|
||||
} else {
|
||||
map->comment[0] = '\0';
|
||||
map->comment = talloc_strdup(map, "");
|
||||
}
|
||||
if (!map->comment) {
|
||||
talloc_free(tmp_ctx);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
talloc_free(tmp_ctx);
|
||||
@ -1071,7 +1079,7 @@ static NTSTATUS pdb_samba4_delete_group_mapping_entry(struct pdb_methods *m,
|
||||
static NTSTATUS pdb_samba4_enum_group_mapping(struct pdb_methods *m,
|
||||
const struct dom_sid *sid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only)
|
||||
{
|
||||
|
||||
@ -228,8 +228,11 @@ static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
|
||||
|
||||
static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map)
|
||||
{
|
||||
snprintf(map->nt_name, sizeof(map->nt_name), "%s%c%s",
|
||||
map->nt_name = talloc_asprintf(map, "%s%c%s",
|
||||
domain, *lp_winbind_separator(), name);
|
||||
if (!map->nt_name) {
|
||||
return false;
|
||||
}
|
||||
map->sid_name_use = name_type;
|
||||
map->sid = *sid;
|
||||
map->gid = gid;
|
||||
@ -354,7 +357,7 @@ done:
|
||||
|
||||
static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods,
|
||||
const struct dom_sid *sid, enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP **pp_rmap, size_t *p_num_entries,
|
||||
GROUP_MAP ***pp_rmap, size_t *p_num_entries,
|
||||
bool unix_only)
|
||||
{
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
|
||||
@ -229,8 +229,11 @@ NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid);
|
||||
NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map);
|
||||
NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map);
|
||||
NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid);
|
||||
bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
|
||||
size_t *p_num_entries, bool unix_only);
|
||||
bool pdb_enum_group_mapping(const struct dom_sid *sid,
|
||||
enum lsa_SidType sid_name_use,
|
||||
GROUP_MAP ***pp_rmap,
|
||||
size_t *p_num_entries,
|
||||
bool unix_only);
|
||||
NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
|
||||
const struct dom_sid *sid,
|
||||
uint32_t **pp_member_rids,
|
||||
|
||||
@ -1805,7 +1805,7 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args
|
||||
int unix_only = 0;
|
||||
PyObject *py_domain_sid;
|
||||
struct dom_sid *domain_sid = NULL;
|
||||
GROUP_MAP *gmap, *group_map;
|
||||
GROUP_MAP **gmap, *group_map;
|
||||
size_t num_entries;
|
||||
PyObject *py_gmap_list, *py_group_map;
|
||||
int i;
|
||||
@ -1852,13 +1852,15 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args
|
||||
py_group_map = py_groupmap_new(&PyGroupmap, NULL, NULL);
|
||||
if (py_group_map) {
|
||||
group_map = pytalloc_get_ptr(py_group_map);
|
||||
*group_map = gmap[i];
|
||||
*group_map = *gmap[i];
|
||||
talloc_steal(group_map, gmap[i]->nt_name);
|
||||
talloc_steal(group_map, gmap[i]->comment);
|
||||
|
||||
PyList_Append(py_gmap_list, py_group_map);
|
||||
}
|
||||
}
|
||||
|
||||
free(gmap);
|
||||
talloc_free(gmap);
|
||||
talloc_free(tframe);
|
||||
|
||||
return py_gmap_list;
|
||||
|
||||
@ -3023,7 +3023,8 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p,
|
||||
struct lsa_SetSystemAccessAccount *r)
|
||||
{
|
||||
struct lsa_info *info=NULL;
|
||||
GROUP_MAP map;
|
||||
NTSTATUS status;
|
||||
GROUP_MAP *map;
|
||||
|
||||
/* find the connection policy handle. */
|
||||
if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
|
||||
@ -3037,10 +3038,19 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p,
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
if (!pdb_getgrsid(&map, info->sid))
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
map = talloc_zero(p->mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
return pdb_update_group_mapping_entry(&map);
|
||||
if (!pdb_getgrsid(map, info->sid)) {
|
||||
TALLOC_FREE(map);
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
status = pdb_update_group_mapping_entry(map);
|
||||
TALLOC_FREE(map);
|
||||
return status;
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
|
||||
@ -5966,7 +5966,7 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p,
|
||||
{
|
||||
struct samr_group_info *ginfo;
|
||||
NTSTATUS status;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
union samr_GroupInfo *info = NULL;
|
||||
bool ret;
|
||||
uint32_t attributes = SE_GROUP_MANDATORY |
|
||||
@ -5982,15 +5982,21 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p,
|
||||
return status;
|
||||
}
|
||||
|
||||
map = talloc_zero(p->mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
become_root();
|
||||
ret = get_domain_group_from_sid(ginfo->sid, &map);
|
||||
ret = get_domain_group_from_sid(ginfo->sid, map);
|
||||
unbecome_root();
|
||||
if (!ret)
|
||||
return NT_STATUS_INVALID_HANDLE;
|
||||
|
||||
/* FIXME: map contains fstrings */
|
||||
group_name = talloc_strdup(r, map.nt_name);
|
||||
group_description = talloc_strdup(r, map.comment);
|
||||
group_name = talloc_move(r, &map->nt_name);
|
||||
group_description = talloc_move(r, &map->comment);
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
info = talloc_zero(p->mem_ctx, union samr_GroupInfo);
|
||||
if (!info) {
|
||||
@ -6068,7 +6074,7 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
|
||||
struct samr_SetGroupInfo *r)
|
||||
{
|
||||
struct samr_group_info *ginfo;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
NTSTATUS status;
|
||||
bool ret;
|
||||
|
||||
@ -6079,20 +6085,33 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
|
||||
return status;
|
||||
}
|
||||
|
||||
map = talloc_zero(p->mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
become_root();
|
||||
ret = get_domain_group_from_sid(ginfo->sid, &map);
|
||||
ret = get_domain_group_from_sid(ginfo->sid, map);
|
||||
unbecome_root();
|
||||
if (!ret)
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
|
||||
switch (r->in.level) {
|
||||
case 2:
|
||||
fstrcpy(map.nt_name, r->in.info->name.string);
|
||||
map->nt_name = talloc_strdup(map,
|
||||
r->in.info->name.string);
|
||||
if (!map->nt_name) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
break;
|
||||
case 3:
|
||||
break;
|
||||
case 4:
|
||||
fstrcpy(map.comment, r->in.info->description.string);
|
||||
map->comment = talloc_strdup(map,
|
||||
r->in.info->description.string);
|
||||
if (!map->comment) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
return NT_STATUS_INVALID_INFO_CLASS;
|
||||
@ -6101,11 +6120,13 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
|
||||
/******** BEGIN SeAddUsers BLOCK *********/
|
||||
|
||||
become_root();
|
||||
status = pdb_update_group_mapping_entry(&map);
|
||||
status = pdb_update_group_mapping_entry(map);
|
||||
unbecome_root();
|
||||
|
||||
/******** End SeAddUsers BLOCK *********/
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
force_flush_samr_cache(&ginfo->sid);
|
||||
}
|
||||
@ -6269,7 +6290,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
|
||||
|
||||
{
|
||||
struct dom_sid info_sid;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct samr_domain_info *dinfo;
|
||||
struct samr_group_info *ginfo;
|
||||
struct security_descriptor *psd = NULL;
|
||||
@ -6312,13 +6333,20 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
|
||||
DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n",
|
||||
sid_string_dbg(&info_sid)));
|
||||
|
||||
map = talloc_zero(p->mem_ctx, GROUP_MAP);
|
||||
if (!map) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* check if that group really exists */
|
||||
become_root();
|
||||
ret = get_domain_group_from_sid(info_sid, &map);
|
||||
ret = get_domain_group_from_sid(info_sid, map);
|
||||
unbecome_root();
|
||||
if (!ret)
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
|
||||
TALLOC_FREE(map);
|
||||
|
||||
ginfo = policy_handle_create(p, r->out.group_handle,
|
||||
acc_granted,
|
||||
struct samr_group_info, &status);
|
||||
|
||||
@ -33,24 +33,32 @@
|
||||
**********************************************************/
|
||||
static bool get_sid_from_input(struct dom_sid *sid, char *input)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (strncasecmp_m( input, "S-", 2)) {
|
||||
/* Perhaps its the NT group name? */
|
||||
if (!pdb_getgrnam(&map, input)) {
|
||||
if (!pdb_getgrnam(map, input)) {
|
||||
printf(_("NT Group %s doesn't exist in mapping DB\n"),
|
||||
input);
|
||||
TALLOC_FREE(map);
|
||||
return false;
|
||||
} else {
|
||||
*sid = map.sid;
|
||||
*sid = map->sid;
|
||||
}
|
||||
} else {
|
||||
if (!string_to_sid(sid, input)) {
|
||||
printf(_("converting sid %s from a string failed!\n"),
|
||||
input);
|
||||
TALLOC_FREE(map);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
TALLOC_FREE(map);
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -127,7 +135,7 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
|
||||
/* list a single group is given a name */
|
||||
if ( ntgroup[0] || sid_string[0] ) {
|
||||
struct dom_sid sid;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
|
||||
if ( sid_string[0] )
|
||||
strlcpy(ntgroup, sid_string, sizeof(ntgroup));
|
||||
@ -136,27 +144,39 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
|
||||
return -1;
|
||||
}
|
||||
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Get the current mapping from the database */
|
||||
if(!pdb_getgrsid(&map, sid)) {
|
||||
if(!pdb_getgrsid(map, sid)) {
|
||||
d_fprintf(stderr,
|
||||
_("Failure to local group SID in the "
|
||||
"database\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
print_map_entry(&map, long_list );
|
||||
print_map_entry(map, long_list );
|
||||
TALLOC_FREE(map);
|
||||
}
|
||||
else {
|
||||
GROUP_MAP *map=NULL;
|
||||
GROUP_MAP **maps = NULL;
|
||||
bool ok = false;
|
||||
/* enumerate all group mappings */
|
||||
if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))
|
||||
ok = pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN,
|
||||
&maps, &entries,
|
||||
ENUM_ALL_MAPPED);
|
||||
if (!ok) {
|
||||
return -1;
|
||||
|
||||
for (i=0; i<entries; i++) {
|
||||
print_map_entry(&map[i], long_list);
|
||||
}
|
||||
|
||||
SAFE_FREE(map);
|
||||
for (i=0; i<entries; i++) {
|
||||
print_map_entry(maps[i], long_list);
|
||||
}
|
||||
|
||||
TALLOC_FREE(maps);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -178,7 +198,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
|
||||
uint32 rid = 0;
|
||||
gid_t gid;
|
||||
int i;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
|
||||
const char *name_type;
|
||||
const char add_usage_str[] = N_("net groupmap add "
|
||||
@ -188,10 +208,6 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
|
||||
"[ntgroup=<string>] "
|
||||
"[comment=<string>]");
|
||||
|
||||
ZERO_STRUCT(map);
|
||||
|
||||
/* Default is domain group. */
|
||||
map.sid_name_use = SID_NAME_DOM_GRP;
|
||||
name_type = "domain group";
|
||||
|
||||
if (c->display_usage) {
|
||||
@ -280,13 +296,19 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
|
||||
return -1;
|
||||
}
|
||||
|
||||
{
|
||||
if (pdb_getgrgid(&map, gid)) {
|
||||
d_printf(_("Unix group %s already mapped to SID %s\n"),
|
||||
unixgrp, sid_string_tos(&map.sid));
|
||||
return -1;
|
||||
}
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return -1;
|
||||
}
|
||||
/* Default is domain group. */
|
||||
map->sid_name_use = SID_NAME_DOM_GRP;
|
||||
if (pdb_getgrgid(map, gid)) {
|
||||
d_printf(_("Unix group %s already mapped to SID %s\n"),
|
||||
unixgrp, sid_string_tos(&map->sid));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
TALLOC_FREE(map);
|
||||
|
||||
if ( (rid == 0) && (string_sid[0] == '\0') ) {
|
||||
d_printf(_("No rid or sid specified, choosing a RID\n"));
|
||||
@ -339,7 +361,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
|
||||
static int net_groupmap_modify(struct net_context *c, int argc, const char **argv)
|
||||
{
|
||||
struct dom_sid sid;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map = NULL;
|
||||
fstring ntcomment = "";
|
||||
fstring type = "";
|
||||
fstring ntgroup = "";
|
||||
@ -430,10 +452,16 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
|
||||
}
|
||||
}
|
||||
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Get the current mapping from the database */
|
||||
if(!pdb_getgrsid(&map, sid)) {
|
||||
if(!pdb_getgrsid(map, sid)) {
|
||||
d_fprintf(stderr,
|
||||
_("Failed to find local group SID in the database\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -443,24 +471,36 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
|
||||
*/
|
||||
if (sid_type == SID_NAME_UNKNOWN) {
|
||||
d_fprintf(stderr, _("Can't map to an unknown group type.\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (map.sid_name_use == SID_NAME_WKN_GRP) {
|
||||
if (map->sid_name_use == SID_NAME_WKN_GRP) {
|
||||
d_fprintf(stderr,
|
||||
_("You can only change between domain and local "
|
||||
"groups.\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
map.sid_name_use=sid_type;
|
||||
map->sid_name_use = sid_type;
|
||||
|
||||
/* Change comment if new one */
|
||||
if ( ntcomment[0] )
|
||||
strlcpy(map.comment, ntcomment, sizeof(map.comment));
|
||||
if (ntcomment[0]) {
|
||||
map->comment = talloc_strdup(map, ntcomment);
|
||||
if (!map->comment) {
|
||||
d_fprintf(stderr, _("Out of memory!\n"));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if ( ntgroup[0] )
|
||||
strlcpy(map.nt_name, ntgroup, sizeof(map.nt_name));
|
||||
if (ntgroup[0]) {
|
||||
map->nt_name = talloc_strdup(map, ntgroup);
|
||||
if (!map->nt_name) {
|
||||
d_fprintf(stderr, _("Out of memory!\n"));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if ( unixgrp[0] ) {
|
||||
gid = nametogid( unixgrp );
|
||||
@ -468,19 +508,22 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
|
||||
d_fprintf(stderr, _("Unable to lookup UNIX group %s. "
|
||||
"Make sure the group exists.\n"),
|
||||
unixgrp);
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
map.gid = gid;
|
||||
map->gid = gid;
|
||||
}
|
||||
|
||||
if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
|
||||
if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
|
||||
d_fprintf(stderr, _("Could not update group database\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
d_printf(_("Updated mapping entry for %s\n"), map.nt_name);
|
||||
d_printf(_("Updated mapping entry for %s\n"), map->nt_name);
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -552,7 +595,7 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
|
||||
{
|
||||
const char *ntgroup = NULL;
|
||||
struct group *grp = NULL;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
bool have_map = false;
|
||||
|
||||
if ((argc < 1) || (argc > 2) || c->display_usage) {
|
||||
@ -580,13 +623,19 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
have_map = pdb_getgrnam(&map, ntgroup);
|
||||
map = talloc_zero(NULL, GROUP_MAP);
|
||||
if (!map) {
|
||||
d_printf(_("Out of memory!\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
have_map = pdb_getgrnam(map, ntgroup);
|
||||
|
||||
if (!have_map) {
|
||||
struct dom_sid sid;
|
||||
have_map = ( (strncmp(ntgroup, "S-", 2) == 0) &&
|
||||
string_to_sid(&sid, ntgroup) &&
|
||||
pdb_getgrsid(&map, sid) );
|
||||
pdb_getgrsid(map, sid) );
|
||||
}
|
||||
|
||||
if (!have_map) {
|
||||
@ -597,33 +646,41 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
|
||||
d_fprintf(stderr,
|
||||
_("Could not find group mapping for %s\n"),
|
||||
ntgroup);
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
map.gid = grp->gr_gid;
|
||||
map->gid = grp->gr_gid;
|
||||
|
||||
if (c->opt_rid == 0) {
|
||||
if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) {
|
||||
if ( !pdb_new_rid((uint32*)&c->opt_rid) ) {
|
||||
d_fprintf( stderr,
|
||||
_("Could not allocate new RID\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
c->opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid);
|
||||
c->opt_rid = algorithmic_pdb_gid_to_group_rid(map->gid);
|
||||
}
|
||||
}
|
||||
|
||||
sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid);
|
||||
sid_compose(&map->sid, get_global_sam_sid(), c->opt_rid);
|
||||
|
||||
map.sid_name_use = SID_NAME_DOM_GRP;
|
||||
fstrcpy(map.nt_name, ntgroup);
|
||||
fstrcpy(map.comment, "");
|
||||
map->sid_name_use = SID_NAME_DOM_GRP;
|
||||
map->nt_name = talloc_strdup(map, ntgroup);
|
||||
map->comment = talloc_strdup(map, "");
|
||||
if (!map->nt_name || !map->comment) {
|
||||
d_printf(_("Out of memory!\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
|
||||
if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(map))) {
|
||||
d_fprintf(stderr,
|
||||
_("Could not add mapping entry for %s\n"),
|
||||
ntgroup);
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@ -631,46 +688,59 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
|
||||
/* Now we have a mapping entry, update that stuff */
|
||||
|
||||
if ( c->opt_localgroup || c->opt_domaingroup ) {
|
||||
if (map.sid_name_use == SID_NAME_WKN_GRP) {
|
||||
if (map->sid_name_use == SID_NAME_WKN_GRP) {
|
||||
d_fprintf(stderr,
|
||||
_("Can't change type of the BUILTIN "
|
||||
"group %s\n"),
|
||||
map.nt_name);
|
||||
map->nt_name);
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (c->opt_localgroup)
|
||||
map.sid_name_use = SID_NAME_ALIAS;
|
||||
map->sid_name_use = SID_NAME_ALIAS;
|
||||
|
||||
if (c->opt_domaingroup)
|
||||
map.sid_name_use = SID_NAME_DOM_GRP;
|
||||
map->sid_name_use = SID_NAME_DOM_GRP;
|
||||
|
||||
/* The case (opt_domaingroup && opt_localgroup) was tested for above */
|
||||
|
||||
if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) {
|
||||
fstrcpy(map.comment, c->opt_comment);
|
||||
map->comment = talloc_strdup(map, c->opt_comment);
|
||||
if (!map->comment) {
|
||||
d_printf(_("Out of memory!\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) {
|
||||
fstrcpy(map.nt_name, c->opt_newntname);
|
||||
map->nt_name = talloc_strdup(map, c->opt_newntname);
|
||||
if (!map->nt_name) {
|
||||
d_printf(_("Out of memory!\n"));
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (grp != NULL)
|
||||
map.gid = grp->gr_gid;
|
||||
map->gid = grp->gr_gid;
|
||||
|
||||
if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map))) {
|
||||
if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
|
||||
d_fprintf(stderr, _("Could not update group mapping for %s\n"),
|
||||
ntgroup);
|
||||
TALLOC_FREE(map);
|
||||
return -1;
|
||||
}
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int net_groupmap_cleanup(struct net_context *c, int argc, const char **argv)
|
||||
{
|
||||
GROUP_MAP *map = NULL;
|
||||
GROUP_MAP **maps = NULL;
|
||||
size_t i, entries;
|
||||
|
||||
if (c->display_usage) {
|
||||
@ -682,7 +752,7 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries,
|
||||
if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &maps, &entries,
|
||||
ENUM_ALL_MAPPED)) {
|
||||
d_fprintf(stderr, _("Could not list group mappings\n"));
|
||||
return -1;
|
||||
@ -690,19 +760,19 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar
|
||||
|
||||
for (i=0; i<entries; i++) {
|
||||
|
||||
if (map[i].gid == -1)
|
||||
printf(_("Group %s is not mapped\n"), map[i].nt_name);
|
||||
if (maps[i]->gid == -1)
|
||||
printf(_("Group %s is not mapped\n"),
|
||||
maps[i]->nt_name);
|
||||
|
||||
if (!sid_check_is_in_our_domain(&map[i].sid)) {
|
||||
if (!sid_check_is_in_our_domain(&maps[i]->sid)) {
|
||||
printf(_("Deleting mapping for NT Group %s, sid %s\n"),
|
||||
map[i].nt_name,
|
||||
sid_string_tos(&map[i].sid));
|
||||
pdb_delete_group_mapping_entry(map[i].sid);
|
||||
maps[i]->nt_name,
|
||||
sid_string_tos(&maps[i]->sid));
|
||||
pdb_delete_group_mapping_entry(maps[i]->sid);
|
||||
}
|
||||
}
|
||||
|
||||
SAFE_FREE(map);
|
||||
|
||||
TALLOC_FREE(maps);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -299,7 +299,7 @@ static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc,
|
||||
static int net_sam_set_comment(struct net_context *c, int argc,
|
||||
const char **argv)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct dom_sid sid;
|
||||
enum lsa_SidType type;
|
||||
const char *dom, *name;
|
||||
@ -330,14 +330,24 @@ static int net_sam_set_comment(struct net_context *c, int argc,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!pdb_getgrsid(&map, sid)) {
|
||||
map = talloc_zero(talloc_tos(), GROUP_MAP);
|
||||
if (!map) {
|
||||
d_fprintf(stderr, _("Out of memory!\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!pdb_getgrsid(map, sid)) {
|
||||
d_fprintf(stderr, _("Could not load group %s\n"), argv[0]);
|
||||
return -1;
|
||||
}
|
||||
|
||||
fstrcpy(map.comment, argv[1]);
|
||||
map->comment = talloc_strdup(map, argv[1]);
|
||||
if (!map->comment) {
|
||||
d_fprintf(stderr, _("Out of memory!\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
status = pdb_update_group_mapping_entry(&map);
|
||||
status = pdb_update_group_mapping_entry(map);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
d_fprintf(stderr, _("Updating group mapping entry failed with "
|
||||
@ -348,6 +358,7 @@ static int net_sam_set_comment(struct net_context *c, int argc,
|
||||
d_printf("Updated comment of group %s\\%s to %s\n", dom, name,
|
||||
argv[1]);
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -807,39 +818,33 @@ static int net_sam_rights(struct net_context *c, int argc, const char **argv)
|
||||
* Map a unix group to a domain group
|
||||
*/
|
||||
|
||||
static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
|
||||
static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *map)
|
||||
{
|
||||
NTSTATUS status;
|
||||
GROUP_MAP map;
|
||||
const char *grpname, *dom, *name;
|
||||
const char *dom, *name;
|
||||
uint32 rid;
|
||||
|
||||
if (pdb_getgrgid(&map, grp->gr_gid)) {
|
||||
if (pdb_getgrgid(map, grp->gr_gid)) {
|
||||
return NT_STATUS_GROUP_EXISTS;
|
||||
}
|
||||
|
||||
map.gid = grp->gr_gid;
|
||||
grpname = grp->gr_name;
|
||||
map->gid = grp->gr_gid;
|
||||
|
||||
if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
|
||||
if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
|
||||
&dom, &name, NULL, NULL)) {
|
||||
|
||||
const char *tmp = talloc_asprintf(
|
||||
talloc_tos(), "Unix Group %s", grp->gr_name);
|
||||
map->nt_name = talloc_asprintf(map, "Unix Group %s",
|
||||
grp->gr_name);
|
||||
|
||||
DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
|
||||
grpname, dom, name, tmp));
|
||||
grpname = tmp;
|
||||
grp->gr_name, dom, name, map->nt_name));
|
||||
}
|
||||
|
||||
if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
|
||||
if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
|
||||
NULL, NULL, NULL, NULL)) {
|
||||
DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
|
||||
return NT_STATUS_GROUP_EXISTS;
|
||||
}
|
||||
|
||||
fstrcpy(map.nt_name, grpname);
|
||||
|
||||
if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
|
||||
if (!pdb_new_rid(&rid)) {
|
||||
DEBUG(3, ("Could not get a new RID for %s\n",
|
||||
@ -850,22 +855,17 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
|
||||
rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
|
||||
}
|
||||
|
||||
sid_compose(&map.sid, get_global_sam_sid(), rid);
|
||||
map.sid_name_use = SID_NAME_DOM_GRP;
|
||||
fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s",
|
||||
grp->gr_name));
|
||||
sid_compose(&map->sid, get_global_sam_sid(), rid);
|
||||
map->sid_name_use = SID_NAME_DOM_GRP;
|
||||
map->comment = talloc_asprintf(map, "Unix Group %s", grp->gr_name);
|
||||
|
||||
status = pdb_add_group_mapping_entry(&map);
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
*pmap = map;
|
||||
}
|
||||
return status;
|
||||
return pdb_add_group_mapping_entry(map);
|
||||
}
|
||||
|
||||
static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **argv)
|
||||
{
|
||||
NTSTATUS status;
|
||||
GROUP_MAP map;
|
||||
GROUP_MAP *map;
|
||||
struct group *grp;
|
||||
|
||||
if (argc != 1 || c->display_usage) {
|
||||
@ -881,7 +881,13 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
|
||||
return -1;
|
||||
}
|
||||
|
||||
status = map_unix_group(grp, &map);
|
||||
map = talloc_zero(talloc_tos(), GROUP_MAP);
|
||||
if (!map) {
|
||||
d_fprintf(stderr, _("Out of memory!\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
status = map_unix_group(grp, map);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
d_fprintf(stderr, _("Mapping group %s failed with %s\n"),
|
||||
@ -890,8 +896,9 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
|
||||
}
|
||||
|
||||
d_printf(_("Mapped unix group %s to SID %s\n"), argv[0],
|
||||
sid_string_tos(&map.sid));
|
||||
sid_string_tos(&map->sid));
|
||||
|
||||
TALLOC_FREE(map);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -899,24 +906,17 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
|
||||
* Remove a group mapping
|
||||
*/
|
||||
|
||||
static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
|
||||
static NTSTATUS unmap_unix_group(const struct group *grp)
|
||||
{
|
||||
GROUP_MAP map;
|
||||
const char *grpname;
|
||||
struct dom_sid dom_sid;
|
||||
|
||||
map.gid = grp->gr_gid;
|
||||
grpname = grp->gr_name;
|
||||
|
||||
if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
|
||||
if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
|
||||
NULL, NULL, NULL, NULL)) {
|
||||
DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name));
|
||||
return NT_STATUS_NO_SUCH_GROUP;
|
||||
}
|
||||
|
||||
fstrcpy(map.nt_name, grpname);
|
||||
|
||||
if (!pdb_gid_to_sid(map.gid, &dom_sid)) {
|
||||
if (!pdb_gid_to_sid(grp->gr_gid, &dom_sid)) {
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
@ -926,7 +926,6 @@ static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
|
||||
static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **argv)
|
||||
{
|
||||
NTSTATUS status;
|
||||
GROUP_MAP map;
|
||||
struct group *grp;
|
||||
|
||||
if (argc != 1 || c->display_usage) {
|
||||
@ -943,7 +942,7 @@ static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **
|
||||
return -1;
|
||||
}
|
||||
|
||||
status = unmap_unix_group(grp, &map);
|
||||
status = unmap_unix_group(grp);
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
d_fprintf(stderr, _("Unmapping group %s failed with %s.\n"),
|
||||
@ -1583,7 +1582,7 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
|
||||
char *ldap_uri = NULL;
|
||||
char *p;
|
||||
struct smbldap_state *ls;
|
||||
GROUP_MAP gmap;
|
||||
GROUP_MAP *gmap = NULL;
|
||||
struct dom_sid gsid;
|
||||
gid_t domusers_gid = -1;
|
||||
gid_t domadmins_gid = -1;
|
||||
@ -1653,7 +1652,13 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
|
||||
|
||||
sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_USERS);
|
||||
|
||||
if (!pdb_getgrsid(&gmap, gsid)) {
|
||||
gmap = talloc_zero(tc, GROUP_MAP);
|
||||
if (!gmap) {
|
||||
d_printf(_("Out of memory!\n"));
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (!pdb_getgrsid(gmap, gsid)) {
|
||||
LDAPMod **mods = NULL;
|
||||
char *dn;
|
||||
char *uname;
|
||||
@ -1710,16 +1715,16 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
|
||||
}
|
||||
|
||||
if (is_ipa) {
|
||||
if (!pdb_getgrsid(&gmap, gsid)) {
|
||||
if (!pdb_getgrsid(gmap, gsid)) {
|
||||
d_fprintf(stderr, _("Failed to read just "
|
||||
"created domain group.\n"));
|
||||
goto failed;
|
||||
} else {
|
||||
domusers_gid = gmap.gid;
|
||||
domusers_gid = gmap->gid;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
domusers_gid = gmap.gid;
|
||||
domusers_gid = gmap->gid;
|
||||
d_printf(_("found!\n"));
|
||||
}
|
||||
|
||||
@ -1729,7 +1734,7 @@ domu_done:
|
||||
|
||||
sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
|
||||
|
||||
if (!pdb_getgrsid(&gmap, gsid)) {
|
||||
if (!pdb_getgrsid(gmap, gsid)) {
|
||||
LDAPMod **mods = NULL;
|
||||
char *dn;
|
||||
char *uname;
|
||||
@ -1786,16 +1791,16 @@ domu_done:
|
||||
}
|
||||
|
||||
if (is_ipa) {
|
||||
if (!pdb_getgrsid(&gmap, gsid)) {
|
||||
if (!pdb_getgrsid(gmap, gsid)) {
|
||||
d_fprintf(stderr, _("Failed to read just "
|
||||
"created domain group.\n"));
|
||||
goto failed;
|
||||
} else {
|
||||
domadmins_gid = gmap.gid;
|
||||
domadmins_gid = gmap->gid;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
domadmins_gid = gmap.gid;
|
||||
domadmins_gid = gmap->gid;
|
||||
d_printf(_("found!\n"));
|
||||
}
|
||||
|
||||
@ -2039,7 +2044,7 @@ doma_done:
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!pdb_getgrgid(&gmap, pwd->pw_gid)) {
|
||||
if (!pdb_getgrgid(gmap, pwd->pw_gid)) {
|
||||
LDAPMod **mods = NULL;
|
||||
char *dn;
|
||||
char *uname;
|
||||
|
||||
@ -175,7 +175,7 @@ static int export_database (struct pdb_methods *in,
|
||||
|
||||
static int export_groups (struct pdb_methods *in, struct pdb_methods *out)
|
||||
{
|
||||
GROUP_MAP *maps = NULL;
|
||||
GROUP_MAP **maps = NULL;
|
||||
size_t i, entries = 0;
|
||||
NTSTATUS status;
|
||||
|
||||
@ -188,10 +188,10 @@ static int export_groups (struct pdb_methods *in, struct pdb_methods *out)
|
||||
}
|
||||
|
||||
for (i=0; i<entries; i++) {
|
||||
out->add_group_mapping_entry(out, &(maps[i]));
|
||||
out->add_group_mapping_entry(out, maps[i]);
|
||||
}
|
||||
|
||||
SAFE_FREE( maps );
|
||||
TALLOC_FREE(maps);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user