1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

This moves the group mapping API into the passdb backend.

Currently this calls back to mapping.c, but we have the framework
to get the information into LDAP and the passdb.tdb (should we? I
think so..).

This has received moderate testing with net rpc vampire and
usrmgr. I found the add_groupmem segfault in add_aliasmem as
well, but that will be another checkin.

Volker
This commit is contained in:
Volker Lendecke 0001-01-01 00:00:00 +00:00
parent c4452ef22c
commit f30095852f
16 changed files with 546 additions and 52 deletions

View File

@ -313,7 +313,7 @@ BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use,
map.priv_set.count=priv_set.count;
map.priv_set.set=priv_set.set;
add_mapping_entry(&map, TDB_INSERT);
pdb_add_group_mapping_entry(&map);
return True;
}
@ -915,7 +915,7 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
DEBUG(10, ("get_domain_group_from_sid\n"));
/* if the group is NOT in the database, it CAN NOT be a domain group */
if(!get_group_map_from_sid(sid, map, with_priv))
if(!pdb_getgrsid(map, sid, with_priv))
return False;
DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
@ -962,7 +962,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
}
/* The group is in the mapping table */
if(get_group_map_from_sid(sid, map, with_priv)) {
if(pdb_getgrsid(map, sid, with_priv)) {
if (map->sid_name_use!=SID_NAME_ALIAS) {
if (with_priv)
free_privilege(&map->priv_set);
@ -1016,7 +1016,7 @@ BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
return(False);
}
if(!get_group_map_from_sid(sid, map, with_priv))
if(!pdb_getgrsid(map, sid, with_priv))
return False;
if (map->sid_name_use!=SID_NAME_WKN_GRP) {
@ -1060,7 +1060,7 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
/*
* make a group map from scratch if doesn't exist.
*/
if (!get_group_map_from_gid(gid, map, with_priv)) {
if (!pdb_getgrgid(map, gid, with_priv)) {
map->gid=gid;
map->sid_name_use=SID_NAME_ALIAS;
map->systemaccount=PR_ACCESS_FROM_NETWORK;

View File

@ -43,6 +43,7 @@
typedef struct _GROUP_MAP {
struct pdb_methods *methods;
gid_t gid;
DOM_SID sid;
enum SID_NAME_USE sid_name_use;

View File

@ -32,7 +32,7 @@
* this SAMBA will load. Increment this if *ANY* changes are made to the interface.
*/
#define PASSDB_INTERFACE_VERSION 3
#define PASSDB_INTERFACE_VERSION 4
/* use this inside a passdb module */
#define PDB_MODULE_VERSIONING_MAGIC \
@ -64,7 +64,30 @@ typedef struct pdb_context
NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map,
DOM_SID sid, BOOL with_priv);
NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map,
gid_t gid, BOOL with_priv);
NTSTATUS (*pdb_getgrnam)(struct pdb_context *context, GROUP_MAP *map,
char *name, BOOL with_priv);
NTSTATUS (*pdb_add_group_mapping_entry)(struct pdb_context *context,
GROUP_MAP *map);
NTSTATUS (*pdb_update_group_mapping_entry)(struct pdb_context *context,
GROUP_MAP *map);
NTSTATUS (*pdb_delete_group_mapping_entry)(struct pdb_context *context,
DOM_SID sid);
NTSTATUS (*pdb_enum_group_mapping)(struct pdb_context *context,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv);
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
@ -96,6 +119,29 @@ typedef struct pdb_methods
NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username);
NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid, BOOL with_priv);
NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid, BOOL with_priv);
NTSTATUS (*getgrnam)(struct pdb_methods *methods, GROUP_MAP *map,
char *name, BOOL with_priv);
NTSTATUS (*add_group_mapping_entry)(struct pdb_methods *methods,
GROUP_MAP *map);
NTSTATUS (*update_group_mapping_entry)(struct pdb_methods *methods,
GROUP_MAP *map);
NTSTATUS (*delete_group_mapping_entry)(struct pdb_methods *methods,
DOM_SID sid);
NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv);
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);

View File

@ -214,7 +214,7 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
}
/* call the mapping code here */
if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
DEBUG(0,("Can't set Group SID!\n"));
return NT_STATUS_INVALID_PARAMETER;
@ -636,7 +636,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
pdb_free_sam(&sam_account);
if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) {
if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) {
if (map.gid!=-1) {
DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
} else {
@ -746,7 +746,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
*/
/* check if it's a mapped group */
if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) {
if (pdb_getgrnam(&map, user, MAPPING_WITHOUT_PRIV)) {
/* yes it's a mapped group */
sid_copy(&local_sid, &map.sid);
*psid_name_use = map.sid_name_use;
@ -768,7 +768,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
* JFM, 30/11/2001
*/
if (get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){
if (pdb_getgrgid(&map, grp->gr_gid, MAPPING_WITHOUT_PRIV)){
return False;
}
@ -859,7 +859,7 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_
pdb_free_sam(&sam_user);
if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid)));
/* It's a group, not a user... */
return False;
@ -897,7 +897,7 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
sid_copy(psid, get_global_sam_sid());
if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
sid_copy(psid, &map.sid);
}
else {
@ -925,7 +925,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
* Or in the Builtin SID too. JFM, 11/30/2001
*/
if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) {
if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
/* the SID is in the mapping table but not mapped */
if (map.gid==-1)

View File

@ -215,6 +215,135 @@ static NTSTATUS context_delete_sam_account(struct pdb_context *context, SAM_ACCO
return sam_acct->methods->delete_sam_account(sam_acct->methods, sam_acct);
}
static NTSTATUS context_getgrsid(struct pdb_context *context,
GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct pdb_methods *curmethods;
if ((!context)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
curmethods = context->pdb_methods;
while (curmethods){
ret = curmethods->getgrsid(curmethods, map, sid, with_priv);
if (NT_STATUS_IS_OK(ret)) {
map->methods = curmethods;
return ret;
}
curmethods = curmethods->next;
}
return ret;
}
static NTSTATUS context_getgrgid(struct pdb_context *context,
GROUP_MAP *map, gid_t gid, BOOL with_priv)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct pdb_methods *curmethods;
if ((!context)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
curmethods = context->pdb_methods;
while (curmethods){
ret = curmethods->getgrgid(curmethods, map, gid, with_priv);
if (NT_STATUS_IS_OK(ret)) {
map->methods = curmethods;
return ret;
}
curmethods = curmethods->next;
}
return ret;
}
static NTSTATUS context_getgrnam(struct pdb_context *context,
GROUP_MAP *map, char *name, BOOL with_priv)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
struct pdb_methods *curmethods;
if ((!context)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
curmethods = context->pdb_methods;
while (curmethods){
ret = curmethods->getgrnam(curmethods, map, name, with_priv);
if (NT_STATUS_IS_OK(ret)) {
map->methods = curmethods;
return ret;
}
curmethods = curmethods->next;
}
return ret;
}
static NTSTATUS context_add_group_mapping_entry(struct pdb_context *context,
GROUP_MAP *map)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
if ((!context) || (!context->pdb_methods)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
return context->pdb_methods->add_group_mapping_entry(context->pdb_methods,
map);
}
static NTSTATUS context_update_group_mapping_entry(struct pdb_context *context,
GROUP_MAP *map)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
if ((!context) || (!context->pdb_methods)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
return context->
pdb_methods->update_group_mapping_entry(context->pdb_methods, map);
}
static NTSTATUS context_delete_group_mapping_entry(struct pdb_context *context,
DOM_SID sid)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
if ((!context) || (!context->pdb_methods)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
return context->
pdb_methods->delete_group_mapping_entry(context->pdb_methods, sid);
}
static NTSTATUS context_enum_group_mapping(struct pdb_context *context,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
if ((!context) || (!context->pdb_methods)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
return context->pdb_methods->enum_group_mapping(context->pdb_methods,
sid_name_use, rmap,
num_entries, unix_only,
with_priv);
}
/******************************************************************
Free and cleanup a pdb context, any associated data and anything
that the attached modules might have associated.
@ -310,6 +439,13 @@ static NTSTATUS make_pdb_context(struct pdb_context **context)
(*context)->pdb_add_sam_account = context_add_sam_account;
(*context)->pdb_update_sam_account = context_update_sam_account;
(*context)->pdb_delete_sam_account = context_delete_sam_account;
(*context)->pdb_getgrsid = context_getgrsid;
(*context)->pdb_getgrgid = context_getgrgid;
(*context)->pdb_getgrnam = context_getgrnam;
(*context)->pdb_add_group_mapping_entry = context_add_group_mapping_entry;
(*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
(*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
(*context)->pdb_enum_group_mapping = context_enum_group_mapping;
(*context)->free_fn = free_pdb_context;
@ -479,6 +615,93 @@ BOOL pdb_delete_sam_account(SAM_ACCOUNT *sam_acct)
return NT_STATUS_IS_OK(pdb_context->pdb_delete_sam_account(pdb_context, sam_acct));
}
BOOL pdb_getgrsid(GROUP_MAP *map, DOM_SID sid, BOOL with_priv)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
return False;
}
return NT_STATUS_IS_OK(pdb_context->
pdb_getgrsid(pdb_context, map, sid, with_priv));
}
BOOL pdb_getgrgid(GROUP_MAP *map, gid_t gid, BOOL with_priv)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
return False;
}
return NT_STATUS_IS_OK(pdb_context->
pdb_getgrgid(pdb_context, map, gid, with_priv));
}
BOOL pdb_getgrnam(GROUP_MAP *map, char *name, BOOL with_priv)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
return False;
}
return NT_STATUS_IS_OK(pdb_context->
pdb_getgrnam(pdb_context, map, name, with_priv));
}
BOOL pdb_add_group_mapping_entry(GROUP_MAP *map)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
return False;
}
return NT_STATUS_IS_OK(pdb_context->
pdb_add_group_mapping_entry(pdb_context, map));
}
BOOL pdb_update_group_mapping_entry(GROUP_MAP *map)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
return False;
}
return NT_STATUS_IS_OK(pdb_context->
pdb_update_group_mapping_entry(pdb_context, map));
}
BOOL pdb_delete_group_mapping_entry(DOM_SID sid)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
return False;
}
return NT_STATUS_IS_OK(pdb_context->
pdb_delete_group_mapping_entry(pdb_context, sid));
}
BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
int *num_entries, BOOL unix_only, BOOL with_priv)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
if (!pdb_context) {
return False;
}
return NT_STATUS_IS_OK(pdb_context->
pdb_enum_group_mapping(pdb_context, sid_name_use,
rmap, num_entries, unix_only,
with_priv));
}
#endif /* !defined(WITH_NISPLUS_SAM) */
/***************************************************************

View File

@ -722,7 +722,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
if (group_rid == 0) {
GROUP_MAP map;
/* call the mapping code here */
if(get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) {
if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
pdb_set_group_sid(sampass, &map.sid, PDB_SET);
}
else {
@ -1733,6 +1733,58 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
return NT_STATUS_OK;
}
static NTSTATUS lsapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid, BOOL with_priv)
{
return get_group_map_from_sid(sid, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS lsapsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid, BOOL with_priv)
{
return get_group_map_from_gid(gid, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS lsapsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
char *name, BOOL with_priv)
{
return get_group_map_from_ntname(name, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS lsapsam_add_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return add_mapping_entry(map, TDB_INSERT) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS lsapsam_update_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return add_mapping_entry(map, TDB_REPLACE) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS lsapsam_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
return group_map_remove(sid) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS lsapsam_enum_group_mapping(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv)
{
return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static void free_private_data(void **vp)
{
struct ldapsam_privates **ldap_state = (struct ldapsam_privates **)vp;
@ -1772,6 +1824,13 @@ NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
(*pdb_method)->add_sam_account = ldapsam_add_sam_account;
(*pdb_method)->update_sam_account = ldapsam_update_sam_account;
(*pdb_method)->delete_sam_account = ldapsam_delete_sam_account;
(*pdb_method)->getgrsid = lsapsam_getgrsid;
(*pdb_method)->getgrgid = lsapsam_getgrgid;
(*pdb_method)->getgrnam = lsapsam_getgrnam;
(*pdb_method)->add_group_mapping_entry = lsapsam_add_group_mapping_entry;
(*pdb_method)->update_group_mapping_entry = lsapsam_update_group_mapping_entry;
(*pdb_method)->delete_group_mapping_entry = lsapsam_delete_group_mapping_entry;
(*pdb_method)->enum_group_mapping = lsapsam_enum_group_mapping;
/* TODO: Setup private data and free */

View File

@ -1080,9 +1080,8 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
rid = pdb_get_group_rid (sampass);
if (rid == 0) {
if (get_group_map_from_gid
(pdb_get_gid (sampass), &map,
MAPPING_WITHOUT_PRIV)) {
if (pdb_getgrgid(&map, pdb_get_gid (sampass),
MAPPING_WITHOUT_PRIV)) {
if (!sid_peek_check_rid
(get_global_sam_sid (), &map.sid, &rid))
return False;

View File

@ -1492,6 +1492,50 @@ static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SA
return NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS smbpasswd_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS smbpasswd_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS smbpasswd_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
char *name, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS smbpasswd_add_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS smbpasswd_update_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS smbpasswd_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS smbpasswd_enum_group_mapping(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static void free_private_data(void **vp)
{
struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp;
@ -1522,6 +1566,13 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
(*pdb_method)->add_sam_account = smbpasswd_add_sam_account;
(*pdb_method)->update_sam_account = smbpasswd_update_sam_account;
(*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account;
(*pdb_method)->getgrsid = smbpasswd_getgrsid;
(*pdb_method)->getgrgid = smbpasswd_getgrgid;
(*pdb_method)->getgrnam = smbpasswd_getgrnam;
(*pdb_method)->add_group_mapping_entry = smbpasswd_add_group_mapping_entry;
(*pdb_method)->update_group_mapping_entry = smbpasswd_update_group_mapping_entry;
(*pdb_method)->delete_group_mapping_entry = smbpasswd_delete_group_mapping_entry;
(*pdb_method)->enum_group_mapping = smbpasswd_enum_group_mapping;
/* Setup private data and free function */

View File

@ -896,6 +896,58 @@ static NTSTATUS tdbsam_add_sam_account (struct pdb_methods *my_methods, SAM_ACCO
return NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS tdbsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid, BOOL with_priv)
{
return get_group_map_from_sid(sid, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS tdbsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid, BOOL with_priv)
{
return get_group_map_from_gid(gid, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS tdbsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
char *name, BOOL with_priv)
{
return get_group_map_from_ntname(name, map, with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS tdbsam_add_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return add_mapping_entry(map, TDB_INSERT) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS tdbsam_update_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return add_mapping_entry(map, TDB_REPLACE) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS tdbsam_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
return group_map_remove(sid) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static NTSTATUS tdbsam_enum_group_mapping(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv)
{
return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only,
with_priv) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
static void free_private_data(void **vp)
{
struct tdbsam_privates **tdb_state = (struct tdbsam_privates **)vp;
@ -933,6 +985,13 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
(*pdb_method)->getgrsid = tdbsam_getgrsid;
(*pdb_method)->getgrgid = tdbsam_getgrgid;
(*pdb_method)->getgrnam = tdbsam_getgrnam;
(*pdb_method)->add_group_mapping_entry = tdbsam_add_group_mapping_entry;
(*pdb_method)->update_group_mapping_entry = tdbsam_update_group_mapping_entry;
(*pdb_method)->delete_group_mapping_entry = tdbsam_delete_group_mapping_entry;
(*pdb_method)->enum_group_mapping = tdbsam_enum_group_mapping;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));

View File

@ -131,6 +131,50 @@ static void unixsam_endsampwent(struct pdb_methods *methods)
return; /* NT_STATUS_NOT_IMPLEMENTED; */
}
static NTSTATUS unixsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
DOM_SID sid, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS unixsam_getgrgid(struct pdb_methods *methods, GROUP_MAP *map,
gid_t gid, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS unixsam_getgrnam(struct pdb_methods *methods, GROUP_MAP *map,
char *name, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS unixsam_add_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS unixsam_update_group_mapping_entry(struct pdb_methods *methods,
GROUP_MAP *map)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS unixsam_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS unixsam_enum_group_mapping(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only, BOOL with_priv)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
@ -154,6 +198,13 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
(*pdb_method)->add_sam_account = unixsam_add_sam_account;
(*pdb_method)->update_sam_account = unixsam_update_sam_account;
(*pdb_method)->delete_sam_account = unixsam_delete_sam_account;
(*pdb_method)->getgrsid = unixsam_getgrsid;
(*pdb_method)->getgrgid = unixsam_getgrgid;
(*pdb_method)->getgrnam = unixsam_getgrnam;
(*pdb_method)->add_group_mapping_entry = unixsam_add_group_mapping_entry;
(*pdb_method)->update_group_mapping_entry = unixsam_update_group_mapping_entry;
(*pdb_method)->delete_group_mapping_entry = unixsam_delete_group_mapping_entry;
(*pdb_method)->enum_group_mapping = unixsam_enum_group_mapping;
/* There's not very much to initialise here */
return NT_STATUS_OK;

View File

@ -856,7 +856,7 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU
return NT_STATUS_ACCESS_DENIED;
/* get the list of mapped groups (domain, local, builtin) */
if(!enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
if(!pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return NT_STATUS_OK;
if (q_u->enum_context >= num_entries)
@ -971,7 +971,7 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, LSA_Q_ENUMPRIVSACCOUNT *q_u, LS
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set.count));
@ -1012,7 +1012,7 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITHOUT_PRIV))
if (!pdb_getgrsid(&map, info->sid, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
/*
@ -1043,12 +1043,12 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
map.systemaccount=q_u->access;
if(!add_mapping_entry(&map, TDB_REPLACE))
if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
@ -1075,7 +1075,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
set=&q_u->set;
@ -1092,7 +1092,7 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
add_privilege(&map.priv_set, *luid_attr);
}
if(!add_mapping_entry(&map, TDB_REPLACE))
if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);
@ -1119,7 +1119,7 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info))
return NT_STATUS_INVALID_HANDLE;
if (!get_group_map_from_sid(info->sid, &map, MAPPING_WITH_PRIV))
if (!pdb_getgrsid(&map, info->sid, MAPPING_WITH_PRIV))
return NT_STATUS_NO_SUCH_GROUP;
if (q_u->allrights!=0) {
@ -1149,7 +1149,7 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
remove_privilege(&map.priv_set, *luid_attr);
}
if(!add_mapping_entry(&map, TDB_REPLACE))
if(!pdb_update_group_mapping_entry(&map))
return NT_STATUS_NO_SUCH_GROUP;
free_privilege(&map.priv_set);

View File

@ -302,7 +302,7 @@ static NTSTATUS load_group_domain_entries(struct samr_info *info, DOM_SID *sid)
return NT_STATUS_OK;
}
if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) {
return NT_STATUS_NO_MEMORY;
}
@ -894,7 +894,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
/* well-known aliases */
if (sid_equal(sid, &global_sid_Builtin) && !lp_hide_local_users()) {
enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
pdb_enum_group_mapping(SID_NAME_WKN_GRP, &map, (int *)&num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
if (num_entries != 0) {
*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
@ -931,7 +931,7 @@ static NTSTATUS get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM
for (; (num_entries < max_entries) && (grp != NULL); grp = grp->next) {
uint32 trid;
if(!get_group_map_from_gid(grp->gr_gid, &smap, MAPPING_WITHOUT_PRIV))
if(!pdb_getgrgid(&smap, grp->gr_gid, MAPPING_WITHOUT_PRIV))
continue;
if (smap.sid_name_use!=SID_NAME_ALIAS) {
@ -1012,7 +1012,7 @@ static NTSTATUS get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DO
*p_num_entries = 0;
enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV);
num_entries=group_entries-start_idx;
@ -1337,7 +1337,7 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
!sid_check_is_in_builtin(&sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
if (!get_group_map_from_sid(sid, &map, MAPPING_WITHOUT_PRIV))
if (!pdb_getgrsid(&map, sid, MAPPING_WITHOUT_PRIV))
return NT_STATUS_NO_SUCH_ALIAS;
switch (q_u->switch_level) {
@ -3798,7 +3798,7 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
if ( (grp=getgrgid(gid)) != NULL)
return NT_STATUS_ACCESS_DENIED;
if(!group_map_remove(group_sid))
if(!pdb_delete_group_mapping_entry(group_sid))
return NT_STATUS_ACCESS_DENIED;
if (!close_policy_hnd(p, &q_u->group_pol))
@ -3861,7 +3861,7 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
return NT_STATUS_ACCESS_DENIED;
/* don't check if we removed it as it could be an un-mapped group */
group_map_remove(alias_sid);
pdb_delete_group_mapping_entry(alias_sid);
if (!close_policy_hnd(p, &q_u->alias_pol))
return NT_STATUS_OBJECT_NAME_INVALID;
@ -4091,7 +4091,7 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
return NT_STATUS_INVALID_INFO_CLASS;
}
if(!add_mapping_entry(&map, TDB_REPLACE)) {
if(!pdb_update_group_mapping_entry(&map)) {
free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}
@ -4135,7 +4135,7 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
return NT_STATUS_INVALID_INFO_CLASS;
}
if(!add_mapping_entry(&map, TDB_REPLACE)) {
if(!pdb_update_group_mapping_entry(&map)) {
free_privilege(&map.priv_set);
return NT_STATUS_NO_SUCH_GROUP;
}

View File

@ -276,7 +276,7 @@ BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SA
DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
/* first get the list of the domain groups */
if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
if (!pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return False;
DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));

View File

@ -1778,7 +1778,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c
return False;
/* get list of domain groups SID_DOMAIN_GRP=2 */
if(!enum_group_mapping(SID_NAME_DOM_GRP , &group_list, &num_entries, False, False)) {
if(!pdb_enum_group_mapping(SID_NAME_DOM_GRP , &group_list, &num_entries, False, False)) {
DEBUG(3,("api_RNetGroupEnum:failed to get group list"));
return False;
}

View File

@ -324,8 +324,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
pdb_update_sam_account(sam_account);
}
if (!get_group_map_from_sid(*pdb_get_group_sid(sam_account),
&map, False)) {
if (!pdb_getgrsid(&map, *pdb_get_group_sid(sam_account), False)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
pdb_free_sam(&sam_account);
@ -353,7 +352,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
DOM_SID group_sid;
fstring sid_string;
GROUP_MAP map;
int flag = TDB_INSERT;
BOOL insert = True;
unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1);
@ -363,9 +362,9 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
sid_append_rid(&group_sid, rid);
sid_to_string(sid_string, &group_sid);
if (get_group_map_from_sid(group_sid, &map, False)) {
if (pdb_getgrsid(&map, group_sid, False)) {
grp = getgrgid(map.gid);
flag = 0; /* Don't TDB_INSERT, mapping exists */
insert = False;
}
if (grp == NULL)
@ -392,7 +391,10 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
map.priv_set.count = 0;
map.priv_set.set = NULL;
add_mapping_entry(&map, flag);
if (insert)
pdb_add_group_mapping_entry(&map);
else
pdb_update_group_mapping_entry(&map);
return NT_STATUS_OK;
}
@ -530,7 +532,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
DOM_SID alias_sid;
fstring sid_string;
GROUP_MAP map;
int insert_flag = TDB_INSERT;
BOOL insert = True;
unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1);
unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1);
@ -540,9 +542,9 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
sid_append_rid(&alias_sid, rid);
sid_to_string(sid_string, &alias_sid);
if (get_group_map_from_sid(alias_sid, &map, False)) {
if (pdb_getgrsid(&map, alias_sid, False)) {
grp = getgrgid(map.gid);
insert_flag = 0; /* Don't TDB_INSERT, mapping exists */
insert = False;
}
if (grp == NULL) {
@ -573,7 +575,10 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
map.priv_set.count = 0;
map.priv_set.set = NULL;
add_mapping_entry(&map, insert_flag);
if (insert)
pdb_add_group_mapping_entry(&map);
else
pdb_update_group_mapping_entry(&map);
return NT_STATUS_OK;
}

View File

@ -69,7 +69,7 @@ static BOOL get_sid_from_input(DOM_SID *sid, char *input)
if (StrnCaseCmp( input, "S-", 2)) {
/* Perhaps its the NT group name? */
if (!get_group_map_from_ntname(input, &map, MAPPING_WITHOUT_PRIV)) {
if (!pdb_getgrnam(&map, input, MAPPING_WITHOUT_PRIV)) {
printf("NT Group %s doesn't exist in mapping DB\n", input);
return False;
} else {
@ -133,7 +133,7 @@ static int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type
}
/* Get the current mapping from the database */
if(!get_group_map_from_sid(sid, &map, MAPPING_WITH_PRIV)) {
if(!pdb_getgrsid(&map, sid, MAPPING_WITH_PRIV)) {
printf("This SID does not exist in the database\n");
return -1;
}
@ -177,7 +177,7 @@ static int changegroup(char *sid_string, char *group, enum SID_NAME_USE sid_type
if (privilege!=NULL)
convert_priv_from_text(&map.priv_set, privilege);
if (!add_mapping_entry(&map, TDB_REPLACE)) {
if (!pdb_add_group_mapping_entry(&map)) {
printf("Count not update group database\n");
free_privilege(&map.priv_set);
return -1;
@ -198,7 +198,7 @@ static int deletegroup(char *group)
return -1;
}
if(!group_map_remove(sid)) {
if(!pdb_delete_group_mapping_entry(sid)) {
printf("removing group %s from the mapping db failed!\n", group);
return -1;
}
@ -220,7 +220,7 @@ static int listgroup(enum SID_NAME_USE sid_type, BOOL long_list)
if (!long_list)
printf("NT group (SID) -> Unix group\n");
if (!enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
if (!pdb_enum_group_mapping(sid_type, &map, &entries, ENUM_ALL_MAPPED, MAPPING_WITH_PRIV))
return -1;
for (i=0; i<entries; i++) {