mirror of
https://github.com/samba-team/samba.git
synced 2025-01-07 17:18:11 +03:00
1a9394195d
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code,
the winbind_idmap abstraction (not idmap proper, but the stuff that held up
the winbind LDAP backend in HEAD).
Andrew Bartlett
(This used to be commit d4d5e6c2ee
)
173 lines
5.1 KiB
C
173 lines
5.1 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
Universal groups helpers
|
|
Copyright (C) Alexander Bokovoy 2002.
|
|
Copyright (C) Andrew Bartlett 2002.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
This work was sponsored by Optifacio Software Services, Inc.
|
|
*/
|
|
|
|
#include "includes.h"
|
|
#define UNIGROUP_PREFIX "UNIGROUP"
|
|
|
|
/*
|
|
Handle for netlogon_unigrp.tdb database. It is used internally
|
|
in cli_store_uni_groups_*() and cli_fetch_uni_groups()
|
|
and is initialized on first call to cli_store_uni_groups_*()
|
|
*/
|
|
static TDB_CONTEXT *netlogon_unigrp_tdb = NULL;
|
|
|
|
/*
|
|
Store universal groups info into netlogon_unigrp.tdb for
|
|
later usage. We use 'domain_SID/user_rid' as key and
|
|
array of uint32 where array[0] is number of elements
|
|
and elements are array[1] ... array[array[0]]
|
|
*/
|
|
|
|
BOOL uni_group_cache_init(void)
|
|
{
|
|
if (!netlogon_unigrp_tdb) {
|
|
netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
|
|
TDB_DEFAULT, O_RDWR | O_CREAT, 0644);
|
|
}
|
|
|
|
return (netlogon_unigrp_tdb != NULL);
|
|
}
|
|
|
|
BOOL uni_group_cache_store_netlogon(TALLOC_CTX *mem_ctx, NET_USER_INFO_3 *user)
|
|
{
|
|
TDB_DATA key,data;
|
|
fstring keystr, sid_string;
|
|
DOM_SID user_sid;
|
|
unsigned int i;
|
|
|
|
if (!uni_group_cache_init()) {
|
|
DEBUG(0,("uni_group_cache_store_netlogon: cannot open netlogon_unigrp.tdb for write!\n"));
|
|
return False;
|
|
}
|
|
|
|
sid_copy(&user_sid, &user->dom_sid.sid);
|
|
sid_append_rid(&user_sid, user->user_rid);
|
|
|
|
/* Prepare key as USER-SID string */
|
|
slprintf(keystr, sizeof(keystr), "%s/%s",
|
|
UNIGROUP_PREFIX,
|
|
sid_to_string(sid_string, &user_sid));
|
|
key.dptr = keystr;
|
|
key.dsize = strlen(keystr) + 1;
|
|
|
|
/* Prepare data */
|
|
data.dsize = (user->num_groups2+1)*sizeof(uint32);
|
|
data.dptr = talloc(mem_ctx, data.dsize);
|
|
if(!data.dptr) {
|
|
DEBUG(0,("uni_group_cache_store_netlogon: cannot allocate memory!\n"));
|
|
talloc_destroy(mem_ctx);
|
|
return False;
|
|
}
|
|
|
|
/* Store data in byteorder-independent format */
|
|
SIVAL(&((uint32*)data.dptr)[0],0,user->num_groups2);
|
|
for(i=1; i<=user->num_groups2; i++) {
|
|
SIVAL(&((uint32*)data.dptr)[i],0,user->gids[i-1].g_rid);
|
|
}
|
|
if (tdb_store(netlogon_unigrp_tdb, key, data, TDB_REPLACE) == -1)
|
|
return False;
|
|
return True;
|
|
}
|
|
|
|
/*
|
|
Fetch universal groups info from netlogon_unigrp.tdb for given
|
|
domain sid and user rid and allocate it using given mem_ctx.
|
|
Universal groups are returned as array of uint32 elements
|
|
and elements are array[0] ... array[num_elements-1]
|
|
|
|
*/
|
|
DOM_SID **uni_group_cache_fetch(DOM_SID *domain, DOM_SID *user_sid,
|
|
TALLOC_CTX *mem_ctx, uint32 *num_groups)
|
|
{
|
|
TDB_DATA key,data;
|
|
fstring keystr;
|
|
DOM_SID **groups;
|
|
uint32 i;
|
|
uint32 group_count;
|
|
fstring sid_string;
|
|
|
|
if (!domain) {
|
|
DEBUG(1,("uni_group_cache_fetch: expected non-null domain sid\n"));
|
|
return NULL;
|
|
}
|
|
if (!mem_ctx) {
|
|
DEBUG(1,("uni_group_cache_fetch: expected non-null memory context\n"));
|
|
return NULL;
|
|
}
|
|
if (!num_groups) {
|
|
DEBUG(1,("uni_group_cache_fetch: expected non-null num_groups\n"));
|
|
return NULL;
|
|
}
|
|
if (!netlogon_unigrp_tdb) {
|
|
netlogon_unigrp_tdb = tdb_open_log(lock_path("netlogon_unigrp.tdb"), 0,
|
|
TDB_DEFAULT, O_RDWR, 0644);
|
|
}
|
|
if (!netlogon_unigrp_tdb) {
|
|
DEBUG(5,("uni_group_cache_fetch: cannot open netlogon_unigrp.tdb for read - normal if not created yet\n"));
|
|
return NULL;
|
|
}
|
|
|
|
*num_groups = 0;
|
|
|
|
/* Fetch universal groups */
|
|
slprintf(keystr, sizeof(keystr), "%s/%s",
|
|
UNIGROUP_PREFIX,
|
|
sid_to_string(sid_string, user_sid));
|
|
key.dptr = keystr;
|
|
key.dsize = strlen(keystr) + 1;
|
|
data = tdb_fetch(netlogon_unigrp_tdb, key);
|
|
|
|
/* There is no cached universal groups in netlogon_unigrp.tdb */
|
|
/* for this user. */
|
|
if (!data.dptr)
|
|
return NULL;
|
|
|
|
/* Transfer data to receiver's memory context */
|
|
group_count = IVAL(&((uint32*)data.dptr)[0],0);
|
|
groups = talloc(mem_ctx, (group_count)*sizeof(*groups));
|
|
if (groups) {
|
|
for(i=0; i<group_count; i++) {
|
|
groups[i] = talloc(mem_ctx, sizeof(**groups));
|
|
if (!groups[i]) {
|
|
DEBUG(1,("uni_group_cache_fetch: cannot allocate uni groups in receiver's memory context\n"));
|
|
return NULL;
|
|
}
|
|
sid_copy(groups[i], domain);
|
|
sid_append_rid(groups[i], IVAL(&((uint32*)data.dptr)[i+1],0));
|
|
}
|
|
} else {
|
|
DEBUG(1,("uni_group_cache_fetch: cannot allocate uni groups in receiver's memory context\n"));
|
|
}
|
|
SAFE_FREE(data.dptr);
|
|
*num_groups = group_count;
|
|
return groups;
|
|
}
|
|
|
|
/* Shutdown netlogon_unigrp database */
|
|
BOOL uni_group_cache_shutdown(void)
|
|
{
|
|
if(netlogon_unigrp_tdb)
|
|
return (tdb_close(netlogon_unigrp_tdb) == 0);
|
|
return True;
|
|
}
|