* Unix SMB/CIFS implementation.
* RPC Pipe client / server routines
* Copyright (C) Andrew Tridgell 1992-2000,
- * Copyright (C) Jean François Micouleau 1998-2001.
+ * Copyright (C) Jean François Micouleau 1998-2001.
* Copyright (C) Gerald Carter 2003,
* Copyright (C) Volker Lendecke 2004
*
#include "utils/net.h"
#include "../libcli/security/security.h"
#include "passdb.h"
+#include "lib/util/string_wrappers.h"
/*********************************************************
Figure out if the input was an NT group or a SID string.
**********************************************************/
static bool get_sid_from_input(struct dom_sid *sid, char *input)
{
- GROUP_MAP map;
+ GROUP_MAP *map;
+
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return false;
+ }
if (strncasecmp_m( input, "S-", 2)) {
/* Perhaps its the NT group name? */
- if (!pdb_getgrnam(&map, input)) {
+ if (!pdb_getgrnam(map, input)) {
printf(_("NT Group %s doesn't exist in mapping DB\n"),
input);
+ TALLOC_FREE(map);
return false;
} else {
- *sid = map.sid;
+ *sid = map->sid;
}
} else {
if (!string_to_sid(sid, input)) {
printf(_("converting sid %s from a string failed!\n"),
input);
+ TALLOC_FREE(map);
return false;
}
}
+ TALLOC_FREE(map);
return true;
}
static void print_map_entry (const GROUP_MAP *map, bool long_list)
{
+ struct dom_sid_buf buf;
+
if (!long_list)
d_printf("%s (%s) -> %s\n", map->nt_name,
- sid_string_tos(&map->sid), gidtoname(map->gid));
+ dom_sid_str_buf(&map->sid, &buf),
+ gidtoname(map->gid));
else {
d_printf("%s\n", map->nt_name);
- d_printf(_("\tSID : %s\n"), sid_string_tos(&map->sid));
+ d_printf(_("\tSID : %s\n"),
+ dom_sid_str_buf(&map->sid, &buf));
d_printf(_("\tUnix gid : %u\n"), (unsigned int)map->gid);
d_printf(_("\tUnix group: %s\n"), gidtoname(map->gid));
d_printf(_("\tGroup type: %s\n"),
/* list a single group is given a name */
if ( ntgroup[0] || sid_string[0] ) {
struct dom_sid sid;
- GROUP_MAP map;
+ GROUP_MAP *map;
if ( sid_string[0] )
strlcpy(ntgroup, sid_string, sizeof(ntgroup));
return -1;
}
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
+ }
+
/* Get the current mapping from the database */
- if(!pdb_getgrsid(&map, sid)) {
+ if(!pdb_getgrsid(map, sid)) {
d_fprintf(stderr,
_("Failure to local group SID in the "
"database\n"));
+ TALLOC_FREE(map);
return -1;
}
- print_map_entry(&map, long_list );
+ print_map_entry(map, long_list );
+ TALLOC_FREE(map);
}
else {
- GROUP_MAP *map=NULL;
+ GROUP_MAP **maps = NULL;
+ bool ok = false;
/* enumerate all group mappings */
- if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))
+ ok = pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN,
+ &maps, &entries,
+ ENUM_ALL_MAPPED);
+ if (!ok) {
return -1;
+ }
for (i=0; i<entries; i++) {
- print_map_entry(&map[i], long_list);
+ print_map_entry(maps[i], long_list);
}
- SAFE_FREE(map);
+ TALLOC_FREE(maps);
}
return 0;
fstring type = "";
fstring ntcomment = "";
enum lsa_SidType sid_type = SID_NAME_DOM_GRP;
- uint32 rid = 0;
+ uint32_t rid = 0;
gid_t gid;
int i;
- GROUP_MAP map;
+ GROUP_MAP *map;
const char *name_type;
const char add_usage_str[] = N_("net groupmap add "
"[ntgroup=<string>] "
"[comment=<string>]");
- ZERO_STRUCT(map);
-
- /* Default is domain group. */
- map.sid_name_use = SID_NAME_DOM_GRP;
name_type = "domain group";
if (c->display_usage) {
if ( rid < DOMAIN_RID_ADMINS ) {
d_fprintf(stderr,
_("RID must be greater than %d\n"),
- (uint32)DOMAIN_RID_ADMINS-1);
+ (uint32_t)DOMAIN_RID_ADMINS-1);
return -1;
}
}
return -1;
}
- {
- if (pdb_getgrgid(&map, gid)) {
- d_printf(_("Unix group %s already mapped to SID %s\n"),
- unixgrp, sid_string_tos(&map.sid));
- return -1;
- }
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
}
+ /* Default is domain group. */
+ map->sid_name_use = SID_NAME_DOM_GRP;
+ if (pdb_getgrgid(map, gid)) {
+ struct dom_sid_buf buf;
+ d_printf(_("Unix group %s already mapped to SID %s\n"),
+ unixgrp, dom_sid_str_buf(&map->sid, &buf));
+ TALLOC_FREE(map);
+ return -1;
+ }
+ TALLOC_FREE(map);
if ( (rid == 0) && (string_sid[0] == '\0') ) {
d_printf(_("No rid or sid specified, choosing a RID\n"));
static int net_groupmap_modify(struct net_context *c, int argc, const char **argv)
{
struct dom_sid sid;
- GROUP_MAP map;
+ GROUP_MAP *map = NULL;
fstring ntcomment = "";
fstring type = "";
fstring ntgroup = "";
}
}
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
+ }
+
/* Get the current mapping from the database */
- if(!pdb_getgrsid(&map, sid)) {
+ if(!pdb_getgrsid(map, sid)) {
d_fprintf(stderr,
_("Failed to find local group SID in the database\n"));
+ TALLOC_FREE(map);
return -1;
}
*/
if (sid_type == SID_NAME_UNKNOWN) {
d_fprintf(stderr, _("Can't map to an unknown group type.\n"));
+ TALLOC_FREE(map);
return -1;
}
- if (map.sid_name_use == SID_NAME_WKN_GRP) {
+ if (map->sid_name_use == SID_NAME_WKN_GRP) {
d_fprintf(stderr,
_("You can only change between domain and local "
"groups.\n"));
+ TALLOC_FREE(map);
return -1;
}
- map.sid_name_use=sid_type;
+ map->sid_name_use = sid_type;
/* Change comment if new one */
- if ( ntcomment[0] )
- strlcpy(map.comment, ntcomment, sizeof(map.comment));
+ if (ntcomment[0]) {
+ map->comment = talloc_strdup(map, ntcomment);
+ if (!map->comment) {
+ d_fprintf(stderr, _("Out of memory!\n"));
+ return -1;
+ }
+ }
- if ( ntgroup[0] )
- strlcpy(map.nt_name, ntgroup, sizeof(map.nt_name));
+ if (ntgroup[0]) {
+ map->nt_name = talloc_strdup(map, ntgroup);
+ if (!map->nt_name) {
+ d_fprintf(stderr, _("Out of memory!\n"));
+ return -1;
+ }
+ }
if ( unixgrp[0] ) {
gid = nametogid( unixgrp );
d_fprintf(stderr, _("Unable to lookup UNIX group %s. "
"Make sure the group exists.\n"),
unixgrp);
+ TALLOC_FREE(map);
return -1;
}
- map.gid = gid;
+ map->gid = gid;
}
- if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
+ if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
d_fprintf(stderr, _("Could not update group database\n"));
+ TALLOC_FREE(map);
return -1;
}
- d_printf(_("Updated mapping entry for %s\n"), map.nt_name);
+ d_printf(_("Updated mapping entry for %s\n"), map->nt_name);
+ TALLOC_FREE(map);
return 0;
}
return -1;
}
- d_printf(_("Sucessfully removed %s from the mapping db\n"), ntgroup);
+ d_printf(_("Successfully removed %s from the mapping db\n"), ntgroup);
return 0;
}
{
const char *ntgroup = NULL;
struct group *grp = NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool have_map = false;
if ((argc < 1) || (argc > 2) || c->display_usage) {
}
}
- have_map = pdb_getgrnam(&map, ntgroup);
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ d_printf(_("Out of memory!\n"));
+ return -1;
+ }
+
+ have_map = pdb_getgrnam(map, ntgroup);
if (!have_map) {
struct dom_sid sid;
have_map = ( (strncmp(ntgroup, "S-", 2) == 0) &&
string_to_sid(&sid, ntgroup) &&
- pdb_getgrsid(&map, sid) );
+ pdb_getgrsid(map, sid) );
}
if (!have_map) {
d_fprintf(stderr,
_("Could not find group mapping for %s\n"),
ntgroup);
+ TALLOC_FREE(map);
return -1;
}
- map.gid = grp->gr_gid;
+ map->gid = grp->gr_gid;
if (c->opt_rid == 0) {
if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) {
- if ( !pdb_new_rid((uint32*)&c->opt_rid) ) {
+ if ( !pdb_new_rid((uint32_t *)&c->opt_rid) ) {
d_fprintf( stderr,
_("Could not allocate new RID\n"));
+ TALLOC_FREE(map);
return -1;
}
} else {
- c->opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid);
+ c->opt_rid = algorithmic_pdb_gid_to_group_rid(map->gid);
}
}
- sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid);
+ sid_compose(&map->sid, get_global_sam_sid(), c->opt_rid);
- map.sid_name_use = SID_NAME_DOM_GRP;
- fstrcpy(map.nt_name, ntgroup);
- fstrcpy(map.comment, "");
+ map->sid_name_use = SID_NAME_DOM_GRP;
+ map->nt_name = talloc_strdup(map, ntgroup);
+ map->comment = talloc_strdup(map, "");
+ if (!map->nt_name || !map->comment) {
+ d_printf(_("Out of memory!\n"));
+ TALLOC_FREE(map);
+ return -1;
+ }
- if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
+ if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(map))) {
d_fprintf(stderr,
_("Could not add mapping entry for %s\n"),
ntgroup);
+ TALLOC_FREE(map);
return -1;
}
}
/* Now we have a mapping entry, update that stuff */
if ( c->opt_localgroup || c->opt_domaingroup ) {
- if (map.sid_name_use == SID_NAME_WKN_GRP) {
+ if (map->sid_name_use == SID_NAME_WKN_GRP) {
d_fprintf(stderr,
_("Can't change type of the BUILTIN "
"group %s\n"),
- map.nt_name);
+ map->nt_name);
+ TALLOC_FREE(map);
return -1;
}
}
if (c->opt_localgroup)
- map.sid_name_use = SID_NAME_ALIAS;
+ map->sid_name_use = SID_NAME_ALIAS;
if (c->opt_domaingroup)
- map.sid_name_use = SID_NAME_DOM_GRP;
+ map->sid_name_use = SID_NAME_DOM_GRP;
/* The case (opt_domaingroup && opt_localgroup) was tested for above */
if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) {
- fstrcpy(map.comment, c->opt_comment);
+ map->comment = talloc_strdup(map, c->opt_comment);
+ if (!map->comment) {
+ d_printf(_("Out of memory!\n"));
+ TALLOC_FREE(map);
+ return -1;
+ }
}
if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) {
- fstrcpy(map.nt_name, c->opt_newntname);
+ map->nt_name = talloc_strdup(map, c->opt_newntname);
+ if (!map->nt_name) {
+ d_printf(_("Out of memory!\n"));
+ TALLOC_FREE(map);
+ return -1;
+ }
}
if (grp != NULL)
- map.gid = grp->gr_gid;
+ map->gid = grp->gr_gid;
- if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map))) {
+ if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
d_fprintf(stderr, _("Could not update group mapping for %s\n"),
ntgroup);
+ TALLOC_FREE(map);
return -1;
}
+ TALLOC_FREE(map);
return 0;
}
static int net_groupmap_cleanup(struct net_context *c, int argc, const char **argv)
{
- GROUP_MAP *map = NULL;
+ GROUP_MAP **maps = NULL;
size_t i, entries;
if (c->display_usage) {
return 0;
}
- if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries,
+ if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &maps, &entries,
ENUM_ALL_MAPPED)) {
d_fprintf(stderr, _("Could not list group mappings\n"));
return -1;
for (i=0; i<entries; i++) {
- if (map[i].gid == -1)
- printf(_("Group %s is not mapped\n"), map[i].nt_name);
+ if (maps[i]->gid == -1)
+ printf(_("Group %s is not mapped\n"),
+ maps[i]->nt_name);
- if (!sid_check_is_in_our_domain(&map[i].sid)) {
+ if (!sid_check_is_in_our_sam(&maps[i]->sid) &&
+ !sid_check_is_in_builtin(&maps[i]->sid))
+ {
+ struct dom_sid_buf buf;
printf(_("Deleting mapping for NT Group %s, sid %s\n"),
- map[i].nt_name,
- sid_string_tos(&map[i].sid));
- pdb_delete_group_mapping_entry(map[i].sid);
+ maps[i]->nt_name,
+ dom_sid_str_buf(&maps[i]->sid, &buf));
+ pdb_delete_group_mapping_entry(maps[i]->sid);
}
}
- SAFE_FREE(map);
-
+ TALLOC_FREE(maps);
return 0;
}
}
for (i = 0; i < num; i++) {
- printf("%s\n", sid_string_tos(&(members[i])));
+ struct dom_sid_buf buf;
+ printf("%s\n", dom_sid_str_buf(&(members[i]), &buf));
}
TALLOC_FREE(members);
const struct dom_sid *domain_sid,
const struct dom_sid *member)
{
- uint32 *alias_rids;
+ uint32_t *alias_rids;
size_t i, num_alias_rids;
+ struct dom_sid_buf buf;
alias_rids = NULL;
num_alias_rids = 0;
mem_ctx, domain_sid, member, 1,
&alias_rids, &num_alias_rids))) {
d_fprintf(stderr, _("Could not list memberships for sid %s\n"),
- sid_string_tos(member));
+ dom_sid_str_buf(member, &buf));
return false;
}
for (i = 0; i < num_alias_rids; i++) {
struct dom_sid alias;
sid_compose(&alias, domain_sid, alias_rids[i]);
- printf("%s\n", sid_string_tos(&alias));
+ printf("%s\n", dom_sid_str_buf(&alias, &buf));
}
return true;
!string_to_sid(&member, argv[0]) ) {
d_printf("%s\n%s",
_("Usage:"),
- _("net groupmap memberof sid\n"));
+ _("net groupmap memberships sid\n"));
return -1;
}