Copyright (C) Simo Sorce 2003
Copyright (C) Volker Lendecke 2004
Copyright (C) Jeremy Allison 2008
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
if (sidtype == SID_NAME_ALIAS) {
- search = pdb_search_aliases(&domain->sid);
+ search = pdb_search_aliases(talloc_tos(), &domain->sid);
} else {
- search = pdb_search_groups();
+ search = pdb_search_groups(talloc_tos());
}
if (search == NULL) goto done;
result = NT_STATUS_OK;
done:
- pdb_search_destroy(search);
+ TALLOC_FREE(search);
return result;
}
/* convert a single name to a sid in a domain */
static NTSTATUS name_to_sid(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- enum winbindd_cmd original_cmd,
const char *domain_name,
const char *name,
+ uint32_t flags,
DOM_SID *sid,
enum lsa_SidType *type)
{
- uint32 flags = LOOKUP_NAME_ALL;
- bool res;
+ const char *fullname;
- switch ( original_cmd ) {
- case WINBINDD_LOOKUPNAME:
- /* This call is ok */
- break;
- default:
- /* Avoid any NSS calls in the lookup_name by default */
- flags |= LOOKUP_NAME_EXPLICIT;
- DEBUG(10,("winbindd_passdb: limiting name_to_sid() to explicit mappings\n"));
- break;
- }
-
- DEBUG(10, ("looking up name [%s\\%s] (domain\\name) \n",
- domain_name?domain_name:"(NULL)", name));
+ flags |= LOOKUP_NAME_ALL;
- if (strchr_m(name, '\\')) {
- res = lookup_name(mem_ctx, name, flags, NULL, NULL, sid, type);
+ if (domain_name && domain_name[0] && strchr_m(name, '\\') == NULL) {
+ fullname = talloc_asprintf(mem_ctx, "%s\\%s",
+ domain_name, name);
+ if (fullname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
} else {
- res = lookup_domain_name(mem_ctx, domain_name, name, flags,
- NULL, NULL, sid, type);
+ fullname = name;
}
- if (!res) {
+ DEBUG(10, ("Finding fullname %s\n", fullname));
+
+ if ( !lookup_name( mem_ctx, fullname, flags, NULL, NULL, sid, type ) ) {
return NT_STATUS_NONE_MAPPED;
}
- DEBUG(10, ("name_to_sid for [%s\\%s] returned %s (%s)\n",
- domain_name?domain_name:"(NULL)", name,
+ DEBUG(10, ("name_to_sid for %s returned %s (%s)\n",
+ fullname,
sid_string_dbg(sid),
sid_type_lookup((uint32)*type)));
}
if ( !pdb_getsampwsid( user, user_sid ) ) {
+ TALLOC_FREE( user );
return NT_STATUS_NO_SUCH_USER;
}
TALLOC_CTX *mem_ctx,
struct samr_DomInfo1 *policy)
{
- uint32 min_pass_len,pass_hist,password_properties;
+ struct samr_DomInfo1 *p;
time_t u_expire, u_min_age;
- NTTIME nt_expire, nt_min_age;
uint32 account_policy_temp;
- if ((policy = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) {
+ if ((p = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) {
+ if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_LEN,
+ &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
- min_pass_len = account_policy_temp;
+ p->min_password_length = account_policy_temp;
- if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) {
+ if (!pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY,
+ &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
- pass_hist = account_policy_temp;
+ p->password_history_length = account_policy_temp;
- if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) {
+ if (!pdb_get_account_policy(PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS,
+ &p->password_properties)) {
return NT_STATUS_ACCESS_DENIED;
}
- password_properties = account_policy_temp;
-
- if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) {
+
+ if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
u_expire = account_policy_temp;
- if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) {
+ if (!pdb_get_account_policy(PDB_POLICY_MIN_PASSWORD_AGE, &account_policy_temp)) {
return NT_STATUS_ACCESS_DENIED;
}
u_min_age = account_policy_temp;
- unix_to_nt_time_abs(&nt_expire, u_expire);
- unix_to_nt_time_abs(&nt_min_age, u_min_age);
+ unix_to_nt_time_abs((NTTIME *)&p->max_password_age, u_expire);
+ unix_to_nt_time_abs((NTTIME *)&p->min_password_age, u_min_age);
- init_samr_DomInfo1(policy,
- (uint16)min_pass_len,
- (uint16)pass_hist,
- password_properties,
- nt_expire,
- nt_min_age);
+ policy = p;
return NT_STATUS_OK;
}
DOM_SID **sid_mem, char ***names,
uint32 **name_types)
{
+ DEBUG(10,("passdb: lookup_groupmem (builtin) %s sid=%s\n", domain->name,
+ sid_string_dbg(group_sid)));
+
*num_names = 0;
*sid_mem = NULL;
*names = NULL;
uint32 *num_entries,
WINBIND_USERINFO **info)
{
- struct pdb_search *ps = pdb_search_users(ACB_NORMAL);
+ struct pdb_search *ps = pdb_search_users(talloc_tos(), ACB_NORMAL);
struct samr_displayentry *entries = NULL;
uint32 i;
*info = TALLOC_ZERO_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
if (!(*info)) {
- pdb_search_destroy(ps);
+ TALLOC_FREE(ps);
return NT_STATUS_NO_MEMORY;
}
DOMAIN_GROUP_RID_USERS);
}
- pdb_search_destroy(ps);
+ TALLOC_FREE(ps);
return NT_STATUS_OK;
}
struct lsa_name_info *lsa_names;
TALLOC_CTX *tmp_ctx;
+ DEBUG(10,("passdb: lookup_groupmem (sam) %s sid=%s\n", domain->name,
+ sid_string_dbg(group_sid)));
+
if (!sid_check_is_in_our_domain(group_sid)) {
/* There's no groups, only aliases in BUILTIN */
return NT_STATUS_NO_SUCH_GROUP;
sid_type_lookup(lsa_names[i].type)));
continue;
}
- if (!((*names)[i] = talloc_strdup((*names),
+ if (!((*names)[num_mapped] = talloc_strdup((*names),
lsa_names[i].name))) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- (*name_types)[i] = lsa_names[i].type;
+ (*name_types)[num_mapped] = lsa_names[i].type;
num_mapped += 1;
}