*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
+#include "system/passwd.h"
+#include "passdb.h"
#include "groupdb/mapping.h"
+#include "../libcli/security/security.h"
+#include "lib/winbind_util.h"
+#include <tdb.h>
static const struct mapping_backend *backend;
/*
initialise a group mapping backend
*/
-static BOOL init_group_mapping(void)
+static bool init_group_mapping(void)
{
- const char *backend_string;
-
if (backend != NULL) {
/* already initialised */
return True;
}
-
- /* default to using the ldb backend. This parameter should
- disappear in future versions of Samba3, but for now it
- provides a safety net in case any major problems are
- discovered with ldb after the release */
- backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb");
-
- if (strcmp(backend_string, "ldb") == 0) {
- backend = groupdb_ldb_init();
- } else if (strcmp(backend_string, "tdb") == 0) {
- backend = groupdb_tdb_init();
- } else {
- DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string));
- smb_panic("Unknown groupdb backend\n");
- }
+
+ backend = groupdb_tdb_init();
+
return backend != NULL;
}
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
map.gid=gid;
if (!string_to_sid(&map.sid, sid)) {
DEBUG(0, ("string_to_sid failed: %s", sid));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
map.sid_name_use=sid_name_use;
fstrcpy(map.nt_name, nt_name);
fstrcpy(map.comment, comment);
return pdb_add_group_mapping_entry(&map);
}
-static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members,
- DOM_SID **sids, size_t *num)
+static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members,
+ struct dom_sid **sids, size_t *num)
{
size_t i;
}
struct aliasmem_closure {
- const DOM_SID *alias;
- DOM_SID **sids;
+ const struct dom_sid *alias;
+ struct dom_sid **sids;
size_t *num;
};
/* get a domain group from it's SID */
-BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
+bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map)
{
struct group *grp;
- BOOL ret;
-
+ bool ret;
+
if(!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
return(False);
DEBUG(10, ("get_domain_group_from_sid\n"));
/* if the group is NOT in the database, it CAN NOT be a domain group */
-
+
become_root();
ret = pdb_getgrsid(map, sid);
unbecome_root();
-
+
/* special case check for rid 513 */
-
+
if ( !ret ) {
uint32 rid;
-
+
sid_peek_rid( &sid, &rid );
-
- if ( rid == DOMAIN_GROUP_RID_USERS ) {
+
+ if ( rid == DOMAIN_RID_USERS ) {
fstrcpy( map->nt_name, "None" );
fstrcpy( map->comment, "Ordinary Users" );
sid_copy( &map->sid, &sid );
map->sid_name_use = SID_NAME_DOM_GRP;
-
+ map->gid = (gid_t)-1;
return True;
}
-
return False;
}
- DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
+ DEBUG(10, ("get_domain_group_from_sid: SID found in passdb\n"));
/* if it's not a domain group, continue */
if (map->sid_name_use!=SID_NAME_DOM_GRP) {
}
DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
-
+
if (map->gid==-1) {
return False;
}
DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
-
+
grp = getgrgid(map->gid);
if ( !grp ) {
DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
int smb_create_group(const char *unix_group, gid_t *new_gid)
{
- pstring add_script;
+ char *add_script = NULL;
int ret = -1;
int fd = 0;
-
+
*new_gid = 0;
/* defer to scripts */
-
+
if ( *lp_addgroup_script() ) {
- pstrcpy(add_script, lp_addgroup_script());
- pstring_sub(add_script, "%g", unix_group);
+ TALLOC_CTX *ctx = talloc_tos();
+
+ add_script = talloc_strdup(ctx,
+ lp_addgroup_script());
+ if (!add_script) {
+ return -1;
+ }
+ add_script = talloc_string_sub(ctx,
+ add_script, "%g", unix_group);
+ if (!add_script) {
+ return -1;
+ }
+
ret = smbrun(add_script, &fd);
DEBUG(ret ? 0 : 3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret));
if (ret == 0) {
if (read(fd, output, sizeof(output)) > 0) {
*new_gid = (gid_t)strtoul(output, NULL, 10);
}
-
+
close(fd);
}
if (grp != NULL)
*new_gid = grp->gr_gid;
}
-
- return ret;
+
+ return ret;
}
/****************************************************************************
int smb_delete_group(const char *unix_group)
{
- pstring del_script;
- int ret;
+ char *del_script = NULL;
+ int ret = -1;
/* defer to scripts */
-
+
if ( *lp_delgroup_script() ) {
- pstrcpy(del_script, lp_delgroup_script());
- pstring_sub(del_script, "%g", unix_group);
+ TALLOC_CTX *ctx = talloc_tos();
+
+ del_script = talloc_strdup(ctx,
+ lp_delgroup_script());
+ if (!del_script) {
+ return -1;
+ }
+ del_script = talloc_string_sub(ctx,
+ del_script, "%g", unix_group);
+ if (!del_script) {
+ return -1;
+ }
ret = smbrun(del_script,NULL);
DEBUG(ret ? 0 : 3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret));
if (ret == 0) {
}
return ret;
}
-
+
return -1;
}
/****************************************************************************
Set a user's primary UNIX group.
****************************************************************************/
+
int smb_set_primary_group(const char *unix_group, const char* unix_user)
{
- pstring add_script;
- int ret;
+ char *add_script = NULL;
+ int ret = -1;
/* defer to scripts */
-
+
if ( *lp_setprimarygroup_script() ) {
- pstrcpy(add_script, lp_setprimarygroup_script());
- all_string_sub(add_script, "%g", unix_group, sizeof(add_script));
- all_string_sub(add_script, "%u", unix_user, sizeof(add_script));
+ TALLOC_CTX *ctx = talloc_tos();
+
+ add_script = talloc_strdup(ctx,
+ lp_setprimarygroup_script());
+ if (!add_script) {
+ return -1;
+ }
+ add_script = talloc_all_string_sub(ctx,
+ add_script, "%g", unix_group);
+ if (!add_script) {
+ return -1;
+ }
+ add_script = talloc_string_sub(ctx,
+ add_script, "%u", unix_user);
+ if (!add_script) {
+ return -1;
+ }
ret = smbrun(add_script,NULL);
flush_pwnam_cache();
DEBUG(ret ? 0 : 3,("smb_set_primary_group: "
int smb_add_user_group(const char *unix_group, const char *unix_user)
{
- pstring add_script;
- int ret;
+ char *add_script = NULL;
+ int ret = -1;
/* defer to scripts */
-
+
if ( *lp_addusertogroup_script() ) {
- pstrcpy(add_script, lp_addusertogroup_script());
- pstring_sub(add_script, "%g", unix_group);
- pstring_sub(add_script, "%u", unix_user);
+ TALLOC_CTX *ctx = talloc_tos();
+
+ add_script = talloc_strdup(ctx,
+ lp_addusertogroup_script());
+ if (!add_script) {
+ return -1;
+ }
+ add_script = talloc_string_sub(ctx,
+ add_script, "%g", unix_group);
+ if (!add_script) {
+ return -1;
+ }
+ add_script = talloc_string_sub2(ctx,
+ add_script, "%u", unix_user, true, false, true);
+ if (!add_script) {
+ return -1;
+ }
ret = smbrun(add_script,NULL);
DEBUG(ret ? 0 : 3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret));
if (ret == 0) {
}
return ret;
}
-
+
return -1;
}
int smb_delete_user_group(const char *unix_group, const char *unix_user)
{
- pstring del_script;
- int ret;
+ char *del_script = NULL;
+ int ret = -1;
/* defer to scripts */
-
+
if ( *lp_deluserfromgroup_script() ) {
- pstrcpy(del_script, lp_deluserfromgroup_script());
- pstring_sub(del_script, "%g", unix_group);
- pstring_sub(del_script, "%u", unix_user);
+ TALLOC_CTX *ctx = talloc_tos();
+
+ del_script = talloc_strdup(ctx,
+ lp_deluserfromgroup_script());
+ if (!del_script) {
+ return -1;
+ }
+ del_script = talloc_string_sub(ctx,
+ del_script, "%g", unix_group);
+ if (!del_script) {
+ return -1;
+ }
+ del_script = talloc_string_sub2(ctx,
+ del_script, "%u", unix_user, true, false, true);
+ if (!del_script) {
+ return -1;
+ }
ret = smbrun(del_script,NULL);
DEBUG(ret ? 0 : 3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret));
if (ret == 0) {
}
return ret;
}
-
+
return -1;
}
NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid)
+ struct dom_sid sid)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
+ struct dom_sid sid)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
- const DOM_SID *sid, enum lsa_SidType sid_name_use,
+ const struct dom_sid *sid, enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap, size_t *p_num_entries,
- BOOL unix_only)
+ bool unix_only)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
const char *name, uint32 *rid)
{
- DOM_SID sid;
+ struct dom_sid sid;
enum lsa_SidType type;
uint32 new_rid;
gid_t gid;
- BOOL exists;
+ bool exists;
GROUP_MAP map;
TALLOC_CTX *mem_ctx;
NTSTATUS status;
return NT_STATUS_NO_MEMORY;
}
- exists = lookup_name(mem_ctx, name, LOOKUP_NAME_ISOLATED,
+ exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
NULL, NULL, &sid, &type);
TALLOC_FREE(mem_ctx);
return NT_STATUS_ALIAS_EXISTS;
}
- if (!winbind_allocate_gid(&gid)) {
- DEBUG(3, ("Could not get a gid out of winbind\n"));
+ if (!pdb_new_rid(&new_rid)) {
+ DEBUG(0, ("Could not allocate a RID.\n"));
return NT_STATUS_ACCESS_DENIED;
}
- if (!pdb_new_rid(&new_rid)) {
- DEBUG(0, ("Could not allocate a RID -- wasted a gid :-(\n"));
+ sid_compose(&sid, get_global_sam_sid(), new_rid);
+
+ if (!winbind_allocate_gid(&gid)) {
+ DEBUG(3, ("Could not get a gid out of winbind - "
+ "wasted a rid :-(\n"));
return NT_STATUS_ACCESS_DENIED;
}
- DEBUG(10, ("Creating alias %s with gid %d and rid %d\n",
- name, gid, new_rid));
-
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, new_rid);
+ DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
+ name, (unsigned int)gid, (unsigned int)new_rid));
map.gid = gid;
sid_copy(&map.sid, &sid);
}
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
return pdb_delete_group_mapping_entry(*sid);
}
NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
struct acct_info *info)
{
GROUP_MAP map;
if ((map.sid_name_use != SID_NAME_ALIAS) &&
(map.sid_name_use != SID_NAME_WKN_GRP)) {
DEBUG(2, ("%s is a %s, expected an alias\n",
- sid_string_static(sid),
+ sid_string_dbg(sid),
sid_type_lookup(map.sid_name_use)));
return NT_STATUS_NO_SUCH_ALIAS;
}
}
NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
struct acct_info *info)
{
GROUP_MAP map;
}
NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
+ const struct dom_sid *alias, const struct dom_sid *member)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
+ const struct dom_sid *alias, const struct dom_sid *member)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, DOM_SID **pp_members,
- size_t *p_num_members)
+ const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
+ struct dom_sid **pp_members, size_t *p_num_members)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- return backend->enum_aliasmem(alias, pp_members, p_num_members);
+ return backend->enum_aliasmem(alias, mem_ctx, pp_members,
+ p_num_members);
}
NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
- const DOM_SID *members,
+ const struct dom_sid *domain_sid,
+ const struct dom_sid *members,
size_t num_members,
uint32 **pp_alias_rids,
size_t *p_num_alias_rids)
{
- DOM_SID *alias_sids;
+ struct dom_sid *alias_sids;
size_t i, num_alias_sids;
NTSTATUS result;
return NT_STATUS_OK;
}
- *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
+ *pp_alias_rids = talloc_array(mem_ctx, uint32, num_alias_sids);
if (*pp_alias_rids == NULL)
return NT_STATUS_NO_MEMORY;
*********************************************************************/
NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid)
+ struct dom_sid sid)
{
return NT_STATUS_UNSUCCESSFUL;
}
}
NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
+ struct dom_sid sid)
{
return NT_STATUS_UNSUCCESSFUL;
}
NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods,
enum lsa_SidType sid_name_use,
GROUP_MAP **rmap, size_t *num_entries,
- BOOL unix_only)
+ bool unix_only)
{
return NT_STATUS_UNSUCCESSFUL;
}
/****************************************************************************
These need to be redirected through pdb_interface.c
****************************************************************************/
-BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info)
+bool pdb_get_dom_grp_info(const struct dom_sid *sid, struct acct_info *info)
{
GROUP_MAP map;
- BOOL res;
+ bool res;
become_root();
res = get_domain_group_from_sid(*sid, &map);
return True;
}
-BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info)
+bool pdb_set_dom_grp_info(const struct dom_sid *sid, const struct acct_info *info)
{
GROUP_MAP map;
NTSTATUS pdb_create_builtin_alias(uint32 rid)
{
- DOM_SID sid;
+ struct dom_sid sid;
enum lsa_SidType type;
gid_t gid;
GROUP_MAP map;
fstring groupname;
DEBUG(10, ("Trying to create builtin alias %d\n", rid));
-
+
if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) {
return NT_STATUS_NO_SUCH_ALIAS;
}
-
+
if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
return NT_STATUS_NO_MEMORY;
}
-
+
if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) {
TALLOC_FREE( mem_ctx );
return NT_STATUS_NO_SUCH_ALIAS;
}
-
+
/* validate RID so copy the name and move on */
-
+
fstrcpy( groupname, name );
TALLOC_FREE( mem_ctx );
return NT_STATUS_ACCESS_DENIED;
}
- DEBUG(10,("Creating alias %s with gid %d\n", name, gid));
+ DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid));
map.gid = gid;
sid_copy(&map.sid, &sid);
map.sid_name_use = SID_NAME_ALIAS;
- fstrcpy(map.nt_name, name);
- fstrcpy(map.comment, "");
+ strlcpy(map.nt_name, groupname, sizeof(map.nt_name));
+ strlcpy(map.comment, "", sizeof(map.comment));
status = pdb_add_group_mapping_entry(&map);