*/
#include "includes.h"
+#include "system/passwd.h"
#include "libnet/libnet_dssync.h"
-#include "libnet/libnet_samsync.h"
#include "../libcli/security/security.h"
#include "../libds/common/flags.h"
#include "../librpc/gen_ndr/ndr_drsuapi.h"
-#include "dbwrap.h"
+#include "util_tdb.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_rbt.h"
+#include "../libds/common/flag_mapping.h"
+#include "passdb.h"
+#include "lib/util/base64.h"
/****************************************************************
****************************************************************/
{
NTSTATUS status;
struct db_record *rec;
+ TDB_DATA value;
- rec = db->fetch_locked(db, talloc_tos(), obj->key);
+ rec = dbwrap_fetch_locked(db, talloc_tos(), obj->key);
if (rec == NULL) {
return NT_STATUS_NO_MEMORY;
}
- if (rec->value.dsize != 0) {
+
+ value = dbwrap_record_get_value(rec);
+ if (value.dsize != 0) {
abort();
}
- status = rec->store(rec, obj->data, TDB_INSERT);
+ status = dbwrap_record_store(rec, obj->data, TDB_INSERT);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(rec);
return status;
const struct GUID *guid)
{
struct dssync_passdb_obj *obj;
- int ret;
TDB_DATA key;
TDB_DATA data;
+ NTSTATUS status;
- key = make_tdb_data((const uint8_t *)(void *)guid,
+ key = make_tdb_data((const uint8_t *)(const void *)guid,
sizeof(*guid));
- ret = db->fetch(db, talloc_tos(), key, &data);
- if (ret != 0) {
+ status = dbwrap_fetch(db, talloc_tos(), key, &data);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
{
NTSTATUS status;
struct db_record *rec;
+ TDB_DATA value;
- rec = obj->members->fetch_locked(obj->members, talloc_tos(), mem->key);
+ rec = dbwrap_fetch_locked(obj->members, talloc_tos(), mem->key);
if (rec == NULL) {
return NT_STATUS_NO_MEMORY;
}
- if (rec->value.dsize != 0) {
+
+ value = dbwrap_record_get_value(rec);
+ if (value.dsize != 0) {
abort();
}
- status = rec->store(rec, mem->data, TDB_INSERT);
+ status = dbwrap_record_store(rec, mem->data, TDB_INSERT);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(rec);
return status;
struct dom_sid *members;
bool is_member = false;
const char *action;
+ TDB_DATA value;
state->idx++;
alias_sid = state->obj->cur->object.identifier->sid;
- mem = dssync_parse_mem(rec->value);
+ value = dbwrap_record_get_value(rec);
+ mem = dssync_parse_mem(value);
if (mem == NULL) {
return -1;
}
struct dssync_passdb);
struct dssync_passdb_traverse_amembers mstate;
struct dssync_passdb_obj *obj;
- int ret;
+ TDB_DATA value;
+ NTSTATUS status;
state->idx++;
if (pctx->methods == NULL) {
return -1;
}
- obj = dssync_parse_obj(rec->value);
+ value = dbwrap_record_get_value(rec);
+ obj = dssync_parse_obj(value);
if (obj == NULL) {
return -1;
}
mstate.ctx = state->ctx;
mstate.name = "members";
mstate.obj = obj;
- ret = obj->members->traverse_read(obj->members,
- dssync_passdb_traverse_amembers,
- &mstate);
- if (ret < 0) {
+ status = dbwrap_traverse_read(obj->members,
+ dssync_passdb_traverse_amembers,
+ &mstate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
return -1;
}
struct dom_sid member_sid;
struct samu *member = NULL;
const char *member_dn = NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
uint32_t rid;
bool is_unix_member = false;
+ TDB_DATA value;
state->idx++;
return -1;
}
- mem = dssync_parse_mem(rec->value);
+ value = dbwrap_record_get_value(rec);
+
+ mem = dssync_parse_mem(value);
if (mem == NULL) {
return -1;
}
break;
}
- if (!get_domain_group_from_sid(group_sid, &map)) {
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return -1;
+ }
+
+ if (!get_domain_group_from_sid(group_sid, map)) {
DEBUG(0, ("Could not find global group %s\n",
sid_string_dbg(&group_sid)));
//return NT_STATUS_NO_SUCH_GROUP;
+ TALLOC_FREE(map);
return -1;
}
- if (!(grp = getgrgid(map.gid))) {
- DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
+ if (!(grp = getgrgid(map->gid))) {
+ DEBUG(0, ("Could not find unix group %lu\n",
+ (unsigned long)map->gid));
//return NT_STATUS_NO_SUCH_GROUP;
+ TALLOC_FREE(map);
return -1;
}
+ TALLOC_FREE(map);
+
DEBUG(0,("Group members of %s: ", grp->gr_name));
if ( !(member = samu_new(talloc_tos())) ) {
struct dssync_passdb);
struct dssync_passdb_traverse_gmembers mstate;
struct dssync_passdb_obj *obj;
- int ret;
+ TDB_DATA value;
+ NTSTATUS status;
state->idx++;
if (pctx->methods == NULL) {
return -1;
}
- obj = dssync_parse_obj(rec->value);
+ value = dbwrap_record_get_value(rec);
+
+ obj = dssync_parse_obj(value);
if (obj == NULL) {
return -1;
}
mstate.ctx = state->ctx;
mstate.name = "members";
mstate.obj = obj;
- ret = obj->members->traverse_read(obj->members,
- dssync_passdb_traverse_gmembers,
- &mstate);
- if (ret < 0) {
+ status = dbwrap_traverse_read(obj->members,
+ dssync_passdb_traverse_gmembers,
+ &mstate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
return -1;
}
struct dssync_passdb);
struct dssync_passdb_traverse_aliases astate;
struct dssync_passdb_traverse_groups gstate;
- int ret;
+ NTSTATUS status;
ZERO_STRUCT(astate);
astate.ctx = ctx;
astate.name = "aliases";
- ret = pctx->aliases->traverse_read(pctx->aliases,
- dssync_passdb_traverse_aliases,
- &astate);
- if (ret < 0) {
+ status = dbwrap_traverse_read(pctx->aliases,
+ dssync_passdb_traverse_aliases,
+ &astate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_INTERNAL_ERROR;
}
ZERO_STRUCT(gstate);
gstate.ctx = ctx;
gstate.name = "groups";
- ret = pctx->groups->traverse_read(pctx->groups,
- dssync_passdb_traverse_groups,
- &gstate);
- if (ret < 0) {
+ status = dbwrap_traverse_read(pctx->groups,
+ dssync_passdb_traverse_groups,
+ &gstate, NULL);
+ if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_INTERNAL_ERROR;
}
/* Create appropriate user */
if (acct_flags & ACB_NORMAL) {
- add_script = talloc_strdup(mem_ctx, lp_adduser_script());
+ add_script = lp_add_user_script(mem_ctx);
} else if ( (acct_flags & ACB_WSTRUST) ||
(acct_flags & ACB_SVRTRUST) ||
(acct_flags & ACB_DOMTRUST) ) {
- add_script = talloc_strdup(mem_ctx, lp_addmachine_script());
+ add_script = lp_add_machine_script(mem_ctx);
} else {
DEBUG(1, ("Unknown user type: %s\n",
pdb_encode_acct_ctrl(acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)));
const char *profilePath;
const char *description;
const char *userWorkstations;
- const char *comment;
DATA_BLOB userParameters;
struct dom_sid objectSid;
uint32_t primaryGroupID;
GET_STRING(profilePath);
GET_STRING(description);
GET_STRING(userWorkstations);
- GET_STRING(comment);
GET_BLOB(userParameters);
GET_UINT32(primaryGroupID);
GET_UINT32(userAccountControl);
}
if (userParameters.data) {
- char *newstr;
+ char *newstr = NULL;
old_string = pdb_get_munged_dial(account);
- newstr = (userParameters.length == 0) ? NULL :
- base64_encode_data_blob(talloc_tos(), userParameters);
+
+ if (userParameters.length != 0) {
+ newstr = base64_encode_data_blob(talloc_tos(),
+ userParameters);
+ SMB_ASSERT(newstr != NULL);
+ }
if (STRING_CHANGED_NC(old_string, newstr))
pdb_set_munged_dial(account, newstr, PDB_CHANGED);
NTSTATUS status;
fstring account;
struct samu *sam_account=NULL;
- GROUP_MAP map;
+ GROUP_MAP *map;
struct group *grp;
struct dom_sid user_sid;
struct dom_sid group_sid;
uint32_t rid;
const char *sAMAccountName;
- uint32_t sAMAccountType;
uint32_t userAccountControl;
user_sid = cur->object.identifier->sid;
GET_STRING_EX(sAMAccountName, true);
- GET_UINT32_EX(sAMAccountType, true);
GET_UINT32_EX(userAccountControl, true);
status = dom_sid_split_rid(mem_ctx, &user_sid, NULL, &rid);
group_sid = *pdb_get_group_sid(sam_account);
- if (!pdb_getgrsid(&map, group_sid)) {
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (!pdb_getgrsid(map, group_sid)) {
DEBUG(0, ("Primary group of %s has no mapping!\n",
pdb_get_username(sam_account)));
} else {
- if (map.gid != passwd->pw_gid) {
- if (!(grp = getgrgid(map.gid))) {
+ if (map->gid != passwd->pw_gid) {
+ if (!(grp = getgrgid(map->gid))) {
DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
- (unsigned long)map.gid, pdb_get_username(sam_account),
+ (unsigned long)map->gid, pdb_get_username(sam_account),
sid_string_dbg(&group_sid)));
} else {
smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
}
}
+ TALLOC_FREE(map);
+
if ( !passwd ) {
DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
pdb_get_username(sam_account)));
{
struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
NTSTATUS status;
- fstring name;
- fstring comment;
struct group *grp = NULL;
struct dom_sid group_sid;
uint32_t rid = 0;
struct dom_sid *dom_sid = NULL;
fstring sid_string;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool insert = true;
const char *sAMAccountName;
- uint32_t sAMAccountType;
- uint32_t groupType;
const char *description;
uint32_t i;
uint32_t num_members = 0;
group_sid = cur->object.identifier->sid;
GET_STRING_EX(sAMAccountName, true);
- GET_UINT32_EX(sAMAccountType, true);
- GET_UINT32_EX(groupType, true);
GET_STRING(description);
status = find_drsuapi_attr_dn(obj, cur, DRSUAPI_ATTID_member,
return status;
}
- fstrcpy(name, sAMAccountName);
- fstrcpy(comment, description);
-
dom_sid_split_rid(mem_ctx, &group_sid, &dom_sid, &rid);
+ map = talloc_zero(mem_ctx, GROUP_MAP);
+ if (map == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ map->nt_name = talloc_strdup(map, sAMAccountName);
+ if (map->nt_name == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ if (description) {
+ map->comment = talloc_strdup(map, description);
+ } else {
+ map->comment = talloc_strdup(map, "");
+ }
+ if (map->comment == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
sid_to_fstring(sid_string, &group_sid);
DEBUG(0,("Creating alias[%s] - %s members[%u]\n",
- name, sid_string, num_members));
+ map->nt_name, sid_string, num_members));
status = dssync_insert_obj(pctx, pctx->aliases, obj);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
- if (pdb_getgrsid(&map, group_sid)) {
- if ( map.gid != -1 )
- grp = getgrgid(map.gid);
+ if (pdb_getgrsid(map, group_sid)) {
+ if (map->gid != -1) {
+ grp = getgrgid(map->gid);
+ }
insert = false;
}
gid_t gid;
/* No group found from mapping, find it from its name. */
- if ((grp = getgrnam(name)) == NULL) {
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
/* No appropriate group found, create one */
- DEBUG(0,("Creating unix group: '%s'\n", name));
+ DEBUG(0, ("Creating unix group: '%s'\n",
+ map->nt_name));
- if (smb_create_group(name, &gid) != 0)
- return NT_STATUS_ACCESS_DENIED;
+ if (smb_create_group(map->nt_name, &gid) != 0) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
- if ((grp = getgrgid(gid)) == NULL)
- return NT_STATUS_ACCESS_DENIED;
+ if ((grp = getgrgid(gid)) == NULL) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
}
}
- map.gid = grp->gr_gid;
- map.sid = group_sid;
+ map->gid = grp->gr_gid;
+ map->sid = group_sid;
if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
/*
*
* map.sid_name_use = SID_NAME_WKN_GRP;
*/
- map.sid_name_use = SID_NAME_ALIAS;
+ map->sid_name_use = SID_NAME_ALIAS;
} else {
- map.sid_name_use = SID_NAME_ALIAS;
+ map->sid_name_use = SID_NAME_ALIAS;
}
- fstrcpy(map.nt_name, name);
- if (description) {
- fstrcpy(map.comment, comment);
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
} else {
- fstrcpy(map.comment, "");
+ pdb_update_group_mapping_entry(map);
}
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
-
for (i=0; i < num_members; i++) {
struct dssync_passdb_mem *mem;
true /* active */,
&members[i], &mem);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
}
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(map);
+ return status;
}
/****************************************************************
{
struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
NTSTATUS status;
- fstring name;
- fstring comment;
struct group *grp = NULL;
struct dom_sid group_sid;
fstring sid_string;
- GROUP_MAP map;
+ GROUP_MAP *map;
bool insert = true;
const char *sAMAccountName;
- uint32_t sAMAccountType;
- uint32_t groupType;
const char *description;
uint32_t i;
uint32_t num_members = 0;
group_sid = cur->object.identifier->sid;
GET_STRING_EX(sAMAccountName, true);
- GET_UINT32_EX(sAMAccountType, true);
- GET_UINT32_EX(groupType, true);
GET_STRING(description);
status = find_drsuapi_attr_dn(obj, cur, DRSUAPI_ATTID_member,
return status;
}
- fstrcpy(name, sAMAccountName);
- fstrcpy(comment, description);
+ map = talloc_zero(NULL, GROUP_MAP);
+ if (!map) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ map->nt_name = talloc_strdup(map, sAMAccountName);
+ if (!map->nt_name) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ if (description) {
+ map->comment = talloc_strdup(map, description);
+ } else {
+ map->comment = talloc_strdup(map, "");
+ }
+ if (!map->comment) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
sid_to_fstring(sid_string, &group_sid);
DEBUG(0,("Creating group[%s] - %s members [%u]\n",
- name, sid_string, num_members));
+ map->nt_name, sid_string, num_members));
status = dssync_insert_obj(pctx, pctx->groups, obj);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
- if (pdb_getgrsid(&map, group_sid)) {
- if ( map.gid != -1 )
- grp = getgrgid(map.gid);
+ if (pdb_getgrsid(map, group_sid)) {
+ if (map->gid != -1) {
+ grp = getgrgid(map->gid);
+ }
insert = false;
}
gid_t gid;
/* No group found from mapping, find it from its name. */
- if ((grp = getgrnam(name)) == NULL) {
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
/* No appropriate group found, create one */
- DEBUG(0,("Creating unix group: '%s'\n", name));
+ DEBUG(0, ("Creating unix group: '%s'\n",
+ map->nt_name));
- if (smb_create_group(name, &gid) != 0)
- return NT_STATUS_ACCESS_DENIED;
+ if (smb_create_group(map->nt_name, &gid) != 0) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
- if ((grp = getgrnam(name)) == NULL)
- return NT_STATUS_ACCESS_DENIED;
+ if ((grp = getgrnam(map->nt_name)) == NULL) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto done;
+ }
}
}
- map.gid = grp->gr_gid;
- map.sid = group_sid;
- map.sid_name_use = SID_NAME_DOM_GRP;
- fstrcpy(map.nt_name, name);
- if (description) {
- fstrcpy(map.comment, comment);
+ map->gid = grp->gr_gid;
+ map->sid = group_sid;
+ map->sid_name_use = SID_NAME_DOM_GRP;
+
+ if (insert) {
+ pdb_add_group_mapping_entry(map);
} else {
- fstrcpy(map.comment, "");
+ pdb_update_group_mapping_entry(map);
}
- if (insert)
- pdb_add_group_mapping_entry(&map);
- else
- pdb_update_group_mapping_entry(&map);
-
for (i=0; i < num_members; i++) {
struct dssync_passdb_mem *mem;
true /* active */,
&members[i], &mem);
if (!NT_STATUS_IS_OK(status)) {
- return status;
+ goto done;
}
}
- return NT_STATUS_OK;
+ status = NT_STATUS_OK;
+
+done:
+ TALLOC_FREE(map);
+ return status;
}
/****************************************************************
struct drsuapi_DsReplicaAttribute *attr;
char *name = NULL;
- uint32_t uacc = 0;
uint32_t sam_type = 0;
DEBUG(3, ("parsing object '%s'\n", cur->object.identifier->dn));
case DRSUAPI_ATTID_sAMAccountType:
sam_type = IVAL(blob->data, 0);
break;
- case DRSUAPI_ATTID_userAccountControl:
- uacc = IVAL(blob->data, 0);
- break;
default:
break;
}
for (a=0; a < ARRAY_SIZE(dssync_object_table); a++) {
if (sam_type == dssync_object_table[a].type) {
if (dssync_object_table[a].fn) {
- struct dssync_passdb_obj *obj;
+ struct dssync_passdb_obj *obj = NULL;
status = dssync_create_obj(pctx, pctx->all,
sam_type, cur, &obj);
if (!NT_STATUS_IS_OK(status)) {
git.samba.org / samba.git / blobdiff