if (sys_getpeereid(state->sock, &ret_uid)==0) {
/* We know who's asking - look up their SID if
it's one we've mapped before. */
- status = idmap_uid_to_sid(&querying_user_sid,
- ret_uid,
- IDMAP_FLAG_QUERY_ONLY|IDMAP_FLAG_CACHE_ONLY);
+ status = idmap_uid_to_sid(&querying_user_sid, ret_uid);
if (NT_STATUS_IS_OK(status)) {
pquerying_user_sid = &querying_user_sid;
DEBUG(10,("fill_grent_mem: querying uid %u -> %s\n",
/* Try to get the GID */
- status = idmap_sid_to_gid(&group_sid, &gid, 0);
+ status = idmap_sid_to_gid(&group_sid, &gid);
if (NT_STATUS_IS_OK(status)) {
goto got_gid;
{
struct winbindd_domain *domain;
enum lsa_SidType name_type;
- fstring dom_name;
- fstring group_name;
+ char *dom_name;
+ char *group_name;
size_t gr_mem_len;
size_t num_gr_mem;
char *gr_mem;
/* Get name from sid */
- if (!winbindd_lookup_name_by_sid(state->mem_ctx, &group_sid, dom_name,
- group_name, &name_type)) {
+ if (!winbindd_lookup_name_by_sid(state->mem_ctx, &group_sid, &dom_name,
+ &group_name, &name_type)) {
DEBUG(1, ("could not lookup sid\n"));
request_error(state);
+ TALLOC_FREE(group_name);
+ TALLOC_FREE(dom_name);
return;
}
if (!domain) {
DEBUG(1,("Can't find domain from sid\n"));
request_error(state);
+ TALLOC_FREE(group_name);
+ TALLOC_FREE(dom_name);
return;
}
DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
group_name, name_type));
request_error(state);
+ TALLOC_FREE(group_name);
+ TALLOC_FREE(dom_name);
return;
}
&num_gr_mem,
&gr_mem, &gr_mem_len)) {
request_error(state);
+ TALLOC_FREE(group_name);
+ TALLOC_FREE(dom_name);
return;
}
state->response.length += gr_mem_len;
state->response.extra_data.data = gr_mem;
+ TALLOC_FREE(group_name);
+ TALLOC_FREE(dom_name);
+
request_ok(state);
}
/* Return a group structure from a gid number */
void winbindd_getgrgid(struct winbindd_cli_state *state)
{
- DOM_SID group_sid;
- NTSTATUS status;
-
DEBUG(3, ("[%5lu]: getgrgid %lu\n", (unsigned long)state->pid,
(unsigned long)state->request.data.gid));
- /* Bug out if the gid isn't in the winbind range */
-
- if ((state->request.data.gid < server_state.gid_low) ||
- (state->request.data.gid > server_state.gid_high)) {
- request_error(state);
- return;
- }
-
- /* Get sid from gid */
-
- status = idmap_gid_to_sid(&group_sid, state->request.data.gid, IDMAP_FLAG_NONE);
- if (NT_STATUS_IS_OK(status)) {
- /* This is a remote one */
- getgrgid_got_sid(state, group_sid);
- return;
- }
-
- DEBUG(10,("winbindd_getgrgid: gid %lu not found in cache, try with the async interface\n",
- (unsigned long)state->request.data.gid));
-
+ /* always use the async interface */
winbindd_gid2sid_async(state->mem_ctx, state->request.data.gid, getgrgid_recv, state);
}
sid_copy(&group_sid, &domain->sid);
sid_append_rid(&group_sid, name_list[ent->sam_entry_index].rid);
- if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid,
- &group_gid, 0))) {
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &group_gid))) {
union unid_t id;
enum lsa_SidType type;
DEBUG(3, ("[%5lu]: getgroups %s\n", (unsigned long)state->pid,
state->request.data.username));
- /* when using "winbind use default domain" we need to avoid that
- * initgroups() requests from NSS hit our DC too badly for accounts
- * that will never be on the remote DC */
-
- if (lp_winbind_use_default_domain()) {
-
- const char **list = lp_winbind_initgroups_blacklist();
- int i;
-
- if (!list || !list[0]) {
- goto parse;
- }
-
- for (i=0; list[i] != NULL; i++) {
-
- if (strequal(state->request.data.username, list[i])) {
- DEBUG(3,("ignoring blacklisted user [%s] for getgroups\n",
- state->request.data.username));
- request_ok(state);
- return;
- }
- }
- }
- parse:
/* Parse domain and username */
s = TALLOC_P(state->mem_ctx, struct getgroups_state);
struct getgroups_state *s =
(struct getgroups_state *)private_data;
- if (success)
- add_gid_to_array_unique(NULL, gid,
+ if (success) {
+ if (!add_gid_to_array_unique(s->state->mem_ctx, gid,
&s->token_gids,
- &s->num_token_gids);
+ &s->num_token_gids)) {
+ return;
+ }
+ }
if (s->i < s->num_token_sids) {
const DOM_SID *sid = &s->token_sids[s->i];
}
s->state->response.data.num_entries = s->num_token_gids;
- s->state->response.extra_data.data = s->token_gids;
+ /* s->token_gids are talloced */
+ s->state->response.extra_data.data = smb_xmemdup(s->token_gids, s->num_token_gids * sizeof(gid_t));
s->state->response.length += s->num_token_gids * sizeof(gid_t);
request_ok(s->state);
}
return WINBINDD_OK;
}
- if (!print_sidlist(NULL, groups, num_groups, &sidstring, &len)) {
- DEBUG(0, ("malloc failed\n"));
+ if (!print_sidlist(state->mem_ctx, groups, num_groups, &sidstring, &len)) {
+ DEBUG(0, ("talloc failed\n"));
return WINBINDD_ERROR;
}
- state->response.extra_data.data = sidstring;
+ state->response.extra_data.data = SMB_STRDUP(sidstring);
+ if (!state->response.extra_data.data) {
+ return WINBINDD_ERROR;
+ }
state->response.length += len+1;
state->response.data.num_entries = num_groups;