s4:srvsvc RPC - revert one unsigned integer "i" back to signed

[ira/wip.git] / source3 / groupdb / mapping_ldb.c

diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c
index 7ce879fb6ed9eb40931956a4c42c3acc760287fb..89966e1986e779c506e83a842f3577e682f42ac6 100644 (file)
--- a/source3/groupdb/mapping_ldb.c
+++ b/source3/groupdb/mapping_ldb.c
@@ -23,7 +23,7 @@
 
 #include "includes.h"
 #include "groupdb/mapping.h"
-#include "lib/ldb/include/includes.h"
+#include "lib/ldb/include/ldb.h"
 #include "lib/ldb/include/ldb_errors.h"
 
 static struct ldb_context *ldb;
@@ -57,13 +57,13 @@ static bool init_group_mapping(void)
 
        db_path = state_path("group_mapping.ldb");
 
-       ldb = ldb_init(NULL);
+       ldb = ldb_init(NULL, NULL);
        if (ldb == NULL) goto failed;
 
        /* Ensure this db is created read/write for root only. */
        ldb_set_create_perms(ldb, 0600);
 
-       existed = file_exist(db_path, NULL);
+       existed = file_exist(db_path);
 
        if (lp_parm_bool(-1, "groupmap", "nosync", False)) {
                flags |= LDB_FLG_NOSYNC;
@@ -99,7 +99,7 @@ static bool init_group_mapping(void)
 
        /* possibly upgrade */
        tdb_path = state_path("group_mapping.tdb");
-       if (file_exist(tdb_path, NULL) && !mapping_upgrade(tdb_path)) {
+       if (file_exist(tdb_path) && !mapping_upgrade(tdb_path)) {
                unlink(state_path("group_mapping.ldb"));
                goto failed;
        }
@@ -133,8 +133,8 @@ static struct ldb_dn *mapping_dn(TALLOC_CTX *mem_ctx, const DOM_SID *sid)
        }
        /* we split by domain and rid so we can do a subtree search
           when we only want one domain */
-       return ldb_dn_string_compose(mem_ctx, NULL, "rid=%u,domain=%s", 
-                                    rid, string_sid);
+       return ldb_dn_new_fmt(mem_ctx, ldb, "rid=%u,domain=%s", 
+                             rid, string_sid);
 }
 
 /*
@@ -217,24 +217,26 @@ static bool get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
        int ret;
        struct ldb_dn *dn;
        struct ldb_result *res=NULL;
-       
-       dn = mapping_dn(ldb, &sid);
-       if (dn == NULL) goto failed;
+       bool result = false;
 
-       ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &res);
-       talloc_steal(dn, res);
-       if (ret != LDB_SUCCESS || res->count != 1) {
+       dn = mapping_dn(talloc_tos(), &sid);
+       if (dn == NULL) {
                goto failed;
        }
 
-       if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+       ret = ldb_search(ldb, dn, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+       if (ret != LDB_SUCCESS || res->count != 1) {
+               goto failed;
+       }
 
-       talloc_free(dn);
-       return True;
+       if (!msg_to_group_map(res->msgs[0], map)) {
+               goto failed;
+       }
 
-failed:
+       result = true;
+ failed:
        talloc_free(dn);
-       return False;
+       return result;
 }
 
 /*
@@ -243,25 +245,24 @@ failed:
 static bool get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
 {
        int ret;
-       char *expr;
        struct ldb_result *res=NULL;
+       bool result = false;
 
-       expr = talloc_asprintf(ldb, "(&(gidNumber=%u)(objectClass=groupMap))", 
-                              (unsigned)gid);
-       if (expr == NULL) goto failed;
-
-       ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
-       talloc_steal(expr, res);
-       if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-       
-       if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+       ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+                        NULL, "(&(gidNumber=%u)(objectClass=groupMap))",
+                        (unsigned)gid);
+       if (ret != LDB_SUCCESS || res->count != 1) {
+               goto failed;
+       }
 
-       talloc_free(expr);
-       return True;
+       if (!msg_to_group_map(res->msgs[0], map)) {
+               goto failed;
+       }
 
+       result = true;
 failed:
-       talloc_free(expr);
-       return False;
+       TALLOC_FREE(res);
+       return result;
 }
 
 /*
@@ -270,24 +271,23 @@ failed:
 static bool get_group_map_from_ntname(const char *name, GROUP_MAP *map)
 {
        int ret;
-       char *expr;
        struct ldb_result *res=NULL;
+       bool result = false;
 
-       expr = talloc_asprintf(ldb, "(&(ntName=%s)(objectClass=groupMap))", name);
-       if (expr == NULL) goto failed;
-
-       ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
-       talloc_steal(expr, res);
-       if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-       
-       if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+       ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+                        NULL, "(&(ntName=%s)(objectClass=groupMap))", name);
+       if (ret != LDB_SUCCESS || res->count != 1) {
+               goto failed;
+       }
 
-       talloc_free(expr);
-       return True;
+       if (!msg_to_group_map(res->msgs[0], map)) {
+               goto failed;
+       }
 
-failed:
-       talloc_free(expr);
-       return False;
+       result = true;
+ failed:
+       TALLOC_FREE(res);
+       return result;
 }
 
 /*
@@ -317,7 +317,6 @@ static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_
                               size_t *p_num_entries, bool unix_only)
 {
        int i, ret;
-       char *expr;
        fstring name;
        struct ldb_result *res = NULL;
        struct ldb_dn *basedn=NULL;
@@ -326,23 +325,22 @@ static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_
        tmp_ctx = talloc_new(ldb);
        if (tmp_ctx == NULL) goto failed;
 
-       if (sid_name_use == SID_NAME_UNKNOWN) {
-               expr = talloc_asprintf(tmp_ctx, "(&(objectClass=groupMap))");
-       } else {
-               expr = talloc_asprintf(tmp_ctx, "(&(sidNameUse=%u)(objectClass=groupMap))",
-                                      sid_name_use);
-       }
-       if (expr == NULL) goto failed;
-
        /* we do a subtree search on the domain */
        if (domsid != NULL) {
                sid_to_fstring(name, domsid);
-               basedn = ldb_dn_string_compose(tmp_ctx, NULL, "domain=%s", name);
+               basedn = ldb_dn_new_fmt(tmp_ctx, ldb, "domain=%s", name);
                if (basedn == NULL) goto failed;
        }
 
-       ret = ldb_search(ldb, basedn, LDB_SCOPE_SUBTREE, expr, NULL, &res);
-       talloc_steal(tmp_ctx, res);
+       if (sid_name_use == SID_NAME_UNKNOWN) {
+               ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+                                NULL, "(&(objectClass=groupMap))");
+       } else {
+               ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+                                NULL, "(&(sidNameUse=%u)(objectClass=groupMap))",
+                                sid_name_use);
+       }
+
        if (ret != LDB_SUCCESS) goto failed;
 
        (*pp_rmap) = NULL;
@@ -380,23 +378,20 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
                NULL
        };
        DOM_SID alias;
-       char *expr;
        int ret, i;
        struct ldb_result *res=NULL;
        fstring string_sid;
-       NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+       NTSTATUS status;
 
        if (!sid_to_fstring(string_sid, member)) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       expr = talloc_asprintf(ldb, "(&(member=%s)(objectClass=groupMap))", 
-                              string_sid);
-       if (expr == NULL) goto failed;
-
-       ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, attrs, &res);
-       talloc_steal(expr, res);
+       ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+                        attrs, "(&(member=%s)(objectClass=groupMap))",
+                        string_sid);
        if (ret != LDB_SUCCESS) {
+               status = NT_STATUS_INTERNAL_DB_CORRUPTION;
                goto failed;
        }
 
@@ -414,11 +409,9 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
                }
        }
 
-       talloc_free(expr);
-       return NT_STATUS_OK;
-
-failed:
-       talloc_free(expr);
+       status = NT_STATUS_OK;
+ failed:
+       TALLOC_FREE(res);
        return status;
 }
 
@@ -495,7 +488,8 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
 /*
   enumerate sids that have the given alias set in member
 */
-static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
+static NTSTATUS enum_aliasmem(const DOM_SID *alias, TALLOC_CTX *mem_ctx,
+                             DOM_SID **sids, size_t *num)
 {
        const char *attrs[] = {
                "member",
@@ -515,9 +509,9 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
                return NT_STATUS_NO_MEMORY;
        }
 
-       ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, attrs, &res);
-       talloc_steal(dn, res);
+       ret = ldb_search(ldb, ldb, &res, dn, LDB_SCOPE_BASE, attrs, NULL);
        if (ret == LDB_SUCCESS && res->count == 0) {
+               talloc_free(res);
                talloc_free(dn);
                return NT_STATUS_OK;
        }
@@ -526,16 +520,17 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
 
+       talloc_steal(dn, res);
        el = ldb_msg_find_element(res->msgs[0], "member");
        if (el == NULL) {
                talloc_free(dn);
-               return NT_STATUS_INTERNAL_DB_CORRUPTION;
+               return NT_STATUS_OK;
        }
        
        for (i=0;i<el->num_values;i++) {
                DOM_SID sid;
                string_to_sid(&sid, (const char *)el->values[i].data);
-               status = add_sid_to_array_unique(NULL, &sid, sids, num);
+               status = add_sid_to_array_unique(mem_ctx, &sid, sids, num);
                if (!NT_STATUS_IS_OK(status)) {
                        goto done;
                }
@@ -574,6 +569,13 @@ static int upgrade_map_record(TDB_CONTEXT *tdb_ctx, TDB_DATA key,
                return -1;
        }
 
+       if ((int)map.gid == -1) {
+               /*
+                * Ignore old invalid mappings
+                */
+               return 0;
+       }
+
        if (!add_mapping_entry(&map, 0)) {
                DEBUG(0,("Failed to add mapping entry during upgrade\n"));
                *(int *)state = -1;