#include "includes.h"
#include "groupdb/mapping.h"
-#include "lib/ldb/include/includes.h"
+#include "lib/ldb/include/ldb.h"
#include "lib/ldb/include/ldb_errors.h"
static struct ldb_context *ldb;
db_path = state_path("group_mapping.ldb");
- ldb = ldb_init(NULL);
+ ldb = ldb_init(NULL, NULL);
if (ldb == NULL) goto failed;
/* Ensure this db is created read/write for root only. */
ldb_set_create_perms(ldb, 0600);
- existed = file_exist(db_path, NULL);
+ existed = file_exist(db_path);
if (lp_parm_bool(-1, "groupmap", "nosync", False)) {
flags |= LDB_FLG_NOSYNC;
/* possibly upgrade */
tdb_path = state_path("group_mapping.tdb");
- if (file_exist(tdb_path, NULL) && !mapping_upgrade(tdb_path)) {
+ if (file_exist(tdb_path) && !mapping_upgrade(tdb_path)) {
unlink(state_path("group_mapping.ldb"));
goto failed;
}
}
/* we split by domain and rid so we can do a subtree search
when we only want one domain */
- return ldb_dn_string_compose(mem_ctx, NULL, "rid=%u,domain=%s",
- rid, string_sid);
+ return ldb_dn_new_fmt(mem_ctx, ldb, "rid=%u,domain=%s",
+ rid, string_sid);
}
/*
int ret;
struct ldb_dn *dn;
struct ldb_result *res=NULL;
-
- dn = mapping_dn(ldb, &sid);
- if (dn == NULL) goto failed;
+ bool result = false;
- ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, NULL, &res);
- talloc_steal(dn, res);
- if (ret != LDB_SUCCESS || res->count != 1) {
+ dn = mapping_dn(talloc_tos(), &sid);
+ if (dn == NULL) {
goto failed;
}
- if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+ ret = ldb_search(ldb, dn, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
- talloc_free(dn);
- return True;
+ if (!msg_to_group_map(res->msgs[0], map)) {
+ goto failed;
+ }
-failed:
+ result = true;
+ failed:
talloc_free(dn);
- return False;
+ return result;
}
/*
static bool get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
{
int ret;
- char *expr;
struct ldb_result *res=NULL;
+ bool result = false;
- expr = talloc_asprintf(ldb, "(&(gidNumber=%u)(objectClass=groupMap))",
- (unsigned)gid);
- if (expr == NULL) goto failed;
-
- ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
- talloc_steal(expr, res);
- if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-
- if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+ ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+ NULL, "(&(gidNumber=%u)(objectClass=groupMap))",
+ (unsigned)gid);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
- talloc_free(expr);
- return True;
+ if (!msg_to_group_map(res->msgs[0], map)) {
+ goto failed;
+ }
+ result = true;
failed:
- talloc_free(expr);
- return False;
+ TALLOC_FREE(res);
+ return result;
}
/*
static bool get_group_map_from_ntname(const char *name, GROUP_MAP *map)
{
int ret;
- char *expr;
struct ldb_result *res=NULL;
+ bool result = false;
- expr = talloc_asprintf(ldb, "(&(ntName=%s)(objectClass=groupMap))", name);
- if (expr == NULL) goto failed;
-
- ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
- talloc_steal(expr, res);
- if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-
- if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+ ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+ NULL, "(&(ntName=%s)(objectClass=groupMap))", name);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
- talloc_free(expr);
- return True;
+ if (!msg_to_group_map(res->msgs[0], map)) {
+ goto failed;
+ }
-failed:
- talloc_free(expr);
- return False;
+ result = true;
+ failed:
+ TALLOC_FREE(res);
+ return result;
}
/*
size_t *p_num_entries, bool unix_only)
{
int i, ret;
- char *expr;
fstring name;
struct ldb_result *res = NULL;
struct ldb_dn *basedn=NULL;
tmp_ctx = talloc_new(ldb);
if (tmp_ctx == NULL) goto failed;
- if (sid_name_use == SID_NAME_UNKNOWN) {
- expr = talloc_asprintf(tmp_ctx, "(&(objectClass=groupMap))");
- } else {
- expr = talloc_asprintf(tmp_ctx, "(&(sidNameUse=%u)(objectClass=groupMap))",
- sid_name_use);
- }
- if (expr == NULL) goto failed;
-
/* we do a subtree search on the domain */
if (domsid != NULL) {
sid_to_fstring(name, domsid);
- basedn = ldb_dn_string_compose(tmp_ctx, NULL, "domain=%s", name);
+ basedn = ldb_dn_new_fmt(tmp_ctx, ldb, "domain=%s", name);
if (basedn == NULL) goto failed;
}
- ret = ldb_search(ldb, basedn, LDB_SCOPE_SUBTREE, expr, NULL, &res);
- talloc_steal(tmp_ctx, res);
+ if (sid_name_use == SID_NAME_UNKNOWN) {
+ ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+ NULL, "(&(objectClass=groupMap))");
+ } else {
+ ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+ NULL, "(&(sidNameUse=%u)(objectClass=groupMap))",
+ sid_name_use);
+ }
+
if (ret != LDB_SUCCESS) goto failed;
(*pp_rmap) = NULL;
NULL
};
DOM_SID alias;
- char *expr;
int ret, i;
struct ldb_result *res=NULL;
fstring string_sid;
- NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ NTSTATUS status;
if (!sid_to_fstring(string_sid, member)) {
return NT_STATUS_INVALID_PARAMETER;
}
- expr = talloc_asprintf(ldb, "(&(member=%s)(objectClass=groupMap))",
- string_sid);
- if (expr == NULL) goto failed;
-
- ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, attrs, &res);
- talloc_steal(expr, res);
+ ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+ attrs, "(&(member=%s)(objectClass=groupMap))",
+ string_sid);
if (ret != LDB_SUCCESS) {
+ status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto failed;
}
}
}
- talloc_free(expr);
- return NT_STATUS_OK;
-
-failed:
- talloc_free(expr);
+ status = NT_STATUS_OK;
+ failed:
+ TALLOC_FREE(res);
return status;
}
/*
enumerate sids that have the given alias set in member
*/
-static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
+static NTSTATUS enum_aliasmem(const DOM_SID *alias, TALLOC_CTX *mem_ctx,
+ DOM_SID **sids, size_t *num)
{
const char *attrs[] = {
"member",
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_search(ldb, dn, LDB_SCOPE_BASE, NULL, attrs, &res);
- talloc_steal(dn, res);
+ ret = ldb_search(ldb, ldb, &res, dn, LDB_SCOPE_BASE, attrs, NULL);
if (ret == LDB_SUCCESS && res->count == 0) {
+ talloc_free(res);
talloc_free(dn);
return NT_STATUS_OK;
}
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ talloc_steal(dn, res);
el = ldb_msg_find_element(res->msgs[0], "member");
if (el == NULL) {
talloc_free(dn);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ return NT_STATUS_OK;
}
for (i=0;i<el->num_values;i++) {
DOM_SID sid;
string_to_sid(&sid, (const char *)el->values[i].data);
- status = add_sid_to_array_unique(NULL, &sid, sids, num);
+ status = add_sid_to_array_unique(mem_ctx, &sid, sids, num);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
return -1;
}
+ if ((int)map.gid == -1) {
+ /*
+ * Ignore old invalid mappings
+ */
+ return 0;
+ }
+
if (!add_mapping_entry(&map, 0)) {
DEBUG(0,("Failed to add mapping entry during upgrade\n"));
*(int *)state = -1;