*/
#include "includes.h"
+#include "system/passwd.h"
+#include "passdb.h"
#include "groupdb/mapping.h"
+#include "../libcli/security/security.h"
+#include "lib/winbind_util.h"
+#include "tdb_compat.h"
static const struct mapping_backend *backend;
*/
static bool init_group_mapping(void)
{
- const char *backend_string;
-
if (backend != NULL) {
/* already initialised */
return True;
}
- /*
- * default to using the ldb backend. This parameter should
- * disappear in future versions of Samba3.
- *
- * But it's needed for cluster setups, because it's
- * not yet possible to distribute a ldb inside a cluster.
- */
- backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb");
-
- if (strcmp(backend_string, "ldb") == 0) {
- backend = groupdb_ldb_init();
- } else if (strcmp(backend_string, "tdb") == 0) {
- backend = groupdb_tdb_init();
- } else {
- DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string));
- smb_panic("Unknown groupdb backend");
- }
+ backend = groupdb_tdb_init();
return backend != NULL;
}
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
map.gid=gid;
if (!string_to_sid(&map.sid, sid)) {
DEBUG(0, ("string_to_sid failed: %s", sid));
return NT_STATUS_UNSUCCESSFUL;
}
-
+
map.sid_name_use=sid_name_use;
fstrcpy(map.nt_name, nt_name);
fstrcpy(map.comment, comment);
return pdb_add_group_mapping_entry(&map);
}
-static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members,
- DOM_SID **sids, size_t *num)
+static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members,
+ struct dom_sid **sids, size_t *num)
{
size_t i;
}
struct aliasmem_closure {
- const DOM_SID *alias;
- DOM_SID **sids;
+ const struct dom_sid *alias;
+ struct dom_sid **sids;
size_t *num;
};
/* get a domain group from it's SID */
-bool get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
+bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map)
{
struct group *grp;
bool ret;
-
+
if(!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
return(False);
DEBUG(10, ("get_domain_group_from_sid\n"));
/* if the group is NOT in the database, it CAN NOT be a domain group */
-
+
become_root();
ret = pdb_getgrsid(map, sid);
unbecome_root();
-
+
/* special case check for rid 513 */
-
+
if ( !ret ) {
uint32 rid;
-
+
sid_peek_rid( &sid, &rid );
-
- if ( rid == DOMAIN_GROUP_RID_USERS ) {
+
+ if ( rid == DOMAIN_RID_USERS ) {
fstrcpy( map->nt_name, "None" );
fstrcpy( map->comment, "Ordinary Users" );
sid_copy( &map->sid, &sid );
map->sid_name_use = SID_NAME_DOM_GRP;
map->gid = (gid_t)-1;
-
return True;
}
-
return False;
}
- DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
+ DEBUG(10, ("get_domain_group_from_sid: SID found in passdb\n"));
/* if it's not a domain group, continue */
if (map->sid_name_use!=SID_NAME_DOM_GRP) {
}
DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
-
+
if (map->gid==-1) {
return False;
}
DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
-
+
grp = getgrgid(map->gid);
if ( !grp ) {
DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
if (!add_script) {
return -1;
}
- add_script = talloc_string_sub(ctx,
- add_script, "%u", unix_user);
+ add_script = talloc_string_sub2(ctx,
+ add_script, "%u", unix_user, true, false, true);
if (!add_script) {
return -1;
}
if (!del_script) {
return -1;
}
- del_script = talloc_string_sub(ctx,
- del_script, "%u", unix_user);
+ del_script = talloc_string_sub2(ctx,
+ del_script, "%u", unix_user, true, false, true);
if (!del_script) {
return -1;
}
NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid)
+ struct dom_sid sid)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
+ struct dom_sid sid)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
- const DOM_SID *sid, enum lsa_SidType sid_name_use,
+ const struct dom_sid *sid, enum lsa_SidType sid_name_use,
GROUP_MAP **pp_rmap, size_t *p_num_entries,
bool unix_only)
{
NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
const char *name, uint32 *rid)
{
- DOM_SID sid;
+ struct dom_sid sid;
enum lsa_SidType type;
uint32 new_rid;
gid_t gid;
return NT_STATUS_ALIAS_EXISTS;
}
- if (!winbind_allocate_gid(&gid)) {
- DEBUG(3, ("Could not get a gid out of winbind\n"));
+ if (!pdb_new_rid(&new_rid)) {
+ DEBUG(0, ("Could not allocate a RID.\n"));
return NT_STATUS_ACCESS_DENIED;
}
- if (!pdb_new_rid(&new_rid)) {
- DEBUG(0, ("Could not allocate a RID -- wasted a gid :-(\n"));
+ sid_compose(&sid, get_global_sam_sid(), new_rid);
+
+ if (!winbind_allocate_gid(&gid)) {
+ DEBUG(3, ("Could not get a gid out of winbind - "
+ "wasted a rid :-(\n"));
return NT_STATUS_ACCESS_DENIED;
}
- DEBUG(10, ("Creating alias %s with gid %d and rid %d\n",
- name, gid, new_rid));
-
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, new_rid);
+ DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
+ name, (unsigned int)gid, (unsigned int)new_rid));
map.gid = gid;
sid_copy(&map.sid, &sid);
}
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
- const DOM_SID *sid)
+ const struct dom_sid *sid)
{
return pdb_delete_group_mapping_entry(*sid);
}
NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
struct acct_info *info)
{
GROUP_MAP map;
}
NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
struct acct_info *info)
{
GROUP_MAP map;
}
NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
+ const struct dom_sid *alias, const struct dom_sid *member)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
+ const struct dom_sid *alias, const struct dom_sid *member)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
}
NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, DOM_SID **pp_members,
- size_t *p_num_members)
+ const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
+ struct dom_sid **pp_members, size_t *p_num_members)
{
if (!init_group_mapping()) {
DEBUG(0,("failed to initialize group mapping\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- return backend->enum_aliasmem(alias, pp_members, p_num_members);
+ return backend->enum_aliasmem(alias, mem_ctx, pp_members,
+ p_num_members);
}
NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
- const DOM_SID *members,
+ const struct dom_sid *domain_sid,
+ const struct dom_sid *members,
size_t num_members,
uint32 **pp_alias_rids,
size_t *p_num_alias_rids)
{
- DOM_SID *alias_sids;
+ struct dom_sid *alias_sids;
size_t i, num_alias_sids;
NTSTATUS result;
return NT_STATUS_OK;
}
- *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids);
+ *pp_alias_rids = talloc_array(mem_ctx, uint32, num_alias_sids);
if (*pp_alias_rids == NULL)
return NT_STATUS_NO_MEMORY;
*********************************************************************/
NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map,
- DOM_SID sid)
+ struct dom_sid sid)
{
return NT_STATUS_UNSUCCESSFUL;
}
}
NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods,
- DOM_SID sid)
+ struct dom_sid sid)
{
return NT_STATUS_UNSUCCESSFUL;
}
/****************************************************************************
These need to be redirected through pdb_interface.c
****************************************************************************/
-bool pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info)
+bool pdb_get_dom_grp_info(const struct dom_sid *sid, struct acct_info *info)
{
GROUP_MAP map;
bool res;
return True;
}
-bool pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info)
+bool pdb_set_dom_grp_info(const struct dom_sid *sid, const struct acct_info *info)
{
GROUP_MAP map;
NTSTATUS pdb_create_builtin_alias(uint32 rid)
{
- DOM_SID sid;
+ struct dom_sid sid;
enum lsa_SidType type;
gid_t gid;
GROUP_MAP map;
fstring groupname;
DEBUG(10, ("Trying to create builtin alias %d\n", rid));
-
+
if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) {
return NT_STATUS_NO_SUCH_ALIAS;
}
-
+
if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
return NT_STATUS_NO_MEMORY;
}
-
+
if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) {
TALLOC_FREE( mem_ctx );
return NT_STATUS_NO_SUCH_ALIAS;
}
-
+
/* validate RID so copy the name and move on */
-
+
fstrcpy( groupname, name );
TALLOC_FREE( mem_ctx );
return NT_STATUS_ACCESS_DENIED;
}
- DEBUG(10,("Creating alias %s with gid %d\n", groupname, gid));
+ DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid));
map.gid = gid;
sid_copy(&map.sid, &sid);
map.sid_name_use = SID_NAME_ALIAS;
- fstrcpy(map.nt_name, groupname);
- fstrcpy(map.comment, "");
+ strlcpy(map.nt_name, groupname, sizeof(map.nt_name));
+ strlcpy(map.comment, "", sizeof(map.comment));
status = pdb_add_group_mapping_entry(&map);
git.samba.org / kai / samba.git / blobdiff