{ 0 , NULL }
};
-int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids)
-{
- char *ptr;
- pstring s2;
- int count;
- DOM_GID *gids;
-
- *ppgids = NULL;
-
- DEBUG(4,("make_dom_gids: %s\n", gids_str));
-
- if (gids_str == NULL || *gids_str == 0)
- return 0;
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2));
- count++)
- ;
-
- gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count );
- if(!gids)
- {
- DEBUG(0,("make_dom_gids: talloc fail !\n"));
- return 0;
- }
-
- for (count = 0, ptr = gids_str;
- next_token(&ptr, s2, NULL, sizeof(s2)) &&
- count < LSA_MAX_GROUPS;
- count++)
- {
- /* the entries are of the form GID/ATTR, ATTR being optional.*/
- char *attr;
- uint32 rid = 0;
- int i;
-
- attr = strchr_m(s2,'/');
- if (attr)
- *attr++ = 0;
-
- if (!attr || !*attr)
- attr = "7"; /* default value for attribute is 7 */
-
- /* look up the RID string and see if we can turn it into a rid number */
- for (i = 0; builtin_alias_rids[i].name != NULL; i++)
- {
- if (strequal(builtin_alias_rids[i].name, s2))
- {
- rid = builtin_alias_rids[i].rid;
- break;
- }
- }
-
- if (rid == 0)
- rid = atoi(s2);
-
- if (rid == 0)
- {
- DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr));
- count--;
- }
- else
- {
- gids[count].g_rid = rid;
- gids[count].attr = atoi(attr);
-
- DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr));
- }
- }
-
- *ppgids = gids;
- return count;
-}
-
/*******************************************************************
gets a domain user's groups
********************************************************************/
-NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
+NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid)
{
SAM_ACCOUNT *sam_pass=NULL;
char *sep;
sep = lp_winbind_separator();
- DEBUG(10,("new_get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
+ DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n",
sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid)));
sid_peek_rid(q_sid, &rid);
become_root();
ret = pdb_getsampwrid(sam_pass, rid);
unbecome_root();
- if (ret == False)
+ if (ret == False) {
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_SUCH_USER;
+ }
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
gid=pdb_get_gid(sam_pass);
grp = glist = getgrent_list();
- if (grp == NULL)
+ if (grp == NULL) {
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
-
+ }
for (; grp != NULL; grp = grp->next) {
if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) {
- DEBUG(10,("new_get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
+ DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid));
continue;
}
/* if it's not an alias, continue */
if (map.sid_name_use!=SID_NAME_ALIAS) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
continue;
}
/* if the sid is not in the correct domain, continue */
if (!sid_equal(&tmp_sid, sid)) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
continue;
}
/* Don't return winbind groups as they are not local! */
if (strchr_m(map.nt_name, *sep) != NULL) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name));
continue;
}
/* Don't return user private groups... */
if (Get_Pwnam(map.nt_name) != 0) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name));
continue;
}
/* the group is fine, we can check if there is the user we're looking for */
- DEBUG(10,("new_get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name));
for(num=0; grp->gr_mem[num]!=NULL; num++) {
if(strcmp(grp->gr_mem[num], user_name)==0) {
new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
if (new_rids==NULL) {
- DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
rids=new_rids;
sid_peek_rid(&map.sid, &(rids[cur_rid]));
- DEBUG(10,("new_get_alias_user_groups: user found in group %s\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name));
cur_rid++;
break;
}
}
-
}
-
+
grent_free(glist);
-
+
/* now check for the user's gid (the primary group rid) */
for (i=0; i<cur_rid && grid!=rids[i]; i++)
;
-
+
/* the user's gid is already there */
if (i!=cur_rid) {
- DEBUG(10,("new_get_alias_user_groups: user is already in the list. good.\n"));
+ DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n"));
goto done;
}
-
- DEBUG(10,("new_get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
-
+
+ DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name));
+
if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) {
- DEBUG(0,("new_get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+ DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
goto done;
}
-
+
/* the primary group isn't an alias */
if (map.sid_name_use!=SID_NAME_ALIAS) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
goto done;
}
sid_copy(&tmp_sid, &map.sid);
sid_split_rid(&tmp_sid, &rid);
-
+
/* if the sid is not in the correct domain, continue */
if (!sid_equal(&tmp_sid, sid)) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name));
goto done;
}
/* Don't return winbind groups as they are not local! */
if (strchr_m(map.nt_name, *sep) != NULL) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
+ DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name ));
goto done;
}
/* Don't return user private groups... */
if (Get_Pwnam(map.nt_name) != 0) {
- DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
+ DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name ));
goto done;
}
new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1));
if (new_rids==NULL) {
- DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n"));
+ DEBUG(10,("get_alias_user_groups: could not realloc memory\n"));
+ pdb_free_sam(&sam_pass);
return NT_STATUS_NO_MEMORY;
}
rids=new_rids;
done:
*prids=rids;
*numgroups=cur_rid;
-
+ pdb_free_sam(&sam_pass);
+
return NT_STATUS_OK;
}
/*******************************************************************
gets a domain user's groups
********************************************************************/
-BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
+BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass)
{
GROUP_MAP *map=NULL;
int i, num, num_entries, cur_gid=0;
fstrcpy(user_name, pdb_get_username(sam_pass));
grid=pdb_get_group_rid(sam_pass);
- DEBUG(10,("new_get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
+ DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name));
/* first get the list of the domain groups */
if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV))
return False;
- DEBUG(10,("new_get_domain_user_groups: there are %d mapped groups\n", num_entries));
-
+ DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries));
/*
* alloc memory. In the worse case, we alloc memory for nothing.
for(i=0; i<num_entries; i++) {
if ((grp=getgrgid(map[i].gid)) == NULL) {
/* very weird !!! */
- DEBUG(5,("new_get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
+ DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid));
continue;
}
if(strcmp(grp->gr_mem[num], user_name)==0) {
/* we found the user, add the group to the list */
sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid));
- gids[cur_gid].attr=map[i].sid_name_use;
- DEBUG(10,("new_get_domain_user_groups: user found in group %s\n", map[i].nt_name));
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name));
cur_gid++;
break;
}
/* the user's gid is already there */
if (i!=cur_gid) {
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[i].g_rid=gids[0].g_rid;
+ gids[0].g_rid=grid;
goto done;
}
for(i=0; i<num_entries; i++) {
sid_peek_rid(&map[i].sid, &tmp_rid);
if (tmp_rid==grid) {
- gids[cur_gid].g_rid=tmp_rid;
- gids[cur_gid].attr=map[i].sid_name_use;
- DEBUG(10,("new_get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
+ /*
+ * the primary group of the user but be the first one in the list
+ * don't ask ! JFM.
+ */
+ gids[cur_gid].g_rid=gids[0].g_rid;
+ gids[0].g_rid=tmp_rid;
+ gids[cur_gid].attr=7;
+ DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name));
cur_gid++;
goto done; /* leave the loop early */
}
}
+ DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name));
+ DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n"));
+
done:
- *pgids=gids;
+ *pgids=gids;
*numgroups=cur_gid;
safe_free(map);
return True;
}
-/*******************************************************************
- gets a domain user's groups
- ********************************************************************/
-void get_domain_user_groups(char *domain_groups, const char *user)
-{
- pstring tmp;
-
- if (domain_groups == NULL || user == NULL) return;
-
- /* can only be a user or a guest. cannot be guest _and_ admin */
- if (user_in_list(user, lp_domain_guest_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain guest group access %s granted\n", tmp));
- }
- else
- {
- slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain group access %s granted\n", tmp));
-
- if (user_in_list(user, lp_domain_admin_group()))
- {
- slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS);
- pstrcat(domain_groups, tmp);
-
- DEBUG(3,("domain admin group access %s granted\n", tmp));
- }
- }
-}
-
/*******************************************************************
Look up a local (domain) rid and return a name and type.
********************************************************************/
git.samba.org / tprouty / samba.git / blobdiff