Changeset 745 for trunk/server/source3/groupdb
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 1 deleted
- 4 edited
- 1 copied
-
. (modified) (1 prop)
-
source3/groupdb/mapping.c (modified) (33 diffs)
-
source3/groupdb/mapping.h (modified) (2 diffs)
-
source3/groupdb/mapping_ldb.c (deleted)
-
source3/groupdb/mapping_tdb.c (modified) (22 diffs)
-
source3/groupdb/proto.h (copied) (copied from vendor/current/source3/groupdb/proto.h )
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/groupdb/mapping.c
r414 r745 22 22 23 23 #include "includes.h" 24 #include "system/passwd.h" 25 #include "passdb.h" 24 26 #include "groupdb/mapping.h" 27 #include "../libcli/security/security.h" 28 #include "lib/winbind_util.h" 29 #include <tdb.h> 25 30 26 31 static const struct mapping_backend *backend; … … 31 36 static bool init_group_mapping(void) 32 37 { 33 const char *backend_string;34 35 38 if (backend != NULL) { 36 39 /* already initialised */ … … 38 41 } 39 42 40 /* 41 * default to using the ldb backend. This parameter should 42 * disappear in future versions of Samba3. 43 * 44 * But it's needed for cluster setups, because it's 45 * not yet possible to distribute a ldb inside a cluster. 46 */ 47 backend_string = lp_parm_const_string(-1, "groupdb", "backend", "ldb"); 48 49 if (strcmp(backend_string, "ldb") == 0) { 50 backend = groupdb_ldb_init(); 51 } else if (strcmp(backend_string, "tdb") == 0) { 52 backend = groupdb_tdb_init(); 53 } else { 54 DEBUG(0,("Unknown groupdb backend '%s'\n", backend_string)); 55 smb_panic("Unknown groupdb backend"); 56 } 43 backend = groupdb_tdb_init(); 57 44 58 45 return backend != NULL; … … 70 57 return NT_STATUS_UNSUCCESSFUL; 71 58 } 72 59 73 60 map.gid=gid; 74 61 if (!string_to_sid(&map.sid, sid)) { … … 76 63 return NT_STATUS_UNSUCCESSFUL; 77 64 } 78 65 79 66 map.sid_name_use=sid_name_use; 80 67 fstrcpy(map.nt_name, nt_name); … … 84 71 } 85 72 86 static NTSTATUS alias_memberships(const DOM_SID*members, size_t num_members,87 DOM_SID**sids, size_t *num)73 static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members, 74 struct dom_sid **sids, size_t *num) 88 75 { 89 76 size_t i; … … 101 88 102 89 struct aliasmem_closure { 103 const DOM_SID*alias;104 DOM_SID**sids;90 const struct dom_sid *alias; 91 struct dom_sid **sids; 105 92 size_t *num; 106 93 }; … … 120 107 /* get a domain group from it's SID */ 121 108 122 bool get_domain_group_from_sid( DOM_SIDsid, GROUP_MAP *map)109 bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map) 123 110 { 124 111 struct group *grp; 125 112 bool ret; 126 113 127 114 if(!init_group_mapping()) { 128 115 DEBUG(0,("failed to initialize group mapping\n")); … … 133 120 134 121 /* if the group is NOT in the database, it CAN NOT be a domain group */ 135 122 136 123 become_root(); 137 124 ret = pdb_getgrsid(map, sid); 138 125 unbecome_root(); 139 126 140 127 /* special case check for rid 513 */ 141 128 142 129 if ( !ret ) { 143 130 uint32 rid; 144 131 145 132 sid_peek_rid( &sid, &rid ); 146 147 if ( rid == DOMAIN_ GROUP_RID_USERS ) {133 134 if ( rid == DOMAIN_RID_USERS ) { 148 135 fstrcpy( map->nt_name, "None" ); 149 136 fstrcpy( map->comment, "Ordinary Users" ); … … 151 138 map->sid_name_use = SID_NAME_DOM_GRP; 152 139 map->gid = (gid_t)-1; 153 154 140 return True; 155 141 } 156 157 142 return False; 158 143 } 159 144 160 DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));145 DEBUG(10, ("get_domain_group_from_sid: SID found in passdb\n")); 161 146 162 147 /* if it's not a domain group, continue */ … … 166 151 167 152 DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); 168 153 169 154 if (map->gid==-1) { 170 155 return False; … … 172 157 173 158 DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid)); 174 159 175 160 grp = getgrgid(map->gid); 176 161 if ( !grp ) { … … 344 329 return -1; 345 330 } 346 add_script = talloc_string_sub (ctx,347 add_script, "%u", unix_user );331 add_script = talloc_string_sub2(ctx, 332 add_script, "%u", unix_user, true, false, true); 348 333 if (!add_script) { 349 334 return -1; … … 384 369 return -1; 385 370 } 386 del_script = talloc_string_sub (ctx,387 del_script, "%u", unix_user );371 del_script = talloc_string_sub2(ctx, 372 del_script, "%u", unix_user, true, false, true); 388 373 if (!del_script) { 389 374 return -1; … … 402 387 403 388 NTSTATUS pdb_default_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, 404 DOM_SIDsid)389 struct dom_sid sid) 405 390 { 406 391 if (!init_group_mapping()) { … … 457 442 458 443 NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, 459 DOM_SIDsid)444 struct dom_sid sid) 460 445 { 461 446 if (!init_group_mapping()) { … … 468 453 469 454 NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, 470 const DOM_SID*sid, enum lsa_SidType sid_name_use,455 const struct dom_sid *sid, enum lsa_SidType sid_name_use, 471 456 GROUP_MAP **pp_rmap, size_t *p_num_entries, 472 457 bool unix_only) … … 483 468 const char *name, uint32 *rid) 484 469 { 485 DOM_SIDsid;470 struct dom_sid sid; 486 471 enum lsa_SidType type; 487 472 uint32 new_rid; … … 507 492 } 508 493 494 if (!pdb_new_rid(&new_rid)) { 495 DEBUG(0, ("Could not allocate a RID.\n")); 496 return NT_STATUS_ACCESS_DENIED; 497 } 498 499 sid_compose(&sid, get_global_sam_sid(), new_rid); 500 509 501 if (!winbind_allocate_gid(&gid)) { 510 DEBUG(3, ("Could not get a gid out of winbind\n")); 511 return NT_STATUS_ACCESS_DENIED; 512 } 513 514 if (!pdb_new_rid(&new_rid)) { 515 DEBUG(0, ("Could not allocate a RID -- wasted a gid :-(\n")); 502 DEBUG(3, ("Could not get a gid out of winbind - " 503 "wasted a rid :-(\n")); 516 504 return NT_STATUS_ACCESS_DENIED; 517 505 } … … 519 507 DEBUG(10, ("Creating alias %s with gid %u and rid %u\n", 520 508 name, (unsigned int)gid, (unsigned int)new_rid)); 521 522 sid_copy(&sid, get_global_sam_sid());523 sid_append_rid(&sid, new_rid);524 509 525 510 map.gid = gid; … … 543 528 544 529 NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, 545 const DOM_SID*sid)530 const struct dom_sid *sid) 546 531 { 547 532 return pdb_delete_group_mapping_entry(*sid); … … 549 534 550 535 NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, 551 const DOM_SID*sid,536 const struct dom_sid *sid, 552 537 struct acct_info *info) 553 538 { … … 572 557 573 558 NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, 574 const DOM_SID*sid,559 const struct dom_sid *sid, 575 560 struct acct_info *info) 576 561 { … … 587 572 588 573 NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, 589 const DOM_SID *alias, const DOM_SID*member)574 const struct dom_sid *alias, const struct dom_sid *member) 590 575 { 591 576 if (!init_group_mapping()) { … … 597 582 598 583 NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods, 599 const DOM_SID *alias, const DOM_SID*member)584 const struct dom_sid *alias, const struct dom_sid *member) 600 585 { 601 586 if (!init_group_mapping()) { … … 607 592 608 593 NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, 609 const DOM_SID*alias, TALLOC_CTX *mem_ctx,610 DOM_SID**pp_members, size_t *p_num_members)594 const struct dom_sid *alias, TALLOC_CTX *mem_ctx, 595 struct dom_sid **pp_members, size_t *p_num_members) 611 596 { 612 597 if (!init_group_mapping()) { … … 620 605 NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, 621 606 TALLOC_CTX *mem_ctx, 622 const DOM_SID*domain_sid,623 const DOM_SID*members,607 const struct dom_sid *domain_sid, 608 const struct dom_sid *members, 624 609 size_t num_members, 625 610 uint32 **pp_alias_rids, 626 611 size_t *p_num_alias_rids) 627 612 { 628 DOM_SID*alias_sids;613 struct dom_sid *alias_sids; 629 614 size_t i, num_alias_sids; 630 615 NTSTATUS result; … … 672 657 673 658 NTSTATUS pdb_nop_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, 674 DOM_SIDsid)659 struct dom_sid sid) 675 660 { 676 661 return NT_STATUS_UNSUCCESSFUL; … … 702 687 703 688 NTSTATUS pdb_nop_delete_group_mapping_entry(struct pdb_methods *methods, 704 DOM_SIDsid)689 struct dom_sid sid) 705 690 { 706 691 return NT_STATUS_UNSUCCESSFUL; … … 718 703 These need to be redirected through pdb_interface.c 719 704 ****************************************************************************/ 720 bool pdb_get_dom_grp_info(const DOM_SID*sid, struct acct_info *info)705 bool pdb_get_dom_grp_info(const struct dom_sid *sid, struct acct_info *info) 721 706 { 722 707 GROUP_MAP map; … … 736 721 } 737 722 738 bool pdb_set_dom_grp_info(const DOM_SID*sid, const struct acct_info *info)723 bool pdb_set_dom_grp_info(const struct dom_sid *sid, const struct acct_info *info) 739 724 { 740 725 GROUP_MAP map; … … 755 740 NTSTATUS pdb_create_builtin_alias(uint32 rid) 756 741 { 757 DOM_SIDsid;742 struct dom_sid sid; 758 743 enum lsa_SidType type; 759 744 gid_t gid; … … 765 750 766 751 DEBUG(10, ("Trying to create builtin alias %d\n", rid)); 767 752 768 753 if ( !sid_compose( &sid, &global_sid_Builtin, rid ) ) { 769 754 return NT_STATUS_NO_SUCH_ALIAS; 770 755 } 771 756 772 757 if ( (mem_ctx = talloc_new(NULL)) == NULL ) { 773 758 return NT_STATUS_NO_MEMORY; 774 759 } 775 760 776 761 if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) { 777 762 TALLOC_FREE( mem_ctx ); 778 763 return NT_STATUS_NO_SUCH_ALIAS; 779 764 } 780 765 781 766 /* validate RID so copy the name and move on */ 782 767 783 768 fstrcpy( groupname, name ); 784 769 TALLOC_FREE( mem_ctx ); -
trunk/server/source3/groupdb/mapping.h
r414 r745 1 /* 2 * Unix SMB/CIFS implementation. 3 * RPC Pipe client / server routines 4 * Copyright (C) Andrew Tridgell 1992-2000, 5 * Copyright (C) Jean François Micouleau 1998-2001. 6 * Copyright (C) Volker Lendecke 2006. 7 * Copyright (C) Gerald Carter 2006. 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 3 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; if not, see <http://www.gnu.org/licenses/>. 21 */ 22 1 23 #define DATABASE_VERSION_V1 1 /* native byte format. */ 2 24 #define DATABASE_VERSION_V2 2 /* le format. */ … … 19 41 bool (*init_group_mapping)(void); 20 42 bool (*add_mapping_entry)(GROUP_MAP *map, int flag); 21 bool (*get_group_map_from_sid)( DOM_SIDsid, GROUP_MAP *map);43 bool (*get_group_map_from_sid)(struct dom_sid sid, GROUP_MAP *map); 22 44 bool (*get_group_map_from_gid)(gid_t gid, GROUP_MAP *map); 23 45 bool (*get_group_map_from_ntname)(const char *name, GROUP_MAP *map); 24 bool (*group_map_remove)(const DOM_SID*sid);25 bool (*enum_group_mapping)(const DOM_SID *domsid, enum lsa_SidType sid_name_use,46 bool (*group_map_remove)(const struct dom_sid *sid); 47 bool (*enum_group_mapping)(const struct dom_sid *domsid, enum lsa_SidType sid_name_use, 26 48 GROUP_MAP **pp_rmap, 27 49 size_t *p_num_entries, bool unix_only); 28 NTSTATUS (*one_alias_membership)(const DOM_SID*member,29 DOM_SID**sids, size_t *num);30 NTSTATUS (*add_aliasmem)(const DOM_SID *alias, const DOM_SID*member);31 NTSTATUS (*del_aliasmem)(const DOM_SID *alias, const DOM_SID*member);32 NTSTATUS (*enum_aliasmem)(const DOM_SID*alias, TALLOC_CTX *mem_ctx,33 DOM_SID**sids, size_t *num);50 NTSTATUS (*one_alias_membership)(const struct dom_sid *member, 51 struct dom_sid **sids, size_t *num); 52 NTSTATUS (*add_aliasmem)(const struct dom_sid *alias, const struct dom_sid *member); 53 NTSTATUS (*del_aliasmem)(const struct dom_sid *alias, const struct dom_sid *member); 54 NTSTATUS (*enum_aliasmem)(const struct dom_sid *alias, TALLOC_CTX *mem_ctx, 55 struct dom_sid **sids, size_t *num); 34 56 }; -
trunk/server/source3/groupdb/mapping_tdb.c
r414 r745 22 22 23 23 #include "includes.h" 24 #include "system/filesys.h" 25 #include "passdb.h" 24 26 #include "groupdb/mapping.h" 27 #include "dbwrap.h" 28 #include "util_tdb.h" 29 #include "../libcli/security/security.h" 25 30 26 31 static struct db_context *db; /* used for driver files */ 27 32 28 static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, 29 size_t *p_num_entries, bool unix_only); 30 static bool group_map_remove(const DOM_SID *sid); 31 33 static bool enum_group_mapping(const struct dom_sid *domsid, 34 enum lsa_SidType sid_name_use, 35 GROUP_MAP **pp_rmap, 36 size_t *p_num_entries, 37 bool unix_only); 38 static bool group_map_remove(const struct dom_sid *sid); 39 40 static bool mapping_switch(const char *ldb_path); 41 32 42 /**************************************************************************** 33 43 Open the group mapping tdb. … … 35 45 static bool init_group_mapping(void) 36 46 { 47 const char *ldb_path; 48 37 49 if (db != NULL) { 38 50 return true; … … 47 59 } 48 60 49 #if 0 50 /* 51 * This code was designed to handle a group mapping version 52 * upgrade. mapping_tdb is not active by default anymore, so ignore 53 * this here. 54 */ 55 { 61 ldb_path = state_path("group_mapping.ldb"); 62 if (file_exist(ldb_path) && !mapping_switch(ldb_path)) { 63 unlink(state_path("group_mapping.tdb")); 64 return false; 65 66 } else { 67 /* handle upgrade from old versions of the database */ 68 #if 0 /* -- Needs conversion to dbwrap -- */ 56 69 const char *vstring = "INFO/version"; 57 70 int32 vers_id; … … 97 110 SAFE_FREE( map_table ); 98 111 } 99 }100 112 #endif 101 113 } 102 114 return true; 103 115 } 104 116 105 static char *group_mapping_key(TALLOC_CTX *mem_ctx, const DOM_SID*sid)117 static char *group_mapping_key(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) 106 118 { 107 119 char *sidstr, *result; … … 156 168 ****************************************************************************/ 157 169 158 static bool get_group_map_from_sid( DOM_SIDsid, GROUP_MAP *map)170 static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map) 159 171 { 160 172 TDB_DATA dbuf; … … 280 292 ****************************************************************************/ 281 293 282 static bool group_map_remove(const DOM_SID*sid)294 static bool group_map_remove(const struct dom_sid *sid) 283 295 { 284 296 char *key; … … 301 313 302 314 struct enum_map_state { 303 const DOM_SID*domsid;315 const struct dom_sid *domsid; 304 316 enum lsa_SidType sid_name_use; 305 317 bool unix_only; … … 333 345 334 346 if ((state->domsid != NULL) && 335 ( sid_compare_domain(state->domsid, &map.sid) != 0)) {347 (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) { 336 348 DEBUG(11,("enum_group_mapping: group %s is not in domain\n", 337 349 sid_string_dbg(&map.sid))); … … 352 364 } 353 365 354 static bool enum_group_mapping(const DOM_SID*domsid,366 static bool enum_group_mapping(const struct dom_sid *domsid, 355 367 enum lsa_SidType sid_name_use, 356 368 GROUP_MAP **pp_rmap, … … 378 390 * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ 379 391 380 static NTSTATUS one_alias_membership(const DOM_SID*member,381 DOM_SID**sids, size_t *num)392 static NTSTATUS one_alias_membership(const struct dom_sid *member, 393 struct dom_sid **sids, size_t *num) 382 394 { 383 395 fstring tmp; … … 401 413 402 414 while (next_token_talloc(frame, &p, &string_sid, " ")) { 403 DOM_SID alias; 415 struct dom_sid alias; 416 uint32_t num_sids; 404 417 405 418 if (!string_to_sid(&alias, string_sid)) 406 419 continue; 407 420 408 status= add_sid_to_array_unique(NULL, &alias, sids, num); 421 num_sids = *num; 422 status= add_sid_to_array_unique(NULL, &alias, sids, &num_sids); 409 423 if (!NT_STATUS_IS_OK(status)) { 410 424 goto done; 411 425 } 426 *num = num_sids; 412 427 } 413 428 … … 417 432 } 418 433 419 static NTSTATUS alias_memberships(const DOM_SID*members, size_t num_members,420 DOM_SID**sids, size_t *num)434 static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members, 435 struct dom_sid **sids, size_t *num) 421 436 { 422 437 size_t i; … … 433 448 } 434 449 435 static bool is_aliasmem(const DOM_SID *alias, const DOM_SID *member) 436 { 437 DOM_SID *sids; 438 size_t i, num; 450 static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 451 { 452 struct dom_sid *sids; 453 size_t i; 454 size_t num; 439 455 440 456 /* This feels the wrong way round, but the on-disk data structure … … 444 460 445 461 for (i=0; i<num; i++) { 446 if ( sid_compare(alias, &sids[i]) == 0) {462 if (dom_sid_compare(alias, &sids[i]) == 0) { 447 463 TALLOC_FREE(sids); 448 464 return True; … … 454 470 455 471 456 static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID*member)472 static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 457 473 { 458 474 GROUP_MAP map; … … 537 553 struct aliasmem_state { 538 554 TALLOC_CTX *mem_ctx; 539 const DOM_SID*alias;540 DOM_SID**sids;555 const struct dom_sid *alias; 556 struct dom_sid **sids; 541 557 size_t *num; 542 558 }; … … 558 574 559 575 while (next_token_talloc(frame, &p, &alias_string, " ")) { 560 DOM_SIDalias, member;576 struct dom_sid alias, member; 561 577 const char *member_string; 578 uint32_t num_sids; 562 579 563 580 if (!string_to_sid(&alias, alias_string)) 564 581 continue; 565 582 566 if ( sid_compare(state->alias, &alias) != 0)583 if (dom_sid_compare(state->alias, &alias) != 0) 567 584 continue; 568 585 … … 582 599 continue; 583 600 601 num_sids = *state->num; 584 602 if (!NT_STATUS_IS_OK(add_sid_to_array(state->mem_ctx, &member, 585 603 state->sids, 586 state->num)))604 &num_sids))) 587 605 { 588 606 /* talloc fail. */ 589 607 break; 590 608 } 609 *state->num = num_sids; 591 610 } 592 611 … … 595 614 } 596 615 597 static NTSTATUS enum_aliasmem(const DOM_SID*alias, TALLOC_CTX *mem_ctx,598 DOM_SID**sids, size_t *num)616 static NTSTATUS enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx, 617 struct dom_sid **sids, size_t *num) 599 618 { 600 619 GROUP_MAP map; … … 620 639 } 621 640 622 static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID*member)641 static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 623 642 { 624 643 NTSTATUS status; 625 DOM_SID*sids;644 struct dom_sid *sids; 626 645 size_t i, num; 627 646 bool found = False; … … 642 661 643 662 for (i=0; i<num; i++) { 644 if ( sid_compare(&sids[i], alias) == 0) {663 if (dom_sid_compare(&sids[i], alias) == 0) { 645 664 found = True; 646 665 break; … … 718 737 } 719 738 return status; 739 } 740 741 742 /* -- ldb->tdb switching code -------------------------------------------- */ 743 744 /* change this if the data format ever changes */ 745 #define LTDB_PACKING_FORMAT 0x26011967 746 747 /* old packing formats (not supported for now, 748 * it was never used for group mapping AFAIK) */ 749 #define LTDB_PACKING_FORMAT_NODN 0x26011966 750 751 static unsigned int pull_uint32(uint8_t *p, int ofs) 752 { 753 p += ofs; 754 return p[0] | (p[1]<<8) | (p[2]<<16) | (p[3]<<24); 755 } 756 757 /* 758 unpack a ldb message from a linear buffer in TDB_DATA 759 */ 760 static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, 761 TDB_DATA data, void *ptr) 762 { 763 TALLOC_CTX *tmp_ctx = talloc_tos(); 764 GROUP_MAP map; 765 uint8_t *p; 766 uint32_t format; 767 uint32_t num_el; 768 unsigned int remaining; 769 unsigned int i, j; 770 size_t len; 771 char *name; 772 char *val; 773 char *q; 774 uint32_t num_mem = 0; 775 struct dom_sid *members = NULL; 776 777 p = (uint8_t *)data.dptr; 778 if (data.dsize < 8) { 779 errno = EIO; 780 goto failed; 781 } 782 783 format = pull_uint32(p, 0); 784 num_el = pull_uint32(p, 4); 785 p += 8; 786 787 remaining = data.dsize - 8; 788 789 switch (format) { 790 case LTDB_PACKING_FORMAT: 791 len = strnlen((char *)p, remaining); 792 if (len == remaining) { 793 errno = EIO; 794 goto failed; 795 } 796 797 if (*p == '@') { 798 /* ignore special LDB attributes */ 799 return 0; 800 } 801 802 if (strncmp((char *)p, "rid=", 4)) { 803 /* unknown entry, ignore */ 804 DEBUG(3, ("Found unknown entry in group mapping " 805 "database named [%s]\n", (char *)p)); 806 return 0; 807 } 808 809 remaining -= len + 1; 810 p += len + 1; 811 break; 812 813 case LTDB_PACKING_FORMAT_NODN: 814 default: 815 errno = EIO; 816 goto failed; 817 } 818 819 if (num_el == 0) { 820 /* bad entry, ignore */ 821 return 0; 822 } 823 824 if (num_el > remaining / 6) { 825 errno = EIO; 826 goto failed; 827 } 828 829 ZERO_STRUCT(map); 830 831 for (i = 0; i < num_el; i++) { 832 uint32_t num_vals; 833 834 if (remaining < 10) { 835 errno = EIO; 836 goto failed; 837 } 838 len = strnlen((char *)p, remaining - 6); 839 if (len == remaining - 6) { 840 errno = EIO; 841 goto failed; 842 } 843 name = talloc_strndup(tmp_ctx, (char *)p, len); 844 if (name == NULL) { 845 errno = ENOMEM; 846 goto failed; 847 } 848 remaining -= len + 1; 849 p += len + 1; 850 851 num_vals = pull_uint32(p, 0); 852 if (StrCaseCmp(name, "member") == 0) { 853 num_mem = num_vals; 854 members = talloc_array(tmp_ctx, struct dom_sid, num_mem); 855 if (members == NULL) { 856 errno = ENOMEM; 857 goto failed; 858 } 859 } else if (num_vals != 1) { 860 errno = EIO; 861 goto failed; 862 } 863 864 p += 4; 865 remaining -= 4; 866 867 for (j = 0; j < num_vals; j++) { 868 len = pull_uint32(p, 0); 869 if (len > remaining-5) { 870 errno = EIO; 871 goto failed; 872 } 873 874 val = talloc_strndup(tmp_ctx, (char *)(p + 4), len); 875 if (val == NULL) { 876 errno = ENOMEM; 877 goto failed; 878 } 879 880 remaining -= len+4+1; 881 p += len+4+1; 882 883 /* we ignore unknown or uninteresting attributes 884 * (objectclass, etc.) */ 885 if (StrCaseCmp(name, "gidNumber") == 0) { 886 map.gid = strtoul(val, &q, 10); 887 if (*q) { 888 errno = EIO; 889 goto failed; 890 } 891 } else if (StrCaseCmp(name, "sid") == 0) { 892 if (!string_to_sid(&map.sid, val)) { 893 errno = EIO; 894 goto failed; 895 } 896 } else if (StrCaseCmp(name, "sidNameUse") == 0) { 897 map.sid_name_use = strtoul(val, &q, 10); 898 if (*q) { 899 errno = EIO; 900 goto failed; 901 } 902 } else if (StrCaseCmp(name, "ntname") == 0) { 903 strlcpy(map.nt_name, val, 904 sizeof(map.nt_name)); 905 } else if (StrCaseCmp(name, "comment") == 0) { 906 strlcpy(map.comment, val, 907 sizeof(map.comment)); 908 } else if (StrCaseCmp(name, "member") == 0) { 909 if (!string_to_sid(&members[j], val)) { 910 errno = EIO; 911 goto failed; 912 } 913 } 914 915 TALLOC_FREE(val); 916 } 917 918 TALLOC_FREE(name); 919 } 920 921 if (!add_mapping_entry(&map, 0)) { 922 errno = EIO; 923 goto failed; 924 } 925 926 if (num_mem) { 927 for (j = 0; j < num_mem; j++) { 928 NTSTATUS status; 929 status = add_aliasmem(&map.sid, &members[j]); 930 if (!NT_STATUS_IS_OK(status)) { 931 errno = EIO; 932 goto failed; 933 } 934 } 935 } 936 937 if (remaining != 0) { 938 DEBUG(0, ("Errror: %d bytes unread in ltdb_unpack_data\n", 939 remaining)); 940 } 941 942 return 0; 943 944 failed: 945 return -1; 946 } 947 948 static bool mapping_switch(const char *ldb_path) 949 { 950 TDB_CONTEXT *ltdb; 951 TALLOC_CTX *frame; 952 char *new_path; 953 int ret; 954 955 frame = talloc_stackframe(); 956 957 ltdb = tdb_open_log(ldb_path, 0, TDB_DEFAULT, O_RDONLY, 0600); 958 if (ltdb == NULL) goto failed; 959 960 /* ldb is just a very fancy tdb, read out raw data and perform 961 * conversion */ 962 ret = tdb_traverse(ltdb, convert_ldb_record, NULL); 963 if (ret == -1) goto failed; 964 965 if (ltdb) { 966 tdb_close(ltdb); 967 ltdb = NULL; 968 } 969 970 /* now rename the old db out of the way */ 971 new_path = state_path("group_mapping.ldb.replaced"); 972 if (!new_path) { 973 goto failed; 974 } 975 if (rename(ldb_path, new_path) != 0) { 976 DEBUG(0,("Failed to rename old group mapping database\n")); 977 goto failed; 978 } 979 TALLOC_FREE(frame); 980 return True; 981 982 failed: 983 DEBUG(0, ("Failed to switch to tdb group mapping database\n")); 984 if (ltdb) tdb_close(ltdb); 985 TALLOC_FREE(frame); 986 return False; 720 987 } 721 988
Note:
See TracChangeset
for help on using the changeset viewer.
