Changeset 745 for trunk/server/source3/groupdb/mapping_tdb.c
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/groupdb/mapping_tdb.c (modified) (22 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/groupdb/mapping_tdb.c
r414 r745 22 22 23 23 #include "includes.h" 24 #include "system/filesys.h" 25 #include "passdb.h" 24 26 #include "groupdb/mapping.h" 27 #include "dbwrap.h" 28 #include "util_tdb.h" 29 #include "../libcli/security/security.h" 25 30 26 31 static struct db_context *db; /* used for driver files */ 27 32 28 static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, 29 size_t *p_num_entries, bool unix_only); 30 static bool group_map_remove(const DOM_SID *sid); 31 33 static bool enum_group_mapping(const struct dom_sid *domsid, 34 enum lsa_SidType sid_name_use, 35 GROUP_MAP **pp_rmap, 36 size_t *p_num_entries, 37 bool unix_only); 38 static bool group_map_remove(const struct dom_sid *sid); 39 40 static bool mapping_switch(const char *ldb_path); 41 32 42 /**************************************************************************** 33 43 Open the group mapping tdb. … … 35 45 static bool init_group_mapping(void) 36 46 { 47 const char *ldb_path; 48 37 49 if (db != NULL) { 38 50 return true; … … 47 59 } 48 60 49 #if 0 50 /* 51 * This code was designed to handle a group mapping version 52 * upgrade. mapping_tdb is not active by default anymore, so ignore 53 * this here. 54 */ 55 { 61 ldb_path = state_path("group_mapping.ldb"); 62 if (file_exist(ldb_path) && !mapping_switch(ldb_path)) { 63 unlink(state_path("group_mapping.tdb")); 64 return false; 65 66 } else { 67 /* handle upgrade from old versions of the database */ 68 #if 0 /* -- Needs conversion to dbwrap -- */ 56 69 const char *vstring = "INFO/version"; 57 70 int32 vers_id; … … 97 110 SAFE_FREE( map_table ); 98 111 } 99 }100 112 #endif 101 113 } 102 114 return true; 103 115 } 104 116 105 static char *group_mapping_key(TALLOC_CTX *mem_ctx, const DOM_SID*sid)117 static char *group_mapping_key(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) 106 118 { 107 119 char *sidstr, *result; … … 156 168 ****************************************************************************/ 157 169 158 static bool get_group_map_from_sid( DOM_SIDsid, GROUP_MAP *map)170 static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map) 159 171 { 160 172 TDB_DATA dbuf; … … 280 292 ****************************************************************************/ 281 293 282 static bool group_map_remove(const DOM_SID*sid)294 static bool group_map_remove(const struct dom_sid *sid) 283 295 { 284 296 char *key; … … 301 313 302 314 struct enum_map_state { 303 const DOM_SID*domsid;315 const struct dom_sid *domsid; 304 316 enum lsa_SidType sid_name_use; 305 317 bool unix_only; … … 333 345 334 346 if ((state->domsid != NULL) && 335 ( sid_compare_domain(state->domsid, &map.sid) != 0)) {347 (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) { 336 348 DEBUG(11,("enum_group_mapping: group %s is not in domain\n", 337 349 sid_string_dbg(&map.sid))); … … 352 364 } 353 365 354 static bool enum_group_mapping(const DOM_SID*domsid,366 static bool enum_group_mapping(const struct dom_sid *domsid, 355 367 enum lsa_SidType sid_name_use, 356 368 GROUP_MAP **pp_rmap, … … 378 390 * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ 379 391 380 static NTSTATUS one_alias_membership(const DOM_SID*member,381 DOM_SID**sids, size_t *num)392 static NTSTATUS one_alias_membership(const struct dom_sid *member, 393 struct dom_sid **sids, size_t *num) 382 394 { 383 395 fstring tmp; … … 401 413 402 414 while (next_token_talloc(frame, &p, &string_sid, " ")) { 403 DOM_SID alias; 415 struct dom_sid alias; 416 uint32_t num_sids; 404 417 405 418 if (!string_to_sid(&alias, string_sid)) 406 419 continue; 407 420 408 status= add_sid_to_array_unique(NULL, &alias, sids, num); 421 num_sids = *num; 422 status= add_sid_to_array_unique(NULL, &alias, sids, &num_sids); 409 423 if (!NT_STATUS_IS_OK(status)) { 410 424 goto done; 411 425 } 426 *num = num_sids; 412 427 } 413 428 … … 417 432 } 418 433 419 static NTSTATUS alias_memberships(const DOM_SID*members, size_t num_members,420 DOM_SID**sids, size_t *num)434 static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members, 435 struct dom_sid **sids, size_t *num) 421 436 { 422 437 size_t i; … … 433 448 } 434 449 435 static bool is_aliasmem(const DOM_SID *alias, const DOM_SID *member) 436 { 437 DOM_SID *sids; 438 size_t i, num; 450 static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 451 { 452 struct dom_sid *sids; 453 size_t i; 454 size_t num; 439 455 440 456 /* This feels the wrong way round, but the on-disk data structure … … 444 460 445 461 for (i=0; i<num; i++) { 446 if ( sid_compare(alias, &sids[i]) == 0) {462 if (dom_sid_compare(alias, &sids[i]) == 0) { 447 463 TALLOC_FREE(sids); 448 464 return True; … … 454 470 455 471 456 static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID*member)472 static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 457 473 { 458 474 GROUP_MAP map; … … 537 553 struct aliasmem_state { 538 554 TALLOC_CTX *mem_ctx; 539 const DOM_SID*alias;540 DOM_SID**sids;555 const struct dom_sid *alias; 556 struct dom_sid **sids; 541 557 size_t *num; 542 558 }; … … 558 574 559 575 while (next_token_talloc(frame, &p, &alias_string, " ")) { 560 DOM_SIDalias, member;576 struct dom_sid alias, member; 561 577 const char *member_string; 578 uint32_t num_sids; 562 579 563 580 if (!string_to_sid(&alias, alias_string)) 564 581 continue; 565 582 566 if ( sid_compare(state->alias, &alias) != 0)583 if (dom_sid_compare(state->alias, &alias) != 0) 567 584 continue; 568 585 … … 582 599 continue; 583 600 601 num_sids = *state->num; 584 602 if (!NT_STATUS_IS_OK(add_sid_to_array(state->mem_ctx, &member, 585 603 state->sids, 586 state->num)))604 &num_sids))) 587 605 { 588 606 /* talloc fail. */ 589 607 break; 590 608 } 609 *state->num = num_sids; 591 610 } 592 611 … … 595 614 } 596 615 597 static NTSTATUS enum_aliasmem(const DOM_SID*alias, TALLOC_CTX *mem_ctx,598 DOM_SID**sids, size_t *num)616 static NTSTATUS enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx, 617 struct dom_sid **sids, size_t *num) 599 618 { 600 619 GROUP_MAP map; … … 620 639 } 621 640 622 static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID*member)641 static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 623 642 { 624 643 NTSTATUS status; 625 DOM_SID*sids;644 struct dom_sid *sids; 626 645 size_t i, num; 627 646 bool found = False; … … 642 661 643 662 for (i=0; i<num; i++) { 644 if ( sid_compare(&sids[i], alias) == 0) {663 if (dom_sid_compare(&sids[i], alias) == 0) { 645 664 found = True; 646 665 break; … … 718 737 } 719 738 return status; 739 } 740 741 742 /* -- ldb->tdb switching code -------------------------------------------- */ 743 744 /* change this if the data format ever changes */ 745 #define LTDB_PACKING_FORMAT 0x26011967 746 747 /* old packing formats (not supported for now, 748 * it was never used for group mapping AFAIK) */ 749 #define LTDB_PACKING_FORMAT_NODN 0x26011966 750 751 static unsigned int pull_uint32(uint8_t *p, int ofs) 752 { 753 p += ofs; 754 return p[0] | (p[1]<<8) | (p[2]<<16) | (p[3]<<24); 755 } 756 757 /* 758 unpack a ldb message from a linear buffer in TDB_DATA 759 */ 760 static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, 761 TDB_DATA data, void *ptr) 762 { 763 TALLOC_CTX *tmp_ctx = talloc_tos(); 764 GROUP_MAP map; 765 uint8_t *p; 766 uint32_t format; 767 uint32_t num_el; 768 unsigned int remaining; 769 unsigned int i, j; 770 size_t len; 771 char *name; 772 char *val; 773 char *q; 774 uint32_t num_mem = 0; 775 struct dom_sid *members = NULL; 776 777 p = (uint8_t *)data.dptr; 778 if (data.dsize < 8) { 779 errno = EIO; 780 goto failed; 781 } 782 783 format = pull_uint32(p, 0); 784 num_el = pull_uint32(p, 4); 785 p += 8; 786 787 remaining = data.dsize - 8; 788 789 switch (format) { 790 case LTDB_PACKING_FORMAT: 791 len = strnlen((char *)p, remaining); 792 if (len == remaining) { 793 errno = EIO; 794 goto failed; 795 } 796 797 if (*p == '@') { 798 /* ignore special LDB attributes */ 799 return 0; 800 } 801 802 if (strncmp((char *)p, "rid=", 4)) { 803 /* unknown entry, ignore */ 804 DEBUG(3, ("Found unknown entry in group mapping " 805 "database named [%s]\n", (char *)p)); 806 return 0; 807 } 808 809 remaining -= len + 1; 810 p += len + 1; 811 break; 812 813 case LTDB_PACKING_FORMAT_NODN: 814 default: 815 errno = EIO; 816 goto failed; 817 } 818 819 if (num_el == 0) { 820 /* bad entry, ignore */ 821 return 0; 822 } 823 824 if (num_el > remaining / 6) { 825 errno = EIO; 826 goto failed; 827 } 828 829 ZERO_STRUCT(map); 830 831 for (i = 0; i < num_el; i++) { 832 uint32_t num_vals; 833 834 if (remaining < 10) { 835 errno = EIO; 836 goto failed; 837 } 838 len = strnlen((char *)p, remaining - 6); 839 if (len == remaining - 6) { 840 errno = EIO; 841 goto failed; 842 } 843 name = talloc_strndup(tmp_ctx, (char *)p, len); 844 if (name == NULL) { 845 errno = ENOMEM; 846 goto failed; 847 } 848 remaining -= len + 1; 849 p += len + 1; 850 851 num_vals = pull_uint32(p, 0); 852 if (StrCaseCmp(name, "member") == 0) { 853 num_mem = num_vals; 854 members = talloc_array(tmp_ctx, struct dom_sid, num_mem); 855 if (members == NULL) { 856 errno = ENOMEM; 857 goto failed; 858 } 859 } else if (num_vals != 1) { 860 errno = EIO; 861 goto failed; 862 } 863 864 p += 4; 865 remaining -= 4; 866 867 for (j = 0; j < num_vals; j++) { 868 len = pull_uint32(p, 0); 869 if (len > remaining-5) { 870 errno = EIO; 871 goto failed; 872 } 873 874 val = talloc_strndup(tmp_ctx, (char *)(p + 4), len); 875 if (val == NULL) { 876 errno = ENOMEM; 877 goto failed; 878 } 879 880 remaining -= len+4+1; 881 p += len+4+1; 882 883 /* we ignore unknown or uninteresting attributes 884 * (objectclass, etc.) */ 885 if (StrCaseCmp(name, "gidNumber") == 0) { 886 map.gid = strtoul(val, &q, 10); 887 if (*q) { 888 errno = EIO; 889 goto failed; 890 } 891 } else if (StrCaseCmp(name, "sid") == 0) { 892 if (!string_to_sid(&map.sid, val)) { 893 errno = EIO; 894 goto failed; 895 } 896 } else if (StrCaseCmp(name, "sidNameUse") == 0) { 897 map.sid_name_use = strtoul(val, &q, 10); 898 if (*q) { 899 errno = EIO; 900 goto failed; 901 } 902 } else if (StrCaseCmp(name, "ntname") == 0) { 903 strlcpy(map.nt_name, val, 904 sizeof(map.nt_name)); 905 } else if (StrCaseCmp(name, "comment") == 0) { 906 strlcpy(map.comment, val, 907 sizeof(map.comment)); 908 } else if (StrCaseCmp(name, "member") == 0) { 909 if (!string_to_sid(&members[j], val)) { 910 errno = EIO; 911 goto failed; 912 } 913 } 914 915 TALLOC_FREE(val); 916 } 917 918 TALLOC_FREE(name); 919 } 920 921 if (!add_mapping_entry(&map, 0)) { 922 errno = EIO; 923 goto failed; 924 } 925 926 if (num_mem) { 927 for (j = 0; j < num_mem; j++) { 928 NTSTATUS status; 929 status = add_aliasmem(&map.sid, &members[j]); 930 if (!NT_STATUS_IS_OK(status)) { 931 errno = EIO; 932 goto failed; 933 } 934 } 935 } 936 937 if (remaining != 0) { 938 DEBUG(0, ("Errror: %d bytes unread in ltdb_unpack_data\n", 939 remaining)); 940 } 941 942 return 0; 943 944 failed: 945 return -1; 946 } 947 948 static bool mapping_switch(const char *ldb_path) 949 { 950 TDB_CONTEXT *ltdb; 951 TALLOC_CTX *frame; 952 char *new_path; 953 int ret; 954 955 frame = talloc_stackframe(); 956 957 ltdb = tdb_open_log(ldb_path, 0, TDB_DEFAULT, O_RDONLY, 0600); 958 if (ltdb == NULL) goto failed; 959 960 /* ldb is just a very fancy tdb, read out raw data and perform 961 * conversion */ 962 ret = tdb_traverse(ltdb, convert_ldb_record, NULL); 963 if (ret == -1) goto failed; 964 965 if (ltdb) { 966 tdb_close(ltdb); 967 ltdb = NULL; 968 } 969 970 /* now rename the old db out of the way */ 971 new_path = state_path("group_mapping.ldb.replaced"); 972 if (!new_path) { 973 goto failed; 974 } 975 if (rename(ldb_path, new_path) != 0) { 976 DEBUG(0,("Failed to rename old group mapping database\n")); 977 goto failed; 978 } 979 TALLOC_FREE(frame); 980 return True; 981 982 failed: 983 DEBUG(0, ("Failed to switch to tdb group mapping database\n")); 984 if (ltdb) tdb_close(ltdb); 985 TALLOC_FREE(frame); 986 return False; 720 987 } 721 988
Note:
See TracChangeset
for help on using the changeset viewer.
