[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-1211-g9cd30fb
Michael Adam
obnox at samba.org
Wed Jan 9 01:07:40 GMT 2008
The branch, v3-2-test has been updated
via 9cd30fb25c42e79946b5140994d0bf2ef4c62f90 (commit)
via ed4dd00c5ae8e4995ace9326f915ae4bd15d96b3 (commit)
via 6b2b9a60ef857ec31da5fea631535205fbdede4a (commit)
via 3f89aea8e4df3a2de8c5e4c6f4e417567adb2d67 (commit)
via d14de0692c623ff07dada45a3d7bec03ceca2b7e (commit)
via 081435250709af734ec1e49e2539b091f2d92dfb (commit)
from 3a4bf4b7c3081048f0d5491dae6610388c268c2f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit 9cd30fb25c42e79946b5140994d0bf2ef4c62f90
Author: Michael Adam <obnox at samba.org>
Date: Wed Jan 9 01:17:13 2008 +0100
Change registry_create_admin_token() to return NTSTATUS.
Michael
commit ed4dd00c5ae8e4995ace9326f915ae4bd15d96b3
Author: Michael Adam <obnox at samba.org>
Date: Wed Jan 9 00:25:27 2008 +0100
Move content of comment.
Michael
commit 6b2b9a60ef857ec31da5fea631535205fbdede4a
Author: Michael Adam <obnox at samba.org>
Date: Wed Jan 9 00:11:31 2008 +0100
Convert add_sid_to_array() add_sid_to_array_unique() to return NTSTATUS.
Michael
commit 3f89aea8e4df3a2de8c5e4c6f4e417567adb2d67
Author: Michael Adam <obnox at samba.org>
Date: Tue Jan 8 23:02:50 2008 +0100
Fix prototype: Add a void to an empty function parameter list.
Michael
commit d14de0692c623ff07dada45a3d7bec03ceca2b7e
Author: Michael Adam <obnox at samba.org>
Date: Tue Jan 8 21:51:07 2008 +0100
Don't leak data.dptr on error path.
Michael
commit 081435250709af734ec1e49e2539b091f2d92dfb
Author: Michael Adam <obnox at samba.org>
Date: Tue Jan 8 15:21:08 2008 +0100
Extend a comment.
Michael
-----------------------------------------------------------------------
Summary of changes:
source/auth/auth_util.c | 23 +++++++-----
source/auth/token_util.c | 63 +++++++++++++++++++++-------------
source/groupdb/mapping_ldb.c | 16 +++++----
source/groupdb/mapping_tdb.c | 15 +++++---
source/lib/privileges.c | 6 ++-
source/lib/util_reg_smbconf.c | 30 +++++++++++-----
source/lib/util_sid.c | 70 ++++++++++++++++++++++---------------
source/libgpo/gpo_ldap.c | 18 ++++++---
source/libnet/libnet_conf.c | 8 ++---
source/param/loadparm.c | 11 ++++--
source/passdb/pdb_ldap.c | 18 ++++++----
source/rpcclient/cmd_samr.c | 5 ++-
source/winbindd/winbindd_ads.c | 39 +++++++++++----------
source/winbindd/winbindd_async.c | 20 +++++++---
source/winbindd/winbindd_cache.c | 2 +-
source/winbindd/winbindd_group.c | 15 +++-----
source/winbindd/winbindd_pam.c | 9 +++--
source/winbindd/winbindd_util.c | 21 ++++++-----
18 files changed, 233 insertions(+), 156 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index fea1b2d..ce47e94 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -549,11 +549,13 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
"for gid %d!\n", gids[i]));
continue;
}
- if (!add_sid_to_array_unique( result, &unix_group_sid,
- &result->sids, &result->num_sids )) {
+ status = add_sid_to_array_unique(result, &unix_group_sid,
+ &result->sids,
+ &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
result->sam_account = NULL; /* Don't free on error exit. */
TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
}
@@ -895,9 +897,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
"for gid %d!\n", gids[i]));
continue;
}
- if (!add_sid_to_array_unique(tmp_ctx, &unix_group_sid,
- &group_sids, &num_group_sids )) {
- result = NT_STATUS_NO_MEMORY;
+ result = add_sid_to_array_unique(tmp_ctx, &unix_group_sid,
+ &group_sids, &num_group_sids);
+ if (!NT_STATUS_IS_OK(result)) {
goto done;
}
}
@@ -1074,11 +1076,12 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
return NT_STATUS_NO_SUCH_USER;
}
- if (!add_sid_to_array_unique(result, &u_sid,
- &result->sids,
- &result->num_sids)) {
+ status = add_sid_to_array_unique(result, &u_sid,
+ &result->sids,
+ &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
+ return status;
}
/* For now we throw away the gids and convert via sid_to_gid
diff --git a/source/auth/token_util.c b/source/auth/token_util.c
index 9ca5216..fc93060 100644
--- a/source/auth/token_util.c
+++ b/source/auth/token_util.c
@@ -140,22 +140,22 @@ NTSTATUS add_aliases(const DOM_SID *domain_sid,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("pdb_enum_alias_memberships failed: %s\n",
nt_errstr(status)));
- TALLOC_FREE(tmp_ctx);
- return status;
+ goto done;
}
for (i=0; i<num_aliases; i++) {
DOM_SID alias_sid;
sid_compose(&alias_sid, domain_sid, aliases[i]);
- if (!add_sid_to_array_unique(token, &alias_sid,
- &token->user_sids,
- &token->num_sids)) {
+ status = add_sid_to_array_unique(token, &alias_sid,
+ &token->user_sids,
+ &token->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("add_sid_to_array failed\n"));
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
+ goto done;
}
}
+done:
TALLOC_FREE(tmp_ctx);
return NT_STATUS_OK;
}
@@ -166,6 +166,7 @@ NTSTATUS add_aliases(const DOM_SID *domain_sid,
static NTSTATUS add_builtin_administrators( struct nt_user_token *token )
{
DOM_SID domadm;
+ NTSTATUS status;
/* nothing to do if we aren't in a domain */
@@ -186,9 +187,11 @@ static NTSTATUS add_builtin_administrators( struct nt_user_token *token )
/* Add Administrators if the user beloongs to Domain Admins */
if ( nt_token_check_sid( &domadm, token ) ) {
- if (!add_sid_to_array(token, &global_sid_Builtin_Administrators,
- &token->user_sids, &token->num_sids)) {
- return NT_STATUS_NO_MEMORY;
+ status = add_sid_to_array(token,
+ &global_sid_Builtin_Administrators,
+ &token->user_sids, &token->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
}
@@ -303,38 +306,48 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
/* Add the user and primary group sid */
- if (!add_sid_to_array(result, user_sid,
- &result->user_sids, &result->num_sids)) {
+ status = add_sid_to_array(result, user_sid,
+ &result->user_sids, &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
/* For guest, num_groupsids may be zero. */
if (num_groupsids) {
- if (!add_sid_to_array(result, &groupsids[0],
- &result->user_sids, &result->num_sids)) {
+ status = add_sid_to_array(result, &groupsids[0],
+ &result->user_sids,
+ &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
}
/* Add in BUILTIN sids */
- if (!add_sid_to_array(result, &global_sid_World,
- &result->user_sids, &result->num_sids)) {
+ status = add_sid_to_array(result, &global_sid_World,
+ &result->user_sids, &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
- if (!add_sid_to_array(result, &global_sid_Network,
- &result->user_sids, &result->num_sids)) {
+ status = add_sid_to_array(result, &global_sid_Network,
+ &result->user_sids, &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
if (is_guest) {
- if (!add_sid_to_array(result, &global_sid_Builtin_Guests,
- &result->user_sids, &result->num_sids)) {
+ status = add_sid_to_array(result, &global_sid_Builtin_Guests,
+ &result->user_sids,
+ &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
} else {
- if (!add_sid_to_array(result, &global_sid_Authenticated_Users,
- &result->user_sids, &result->num_sids)) {
+ status = add_sid_to_array(result,
+ &global_sid_Authenticated_Users,
+ &result->user_sids,
+ &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
}
@@ -346,8 +359,10 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
* first group sid as primary above. */
for (i=1; i<num_groupsids; i++) {
- if (!add_sid_to_array_unique(result, &groupsids[i],
- &result->user_sids, &result->num_sids)) {
+ status = add_sid_to_array_unique(result, &groupsids[i],
+ &result->user_sids,
+ &result->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
return NULL;
}
}
diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c
index ea46777..05056ea 100644
--- a/source/groupdb/mapping_ldb.c
+++ b/source/groupdb/mapping_ldb.c
@@ -398,8 +398,8 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
goto failed;
}
string_to_sid(&alias, (char *)el->values[0].data);
- if (!add_sid_to_array_unique(NULL, &alias, sids, num)) {
- status = NT_STATUS_NO_MEMORY;
+ status = add_sid_to_array_unique(NULL, &alias, sids, num);
+ if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
}
@@ -492,6 +492,7 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
NULL
};
int ret, i;
+ NTSTATUS status;
struct ldb_result *res=NULL;
struct ldb_dn *dn;
struct ldb_message_element *el;
@@ -524,14 +525,15 @@ static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
for (i=0;i<el->num_values;i++) {
DOM_SID sid;
string_to_sid(&sid, (const char *)el->values[i].data);
- if (!add_sid_to_array_unique(NULL, &sid, sids, num)) {
- talloc_free(dn);
- return NT_STATUS_NO_MEMORY;
+ status = add_sid_to_array_unique(NULL, &sid, sids, num);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
}
- talloc_free(dn);
- return NT_STATUS_OK;
+done:
+ talloc_free(dn);
+ return status;
}
/*
diff --git a/source/groupdb/mapping_tdb.c b/source/groupdb/mapping_tdb.c
index cf9f905..21a4f95 100644
--- a/source/groupdb/mapping_tdb.c
+++ b/source/groupdb/mapping_tdb.c
@@ -394,6 +394,7 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
char *string_sid;
TDB_DATA dbuf;
const char *p;
+ NTSTATUS status;
TALLOC_CTX *frame;
slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX,
@@ -413,15 +414,16 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
if (!string_to_sid(&alias, string_sid))
continue;
- if (!add_sid_to_array_unique(NULL, &alias, sids, num)) {
- TALLOC_FREE(frame);
- return NT_STATUS_NO_MEMORY;
+ status= add_sid_to_array_unique(NULL, &alias, sids, num);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
}
}
+done:
TALLOC_FREE(frame);
SAFE_FREE(dbuf.dptr);
- return NT_STATUS_OK;
+ return status;
}
static NTSTATUS alias_memberships(const DOM_SID *members, size_t num_members,
@@ -558,7 +560,10 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
if (!string_to_sid(&member, member_string))
continue;
- if (!add_sid_to_array(NULL, &member, closure->sids, closure->num)) {
+ if (!NT_STATUS_IS_OK(add_sid_to_array(NULL, &member,
+ closure->sids,
+ closure->num)))
+ {
/* talloc fail. */
break;
}
diff --git a/source/lib/privileges.c b/source/lib/privileges.c
index 63fb462..509da80 100644
--- a/source/lib/privileges.c
+++ b/source/lib/privileges.c
@@ -184,8 +184,10 @@ static int priv_traverse_fn(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *s
return 0;
}
- if (!add_sid_to_array( priv->mem_ctx, &sid, &priv->sids.list,
- &priv->sids.count )) {
+ if (!NT_STATUS_IS_OK(add_sid_to_array(priv->mem_ctx, &sid,
+ &priv->sids.list,
+ &priv->sids.count)))
+ {
return 0;
}
diff --git a/source/lib/util_reg_smbconf.c b/source/lib/util_reg_smbconf.c
index fa58f28..6452b0b 100644
--- a/source/lib/util_reg_smbconf.c
+++ b/source/lib/util_reg_smbconf.c
@@ -26,28 +26,40 @@ extern REGISTRY_OPS smbconf_reg_ops;
/*
* create a fake token just with enough rights to
- * locally access the registry.
+ * locally access the registry:
+ *
+ * - builtin administrators sid
+ * - disk operators privilege
*/
-NT_USER_TOKEN *registry_create_admin_token(TALLOC_CTX *mem_ctx)
+NTSTATUS registry_create_admin_token(TALLOC_CTX *mem_ctx,
+ NT_USER_TOKEN **ptoken)
{
+ NTSTATUS status;
NT_USER_TOKEN *token = NULL;
- /* fake a user token: builtin administrators sid and the
- * disk operators privilege is all we need to access the
- * registry... */
- if (!(token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN))) {
+ if (ptoken == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ token = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN);
+ if (token == NULL) {
DEBUG(1, ("talloc failed\n"));
+ status = NT_STATUS_NO_MEMORY;
goto done;
}
token->privileges = se_disk_operators;
- if (!add_sid_to_array(token, &global_sid_Builtin_Administrators,
- &token->user_sids, &token->num_sids)) {
+ status = add_sid_to_array(token, &global_sid_Builtin_Administrators,
+ &token->user_sids, &token->num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Error adding builtin administrators sid "
"to fake token.\n"));
goto done;
}
+
+ *ptoken = token;
+
done:
- return token;
+ return status;
}
/*
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 222b32e..3786523 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -573,20 +573,20 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
Add SID to an array SIDs
********************************************************************/
-bool add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
- DOM_SID **sids, size_t *num)
+NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+ DOM_SID **sids, size_t *num)
{
*sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID,
(*num)+1);
if (*sids == NULL) {
*num = 0;
- return False;
+ return NT_STATUS_NO_MEMORY;
}
sid_copy(&((*sids)[*num]), sid);
*num += 1;
- return True;
+ return NT_STATUS_OK;
}
@@ -594,14 +594,14 @@ bool add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
Add SID to an array SIDs ensuring that it is not already there
********************************************************************/
-bool add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
- DOM_SID **sids, size_t *num_sids)
+NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
+ DOM_SID **sids, size_t *num_sids)
{
size_t i;
for (i=0; i<(*num_sids); i++) {
if (sid_compare(sid, &(*sids)[i]) == 0)
- return True;
+ return NT_STATUS_OK;
}
return add_sid_to_array(mem_ctx, sid, sids, num_sids);
@@ -670,6 +670,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
size_t *num_user_sids,
bool include_user_group_rid)
{
+ NTSTATUS status;
DOM_SID sid;
DOM_SID *sid_array = NULL;
size_t num_sids = 0;
@@ -677,35 +678,47 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
if (include_user_group_rid) {
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->user_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &sid_array, &num_sids)) {
- DEBUG(3,("could not add user SID from rid 0x%x\n",
- info3->user_rid));
+ if (!sid_compose(&sid, &(info3->dom_sid.sid), info3->user_rid))
+ {
+ DEBUG(3, ("could not compose user SID from rid 0x%x\n",
+ info3->user_rid));
return NT_STATUS_INVALID_PARAMETER;
}
+ status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not append user SID from rid 0x%x\n",
+ info3->user_rid));
+ return status;
+ }
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->group_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &sid_array, &num_sids)) {
- DEBUG(3,("could not append additional group rid 0x%x\n",
- info3->group_rid));
-
+ if (!sid_compose(&sid, &(info3->dom_sid.sid), info3->group_rid))
+ {
+ DEBUG(3, ("could not compose group SID from rid 0x%x\n",
+ info3->group_rid));
return NT_STATUS_INVALID_PARAMETER;
}
+ status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not append group SID from rid 0x%x\n",
+ info3->group_rid));
+ return status;
+ }
}
for (i = 0; i < info3->num_groups2; i++) {
if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->gids[i].g_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &sid_array, &num_sids)) {
- DEBUG(3,("could not append additional group rid 0x%x\n",
- info3->gids[i].g_rid));
+ info3->gids[i].g_rid))
+ {
+ DEBUG(3, ("could not compose SID from additional group "
+ "rid 0x%x\n", info3->gids[i].g_rid));
return NT_STATUS_INVALID_PARAMETER;
}
+ status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not append SID from additional group "
+ "rid 0x%x\n", info3->gids[i].g_rid));
+ return status;
+ }
}
/* Copy 'other' sids. We need to do sid filtering here to
@@ -715,11 +728,12 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
*/
for (i = 0; i < info3->num_other_sids; i++) {
- if (!add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
- &sid_array, &num_sids)) {
+ status = add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
+ &sid_array, &num_sids);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("could not add SID to array: %s\n",
sid_string_dbg(&info3->other_sids[i].sid)));
- return NT_STATUS_NO_MEMORY;
+ return status;
}
}
diff --git a/source/libgpo/gpo_ldap.c b/source/libgpo/gpo_ldap.c
index 7c59e8e..4e63b92 100644
--- a/source/libgpo/gpo_ldap.c
+++ b/source/libgpo/gpo_ldap.c
@@ -643,9 +643,12 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
token_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, 1);
ADS_ERROR_HAVE_NO_MEMORY(token_sids);
- if (!add_sid_to_array_unique(mem_ctx, &primary_group_sid, &token_sids,
- &num_token_sids)) {
- return ADS_ERROR(LDAP_NO_MEMORY);
+ status = ADS_ERROR_NT(add_sid_to_array_unique(mem_ctx,
+ &primary_group_sid,
+ &token_sids,
+ &num_token_sids));
+ if (!ADS_ERR_OK(status)) {
+ return status;
}
for (i = 0; i < num_ad_token_sids; i++) {
@@ -654,9 +657,12 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
--
Samba Shared Repository
More information about the samba-cvs
mailing list