[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Thu Jul 12 10:37:02 MDT 2012
The branch, master has been updated
via 1ee95e4 s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()
via c43505b s3: rename sid_check_is_domain() to sid_check_is_our_sam()
via ac2644b s3:passdb: remove commented out pdb_lookup_names code
from 19e8002 s3/torture: adjust dependency to fix build when no winbind was build before
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1ee95e4cb14b0f9c7bbaba0c994f0a511822cff8
Author: Michael Adam <obnox at samba.org>
Date: Thu Jul 12 16:00:59 2012 +0200
s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()
This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
commit c43505b621725c9a754f0ee98318d451b093f2ed
Author: Michael Adam <obnox at samba.org>
Date: Thu Jul 12 15:55:21 2012 +0200
s3: rename sid_check_is_domain() to sid_check_is_our_sam()
This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.
commit ac2644b7766e41858d53ead9d0c023a26265789a
Author: Michael Adam <obnox at samba.org>
Date: Thu Jul 12 15:51:21 2012 +0200
s3:passdb: remove commented out pdb_lookup_names code
This code is lying there unused since more than five years now.
-----------------------------------------------------------------------
Summary of changes:
source3/auth/token_util.c | 2 +-
source3/passdb/lookup_sid.c | 8 ++--
source3/passdb/machine_sid.c | 8 ++--
source3/passdb/machine_sid.h | 4 +-
source3/passdb/passdb.c | 4 +-
source3/passdb/pdb_interface.c | 86 +--------------------------------
source3/passdb/pdb_ldap.c | 12 ++--
source3/rpc_server/samr/srv_samr_nt.c | 24 +++++-----
source3/utils/net_groupmap.c | 2 +-
source3/winbindd/idmap.c | 2 +-
source3/winbindd/wb_lookupsids.c | 4 +-
source3/winbindd/wb_next_grent.c | 4 +-
source3/winbindd/wb_next_pwent.c | 4 +-
source3/winbindd/winbindd_cache.c | 4 +-
source3/winbindd/winbindd_cm.c | 2 +-
source3/winbindd/winbindd_samr.c | 6 +-
source3/winbindd/winbindd_util.c | 4 +-
17 files changed, 49 insertions(+), 131 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 4a88a6b..59295fd 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -583,7 +583,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
goto done;
}
- if (sid_check_is_in_our_domain(&user_sid)) {
+ if (sid_check_is_in_our_sam(&user_sid)) {
bool ret;
uint32_t pdb_num_group_sids;
/* This is a passdb user, so ask passdb */
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 3f8b06d..8e14cec 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -497,7 +497,7 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid,
*types = NULL;
}
- if (sid_check_is_domain(domain_sid)) {
+ if (sid_check_is_our_sam(domain_sid)) {
NTSTATUS result;
if (*domain_name == NULL) {
@@ -613,7 +613,7 @@ static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx,
const char *tmp;
enum lsa_SidType type;
- if (sid_check_is_domain(sid)) {
+ if (sid_check_is_our_sam(sid)) {
*name = talloc_strdup(mem_ctx, get_global_sam_name());
return true;
}
@@ -710,7 +710,7 @@ static bool check_dom_sid_to_level(const struct dom_sid *sid, int level)
case 3:
case 4:
case 6:
- ret = sid_check_is_domain(sid);
+ ret = sid_check_is_our_sam(sid);
break;
case 5:
ret = false;
@@ -1081,7 +1081,7 @@ static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid)
static bool legacy_sid_to_unixid(const struct dom_sid *psid, struct unixid *id)
{
GROUP_MAP *map;
- if (sid_check_is_in_our_domain(psid)) {
+ if (sid_check_is_in_our_sam(psid)) {
bool ret;
become_root();
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index bc663f0..56edb17 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -229,10 +229,10 @@ void reset_global_sam_sid(void)
}
/*****************************************************************
- Check if the SID is our domain SID (S-1-5-21-x-y-z).
+ Check if the SID is our sam SID (S-1-5-21-x-y-z).
*****************************************************************/
-bool sid_check_is_domain(const struct dom_sid *sid)
+bool sid_check_is_our_sam(const struct dom_sid *sid)
{
return dom_sid_equal(sid, get_global_sam_sid());
}
@@ -241,11 +241,11 @@ bool sid_check_is_domain(const struct dom_sid *sid)
Check if the SID is our domain SID (S-1-5-21-x-y-z).
*****************************************************************/
-bool sid_check_is_in_our_domain(const struct dom_sid *sid)
+bool sid_check_is_in_our_sam(const struct dom_sid *sid)
{
struct dom_sid dom_sid;
sid_copy(&dom_sid, sid);
sid_split_rid(&dom_sid, NULL);
- return sid_check_is_domain(&dom_sid);
+ return sid_check_is_our_sam(&dom_sid);
}
diff --git a/source3/passdb/machine_sid.h b/source3/passdb/machine_sid.h
index 03f4754..33dce25 100644
--- a/source3/passdb/machine_sid.h
+++ b/source3/passdb/machine_sid.h
@@ -27,7 +27,7 @@
struct dom_sid *get_global_sam_sid(void);
void reset_global_sam_sid(void) ;
-bool sid_check_is_domain(const struct dom_sid *sid);
-bool sid_check_is_in_our_domain(const struct dom_sid *sid);
+bool sid_check_is_our_sam(const struct dom_sid *sid);
+bool sid_check_is_in_our_sam(const struct dom_sid *sid);
#endif /* _PASSDB_MACHINE_SID_H_ */
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 71afb33..379d858 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -623,7 +623,7 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
TALLOC_FREE(sam_account);
if (ret) {
- if (!sid_check_is_in_our_domain(&user_sid)) {
+ if (!sid_check_is_in_our_sam(&user_sid)) {
DEBUG(0, ("User %s with invalid SID %s in passdb\n",
name, sid_string_dbg(&user_sid)));
return False;
@@ -654,7 +654,7 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
}
/* BUILTIN groups are looked up elsewhere */
- if (!sid_check_is_in_our_domain(&map->sid)) {
+ if (!sid_check_is_in_our_sam(&map->sid)) {
DEBUG(10, ("Found group %s (%s) not in our domain -- "
"ignoring.", name, sid_string_dbg(&map->sid)));
TALLOC_FREE(map);
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 5931dde..fee1e00 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1170,29 +1170,6 @@ NTSTATUS pdb_lookup_rids(const struct dom_sid *domain_sid,
return pdb->lookup_rids(pdb, domain_sid, num_rids, rids, names, attrs);
}
-/*
- * NOTE: pdb_lookup_names is currently (2007-01-12) not used anywhere
- * in the samba code.
- * Unlike _lsa_lookup_sids and _samr_lookup_rids, which eventually
- * also ask pdb_lookup_rids, thus looking up a bunch of rids at a time,
- * the pdb_ calls _lsa_lookup_names and _samr_lookup_names come
- * down to are pdb_getsampwnam and pdb_getgrnam instead of
- * pdb_lookup_names.
- * But in principle, it the call belongs to the API and might get
- * used in this context some day.
- */
-#if 0
-NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid,
- int num_names,
- const char **names,
- uint32_t *rids,
- enum lsa_SidType *attrs)
-{
- struct pdb_methods *pdb = pdb_get_methods();
- return pdb->lookup_names(pdb, domain_sid, num_names, names, rids, attrs);
-}
-#endif
-
bool pdb_get_account_policy(enum pdb_policy_type type, uint32_t *value)
{
struct pdb_methods *pdb = pdb_get_methods();
@@ -1630,7 +1607,7 @@ static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods,
uid_to_sid(&sid, uids[i]);
- if (!sid_check_is_in_our_domain(&sid)) {
+ if (!sid_check_is_in_our_sam(&sid)) {
DEBUG(5, ("Inconsistent SAM -- group member uid not "
"in our domain\n"));
continue;
@@ -1828,7 +1805,7 @@ static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
}
/* Should not happen, but better check once too many */
- if (!sid_check_is_domain(domain_sid)) {
+ if (!sid_check_is_our_sam(domain_sid)) {
return NT_STATUS_INVALID_HANDLE;
}
@@ -1859,65 +1836,6 @@ static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods,
return result;
}
-#if 0
-static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods,
- const struct dom_sid *domain_sid,
- int num_names,
- const char **names,
- uint32_t *rids,
- enum lsa_SidType *attrs)
-{
- int i;
- NTSTATUS result;
- bool have_mapped = False;
- bool have_unmapped = False;
-
- if (sid_check_is_builtin(domain_sid)) {
-
- for (i=0; i<num_names; i++) {
- uint32_t rid;
-
- if (lookup_builtin_name(names[i], &rid)) {
- attrs[i] = SID_NAME_ALIAS;
- rids[i] = rid;
- DEBUG(5,("lookup_rids: %s:%d\n",
- names[i], attrs[i]));
- have_mapped = True;
- } else {
- have_unmapped = True;
- attrs[i] = SID_NAME_UNKNOWN;
- }
- }
- goto done;
- }
-
- /* Should not happen, but better check once too many */
- if (!sid_check_is_domain(domain_sid)) {
- return NT_STATUS_INVALID_HANDLE;
- }
-
- for (i = 0; i < num_names; i++) {
- if (lookup_global_sam_name(names[i], 0, &rids[i], &attrs[i])) {
- DEBUG(5,("lookup_names: %s-> %d:%d\n", names[i],
- rids[i], attrs[i]));
- have_mapped = True;
- } else {
- have_unmapped = True;
- attrs[i] = SID_NAME_UNKNOWN;
- }
- }
-
- done:
-
- result = NT_STATUS_NONE_MAPPED;
-
- if (have_mapped)
- result = have_unmapped ? STATUS_SOME_UNMAPPED : NT_STATUS_OK;
-
- return result;
-}
-#endif
-
static int pdb_search_destructor(struct pdb_search *search)
{
if ((!search->search_ended) && (search->search_end != NULL)) {
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 8c29612..68ced93 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -2724,7 +2724,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
if (!string_to_sid(&sid, sidstr))
goto done;
- if (!sid_check_is_in_our_domain(&sid)) {
+ if (!sid_check_is_in_our_sam(&sid)) {
DEBUG(0, ("Inconsistent SAM -- group member uid not "
"in our domain\n"));
ret = NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -3075,7 +3075,7 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods,
break;
case SID_NAME_ALIAS:
- if (!sid_check_is_in_our_domain(&map->sid)
+ if (!sid_check_is_in_our_sam(&map->sid)
&& !sid_check_is_in_builtin(&map->sid) )
{
DEBUG(3, ("Refusing to map sid %s as an alias, not in our domain\n",
@@ -3487,7 +3487,7 @@ static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods,
type = SID_NAME_ALIAS;
}
- if (sid_check_is_in_our_domain(alias)) {
+ if (sid_check_is_in_our_sam(alias)) {
type = SID_NAME_ALIAS;
}
@@ -3610,7 +3610,7 @@ static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods,
type = SID_NAME_ALIAS;
}
- if (sid_check_is_in_our_domain(alias)) {
+ if (sid_check_is_in_our_sam(alias)) {
type = SID_NAME_ALIAS;
}
@@ -3727,7 +3727,7 @@ static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods,
type = SID_NAME_ALIAS;
}
- if (sid_check_is_domain(domain_sid)) {
+ if (sid_check_is_our_sam(domain_sid)) {
type = SID_NAME_ALIAS;
}
@@ -4032,7 +4032,7 @@ static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods,
}
if (!sid_check_is_builtin(domain_sid) &&
- !sid_check_is_domain(domain_sid)) {
+ !sid_check_is_our_sam(domain_sid)) {
result = NT_STATUS_INVALID_PARAMETER;
goto done;
}
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 8dcc7ad..d7cebb4 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -233,7 +233,7 @@ static DISP_INFO *get_samr_dispinfo_by_sid(const struct dom_sid *psid)
return builtin_dispinfo;
}
- if (sid_check_is_domain(psid) || sid_check_is_in_our_domain(psid)) {
+ if (sid_check_is_our_sam(psid) || sid_check_is_in_our_sam(psid)) {
/*
* Necessary only once, but it does not really hurt.
*/
@@ -484,7 +484,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
if ( !NT_STATUS_IS_OK(status) )
return status;
- if (!sid_check_is_domain(r->in.sid) &&
+ if (!sid_check_is_our_sam(r->in.sid) &&
!sid_check_is_builtin(r->in.sid)) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
@@ -525,7 +525,7 @@ NTSTATUS _samr_GetUserPwInfo(struct pipes_struct *p,
return status;
}
- if (!sid_check_is_in_our_domain(&uinfo->sid)) {
+ if (!sid_check_is_in_our_sam(&uinfo->sid)) {
return NT_STATUS_OBJECT_TYPE_MISMATCH;
}
@@ -3010,7 +3010,7 @@ NTSTATUS _samr_QueryUserInfo(struct pipes_struct *p,
sid_split_rid(&domain_sid, &rid);
- if (!sid_check_is_in_our_domain(&uinfo->sid))
+ if (!sid_check_is_in_our_sam(&uinfo->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
DEBUG(5,("_samr_QueryUserInfo: sid:%s\n",
@@ -3183,7 +3183,7 @@ NTSTATUS _samr_GetGroupsForUser(struct pipes_struct *p,
return NT_STATUS_NO_MEMORY;
}
- if (!sid_check_is_in_our_domain(&uinfo->sid))
+ if (!sid_check_is_in_our_sam(&uinfo->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
if ( !(sam_pass = samu_new( p->mem_ctx )) ) {
@@ -5326,7 +5326,7 @@ NTSTATUS _samr_GetAliasMembership(struct pipes_struct *p,
return status;
}
- if (!sid_check_is_domain(&dinfo->sid) &&
+ if (!sid_check_is_our_sam(&dinfo->sid) &&
!sid_check_is_builtin(&dinfo->sid))
return NT_STATUS_OBJECT_TYPE_MISMATCH;
@@ -5455,7 +5455,7 @@ NTSTATUS _samr_QueryGroupMember(struct pipes_struct *p,
DEBUG(10, ("sid is %s\n", sid_string_dbg(&ginfo->sid)));
- if (!sid_check_is_in_our_domain(&ginfo->sid)) {
+ if (!sid_check_is_in_our_sam(&ginfo->sid)) {
DEBUG(3, ("sid %s is not in our domain\n",
sid_string_dbg(&ginfo->sid)));
return NT_STATUS_NO_SUCH_GROUP;
@@ -5666,7 +5666,7 @@ NTSTATUS _samr_DeleteUser(struct pipes_struct *p,
return status;
}
- if (!sid_check_is_in_our_domain(&uinfo->sid))
+ if (!sid_check_is_in_our_sam(&uinfo->sid))
return NT_STATUS_CANNOT_DELETE;
/* check if the user exists before trying to delete */
@@ -5792,7 +5792,7 @@ NTSTATUS _samr_DeleteDomAlias(struct pipes_struct *p,
return NT_STATUS_SPECIAL_ACCOUNT;
}
- if (!sid_check_is_in_our_domain(&ainfo->sid))
+ if (!sid_check_is_in_our_sam(&ainfo->sid))
return NT_STATUS_NO_SUCH_ALIAS;
DEBUG(10, ("lookup on Local SID\n"));
@@ -5837,7 +5837,7 @@ NTSTATUS _samr_CreateDomainGroup(struct pipes_struct *p,
return status;
}
- if (!sid_check_is_domain(&dinfo->sid)) {
+ if (!sid_check_is_our_sam(&dinfo->sid)) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -5899,7 +5899,7 @@ NTSTATUS _samr_CreateDomAlias(struct pipes_struct *p,
return result;
}
- if (!sid_check_is_domain(&dinfo->sid)) {
+ if (!sid_check_is_our_sam(&dinfo->sid)) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -6319,7 +6319,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
/* this should not be hard-coded like this */
- if (!sid_check_is_domain(&dinfo->sid)) {
+ if (!sid_check_is_our_sam(&dinfo->sid)) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index fe9c8c1..13716a2 100644
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -764,7 +764,7 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar
printf(_("Group %s is not mapped\n"),
maps[i]->nt_name);
- if (!sid_check_is_in_our_domain(&maps[i]->sid)) {
+ if (!sid_check_is_in_our_sam(&maps[i]->sid)) {
printf(_("Deleting mapping for NT Group %s, sid %s\n"),
maps[i]->nt_name,
sid_string_tos(&maps[i]->sid));
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 6ae1011..b236210 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -510,7 +510,7 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id)
maps[1] = NULL;
if (sid_check_is_in_builtin(id->sid)
- || (sid_check_is_in_our_domain(id->sid)))
+ || (sid_check_is_in_our_sam(id->sid)))
{
NTSTATUS status;
diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index b050bd0..2c4ebda 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -185,7 +185,7 @@ static bool wb_lookupsids_next(struct tevent_req *req,
d = &state->domains[state->domains_done];
- if (sid_check_is_domain(&d->sid)) {
+ if (sid_check_is_our_sam(&d->sid)) {
state->rids.num_rids = d->sids.num_sids;
state->rids.rids = talloc_array(state, uint32_t,
state->rids.num_rids);
@@ -255,7 +255,7 @@ static bool wb_lookupsids_bulk(const struct dom_sid *sid)
return false;
}
- if (sid_check_is_in_our_domain(sid)) {
+ if (sid_check_is_in_our_sam(sid)) {
/*
* Passdb lookup via lookuprids
*/
diff --git a/source3/winbindd/wb_next_grent.c b/source3/winbindd/wb_next_grent.c
index 2b3799a..d3b0333 100644
--- a/source3/winbindd/wb_next_grent.c
+++ b/source3/winbindd/wb_next_grent.c
@@ -62,7 +62,7 @@ struct tevent_req *wb_next_grent_send(TALLOC_CTX *mem_ctx,
}
if ((state->gstate->domain != NULL)
- && sid_check_is_domain(&state->gstate->domain->sid)) {
+ && sid_check_is_our_sam(&state->gstate->domain->sid)) {
state->gstate->domain = state->gstate->domain->next;
}
@@ -125,7 +125,7 @@ static void wb_next_grent_fetch_done(struct tevent_req *subreq)
state->gstate->domain = state->gstate->domain->next;
if ((state->gstate->domain != NULL)
- && sid_check_is_domain(&state->gstate->domain->sid)) {
+ && sid_check_is_our_sam(&state->gstate->domain->sid)) {
state->gstate->domain = state->gstate->domain->next;
}
diff --git a/source3/winbindd/wb_next_pwent.c b/source3/winbindd/wb_next_pwent.c
index 28ae9b7..785658d 100644
--- a/source3/winbindd/wb_next_pwent.c
+++ b/source3/winbindd/wb_next_pwent.c
@@ -40,7 +40,7 @@ static struct winbindd_domain *wb_next_find_domain(struct winbindd_domain *domai
}
if ((domain != NULL)
- && sid_check_is_domain(&domain->sid)) {
+ && sid_check_is_our_sam(&domain->sid)) {
domain = domain->next;
}
return domain;
@@ -114,7 +114,7 @@ static void wb_next_pwent_fetch_done(struct tevent_req *subreq)
state->gstate->domain = state->gstate->domain->next;
if ((state->gstate->domain != NULL)
- && sid_check_is_domain(&state->gstate->domain->sid)) {
+ && sid_check_is_our_sam(&state->gstate->domain->sid)) {
state->gstate->domain = state->gstate->domain->next;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list