[PATCH] cleanups in source4 idmap
Volker Lendecke
vl at samba.org
Wed Dec 28 10:12:53 UTC 2016
Hi!
Attached find some cleanups in the source4 idmap implementation. The
util_unixsids.h things make it easier to use in source4.
Review appreciated!
Thanks, Volker
-------------- next part --------------
>From 0002657b9dba55cc68ac519d9fb6670828d03186 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 12:19:54 +0000
Subject: [PATCH 1/9] idmap4: Fix idmap_ctx talloc hierarchy
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/winbind/idmap.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index 26a4664..578a7c3 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -166,7 +166,7 @@ struct idmap_context *idmap_init(TALLOC_CTX *mem_ctx,
idmap_ctx->lp_ctx = lp_ctx;
- idmap_ctx->ldb_ctx = ldb_wrap_connect(mem_ctx, ev_ctx, lp_ctx,
+ idmap_ctx->ldb_ctx = ldb_wrap_connect(idmap_ctx, ev_ctx, lp_ctx,
"idmap.ldb",
system_session(lp_ctx),
NULL, 0);
@@ -174,12 +174,14 @@ struct idmap_context *idmap_init(TALLOC_CTX *mem_ctx,
return NULL;
}
- idmap_ctx->unix_groups_sid = dom_sid_parse_talloc(mem_ctx, "S-1-22-2");
+ idmap_ctx->unix_groups_sid = dom_sid_parse_talloc(
+ idmap_ctx, "S-1-22-2");
if (idmap_ctx->unix_groups_sid == NULL) {
return NULL;
}
- idmap_ctx->unix_users_sid = dom_sid_parse_talloc(mem_ctx, "S-1-22-1");
+ idmap_ctx->unix_users_sid = dom_sid_parse_talloc(
+ idmap_ctx, "S-1-22-1");
if (idmap_ctx->unix_users_sid == NULL) {
return NULL;
}
--
2.1.4
>From be5a0280832426e1e4e4d416663313f2621d2675 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 12:21:09 +0000
Subject: [PATCH 2/9] idmap4: Fix error path memleaks in idmap_init
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/winbind/idmap.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index 578a7c3..6f701f0 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -171,28 +171,31 @@ struct idmap_context *idmap_init(TALLOC_CTX *mem_ctx,
system_session(lp_ctx),
NULL, 0);
if (idmap_ctx->ldb_ctx == NULL) {
- return NULL;
+ goto fail;
}
idmap_ctx->unix_groups_sid = dom_sid_parse_talloc(
idmap_ctx, "S-1-22-2");
if (idmap_ctx->unix_groups_sid == NULL) {
- return NULL;
+ goto fail;
}
idmap_ctx->unix_users_sid = dom_sid_parse_talloc(
idmap_ctx, "S-1-22-1");
if (idmap_ctx->unix_users_sid == NULL) {
- return NULL;
+ goto fail;
}
idmap_ctx->samdb = samdb_connect(idmap_ctx, ev_ctx, lp_ctx, system_session(lp_ctx), 0);
if (idmap_ctx->samdb == NULL) {
DEBUG(0, ("Failed to load sam.ldb in idmap_init\n"));
- return NULL;
+ goto fail;
}
return idmap_ctx;
+fail:
+ TALLOC_FREE(idmap_ctx);
+ return NULL;
}
/**
--
2.1.4
>From e08f801a40f162ec67e53f49ac7664fbd4383d51 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 12:32:13 +0000
Subject: [PATCH 3/9] idmap4: Slightly simplify idmap_xid_to_sid
No need to parse "S-1-22-1", we have global_sid_Unix_Users
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/winbind/idmap.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index 6f701f0..bc3b57b 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -221,7 +221,8 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
struct ldb_context *ldb = idmap_ctx->ldb_ctx;
struct ldb_result *res = NULL;
struct ldb_message *msg;
- struct dom_sid *unix_sid, *new_sid;
+ const struct dom_sid *unix_sid;
+ struct dom_sid *new_sid;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
const char *id_type;
@@ -359,13 +360,9 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
/* For local users/groups , we just create a rid = uid/gid */
if (unixid->type == ID_TYPE_UID) {
- unix_sid = dom_sid_parse_talloc(tmp_ctx, "S-1-22-1");
+ unix_sid = &global_sid_Unix_Users;
} else {
- unix_sid = dom_sid_parse_talloc(tmp_ctx, "S-1-22-2");
- }
- if (unix_sid == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto failed;
+ unix_sid = &global_sid_Unix_Groups;
}
new_sid = dom_sid_add_rid(mem_ctx, unix_sid, unixid->id);
--
2.1.4
>From 43e8f27bad806d9df4b0e8956b56c81c7b79ae3d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 12:52:00 +0000
Subject: [PATCH 4/9] lib: Add lib/util_unixsids.h
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/auth/auth_util.c | 1 +
source3/auth/server_info.c | 1 +
source3/auth/token_util.c | 1 +
source3/include/proto.h | 13 -------------
source3/lib/util_sid_passdb.c | 1 +
source3/lib/util_unixsids.c | 1 +
source3/lib/util_unixsids.h | 38 ++++++++++++++++++++++++++++++++++++++
source3/passdb/lookup_sid.c | 1 +
source3/winbindd/wb_lookupsids.c | 1 +
source3/winbindd/winbindd_samr.c | 1 +
source3/winbindd/winbindd_util.c | 1 +
11 files changed, 47 insertions(+), 13 deletions(-)
create mode 100644 source3/lib/util_unixsids.h
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 2da2896..25f27e8 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "auth.h"
+#include "lib/util_unixsids.h"
#include "../libcli/auth/libcli_auth.h"
#include "../lib/crypto/arcfour.h"
#include "rpc_client/init_lsa.h"
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index d2b7823..8461d20 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "auth.h"
+#include "lib/util_unixsids.h"
#include "../lib/crypto/arcfour.h"
#include "../librpc/gen_ndr/netlogon.h"
#include "../libcli/security/security.h"
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 375905a..77b63e4 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -25,6 +25,7 @@
/* functions moved from auth/auth_util.c to minimize linker deps */
#include "includes.h"
+#include "lib/util_unixsids.h"
#include "system/passwd.h"
#include "auth.h"
#include "secrets.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 53a2d6a..4535a14 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1104,19 +1104,6 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
struct dom_sid *sid, const char **domain);
-/* The following definitions come from lib/util_unixsids.c */
-
-bool sid_check_is_unix_users(const struct dom_sid *sid);
-bool sid_check_is_in_unix_users(const struct dom_sid *sid);
-void uid_to_unix_users_sid(uid_t uid, struct dom_sid *sid);
-void gid_to_unix_groups_sid(gid_t gid, struct dom_sid *sid);
-const char *unix_users_domain_name(void);
-bool lookup_unix_user_name(const char *name, struct dom_sid *sid);
-bool sid_check_is_unix_groups(const struct dom_sid *sid);
-bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
-const char *unix_groups_domain_name(void);
-bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
-
/* The following definitions come from lib/util_specialsids.c */
bool sid_check_is_asserted_identity(const struct dom_sid *sid);
bool sid_check_is_in_asserted_identity(const struct dom_sid *sid);
diff --git a/source3/lib/util_sid_passdb.c b/source3/lib/util_sid_passdb.c
index 0ff64cc..e67a27d 100644
--- a/source3/lib/util_sid_passdb.c
+++ b/source3/lib/util_sid_passdb.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "lib/util_sid_passdb.h"
+#include "lib/util_unixsids.h"
#include "passdb/machine_sid.h"
#include "passdb.h"
diff --git a/source3/lib/util_unixsids.c b/source3/lib/util_unixsids.c
index 4a38c57..4fd0db7 100644
--- a/source3/lib/util_unixsids.c
+++ b/source3/lib/util_unixsids.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "system/passwd.h"
+#include "util_unixsids.h"
#include "../libcli/security/security.h"
#include "../lib/util/util_pw.h"
diff --git a/source3/lib/util_unixsids.h b/source3/lib/util_unixsids.h
new file mode 100644
index 0000000..664d50f
--- /dev/null
+++ b/source3/lib/util_unixsids.h
@@ -0,0 +1,38 @@
+/*
+ Unix SMB/CIFS implementation.
+ Translate unix-defined names to SIDs and vice versa
+ Copyright (C) Volker Lendecke 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __UTIL_UNIXSIDS_H__
+#define __UTIL_UNIXSIDS_H__
+
+#include "replace.h"
+
+struct dom_sid;
+
+bool sid_check_is_unix_users(const struct dom_sid *sid);
+bool sid_check_is_in_unix_users(const struct dom_sid *sid);
+void uid_to_unix_users_sid(uid_t uid, struct dom_sid *sid);
+void gid_to_unix_groups_sid(gid_t gid, struct dom_sid *sid);
+const char *unix_users_domain_name(void);
+bool lookup_unix_user_name(const char *name, struct dom_sid *sid);
+bool sid_check_is_unix_groups(const struct dom_sid *sid);
+bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
+const char *unix_groups_domain_name(void);
+bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
+
+#endif
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 110bdd3..33302f1 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "passdb.h"
+#include "lib/util_unixsids.h"
#include "../librpc/gen_ndr/ndr_security.h"
#include "secrets.h"
#include "../lib/util/memcache.h"
diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index 2480547..a4bcbad 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "winbindd.h"
+#include "lib/util_unixsids.h"
#include "librpc/gen_ndr/ndr_winbind_c.h"
#include "../libcli/security/security.h"
#include "passdb/machine_sid.h"
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 3d0914a..dce26d2 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -26,6 +26,7 @@
#include "includes.h"
#include "winbindd.h"
#include "winbindd_rpc.h"
+#include "lib/util_unixsids.h"
#include "rpc_client/rpc_client.h"
#include "../librpc/gen_ndr/ndr_samr_c.h"
#include "rpc_client/cli_samr.h"
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 38e4b8b..c98b3ef 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "winbindd.h"
+#include "lib/util_unixsids.h"
#include "secrets.h"
#include "../libcli/security/security.h"
#include "../libcli/auth/pam_errors.h"
--
2.1.4
>From d2dafc8e45ef751e61662e8b2abb2b071691846c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 12:57:23 +0000
Subject: [PATCH 5/9] passdb: Move lookup_unix_[user|group]_name to
lookup_sid.c
This is the only user and reduces the dependencies of util_unixsids.c
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/util_unixsids.c | 35 ----
source3/lib/util_unixsids.h | 2 -
source3/passdb/ABI/samba-passdb-0.26.0.sigs | 310 ++++++++++++++++++++++++++++
source3/passdb/lookup_sid.c | 35 ++++
source3/wscript_build | 2 +-
5 files changed, 346 insertions(+), 38 deletions(-)
create mode 100644 source3/passdb/ABI/samba-passdb-0.26.0.sigs
diff --git a/source3/lib/util_unixsids.c b/source3/lib/util_unixsids.c
index 4fd0db7..314cc42 100644
--- a/source3/lib/util_unixsids.c
+++ b/source3/lib/util_unixsids.c
@@ -61,25 +61,6 @@ const char *unix_users_domain_name(void)
return "Unix User";
}
-bool lookup_unix_user_name(const char *name, struct dom_sid *sid)
-{
- struct passwd *pwd;
- bool ret;
-
- pwd = Get_Pwnam_alloc(talloc_tos(), name);
- if (pwd == NULL) {
- return False;
- }
-
- /*
- * For 64-bit uid's we have enough space in the whole SID,
- * should they become necessary
- */
- ret = sid_compose(sid, &global_sid_Unix_Users, pwd->pw_uid);
- TALLOC_FREE(pwd);
- return ret;
-}
-
bool sid_check_is_unix_groups(const struct dom_sid *sid)
{
return dom_sid_equal(sid, &global_sid_Unix_Groups);
@@ -99,19 +80,3 @@ const char *unix_groups_domain_name(void)
{
return "Unix Group";
}
-
-bool lookup_unix_group_name(const char *name, struct dom_sid *sid)
-{
- struct group *grp;
-
- grp = getgrnam(name);
- if (grp == NULL) {
- return False;
- }
-
- /*
- * For 64-bit gid's we have enough space in the whole SID,
- * should they become necessary
- */
- return sid_compose(sid, &global_sid_Unix_Groups, grp->gr_gid);
-}
diff --git a/source3/lib/util_unixsids.h b/source3/lib/util_unixsids.h
index 664d50f..b90a746 100644
--- a/source3/lib/util_unixsids.h
+++ b/source3/lib/util_unixsids.h
@@ -29,10 +29,8 @@ bool sid_check_is_in_unix_users(const struct dom_sid *sid);
void uid_to_unix_users_sid(uid_t uid, struct dom_sid *sid);
void gid_to_unix_groups_sid(gid_t gid, struct dom_sid *sid);
const char *unix_users_domain_name(void);
-bool lookup_unix_user_name(const char *name, struct dom_sid *sid);
bool sid_check_is_unix_groups(const struct dom_sid *sid);
bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
const char *unix_groups_domain_name(void);
-bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
#endif
diff --git a/source3/passdb/ABI/samba-passdb-0.26.0.sigs b/source3/passdb/ABI/samba-passdb-0.26.0.sigs
new file mode 100644
index 0000000..f3762e5
--- /dev/null
+++ b/source3/passdb/ABI/samba-passdb-0.26.0.sigs
@@ -0,0 +1,310 @@
+PDB_secrets_clear_domain_protection: bool (const char *)
+PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *)
+PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *)
+PDB_secrets_mark_domain_protected: bool (const char *)
+PDB_secrets_store_domain_guid: bool (const char *, struct GUID *)
+PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *)
+account_policy_get: bool (enum pdb_policy_type, uint32_t *)
+account_policy_get_default: bool (enum pdb_policy_type, uint32_t *)
+account_policy_get_desc: const char *(enum pdb_policy_type)
+account_policy_name_to_typenum: enum pdb_policy_type (const char *)
+account_policy_names_list: void (TALLOC_CTX *, const char ***, int *)
+account_policy_set: bool (enum pdb_policy_type, uint32_t)
+add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *)
+algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t)
+algorithmic_pdb_rid_is_user: bool (uint32_t)
+algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t)
+algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t)
+algorithmic_rid_base: int (void)
+builtin_domain_name: const char *(void)
+cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
+cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
+create_builtin_administrators: NTSTATUS (const struct dom_sid *)
+create_builtin_users: NTSTATUS (const struct dom_sid *)
+decode_account_policy_name: const char *(enum pdb_policy_type)
+get_account_pol_db: struct db_context *(void)
+get_account_policy_attr: const char *(enum pdb_policy_type)
+get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *)
+get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **)
+get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *)
+get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int)
+get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *)
+get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *)
+gid_to_sid: void (struct dom_sid *, gid_t)
+gid_to_unix_groups_sid: void (gid_t, struct dom_sid *)
+grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int)
+grant_all_privileges: bool (const struct dom_sid *)
+grant_privilege_by_name: bool (const struct dom_sid *, const char *)
+grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
+groupdb_tdb_init: const struct mapping_backend *(void)
+init_account_policy: bool (void)
+init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool)
+init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t)
+initialize_password_db: bool (bool, struct tevent_context *)
+is_dc_trusted_domain_situation: bool (const char *)
+is_privileged_sid: bool (const struct dom_sid *)
+local_password_change: NTSTATUS (const char *, int, const char *, char **, char **)
+login_cache_delentry: bool (const struct samu *)
+login_cache_init: bool (void)
+login_cache_read: bool (struct samu *, struct login_cache *)
+login_cache_shutdown: bool (void)
+login_cache_write: bool (const struct samu *, const struct login_cache *)
+lookup_builtin_name: bool (const char *, uint32_t *)
+lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **)
+lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *)
+lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
+lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
+lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
+lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **)
+lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **)
+lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **)
+make_pdb_method: NTSTATUS (struct pdb_methods **)
+make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *)
+max_algorithmic_gid: gid_t (void)
+max_algorithmic_uid: uid_t (void)
+pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
+pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *)
+pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
+pdb_add_sam_account: NTSTATUS (struct samu *)
+pdb_build_fields_present: uint32_t (struct samu *)
+pdb_capabilities: uint32_t (void)
+pdb_copy_sam_account: bool (struct samu *, struct samu *)
+pdb_create_alias: NTSTATUS (const char *, uint32_t *)
+pdb_create_builtin: NTSTATUS (uint32_t)
+pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
+pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
+pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
+pdb_decode_acct_ctrl: uint32_t (const char *)
+pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
+pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
+pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
+pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *)
+pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
+pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *)
+pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
+pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
+pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
+pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
+pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
+pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
+pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
+pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
+pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
+pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
+pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
+pdb_del_trusted_domain: NTSTATUS (const char *)
+pdb_del_trusteddom_pw: bool (const char *)
+pdb_delete_alias: NTSTATUS (const struct dom_sid *)
+pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t)
+pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid)
+pdb_delete_sam_account: NTSTATUS (struct samu *)
+pdb_delete_secret: NTSTATUS (const char *)
+pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *)
+pdb_element_is_changed: bool (const struct samu *, enum pdb_elements)
+pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements)
+pdb_encode_acct_ctrl: char *(uint32_t, size_t)
+pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
+pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
+pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
+pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *)
+pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *)
+pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***)
+pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
+pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***)
+pdb_find_backend_entry: struct pdb_init_function_entry *(const char *)
+pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *)
+pdb_get_acct_ctrl: uint32_t (const struct samu *)
+pdb_get_acct_desc: const char *(const struct samu *)
+pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
+pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *)
+pdb_get_backends: const struct pdb_init_function_entry *(void)
+pdb_get_bad_password_count: uint16_t (const struct samu *)
+pdb_get_bad_password_time: time_t (const struct samu *)
+pdb_get_code_page: uint16_t (const struct samu *)
+pdb_get_comment: const char *(const struct samu *)
+pdb_get_country_code: uint16_t (const struct samu *)
+pdb_get_dir_drive: const char *(const struct samu *)
+pdb_get_domain: const char *(const struct samu *)
+pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *)
+pdb_get_fullname: const char *(const struct samu *)
+pdb_get_group_rid: uint32_t (struct samu *)
+pdb_get_group_sid: const struct dom_sid *(struct samu *)
+pdb_get_homedir: const char *(const struct samu *)
+pdb_get_hours: const uint8_t *(const struct samu *)
+pdb_get_hours_len: uint32_t (const struct samu *)
+pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements)
+pdb_get_kickoff_time: time_t (const struct samu *)
+pdb_get_lanman_passwd: const uint8_t *(const struct samu *)
+pdb_get_logoff_time: time_t (const struct samu *)
+pdb_get_logon_count: uint16_t (const struct samu *)
+pdb_get_logon_divs: uint16_t (const struct samu *)
+pdb_get_logon_script: const char *(const struct samu *)
+pdb_get_logon_time: time_t (const struct samu *)
+pdb_get_munged_dial: const char *(const struct samu *)
+pdb_get_nt_passwd: const uint8_t *(const struct samu *)
+pdb_get_nt_username: const char *(const struct samu *)
+pdb_get_pass_can_change: bool (const struct samu *)
+pdb_get_pass_can_change_time: time_t (const struct samu *)
+pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *)
+pdb_get_pass_last_set_time: time_t (const struct samu *)
+pdb_get_pass_must_change_time: time_t (const struct samu *)
+pdb_get_plaintext_passwd: const char *(const struct samu *)
+pdb_get_profile_path: const char *(const struct samu *)
+pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
+pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
+pdb_get_seq_num: bool (time_t *)
+pdb_get_tevent_context: struct tevent_context *(void)
+pdb_get_trust_credentials: NTSTATUS (const char *, const char *, TALLOC_CTX *, struct cli_credentials **)
+pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
+pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
+pdb_get_trusteddom_creds: NTSTATUS (const char *, TALLOC_CTX *, struct cli_credentials **)
+pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
+pdb_get_unknown_6: uint32_t (const struct samu *)
+pdb_get_user_rid: uint32_t (const struct samu *)
+pdb_get_user_sid: const struct dom_sid *(const struct samu *)
+pdb_get_username: const char *(const struct samu *)
+pdb_get_workstations: const char *(const struct samu *)
+pdb_getgrgid: bool (GROUP_MAP *, gid_t)
+pdb_getgrnam: bool (GROUP_MAP *, const char *)
+pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid)
+pdb_gethexhours: bool (const char *, unsigned char *)
+pdb_gethexpwd: bool (const char *, unsigned char *)
+pdb_getsampwnam: bool (struct samu *, const char *)
+pdb_getsampwsid: bool (struct samu *, const struct dom_sid *)
+pdb_group_rid_to_gid: gid_t (uint32_t)
+pdb_id_to_sid: bool (struct unixid *, struct dom_sid *)
+pdb_increment_bad_password_count: bool (struct samu *)
+pdb_is_password_change_time_max: bool (time_t)
+pdb_is_responsible_for_builtin: bool (void)
+pdb_is_responsible_for_everything_else: bool (void)
+pdb_is_responsible_for_our_sam: bool (void)
+pdb_is_responsible_for_unix_groups: bool (void)
+pdb_is_responsible_for_unix_users: bool (void)
+pdb_is_responsible_for_wellknown: bool (void)
+pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *)
+pdb_new_rid: bool (uint32_t *)
+pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
+pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
+pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool)
+pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
+pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
+pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
+pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
+pdb_rename_sam_account: NTSTATUS (struct samu *, const char *)
+pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *)
+pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **)
+pdb_search_groups: struct pdb_search *(TALLOC_CTX *)
+pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t)
+pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t)
+pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state)
+pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
+pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state)
+pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state)
+pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state)
+pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state)
+pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state)
+pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
+pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
+pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state)
+pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state)
+pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state)
+pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state)
+pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
+pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state)
+pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state)
+pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state)
+pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state)
+pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
+pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_pass_can_change: bool (struct samu *, bool)
+pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state)
+pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state)
+pdb_set_plaintext_passwd: bool (struct samu *, const char *)
+pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state)
+pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *)
+pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *)
+pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *)
+pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *)
+pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state)
+pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **)
+pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
+pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
+pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state)
+pdb_sethexhours: void (char *, const unsigned char *)
+pdb_sethexpwd: void (char *, const unsigned char *, uint32_t)
+pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *)
+pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *)
+pdb_update_autolock_flag: bool (struct samu *, bool *)
+pdb_update_bad_password_count: bool (struct samu *, bool *)
+pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *)
+pdb_update_history: bool (struct samu *, const uint8_t *)
+pdb_update_login_attempts: NTSTATUS (struct samu *, bool)
+pdb_update_sam_account: NTSTATUS (struct samu *)
+privilege_create_account: NTSTATUS (const struct dom_sid *)
+privilege_delete_account: NTSTATUS (const struct dom_sid *)
+privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *)
+privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *)
+revoke_all_privileges: bool (const struct dom_sid *)
+revoke_privilege_by_name: bool (const struct dom_sid *, const char *)
+revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
+samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *)
+samu_new: struct samu *(TALLOC_CTX *)
+samu_set_unix: NTSTATUS (struct samu *, const struct passwd *)
+secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
+sid_check_is_builtin: bool (const struct dom_sid *)
+sid_check_is_for_passdb: bool (const struct dom_sid *)
+sid_check_is_in_builtin: bool (const struct dom_sid *)
+sid_check_is_in_unix_groups: bool (const struct dom_sid *)
+sid_check_is_in_unix_users: bool (const struct dom_sid *)
+sid_check_is_in_wellknown_domain: bool (const struct dom_sid *)
+sid_check_is_unix_groups: bool (const struct dom_sid *)
+sid_check_is_unix_users: bool (const struct dom_sid *)
+sid_check_is_wellknown_builtin: bool (const struct dom_sid *)
+sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **)
+sid_check_object_is_for_passdb: bool (const struct dom_sid *)
+sid_to_gid: bool (const struct dom_sid *, gid_t *)
+sid_to_uid: bool (const struct dom_sid *, uid_t *)
+sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *)
+smb_add_user_group: int (const char *, const char *)
+smb_create_group: int (const char *, gid_t *)
+smb_delete_group: int (const char *)
+smb_delete_user_group: int (const char *, const char *)
+smb_nscd_flush_group_cache: void (void)
+smb_nscd_flush_user_cache: void (void)
+smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function)
+smb_set_primary_group: int (const char *, const char *)
+uid_to_sid: void (struct dom_sid *, uid_t)
+uid_to_unix_users_sid: void (uid_t, struct dom_sid *)
+unix_groups_domain_name: const char *(void)
+unix_users_domain_name: const char *(void)
+unixid_from_both: void (struct unixid *, uint32_t)
+unixid_from_gid: void (struct unixid *, uint32_t)
+unixid_from_uid: void (struct unixid *, uint32_t)
+wb_is_trusted_domain: wbcErr (const char *)
+winbind_allocate_gid: bool (gid_t *)
+winbind_allocate_uid: bool (uid_t *)
+winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **)
+winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
+winbind_getpwnam: struct passwd *(const char *)
+winbind_getpwsid: struct passwd *(const struct dom_sid *)
+winbind_gid_to_sid: bool (struct dom_sid *, gid_t)
+winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *)
+winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **)
+winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
+winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **)
+winbind_ping: bool (void)
+winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
+winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
+winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 33302f1..b06dd1b 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -30,6 +30,41 @@
#include "lib/winbind_util.h"
#include "../librpc/gen_ndr/idmap.h"
+static bool lookup_unix_user_name(const char *name, struct dom_sid *sid)
+{
+ struct passwd *pwd;
+ bool ret;
+
+ pwd = Get_Pwnam_alloc(talloc_tos(), name);
+ if (pwd == NULL) {
+ return False;
+ }
+
+ /*
+ * For 64-bit uid's we have enough space in the whole SID,
+ * should they become necessary
+ */
+ ret = sid_compose(sid, &global_sid_Unix_Users, pwd->pw_uid);
+ TALLOC_FREE(pwd);
+ return ret;
+}
+
+static bool lookup_unix_group_name(const char *name, struct dom_sid *sid)
+{
+ struct group *grp;
+
+ grp = getgrnam(name);
+ if (grp == NULL) {
+ return False;
+ }
+
+ /*
+ * For 64-bit gid's we have enough space in the whole SID,
+ * should they become necessary
+ */
+ return sid_compose(sid, &global_sid_Unix_Groups, grp->gr_gid);
+}
+
/*****************************************************************
Dissect a user-provided name into domain, name, sid and type.
diff --git a/source3/wscript_build b/source3/wscript_build
index d45a440..815a540 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -168,7 +168,7 @@ bld.SAMBA3_LIBRARY('samba-passdb',
''',
abi_match=private_pdb_match,
abi_directory='passdb/ABI',
- vnum='0.25.0')
+ vnum='0.26.0')
bld.SAMBA3_SUBSYSTEM('pdb',
source='''
--
2.1.4
>From 82c4c96c78ecc1589959b05c5b252d46b5e3b5ff Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 13:04:57 +0000
Subject: [PATCH 6/9] lib: Add required prerequisites for
librpc/gen_ndr/security.h
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/security/security.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libcli/security/security.h b/libcli/security/security.h
index 6e4b172..4df18eb 100644
--- a/libcli/security/security.h
+++ b/libcli/security/security.h
@@ -20,6 +20,9 @@
#ifndef _LIBCLI_SECURITY_SECURITY_H_
#define _LIBCLI_SECURITY_SECURITY_H_
+#include "lib/util/data_blob.h"
+#include "lib/util/time.h"
+
#include "librpc/gen_ndr/security.h"
#define PRIMARY_USER_SID_INDEX 0
--
2.1.4
>From 000417a04fcfb6390987633893bad0c62f27c46d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 13:05:49 +0000
Subject: [PATCH 7/9] lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/util_unixsids.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/source3/lib/util_unixsids.c b/source3/lib/util_unixsids.c
index 314cc42..387232c 100644
--- a/source3/lib/util_unixsids.c
+++ b/source3/lib/util_unixsids.c
@@ -17,11 +17,9 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "includes.h"
-#include "system/passwd.h"
+#include "replace.h"
#include "util_unixsids.h"
#include "../libcli/security/security.h"
-#include "../lib/util/util_pw.h"
bool sid_check_is_unix_users(const struct dom_sid *sid)
{
--
2.1.4
>From 75ac97f6045499340e9ebcb1235f940aee39f4a2 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 13:08:58 +0000
Subject: [PATCH 8/9] idmap4: Use sid_check_is_in_unix_users()
This avoids the need for the special unix users sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/winbind/idmap.c | 9 ++-------
source4/winbind/idmap.h | 1 -
2 files changed, 2 insertions(+), 8 deletions(-)
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index bc3b57b..bcf4587 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -23,6 +23,7 @@
#include "includes.h"
#include "auth/auth.h"
#include "librpc/gen_ndr/ndr_security.h"
+#include "lib/util_unixsids.h"
#include <ldb.h>
#include "ldb_wrap.h"
#include "param/param.h"
@@ -180,12 +181,6 @@ struct idmap_context *idmap_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- idmap_ctx->unix_users_sid = dom_sid_parse_talloc(
- idmap_ctx, "S-1-22-1");
- if (idmap_ctx->unix_users_sid == NULL) {
- goto fail;
- }
-
idmap_ctx->samdb = samdb_connect(idmap_ctx, ev_ctx, lp_ctx, system_session(lp_ctx), 0);
if (idmap_ctx->samdb == NULL) {
DEBUG(0, ("Failed to load sam.ldb in idmap_init\n"));
@@ -412,7 +407,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
const char *sam_attrs[] = {"uidNumber", "gidNumber", "samAccountType", NULL};
- if (dom_sid_in_domain(idmap_ctx->unix_users_sid, sid)) {
+ if (sid_check_is_in_unix_users(sid)) {
uint32_t rid;
DEBUG(6, ("This is a local unix uid, just calculate that.\n"));
status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
diff --git a/source4/winbind/idmap.h b/source4/winbind/idmap.h
index 676955c..bc753b2 100644
--- a/source4/winbind/idmap.h
+++ b/source4/winbind/idmap.h
@@ -28,7 +28,6 @@ struct idmap_context {
struct loadparm_context *lp_ctx;
struct ldb_context *ldb_ctx;
struct dom_sid *unix_groups_sid;
- struct dom_sid *unix_users_sid;
struct ldb_context *samdb;
};
--
2.1.4
>From c37a4dbe4cc76ee33232fed39d94c165ad19e4a3 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 27 Dec 2016 13:08:58 +0000
Subject: [PATCH 9/9] idmap4: Use sid_check_is_in_unix_groups()
This avoids the need for the special unix groups sid
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/winbind/idmap.c | 8 +-------
source4/winbind/idmap.h | 1 -
2 files changed, 1 insertion(+), 8 deletions(-)
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index bcf4587..edeb724 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -175,12 +175,6 @@ struct idmap_context *idmap_init(TALLOC_CTX *mem_ctx,
goto fail;
}
- idmap_ctx->unix_groups_sid = dom_sid_parse_talloc(
- idmap_ctx, "S-1-22-2");
- if (idmap_ctx->unix_groups_sid == NULL) {
- goto fail;
- }
-
idmap_ctx->samdb = samdb_connect(idmap_ctx, ev_ctx, lp_ctx, system_session(lp_ctx), 0);
if (idmap_ctx->samdb == NULL) {
DEBUG(0, ("Failed to load sam.ldb in idmap_init\n"));
@@ -423,7 +417,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
return NT_STATUS_OK;
}
- if (dom_sid_in_domain(idmap_ctx->unix_groups_sid, sid)) {
+ if (sid_check_is_in_unix_groups(sid)) {
uint32_t rid;
DEBUG(6, ("This is a local unix gid, just calculate that.\n"));
status = dom_sid_split_rid(tmp_ctx, sid, NULL, &rid);
diff --git a/source4/winbind/idmap.h b/source4/winbind/idmap.h
index bc753b2..04770c3 100644
--- a/source4/winbind/idmap.h
+++ b/source4/winbind/idmap.h
@@ -27,7 +27,6 @@
struct idmap_context {
struct loadparm_context *lp_ctx;
struct ldb_context *ldb_ctx;
- struct dom_sid *unix_groups_sid;
struct ldb_context *samdb;
};
--
2.1.4
More information about the samba-technical
mailing list