The branch, v3-2-stable has been updated via fee37ef4bb67f19aa8a7b6190fe7f0cad310642e (commit) via 4ec94fcd8d472338dd95e72d2a01a91de49b22e2 (commit) via 4cc740bbdb64f34031c561a7ffeda98b9d741e85 (commit) via 8ed9df8af219a144f5580662b3c948c3da46b4b4 (commit) via 3cd8ef9790f6c5cae0f1203a6f76e3f6e695392e (commit) via bf175942b68cf71178978fcad727fa228280c792 (commit) via 5d5612e34367c86b0396fdfbf9781075898e6c19 (commit) via d52a75696329cedd3df07f4d24411f60c826ffde (commit) via becb2b57046004fec1547ddfbdb97e8e2c8a5824 (commit) via cb93aec5d4265531450064b860a7f3127ee9116a (commit) via 4cbef2f7ba91bb7eb40bbf56078e951cbf52e7c6 (commit) via 982ec07471b42feefc0e5b4339a2385f44d9f870 (commit) via 92f458bbf772fdbe1a59145368c73aaf92b7bbc3 (commit) via 213b3a284e4e0065023000adfbe1d394a5d4978f (commit) via 7bf2d9254687a850379da10034d252f119242312 (commit) via 3ba3f5c83b62a75bc3a8bbfae35349073ae00397 (commit) via 8a8f80dcac01ad5b60f80ae160cfef3e8ce3463d (commit) via cca148aac022b7c1a956db7427d13ec3294a7f93 (commit) via 93b0857fb6ec2a14f1b1b8898b2d6db0108729dc (commit) via f7bdb5840bc45dea0bcd1bbe8ee9d5d23ae81d85 (commit) via 3e1ac6b997d9202101457299fb53462b830167d0 (commit) via 2c2bc51debe9792c60eb29d5d820c5159eafbdbe (commit) via bddf8046cf28a87ed660a73f14e8e1ab9b8434eb (commit) via af765ccce3c3128580006dcff15edf78d93af724 (commit) via 69694b2ba3cfef94326c8f0a4a1a38bcfd7b127d (commit) via b729edcf46e0a4530bc60e81702ad83f6cd13340 (commit) from 204660a7e0f3956a5d8b7375a2a9ab29e1dcf8b4 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log ----------------------------------------------------------------- commit fee37ef4bb67f19aa8a7b6190fe7f0cad310642e Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Mar 17 21:00:16 2008 +0100 Some simplifications (cherry picked from commit b59b436997fba47afd02ffb6f1194dfaef229d44) commit 4ec94fcd8d472338dd95e72d2a01a91de49b22e2 Author: Marc VanHeyningen <[EMAIL PROTECTED]> Date: Fri Mar 14 14:26:28 2008 -0800 Coverity fixes (cherry picked from commit 3fc85d22590550f0539215d020e4411bf5b14363) commit 4cc740bbdb64f34031c561a7ffeda98b9d741e85 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Mar 17 14:45:59 2008 +0100 In smbstatus, mark locking.tdb and sessionid.tdb as CLEAR_IF_FIRST This is needed to inform ctdb that it's not a persistent database, with the O_RDONLY the tdb backend ignores this. Merge from 491f902098d33f in 3-0-ctdb (cherry picked from commit 065938ccb7bb0052746267c433637f0e05b95d85) commit 8ed9df8af219a144f5580662b3c948c3da46b4b4 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Mar 17 14:40:07 2008 +0100 Merge leftovers of 0e1a86bc845 in 3-0-ctdb (cherry picked from commit 64b1625f8e3bca43504871747bef6631e1b18f44) commit 3cd8ef9790f6c5cae0f1203a6f76e3f6e695392e Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Mar 17 14:12:10 2008 +0100 Use right control to attach to persistent databases This is a merge of 2a8f8b26f08ab09c34dff82417e541d8eb1ec91c and 4e6508dfee0d872a7fa42c9e58ba565137a27b3f from 3-0-ctdb (cherry picked from commit 46e50da0d550e43de3aaf0141c64f25e1c9997c2) commit bf175942b68cf71178978fcad727fa228280c792 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Mar 17 13:51:50 2008 +0100 Add "net idmap aclmapset" This is a merge from 3-0-ctdb that goes along with 1daad835, the option nfs4:sidmap option (cherry picked from commit f5e26d28be6581149bed0b599c38b82d1a44444e) commit 5d5612e34367c86b0396fdfbf9781075898e6c19 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Fri Mar 14 20:35:38 2008 +0100 Convert pdb_tdb to use dbwrap (cherry picked from commit 948ab77863b12b1b0bd1c970004b84b9bb1bb2fa) commit d52a75696329cedd3df07f4d24411f60c826ffde Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sun Mar 16 12:23:44 2008 -0700 Fix Coverity ID 567 Jeremy, please push it if you like it and mark the bug as fixed on the Coverity site. Thanks, Volker (cherry picked from commit 2fd25423700cb60f20a8b8d6613279cb06fb518d) commit becb2b57046004fec1547ddfbdb97e8e2c8a5824 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sun Mar 16 11:55:59 2008 +0100 Need to close the /dev/zero fd (cherry picked from commit c2b2a9303d9c84ba4e059f13de9ccc401d08bd59) commit cb93aec5d4265531450064b860a7f3127ee9116a Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sat Mar 15 22:27:05 2008 +0100 Fix Coverity ID 554 (cherry picked from commit 471b1b0c58bc2def5d2fe9d98401def34724d447) commit 4cbef2f7ba91bb7eb40bbf56078e951cbf52e7c6 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sat Mar 15 22:22:53 2008 +0100 Fix Coverity ID 555 (cherry picked from commit 44122f06d02492a7a0a37413d6f975c3b1e3c283) commit 982ec07471b42feefc0e5b4339a2385f44d9f870 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sat Mar 15 22:16:42 2008 +0100 Fix Coverity ID 563 dirmask is always set here, we've dereferenced it before anyway (cherry picked from commit e6787aa133a1b241987319486c3bc46ac6ad41af) commit 92f458bbf772fdbe1a59145368c73aaf92b7bbc3 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sat Mar 15 22:07:44 2008 +0100 Fix Coverity ID 564 finfo1==NULL just does not happen in current code (cherry picked from commit 9ea0078c3151984a901c9bba559ae2bd7959e077) commit 213b3a284e4e0065023000adfbe1d394a5d4978f Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sat Mar 15 21:47:22 2008 +0100 Allocate one 0-byte in asprintf replacement when len==0 Some S3 code depends on this. (cherry picked from commit dc3d5e16452bf30055638ba3cfe99097fb557156) commit 7bf2d9254687a850379da10034d252f119242312 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Fri Mar 14 22:22:30 2008 +0100 Fix bug 5317 Thanks to [EMAIL PROTECTED] (cherry picked from commit f18a80575921a241c7243c5af5a0101a2956ff17) commit 3ba3f5c83b62a75bc3a8bbfae35349073ae00397 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Fri Mar 14 18:01:06 2008 +0100 Fix bug 4901 (cherry picked from commit 1dd8fa9a521046f1de8173ac00224706c5249665) commit 8a8f80dcac01ad5b60f80ae160cfef3e8ce3463d Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Tue Mar 11 14:15:52 2008 +0100 Convert mapping_tdb.c to dbwrap I know, this is not used anymore, but until ldb knows about ctdb which is blocked by the lack of transactions in ctdb, a tiny patch reactivating mapping_tdb.c might be needed for cluster setups. (cherry picked from commit 8e0fa453a3d0a2c997a935b6940796612c972708) commit cca148aac022b7c1a956db7427d13ec3294a7f93 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Tue Mar 11 12:53:50 2008 +0100 Clean up add_mapping_entry slightly (cherry picked from commit 38bb69cb316ba605a6d3a4454b986cb63ace3c21) commit 93b0857fb6ec2a14f1b1b8898b2d6db0108729dc Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Tue Mar 11 12:46:36 2008 +0100 Cleanup after pstring removal (cherry picked from commit 66d2a9c87411be88269bbb3a4d3c0a218a55be06) commit f7bdb5840bc45dea0bcd1bbe8ee9d5d23ae81d85 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Tue Mar 11 12:30:46 2008 +0100 Convert secrets.c to use dbwrap (cherry picked from commit 9d30e5991c6fe77ef5fd505efb756554bbe77256) commit 3e1ac6b997d9202101457299fb53462b830167d0 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Mar 10 21:08:29 2008 +0100 Use a separate tdb for mutexes Another preparation to convert secrets.c to dbwrap: The dbwrap API does not provide a sane tdb_lock_with_timeout abstraction. In the clustered case the DC mutex is needed per-node anyway, so it is perfectly fine to use a local mutex only. (cherry picked from commit f94a63cd8f94490780ad9331da229c0bcb2ca5d6) commit 2c2bc51debe9792c60eb29d5d820c5159eafbdbe Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Mon Mar 10 15:48:04 2008 +0100 Convert secrets_lock_trust_account_password to talloc This is preparing the conversion of secrets.c to ctdb (cherry picked from commit 1307f0130c47b8d740d2b7afe7a5d8d1a655e2a2) commit bddf8046cf28a87ed660a73f14e8e1ab9b8434eb Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sun Mar 9 11:26:50 2008 +0100 Make use of talloc_asprintf_strupper_m in secrets.c (cherry picked from commit 3ac4f935c074af768d0b83514f86d010c387817a) commit af765ccce3c3128580006dcff15edf78d93af724 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sun Mar 9 11:21:08 2008 +0100 Avoid some pointless checks secrets_init() makes sure that the tdb is initialized (cherry picked from commit 8725dbc8888cf7a1d3d9d1205678fcd3ca3c6350) commit 69694b2ba3cfef94326c8f0a4a1a38bcfd7b127d Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sun Mar 9 11:17:48 2008 +0100 Use talloc_tos() in secrets_init (cherry picked from commit 27065382d9b692b5885265c9d60ffb7ec7748c38) commit b729edcf46e0a4530bc60e81702ad83f6cd13340 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Sat Mar 8 23:48:12 2008 +0100 Fix Coverity ID 551 Correctly return if we can't create the temporary krb5.conf Jeremy, please check! (cherry picked from commit c2401811aa3d02a9e27969687b9ea035407000c3) ----------------------------------------------------------------------- Summary of changes: WHATSNEW.txt | 1 + source/auth/auth_domain.c | 18 +- source/auth/auth_server.c | 16 +- source/client/client.c | 11 +- source/client/clitar.c | 10 - source/groupdb/mapping.h | 2 + source/groupdb/mapping_tdb.c | 573 ++++++++++++++--------------- source/include/rpc_client.h | 12 +- source/include/smb.h | 1 + source/lib/ctdbd_conn.c | 7 +- source/lib/replace/getpass.c | 3 + source/lib/replace/snprintf.c | 2 +- source/lib/server_mutex.c | 57 ++- source/lib/sock_exec.c | 2 +- source/lib/util_sock.c | 2 +- source/libads/kerberos.c | 8 +- source/libads/kerberos_verify.c | 15 +- source/libads/krb5_setpw.c | 17 +- source/libads/ldap.c | 5 +- source/libsmb/namequery.c | 1 + source/locking/brlock.c | 2 +- source/locking/locking.c | 7 +- source/modules/vfs_aio_fork.c | 2 + source/nsswitch/wins.c | 10 +- source/passdb/pdb_ldap.c | 25 +- source/passdb/pdb_smbpasswd.c | 6 +- source/passdb/pdb_tdb.c | 634 ++++++++++++++++---------------- source/passdb/secrets.c | 325 ++++++---------- source/printing/nt_printing.c | 31 +- source/registry/reg_backend_printing.c | 3 +- source/registry/regfio.c | 5 +- source/rpc_client/cli_pipe.c | 23 +- source/rpc_client/ndr.c | 5 +- source/rpc_parse/parse_buffer.c | 6 +- source/rpc_parse/parse_misc.c | 27 +- source/rpc_parse/parse_prs.c | 2 +- source/rpc_server/srv_pipe.c | 16 +- source/rpc_server/srv_pipe_hnd.c | 6 +- source/rpc_server/srv_spoolss_nt.c | 6 +- source/rpc_server/srv_winreg_nt.c | 6 +- source/services/services_db.c | 7 +- source/smbd/notify.c | 2 +- source/smbd/process.c | 11 +- source/smbd/uid.c | 8 +- source/utils/net_idmap.c | 65 ++++ source/utils/net_rpc.c | 7 +- source/utils/rpccheck.c | 3 +- source/utils/smbget.c | 7 +- source/utils/status.c | 4 +- source/winbindd/winbindd_cm.c | 17 +- 50 files changed, 1056 insertions(+), 985 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 003752d..af575c7 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -305,6 +305,7 @@ o Volker Lendecke <[EMAIL PROTECTED]> * Add implicit temporary talloc contexts via talloc_stack(). * Speed up the smbclient "get" command * Add the aio_fork module + * Fix bug 4901 o Derrell Lipman <[EMAIL PROTECTED]> * Modified libsmbclient API for more easily maintaining ABI compatibility diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c index df51966..c9aa064 100644 --- a/source/auth/auth_domain.c +++ b/source/auth/auth_domain.c @@ -24,6 +24,7 @@ #define DBGC_CLASS DBGC_AUTH extern bool global_machine_password_needs_changing; +static struct named_mutex *mutex; /** * Connect to a remote server for (inter)domain security authenticaion. @@ -67,7 +68,8 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, * ACCESS_DENIED errors if 2 auths are done from the same machine. JRA. */ - if (!grab_server_mutex(dc_name)) { + mutex = grab_named_mutex(NULL, dc_name, 10); + if (mutex == NULL) { return NT_STATUS_NO_LOGON_SERVERS; } @@ -87,7 +89,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, *cli = NULL; } - release_server_mutex(); + TALLOC_FREE(mutex); return result; } @@ -118,7 +120,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); cli_shutdown(*cli); *cli = NULL; - release_server_mutex(); + TALLOC_FREE(mutex); return result; } @@ -137,7 +139,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); domain)); cli_shutdown(*cli); *cli = NULL; - release_server_mutex(); + TALLOC_FREE(mutex); return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -153,7 +155,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); if (!NT_STATUS_IS_OK(result)) { cli_shutdown(*cli); *cli = NULL; - release_server_mutex(); + TALLOC_FREE(mutex); return result; } } @@ -163,7 +165,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result))); machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli))); cli_shutdown(*cli); *cli = NULL; - release_server_mutex(); + TALLOC_FREE(mutex); return NT_STATUS_NO_LOGON_SERVERS; } @@ -247,13 +249,13 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, /* Let go as soon as possible so we avoid any potential deadlocks with winbind lookup up users or groups. */ - release_server_mutex(); + TALLOC_FREE(mutex); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("domain_client_validate: unable to validate password " "for user %s in domain %s to Domain controller %s. " "Error was %s.\n", user_info->smb_name, - user_info->domain, dc_name, + user_info->client_domain, dc_name, nt_errstr(nt_status))); /* map to something more useful */ diff --git a/source/auth/auth_server.c b/source/auth/auth_server.c index 095f0b9..b07884c 100644 --- a/source/auth/auth_server.c +++ b/source/auth/auth_server.c @@ -37,6 +37,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) const char *p; char *pserver = NULL; bool connected_ok = False; + struct named_mutex *mutex; if (!(cli = cli_initialise())) return NULL; @@ -74,7 +75,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) session setup yet it will send a TCP reset to the first connection (tridge) */ - if (!grab_server_mutex(desthost)) { + mutex = grab_named_mutex(talloc_tos(), desthost, 10); + if (mutex == NULL) { cli_shutdown(cli); return NULL; } @@ -87,7 +89,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) } DEBUG(10,("server_cryptkey: failed to connect to server %s. Error %s\n", desthost, nt_errstr(status) )); - release_server_mutex(); + TALLOC_FREE(mutex); } if (!connected_ok) { @@ -98,7 +100,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (!attempt_netbios_session_request(&cli, global_myname(), desthost, &dest_ss)) { - release_server_mutex(); + TALLOC_FREE(mutex); DEBUG(1,("password server fails session request\n")); cli_shutdown(cli); return NULL; @@ -111,16 +113,16 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) DEBUG(3,("got session\n")); if (!cli_negprot(cli)) { + TALLOC_FREE(mutex); DEBUG(1,("%s rejected the negprot\n",desthost)); - release_server_mutex(); cli_shutdown(cli); return NULL; } if (cli->protocol < PROTOCOL_LANMAN2 || !(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) { + TALLOC_FREE(mutex); DEBUG(1,("%s isn't in user level security mode\n",desthost)); - release_server_mutex(); cli_shutdown(cli); return NULL; } @@ -132,14 +134,14 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) if (!NT_STATUS_IS_OK(cli_session_setup(cli, "", "", 0, "", 0, ""))) { + TALLOC_FREE(mutex); DEBUG(0,("%s rejected the initial session setup (%s)\n", desthost, cli_errstr(cli))); - release_server_mutex(); cli_shutdown(cli); return NULL; } - release_server_mutex(); + TALLOC_FREE(mutex); DEBUG(3,("password server OK\n")); diff --git a/source/client/client.c b/source/client/client.c index 79b7dfe..9cb05c5 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -4097,11 +4097,7 @@ static void completion_remote_filter(const char *mnt, TALLOC_CTX *ctx = talloc_stackframe(); char *tmp; - if (info->dirmask && info->dirmask[0] != 0) { - tmp = talloc_strdup(ctx,info->dirmask); - } else { - tmp = talloc_strdup(ctx,""); - } + tmp = talloc_strdup(ctx,info->dirmask); if (!tmp) { TALLOC_FREE(ctx); return; @@ -4898,7 +4894,10 @@ static int do_message_op(void) } smb_encrypt = get_cmdline_auth_info_smb_encrypt(); - init_names(); + if (!init_names()) { + fprintf(stderr, "init_names() failed\n"); + exit(1); + } if(new_name_resolve_order) lp_set_name_resolve_order(new_name_resolve_order); diff --git a/source/client/clitar.c b/source/client/clitar.c index 04cc987..f53c9b4 100644 --- a/source/client/clitar.c +++ b/source/client/clitar.c @@ -668,16 +668,6 @@ static void do_atar(const char *rname_in,char *lname,file_info *finfo1) } safe_strcpy(finfo.name,rname, strlen(rname)); - if (!finfo1) { - time_t atime, mtime; - if (!cli_getattrE(cli, fnum, &finfo.mode, &finfo.size, NULL, &atime, &mtime)) { - DEBUG(0, ("getattrE: %s\n", cli_errstr(cli))); - goto cleanup; - } - finfo.atime_ts = convert_time_t_to_timespec(atime); - finfo.mtime_ts = convert_time_t_to_timespec(mtime); - finfo.ctime_ts = finfo.mtime_ts; - } DEBUG(3,("file %s attrib 0x%X\n",finfo.name,finfo.mode)); diff --git a/source/groupdb/mapping.h b/source/groupdb/mapping.h index 4af3831..c37ae84 100644 --- a/source/groupdb/mapping.h +++ b/source/groupdb/mapping.h @@ -2,6 +2,7 @@ #define DATABASE_VERSION_V2 2 /* le format. */ #define GROUP_PREFIX "UNIXGROUP/" +#define GROUP_PREFIX_LEN 10 /* Alias memberships are stored reverse, as memberships. The performance * critical operation is to determine the aliases a SID is member of, not @@ -9,6 +10,7 @@ * hanging of the member as key. */ #define MEMBEROF_PREFIX "MEMBEROF/" +#define MEMBEROF_PREFIX_LEN 9 /* groupdb mapping backend abstraction diff --git a/source/groupdb/mapping_tdb.c b/source/groupdb/mapping_tdb.c index 67e377c..c9c8cdc 100644 --- a/source/groupdb/mapping_tdb.c +++ b/source/groupdb/mapping_tdb.c @@ -23,7 +23,7 @@ #include "includes.h" #include "groupdb/mapping.h" -static TDB_CONTEXT *tdb; /* used for driver files */ +static struct db_context *db; /* used for driver files */ static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, bool unix_only); @@ -34,95 +34,119 @@ static bool group_map_remove(const DOM_SID *sid); ****************************************************************************/ static bool init_group_mapping(void) { - const char *vstring = "INFO/version"; - int32 vers_id; - GROUP_MAP *map_table = NULL; - size_t num_entries = 0; - - if (tdb) - return True; - - tdb = tdb_open_log(state_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); - if (!tdb) { - DEBUG(0,("Failed to open group mapping database\n")); - return False; + if (db != NULL) { + return true; } - /* handle a Samba upgrade */ - tdb_lock_bystring(tdb, vstring); - - /* Cope with byte-reversed older versions of the db. */ - vers_id = tdb_fetch_int32(tdb, vstring); - if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { - /* Written on a bigendian machine with old fetch_int code. Save as le. */ - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - vers_id = DATABASE_VERSION_V2; + db = db_open(NULL, state_path("group_mapping.tdb"), 0, TDB_DEFAULT, + O_RDWR|O_CREAT, 0600); + if (db == NULL) { + DEBUG(0, ("Failed to open group mapping database: %s\n", + strerror(errno))); + return false; } - /* if its an unknown version we remove everthing in the db */ - - if (vers_id != DATABASE_VERSION_V2) { - tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); - tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); - } +#if 0 + /* + * This code was designed to handle a group mapping version + * upgrade. mapping_tdb is not active by default anymore, so ignore + * this here. + */ + { + const char *vstring = "INFO/version"; + int32 vers_id; + GROUP_MAP *map_table = NULL; + size_t num_entries = 0; + + /* handle a Samba upgrade */ + tdb_lock_bystring(tdb, vstring); + + /* Cope with byte-reversed older versions of the db. */ + vers_id = tdb_fetch_int32(tdb, vstring); + if ((vers_id == DATABASE_VERSION_V1) + || (IREV(vers_id) == DATABASE_VERSION_V1)) { + /* + * Written on a bigendian machine with old fetch_int + * code. Save as le. + */ + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); + vers_id = DATABASE_VERSION_V2; + } - tdb_unlock_bystring(tdb, vstring); + /* if its an unknown version we remove everthing in the db */ - /* cleanup any map entries with a gid == -1 */ - - if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, &num_entries, False ) ) { - int i; - - for ( i=0; i<num_entries; i++ ) { - if ( map_table[i].gid == -1 ) { - group_map_remove( &map_table[i].sid ); + if (vers_id != DATABASE_VERSION_V2) { + tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); + } + + tdb_unlock_bystring(tdb, vstring); + + /* cleanup any map entries with a gid == -1 */ + + if ( enum_group_mapping( NULL, SID_NAME_UNKNOWN, &map_table, + &num_entries, False ) ) { + int i; + + for ( i=0; i<num_entries; i++ ) { + if ( map_table[i].gid == -1 ) { + group_map_remove( &map_table[i].sid ); + } } + + SAFE_FREE( map_table ); } - - SAFE_FREE( map_table ); } +#endif + return true; +} + +static char *group_mapping_key(TALLOC_CTX *mem_ctx, const DOM_SID *sid) +{ + char *sidstr, *result; - return True; + sidstr = sid_string_talloc(talloc_tos(), sid); + if (sidstr == NULL) { + return NULL; + } + + result = talloc_asprintf(mem_ctx, "GROUP_PREFIX%s", sidstr); + + TALLOC_FREE(sidstr); + return result; } /**************************************************************************** ****************************************************************************/ static bool add_mapping_entry(GROUP_MAP *map, int flag) { - TDB_DATA dbuf; - char *key = NULL; - char *buf = NULL; - fstring string_sid=""; + char *key, *buf; int len; - bool ret; + NTSTATUS status; - sid_to_fstring(string_sid, &map->sid); + key = group_mapping_key(talloc_tos(), &map->sid); + if (key == NULL) { + return NULL; + } len = tdb_pack(NULL, sizeof(buf), "ddff", map->gid, map->sid_name_use, map->nt_name, map->comment); - if (len) { - buf = SMB_MALLOC_ARRAY(char, len); - if (!buf) { - return false; - } - len = tdb_pack((uint8 *)buf, sizeof(buf), "ddff", map->gid, - map->sid_name_use, map->nt_name, map->comment); - } - if (asprintf(&key, "%s%s", GROUP_PREFIX, string_sid) < 0) { - SAFE_FREE(buf); + buf = TALLOC_ARRAY(key, char, len); + if (!buf) { + TALLOC_FREE(key); return false; } + len = tdb_pack((uint8 *)buf, len, "ddff", map->gid, + map->sid_name_use, map->nt_name, map->comment); - dbuf.dsize = len; - dbuf.dptr = (uint8 *)buf; + status = dbwrap_store_bystring( + db, key, make_tdb_data((uint8_t *)buf, len), flag); - ret = (tdb_store_bystring(tdb, key, dbuf, flag) == 0); + TALLOC_FREE(key); - SAFE_FREE(key); - SAFE_FREE(buf); - return ret; + return NT_STATUS_IS_OK(status); } @@ -133,129 +157,121 @@ static bool add_mapping_entry(GROUP_MAP *map, int flag) static bool get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map) { TDB_DATA dbuf; - char *key = NULL; - fstring string_sid; + char *key; int ret = 0; /* the key is the SID, retrieving is direct */ - sid_to_fstring(string_sid, &sid); - if (asprintf(&key, "%s%s", GROUP_PREFIX, string_sid) < 0) { + key = group_mapping_key(talloc_tos(), &map->sid); + if (key == NULL) { return false; } - dbuf = tdb_fetch_bystring(tdb, key); - if (!dbuf.dptr) { - SAFE_FREE(key); + dbuf = dbwrap_fetch_bystring(db, key, key); + if (dbuf.dptr == NULL) { + TALLOC_FREE(key); return false; } - SAFE_FREE(key); - ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); - SAFE_FREE(dbuf.dptr); + TALLOC_FREE(key); if ( ret == -1 ) { DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); - return False; + return false; } sid_copy(&map->sid, &sid); - return True; + return true; } -/**************************************************************************** - Return the sid and the type of the unix group. -****************************************************************************/ - -static bool get_group_map_from_gid(gid_t gid, GROUP_MAP *map) +static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map) { - TDB_DATA kbuf, dbuf, newkey; - fstring string_sid; - int ret; - - /* we need to enumerate the TDB to find the GID */ - - for (kbuf = tdb_firstkey(tdb); - kbuf.dptr; - newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { - -- Samba Shared Repository