- return(False);
- }
-
- map.gid=gid;
- if (!string_to_sid(&map.sid, sid)) {
- DEBUG(0, ("string_to_sid failed: %s", sid));
- return False;
- }
-
- map.sid_name_use=sid_name_use;
- fstrcpy(map.nt_name, nt_name);
- fstrcpy(map.comment, comment);
-
- return pdb_add_group_mapping_entry(&map);
-}
-
-/****************************************************************************
- Return the sid and the type of the unix group.
-****************************************************************************/
-
-static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
-{
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
- int ret = 0;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
- /* the key is the SID, retrieving is direct */
-
- sid_to_string(string_sid, &sid);
- slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
-
- kbuf.dptr = key;
- kbuf.dsize = strlen(key)+1;
-
- dbuf = tdb_fetch(tdb, kbuf);
- if (!dbuf.dptr)
- return False;
-
- ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
- &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
-
- SAFE_FREE(dbuf.dptr);
-
- if ( ret == -1 ) {
- DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n"));
- return False;
- }
-
- sid_copy(&map->sid, &sid);
-
- return True;
-}
-
-/****************************************************************************
- Return the sid and the type of the unix group.
-****************************************************************************/
-
-static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
-{
- TDB_DATA kbuf, dbuf, newkey;
- fstring string_sid;
- int ret;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
- /* we need to enumerate the TDB to find the GID */
-
- for (kbuf = tdb_firstkey(tdb);
- kbuf.dptr;
- newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
-
- if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
-
- dbuf = tdb_fetch(tdb, kbuf);
- if (!dbuf.dptr)
- continue;
-
- fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
-
- string_to_sid(&map->sid, string_sid);
-
- ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
- &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
-
- SAFE_FREE(dbuf.dptr);
-
- if ( ret == -1 ) {
- DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n"));
- return False;
- }
-
- if (gid==map->gid) {
- SAFE_FREE(kbuf.dptr);
- return True;
- }
- }
-
- return False;
-}
-
-/****************************************************************************
- Return the sid and the type of the unix group.
-****************************************************************************/
-
-static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map)
-{
- TDB_DATA kbuf, dbuf, newkey;
- fstring string_sid;
- int ret;
-
- if(!init_group_mapping()) {
- DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n"));
- return(False);
- }
-
- /* we need to enumerate the TDB to find the name */
-
- for (kbuf = tdb_firstkey(tdb);
- kbuf.dptr;
- newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
-
- if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
-
- dbuf = tdb_fetch(tdb, kbuf);
- if (!dbuf.dptr)
- continue;
-
- fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
-
- string_to_sid(&map->sid, string_sid);
-
- ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
- &map->gid, &map->sid_name_use, &map->nt_name, &map->comment);
-
- SAFE_FREE(dbuf.dptr);
-
- if ( ret == -1 ) {
- DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n"));
- return False;
- }
-
- if (StrCaseCmp(name, map->nt_name)==0) {
- SAFE_FREE(kbuf.dptr);
- return True;
- }
- }
-
- return False;
-}
-
-/****************************************************************************
- Remove a group mapping entry.
-****************************************************************************/
-
-static BOOL group_map_remove(const DOM_SID *sid)
-{
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
- /* the key is the SID, retrieving is direct */
-
- sid_to_string(string_sid, sid);
- slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
-
- kbuf.dptr = key;
- kbuf.dsize = strlen(key)+1;
-
- dbuf = tdb_fetch(tdb, kbuf);
- if (!dbuf.dptr)
- return False;
-
- SAFE_FREE(dbuf.dptr);
-
- if(tdb_delete(tdb, kbuf) != TDB_SUCCESS)
- return False;
-
- return True;
-}
-
-/****************************************************************************
- Enumerate the group mapping.
-****************************************************************************/
-
-static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
- int *num_entries, BOOL unix_only)
-{
- TDB_DATA kbuf, dbuf, newkey;
- fstring string_sid;
- fstring group_type;
- GROUP_MAP map;
- GROUP_MAP *mapt;
- int ret;
- int entries=0;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
- *num_entries=0;
- *rmap=NULL;
-
- for (kbuf = tdb_firstkey(tdb);
- kbuf.dptr;
- newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
-
- if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0)
- continue;
-
- dbuf = tdb_fetch(tdb, kbuf);
- if (!dbuf.dptr)
- continue;
-
- fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
-
- ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
- &map.gid, &map.sid_name_use, &map.nt_name, &map.comment);
-
- SAFE_FREE(dbuf.dptr);
-
- if ( ret == -1 ) {
- DEBUG(3,("enum_group_mapping: tdb_unpack failure\n"));
- continue;
- }
-
- /* list only the type or everything if UNKNOWN */
- if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) {
- DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name));
- continue;
- }
-
- if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
- DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name));
- continue;
- }
-
- string_to_sid(&map.sid, string_sid);
-
- decode_sid_name_use(group_type, map.sid_name_use);
- DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));
-
- mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
- if (!mapt) {
- DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
- SAFE_FREE(*rmap);
- return False;
- }
- else
- (*rmap) = mapt;
-
- mapt[entries].gid = map.gid;
- sid_copy( &mapt[entries].sid, &map.sid);
- mapt[entries].sid_name_use = map.sid_name_use;
- fstrcpy(mapt[entries].nt_name, map.nt_name);
- fstrcpy(mapt[entries].comment, map.comment);
-
- entries++;
-
- }
-
- *num_entries=entries;
-
- return True;
-}
-
-static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- GROUP_MAP map;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
- char *new_memberstring;
- int result;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!get_group_map_from_sid(*alias, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
- return NT_STATUS_NO_SUCH_ALIAS;
-
- sid_to_string(string_sid, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
-
- dbuf = tdb_fetch(tdb, kbuf);
-
- sid_to_string(string_sid, member);
-
- if (dbuf.dptr != NULL) {
- asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
- string_sid);
- } else {
- new_memberstring = strdup(string_sid);
- }
-
- if (new_memberstring == NULL)
- return NT_STATUS_NO_MEMORY;
-
- SAFE_FREE(dbuf.dptr);
- dbuf.dsize = strlen(new_memberstring)+1;
- dbuf.dptr = new_memberstring;
-
- result = tdb_store(tdb, kbuf, dbuf, 0);
-
- SAFE_FREE(new_memberstring);
-
- return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
-}
-
-static void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
-{
- *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID));
-
- if (*sids == NULL)
- return;
-
- sid_copy(&((*sids)[*num]), sid);
- *num += 1;
-
- return;
-}
-
-static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num)
-{
- GROUP_MAP map;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
- const char *p;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!get_group_map_from_sid(*alias, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
- return NT_STATUS_NO_SUCH_ALIAS;
-
- *sids = NULL;
- *num = 0;
-
- sid_to_string(string_sid, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
-
- dbuf = tdb_fetch(tdb, kbuf);
-
- if (dbuf.dptr == NULL) {
- return NT_STATUS_OK;
- }
-
- p = dbuf.dptr;
-
- while (next_token(&p, string_sid, " ", sizeof(string_sid))) {
-
- DOM_SID sid;
-
- if (!string_to_sid(&sid, string_sid))
- continue;
-
- add_sid_to_array(&sid, sids, num);
-
- if (sids == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- SAFE_FREE(dbuf.dptr);
-
- return NT_STATUS_OK;
-}
-
-/* This is racy as hell, but hey, it's only a prototype :-) */
-
-static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- NTSTATUS result;
- DOM_SID *sids;
- int i, num;
- BOOL found = False;
- char *member_string;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring sid_string;
-
- result = enum_aliasmem(alias, &sids, &num);
-
- if (!NT_STATUS_IS_OK(result))
- return result;
-
- for (i=0; i<num; i++) {
- if (sid_compare(&sids[i], member) == 0) {
- found = True;
- break;
- }
- }
-
- if (!found) {
- SAFE_FREE(sids);
- return NT_STATUS_MEMBER_NOT_IN_ALIAS;
- }
-
- if (i < num)
- sids[i] = sids[num-1];
-
- num -= 1;
-
- member_string = strdup("");
-
- if (member_string == NULL) {
- SAFE_FREE(sids);
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i<num; i++) {
- char *s = member_string;
-
- sid_to_string(sid_string, &sids[i]);
- asprintf(&member_string, "%s %s", s, sid_string);
-
- SAFE_FREE(s);
- if (member_string == NULL) {
- SAFE_FREE(sids);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- sid_to_string(sid_string, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, sid_string);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
- dbuf.dsize = strlen(member_string)+1;
- dbuf.dptr = member_string;
-
- result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
- NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
-
- SAFE_FREE(sids);
- SAFE_FREE(member_string);
-
- return result;
-}
-
-static BOOL is_foreign_alias_member(const DOM_SID *sid, const DOM_SID *alias)
-{
- DOM_SID *members;
- int i, num;
- BOOL result = False;
-
- if (!NT_STATUS_IS_OK(enum_aliasmem(alias, &members, &num)))
- return False;
-
- for (i=0; i<num; i++) {
-
- if (sid_compare(&members[i], sid) == 0) {
- result = True;
- break;
- }
- }
-
- SAFE_FREE(members);
- return result;
-}
-
-static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num)
-{
- GROUP_MAP *maps;
- int i, num_maps;
-
- *num = 0;
- *sids = NULL;
-
- if (!enum_group_mapping(SID_NAME_WKN_GRP, &maps, &num_maps, False))
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<num_maps; i++) {
-
- if (is_foreign_alias_member(sid, &maps[i].sid)) {
-
- add_sid_to_array(&maps[i].sid, sids, num);
-
- if (sids == NULL) {
- SAFE_FREE(maps);
- return NT_STATUS_NO_MEMORY;
- }
- }
- }
- SAFE_FREE(maps);
-
- if (!enum_group_mapping(SID_NAME_ALIAS, &maps, &num_maps, False))
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<num_maps; i++) {
- if (is_foreign_alias_member(sid, &maps[i].sid)) {
-
- add_sid_to_array(&maps[i].sid, sids, num);
-
- if (sids == NULL) {
- SAFE_FREE(maps);
- return NT_STATUS_NO_MEMORY;
- }
- }
- }
- SAFE_FREE(maps);
-
- return NT_STATUS_OK;
-}
-
-/*
- *
- * High level functions
- * better to use them than the lower ones.
- *
- * we are checking if the group is in the mapping file
- * and if the group is an existing unix group
- *
- */
-
-/* get a domain group from it's SID */
-
-BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
-{
- struct group *grp;
- BOOL ret;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
- DEBUG(10, ("get_domain_group_from_sid\n"));
-
- /* if the group is NOT in the database, it CAN NOT be a domain group */
-
- become_root();
- ret = pdb_getgrsid(map, sid);
- unbecome_root();
-
- if ( !ret )
- return False;
-
- DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
-
- /* if it's not a domain group, continue */
- if (map->sid_name_use!=SID_NAME_DOM_GRP) {
- return False;
- }
-
- DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n"));
-
- if (map->gid==-1) {
- return False;
- }
-
- DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%lu\n",(unsigned long)map->gid));
-
- grp = getgrgid(map->gid);
- if ( !grp ) {
- DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n"));
- return False;
- }
-
- DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n"));
-
- return True;
-}
-
-
-/* get a local (alias) group from it's SID */
-
-BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
-{
- BOOL ret;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
- /* The group is in the mapping table */
- become_root();
- ret = pdb_getgrsid(map, *sid);
- unbecome_root();
-
- if ( !ret )
- return False;
-
- if ( ( (map->sid_name_use != SID_NAME_ALIAS) &&
- (map->sid_name_use != SID_NAME_WKN_GRP) )
- || (map->gid == -1)
- || (getgrgid(map->gid) == NULL) )
- {
- return False;
- }
-
-#if 1 /* JERRY */
- /* local groups only exist in the group mapping DB so this
- is not necessary */
-
- else {
- /* the group isn't in the mapping table.
- * make one based on the unix information */
- uint32 alias_rid;
- struct group *grp;
-
- sid_peek_rid(sid, &alias_rid);
- map->gid=pdb_group_rid_to_gid(alias_rid);
-
- grp = getgrgid(map->gid);
- if ( !grp ) {
- DEBUG(3,("get_local_group_from_sid: No unix group for [%ul]\n", map->gid));
- return False;
- }
-
- map->sid_name_use=SID_NAME_ALIAS;
-
- fstrcpy(map->nt_name, grp->gr_name);
- fstrcpy(map->comment, "Local Unix Group");
-
- sid_copy(&map->sid, sid);
- }
-#endif
-
- return True;
-}
-
-/* get a builtin group from it's SID */
-
-BOOL get_builtin_group_from_sid(DOM_SID *sid, GROUP_MAP *map)
-{
- struct group *grp;
- BOOL ret;
-
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);
- }
-
- become_root();
- ret = pdb_getgrsid(map, *sid);
- unbecome_root();
-
- if ( !ret )
- return False;
-
- if (map->sid_name_use!=SID_NAME_WKN_GRP) {
- return False;
- }
-
- if (map->gid==-1) {
- return False;
- }
-
- if ( (grp=getgrgid(map->gid)) == NULL) {
- return False;
- }
-
- return True;
-}
-
-
-
-/****************************************************************************
-Returns a GROUP_MAP struct based on the gid.
-****************************************************************************/
-BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map)
-{
- struct group *grp;
- BOOL ret;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return(False);