s3-group-mapping: Remove fstrings from GROUP_MAP.

Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 12 19:28:12 CEST 2011 on sn-devel-104

diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 907d40fe2af39c15c7acc9ec67d48a6ea5022b46..2c0fea0cb98408a7dbad173d05fde617500bf24b 100644 (file)
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -51,24 +51,48 @@ initialise first time the mapping list
 ****************************************************************************/
 NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment)
 {
-       GROUP_MAP map;
+       NTSTATUS status;
+       GROUP_MAP *map;
 
        if(!init_group_mapping()) {
                DEBUG(0,("failed to initialize group mapping\n"));
                return NT_STATUS_UNSUCCESSFUL;
        }
 
-       map.gid=gid;
-       if (!string_to_sid(&map.sid, sid)) {
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       map->gid=gid;
+       if (!string_to_sid(&map->sid, sid)) {
                DEBUG(0, ("string_to_sid failed: %s", sid));
-               return NT_STATUS_UNSUCCESSFUL;
+               status = NT_STATUS_UNSUCCESSFUL;
+               goto done;
+       }
+
+       map->sid_name_use=sid_name_use;
+       map->nt_name = talloc_strdup(map, nt_name);
+       if (!map->nt_name) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+
+       if (comment) {
+               map->comment = talloc_strdup(map, comment);
+       } else {
+               map->comment = talloc_strdup(map, "");
+       }
+       if (!map->comment) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
        }
 
-       map.sid_name_use=sid_name_use;
-       fstrcpy(map.nt_name, nt_name);
-       fstrcpy(map.comment, comment);
+       status = pdb_add_group_mapping_entry(map);
 
-       return pdb_add_group_mapping_entry(&map);
+done:
+       TALLOC_FREE(map);
+       return status;
 }
 
 static NTSTATUS alias_memberships(const struct dom_sid *members, size_t num_members,
@@ -133,8 +157,14 @@ bool get_domain_group_from_sid(struct dom_sid sid, GROUP_MAP *map)
                sid_peek_rid( &sid, &rid );
 
                if ( rid == DOMAIN_RID_USERS ) {
-                       fstrcpy( map->nt_name, "None" );
-                       fstrcpy( map->comment, "Ordinary Users" );
+                       map->nt_name = talloc_strdup(map, "None");
+                       if (!map->nt_name) {
+                               return false;
+                       }
+                       map->comment = talloc_strdup(map, "Ordinary Users");
+                       if (!map->comment) {
+                               return false;
+                       }
                        sid_copy( &map->sid, &sid );
                        map->sid_name_use = SID_NAME_DOM_GRP;
                        map->gid = (gid_t)-1;
@@ -453,9 +483,11 @@ NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
 }
 
 NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
-                                          const struct dom_sid *sid, enum lsa_SidType sid_name_use,
-                                          GROUP_MAP **pp_rmap, size_t *p_num_entries,
-                                          bool unix_only)
+                                       const struct dom_sid *sid,
+                                       enum lsa_SidType sid_name_use,
+                                       GROUP_MAP ***pp_rmap,
+                                       size_t *p_num_entries,
+                                       bool unix_only)
 {
        if (!init_group_mapping()) {
                DEBUG(0,("failed to initialize group mapping\n"));
@@ -473,7 +505,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
        uint32 new_rid;
        gid_t gid;
        bool exists;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        TALLOC_CTX *mem_ctx;
        NTSTATUS status;
 
@@ -486,15 +518,16 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
 
        exists = lookup_name(mem_ctx, name, LOOKUP_NAME_LOCAL,
                             NULL, NULL, &sid, &type);
-       TALLOC_FREE(mem_ctx);
 
        if (exists) {
-               return NT_STATUS_ALIAS_EXISTS;
+               status = NT_STATUS_ALIAS_EXISTS;
+               goto done;
        }
 
        if (!pdb_new_rid(&new_rid)) {
                DEBUG(0, ("Could not allocate a RID.\n"));
-               return NT_STATUS_ACCESS_DENIED;
+               status = NT_STATUS_ACCESS_DENIED;
+               goto done;
        }
 
        sid_compose(&sid, get_global_sam_sid(), new_rid);
@@ -502,29 +535,46 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
        if (!winbind_allocate_gid(&gid)) {
                DEBUG(3, ("Could not get a gid out of winbind - "
                          "wasted a rid :-(\n"));
-               return NT_STATUS_ACCESS_DENIED;
+               status = NT_STATUS_ACCESS_DENIED;
+               goto done;
        }
 
        DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
                   name, (unsigned int)gid, (unsigned int)new_rid));
 
-       map.gid = gid;
-       sid_copy(&map.sid, &sid);
-       map.sid_name_use = SID_NAME_ALIAS;
-       fstrcpy(map.nt_name, name);
-       fstrcpy(map.comment, "");
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+
+       map->gid = gid;
+       sid_copy(&map->sid, &sid);
+       map->sid_name_use = SID_NAME_ALIAS;
+       map->nt_name = talloc_strdup(map, name);
+       if (!map->nt_name) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+       map->comment = talloc_strdup(map, "");
+       if (!map->comment) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
 
-       status = pdb_add_group_mapping_entry(&map);
+       status = pdb_add_group_mapping_entry(map);
 
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("Could not add group mapping entry for alias %s "
                          "(%s)\n", name, nt_errstr(status)));
-               return status;
+               goto done;
        }
 
        *rid = new_rid;
 
-       return NT_STATUS_OK;
+done:
+       TALLOC_FREE(mem_ctx);
+       return status;
 }
 
 NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
@@ -537,44 +587,78 @@ NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
                                   const struct dom_sid *sid,
                                   struct acct_info *info)
 {
-       GROUP_MAP map;
+       NTSTATUS status = NT_STATUS_OK;
+       GROUP_MAP *map;
 
-       if (!pdb_getgrsid(&map, *sid))
-               return NT_STATUS_NO_SUCH_ALIAS;
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!pdb_getgrsid(map, *sid)) {
+               status = NT_STATUS_NO_SUCH_ALIAS;
+               goto done;
+       }
 
-       if ((map.sid_name_use != SID_NAME_ALIAS) &&
-           (map.sid_name_use != SID_NAME_WKN_GRP)) {
+       if ((map->sid_name_use != SID_NAME_ALIAS) &&
+           (map->sid_name_use != SID_NAME_WKN_GRP)) {
                DEBUG(2, ("%s is a %s, expected an alias\n",
                          sid_string_dbg(sid),
-                         sid_type_lookup(map.sid_name_use)));
-               return NT_STATUS_NO_SUCH_ALIAS;
+                         sid_type_lookup(map->sid_name_use)));
+               status = NT_STATUS_NO_SUCH_ALIAS;
+               goto done;
        }
 
-       info->acct_name = talloc_strdup(info, map.nt_name);
+       info->acct_name = talloc_move(info, &map->nt_name);
        if (!info->acct_name) {
-               return NT_STATUS_NO_MEMORY;
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
        }
-       info->acct_desc = talloc_strdup(info, map.comment);
+       info->acct_desc = talloc_move(info, &map->comment);
        if (!info->acct_desc) {
-               return NT_STATUS_NO_MEMORY;
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
        }
-       sid_peek_rid(&map.sid, &info->rid);
-       return NT_STATUS_OK;
+       sid_peek_rid(&map->sid, &info->rid);
+
+done:
+       TALLOC_FREE(map);
+       return status;
 }
 
 NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
                                   const struct dom_sid *sid,
                                   struct acct_info *info)
 {
-       GROUP_MAP map;
+       NTSTATUS status = NT_STATUS_OK;
+       GROUP_MAP *map;
 
-       if (!pdb_getgrsid(&map, *sid))
-               return NT_STATUS_NO_SUCH_ALIAS;
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
 
-       fstrcpy(map.nt_name, info->acct_name);
-       fstrcpy(map.comment, info->acct_desc);
+       if (!pdb_getgrsid(map, *sid)) {
+               status = NT_STATUS_NO_SUCH_ALIAS;
+               goto done;
+       }
+
+       map->nt_name = talloc_strdup(map, info->acct_name);
+       if (!map->nt_name) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+       map->comment = talloc_strdup(map, info->acct_desc);
+       if (!map->comment) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+
+       status = pdb_update_group_mapping_entry(map);
 
-       return pdb_update_group_mapping_entry(&map);
+done:
+       TALLOC_FREE(map);
+       return status;
 }
 
 NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
@@ -715,11 +799,9 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid)
        struct dom_sid sid;
        enum lsa_SidType type;
        gid_t gid;
-       GROUP_MAP map;
-       TALLOC_CTX *mem_ctx;
+       GROUP_MAP *map;
        NTSTATUS status;
        const char *name = NULL;
-       fstring groupname;
 
        DEBUG(10, ("Trying to create builtin alias %d\n", rid));
 
@@ -727,40 +809,48 @@ NTSTATUS pdb_create_builtin_alias(uint32 rid)
                return NT_STATUS_NO_SUCH_ALIAS;
        }
 
-       if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
+       /* use map as overall temp mem context */
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
                return NT_STATUS_NO_MEMORY;
        }
 
-       if ( !lookup_sid(mem_ctx, &sid, NULL, &name, &type) ) {
-               TALLOC_FREE( mem_ctx );
-               return NT_STATUS_NO_SUCH_ALIAS;
+       if (!lookup_sid(map, &sid, NULL, &name, &type)) {
+               status = NT_STATUS_NO_SUCH_ALIAS;
+               goto done;
        }
 
-       /* validate RID so copy the name and move on */
-
-       fstrcpy( groupname, name );
-       TALLOC_FREE( mem_ctx );
-
        if (!winbind_allocate_gid(&gid)) {
                DEBUG(3, ("pdb_create_builtin_alias: Could not get a gid out of winbind\n"));
-               return NT_STATUS_ACCESS_DENIED;
+               status = NT_STATUS_ACCESS_DENIED;
+               goto done;
        }
 
-       DEBUG(10,("Creating alias %s with gid %u\n", groupname, (unsigned int)gid));
+       DEBUG(10, ("Creating alias %s with gid %u\n", name, (unsigned)gid));
 
-       map.gid = gid;
-       sid_copy(&map.sid, &sid);
-       map.sid_name_use = SID_NAME_ALIAS;
-       strlcpy(map.nt_name, groupname, sizeof(map.nt_name));
-       strlcpy(map.comment, "", sizeof(map.comment));
+       map->gid = gid;
+       sid_copy(&map->sid, &sid);
+       map->sid_name_use = SID_NAME_ALIAS;
+       map->nt_name = talloc_strdup(map, name);
+       if (!map->nt_name) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+       map->comment = talloc_strdup(map, "");
+       if (!map->comment) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
 
-       status = pdb_add_group_mapping_entry(&map);
+       status = pdb_add_group_mapping_entry(map);
 
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0, ("pdb_create_builtin_alias: Could not add group mapping entry for alias %d "
                          "(%s)\n", rid, nt_errstr(status)));
        }
 
+done:
+       TALLOC_FREE(map);
        return status;
 }
 

diff --git a/source3/groupdb/mapping.h b/source3/groupdb/mapping.h
index 045721d67e61eff7e7ae0c02efca9613fa1e184f..bb6cc02ed866c6d7ac1dc26ad7e5dbf0fb7a6187 100644 (file)
--- a/source3/groupdb/mapping.h
+++ b/source3/groupdb/mapping.h
@@ -45,7 +45,7 @@ struct mapping_backend {
        bool (*get_group_map_from_ntname)(const char *name, GROUP_MAP *map);
        bool (*group_map_remove)(const struct dom_sid *sid);
        bool (*enum_group_mapping)(const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
-                                  GROUP_MAP **pp_rmap,
+                                  GROUP_MAP ***pp_rmap,
                                   size_t *p_num_entries, bool unix_only);
        NTSTATUS (*one_alias_membership)(const struct dom_sid *member,
                                         struct dom_sid **sids, size_t *num);

diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c
index 0c4b2fa405935d365f91bebc1173f4f7e0e4859c..394a2f0b223eb78b21124a593742e03314767f08 100644 (file)
--- a/source3/groupdb/mapping_tdb.c
+++ b/source3/groupdb/mapping_tdb.c
@@ -34,7 +34,7 @@ static struct db_context *db; /* used for driver files */
 
 static bool enum_group_mapping(const struct dom_sid *domsid,
                               enum lsa_SidType sid_name_use,
-                              GROUP_MAP **pp_rmap,
+                              GROUP_MAP ***pp_rmap,
                               size_t *p_num_entries,
                               bool unix_only);
 static bool group_map_remove(const struct dom_sid *sid);
@@ -175,6 +175,8 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
        char *key;
        int ret = 0;
        NTSTATUS status;
+       fstring nt_name;
+       fstring comment;
 
        /* the key is the SID, retrieving is direct */
 
@@ -191,7 +193,7 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
 
        ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff",
                        &map->gid, &map->sid_name_use,
-                       &map->nt_name, &map->comment);
+                       &nt_name, &comment);
 
        TALLOC_FREE(key);
 
@@ -202,6 +204,15 @@ static bool get_group_map_from_sid(struct dom_sid sid, GROUP_MAP *map)
 
        sid_copy(&map->sid, &sid);
 
+       map->nt_name = talloc_strdup(map, nt_name);
+       if (!map->nt_name) {
+               return false;
+       }
+       map->comment = talloc_strdup(map, comment);
+       if (!map->comment) {
+               return false;
+       }
+
        return true;
 }
 
@@ -209,6 +220,9 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map)
 {
        TDB_DATA key = dbwrap_record_get_key(rec);
        TDB_DATA value = dbwrap_record_get_value(rec);
+       int ret = 0;
+       fstring nt_name;
+       fstring comment;
 
        if ((key.dsize < strlen(GROUP_PREFIX))
            || (strncmp((char *)key.dptr, GROUP_PREFIX,
@@ -221,9 +235,25 @@ static bool dbrec2map(const struct db_record *rec, GROUP_MAP *map)
                return False;
        }
 
-       return tdb_unpack(value.dptr, value.dsize, "ddff",
-                         &map->gid, &map->sid_name_use, &map->nt_name,
-                         &map->comment) != -1;
+       ret = tdb_unpack(value.dptr, value.dsize, "ddff",
+                         &map->gid, &map->sid_name_use,
+                         &nt_name, &comment);
+
+       if (ret == -1) {
+               DEBUG(3, ("dbrec2map: tdb_unpack failure\n"));
+               return false;
+       }
+
+       map->nt_name = talloc_strdup(map, nt_name);
+       if (!map->nt_name) {
+               return false;
+       }
+       map->comment = talloc_strdup(map, comment);
+       if (!map->comment) {
+               return false;
+       }
+
+       return true;
 }
 
 struct find_map_state {
@@ -323,55 +353,67 @@ struct enum_map_state {
        bool unix_only;
 
        size_t num_maps;
-       GROUP_MAP *maps;
+       GROUP_MAP **maps;
 };
 
 static int collect_map(struct db_record *rec, void *private_data)
 {
        struct enum_map_state *state = (struct enum_map_state *)private_data;
-       GROUP_MAP map;
-       GROUP_MAP *tmp;
+       GROUP_MAP *map;
+       GROUP_MAP **tmp;
+
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               DEBUG(0, ("Unable to allocate group map!\n"));
+               return 1;
+       }
 
-       if (!dbrec2map(rec, &map)) {
+       if (!dbrec2map(rec, map)) {
+               TALLOC_FREE(map);
                return 0;
        }
        /* list only the type or everything if UNKNOWN */
        if (state->sid_name_use != SID_NAME_UNKNOWN
-           && state->sid_name_use != map.sid_name_use) {
+           && state->sid_name_use != map->sid_name_use) {
                DEBUG(11,("enum_group_mapping: group %s is not of the "
-                         "requested type\n", map.nt_name));
+                         "requested type\n", map->nt_name));
+               TALLOC_FREE(map);
                return 0;
        }
 
-       if ((state->unix_only == ENUM_ONLY_MAPPED) && (map.gid == -1)) {
+       if ((state->unix_only == ENUM_ONLY_MAPPED) && (map->gid == -1)) {
                DEBUG(11,("enum_group_mapping: group %s is non mapped\n",
-                         map.nt_name));
+                         map->nt_name));
+               TALLOC_FREE(map);
                return 0;
        }
 
        if ((state->domsid != NULL) &&
-           (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
+           (dom_sid_compare_domain(state->domsid, &map->sid) != 0)) {
                DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
-                         sid_string_dbg(&map.sid)));
+                         sid_string_dbg(&map->sid)));
+               TALLOC_FREE(map);
                return 0;
        }
 
-       if (!(tmp = SMB_REALLOC_ARRAY(state->maps, GROUP_MAP,
-                                     state->num_maps+1))) {
+       tmp = talloc_realloc(NULL, state->maps, GROUP_MAP *,
+                                       state->num_maps + 1);
+       if (!tmp) {
                DEBUG(0,("enum_group_mapping: Unable to enlarge group "
                         "map!\n"));
+               TALLOC_FREE(map);
                return 1;
        }
 
        state->maps = tmp;
-       state->maps[state->num_maps] = map;
+       state->maps[state->num_maps] = talloc_move(state->maps, &map);
        state->num_maps++;
        return 0;
 }
 
 static bool enum_group_mapping(const struct dom_sid *domsid,
                               enum lsa_SidType sid_name_use,
-                              GROUP_MAP **pp_rmap,
+                              GROUP_MAP ***pp_rmap,
                               size_t *p_num_entries, bool unix_only)
 {
        struct enum_map_state state;
@@ -385,6 +427,7 @@ static bool enum_group_mapping(const struct dom_sid *domsid,
 
        status = dbwrap_traverse_read(db, collect_map, (void *)&state, NULL);
        if (!NT_STATUS_IS_OK(status)) {
+               TALLOC_FREE(state.maps);
                return false;
        }
 
@@ -479,7 +522,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe
 
 static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
 {
-       GROUP_MAP map;
+       GROUP_MAP *map;
        char *key;
        fstring string_sid;
        char *new_memberstring;
@@ -487,12 +530,23 @@ static NTSTATUS add_aliasmem(const struct dom_sid *alias, const struct dom_sid *
        NTSTATUS status;
        TDB_DATA value;
 
-       if (!get_group_map_from_sid(*alias, &map))
+       map = talloc_zero(talloc_tos(), GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!get_group_map_from_sid(*alias, map)) {
+               TALLOC_FREE(map);
                return NT_STATUS_NO_SUCH_ALIAS;
+       }
 
-       if ( (map.sid_name_use != SID_NAME_ALIAS) &&
-            (map.sid_name_use != SID_NAME_WKN_GRP) )
+       if ((map->sid_name_use != SID_NAME_ALIAS) &&
+           (map->sid_name_use != SID_NAME_WKN_GRP)) {
+               TALLOC_FREE(map);
                return NT_STATUS_NO_SUCH_ALIAS;
+       }
+
+       TALLOC_FREE(map);
 
        if (is_aliasmem(alias, member))
                return NT_STATUS_MEMBER_IN_ALIAS;
@@ -629,15 +683,26 @@ static int collect_aliasmem(struct db_record *rec, void *priv)
 static NTSTATUS enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx,
                              struct dom_sid **sids, size_t *num)
 {
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct aliasmem_state state;
 
-       if (!get_group_map_from_sid(*alias, &map))
+       map = talloc_zero(talloc_tos(), GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!get_group_map_from_sid(*alias, map)) {
+               TALLOC_FREE(map);
                return NT_STATUS_NO_SUCH_ALIAS;
+       }
 
-       if ( (map.sid_name_use != SID_NAME_ALIAS) &&
-            (map.sid_name_use != SID_NAME_WKN_GRP) )
+       if ((map->sid_name_use != SID_NAME_ALIAS) &&
+           (map->sid_name_use != SID_NAME_WKN_GRP)) {
+               TALLOC_FREE(map);
                return NT_STATUS_NO_SUCH_ALIAS;
+       }
+
+       TALLOC_FREE(map);
 
        *sids = NULL;
        *num = 0;
@@ -774,7 +839,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
                              TDB_DATA data, void *ptr)
 {
        TALLOC_CTX *tmp_ctx = talloc_tos();
-       GROUP_MAP map;
+       GROUP_MAP *map = NULL;
        uint8_t *p;
        uint32_t format;
        uint32_t num_el;
@@ -839,7 +904,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
                goto failed;
        }
 
-       ZERO_STRUCT(map);
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               errno = ENOMEM;
+               goto failed;
+       }
 
        for (i = 0; i < num_el; i++) {
                uint32_t num_vals;
@@ -896,28 +965,34 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
                        /* we ignore unknown or uninteresting attributes
                         * (objectclass, etc.) */
                        if (strcasecmp_m(name, "gidNumber") == 0) {
-                               map.gid = strtoul(val, &q, 10);
+                               map->gid = strtoul(val, &q, 10);
                                if (*q) {
                                        errno = EIO;
                                        goto failed;
                                }
                        } else if (strcasecmp_m(name, "sid") == 0) {
-                               if (!string_to_sid(&map.sid, val)) {
+                               if (!string_to_sid(&map->sid, val)) {
                                        errno = EIO;
                                        goto failed;
                                }
                        } else if (strcasecmp_m(name, "sidNameUse") == 0) {
-                               map.sid_name_use = strtoul(val, &q, 10);
+                               map->sid_name_use = strtoul(val, &q, 10);
                                if (*q) {
                                        errno = EIO;
                                        goto failed;
                                }
                        } else if (strcasecmp_m(name, "ntname") == 0) {
-                               strlcpy(map.nt_name, val,
-                                       sizeof(map.nt_name));
+                               map->nt_name = talloc_strdup(map, val);
+                               if (!map->nt_name) {
+                                       errno = ENOMEM;
+                                       goto failed;
+                               }
                        } else if (strcasecmp_m(name, "comment") == 0) {
-                               strlcpy(map.comment, val,
-                                       sizeof(map.comment));
+                               map->comment = talloc_strdup(map, val);
+                               if (!map->comment) {
+                                       errno = ENOMEM;
+                                       goto failed;
+                               }
                        } else if (strcasecmp_m(name, "member") == 0) {
                                if (!string_to_sid(&members[j], val)) {
                                        errno = EIO;
@@ -931,7 +1006,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
                TALLOC_FREE(name);
        }
 
-       if (!add_mapping_entry(&map, 0)) {
+       if (!add_mapping_entry(map, 0)) {
                errno = EIO;
                goto failed;
        }
@@ -939,7 +1014,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
        if (num_mem) {
                for (j = 0; j < num_mem; j++) {
                        NTSTATUS status;
-                       status = add_aliasmem(&map.sid, &members[j]);
+                       status = add_aliasmem(&map->sid, &members[j]);
                        if (!NT_STATUS_IS_OK(status)) {
                                errno = EIO;
                                goto failed;
@@ -952,9 +1027,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
                          remaining));
        }
 
+       TALLOC_FREE(map);
        return 0;
 
 failed:
+       TALLOC_FREE(map);
        return -1;
 }
 

diff --git a/source3/groupdb/proto.h b/source3/groupdb/proto.h
index ddcdf7a3b9ba1999112dc81a2086171283a3aa3e..75d5c3963dae576ef9fc64502d703abc2766c891 100644 (file)
--- a/source3/groupdb/proto.h
+++ b/source3/groupdb/proto.h
@@ -46,9 +46,11 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods,
 NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
                                                   struct dom_sid sid);
 NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
-                                          const struct dom_sid *sid, enum lsa_SidType sid_name_use,
-                                          GROUP_MAP **pp_rmap, size_t *p_num_entries,
-                                          bool unix_only);
+                                       const struct dom_sid *sid,
+                                       enum lsa_SidType sid_name_use,
+                                       GROUP_MAP ***pp_rmap,
+                                       size_t *p_num_entries,
+                                       bool unix_only);
 NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
                                  const char *name, uint32 *rid);
 NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,

diff --git a/source3/include/mapping.h b/source3/include/mapping.h
index 7454d19af8932e792616e279f8bb8b23424be5b9..41275ff7ed1c2b1c426d033313f8a4f925516de6 100644 (file)
--- a/source3/include/mapping.h
+++ b/source3/include/mapping.h
@@ -26,8 +26,8 @@ typedef struct _GROUP_MAP {
        gid_t gid;
        struct dom_sid sid;
        enum lsa_SidType sid_name_use;
-       fstring nt_name;
-       fstring comment;
+       char *nt_name;
+       char *comment;
 } GROUP_MAP;
 
 #include "groupdb/proto.h"

diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index ea53279d42291ff28094113135077a0bc004afbb..59eedd8563c66c2c991f0e608b1b6ea6f8a585f9 100644 (file)
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -375,7 +375,7 @@ struct pdb_methods
 
        NTSTATUS (*enum_group_mapping)(struct pdb_methods *methods,
                                       const struct dom_sid *sid, enum lsa_SidType sid_name_use,
-                                      GROUP_MAP **pp_rmap, size_t *p_num_entries,
+                                      GROUP_MAP ***pp_rmap, size_t *p_num_entries,
                                       bool unix_only);
 
        NTSTATUS (*enum_group_members)(struct pdb_methods *methods,

diff --git a/source3/libnet/libnet_dssync_passdb.c b/source3/libnet/libnet_dssync_passdb.c
index be44cbaa86d90ea0c86093763b03d29d1dbfeecb..b56c2d4451bba2cd4368f066933a726ace006ee0 100644 (file)
--- a/source3/libnet/libnet_dssync_passdb.c
+++ b/source3/libnet/libnet_dssync_passdb.c
@@ -452,7 +452,7 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
        struct dom_sid member_sid;
        struct samu *member = NULL;
        const char *member_dn = NULL;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct group *grp;
        uint32_t rid;
        bool is_unix_member = false;
@@ -508,19 +508,29 @@ static int dssync_passdb_traverse_gmembers(struct db_record *rec,
                break;
        }
 
-       if (!get_domain_group_from_sid(group_sid, &map)) {
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return -1;
+       }
+
+       if (!get_domain_group_from_sid(group_sid, map)) {
                DEBUG(0, ("Could not find global group %s\n",
                          sid_string_dbg(&group_sid)));
                //return NT_STATUS_NO_SUCH_GROUP;
+               TALLOC_FREE(map);
                return -1;
        }
 
-       if (!(grp = getgrgid(map.gid))) {
-               DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
+       if (!(grp = getgrgid(map->gid))) {
+               DEBUG(0, ("Could not find unix group %lu\n",
+                                               (unsigned long)map->gid));
                //return NT_STATUS_NO_SUCH_GROUP;
+               TALLOC_FREE(map);
                return -1;
        }
 
+       TALLOC_FREE(map);
+
        DEBUG(0,("Group members of %s: ", grp->gr_name));
 
        if ( !(member = samu_new(talloc_tos())) ) {
@@ -1348,7 +1358,7 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
        NTSTATUS status;
        fstring account;
        struct samu *sam_account=NULL;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct group *grp;
        struct dom_sid user_sid;
        struct dom_sid group_sid;
@@ -1430,14 +1440,19 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
 
        group_sid = *pdb_get_group_sid(sam_account);
 
-       if (!pdb_getgrsid(&map, group_sid)) {
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!pdb_getgrsid(map, group_sid)) {
                DEBUG(0, ("Primary group of %s has no mapping!\n",
                          pdb_get_username(sam_account)));
        } else {
-               if (map.gid != passwd->pw_gid) {
-                       if (!(grp = getgrgid(map.gid))) {
+               if (map->gid != passwd->pw_gid) {
+                       if (!(grp = getgrgid(map->gid))) {
                                DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
-                                         (unsigned long)map.gid, pdb_get_username(sam_account),
+                                         (unsigned long)map->gid, pdb_get_username(sam_account),
                                          sid_string_dbg(&group_sid)));
                        } else {
                                smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
@@ -1445,6 +1460,8 @@ static NTSTATUS handle_account_object(struct dssync_passdb *pctx,
                }
        }
 
+       TALLOC_FREE(map);
+
        if ( !passwd ) {
                DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
                        pdb_get_username(sam_account)));
@@ -1463,14 +1480,12 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
 {
        struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
        NTSTATUS status;
-       fstring name;
-       fstring comment;
        struct group *grp = NULL;
        struct dom_sid group_sid;
        uint32_t rid = 0;
        struct dom_sid *dom_sid = NULL;
        fstring sid_string;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        bool insert = true;
 
        const char *sAMAccountName;
@@ -1496,23 +1511,43 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
                return status;
        }
 
-       fstrcpy(name, sAMAccountName);
-       fstrcpy(comment, description);
-
        dom_sid_split_rid(mem_ctx, &group_sid, &dom_sid, &rid);
 
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (map == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+
+       map->nt_name = talloc_strdup(map, sAMAccountName);
+       if (map->nt_name == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+
+       if (description) {
+               map->comment = talloc_strdup(map, description);
+       } else {
+               map->comment = talloc_strdup(map, "");
+       }
+       if (map->comment == NULL) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+
        sid_to_fstring(sid_string, &group_sid);
        DEBUG(0,("Creating alias[%s] - %s members[%u]\n",
-                 name, sid_string, num_members));
+                 map->nt_name, sid_string, num_members));
 
        status = dssync_insert_obj(pctx, pctx->aliases, obj);
        if (!NT_STATUS_IS_OK(status)) {
-               return status;
+               goto done;
        }
 
-       if (pdb_getgrsid(&map, group_sid)) {
-               if ( map.gid != -1 )
-                       grp = getgrgid(map.gid);
+       if (pdb_getgrsid(map, group_sid)) {
+               if (map->gid != -1) {
+                       grp = getgrgid(map->gid);
+               }
                insert = false;
        }
 
@@ -1520,22 +1555,27 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
                gid_t gid;
 
                /* No group found from mapping, find it from its name. */
-               if ((grp = getgrnam(name)) == NULL) {
+               if ((grp = getgrnam(map->nt_name)) == NULL) {
 
                        /* No appropriate group found, create one */
 
-                       DEBUG(0,("Creating unix group: '%s'\n", name));
+                       DEBUG(0, ("Creating unix group: '%s'\n",
+                                                       map->nt_name));
 
-                       if (smb_create_group(name, &gid) != 0)
-                               return NT_STATUS_ACCESS_DENIED;
+                       if (smb_create_group(map->nt_name, &gid) != 0) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                               goto done;
+                       }
 
-                       if ((grp = getgrgid(gid)) == NULL)
-                               return NT_STATUS_ACCESS_DENIED;
+                       if ((grp = getgrgid(gid)) == NULL) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                               goto done;
+                       }
                }
        }
 
-       map.gid = grp->gr_gid;
-       map.sid = group_sid;
+       map->gid = grp->gr_gid;
+       map->sid = group_sid;
 
        if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
                /*
@@ -1543,23 +1583,17 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
                 *
                 * map.sid_name_use = SID_NAME_WKN_GRP;
                 */
-               map.sid_name_use = SID_NAME_ALIAS;
+               map->sid_name_use = SID_NAME_ALIAS;
        } else {
-               map.sid_name_use = SID_NAME_ALIAS;
+               map->sid_name_use = SID_NAME_ALIAS;
        }
 
-       strlcpy(map.nt_name, name, sizeof(map.nt_name));
-       if (description) {
-               strlcpy(map.comment, comment, sizeof(map.comment));
+       if (insert) {
+               pdb_add_group_mapping_entry(map);
        } else {
-               strlcpy(map.comment, "", sizeof(map.comment));
+               pdb_update_group_mapping_entry(map);
        }
 
-       if (insert)
-               pdb_add_group_mapping_entry(&map);
-       else
-               pdb_update_group_mapping_entry(&map);
-
        for (i=0; i < num_members; i++) {
                struct dssync_passdb_mem *mem;
 
@@ -1567,11 +1601,15 @@ static NTSTATUS handle_alias_object(struct dssync_passdb *pctx,
                                           true /* active */,
                                           &members[i], &mem);
                if (!NT_STATUS_IS_OK(status)) {
-                       return status;
+                       goto done;
                }
        }
 
-       return NT_STATUS_OK;
+       status = NT_STATUS_OK;
+
+done:
+       TALLOC_FREE(map);
+       return status;
 }
 
 /****************************************************************
@@ -1583,12 +1621,10 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
 {
        struct drsuapi_DsReplicaObjectListItemEx *cur = obj->cur;
        NTSTATUS status;
-       fstring name;
-       fstring comment;
        struct group *grp = NULL;
        struct dom_sid group_sid;
        fstring sid_string;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        bool insert = true;
 
        const char *sAMAccountName;
@@ -1614,21 +1650,39 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
                return status;
        }
 
-       fstrcpy(name, sAMAccountName);
-       fstrcpy(comment, description);
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       map->nt_name = talloc_strdup(map, sAMAccountName);
+       if (!map->nt_name) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
+       if (description) {
+               map->comment = talloc_strdup(map, description);
+       } else {
+               map->comment = talloc_strdup(map, "");
+       }
+       if (!map->comment) {
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
+       }
 
        sid_to_fstring(sid_string, &group_sid);
        DEBUG(0,("Creating group[%s] - %s members [%u]\n",
-                 name, sid_string, num_members));
+                 map->nt_name, sid_string, num_members));
 
        status = dssync_insert_obj(pctx, pctx->groups, obj);
        if (!NT_STATUS_IS_OK(status)) {
-               return status;
+               goto done;
        }
 
-       if (pdb_getgrsid(&map, group_sid)) {
-               if ( map.gid != -1 )
-                       grp = getgrgid(map.gid);
+       if (pdb_getgrsid(map, group_sid)) {
+               if (map->gid != -1) {
+                       grp = getgrgid(map->gid);
+               }
                insert = false;
        }
 
@@ -1636,35 +1690,35 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
                gid_t gid;
 
                /* No group found from mapping, find it from its name. */
-               if ((grp = getgrnam(name)) == NULL) {
+               if ((grp = getgrnam(map->nt_name)) == NULL) {
 
                        /* No appropriate group found, create one */
 
-                       DEBUG(0,("Creating unix group: '%s'\n", name));
+                       DEBUG(0, ("Creating unix group: '%s'\n",
+                                                       map->nt_name));
 
-                       if (smb_create_group(name, &gid) != 0)
-                               return NT_STATUS_ACCESS_DENIED;
+                       if (smb_create_group(map->nt_name, &gid) != 0) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                               goto done;
+                       }
 
-                       if ((grp = getgrnam(name)) == NULL)
-                               return NT_STATUS_ACCESS_DENIED;
+                       if ((grp = getgrnam(map->nt_name)) == NULL) {
+                               status = NT_STATUS_ACCESS_DENIED;
+                               goto done;
+                       }
                }
        }
 
-       map.gid = grp->gr_gid;
-       map.sid = group_sid;
-       map.sid_name_use = SID_NAME_DOM_GRP;
-       strlcpy(map.nt_name, name, sizeof(map.nt_name));
-       if (description) {
-               strlcpy(map.comment, comment, sizeof(map.comment));
+       map->gid = grp->gr_gid;
+       map->sid = group_sid;
+       map->sid_name_use = SID_NAME_DOM_GRP;
+
+       if (insert) {
+               pdb_add_group_mapping_entry(map);
        } else {
-               strlcpy(map.comment, "", sizeof(map.comment));
+               pdb_update_group_mapping_entry(map);
        }
 
-       if (insert)
-               pdb_add_group_mapping_entry(&map);
-       else
-               pdb_update_group_mapping_entry(&map);
-
        for (i=0; i < num_members; i++) {
                struct dssync_passdb_mem *mem;
 
@@ -1672,11 +1726,15 @@ static NTSTATUS handle_group_object(struct dssync_passdb *pctx,
                                           true /* active */,
                                           &members[i], &mem);
                if (!NT_STATUS_IS_OK(status)) {
-                       return status;
+                       goto done;
                }
        }
 
-       return NT_STATUS_OK;
+       status = NT_STATUS_OK;
+
+done:
+       TALLOC_FREE(map);
+       return status;
 }
 
 /****************************************************************

diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c
index 0cf2ed3323d995161f98b6994b4ccca9beb47213..cf479344754d68db8dd2bf7717c6e64d47da9eea 100644 (file)
--- a/source3/libnet/libnet_samsync_passdb.c
+++ b/source3/libnet/libnet_samsync_passdb.c
@@ -301,7 +301,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
        NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL;
        fstring account;
        struct samu *sam_account=NULL;
-       GROUP_MAP map;
+       GROUP_MAP *map = NULL;
        struct group *grp;
        struct dom_sid user_sid;
        struct dom_sid group_sid;
@@ -355,14 +355,19 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
 
        group_sid = *pdb_get_group_sid(sam_account);
 
-       if (!pdb_getgrsid(&map, group_sid)) {
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!pdb_getgrsid(map, group_sid)) {
                DEBUG(0, ("Primary group of %s has no mapping!\n",
                          pdb_get_username(sam_account)));
        } else {
-               if (map.gid != passwd->pw_gid) {
-                       if (!(grp = getgrgid(map.gid))) {
+               if (map->gid != passwd->pw_gid) {
+                       if (!(grp = getgrgid(map->gid))) {
                                DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
-                                         (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
+                                         (unsigned long)map->gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
                        } else {
                                smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
                        }
@@ -376,6 +381,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
 
  done:
        TALLOC_FREE(sam_account);
+       TALLOC_FREE(map);
        return nt_ret;
 }
 
@@ -386,60 +392,65 @@ static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx,
                                 uint32_t rid,
                                 struct netr_DELTA_GROUP *r)
 {
-       fstring name;
-       fstring comment;
        struct group *grp = NULL;
        struct dom_sid group_sid;
        fstring sid_string;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        bool insert = true;
 
-       fstrcpy(name, r->group_name.string);
-       fstrcpy(comment, r->description.string);
-
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
        /* add the group to the mapping table */
        sid_compose(&group_sid, get_global_sam_sid(), rid);
        sid_to_fstring(sid_string, &group_sid);
 
-       if (pdb_getgrsid(&map, group_sid)) {
-               if ( map.gid != -1 )
-                       grp = getgrgid(map.gid);
+       if (pdb_getgrsid(map, group_sid)) {
+               if (map->gid != -1) {
+                       grp = getgrgid(map->gid);
+               }
                insert = false;
        }
 
+       map->nt_name = talloc_strdup(map, r->group_name.string);
+       if (!map->nt_name) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       map->comment = talloc_strdup(map, r->description.string);
+       if (!map->comment) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        if (grp == NULL) {
                gid_t gid;
 
                /* No group found from mapping, find it from its name. */
-               if ((grp = getgrnam(name)) == NULL) {
+               if ((grp = getgrnam(map->nt_name)) == NULL) {
 
                        /* No appropriate group found, create one */
 
-                       d_printf("Creating unix group: '%s'\n", name);
+                       d_printf("Creating unix group: '%s'\n", map->nt_name);
 
-                       if (smb_create_group(name, &gid) != 0)
+                       if (smb_create_group(map->nt_name, &gid) != 0)
                                return NT_STATUS_ACCESS_DENIED;
 
-                       if ((grp = getgrnam(name)) == NULL)
+                       if ((grp = getgrnam(map->nt_name)) == NULL)
                                return NT_STATUS_ACCESS_DENIED;
                }
        }
 
-       map.gid = grp->gr_gid;
-       map.sid = group_sid;
-       map.sid_name_use = SID_NAME_DOM_GRP;
-       strlcpy(map.nt_name, name, sizeof(map.nt_name));
-       if (r->description.string) {
-               strlcpy(map.comment, comment, sizeof(map.comment));
+       map->gid = grp->gr_gid;
+       map->sid = group_sid;
+       map->sid_name_use = SID_NAME_DOM_GRP;
+
+       if (insert) {
+               pdb_add_group_mapping_entry(map);
        } else {
-               strlcpy(map.comment, "", sizeof(map.comment));
+               pdb_update_group_mapping_entry(map);
        }
 
-       if (insert)
-               pdb_add_group_mapping_entry(&map);
-       else
-               pdb_update_group_mapping_entry(&map);
-
+       TALLOC_FREE(map);
        return NT_STATUS_OK;
 }
 
@@ -454,7 +465,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
        char **nt_members = NULL;
        char **unix_members;
        struct dom_sid group_sid;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct group *grp;
 
        if (r->num_rids == 0) {
@@ -463,16 +474,26 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
 
        sid_compose(&group_sid, get_global_sam_sid(), rid);
 
-       if (!get_domain_group_from_sid(group_sid, &map)) {
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!get_domain_group_from_sid(group_sid, map)) {
                DEBUG(0, ("Could not find global group %d\n", rid));
+               TALLOC_FREE(map);
                return NT_STATUS_NO_SUCH_GROUP;
        }
 
-       if (!(grp = getgrgid(map.gid))) {
-               DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid));
+       if (!(grp = getgrgid(map->gid))) {
+               DEBUG(0, ("Could not find unix group %lu\n",
+                                               (unsigned long)map->gid));
+               TALLOC_FREE(map);
                return NT_STATUS_NO_SUCH_GROUP;
        }
 
+       TALLOC_FREE(map);
+
        d_printf("Group members of %s: ", grp->gr_name);
 
        if (r->num_rids) {
@@ -575,56 +596,65 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
                                 struct netr_DELTA_ALIAS *r,
                                 const struct dom_sid *dom_sid)
 {
-       fstring name;
-       fstring comment;
        struct group *grp = NULL;
        struct dom_sid alias_sid;
        fstring sid_string;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        bool insert = true;
 
-       fstrcpy(name, r->alias_name.string);
-       fstrcpy(comment, r->description.string);
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
 
        /* Find out whether the group is already mapped */
        sid_compose(&alias_sid, dom_sid, rid);
        sid_to_fstring(sid_string, &alias_sid);
 
-       if (pdb_getgrsid(&map, alias_sid)) {
-               grp = getgrgid(map.gid);
+       if (pdb_getgrsid(map, alias_sid)) {
+               grp = getgrgid(map->gid);
                insert = false;
        }
 
+       map->nt_name = talloc_strdup(map, r->alias_name.string);
+       if (!map->nt_name) {
+               return NT_STATUS_NO_MEMORY;
+       }
+       map->comment = talloc_strdup(map, r->description.string);
+       if (!map->comment) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        if (grp == NULL) {
                gid_t gid;
 
                /* No group found from mapping, find it from its name. */
-               if ((grp = getgrnam(name)) == NULL) {
+               if ((grp = getgrnam(map->nt_name)) == NULL) {
                        /* No appropriate group found, create one */
-                       d_printf("Creating unix group: '%s'\n", name);
-                       if (smb_create_group(name, &gid) != 0)
+                       d_printf("Creating unix group: '%s'\n", map->nt_name);
+                       if (smb_create_group(map->nt_name, &gid) != 0)
                                return NT_STATUS_ACCESS_DENIED;
                        if ((grp = getgrgid(gid)) == NULL)
                                return NT_STATUS_ACCESS_DENIED;
                }
        }
 
-       map.gid = grp->gr_gid;
-       map.sid = alias_sid;
+       map->gid = grp->gr_gid;
+       map->sid = alias_sid;
 
-       if (dom_sid_equal(dom_sid, &global_sid_Builtin))
-               map.sid_name_use = SID_NAME_WKN_GRP;
-       else
-               map.sid_name_use = SID_NAME_ALIAS;
-
-       strlcpy(map.nt_name, name, sizeof(map.nt_name));
-       strlcpy(map.comment, comment, sizeof(map.comment));
+       if (dom_sid_equal(dom_sid, &global_sid_Builtin)) {
+               map->sid_name_use = SID_NAME_WKN_GRP;
+       } else {
+               map->sid_name_use = SID_NAME_ALIAS;
+       }
 
-       if (insert)
-               pdb_add_group_mapping_entry(&map);
-       else
-               pdb_update_group_mapping_entry(&map);
+       if (insert) {
+               pdb_add_group_mapping_entry(map);
+       } else {
+               pdb_update_group_mapping_entry(map);
+       }
 
+       TALLOC_FREE(map);
        return NT_STATUS_OK;
 }
 

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 4c2e73befd64d50d1ba07db5298cb0c30eecfb1c..a02c941d8e47bfacf26f9887d7ca8afc3249a545 100644 (file)
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -1233,20 +1233,25 @@ done:
 
 static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
 {
-       GROUP_MAP map;
+       GROUP_MAP *map;
        union unid_t id;
        enum lsa_SidType type;
 
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return false;
+       }
+
        if ((sid_check_is_in_builtin(psid) ||
             sid_check_is_in_wellknown_domain(psid))) {
                bool ret;
 
                become_root();
-               ret = pdb_getgrsid(&map, *psid);
+               ret = pdb_getgrsid(map, *psid);
                unbecome_root();
 
                if (ret) {
-                       *pgid = map.gid;
+                       *pgid = map->gid;
                        goto done;
                }
                DEBUG(10,("LEGACY: mapping failed for sid %s\n",
@@ -1286,6 +1291,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid)
 
        store_gid_sid_cache(psid, *pgid);
 
+       TALLOC_FREE(map);
        return true;
 }
 

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 62dcb5deddd582a417a35ff40bdc8a96a7dd0788..276e0314c84295ab636d9ac9104af5f09f8fdd1e 100644 (file)
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -591,7 +591,7 @@ bool algorithmic_pdb_rid_is_user(uint32_t rid)
 bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
                            enum lsa_SidType *type)
 {
-       GROUP_MAP map;
+       GROUP_MAP *map;
        bool ret;
 
        /* Windows treats "MACHINE\None" as a special name for 
@@ -645,24 +645,32 @@ bool lookup_global_sam_name(const char *name, int flags, uint32_t *rid,
         * Maybe it is a group ?
         */
 
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return false;
+       }
+
        become_root();
-       ret = pdb_getgrnam(&map, name);
+       ret = pdb_getgrnam(map, name);
        unbecome_root();
 
        if (!ret) {
+               TALLOC_FREE(map);
                return False;
        }
 
        /* BUILTIN groups are looked up elsewhere */
-       if (!sid_check_is_in_our_domain(&map.sid)) {
+       if (!sid_check_is_in_our_domain(&map->sid)) {
                DEBUG(10, ("Found group %s (%s) not in our domain -- "
-                          "ignoring.", name, sid_string_dbg(&map.sid)));
+                          "ignoring.", name, sid_string_dbg(&map->sid)));
+               TALLOC_FREE(map);
                return False;
        }
 
        /* yes it's a mapped group */
-       sid_peek_rid(&map.sid, rid);
-       *type = map.sid_name_use;
+       sid_peek_rid(&map->sid, rid);
+       *type = map->sid_name_use;
+       TALLOC_FREE(map);
        return True;
 }
 

diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c
index 3746da3a4fe802a34fc06e103012cb31a5a52da6..57425349f88fccc0df003750d059ff1932bd2df3 100644 (file)
--- a/source3/passdb/pdb_ads.c
+++ b/source3/passdb/pdb_ads.c
@@ -798,16 +798,14 @@ static NTSTATUS pdb_ads_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
        if (str == NULL) {
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
-       fstrcpy(map->nt_name, str);
-       TALLOC_FREE(str);
+       map->nt_name = talloc_move(map, &str);
 
        str = tldap_talloc_single_attribute(group[0], "description",
                                            talloc_tos());
        if (str != NULL) {
-               fstrcpy(map->comment, str);
-               TALLOC_FREE(str);
+               map->comment = talloc_move(map, &str);
        } else {
-               map->comment[0] = '\0';
+               map->comment = talloc_strdup(map, "");
        }
 
        if (pmsg != NULL) {
@@ -1017,7 +1015,7 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m,
        char *filter;
        struct tldap_message *existing;
        char *dn;
-       GROUP_MAP existing_map;
+       GROUP_MAP *existing_map;
        int rc, num_mods = 0;
        bool ret;
        NTSTATUS status;
@@ -1033,8 +1031,15 @@ static NTSTATUS pdb_ads_update_group_mapping_entry(struct pdb_methods *m,
        if (filter == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
-       status = pdb_ads_getgrfilter(m, &existing_map, filter,
+
+       existing_map = talloc_zero(talloc_tos(), GROUP_MAP);
+       if (!existing_map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       status = pdb_ads_getgrfilter(m, existing_map, filter,
                                     talloc_tos(), &existing);
+       TALLOC_FREE(existing_map);
        TALLOC_FREE(filter);
 
        if (!tldap_entry_dn(existing, &dn)) {
@@ -1079,7 +1084,7 @@ static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m,
 static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m,
                                           const struct dom_sid *sid,
                                           enum lsa_SidType sid_name_use,
-                                          GROUP_MAP **pp_rmap,
+                                          GROUP_MAP ***pp_rmap,
                                           size_t *p_num_entries,
                                           bool unix_only)
 {

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 7a0279e1fb7279ff2cb0f1798b65c6d1722310a7..03d9821012b56f58eda42b054d4236c43fc28609 100644 (file)
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -777,32 +777,39 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
                                             uint32_t rid)
 {
        struct dom_sid group_sid;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        NTSTATUS status;
        struct group *grp;
        const char *grp_name;
 
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        /* coverity */
-       map.gid = (gid_t) -1;
+       map->gid = (gid_t) -1;
 
        sid_compose(&group_sid, get_global_sam_sid(), rid);
 
-       if (!get_domain_group_from_sid(group_sid, &map)) {
+       if (!get_domain_group_from_sid(group_sid, map)) {
                DEBUG(10, ("Could not find group for rid %d\n", rid));
                return NT_STATUS_NO_SUCH_GROUP;
        }
 
        /* We need the group name for the smb_delete_group later on */
 
-       if (map.gid == (gid_t)-1) {
+       if (map->gid == (gid_t)-1) {
                return NT_STATUS_NO_SUCH_GROUP;
        }
 
-       grp = getgrgid(map.gid);
+       grp = getgrgid(map->gid);
        if (grp == NULL) {
                return NT_STATUS_NO_SUCH_GROUP;
        }
 
+       TALLOC_FREE(map);
+
        /* Copy the name, no idea what pdb_delete_group_mapping_entry does.. */
 
        grp_name = talloc_strdup(mem_ctx, grp->gr_name);
@@ -847,8 +854,11 @@ NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid)
        return pdb->delete_group_mapping_entry(pdb, sid);
 }
 
-bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
-                           size_t *p_num_entries, bool unix_only)
+bool pdb_enum_group_mapping(const struct dom_sid *sid,
+                           enum lsa_SidType sid_name_use,
+                           GROUP_MAP ***pp_rmap,
+                           size_t *p_num_entries,
+                           bool unix_only)
 {
        struct pdb_methods *pdb = pdb_get_methods();
        return NT_STATUS_IS_OK(pdb-> enum_group_mapping(pdb, sid, sid_name_use,
@@ -954,24 +964,31 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
 {
        struct dom_sid group_sid, member_sid;
        struct samu *account = NULL;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct group *grp;
        struct passwd *pwd;
        const char *group_name;
        uid_t uid;
 
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        /* coverity */
-       map.gid = (gid_t) -1;
+       map->gid = (gid_t) -1;
 
        sid_compose(&group_sid, get_global_sam_sid(), group_rid);
        sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 
-       if (!get_domain_group_from_sid(group_sid, &map) ||
-           (map.gid == (gid_t)-1) ||
-           ((grp = getgrgid(map.gid)) == NULL)) {
+       if (!get_domain_group_from_sid(group_sid, map) ||
+           (map->gid == (gid_t)-1) ||
+           ((grp = getgrgid(map->gid)) == NULL)) {
                return NT_STATUS_NO_SUCH_GROUP;
        }
 
+       TALLOC_FREE(map);
+
        group_name = talloc_strdup(mem_ctx, grp->gr_name);
        if (group_name == NULL) {
                return NT_STATUS_NO_MEMORY;
@@ -1019,21 +1036,28 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
 {
        struct dom_sid group_sid, member_sid;
        struct samu *account = NULL;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct group *grp;
        struct passwd *pwd;
        const char *group_name;
        uid_t uid;
 
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        sid_compose(&group_sid, get_global_sam_sid(), group_rid);
        sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 
-       if (!get_domain_group_from_sid(group_sid, &map) ||
-           (map.gid == (gid_t)-1) ||
-           ((grp = getgrgid(map.gid)) == NULL)) {
+       if (!get_domain_group_from_sid(group_sid, map) ||
+           (map->gid == (gid_t)-1) ||
+           ((grp = getgrgid(map->gid)) == NULL)) {
                return NT_STATUS_NO_SUCH_GROUP;
        }
 
+       TALLOC_FREE(map);
+
        group_name = talloc_strdup(mem_ctx, grp->gr_name);
        if (group_name == NULL) {
                return NT_STATUS_NO_MEMORY;
@@ -1397,14 +1421,21 @@ static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid,
 static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid,
                                   struct dom_sid *sid)
 {
-       GROUP_MAP map;
+       GROUP_MAP *map;
 
-       if (!NT_STATUS_IS_OK(methods->getgrgid(methods, &map, gid))) {
-               return False;
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return false;
        }
 
-       sid_copy(sid, &map.sid);
-       return True;
+       if (!NT_STATUS_IS_OK(methods->getgrgid(methods, map, gid))) {
+               TALLOC_FREE(map);
+               return false;
+       }
+
+       sid_copy(sid, &map->sid);
+       TALLOC_FREE(map);
+       return true;
 }
 
 static bool pdb_default_sid_to_id(struct pdb_methods *methods,
@@ -1452,21 +1483,28 @@ static bool pdb_default_sid_to_id(struct pdb_methods *methods,
        if (sid_check_is_in_builtin(sid) ||
            sid_check_is_in_wellknown_domain(sid)) {
                /* Here we only have aliases */
-               GROUP_MAP map;
-               if (!NT_STATUS_IS_OK(methods->getgrsid(methods, &map, *sid))) {
+               GROUP_MAP *map;
+
+               map = talloc_zero(mem_ctx, GROUP_MAP);
+               if (!map) {
+                       ret = false;
+                       goto done;
+               }
+
+               if (!NT_STATUS_IS_OK(methods->getgrsid(methods, map, *sid))) {
                        DEBUG(10, ("Could not find map for sid %s\n",
                                   sid_string_dbg(sid)));
                        goto done;
                }
-               if ((map.sid_name_use != SID_NAME_ALIAS) &&
-                   (map.sid_name_use != SID_NAME_WKN_GRP)) {
+               if ((map->sid_name_use != SID_NAME_ALIAS) &&
+                   (map->sid_name_use != SID_NAME_WKN_GRP)) {
                        DEBUG(10, ("Map for sid %s is a %s, expected an "
                                   "alias\n", sid_string_dbg(sid),
-                                  sid_type_lookup(map.sid_name_use)));
+                                  sid_type_lookup(map->sid_name_use)));
                        goto done;
                }
 
-               id->gid = map.gid;
+               id->gid = map->gid;
                *type = SID_NAME_ALIAS;
                ret = True;
                goto done;
@@ -1634,7 +1672,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
                                  union unid_t *unix_id)
 {
        struct samu *sam_account = NULL;
-       GROUP_MAP map;
+       GROUP_MAP *map = NULL;
        bool ret;
        struct dom_sid sid;
 
@@ -1651,12 +1689,28 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
                return False;
        }
 
+       map = talloc_zero(mem_ctx, GROUP_MAP);
+       if (!map) {
+               return false;
+       }
+
        /* BEING ROOT BLOCK */
        become_root();
-       if (pdb_getsampwsid(sam_account, &sid)) {
+       ret = pdb_getsampwsid(sam_account, &sid);
+       if (!ret) {
+               TALLOC_FREE(sam_account);
+               ret = pdb_getgrsid(map, sid);
+       }
+       unbecome_root();
+       /* END BECOME_ROOT BLOCK */
+
+       if (sam_account || !ret) {
+               TALLOC_FREE(map);
+       }
+
+       if (sam_account) {
                struct passwd *pw;
 
-               unbecome_root();                /* -----> EXIT BECOME_ROOT() */
                *name = talloc_strdup(mem_ctx, pdb_get_username(sam_account));
                if (!*name) {
                        TALLOC_FREE(sam_account);
@@ -1678,27 +1732,25 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid,
                unix_id->uid = pw->pw_uid;
                TALLOC_FREE(pw);
                return True;
-       }
-       TALLOC_FREE(sam_account);
 
-       ret = pdb_getgrsid(&map, sid);
-       unbecome_root();
-       /* END BECOME_ROOT BLOCK */
+       } else if (map && (map->gid != (gid_t)-1)) {
 
-       /* do not resolve SIDs to a name unless there is a valid 
-          gid associated with it */
+               /* do not resolve SIDs to a name unless there is a valid
+                  gid associated with it */
 
-       if ( ret && (map.gid != (gid_t)-1) ) {
-               *name = talloc_strdup(mem_ctx, map.nt_name);
-               *psid_name_use = map.sid_name_use;
+               *name = talloc_steal(mem_ctx, map->nt_name);
+               *psid_name_use = map->sid_name_use;
 
                if ( unix_id ) {
-                       unix_id->gid = map.gid;
+                       unix_id->gid = map->gid;
                }
 
+               TALLOC_FREE(map);
                return True;
        }
 
+       TALLOC_FREE(map);
+
        /* Windows will always map RID 513 to something.  On a non-domain 
           controller, this gets mapped to SERVER\None. */
 
@@ -1901,7 +1953,7 @@ static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid,
 }
 
 struct group_search {
-       GROUP_MAP *groups;
+       GROUP_MAP **groups;
        size_t num_groups, current_group;
 };
 
@@ -1910,11 +1962,13 @@ static bool next_entry_groups(struct pdb_search *s,
 {
        struct group_search *state = (struct group_search *)s->private_data;
        uint32_t rid;
-       GROUP_MAP *map = &state->groups[state->current_group];
+       GROUP_MAP *map;
 
        if (state->current_group == state->num_groups)
                return False;
 
+       map = state->groups[state->current_group];
+
        sid_peek_rid(&map->sid, &rid);
 
        fill_displayentry(s, rid, 0, map->nt_name, NULL, map->comment, entry);
@@ -1927,7 +1981,7 @@ static void search_end_groups(struct pdb_search *search)
 {
        struct group_search *state =
                (struct group_search *)search->private_data;
-       SAFE_FREE(state->groups);
+       TALLOC_FREE(state->groups);
 }
 
 static bool pdb_search_grouptype(struct pdb_methods *methods,
@@ -1936,7 +1990,7 @@ static bool pdb_search_grouptype(struct pdb_methods *methods,
 {
        struct group_search *state;
 
-       state = talloc(search, struct group_search);
+       state = talloc_zero(search, struct group_search);
        if (state == NULL) {
                DEBUG(0, ("talloc failed\n"));
                return False;

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 3d3d16c7899cd7c6227c6820086e541593670cae..dd46f8f87f6a8af95f2b7387448d69214d023af6 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -2471,7 +2471,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid));
                        return false;
                }
        }
-       fstrcpy(map->nt_name, temp);
+       map->nt_name = talloc_strdup(map, temp);
+       if (!map->nt_name) {
+               TALLOC_FREE(ctx);
+               return false;
+       }
 
        TALLOC_FREE(temp);
        temp = smbldap_talloc_single_attribute(
@@ -2487,7 +2491,11 @@ for gidNumber(%lu)\n",(unsigned long)map->gid));
                        return false;
                }
        }
-       fstrcpy(map->comment, temp);
+       map->comment = talloc_strdup(map, temp);
+       if (!map->comment) {
+               TALLOC_FREE(ctx);
+               return false;
+       }
 
        if (lp_parm_bool(-1, "ldapsam", "trusted", false)) {
                store_gid_sid_cache(&map->sid, map->gid);
@@ -3470,15 +3478,15 @@ static NTSTATUS ldapsam_getsamgrent(struct pdb_methods *my_methods,
 
 static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
                                           const struct dom_sid *domsid, enum lsa_SidType sid_name_use,
-                                          GROUP_MAP **pp_rmap,
+                                          GROUP_MAP ***pp_rmap,
                                           size_t *p_num_entries,
                                           bool unix_only)
 {
-       GROUP_MAP map = { 0, };
+       GROUP_MAP *map = NULL;
        size_t entries = 0;
 
        *p_num_entries = 0;
-       *pp_rmap = NULL;
+       **pp_rmap = NULL;
 
        if (!NT_STATUS_IS_OK(ldapsam_setsamgrent(methods, False))) {
                DEBUG(0, ("ldapsam_enum_group_mapping: Unable to open "
@@ -3486,31 +3494,44 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       while (NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, &map))) {
+       while (true) {
+
+               map = talloc_zero(NULL, GROUP_MAP);
+               if (!map) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               if (!NT_STATUS_IS_OK(ldapsam_getsamgrent(methods, map))) {
+                       TALLOC_FREE(map);
+                       break;
+               }
+
                if (sid_name_use != SID_NAME_UNKNOWN &&
-                   sid_name_use != map.sid_name_use) {
+                   sid_name_use != map->sid_name_use) {
                        DEBUG(11,("ldapsam_enum_group_mapping: group %s is "
-                                 "not of the requested type\n", map.nt_name));
+                                 "not of the requested type\n",
+                                 map->nt_name));
                        continue;
                }
-               if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) {
+               if (unix_only == ENUM_ONLY_MAPPED && map->gid == -1) {
                        DEBUG(11,("ldapsam_enum_group_mapping: group %s is "
-                                 "non mapped\n", map.nt_name));
+                                 "non mapped\n", map->nt_name));
                        continue;
                }
 
-               (*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
+               *pp_rmap = talloc_realloc(NULL, *pp_rmap,
+                                               GROUP_MAP *, entries + 1);
                if (!(*pp_rmap)) {
                        DEBUG(0,("ldapsam_enum_group_mapping: Unable to "
                                 "enlarge group map!\n"));
                        return NT_STATUS_UNSUCCESSFUL;
                }
 
-               (*pp_rmap)[entries] = map;
+               (*pp_rmap)[entries] = talloc_move((*pp_rmap), &map);
 
                entries += 1;
-
        }
+
        ldapsam_endsamgrent(methods);
 
        *p_num_entries = entries;

diff --git a/source3/passdb/pdb_samba4.c b/source3/passdb/pdb_samba4.c
index 5e680ad2a1b0f8b616a4d726dc08eb9247d0daf0..af252143cdc87a21f772f0a2ba8511f877c0397f 100644 (file)
--- a/source3/passdb/pdb_samba4.c
+++ b/source3/passdb/pdb_samba4.c
@@ -901,14 +901,22 @@ static NTSTATUS pdb_samba4_getgrfilter(struct pdb_methods *m, GROUP_MAP *map,
                talloc_free(tmp_ctx);
                return NT_STATUS_INTERNAL_DB_CORRUPTION;
        }
-       fstrcpy(map->nt_name, str);
+       map->nt_name = talloc_strdup(map, str);
+       if (!map->nt_name) {
+               talloc_free(tmp_ctx);
+               return NT_STATUS_NO_MEMORY;
+       }
 
        str = ldb_msg_find_attr_as_string(msg, "description",
                                            NULL);
        if (str != NULL) {
-               fstrcpy(map->comment, str);
+               map->comment = talloc_strdup(map, str);
        } else {
-               map->comment[0] = '\0';
+               map->comment = talloc_strdup(map, "");
+       }
+       if (!map->comment) {
+               talloc_free(tmp_ctx);
+               return NT_STATUS_NO_MEMORY;
        }
 
        talloc_free(tmp_ctx);
@@ -1071,7 +1079,7 @@ static NTSTATUS pdb_samba4_delete_group_mapping_entry(struct pdb_methods *m,
 static NTSTATUS pdb_samba4_enum_group_mapping(struct pdb_methods *m,
                                           const struct dom_sid *sid,
                                           enum lsa_SidType sid_name_use,
-                                          GROUP_MAP **pp_rmap,
+                                          GROUP_MAP ***pp_rmap,
                                           size_t *p_num_entries,
                                           bool unix_only)
 {

diff --git a/source3/passdb/pdb_wbc_sam.c b/source3/passdb/pdb_wbc_sam.c
index 399d7580fad99c260301b5e13645f71789805c36..655890f807685fb3c4d6f221bbdd41f329b116ad 100644 (file)
--- a/source3/passdb/pdb_wbc_sam.c
+++ b/source3/passdb/pdb_wbc_sam.c
@@ -228,8 +228,11 @@ static NTSTATUS pdb_wbc_sam_enum_trusteddoms(struct pdb_methods *methods,
 
 static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map)
 {
-       snprintf(map->nt_name, sizeof(map->nt_name), "%s%c%s",
+       map->nt_name = talloc_asprintf(map, "%s%c%s",
                domain, *lp_winbind_separator(), name);
+       if (!map->nt_name) {
+               return false;
+       }
        map->sid_name_use = name_type;
        map->sid = *sid;
        map->gid = gid;
@@ -354,7 +357,7 @@ done:
 
 static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods,
                                           const struct dom_sid *sid, enum lsa_SidType sid_name_use,
-                                          GROUP_MAP **pp_rmap, size_t *p_num_entries,
+                                          GROUP_MAP ***pp_rmap, size_t *p_num_entries,
                                           bool unix_only)
 {
        return NT_STATUS_NOT_IMPLEMENTED;

diff --git a/source3/passdb/proto.h b/source3/passdb/proto.h
index 36acc313f635ff93ddddce783b090cbfe0148a06..fc5fd9c0f511709fd8f6a4dea6a500b45b0e2632 100644 (file)
--- a/source3/passdb/proto.h
+++ b/source3/passdb/proto.h
@@ -229,8 +229,11 @@ NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid);
 NTSTATUS pdb_add_group_mapping_entry(GROUP_MAP *map);
 NTSTATUS pdb_update_group_mapping_entry(GROUP_MAP *map);
 NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid);
-bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,
-                           size_t *p_num_entries, bool unix_only);
+bool pdb_enum_group_mapping(const struct dom_sid *sid,
+                           enum lsa_SidType sid_name_use,
+                           GROUP_MAP ***pp_rmap,
+                           size_t *p_num_entries,
+                           bool unix_only);
 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx,
                                const struct dom_sid *sid,
                                uint32_t **pp_member_rids,

diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
index 48b151387a5700207dd6b8c7d27e668527bdfb80..025e82812c23bf2f598aa0ef55c0114d93ddda47 100644 (file)
--- a/source3/passdb/py_passdb.c
+++ b/source3/passdb/py_passdb.c
@@ -1805,7 +1805,7 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args
        int unix_only = 0;
        PyObject *py_domain_sid;
        struct dom_sid *domain_sid = NULL;
-       GROUP_MAP *gmap, *group_map;
+       GROUP_MAP **gmap, *group_map;
        size_t num_entries;
        PyObject *py_gmap_list, *py_group_map;
        int i;
@@ -1852,13 +1852,15 @@ static PyObject *py_pdb_enum_group_mapping(pytalloc_Object *self, PyObject *args
                py_group_map = py_groupmap_new(&PyGroupmap, NULL, NULL);
                if (py_group_map) {
                        group_map = pytalloc_get_ptr(py_group_map);
-                       *group_map = gmap[i];
+                       *group_map = *gmap[i];
+                       talloc_steal(group_map, gmap[i]->nt_name);
+                       talloc_steal(group_map, gmap[i]->comment);
 
                        PyList_Append(py_gmap_list, py_group_map);
                }
        }
 
-       free(gmap);
+       talloc_free(gmap);
        talloc_free(tframe);
 
        return py_gmap_list;

diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 17f873bca92f2ad365ba8360c5479c805b3fb716..c78f23815c6cf9cd48a5e5b217e302514197502a 100644 (file)
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -3023,7 +3023,8 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p,
                                     struct lsa_SetSystemAccessAccount *r)
 {
        struct lsa_info *info=NULL;
-       GROUP_MAP map;
+       NTSTATUS status;
+       GROUP_MAP *map;
 
        /* find the connection policy handle. */
        if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
@@ -3037,10 +3038,19 @@ NTSTATUS _lsa_SetSystemAccessAccount(struct pipes_struct *p,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       if (!pdb_getgrsid(&map, info->sid))
+       map = talloc_zero(p->mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!pdb_getgrsid(map, info->sid)) {
+               TALLOC_FREE(map);
                return NT_STATUS_NO_SUCH_GROUP;
+       }
 
-       return pdb_update_group_mapping_entry(&map);
+       status = pdb_update_group_mapping_entry(map);
+       TALLOC_FREE(map);
+       return status;
 }
 
 /***************************************************************************

diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 567265d32383ee9b794fef8a821dc935798f9519..58892b7443b51bdc4bcb2dadfec4ad39b7ab056c 100644 (file)
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -5966,7 +5966,7 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p,
 {
        struct samr_group_info *ginfo;
        NTSTATUS status;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        union samr_GroupInfo *info = NULL;
        bool ret;
        uint32_t attributes = SE_GROUP_MANDATORY |
@@ -5982,15 +5982,21 @@ NTSTATUS _samr_QueryGroupInfo(struct pipes_struct *p,
                return status;
        }
 
+       map = talloc_zero(p->mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        become_root();
-       ret = get_domain_group_from_sid(ginfo->sid, &map);
+       ret = get_domain_group_from_sid(ginfo->sid, map);
        unbecome_root();
        if (!ret)
                return NT_STATUS_INVALID_HANDLE;
 
-       /* FIXME: map contains fstrings */
-       group_name = talloc_strdup(r, map.nt_name);
-       group_description = talloc_strdup(r, map.comment);
+       group_name = talloc_move(r, &map->nt_name);
+       group_description = talloc_move(r, &map->comment);
+
+       TALLOC_FREE(map);
 
        info = talloc_zero(p->mem_ctx, union samr_GroupInfo);
        if (!info) {
@@ -6068,7 +6074,7 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
                            struct samr_SetGroupInfo *r)
 {
        struct samr_group_info *ginfo;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        NTSTATUS status;
        bool ret;
 
@@ -6079,20 +6085,33 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
                return status;
        }
 
+       map = talloc_zero(p->mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        become_root();
-       ret = get_domain_group_from_sid(ginfo->sid, &map);
+       ret = get_domain_group_from_sid(ginfo->sid, map);
        unbecome_root();
        if (!ret)
                return NT_STATUS_NO_SUCH_GROUP;
 
        switch (r->in.level) {
                case 2:
-                       fstrcpy(map.nt_name, r->in.info->name.string);
+                       map->nt_name = talloc_strdup(map,
+                                                    r->in.info->name.string);
+                       if (!map->nt_name) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                        break;
                case 3:
                        break;
                case 4:
-                       fstrcpy(map.comment, r->in.info->description.string);
+                       map->comment = talloc_strdup(map,
+                                               r->in.info->description.string);
+                       if (!map->comment) {
+                               return NT_STATUS_NO_MEMORY;
+                       }
                        break;
                default:
                        return NT_STATUS_INVALID_INFO_CLASS;
@@ -6101,11 +6120,13 @@ NTSTATUS _samr_SetGroupInfo(struct pipes_struct *p,
        /******** BEGIN SeAddUsers BLOCK *********/
 
        become_root();
-       status = pdb_update_group_mapping_entry(&map);
+       status = pdb_update_group_mapping_entry(map);
        unbecome_root();
 
        /******** End SeAddUsers BLOCK *********/
 
+       TALLOC_FREE(map);
+
        if (NT_STATUS_IS_OK(status)) {
                force_flush_samr_cache(&ginfo->sid);
        }
@@ -6269,7 +6290,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
 
 {
        struct dom_sid info_sid;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct samr_domain_info *dinfo;
        struct samr_group_info *ginfo;
        struct security_descriptor         *psd = NULL;
@@ -6312,13 +6333,20 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
        DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n",
                   sid_string_dbg(&info_sid)));
 
+       map = talloc_zero(p->mem_ctx, GROUP_MAP);
+       if (!map) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
        /* check if that group really exists */
        become_root();
-       ret = get_domain_group_from_sid(info_sid, &map);
+       ret = get_domain_group_from_sid(info_sid, map);
        unbecome_root();
        if (!ret)
                return NT_STATUS_NO_SUCH_GROUP;
 
+       TALLOC_FREE(map);
+
        ginfo = policy_handle_create(p, r->out.group_handle,
                                     acc_granted,
                                     struct samr_group_info, &status);

diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index 09f4bfd33a50cf6aa73883fedf1d467a504e7d30..f6802f26443d06d41750ece20625fec7e6663c05 100644 (file)
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -33,24 +33,32 @@
 **********************************************************/
 static bool get_sid_from_input(struct dom_sid *sid, char *input)
 {
-       GROUP_MAP map;
+       GROUP_MAP *map;
+
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return false;
+       }
 
        if (strncasecmp_m( input, "S-", 2)) {
                /* Perhaps its the NT group name? */
-               if (!pdb_getgrnam(&map, input)) {
+               if (!pdb_getgrnam(map, input)) {
                        printf(_("NT Group %s doesn't exist in mapping DB\n"),
                               input);
+                       TALLOC_FREE(map);
                        return false;
                } else {
-                       *sid = map.sid;
+                       *sid = map->sid;
                }
        } else {
                if (!string_to_sid(sid, input)) {
                        printf(_("converting sid %s from a string failed!\n"),
                               input);
+                       TALLOC_FREE(map);
                        return false;
                }
        }
+       TALLOC_FREE(map);
        return true;
 }
 
@@ -127,7 +135,7 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
        /* list a single group is given a name */
        if ( ntgroup[0] || sid_string[0] ) {
                struct dom_sid sid;
-               GROUP_MAP map;
+               GROUP_MAP *map;
 
                if ( sid_string[0] )
                        strlcpy(ntgroup, sid_string, sizeof(ntgroup));
@@ -136,27 +144,39 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
                        return -1;
                }
 
+               map = talloc_zero(NULL, GROUP_MAP);
+               if (!map) {
+                       return -1;
+               }
+
                /* Get the current mapping from the database */
-               if(!pdb_getgrsid(&map, sid)) {
+               if(!pdb_getgrsid(map, sid)) {
                        d_fprintf(stderr,
                                  _("Failure to local group SID in the "
                                    "database\n"));
+                       TALLOC_FREE(map);
                        return -1;
                }
 
-               print_map_entry(&map, long_list );
+               print_map_entry(map, long_list );
+               TALLOC_FREE(map);
        }
        else {
-               GROUP_MAP *map=NULL;
+               GROUP_MAP **maps = NULL;
+               bool ok = false;
                /* enumerate all group mappings */
-               if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries, ENUM_ALL_MAPPED))
+               ok = pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN,
+                                           &maps, &entries,
+                                           ENUM_ALL_MAPPED);
+               if (!ok) {
                        return -1;
+               }
 
                for (i=0; i<entries; i++) {
-                       print_map_entry(&map[i], long_list);
+                       print_map_entry(maps[i], long_list);
                }
 
-               SAFE_FREE(map);
+               TALLOC_FREE(maps);
        }
 
        return 0;
@@ -178,7 +198,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
        uint32 rid = 0;
        gid_t gid;
        int i;
-       GROUP_MAP map;
+       GROUP_MAP *map;
 
        const char *name_type;
        const char add_usage_str[] = N_("net groupmap add "
@@ -188,10 +208,6 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
                                        "[ntgroup=<string>] "
                                        "[comment=<string>]");
 
-       ZERO_STRUCT(map);
-
-       /* Default is domain group. */
-       map.sid_name_use = SID_NAME_DOM_GRP;
        name_type = "domain group";
 
        if (c->display_usage) {
@@ -280,13 +296,19 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
                return -1;
        }
 
-       {
-               if (pdb_getgrgid(&map, gid)) {
-                       d_printf(_("Unix group %s already mapped to SID %s\n"),
-                                unixgrp, sid_string_tos(&map.sid));
-                       return -1;
-               }
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return -1;
        }
+       /* Default is domain group. */
+       map->sid_name_use = SID_NAME_DOM_GRP;
+       if (pdb_getgrgid(map, gid)) {
+               d_printf(_("Unix group %s already mapped to SID %s\n"),
+                        unixgrp, sid_string_tos(&map->sid));
+               TALLOC_FREE(map);
+               return -1;
+       }
+       TALLOC_FREE(map);
 
        if ( (rid == 0) && (string_sid[0] == '\0') ) {
                d_printf(_("No rid or sid specified, choosing a RID\n"));
@@ -339,7 +361,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
 static int net_groupmap_modify(struct net_context *c, int argc, const char **argv)
 {
        struct dom_sid sid;
-       GROUP_MAP map;
+       GROUP_MAP *map = NULL;
        fstring ntcomment = "";
        fstring type = "";
        fstring ntgroup = "";
@@ -430,10 +452,16 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
                }
        }
 
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               return -1;
+       }
+
        /* Get the current mapping from the database */
-       if(!pdb_getgrsid(&map, sid)) {
+       if(!pdb_getgrsid(map, sid)) {
                d_fprintf(stderr,
                         _("Failed to find local group SID in the database\n"));
+               TALLOC_FREE(map);
                return -1;
        }
 
@@ -443,24 +471,36 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
         */
        if (sid_type == SID_NAME_UNKNOWN) {
                d_fprintf(stderr, _("Can't map to an unknown group type.\n"));
+               TALLOC_FREE(map);
                return -1;
         }
 
-       if (map.sid_name_use == SID_NAME_WKN_GRP) {
+       if (map->sid_name_use == SID_NAME_WKN_GRP) {
                d_fprintf(stderr,
                          _("You can only change between domain and local "
                            "groups.\n"));
+               TALLOC_FREE(map);
                return -1;
        }
 
-       map.sid_name_use=sid_type;
+       map->sid_name_use = sid_type;
 
        /* Change comment if new one */
-       if ( ntcomment[0] )
-               strlcpy(map.comment, ntcomment, sizeof(map.comment));
+       if (ntcomment[0]) {
+               map->comment = talloc_strdup(map, ntcomment);
+               if (!map->comment) {
+                       d_fprintf(stderr, _("Out of memory!\n"));
+                       return -1;
+               }
+       }
 
-       if ( ntgroup[0] )
-               strlcpy(map.nt_name, ntgroup, sizeof(map.nt_name));
+       if (ntgroup[0]) {
+               map->nt_name = talloc_strdup(map, ntgroup);
+               if (!map->nt_name) {
+                       d_fprintf(stderr, _("Out of memory!\n"));
+                       return -1;
+               }
+       }
 
        if ( unixgrp[0] ) {
                gid = nametogid( unixgrp );
@@ -468,19 +508,22 @@ static int net_groupmap_modify(struct net_context *c, int argc, const char **arg
                        d_fprintf(stderr, _("Unable to lookup UNIX group %s.  "
                                            "Make sure the group exists.\n"),
                                unixgrp);
+                       TALLOC_FREE(map);
                        return -1;
                }
 
-               map.gid = gid;
+               map->gid = gid;
        }
 
-       if ( !NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map)) ) {
+       if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
                d_fprintf(stderr, _("Could not update group database\n"));
+               TALLOC_FREE(map);
                return -1;
        }
 
-       d_printf(_("Updated mapping entry for %s\n"), map.nt_name);
+       d_printf(_("Updated mapping entry for %s\n"), map->nt_name);
 
+       TALLOC_FREE(map);
        return 0;
 }
 
@@ -552,7 +595,7 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
 {
        const char *ntgroup = NULL;
        struct group *grp = NULL;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        bool have_map = false;
 
        if ((argc < 1) || (argc > 2) || c->display_usage) {
@@ -580,13 +623,19 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
                }
        }
 
-       have_map = pdb_getgrnam(&map, ntgroup);
+       map = talloc_zero(NULL, GROUP_MAP);
+       if (!map) {
+               d_printf(_("Out of memory!\n"));
+               return -1;
+       }
+
+       have_map = pdb_getgrnam(map, ntgroup);
 
        if (!have_map) {
                struct dom_sid sid;
                have_map = ( (strncmp(ntgroup, "S-", 2) == 0) &&
                             string_to_sid(&sid, ntgroup) &&
-                            pdb_getgrsid(&map, sid) );
+                            pdb_getgrsid(map, sid) );
        }
 
        if (!have_map) {
@@ -597,33 +646,41 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
                        d_fprintf(stderr,
                                  _("Could not find group mapping for %s\n"),
                                  ntgroup);
+                       TALLOC_FREE(map);
                        return -1;
                }
 
-               map.gid = grp->gr_gid;
+               map->gid = grp->gr_gid;
 
                if (c->opt_rid == 0) {
                        if ( pdb_capabilities() & PDB_CAP_STORE_RIDS ) {
                                if ( !pdb_new_rid((uint32*)&c->opt_rid) ) {
                                        d_fprintf( stderr,
                                            _("Could not allocate new RID\n"));
+                                       TALLOC_FREE(map);
                                        return -1;
                                }
                        } else {
-                               c->opt_rid = algorithmic_pdb_gid_to_group_rid(map.gid);
+                               c->opt_rid = algorithmic_pdb_gid_to_group_rid(map->gid);
                        }
                }
 
-               sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid);
+               sid_compose(&map->sid, get_global_sam_sid(), c->opt_rid);
 
-               map.sid_name_use = SID_NAME_DOM_GRP;
-               fstrcpy(map.nt_name, ntgroup);
-               fstrcpy(map.comment, "");
+               map->sid_name_use = SID_NAME_DOM_GRP;
+               map->nt_name = talloc_strdup(map, ntgroup);
+               map->comment = talloc_strdup(map, "");
+               if (!map->nt_name || !map->comment) {
+                       d_printf(_("Out of memory!\n"));
+                       TALLOC_FREE(map);
+                       return -1;
+               }
 
-               if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(&map))) {
+               if (!NT_STATUS_IS_OK(pdb_add_group_mapping_entry(map))) {
                        d_fprintf(stderr,
                                  _("Could not add mapping entry for %s\n"),
                                  ntgroup);
+                       TALLOC_FREE(map);
                        return -1;
                }
        }
@@ -631,46 +688,59 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
        /* Now we have a mapping entry, update that stuff */
 
        if ( c->opt_localgroup || c->opt_domaingroup ) {
-               if (map.sid_name_use == SID_NAME_WKN_GRP) {
+               if (map->sid_name_use == SID_NAME_WKN_GRP) {
                        d_fprintf(stderr,
                                  _("Can't change type of the BUILTIN "
                                    "group %s\n"),
-                                 map.nt_name);
+                                 map->nt_name);
+                       TALLOC_FREE(map);
                        return -1;
                }
        }
 
        if (c->opt_localgroup)
-               map.sid_name_use = SID_NAME_ALIAS;
+               map->sid_name_use = SID_NAME_ALIAS;
 
        if (c->opt_domaingroup)
-               map.sid_name_use = SID_NAME_DOM_GRP;
+               map->sid_name_use = SID_NAME_DOM_GRP;
 
        /* The case (opt_domaingroup && opt_localgroup) was tested for above */
 
        if ((c->opt_comment != NULL) && (strlen(c->opt_comment) > 0)) {
-               fstrcpy(map.comment, c->opt_comment);
+               map->comment = talloc_strdup(map, c->opt_comment);
+               if (!map->comment) {
+                       d_printf(_("Out of memory!\n"));
+                       TALLOC_FREE(map);
+                       return -1;
+               }
        }
 
        if ((c->opt_newntname != NULL) && (strlen(c->opt_newntname) > 0)) {
-               fstrcpy(map.nt_name, c->opt_newntname);
+               map->nt_name = talloc_strdup(map, c->opt_newntname);
+               if (!map->nt_name) {
+                       d_printf(_("Out of memory!\n"));
+                       TALLOC_FREE(map);
+                       return -1;
+               }
        }
 
        if (grp != NULL)
-               map.gid = grp->gr_gid;
+               map->gid = grp->gr_gid;
 
-       if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(&map))) {
+       if (!NT_STATUS_IS_OK(pdb_update_group_mapping_entry(map))) {
                d_fprintf(stderr, _("Could not update group mapping for %s\n"),
                          ntgroup);
+               TALLOC_FREE(map);
                return -1;
        }
 
+       TALLOC_FREE(map);
        return 0;
 }
 
 static int net_groupmap_cleanup(struct net_context *c, int argc, const char **argv)
 {
-       GROUP_MAP *map = NULL;
+       GROUP_MAP **maps = NULL;
        size_t i, entries;
 
        if (c->display_usage) {
@@ -682,7 +752,7 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar
                return 0;
        }
 
-       if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &map, &entries,
+       if (!pdb_enum_group_mapping(NULL, SID_NAME_UNKNOWN, &maps, &entries,
                                    ENUM_ALL_MAPPED)) {
                d_fprintf(stderr, _("Could not list group mappings\n"));
                return -1;
@@ -690,19 +760,19 @@ static int net_groupmap_cleanup(struct net_context *c, int argc, const char **ar
 
        for (i=0; i<entries; i++) {
 
-               if (map[i].gid == -1)
-                       printf(_("Group %s is not mapped\n"), map[i].nt_name);
+               if (maps[i]->gid == -1)
+                       printf(_("Group %s is not mapped\n"),
+                               maps[i]->nt_name);
 
-               if (!sid_check_is_in_our_domain(&map[i].sid)) {
+               if (!sid_check_is_in_our_domain(&maps[i]->sid)) {
                        printf(_("Deleting mapping for NT Group %s, sid %s\n"),
-                              map[i].nt_name,
-                              sid_string_tos(&map[i].sid));
-                       pdb_delete_group_mapping_entry(map[i].sid);
+                               maps[i]->nt_name,
+                               sid_string_tos(&maps[i]->sid));
+                       pdb_delete_group_mapping_entry(maps[i]->sid);
                }
        }
 
-       SAFE_FREE(map);
-
+       TALLOC_FREE(maps);
        return 0;
 }
 

diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 467e441f60f37cd6c0626a0b986c669be6d564af..4ebd8a9e69dedebd5d4608cdb656a965e1dba408 100644 (file)
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -299,7 +299,7 @@ static int net_sam_set_pwdmustchangenow(struct net_context *c, int argc,
 static int net_sam_set_comment(struct net_context *c, int argc,
                               const char **argv)
 {
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct dom_sid sid;
        enum lsa_SidType type;
        const char *dom, *name;
@@ -330,14 +330,24 @@ static int net_sam_set_comment(struct net_context *c, int argc,
                return -1;
        }
 
-       if (!pdb_getgrsid(&map, sid)) {
+       map = talloc_zero(talloc_tos(), GROUP_MAP);
+       if (!map) {
+               d_fprintf(stderr, _("Out of memory!\n"));
+               return -1;
+       }
+
+       if (!pdb_getgrsid(map, sid)) {
                d_fprintf(stderr, _("Could not load group %s\n"), argv[0]);
                return -1;
        }
 
-       fstrcpy(map.comment, argv[1]);
+       map->comment = talloc_strdup(map, argv[1]);
+       if (!map->comment) {
+               d_fprintf(stderr, _("Out of memory!\n"));
+               return -1;
+       }
 
-       status = pdb_update_group_mapping_entry(&map);
+       status = pdb_update_group_mapping_entry(map);
 
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, _("Updating group mapping entry failed with "
@@ -348,6 +358,7 @@ static int net_sam_set_comment(struct net_context *c, int argc,
        d_printf("Updated comment of group %s\\%s to %s\n", dom, name,
                 argv[1]);
 
+       TALLOC_FREE(map);
        return 0;
 }
 
@@ -807,39 +818,33 @@ static int net_sam_rights(struct net_context *c, int argc, const char **argv)
  * Map a unix group to a domain group
  */
 
-static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
+static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *map)
 {
-       NTSTATUS status;
-       GROUP_MAP map;
-       const char *grpname, *dom, *name;
+       const char *dom, *name;
        uint32 rid;
 
-       if (pdb_getgrgid(&map, grp->gr_gid)) {
+       if (pdb_getgrgid(map, grp->gr_gid)) {
                return NT_STATUS_GROUP_EXISTS;
        }
 
-       map.gid = grp->gr_gid;
-       grpname = grp->gr_name;
+       map->gid = grp->gr_gid;
 
-       if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+       if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
                        &dom, &name, NULL, NULL)) {
 
-               const char *tmp = talloc_asprintf(
-                       talloc_tos(), "Unix Group %s", grp->gr_name);
+               map->nt_name = talloc_asprintf(map, "Unix Group %s",
+                                                       grp->gr_name);
 
                DEBUG(5, ("%s exists as %s\\%s, retrying as \"%s\"\n",
-                         grpname, dom, name, tmp));
-               grpname = tmp;
+                         grp->gr_name, dom, name, map->nt_name));
        }
 
-       if (lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+       if (lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
                        NULL, NULL, NULL, NULL)) {
                DEBUG(3, ("\"%s\" exists, can't map it\n", grp->gr_name));
                return NT_STATUS_GROUP_EXISTS;
        }
 
-       fstrcpy(map.nt_name, grpname);
-
        if (pdb_capabilities() & PDB_CAP_STORE_RIDS) {
                if (!pdb_new_rid(&rid)) {
                        DEBUG(3, ("Could not get a new RID for %s\n",
@@ -850,22 +855,17 @@ static NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap)
                rid = algorithmic_pdb_gid_to_group_rid( grp->gr_gid );
        }
 
-       sid_compose(&map.sid, get_global_sam_sid(), rid);
-       map.sid_name_use = SID_NAME_DOM_GRP;
-       fstrcpy(map.comment, talloc_asprintf(talloc_tos(), "Unix Group %s",
-                                            grp->gr_name));
+       sid_compose(&map->sid, get_global_sam_sid(), rid);
+       map->sid_name_use = SID_NAME_DOM_GRP;
+       map->comment = talloc_asprintf(map, "Unix Group %s", grp->gr_name);
 
-       status = pdb_add_group_mapping_entry(&map);
-       if (NT_STATUS_IS_OK(status)) {
-               *pmap = map;
-       }
-       return status;
+       return pdb_add_group_mapping_entry(map);
 }
 
 static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **argv)
 {
        NTSTATUS status;
-       GROUP_MAP map;
+       GROUP_MAP *map;
        struct group *grp;
 
        if (argc != 1 || c->display_usage) {
@@ -881,7 +881,13 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
                return -1;
        }
 
-       status = map_unix_group(grp, &map);
+       map = talloc_zero(talloc_tos(), GROUP_MAP);
+       if (!map) {
+               d_fprintf(stderr, _("Out of memory!\n"));
+               return -1;
+       }
+
+       status = map_unix_group(grp, map);
 
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, _("Mapping group %s failed with %s\n"),
@@ -890,8 +896,9 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
        }
 
        d_printf(_("Mapped unix group %s to SID %s\n"), argv[0],
-                sid_string_tos(&map.sid));
+                sid_string_tos(&map->sid));
 
+       TALLOC_FREE(map);
        return 0;
 }
 
@@ -899,24 +906,17 @@ static int net_sam_mapunixgroup(struct net_context *c, int argc, const char **ar
  * Remove a group mapping
  */
 
-static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
+static NTSTATUS unmap_unix_group(const struct group *grp)
 {
-        GROUP_MAP map;
-        const char *grpname;
         struct dom_sid dom_sid;
 
-        map.gid = grp->gr_gid;
-        grpname = grp->gr_name;
-
-        if (!lookup_name(talloc_tos(), grpname, LOOKUP_NAME_LOCAL,
+        if (!lookup_name(talloc_tos(), grp->gr_name, LOOKUP_NAME_LOCAL,
                         NULL, NULL, NULL, NULL)) {
                 DEBUG(3, ("\"%s\" does not exist, can't unmap it\n", grp->gr_name));
                 return NT_STATUS_NO_SUCH_GROUP;
         }
 
-        fstrcpy(map.nt_name, grpname);
-
-        if (!pdb_gid_to_sid(map.gid, &dom_sid)) {
+        if (!pdb_gid_to_sid(grp->gr_gid, &dom_sid)) {
                 return NT_STATUS_UNSUCCESSFUL;
         }
 
@@ -926,7 +926,6 @@ static NTSTATUS unmap_unix_group(const struct group *grp, GROUP_MAP *pmap)
 static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **argv)
 {
        NTSTATUS status;
-       GROUP_MAP map;
        struct group *grp;
 
        if (argc != 1 || c->display_usage) {
@@ -943,7 +942,7 @@ static int net_sam_unmapunixgroup(struct net_context *c, int argc, const char **
                return -1;
        }
 
-       status = unmap_unix_group(grp, &map);
+       status = unmap_unix_group(grp);
 
        if (!NT_STATUS_IS_OK(status)) {
                d_fprintf(stderr, _("Unmapping group %s failed with %s.\n"),
@@ -1583,7 +1582,7 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
        char *ldap_uri = NULL;
        char *p;
        struct smbldap_state *ls;
-       GROUP_MAP gmap;
+       GROUP_MAP *gmap = NULL;
        struct dom_sid gsid;
        gid_t domusers_gid = -1;
        gid_t domadmins_gid = -1;
@@ -1653,7 +1652,13 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
 
        sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_USERS);
 
-       if (!pdb_getgrsid(&gmap, gsid)) {
+       gmap = talloc_zero(tc, GROUP_MAP);
+       if (!gmap) {
+               d_printf(_("Out of memory!\n"));
+               goto failed;
+       }
+
+       if (!pdb_getgrsid(gmap, gsid)) {
                LDAPMod **mods = NULL;
                char *dn;
                char *uname;
@@ -1710,16 +1715,16 @@ static int net_sam_provision(struct net_context *c, int argc, const char **argv)
                }
 
                if (is_ipa) {
-                       if (!pdb_getgrsid(&gmap, gsid)) {
+                       if (!pdb_getgrsid(gmap, gsid)) {
                                d_fprintf(stderr, _("Failed to read just "
                                                    "created domain group.\n"));
                                goto failed;
                        } else {
-                               domusers_gid = gmap.gid;
+                               domusers_gid = gmap->gid;
                        }
                }
        } else {
-               domusers_gid = gmap.gid;
+               domusers_gid = gmap->gid;
                d_printf(_("found!\n"));
        }
 
@@ -1729,7 +1734,7 @@ domu_done:
 
        sid_compose(&gsid, get_global_sam_sid(), DOMAIN_RID_ADMINS);
 
-       if (!pdb_getgrsid(&gmap, gsid)) {
+       if (!pdb_getgrsid(gmap, gsid)) {
                LDAPMod **mods = NULL;
                char *dn;
                char *uname;
@@ -1786,16 +1791,16 @@ domu_done:
                }
 
                if (is_ipa) {
-                       if (!pdb_getgrsid(&gmap, gsid)) {
+                       if (!pdb_getgrsid(gmap, gsid)) {
                                d_fprintf(stderr, _("Failed to read just "
                                                    "created domain group.\n"));
                                goto failed;
                        } else {
-                               domadmins_gid = gmap.gid;
+                               domadmins_gid = gmap->gid;
                        }
                }
        } else {
-               domadmins_gid = gmap.gid;
+               domadmins_gid = gmap->gid;
                d_printf(_("found!\n"));
        }
 
@@ -2039,7 +2044,7 @@ doma_done:
                goto done;
        }
 
-       if (!pdb_getgrgid(&gmap, pwd->pw_gid)) {
+       if (!pdb_getgrgid(gmap, pwd->pw_gid)) {
                LDAPMod **mods = NULL;
                char *dn;
                char *uname;

diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index cec65a9db7b826a0a1a48998604381fe39b20b22..06eed201f4e1336693dd9608b1a14f7bf5c014d8 100644 (file)
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -175,7 +175,7 @@ static int export_database (struct pdb_methods *in,
 
 static int export_groups (struct pdb_methods *in, struct pdb_methods *out)
 {
-       GROUP_MAP *maps = NULL;
+       GROUP_MAP **maps = NULL;
        size_t i, entries = 0;
        NTSTATUS status;
 
@@ -188,10 +188,10 @@ static int export_groups (struct pdb_methods *in, struct pdb_methods *out)
        }
 
        for (i=0; i<entries; i++) {
-               out->add_group_mapping_entry(out, &(maps[i]));
+               out->add_group_mapping_entry(out, maps[i]);
        }
 
-       SAFE_FREE( maps );
+       TALLOC_FREE(maps);
 
        return 0;
 }