diff options
author | Luke Leighton <lkcl@samba.org> | 1998-11-29 20:03:33 +0000 |
---|---|---|
committer | Luke Leighton <lkcl@samba.org> | 1998-11-29 20:03:33 +0000 |
commit | 5d5d7e4de7d1514ab87b07ede629de8aa00519a1 (patch) | |
tree | 3af0a65e50bd318a27e595e4f086debfc14f4ffd /source/groupdb/groupdb.c | |
parent | 21d779bf7def71d5d9c899eabbb6a110860bd8e2 (diff) | |
download | samba-5d5d7e4de7d1514ab87b07ede629de8aa00519a1.tar.gz samba-5d5d7e4de7d1514ab87b07ede629de8aa00519a1.tar.xz samba-5d5d7e4de7d1514ab87b07ede629de8aa00519a1.zip |
weekend work. user / group database API.
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
Diffstat (limited to 'source/groupdb/groupdb.c')
-rw-r--r-- | source/groupdb/groupdb.c | 38 |
1 files changed, 30 insertions, 8 deletions
diff --git a/source/groupdb/groupdb.c b/source/groupdb/groupdb.c index 7b9a14c7df1..6bd6c34442f 100644 --- a/source/groupdb/groupdb.c +++ b/source/groupdb/groupdb.c @@ -24,6 +24,7 @@ #include "nterr.h" extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; /* * NOTE. All these functions are abstracted into a structure @@ -65,7 +66,28 @@ BOOL initialise_group_db(void) *************************************************************************/ DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) { - return iterate_getgrouprid(pwdb_gid_to_group_rid(gid), mem, num_mem); + DOM_NAME_MAP gmep; + uint32 rid; + if (!lookupsmbgrpgid(gid, &gmep)) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid)); + return NULL; + } + + if (gmep.type != SID_NAME_DOM_GRP && gmep.type != SID_NAME_WKN_GRP) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map to one of our Domain's Groups\n", gid)); + return NULL; + } + + sid_split_rid(&gmep.sid, &rid); + if (!sid_equal(&gmep.sid, &global_sam_sid)) + { + DEBUG(0,("iterate_getgroupgid: gid %d does not map into our Domain SID\n", gid)); + return NULL; + } + + return iterate_getgrouprid(rid, mem, num_mem); } /************************************************************************ @@ -105,7 +127,7 @@ DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_me Utility function to search group database by name. use this if your database does not have search facilities. *************************************************************************/ -DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +DOMAIN_GRP *iterate_getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) { DOMAIN_GRP *grp = NULL; void *fp = NULL; @@ -165,7 +187,7 @@ BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp) /************************************************************************* checks to see if a user is a member of a domain group *************************************************************************/ -static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) +static BOOL user_is_member(const char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) { int i; for (i = 0; i < num_mem; i++) @@ -185,7 +207,7 @@ static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) gets an array of groups that a user is in. use this if your database does not have search facilities *************************************************************************/ -BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps) +BOOL iterate_getusergroupsnam(const char *user_name, DOMAIN_GRP **grps, int *num_grps) { DOMAIN_GRP *grp = NULL; DOMAIN_GRP_MEMBER *mem = NULL; @@ -342,9 +364,9 @@ BOOL mod_group_entry(DOMAIN_GRP* grp) Routine to search group database by name. *************************************************************************/ -DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +DOMAIN_GRP *getgroupntnam(const char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) { - return gpdb_ops->getgroupnam(name, mem, num_mem); + return gpdb_ops->getgroupntnam(name, mem, num_mem); } /************************************************************************ @@ -368,9 +390,9 @@ DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) /************************************************************************* gets an array of groups that a user is in. *************************************************************************/ -BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps) +BOOL getusergroupsntnam(const char *user_name, DOMAIN_GRP **grp, int *num_grps) { - return gpdb_ops->getusergroupsnam(user_name, grp, num_grps); + return gpdb_ops->getusergroupsntnam(user_name, grp, num_grps); } /************************************************************* |