static int collect_aliasmem(struct db_record *rec, void *priv)
{
struct aliasmem_state *state = (struct aliasmem_state *)priv;
const char *p;
char *alias_string;
TALLOC_CTX *frame;
if (strncmp((const char *)rec->key.dptr, MEMBEROF_PREFIX,
MEMBEROF_PREFIX_LEN) != 0)
return 0;
p = (const char *)rec->value.dptr;
frame = talloc_stackframe();
while (next_token_talloc(frame, &p, &alias_string, " ")) {
struct dom_sid alias, member;
const char *member_string;
uint32_t num_sids;
if (!string_to_sid(&alias, alias_string))
continue;
if (dom_sid_compare(state->alias, &alias) != 0)
continue;
/* Ok, we found the alias we're looking for in the membership
* list currently scanned. The key represents the alias
* member. Add that. */
member_string = strchr((const char *)rec->key.dptr, '/');
/* Above we tested for MEMBEROF_PREFIX which includes the
* slash. */
SMB_ASSERT(member_string != NULL);
member_string += 1;
if (!string_to_sid(&member, member_string))
continue;
num_sids = *state->num;
if (!NT_STATUS_IS_OK(add_sid_to_array(state->mem_ctx, &member,
state->sids,
&num_sids)))
{
/* talloc fail. */
break;
}
*state->num = num_sids;
}
TALLOC_FREE(frame);
return 0;
}
static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
{
struct dom_sid *sids;
size_t i;
size_t num;
/* This feels the wrong way round, but the on-disk data structure
* dictates it this way. */
if (!NT_STATUS_IS_OK(alias_memberships(member, 1, &sids, &num)))
return False;
for (i=0; i<num; i++) {
if (dom_sid_compare(alias, &sids[i]) == 0) {
TALLOC_FREE(sids);
return True;
}
}
TALLOC_FREE(sids);
return False;
}
bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2)
{
return dom_sid_compare(sid1, sid2) == 0;
}
NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context,
TALLOC_CTX *mem_ctx,
void *server_returned_info,
const char *original_user_name,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
struct auth_user_info_dc *user_info = NULL;
struct auth_serversupplied_info *server_info = NULL;
NTSTATUS nt_status;
/*
* This is a hack, some callers...
*
* Some callers pass auth_user_info_dc, the SCHANNEL and
* NCALRPC_AS_SYSTEM gensec modules.
*
* While the reset passes auth3_check_password() returned.
*/
user_info = talloc_get_type(server_returned_info,
struct auth_user_info_dc);
if (user_info != NULL) {
const struct dom_sid *sid;
int cmp;
/*
* This should only be called from SCHANNEL or NCALRPC_AS_SYSTEM
*/
if (user_info->num_sids != 1) {
return NT_STATUS_INTERNAL_ERROR;
}
sid = &user_info->sids[PRIMARY_USER_SID_INDEX];
cmp = dom_sid_compare(sid, &global_sid_System);
if (cmp == 0) {
return make_session_info_system(mem_ctx, session_info);
}
cmp = dom_sid_compare(sid, &global_sid_Anonymous);
if (cmp == 0) {
/*
* TODO: use auth_anonymous_session_info() here?
*/
return make_session_info_guest(mem_ctx, session_info);
}
return NT_STATUS_INTERNAL_ERROR;
}
server_info = talloc_get_type_abort(server_returned_info,
struct auth_serversupplied_info);
nt_status = create_local_token(mem_ctx,
server_info,
NULL,
original_user_name,
session_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(10, ("create_local_token failed: %s\n",
nt_errstr(nt_status)));
return nt_status;
}
return NT_STATUS_OK;
}
static bool same_principal(struct afs_ace *x, struct afs_ace *y)
{
return ( (x->positive == y->positive) &&
(dom_sid_compare(&x->sid, &y->sid) == 0) );
}
static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member)
{
NTSTATUS status;
struct dom_sid *sids;
size_t i, num;
bool found = False;
char *member_string;
char *key;
fstring sid_string;
if (db->transaction_start(db) != 0) {
DEBUG(0, ("transaction_start failed\n"));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
status = alias_memberships(member, 1, &sids, &num);
if (!NT_STATUS_IS_OK(status)) {
goto cancel;
}
for (i=0; i<num; i++) {
if (dom_sid_compare(&sids[i], alias) == 0) {
found = True;
break;
}
}
if (!found) {
TALLOC_FREE(sids);
status = NT_STATUS_MEMBER_NOT_IN_ALIAS;
goto cancel;
}
if (i < num)
sids[i] = sids[num-1];
num -= 1;
sid_to_fstring(sid_string, member);
key = talloc_asprintf(sids, "%s%s", MEMBEROF_PREFIX, sid_string);
if (key == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
if (num == 0) {
status = dbwrap_delete_bystring(db, key);
goto commit;
}
member_string = talloc_strdup(sids, "");
if (member_string == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
for (i=0; i<num; i++) {
sid_to_fstring(sid_string, &sids[i]);
member_string = talloc_asprintf_append_buffer(
member_string, " %s", sid_string);
if (member_string == NULL) {
TALLOC_FREE(sids);
status = NT_STATUS_NO_MEMORY;
goto cancel;
}
}
status = dbwrap_store_bystring(
db, key, string_term_tdb_data(member_string), 0);
commit:
TALLOC_FREE(sids);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("dbwrap_store_bystring failed: %s\n",
nt_errstr(status)));
goto cancel;
}
if (db->transaction_commit(db) != 0) {
DEBUG(0, ("transaction_commit failed\n"));
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
return status;
}
return NT_STATUS_OK;
cancel:
if (db->transaction_cancel(db) != 0) {
smb_panic("transaction_cancel failed");
}
return status;
}
