Exemple #1
0
/*
  add/remove a member field
*/
static NTSTATUS modify_aliasmem(const DOM_SID *alias, const DOM_SID *member,
				int operation)
{
	fstring string_sid;
	int ret;
	struct ldb_message msg;
	struct ldb_message_element el;
	struct ldb_val val;
	TALLOC_CTX *tmp_ctx;
	GROUP_MAP map;

	if (!get_group_map_from_sid(*alias, &map)) {
		sid_to_fstring(string_sid, alias);
		return NT_STATUS_NO_SUCH_ALIAS;
	}

	if ((map.sid_name_use != SID_NAME_ALIAS) &&
	    (map.sid_name_use != SID_NAME_WKN_GRP)) {
		DEBUG(0,("sid_name_use=%d\n", map.sid_name_use));
		return NT_STATUS_NO_SUCH_ALIAS;
	}

	tmp_ctx = talloc_new(NULL);
	if (tmp_ctx == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	msg.dn = mapping_dn(tmp_ctx, alias);
	if (msg.dn == NULL) {
		return NT_STATUS_NO_MEMORY;
	}
	msg.num_elements = 1;
	msg.elements = ⪙
	el.flags = operation;
	el.name = talloc_strdup(tmp_ctx, "member");
	el.num_values = 1;
	el.values = &val;
	sid_to_fstring(string_sid, member);
	val.data = (uint8_t *)string_sid;
	val.length = strlen(string_sid);

	ret = ldb_modify(ldb, &msg);
	talloc_free(tmp_ctx);

	if (ret == LDB_ERR_NO_SUCH_OBJECT) {
		return NT_STATUS_NO_SUCH_ALIAS;
	}

	if (operation == LDB_FLAG_MOD_ADD &&
	    ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
		return NT_STATUS_MEMBER_IN_ALIAS;
	}

	return (ret == LDB_SUCCESS ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
}
static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, size_t *num)
{
	GROUP_MAP map;
	struct aliasmem_state state;

	if (!get_group_map_from_sid(*alias, &map))
		return NT_STATUS_NO_SUCH_ALIAS;

	if ( (map.sid_name_use != SID_NAME_ALIAS) &&
	     (map.sid_name_use != SID_NAME_WKN_GRP) )
		return NT_STATUS_NO_SUCH_ALIAS;

	*sids = NULL;
	*num = 0;

	state.alias = alias;
	state.sids = sids;
	state.num = num;

	db->traverse_read(db, collect_aliasmem, &state);
	return NT_STATUS_OK;
}
static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
{
	GROUP_MAP map;
	char *key;
	fstring string_sid;
	char *new_memberstring;
	struct db_record *rec;
	NTSTATUS status;

	if (!get_group_map_from_sid(*alias, &map))
		return NT_STATUS_NO_SUCH_ALIAS;

	if ( (map.sid_name_use != SID_NAME_ALIAS) &&
	     (map.sid_name_use != SID_NAME_WKN_GRP) )
		return NT_STATUS_NO_SUCH_ALIAS;

	if (is_aliasmem(alias, member))
		return NT_STATUS_MEMBER_IN_ALIAS;

	sid_to_fstring(string_sid, member);

	key = talloc_asprintf(talloc_tos(), "%s%s", MEMBEROF_PREFIX,
			      string_sid);
	if (key == NULL) {
		return NT_STATUS_NO_MEMORY;
	}

	if (db->transaction_start(db) != 0) {
		DEBUG(0, ("transaction_start failed\n"));
		return NT_STATUS_INTERNAL_DB_CORRUPTION;
	}

	rec = db->fetch_locked(db, key, string_term_tdb_data(key));

	if (rec == NULL) {
		DEBUG(10, ("fetch_lock failed\n"));
		TALLOC_FREE(key);
		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
		goto cancel;
	}

	sid_to_fstring(string_sid, alias);

	if (rec->value.dptr != NULL) {
		new_memberstring = talloc_asprintf(
			key, "%s %s", (char *)(rec->value.dptr), string_sid);
	} else {
		new_memberstring = talloc_strdup(key, string_sid);
	}

	if (new_memberstring == NULL) {
		TALLOC_FREE(key);
		status = NT_STATUS_NO_MEMORY;
		goto cancel;
	}

	status = rec->store(rec, string_term_tdb_data(new_memberstring), 0);

	TALLOC_FREE(key);

	if (!NT_STATUS_IS_OK(status)) {
		DEBUG(10, ("Could not store record: %s\n", nt_errstr(status)));
		goto cancel;
	}

	if (db->transaction_commit(db) != 0) {
		DEBUG(0, ("transaction_commit failed\n"));
		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
		goto cancel;
	}

	return NT_STATUS_OK;

 cancel:
	if (db->transaction_cancel(db) != 0) {
		smb_panic("transaction_cancel failed");
	}

	return status;
}