📄 mapping.c
字号:
/* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Andrew Tridgell 1992-2000, * Copyright (C) Jean Fran鏾is Micouleau 1998-2001. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */#include "includes.h"static TDB_CONTEXT *tdb; /* used for driver files */#define DATABASE_VERSION_V1 1 /* native byte format. */#define DATABASE_VERSION_V2 2 /* le format. */#define GROUP_PREFIX "UNIXGROUP/"/* Alias memberships are stored reverse, as memberships. The performance * critical operation is to determine the aliases a SID is member of, not * listing alias members. So we store a list of alias SIDs a SID is member of * hanging of the member as key. */#define MEMBEROF_PREFIX "MEMBEROF/"/****************************************************************************dump the mapping group mapping to a text file****************************************************************************/char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use){ static fstring group_type; switch(name_use) { case SID_NAME_USER: fstrcpy(group_type,"User"); break; case SID_NAME_DOM_GRP: fstrcpy(group_type,"Domain group"); break; case SID_NAME_DOMAIN: fstrcpy(group_type,"Domain"); break; case SID_NAME_ALIAS: fstrcpy(group_type,"Local group"); break; case SID_NAME_WKN_GRP: fstrcpy(group_type,"Builtin group"); break; case SID_NAME_DELETED: fstrcpy(group_type,"Deleted"); break; case SID_NAME_INVALID: fstrcpy(group_type,"Invalid"); break; case SID_NAME_UNKNOWN: default: fstrcpy(group_type,"Unknown type"); break; } fstrcpy(group, group_type); return group_type;}/****************************************************************************initialise first time the mapping list - called from init_group_mapping()****************************************************************************/static BOOL default_group_mapping(void){ DOM_SID sid_admins; DOM_SID sid_users; DOM_SID sid_guests; fstring str_admins; fstring str_users; fstring str_guests; /* Add the Wellknown groups */ add_initial_entry(-1, "S-1-5-32-544", SID_NAME_WKN_GRP, "Administrators", ""); add_initial_entry(-1, "S-1-5-32-545", SID_NAME_WKN_GRP, "Users", ""); add_initial_entry(-1, "S-1-5-32-546", SID_NAME_WKN_GRP, "Guests", ""); add_initial_entry(-1, "S-1-5-32-547", SID_NAME_WKN_GRP, "Power Users", ""); add_initial_entry(-1, "S-1-5-32-548", SID_NAME_WKN_GRP, "Account Operators", ""); add_initial_entry(-1, "S-1-5-32-549", SID_NAME_WKN_GRP, "System Operators", ""); add_initial_entry(-1, "S-1-5-32-550", SID_NAME_WKN_GRP, "Print Operators", ""); add_initial_entry(-1, "S-1-5-32-551", SID_NAME_WKN_GRP, "Backup Operators", ""); add_initial_entry(-1, "S-1-5-32-552", SID_NAME_WKN_GRP, "Replicators", ""); /* Add the defaults domain groups */ sid_copy(&sid_admins, get_global_sam_sid()); sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); sid_to_string(str_admins, &sid_admins); add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", ""); sid_copy(&sid_users, get_global_sam_sid()); sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); sid_to_string(str_users, &sid_users); add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", ""); sid_copy(&sid_guests, get_global_sam_sid()); sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); sid_to_string(str_guests, &sid_guests); add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", ""); return True;}/**************************************************************************** Open the group mapping tdb.****************************************************************************/static BOOL init_group_mapping(void){ const char *vstring = "INFO/version"; int32 vers_id; if (tdb) return True; tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); if (!tdb) { DEBUG(0,("Failed to open group mapping database\n")); return False; } /* handle a Samba upgrade */ tdb_lock_bystring(tdb, vstring, 0); /* Cope with byte-reversed older versions of the db. */ vers_id = tdb_fetch_int32(tdb, vstring); if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { /* Written on a bigendian machine with old fetch_int code. Save as le. */ tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); vers_id = DATABASE_VERSION_V2; } if (vers_id != DATABASE_VERSION_V2) { tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); } tdb_unlock_bystring(tdb, vstring); /* write a list of default groups */ if(!default_group_mapping()) return False; return True;}/********************************************************************************************************************************************************/static BOOL add_mapping_entry(GROUP_MAP *map, int flag){ TDB_DATA kbuf, dbuf; pstring key, buf; fstring string_sid=""; int len; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } sid_to_string(string_sid, &map->sid); len = tdb_pack(buf, sizeof(buf), "ddff", map->gid, map->sid_name_use, map->nt_name, map->comment); if (len > sizeof(buf)) return False; slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dsize = strlen(key)+1; kbuf.dptr = key; dbuf.dsize = len; dbuf.dptr = buf; if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; return True;}/****************************************************************************initialise first time the mapping list****************************************************************************/BOOL add_initial_entry(gid_t gid, const char *sid, enum SID_NAME_USE sid_name_use, const char *nt_name, const char *comment){ GROUP_MAP map; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } map.gid=gid; if (!string_to_sid(&map.sid, sid)) { DEBUG(0, ("string_to_sid failed: %s", sid)); return False; } map.sid_name_use=sid_name_use; fstrcpy(map.nt_name, nt_name); fstrcpy(map.comment, comment); return pdb_add_group_mapping_entry(&map);}/**************************************************************************** Return the sid and the type of the unix group.****************************************************************************/static BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map){ TDB_DATA kbuf, dbuf; pstring key; fstring string_sid; int ret = 0; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } /* the key is the SID, retrieving is direct */ sid_to_string(string_sid, &sid); slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dptr = key; kbuf.dsize = strlen(key)+1; dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) return False; ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); if ( ret == -1 ) { DEBUG(3,("get_group_map_from_sid: tdb_unpack failure\n")); return False; } sid_copy(&map->sid, &sid); return True;}/**************************************************************************** Return the sid and the type of the unix group.****************************************************************************/static BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map){ TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } /* we need to enumerate the TDB to find the GID */ for (kbuf = tdb_firstkey(tdb); kbuf.dptr; newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) continue; fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); string_to_sid(&map->sid, string_sid); ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); if ( ret == -1 ) { DEBUG(3,("get_group_map_from_gid: tdb_unpack failure\n")); return False; } if (gid==map->gid) { SAFE_FREE(kbuf.dptr); return True; } } return False;}/**************************************************************************** Return the sid and the type of the unix group.****************************************************************************/static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map){ TDB_DATA kbuf, dbuf, newkey; fstring string_sid; int ret; if(!init_group_mapping()) { DEBUG(0,("get_group_map_from_ntname:failed to initialize group mapping\n")); return(False); } /* we need to enumerate the TDB to find the name */ for (kbuf = tdb_firstkey(tdb); kbuf.dptr; newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) continue; fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); string_to_sid(&map->sid, string_sid); ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", &map->gid, &map->sid_name_use, &map->nt_name, &map->comment); SAFE_FREE(dbuf.dptr); if ( ret == -1 ) { DEBUG(3,("get_group_map_from_ntname: tdb_unpack failure\n")); return False; } if (StrCaseCmp(name, map->nt_name)==0) { SAFE_FREE(kbuf.dptr); return True; } } return False;}/**************************************************************************** Remove a group mapping entry.****************************************************************************/static BOOL group_map_remove(const DOM_SID *sid){ TDB_DATA kbuf, dbuf; pstring key; fstring string_sid; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } /* the key is the SID, retrieving is direct */ sid_to_string(string_sid, sid); slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dptr = key; kbuf.dsize = strlen(key)+1; dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) return False; SAFE_FREE(dbuf.dptr); if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) return False; return True;}/**************************************************************************** Enumerate the group mapping.****************************************************************************/static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rmap, size_t *p_num_entries, BOOL unix_only){ TDB_DATA kbuf, dbuf, newkey; fstring string_sid; fstring group_type; GROUP_MAP map; GROUP_MAP *mapt; int ret; size_t entries=0; if(!init_group_mapping()) { DEBUG(0,("failed to initialize group mapping\n")); return(False); } *p_num_entries=0; *pp_rmap=NULL; for (kbuf = tdb_firstkey(tdb); kbuf.dptr; newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) continue; fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddff", &map.gid, &map.sid_name_use, &map.nt_name, &map.comment); SAFE_FREE(dbuf.dptr); if ( ret == -1 ) { DEBUG(3,("enum_group_mapping: tdb_unpack failure\n")); continue; } /* list only the type or everything if UNKNOWN */ if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); continue; } if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); continue; } string_to_sid(&map.sid, string_sid); decode_sid_name_use(group_type, map.sid_name_use); DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -