This commit is number 2 of 4.

In particular this commit focuses on:

The guts of the moving about inside passdb.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.

----

These changes allow for the introduction of  a large dose of 'const' to
the Samba tree.

There are a number of good reasons to do this:

	- I want to allow the SAM_ACCOUNT structure to move from wasteful
	pstrings and fstrings to  allocated strings.  We can't do that if
	people are modifying these outputs, as they may well make
	assumptions about getting pstrings and fstrings

	- I want --with-pam_smbpass to compile with a slightly sane
	volume of warnings, currently its  pretty bad, even in 2.2
	where is compiles at all.

	- Tridge assures me that he no longer opposes 'const religion'
	based on the ability to  #define const the problem away.

	- Changed Get_Pwnam(x,y) into two variants (so that the const
	parameter can work correctly): - Get_Pwnam(const x) and
	Get_Pwnam_Modify(x).

	- Reworked smbd/chgpasswd.c to work with these mods, passing
	around a 'struct passwd' rather  than the modified username

passdb/

	- Kill off disp_info stuff, it isn't used any more - Kill off
	support for writing to the old smbpasswd format, it isn't relevent
	to Samba 3.0

	- Move around and modify the pdb_...() helper functions, adding
	one that sets the last changed  time to 'now' and that sets the
	must change time appropriately.

	- Remove the ugly forced update of the LCT- value in
	pdb_smbpasswd.  - Remove the implicit modification of the ACB
	flags when both NT and LM passwords are set.

	- Removed substation in pdb_getsampwnam output, as a single
	password change will render them  inoperable in any case (they
	will be substituted and stored)

	- Added a default RID to the init_sam_from_pw() function, based on
	our rid algorithm.

	- Added checks that an smbpasswd stored user has a uid-based RID.

	- Fail to store tdb based users without a RID

lib/
    - Change the substituion code to use global_myname if there is
      no connection (and therefore no called name) at the present time.
(This used to be commit 8f607810eb24ed1157bbd2e896c2c167bc34d986)

5 files changed, 94 insertions, 75 deletions

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 8fcbe60646..16f90d0333 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -254,13 +254,6 @@ typedef uint32 WERROR;
  
 #define MAX_HOURS_LEN 32
 
-struct sam_disp_info
-{
-	uint32 user_rid;      /* Primary User ID */
-	char *smb_name;     /* username string */
-	char *full_name;    /* user's full name string */
-};
-
 typedef struct
 {
         uint32 pid;
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index 9b2713a674..5336eb947f 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -29,6 +29,7 @@ pstring samlogon_user="";
 BOOL sam_logon_in_ssb = False;
 fstring remote_proto="UNKNOWN";
 fstring remote_machine="";
+extern pstring global_myname;
 
 /*******************************************************************
  Given a pointer to a %$(NAME) expand it as an environment variable.
@@ -136,8 +137,12 @@ static char *automount_server(char *user_name)
 
 	/* use the local machine name as the default */
 	/* this will be the default if WITH_AUTOMOUNT is not used or fails */
-	pstrcpy(server_name, local_machine);
-
+	if (*local_machine) {
+		pstrcpy(server_name, local_machine);
+	} else {
+		pstrcpy(server_name, global_myname);
+	}
+	
 #if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
 
 	if (lp_nis_home_map())
@@ -193,7 +198,13 @@ void standard_sub_basic(char *str)
 			string_sub(p,"%D", tmp_str,l);
 			break;
 		case 'I' : string_sub(p,"%I", client_addr(),l); break;
-		case 'L' : string_sub(p,"%L", local_machine,l); break;
+		case 'L' : 
+			if (*local_machine) {
+				string_sub(p,"%L", local_machine,l); 
+			} else {
+				string_sub(p,"%L", global_myname,l); 
+			}
+			break;
 		case 'M' : string_sub(p,"%M", client_name(),l); break;
 		case 'R' : string_sub(p,"%R", remote_proto,l); break;
 		case 'T' : string_sub(p,"%T", timestring(False),l); break;
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 634ea8fdac..671f18a7b0 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -130,6 +130,10 @@ BOOL pdb_init_sam(SAM_ACCOUNT **user)
 
 BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd)
 {
+	pstring str;
+	extern BOOL sam_logon_in_ssb;
+	extern pstring samlogon_user;
+
 	if (!pwd) {
 		new_sam_acct = NULL;
 		return False;
@@ -144,10 +148,32 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd)
 	pdb_set_fullname(*new_sam_acct, pwd->pw_gecos);
 	pdb_set_uid(*new_sam_acct, pwd->pw_uid);
 	pdb_set_gid(*new_sam_acct, pwd->pw_gid);
-	pdb_set_profile_path(*new_sam_acct, lp_logon_path());
-	pdb_set_homedir(*new_sam_acct, lp_logon_home());
-	pdb_set_dir_drive(*new_sam_acct, lp_logon_drive());
-	pdb_set_logon_script(*new_sam_acct, lp_logon_script());
+
+	pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
+	pdb_set_group_rid(*new_sam_acct, pdb_gid_to_group_rid(pwd->pw_gid));
+
+	/* UGLY, UGLY HACK!!! */
+	pstrcpy(samlogon_user, pwd->pw_name);
+	
+	sam_logon_in_ssb = True;
+	
+	pstrcpy(str, lp_logon_path());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+	pdb_set_profile_path(*new_sam_acct, str);
+	
+	pstrcpy(str, lp_logon_home());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+	pdb_set_homedir(*new_sam_acct, str);
+	
+	pstrcpy(str, lp_logon_drive());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+	pdb_set_dir_drive(*new_sam_acct, str);
+
+	pstrcpy(str, lp_logon_script());
+	standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str);
+	pdb_set_logon_script(*new_sam_acct, str);
+	
+	sam_logon_in_ssb = False;
 	return True;
 }
 
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 45c983b1ca..85e91bc5ba 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -870,16 +870,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
   p += 33; /* Move to the first character of the line after
               the NT password. */
 
-  /*
-   * If both NT and lanman passwords are provided - reset password
-   * not required flag.
-   */
-
-  if(pwd->smb_passwd != NULL || pwd->smb_nt_passwd != NULL) {
-    /* Reqiure password in the future (should ACB_DISABLED also be reset?) */
-    pwd->acct_ctrl &= ~(ACB_PWNOTREQ);
-  }
-
   if (*p == '[') {
 
     i = 0;
@@ -898,15 +888,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
        */
       fstrcpy(encode_bits, pdb_encode_acct_ctrl(pwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN));
     } else {
-      /*
-       * If using the old format and the ACB_DISABLED or
-       * ACB_PWNOTREQ are set then set the lanman and NT passwords to NULL
-       * here as we have no space to encode the change.
-       */
-      if(pwd->acct_ctrl & (ACB_DISABLED|ACB_PWNOTREQ)) {
-        pwd->smb_passwd = NULL;
-        pwd->smb_nt_passwd = NULL;
-      }
+	    DEBUG(0,("mod_smbfilepwd_entry:  Using old smbpasswd format.  This is no longer supported.!\n"));
+	    DEBUG(0,("mod_smbfilepwd_entry:  No changes made, failing.!\n"));
+	    return False;
     }
 
     /* Go past the ']' */
@@ -969,8 +953,6 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
   /* Add on the account info bits and the time of last
      password change. */
 
-  pwd->pass_last_set_time = time(NULL);
-
   if(got_pass_last_set_time) {
     slprintf(&ascii_p16[strlen(ascii_p16)], 
 	     sizeof(ascii_p16)-(strlen(ascii_p16)+1),
@@ -1151,7 +1133,7 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
  We will not allocate any new memory.  The smb_passwd struct
  should only stay around as long as the SAM_ACCOUNT does.
  ********************************************************************/
-static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
+static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
 {
 	if (sampass == NULL) 
 		return False;
@@ -1167,13 +1149,23 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, SAM_ACCOUNT *sampass)
 	smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
 	smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
 
+	if (smb_pw->smb_userid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) {
+		DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+		return False;
+	}
+
+	if (pdb_get_gid(sampass) != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
+		DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
+		return False;
+	}
+
 	return True;
 }	
 
 /*********************************************************************
  Create a SAM_ACCOUNT from a smb_passwd struct
  ********************************************************************/
-static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
+static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw_buf)
 {
 	struct passwd *pwfile;
 	
@@ -1196,6 +1188,8 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
 	   --jerry */
 	pstrcpy(samlogon_user, pw_buf->smb_name);
 	
+	sam_logon_in_ssb = True;
+		
 	pdb_set_uid (sam_pass, pwfile->pw_uid);
 	pdb_set_gid (sam_pass, pwfile->pw_gid);
 	pdb_set_fullname(sam_pass, pwfile->pw_gecos);		
@@ -1225,27 +1219,29 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, struct smb_passwd *pw_buf)
 	if (samlogon_user[strlen(samlogon_user)-1] != '$')
 	{
 		pstring 	str;
-		gid_t 		gid = getegid();
 		
-	        sam_logon_in_ssb = True;
-
-	        pstrcpy(str, lp_logon_script());
-       		standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
-		pdb_set_logon_script(sam_pass, str);
-
-	        pstrcpy(str, lp_logon_path());
-       		standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+		pstrcpy(str, lp_logon_path());
+		standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
 		pdb_set_profile_path(sam_pass, str);
-
-	        pstrcpy(str, lp_logon_home());
-        	standard_sub_advanced(-1, pw_buf->smb_name, "", gid, str);
+		
+		pstrcpy(str, lp_logon_home());
+		standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
 		pdb_set_homedir(sam_pass, str);
- 		
-		sam_logon_in_ssb = False;
+		
+		pstrcpy(str, lp_logon_drive());
+		standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+		pdb_set_dir_drive(sam_pass, str);
+		
+		pstrcpy(str, lp_logon_script());
+		standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str);
+		pdb_set_logon_script(sam_pass, str);
+		
 	} else {
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
 		pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); 
 	}
+
+	sam_logon_in_ssb = False;
 	
 	return True;
 }
@@ -1481,21 +1477,24 @@ BOOL pdb_getsampwrid(SAM_ACCOUNT *sam_acct,uint32 rid)
 	return True;
 }
 
-BOOL pdb_add_sam_account(SAM_ACCOUNT *sampass)
+BOOL pdb_add_sam_account(const SAM_ACCOUNT *sampass)
 {
 	struct smb_passwd smb_pw;
 	
 	/* convert the SAM_ACCOUNT */
-	build_smb_pass(&smb_pw, sampass);
+	if (!build_smb_pass(&smb_pw, sampass)) {
+		return False;
+	}
 	
 	/* add the entry */
-	if(!add_smbfilepwd_entry(&smb_pw))
+	if(!add_smbfilepwd_entry(&smb_pw)) {
 		return False;
-	
+	}
+
 	return True;
 }
 
-BOOL pdb_update_sam_account(SAM_ACCOUNT *sampass, BOOL override)
+BOOL pdb_update_sam_account(const SAM_ACCOUNT *sampass, BOOL override)
 {
 	struct smb_passwd smb_pw;
 	
@@ -1518,3 +1517,4 @@ BOOL pdb_delete_sam_account (char* username)
  /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
  void smbpass_dummy_function(void) { } /* stop some compilers complaining */
 #endif /* WTH_SMBPASSWD_SAM*/
+
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 43eefa5c7a..95f66fc671 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -466,10 +466,6 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
 	pdb_set_uid (user, uid);
 	pdb_set_gid (user, gid);
 
-	standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
-	standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
-	standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
-
 	/* increment to next in line */
 	global_tdb_ent.key = tdb_nextkey (global_tdb_ent.passwd_tdb, global_tdb_ent.key);
 
@@ -545,13 +541,6 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, char *sname)
 	pdb_set_uid (user, uid);
 	pdb_set_gid (user, gid);
 	
-	/* 21 days from present */
-	pdb_set_pass_must_change_time(user, time(NULL)+1814400);	
-	
-	standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_logon_script(user));
-	standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_profile_path(user));
-	standard_sub_advanced(-1, pdb_get_username(user), "", gid, pdb_get_homedir(user));
-
 	/* cleanup */
 	tdb_close (pwd_tdb);
 
@@ -720,7 +709,7 @@ BOOL pdb_delete_sam_account(char *sname)
  Update the TDB SAM
 ****************************************************************************/
 
-static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag)
+static BOOL tdb_update_sam(const SAM_ACCOUNT* newpwd, BOOL override, int flag)
 {
 	TDB_CONTEXT 	*pwd_tdb = NULL;
 	TDB_DATA 	key, data;
@@ -733,15 +722,15 @@ static BOOL tdb_update_sam(SAM_ACCOUNT* newpwd, BOOL override, int flag)
 	get_private_directory(tdbfile);
 	pstrcat (tdbfile, PASSDB_FILE_NAME);
 	
-	if ( (!newpwd->uid) || (!newpwd->gid) )
+	if ( (!pdb_get_uid(newpwd)) || (!pdb_get_gid(newpwd)) )
 		DEBUG (0,("tdb_update_sam: Storing a SAM_ACCOUNT for [%s] with uid %d and gid %d!\n",
-			newpwd->username, newpwd->uid, newpwd->gid));
+			pdb_get_username(newpwd), pdb_get_uid(newpwd), pdb_get_gid(newpwd)));
 				
-	/* if we don't have a RID, then generate one */
-	if (!newpwd->user_rid)
-		pdb_set_user_rid (newpwd, pdb_uid_to_user_rid (newpwd->uid));
-	if (!newpwd->group_rid)
-		pdb_set_group_rid (newpwd, pdb_gid_to_group_rid (newpwd->gid));
+	/* if we don't have a RID, then FAIL */
+	if (!pdb_get_user_rid(newpwd))
+		DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
+	if (!pdb_get_group_rid(newpwd))
+		DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
 
 	/* copy the SAM_ACCOUNT struct into a BYTE buffer for storage */
 	if ((data.dsize=init_buffer_from_sam (&buf, newpwd)) == -1) {