- lib/unix_sec_ctxt.c

	attempt at taking lib/uid.c and getting a unix security context
	change module that is independent of "cnums" and "snums".
	a security context is needed for pipes, not just IPC$ or other
	services.

- group database API

	added add_group/alias_member, del_group/alias_member,
	del_group/alias_entry functions.  del_builtin_entry() is
	deliberately set to NULL to cause an exception, you cannot
	delete builtin aliases.

- parse_lsa.c srv_lsa.c

	fixed lookup_names code, it was a load of trash and didn't do
	anything.

- cmd_samr.c rpcclient.c srv_samr.c

	added "deletegroup", "deletealias", "delaliasmem", "delgroupmem",
	"addgroupmem", "addaliasmem", "createalias", "creategroup", to
	both client and server code.

	server code calls into unix stubs right now, which don't actually
	do anything.  the only instance where they are expected to do
	anything is in appliance mode NOT even in the ldap code or anything.

	client code modified to call samr_lookup_names() for group code
	(because we can) and lsa_lookup_names() for alias code (because
	we have to).

- srv_lookup.c

	oops, lookup on unsplit name, we got lookup on DOMAIN, DOMAIN\name
	instead of DOMAIN, name.
(This used to be commit b8175702ef61b8b37b078f38e81452c00a5e2986)

8 files changed, 189 insertions, 31 deletions

diff --git a/source3/groupdb/aliasdb.c b/source3/groupdb/aliasdb.c
index 011eee0f3d..b787012b4d 100644
--- a/source3/groupdb/aliasdb.c
+++ b/source3/groupdb/aliasdb.c
@@ -348,11 +348,25 @@ LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem)
 
 /************************************************************************
  Routine to add an entry to the alias database file.
+ on entry, the entry is added by name.
+ on exit, the RID is expected to have been set.
 *************************************************************************/
-
-BOOL add_alias_entry(LOCAL_GRP *newals)
+BOOL add_alias_entry(LOCAL_GRP *newgrp)
+{
+	BOOL ret;
+	if (newgrp->rid != 0xffffffff)
 {
- 	return aldb_ops->add_alias_entry(newals);
+		DEBUG(0,("add_alias_entry - RID must be 0xffffffff, \
+database instance is responsible for allocating the RID, not you.\n"));
+		return False;
+	}
+ 	ret = aldb_ops->add_alias_entry(newgrp);
+	if (newgrp->rid == 0xffffffff)
+	{
+		DEBUG(0,("add_alias_entry - RID has not been set by database\n"));
+		return False;
+	}
+	return ret;
 }
 
 /************************************************************************
@@ -366,6 +380,29 @@ BOOL mod_alias_entry(LOCAL_GRP* als)
 }
 
 /************************************************************************
+ Routine to delete alias database entry matching by rid.
+************************************************************************/
+BOOL del_alias_entry(uint32 rid)
+{
+ 	return aldb_ops->del_alias_entry(rid);
+}
+
+/************************************************************************
+ Routine to add a member to an entry in the alias database file.
+*************************************************************************/
+BOOL add_alias_member(uint32 rid, DOM_SID *member_sid)
+{
+ 	return aldb_ops->add_alias_member(rid, member_sid);
+}
+
+/************************************************************************
+ Routine to delete a member from an entry in the alias database file.
+*************************************************************************/
+BOOL del_alias_member(uint32 rid, DOM_SID *member_sid)
+{
+ 	return aldb_ops->del_alias_member(rid, member_sid);
+}
+/************************************************************************
  Routine to search alias database by name.
 *************************************************************************/
 
diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c
index 4ae2c25b94..00638f9411 100644
--- a/source3/groupdb/aliasfile.c
+++ b/source3/groupdb/aliasfile.c
@@ -235,11 +235,7 @@ static BOOL add_alsfileals_entry(LOCAL_GRP *newals)
 
 /************************************************************************
  Routine to search the aliasdb file for an entry matching the aliasname.
- and then modify its alias entry. We can't use the startalspwent()/
- getalspwent()/endalspwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out alias or NO PASS
+ and then modify its alias entry. 
 ************************************************************************/
 
 static BOOL mod_alsfileals_entry(LOCAL_GRP* als)
diff --git a/source3/groupdb/aliasunix.c b/source3/groupdb/aliasunix.c
index f9b93bbce4..f9537ddeb4 100644
--- a/source3/groupdb/aliasunix.c
+++ b/source3/groupdb/aliasunix.c
@@ -224,11 +224,7 @@ static BOOL add_alsunixgrp_entry(LOCAL_GRP *newals)
 
 /************************************************************************
  Routine to search the alspasswd file for an entry matching the aliasname.
- and then modify its alias entry. We can't use the startalspwent()/
- getalspwent()/endalspwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out alias or NO PASS
+ and then modify its alias entry. 
 ************************************************************************/
 
 static BOOL mod_alsunixgrp_entry(LOCAL_GRP* als)
@@ -237,6 +233,35 @@ static BOOL mod_alsunixgrp_entry(LOCAL_GRP* als)
 	return False;
 }
 
+/************************************************************************
+ Routine to search the grppasswd file for an entry matching the rid.
+ and then delete it.
+************************************************************************/
+
+static BOOL del_alsunixgrp_entry(uint32 rid)
+{
+	DEBUG(0, ("del_alsunixgrp_entry: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+/************************************************************************
+ Routine to add a member to an entry to the grppasswd file.
+*************************************************************************/
+static BOOL add_alsunixgrp_member(uint32 rid, DOM_SID *member_sid)
+{
+	DEBUG(0, ("add_alsunixgrp_member: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+/************************************************************************
+ Routine to delete a member from an entry to the grppasswd file.
+*************************************************************************/
+static BOOL del_alsunixgrp_member(uint32 rid, DOM_SID *member_sid)
+{
+	DEBUG(0, ("del_alsunixgrp_member: NOT IMPLEMENTED\n"));
+	return False;
+}
+
 
 static struct aliasdb_ops unix_ops =
 {
@@ -252,6 +277,10 @@ static struct aliasdb_ops unix_ops =
 
 	add_alsunixgrp_entry,
 	mod_alsunixgrp_entry,
+	del_alsunixgrp_entry,
+
+	add_alsunixgrp_member,
+	del_alsunixgrp_member,
 
 	iterate_getuseraliasntnam      /* in aliasdb.c */
 };
diff --git a/source3/groupdb/builtindb.c b/source3/groupdb/builtindb.c
index a840c396f9..3b09b6225d 100644
--- a/source3/groupdb/builtindb.c
+++ b/source3/groupdb/builtindb.c
@@ -366,6 +366,22 @@ BOOL mod_builtin_entry(LOCAL_GRP* blt)
 }
 
 /************************************************************************
+ Routine to add a member to an entry in the builtin database file.
+*************************************************************************/
+BOOL add_builtin_member(uint32 rid, DOM_SID *member_sid)
+{
+ 	return bidb_ops->add_alias_member(rid, member_sid);
+}
+
+/************************************************************************
+ Routine to delete a member from an entry in the builtindatabase file.
+*************************************************************************/
+BOOL del_builtin_member(uint32 rid, DOM_SID *member_sid)
+{
+ 	return bidb_ops->del_alias_member(rid, member_sid);
+}
+
+/************************************************************************
  Routine to search builtin database by name.
 *************************************************************************/
 
diff --git a/source3/groupdb/builtinunix.c b/source3/groupdb/builtinunix.c
index 3fa28b63ae..c8ea767a77 100644
--- a/source3/groupdb/builtinunix.c
+++ b/source3/groupdb/builtinunix.c
@@ -225,11 +225,7 @@ static BOOL add_bltunixgrp_entry(LOCAL_GRP *newblt)
 
 /************************************************************************
  Routine to search the bltpasswd file for an entry matching the builtinname.
- and then modify its builtin entry. We can't use the startbltpwent()/
- getbltpwent()/endbltpwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out builtin or NO PASS
+ and then modify its builtin entry. 
 ************************************************************************/
 
 static BOOL mod_bltunixgrp_entry(LOCAL_GRP* blt)
@@ -238,6 +234,23 @@ static BOOL mod_bltunixgrp_entry(LOCAL_GRP* blt)
 	return False;
 }
 
+/************************************************************************
+ Routine to add a member to an entry to the bltpasswd file.
+*************************************************************************/
+static BOOL add_bltunixgrp_member(uint32 rid, DOM_SID *member_sid)
+{
+	DEBUG(0, ("add_bltunixgrp_member: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+/************************************************************************
+ Routine to delete a member from an entry to the bltpasswd file.
+*************************************************************************/
+static BOOL del_bltunixgrp_member(uint32 rid, DOM_SID *member_sid)
+{
+	DEBUG(0, ("del_bltunixgrp_member: NOT IMPLEMENTED\n"));
+	return False;
+}
 
 static struct aliasdb_ops unix_ops =
 {
@@ -253,6 +266,10 @@ static struct aliasdb_ops unix_ops =
 
 	add_bltunixgrp_entry,
 	mod_bltunixgrp_entry,
+	NULL, /* deliberately NULL: you can't delete builtin aliases */
+
+	add_bltunixgrp_member,
+	del_bltunixgrp_member,
 
 	iterate_getuserbuiltinntnam      /* in builtindb.c */
 };
diff --git a/source3/groupdb/groupdb.c b/source3/groupdb/groupdb.c
index 6bd6c34442..ed09560b3a 100644
--- a/source3/groupdb/groupdb.c
+++ b/source3/groupdb/groupdb.c
@@ -343,15 +343,38 @@ DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem)
 
 /************************************************************************
  Routine to add an entry to the group database file.
+ on entry, the entry is added by name.
+ on exit, the RID is expected to have been set.
 *************************************************************************/
 
 BOOL add_group_entry(DOMAIN_GRP *newgrp)
 {
- 	return gpdb_ops->add_group_entry(newgrp);
+	BOOL ret;
+	if (newgrp->rid != 0xffffffff)
+	{
+		DEBUG(0,("add_group_entry - RID must be 0xffffffff, \
+database instance is responsible for allocating the RID, not you.\n"));
+		return False;
+	}
+ 	ret = gpdb_ops->add_group_entry(newgrp);
+	if (newgrp->rid == 0xffffffff)
+	{
+		DEBUG(0,("add_group_entry - RID has not been set by database\n"));
+		return False;
+	}
+	return ret;
+}
+
+/************************************************************************
+ Routine to delete group database entry matching by rid.
+************************************************************************/
+BOOL del_group_entry(uint32 rid)
+{
+ 	return gpdb_ops->del_group_entry(rid);
 }
 
 /************************************************************************
- Routine to search the group database file for an entry matching the groupname.
+ Routine to search group database file for entry matching by rid or groupname.
  and then replace the entry.
 ************************************************************************/
 
@@ -361,6 +384,22 @@ BOOL mod_group_entry(DOMAIN_GRP* grp)
 }
 
 /************************************************************************
+ Routine to add a member to an entry in the group database file.
+*************************************************************************/
+BOOL add_group_member(uint32 rid, uint32 member_rid)
+{
+ 	return gpdb_ops->add_group_member(rid, member_rid);
+}
+
+/************************************************************************
+ Routine to delete a member from an entry in the group database file.
+*************************************************************************/
+BOOL del_group_member(uint32 rid, uint32 member_rid)
+{
+ 	return gpdb_ops->del_group_member(rid, member_rid);
+}
+
+/************************************************************************
  Routine to search group database by name.
 *************************************************************************/
 
diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c
index e20ba6434c..0e10b801d8 100644
--- a/source3/groupdb/groupfile.c
+++ b/source3/groupdb/groupfile.c
@@ -237,11 +237,7 @@ static BOOL add_grpfilegrp_entry(DOMAIN_GRP *newgrp)
 
 /************************************************************************
  Routine to search the grppasswd file for an entry matching the groupname.
- and then modify its group entry. We can't use the startgrppwent()/
- getgrppwent()/endgrppwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out group or NO PASS
+ and then modify its group entry. 
 ************************************************************************/
 
 static BOOL mod_grpfilegrp_entry(DOMAIN_GRP* grp)
diff --git a/source3/groupdb/groupunix.c b/source3/groupdb/groupunix.c
index 154e23338d..35f386cbf8 100644
--- a/source3/groupdb/groupunix.c
+++ b/source3/groupdb/groupunix.c
@@ -224,12 +224,8 @@ static BOOL add_grpunixgrp_entry(DOMAIN_GRP *newgrp)
 }
 
 /************************************************************************
- Routine to search the grppasswd file for an entry matching the groupname.
- and then modify its group entry. We can't use the startgrppwent()/
- getgrppwent()/endgrppwent() interfaces here as we depend on looking
- in the actual file to decide how much room we have to write data.
- override = False, normal
- override = True, override XXXXXXXX'd out group or NO PASS
+ Routine to search database for entry matching the groupname and/or rid.
+ and then modify its group entry. 
 ************************************************************************/
 
 static BOOL mod_grpunixgrp_entry(DOMAIN_GRP* grp)
@@ -238,6 +234,34 @@ static BOOL mod_grpunixgrp_entry(DOMAIN_GRP* grp)
 	return False;
 }
 
+/************************************************************************
+ Routine to search the grppasswd file for an entry matching the rid.
+ and then delete it.
+************************************************************************/
+
+static BOOL del_grpunixgrp_entry(uint32 rid)
+{
+	DEBUG(0, ("del_grpunixgrp_entry: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+/************************************************************************
+ Routine to add a member to an entry to the grppasswd file.
+*************************************************************************/
+static BOOL add_grpunixgrp_member(uint32 rid, uint32 member_rid)
+{
+	DEBUG(0, ("add_grpunixgrp_member: NOT IMPLEMENTED\n"));
+	return False;
+}
+
+/************************************************************************
+ Routine to delete a member from an entry to the grppasswd file.
+*************************************************************************/
+static BOOL del_grpunixgrp_member(uint32 rid, uint32 member_rid)
+{
+	DEBUG(0, ("del_grpunixgrp_member: NOT IMPLEMENTED\n"));
+	return False;
+}
 
 static struct groupdb_ops unix_ops =
 {
@@ -253,6 +277,10 @@ static struct groupdb_ops unix_ops =
 
 	add_grpunixgrp_entry,
 	mod_grpunixgrp_entry,
+	del_grpunixgrp_entry,
+
+	add_grpunixgrp_member,
+	del_grpunixgrp_member,
 
 	iterate_getusergroupsnam      /* in groupdb.c */
 };