And finally IDMAP in 3_0

We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)

8 files changed, 202 insertions, 159 deletions

diff --git a/source3/include/auth.h b/source3/include/auth.h
index 626b9f3ba0..eb80e3c5b4 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -75,6 +75,9 @@ typedef struct auth_usersupplied_info
 typedef struct auth_serversupplied_info 
 {
 	BOOL guest;
+
+	uid_t uid;
+	gid_t gid;
 	
 	/* This groups info is needed for when we become_user() for this uid */
 	int n_groups;
diff --git a/source3/include/debug.h b/source3/include/debug.h
index d4f45539f4..70f9f7706d 100644
--- a/source3/include/debug.h
+++ b/source3/include/debug.h
@@ -88,6 +88,7 @@ extern int DEBUGLEVEL;
 #define DBGC_AUTH		10
 #define DBGC_WINBIND		11
 #define DBGC_VFS		12
+#define DBGC_IDMAP		13
 
 /* So you can define DBGC_CLASS before including debug.h */
 #ifndef DBGC_CLASS
diff --git a/source3/include/idmap.h b/source3/include/idmap.h
index 47114f5469..5d8e31a163 100644
--- a/source3/include/idmap.h
+++ b/source3/include/idmap.h
@@ -32,21 +32,15 @@
 #define ID_NOMAP	0x10
 #define ID_CACHE	0x20
 
-typedef union unid_t {
-	uid_t uid;
-	gid_t gid;
-} unid_t;
-
-struct DOM_SID;
 /* Filled out by IDMAP backends */
 struct idmap_methods {
 
 	/* Called when backend is first loaded */
 	NTSTATUS (*init)(void);
 
-	NTSTATUS (*get_sid_from_id)(struct DOM_SID *sid, unid_t id, int id_type);
-	NTSTATUS (*get_id_from_sid)(unid_t *id, int *id_type, const struct DOM_SID *sid);
-	NTSTATUS (*set_mapping)(const struct DOM_SID *sid, unid_t id, int id_type);
+	NTSTATUS (*get_sid_from_id)(DOM_SID *sid, unid_t id, int id_type);
+	NTSTATUS (*get_id_from_sid)(unid_t *id, int *id_type, const DOM_SID *sid);
+	NTSTATUS (*set_mapping)(const DOM_SID *sid, unid_t id, int id_type);
 
 	/* Called when backend is unloaded */
 	NTSTATUS (*close)(void);
diff --git a/source3/include/includes.h b/source3/include/includes.h
index c1b84c1d35..8de1395aca 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -767,23 +767,35 @@ extern int errno;
 #include "debugparse.h"
 
 #include "version.h"
-#include "idmap.h"
+
 #include "smb.h"
-#include "smbw.h"
+
 #include "nameserv.h"
 
 #include "secrets.h"
 
 #include "byteorder.h"
 
+#include "privileges.h"
+
+#include "rpc_creds.h"
+
+#include "mapping.h"
+
+#include "passdb.h"
+
 #include "ntdomain.h"
 
+#include "rpc_misc.h"
+
+#include "rpc_secdes.h"
+
+#include "nt_printing.h"
+
 #include "msdfs.h"
 
 #include "smbprofile.h"
 
-#include "mapping.h"
-
 #include "rap.h"
 
 #include "md5.h"
@@ -793,7 +805,11 @@ extern int errno;
 
 #include "auth.h"
 
-#include "passdb.h"
+#include "idmap.h"
+
+#include "client.h"
+
+#include "smbw.h"
 
 #include "session.h"
 
@@ -851,6 +867,8 @@ struct functable {
 
 struct printjob;
 
+struct smb_ldap_privates;
+
 /***** automatically generated prototypes *****/
 #ifndef NO_PROTO_H
 #include "proto.h"
@@ -898,7 +916,7 @@ struct printjob;
 #define MAP_FILE 0
 #endif
 
-#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP))
+#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP) && !defined(WITH_TDB_SAM))
 #define USE_SMBPASS_DB 1
 #endif
 
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 06409aa34e..e14e250d34 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -3,6 +3,8 @@
    passdb structures and parameters
    Copyright (C) Gerald Carter 2001
    Copyright (C) Luke Kenneth Casson Leighton 1998 - 2000
+   Copyright (C) Andrew Bartlett 2002
+   Copyright (C) Simo Sorce 2003
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -23,6 +25,149 @@
 #define _PASSDB_H
 
 
+/*
+ * bit flags representing initialized fields in SAM_ACCOUNT
+ */
+enum pdb_elements {
+	PDB_UNINIT,
+	PDB_SMBHOME,
+	PDB_PROFILE,
+	PDB_DRIVE,
+	PDB_LOGONSCRIPT,
+	PDB_LOGONTIME,
+	PDB_LOGOFFTIME,
+	PDB_KICKOFFTIME,
+	PDB_CANCHANGETIME,
+	PDB_MUSTCHANGETIME,
+	PDB_PLAINTEXT_PW,
+	PDB_USERNAME,
+	PDB_FULLNAME,
+	PDB_DOMAIN,
+	PDB_NTUSERNAME,
+	PDB_HOURSLEN,
+	PDB_LOGONDIVS,
+	PDB_USERSID,
+	PDB_GROUPSID,
+	PDB_ACCTCTRL,
+	PDB_PASSLASTSET,
+	PDB_UNIXHOMEDIR,
+	PDB_ACCTDESC,
+	PDB_WORKSTATIONS,
+	PDB_UNKNOWNSTR,
+	PDB_MUNGEDDIAL,
+	PDB_HOURS,
+	PDB_UNKNOWN3,
+	PDB_UNKNOWN5,
+	PDB_UNKNOWN6,
+	PDB_LMPASSWD,
+	PDB_NTPASSWD,
+
+	/* this must be the last element */
+	PDB_COUNT
+};
+
+enum pdb_group_elements {
+	PDB_GROUP_NAME,
+	PDB_GROUP_SID,
+	PDB_GROUP_SID_NAME_USE,
+	PDB_GROUP_MEMBERS,
+
+	/* this must be the last element */
+	PDB_GROUP_COUNT
+};
+
+
+enum pdb_value_state {
+	PDB_DEFAULT=0,
+	PDB_SET,
+	PDB_CHANGED
+};
+
+#define IS_SAM_SET(x, flag)	(pdb_get_init_flags(x, flag) == PDB_SET)
+#define IS_SAM_CHANGED(x, flag)	(pdb_get_init_flags(x, flag) == PDB_CHANGED)
+#define IS_SAM_DEFAULT(x, flag)	(pdb_get_init_flags(x, flag) == PDB_DEFAULT)
+		
+typedef struct sam_passwd
+{
+	TALLOC_CTX *mem_ctx;
+	
+	void (*free_fn)(struct sam_passwd **);
+
+	struct pdb_methods *methods;
+
+	struct user_data {
+		/* initiailization flags */
+		struct bitmap *change_flags;
+		struct bitmap *set_flags;
+
+		time_t logon_time;            /* logon time */
+		time_t logoff_time;           /* logoff time */
+		time_t kickoff_time;          /* kickoff time */
+		time_t pass_last_set_time;    /* password last set time */
+		time_t pass_can_change_time;  /* password can change time */
+		time_t pass_must_change_time; /* password must change time */
+		
+		const char * username;     /* UNIX username string */
+		const char * domain;       /* Windows Domain name */
+		const char * nt_username;  /* Windows username string */
+		const char * full_name;    /* user's full name string */
+		const char * unix_home_dir;     /* UNIX home directory string */
+		const char * home_dir;     /* home directory string */
+		const char * dir_drive;    /* home directory drive string */
+		const char * logon_script; /* logon script string */
+		const char * profile_path; /* profile path string */
+		const char * acct_desc  ;  /* user description string */
+		const char * workstations; /* login from workstations string */
+		const char * unknown_str ; /* don't know what this is, yet. */
+		const char * munged_dial ; /* munged path name and dial-back tel number */
+		
+		DOM_SID user_sid;    /* Primary User SID */
+		DOM_SID group_sid;   /* Primary Group SID */
+		
+		DATA_BLOB lm_pw; /* .data is Null if no password */
+		DATA_BLOB nt_pw; /* .data is Null if no password */
+		char* plaintext_pw; /* is Null if not available */
+		
+		uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+		uint32 unknown_3; /* 0x00ff ffff */
+		
+		uint16 logon_divs; /* 168 - number of hours in a week */
+		uint32 hours_len; /* normally 21 bytes */
+		uint8 hours[MAX_HOURS_LEN];
+		
+		uint32 unknown_5; /* 0x0002 0000 */
+		uint32 unknown_6; /* 0x0000 04ec */
+	} private;
+
+	/* Lets see if the remaining code can get the hint that you
+	   are meant to use the pdb_...() functions. */
+	
+} SAM_ACCOUNT;
+
+typedef struct sam_group {
+	TALLOC_CTX *mem_ctx;
+	
+	void (*free_fn)(struct sam_group **);
+
+	struct pdb_methods *methods;
+
+	struct group_data {
+		/* initiailization flags */
+		struct bitmap *change_flags;
+		struct bitmap *set_flags;
+
+		const char *name;		/* Windows group name string */
+
+		DOM_SID sid;			/* Group SID */
+		enum SID_NAME_USE sid_name_use;	/* Group type */
+
+		uint32 mem_num;			/* Number of member SIDs */
+		DOM_SID *members;		/* SID array */
+	} private;
+
+} SAM_GROUP;
+
+
 /*****************************************************************
  Functions to be implemented by the new (v2) passdb API 
 ****************************************************************/
@@ -51,7 +196,7 @@ typedef struct pdb_context
 	NTSTATUS (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username);
 	
 	NTSTATUS (*pdb_getsampwsid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid);
-	
+
 	NTSTATUS (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
 	
 	NTSTATUS (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass);
@@ -104,7 +249,7 @@ typedef struct pdb_methods
 	
 	NTSTATUS (*getsampwnam)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const char *username);
 	
-	NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *Sid);
+	NTSTATUS (*getsampwsid)(struct pdb_methods *, SAM_ACCOUNT *sam_acct, const DOM_SID *sid);
 	
 	NTSTATUS (*add_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
 	
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index 33dde6e3cb..135fd76d6c 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -647,26 +647,6 @@ typedef struct lsa_q_enumprivsaccount
 	POLICY_HND pol; /* policy handle */
 } LSA_Q_ENUMPRIVSACCOUNT;
 
-
-typedef struct LUID
-{
-	uint32 low;
-	uint32 high;
-} LUID;
-
-typedef struct LUID_ATTR
-{
-	LUID luid;
-	uint32 attr;
-} LUID_ATTR ;
-
-typedef struct privilege_set
-{
-	uint32 count;
-	uint32 control;
-	LUID_ATTR *set;
-} PRIVILEGE_SET;
-
 typedef struct lsa_r_enumprivsaccount
 {
 	uint32 ptr;
diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h
index d04a84d508..a0572a0bfd 100644
--- a/source3/include/rpc_misc.h
+++ b/source3/include/rpc_misc.h
@@ -227,6 +227,22 @@ typedef struct
 	UNISTR2_ARRAY_EL *strings;
 } UNISTR2_ARRAY;
 
+
+/* an element in a sid array */
+typedef struct
+{
+	uint32 ref_id;
+	DOM_SID2 sid;
+} SID_ARRAY_EL;
+
+/* an array of sids */
+typedef struct 
+{
+	uint32 ref_id;
+	uint32 count;
+	SID_ARRAY_EL *sids;
+} SID_ARRAY;
+
 /* DOM_RID2 - domain RID structure for ntlsa pipe */
 typedef struct domrid2_info
 {
diff --git a/source3/include/smb.h b/source3/include/smb.h
index bba5d5cd52..4dacf79a13 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -155,6 +155,11 @@ typedef int BOOL;
 
 #include "doserr.h"
 
+typedef union unid_t {
+	uid_t uid;
+	gid_t gid;
+} unid_t;
+
 /*
  * SMB UCS2 (16-bit unicode) internal type.
  */
@@ -260,7 +265,7 @@ enum SID_NAME_USE
  *
  * @sa http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/accctrl_38yn.asp
  **/
-typedef struct DOM_SID
+typedef struct sid_info
 {
   uint8  sid_rev_num;             /**< SID revision number */
   uint8  num_auths;               /**< Number of sub-authorities */
@@ -582,122 +587,6 @@ typedef struct {
 #define LM_HASH_LEN 16
 
 /*
- * bit flags representing initialized fields in SAM_ACCOUNT
- */
-enum pdb_elements {
-	PDB_UNINIT,
-	PDB_UID,
-	PDB_GID,
-	PDB_SMBHOME,
-	PDB_PROFILE,
-	PDB_DRIVE,
-	PDB_LOGONSCRIPT,
-	PDB_LOGONTIME,
-	PDB_LOGOFFTIME,
-	PDB_KICKOFFTIME,
-	PDB_CANCHANGETIME,
-	PDB_MUSTCHANGETIME,
-	PDB_PLAINTEXT_PW,
-	PDB_USERNAME,
-	PDB_FULLNAME,
-	PDB_DOMAIN,
-	PDB_NTUSERNAME,
-	PDB_HOURSLEN,
-	PDB_LOGONDIVS,
-	PDB_USERSID,
-	PDB_GROUPSID,
-	PDB_ACCTCTRL,
-	PDB_PASSLASTSET,
-	PDB_UNIXHOMEDIR,
-	PDB_ACCTDESC,
-	PDB_WORKSTATIONS,
-	PDB_UNKNOWNSTR,
-	PDB_MUNGEDDIAL,
-	PDB_HOURS,
-	PDB_UNKNOWN3,
-	PDB_UNKNOWN5,
-	PDB_UNKNOWN6,
-	PDB_LMPASSWD,
-	PDB_NTPASSWD,
-
-	/* this must be the last element */
-	PDB_COUNT
-};
-
-enum pdb_value_state {
-	PDB_DEFAULT=0,
-	PDB_SET,
-	PDB_CHANGED
-};
-
-#define IS_SAM_UNIX_USER(x) \
-	(( pdb_get_init_flags(x, PDB_UID) != PDB_DEFAULT ) \
-	 && ( pdb_get_init_flags(x,PDB_GID) != PDB_DEFAULT ))
-
-#define IS_SAM_SET(x, flag)	(pdb_get_init_flags(x, flag) == PDB_SET)
-#define IS_SAM_CHANGED(x, flag)	(pdb_get_init_flags(x, flag) == PDB_CHANGED)
-#define IS_SAM_DEFAULT(x, flag)	(pdb_get_init_flags(x, flag) == PDB_DEFAULT)
-		
-typedef struct sam_passwd
-{
-	TALLOC_CTX *mem_ctx;
-	
-	void (*free_fn)(struct sam_passwd **);
-
-	struct pdb_methods *methods;
-
-	struct user_data {
-		/* initiailization flags */
-		struct bitmap *change_flags;
-		struct bitmap *set_flags;
-
-		time_t logon_time;            /* logon time */
-		time_t logoff_time;           /* logoff time */
-		time_t kickoff_time;          /* kickoff time */
-		time_t pass_last_set_time;    /* password last set time */
-		time_t pass_can_change_time;  /* password can change time */
-		time_t pass_must_change_time; /* password must change time */
-		
-		const char * username;     /* UNIX username string */
-		const char * domain;       /* Windows Domain name */
-		const char * nt_username;  /* Windows username string */
-		const char * full_name;    /* user's full name string */
-		const char * unix_home_dir;     /* UNIX home directory string */
-		const char * home_dir;     /* home directory string */
-		const char * dir_drive;    /* home directory drive string */
-		const char * logon_script; /* logon script string */
-		const char * profile_path; /* profile path string */
-		const char * acct_desc  ;  /* user description string */
-		const char * workstations; /* login from workstations string */
-		const char * unknown_str ; /* don't know what this is, yet. */
-		const char * munged_dial ; /* munged path name and dial-back tel number */
-		
-		uid_t uid;          /* this is a unix uid_t */
-		gid_t gid;          /* this is a unix gid_t */
-		DOM_SID user_sid;    /* Primary User SID */
-		DOM_SID group_sid;   /* Primary Group SID */
-		
-		DATA_BLOB lm_pw; /* .data is Null if no password */
-		DATA_BLOB nt_pw; /* .data is Null if no password */
-		char* plaintext_pw; /* is Null if not available */
-		
-		uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
-		uint32 unknown_3; /* 0x00ff ffff */
-		
-		uint16 logon_divs; /* 168 - number of hours in a week */
-		uint32 hours_len; /* normally 21 bytes */
-		uint8 hours[MAX_HOURS_LEN];
-		
-		uint32 unknown_5; /* 0x0002 0000 */
-		uint32 unknown_6; /* 0x0000 04ec */
-	} private;
-
-	/* Lets see if the remaining code can get the hint that you
-	   are meant to use the pdb_...() functions. */
-	
-} SAM_ACCOUNT;
-
-/*
  * Flags for account policy.
  */
 #define AP_MIN_PASSWORD_LEN 		1
@@ -1628,11 +1517,6 @@ struct pwd_info
 	uchar sess_key[16];
 };
 
-#include "rpc_creds.h"
-#include "rpc_misc.h"
-#include "rpc_secdes.h"
-#include "nt_printing.h"
-
 typedef struct user_struct
 {
 	struct user_struct *next, *prev;
@@ -1672,9 +1556,11 @@ struct unix_error_map {
 	NTSTATUS nt_error;
 };
 
+/*
 #include "ntdomain.h"
 
 #include "client.h"
+*/
 
 /*
  * Size of new password account encoding string.  This is enough space to