diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-22 12:01:05 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-22 12:01:05 +0000 |
commit | 3e19eda335057ec47483c8567395b43d316485db (patch) | |
tree | ae3b8f3197c156998cfe7e5fccec5d3719650a57 /source3/passdb/pdb_smbpasswd.c | |
parent | ab43a25b2893506d5de305626dfbbf98966f1f78 (diff) | |
download | samba-3e19eda335057ec47483c8567395b43d316485db.tar.gz samba-3e19eda335057ec47483c8567395b43d316485db.tar.bz2 samba-3e19eda335057ec47483c8567395b43d316485db.zip |
Remove 'unixsam' from the default passdb backends.
The intention is to remove the muliple passdb backends, but we need the
'guest' account to always be there. If the admin adds the guest account to
(say) LDAP, there will only be one backend required for operation.
This helps remove some nasty behaviours with adding accounts to the system
for both the RPC 'create user' and the SAMSYNC code. Users 'added' with
an 'add user/machine' script won't magicly appear, and machine accounts
'pre-added' to unix, but not the smbpasswd file will not cause mayhem.
This commit also implements somthing tridge discussed with me, the concept
of 'default' passdb operation pointers - so that each backend does not
need it's own stub funcitons wrapping the default tdb privilages/group
mapping code.
This also removes an implicit 'sid->name' and 'name->sid' mapping from our
own local SID space, to winbind usernames. When adding mapping for NIS/LDAP
non-sam users in future, we need to be careful.
Andrew Bartlett
(This used to be commit 6f32fa234961a525760a05418a08ec48d22d7617)
Diffstat (limited to 'source3/passdb/pdb_smbpasswd.c')
-rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 85 |
1 files changed, 15 insertions, 70 deletions
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 5fd6a828bf..b5a2bbbfe7 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1222,7 +1222,6 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state, return False; } } else { - if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile))) { return False; } @@ -1380,14 +1379,19 @@ static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods, return NT_STATUS_OK; } -static NTSTATUS smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct,uint32 rid) +static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT *sam_acct, const DOM_SID *sid) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; struct smb_passwd *smb_pw; void *fp = NULL; + fstring sid_str; + uint32 rid; + + DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n", sid_to_string(sid_str, sid))); - DEBUG(10, ("smbpasswd_getsampwrid: search by rid: %d\n", rid)); + if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) + return NT_STATUS_UNSUCCESSFUL; /* More special case 'guest account' hacks... */ if (rid == DOMAIN_USER_RID_GUEST) { @@ -1431,18 +1435,18 @@ static NTSTATUS smbpasswd_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUN if (!build_sam_account (smbpasswd_state, sam_acct, smb_pw)) return nt_status; + /* build_sam_account might change the SID on us, if the name was for the guest account */ + if (NT_STATUS_IS_OK(nt_status) && !sid_equal(pdb_get_user_sid(sam_acct), sid)) { + fstring sid_string1, sid_string2; + DEBUG(1, ("looking for user with sid %s instead returned %s for account %s!?!\n", + sid_to_string(sid_string1, sid), sid_to_string(sid_string2, pdb_get_user_sid(sam_acct)), pdb_get_username(sam_acct))); + return NT_STATUS_NO_SUCH_USER; + } + /* success */ return NT_STATUS_OK; } -static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid) -{ - uint32 rid; - if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)) - return NT_STATUS_UNSUCCESSFUL; - return smbpasswd_getsampwrid(my_methods, user, rid); -} - static NTSTATUS smbpasswd_add_sam_account(struct pdb_methods *my_methods, SAM_ACCOUNT *sampass) { struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; @@ -1493,58 +1497,6 @@ static NTSTATUS smbpasswd_delete_sam_account (struct pdb_methods *my_methods, SA return NT_STATUS_UNSUCCESSFUL; } -static NTSTATUS smbpasswd_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, - DOM_SID sid, BOOL with_priv) -{ - return get_group_map_from_sid(sid, map, with_priv) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS smbpasswd_getgrgid(struct pdb_methods *methods, GROUP_MAP *map, - gid_t gid, BOOL with_priv) -{ - return get_group_map_from_gid(gid, map, with_priv) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS smbpasswd_getgrnam(struct pdb_methods *methods, GROUP_MAP *map, - char *name, BOOL with_priv) -{ - return get_group_map_from_ntname(name, map, with_priv) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS smbpasswd_add_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) -{ - return add_mapping_entry(map, TDB_INSERT) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS smbpasswd_update_group_mapping_entry(struct pdb_methods *methods, - GROUP_MAP *map) -{ - return add_mapping_entry(map, TDB_REPLACE) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS smbpasswd_delete_group_mapping_entry(struct pdb_methods *methods, - DOM_SID sid) -{ - return group_map_remove(sid) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - -static NTSTATUS smbpasswd_enum_group_mapping(struct pdb_methods *methods, - enum SID_NAME_USE sid_name_use, - GROUP_MAP **rmap, int *num_entries, - BOOL unix_only, BOOL with_priv) -{ - return enum_group_mapping(sid_name_use, rmap, num_entries, unix_only, - with_priv) ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} - static void free_private_data(void **vp) { struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp; @@ -1575,13 +1527,6 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, (*pdb_method)->add_sam_account = smbpasswd_add_sam_account; (*pdb_method)->update_sam_account = smbpasswd_update_sam_account; (*pdb_method)->delete_sam_account = smbpasswd_delete_sam_account; - (*pdb_method)->getgrsid = smbpasswd_getgrsid; - (*pdb_method)->getgrgid = smbpasswd_getgrgid; - (*pdb_method)->getgrnam = smbpasswd_getgrnam; - (*pdb_method)->add_group_mapping_entry = smbpasswd_add_group_mapping_entry; - (*pdb_method)->update_group_mapping_entry = smbpasswd_update_group_mapping_entry; - (*pdb_method)->delete_group_mapping_entry = smbpasswd_delete_group_mapping_entry; - (*pdb_method)->enum_group_mapping = smbpasswd_enum_group_mapping; /* Setup private data and free function */ |