Better handling of uid/gid -> RID and RID -> uid/gid code.

All uids and gids must create valid RIDs, becouse other code expects this, and
can't handle the failure case. (ACL code in particular)

Allow admins to adjust the base of the RID algorithm, so avoid clashes with
users brought in from NT (for example).

Put all the algorithm code back in one place, so that this change is global.

Better coping with NULL sid pointers - but it still breaks a lot of stuff.

BONUS: manpage entry for new paramater :-)

counter based rids for normal users in tdbsam is disabled for the timebeing,
idra and I will work out some things here soon I hope.

Andrew Bartlett
(This used to be commit 5275c94cdf0c64f347d4282f47088d084b1a7ea5)

1 files changed, 34 insertions, 11 deletions

diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 7092caa15e..3a9bc894bb 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -41,8 +41,10 @@ struct tdbsam_privates {
 
 	BOOL permit_non_unix_accounts;
 
-/*	uint32 low_nua_rid; 
-	uint32 high_nua_rid; */
+	BOOL algorithmic_rids;
+
+	uint32 low_nua_rid; 
+	uint32 high_nua_rid;
 };
 
 /**********************************************************************
@@ -717,7 +719,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, const SAM_ACCOUNT* ne
 	fstring		name;
 	BOOL		ret = True;
 	uint32		user_rid;
-	int32		tdb_ret;
+	BOOL		tdb_ret;
 
 	/* invalidate the existing TDB iterator if it is open */
 	if (tdb_state->passwd_tdb) {
@@ -736,13 +738,32 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, const SAM_ACCOUNT* ne
 	/* if flag == TDB_INSERT then make up a new RID else throw an error. */
 	if (!(user_rid = pdb_get_user_rid(newpwd))) {
 		if (flag & TDB_INSERT) {
-			user_rid = BASE_RID;
-		        tdb_ret = tdb_change_int32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
-			if (tdb_ret == -1) {
-				ret = False;
-				goto done;
+			if (IS_SAM_UNIX_USER(newpwd)) {
+				if (tdb_state->algorithmic_rids) {
+					user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd));
+				} else {
+					user_rid = BASE_RID;
+					tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
+					if (!tdb_ret) {
+						ret = False;
+						goto done;
+					}
+				}
+				pdb_set_user_rid(newpwd, user_rid);
+			} else {
+				user_rid = tdb_state->low_nua_rid;
+				tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
+				if (!tdb_ret) {
+					ret = False;
+					goto done;
+				}
+				if (user_rid > tdb_state->high_nua_rid) {
+					DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd)));
+					ret = False;
+					goto done;
+				}
+				pdb_set_user_rid(newpwd, user_rid);
 			}
-			pdb_set_user_rid(newpwd, user_rid);
 		} else {
 			DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
 			ret = False;
@@ -884,6 +905,8 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
 		tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile);
 	}
 
+	tdb_state->algorithmic_rids = True;
+
 	(*pdb_method)->private_data = tdb_state;
 
 	(*pdb_method)->free_private_data = free_private_data;
@@ -912,10 +935,10 @@ NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-/*	tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
+	tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
 
 	tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
-*/
+
 	return NT_STATUS_OK;
 }