This is a farily large patch (3300 lines) and reworks most of the AuthRewrite

code.

In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.

Major Changes:
	- Fully malloc'ed structures.
	  - Massive rework of the code so that all structures are made and destroyed
	    using malloc and free, rather than hanging around on the stack.
	- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
	   to be declared 'invalid' without the chance that people might get ROOT by
	   default.

	- kill off some of the "DOMAIN\user" lookups.  These can be readded at a more
	  appropriate place (probably domain_client_validate.c) in the future. They
	  don't belong in session setups.

	- Massive introduction of DATA_BLOB structures, particularly for passwords.

	- Use NTLMSSP flags to tell the backend what its getting, rather than magic
	  lenghths.

	- Fix winbind back up again, but tpot is redoing this soon anyway.

	- Abstract much of the work in srv_netlog_nt back into auth helper functions.

This is a LARGE change, and any assistance is testing it is appriciated.

Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.

Needs testing with a wide variety of MS clients.

Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)

2 files changed, 71 insertions, 16 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 6a96426a9f..05d448f963 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -135,8 +135,9 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, struct passwd *pwd)
 
 	pdb_set_username(*new_sam_acct, pwd->pw_name);
 	pdb_set_fullname(*new_sam_acct, pwd->pw_gecos);
-	pdb_set_uid(*new_sam_acct, pwd->pw_uid);
-	pdb_set_gid(*new_sam_acct, pwd->pw_gid);
+
+	pdb_set_uid(*new_sam_acct, &pwd->pw_uid);
+	pdb_set_gid(*new_sam_acct, &pwd->pw_gid);
 
 	pdb_set_user_rid(*new_sam_acct, pdb_uid_to_user_rid(pwd->pw_uid));
 	pdb_set_group_rid(*new_sam_acct, pdb_gid_to_group_rid(pwd->pw_gid));
@@ -186,6 +187,9 @@ static BOOL pdb_free_sam_contents(SAM_ACCOUNT *user)
 
 	SAFE_FREE(user->nt_pw);
 	SAFE_FREE(user->lm_pw);
+
+	SAFE_FREE(user->uid);
+	SAFE_FREE(user->gid);
 	
 	return True;	
 }
@@ -1113,20 +1117,20 @@ uint32 pdb_get_group_rid (const SAM_ACCOUNT *sampass)
 		return (-1);
 }
 
-uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
+uid_t *pdb_get_uid (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->uid);
 	else
-		return ((uid_t)-1);
+		return (NULL);
 }
 
-gid_t pdb_get_gid (const SAM_ACCOUNT *sampass)
+gid_t *pdb_get_gid (const SAM_ACCOUNT *sampass)
 {
 	if (sampass)
 		return (sampass->gid);
 	else
-		return ((gid_t)-1);
+		return (NULL);
 }
 
 const char* pdb_get_username (const SAM_ACCOUNT *sampass)
@@ -1330,22 +1334,62 @@ BOOL pdb_set_logons_divs (SAM_ACCOUNT *sampass, uint16 hours)
 	return True;
 }
 
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, uid_t uid)
+/*********************************************************************
+ Set the user's UNIX uid, as a pointer to malloc'ed memory.
+ ********************************************************************/
+
+BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t *uid)
 {
 	if (!sampass)
 		return False;
+	
+	if (!uid) {
+		/* Allow setting to NULL */
+		SAFE_FREE(sampass->uid);
+		return True;
+	}
+
+	if (sampass->uid!=NULL)
+		DEBUG(4,("pdb_set_nt_passwd: uid non NULL overwritting ?\n"));
+	else
+		sampass->uid=(uid_t *)malloc(sizeof(uid_t));
+	
+	if (sampass->uid==NULL)
+		return False;
+
+	*sampass->uid = *uid; 
 
-	sampass->uid = uid;
 	return True;
+
 }
 
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, gid_t gid)
+/*********************************************************************
+ Set the user's UNIX gid, as a pointer to malloc'ed memory.
+ ********************************************************************/
+
+BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t *gid)
 {
 	if (!sampass)
 		return False;
+	
+	if (!gid) {
+		/* Allow setting to NULL */
+		SAFE_FREE(sampass->gid);
+		return True;
+	}
+
+	if (sampass->gid!=NULL)
+		DEBUG(4,("pdb_set_nt_passwd: gid non NULL overwritting ?\n"));
+	else
+		sampass->gid=(gid_t *)malloc(sizeof(gid_t));
+	
+	if (sampass->gid==NULL)
+		return False;
+
+	*sampass->gid = *gid; 
 
-	sampass->gid = gid;
 	return True;
+
 }
 
 BOOL pdb_set_user_rid (SAM_ACCOUNT *sampass, uint32 rid)
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 8524275f12..e190be99a5 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1135,12 +1135,22 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
  ********************************************************************/
 static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
 {
+	uid_t *uid;
+	gid_t *gid;
+
 	if (sampass == NULL) 
 		return False;
+	uid = pdb_get_uid(sampass);
+	gid = pdb_get_gid(sampass);
+
+	if (!uid || !gid) {
+		DEBUG(0,("build_sam_pass: Failing attempt to store user	without a UNIX uid or gid. \n"));
+		return False;
+	}
 
 	ZERO_STRUCTP(smb_pw);
 
-	smb_pw->smb_userid=pdb_get_uid(sampass);
+	smb_pw->smb_userid=*uid;
 	smb_pw->smb_name=pdb_get_username(sampass);
 
 	smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
@@ -1149,12 +1159,12 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas
 	smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
 	smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
 
-	if (smb_pw->smb_userid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) {
+	if (*uid != pdb_user_rid_to_uid(pdb_get_user_rid(sampass))) {
 		DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
 		return False;
 	}
 
-	if (pdb_get_gid(sampass) != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
+	if (*gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
 		DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
 		return False;
 	}
@@ -1184,14 +1194,15 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw
 		return False;
 	}
 
+	pdb_set_uid (sam_pass, &pwfile->pw_uid);
+	pdb_set_gid (sam_pass, &pwfile->pw_gid);
+
 	/* FIXME!!  This doesn't belong here.  Should be set in net_sam_logon() 
 	   --jerry */
+
 	pstrcpy(samlogon_user, pw_buf->smb_name);
-	
 	sam_logon_in_ssb = True;
 		
-	pdb_set_uid (sam_pass, pwfile->pw_uid);
-	pdb_set_gid (sam_pass, pwfile->pw_gid);
 	pdb_set_fullname(sam_pass, pwfile->pw_gecos);		
 	
 	pdb_set_user_rid(sam_pass, pdb_uid_to_user_rid (pwfile->pw_uid));