Passdb:

Kill off the silly code that attempts to do NT -> Unix username mapping.
This is done well before here, no need to repeat it.

Add some small fixes and extra debugs, trying to track down current build
farm failures.

pdb_unix:

When 'updating' a pdb_unix account, instead add it to the default passdb.
This means that you don't need to specify '-a' to smbpasswd any more when
messing with an existing unix user, the account is simply 'upgraded'.

The idea here is that these accounts are just as 'real' as any other, they
just don't have the extra attributes an smbpasswd file does.

I'm open for debate on the pdb_unix issue, and will remove it if given
good reason.  (without this, an attempt to add an account already in
pdb_unix to smbpasswd would fail, as it would fail to update pdb_unix).

rpc_server/srv_netlog_nt.c

Change a couple of things around, so as to show the client workstation etc.

WRONG_PASSWORD is certainly not the right default error.  Try ACCESS_DENIED
for now.

Andrew Bartlett
(This used to be commit d78b74b338df9accd9ad84c56a49fa4f787425e2)

2 files changed, 29 insertions, 44 deletions

diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 88e317cea9..f7ab6f3070 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -357,6 +357,8 @@ static struct smb_passwd *getsmbfilepwent(struct smbpasswd_privates *smbpasswd_s
      * As 256 is shorter than a pstring we don't need to check
      * length here - if this ever changes....
      */
+    SMB_ASSERT(sizeof(pstring) > sizeof(linebuf));
+
     strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
     user_name[PTR_DIFF(p, linebuf)] = '\0';
 
@@ -694,7 +696,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
 static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, const struct smb_passwd* pwd)
 {
   /* Static buffers we will return. */
-  char * user_name = smbpasswd_state->user_name;
+	pstring user_name;
 
   char            linebuf[256];
   char            readbuf[1024];
@@ -812,6 +814,9 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con
      * As 256 is shorter than a pstring we don't need to check
      * length here - if this ever changes....
      */
+
+    SMB_ASSERT(sizeof(user_name) > sizeof(linebuf));
+
     strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
     user_name[PTR_DIFF(p, linebuf)] = '\0';
     if (strequal(user_name, pwd->smb_name)) {
@@ -823,6 +828,9 @@ static BOOL mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con
   if (!found_entry) {
     pw_file_unlock(lockfd, &(smbpasswd_state->pw_file_lock_depth));
     fclose(fp);
+
+    DEBUG(2, ("Cannot update entry for user %s, as they don't exist in the smbpasswd file!\n",
+	      pwd->smb_name));
     return False;
   }
 
@@ -1166,11 +1174,11 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas
 	if (sampass == NULL) 
 		return False;
 
-       ZERO_STRUCTP(smb_pw);
+	ZERO_STRUCTP(smb_pw);
  
         if (!IS_SAM_UNIX_USER(sampass)) {
 		smb_pw->smb_userid_set = False;
-		DEBUG(5,("build_sam_pass: storing user without a UNIX uid or gid. \n"));
+		DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n"));
 	} else {
 		uint32 rid = pdb_get_user_rid(sampass);
 		smb_pw->smb_userid_set = True;
@@ -1365,21 +1373,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s
 
 	DEBUG(10, ("getsampwnam (smbpasswd): search by name: %s\n", username));
 
-	
-	/* break the username from the domain if we have 
-	   been given a string in the form 'DOMAIN\user' */
-	fstrcpy (name, username);
-	if ((user=strchr_m(name, '\\')) != NULL) {
-		domain = name;
-		*user = '\0';
-		user++;
-	}
-	
-	/* if a domain was specified and it wasn't ours
-	   then there is no chance of matching */
-	if ( domain && !StrCaseCmp(domain, lp_workgroup()) )
-		return False;
-
 	/* startsmbfilepwent() is used here as we don't want to lookup
 	   the UNIX account in the local system password file until
 	   we have a match.  */
@@ -1390,11 +1383,6 @@ static BOOL smbpasswd_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT *s
 		return False;
 	}
 
-	/* if we have a domain name, then we should map it to a UNIX 
-	   username first */
-	if ( domain )
-		map_username(user);
-
 	while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) )
 		/* do nothing....another loop */ ;
 	
@@ -1492,13 +1480,17 @@ static BOOL smbpasswd_update_sam_account(struct pdb_methods *my_methods, const S
 	struct smb_passwd smb_pw;
 	
 	/* convert the SAM_ACCOUNT */
-	if (!build_smb_pass(&smb_pw, sampass))
+	if (!build_smb_pass(&smb_pw, sampass)) {
+		DEBUG(0, ("smbpasswd_update_sam_account: build_smb_pass failed!\n"));
 		return False;
+	}
 	
 	/* update the entry */
-	if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw))
+	if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) {
+		DEBUG(0, ("smbpasswd_update_sam_account: mod_smbfilepwd_entry failed!\n"));
 		return False;
-		
+	}
+	
 	return True;
 }
 
diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c
index d1f95c445b..d7574e6e13 100644
--- a/source3/passdb/pdb_unix.c
+++ b/source3/passdb/pdb_unix.c
@@ -66,35 +66,28 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods,
 }
 
 /***************************************************************************
-  Delete a SAM_ACCOUNT
+  Adds an existing SAM_ACCOUNT
  ****************************************************************************/
 
-static BOOL unixsam_delete_sam_account(struct pdb_methods *methods, const SAM_ACCOUNT *sam_pass)
+static BOOL unixsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd)
 {
-	/* 
-	 * Unsupported as well - we don't need to get involved in 
-	 * unix passdb's - and hey, we would need to use pam for that anyway 
-	 */
+	DEBUG(0,("pdb_unix should not be listed as the first passdb backend! You can't add users to it.\n"));
 	return False;
 }
 
 /***************************************************************************
-  Modifies an existing SAM_ACCOUNT
- ****************************************************************************/
+  Updates a SAM_ACCOUNT
 
-static BOOL unixsam_update_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd)
-{
-	return False;
-}
+  This isn't a particulary practical option for pdb_unix.  We certainly don't
+  want to twidde the filesystem, so what should we do?
 
-/***************************************************************************
-  Adds an existing SAM_ACCOUNT
+  Current plan is to transparently add the account.  It should appear
+  as if the pdb_unix version was modified, but its actually stored somehwere.
  ****************************************************************************/
 
-static BOOL unixsam_add_sam_account (struct pdb_methods *methods, const SAM_ACCOUNT *newpwd)
+static BOOL unixsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
 {
-	DEBUG(0,("pdb_unix should not be listed as the first passdb backend! You can't add users to it.\n"));
-	return False;
+	return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
 }
 
 NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
@@ -119,7 +112,7 @@ NTSTATUS pdb_init_unixsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, co
 	(*pdb_method)->getsampwrid = unixsam_getsampwrid;
 	(*pdb_method)->add_sam_account = unixsam_add_sam_account;
 	(*pdb_method)->update_sam_account = unixsam_update_sam_account;
-	(*pdb_method)->delete_sam_account = unixsam_delete_sam_account;
+	(*pdb_method)->delete_sam_account = NULL;
 	
 	/* There's not very much to initialise here */
 	return NT_STATUS_OK;