diff options
| author | Luke Leighton <lkcl@samba.org> | 1998-11-29 20:03:33 +0000 |
|---|---|---|
| committer | Luke Leighton <lkcl@samba.org> | 1998-11-29 20:03:33 +0000 |
| commit | 30038de4623bc827ee8019c569faf00583d1fe58 (patch) | |
| tree | 1308b8cf5fdf8dcfa27d132015be4a187539a24f /source3/passdb | |
| parent | 534e6a2e1b22c1f40d8ba98300baff2c7e473aef (diff) | |
| download | samba-30038de4623bc827ee8019c569faf00583d1fe58.tar.gz samba-30038de4623bc827ee8019c569faf00583d1fe58.tar.bz2 samba-30038de4623bc827ee8019c569faf00583d1fe58.zip | |
weekend work. user / group database API.
- split sam_passwd and smb_passwd into separate higher-order function tables
- renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.
NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.
- added query_useraliases code to rpcclient.
- dealt with some nasty interdependencies involving non-smbd programs
and the password database API. this is still not satisfactorily
resolved completelely, but it's the best i can do for now.
- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.
lots of debugging done, it's still not finished. the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect. the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/ldap.c | 10 | ||||
| -rw-r--r-- | source3/passdb/nispass.c | 12 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 636 | ||||
| -rw-r--r-- | source3/passdb/passgrp.c | 48 | ||||
| -rw-r--r-- | source3/passdb/smbpass.c | 225 | ||||
| -rw-r--r-- | source3/passdb/smbpasschange.c | 6 | ||||
| -rw-r--r-- | source3/passdb/smbpassgroup.c | 2 | ||||
| -rw-r--r-- | source3/passdb/smbpassgroupunix.c | 150 |
8 files changed, 209 insertions, 880 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c index 270616fbcf..5e196889ca 100644 --- a/source3/passdb/ldap.c +++ b/source3/passdb/ldap.c @@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry, get_single_attribute(ldap_struct, entry, "rid", temp); /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pwdb_user_rid_to_uid (atoi(temp)); + user->unix_uid = pwdb_user_rid_to_uid (atoi(temp)); if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) ) { @@ -347,7 +347,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, user->group_rid = atoi(temp); /* the smb (unix) ids are not stored: they are created */ - user->smb_userid = pw_buf.smb_userid; + user->unix_uid = pw_buf.unix_uid; user->smb_grpid = group_rid_to_uid(user->group_rid); user->acct_ctrl = pw_buf.acct_ctrl; @@ -553,7 +553,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag) } slprintf(nthash, sizeof(nthash)-1, "%s", temp); - slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) ); + slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->unix_uid) ); slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time); mods = NULL; @@ -925,9 +925,9 @@ static struct smb_passwd *getldappwnam(char *name) return pwdb_sam_to_smb(iterate_getsam21pwnam(name)); } -static struct smb_passwd *getldappwuid(uid_t smb_userid) +static struct smb_passwd *getldappwuid(uid_t unix_uid) { - return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid)); + return pwdb_sam_to_smb(iterate_getsam21pwuid(unix_uid)); } static struct smb_passwd *getldappwrid(uint32 user_rid) diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index 58257d5b2d..f554958ade 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -371,7 +371,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd) pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time ); pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time); - slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid); + slprintf(uid, sizeof(uid), "%u", newpwd->unix_uid); slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid); slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid); slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid); @@ -500,7 +500,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result) uidval = atoi(ENTRY_VAL(obj, NPF_UID)); pw_buf->smb_name = user_name; - pw_buf->smb_userid = uidval; + pw_buf->unix_uid = uidval; pw_buf->smb_passwd = smbpwd; pw_buf->smb_nt_passwd = smbntpwd; @@ -621,9 +621,9 @@ static struct smb_passwd *getnisppwnam(char *name) return pwdb_sam_to_smb(getnisp21pwnam(name)); } -static struct sam_passwd *getnisp21pwuid(uid_t smb_userid) +static struct sam_passwd *getnisp21pwuid(uid_t unix_uid) { - return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid)); + return getnisp21pwrid(pwdb_uid_to_user_rid(unix_uid)); } static struct smb_passwd *getnisppwrid(uid_t user_rid) @@ -631,9 +631,9 @@ static struct smb_passwd *getnisppwrid(uid_t user_rid) return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid))); } -static struct smb_passwd *getnisppwuid(uid_t smb_userid) +static struct smb_passwd *getnisppwuid(uid_t unix_uid) { - return pwdb_sam_to_smb(getnisp21pwuid(smb_userid)); + return pwdb_sam_to_smb(getnisp21pwuid(unix_uid)); } static struct sam_disp_info *getnispdispnam(char *name) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 70c7f1fc9c..4dc945ff31 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -24,6 +24,7 @@ #include "nterr.h" extern int DEBUGLEVEL; +extern DOM_SID global_sam_sid; /* * NOTE. All these functions are abstracted into a structure @@ -52,7 +53,7 @@ extern int DEBUGLEVEL; * */ -static struct passdb_ops *pwdb_ops; +static struct smb_passdb_ops *pwdb_ops; /*************************************************************** Initialise the password db operations. @@ -81,25 +82,16 @@ BOOL initialise_password_db(void) */ /************************************************************************ - Utility function to search smb passwd by rid. -*************************************************************************/ - -struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid) -{ - return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid)); -} - -/************************************************************************ Utility function to search smb passwd by uid. use this if your database does not have search facilities. *************************************************************************/ -struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid) +struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid) { struct smb_passwd *pwd = NULL; void *fp = NULL; - DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid)); /* Open the smb password database - not for update. */ fp = startsmbpwent(False); @@ -110,13 +102,13 @@ struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid) return NULL; } - while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid) + while ((pwd = getsmbpwent(fp)) != NULL && pwd->unix_uid != unix_uid) { } if (pwd != NULL) { - DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid)); } endsmbpwent(fp); @@ -144,9 +136,9 @@ struct smb_passwd *iterate_getsmbpwnam(const char *name) return NULL; } - while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name)) + while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->unix_name, name)) { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->smb_userid)); + DEBUG(10, ("iterate: %s 0x%x\n", pwd->unix_name, pwd->unix_uid)); } if (pwd != NULL) @@ -189,13 +181,23 @@ void endsmbpwent(void *vp) pwdb_ops->endsmbpwent(vp); } +SMB_BIG_UINT getsmbpwpos(void *vp) +{ + return pwdb_ops->getsmbpwpos(vp); +} + +BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok) +{ + return pwdb_ops->setsmbpwpos(vp, tok); +} + /************************************************************************* Routine to return the next entry in the smb passwd list. *************************************************************************/ struct smb_passwd *getsmbpwent(void *vp) { - return pwdb_ops->getsmbpwent(vp); + return pwdb_smb_map_names(pwdb_ops->getsmbpwent(vp)); } /************************************************************************ @@ -204,7 +206,7 @@ struct smb_passwd *getsmbpwent(void *vp) BOOL add_smbpwd_entry(struct smb_passwd *newpwd) { - return pwdb_ops->add_smbpwd_entry(newpwd); + return pwdb_ops->add_smbpwd_entry(pwdb_smb_map_names(newpwd)); } /************************************************************************ @@ -218,7 +220,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd) BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) { - return pwdb_ops->mod_smbpwd_entry(pwd, override); + return pwdb_ops->mod_smbpwd_entry(pwdb_smb_map_names(pwd), override); } /************************************************************************ @@ -227,604 +229,94 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override) struct smb_passwd *getsmbpwnam(const char *name) { - return pwdb_ops->getsmbpwnam(name); -} - -/************************************************************************ - Routine to search smb passwd by user rid. -*************************************************************************/ - -struct smb_passwd *getsmbpwrid(uint32 user_rid) -{ - return pwdb_ops->getsmbpwrid(user_rid); + return pwdb_smb_map_names(pwdb_ops->getsmbpwnam(name)); } /************************************************************************ Routine to search smb passwd by uid. *************************************************************************/ -struct smb_passwd *getsmbpwuid(uid_t smb_userid) -{ - return pwdb_ops->getsmbpwuid(smb_userid); -} - -/* - * Functions that manupulate a struct sam_passwd. - */ - -/************************************************************************ - Utility function to search sam passwd by name. use this if your database - does not have search facilities. -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwnam(const char *name) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by name: %s\n", name)); - - /* Open the smb password database - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, name)) - { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid)); - } - - if (pwd != NULL) - { - DEBUG(10, ("found by name: %s\n", name)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search sam passwd by rid. use this if your database - does not have search facilities. - - search capability by both rid and uid are needed as the rid <-> uid - mapping may be non-monotonic. - -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwrid(uint32 rid) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by rid: %x\n", rid)); - - /* Open the smb password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid) - { - DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid)); - } - - if (pwd != NULL) - { - DEBUG(10, ("found by user_rid: %x\n", rid)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************ - Utility function to search sam passwd by uid. use this if your database - does not have search facilities. - - search capability by both rid and uid are needed as the rid <-> uid - mapping may be non-monotonic. - -*************************************************************************/ - -struct sam_passwd *iterate_getsam21pwuid(uid_t uid) -{ - struct sam_passwd *pwd = NULL; - void *fp = NULL; - - DEBUG(10, ("search by uid: %x\n", (int)uid)); - - /* Open the smb password file - not for update. */ - fp = startsmbpwent(False); - - if (fp == NULL) - { - DEBUG(0, ("unable to open sam password database.\n")); - return NULL; - } - - while ((pwd = getsam21pwent(fp)) != NULL && pwd->smb_userid != uid) - { - } - - if (pwd != NULL) - { - DEBUG(10, ("found by smb_userid: %x\n", (int)uid)); - } - - endsmbpwent(fp); - return pwd; -} - -/************************************************************************* - Routine to return a display info structure, by rid - *************************************************************************/ -struct sam_disp_info *getsamdisprid(uint32 rid) -{ - return pwdb_ops->getsamdisprid(rid); -} - -/************************************************************************* - Routine to return the next entry in the sam passwd list. - *************************************************************************/ - -struct sam_passwd *getsam21pwent(void *vp) -{ - return pwdb_ops->getsam21pwent(vp); -} - - -/************************************************************************ - Routine to search sam passwd by name. -*************************************************************************/ - -struct sam_passwd *getsam21pwnam(const char *name) -{ - return pwdb_ops->getsam21pwnam(name); -} - -/************************************************************************ - Routine to search sam passwd by rid. -*************************************************************************/ - -struct sam_passwd *getsam21pwrid(uint32 rid) +struct smb_passwd *getsmbpwuid(uid_t unix_uid) { - return pwdb_ops->getsam21pwrid(rid); -} - - -/********************************************************** - ********************************************************** - - utility routines which are likely to be useful to all password - databases - - ********************************************************** - **********************************************************/ - -/************************************************************* - initialises a struct sam_disp_info. - **************************************************************/ - -static void pwdb_init_dispinfo(struct sam_disp_info *user) -{ - if (user == NULL) return; - bzero(user, sizeof(*user)); + return pwdb_smb_map_names(pwdb_ops->getsmbpwuid(unix_uid)); } /************************************************************* initialises a struct smb_passwd. **************************************************************/ - void pwdb_init_smb(struct smb_passwd *user) { if (user == NULL) return; bzero(user, sizeof(*user)); user->pass_last_set_time = (time_t)-1; + user->unix_uid = (uid_t)-1; + user->user_rid = 0xffffffff; } /************************************************************* - initialises a struct sam_passwd. + fills in missing details. one set of details _must_ exist. **************************************************************/ -void pwdb_init_sam(struct sam_passwd *user) -{ - if (user == NULL) return; - bzero(user, sizeof(*user)); - user->logon_time = (time_t)-1; - user->logoff_time = (time_t)-1; - user->kickoff_time = (time_t)-1; - user->pass_last_set_time = (time_t)-1; - user->pass_can_change_time = (time_t)-1; - user->pass_must_change_time = (time_t)-1; -} - -/************************************************************************* - Routine to return the next entry in the sam passwd list. - *************************************************************************/ - -struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user) -{ - static struct sam_disp_info disp_info; - - if (user == NULL) return NULL; - - pwdb_init_dispinfo(&disp_info); - - disp_info.smb_name = user->smb_name; - disp_info.full_name = user->full_name; - disp_info.user_rid = user->user_rid; - - return &disp_info; -} - -/************************************************************* - converts a sam_passwd structure to a smb_passwd structure. - **************************************************************/ - -struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user) +struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb) { - static struct smb_passwd pw_buf; + DOM_NAME_MAP gmep; + BOOL found = False; + DOM_SID sid; + static fstring unix_name; + static fstring nt_name; - if (user == NULL) return NULL; + DEBUG(10,("pwdb_smb_map_names\n")); - pwdb_init_smb(&pw_buf); - - pw_buf.smb_userid = user->smb_userid; - pw_buf.smb_name = user->smb_name; - pw_buf.smb_passwd = user->smb_passwd; - pw_buf.smb_nt_passwd = user->smb_nt_passwd; - pw_buf.acct_ctrl = user->acct_ctrl; - pw_buf.pass_last_set_time = user->pass_last_set_time; - - return &pw_buf; -} - - -/************************************************************* - converts a smb_passwd structure to a sam_passwd structure. - **************************************************************/ - -struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user) -{ - static struct sam_passwd pw_buf; - - if (user == NULL) return NULL; - - pwdb_init_sam(&pw_buf); - - pw_buf.smb_userid = user->smb_userid; - pw_buf.smb_name = user->smb_name; - pw_buf.smb_passwd = user->smb_passwd; - pw_buf.smb_nt_passwd = user->smb_nt_passwd; - pw_buf.acct_ctrl = user->acct_ctrl; - pw_buf.pass_last_set_time = user->pass_last_set_time; - - return &pw_buf; -} - -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) + if (smb == NULL) { - acct_str[i] = ' '; + return NULL; } - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - - this function breaks coding standards minimum line width of 80 chars. - reason: vertical line-up code clarity - all case statements fit into - 15 lines, which is more important. - **********************************************************/ - -uint16 pwdb_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') return 0; - - for (p++; *p && !finished; p++) + if (smb->unix_name == NULL && smb->nt_name == NULL && + smb->unix_uid == (uid_t)-1 && smb->user_rid == 0xffffffff) { - switch (*p) - { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } + return NULL; } - return acct_ctrl; -} - -/******************************************************************* - gets password-database-format time from a string. - ********************************************************************/ - -static time_t get_time_from_string(const char *p) -{ - int i; - - for (i = 0; i < 8; i++) + if (!found && smb->unix_name != NULL) { - if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF))) - { - break; - } + found = lookupsmbpwnam(smb->unix_name, &gmep); } - if (i == 8) + if (!found && smb->unix_uid != (uid_t)-1) { - /* - * p points at 8 characters of hex digits - - * read into a time_t as the seconds since - * 1970 that the password was last changed. - */ - return (time_t)strtol(p, NULL, 16); + found = lookupsmbpwuid(smb->unix_uid , &gmep); } - return (time_t)-1; -} - -/******************************************************************* - gets password last set time - ********************************************************************/ -time_t pwdb_get_last_set_time(const char *p) -{ - if (*p && StrnCaseCmp(p, "LCT-", 4)) + if (!found) { - return get_time_from_string(p + 4); + sid_copy(&sid, &global_sam_sid); + sid_append_rid(&sid, smb->user_rid); } - return (time_t)-1; -} - - -/******************************************************************* - sets password-database-format time in a string. - ********************************************************************/ -static void set_time_in_string(char *p, int max_len, char *type, time_t t) -{ - slprintf(p, max_len, ":%s-%08X:", type, (uint32)t); -} - -/******************************************************************* - sets logon time - ********************************************************************/ -void pwdb_set_logon_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LNT", t); -} - -/******************************************************************* - sets logoff time - ********************************************************************/ -void pwdb_set_logoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LOT", t); -} - -/******************************************************************* - sets kickoff time - ********************************************************************/ -void pwdb_set_kickoff_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "KOT", t); -} - -/******************************************************************* - sets password can change time - ********************************************************************/ -void pwdb_set_can_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "CCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_must_change_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "MCT", t); -} - -/******************************************************************* - sets password last set time - ********************************************************************/ -void pwdb_set_last_set_time(char *p, int max_len, time_t t) -{ - set_time_in_string(p, max_len, "LCT", t); -} - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ -void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) + if (!found && smb->user_rid != 0xffffffff) { - int i; - for (i = 0; i < 16; i++) - { - slprintf(&p[i*2], 33, "%02X", pwd[i]); - } + found = lookupsmbpwsid (&sid , &gmep); } - else + if (!found && smb->nt_name != NULL) { - if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ)) - { - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - } - else - { - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } + found = lookupsmbpwntnam(smb->nt_name, &gmep); } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ -BOOL pwdb_gethexpwd(const char *p, char *pwd) -{ - return strhex_to_str(pwd, 32, p) == 16; -} - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uid_t pwdb_user_rid_to_uid(uint32 user_rid) -{ - uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER); - return uid; -} - -/******************************************************************* - converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uint32 pwdb_uid_to_user_rid(uid_t uid) -{ - uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER); - return user_rid; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uint32 pwdb_gid_to_group_rid(gid_t gid) -{ - uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP); - return grp_rid; -} - -/******************************************************************* - converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -gid_t pwdb_group_rid_to_gid(uint32 group_rid) -{ - gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER); - return gid; -} - -/******************************************************************* - converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -uint32 pwdb_gid_to_alias_rid(gid_t gid) -{ - uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS); - return alias_rid; -} - -/******************************************************************* - converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -gid_t pwdb_alias_rid_to_gid(uint32 alias_rid) -{ - gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER); - return gid; -} -/******************************************************************* - Decides if a RID is a well known RID. - ********************************************************************/ -static BOOL pwdb_rid_is_well_known(uint32 rid) -{ - return (rid < 1000); -} + if (!found) + { + return NULL; + } -/******************************************************************* - determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -static uint32 pwdb_rid_type(uint32 rid) -{ - /* lkcl i understand that NT attaches an enumeration to a RID - * such that it can be identified as either a user, group etc - * type: SID_ENUM_TYPE. - */ - if (pwdb_rid_is_well_known(rid)) + if (!sid_front_equal(&global_sam_sid, &gmep.sid)) { - /* - * The only well known user RIDs are DOMAIN_USER_RID_ADMIN - * and DOMAIN_USER_RID_GUEST. - */ - if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST) - { - return RID_TYPE_USER; - } - if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS) - { - return RID_TYPE_GROUP; - } - if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR) - { - return RID_TYPE_ALIAS; - } + return NULL; } - return (rid & RID_TYPE_MASK); -} -/******************************************************************* - checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA - ********************************************************************/ -BOOL pwdb_rid_is_user(uint32 rid) -{ - return pwdb_rid_type(rid) == RID_TYPE_USER; -} + fstrcpy(unix_name, gmep.unix_name); + fstrcpy(nt_name , gmep.nt_name ); + if (smb->unix_name == NULL ) smb->unix_name = unix_name; + if (smb->nt_name == NULL ) smb->nt_name = nt_name ; + if (smb->unix_uid == (uid_t)-1 ) smb->unix_uid = (uid_t)gmep.unix_id; + if (smb->user_rid == 0xffffffff) sid_split_rid(&gmep.sid, &smb->user_rid); + return smb; +} diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c index f626dd978a..41b01a1a49 100644 --- a/source3/passdb/passgrp.c +++ b/source3/passdb/passgrp.c @@ -72,8 +72,30 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { - return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid), - grps, num_grps, alss, num_alss); + struct smb_passwd *pwd = NULL; + void *fp = NULL; + + DEBUG(10, ("search by user_rid: 0x%x\n", user_rid)); + + /* Open the smb password database - not for update. */ + fp = startsmbgrpent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open smb passgrp database.\n")); + return NULL; + } + + while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->user_rid != user_rid) + ; + + if (pwd != NULL) + { + DEBUG(10, ("found by user_rid: 0x%x\n", user_rid)); + } + + endsmbgrpent(fp); + return pwd; } /************************************************************************ @@ -81,14 +103,14 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid, does not have search facilities. *************************************************************************/ -struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, +struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { struct smb_passwd *pwd = NULL; void *fp = NULL; - DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid)); /* Open the smb password database - not for update. */ fp = startsmbgrpent(False); @@ -99,12 +121,12 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, return NULL; } - while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid) + while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->unix_uid != unix_uid) ; if (pwd != NULL) { - DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid)); + DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid)); } endsmbgrpent(fp); @@ -116,12 +138,14 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid, does not have search facilities. *************************************************************************/ -struct smb_passwd *iterate_getsmbgrpnam(char *name, +struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { struct smb_passwd *pwd = NULL; + fstring name; void *fp = NULL; + fstrcpy(name, nt_name); DEBUG(10, ("search by name: %s\n", name)); @@ -134,7 +158,7 @@ struct smb_passwd *iterate_getsmbgrpnam(char *name, return NULL; } - while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name)) + while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->nt_name, name)) ; if (pwd != NULL) @@ -192,11 +216,11 @@ struct smb_passwd *getsmbgrpent(void *vp, Routine to search smb passwd by name. *************************************************************************/ -struct smb_passwd *getsmbgrpnam(char *name, +struct smb_passwd *getsmbgrpntnam(char *name, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { - return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss); + return pwgrp_ops->getsmbgrpntnam(name, grps, num_grps, alss, num_alss); } /************************************************************************ @@ -214,10 +238,10 @@ struct smb_passwd *getsmbgrprid(uint32 user_rid, Routine to search smb passwd by uid. *************************************************************************/ -struct smb_passwd *getsmbgrpuid(uid_t smb_userid, +struct smb_passwd *getsmbgrpuid(uid_t unix_uid, uint32 **grps, int *num_grps, uint32 **alss, int *num_alss) { - return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss); + return pwgrp_ops->getsmbgrpuid(unix_uid, grps, num_grps, alss, num_alss); } diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c index 262ffa3e2e..0de09e6085 100644 --- a/source3/passdb/smbpass.c +++ b/source3/passdb/smbpass.c @@ -23,8 +23,6 @@ static int pw_file_lock_depth = 0; extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; static char s_readbuf[1024]; @@ -33,7 +31,7 @@ static char s_readbuf[1024]; to ensure no modification outside this module. ****************************************************************/ -void *startsmbfilepwent(BOOL update) +static void *startsmbfilepwent(BOOL update) { return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf), &pw_file_lock_depth, update); @@ -43,7 +41,7 @@ void *startsmbfilepwent(BOOL update) End enumeration of the smbpasswd list. ****************************************************************/ -void endsmbfilepwent(void *vp) +static void endsmbfilepwent(void *vp) { endfilepwent(vp, &pw_file_lock_depth); } @@ -53,7 +51,7 @@ void endsmbfilepwent(void *vp) This must be treated as an opaque token. *************************************************************************/ -SMB_BIG_UINT getsmbfilepwpos(void *vp) +static SMB_BIG_UINT getsmbfilepwpos(void *vp) { return getfilepwpos(vp); } @@ -63,7 +61,7 @@ SMB_BIG_UINT getsmbfilepwpos(void *vp) This must be treated as an opaque token. *************************************************************************/ -BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) +static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) { return setfilepwpos(vp, tok); } @@ -71,14 +69,13 @@ BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok) /************************************************************************* Routine to return the next entry in the smbpasswd list. *************************************************************************/ -struct smb_passwd *getsmbfilepwent(void *vp) +static struct smb_passwd *getsmbfilepwent(void *vp) { /* Static buffers we will return. */ static struct smb_passwd pw_buf; - static pstring user_name; + static pstring nt_name; static unsigned char smbpwd[16]; static unsigned char smbntpwd[16]; - struct passwd *pwfile; char linebuf[256]; char *p; int uidval; @@ -118,7 +115,7 @@ struct smb_passwd *getsmbfilepwent(void *vp) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - p = strncpyn(user_name, linebuf, sizeof(user_name), ':'); + p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':'); /* Go past ':' */ p++; @@ -127,8 +124,8 @@ struct smb_passwd *getsmbfilepwent(void *vp) p = Atoic( p, &uidval, ":"); - pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; + pw_buf.nt_name = nt_name; + pw_buf.unix_uid = uidval; /* * Now get the password value - this should be 32 hex digits @@ -142,7 +139,7 @@ struct smb_passwd *getsmbfilepwent(void *vp) if (*p == '*' || *p == 'X') { /* Password deliberately invalid - end here. */ - DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name)); + DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name)); pw_buf.smb_nt_passwd = NULL; pw_buf.smb_passwd = NULL; pw_buf.acct_ctrl |= ACB_DISABLED; @@ -197,8 +194,8 @@ struct smb_passwd *getsmbfilepwent(void *vp) p += 33; } - DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n", - user_name, uidval)); + DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n", + nt_name, uidval)); if (*p == '[') { @@ -229,21 +226,13 @@ struct smb_passwd *getsmbfilepwent(void *vp) * password file as 'normal accounts'. If this changes * we will have to fix this code. JRA. */ - if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$') + if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$') { pw_buf.acct_ctrl &= ~ACB_NORMAL; pw_buf.acct_ctrl |= ACB_WSTRUST; } } - pwfile = Get_Pwnam(pw_buf.smb_name, False); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name)); - return NULL; - } - return &pw_buf; } @@ -251,123 +240,6 @@ struct smb_passwd *getsmbfilepwent(void *vp) return NULL; } -/************************************************************************* - Routine to return the next entry in the smbpasswd list. - this function is a nice, messy combination of reading: - - the smbpasswd file - - the unix password database - - smb.conf options (not done at present). - *************************************************************************/ - -static struct sam_passwd *getsmbfile21pwent(void *vp) -{ - struct smb_passwd *pw_buf = getsmbfilepwent(vp); - static struct sam_passwd user; - struct passwd *pwfile; -#if ARGH - uint32 status = 0x0; -#endif - static pstring full_name; - static pstring home_dir; - static pstring home_drive; - static pstring logon_script; - static pstring profile_path; - static pstring acct_desc; - static pstring workstations; - - DEBUG(5,("getsmbfile21pwent\n")); - - if (pw_buf == NULL) return NULL; - - pwdb_init_sam(&user); - - pwfile = Get_Pwnam(pw_buf->smb_name, False); - if (pwfile == NULL) - { - DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n")); - DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name)); - return NULL; - } - - pstrcpy(samlogon_user, pw_buf->smb_name); - - if (samlogon_user[strlen(samlogon_user)-1] != '$') - { - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a become_user() call */ - sam_logon_in_ssb = True; - - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - -#if ARGH - status = lookup_user_rids(pw_buf->smb_name, &user.user_rid, &user.group_rid); -#else - user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); - user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid ); -#endif - - pstrcpy(full_name , pwfile->pw_gecos ); - pstrcpy(logon_script , lp_logon_script ()); - pstrcpy(profile_path , lp_logon_path ()); - pstrcpy(home_drive , lp_logon_drive ()); - pstrcpy(home_dir , lp_logon_home ()); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - - sam_logon_in_ssb = False; - } - else - { - user.smb_userid = pw_buf->smb_userid; - user.smb_grpid = pwfile->pw_gid; - - user.user_rid = pwdb_uid_to_user_rid (user.smb_userid); - user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ - - pstrcpy(full_name , ""); - pstrcpy(logon_script , ""); - pstrcpy(profile_path , ""); - pstrcpy(home_drive , ""); - pstrcpy(home_dir , ""); - pstrcpy(acct_desc , ""); - pstrcpy(workstations , ""); - } - -#if ARGH - if (status != 0x0) - { - return NULL; - } -#endif - - user.smb_name = pw_buf->smb_name; - user.full_name = full_name; - user.home_dir = home_dir; - user.dir_drive = home_drive; - user.logon_script = logon_script; - user.profile_path = profile_path; - user.acct_desc = acct_desc; - user.workstations = workstations; - - user.unknown_str = NULL; /* don't know, yet! */ - user.munged_dial = NULL; /* "munged" dial-back telephone number */ - - user.smb_nt_passwd = pw_buf->smb_nt_passwd; - user.smb_passwd = pw_buf->smb_passwd; - - user.acct_ctrl = pw_buf->acct_ctrl; - - user.unknown_3 = 0xffffff; /* don't know */ - user.logon_divs = 168; /* hours per week */ - user.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(user.hours, 0xff, user.hours_len); /* available at all hours */ - user.unknown_5 = 0x00020000; /* don't know */ - user.unknown_5 = 0x000004ec; /* don't know */ - - return &user; -} - /************************************************************************ Routine to add an entry to the smbpasswd file. *************************************************************************/ @@ -400,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) */ while ((pwd = getsmbfilepwent(fp)) != NULL) { - if (strequal(newpwd->smb_name, pwd->smb_name)) { - DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name)); + if (strequal(newpwd->nt_name, pwd->nt_name)) { + DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name)); endsmbfilepwent(fp); return False; } @@ -418,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd) if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) { DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; + new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2; if((new_entry = (char *)malloc( new_entry_length )) == NULL) { DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \ -Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", newpwd->nt_name, pfile, strerror(errno))); endsmbfilepwent(fp); return False; } - slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid); + slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid); p = &new_entry[strlen(new_entry)]; if(newpwd->smb_passwd != NULL) { @@ -477,13 +349,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno))); if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) { DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \ -Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno))); +Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno))); /* Remove the entry we just wrote. */ if(sys_ftruncate(fd, offpos) == -1) { DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \ Error was %s. Password file may be corrupt ! Please examine by hand !\n", - newpwd->smb_name, strerror(errno))); + newpwd->nt_name, strerror(errno))); } endsmbfilepwent(fp); @@ -508,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n", static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) { /* Static buffers we will return. */ - static pstring user_name; + static pstring nt_name; char linebuf[256]; char readbuf[1024]; @@ -626,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) * As 256 is shorter than a pstring we don't need to check * length here - if this ever changes.... */ - strncpy(user_name, linebuf, PTR_DIFF(p, linebuf)); - user_name[PTR_DIFF(p, linebuf)] = '\0'; - if (strequal(user_name, pwd->smb_name)) { + strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf)); + nt_name[PTR_DIFF(p, linebuf)] = '\0'; + if (strequal(nt_name, pwd->nt_name)) { found_entry = True; break; } @@ -673,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) if (!override && (*p == '*' || *p == 'X')) { /* Password deliberately invalid - end here. */ - DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name)); + DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name)); file_unlock(lockfd, &pw_file_lock_depth); fclose(fp); return False; @@ -897,58 +769,19 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override) return True; } -/* - * Stub functions - implemented in terms of others. - */ - -static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override) -{ - return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override); -} - -static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd) -{ - return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd)); -} - -static struct sam_disp_info *getsmbfiledispnam(const char *name) -{ - return pwdb_sam_to_dispinfo(getsam21pwnam(name)); -} - -static struct sam_disp_info *getsmbfiledisprid(uint32 rid) -{ - return pwdb_sam_to_dispinfo(getsam21pwrid(rid)); -} - -static struct sam_disp_info *getsmbfiledispent(void *vp) -{ - return pwdb_sam_to_dispinfo(getsam21pwent(vp)); -} - -static struct passdb_ops file_ops = { +static struct smb_passdb_ops file_ops = { startsmbfilepwent, endsmbfilepwent, getsmbfilepwpos, setsmbfilepwpos, iterate_getsmbpwnam, /* In passdb.c */ iterate_getsmbpwuid, /* In passdb.c */ - iterate_getsmbpwrid, /* In passdb.c */ getsmbfilepwent, add_smbfilepwd_entry, - mod_smbfilepwd_entry, - getsmbfile21pwent, - iterate_getsam21pwnam, - iterate_getsam21pwuid, - iterate_getsam21pwrid, - add_smbfile21pwd_entry, - mod_smbfile21pwd_entry, - getsmbfiledispnam, - getsmbfiledisprid, - getsmbfiledispent + mod_smbfilepwd_entry }; -struct passdb_ops *file_initialise_password_db(void) +struct smb_passdb_ops *file_initialise_password_db(void) { return &file_ops; } diff --git a/source3/passdb/smbpasschange.c b/source3/passdb/smbpasschange.c index 1a3c100fa5..843cf4a815 100644 --- a/source3/passdb/smbpasschange.c +++ b/source3/passdb/smbpasschange.c @@ -31,9 +31,11 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account, { struct smb_passwd new_smb_pwent; + pwdb_init_smb(&new_smb_pwent); + /* Create a new smb passwd entry and set it to the given password. */ - new_smb_pwent.smb_userid = uid; - new_smb_pwent.smb_name = user_name; + new_smb_pwent.unix_uid = uid; + new_smb_pwent.nt_name = user_name; new_smb_pwent.smb_passwd = NULL; new_smb_pwent.smb_nt_passwd = NULL; new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL); diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c index 3723f9cf57..13963b8c0f 100644 --- a/source3/passdb/smbpassgroup.c +++ b/source3/passdb/smbpassgroup.c @@ -113,7 +113,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp, p = Atoic((char *) p, &uidval, ":"); pw_buf.smb_name = user_name; - pw_buf.smb_userid = uidval; + pw_buf.unix_uid = uidval; /* * Now get a list of alias RIDs diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c index d83196415c..26c6d6ff13 100644 --- a/source3/passdb/smbpassgroupunix.c +++ b/source3/passdb/smbpassgroupunix.c @@ -22,7 +22,7 @@ #ifdef USE_SMBUNIX_DB extern int DEBUGLEVEL; -extern DOM_SID global_member_sid; +extern DOM_SID global_sam_sid; /*************************************************************** Start to enumerate the smbpasswd list. Returns a void pointer @@ -31,7 +31,7 @@ extern DOM_SID global_member_sid; static void *startsmbunixgrpent(BOOL update) { - return startsmbfilepwent(False); + return startsmbpwent(False); } /*************************************************************** @@ -40,7 +40,7 @@ static void *startsmbunixgrpent(BOOL update) static void endsmbunixgrpent(void *vp) { - endsmbfilepwent(vp); + endsmbpwent(vp); } /************************************************************************* @@ -50,7 +50,7 @@ static void endsmbunixgrpent(void *vp) static SMB_BIG_UINT getsmbunixgrppos(void *vp) { - return getsmbfilepwpos(vp); + return getsmbpwpos(vp); } /************************************************************************* @@ -60,7 +60,7 @@ static SMB_BIG_UINT getsmbunixgrppos(void *vp) static BOOL setsmbunixgrppos(void *vp, SMB_BIG_UINT tok) { - return setsmbfilepwpos(vp, tok); + return setsmbpwpos(vp, tok); } /************************************************************************* @@ -71,11 +71,12 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, uint32 **als_rids, int *num_alss) { /* Static buffers we will return. */ - struct smb_passwd *pw_buf; - struct passwd *pw; + struct sam_passwd *pw_buf; + fstring unix_name; int i; int unixgrps; gid_t *grps; + BOOL failed = False; if (vp == NULL) { @@ -83,8 +84,15 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, return NULL; } - pw_buf = getsmbfilepwent(vp); + pw_buf = getsam21pwent(vp); + if (pw_buf == NULL) + { + return NULL; + } + + fstrcpy(unix_name, pw_buf->unix_name); + if (grp_rids != NULL) { (*grp_rids) = NULL; @@ -99,21 +107,14 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, if (als_rids == NULL && grp_rids == NULL) { - return pw_buf; + return pwdb_sam_to_smb(pw_buf); } /* * find all unix groups */ - pw = Get_Pwnam(pw_buf->smb_name, False); - - if (pw == NULL) - { - return NULL; - } - - if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps)) + if (get_unixgroups(unix_name, pw_buf->unix_uid, pw_buf->unix_gid, &unixgrps, &grps)) { return NULL; } @@ -122,10 +123,8 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, * check each unix group for a mapping as an nt alias or an nt group */ - for (i = 0; i < unixgrps; i++) + for (i = 0; i < unixgrps && !failed; i++) { - DOM_SID sid; - char *unix_grpname; uint32 rid; /* @@ -134,101 +133,80 @@ static struct smb_passwd *getsmbunixgrpent(void *vp, * (user or not our own domain will be an error). */ - unix_grpname = gidtoname(grps[i]); - if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL)) + DOM_NAME_MAP gmep; + + if (!lookupsmbgrpgid(grps[i], &gmep)) { - /* - * ok, the unix groupname is mapped to an alias. - * check that it is in our domain. - */ + continue; + } - sid_split_rid(&sid, &rid); - if (!sid_equal(&sid, &global_member_sid)) - { - pstring sid_str; - sid_to_string(sid_str, &sid); - DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Alias RID (0x%x) in another domain (%s)\n", - pw_buf->smb_name, unix_grpname, rid, sid_str)); - continue; - } + sid_split_rid(&gmep.sid, &rid); + if (!sid_equal(&global_sam_sid, &gmep.sid)) + { + continue; + } - if (add_num_to_list(als_rids, num_alss, rid) == NULL) + switch (gmep.type) + { + case SID_NAME_ALIAS: { - return NULL; + if (als_rids != NULL && add_num_to_list(als_rids, num_alss, rid) == NULL) + { + failed = True; + } + break; } - } - else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL)) - { - /* - * ok, the unix groupname is mapped to a domain group. - * check that it is in our domain. - */ - - sid_split_rid(&sid, &rid); - if (!sid_equal(&sid, &global_member_sid)) + case SID_NAME_DOM_GRP: + case SID_NAME_WKN_GRP: { - pstring sid_str; - sid_to_string(sid_str, &sid); - DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Group RID (0x%x) in another domain (%s)\n", - pw_buf->smb_name, unix_grpname, rid, sid_str)); - continue; + if (grp_rids != NULL && add_num_to_list(grp_rids, num_grps, rid) == NULL) + { + failed = True; + } + break; } - - if (add_num_to_list(grp_rids, num_grps, rid) == NULL) + default: { - return NULL; + break; } } - else if (lp_server_role() == ROLE_DOMAIN_MEMBER) + } + + if (failed) + { + if (grp_rids != NULL && (*grp_rids) != NULL) { - /* - * server is a member of a domain or stand-alone. - * name is not explicitly mapped - * so we are responsible for it. - * as a LOCAL group. - */ - - rid = pwdb_gid_to_alias_rid(grps[i]); - if (add_num_to_list(als_rids, num_alss, rid) == NULL) - { - return NULL; - } + free(*grp_rids); + (*num_grps) = 0; } - else if (lp_server_role() != ROLE_DOMAIN_NONE) + + if (als_rids != NULL && (*als_rids) != NULL) { - /* - * server is a PDC or BDC. - * name is explicitly mapped - * so we are responsible for it. - * as a DOMAIN group. - */ - - rid = pwdb_gid_to_group_rid(grps[i]); - if (add_num_to_list(grp_rids, num_grps, rid) == NULL) - { - return NULL; - } + free(*als_rids); + (*num_alss) = 0; } + + return NULL; } - return pw_buf; + return pwdb_sam_to_smb(pw_buf); } -static struct passgrp_ops file_ops = +static struct passgrp_ops smbunixgrp_ops = { startsmbunixgrpent, endsmbunixgrpent, getsmbunixgrppos, setsmbunixgrppos, - iterate_getsmbgrpnam, /* In passgrp.c */ + iterate_getsmbgrpntnam, /* In passgrp.c */ iterate_getsmbgrpuid, /* In passgrp.c */ iterate_getsmbgrprid, /* In passgrp.c */ - getsmbunixgrpent, + getsmbunixgrpent }; struct passgrp_ops *unix_initialise_password_grp(void) { - return &file_ops; + return &smbunixgrp_ops; } #else |