A nice *big* change to the fundemental way we do things.

Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...

This adds a getpwnam_alloc and a getpwuid_alloc to the collection.

These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).

This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.

With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code.  This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).

The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups.  In this case we are getting
groups from the new group mapping DB.  Do we still need to check for private
groups?  I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.

I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided.  As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).

The matching case for getpwent() is dealt with already, in lib/util_getent.c

Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup.  (This picks
up the SPNEGO cases).  The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.

TODO:  Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.

Andrew Bartlett
(This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)

4 files changed, 27 insertions, 12 deletions

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 92447b3766..f8d8d00287 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -770,12 +770,14 @@ BOOL local_sid_to_uid(uid_t *puid, DOM_SID *psid, enum SID_NAME_USE *name_type)
 	/*
 	 * Ensure this uid really does exist.
 	 */
-	if(!(pass = sys_getpwuid(*puid)))
+	if(!(pass = getpwuid_alloc(*puid)))
 		return False;
 
 	DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
 		(unsigned int)*puid, pass->pw_name ));
 
+	passwd_free(&pass);
+
 	*name_type = SID_NAME_USER;
 
 	return True;
@@ -1003,7 +1005,7 @@ BOOL local_password_change(const char *user_name, int local_flags,
 			 * Check for a local account - if we're adding only.
 			 */
 			
-			if(!(pwd = sys_getpwnam(user_name))) {
+			if(!(pwd = getpwnam_alloc(user_name))) {
 				slprintf(err_str, err_str_len - 1, "User %s does not \
 exist in system password file (usually /etc/passwd). Cannot add \
 account without a valid local system user.\n", user_name);
@@ -1016,9 +1018,11 @@ account without a valid local system user.\n", user_name);
 
 		if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sam_pass, pwd))){
 			slprintf(err_str, err_str_len-1, "Failed initialise SAM_ACCOUNT for user %s.\n", user_name);
+			passwd_free(&pwd);
 			return False;
 		}
-
+		
+		passwd_free(&pwd);
 	
 		if (local_flags & LOCAL_TRUST_ACCOUNT) {
 	        	if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST)) {
@@ -1154,13 +1158,15 @@ BOOL pdb_getsampwuid (SAM_ACCOUNT* user, uid_t uid)
 	 * and then lokup the user by name in the sam.
 	 */
 	 
-	if ((pw=sys_getpwuid(uid)) == NULL)  {
+	if ((pw=getpwuid_alloc(uid)) == NULL)  {
 		DEBUG(0,("pdb_getsampwuid: getpwuid(%d) return NULL. User does not exist in Unix accounts!\n", uid));
 		return False;
 	}
 	
 	fstrcpy (name, pw->pw_name);
 
+	passwd_free(&pw);
+
 	return pdb_getsampwnam (user, name);
 
 }
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index c4ff5cca9c..b687f494cc 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -499,7 +499,7 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass,
 	/* These values MAY be in LDAP, but they can also be retrieved through 
 	 *  sys_getpw*() which is how we're doing it 
 	 */
-	sys_user = sys_getpwnam(username);
+	sys_user = getpwnam_alloc(username);
 	if (sys_user == NULL) {
 		DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username));
 		return False;
@@ -524,6 +524,11 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass,
 	if (acct_ctrl == 0)
 		acct_ctrl |= ACB_NORMAL;
 
+	pdb_set_uid(sampass, sys_user->pw_uid);
+	pdb_set_gid(sampass, sys_user->pw_gid);
+	
+	/* We are done with this now */
+	passwd_free(&sys_user);
 
 	pdb_set_acct_ctrl(sampass, acct_ctrl);
 	pdb_set_logon_time(sampass, logon_time);
@@ -536,8 +541,6 @@ static BOOL init_sam_from_ldap (SAM_ACCOUNT * sampass,
 	pdb_set_hours_len(sampass, hours_len);
 	pdb_set_logon_divs(sampass, logon_divs);
 
-	pdb_set_uid(sampass, sys_user->pw_uid);
-	pdb_set_gid(sampass, sys_user->pw_gid);
 	pdb_set_user_rid(sampass, user_rid);
 	pdb_set_group_rid(sampass, group_rid);
 
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 3d81c0c457..a464312ad6 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -34,7 +34,7 @@
 struct smb_passwd
 {
         uid_t smb_userid;     /* this is actually the unix uid_t */
-        char *smb_name;     /* username string */
+        const char *smb_name;     /* username string */
 
         const unsigned char *smb_passwd; /* Null if no password */
         const unsigned char *smb_nt_passwd; /* Null if no password */
@@ -1149,7 +1149,7 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas
 	ZERO_STRUCTP(smb_pw);
 
 	smb_pw->smb_userid=uid;
-	smb_pw->smb_name=(char*)pdb_get_username(sampass);
+	smb_pw->smb_name=(const char*)pdb_get_username(sampass);
 
 	smb_pw->smb_passwd=pdb_get_lanman_passwd(sampass);
 	smb_pw->smb_nt_passwd=pdb_get_nt_passwd(sampass);
@@ -1200,7 +1200,7 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw
 	   FIXME!!!  This is where we should look up an internal
 	   mapping of allocated uid for machine accounts as well 
 	   --jerry */ 
-	pwfile = sys_getpwnam(pw_buf->smb_name);
+	pwfile = getpwnam_alloc(pw_buf->smb_name);
 	if (pwfile == NULL) {
 		DEBUG(0,("build_sam_account: smbpasswd database is corrupt!  username %s not in unix passwd database!\n", pw_buf->smb_name));
 		return False;
@@ -1268,6 +1268,8 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw
 		/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
 		/*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */
 	}
+
+	passwd_free(&pwfile);
 	
 	return True;
 }
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 90976b3fef..1f234edc93 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -469,7 +469,7 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
 	/* validate the account and fill in UNIX uid and gid.  sys_getpwnam()
 	   is used instaed of Get_Pwnam() as we do not need to try case
 	   permutations */
-	if ((pw=sys_getpwnam(pdb_get_username(user))) == NULL) {
+	if ((pw=getpwnam_alloc(pdb_get_username(user))) == NULL) {
 		DEBUG(0,("pdb_getsampwent: getpwnam(%s) return NULL.  User does not exist!\n", 
 		          pdb_get_username(user)));
 		return False;
@@ -480,6 +480,8 @@ BOOL pdb_getsampwent(SAM_ACCOUNT *user)
 	pdb_set_uid(user, uid);
 	pdb_set_gid(user, gid);
 
+	passwd_free(&pw);
+
 	/* 21 days from present */
 	pdb_set_pass_must_change_time(user, time(NULL)+1814400);
 
@@ -564,7 +566,7 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, const char *sname)
 	/* validate the account and fill in UNIX uid and gid.  sys_getpwnam()
 	   is used instead of Get_Pwnam() as we do not need to try case
 	   permutations */
-	if ((pw=sys_getpwnam(pdb_get_username(user)))) {
+	if ((pw=getpwnam_alloc(pdb_get_username(user)))) {
 		uid = pw->pw_uid;
 		gid = pw->pw_gid;
 		pdb_set_uid(user, uid);
@@ -590,6 +592,8 @@ BOOL pdb_getsampwnam (SAM_ACCOUNT *user, const char *sname)
 		return False;
 	}
 
+	passwd_free(&pw);
+
 	return True;
 }