summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorLuke Leighton <lkcl@samba.org>1998-11-29 20:03:33 +0000
committerLuke Leighton <lkcl@samba.org>1998-11-29 20:03:33 +0000
commit30038de4623bc827ee8019c569faf00583d1fe58 (patch)
tree1308b8cf5fdf8dcfa27d132015be4a187539a24f /source3/passdb
parent534e6a2e1b22c1f40d8ba98300baff2c7e473aef (diff)
downloadsamba-30038de4623bc827ee8019c569faf00583d1fe58.tar.gz
samba-30038de4623bc827ee8019c569faf00583d1fe58.tar.bz2
samba-30038de4623bc827ee8019c569faf00583d1fe58.zip
weekend work. user / group database API.
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/ldap.c10
-rw-r--r--source3/passdb/nispass.c12
-rw-r--r--source3/passdb/passdb.c636
-rw-r--r--source3/passdb/passgrp.c48
-rw-r--r--source3/passdb/smbpass.c225
-rw-r--r--source3/passdb/smbpasschange.c6
-rw-r--r--source3/passdb/smbpassgroup.c2
-rw-r--r--source3/passdb/smbpassgroupunix.c150
8 files changed, 209 insertions, 880 deletions
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index 270616fbcf..5e196889ca 100644
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -254,7 +254,7 @@ static void ldap_get_smb_passwd(LDAP *ldap_struct,LDAPMessage *entry,
get_single_attribute(ldap_struct, entry, "rid", temp);
/* the smb (unix) ids are not stored: they are created */
- user->smb_userid = pwdb_user_rid_to_uid (atoi(temp));
+ user->unix_uid = pwdb_user_rid_to_uid (atoi(temp));
if (user->acct_ctrl & (ACB_DOMTRUST|ACB_WSTRUST|ACB_SVRTRUST) )
{
@@ -347,7 +347,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
user->group_rid = atoi(temp);
/* the smb (unix) ids are not stored: they are created */
- user->smb_userid = pw_buf.smb_userid;
+ user->unix_uid = pw_buf.unix_uid;
user->smb_grpid = group_rid_to_uid(user->group_rid);
user->acct_ctrl = pw_buf.acct_ctrl;
@@ -553,7 +553,7 @@ static BOOL modadd_ldappwd_entry(struct smb_passwd *newpwd, int flag)
}
slprintf(nthash, sizeof(nthash)-1, "%s", temp);
- slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->smb_userid) );
+ slprintf(rid, sizeof(rid)-1, "%d", uid_to_user_rid(newpwd->unix_uid) );
slprintf(lst, sizeof(lst)-1, "%08X", newpwd->pass_last_set_time);
mods = NULL;
@@ -925,9 +925,9 @@ static struct smb_passwd *getldappwnam(char *name)
return pwdb_sam_to_smb(iterate_getsam21pwnam(name));
}
-static struct smb_passwd *getldappwuid(uid_t smb_userid)
+static struct smb_passwd *getldappwuid(uid_t unix_uid)
{
- return pwdb_sam_to_smb(iterate_getsam21pwuid(smb_userid));
+ return pwdb_sam_to_smb(iterate_getsam21pwuid(unix_uid));
}
static struct smb_passwd *getldappwrid(uint32 user_rid)
diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c
index 58257d5b2d..f554958ade 100644
--- a/source3/passdb/nispass.c
+++ b/source3/passdb/nispass.c
@@ -371,7 +371,7 @@ static BOOL add_nisp21pwd_entry(struct sam_passwd *newpwd)
pwdb_set_can_change_time (pwdlchg_t, sizeof(pwdlchg_t), newpwd->pass_can_change_time );
pwdb_set_must_change_time(pwdmchg_t, sizeof(pwdmchg_t), newpwd->pass_must_change_time);
- slprintf(uid, sizeof(uid), "%u", newpwd->smb_userid);
+ slprintf(uid, sizeof(uid), "%u", newpwd->unix_uid);
slprintf(user_rid, sizeof(user_rid), "0x%x", newpwd->user_rid);
slprintf(smb_grpid, sizeof(smb_grpid), "%u", newpwd->smb_grpid);
slprintf(group_rid, sizeof(group_rid), "0x%x", newpwd->group_rid);
@@ -500,7 +500,7 @@ static BOOL make_sam_from_nisp(struct sam_passwd *pw_buf, nis_result *result)
uidval = atoi(ENTRY_VAL(obj, NPF_UID));
pw_buf->smb_name = user_name;
- pw_buf->smb_userid = uidval;
+ pw_buf->unix_uid = uidval;
pw_buf->smb_passwd = smbpwd;
pw_buf->smb_nt_passwd = smbntpwd;
@@ -621,9 +621,9 @@ static struct smb_passwd *getnisppwnam(char *name)
return pwdb_sam_to_smb(getnisp21pwnam(name));
}
-static struct sam_passwd *getnisp21pwuid(uid_t smb_userid)
+static struct sam_passwd *getnisp21pwuid(uid_t unix_uid)
{
- return getnisp21pwrid(pwdb_uid_to_user_rid(smb_userid));
+ return getnisp21pwrid(pwdb_uid_to_user_rid(unix_uid));
}
static struct smb_passwd *getnisppwrid(uid_t user_rid)
@@ -631,9 +631,9 @@ static struct smb_passwd *getnisppwrid(uid_t user_rid)
return pwdb_sam_to_smb(getnisp21pwuid(pwdb_user_rid_to_uid(user_rid)));
}
-static struct smb_passwd *getnisppwuid(uid_t smb_userid)
+static struct smb_passwd *getnisppwuid(uid_t unix_uid)
{
- return pwdb_sam_to_smb(getnisp21pwuid(smb_userid));
+ return pwdb_sam_to_smb(getnisp21pwuid(unix_uid));
}
static struct sam_disp_info *getnispdispnam(char *name)
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 70c7f1fc9c..4dc945ff31 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -24,6 +24,7 @@
#include "nterr.h"
extern int DEBUGLEVEL;
+extern DOM_SID global_sam_sid;
/*
* NOTE. All these functions are abstracted into a structure
@@ -52,7 +53,7 @@ extern int DEBUGLEVEL;
*
*/
-static struct passdb_ops *pwdb_ops;
+static struct smb_passdb_ops *pwdb_ops;
/***************************************************************
Initialise the password db operations.
@@ -81,25 +82,16 @@ BOOL initialise_password_db(void)
*/
/************************************************************************
- Utility function to search smb passwd by rid.
-*************************************************************************/
-
-struct smb_passwd *iterate_getsmbpwrid(uint32 user_rid)
-{
- return iterate_getsmbpwuid(pwdb_user_rid_to_uid(user_rid));
-}
-
-/************************************************************************
Utility function to search smb passwd by uid. use this if your database
does not have search facilities.
*************************************************************************/
-struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid)
+struct smb_passwd *iterate_getsmbpwuid(uid_t unix_uid)
{
struct smb_passwd *pwd = NULL;
void *fp = NULL;
- DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
+ DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid));
/* Open the smb password database - not for update. */
fp = startsmbpwent(False);
@@ -110,13 +102,13 @@ struct smb_passwd *iterate_getsmbpwuid(uid_t smb_userid)
return NULL;
}
- while ((pwd = getsmbpwent(fp)) != NULL && pwd->smb_userid != smb_userid)
+ while ((pwd = getsmbpwent(fp)) != NULL && pwd->unix_uid != unix_uid)
{
}
if (pwd != NULL)
{
- DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
+ DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid));
}
endsmbpwent(fp);
@@ -144,9 +136,9 @@ struct smb_passwd *iterate_getsmbpwnam(const char *name)
return NULL;
}
- while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->smb_name, name))
+ while ((pwd = getsmbpwent(fp)) != NULL && !strequal(pwd->unix_name, name))
{
- DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->smb_userid));
+ DEBUG(10, ("iterate: %s 0x%x\n", pwd->unix_name, pwd->unix_uid));
}
if (pwd != NULL)
@@ -189,13 +181,23 @@ void endsmbpwent(void *vp)
pwdb_ops->endsmbpwent(vp);
}
+SMB_BIG_UINT getsmbpwpos(void *vp)
+{
+ return pwdb_ops->getsmbpwpos(vp);
+}
+
+BOOL setsmbpwpos(void *vp, SMB_BIG_UINT tok)
+{
+ return pwdb_ops->setsmbpwpos(vp, tok);
+}
+
/*************************************************************************
Routine to return the next entry in the smb passwd list.
*************************************************************************/
struct smb_passwd *getsmbpwent(void *vp)
{
- return pwdb_ops->getsmbpwent(vp);
+ return pwdb_smb_map_names(pwdb_ops->getsmbpwent(vp));
}
/************************************************************************
@@ -204,7 +206,7 @@ struct smb_passwd *getsmbpwent(void *vp)
BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
{
- return pwdb_ops->add_smbpwd_entry(newpwd);
+ return pwdb_ops->add_smbpwd_entry(pwdb_smb_map_names(newpwd));
}
/************************************************************************
@@ -218,7 +220,7 @@ BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
{
- return pwdb_ops->mod_smbpwd_entry(pwd, override);
+ return pwdb_ops->mod_smbpwd_entry(pwdb_smb_map_names(pwd), override);
}
/************************************************************************
@@ -227,604 +229,94 @@ BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)
struct smb_passwd *getsmbpwnam(const char *name)
{
- return pwdb_ops->getsmbpwnam(name);
-}
-
-/************************************************************************
- Routine to search smb passwd by user rid.
-*************************************************************************/
-
-struct smb_passwd *getsmbpwrid(uint32 user_rid)
-{
- return pwdb_ops->getsmbpwrid(user_rid);
+ return pwdb_smb_map_names(pwdb_ops->getsmbpwnam(name));
}
/************************************************************************
Routine to search smb passwd by uid.
*************************************************************************/
-struct smb_passwd *getsmbpwuid(uid_t smb_userid)
-{
- return pwdb_ops->getsmbpwuid(smb_userid);
-}
-
-/*
- * Functions that manupulate a struct sam_passwd.
- */
-
-/************************************************************************
- Utility function to search sam passwd by name. use this if your database
- does not have search facilities.
-*************************************************************************/
-
-struct sam_passwd *iterate_getsam21pwnam(const char *name)
-{
- struct sam_passwd *pwd = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by name: %s\n", name));
-
- /* Open the smb password database - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open sam password database.\n"));
- return NULL;
- }
-
- while ((pwd = getsam21pwent(fp)) != NULL && !strequal(pwd->smb_name, name))
- {
- DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
- }
-
- if (pwd != NULL)
- {
- DEBUG(10, ("found by name: %s\n", name));
- }
-
- endsmbpwent(fp);
- return pwd;
-}
-
-/************************************************************************
- Utility function to search sam passwd by rid. use this if your database
- does not have search facilities.
-
- search capability by both rid and uid are needed as the rid <-> uid
- mapping may be non-monotonic.
-
-*************************************************************************/
-
-struct sam_passwd *iterate_getsam21pwrid(uint32 rid)
-{
- struct sam_passwd *pwd = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by rid: %x\n", rid));
-
- /* Open the smb password file - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open sam password database.\n"));
- return NULL;
- }
-
- while ((pwd = getsam21pwent(fp)) != NULL && pwd->user_rid != rid)
- {
- DEBUG(10, ("iterate: %s 0x%x\n", pwd->smb_name, pwd->user_rid));
- }
-
- if (pwd != NULL)
- {
- DEBUG(10, ("found by user_rid: %x\n", rid));
- }
-
- endsmbpwent(fp);
- return pwd;
-}
-
-/************************************************************************
- Utility function to search sam passwd by uid. use this if your database
- does not have search facilities.
-
- search capability by both rid and uid are needed as the rid <-> uid
- mapping may be non-monotonic.
-
-*************************************************************************/
-
-struct sam_passwd *iterate_getsam21pwuid(uid_t uid)
-{
- struct sam_passwd *pwd = NULL;
- void *fp = NULL;
-
- DEBUG(10, ("search by uid: %x\n", (int)uid));
-
- /* Open the smb password file - not for update. */
- fp = startsmbpwent(False);
-
- if (fp == NULL)
- {
- DEBUG(0, ("unable to open sam password database.\n"));
- return NULL;
- }
-
- while ((pwd = getsam21pwent(fp)) != NULL && pwd->smb_userid != uid)
- {
- }
-
- if (pwd != NULL)
- {
- DEBUG(10, ("found by smb_userid: %x\n", (int)uid));
- }
-
- endsmbpwent(fp);
- return pwd;
-}
-
-/*************************************************************************
- Routine to return a display info structure, by rid
- *************************************************************************/
-struct sam_disp_info *getsamdisprid(uint32 rid)
-{
- return pwdb_ops->getsamdisprid(rid);
-}
-
-/*************************************************************************
- Routine to return the next entry in the sam passwd list.
- *************************************************************************/
-
-struct sam_passwd *getsam21pwent(void *vp)
-{
- return pwdb_ops->getsam21pwent(vp);
-}
-
-
-/************************************************************************
- Routine to search sam passwd by name.
-*************************************************************************/
-
-struct sam_passwd *getsam21pwnam(const char *name)
-{
- return pwdb_ops->getsam21pwnam(name);
-}
-
-/************************************************************************
- Routine to search sam passwd by rid.
-*************************************************************************/
-
-struct sam_passwd *getsam21pwrid(uint32 rid)
+struct smb_passwd *getsmbpwuid(uid_t unix_uid)
{
- return pwdb_ops->getsam21pwrid(rid);
-}
-
-
-/**********************************************************
- **********************************************************
-
- utility routines which are likely to be useful to all password
- databases
-
- **********************************************************
- **********************************************************/
-
-/*************************************************************
- initialises a struct sam_disp_info.
- **************************************************************/
-
-static void pwdb_init_dispinfo(struct sam_disp_info *user)
-{
- if (user == NULL) return;
- bzero(user, sizeof(*user));
+ return pwdb_smb_map_names(pwdb_ops->getsmbpwuid(unix_uid));
}
/*************************************************************
initialises a struct smb_passwd.
**************************************************************/
-
void pwdb_init_smb(struct smb_passwd *user)
{
if (user == NULL) return;
bzero(user, sizeof(*user));
user->pass_last_set_time = (time_t)-1;
+ user->unix_uid = (uid_t)-1;
+ user->user_rid = 0xffffffff;
}
/*************************************************************
- initialises a struct sam_passwd.
+ fills in missing details. one set of details _must_ exist.
**************************************************************/
-void pwdb_init_sam(struct sam_passwd *user)
-{
- if (user == NULL) return;
- bzero(user, sizeof(*user));
- user->logon_time = (time_t)-1;
- user->logoff_time = (time_t)-1;
- user->kickoff_time = (time_t)-1;
- user->pass_last_set_time = (time_t)-1;
- user->pass_can_change_time = (time_t)-1;
- user->pass_must_change_time = (time_t)-1;
-}
-
-/*************************************************************************
- Routine to return the next entry in the sam passwd list.
- *************************************************************************/
-
-struct sam_disp_info *pwdb_sam_to_dispinfo(struct sam_passwd *user)
-{
- static struct sam_disp_info disp_info;
-
- if (user == NULL) return NULL;
-
- pwdb_init_dispinfo(&disp_info);
-
- disp_info.smb_name = user->smb_name;
- disp_info.full_name = user->full_name;
- disp_info.user_rid = user->user_rid;
-
- return &disp_info;
-}
-
-/*************************************************************
- converts a sam_passwd structure to a smb_passwd structure.
- **************************************************************/
-
-struct smb_passwd *pwdb_sam_to_smb(struct sam_passwd *user)
+struct smb_passwd *pwdb_smb_map_names(struct smb_passwd *smb)
{
- static struct smb_passwd pw_buf;
+ DOM_NAME_MAP gmep;
+ BOOL found = False;
+ DOM_SID sid;
+ static fstring unix_name;
+ static fstring nt_name;
- if (user == NULL) return NULL;
+ DEBUG(10,("pwdb_smb_map_names\n"));
- pwdb_init_smb(&pw_buf);
-
- pw_buf.smb_userid = user->smb_userid;
- pw_buf.smb_name = user->smb_name;
- pw_buf.smb_passwd = user->smb_passwd;
- pw_buf.smb_nt_passwd = user->smb_nt_passwd;
- pw_buf.acct_ctrl = user->acct_ctrl;
- pw_buf.pass_last_set_time = user->pass_last_set_time;
-
- return &pw_buf;
-}
-
-
-/*************************************************************
- converts a smb_passwd structure to a sam_passwd structure.
- **************************************************************/
-
-struct sam_passwd *pwdb_smb_to_sam(struct smb_passwd *user)
-{
- static struct sam_passwd pw_buf;
-
- if (user == NULL) return NULL;
-
- pwdb_init_sam(&pw_buf);
-
- pw_buf.smb_userid = user->smb_userid;
- pw_buf.smb_name = user->smb_name;
- pw_buf.smb_passwd = user->smb_passwd;
- pw_buf.smb_nt_passwd = user->smb_nt_passwd;
- pw_buf.acct_ctrl = user->acct_ctrl;
- pw_buf.pass_last_set_time = user->pass_last_set_time;
-
- return &pw_buf;
-}
-
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *pwdb_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
- static fstring acct_str;
- size_t i = 0;
-
- acct_str[i++] = '[';
-
- if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
- if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
- for ( ; i < length - 2 ; i++ )
+ if (smb == NULL)
{
- acct_str[i] = ' ';
+ return NULL;
}
- i = length - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
-
- return acct_str;
-}
-
-/**********************************************************
- Decode the account control bits from a string.
-
- this function breaks coding standards minimum line width of 80 chars.
- reason: vertical line-up code clarity - all case statements fit into
- 15 lines, which is more important.
- **********************************************************/
-
-uint16 pwdb_decode_acct_ctrl(const char *p)
-{
- uint16 acct_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[') return 0;
-
- for (p++; *p && !finished; p++)
+ if (smb->unix_name == NULL && smb->nt_name == NULL &&
+ smb->unix_uid == (uid_t)-1 && smb->user_rid == 0xffffffff)
{
- switch (*p)
- {
- case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
- case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
- case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
- case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
- case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
- case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
- case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
- case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
- case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
- case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
- case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
+ return NULL;
}
- return acct_ctrl;
-}
-
-/*******************************************************************
- gets password-database-format time from a string.
- ********************************************************************/
-
-static time_t get_time_from_string(const char *p)
-{
- int i;
-
- for (i = 0; i < 8; i++)
+ if (!found && smb->unix_name != NULL)
{
- if (p[i] == '\0' || !isxdigit((int)(p[i]&0xFF)))
- {
- break;
- }
+ found = lookupsmbpwnam(smb->unix_name, &gmep);
}
- if (i == 8)
+ if (!found && smb->unix_uid != (uid_t)-1)
{
- /*
- * p points at 8 characters of hex digits -
- * read into a time_t as the seconds since
- * 1970 that the password was last changed.
- */
- return (time_t)strtol(p, NULL, 16);
+ found = lookupsmbpwuid(smb->unix_uid , &gmep);
}
- return (time_t)-1;
-}
-
-/*******************************************************************
- gets password last set time
- ********************************************************************/
-time_t pwdb_get_last_set_time(const char *p)
-{
- if (*p && StrnCaseCmp(p, "LCT-", 4))
+ if (!found)
{
- return get_time_from_string(p + 4);
+ sid_copy(&sid, &global_sam_sid);
+ sid_append_rid(&sid, smb->user_rid);
}
- return (time_t)-1;
-}
-
-
-/*******************************************************************
- sets password-database-format time in a string.
- ********************************************************************/
-static void set_time_in_string(char *p, int max_len, char *type, time_t t)
-{
- slprintf(p, max_len, ":%s-%08X:", type, (uint32)t);
-}
-
-/*******************************************************************
- sets logon time
- ********************************************************************/
-void pwdb_set_logon_time(char *p, int max_len, time_t t)
-{
- set_time_in_string(p, max_len, "LNT", t);
-}
-
-/*******************************************************************
- sets logoff time
- ********************************************************************/
-void pwdb_set_logoff_time(char *p, int max_len, time_t t)
-{
- set_time_in_string(p, max_len, "LOT", t);
-}
-
-/*******************************************************************
- sets kickoff time
- ********************************************************************/
-void pwdb_set_kickoff_time(char *p, int max_len, time_t t)
-{
- set_time_in_string(p, max_len, "KOT", t);
-}
-
-/*******************************************************************
- sets password can change time
- ********************************************************************/
-void pwdb_set_can_change_time(char *p, int max_len, time_t t)
-{
- set_time_in_string(p, max_len, "CCT", t);
-}
-
-/*******************************************************************
- sets password last set time
- ********************************************************************/
-void pwdb_set_must_change_time(char *p, int max_len, time_t t)
-{
- set_time_in_string(p, max_len, "MCT", t);
-}
-
-/*******************************************************************
- sets password last set time
- ********************************************************************/
-void pwdb_set_last_set_time(char *p, int max_len, time_t t)
-{
- set_time_in_string(p, max_len, "LCT", t);
-}
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-void pwdb_sethexpwd(char *p, const char *pwd, uint16 acct_ctrl)
-{
- if (pwd != NULL)
+ if (!found && smb->user_rid != 0xffffffff)
{
- int i;
- for (i = 0; i < 16; i++)
- {
- slprintf(&p[i*2], 33, "%02X", pwd[i]);
- }
+ found = lookupsmbpwsid (&sid , &gmep);
}
- else
+ if (!found && smb->nt_name != NULL)
{
- if (IS_BITS_SET_ALL(acct_ctrl, ACB_PWNOTREQ))
- {
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- }
- else
- {
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
+ found = lookupsmbpwntnam(smb->nt_name, &gmep);
}
-}
-
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-BOOL pwdb_gethexpwd(const char *p, char *pwd)
-{
- return strhex_to_str(pwd, 32, p) == 16;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
- uid_t uid = (uid_t)(((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER);
- return uid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uint32 pwdb_uid_to_user_rid(uid_t uid)
-{
- uint32 user_rid = (((((uint32)uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
- return user_rid;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uint32 pwdb_gid_to_group_rid(gid_t gid)
-{
- uint32 grp_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
- return grp_rid;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-gid_t pwdb_group_rid_to_gid(uint32 group_rid)
-{
- gid_t gid = (gid_t)(((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER);
- return gid;
-}
-
-/*******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-uint32 pwdb_gid_to_alias_rid(gid_t gid)
-{
- uint32 alias_rid = (((((uint32)gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
- return alias_rid;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-gid_t pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
- gid_t gid = (gid_t)(((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER);
- return gid;
-}
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
- return (rid < 1000);
-}
+ if (!found)
+ {
+ return NULL;
+ }
-/*******************************************************************
- determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type: SID_ENUM_TYPE.
- */
- if (pwdb_rid_is_well_known(rid))
+ if (!sid_front_equal(&global_sam_sid, &gmep.sid))
{
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- {
- return RID_TYPE_USER;
- }
- if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
- {
- return RID_TYPE_GROUP;
- }
- if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
- {
- return RID_TYPE_ALIAS;
- }
+ return NULL;
}
- return (rid & RID_TYPE_MASK);
-}
-/*******************************************************************
- checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
- return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
+ fstrcpy(unix_name, gmep.unix_name);
+ fstrcpy(nt_name , gmep.nt_name );
+ if (smb->unix_name == NULL ) smb->unix_name = unix_name;
+ if (smb->nt_name == NULL ) smb->nt_name = nt_name ;
+ if (smb->unix_uid == (uid_t)-1 ) smb->unix_uid = (uid_t)gmep.unix_id;
+ if (smb->user_rid == 0xffffffff) sid_split_rid(&gmep.sid, &smb->user_rid);
+ return smb;
+}
diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c
index f626dd978a..41b01a1a49 100644
--- a/source3/passdb/passgrp.c
+++ b/source3/passdb/passgrp.c
@@ -72,8 +72,30 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
- return iterate_getsmbgrpuid(pwdb_user_rid_to_uid(user_rid),
- grps, num_grps, alss, num_alss);
+ struct smb_passwd *pwd = NULL;
+ void *fp = NULL;
+
+ DEBUG(10, ("search by user_rid: 0x%x\n", user_rid));
+
+ /* Open the smb password database - not for update. */
+ fp = startsmbgrpent(False);
+
+ if (fp == NULL)
+ {
+ DEBUG(0, ("unable to open smb passgrp database.\n"));
+ return NULL;
+ }
+
+ while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->user_rid != user_rid)
+ ;
+
+ if (pwd != NULL)
+ {
+ DEBUG(10, ("found by user_rid: 0x%x\n", user_rid));
+ }
+
+ endsmbgrpent(fp);
+ return pwd;
}
/************************************************************************
@@ -81,14 +103,14 @@ struct smb_passwd *iterate_getsmbgrprid(uint32 user_rid,
does not have search facilities.
*************************************************************************/
-struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
+struct smb_passwd *iterate_getsmbgrpuid(uid_t unix_uid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
struct smb_passwd *pwd = NULL;
void *fp = NULL;
- DEBUG(10, ("search by smb_userid: %x\n", (int)smb_userid));
+ DEBUG(10, ("search by unix_uid: %x\n", (int)unix_uid));
/* Open the smb password database - not for update. */
fp = startsmbgrpent(False);
@@ -99,12 +121,12 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
return NULL;
}
- while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->smb_userid != smb_userid)
+ while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && pwd->unix_uid != unix_uid)
;
if (pwd != NULL)
{
- DEBUG(10, ("found by smb_userid: %x\n", (int)smb_userid));
+ DEBUG(10, ("found by unix_uid: %x\n", (int)unix_uid));
}
endsmbgrpent(fp);
@@ -116,12 +138,14 @@ struct smb_passwd *iterate_getsmbgrpuid(uid_t smb_userid,
does not have search facilities.
*************************************************************************/
-struct smb_passwd *iterate_getsmbgrpnam(char *name,
+struct smb_passwd *iterate_getsmbgrpntnam(const char *nt_name,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
struct smb_passwd *pwd = NULL;
+ fstring name;
void *fp = NULL;
+ fstrcpy(name, nt_name);
DEBUG(10, ("search by name: %s\n", name));
@@ -134,7 +158,7 @@ struct smb_passwd *iterate_getsmbgrpnam(char *name,
return NULL;
}
- while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->smb_name, name))
+ while ((pwd = getsmbgrpent(fp, grps, num_grps, alss, num_alss)) != NULL && !strequal(pwd->nt_name, name))
;
if (pwd != NULL)
@@ -192,11 +216,11 @@ struct smb_passwd *getsmbgrpent(void *vp,
Routine to search smb passwd by name.
*************************************************************************/
-struct smb_passwd *getsmbgrpnam(char *name,
+struct smb_passwd *getsmbgrpntnam(char *name,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
- return pwgrp_ops->getsmbgrpnam(name, grps, num_grps, alss, num_alss);
+ return pwgrp_ops->getsmbgrpntnam(name, grps, num_grps, alss, num_alss);
}
/************************************************************************
@@ -214,10 +238,10 @@ struct smb_passwd *getsmbgrprid(uint32 user_rid,
Routine to search smb passwd by uid.
*************************************************************************/
-struct smb_passwd *getsmbgrpuid(uid_t smb_userid,
+struct smb_passwd *getsmbgrpuid(uid_t unix_uid,
uint32 **grps, int *num_grps,
uint32 **alss, int *num_alss)
{
- return pwgrp_ops->getsmbgrpuid(smb_userid, grps, num_grps, alss, num_alss);
+ return pwgrp_ops->getsmbgrpuid(unix_uid, grps, num_grps, alss, num_alss);
}
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 262ffa3e2e..0de09e6085 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -23,8 +23,6 @@
static int pw_file_lock_depth = 0;
extern int DEBUGLEVEL;
-extern pstring samlogon_user;
-extern BOOL sam_logon_in_ssb;
static char s_readbuf[1024];
@@ -33,7 +31,7 @@ static char s_readbuf[1024];
to ensure no modification outside this module.
****************************************************************/
-void *startsmbfilepwent(BOOL update)
+static void *startsmbfilepwent(BOOL update)
{
return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf),
&pw_file_lock_depth, update);
@@ -43,7 +41,7 @@ void *startsmbfilepwent(BOOL update)
End enumeration of the smbpasswd list.
****************************************************************/
-void endsmbfilepwent(void *vp)
+static void endsmbfilepwent(void *vp)
{
endfilepwent(vp, &pw_file_lock_depth);
}
@@ -53,7 +51,7 @@ void endsmbfilepwent(void *vp)
This must be treated as an opaque token.
*************************************************************************/
-SMB_BIG_UINT getsmbfilepwpos(void *vp)
+static SMB_BIG_UINT getsmbfilepwpos(void *vp)
{
return getfilepwpos(vp);
}
@@ -63,7 +61,7 @@ SMB_BIG_UINT getsmbfilepwpos(void *vp)
This must be treated as an opaque token.
*************************************************************************/
-BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
+static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
{
return setfilepwpos(vp, tok);
}
@@ -71,14 +69,13 @@ BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
/*************************************************************************
Routine to return the next entry in the smbpasswd list.
*************************************************************************/
-struct smb_passwd *getsmbfilepwent(void *vp)
+static struct smb_passwd *getsmbfilepwent(void *vp)
{
/* Static buffers we will return. */
static struct smb_passwd pw_buf;
- static pstring user_name;
+ static pstring nt_name;
static unsigned char smbpwd[16];
static unsigned char smbntpwd[16];
- struct passwd *pwfile;
char linebuf[256];
char *p;
int uidval;
@@ -118,7 +115,7 @@ struct smb_passwd *getsmbfilepwent(void *vp)
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
- p = strncpyn(user_name, linebuf, sizeof(user_name), ':');
+ p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':');
/* Go past ':' */
p++;
@@ -127,8 +124,8 @@ struct smb_passwd *getsmbfilepwent(void *vp)
p = Atoic( p, &uidval, ":");
- pw_buf.smb_name = user_name;
- pw_buf.smb_userid = uidval;
+ pw_buf.nt_name = nt_name;
+ pw_buf.unix_uid = uidval;
/*
* Now get the password value - this should be 32 hex digits
@@ -142,7 +139,7 @@ struct smb_passwd *getsmbfilepwent(void *vp)
if (*p == '*' || *p == 'X')
{
/* Password deliberately invalid - end here. */
- DEBUG(10, ("getsmbfilepwent: entry invalidated for user %s\n", user_name));
+ DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name));
pw_buf.smb_nt_passwd = NULL;
pw_buf.smb_passwd = NULL;
pw_buf.acct_ctrl |= ACB_DISABLED;
@@ -197,8 +194,8 @@ struct smb_passwd *getsmbfilepwent(void *vp)
p += 33;
}
- DEBUG(5,("getsmbfilepwent: returning passwd entry for user %s, uid %d\n",
- user_name, uidval));
+ DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n",
+ nt_name, uidval));
if (*p == '[')
{
@@ -229,21 +226,13 @@ struct smb_passwd *getsmbfilepwent(void *vp)
* password file as 'normal accounts'. If this changes
* we will have to fix this code. JRA.
*/
- if (pw_buf.smb_name[strlen(pw_buf.smb_name) - 1] == '$')
+ if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$')
{
pw_buf.acct_ctrl &= ~ACB_NORMAL;
pw_buf.acct_ctrl |= ACB_WSTRUST;
}
}
- pwfile = Get_Pwnam(pw_buf.smb_name, False);
- if (pwfile == NULL)
- {
- DEBUG(0,("getsmbfilepwent: smbpasswd database is corrupt!\n"));
- DEBUG(0,("getsmbfilepwent: username %s not in unix passwd database!\n", pw_buf.smb_name));
- return NULL;
- }
-
return &pw_buf;
}
@@ -251,123 +240,6 @@ struct smb_passwd *getsmbfilepwent(void *vp)
return NULL;
}
-/*************************************************************************
- Routine to return the next entry in the smbpasswd list.
- this function is a nice, messy combination of reading:
- - the smbpasswd file
- - the unix password database
- - smb.conf options (not done at present).
- *************************************************************************/
-
-static struct sam_passwd *getsmbfile21pwent(void *vp)
-{
- struct smb_passwd *pw_buf = getsmbfilepwent(vp);
- static struct sam_passwd user;
- struct passwd *pwfile;
-#if ARGH
- uint32 status = 0x0;
-#endif
- static pstring full_name;
- static pstring home_dir;
- static pstring home_drive;
- static pstring logon_script;
- static pstring profile_path;
- static pstring acct_desc;
- static pstring workstations;
-
- DEBUG(5,("getsmbfile21pwent\n"));
-
- if (pw_buf == NULL) return NULL;
-
- pwdb_init_sam(&user);
-
- pwfile = Get_Pwnam(pw_buf->smb_name, False);
- if (pwfile == NULL)
- {
- DEBUG(0,("getsmbfile21pwent: smbpasswd database is corrupt!\n"));
- DEBUG(0,("getsmbfile21pwent: username %s not in unix passwd database!\n", pw_buf->smb_name));
- return NULL;
- }
-
- pstrcpy(samlogon_user, pw_buf->smb_name);
-
- if (samlogon_user[strlen(samlogon_user)-1] != '$')
- {
- /* XXXX hack to get standard_sub_basic() to use sam logon username */
- /* possibly a better way would be to do a become_user() call */
- sam_logon_in_ssb = True;
-
- user.smb_userid = pw_buf->smb_userid;
- user.smb_grpid = pwfile->pw_gid;
-
-#if ARGH
- status = lookup_user_rids(pw_buf->smb_name, &user.user_rid, &user.group_rid);
-#else
- user.user_rid = pwdb_uid_to_user_rid (user.smb_userid);
- user.group_rid = pwdb_gid_to_group_rid(user.smb_grpid );
-#endif
-
- pstrcpy(full_name , pwfile->pw_gecos );
- pstrcpy(logon_script , lp_logon_script ());
- pstrcpy(profile_path , lp_logon_path ());
- pstrcpy(home_drive , lp_logon_drive ());
- pstrcpy(home_dir , lp_logon_home ());
- pstrcpy(acct_desc , "");
- pstrcpy(workstations , "");
-
- sam_logon_in_ssb = False;
- }
- else
- {
- user.smb_userid = pw_buf->smb_userid;
- user.smb_grpid = pwfile->pw_gid;
-
- user.user_rid = pwdb_uid_to_user_rid (user.smb_userid);
- user.group_rid = DOMAIN_GROUP_RID_USERS; /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */
-
- pstrcpy(full_name , "");
- pstrcpy(logon_script , "");
- pstrcpy(profile_path , "");
- pstrcpy(home_drive , "");
- pstrcpy(home_dir , "");
- pstrcpy(acct_desc , "");
- pstrcpy(workstations , "");
- }
-
-#if ARGH
- if (status != 0x0)
- {
- return NULL;
- }
-#endif
-
- user.smb_name = pw_buf->smb_name;
- user.full_name = full_name;
- user.home_dir = home_dir;
- user.dir_drive = home_drive;
- user.logon_script = logon_script;
- user.profile_path = profile_path;
- user.acct_desc = acct_desc;
- user.workstations = workstations;
-
- user.unknown_str = NULL; /* don't know, yet! */
- user.munged_dial = NULL; /* "munged" dial-back telephone number */
-
- user.smb_nt_passwd = pw_buf->smb_nt_passwd;
- user.smb_passwd = pw_buf->smb_passwd;
-
- user.acct_ctrl = pw_buf->acct_ctrl;
-
- user.unknown_3 = 0xffffff; /* don't know */
- user.logon_divs = 168; /* hours per week */
- user.hours_len = 21; /* 21 times 8 bits = 168 */
- memset(user.hours, 0xff, user.hours_len); /* available at all hours */
- user.unknown_5 = 0x00020000; /* don't know */
- user.unknown_5 = 0x000004ec; /* don't know */
-
- return &user;
-}
-
/************************************************************************
Routine to add an entry to the smbpasswd file.
*************************************************************************/
@@ -400,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
*/
while ((pwd = getsmbfilepwent(fp)) != NULL) {
- if (strequal(newpwd->smb_name, pwd->smb_name)) {
- DEBUG(0, ("add_smbfilepwd_entry: entry with name %s already exists\n", pwd->smb_name));
+ if (strequal(newpwd->nt_name, pwd->nt_name)) {
+ DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name));
endsmbfilepwent(fp);
return False;
}
@@ -418,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
endsmbfilepwent(fp);
return False;
}
- new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
+ new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
endsmbfilepwent(fp);
return False;
}
- slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->smb_name, (unsigned)newpwd->smb_userid);
+ slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid);
p = &new_entry[strlen(new_entry)];
if(newpwd->smb_passwd != NULL) {
@@ -477,13 +349,13 @@ Error was %s\n", newpwd->smb_name, pfile, strerror(errno)));
if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
-Error was %s\n", wr_len, newpwd->smb_name, pfile, strerror(errno)));
+Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno)));
/* Remove the entry we just wrote. */
if(sys_ftruncate(fd, offpos) == -1) {
DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
Error was %s. Password file may be corrupt ! Please examine by hand !\n",
- newpwd->smb_name, strerror(errno)));
+ newpwd->nt_name, strerror(errno)));
}
endsmbfilepwent(fp);
@@ -508,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
{
/* Static buffers we will return. */
- static pstring user_name;
+ static pstring nt_name;
char linebuf[256];
char readbuf[1024];
@@ -626,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
* As 256 is shorter than a pstring we don't need to check
* length here - if this ever changes....
*/
- strncpy(user_name, linebuf, PTR_DIFF(p, linebuf));
- user_name[PTR_DIFF(p, linebuf)] = '\0';
- if (strequal(user_name, pwd->smb_name)) {
+ strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf));
+ nt_name[PTR_DIFF(p, linebuf)] = '\0';
+ if (strequal(nt_name, pwd->nt_name)) {
found_entry = True;
break;
}
@@ -673,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
if (!override && (*p == '*' || *p == 'X')) {
/* Password deliberately invalid - end here. */
- DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for user %s\n", user_name));
+ DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name));
file_unlock(lockfd, &pw_file_lock_depth);
fclose(fp);
return False;
@@ -897,58 +769,19 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
return True;
}
-/*
- * Stub functions - implemented in terms of others.
- */
-
-static BOOL mod_smbfile21pwd_entry(struct sam_passwd* pwd, BOOL override)
-{
- return mod_smbfilepwd_entry(pwdb_sam_to_smb(pwd), override);
-}
-
-static BOOL add_smbfile21pwd_entry(struct sam_passwd *newpwd)
-{
- return add_smbfilepwd_entry(pwdb_sam_to_smb(newpwd));
-}
-
-static struct sam_disp_info *getsmbfiledispnam(const char *name)
-{
- return pwdb_sam_to_dispinfo(getsam21pwnam(name));
-}
-
-static struct sam_disp_info *getsmbfiledisprid(uint32 rid)
-{
- return pwdb_sam_to_dispinfo(getsam21pwrid(rid));
-}
-
-static struct sam_disp_info *getsmbfiledispent(void *vp)
-{
- return pwdb_sam_to_dispinfo(getsam21pwent(vp));
-}
-
-static struct passdb_ops file_ops = {
+static struct smb_passdb_ops file_ops = {
startsmbfilepwent,
endsmbfilepwent,
getsmbfilepwpos,
setsmbfilepwpos,
iterate_getsmbpwnam, /* In passdb.c */
iterate_getsmbpwuid, /* In passdb.c */
- iterate_getsmbpwrid, /* In passdb.c */
getsmbfilepwent,
add_smbfilepwd_entry,
- mod_smbfilepwd_entry,
- getsmbfile21pwent,
- iterate_getsam21pwnam,
- iterate_getsam21pwuid,
- iterate_getsam21pwrid,
- add_smbfile21pwd_entry,
- mod_smbfile21pwd_entry,
- getsmbfiledispnam,
- getsmbfiledisprid,
- getsmbfiledispent
+ mod_smbfilepwd_entry
};
-struct passdb_ops *file_initialise_password_db(void)
+struct smb_passdb_ops *file_initialise_password_db(void)
{
return &file_ops;
}
diff --git a/source3/passdb/smbpasschange.c b/source3/passdb/smbpasschange.c
index 1a3c100fa5..843cf4a815 100644
--- a/source3/passdb/smbpasschange.c
+++ b/source3/passdb/smbpasschange.c
@@ -31,9 +31,11 @@ static BOOL add_new_user(char *user_name, uid_t uid, BOOL trust_account,
{
struct smb_passwd new_smb_pwent;
+ pwdb_init_smb(&new_smb_pwent);
+
/* Create a new smb passwd entry and set it to the given password. */
- new_smb_pwent.smb_userid = uid;
- new_smb_pwent.smb_name = user_name;
+ new_smb_pwent.unix_uid = uid;
+ new_smb_pwent.nt_name = user_name;
new_smb_pwent.smb_passwd = NULL;
new_smb_pwent.smb_nt_passwd = NULL;
new_smb_pwent.acct_ctrl = (trust_account ? ACB_WSTRUST : ACB_NORMAL);
diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c
index 3723f9cf57..13963b8c0f 100644
--- a/source3/passdb/smbpassgroup.c
+++ b/source3/passdb/smbpassgroup.c
@@ -113,7 +113,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
p = Atoic((char *) p, &uidval, ":");
pw_buf.smb_name = user_name;
- pw_buf.smb_userid = uidval;
+ pw_buf.unix_uid = uidval;
/*
* Now get a list of alias RIDs
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c
index d83196415c..26c6d6ff13 100644
--- a/source3/passdb/smbpassgroupunix.c
+++ b/source3/passdb/smbpassgroupunix.c
@@ -22,7 +22,7 @@
#ifdef USE_SMBUNIX_DB
extern int DEBUGLEVEL;
-extern DOM_SID global_member_sid;
+extern DOM_SID global_sam_sid;
/***************************************************************
Start to enumerate the smbpasswd list. Returns a void pointer
@@ -31,7 +31,7 @@ extern DOM_SID global_member_sid;
static void *startsmbunixgrpent(BOOL update)
{
- return startsmbfilepwent(False);
+ return startsmbpwent(False);
}
/***************************************************************
@@ -40,7 +40,7 @@ static void *startsmbunixgrpent(BOOL update)
static void endsmbunixgrpent(void *vp)
{
- endsmbfilepwent(vp);
+ endsmbpwent(vp);
}
/*************************************************************************
@@ -50,7 +50,7 @@ static void endsmbunixgrpent(void *vp)
static SMB_BIG_UINT getsmbunixgrppos(void *vp)
{
- return getsmbfilepwpos(vp);
+ return getsmbpwpos(vp);
}
/*************************************************************************
@@ -60,7 +60,7 @@ static SMB_BIG_UINT getsmbunixgrppos(void *vp)
static BOOL setsmbunixgrppos(void *vp, SMB_BIG_UINT tok)
{
- return setsmbfilepwpos(vp, tok);
+ return setsmbpwpos(vp, tok);
}
/*************************************************************************
@@ -71,11 +71,12 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
uint32 **als_rids, int *num_alss)
{
/* Static buffers we will return. */
- struct smb_passwd *pw_buf;
- struct passwd *pw;
+ struct sam_passwd *pw_buf;
+ fstring unix_name;
int i;
int unixgrps;
gid_t *grps;
+ BOOL failed = False;
if (vp == NULL)
{
@@ -83,8 +84,15 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
return NULL;
}
- pw_buf = getsmbfilepwent(vp);
+ pw_buf = getsam21pwent(vp);
+ if (pw_buf == NULL)
+ {
+ return NULL;
+ }
+
+ fstrcpy(unix_name, pw_buf->unix_name);
+
if (grp_rids != NULL)
{
(*grp_rids) = NULL;
@@ -99,21 +107,14 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
if (als_rids == NULL && grp_rids == NULL)
{
- return pw_buf;
+ return pwdb_sam_to_smb(pw_buf);
}
/*
* find all unix groups
*/
- pw = Get_Pwnam(pw_buf->smb_name, False);
-
- if (pw == NULL)
- {
- return NULL;
- }
-
- if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps))
+ if (get_unixgroups(unix_name, pw_buf->unix_uid, pw_buf->unix_gid, &unixgrps, &grps))
{
return NULL;
}
@@ -122,10 +123,8 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
* check each unix group for a mapping as an nt alias or an nt group
*/
- for (i = 0; i < unixgrps; i++)
+ for (i = 0; i < unixgrps && !failed; i++)
{
- DOM_SID sid;
- char *unix_grpname;
uint32 rid;
/*
@@ -134,101 +133,80 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
* (user or not our own domain will be an error).
*/
- unix_grpname = gidtoname(grps[i]);
- if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL))
+ DOM_NAME_MAP gmep;
+
+ if (!lookupsmbgrpgid(grps[i], &gmep))
{
- /*
- * ok, the unix groupname is mapped to an alias.
- * check that it is in our domain.
- */
+ continue;
+ }
- sid_split_rid(&sid, &rid);
- if (!sid_equal(&sid, &global_member_sid))
- {
- pstring sid_str;
- sid_to_string(sid_str, &sid);
- DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Alias RID (0x%x) in another domain (%s)\n",
- pw_buf->smb_name, unix_grpname, rid, sid_str));
- continue;
- }
+ sid_split_rid(&gmep.sid, &rid);
+ if (!sid_equal(&global_sam_sid, &gmep.sid))
+ {
+ continue;
+ }
- if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+ switch (gmep.type)
+ {
+ case SID_NAME_ALIAS:
{
- return NULL;
+ if (als_rids != NULL && add_num_to_list(als_rids, num_alss, rid) == NULL)
+ {
+ failed = True;
+ }
+ break;
}
- }
- else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL))
- {
- /*
- * ok, the unix groupname is mapped to a domain group.
- * check that it is in our domain.
- */
-
- sid_split_rid(&sid, &rid);
- if (!sid_equal(&sid, &global_member_sid))
+ case SID_NAME_DOM_GRP:
+ case SID_NAME_WKN_GRP:
{
- pstring sid_str;
- sid_to_string(sid_str, &sid);
- DEBUG(0,("user %s is in a UNIX group %s that maps to an NT Domain Group RID (0x%x) in another domain (%s)\n",
- pw_buf->smb_name, unix_grpname, rid, sid_str));
- continue;
+ if (grp_rids != NULL && add_num_to_list(grp_rids, num_grps, rid) == NULL)
+ {
+ failed = True;
+ }
+ break;
}
-
- if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+ default:
{
- return NULL;
+ break;
}
}
- else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+ }
+
+ if (failed)
+ {
+ if (grp_rids != NULL && (*grp_rids) != NULL)
{
- /*
- * server is a member of a domain or stand-alone.
- * name is not explicitly mapped
- * so we are responsible for it.
- * as a LOCAL group.
- */
-
- rid = pwdb_gid_to_alias_rid(grps[i]);
- if (add_num_to_list(als_rids, num_alss, rid) == NULL)
- {
- return NULL;
- }
+ free(*grp_rids);
+ (*num_grps) = 0;
}
- else if (lp_server_role() != ROLE_DOMAIN_NONE)
+
+ if (als_rids != NULL && (*als_rids) != NULL)
{
- /*
- * server is a PDC or BDC.
- * name is explicitly mapped
- * so we are responsible for it.
- * as a DOMAIN group.
- */
-
- rid = pwdb_gid_to_group_rid(grps[i]);
- if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
- {
- return NULL;
- }
+ free(*als_rids);
+ (*num_alss) = 0;
}
+
+ return NULL;
}
- return pw_buf;
+ return pwdb_sam_to_smb(pw_buf);
}
-static struct passgrp_ops file_ops =
+static struct passgrp_ops smbunixgrp_ops =
{
startsmbunixgrpent,
endsmbunixgrpent,
getsmbunixgrppos,
setsmbunixgrppos,
- iterate_getsmbgrpnam, /* In passgrp.c */
+ iterate_getsmbgrpntnam, /* In passgrp.c */
iterate_getsmbgrpuid, /* In passgrp.c */
iterate_getsmbgrprid, /* In passgrp.c */
- getsmbunixgrpent,
+ getsmbunixgrpent
};
struct passgrp_ops *unix_initialise_password_grp(void)
{
- return &file_ops;
+ return &smbunixgrp_ops;
}
#else