- adding builtin[alias]db.

- lib/sids.c:

	generate_sam_sid() modified to take a domain name: it now
	generates "DOMAIN_NAME.SID".  reasons:

	1) if you run multiple samba servers on the same machine
	under different netbios names as members of a domain,
	they won't all use the same SID, which is a _big_ mistake
	but it would happen _by default_.

	2) we have (had) a problem with sid_to_string() and string_to_sid()
	which cause SIDs to be incorrectly read.  one of the major
	reasons for *NOT* making this change was so as not to disrupt
	existing users.  but as they will be anyway by this bug,
	we might as well go ahead.

- passdb/smbpass.c:

	wanted to change the meaning of the name in the smbpasswd
	file to an "nt" name not a "unix" name.  this is probably
	not a good idea: reverted this.

- output formatting / bug-fixing in rpcclient query_useraliases code.
(This used to be commit e4930f5f48f8246ceec8add8bf769954a963190c)

2 files changed, 32 insertions, 20 deletions

diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 0de09e6085..8972351d90 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -73,7 +73,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 {
 	/* Static buffers we will return. */
 	static struct smb_passwd pw_buf;
-	static pstring  nt_name;
+	static pstring  unix_name;
 	static unsigned char smbpwd[16];
 	static unsigned char smbntpwd[16];
 	char            linebuf[256];
@@ -115,7 +115,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 		 * As 256 is shorter than a pstring we don't need to check
 		 * length here - if this ever changes....
 		 */
-		p = strncpyn(nt_name, linebuf, sizeof(nt_name), ':');
+		p = strncpyn(unix_name, linebuf, sizeof(unix_name), ':');
 
 		/* Go past ':' */
 		p++;
@@ -124,7 +124,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 
 		p = Atoic( p, &uidval, ":");
 
-		pw_buf.nt_name = nt_name;
+		pw_buf.unix_name = unix_name;
 		pw_buf.unix_uid = uidval;
 
 		/*
@@ -139,7 +139,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 		if (*p == '*' || *p == 'X')
 		{
 			/* Password deliberately invalid - end here. */
-			DEBUG(10, ("getsmbfilepwent: entry invalidated for nt user %s\n", nt_name));
+			DEBUG(10, ("getsmbfilepwent: entry invalidated for unix user %s\n", unix_name));
 			pw_buf.smb_nt_passwd = NULL;
 			pw_buf.smb_passwd = NULL;
 			pw_buf.acct_ctrl |= ACB_DISABLED;
@@ -194,8 +194,8 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 			p += 33;
 		}
 
-		DEBUG(5,("getsmbfilepwent: returning passwd entry for nt user %s, unix uid %d\n",
-		          nt_name, uidval));
+		DEBUG(5,("getsmbfilepwent: returning passwd entry for unix user %s, unix uid %d\n",
+		          unix_name, uidval));
 
 		if (*p == '[')
 		{
@@ -226,7 +226,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 			 * password file as 'normal accounts'. If this changes
 			 * we will have to fix this code. JRA.
 			 */
-			if (pw_buf.nt_name[strlen(pw_buf.nt_name) - 1] == '$')	
+			if (pw_buf.unix_name[strlen(pw_buf.unix_name) - 1] == '$')	
 			{
 				pw_buf.acct_ctrl &= ~ACB_NORMAL;
 				pw_buf.acct_ctrl |= ACB_WSTRUST;
@@ -272,8 +272,8 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
    */
 
   while ((pwd = getsmbfilepwent(fp)) != NULL) {
-    if (strequal(newpwd->nt_name, pwd->nt_name)) {
-      DEBUG(0, ("add_smbfilepwd_entry: entry with nt name %s already exists\n", pwd->nt_name));
+    if (strequal(newpwd->unix_name, pwd->unix_name)) {
+      DEBUG(0, ("add_smbfilepwd_entry: entry with unix name %s already exists\n", pwd->unix_name));
       endsmbfilepwent(fp);
       return False;
     }
@@ -290,21 +290,21 @@ static BOOL add_smbfilepwd_entry(struct smb_passwd *newpwd)
 
   if((offpos = sys_lseek(fd, 0, SEEK_END)) == -1) {
     DEBUG(0, ("add_smbfilepwd_entry(sys_lseek): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
     endsmbfilepwent(fp);
     return False;
   }
 
-  new_entry_length = strlen(newpwd->nt_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
+  new_entry_length = strlen(newpwd->unix_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
 
   if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
     DEBUG(0, ("add_smbfilepwd_entry(malloc): Failed to add entry for user %s to file %s. \
-Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", newpwd->unix_name, pfile, strerror(errno)));
     endsmbfilepwent(fp);
     return False;
   }
 
-  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->nt_name, (unsigned)newpwd->unix_uid);
+  slprintf(new_entry, new_entry_length - 1, "%s:%u:", newpwd->unix_name, (unsigned)newpwd->unix_uid);
   p = &new_entry[strlen(new_entry)];
 
   if(newpwd->smb_passwd != NULL) {
@@ -349,13 +349,13 @@ Error was %s\n", newpwd->nt_name, pfile, strerror(errno)));
 
   if ((wr_len = write(fd, new_entry, strlen(new_entry))) != strlen(new_entry)) {
     DEBUG(0, ("add_smbfilepwd_entry(write): %d Failed to add entry for user %s to file %s. \
-Error was %s\n", wr_len, newpwd->nt_name, pfile, strerror(errno)));
+Error was %s\n", wr_len, newpwd->unix_name, pfile, strerror(errno)));
 
     /* Remove the entry we just wrote. */
     if(sys_ftruncate(fd, offpos) == -1) {
       DEBUG(0, ("add_smbfilepwd_entry: ERROR failed to ftruncate file %s. \
 Error was %s. Password file may be corrupt ! Please examine by hand !\n", 
-             newpwd->nt_name, strerror(errno)));
+             newpwd->unix_name, strerror(errno)));
     }
 
     endsmbfilepwent(fp);
@@ -380,7 +380,7 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
 static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 {
   /* Static buffers we will return. */
-  static pstring  nt_name;
+  static pstring  unix_name;
 
   char            linebuf[256];
   char            readbuf[1024];
@@ -498,9 +498,9 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
      * As 256 is shorter than a pstring we don't need to check
      * length here - if this ever changes....
      */
-    strncpy(nt_name, linebuf, PTR_DIFF(p, linebuf));
-    nt_name[PTR_DIFF(p, linebuf)] = '\0';
-    if (strequal(nt_name, pwd->nt_name)) {
+    strncpy(unix_name, linebuf, PTR_DIFF(p, linebuf));
+    unix_name[PTR_DIFF(p, linebuf)] = '\0';
+    if (strequal(unix_name, pwd->unix_name)) {
       found_entry = True;
       break;
     }
@@ -545,7 +545,7 @@ static BOOL mod_smbfilepwd_entry(struct smb_passwd* pwd, BOOL override)
 
   if (!override && (*p == '*' || *p == 'X')) {
     /* Password deliberately invalid - end here. */
-    DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for nt user %s\n", nt_name));
+    DEBUG(10, ("mod_smbfilepwd_entry: entry invalidated for unix user %s\n", unix_name));
     file_unlock(lockfd, &pw_file_lock_depth);
     fclose(fp);
     return False;
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c
index 26c6d6ff13..38f9cdf2e4 100644
--- a/source3/passdb/smbpassgroupunix.c
+++ b/source3/passdb/smbpassgroupunix.c
@@ -107,6 +107,7 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
 	
 	if (als_rids == NULL && grp_rids == NULL)
 	{
+		/* they didn't want to know the members. */
 		return pwdb_sam_to_smb(pw_buf);
 	}
 
@@ -131,6 +132,17 @@ static struct smb_passwd *getsmbunixgrpent(void *vp,
 		 * find the unix name for each user's group.
 		 * assume the unix group is an nt name (alias? group? user?)
 		 * (user or not our own domain will be an error).
+		 *
+		 * oh, oh, can anyone spot what's missing heeere?
+		 * you guessed it: built-in aliases.  those are in
+		 * Domain S-1-5-20, and NT Domain Users can only
+		 * have lists of RIDs as groups.
+		 *
+		 * doesn't stop you making NT Domain Users a member
+		 * of a BUILTIN Alias (e.g "Administrators" or "Power Users")
+		 * it's just that there's no way to tell that from this
+		 * API call: wrong domain, sorry.
+		 *
 		 */
 
 		DOM_NAME_MAP gmep;