diff options
| author | Simo Sorce <idra@samba.org> | 2003-04-29 22:06:16 +0000 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2003-04-29 22:06:16 +0000 |
| commit | a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b (patch) | |
| tree | 1d006dc489a2373fc3e55f78cc6ce34a4880b9aa /source3/passdb | |
| parent | 0db7c13f9210c0eac82050a2b9e37bd81bfffe10 (diff) | |
| download | samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.gz samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.bz2 samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.zip | |
This is a nice rewrite:
SAM_ACCOUNT does not have anymore uid and gid fields
all the code that used them has been fixed to use the proper idmap calls
fix to idmap_tdb for first time idmap.tdb initialization.
auth_serversupplied_info structure has now an uid and gid field
few other fixes to make the system behave correctly with idmap
tested only with tdbsam, but smbpasswd and nisplus should be ok
have not tested ldap !
(This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/passdb.c | 10 | ||||
| -rw-r--r-- | source3/passdb/pdb_get_set.c | 42 | ||||
| -rw-r--r-- | source3/passdb/pdb_ldap.c | 56 | ||||
| -rw-r--r-- | source3/passdb/pdb_nisplus.c | 80 | ||||
| -rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 27 | ||||
| -rw-r--r-- | source3/passdb/pdb_tdb.c | 73 | ||||
| -rw-r--r-- | source3/passdb/pdb_unix.c | 2 |
7 files changed, 72 insertions, 218 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 05979cc385..c93577dc04 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -5,6 +5,7 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-1998 Copyright (C) Gerald (Jerry) Carter 2000-2001 Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Simo Sorce 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -46,8 +47,6 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user) /* Don't change these timestamp settings without a good reason. They are important for NT member server compatibility. */ - user->private.uid = user->private.gid = -1; - user->private.logon_time = (time_t)0; user->private.pass_last_set_time = (time_t)0; user->private.pass_can_change_time = (time_t)0; @@ -177,9 +176,6 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET); pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT); - - pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET); - pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET); /* When we get a proper uid -> SID and SID -> uid allocation mechinism, we should call it here. @@ -697,7 +693,7 @@ static BOOL pdb_rid_is_well_known(uint32 rid) Decides if a RID is a user or group RID. ********************************************************************/ -BOOL pdb_rid_is_user(uint32 rid) +BOOL fallback_pdb_rid_is_user(uint32 rid) { /* lkcl i understand that NT attaches an enumeration to a RID * such that it can be identified as either a user, group etc @@ -787,7 +783,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - if (pdb_rid_is_user(rid)) { + if (fallback_pdb_rid_is_user(rid)) { uid_t uid; DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid)); diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index a86d936263..4370dc2c36 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -202,22 +202,6 @@ enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_el return ret; } -uid_t pdb_get_uid (const SAM_ACCOUNT *sampass) -{ - if (sampass) - return (sampass->private.uid); - else - return (-1); -} - -gid_t pdb_get_gid (const SAM_ACCOUNT *sampass) -{ - if (sampass) - return (sampass->private.gid); - else - return (-1); -} - const char* pdb_get_username (const SAM_ACCOUNT *sampass) { if (sampass) @@ -509,32 +493,6 @@ BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum p return True; } -BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag) -{ - if (!sampass) - return False; - - DEBUG(10, ("pdb_set_uid: setting uid %d, was %d\n", - (int)uid, (int)sampass->private.uid)); - - sampass->private.uid = uid; - - return pdb_set_init_flags(sampass, PDB_UID, flag); -} - -BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag) -{ - if (!sampass) - return False; - - DEBUG(10, ("pdb_set_gid: setting gid %d, was %d\n", - (int)gid, (int)sampass->private.gid)); - - sampass->private.gid = gid; - - return pdb_set_init_flags(sampass, PDB_GID, flag); -} - BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag) { if (!sampass || !u_sid) diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 71419448cb..b23b7286ea 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1533,12 +1533,11 @@ Initialize SAM_ACCOUNT from an LDAP query (unix attributes only) *********************************************************************/ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, SAM_ACCOUNT * sampass, - LDAPMessage * entry) + LDAPMessage * entry, + gid_t *gid) { pstring homedir; pstring temp; - uid_t uid; - gid_t gid; char **ldap_values; char **values; @@ -1563,19 +1562,12 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir)) return False; - if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) - return False; - - uid = (uid_t)atol(temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) return False; gid = (gid_t)atol(temp); pdb_set_unix_homedir(sampass, homedir, PDB_SET); - pdb_set_uid(sampass, uid, PDB_SET); - pdb_set_gid(sampass, gid, PDB_SET); DEBUG(10, ("user has posixAcccount attributes\n")); return True; @@ -1617,8 +1609,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, uint8 hours[MAX_HOURS_LEN]; pstring temp; uid_t uid = -1; - gid_t gid = getegid(); - + gid_t gid = getegid(); /* * do a little initialization @@ -1690,40 +1681,17 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, * If so configured, try and get the values from LDAP */ - if (!lp_ldap_trust_ids() || (!get_unix_attributes(ldap_state, sampass, entry))) { + if (!lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) { - /* - * Otherwise just ask the system getpw() calls. - */ - - pw = getpwnam_alloc(username); - if (pw == NULL) { - if (! ldap_state->permit_non_unix_accounts) { - DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username)); - return False; + if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) { + GROUP_MAP map; + /* call the mapping code here */ + if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { + pdb_set_group_sid(sampass, &map.sid, PDB_SET); + } + else { + pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET); } - } else { - uid = pw->pw_uid; - pdb_set_uid(sampass, uid, PDB_SET); - gid = pw->pw_gid; - pdb_set_gid(sampass, gid, PDB_SET); - - pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET); - - passwd_free(&pw); - } - } - - if ((pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) - && (pdb_get_init_flags(sampass,PDB_GID) != PDB_DEFAULT)) { - GROUP_MAP map; - gid = pdb_get_gid(sampass); - /* call the mapping code here */ - if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { - pdb_set_group_sid(sampass, &map.sid, PDB_SET); - } - else { - pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET); } } diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index cd9288fed0..4e4aaed02b 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -876,8 +876,6 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET); pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT); - pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET); - pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET); pdb_set_user_sid_from_rid (pw_buf, atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET); pdb_set_group_sid_from_rid (pw_buf, @@ -949,8 +947,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) && strncasecmp (ptr, "NO PASSWORD", 11)) { if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbntpwd)) { - DEBUG (0, ("malformed NT pwd entry:\ - uid = %d.\n", pdb_get_uid (pw_buf))); + DEBUG (0, ("malformed NT pwd entry:\ %s.\n", + pdb_get_username (pw_buf))); return False; } if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET)) @@ -1047,6 +1045,8 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, BOOL need_to_modify = False; const char *name = pdb_get_username (sampass); /* from SAM */ + uint32 u_rid; + uint32 g_rid; /* these must be static or allocate and free entry columns! */ static fstring uid; /* from SAM */ static fstring user_rid; /* from SAM */ @@ -1065,31 +1065,15 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, static fstring acct_desc; /* from SAM */ static char empty[1]; /* just an empty string */ - slprintf (uid, sizeof (uid) - 1, "%u", pdb_get_uid (sampass)); - slprintf (user_rid, sizeof (user_rid) - 1, "%u", - pdb_get_user_rid (sampass) ? pdb_get_user_rid (sampass) : - fallback_pdb_uid_to_user_rid (pdb_get_uid (sampass))); - slprintf (gid, sizeof (gid) - 1, "%u", pdb_get_gid (sampass)); - - { - uint32 rid; - GROUP_MAP map; - - rid = pdb_get_group_rid (sampass); - - if (rid == 0) { - if (pdb_getgrgid(&map, pdb_get_gid (sampass), - MAPPING_WITHOUT_PRIV)) { - if (!sid_peek_check_rid - (get_global_sam_sid (), &map.sid, &rid)) - return False; - } else - rid = pdb_gid_to_group_rid (pdb_get_gid - (sampass)); - } + if (!(u_rid = pdb_get_user_rid (sampass))) + return False; + if (!(g_rid = pdb_get_group_rid (sampass))) + return False; - slprintf (group_rid, sizeof (group_rid) - 1, "%u", rid); - } + slprintf (uid, sizeof (uid) - 1, "%u", fallback_pdb_user_rid_to_uid (u_rid)); + slprintf (user_rid, sizeof (user_rid) - 1, "%u", u_rid); + slprintf (gid, sizeof (gid) - 1, "%u", fallback_pdb_group_rid_to_uid (g_rid)); + slprintf (group_rid, sizeof (group_rid) - 1, "%u", g_rid); acb = pdb_encode_acct_ctrl (pdb_get_acct_ctrl (sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN); @@ -1133,51 +1117,27 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, /* uid */ - if (pdb_get_uid (sampass) != -1) { - if (!ENTRY_VAL (old, NPF_UID) - || strcmp (ENTRY_VAL (old, NPF_UID), uid)) { + if (!ENTRY_VAL (old, NPF_UID) || strcmp (ENTRY_VAL (old, NPF_UID), uid)) { need_to_modify = True; - set_single_attribute (obj, NPF_UID, uid, - strlen (uid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_UID, uid, strlen (uid), EN_MODIFIED); } /* user_rid */ - if (pdb_get_user_rid (sampass)) { - if (!ENTRY_VAL (old, NPF_USER_RID) || - strcmp (ENTRY_VAL (old, NPF_USER_RID), - user_rid)) { + if (!ENTRY_VAL (old, NPF_USER_RID) || strcmp (ENTRY_VAL (old, NPF_USER_RID), user_rid)) { need_to_modify = True; - set_single_attribute (obj, NPF_USER_RID, - user_rid, - strlen (user_rid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_USER_RID, user_rid, strlen (user_rid), EN_MODIFIED); } /* smb_grpid */ - if (pdb_get_gid (sampass) != -1) { - if (!ENTRY_VAL (old, NPF_SMB_GRPID) || - strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) { + if (!ENTRY_VAL (old, NPF_SMB_GRPID) || strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) { need_to_modify = True; - set_single_attribute (obj, NPF_SMB_GRPID, gid, - strlen (gid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_SMB_GRPID, gid, strlen (gid), EN_MODIFIED); } /* group_rid */ - if (pdb_get_group_rid (sampass)) { - if (!ENTRY_VAL (old, NPF_GROUP_RID) || - strcmp (ENTRY_VAL (old, NPF_GROUP_RID), - group_rid)) { + if (!ENTRY_VAL (old, NPF_GROUP_RID) || strcmp (ENTRY_VAL (old, NPF_GROUP_RID), group_rid)) { need_to_modify = True; - set_single_attribute (obj, NPF_GROUP_RID, - group_rid, - strlen (group_rid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_GROUP_RID, group_rid, strlen (group_rid), EN_MODIFIED); } /* acb */ diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index c1421bcd53..91fc7bc8e0 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1134,28 +1134,23 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass) { uid_t uid; + uint32 rid; if (sampass == NULL) return False; - ZERO_STRUCTP(smb_pw); - - if (!IS_SAM_UNIX_USER(sampass)) { - smb_pw->smb_userid_set = False; - DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n")); - } else { - uint32 rid = pdb_get_user_rid(sampass); - smb_pw->smb_userid_set = True; - uid = pdb_get_uid(sampass); + rid = pdb_get_user_rid(sampass); - /* If the user specified a RID, make sure its able to be both stored and retreived */ - if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) { - DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); - return False; - } + /* If the user specified a RID, make sure its able to be both stored and retreived */ + if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) { + DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); + return False; + } - smb_pw->smb_userid=uid; - } + ZERO_STRUCTP(smb_pw); + + smb_pw->smb_userid_set = True; + smb_pw->smb_userid=uid; smb_pw->smb_name=(const char*)pdb_get_username(sampass); diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 2363b955e2..904f2935ce 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -101,7 +101,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, BOOL ret = True; struct passwd *pw; uid_t uid = -1; - gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ + gid_t gid = -1; if(sampass == NULL || buf == NULL) { DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n")); @@ -148,6 +148,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, /* validate the account and fill in UNIX uid and gid. Standard * getpwnam() is used instead of Get_Pwnam() as we do not need * to try case permutations + * + * FIXME: are we sure we do not need ? */ if (!username || !(pw = getpwnam_alloc(username))) { if (!(tdb_state->permit_non_unix_accounts)) { @@ -158,15 +160,9 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, } if (pw) { - uid = pw->pw_uid; - gid = pw->pw_gid; - pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET); passwd_free(&pw); - - pdb_set_uid(sampass, uid, PDB_SET); - pdb_set_gid(sampass, gid, PDB_SET); } pdb_set_logon_time(sampass, logon_time, PDB_SET); @@ -768,54 +764,35 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, return False; } + if (!pdb_get_group_rid(newpwd)) { + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); + ret = False; + goto done; + } + /* if flag == TDB_INSERT then make up a new RID else throw an error. */ if (!(user_rid = pdb_get_user_rid(newpwd))) { - if (flag & TDB_INSERT) { - if (IS_SAM_UNIX_USER(newpwd)) { - if (tdb_state->algorithmic_rids) { - user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd)); - } else { - user_rid = BASE_RID; - tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); - if (!tdb_ret) { - ret = False; - goto done; - } - } - pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED); - } else { - user_rid = tdb_state->low_nua_rid; - tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER); - if (!tdb_ret) { - ret = False; - goto done; - } - if (user_rid > tdb_state->high_nua_rid) { - DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); - ret = False; - goto done; - } - pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED); + if ((flag & TDB_INSERT) && tdb_state->permit_non_unix_accounts) { + uint32 lowrid, highrid; + if (!pdb_get_free_rid_range(&lowrid, &highrid)) { + /* should never happen */ + DEBUG(0, ("tdbsam: something messed up, no high/low rids but nua enabled ?!\n")); + ret = False; + goto done; } - } else { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); - ret = False; - goto done; - } - } - - if (!pdb_get_group_rid(newpwd)) { - if (flag & TDB_INSERT) { - if (!tdb_state->permit_non_unix_accounts) { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); + user_rid = lowrid; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + if (user_rid > highrid) { + DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); ret = False; goto done; - } else { - /* This seems like a good default choice for non-unix users */ - pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT); } } else { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); ret = False; goto done; } diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index d0604cb88c..395795758f 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -66,7 +66,7 @@ static NTSTATUS unixsam_getsampwrid (struct pdb_methods *methods, DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account)); return nt_status; } - } else if (pdb_rid_is_user(rid)) { + } else if (fallback_pdb_rid_is_user(rid)) { pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); } |