unix instance of group database API

(This used to be commit e76f593b3572ac881f1aa1fb3326d8b7169b0078)
author: Luke Leighton <lkcl@samba.org> 1998-11-23 21:51:05 +0000
committer: Luke Leighton <lkcl@samba.org> 1998-11-23 21:51:05 +0000
commit: 4cee58780cb15fe5889b9dd0dc34459512d75062 (patch)
tree: 07e0db236cfdb786458451b879333bc1d687cf3c /source3/passdb
parent: 735926877bb8333a9e862657ea89001bea376b9f (diff)
download: samba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.gz
samba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.bz2
samba-4cee58780cb15fe5889b9dd0dc34459512d75062.zip
5 files changed, 263 insertions, 20 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index da45f15f5f..a7635308b7 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -69,7 +69,7 @@ BOOL initialise_password_db(void)
   pwdb_ops =  nisplus_initialise_password_db();
 #elif defined(WITH_LDAP)
   pwdb_ops = ldap_initialise_password_db();
-#else 
+#elif defined(USE_SMBPASS_DB)
   pwdb_ops = file_initialise_password_db();
 #endif 
 
diff --git a/source3/passdb/passgrp.c b/source3/passdb/passgrp.c
index ded9ef33d2..f626dd978a 100644
--- a/source3/passdb/passgrp.c
+++ b/source3/passdb/passgrp.c
@@ -34,7 +34,7 @@ extern int DEBUGLEVEL;
  *
  */
 
-static struct passgrp_ops *pwgrp_ops;
+static struct passgrp_ops *pwgrp_ops = NULL;
 
 /***************************************************************
  Initialise the passgrp operations.
@@ -51,7 +51,9 @@ BOOL initialise_passgrp_db(void)
   pwgrp_ops =  nisplus_initialise_password_grp();
 #elif defined(WITH_LDAP)
   pwgrp_ops = ldap_initialise_password_grp();
-#else 
+#elif defined(USE_SMBUNIX_DB)
+  pwgrp_ops = unix_initialise_password_grp();
+#elif defined(USE_SMBPASS_DB)
   pwgrp_ops = file_initialise_password_grp();
 #endif 
 
diff --git a/source3/passdb/smbpass.c b/source3/passdb/smbpass.c
index 67f8ea6cfb..62fdabe7fe 100644
--- a/source3/passdb/smbpass.c
+++ b/source3/passdb/smbpass.c
@@ -33,7 +33,7 @@ static char s_readbuf[1024];
  to ensure no modification outside this module.
 ****************************************************************/
 
-static void *startsmbfilepwent(BOOL update)
+void *startsmbfilepwent(BOOL update)
 {
 	return startfilepwent(lp_smb_passwd_file(), s_readbuf, sizeof(s_readbuf),
 	                      &pw_file_lock_depth, update);
@@ -43,7 +43,7 @@ static void *startsmbfilepwent(BOOL update)
  End enumeration of the smbpasswd list.
 ****************************************************************/
 
-static void endsmbfilepwent(void *vp)
+void endsmbfilepwent(void *vp)
 {
 	endfilepwent(vp, &pw_file_lock_depth);
 }
@@ -53,7 +53,7 @@ static void endsmbfilepwent(void *vp)
  This must be treated as an opaque token.
 *************************************************************************/
 
-static SMB_BIG_UINT getsmbfilepwpos(void *vp)
+SMB_BIG_UINT getsmbfilepwpos(void *vp)
 {
 	return getfilepwpos(vp);
 }
@@ -63,7 +63,7 @@ static SMB_BIG_UINT getsmbfilepwpos(void *vp)
  This must be treated as an opaque token.
 *************************************************************************/
 
-static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
+BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
 {
 	return setfilepwpos(vp, tok);
 }
@@ -71,7 +71,7 @@ static BOOL setsmbfilepwpos(void *vp, SMB_BIG_UINT tok)
 /*************************************************************************
  Routine to return the next entry in the smbpasswd list.
  *************************************************************************/
-static struct smb_passwd *getsmbfilepwent(void *vp)
+struct smb_passwd *getsmbfilepwent(void *vp)
 {
 	/* Static buffers we will return. */
 	static struct smb_passwd pw_buf;
@@ -80,7 +80,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 	static unsigned char smbntpwd[16];
 	struct passwd *pwfile;
 	char            linebuf[256];
-	unsigned char  *p;
+	char  *p;
 	int            uidval;
 	size_t            linebuf_len;
 
@@ -118,14 +118,14 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 		 * As 256 is shorter than a pstring we don't need to check
 		 * length here - if this ever changes....
 		 */
-		p = (unsigned char *)strncpyn(user_name, linebuf, sizeof(user_name), ':');
+		p = strncpyn(user_name, linebuf, sizeof(user_name), ':');
 
 		/* Go past ':' */
 		p++;
 
 		/* Get smb uid. */
 
-		p = (unsigned char *)Atoic((char *) p, &uidval, ":");
+		p = Atoic( p, &uidval, ":");
 
 		pw_buf.smb_name = user_name;
 		pw_buf.smb_userid = uidval;
@@ -161,14 +161,14 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 			continue;
 		}
 
-		if (!strncasecmp((char *) p, "NO PASSWORD", 11))
+		if (!strncasecmp( p, "NO PASSWORD", 11))
 		{
 			pw_buf.smb_passwd = NULL;
 			pw_buf.acct_ctrl |= ACB_PWNOTREQ;
 		}
 		else
 		{
-			if (!pwdb_gethexpwd((char *)p, (char *)smbpwd))
+			if (!pwdb_gethexpwd(p, (char *)smbpwd))
 			{
 				DEBUG(0, ("getsmbfilepwent: Malformed Lanman password entry (non hex chars)\n"));
 				continue;
@@ -188,7 +188,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 		{
 			if (*p != '*' && *p != 'X')
 			{
-				if(pwdb_gethexpwd((char *)p,(char *)smbntpwd))
+				if(pwdb_gethexpwd(p,(char *)smbntpwd))
 				{
 					pw_buf.smb_nt_passwd = smbntpwd;
 				}
@@ -218,7 +218,7 @@ static struct smb_passwd *getsmbfilepwent(void *vp)
 			if (*p == ':')
 			{
 				p++;
-				pw_buf.pass_last_set_time = pwdb_get_last_set_time((char *)p);
+				pw_buf.pass_last_set_time = pwdb_get_last_set_time(p);
 			}
 		}
 		else
diff --git a/source3/passdb/smbpassgroup.c b/source3/passdb/smbpassgroup.c
index f3a0d4244b..8e92f0e831 100644
--- a/source3/passdb/smbpassgroup.c
+++ b/source3/passdb/smbpassgroup.c
@@ -19,7 +19,7 @@
 
 #include "includes.h"
 
-#ifdef USE_SMBPASS_DB
+#ifdef USE_SMBGROUP_DB
 
 static int grp_file_lock_depth = 0;
 extern int DEBUGLEVEL;
@@ -96,7 +96,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
 		/*
 		 * The line we have should be of the form :-
 		 * 
-		 * username:uid:domainrid1,domainrid2..:aliassid1,aliassid2..:
+		 * username:uid:aliassid1,aliassid2..:domainrid1,domainrid2..:
 		 */
 
 		/*
@@ -116,9 +116,7 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
 		pw_buf.smb_userid = uidval;
 
 		/*
-		 * Now get the password value - this should be 32 hex digits
-		 * which are the ascii representations of a 16 byte string.
-		 * Get two at a time and put them into the password.
+		 * Now get a list of alias RIDs
 		 */
 
 		/* Skip the ':' */
@@ -139,6 +137,10 @@ static struct smb_passwd *getsmbfilegrpent(void *vp,
 			}
 		}
 
+		/*
+		 * Now get a list of group RIDs
+		 */
+
 		/* Skip the ':' */
 		p++;
 
diff --git a/source3/passdb/smbpassgroupunix.c b/source3/passdb/smbpassgroupunix.c
new file mode 100644
index 0000000000..438b9e2daf
--- /dev/null
+++ b/source3/passdb/smbpassgroupunix.c
@@ -0,0 +1,239 @@
+/*
+ * Unix SMB/Netbios implementation. Version 1.9. SMB parameters and setup
+ * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995.
+ * 
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ * 
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 675
+ * Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+#ifdef USE_SMBUNIX_DB
+
+extern int DEBUGLEVEL;
+extern DOM_SID global_member_sid;
+
+/***************************************************************
+ Start to enumerate the smbpasswd list. Returns a void pointer
+ to ensure no modification outside this module.
+****************************************************************/
+
+static void *startsmbfilegrpent(BOOL update)
+{
+	return startsmbfilepwent(False);
+}
+
+/***************************************************************
+ End enumeration of the smbpasswd list.
+****************************************************************/
+
+static void endsmbfilegrpent(void *vp)
+{
+	endsmbfilepwent(vp);
+}
+
+/*************************************************************************
+ Return the current position in the smbpasswd list as an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static SMB_BIG_UINT getsmbfilegrppos(void *vp)
+{
+	return getsmbfilepwpos(vp);
+}
+
+/*************************************************************************
+ Set the current position in the smbpasswd list from an SMB_BIG_UINT.
+ This must be treated as an opaque token.
+*************************************************************************/
+
+static BOOL setsmbfilegrppos(void *vp, SMB_BIG_UINT tok)
+{
+	return setsmbfilepwpos(vp, tok);
+}
+
+/*************************************************************************
+ Routine to return the next smbpassgroup entry
+ *************************************************************************/
+static struct smb_passwd *getsmbfilegrpent(void *vp,
+		uint32 **grp_rids, int *num_grps,
+		uint32 **als_rids, int *num_alss)
+{
+	/* Static buffers we will return. */
+	struct smb_passwd *pw_buf;
+	struct passwd *pw;
+	int i;
+	int unixgrps;
+	gid_t *grps;
+
+	if (vp == NULL)
+	{
+		DEBUG(0,("getsmbfilegrpent: Bad password file pointer.\n"));
+		return NULL;
+	}
+
+	pw_buf = getsmbfilepwent(vp);
+	
+	if (grp_rids != NULL)
+	{
+		(*grp_rids) = NULL;
+		(*num_grps) = 0;
+	}
+
+	if (als_rids != NULL)
+	{
+		(*als_rids) = NULL;
+		(*num_alss) = 0;
+	}
+	
+	if (als_rids == NULL && grp_rids == NULL)
+	{
+		return pw_buf;
+	}
+
+	/*
+	 * find all unix groups
+	 */
+
+	pw = Get_Pwnam(pw_buf->smb_name, False);
+
+	if (pw == NULL)
+	{
+		return NULL;
+	}
+
+	if (get_unixgroups(pw_buf->smb_name, pw->pw_uid, pw->pw_gid, &unixgrps, &grps))
+	{
+		return NULL;
+	}
+
+	/*
+	 * check each unix group for a mapping as an nt alias or an nt group
+	 */
+
+	for (i = 0; i < unixgrps; i++)
+	{
+		DOM_SID sid;
+		uint8 type;
+		char *unix_grpname;
+		uint32 status;
+		uint32 rid;
+
+		/*
+		 * find the unix name for each user's group.
+		 * assume the unix group is an nt name (alias? group? user?)
+		 * (user or not our own domain will be an error).
+		 */
+
+		unix_grpname = gidtoname(grps[i]);
+		if (map_unix_alias_name(unix_grpname, &sid, NULL, NULL))
+		{
+			/*
+			 * ok, the unix groupname is mapped to an alias.
+			 * check that it is in our domain.
+			 */
+
+			sid_split_rid(&sid, &rid);
+			if (!sid_equal(&sid, &global_member_sid))
+			{
+				pstring sid_str;
+				sid_to_string(sid_str, &sid);
+				DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+				          pw_buf->smb_name, unix_grpname, rid, sid_str));
+				continue;
+			}
+
+			if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+		else if (map_unix_group_name(unix_grpname, &sid, NULL, NULL))
+		{
+			/*
+			 * ok, the unix groupname is mapped to a domain group.
+			 * check that it is in our domain.
+			 */
+
+			sid_split_rid(&sid, &rid);
+			if (!sid_equal(&sid, &global_member_sid))
+			{
+				pstring sid_str;
+				sid_to_string(sid_str, &sid);
+				DEBUG(0,("user %s is in a UNIX group %s that maps to an NT RID (0x%x) in another domain (%s)\n",
+				          pw_buf->smb_name, unix_grpname, rid, sid_str));
+				continue;
+			}
+
+			if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+		else if (lp_server_role() == ROLE_DOMAIN_MEMBER)
+		{
+			/*
+			 * server is a member of a domain or stand-alone.
+			 * name is not explicitly mapped
+			 * so we are responsible for it.
+			 * as a LOCAL group.
+			 */
+
+			rid = pwdb_gid_to_alias_rid(grps[i]);
+			if (add_num_to_list(als_rids, num_alss, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+		else if (lp_server_role() != ROLE_DOMAIN_NONE)
+		{
+			/*
+			 * server is a PDC or BDC.
+			 * name is explicitly mapped
+			 * so we are responsible for it.
+			 * as a DOMAIN group.
+			 */
+
+			rid = pwdb_gid_to_group_rid(grps[i]);
+			if (add_num_to_list(grp_rids, num_grps, rid) == NULL)
+			{
+				return NULL;
+			}
+		}
+	}
+
+	return pw_buf;
+}
+
+static struct passgrp_ops file_ops =
+{
+	startsmbfilegrpent,
+	endsmbfilegrpent,
+	getsmbfilegrppos,
+	setsmbfilegrppos,
+	iterate_getsmbgrpnam,          /* In passgrp.c */
+	iterate_getsmbgrpuid,          /* In passgrp.c */
+	iterate_getsmbgrprid,          /* In passgrp.c */
+	getsmbfilegrpent,
+};
+
+struct passgrp_ops *unix_initialise_password_grp(void)
+{    
+  return &file_ops;
+}
+
+#else
+ /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */
+ void smbpass_dummy_function(void) { } /* stop some compilers complaining */
+#endif /* USE_SMBPASS_DB */
author	Luke Leighton <lkcl@samba.org>	1998-11-23 21:51:05 +0000
committer	Luke Leighton <lkcl@samba.org>	1998-11-23 21:51:05 +0000
commit	4cee58780cb15fe5889b9dd0dc34459512d75062 (patch)
tree	07e0db236cfdb786458451b879333bc1d687cf3c /source3/passdb
parent	735926877bb8333a9e862657ea89001bea376b9f (diff)
download	samba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.gz samba-4cee58780cb15fe5889b9dd0dc34459512d75062.tar.bz2 samba-4cee58780cb15fe5889b9dd0dc34459512d75062.zip