weekend work. user / group database API.

- split sam_passwd and smb_passwd into separate higher-order function tables

- renamed struct smb_passwd's "smb_user" to "unix_user".  added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.

NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.

- added query_useraliases code to rpcclient.

- dealt with some nasty interdependencies involving non-smbd programs
and the password database API.  this is still not satisfactorily
resolved completelely, but it's the best i can do for now.

- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.

lots of debugging done, it's still not finished.  the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect.  the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)

1 files changed, 42 insertions, 81 deletions

diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
index 7fbd43c38e..4f49735ca0 100644
--- a/source3/rpc_server/srv_netlog.c
+++ b/source3/rpc_server/srv_netlog.c
@@ -28,10 +28,9 @@
 
 extern int DEBUGLEVEL;
 
-extern BOOL sam_logon_in_ssb;
-extern pstring samlogon_user;
 extern pstring global_myname;
 extern DOM_SID global_sam_sid;
+extern fstring global_sam_name;
 
 /*************************************************************************
  make_net_r_req_chal:
@@ -493,7 +492,7 @@ static void api_net_sam_logoff( uint16 vuid,
  net_login_interactive:
  *************************************************************************/
 static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
-				struct smb_passwd *smb_pass,
+				struct sam_passwd *smb_pass,
 				user_struct *vuser)
 {
 	uint32 status = 0x0;
@@ -543,7 +542,7 @@ static uint32 net_login_interactive(NET_ID_INFO_1 *id1,
  net_login_network:
  *************************************************************************/
 static uint32 net_login_network(NET_ID_INFO_2 *id2,
-				struct smb_passwd *smb_pass,
+				struct sam_passwd *smb_pass,
 				user_struct *vuser)
 {
 	DEBUG(5,("net_login_network: lm_len: %d nt_len: %d\n",
@@ -598,7 +597,7 @@ static void api_net_sam_logon( uint16 vuid,
 	NET_USER_INFO_3 usr_info;
 	uint32 status = 0x0;
 	DOM_CRED srv_cred;
-	struct smb_passwd *smb_pass = NULL;
+	struct sam_passwd *sam_pass = NULL;
 	UNISTR2 *uni_samlogon_user = NULL;
 	fstring nt_username;
 
@@ -632,14 +631,14 @@ static void api_net_sam_logon( uint16 vuid,
 			{
 				uni_samlogon_user = &(q_l.sam_id.ctr->auth.id1.uni_user_name);
 
-				DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
+				DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", global_sam_name));
 				break;
 			}
 			case NET_LOGON_TYPE:
 			{
 				uni_samlogon_user = &(q_l.sam_id.ctr->auth.id2.uni_user_name);
 
-				DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
+				DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", global_sam_name));
 				break;
 			}
 			default:
@@ -660,26 +659,16 @@ static void api_net_sam_logon( uint16 vuid,
 
 		DEBUG(3,("User:[%s]\n", nt_username));
 
-		/*
-		 * Convert to a UNIX username.
-		 */
-		map_username(nt_username);
-
-		/*
-		 * Do any case conversions.
-		 */
-		(void)Get_Pwnam(nt_username, True);
-
 		become_root(True);
-		smb_pass = getsmbpwnam(nt_username);
+		sam_pass = getsam21pwntnam(nt_username);
 		unbecome_root(True);
 
-		if (smb_pass == NULL)
+		if (sam_pass == NULL)
 		{
 			status = 0xC0000000 | NT_STATUS_NO_SUCH_USER;
 		}
-		else if (IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_DISABLED) &&
-			 IS_BITS_CLR_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ))
+		else if (IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_DISABLED) &&
+			 IS_BITS_CLR_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ))
 		{
 			status =  0xC0000000 | NT_STATUS_ACCOUNT_DISABLED;
 		}
@@ -687,20 +676,20 @@ static void api_net_sam_logon( uint16 vuid,
 
 	/* validate password - if required */
 
-	if (status == 0 && !(IS_BITS_SET_ALL(smb_pass->acct_ctrl, ACB_PWNOTREQ)))
+	if (status == 0 && !(IS_BITS_SET_ALL(sam_pass->acct_ctrl, ACB_PWNOTREQ)))
 	{
 		switch (q_l.sam_id.logon_level)
 		{
 			case INTERACTIVE_LOGON_TYPE:
 			{
 				/* interactive login. */
-				status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, smb_pass, vuser);
+				status = net_login_interactive(&q_l.sam_id.ctr->auth.id1, sam_pass, vuser);
 				break;
 			}
 			case NET_LOGON_TYPE:
 			{
 				/* network login.  lm challenge and 24 byte responses */
-				status = net_login_network(&q_l.sam_id.ctr->auth.id2, smb_pass, vuser);
+				status = net_login_network(&q_l.sam_id.ctr->auth.id2, sam_pass, vuser);
 				break;
 			}
 		}
@@ -715,88 +704,60 @@ static void api_net_sam_logon( uint16 vuid,
 
 	if (status == 0)
 	{
-		DOM_GID *gids = NULL;
 		int num_gids = 0;
-		NTTIME dummy_time;
-		pstring logon_script;
-		pstring profile_path;
-		pstring home_dir;
-		pstring home_drive;
-		pstring my_name;
-		pstring my_workgroup;
 		DOMAIN_GRP *grp_mem;
-		uint32 r_uid;
-		uint32 r_gid;
 
 		/* set up pointer indicating user/password failed to be found */
 		usr_info.ptr_user_info = 0;
 
-		dummy_time.low  = 0xffffffff;
-		dummy_time.high = 0x7fffffff;
-
-		/* XXXX hack to get standard_sub_basic() to use sam logon username */
-		/* possibly a better way would be to do a become_user() call */
-		sam_logon_in_ssb = True;
-		pstrcpy(samlogon_user, nt_username);
-
-		pstrcpy(logon_script, lp_logon_script());
-		pstrcpy(profile_path, lp_logon_path());
-
-		pstrcpy(my_workgroup, lp_workgroup());
-
-		pstrcpy(home_drive, lp_logon_drive());
-		pstrcpy(home_dir, lp_logon_home());
-		pstrcpy(my_name, global_myname);
-		strupper(my_name);
-
-		status = lookup_user_rids(nt_username, &r_uid, &r_gid);
-		status = getusergroupsnam(nt_username, &grp_mem, &num_gids) ? 0 : 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
-
-		sam_logon_in_ssb = False;
+		if (!getusergroupsntnam(nt_username, &grp_mem, &num_gids))
+		{
+			status = 0xC0000000 | NT_STATUS_INVALID_PRIMARY_GROUP;
+		}
 
 		if (status == 0x0)
 		{
-			gids = NULL;
+			DOM_GID *gids = NULL;
 			num_gids = make_dom_gids(grp_mem, num_gids, &gids);
 
 			make_net_user_info3(&usr_info,
-				&dummy_time, /* logon_time */
-				&dummy_time, /* logoff_time */
-				&dummy_time, /* kickoff_time */
-				&dummy_time, /* pass_last_set_time */
-				&dummy_time, /* pass_can_change_time */
-				&dummy_time, /* pass_must_change_time */
-
-				nt_username   , /* user_name */
-				vuser->real_name, /* full_name */
-				logon_script    , /* logon_script */
-				profile_path    , /* profile_path */
-				home_dir        , /* home_dir */
-				home_drive      , /* dir_drive */
+				&sam_pass->logon_time,
+				&sam_pass->logoff_time,
+				&sam_pass->kickoff_time,
+				&sam_pass->pass_last_set_time,
+				&sam_pass->pass_can_change_time,
+				&sam_pass->pass_must_change_time,
+
+				sam_pass->nt_name         , /* user_name */
+				sam_pass->full_name       , /* full_name */
+				sam_pass->logon_script    , /* logon_script */
+				sam_pass->profile_path    , /* profile_path */
+				sam_pass->home_dir        , /* home_dir */
+				sam_pass->dir_drive       , /* dir_drive */
 
 				0, /* logon_count */
 				0, /* bad_pw_count */
 
-				r_uid   , /* RID user_id */
-				r_gid   , /* RID group_id */
+				sam_pass->user_rid   , /* RID user_id */
+				sam_pass->group_rid  , /* RID group_id */
 				num_gids,    /* uint32 num_groups */
 				gids    , /* DOM_GID *gids */
 				0x20    , /* uint32 user_flgs (?) */
 
 				NULL, /* char sess_key[16] */
 
-				my_name     , /* char *logon_srv */
-				my_workgroup, /* char *logon_dom */
-
-				&global_sam_sid,     /* DOM_SID *dom_sid */
+				global_myname  , /* char *logon_srv */
+				global_sam_name, /* char *logon_dom */
+				&global_sam_sid, /* DOM_SID *dom_sid */
 				NULL); /* char *other_sids */
-		}
 
-		/* Free any allocated groups array. */
-		if (gids)
-		{
-			free((char *)gids);
+			/* Free any allocated groups array. */
+			if (gids)
+			{
+				free((char *)gids);
+			}
 		}
+
 	}
 
 	net_reply_sam_logon(&q_l, rdata, &srv_cred, &usr_info, status);