weekend work. user / group database API.

- split sam_passwd and smb_passwd into separate higher-order function tables

- renamed struct smb_passwd's "smb_user" to "unix_user".  added "nt_user"
plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd
password databases to fill in the blank entries that are not obtained
from whatever password database API instance is being used.

NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST
be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c
for the only example outside of the password database APIs i could find.

- added query_useraliases code to rpcclient.

- dealt with some nasty interdependencies involving non-smbd programs
and the password database API.  this is still not satisfactorily
resolved completelely, but it's the best i can do for now.

- #ifdef'd out some password database options so that people don't
mistakenly set them unless they recompile to _use_ those options.

lots of debugging done, it's still not finished.  the unix/NT uid/gid
and user-rid/group-rid issues are better, but not perfect.  the "BUILTIN"
domain is still missing: users cannot be added to "BUILTIN" groups yet,
as we only have an "alias" db API and a "group" db API but not "builtin-alias"
db API...
(This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)

1 files changed, 50 insertions, 85 deletions

diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index ff782a7248..fb613c3c51 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -28,8 +28,6 @@
 
 extern int DEBUGLEVEL;
 
-extern BOOL sam_logon_in_ssb;
-extern pstring samlogon_user;
 extern fstring global_sam_name;
 extern pstring global_myname;
 extern DOM_SID global_sam_sid;
@@ -79,8 +77,8 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
 			continue;
 		}
 
-		user_name_len = strlen(pwd->smb_name);
-		make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len);
+		user_name_len = strlen(pwd->nt_name);
+		make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->nt_name, user_name_len);
 		make_uni_hdr(&(pw_buf[(*num_entries)].hdr_user_name), user_name_len, 
 		               user_name_len, 1);
 		pw_buf[(*num_entries)].user_rid = pwd->user_rid;
@@ -95,7 +93,7 @@ static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
 		pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
 
 		DEBUG(5, ("entry idx: %d user %s, rid 0x%x, acb %x",
-		          (*num_entries), pwd->smb_name,
+		          (*num_entries), pwd->nt_name,
 		          pwd->user_rid, pwd->acct_ctrl));
 
 		if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
@@ -401,7 +399,7 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
 	SAMR_R_ENUM_DOM_GROUPS r_e;
 	DOMAIN_GRP *grps = NULL;
 	int num_entries = 0;
-	BOOL got_grps;
+	BOOL got_grps = False;
 	DOM_SID sid;
 	fstring sid_str;
 
@@ -418,39 +416,29 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
 
 	DEBUG(5,("samr_reply_enum_dom_groups: sid %s\n", sid_str));
 
-	/* well-known groups */
-	if (sid_equal(&sid, &global_sid_S_1_5_20))
+	if (sid_equal(&sid, &global_sam_sid))
 	{
-		char *name;
+		BOOL ret;
 		got_grps = True;
 
-		while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[num_entries].name) != NULL))
-		{
-			DOMAIN_GRP tmp_grp;
-
-			fstrcpy(tmp_grp.name   , name);
-			fstrcpy(tmp_grp.comment, "");
-			tmp_grp.rid = domain_group_rids[num_entries].rid;
-			tmp_grp.attr = 0x7;
+		become_root(True);
+		ret = enumdomgroups(&grps, &num_entries);
+		unbecome_root(True);
 
-			if (!add_domain_group(&grps, &num_entries, &tmp_grp))
-			{
-				r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
-				break;
-			}
+		if (!ret)
+		{
+			r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
 		}
 	}
-	else if (sid_equal(&sid, &global_sam_sid))
+
+	if (r_e.status == 0x0 &&
+	    (sid_equal(&sid, &global_sam_sid) ||
+	     sid_equal(&sid, &global_sid_S_1_5_20)))
 	{
-		BOOL ret;
 		char *name;
 		int i = 0;
 		got_grps = True;
 
-		become_root(True);
-		ret = enumdomgroups(&grps, &num_entries);
-		unbecome_root(True);
-
 		while (num_entries < MAX_SAM_ENTRIES && ((name = domain_group_rids[i].name) != NULL))
 		{
 			DOMAIN_GRP tmp_grp;
@@ -468,11 +456,6 @@ static void samr_reply_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_u,
 
 			i++;
 		}
-
-		if (!ret)
-		{
-			r_e.status = 0xC0000000 | NT_STATUS_NO_MEMORY;
-		}
 	}
 
 	if (r_e.status == 0 && got_grps)
@@ -747,10 +730,10 @@ static void api_samr_query_aliasinfo( uint16 vuid, prs_struct *data, prs_struct
 static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
 				prs_struct *rdata)
 {
-	uint32 rid[MAX_SAM_ENTRIES];
-	uint32 status     = 0;
+	uint32 status = 0;
+
+	uint32 *rid = NULL;
 	int num_rids = 0;
-	int i;
 	struct sam_passwd *sam_pass;
 	DOM_SID usr_sid;
 	DOM_SID dom_sid;
@@ -774,12 +757,6 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
 		sid_to_string(sam_sid_str, &global_sam_sid);
 	}
 
-	if (num_rids > MAX_SAM_ENTRIES)
-	{
-		num_rids = MAX_SAM_ENTRIES;
-		DEBUG(5,("samr_query_useraliases: truncating entries to %d\n", num_rids));
-	}
-
 	if (status == 0x0)
 	{
 		usr_sid = q_u->sid[0].sid;
@@ -811,17 +788,18 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
 		else if (sid_equal(&dom_sid, &usr_sid))
 		{
 			LOCAL_GRP *mem_grp = NULL;
+			num_rids = 0;
 
 			DEBUG(10,("lookup on Domain SID\n"));
 
 			become_root(True);
-			getuseraliasnam(sam_pass->smb_name, &mem_grp, &num_rids);
+			getuseraliasntnam(sam_pass->nt_name, &mem_grp, &num_rids);
 			unbecome_root(True);
 
-			num_rids = MIN(num_rids, MAX_SAM_ENTRIES);
-
-			if (mem_grp != NULL)
+			rid = malloc(num_rids * sizeof(uint32));
+			if (mem_grp != NULL && rid != NULL)
 			{
+				int i;
 				for (i = 0; i < num_rids; i++)
 				{
 					rid[i] = mem_grp[i].rid;
@@ -840,6 +818,11 @@ static void samr_reply_query_useraliases(SAMR_Q_QUERY_USERALIASES *q_u,
 	/* store the response in the SMB stream */
 	samr_io_r_query_useraliases("", &r_u, rdata, 0);
 
+	if (rid != NULL)
+	{
+		free(rid);
+	}
+
 	DEBUG(5,("samr_query_useraliases: %d\n", __LINE__));
 
 }
@@ -1150,27 +1133,21 @@ static void api_samr_open_user( uint16 vuid, prs_struct *data, prs_struct *rdata
  *************************************************************************/
 static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
 {
-	struct smb_passwd *smb_pass;
-
-	if (!pwdb_rid_is_user(user_rid))
-	{
-		DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
-		return False;
-	}
+	struct sam_passwd *sam_pass;
 
 	become_root(True);
-	smb_pass = getsmbpwrid(user_rid);
+	sam_pass = getsam21pwrid(user_rid);
 	unbecome_root(True);
 
-	if (smb_pass == NULL)
+	if (sam_pass == NULL)
 	{
 		DEBUG(4,("User 0x%x not found\n", user_rid));
 		return False;
 	}
 
-	DEBUG(3,("User:[%s]\n", smb_pass->smb_name));
+	DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
 
-	make_sam_user_info10(id10, smb_pass->acct_ctrl); 
+	make_sam_user_info10(id10, sam_pass->acct_ctrl); 
 
 	return True;
 }
@@ -1180,17 +1157,10 @@ static BOOL get_user_info_10(SAM_USER_INFO_10 *id10, uint32 user_rid)
  *************************************************************************/
 static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
 {
-	NTTIME dummy_time;
 	struct sam_passwd *sam_pass;
 	LOGON_HRS hrs;
 	int i;
 
-	if (!pwdb_rid_is_user(user_rid))
-	{
-		DEBUG(4,("RID 0x%x is not a user RID\n", user_rid));
-		return False;
-	}
-
 	become_root(True);
 	sam_pass = getsam21pwrid(user_rid);
 	unbecome_root(True);
@@ -1201,12 +1171,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
 		return False;
 	}
 
-	DEBUG(3,("User:[%s]\n", sam_pass->smb_name));
-
-	dummy_time.low  = 0xffffffff;
-	dummy_time.high = 0x7fffffff;
-
-	DEBUG(0,("get_user_info_21 - TODO: convert unix times to NTTIMEs\n"));
+	DEBUG(3,("User:[%s]\n", sam_pass->nt_name));
 
 	/* create a LOGON_HRS structure */
 	hrs.len = sam_pass->hours_len;
@@ -1218,14 +1183,14 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
 
 	make_sam_user_info21(id21,
 
-			   &dummy_time, /* logon_time */
-			   &dummy_time, /* logoff_time */
-			   &dummy_time, /* kickoff_time */
-			   &dummy_time, /* pass_last_set_time */
-			   &dummy_time, /* pass_can_change_time */
-			   &dummy_time, /* pass_must_change_time */
+			   &sam_pass->logon_time,
+			   &sam_pass->logoff_time,
+			   &sam_pass->kickoff_time,
+			   &sam_pass->pass_last_set_time,
+			   &sam_pass->pass_can_change_time,
+			   &sam_pass->pass_must_change_time,
 
-			   sam_pass->smb_name, /* user_name */
+			   sam_pass->nt_name, /* user_name */
 			   sam_pass->full_name, /* full_name */
 			   sam_pass->home_dir, /* home_dir */
 			   sam_pass->dir_drive, /* dir_drive */
@@ -1238,13 +1203,13 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 user_rid)
 
 			   sam_pass->user_rid, /* RID user_id */
 			   sam_pass->group_rid, /* RID group_id */
-		       sam_pass->acct_ctrl,
+	                   sam_pass->acct_ctrl,
 
-	           sam_pass->unknown_3, /* unknown_3 */
-		       sam_pass->logon_divs, /* divisions per week */
-			   &hrs, /* logon hours */
-		       sam_pass->unknown_5,
-		       sam_pass->unknown_6);
+	                   sam_pass->unknown_3, /* unknown_3 */
+	                   sam_pass->logon_divs, /* divisions per week */
+	                   &hrs, /* logon hours */
+	                   sam_pass->unknown_5,
+	                   sam_pass->unknown_6);
 
 	return True;
 }
@@ -1393,7 +1358,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
 		DOMAIN_GRP *mem_grp = NULL;
 
 		become_root(True);
-		getusergroupsnam(sam_pass->smb_name, &mem_grp, &num_groups);
+		getusergroupsntnam(sam_pass->nt_name, &mem_grp, &num_groups);
 		unbecome_root(True);
 
                 gids = NULL;
@@ -1559,7 +1524,7 @@ static void api_samr_unknown_32( uint16 vuid, prs_struct *data, prs_struct *rdat
 	                            q_u.uni_mach_acct.uni_str_len));
 
 	become_root(True);
-	sam_pass = getsam21pwnam(mach_acct);
+	sam_pass = getsam21pwntnam(mach_acct);
 	unbecome_root(True);
 
 	if (sam_pass != NULL)