diff options
author | Jean-François Micouleau <jfm@samba.org> | 2001-12-06 13:09:15 +0000 |
---|---|---|
committer | Jean-François Micouleau <jfm@samba.org> | 2001-12-06 13:09:15 +0000 |
commit | e0066d2dd4d9a657d1fbcb474e66a304a64e2a31 (patch) | |
tree | f8b355b557e836a275cd427b967801c50b2b9ca9 /source3 | |
parent | 0069985ce3e37ac35b4a3ba9fb8d58ceae0be152 (diff) | |
download | samba-e0066d2dd4d9a657d1fbcb474e66a304a64e2a31.tar.gz samba-e0066d2dd4d9a657d1fbcb474e66a304a64e2a31.tar.bz2 samba-e0066d2dd4d9a657d1fbcb474e66a304a64e2a31.zip |
again an intrusive patch:
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the
definition of standard_sub_basic() to cope with that.
- removed the smb.conf: 'domain admin group' and 'domain guest group'
parameters ! We're not playing anymore with the user's group RIDs !
- in get_domain_user_groups(), if the user's gid is a group, put it first
in the group RID list.
I just have to write an HOWTO now ;-)
J.F.
(This used to be commit fef52c4b96c987115fb1818c00c2352c67790e50)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/auth/auth_domain.c | 3 | ||||
-rw-r--r-- | source3/auth/auth_server.c | 3 | ||||
-rw-r--r-- | source3/lib/substitute.c | 20 | ||||
-rw-r--r-- | source3/param/loadparm.c | 24 | ||||
-rw-r--r-- | source3/passdb/nispass.c | 11 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 16 | ||||
-rw-r--r-- | source3/passdb/pdb_nisplus.c | 6 | ||||
-rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 20 | ||||
-rw-r--r-- | source3/passdb/pdb_tdb.c | 2 | ||||
-rw-r--r-- | source3/rpc_parse/parse_net.c | 46 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 22 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 7 | ||||
-rw-r--r-- | source3/rpc_server/srv_util.c | 208 | ||||
-rw-r--r-- | source3/smbd/message.c | 4 |
14 files changed, 122 insertions, 270 deletions
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index 125b3aa029..6b048e5021 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -25,6 +25,7 @@ BOOL global_machine_password_needs_changing = False; extern pstring global_myname; +extern userdom_struct current_user_info; /*********************************************************************** Connect to a remote machine for domain security authentication @@ -62,7 +63,7 @@ static BOOL connect_to_domain_password_server(struct cli_state *pcli, fstrcpy(remote_machine, server); } - standard_sub_basic(remote_machine); + standard_sub_basic(current_user_info.smb_name, remote_machine); strupper(remote_machine); if(!resolve_name( remote_machine, &dest_ip, 0x20)) { diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 4608c639eb..8d9b9f9819 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -23,6 +23,7 @@ #include "includes.h" extern pstring global_myname; +extern userdom_struct current_user_info; /**************************************************************************** Support for server level security. @@ -46,7 +47,7 @@ static struct cli_state *server_cryptkey(void) p = pserver; while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { - standard_sub_basic(desthost); + standard_sub_basic(current_user_info.smb_name, desthost); strupper(desthost); if(!resolve_name( desthost, &dest_ip, 0x20)) { diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 033be16062..2669929920 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -25,8 +25,6 @@ fstring local_machine=""; fstring remote_arch="UNKNOWN"; userdom_struct current_user_info; -pstring samlogon_user=""; -BOOL sam_logon_in_ssb = False; fstring remote_proto="UNKNOWN"; fstring remote_machine=""; extern pstring global_myname; @@ -168,7 +166,7 @@ static char *automount_server(char *user_name) /**************************************************************************** Do some standard substitutions in a string. ****************************************************************************/ -void standard_sub_basic(char *str) +void standard_sub_basic(char *smb_name, char *str) { char *p, *s; fstring pidstr; @@ -181,12 +179,12 @@ void standard_sub_basic(char *str) switch (*(p+1)) { case 'U' : - fstrcpy(tmp_str, sam_logon_in_ssb?samlogon_user:current_user_info.smb_name); + fstrcpy(tmp_str, smb_name); strlower(tmp_str); string_sub(p,"%U",tmp_str,l); break; case 'G' : - fstrcpy(tmp_str, sam_logon_in_ssb?samlogon_user:current_user_info.smb_name); + fstrcpy(tmp_str, smb_name); if ((pass = Get_Pwnam(tmp_str))!=NULL) { string_sub(p,"%G",gidtoname(pass->pw_gid),l); } else { @@ -232,7 +230,7 @@ void standard_sub_basic(char *str) /**************************************************************************** Do some standard substitutions in a string. ****************************************************************************/ -void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, char *str) +void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, char *smb_name, char *str) { char *p, *s, *home; @@ -282,7 +280,7 @@ void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, c } } - standard_sub_basic(str); + standard_sub_basic(smb_name, str); } /**************************************************************************** @@ -290,7 +288,7 @@ void standard_sub_advanced(int snum, char *user, char *connectpath, gid_t gid, c ****************************************************************************/ void standard_sub_conn(connection_struct *conn, char *str) { - standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, str); + standard_sub_advanced(SNUM(conn), conn->user, conn->connectpath, conn->gid, current_user_info.smb_name, str); } /**************************************************************************** @@ -309,7 +307,7 @@ void standard_sub_snum(int snum, char *str) cached_uid = current_user.uid; } - standard_sub_advanced(snum, cached_user, "", -1, str); + standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str); } /******************************************************************* @@ -317,7 +315,7 @@ void standard_sub_snum(int snum, char *str) ********************************************************************/ void standard_sub_vuser(char *str, user_struct *vuser) { - standard_sub_advanced(-1, vuser->user.unix_name, "", -1, str); + standard_sub_advanced(-1, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); } /******************************************************************* @@ -325,5 +323,5 @@ void standard_sub_vuser(char *str, user_struct *vuser) ********************************************************************/ void standard_sub_vsnum(char *str, user_struct *vuser, int snum) { - standard_sub_advanced(snum, vuser->user.unix_name, "", -1, str); + standard_sub_advanced(snum, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index dd7cb49ac9..038ccea782 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -54,6 +54,7 @@ BOOL in_client = False; /* Not in the client by default */ BOOL bLoaded = False; +extern userdom_struct current_user_info; extern int DEBUGLEVEL_CLASS[DBGC_LAST]; extern pstring user_socket_options; extern pstring global_myname; @@ -115,8 +116,6 @@ typedef struct char *szWorkGroup; char *szRealm; char *szADSserver; - char **szDomainAdminGroup; - char **szDomainGuestGroup; char *szUsernameMap; char *szLogonScript; char *szLogonPath; @@ -881,13 +880,10 @@ static struct parm_struct parm_table[] = { {"Domain Options", P_SEP, P_SEPARATOR}, - {"domain admin group", P_LIST, P_GLOBAL, &Globals.szDomainAdminGroup, NULL, NULL, 0}, - {"domain guest group", P_LIST, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0}, - {"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0}, {"Logon Options", P_SEP, P_SEPARATOR}, - + {"add user script", P_STRING, P_GLOBAL, &Globals.szAddUserScript, NULL, NULL, 0}, {"delete user script", P_STRING, P_GLOBAL, &Globals.szDelUserScript, NULL, NULL, 0}, {"add group script", P_STRING, P_GLOBAL, &Globals.szAddGroupScript, NULL, NULL, 0}, @@ -1391,7 +1387,7 @@ static char *lp_string(const char *s) trim_string(ret, "\"", "\""); - standard_sub_basic(ret); + standard_sub_basic(current_user_info.smb_name,ret); return (ret); } @@ -1486,8 +1482,6 @@ FN_GLOBAL_STRING(lp_shutdown_script, &Globals.szShutdownScript) FN_GLOBAL_STRING(lp_abort_shutdown_script, &Globals.szAbortShutdownScript) FN_GLOBAL_STRING(lp_wins_hook, &Globals.szWINSHook) -FN_GLOBAL_LIST(lp_domain_admin_group, &Globals.szDomainAdminGroup) -FN_GLOBAL_LIST(lp_domain_guest_group, &Globals.szDomainGuestGroup) FN_GLOBAL_STRING(lp_template_homedir, &Globals.szTemplateHomedir) FN_GLOBAL_STRING(lp_template_shell, &Globals.szTemplateShell) FN_GLOBAL_STRING(lp_winbind_separator, &Globals.szWinbindSeparator) @@ -2189,7 +2183,7 @@ BOOL lp_file_list_changed(void) time_t mod_time; pstrcpy(n2, f->name); - standard_sub_basic(n2); + standard_sub_basic(current_user_info.smb_name, n2); DEBUGADD(6, ("file %s -> %s last mod_time: %s\n", f->name, n2, ctime(&f->modtime))); @@ -2223,7 +2217,7 @@ static BOOL handle_netbios_name(char *pszParmValue, char **ptr) pstrcpy(netbios_name, pszParmValue); - standard_sub_basic(netbios_name); + standard_sub_basic(current_user_info.smb_name, netbios_name); strupper(netbios_name); pstrcpy(global_myname, netbios_name); @@ -2305,7 +2299,7 @@ static BOOL handle_source_env(char *pszParmValue, char **ptr) pstrcpy(fname, pszParmValue); - standard_sub_basic(fname); + standard_sub_basic(current_user_info.smb_name, fname); string_set(ptr, pszParmValue); @@ -2363,7 +2357,7 @@ static BOOL handle_include(char *pszParmValue, char **ptr) pstring fname; pstrcpy(fname, pszParmValue); - standard_sub_basic(fname); + standard_sub_basic(current_user_info.smb_name, fname); add_to_file_list(pszParmValue, fname); @@ -3294,7 +3288,7 @@ BOOL lp_load(char *pszFname, BOOL global_only, BOOL save_defaults, BOOL bRetval; pstrcpy(n2, pszFname); - standard_sub_basic(n2); + standard_sub_basic(current_user_info.smb_name, n2); add_to_file_list(pszFname, n2); @@ -3416,7 +3410,7 @@ int lp_servicenumber(const char *pszServiceName) * service names */ fstrcpy(serviceName, ServicePtrs[iService]->szService); - standard_sub_basic(serviceName); + standard_sub_basic(current_user_info.smb_name, serviceName); if (strequal(serviceName, pszServiceName)) break; } diff --git a/source3/passdb/nispass.c b/source3/passdb/nispass.c index 3b7b90307d..2b1f6b5492 100644 --- a/source3/passdb/nispass.c +++ b/source3/passdb/nispass.c @@ -46,8 +46,6 @@ #include <rpcsvc/nis.h> extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; static VOLATILE sig_atomic_t gotalarm; @@ -295,12 +293,7 @@ static BOOL make_sam_from_nisp_object(struct sam_passwd *pw_buf, nis_object *obj strtol(temp, NULL, 16) : pdb_uid_to_user_rid (pw_buf->smb_userid); if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') { - - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a change_to_user() call */ - pstrcpy(samlogon_user, pw_buf->smb_name); - sam_logon_in_ssb = True; - + get_single_attribute(obj, NPF_GROUP_RID, temp, sizeof(pstring)); if (strlen(temp) > 0) @@ -332,8 +325,6 @@ static BOOL make_sam_from_nisp_object(struct sam_passwd *pw_buf, nis_object *obj #endif get_single_attribute(obj, NPF_ACCT_DESC, acct_desc, sizeof(pstring)); get_single_attribute(obj, NPF_WORKSTATIONS, workstations, sizeof(pstring)); - - sam_logon_in_ssb = False; } else { diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index f54121cf63..fa4946b093 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -121,8 +121,6 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) pstring str; GROUP_MAP map; uint32 rid; - extern BOOL sam_logon_in_ssb; - extern pstring samlogon_user; if (!pwd) { new_sam_acct = NULL; @@ -149,28 +147,22 @@ BOOL pdb_init_sam_pw(SAM_ACCOUNT **new_sam_acct, const struct passwd *pwd) rid=pdb_gid_to_group_rid(pwd->pw_gid); pdb_set_group_rid(*new_sam_acct, rid); - /* UGLY, UGLY HACK!!! */ - pstrcpy(samlogon_user, pwd->pw_name); - - sam_logon_in_ssb = True; - pstrcpy(str, lp_logon_path()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); pdb_set_profile_path(*new_sam_acct, str); pstrcpy(str, lp_logon_home()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); pdb_set_homedir(*new_sam_acct, str); pstrcpy(str, lp_logon_drive()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); pdb_set_dir_drive(*new_sam_acct, str); pstrcpy(str, lp_logon_script()); - standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, str); + standard_sub_advanced(-1, pwd->pw_name, "", pwd->pw_gid, pwd->pw_name, str); pdb_set_logon_script(*new_sam_acct, str); - sam_logon_in_ssb = False; return True; } diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index 9fc4a0a65a..2820fa1414 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -47,8 +47,6 @@ #include <rpcsvc/nis.h> extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; struct nisp_enum_info { @@ -322,10 +320,6 @@ static BOOL make_sam_from_nisp_object(SAM_ACCOUNT *pw_buf, const nis_object *obj /* values, must exist for user */ if( !(pdb_get_acct_ctrl(pw_buf) & ACB_WSTRUST) ) { - /* FIXME!! This doesn't belong here. - Should be set in net_sam_logon() - --jerry */ - pstrcpy(samlogon_user, pdb_get_username(pw_buf)); get_single_attribute(obj, NPF_HOME_DIR, home_dir, sizeof(pstring)); if( !(home_dir && *home_dir) ) diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index e5b1ec97f7..9cfad2540c 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -44,8 +44,6 @@ struct smb_passwd }; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; extern struct passdb_ops pdb_ops; /* used for maintain locks on the smbpasswd file */ @@ -1210,12 +1208,6 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw pdb_set_uid (sam_pass, &pwfile->pw_uid); pdb_set_gid (sam_pass, &pwfile->pw_gid); - - /* FIXME!! This doesn't belong here. Should be set in net_sam_logon() - --jerry */ - - pstrcpy(samlogon_user, pw_buf->smb_name); - sam_logon_in_ssb = True; pdb_set_fullname(sam_pass, pwfile->pw_gecos); @@ -1251,32 +1243,30 @@ static BOOL build_sam_account(SAM_ACCOUNT *sam_pass, const struct smb_passwd *pw pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE); /* check if this is a user account or a machine account */ - if (samlogon_user[strlen(samlogon_user)-1] != '$') + if (pw_buf->smb_name[strlen(pw_buf->smb_name)-1] != '$') { pstring str; pstrcpy(str, lp_logon_path()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); pdb_set_profile_path(sam_pass, str); pstrcpy(str, lp_logon_home()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); pdb_set_homedir(sam_pass, str); pstrcpy(str, lp_logon_drive()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); pdb_set_dir_drive(sam_pass, str); pstrcpy(str, lp_logon_script()); - standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, str); + standard_sub_advanced(-1, pwfile->pw_name, "", pwfile->pw_gid, pw_buf->smb_name, str); pdb_set_logon_script(sam_pass, str); } else { /* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. */ /*pdb_set_group_rid (sam_pass, DOMAIN_GROUP_RID_USERS); */ } - - sam_logon_in_ssb = False; return True; } diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 332118425b..1f1d1ab455 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -31,8 +31,6 @@ #define RIDPREFIX "RID_" extern int DEBUGLEVEL; -extern pstring samlogon_user; -extern BOOL sam_logon_in_ssb; struct tdb_enum_info { TDB_CONTEXT *passwd_tdb; diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 5c8da80c01..926c73f016 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1264,7 +1264,7 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, SAM_ACCOUNT *sam usr->user_rid = pdb_get_user_rid(sampw); usr->group_rid = pdb_get_group_rid(sampw); - usr->num_groups = num_groups+1; + usr->num_groups = num_groups; usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */ usr->user_flgs = user_flgs; @@ -1293,20 +1293,14 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, SAM_ACCOUNT *sam init_unistr2(&usr->uni_home_dir, home_dir, len_home_dir); init_unistr2(&usr->uni_dir_drive, dir_drive, len_dir_drive); - /* always have at least one group == the user's primary group */ - usr->num_groups2 = num_groups+1; + usr->num_groups2 = num_groups; - usr->gids = (DOM_GID *)talloc_zero(ctx,sizeof(DOM_GID) * (num_groups+1)); + usr->gids = (DOM_GID *)talloc_zero(ctx,sizeof(DOM_GID) * (num_groups)); if (usr->gids == NULL) return; - /* primary group **MUST** go first. NT4's winmsd.exe will give - "The Network statistics are currently not available. 9-5" - What the heck is this? -- jerry */ - usr->gids[0].g_rid = usr->group_rid; - usr->gids[0].attr = 0x07; for (i = 0; i < num_groups; i++) - usr->gids[i+1] = gids[i]; + usr->gids[i] = gids[i]; init_unistr2(&usr->uni_logon_srv, logon_srv, len_logon_srv); init_unistr2(&usr->uni_logon_dom, logon_dom, len_logon_dom); @@ -1358,17 +1352,17 @@ static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, if(!smb_io_time("must change time", &usr->pass_must_change_time, ps, depth)) /* password must change time */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_user_name, ps, depth)) /* username unicode string header */ + if(!smb_io_unihdr("hdr_user_name", &usr->hdr_user_name, ps, depth)) /* username unicode string header */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */ + if(!smb_io_unihdr("hdr_full_name", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */ + if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */ + if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */ + if(!smb_io_unihdr("hdr_home_dir", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */ + if(!smb_io_unihdr("hdr_dir_drive", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */ return False; if(!prs_uint16("logon_count ", ps, depth, &usr->logon_count)) /* logon count */ @@ -1390,9 +1384,9 @@ static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* unused user session key */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */ + if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */ return False; - if(!smb_io_unihdr("unihdr", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */ + if(!smb_io_unihdr("hdr_logon_dom", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */ return False; if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */ @@ -1412,17 +1406,17 @@ static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, } } - if(!smb_io_unistr2("unistr2", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */ + if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */ return False; - if(!smb_io_unistr2("unistr2", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */ + if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */ return False; - if(!smb_io_unistr2("unistr2", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */ + if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */ return False; - if(!smb_io_unistr2("unistr2", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */ + if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */ return False; - if(!smb_io_unistr2("unistr2", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */ + if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */ return False; - if(!smb_io_unistr2("unistr2", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */ + if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */ return False; if(!prs_align(ps)) @@ -1441,9 +1435,9 @@ static BOOL net_io_user_info3(char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, return False; } - if(!smb_io_unistr2("unistr2", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */ + if(!smb_io_unistr2("uni_logon_srv", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */ return False; - if(!smb_io_unistr2("unistr2", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */ + if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_srv.buffer, ps, depth)) /* logon domain unicode string */ return False; if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */ diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 5f85d4db9c..d15175d4ae 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -27,8 +27,6 @@ #include "includes.h" -extern BOOL sam_logon_in_ssb; -extern pstring samlogon_user; extern pstring global_myname; extern DOM_SID global_sam_sid; @@ -642,16 +640,10 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * int num_gids = 0; pstring my_name; pstring my_workgroup; - pstring domain_groups; /* set up pointer indicating user/password failed to be found */ usr_info->ptr_user_info = 0; - /* XXXX hack to get standard_sub_basic() to use sam logon username */ - /* possibly a better way would be to do a change_to_user() call */ - sam_logon_in_ssb = True; - pstrcpy(samlogon_user, nt_username); - pstrcpy(my_workgroup, lp_workgroup()); pstrcpy(my_name, global_myname); strupper(my_name); @@ -664,17 +656,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * * JRA. */ - *domain_groups = 0; - - get_domain_user_groups(domain_groups, nt_username); - - /* - * make_dom_gids allocates the gids array. JRA. - */ - gids = NULL; - num_gids = make_dom_gids(p->mem_ctx, domain_groups, &gids); - - sam_logon_in_ssb = False; + gids = NULL; + get_domain_user_groups(p->mem_ctx, &num_gids, &gids, server_info->sam_account); init_net_user_info3(p->mem_ctx, usr_info, server_info->sam_account, 0, /* logon_count */ @@ -687,6 +670,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * my_workgroup, /* char *logon_dom */ &global_sam_sid, /* DOM_SID *dom_sid */ NULL); /* char *other_sids */ + } free_server_info(&server_info); return status; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5e19fd1e7c..853a130859 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1854,11 +1854,13 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S if (ret == False) { samr_clear_sam_passwd(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } - if(!new_get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) { + if(!get_domain_user_groups(p->mem_ctx, &num_groups, &gids, sam_pass)) { samr_clear_sam_passwd(sam_pass); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_GROUP; } @@ -1868,6 +1870,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__)); samr_clear_sam_passwd(sam_pass); + pdb_free_sam(&sam_pass); return r_u->status; } @@ -2745,7 +2748,7 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, for (i=0; i<q_u->num_sids1; i++) { - r_u->status=new_get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid)); + r_u->status=get_alias_user_groups(p->mem_ctx, &info->sid, &tmp_num_groups, &tmp_rids, &(q_u->sid[i].sid)); /* * if there is an error, we just continue as diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 80090cf6e0..5c781c20ae 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -76,84 +76,10 @@ rid_name domain_group_rids[] = { 0 , NULL } }; -int make_dom_gids(TALLOC_CTX *ctx, char *gids_str, DOM_GID **ppgids) -{ - char *ptr; - pstring s2; - int count; - DOM_GID *gids; - - *ppgids = NULL; - - DEBUG(4,("make_dom_gids: %s\n", gids_str)); - - if (gids_str == NULL || *gids_str == 0) - return 0; - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)); - count++) - ; - - gids = (DOM_GID *)talloc(ctx, sizeof(DOM_GID) * count ); - if(!gids) - { - DEBUG(0,("make_dom_gids: talloc fail !\n")); - return 0; - } - - for (count = 0, ptr = gids_str; - next_token(&ptr, s2, NULL, sizeof(s2)) && - count < LSA_MAX_GROUPS; - count++) - { - /* the entries are of the form GID/ATTR, ATTR being optional.*/ - char *attr; - uint32 rid = 0; - int i; - - attr = strchr_m(s2,'/'); - if (attr) - *attr++ = 0; - - if (!attr || !*attr) - attr = "7"; /* default value for attribute is 7 */ - - /* look up the RID string and see if we can turn it into a rid number */ - for (i = 0; builtin_alias_rids[i].name != NULL; i++) - { - if (strequal(builtin_alias_rids[i].name, s2)) - { - rid = builtin_alias_rids[i].rid; - break; - } - } - - if (rid == 0) - rid = atoi(s2); - - if (rid == 0) - { - DEBUG(1,("make_dom_gids: unknown well-known alias RID %s/%s\n", s2, attr)); - count--; - } - else - { - gids[count].g_rid = rid; - gids[count].attr = atoi(attr); - - DEBUG(5,("group id: %d attr: %d\n", gids[count].g_rid, gids[count].attr)); - } - } - - *ppgids = gids; - return count; -} - /******************************************************************* gets a domain user's groups ********************************************************************/ -NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid) +NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, uint32 **prids, DOM_SID *q_sid) { SAM_ACCOUNT *sam_pass=NULL; char *sep; @@ -186,7 +112,7 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups sep = lp_winbind_separator(); - DEBUG(10,("new_get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", + DEBUG(10,("get_alias_user_groups: looking if SID %s is a member of groups in the SID domain %s\n", sid_to_string(str_qsid, q_sid), sid_to_string(str_domsid, sid))); sid_peek_rid(q_sid, &rid); @@ -195,27 +121,30 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups become_root(); ret = pdb_getsampwrid(sam_pass, rid); unbecome_root(); - if (ret == False) + if (ret == False) { + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; + } fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); gid=pdb_get_gid(sam_pass); grp = glist = getgrent_list(); - if (grp == NULL) + if (grp == NULL) { + pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; - + } for (; grp != NULL; grp = grp->next) { if(!get_group_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)) { - DEBUG(10,("new_get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid)); + DEBUG(10,("get_alias_user_groups: gid %d. not found\n", (int)grp->gr_gid)); continue; } /* if it's not an alias, continue */ if (map.sid_name_use!=SID_NAME_ALIAS) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); continue; } @@ -224,24 +153,24 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups /* if the sid is not in the correct domain, continue */ if (!sid_equal(&tmp_sid, sid)) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); continue; } /* Don't return winbind groups as they are not local! */ if (strchr_m(map.nt_name, *sep) != NULL) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name)); continue; } /* Don't return user private groups... */ if (Get_Pwnam(map.nt_name) != 0) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name)); continue; } /* the group is fine, we can check if there is the user we're looking for */ - DEBUG(10,("new_get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: checking if the user is a member of %s.\n", map.nt_name)); for(num=0; grp->gr_mem[num]!=NULL; num++) { if(strcmp(grp->gr_mem[num], user_name)==0) { @@ -249,69 +178,70 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1)); if (new_rids==NULL) { - DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n")); + DEBUG(10,("get_alias_user_groups: could not realloc memory\n")); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; } rids=new_rids; sid_peek_rid(&map.sid, &(rids[cur_rid])); - DEBUG(10,("new_get_alias_user_groups: user found in group %s\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: user found in group %s\n", map.nt_name)); cur_rid++; break; } } - } - + grent_free(glist); - + /* now check for the user's gid (the primary group rid) */ for (i=0; i<cur_rid && grid!=rids[i]; i++) ; - + /* the user's gid is already there */ if (i!=cur_rid) { - DEBUG(10,("new_get_alias_user_groups: user is already in the list. good.\n")); + DEBUG(10,("get_alias_user_groups: user is already in the list. good.\n")); goto done; } - - DEBUG(10,("new_get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name)); - + + DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)*gid, user_name)); + if(!get_group_from_gid(*gid, &map, MAPPING_WITHOUT_PRIV)) { - DEBUG(0,("new_get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name)); + DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name)); goto done; } - + /* the primary group isn't an alias */ if (map.sid_name_use!=SID_NAME_ALIAS) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name)); goto done; } sid_copy(&tmp_sid, &map.sid); sid_split_rid(&tmp_sid, &rid); - + /* if the sid is not in the correct domain, continue */ if (!sid_equal(&tmp_sid, sid)) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); + DEBUG(10,("get_alias_user_groups: not returing %s, not in the domain SID.\n", map.nt_name)); goto done; } /* Don't return winbind groups as they are not local! */ if (strchr_m(map.nt_name, *sep) != NULL) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, not local.\n", map.nt_name )); + DEBUG(10,("get_alias_user_groups: not returing %s, not local.\n", map.nt_name )); goto done; } /* Don't return user private groups... */ if (Get_Pwnam(map.nt_name) != 0) { - DEBUG(10,("new_get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name )); + DEBUG(10,("get_alias_user_groups: not returing %s, clashes with user.\n", map.nt_name )); goto done; } new_rids=(uint32 *)Realloc(rids, sizeof(uint32)*(cur_rid+1)); if (new_rids==NULL) { - DEBUG(10,("new_get_alias_user_groups: could not realloc memory\n")); + DEBUG(10,("get_alias_user_groups: could not realloc memory\n")); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_MEMORY; } rids=new_rids; @@ -322,7 +252,8 @@ NTSTATUS new_get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups done: *prids=rids; *numgroups=cur_rid; - + pdb_free_sam(&sam_pass); + return NT_STATUS_OK; } @@ -330,7 +261,7 @@ done: /******************************************************************* gets a domain user's groups ********************************************************************/ -BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass) +BOOL get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids, SAM_ACCOUNT *sam_pass) { GROUP_MAP *map=NULL; int i, num, num_entries, cur_gid=0; @@ -345,13 +276,12 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); - DEBUG(10,("new_get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name)); + DEBUG(10,("get_domain_user_groups: searching domain groups [%s] is a member of\n", user_name)); /* first get the list of the domain groups */ if (!enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED, MAPPING_WITHOUT_PRIV)) return False; - DEBUG(10,("new_get_domain_user_groups: there are %d mapped groups\n", num_entries)); - + DEBUG(10,("get_domain_user_groups: there are %d mapped groups\n", num_entries)); /* * alloc memory. In the worse case, we alloc memory for nothing. @@ -364,7 +294,7 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids for(i=0; i<num_entries; i++) { if ((grp=getgrgid(map[i].gid)) == NULL) { /* very weird !!! */ - DEBUG(5,("new_get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid)); + DEBUG(5,("get_domain_user_groups: gid %d doesn't exist anymore !\n", (int)map[i].gid)); continue; } @@ -372,8 +302,8 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids if(strcmp(grp->gr_mem[num], user_name)==0) { /* we found the user, add the group to the list */ sid_peek_rid(&map[i].sid, &(gids[cur_gid].g_rid)); - gids[cur_gid].attr=map[i].sid_name_use; - DEBUG(10,("new_get_domain_user_groups: user found in group %s\n", map[i].nt_name)); + gids[cur_gid].attr=7; + DEBUG(10,("get_domain_user_groups: user found in group %s\n", map[i].nt_name)); cur_gid++; break; } @@ -387,22 +317,36 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids /* the user's gid is already there */ if (i!=cur_gid) { + /* + * the primary group of the user but be the first one in the list + * don't ask ! JFM. + */ + gids[i].g_rid=gids[0].g_rid; + gids[0].g_rid=grid; goto done; } for(i=0; i<num_entries; i++) { sid_peek_rid(&map[i].sid, &tmp_rid); if (tmp_rid==grid) { - gids[cur_gid].g_rid=tmp_rid; - gids[cur_gid].attr=map[i].sid_name_use; - DEBUG(10,("new_get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name)); + /* + * the primary group of the user but be the first one in the list + * don't ask ! JFM. + */ + gids[cur_gid].g_rid=gids[0].g_rid; + gids[0].g_rid=tmp_rid; + gids[cur_gid].attr=7; + DEBUG(10,("get_domain_user_groups: primary gid of user found in group %s\n", map[i].nt_name)); cur_gid++; goto done; /* leave the loop early */ } } + DEBUG(0,("get_domain_user_groups: primary gid of user [%s] is not a Domain group !\n", user_name)); + DEBUGADD(0,("get_domain_user_groups: You should fix it, NT doesn't like that\n")); + done: - *pgids=gids; + *pgids=gids; *numgroups=cur_gid; safe_free(map); @@ -410,40 +354,6 @@ BOOL new_get_domain_user_groups(TALLOC_CTX *ctx, int *numgroups, DOM_GID **pgids } /******************************************************************* - gets a domain user's groups - ********************************************************************/ -void get_domain_user_groups(char *domain_groups, const char *user) -{ - pstring tmp; - - if (domain_groups == NULL || user == NULL) return; - - /* can only be a user or a guest. cannot be guest _and_ admin */ - if (user_in_list(user, lp_domain_guest_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_GUESTS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain guest group access %s granted\n", tmp)); - } - else - { - slprintf(tmp, sizeof(tmp) -1, " %ld/7 ", DOMAIN_GROUP_RID_USERS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain group access %s granted\n", tmp)); - - if (user_in_list(user, lp_domain_admin_group())) - { - slprintf(tmp, sizeof(tmp) - 1, " %ld/7 ", DOMAIN_GROUP_RID_ADMINS); - pstrcat(domain_groups, tmp); - - DEBUG(3,("domain admin group access %s granted\n", tmp)); - } - } -} - -/******************************************************************* Look up a local (domain) rid and return a name and type. ********************************************************************/ NTSTATUS local_lookup_group_name(uint32 rid, char *group_name, uint32 *type) diff --git a/source3/smbd/message.c b/source3/smbd/message.c index 7cc53e082c..a3625e3716 100644 --- a/source3/smbd/message.c +++ b/source3/smbd/message.c @@ -26,6 +26,8 @@ #include "includes.h" +extern userdom_struct current_user_info; + /* look in server.c for some explanation of these variables */ static char msgbuf[1600]; static int msgpos; @@ -84,7 +86,7 @@ static void msg_deliver(void) pstrcpy(s,lp_msg_command()); pstring_sub(s,"%f",alpha_strcpy(alpha_msgfrom,msgfrom,NULL,sizeof(alpha_msgfrom))); pstring_sub(s,"%t",alpha_strcpy(alpha_msgto,msgto,NULL,sizeof(alpha_msgto))); - standard_sub_basic(s); + standard_sub_basic(current_user_info.smb_name, s); pstring_sub(s,"%s",name); smbrun(s,NULL); } |