diff options
Diffstat (limited to 'source3/passdb/passdb.c')
-rw-r--r-- | source3/passdb/passdb.c | 126 |
1 files changed, 43 insertions, 83 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 4d20352312..2b1da6ecce 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -6,6 +6,7 @@ Copyright (C) Gerald (Jerry) Carter 2000-2001 Copyright (C) Andrew Bartlett 2001-2002 Copyright (C) Simo Sorce 2003 + Copyright (C) Volker Lendecke 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -844,111 +845,70 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid) Convert a name into a SID. Used in the lookup name rpc. ********************************************************************/ -BOOL lookup_global_sam_name(const char *c_user, int flags, uint32_t *rid, +BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid, enum SID_NAME_USE *type) { - fstring user; - SAM_ACCOUNT *sam_account = NULL; - struct group *grp; GROUP_MAP map; - - /* - * user may be quoted a const string, and map_username and - * friends can modify it. Make a modifiable copy. JRA. - */ - - fstrcpy(user, c_user); - - (void)map_username(user); - - if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) { - return False; - } - - /* BEGIN ROOT BLOCK */ - - become_root(); + BOOL ret; /* LOOKUP_NAME_GROUP is a hack to allow valid users = @foo to work * correctly in the case where foo also exists as a user. If the flag * is set, don't look for users at all. */ - if (((flags & LOOKUP_NAME_GROUP) == 0) && - pdb_getsampwnam(sam_account, user)) { - const DOM_SID *user_sid; + if ((flags & LOOKUP_NAME_GROUP) == 0) { + SAM_ACCOUNT *sam_account = NULL; + DOM_SID user_sid; - unbecome_root(); - - user_sid = pdb_get_user_sid(sam_account); - - if (!sid_check_is_in_our_domain(user_sid)) { - DEBUG(0, ("User %s with invalid SID %s in passdb\n", - user, sid_string_static(user_sid))); + if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) { return False; } + + become_root(); + ret = pdb_getsampwnam(sam_account, user); + unbecome_root(); - sid_peek_rid(user_sid, rid); - *type = SID_NAME_USER; + if (ret) { + sid_copy(&user_sid, pdb_get_user_sid(sam_account)); + } + pdb_free_sam(&sam_account); - return True; - } - pdb_free_sam(&sam_account); - - /* - * Maybe it was a group ? - */ - - /* check if it's a mapped group */ - if (pdb_getgrnam(&map, user)) { - - unbecome_root(); + if (ret) { + if (!sid_check_is_in_our_domain(&user_sid)) { + DEBUG(0, ("User %s with invalid SID %s in passdb\n", + user, sid_string_static(&user_sid))); + return False; + } - /* BUILTIN groups are looked up elsewhere */ - if (!sid_check_is_in_our_domain(&map.sid)) { - DEBUG(10, ("Found group %s (%s) not in our domain -- " - "ignoring.", user, - sid_string_static(&map.sid))); - return False; + sid_peek_rid(&user_sid, rid); + *type = SID_NAME_USER; + return True; } - - /* yes it's a mapped group */ - sid_peek_rid(&map.sid, rid); - *type = map.sid_name_use; - return True; } - return False; + /* + * Maybe it is a group ? + */ + + become_root(); + ret = pdb_getgrnam(&map, user); + unbecome_root(); - /* it's not a mapped group */ - grp = getgrnam(user); - if(!grp) { - unbecome_root(); /* ---> exit form block */ + if (!ret) { return False; } - - /* - *check if it's mapped, if it is reply it doesn't exist - * - * that's to prevent this case: - * - * unix group ug is mapped to nt group ng - * someone does a lookup on ug - * we must not reply as it doesn't "exist" anymore - * for NT. For NT only ng exists. - * JFM, 30/11/2001 - */ - - if (pdb_getgrgid(&map, grp->gr_gid)) { - unbecome_root(); /* ---> exit form block */ + + /* BUILTIN groups are looked up elsewhere */ + if (!sid_check_is_in_our_domain(&map.sid)) { + DEBUG(10, ("Found group %s (%s) not in our domain -- " + "ignoring.", user, + sid_string_static(&map.sid))); return False; } - unbecome_root(); - /* END ROOT BLOCK */ - - *rid = pdb_gid_to_group_rid(grp->gr_gid); - *type = SID_NAME_ALIAS; + /* yes it's a mapped group */ + sid_peek_rid(&map.sid, rid); + *type = map.sid_name_use; return True; } @@ -1086,7 +1046,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, } if (local_flags & LOCAL_ADD_USER) { - if (pdb_add_sam_account(sam_pass)) { + if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) { slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name); pdb_free_sam(&sam_pass); return NT_STATUS_OK; @@ -1096,7 +1056,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags, return NT_STATUS_UNSUCCESSFUL; } } else if (local_flags & LOCAL_DELETE_USER) { - if (!pdb_delete_sam_account(sam_pass)) { + if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) { slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name); pdb_free_sam(&sam_pass); return NT_STATUS_UNSUCCESSFUL; |