1 files changed, 43 insertions, 110 deletions
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index c392846d93..055e8e71ba 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1,10 +1,10 @@
 /*
  * Unix SMB/CIFS implementation. 
  * SMB parameters and setup
- * Copyright (C) Andrew Tridgell 1992-1998 
- * Modified by Jeremy Allison 1995.
- * Modified by Gerald (Jerry) Carter 2000-2001
- * Modified by Andrew Bartlett 2002.
+ * Copyright (C) Andrew Tridgell       1992-1998 
+ * Modified by Jeremy Allison          1995.
+ * Modified by Gerald (Jerry) Carter   2000-2001,2003
+ * Modified by Andrew Bartlett         2002.
  * 
  * This program is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License as published by the Free
@@ -34,14 +34,13 @@
  
 struct smb_passwd
 {
-        BOOL smb_userid_set;     /* this is actually the unix uid_t */
-        uint32 smb_userid;     /* this is actually the unix uid_t */
+        uint32 smb_userid;        /* this is actually the unix uid_t */
         const char *smb_name;     /* username string */
 
-        const unsigned char *smb_passwd; /* Null if no password */
+        const unsigned char *smb_passwd;    /* Null if no password */
         const unsigned char *smb_nt_passwd; /* Null if no password */
 
-        uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */
+        uint16 acct_ctrl;             /* account info (ACB_xxxx bit-mask) */
         time_t pass_last_set_time;    /* password last set time */
 };
 
@@ -61,12 +60,6 @@ struct smbpasswd_privates
 
 	/* retrive-once info */
 	const char *smbpasswd_file;
-
-	BOOL permit_non_unix_accounts;
-
-	uid_t low_nua_userid; 
-	uid_t high_nua_userid; 
-
 };
 
 enum pwf_access_type { PWF_READ, PWF_UPDATE, PWF_CREATE };
@@ -591,28 +584,6 @@ static BOOL add_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, str
 
   /* Ok - entry doesn't exist. We can add it */
 
-  /* Account not in /etc/passwd hack!!! */
-  if (!newpwd->smb_userid_set) {
-	  if (!smbpasswd_state->permit_non_unix_accounts) {
-		  DEBUG(0, ("add_smbfilepwd_entry: cannot add account %s without unix identity\n", newpwd->smb_name));
-		  endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
-		  return False;
-	  }
-
-	  if (max_found_uid < smbpasswd_state->low_nua_userid) {
-		  newpwd->smb_userid = smbpasswd_state->low_nua_userid;
-		  newpwd->smb_userid_set = True;
-	  } else if (max_found_uid >= smbpasswd_state->high_nua_userid) {
-		  DEBUG(0, ("add_smbfilepwd_entry: cannot add machine %s, no uids are free! \n", newpwd->smb_name));
-		  endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth));
-		  return False;           
-	  } else {
-		  newpwd->smb_userid = max_found_uid + 1;
-		  newpwd->smb_userid_set = True;
-         }
-  }
-
-
   /* Create a new smb passwd entry and set it to the given password. */
   /* 
    * The add user write needs to be atomic - so get the fd from 
@@ -1133,24 +1104,32 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
  ********************************************************************/
 static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
 {
-	uid_t uid;
 	uint32 rid;
 
 	if (sampass == NULL) 
 		return False;
-
-	rid = pdb_get_user_rid(sampass);
-
-	/* If the user specified a RID, make sure its able to be both stored and retreived */
-	if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) {
-		DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
-		return False;
-	}
-
 	ZERO_STRUCTP(smb_pw);
 
-	smb_pw->smb_userid_set = True;
-	smb_pw->smb_userid=uid;
+	if (!IS_SAM_DEFAULT(sampass, PDB_USERSID)) {
+		rid = pdb_get_user_rid(sampass);
+		
+		/* If the user specified a RID, make sure its able to be both stored and retreived */
+		if (rid == DOMAIN_USER_RID_GUEST) {
+			struct passwd *passwd = getpwnam_alloc(lp_guestaccount());
+			if (!passwd) {
+				DEBUG(0, ("Could not find gest account via getpwnam()! (%s)\n", lp_guestaccount()));
+				return False;
+			}
+			smb_pw->smb_userid=passwd->pw_uid;
+			passwd_free(&passwd);
+
+		} else if (fallback_pdb_rid_is_user(rid)) {
+			smb_pw->smb_userid=fallback_pdb_user_rid_to_uid(rid);
+		} else {
+			DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+			return False;
+		}
+	}
 
 	smb_pw->smb_name=(const char*)pdb_get_username(sampass);
 
@@ -1160,25 +1139,6 @@ static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampas
 	smb_pw->acct_ctrl=pdb_get_acct_ctrl(sampass);
 	smb_pw->pass_last_set_time=pdb_get_pass_last_set_time(sampass);
 
-#if 0
-	/*
-	 * ifdef'out by JFM on 11/29/2001.
-	 * this assertion is no longer valid
-	 * and I don't understand the goal 
-	 * and doing the same thing with the group mapping code
-	 * is hairy !
-	 *
-	 * We just have the RID, in which SID is it valid ?
-	 * our domain SID ? well known SID ? local SID ?
-	 */
-
-	if (gid != pdb_group_rid_to_gid(pdb_get_group_rid(sampass))) {
-		DEBUG(0,("build_sam_pass: Failing attempt to store user with non-gid based primary group RID. \n"));
-		DEBUG(0,("build_sam_pass: %d %d %d. \n", *gid, pdb_group_rid_to_gid(pdb_get_group_rid(sampass)), pdb_get_group_rid(sampass)));
-		return False;
-	}
-#endif
-
 	return True;
 }	
 
@@ -1194,49 +1154,28 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
 		DEBUG(5,("build_sam_account: SAM_ACCOUNT is NULL\n"));
 		return False;
 	}
-		
-	pwfile = getpwnam_alloc(pw_buf->smb_name);
-	if (pwfile == NULL) {
-		if ((smbpasswd_state->permit_non_unix_accounts) 
-		    && (pw_buf->smb_userid >= smbpasswd_state->low_nua_userid) 
-		    && (pw_buf->smb_userid <= smbpasswd_state->high_nua_userid)) {
 
-			pdb_set_user_sid_from_rid(sam_pass, fallback_pdb_uid_to_user_rid (pw_buf->smb_userid), PDB_SET);
+	/* verify the user account exists */
 			
-			/* lkclXXXX this is OBSERVED behaviour by NT PDCs, enforced here. 
-			   
-			This was down the bottom for machines, but it looks pretty good as
-			a general default for non-unix users. --abartlet 2002-01-08
-			*/
-			pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET); 
-			pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
-			pdb_set_domain (sam_pass, get_global_sam_name(), PDB_DEFAULT);
-			
-		} else {
-			DEBUG(0,("build_sam_account: smbpasswd database is corrupt!  username %s with uid %u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
+	if ( !(pwfile = getpwnam_alloc(pw_buf->smb_name)) ) {
+		DEBUG(0,("build_sam_account: smbpasswd database is corrupt!  username %s with uid "
+		"%u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
 			return False;
-		}
-	} else {
-		if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile))) {
-			return False;
-		}
-		
-		passwd_free(&pwfile);
 	}
 	
+	if (!NT_STATUS_IS_OK(pdb_fill_sam_pw(sam_pass, pwfile)))
+		return False;
+		
+	passwd_free(&pwfile);
+
+	/* set remaining fields */
+		
 	pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
 	pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);			
 	pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
 	pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
 	pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
 	
-#if 0	/* JERRY */
-	/* the smbpasswd format doesn't have a must change time field, so
-	   we can't get this right. The best we can do is to set this to 
-	   some time in the future. 21 days seems as reasonable as any other value :) 
-	*/
-	pdb_set_pass_must_change_time (sam_pass, pw_buf->pass_last_set_time + MAX_PASSWORD_AGE, PDB_DEFAULT);
-#endif
 	return True;
 }
 
@@ -1342,7 +1281,7 @@ static NTSTATUS smbpasswd_getsampwnam(struct pdb_methods *my_methods,
 	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
 
 	if (fp == NULL) {
-		DEBUG(0, ("unable to open passdb database.\n"));
+		DEBUG(0, ("Unable to open passdb database.\n"));
 		return nt_status;
 	}
 
@@ -1402,7 +1341,7 @@ static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUN
 	fp = startsmbfilepwent(smbpasswd_state->smbpasswd_file, PWF_READ, &(smbpasswd_state->pw_file_lock_depth));
 
 	if (fp == NULL) {
-		DEBUG(0, ("unable to open passdb database.\n"));
+		DEBUG(0, ("Unable to open passdb database.\n"));
 		return nt_status;
 	}
 
@@ -1502,7 +1441,7 @@ static void free_private_data(void **vp)
 	/* No need to free any further, as it is talloc()ed */
 }
 
-NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+static NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
 {
 	NTSTATUS nt_status;
 	struct smbpasswd_privates *privates;
@@ -1548,16 +1487,10 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
 
 	(*pdb_method)->free_private_data = free_private_data;
 
-	if (lp_idmap_uid(&privates->low_nua_userid, &privates->high_nua_userid)) {
-		DEBUG(0, ("idmap uid range defined, non unix accounts enabled\n"));
-		privates->permit_non_unix_accounts = True;
-	}
-
 	return NT_STATUS_OK;
 }
 
-int pdb_smbpasswd_init(void) 
+NTSTATUS pdb_smbpasswd_init(void) 
 {
-	smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
-	return True;
+	return smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
 }