summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c322
-rw-r--r--source3/passdb/pdb_get_set.c42
-rw-r--r--source3/passdb/pdb_guest.c70
-rw-r--r--source3/passdb/pdb_ldap.c168
-rw-r--r--source3/passdb/pdb_nisplus.c80
-rw-r--r--source3/passdb/pdb_smbpasswd.c59
-rw-r--r--source3/passdb/pdb_tdb.c188
-rw-r--r--source3/passdb/pdb_xml.c2
8 files changed, 294 insertions, 637 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 3fef3ea745..d3554cdbde 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -5,6 +5,7 @@
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
Copyright (C) Gerald (Jerry) Carter 2000-2001
Copyright (C) Andrew Bartlett 2001-2002
+ Copyright (C) Simo Sorce 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -34,11 +35,17 @@ const char *get_global_sam_name(void)
return global_myname();
}
+/*
+ * This is set on startup - it defines the SID for this
+ * machine, and therefore the SAM database for which it is
+ * responsible.
+ */
+
/************************************************************
Fill the SAM_ACCOUNT with default values.
***********************************************************/
-static void pdb_fill_default_sam(SAM_ACCOUNT *user)
+void pdb_fill_default_sam(SAM_ACCOUNT *user)
{
ZERO_STRUCT(user->private); /* Don't touch the talloc context */
@@ -48,8 +55,6 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user)
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
- user->private.uid = user->private.gid = -1;
-
user->private.logon_time = (time_t)0;
user->private.pass_last_set_time = (time_t)0;
user->private.pass_can_change_time = (time_t)0;
@@ -165,13 +170,7 @@ NTSTATUS pdb_init_sam(SAM_ACCOUNT **user)
NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
{
- GROUP_MAP map;
-
- const char *guest_account = lp_guestaccount();
- if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
+ NTSTATUS ret;
if (!pwd) {
return NT_STATUS_UNSUCCESSFUL;
@@ -184,10 +183,7 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
- pdb_set_domain (sam_account, get_global_sam_name(), PDB_DEFAULT);
-
- pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
- pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
+ pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
/* When we get a proper uid -> SID and SID -> uid allocation
mechinism, we should call it here.
@@ -199,37 +195,8 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
-- abartlet 11-May-02
*/
-
- /* Ensure this *must* be set right */
- if (strcmp(pwd->pw_name, guest_account) == 0) {
- if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_SET)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- } else {
-
- if (!pdb_set_user_sid_from_rid(sam_account,
- fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
- DEBUG(0,("Can't set User SID from RID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* call the mapping code here */
- if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
- if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){
- DEBUG(0,("Can't set Group SID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- else {
- if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
- DEBUG(0,("Can't set Group SID\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
+ ret = pdb_set_sam_sids(sam_account, pwd);
+ if (NT_STATUS_IS_ERR(ret)) return ret;
/* check if this is a user account or a machine account */
if (pwd->pw_name[strlen(pwd->pw_name)-1] != '$')
@@ -322,6 +289,7 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
return nt_status;
}
} else {
+ DOM_SID g_sid;
if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(new_sam_acct))) {
*new_sam_acct = NULL;
return nt_status;
@@ -330,6 +298,13 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
pdb_free_sam(new_sam_acct);
return nt_status;
}
+
+ pdb_set_domain (*new_sam_acct, lp_workgroup(), PDB_DEFAULT);
+
+ /* set Domain Users by default ! */
+ sid_copy(&g_sid, get_global_sam_sid());
+ sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
+ pdb_set_group_sid(*new_sam_acct, &g_sid, PDB_SET);
}
return NT_STATUS_OK;
}
@@ -402,6 +377,63 @@ NTSTATUS pdb_free_sam(SAM_ACCOUNT **user)
return NT_STATUS_OK;
}
+/**************************************************************************
+ * This function will take care of all the steps needed to correctly
+ * allocate and set the user SID, please do use this function to create new
+ * users, messing with SIDs is not good.
+ *
+ * account_data must be provided initialized, pwd may be null.
+ * SSS
+ ***************************************************************************/
+
+NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd *pwd)
+{
+ const char *guest_account = lp_guestaccount();
+ GROUP_MAP map;
+
+ if (!account_data || !pwd) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* this is a hack this thing should not be set
+ this way --SSS */
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ } else {
+ /* Ensure this *must* be set right */
+ if (strcmp(pwd->pw_name, guest_account) == 0) {
+ if (!pdb_set_user_sid_from_rid(account_data, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ if (!pdb_set_group_sid_from_rid(account_data, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ return NT_STATUS_OK;
+ }
+ }
+
+ if (!pdb_set_user_sid_from_rid(account_data, fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+ DEBUG(0,("Can't set User SID from RID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ /* call the mapping code here */
+ if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
+ DEBUG(0,("Can't set Group SID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ else {
+ if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+ DEBUG(0,("Can't set Group SID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
/**********************************************************
Encode the account control bits into a string.
@@ -531,10 +563,6 @@ BOOL pdb_gethexpwd(const char *p, unsigned char *pwd)
return (True);
}
-/*******************************************************************
- Converts NT user RID to a UNIX uid.
- ********************************************************************/
-
static int algorithmic_rid_base(void)
{
static int rid_offset = 0;
@@ -557,14 +585,16 @@ static int algorithmic_rid_base(void)
return rid_offset;
}
+/*******************************************************************
+ Converts NT user RID to a UNIX uid.
+ ********************************************************************/
uid_t fallback_pdb_user_rid_to_uid(uint32 user_rid)
{
int rid_offset = algorithmic_rid_base();
- return (uid_t)(((user_rid & (~USER_RID_TYPE))- rid_offset)/RID_MULTIPLIER);
+ return (uid_t)(((user_rid & (~USER_RID_TYPE)) - rid_offset)/RID_MULTIPLIER);
}
-
/*******************************************************************
converts UNIX uid to an NT User RID.
********************************************************************/
@@ -615,7 +645,7 @@ static BOOL pdb_rid_is_well_known(uint32 rid)
Decides if a RID is a user or group RID.
********************************************************************/
-BOOL pdb_rid_is_user(uint32 rid)
+BOOL fallback_pdb_rid_is_user(uint32 rid)
{
/* lkcl i understand that NT attaches an enumeration to a RID
* such that it can be identified as either a user, group etc
@@ -648,7 +678,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
GROUP_MAP map;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
- DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
+ DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n",
sid_string_static(&map.sid)));
return False;
}
@@ -705,7 +735,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
return True;
}
- if (pdb_rid_is_user(rid)) {
+ if (fallback_pdb_rid_is_user(rid)) {
uid_t uid;
DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid));
@@ -838,190 +868,6 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi
return True;
}
-/****************************************************************************
- Convert a uid to SID - locally.
-****************************************************************************/
-
-DOM_SID *local_uid_to_sid(DOM_SID *psid, uid_t uid)
-{
- struct passwd *pass;
- SAM_ACCOUNT *sam_user = NULL;
- fstring str; /* sid string buffer */
-
- sid_copy(psid, get_global_sam_sid());
-
- if((pass = getpwuid_alloc(uid))) {
-
- if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user))) {
- passwd_free(&pass);
- return NULL;
- }
-
- if (pdb_getsampwnam(sam_user, pass->pw_name)) {
- sid_copy(psid, pdb_get_user_sid(sam_user));
- } else {
- sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
- }
-
- DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (%s).\n",
- (unsigned)uid, sid_to_string( str, psid),
- pass->pw_name ));
-
- passwd_free(&pass);
- pdb_free_sam(&sam_user);
-
- } else {
- sid_append_rid(psid, fallback_pdb_uid_to_user_rid(uid));
-
- DEBUG(10,("local_uid_to_sid: uid %u -> SID (%s) (unknown user).\n",
- (unsigned)uid, sid_to_string( str, psid)));
- }
-
- return psid;
-}
-
-/****************************************************************************
- Convert a SID to uid - locally.
-****************************************************************************/
-
-BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
-{
- fstring str;
- SAM_ACCOUNT *sam_user = NULL;
-
- *name_type = SID_NAME_UNKNOWN;
-
- if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
- return False;
-
- if (pdb_getsampwsid(sam_user, psid)) {
-
- if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) {
- pdb_free_sam(&sam_user);
- return False;
- }
-
- *puid = pdb_get_uid(sam_user);
-
- DEBUG(10,("local_sid_to_uid: SID %s -> uid (%u) (%s).\n", sid_to_string( str, psid),
- (unsigned int)*puid, pdb_get_username(sam_user)));
- pdb_free_sam(&sam_user);
- } else {
-
- DOM_SID dom_sid;
- uint32 rid;
- GROUP_MAP map;
-
- pdb_free_sam(&sam_user);
-
- if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
- DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid)));
- /* It's a group, not a user... */
- return False;
- }
-
- sid_copy(&dom_sid, psid);
- if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
- DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
- return False;
- }
-
- if (!pdb_rid_is_user(rid)) {
- DEBUG(3, ("local_sid_to_uid: sid '%s' cannot be mapped to a uid algorithmicly becouse it is a group\n", sid_to_string(str, psid)));
- return False;
- }
-
- *puid = fallback_pdb_user_rid_to_uid(rid);
-
- DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n",
- sid_to_string(str, psid), (signed long int)(*puid)));
- }
-
- *name_type = SID_NAME_USER;
-
- return True;
-}
-
-/****************************************************************************
- Convert a gid to SID - locally.
-****************************************************************************/
-
-DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid)
-{
- GROUP_MAP map;
-
- sid_copy(psid, get_global_sam_sid());
-
- if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
- sid_copy(psid, &map.sid);
- }
- else {
- sid_append_rid(psid, pdb_gid_to_group_rid(gid));
- }
-
- return psid;
-}
-
-/****************************************************************************
- Convert a SID to gid - locally.
-****************************************************************************/
-
-BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_type)
-{
- fstring str;
- GROUP_MAP map;
-
- *name_type = SID_NAME_UNKNOWN;
-
- /*
- * We can only convert to a gid if this is our local
- * Domain SID (ie. we are the controling authority).
- *
- * Or in the Builtin SID too. JFM, 11/30/2001
- */
-
- if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) {
-
- /* the SID is in the mapping table but not mapped */
- if (map.gid==(gid_t)-1)
- return False;
-
- *pgid = map.gid;
- *name_type = map.sid_name_use;
- DEBUG(10,("local_sid_to_gid: mapped SID %s (%s) -> gid (%u).\n",
- sid_to_string( str, psid),
- map.nt_name, (unsigned int)*pgid));
-
- } else {
- uint32 rid;
- SAM_ACCOUNT *sam_user = NULL;
- if (NT_STATUS_IS_ERR(pdb_init_sam(&sam_user)))
- return False;
-
- if (pdb_getsampwsid(sam_user, psid)) {
- return False;
- pdb_free_sam(&sam_user);
- }
-
- pdb_free_sam(&sam_user);
-
- if (!sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
- DEBUG(3, ("sid_peek_rid failed - sid '%s' is not in our domain\n", sid_to_string(str, psid)));
- return False;
- }
-
- if (pdb_rid_is_user(rid))
- return False;
-
- *pgid = pdb_group_rid_to_gid(rid);
- *name_type = SID_NAME_ALIAS;
- DEBUG(10,("local_sid_to_gid: SID %s -> gid (%u).\n", sid_to_string( str, psid),
- (unsigned int)*pgid));
- }
-
- return True;
-}
-
/*************************************************************
Change a password entry in the local smbpasswd file.
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index a86d936263..4370dc2c36 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -202,22 +202,6 @@ enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_el
return ret;
}
-uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
-{
- if (sampass)
- return (sampass->private.uid);
- else
- return (-1);
-}
-
-gid_t pdb_get_gid (const SAM_ACCOUNT *sampass)
-{
- if (sampass)
- return (sampass->private.gid);
- else
- return (-1);
-}
-
const char* pdb_get_username (const SAM_ACCOUNT *sampass)
{
if (sampass)
@@ -509,32 +493,6 @@ BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum p
return True;
}
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag)
-{
- if (!sampass)
- return False;
-
- DEBUG(10, ("pdb_set_uid: setting uid %d, was %d\n",
- (int)uid, (int)sampass->private.uid));
-
- sampass->private.uid = uid;
-
- return pdb_set_init_flags(sampass, PDB_UID, flag);
-}
-
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag)
-{
- if (!sampass)
- return False;
-
- DEBUG(10, ("pdb_set_gid: setting gid %d, was %d\n",
- (int)gid, (int)sampass->private.gid));
-
- sampass->private.gid = gid;
-
- return pdb_set_init_flags(sampass, PDB_GID, flag);
-}
-
BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag)
{
if (!sampass || !u_sid)
diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c
index 7ecfa7d4c3..9bcdccc7e7 100644
--- a/source3/passdb/pdb_guest.c
+++ b/source3/passdb/pdb_guest.c
@@ -24,11 +24,16 @@
Lookup a name in the SAM database
******************************************************************/
-static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
+static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname)
{
NTSTATUS nt_status;
- struct passwd *pass;
const char *guest_account = lp_guestaccount();
+
+ if (!sam_account || !sname) {
+ DEBUG(0,("invalid name specified"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
if (!(guest_account && *guest_account)) {
DEBUG(1, ("NULL guest account!?!?\n"));
return NT_STATUS_UNSUCCESSFUL;
@@ -38,21 +43,31 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
DEBUG(0,("invalid methods\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- if (!sname) {
- DEBUG(0,("invalid name specified"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
if (!strequal(guest_account, sname)) {
return NT_STATUS_NO_SUCH_USER;
}
- pass = getpwnam_alloc(guest_account);
-
- nt_status = pdb_fill_sam_pw(user, pass);
+ pdb_fill_default_sam(sam_account);
+
+ if (!pdb_set_username(sam_account, guest_account, PDB_SET))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_fullname(sam_account, guest_account, PDB_SET))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_domain(sam_account, lp_workgroup(), PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
- passwd_free(&pass);
- return nt_status;
+ return NT_STATUS_OK;
}
@@ -61,35 +76,17 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
**************************************************************************/
static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods,
- SAM_ACCOUNT *user, uint32 rid)
+ SAM_ACCOUNT *sam_account, uint32 rid)
{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct passwd *pass = NULL;
- const char *guest_account = lp_guestaccount();
- if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
- return nt_status;
- }
-
- if (!methods) {
- DEBUG(0,("invalid methods\n"));
- return nt_status;
- }
-
- if (rid == DOMAIN_USER_RID_GUEST) {
- pass = getpwnam_alloc(guest_account);
- if (!pass) {
- DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
- return NT_STATUS_NO_SUCH_USER;
- }
- } else {
+ if (rid != DOMAIN_USER_RID_GUEST) {
return NT_STATUS_NO_SUCH_USER;
}
- nt_status = pdb_fill_sam_pw(user, pass);
- passwd_free(&pass);
+ if (!sam_account) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- return nt_status;
+ return guestsam_getsampwnam (methods, sam_account, lp_guestaccount());
}
static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
@@ -97,6 +94,7 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
uint32 rid;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return NT_STATUS_NO_SUCH_USER;
+
return guestsam_getsampwrid(my_methods, user, rid);
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index dbc0bdc1c0..da3a163c1e 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -164,7 +164,7 @@ static const char *attr[] = {"uid", "pwdLastSet", "logonTime",
"smbHome", "scriptPath",
"profilePath", "description",
"userWorkstations", "rid", "ntSid",
- "primaryGroupID", "primaryGroupSid", "lmPassword",
+ "primaryGroupID", "lmPassword",
"ntPassword", "acctFlags",
"domain", "objectClass",
"uidNumber", "gidNumber",
@@ -519,10 +519,9 @@ static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts
if (*attempts != 0) {
unsigned int sleep_time;
- uint8 rand_byte;
+ uint8 rand_byte = 128; /* a reasonable place to start */
- /* Sleep for a random timeout */
- rand_byte = (char)(sys_random());
+ generate_random_buffer(&rand_byte, 1, False);
sleep_time = (((*attempts)*(*attempts))/2)*rand_byte*2;
/* we retry after (0.5, 1, 2, 3, 4.5, 6) seconds
@@ -1534,12 +1533,11 @@ Initialize SAM_ACCOUNT from an LDAP query (unix attributes only)
*********************************************************************/
static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
SAM_ACCOUNT * sampass,
- LDAPMessage * entry)
+ LDAPMessage * entry,
+ gid_t *gid)
{
pstring homedir;
pstring temp;
- uid_t uid;
- gid_t gid;
char **ldap_values;
char **values;
@@ -1564,19 +1562,12 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir))
return False;
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp))
- return False;
-
- uid = (uid_t)atol(temp);
-
if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp))
return False;
gid = (gid_t)atol(temp);
pdb_set_unix_homedir(sampass, homedir, PDB_SET);
- pdb_set_uid(sampass, uid, PDB_SET);
- pdb_set_gid(sampass, gid, PDB_SET);
DEBUG(10, ("user has posixAcccount attributes\n"));
return True;
@@ -1618,8 +1609,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
uint8 hours[MAX_HOURS_LEN];
pstring temp;
uid_t uid = -1;
- gid_t gid = getegid();
-
+ gid_t gid = getegid();
/*
* do a little initialization
@@ -1667,31 +1657,11 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
if (get_single_attribute(ldap_state->ldap_struct, entry, "ntSid", temp)) {
pdb_set_user_sid_from_string(sampass, temp, PDB_SET);
}
- if (get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupSid", temp)) {
- pdb_set_group_sid_from_string(sampass, temp, PDB_SET);
- } else {
- pdb_set_group_sid_from_rid(sampass, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
- }
} else {
if (get_single_attribute(ldap_state->ldap_struct, entry, "rid", temp)) {
user_rid = (uint32)atol(temp);
pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET);
}
- if (get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) {
- uint32 group_rid;
- group_rid = (uint32)atol(temp);
-
- if (group_rid > 0) {
- /* for some reason, we often have 0 as a primary group RID.
- Make sure that we treat this just as a 'default' value
- */
- pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
- } else {
- pdb_set_group_sid_from_rid(sampass, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
- }
- } else {
- pdb_set_group_sid_from_rid(sampass, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
- }
}
if (pdb_get_init_flags(sampass,PDB_USERSID) == PDB_DEFAULT) {
@@ -1699,44 +1669,29 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
return False;
}
+ if (!get_single_attribute(ldap_state->ldap_struct, entry, "primaryGroupID", temp)) {
+ pdb_set_group_sid_from_rid(sampass, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
+ } else {
+ uint32 group_rid;
+ group_rid = (uint32)atol(temp);
+ pdb_set_group_sid_from_rid(sampass, group_rid, PDB_SET);
+ }
+
/*
* If so configured, try and get the values from LDAP
*/
- if (!lp_ldap_trust_ids() || (!get_unix_attributes(ldap_state, sampass, entry))) {
+ if (!lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) {
- /*
- * Otherwise just ask the system getpw() calls.
- */
-
- pw = getpwnam_alloc(username);
- if (pw == NULL) {
- if (! ldap_state->permit_non_unix_accounts) {
- DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username));
- return False;
+ if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) {
+ GROUP_MAP map;
+ /* call the mapping code here */
+ if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+ pdb_set_group_sid(sampass, &map.sid, PDB_SET);
+ }
+ else {
+ pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
}
- } else {
- uid = pw->pw_uid;
- pdb_set_uid(sampass, uid, PDB_SET);
- gid = pw->pw_gid;
- pdb_set_gid(sampass, gid, PDB_SET);
-
- pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
-
- passwd_free(&pw);
- }
- }
-
- if ((pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT)
- && (pdb_get_init_flags(sampass,PDB_GID) != PDB_DEFAULT)) {
- GROUP_MAP map;
- gid = pdb_get_gid(sampass);
- /* call the mapping code here */
- if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
- pdb_set_group_sid(sampass, &map.sid, PDB_SET);
- }
- else {
- pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
}
}
@@ -1964,16 +1919,15 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
if (need_update(sampass, PDB_USERSID)) {
fstring sid_string;
fstring dom_sid_string;
- const DOM_SID *user_sid = pdb_get_user_sid(sampass);
+ const DOM_SID *user_sid;
+ user_sid = pdb_get_user_sid(sampass);
if (ldap_state->use_ntsid) {
make_ldap_mod(ldap_state->ldap_struct, existing, mods,
"ntSid", sid_to_string(sid_string, user_sid));
} else {
if (!sid_peek_check_rid(get_global_sam_sid(), user_sid, &rid)) {
- DEBUG(1, ("User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_to_string(sid_string, user_sid),
- sid_to_string(dom_sid_string, get_global_sam_sid())));
+ DEBUG(1, ("User's SID (%s) is not for this domain (%s), cannot add to LDAP!\n", sid_to_string(sid_string, user_sid), sid_to_string(dom_sid_string, get_global_sam_sid())));
return False;
}
slprintf(temp, sizeof(temp) - 1, "%i", rid);
@@ -1987,24 +1941,10 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
'free' to hang off the unix primary group makes life easier */
if (need_update(sampass, PDB_GROUPSID)) {
- fstring sid_string;
- fstring dom_sid_string;
- const DOM_SID *group_sid = pdb_get_group_sid(sampass);
-
- if (ldap_state->use_ntsid) {
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
- "primaryGroupSid", sid_to_string(sid_string, group_sid));
- } else {
- if (!sid_peek_check_rid(get_global_sam_sid(), group_sid, &rid)) {
- DEBUG(1, ("User's Primary Group SID (%s) is not for this domain (%s), cannot add to LDAP!\n",
- sid_to_string(sid_string, group_sid),
- sid_to_string(dom_sid_string, get_global_sam_sid())));
- return False;
- }
- slprintf(temp, sizeof(temp) - 1, "%i", rid);
- make_ldap_mod(ldap_state->ldap_struct, existing, mods,
- "primaryGroupID", temp);
- }
+ rid = pdb_get_group_rid(sampass);
+ slprintf(temp, sizeof(temp) - 1, "%i", rid);
+ make_ldap_mod(ldap_state->ldap_struct, existing, mods,
+ "primaryGroupID", temp);
}
/* displayName, cn, and gecos should all be the same
@@ -2416,8 +2356,7 @@ static NTSTATUS ldapsam_delete_sam_account(struct pdb_methods *my_methods, SAM_A
{ "lmPassword", "ntPassword", "pwdLastSet", "logonTime", "logoffTime",
"kickoffTime", "pwdCanChange", "pwdMustChange", "acctFlags",
"displayName", "smbHome", "homeDrive", "scriptPath", "profilePath",
- "userWorkstations", "primaryGroupID", "primaryGroupSid", "domain",
- "rid", "ntSid", NULL };
+ "userWorkstations", "primaryGroupID", "domain", "rid", "ntSid", NULL };
if (!sam_acct) {
DEBUG(0, ("sam_acct was NULL!\n"));
@@ -3130,7 +3069,7 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
return NT_STATUS_OK;
}
-static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
@@ -3173,7 +3112,7 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met
ldap_state->uri = "ldap://localhost";
}
- ldap_state->domain_name = talloc_strdup(pdb_context->mem_ctx, get_global_sam_name());
+ ldap_state->domain_name = talloc_strdup(pdb_context->mem_ctx, lp_workgroup());
if (!ldap_state->domain_name) {
return NT_STATUS_NO_MEMORY;
}
@@ -3186,9 +3125,6 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met
(*pdb_method)->free_private_data = free_private_data;
- /* setup random, for our backoffs */
- sys_srandom(sys_getpid() ^ time(NULL));
-
return NT_STATUS_OK;
}
@@ -3197,7 +3133,7 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
return nt_status;
}
@@ -3229,50 +3165,54 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
return NT_STATUS_OK;
}
-static NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
struct ldapsam_privates *ldap_state;
- uint32 low_winbind_uid, high_winbind_uid;
- uint32 low_winbind_gid, high_winbind_gid;
+ uint32 low_idmap_uid, high_idmap_uid;
+ uint32 low_idmap_gid, high_idmap_gid;
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) {
+ if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
return nt_status;
}
- (*pdb_method)->name = "ldapsam_nua";
+ (*pdb_method)->name = "ldapsam";
ldap_state = (*pdb_method)->private_data;
ldap_state->permit_non_unix_accounts = True;
/* We know these uids can't turn up as allogorithmic RIDs */
- if (!lp_winbind_uid(&low_winbind_uid, &high_winbind_uid)) {
- DEBUG(0, ("cannot use ldapsam_nua without 'winbind uid' range in smb.conf!\n"));
+ if (!lp_idmap_uid(&low_idmap_uid, &high_idmap_uid)) {
+ DEBUG(0, ("cannot use ldapsam_nua without 'idmap uid' range in smb.conf!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
/* We know these gids can't turn up as allogorithmic RIDs */
- if (!lp_winbind_gid(&low_winbind_gid, &high_winbind_gid)) {
- DEBUG(0, ("cannot use ldapsam_nua without 'winbind gid' range in smb.conf!\n"));
+ if (!lp_idmap_gid(&low_idmap_gid, &high_idmap_gid)) {
+ DEBUG(0, ("cannot use ldapsam_nua without 'wibnind gid' range in smb.conf!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_winbind_uid);
+ ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_idmap_uid);
- ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_winbind_uid);
+ ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_idmap_uid);
- ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_winbind_gid);
+ ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_idmap_gid);
- ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_winbind_gid);
+ ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_idmap_gid);
return NT_STATUS_OK;
}
NTSTATUS pdb_ldap_init(void)
{
- smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam);
- smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat);
- smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_nua", pdb_init_ldapsam_nua);
+ NTSTATUS nt_status;
+ if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam)))
+ return nt_status;
+
+ if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat)))
+ return nt_status;
+
return NT_STATUS_OK;
}
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c
index cd9288fed0..4e4aaed02b 100644
--- a/source3/passdb/pdb_nisplus.c
+++ b/source3/passdb/pdb_nisplus.c
@@ -876,8 +876,6 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf,
pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET);
pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT);
- pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET);
- pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET);
pdb_set_user_sid_from_rid (pw_buf,
atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET);
pdb_set_group_sid_from_rid (pw_buf,
@@ -949,8 +947,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf,
if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) &&
strncasecmp (ptr, "NO PASSWORD", 11)) {
if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbntpwd)) {
- DEBUG (0, ("malformed NT pwd entry:\
- uid = %d.\n", pdb_get_uid (pw_buf)));
+ DEBUG (0, ("malformed NT pwd entry:\ %s.\n",
+ pdb_get_username (pw_buf)));
return False;
}
if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET))
@@ -1047,6 +1045,8 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
BOOL need_to_modify = False;
const char *name = pdb_get_username (sampass); /* from SAM */
+ uint32 u_rid;
+ uint32 g_rid;
/* these must be static or allocate and free entry columns! */
static fstring uid; /* from SAM */
static fstring user_rid; /* from SAM */
@@ -1065,31 +1065,15 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
static fstring acct_desc; /* from SAM */
static char empty[1]; /* just an empty string */
- slprintf (uid, sizeof (uid) - 1, "%u", pdb_get_uid (sampass));
- slprintf (user_rid, sizeof (user_rid) - 1, "%u",
- pdb_get_user_rid (sampass) ? pdb_get_user_rid (sampass) :
- fallback_pdb_uid_to_user_rid (pdb_get_uid (sampass)));
- slprintf (gid, sizeof (gid) - 1, "%u", pdb_get_gid (sampass));
-
- {
- uint32 rid;
- GROUP_MAP map;
-
- rid = pdb_get_group_rid (sampass);
-
- if (rid == 0) {
- if (pdb_getgrgid(&map, pdb_get_gid (sampass),
- MAPPING_WITHOUT_PRIV)) {
- if (!sid_peek_check_rid
- (get_global_sam_sid (), &map.sid, &rid))
- return False;
- } else
- rid = pdb_gid_to_group_rid (pdb_get_gid
- (sampass));
- }
+ if (!(u_rid = pdb_get_user_rid (sampass)))
+ return False;
+ if (!(g_rid = pdb_get_group_rid (sampass)))
+ return False;
- slprintf (group_rid, sizeof (group_rid) - 1, "%u", rid);
- }
+ slprintf (uid, sizeof (uid) - 1, "%u", fallback_pdb_user_rid_to_uid (u_rid));
+ slprintf (user_rid, sizeof (user_rid) - 1, "%u", u_rid);
+ slprintf (gid, sizeof (gid) - 1, "%u", fallback_pdb_group_rid_to_uid (g_rid));
+ slprintf (group_rid, sizeof (group_rid) - 1, "%u", g_rid);
acb = pdb_encode_acct_ctrl (pdb_get_acct_ctrl (sampass),
NEW_PW_FORMAT_SPACE_PADDED_LEN);
@@ -1133,51 +1117,27 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
/* uid */
- if (pdb_get_uid (sampass) != -1) {
- if (!ENTRY_VAL (old, NPF_UID)
- || strcmp (ENTRY_VAL (old, NPF_UID), uid)) {
+ if (!ENTRY_VAL (old, NPF_UID) || strcmp (ENTRY_VAL (old, NPF_UID), uid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_UID, uid,
- strlen (uid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_UID, uid, strlen (uid), EN_MODIFIED);
}
/* user_rid */
- if (pdb_get_user_rid (sampass)) {
- if (!ENTRY_VAL (old, NPF_USER_RID) ||
- strcmp (ENTRY_VAL (old, NPF_USER_RID),
- user_rid)) {
+ if (!ENTRY_VAL (old, NPF_USER_RID) || strcmp (ENTRY_VAL (old, NPF_USER_RID), user_rid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_USER_RID,
- user_rid,
- strlen (user_rid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_USER_RID, user_rid, strlen (user_rid), EN_MODIFIED);
}
/* smb_grpid */
- if (pdb_get_gid (sampass) != -1) {
- if (!ENTRY_VAL (old, NPF_SMB_GRPID) ||
- strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) {
+ if (!ENTRY_VAL (old, NPF_SMB_GRPID) || strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_SMB_GRPID, gid,
- strlen (gid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_SMB_GRPID, gid, strlen (gid), EN_MODIFIED);
}
/* group_rid */
- if (pdb_get_group_rid (sampass)) {
- if (!ENTRY_VAL (old, NPF_GROUP_RID) ||
- strcmp (ENTRY_VAL (old, NPF_GROUP_RID),
- group_rid)) {
+ if (!ENTRY_VAL (old, NPF_GROUP_RID) || strcmp (ENTRY_VAL (old, NPF_GROUP_RID), group_rid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_GROUP_RID,
- group_rid,
- strlen (group_rid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_GROUP_RID, group_rid, strlen (group_rid), EN_MODIFIED);
}
/* acb */
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index cfbb37ce91..91fc7bc8e0 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1134,28 +1134,23 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
uid_t uid;
+ uint32 rid;
if (sampass == NULL)
return False;
- ZERO_STRUCTP(smb_pw);
-
- if (!IS_SAM_UNIX_USER(sampass)) {
- smb_pw->smb_userid_set = False;
- DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n"));
- } else {
- uint32 rid = pdb_get_user_rid(sampass);
- smb_pw->smb_userid_set = True;
- uid = pdb_get_uid(sampass);
+ rid = pdb_get_user_rid(sampass);
- /* If the user specified a RID, make sure its able to be both stored and retreived */
- if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) {
- DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
- return False;
- }
+ /* If the user specified a RID, make sure its able to be both stored and retreived */
+ if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+ return False;
+ }
- smb_pw->smb_userid=uid;
- }
+ ZERO_STRUCTP(smb_pw);
+
+ smb_pw->smb_userid_set = True;
+ smb_pw->smb_userid=uid;
smb_pw->smb_name=(const char*)pdb_get_username(sampass);
@@ -1215,7 +1210,7 @@ static BOOL build_sam_account(struct smbpasswd_privates *smbpasswd_state,
*/
pdb_set_group_sid_from_rid (sam_pass, DOMAIN_GROUP_RID_USERS, PDB_SET);
pdb_set_username (sam_pass, pw_buf->smb_name, PDB_SET);
- pdb_set_domain (sam_pass, get_global_sam_name(), PDB_DEFAULT);
+ pdb_set_domain (sam_pass, lp_workgroup(), PDB_DEFAULT);
} else {
DEBUG(0,("build_sam_account: smbpasswd database is corrupt! username %s with uid %u is not in unix passwd database!\n", pw_buf->smb_name, pw_buf->smb_userid));
@@ -1507,7 +1502,6 @@ static void free_private_data(void **vp)
/* No need to free any further, as it is talloc()ed */
}
-
NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
NTSTATUS nt_status;
@@ -1554,35 +1548,16 @@ NTSTATUS pdb_init_smbpasswd(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method,
(*pdb_method)->free_private_data = free_private_data;
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_init_smbpasswd_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
-{
- NTSTATUS nt_status;
- struct smbpasswd_privates *privates;
-
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_smbpasswd(pdb_context, pdb_method, location))) {
- return nt_status;
- }
-
- (*pdb_method)->name = "smbpasswd_nua";
-
- privates = (*pdb_method)->private_data;
-
- privates->permit_non_unix_accounts = True;
-
- if (!lp_winbind_uid(&privates->low_nua_userid, &privates->high_nua_userid)) {
- DEBUG(0, ("cannot use smbpasswd_nua without 'winbind uid' range in smb.conf!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ if (lp_idmap_uid(&privates->low_nua_userid, &privates->high_nua_userid)) {
+ DEBUG(0, ("idmap uid range defined, non unix accounts enabled\n"));
+ privates->permit_non_unix_accounts = True;
}
return NT_STATUS_OK;
}
-NTSTATUS pdb_smbpasswd_init(void)
+int pdb_smbpasswd_init(void)
{
smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd", pdb_init_smbpasswd);
- smb_register_passdb(PASSDB_INTERFACE_VERSION, "smbpasswd_nua", pdb_init_smbpasswd_nua);
- return NT_STATUS_OK;
+ return True;
}
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index c3538042ee..74437cba6f 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -101,7 +101,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
BOOL ret = True;
struct passwd *pw;
uid_t uid = -1;
- gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
+ gid_t gid = -1;
if(sampass == NULL || buf == NULL) {
DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n"));
@@ -145,30 +145,6 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
goto done;
}
- /* validate the account and fill in UNIX uid and gid. Standard
- * getpwnam() is used instead of Get_Pwnam() as we do not need
- * to try case permutations
- */
- if (!username || !(pw = getpwnam_alloc(username))) {
- if (!(tdb_state->permit_non_unix_accounts)) {
- DEBUG(0,("tdbsam: getpwnam_alloc(%s) return NULL. User does not exist!\n", username));
- ret = False;
- goto done;
- }
- }
-
- if (pw) {
- uid = pw->pw_uid;
- gid = pw->pw_gid;
-
- pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
-
- passwd_free(&pw);
-
- pdb_set_uid(sampass, uid, PDB_SET);
- pdb_set_gid(sampass, gid, PDB_SET);
- }
-
pdb_set_logon_time(sampass, logon_time, PDB_SET);
pdb_set_logoff_time(sampass, logoff_time, PDB_SET);
pdb_set_kickoff_time(sampass, kickoff_time, PDB_SET);
@@ -664,7 +640,7 @@ static NTSTATUS tdbsam_getsampwrid (struct pdb_methods *my_methods, SAM_ACCOUNT
return nt_status;
}
- fstrcpy (name, data.dptr);
+ fstrcpy(name, data.dptr);
SAFE_FREE(data.dptr);
tdb_close (pwd_tdb);
@@ -768,54 +744,40 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
return False;
}
+ if (!pdb_get_group_rid(newpwd)) {
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+ ret = False;
+ goto done;
+ }
+
/* if flag == TDB_INSERT then make up a new RID else throw an error. */
if (!(user_rid = pdb_get_user_rid(newpwd))) {
- if (flag & TDB_INSERT) {
- if (IS_SAM_UNIX_USER(newpwd)) {
- if (tdb_state->algorithmic_rids) {
- user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd));
- } else {
- user_rid = BASE_RID;
- tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
- if (!tdb_ret) {
- ret = False;
- goto done;
- }
- }
- pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
- } else {
- user_rid = tdb_state->low_nua_rid;
- tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
- if (!tdb_ret) {
- ret = False;
- goto done;
- }
- if (user_rid > tdb_state->high_nua_rid) {
- DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd)));
- ret = False;
- goto done;
- }
- pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
+ if ((flag & TDB_INSERT) && tdb_state->permit_non_unix_accounts) {
+ uint32 lowrid, highrid;
+ if (!idmap_get_free_rid_range(&lowrid, &highrid)) {
+ /* should never happen */
+ DEBUG(0, ("tdbsam: something messed up, no high/low rids but nua enabled ?!\n"));
+ ret = False;
+ goto done;
}
- } else {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
- ret = False;
- goto done;
- }
- }
-
- if (!pdb_get_group_rid(newpwd)) {
- if (flag & TDB_INSERT) {
- if (!tdb_state->permit_non_unix_accounts) {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+ user_rid = lowrid;
+ tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
+ if (!tdb_ret) {
+ ret = False;
+ goto done;
+ }
+ if (user_rid > highrid) {
+ DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd)));
+ ret = False;
+ goto done;
+ }
+ if (!pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED)) {
+ DEBUG(0, ("tdbsam: not able to set new allocated user RID into sam account!\n"));
ret = False;
goto done;
- } else {
- /* This seems like a good default choice for non-unix users */
- pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
}
} else {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
ret = False;
goto done;
}
@@ -837,7 +799,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
/* setup the USER index key */
slprintf(keystr, sizeof(keystr)-1, "%s%s", USERPREFIX, name);
key.dptr = keystr;
- key.dsize = strlen (keystr) + 1;
+ key.dsize = strlen(keystr) + 1;
/* add the account */
if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
@@ -849,7 +811,7 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
}
/* setup RID data */
- data.dsize = sizeof(fstring);
+ data.dsize = strlen(name) + 1;
data.dptr = name;
/* setup the RID index key */
@@ -874,6 +836,49 @@ done:
return (ret);
}
+#if 0
+/***************************************************************************
+ Allocates a new RID and returns it to the caller as a domain sid
+
+ NOTE: Use carefullt, do not waste RIDs they are a limited resource!
+ - SSS
+ ***************************************************************************/
+
+static NTSTATUS tdbsam_get_next_sid (struct pdb_methods *my_methods, DOM_SID *sid)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
+ TDB_CONTEXT *pwd_tdb;
+ uint32 rid;
+
+ if (sid == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ pwd_tdb = tdb_open_log(tdb_state->tdbsam_location, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
+ if (!pwd_tdb)
+ {
+ DEBUG(0, ("tdbsam_get_next_sid: Unable to open TDB passwd (%s)!\n", tdb_state->tdbsam_location));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ rid = BASE_RID;
+ if (tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &rid, 1)) {
+
+ sid_copy(sid, get_global_sam_sid());
+ if (!sid_append_rid(sid, rid)) {
+ goto done;
+ }
+
+ ret = NT_STATUS_OK;
+ }
+
+done:
+ tdb_close (pwd_tdb);
+ return ret;
+}
+#endif
+
/***************************************************************************
Modifies an existing SAM_ACCOUNT
****************************************************************************/
@@ -912,14 +917,7 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
{
NTSTATUS nt_status;
struct tdbsam_privates *tdb_state;
-
-#if 0 /* when made a module use this */
- tdbsam_debug_level = debug_add_class("tdbsam");
- if(tdbsam_debug_level == -1) {
- tdbsam_debug_level = DBGC_ALL;
- DEBUG(0, ("tdbsam: Couldn't register custom debugging class!\n"));
- }
-#endif
+ uint32 low_nua_uid, high_nua_uid;
if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
return nt_status;
@@ -953,47 +951,29 @@ NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, con
tdb_state->tdbsam_location = talloc_strdup(pdb_context->mem_ctx, tdbfile);
}
- tdb_state->algorithmic_rids = True;
-
(*pdb_method)->private_data = tdb_state;
(*pdb_method)->free_private_data = free_private_data;
- return NT_STATUS_OK;
-}
+ if (lp_idmap_uid(&low_nua_uid, &high_nua_uid)) {
+ DEBUG(0, ("idmap uid range defined, non unix accounts enabled\n"));
-NTSTATUS pdb_init_tdbsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
-{
- NTSTATUS nt_status;
- struct tdbsam_privates *tdb_state;
- uint32 low_nua_uid, high_nua_uid;
-
- if (!NT_STATUS_IS_OK(nt_status = pdb_init_tdbsam(pdb_context, pdb_method, location))) {
- return nt_status;
- }
-
- (*pdb_method)->name = "tdbsam_nua";
+ tdb_state->permit_non_unix_accounts = True;
- tdb_state = (*pdb_method)->private_data;
+ tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
- tdb_state->permit_non_unix_accounts = True;
+ tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
- if (!lp_winbind_uid(&low_nua_uid, &high_nua_uid)) {
- DEBUG(0, ("cannot use tdbsam_nua without 'winbind uid' range in smb.conf!\n"));
- return NT_STATUS_UNSUCCESSFUL;
+ } else {
+ tdb_state->algorithmic_rids = True;
}
- tdb_state->low_nua_rid=fallback_pdb_uid_to_user_rid(low_nua_uid);
-
- tdb_state->high_nua_rid=fallback_pdb_uid_to_user_rid(high_nua_uid);
-
return NT_STATUS_OK;
}
-NTSTATUS pdb_tdbsam_init(void)
+int pdb_tdbsam_init(void)
{
smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam);
- smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam_nua", pdb_init_tdbsam_nua);
- return NT_STATUS_OK;
+ return True;
}
diff --git a/source3/passdb/pdb_xml.c b/source3/passdb/pdb_xml.c
index de2ee4594c..7a5c0e2b53 100644
--- a/source3/passdb/pdb_xml.c
+++ b/source3/passdb/pdb_xml.c
@@ -524,7 +524,7 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method
return nt_status;
}
- (*pdb_method)->name = "xml";
+ (*pdb_method)->name = "xmlsam";
(*pdb_method)->setsampwent = xmlsam_setsampwent;
(*pdb_method)->endsampwent = xmlsam_endsampwent;
generated by cgit (git 2.34.1) at 2024-07-18 17:43:58 +0000