summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/passdb.c10
-rw-r--r--source3/passdb/pdb_get_set.c42
-rw-r--r--source3/passdb/pdb_ldap.c56
-rw-r--r--source3/passdb/pdb_nisplus.c80
-rw-r--r--source3/passdb/pdb_smbpasswd.c27
-rw-r--r--source3/passdb/pdb_tdb.c73
-rw-r--r--source3/passdb/pdb_unix.c2
7 files changed, 72 insertions, 218 deletions
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 05979cc385..c93577dc04 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -5,6 +5,7 @@
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
Copyright (C) Gerald (Jerry) Carter 2000-2001
Copyright (C) Andrew Bartlett 2001-2002
+ Copyright (C) Simo Sorce 2003
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -46,8 +47,6 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user)
/* Don't change these timestamp settings without a good reason.
They are important for NT member server compatibility. */
- user->private.uid = user->private.gid = -1;
-
user->private.logon_time = (time_t)0;
user->private.pass_last_set_time = (time_t)0;
user->private.pass_can_change_time = (time_t)0;
@@ -177,9 +176,6 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET);
pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT);
-
- pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET);
- pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET);
/* When we get a proper uid -> SID and SID -> uid allocation
mechinism, we should call it here.
@@ -697,7 +693,7 @@ static BOOL pdb_rid_is_well_known(uint32 rid)
Decides if a RID is a user or group RID.
********************************************************************/
-BOOL pdb_rid_is_user(uint32 rid)
+BOOL fallback_pdb_rid_is_user(uint32 rid)
{
/* lkcl i understand that NT attaches an enumeration to a RID
* such that it can be identified as either a user, group etc
@@ -787,7 +783,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
return True;
}
- if (pdb_rid_is_user(rid)) {
+ if (fallback_pdb_rid_is_user(rid)) {
uid_t uid;
DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid));
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index a86d936263..4370dc2c36 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -202,22 +202,6 @@ enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_el
return ret;
}
-uid_t pdb_get_uid (const SAM_ACCOUNT *sampass)
-{
- if (sampass)
- return (sampass->private.uid);
- else
- return (-1);
-}
-
-gid_t pdb_get_gid (const SAM_ACCOUNT *sampass)
-{
- if (sampass)
- return (sampass->private.gid);
- else
- return (-1);
-}
-
const char* pdb_get_username (const SAM_ACCOUNT *sampass)
{
if (sampass)
@@ -509,32 +493,6 @@ BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum p
return True;
}
-BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag)
-{
- if (!sampass)
- return False;
-
- DEBUG(10, ("pdb_set_uid: setting uid %d, was %d\n",
- (int)uid, (int)sampass->private.uid));
-
- sampass->private.uid = uid;
-
- return pdb_set_init_flags(sampass, PDB_UID, flag);
-}
-
-BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag)
-{
- if (!sampass)
- return False;
-
- DEBUG(10, ("pdb_set_gid: setting gid %d, was %d\n",
- (int)gid, (int)sampass->private.gid));
-
- sampass->private.gid = gid;
-
- return pdb_set_init_flags(sampass, PDB_GID, flag);
-}
-
BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag)
{
if (!sampass || !u_sid)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 71419448cb..b23b7286ea 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1533,12 +1533,11 @@ Initialize SAM_ACCOUNT from an LDAP query (unix attributes only)
*********************************************************************/
static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
SAM_ACCOUNT * sampass,
- LDAPMessage * entry)
+ LDAPMessage * entry,
+ gid_t *gid)
{
pstring homedir;
pstring temp;
- uid_t uid;
- gid_t gid;
char **ldap_values;
char **values;
@@ -1563,19 +1562,12 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir))
return False;
- if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp))
- return False;
-
- uid = (uid_t)atol(temp);
-
if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp))
return False;
gid = (gid_t)atol(temp);
pdb_set_unix_homedir(sampass, homedir, PDB_SET);
- pdb_set_uid(sampass, uid, PDB_SET);
- pdb_set_gid(sampass, gid, PDB_SET);
DEBUG(10, ("user has posixAcccount attributes\n"));
return True;
@@ -1617,8 +1609,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
uint8 hours[MAX_HOURS_LEN];
pstring temp;
uid_t uid = -1;
- gid_t gid = getegid();
-
+ gid_t gid = getegid();
/*
* do a little initialization
@@ -1690,40 +1681,17 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
* If so configured, try and get the values from LDAP
*/
- if (!lp_ldap_trust_ids() || (!get_unix_attributes(ldap_state, sampass, entry))) {
+ if (!lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) {
- /*
- * Otherwise just ask the system getpw() calls.
- */
-
- pw = getpwnam_alloc(username);
- if (pw == NULL) {
- if (! ldap_state->permit_non_unix_accounts) {
- DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username));
- return False;
+ if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) {
+ GROUP_MAP map;
+ /* call the mapping code here */
+ if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+ pdb_set_group_sid(sampass, &map.sid, PDB_SET);
+ }
+ else {
+ pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
}
- } else {
- uid = pw->pw_uid;
- pdb_set_uid(sampass, uid, PDB_SET);
- gid = pw->pw_gid;
- pdb_set_gid(sampass, gid, PDB_SET);
-
- pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
-
- passwd_free(&pw);
- }
- }
-
- if ((pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT)
- && (pdb_get_init_flags(sampass,PDB_GID) != PDB_DEFAULT)) {
- GROUP_MAP map;
- gid = pdb_get_gid(sampass);
- /* call the mapping code here */
- if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
- pdb_set_group_sid(sampass, &map.sid, PDB_SET);
- }
- else {
- pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
}
}
diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c
index cd9288fed0..4e4aaed02b 100644
--- a/source3/passdb/pdb_nisplus.c
+++ b/source3/passdb/pdb_nisplus.c
@@ -876,8 +876,6 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf,
pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET);
pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT);
- pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET);
- pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET);
pdb_set_user_sid_from_rid (pw_buf,
atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET);
pdb_set_group_sid_from_rid (pw_buf,
@@ -949,8 +947,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf,
if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) &&
strncasecmp (ptr, "NO PASSWORD", 11)) {
if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbntpwd)) {
- DEBUG (0, ("malformed NT pwd entry:\
- uid = %d.\n", pdb_get_uid (pw_buf)));
+ DEBUG (0, ("malformed NT pwd entry:\ %s.\n",
+ pdb_get_username (pw_buf)));
return False;
}
if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET))
@@ -1047,6 +1045,8 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
BOOL need_to_modify = False;
const char *name = pdb_get_username (sampass); /* from SAM */
+ uint32 u_rid;
+ uint32 g_rid;
/* these must be static or allocate and free entry columns! */
static fstring uid; /* from SAM */
static fstring user_rid; /* from SAM */
@@ -1065,31 +1065,15 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
static fstring acct_desc; /* from SAM */
static char empty[1]; /* just an empty string */
- slprintf (uid, sizeof (uid) - 1, "%u", pdb_get_uid (sampass));
- slprintf (user_rid, sizeof (user_rid) - 1, "%u",
- pdb_get_user_rid (sampass) ? pdb_get_user_rid (sampass) :
- fallback_pdb_uid_to_user_rid (pdb_get_uid (sampass)));
- slprintf (gid, sizeof (gid) - 1, "%u", pdb_get_gid (sampass));
-
- {
- uint32 rid;
- GROUP_MAP map;
-
- rid = pdb_get_group_rid (sampass);
-
- if (rid == 0) {
- if (pdb_getgrgid(&map, pdb_get_gid (sampass),
- MAPPING_WITHOUT_PRIV)) {
- if (!sid_peek_check_rid
- (get_global_sam_sid (), &map.sid, &rid))
- return False;
- } else
- rid = pdb_gid_to_group_rid (pdb_get_gid
- (sampass));
- }
+ if (!(u_rid = pdb_get_user_rid (sampass)))
+ return False;
+ if (!(g_rid = pdb_get_group_rid (sampass)))
+ return False;
- slprintf (group_rid, sizeof (group_rid) - 1, "%u", rid);
- }
+ slprintf (uid, sizeof (uid) - 1, "%u", fallback_pdb_user_rid_to_uid (u_rid));
+ slprintf (user_rid, sizeof (user_rid) - 1, "%u", u_rid);
+ slprintf (gid, sizeof (gid) - 1, "%u", fallback_pdb_group_rid_to_uid (g_rid));
+ slprintf (group_rid, sizeof (group_rid) - 1, "%u", g_rid);
acb = pdb_encode_acct_ctrl (pdb_get_acct_ctrl (sampass),
NEW_PW_FORMAT_SPACE_PADDED_LEN);
@@ -1133,51 +1117,27 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass,
/* uid */
- if (pdb_get_uid (sampass) != -1) {
- if (!ENTRY_VAL (old, NPF_UID)
- || strcmp (ENTRY_VAL (old, NPF_UID), uid)) {
+ if (!ENTRY_VAL (old, NPF_UID) || strcmp (ENTRY_VAL (old, NPF_UID), uid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_UID, uid,
- strlen (uid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_UID, uid, strlen (uid), EN_MODIFIED);
}
/* user_rid */
- if (pdb_get_user_rid (sampass)) {
- if (!ENTRY_VAL (old, NPF_USER_RID) ||
- strcmp (ENTRY_VAL (old, NPF_USER_RID),
- user_rid)) {
+ if (!ENTRY_VAL (old, NPF_USER_RID) || strcmp (ENTRY_VAL (old, NPF_USER_RID), user_rid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_USER_RID,
- user_rid,
- strlen (user_rid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_USER_RID, user_rid, strlen (user_rid), EN_MODIFIED);
}
/* smb_grpid */
- if (pdb_get_gid (sampass) != -1) {
- if (!ENTRY_VAL (old, NPF_SMB_GRPID) ||
- strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) {
+ if (!ENTRY_VAL (old, NPF_SMB_GRPID) || strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_SMB_GRPID, gid,
- strlen (gid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_SMB_GRPID, gid, strlen (gid), EN_MODIFIED);
}
/* group_rid */
- if (pdb_get_group_rid (sampass)) {
- if (!ENTRY_VAL (old, NPF_GROUP_RID) ||
- strcmp (ENTRY_VAL (old, NPF_GROUP_RID),
- group_rid)) {
+ if (!ENTRY_VAL (old, NPF_GROUP_RID) || strcmp (ENTRY_VAL (old, NPF_GROUP_RID), group_rid)) {
need_to_modify = True;
- set_single_attribute (obj, NPF_GROUP_RID,
- group_rid,
- strlen (group_rid),
- EN_MODIFIED);
- }
+ set_single_attribute (obj, NPF_GROUP_RID, group_rid, strlen (group_rid), EN_MODIFIED);
}
/* acb */
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index c1421bcd53..91fc7bc8e0 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1134,28 +1134,23 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno)));
static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass)
{
uid_t uid;
+ uint32 rid;
if (sampass == NULL)
return False;
- ZERO_STRUCTP(smb_pw);
-
- if (!IS_SAM_UNIX_USER(sampass)) {
- smb_pw->smb_userid_set = False;
- DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n"));
- } else {
- uint32 rid = pdb_get_user_rid(sampass);
- smb_pw->smb_userid_set = True;
- uid = pdb_get_uid(sampass);
+ rid = pdb_get_user_rid(sampass);
- /* If the user specified a RID, make sure its able to be both stored and retreived */
- if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) {
- DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
- return False;
- }
+ /* If the user specified a RID, make sure its able to be both stored and retreived */
+ if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) {
+ DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n"));
+ return False;
+ }
- smb_pw->smb_userid=uid;
- }
+ ZERO_STRUCTP(smb_pw);
+
+ smb_pw->smb_userid_set = True;
+ smb_pw->smb_userid=uid;
smb_pw->smb_name=(const char*)pdb_get_username(sampass);
diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c
index 2363b955e2..904f2935ce 100644
--- a/source3/passdb/pdb_tdb.c
+++ b/source3/passdb/pdb_tdb.c
@@ -101,7 +101,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
BOOL ret = True;
struct passwd *pw;
uid_t uid = -1;
- gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */
+ gid_t gid = -1;
if(sampass == NULL || buf == NULL) {
DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n"));
@@ -148,6 +148,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
/* validate the account and fill in UNIX uid and gid. Standard
* getpwnam() is used instead of Get_Pwnam() as we do not need
* to try case permutations
+ *
+ * FIXME: are we sure we do not need ?
*/
if (!username || !(pw = getpwnam_alloc(username))) {
if (!(tdb_state->permit_non_unix_accounts)) {
@@ -158,15 +160,9 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state,
}
if (pw) {
- uid = pw->pw_uid;
- gid = pw->pw_gid;
-
pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
passwd_free(&pw);
-
- pdb_set_uid(sampass, uid, PDB_SET);
- pdb_set_gid(sampass, gid, PDB_SET);
}
pdb_set_logon_time(sampass, logon_time, PDB_SET);
@@ -768,54 +764,35 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd,
return False;
}
+ if (!pdb_get_group_rid(newpwd)) {
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+ ret = False;
+ goto done;
+ }
+
/* if flag == TDB_INSERT then make up a new RID else throw an error. */
if (!(user_rid = pdb_get_user_rid(newpwd))) {
- if (flag & TDB_INSERT) {
- if (IS_SAM_UNIX_USER(newpwd)) {
- if (tdb_state->algorithmic_rids) {
- user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd));
- } else {
- user_rid = BASE_RID;
- tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
- if (!tdb_ret) {
- ret = False;
- goto done;
- }
- }
- pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
- } else {
- user_rid = tdb_state->low_nua_rid;
- tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER);
- if (!tdb_ret) {
- ret = False;
- goto done;
- }
- if (user_rid > tdb_state->high_nua_rid) {
- DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd)));
- ret = False;
- goto done;
- }
- pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED);
+ if ((flag & TDB_INSERT) && tdb_state->permit_non_unix_accounts) {
+ uint32 lowrid, highrid;
+ if (!pdb_get_free_rid_range(&lowrid, &highrid)) {
+ /* should never happen */
+ DEBUG(0, ("tdbsam: something messed up, no high/low rids but nua enabled ?!\n"));
+ ret = False;
+ goto done;
}
- } else {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
- ret = False;
- goto done;
- }
- }
-
- if (!pdb_get_group_rid(newpwd)) {
- if (flag & TDB_INSERT) {
- if (!tdb_state->permit_non_unix_accounts) {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+ user_rid = lowrid;
+ tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER);
+ if (!tdb_ret) {
+ ret = False;
+ goto done;
+ }
+ if (user_rid > highrid) {
+ DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd)));
ret = False;
goto done;
- } else {
- /* This seems like a good default choice for non-unix users */
- pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT);
}
} else {
- DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd)));
+ DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd)));
ret = False;
goto done;
}
diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c
index d0604cb88c..395795758f 100644
--- a/source3/passdb/pdb_unix.c
+++ b/source3/passdb/pdb_unix.c
@@ -66,7 +66,7 @@ static NTSTATUS unixsam_getsampwrid (struct pdb_methods *methods,
DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
return nt_status;
}
- } else if (pdb_rid_is_user(rid)) {
+ } else if (fallback_pdb_rid_is_user(rid)) {
pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
}
generated by cgit (git 2.34.1) at 2024-11-16 08:15:02 +0000