diff options
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/auth/auth_rhosts.c | 19 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 17 | ||||
| -rw-r--r-- | source3/include/auth.h | 3 | ||||
| -rw-r--r-- | source3/include/smb.h | 8 | ||||
| -rw-r--r-- | source3/pam_smbpass/pam_smb_passwd.c | 21 | ||||
| -rw-r--r-- | source3/pam_smbpass/support.c | 42 | ||||
| -rw-r--r-- | source3/passdb/passdb.c | 10 | ||||
| -rw-r--r-- | source3/passdb/pdb_get_set.c | 42 | ||||
| -rw-r--r-- | source3/passdb/pdb_ldap.c | 56 | ||||
| -rw-r--r-- | source3/passdb/pdb_nisplus.c | 80 | ||||
| -rw-r--r-- | source3/passdb/pdb_smbpasswd.c | 27 | ||||
| -rw-r--r-- | source3/passdb/pdb_tdb.c | 73 | ||||
| -rw-r--r-- | source3/passdb/pdb_unix.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 10 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 26 | ||||
| -rw-r--r-- | source3/rpc_server/srv_util.c | 7 | ||||
| -rw-r--r-- | source3/sam/idmap_tdb.c | 21 | ||||
| -rw-r--r-- | source3/sam/idmap_util.c | 14 | ||||
| -rw-r--r-- | source3/smbd/chgpasswd.c | 13 | ||||
| -rw-r--r-- | source3/smbd/password.c | 10 | ||||
| -rw-r--r-- | source3/smbd/posix_acls.c | 10 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 3 | ||||
| -rw-r--r-- | source3/utils/pdbedit.c | 48 |
23 files changed, 191 insertions, 371 deletions
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index 0875c48280..0861d9747b 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -135,17 +135,20 @@ check for a possible hosts equiv or rhosts entry for the user static BOOL check_hosts_equiv(SAM_ACCOUNT *account) { - char *fname = NULL; + uid_t uid; + char *fname = NULL; - fname = lp_hosts_equiv(); + fname = lp_hosts_equiv(); + if (!sid_to_uid(pdb_get_user_sid(account), &uid)) + return False; - /* note: don't allow hosts.equiv on root */ - if (IS_SAM_UNIX_USER(account) && fname && *fname && (pdb_get_uid(account) != 0)) { - if (check_user_equiv(pdb_get_username(account),client_name(),fname)) - return(True); - } + /* note: don't allow hosts.equiv on root */ + if (fname && *fname && uid != 0) { + if (check_user_equiv(pdb_get_username(account),client_name(),fname)) + return True; + } - return(False); + return False; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index ddb833a0e5..56a1e9bb96 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -661,23 +661,18 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, gid_t gid; int n_unix_groups; int i; - struct passwd *usr; *n_groups = 0; *groups = NULL; - if (!IS_SAM_UNIX_USER(sampass)) { - DEBUG(1, ("user %s does not have a unix identity!\n", pdb_get_username(sampass))); - return NT_STATUS_NO_SUCH_USER; + if (!sid_to_uid(pdb_get_user_sid(sampass), &uid) || !sid_to_gid(pdb_get_group_sid(sampass), &gid)) { + DEBUG(0, ("get_user_groups_from_local_sam: error fetching uid or gid for user!\n")); + return NT_STATUS_UNSUCCESSFUL; } - - uid = pdb_get_uid(sampass); - gid = pdb_get_gid(sampass); n_unix_groups = groups_max(); if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) { DEBUG(0, ("get_user_groups_from_local_sam: Out of memory allocating unix group list\n")); - passwd_free(&usr); return NT_STATUS_NO_MEMORY; } @@ -686,7 +681,6 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups); if (!groups_tmp) { SAFE_FREE(*unix_groups); - passwd_free(&usr); return NT_STATUS_NO_MEMORY; } *unix_groups = groups_tmp; @@ -694,7 +688,6 @@ static NTSTATUS get_user_groups_from_local_sam(SAM_ACCOUNT *sampass, if (sys_getgrouplist(pdb_get_username(sampass), gid, *unix_groups, &n_unix_groups) == -1) { DEBUG(0, ("get_user_groups_from_local_sam: failed to get the unix group list\n")); SAFE_FREE(*unix_groups); - passwd_free(&usr); return NT_STATUS_NO_SUCH_USER; /* what should this return value be? */ } } @@ -739,6 +732,10 @@ static NTSTATUS make_server_info(auth_serversupplied_info **server_info, SAM_ACC (*server_info)->sam_fill_level = SAM_FILL_ALL; (*server_info)->sam_account = sampass; + if (!sid_to_uid(pdb_get_user_sid(sampass), &((*server_info)->uid))) + return NT_STATUS_UNSUCCESSFUL; + if (!sid_to_gid(pdb_get_group_sid(sampass), &((*server_info)->gid))) + return NT_STATUS_UNSUCCESSFUL; return NT_STATUS_OK; } diff --git a/source3/include/auth.h b/source3/include/auth.h index 626b9f3ba0..eb80e3c5b4 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -75,6 +75,9 @@ typedef struct auth_usersupplied_info typedef struct auth_serversupplied_info { BOOL guest; + + uid_t uid; + gid_t gid; /* This groups info is needed for when we become_user() for this uid */ int n_groups; diff --git a/source3/include/smb.h b/source3/include/smb.h index 5ee6b97172..a4df0e2697 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -590,8 +590,6 @@ typedef struct { */ enum pdb_elements { PDB_UNINIT, - PDB_UID, - PDB_GID, PDB_SMBHOME, PDB_PROFILE, PDB_DRIVE, @@ -634,10 +632,6 @@ enum pdb_value_state { PDB_CHANGED }; -#define IS_SAM_UNIX_USER(x) \ - (( pdb_get_init_flags(x, PDB_UID) != PDB_DEFAULT ) \ - && ( pdb_get_init_flags(x,PDB_GID) != PDB_DEFAULT )) - #define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET) #define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED) #define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT) @@ -676,8 +670,6 @@ typedef struct sam_passwd const char * unknown_str ; /* don't know what this is, yet. */ const char * munged_dial ; /* munged path name and dial-back tel number */ - uid_t uid; /* this is a unix uid_t */ - gid_t gid; /* this is a unix gid_t */ DOM_SID user_sid; /* Primary User SID */ DOM_SID group_sid; /* Primary Group SID */ diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index 9e75efccf4..8fbef1fbf7 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -295,14 +295,21 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = smb_update_db(pamh, ctrl, user, pass_new); if (retval == PAM_SUCCESS) { + uid_t uid; + /* password updated */ - _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)" - , user, pdb_get_uid(sampass), uidtoname( getuid() ) - , getuid() ); - } else { - _log_err( LOG_ERR, "password change failed for user %s" - , user ); - } + if (!sid_to_uid(sampass, &uid)) { + _log_err( LOG_NOTICE "Unable to get uid for user %s", + pdb_get_username(sampass)); + _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", + user, uidtoname(getuid()), getuid()); + } else { + _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", + user, uid, uidtoname(getuid()), getuid()); + } + } else { + _log_err( LOG_ERR, "password change failed for user %s", user); + } pass_old = pass_new = NULL; if (sampass) { diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c index 11de306d13..61d9c6a8ab 100644 --- a/source3/pam_smbpass/support.c +++ b/source3/pam_smbpass/support.c @@ -339,11 +339,8 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, const char *service; pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", + uidtoname(getuid()), service ? service : "**unknown**", name); return PAM_AUTH_ERR; } } @@ -378,6 +375,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); if (data_name != NULL) { + int type; struct _pam_failed_auth *new = NULL; const struct _pam_failed_auth *old = NULL; @@ -397,32 +395,34 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, retval = PAM_MAXTRIES; } } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s", + uidtoname(getuid()), + service ? service : "**unknown**", name); new->count = 1; } + if (!sid_to_uid(pdb_get_user_sid(sampass, &(new->id), &type))) { + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s", + uidtoname(getuid()), + service ? service : "**unknown**", name); + } new->user = smbpXstrDup( name ); - new->id = pdb_get_uid(sampass); new->agent = smbpXstrDup( uidtoname( getuid() ) ); pam_set_data( pamh, data_name, new, _cleanup_failures ); } else { _log_err( LOG_CRIT, "no memory for failure recorder" ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s(%d)", + uidtoname(getuid()), + service ? service : "**unknown**", name); } } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s(%d)", + uidtoname(getuid()), + service ? service : "**unknown**", name); retval = PAM_AUTH_ERR; } } diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 05979cc385..c93577dc04 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -5,6 +5,7 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-1998 Copyright (C) Gerald (Jerry) Carter 2000-2001 Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Simo Sorce 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -46,8 +47,6 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user) /* Don't change these timestamp settings without a good reason. They are important for NT member server compatibility. */ - user->private.uid = user->private.gid = -1; - user->private.logon_time = (time_t)0; user->private.pass_last_set_time = (time_t)0; user->private.pass_can_change_time = (time_t)0; @@ -177,9 +176,6 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET); pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT); - - pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET); - pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET); /* When we get a proper uid -> SID and SID -> uid allocation mechinism, we should call it here. @@ -697,7 +693,7 @@ static BOOL pdb_rid_is_well_known(uint32 rid) Decides if a RID is a user or group RID. ********************************************************************/ -BOOL pdb_rid_is_user(uint32 rid) +BOOL fallback_pdb_rid_is_user(uint32 rid) { /* lkcl i understand that NT attaches an enumeration to a RID * such that it can be identified as either a user, group etc @@ -787,7 +783,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use return True; } - if (pdb_rid_is_user(rid)) { + if (fallback_pdb_rid_is_user(rid)) { uid_t uid; DEBUG(5, ("assuming RID %u is a user\n", (unsigned)rid)); diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index a86d936263..4370dc2c36 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -202,22 +202,6 @@ enum pdb_value_state pdb_get_init_flags (const SAM_ACCOUNT *sampass, enum pdb_el return ret; } -uid_t pdb_get_uid (const SAM_ACCOUNT *sampass) -{ - if (sampass) - return (sampass->private.uid); - else - return (-1); -} - -gid_t pdb_get_gid (const SAM_ACCOUNT *sampass) -{ - if (sampass) - return (sampass->private.gid); - else - return (-1); -} - const char* pdb_get_username (const SAM_ACCOUNT *sampass) { if (sampass) @@ -509,32 +493,6 @@ BOOL pdb_set_init_flags (SAM_ACCOUNT *sampass, enum pdb_elements element, enum p return True; } -BOOL pdb_set_uid (SAM_ACCOUNT *sampass, const uid_t uid, enum pdb_value_state flag) -{ - if (!sampass) - return False; - - DEBUG(10, ("pdb_set_uid: setting uid %d, was %d\n", - (int)uid, (int)sampass->private.uid)); - - sampass->private.uid = uid; - - return pdb_set_init_flags(sampass, PDB_UID, flag); -} - -BOOL pdb_set_gid (SAM_ACCOUNT *sampass, const gid_t gid, enum pdb_value_state flag) -{ - if (!sampass) - return False; - - DEBUG(10, ("pdb_set_gid: setting gid %d, was %d\n", - (int)gid, (int)sampass->private.gid)); - - sampass->private.gid = gid; - - return pdb_set_init_flags(sampass, PDB_GID, flag); -} - BOOL pdb_set_user_sid (SAM_ACCOUNT *sampass, DOM_SID *u_sid, enum pdb_value_state flag) { if (!sampass || !u_sid) diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 71419448cb..b23b7286ea 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1533,12 +1533,11 @@ Initialize SAM_ACCOUNT from an LDAP query (unix attributes only) *********************************************************************/ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, SAM_ACCOUNT * sampass, - LDAPMessage * entry) + LDAPMessage * entry, + gid_t *gid) { pstring homedir; pstring temp; - uid_t uid; - gid_t gid; char **ldap_values; char **values; @@ -1563,19 +1562,12 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir)) return False; - if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp)) - return False; - - uid = (uid_t)atol(temp); - if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp)) return False; gid = (gid_t)atol(temp); pdb_set_unix_homedir(sampass, homedir, PDB_SET); - pdb_set_uid(sampass, uid, PDB_SET); - pdb_set_gid(sampass, gid, PDB_SET); DEBUG(10, ("user has posixAcccount attributes\n")); return True; @@ -1617,8 +1609,7 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, uint8 hours[MAX_HOURS_LEN]; pstring temp; uid_t uid = -1; - gid_t gid = getegid(); - + gid_t gid = getegid(); /* * do a little initialization @@ -1690,40 +1681,17 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state, * If so configured, try and get the values from LDAP */ - if (!lp_ldap_trust_ids() || (!get_unix_attributes(ldap_state, sampass, entry))) { + if (!lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) { - /* - * Otherwise just ask the system getpw() calls. - */ - - pw = getpwnam_alloc(username); - if (pw == NULL) { - if (! ldap_state->permit_non_unix_accounts) { - DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username)); - return False; + if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) { + GROUP_MAP map; + /* call the mapping code here */ + if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { + pdb_set_group_sid(sampass, &map.sid, PDB_SET); + } + else { + pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET); } - } else { - uid = pw->pw_uid; - pdb_set_uid(sampass, uid, PDB_SET); - gid = pw->pw_gid; - pdb_set_gid(sampass, gid, PDB_SET); - - pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET); - - passwd_free(&pw); - } - } - - if ((pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) - && (pdb_get_init_flags(sampass,PDB_GID) != PDB_DEFAULT)) { - GROUP_MAP map; - gid = pdb_get_gid(sampass); - /* call the mapping code here */ - if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { - pdb_set_group_sid(sampass, &map.sid, PDB_SET); - } - else { - pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET); } } diff --git a/source3/passdb/pdb_nisplus.c b/source3/passdb/pdb_nisplus.c index cd9288fed0..4e4aaed02b 100644 --- a/source3/passdb/pdb_nisplus.c +++ b/source3/passdb/pdb_nisplus.c @@ -876,8 +876,6 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, pdb_set_workstations (pw_buf, ENTRY_VAL (obj, NPF_WORKSTATIONS), PDB_SET); pdb_set_munged_dial (pw_buf, NULL, PDB_DEFAULT); - pdb_set_uid (pw_buf, atoi (ENTRY_VAL (obj, NPF_UID)), PDB_SET); - pdb_set_gid (pw_buf, atoi (ENTRY_VAL (obj, NPF_SMB_GRPID)), PDB_SET); pdb_set_user_sid_from_rid (pw_buf, atoi (ENTRY_VAL (obj, NPF_USER_RID)), PDB_SET); pdb_set_group_sid_from_rid (pw_buf, @@ -949,8 +947,8 @@ static BOOL make_sam_from_nisp_object (SAM_ACCOUNT * pw_buf, if (!(pdb_get_acct_ctrl (pw_buf) & ACB_PWNOTREQ) && strncasecmp (ptr, "NO PASSWORD", 11)) { if (strlen (ptr) != 32 || !pdb_gethexpwd (ptr, smbntpwd)) { - DEBUG (0, ("malformed NT pwd entry:\ - uid = %d.\n", pdb_get_uid (pw_buf))); + DEBUG (0, ("malformed NT pwd entry:\ %s.\n", + pdb_get_username (pw_buf))); return False; } if (!pdb_set_nt_passwd (pw_buf, smbntpwd, PDB_SET)) @@ -1047,6 +1045,8 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, BOOL need_to_modify = False; const char *name = pdb_get_username (sampass); /* from SAM */ + uint32 u_rid; + uint32 g_rid; /* these must be static or allocate and free entry columns! */ static fstring uid; /* from SAM */ static fstring user_rid; /* from SAM */ @@ -1065,31 +1065,15 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, static fstring acct_desc; /* from SAM */ static char empty[1]; /* just an empty string */ - slprintf (uid, sizeof (uid) - 1, "%u", pdb_get_uid (sampass)); - slprintf (user_rid, sizeof (user_rid) - 1, "%u", - pdb_get_user_rid (sampass) ? pdb_get_user_rid (sampass) : - fallback_pdb_uid_to_user_rid (pdb_get_uid (sampass))); - slprintf (gid, sizeof (gid) - 1, "%u", pdb_get_gid (sampass)); - - { - uint32 rid; - GROUP_MAP map; - - rid = pdb_get_group_rid (sampass); - - if (rid == 0) { - if (pdb_getgrgid(&map, pdb_get_gid (sampass), - MAPPING_WITHOUT_PRIV)) { - if (!sid_peek_check_rid - (get_global_sam_sid (), &map.sid, &rid)) - return False; - } else - rid = pdb_gid_to_group_rid (pdb_get_gid - (sampass)); - } + if (!(u_rid = pdb_get_user_rid (sampass))) + return False; + if (!(g_rid = pdb_get_group_rid (sampass))) + return False; - slprintf (group_rid, sizeof (group_rid) - 1, "%u", rid); - } + slprintf (uid, sizeof (uid) - 1, "%u", fallback_pdb_user_rid_to_uid (u_rid)); + slprintf (user_rid, sizeof (user_rid) - 1, "%u", u_rid); + slprintf (gid, sizeof (gid) - 1, "%u", fallback_pdb_group_rid_to_uid (g_rid)); + slprintf (group_rid, sizeof (group_rid) - 1, "%u", g_rid); acb = pdb_encode_acct_ctrl (pdb_get_acct_ctrl (sampass), NEW_PW_FORMAT_SPACE_PADDED_LEN); @@ -1133,51 +1117,27 @@ static BOOL init_nisp_from_sam (nis_object * obj, const SAM_ACCOUNT * sampass, /* uid */ - if (pdb_get_uid (sampass) != -1) { - if (!ENTRY_VAL (old, NPF_UID) - || strcmp (ENTRY_VAL (old, NPF_UID), uid)) { + if (!ENTRY_VAL (old, NPF_UID) || strcmp (ENTRY_VAL (old, NPF_UID), uid)) { need_to_modify = True; - set_single_attribute (obj, NPF_UID, uid, - strlen (uid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_UID, uid, strlen (uid), EN_MODIFIED); } /* user_rid */ - if (pdb_get_user_rid (sampass)) { - if (!ENTRY_VAL (old, NPF_USER_RID) || - strcmp (ENTRY_VAL (old, NPF_USER_RID), - user_rid)) { + if (!ENTRY_VAL (old, NPF_USER_RID) || strcmp (ENTRY_VAL (old, NPF_USER_RID), user_rid)) { need_to_modify = True; - set_single_attribute (obj, NPF_USER_RID, - user_rid, - strlen (user_rid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_USER_RID, user_rid, strlen (user_rid), EN_MODIFIED); } /* smb_grpid */ - if (pdb_get_gid (sampass) != -1) { - if (!ENTRY_VAL (old, NPF_SMB_GRPID) || - strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) { + if (!ENTRY_VAL (old, NPF_SMB_GRPID) || strcmp (ENTRY_VAL (old, NPF_SMB_GRPID), gid)) { need_to_modify = True; - set_single_attribute (obj, NPF_SMB_GRPID, gid, - strlen (gid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_SMB_GRPID, gid, strlen (gid), EN_MODIFIED); } /* group_rid */ - if (pdb_get_group_rid (sampass)) { - if (!ENTRY_VAL (old, NPF_GROUP_RID) || - strcmp (ENTRY_VAL (old, NPF_GROUP_RID), - group_rid)) { + if (!ENTRY_VAL (old, NPF_GROUP_RID) || strcmp (ENTRY_VAL (old, NPF_GROUP_RID), group_rid)) { need_to_modify = True; - set_single_attribute (obj, NPF_GROUP_RID, - group_rid, - strlen (group_rid), - EN_MODIFIED); - } + set_single_attribute (obj, NPF_GROUP_RID, group_rid, strlen (group_rid), EN_MODIFIED); } /* acb */ diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index c1421bcd53..91fc7bc8e0 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1134,28 +1134,23 @@ Error was %s\n", pwd->smb_name, pfile2, strerror(errno))); static BOOL build_smb_pass (struct smb_passwd *smb_pw, const SAM_ACCOUNT *sampass) { uid_t uid; + uint32 rid; if (sampass == NULL) return False; - ZERO_STRUCTP(smb_pw); - - if (!IS_SAM_UNIX_USER(sampass)) { - smb_pw->smb_userid_set = False; - DEBUG(5,("build_smb_pass: storing user without a UNIX uid or gid. \n")); - } else { - uint32 rid = pdb_get_user_rid(sampass); - smb_pw->smb_userid_set = True; - uid = pdb_get_uid(sampass); + rid = pdb_get_user_rid(sampass); - /* If the user specified a RID, make sure its able to be both stored and retreived */ - if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) { - DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); - return False; - } + /* If the user specified a RID, make sure its able to be both stored and retreived */ + if (rid && rid != DOMAIN_USER_RID_GUEST && uid != fallback_pdb_user_rid_to_uid(rid)) { + DEBUG(0,("build_sam_pass: Failing attempt to store user with non-uid based user RID. \n")); + return False; + } - smb_pw->smb_userid=uid; - } + ZERO_STRUCTP(smb_pw); + + smb_pw->smb_userid_set = True; + smb_pw->smb_userid=uid; smb_pw->smb_name=(const char*)pdb_get_username(sampass); diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 2363b955e2..904f2935ce 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -101,7 +101,7 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, BOOL ret = True; struct passwd *pw; uid_t uid = -1; - gid_t gid = -1; /* This is what standard sub advanced expects if no gid is known */ + gid_t gid = -1; if(sampass == NULL || buf == NULL) { DEBUG(0, ("init_sam_from_buffer: NULL parameters found!\n")); @@ -148,6 +148,8 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, /* validate the account and fill in UNIX uid and gid. Standard * getpwnam() is used instead of Get_Pwnam() as we do not need * to try case permutations + * + * FIXME: are we sure we do not need ? */ if (!username || !(pw = getpwnam_alloc(username))) { if (!(tdb_state->permit_non_unix_accounts)) { @@ -158,15 +160,9 @@ static BOOL init_sam_from_buffer (struct tdbsam_privates *tdb_state, } if (pw) { - uid = pw->pw_uid; - gid = pw->pw_gid; - pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET); passwd_free(&pw); - - pdb_set_uid(sampass, uid, PDB_SET); - pdb_set_gid(sampass, gid, PDB_SET); } pdb_set_logon_time(sampass, logon_time, PDB_SET); @@ -768,54 +764,35 @@ static BOOL tdb_update_sam(struct pdb_methods *my_methods, SAM_ACCOUNT* newpwd, return False; } + if (!pdb_get_group_rid(newpwd)) { + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); + ret = False; + goto done; + } + /* if flag == TDB_INSERT then make up a new RID else throw an error. */ if (!(user_rid = pdb_get_user_rid(newpwd))) { - if (flag & TDB_INSERT) { - if (IS_SAM_UNIX_USER(newpwd)) { - if (tdb_state->algorithmic_rids) { - user_rid = fallback_pdb_uid_to_user_rid(pdb_get_uid(newpwd)); - } else { - user_rid = BASE_RID; - tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); - if (!tdb_ret) { - ret = False; - goto done; - } - } - pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED); - } else { - user_rid = tdb_state->low_nua_rid; - tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "NUA_RID_COUNTER", &user_rid, RID_MULTIPLIER); - if (!tdb_ret) { - ret = False; - goto done; - } - if (user_rid > tdb_state->high_nua_rid) { - DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); - ret = False; - goto done; - } - pdb_set_user_sid_from_rid(newpwd, user_rid, PDB_CHANGED); + if ((flag & TDB_INSERT) && tdb_state->permit_non_unix_accounts) { + uint32 lowrid, highrid; + if (!pdb_get_free_rid_range(&lowrid, &highrid)) { + /* should never happen */ + DEBUG(0, ("tdbsam: something messed up, no high/low rids but nua enabled ?!\n")); + ret = False; + goto done; } - } else { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); - ret = False; - goto done; - } - } - - if (!pdb_get_group_rid(newpwd)) { - if (flag & TDB_INSERT) { - if (!tdb_state->permit_non_unix_accounts) { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); + user_rid = lowrid; + tdb_ret = tdb_change_uint32_atomic(pwd_tdb, "RID_COUNTER", &user_rid, RID_MULTIPLIER); + if (!tdb_ret) { + ret = False; + goto done; + } + if (user_rid > highrid) { + DEBUG(0, ("tdbsam: no NUA rids available, cannot add user %s!\n", pdb_get_username(newpwd))); ret = False; goto done; - } else { - /* This seems like a good default choice for non-unix users */ - pdb_set_group_sid_from_rid(newpwd, DOMAIN_GROUP_RID_USERS, PDB_DEFAULT); } } else { - DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a primary group RID\n",pdb_get_username(newpwd))); + DEBUG (0,("tdb_update_sam: Failing to store a SAM_ACCOUNT for [%s] without a RID\n",pdb_get_username(newpwd))); ret = False; goto done; } diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index d0604cb88c..395795758f 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -66,7 +66,7 @@ static NTSTATUS unixsam_getsampwrid (struct pdb_methods *methods, DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account)); return nt_status; } - } else if (pdb_rid_is_user(rid)) { + } else if (fallback_pdb_rid_is_user(rid)) { pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 5b9d39ddc7..6a9e591f64 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -472,16 +472,10 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - if (!IS_SAM_UNIX_USER(server_info->sam_account)) { - DEBUG(0,("Attempted authenticated pipe with invalid user. No uid/gid in SAM_ACCOUNT\n")); - free_server_info(&server_info); - return False; - } - memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); - p->pipe_user.uid = pdb_get_uid(server_info->sam_account); - p->pipe_user.gid = pdb_get_gid(server_info->sam_account); + p->pipe_user.uid = server_info->uid; + p->pipe_user.gid = server_info->gid; p->pipe_user.ngroups = server_info->n_groups; if (p->pipe_user.ngroups) { diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5ab0e80351..d2e4ff2614 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2818,8 +2818,7 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid) copy_id23_to_sam_passwd(pwd, id23); /* if it's a trust account, don't update /etc/passwd */ - if ( (!IS_SAM_UNIX_USER(pwd)) || - ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -2880,8 +2879,7 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid) } /* if it's a trust account, don't update /etc/passwd */ - if ( (!IS_SAM_UNIX_USER(pwd)) || - ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || + if ( ( (acct_ctrl & ACB_DOMTRUST) == ACB_DOMTRUST ) || ( (acct_ctrl & ACB_WSTRUST) == ACB_WSTRUST) || ( (acct_ctrl & ACB_SVRTRUST) == ACB_SVRTRUST) ) { DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n")); @@ -3396,9 +3394,9 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } - - uid = pdb_get_uid(sam_user); - if (uid == -1) { + + /* check a real user exist before we run the script to add a user to a group */ + if (!sid_to_uid(pdb_get_user_sid(sam_user), &uid)) { pdb_free_sam(&sam_user); return NT_STATUS_NO_SUCH_USER; } @@ -3408,7 +3406,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; } - + if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_ALIAS; @@ -3557,18 +3555,6 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD return NT_STATUS_NO_SUCH_USER; } - uid = pdb_get_uid(sam_user); - if (uid == -1) { - pdb_free_sam(&sam_user); - return NT_STATUS_NO_SUCH_USER; - } - - pdb_free_sam(&sam_user); - - if ((pwd=getpwuid_alloc(uid)) == NULL) { - return NT_STATUS_NO_SUCH_USER; - } - if ((grp=getgrgid(map.gid)) == NULL) { passwd_free(&pwd); return NT_STATUS_NO_SUCH_GROUP; diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c index 4656efb6fa..f948088737 100644 --- a/source3/rpc_server/srv_util.c +++ b/source3/rpc_server/srv_util.c @@ -129,7 +129,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui fstrcpy(user_name, pdb_get_username(sam_pass)); grid=pdb_get_group_rid(sam_pass); - gid=pdb_get_gid(sam_pass); + if (!sid_to_gid(pdb_get_group_sid(sam_pass), &gid)) { + /* this should never happen */ + DEBUG(2,("get_alias_user_groups: sid_to_gid failed!\n")); + pdb_free_sam(&sam_pass); + return NT_STATUS_UNSUCCESSFUL; + } become_root(); /* on some systems this must run as root */ diff --git a/source3/sam/idmap_tdb.c b/source3/sam/idmap_tdb.c index 27cf706e7d..13e3affbd6 100644 --- a/source3/sam/idmap_tdb.c +++ b/source3/sam/idmap_tdb.c @@ -252,8 +252,9 @@ static NTSTATUS db_set_mapping(const DOM_SID *sid, unid_t id, int id_type) static NTSTATUS db_idmap_init(void) { SMB_STRUCT_STAT stbuf; - char *tdbfile; + char *tdbfile = NULL; int32 version; + BOOL tdb_is_new = False; /* use the old database if present */ if (!file_exist(lock_path("idmap.tdb"), &stbuf)) { @@ -264,8 +265,11 @@ static NTSTATUS db_idmap_init(void) DEBUG(0, ("idmap_init: out of memory!\n")); return NT_STATUS_NO_MEMORY; } + } else { + tdb_is_new = True; } - } else { + } + if (!tdbfile) { tdbfile = strdup(lock_path("idmap.tdb")); if (!tdbfile) { DEBUG(0, ("idmap_init: out of memory!\n")); @@ -285,10 +289,15 @@ static NTSTATUS db_idmap_init(void) SAFE_FREE(tdbfile); /* check against earlier versions */ - version = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); - if (version != IDMAP_VERSION) { - DEBUG(0, ("idmap_init: Unable to open idmap database, it's in an old format!\n")); - return NT_STATUS_INTERNAL_DB_ERROR; + if (tdb_is_new) { + /* TODO: delete the file if this fail */ + tdb_store_int32(idmap_tdb, "IDMAP_VERSION", IDMAP_VERSION); + } else { + version = tdb_fetch_int32(idmap_tdb, "IDMAP_VERSION"); + if (version != IDMAP_VERSION) { + DEBUG(0, ("idmap_init: Unable to open idmap database, it's in an old format!\n")); + return NT_STATUS_INTERNAL_DB_ERROR; + } } /* Create high water marks for group and user id */ diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c index fd44938989..b282d2ef83 100644 --- a/source3/sam/idmap_util.c +++ b/source3/sam/idmap_util.c @@ -97,15 +97,13 @@ DOM_SID *gid_to_sid(DOM_SID *psid, gid_t gid) was done correctly, False if not. sidtype is set by this function. *****************************************************************/ -BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype) +BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid) { unid_t id; int type; DEBUG(10,("sid_to_uid: sid = [%s]\n", sid_string_static(psid))); - *sidtype = SID_NAME_USER; - type = ID_USERID; if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, psid))) { DEBUG(10,("sid_to_uid: uid = [%d]\n", id.uid)); @@ -123,7 +121,7 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype) DEBUG(0, ("sid_to_uid: Error extracting RID from SID\n!")); return False; } - if (!pdb_rid_is_user(rid)) { + if (!fallback_pdb_rid_is_user(rid)) { DEBUG(3, ("sid_to_uid: RID %u is *NOT* a user\n", (unsigned)rid)); return False; } @@ -140,15 +138,13 @@ BOOL sid_to_uid(const DOM_SID *psid, uid_t *puid, enum SID_NAME_USE *sidtype) was done correctly, False if not. *****************************************************************/ -BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype) +BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid) { unid_t id; int type; DEBUG(10,("sid_to_gid: sid = [%s]\n", sid_string_static(psid))); - *sidtype = SID_NAME_ALIAS; - type = ID_GROUPID; if (NT_STATUS_IS_OK(idmap_get_id_from_sid(&id, &type, psid))) { DEBUG(10,("sid_to_gid: gid = [%d]\n", id.gid)); @@ -166,7 +162,6 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype) return False; *pgid = map.gid; - *sidtype = map.sid_name_use; return True; } else { uint32 rid; @@ -175,12 +170,11 @@ BOOL sid_to_gid(const DOM_SID *psid, gid_t *pgid, enum SID_NAME_USE *sidtype) DEBUG(0, ("sid_to_gid: Error extracting RID from SID\n!")); return False; } - if (pdb_rid_is_user(rid)) { + if (fallback_pdb_rid_is_user(rid)) { DEBUG(3, ("sid_to_gid: RID %u is *NOT* a group\n", (unsigned)rid)); return False; } *pgid = pdb_group_rid_to_gid(rid); - *sidtype = SID_NAME_ALIAS; } } diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c index 31c4fa7cc9..3d25f33f45 100644 --- a/source3/smbd/chgpasswd.c +++ b/source3/smbd/chgpasswd.c @@ -478,6 +478,12 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL if (!name) { DEBUG(1, ("NULL username specfied to chgpasswd()!\n")); } + + pass = Get_Pwnam(name); + if (!pass) { + DEBUG(1, ("Username does not exist in system passwd!\n")); + return False; + } if (!oldpass) { oldpass = ""; @@ -528,8 +534,6 @@ BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL } } - pass = Get_Pwnam(name); - #ifdef WITH_PAM if (lp_pam_password_change()) { BOOL ret; @@ -983,9 +987,8 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw * to touch the unix db unless we have admin permission. */ - if(lp_unix_password_sync() && IS_SAM_UNIX_USER(hnd) - && !chgpasswd(pdb_get_username(hnd), - old_passwd, new_passwd, False)) { + if(lp_unix_password_sync() && + !chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, False)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 175c1ec3a9..c4f813b00c 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -141,15 +141,9 @@ int register_vuid(auth_serversupplied_info *server_info, const char *smb_name) /* the next functions should be done by a SID mapping system (SMS) as * the new real sam db won't have reference to unix uids or gids */ - if (!IS_SAM_UNIX_USER(server_info->sam_account)) { - DEBUG(0,("Attempted session setup with invalid user. No uid/gid in SAM_ACCOUNT\n")); - free(vuser); - free_server_info(&server_info); - return UID_FIELD_INVALID; - } - vuser->uid = pdb_get_uid(server_info->sam_account); - vuser->gid = pdb_get_gid(server_info->sam_account); + vuser->uid = server_info->uid; + vuser->gid = server_info->gid; vuser->n_groups = server_info->n_groups; if (vuser->n_groups) { diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index a38acc437d..6e1e70ae96 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -443,7 +443,6 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, { DOM_SID owner_sid; DOM_SID grp_sid; - enum SID_NAME_USE sid_type; *puser = (uid_t)-1; *pgrp = (gid_t)-1; @@ -469,7 +468,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, if (security_info_sent & OWNER_SECURITY_INFORMATION) { sid_copy(&owner_sid, psd->owner_sid); - if (!sid_to_uid( &owner_sid, puser, &sid_type)) { + if (!sid_to_uid( &owner_sid, puser)) { #if ACL_FORCE_UNMAPPABLE /* this allows take ownership to work reasonably */ extern struct current_user current_user; @@ -489,7 +488,7 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, if (security_info_sent & GROUP_SECURITY_INFORMATION) { sid_copy(&grp_sid, psd->grp_sid); - if (!sid_to_gid( &grp_sid, pgrp, &sid_type)) { + if (!sid_to_gid( &grp_sid, pgrp)) { #if ACL_FORCE_UNMAPPABLE /* this allows take group ownership to work reasonably */ extern struct current_user current_user; @@ -938,7 +937,6 @@ static BOOL create_canon_ace_lists(files_struct *fsp, } for(i = 0; i < dacl->num_aces; i++) { - enum SID_NAME_USE sid_type; SEC_ACE *psa = &dacl->ace[i]; /* @@ -1003,10 +1001,10 @@ static BOOL create_canon_ace_lists(files_struct *fsp, if (nt4_compatible_acls()) psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY; - } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid, &sid_type)) { + } else if (sid_to_gid( ¤t_ace->trustee, ¤t_ace->unix_ug.gid)) { current_ace->owner_type = GID_ACE; current_ace->type = SMB_ACL_GROUP; - } else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid, &sid_type)) { + } else if (sid_to_uid( ¤t_ace->trustee, ¤t_ace->unix_ug.uid)) { current_ace->owner_type = UID_ACE; current_ace->type = SMB_ACL_USER; } else { diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index f33235cdff..7fc49a35e2 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -405,10 +405,9 @@ void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t)); for (i = 0; i < ptok->num_sids; i++) { - enum SID_NAME_USE sid_type; gid_t new_grp; - if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) { + if (sid_to_gid(&ptok->user_sids[i], &new_grp)) { /* * Don't add the gid_t if it is already in the current group * list. Some UNIXen don't like the same group more than once. diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index 3a3d06a645..170d2a03f1 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -122,12 +122,6 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst printf ("Unix username: %s\n", pdb_get_username(sam_pwent)); printf ("NT username: %s\n", pdb_get_nt_username(sam_pwent)); printf ("Account Flags: %s\n", pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent), NEW_PW_FORMAT_SPACE_PADDED_LEN)); - - if (IS_SAM_UNIX_USER(sam_pwent)) { - uid = pdb_get_uid(sam_pwent); - gid = pdb_get_gid(sam_pwent); - printf ("User ID/Group ID: %d/%d\n", uid, gid); - } printf ("User SID: %s\n", sid_string_static(pdb_get_user_sid(sam_pwent))); printf ("Primary Group SID: %s\n", @@ -161,35 +155,23 @@ static int print_sam_info (SAM_ACCOUNT *sam_pwent, BOOL verbosity, BOOL smbpwdst printf ("Password must change: %s\n", tmp ? http_timestring(tmp) : "0"); } else if (smbpwdstyle) { - if (IS_SAM_UNIX_USER(sam_pwent)) { - char lm_passwd[33]; - char nt_passwd[33]; - - uid = pdb_get_uid(sam_pwent); - pdb_sethexpwd(lm_passwd, - pdb_get_lanman_passwd(sam_pwent), - pdb_get_acct_ctrl(sam_pwent)); - pdb_sethexpwd(nt_passwd, - pdb_get_nt_passwd(sam_pwent), - pdb_get_acct_ctrl(sam_pwent)); + char lm_passwd[33]; + char nt_passwd[33]; + + sid_to_uid(pdb_get_user_sid(sam_pwent), &uid); + pdb_sethexpwd(lm_passwd, pdb_get_lanman_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); + pdb_sethexpwd(nt_passwd, pdb_get_nt_passwd(sam_pwent), pdb_get_acct_ctrl(sam_pwent)); - printf("%s:%d:%s:%s:%s:LCT-%08X:\n", - pdb_get_username(sam_pwent), - uid, - lm_passwd, - nt_passwd, - pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), - (uint32)pdb_get_pass_last_set_time(sam_pwent)); - } else { - fprintf(stderr, "Can't output in smbpasswd format, no uid on this record.\n"); - } + printf("%s:%d:%s:%s:%s:LCT-%08X:\n", + pdb_get_username(sam_pwent), + uid, + lm_passwd, + nt_passwd, + pdb_encode_acct_ctrl(pdb_get_acct_ctrl(sam_pwent),NEW_PW_FORMAT_SPACE_PADDED_LEN), + (uint32)pdb_get_pass_last_set_time(sam_pwent)); } else { - if (IS_SAM_UNIX_USER(sam_pwent)) { - printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), pdb_get_uid(sam_pwent), - pdb_get_fullname(sam_pwent)); - } else { - printf ("%s:(null):%s\n", pdb_get_username(sam_pwent), pdb_get_fullname(sam_pwent)); - } + sid_to_uid(pdb_get_user_sid(sam_pwent), &uid); + printf ("%s:%d:%s\n", pdb_get_username(sam_pwent), uid, pdb_get_fullname(sam_pwent)); } return 0; |