From 85921dbd6fa417aa451ab9b6e88ecb7900333549 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Jul 2003 10:39:41 +0000 Subject: Add some debug statments to our vampire code - try to make it easier to track down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e) --- source3/auth/auth_rhosts.c | 10 ++++++++-- source3/include/passdb.h | 2 ++ source3/passdb/pdb_get_set.c | 5 +++-- source3/passdb/pdb_guest.c | 16 ++++++++++++++++ source3/passdb/pdb_ldap.c | 16 +++++++++------- source3/sam/idmap_ldap.c | 6 ++++-- source3/utils/net_rpc_samsync.c | 6 ++++++ 7 files changed, 48 insertions(+), 13 deletions(-) diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index e2c6f0b06a..fab2d551f2 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -162,11 +162,13 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; + NTSTATUS nt_status; SAM_ACCOUNT *account = NULL; if (!NT_STATUS_IS_OK(nt_status = auth_get_sam_account(user_info->internal_username.str, &account))) { + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) + nt_status = NT_STATUS_NOT_IMPLEMENTED; return nt_status; } @@ -174,6 +176,7 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex nt_status = make_server_info_sam(server_info, account); } else { pdb_free_sam(&account); + nt_status = NT_STATUS_NOT_IMPLEMENTED; } return nt_status; @@ -202,7 +205,7 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, const auth_usersupplied_info *user_info, auth_serversupplied_info **server_info) { - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; + NTSTATUS nt_status; SAM_ACCOUNT *account = NULL; pstring rhostsfile; const char *home; @@ -210,6 +213,8 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, if (!NT_STATUS_IS_OK(nt_status = auth_get_sam_account(user_info->internal_username.str, &account))) { + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) + nt_status = NT_STATUS_NOT_IMPLEMENTED; return nt_status; } @@ -226,6 +231,7 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, unbecome_root(); } else { pdb_free_sam(&account); + nt_status = NT_STATUS_NOT_IMPLEMENTED; } return nt_status; diff --git a/source3/include/passdb.h b/source3/include/passdb.h index bf2fd6f6ce..e3077eee70 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -138,6 +138,8 @@ typedef struct sam_passwd uint32 unknown_5; /* 0x0002 0000 */ uint32 unknown_6; /* 0x0000 04ec */ + /* a tag for who added the private methods */ + const struct pdb_methods *backend_private_methods; void *backend_private_data; void (*backend_private_data_free_fn)(void **); } private; diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c index e0b9f0e0ec..ba07a4e01c 100644 --- a/source3/passdb/pdb_get_set.c +++ b/source3/passdb/pdb_get_set.c @@ -332,7 +332,7 @@ uint32 pdb_get_unknown_6 (const SAM_ACCOUNT *sampass) void *pdb_get_backend_private_data (const SAM_ACCOUNT *sampass, const struct pdb_methods *my_methods) { - if (sampass && my_methods == sampass->methods) + if (sampass && my_methods == sampass->private.backend_private_methods) return sampass->private.backend_private_data; else return NULL; @@ -1028,7 +1028,7 @@ BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data, return False; /* does this backend 'own' this SAM_ACCOUNT? */ - if (my_methods != sampass->methods) + if (my_methods != sampass->private.backend_private_methods) return False; if (sampass->private.backend_private_data && sampass->private.backend_private_data_free_fn) { @@ -1037,6 +1037,7 @@ BOOL pdb_set_backend_private_data (SAM_ACCOUNT *sampass, void *private_data, sampass->private.backend_private_data = private_data; sampass->private.backend_private_data_free_fn = free_fn; + sampass->private.backend_private_methods = my_methods; return pdb_set_init_flags(sampass, PDB_BACKEND_PRIVATE_DATA, flag); } diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c index 359e2285a3..18a456b2e1 100644 --- a/source3/passdb/pdb_guest.c +++ b/source3/passdb/pdb_guest.c @@ -98,6 +98,21 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT } +/*************************************************************************** + Updates a SAM_ACCOUNT + + This isn't a particulary practical option for pdb_guest. We certainly don't + want to twidde the filesystem, so what should we do? + + Current plan is to transparently add the account. It should appear + as if the pdb_unix version was modified, but its actually stored somehwere. + ****************************************************************************/ + +static NTSTATUS guestsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd) +{ + return methods->parent->pdb_add_sam_account(methods->parent, newpwd); +} + NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { NTSTATUS nt_status; @@ -115,6 +130,7 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c (*pdb_method)->getsampwnam = guestsam_getsampwnam; (*pdb_method)->getsampwsid = guestsam_getsampwsid; + (*pdb_method)->update_sam_account = guestsam_update_sam_account; /* we should do no group mapping here */ (*pdb_method)->getgrsid = pdb_nop_getgrsid; diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 140b87afb9..0d16a1a985 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1528,6 +1528,8 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state, { int rc = -1; char ** attr_list; + uint32 rid; + switch ( ldap_state->schema_ver ) { case SCHEMAVER_SAMBASAMACCOUNT: @@ -1540,8 +1542,6 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state, break; case SCHEMAVER_SAMBAACCOUNT: - { - uint32 rid; if (!sid_peek_check_rid(&ldap_state->domain_sid, sid, &rid)) { return rc; } @@ -1552,8 +1552,7 @@ static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state, if ( rc != LDAP_SUCCESS ) return rc; - } - break; + break; } return rc; } @@ -1610,7 +1609,7 @@ static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT } else { ldap_msgfree(result); } - return ret; + return NT_STATUS_NO_SUCH_USER; } /******************************************************************** @@ -1810,8 +1809,9 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A attr_list = get_userattr_list(ldap_state->schema_ver); rc = ldapsam_search_suffix_by_name(ldap_state, pdb_get_username(newpwd), &result, attr_list ); free_attr_list( attr_list ); - if (rc != LDAP_SUCCESS) + if (rc != LDAP_SUCCESS) { return NT_STATUS_UNSUCCESSFUL; + } pdb_set_backend_private_data(newpwd, result, private_data_free_fn, my_methods, PDB_CHANGED); } @@ -1823,6 +1823,8 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, result); dn = ldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + DEBUG(4, ("user %s to be modified has dn: %s\n", pdb_get_username(newpwd), dn)); + if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, element_is_changed)) { DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n")); @@ -1926,7 +1928,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO } } - /* does the entry already exist but without a samba rttibutes? + /* does the entry already exist but without a samba attributes? we need to return the samba attributes here */ escape_user = escape_ldap_string_alloc( username ); diff --git a/source3/sam/idmap_ldap.c b/source3/sam/idmap_ldap.c index 56a289d8aa..ade88d9220 100644 --- a/source3/sam/idmap_ldap.c +++ b/source3/sam/idmap_ldap.c @@ -397,7 +397,7 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id, int rc = -1; int ldap_op; fstring sid_string; - char **values; + char **values = NULL; int i; sid_to_string( sid_string, sid ); @@ -424,7 +424,9 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id, snprintf(id_str, sizeof(id_str), "%u", ((id_type & ID_USERID) ? id.uid : id.gid)); - values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass"); + if (entry) + values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass"); + if (values) { BOOL found_idmap = False; for (i=0; values[i]; i++) { diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 881ea96db6..2831645550 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -414,6 +414,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) struct passwd *passwd; unid_t id; int u_type = ID_USERID | ID_QUERY_ONLY; + fstring sid_string; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); @@ -449,8 +450,11 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, delta->user_rid); + DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), account)); if (!pdb_getsampwsid(sam_account, &user_sid)) { sam_account_from_delta(sam_account, delta); + DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", + sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); if (!pdb_add_sam_account(sam_account)) { DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", account)); @@ -458,6 +462,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } } else { sam_account_from_delta(sam_account, delta); + DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", + sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); if (!pdb_update_sam_account(sam_account)) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); -- cgit