From 301d51e13a1aa4e633e2da161b0dd260a8a499cd Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 13 Feb 2006 17:08:25 +0000
Subject: r13494: Merge the stuff I've done in head the last days.

Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
---
 source3/passdb/passdb.c | 126 +++++++++++++++++-------------------------------
 1 file changed, 43 insertions(+), 83 deletions(-)

(limited to 'source3/passdb/passdb.c')

diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 4d20352312..2b1da6ecce 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -6,6 +6,7 @@
    Copyright (C) Gerald (Jerry) Carter		2000-2001
    Copyright (C) Andrew Bartlett		2001-2002
    Copyright (C) Simo Sorce			2003
+   Copyright (C) Volker Lendecke 		2006
       
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -844,111 +845,70 @@ BOOL algorithmic_pdb_rid_is_user(uint32 rid)
  Convert a name into a SID. Used in the lookup name rpc.
  ********************************************************************/
 
-BOOL lookup_global_sam_name(const char *c_user, int flags, uint32_t *rid,
+BOOL lookup_global_sam_name(const char *user, int flags, uint32_t *rid,
 			    enum SID_NAME_USE *type)
 {
-	fstring user;
-	SAM_ACCOUNT *sam_account = NULL;
-	struct group *grp;
 	GROUP_MAP map;
-
-	/*
-	 * user may be quoted a const string, and map_username and
-	 * friends can modify it. Make a modifiable copy. JRA.
-	 */
-
-	fstrcpy(user, c_user);
-
-	(void)map_username(user);
-
-	if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
-		return False;
-	}
-	
-	/* BEGIN ROOT BLOCK */
-	
-	become_root();
+	BOOL ret;
 
 	/* LOOKUP_NAME_GROUP is a hack to allow valid users = @foo to work
 	 * correctly in the case where foo also exists as a user. If the flag
 	 * is set, don't look for users at all. */
 
-	if (((flags & LOOKUP_NAME_GROUP) == 0) &&
-	    pdb_getsampwnam(sam_account, user)) {
-		const DOM_SID *user_sid;
+	if ((flags & LOOKUP_NAME_GROUP) == 0) {
+		SAM_ACCOUNT *sam_account = NULL;
+		DOM_SID user_sid;
 
-		unbecome_root();
-
-		user_sid = pdb_get_user_sid(sam_account);
-
-		if (!sid_check_is_in_our_domain(user_sid)) {
-			DEBUG(0, ("User %s with invalid SID %s in passdb\n",
-				  user, sid_string_static(user_sid)));
+		if (!NT_STATUS_IS_OK(pdb_init_sam(&sam_account))) {
 			return False;
 		}
+	
+		become_root();
+		ret =  pdb_getsampwnam(sam_account, user);
+		unbecome_root();
 
-		sid_peek_rid(user_sid, rid);
-		*type = SID_NAME_USER;
+		if (ret) {
+			sid_copy(&user_sid, pdb_get_user_sid(sam_account));
+		}
+		
 		pdb_free_sam(&sam_account);
-		return True;
-	}
 
-	pdb_free_sam(&sam_account);
-
-	/*
-	 * Maybe it was a group ?
-	 */
-
-	/* check if it's a mapped group */
-	if (pdb_getgrnam(&map, user)) {
-
-		unbecome_root();
+		if (ret) {
+			if (!sid_check_is_in_our_domain(&user_sid)) {
+				DEBUG(0, ("User %s with invalid SID %s in passdb\n",
+					  user, sid_string_static(&user_sid)));
+				return False;
+			}
 
-		/* BUILTIN groups are looked up elsewhere */
-		if (!sid_check_is_in_our_domain(&map.sid)) {
-			DEBUG(10, ("Found group %s (%s) not in our domain -- "
-				   "ignoring.", user,
-				   sid_string_static(&map.sid)));
-			return False;
+			sid_peek_rid(&user_sid, rid);
+			*type = SID_NAME_USER;
+			return True;
 		}
-		
-		/* yes it's a mapped group */
-		sid_peek_rid(&map.sid, rid);
-		*type = map.sid_name_use;
-		return True;
 	}
 
-	return False;
+	/*
+	 * Maybe it is a group ?
+	 */
+
+	become_root();
+	ret = pdb_getgrnam(&map, user);
+	unbecome_root();
 
-	/* it's not a mapped group */
-	grp = getgrnam(user);
-	if(!grp) {
-		unbecome_root();		/* ---> exit form block */	
+ 	if (!ret) {
 		return False;
 	}
-		
-	/* 
-	 *check if it's mapped, if it is reply it doesn't exist
-	 *
-	 * that's to prevent this case:
-	 *
-	 * unix group ug is mapped to nt group ng
-	 * someone does a lookup on ug
-	 * we must not reply as it doesn't "exist" anymore
-	 * for NT. For NT only ng exists.
-	 * JFM, 30/11/2001
-	 */
-		
-	if (pdb_getgrgid(&map, grp->gr_gid)) {
-		unbecome_root();		/* ---> exit form block */
+
+	/* BUILTIN groups are looked up elsewhere */
+	if (!sid_check_is_in_our_domain(&map.sid)) {
+		DEBUG(10, ("Found group %s (%s) not in our domain -- "
+			   "ignoring.", user,
+			   sid_string_static(&map.sid)));
 		return False;
 	}
-	unbecome_root();
-	/* END ROOT BLOCK */
-
-	*rid = pdb_gid_to_group_rid(grp->gr_gid);
-	*type = SID_NAME_ALIAS;
 
+	/* yes it's a mapped group */
+	sid_peek_rid(&map.sid, rid);
+	*type = map.sid_name_use;
 	return True;
 }
 
@@ -1086,7 +1046,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
 	}	
 
 	if (local_flags & LOCAL_ADD_USER) {
-		if (pdb_add_sam_account(sam_pass)) {
+		if (NT_STATUS_IS_OK(pdb_add_sam_account(sam_pass))) {
 			slprintf(msg_str, msg_str_len-1, "Added user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return NT_STATUS_OK;
@@ -1096,7 +1056,7 @@ NTSTATUS local_password_change(const char *user_name, int local_flags,
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	} else if (local_flags & LOCAL_DELETE_USER) {
-		if (!pdb_delete_sam_account(sam_pass)) {
+		if (!NT_STATUS_IS_OK(pdb_delete_sam_account(sam_pass))) {
 			slprintf(err_str,err_str_len-1, "Failed to delete entry for user %s.\n", user_name);
 			pdb_free_sam(&sam_pass);
 			return NT_STATUS_UNSUCCESSFUL;
-- 
cgit