From 6d7195d1d79c43f5ccc8dc4a9215c02177d5fa89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 2 Nov 2002 03:47:48 +0000 Subject: Merge passdb from HEAD -> 3.0 The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f) --- source3/passdb/passdb.c | 69 ++++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 35 deletions(-) (limited to 'source3/passdb/passdb.c') diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 2d8ea858aa..04786b59e5 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -45,7 +45,6 @@ static void pdb_fill_default_sam(SAM_ACCOUNT *user) /* Don't change these timestamp settings without a good reason. They are important for NT member server compatibility. */ - user->private.init_flag = FLAG_SAM_UNINIT; user->private.uid = user->private.gid = -1; user->private.logon_time = (time_t)0; @@ -177,15 +176,15 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) pdb_fill_default_sam(sam_account); - pdb_set_username(sam_account, pwd->pw_name); - pdb_set_fullname(sam_account, pwd->pw_gecos); + pdb_set_username(sam_account, pwd->pw_name, PDB_SET); + pdb_set_fullname(sam_account, pwd->pw_gecos, PDB_SET); - pdb_set_unix_homedir(sam_account, pwd->pw_dir); + pdb_set_unix_homedir(sam_account, pwd->pw_dir, PDB_SET); - pdb_set_domain (sam_account, lp_workgroup()); + pdb_set_domain (sam_account, lp_workgroup(), PDB_DEFAULT); - pdb_set_uid(sam_account, pwd->pw_uid); - pdb_set_gid(sam_account, pwd->pw_gid); + pdb_set_uid(sam_account, pwd->pw_uid, PDB_SET); + pdb_set_gid(sam_account, pwd->pw_gid, PDB_SET); /* When we get a proper uid -> SID and SID -> uid allocation mechinism, we should call it here. @@ -200,29 +199,29 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) /* Ensure this *must* be set right */ if (strcmp(pwd->pw_name, guest_account) == 0) { - if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) { + if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT)) { return NT_STATUS_UNSUCCESSFUL; } - if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) { + if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT)) { return NT_STATUS_UNSUCCESSFUL; } } else { if (!pdb_set_user_sid_from_rid(sam_account, - fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { + fallback_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) { DEBUG(0,("Can't set User SID from RID!\n")); return NT_STATUS_INVALID_PARAMETER; } /* call the mapping code here */ - if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - if (!pdb_set_group_sid(sam_account,&map.sid)){ + if(pdb_getgrgid(&map, pwd->pw_gid, MAPPING_WITHOUT_PRIV)) { + if (!pdb_set_group_sid(sam_account,&map.sid, PDB_SET)){ DEBUG(0,("Can't set Group SID!\n")); return NT_STATUS_INVALID_PARAMETER; } } else { - if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) { + if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) { DEBUG(0,("Can't set Group SID\n")); return NT_STATUS_INVALID_PARAMETER; } @@ -237,34 +236,34 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) lp_logon_path(), pwd->pw_name, global_myname, pwd->pw_uid, pwd->pw_gid), - False); + PDB_DEFAULT); pdb_set_homedir(sam_account, talloc_sub_specified((sam_account)->mem_ctx, lp_logon_home(), pwd->pw_name, global_myname, pwd->pw_uid, pwd->pw_gid), - False); + PDB_DEFAULT); pdb_set_dir_drive(sam_account, talloc_sub_specified((sam_account)->mem_ctx, lp_logon_drive(), pwd->pw_name, global_myname, pwd->pw_uid, pwd->pw_gid), - False); + PDB_DEFAULT); pdb_set_logon_script(sam_account, talloc_sub_specified((sam_account)->mem_ctx, lp_logon_script(), pwd->pw_name, global_myname, pwd->pw_uid, pwd->pw_gid), - False); - if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL)) { + PDB_DEFAULT); + if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT)) { DEBUG(1, ("Failed to set 'normal account' flags for user %s.\n", pwd->pw_name)); return NT_STATUS_UNSUCCESSFUL; } } else { - if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST)) { + if (!pdb_set_acct_ctrl(sam_account, ACB_WSTRUST, PDB_DEFAULT)) { DEBUG(1, ("Failed to set 'trusted workstation account' flags for user %s.\n", pwd->pw_name)); return NT_STATUS_UNSUCCESSFUL; } @@ -637,7 +636,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use pdb_free_sam(&sam_account); - if (get_group_map_from_sid(*sid, &map, MAPPING_WITHOUT_PRIV)) { + if (pdb_getgrsid(&map, *sid, MAPPING_WITHOUT_PRIV)) { if (map.gid!=-1) { DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid)); } else { @@ -747,7 +746,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi */ /* check if it's a mapped group */ - if (get_group_map_from_ntname(user, &map, MAPPING_WITHOUT_PRIV)) { + if (pdb_getgrnam(&map, user, MAPPING_WITHOUT_PRIV)) { /* yes it's a mapped group */ sid_copy(&local_sid, &map.sid); *psid_name_use = map.sid_name_use; @@ -769,7 +768,7 @@ BOOL local_lookup_name(const char *c_user, DOM_SID *psid, enum SID_NAME_USE *psi * JFM, 30/11/2001 */ - if (get_group_map_from_gid(grp->gr_gid, &map, MAPPING_WITHOUT_PRIV)){ + if (pdb_getgrgid(&map, grp->gr_gid, MAPPING_WITHOUT_PRIV)){ return False; } @@ -842,7 +841,7 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_ if (pdb_getsampwsid(sam_user, psid)) { - if (!(pdb_get_init_flag(sam_user) & FLAG_SAM_UID)) { + if (!IS_SAM_SET(sam_user,PDB_UID)&&!IS_SAM_CHANGED(sam_user,PDB_UID)) { pdb_free_sam(&sam_user); return False; } @@ -860,7 +859,7 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_ pdb_free_sam(&sam_user); - if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) { + if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) { DEBUG(3, ("local_sid_to_uid: SID '%s' is a group, not a user... \n", sid_to_string(str, psid))); /* It's a group, not a user... */ return False; @@ -898,7 +897,7 @@ DOM_SID *local_gid_to_sid(DOM_SID *psid, gid_t gid) sid_copy(psid, get_global_sam_sid()); - if (get_group_map_from_gid(gid, &map, MAPPING_WITHOUT_PRIV)) { + if (pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) { sid_copy(psid, &map.sid); } else { @@ -926,7 +925,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_ * Or in the Builtin SID too. JFM, 11/30/2001 */ - if (get_group_map_from_sid(*psid, &map, MAPPING_WITHOUT_PRIV)) { + if (pdb_getgrsid(&map, *psid, MAPPING_WITHOUT_PRIV)) { /* the SID is in the mapping table but not mapped */ if (map.gid==-1) @@ -1037,7 +1036,7 @@ BOOL local_password_change(const char *user_name, int local_flags, return False; } - if (!pdb_set_username(sam_pass, user_name)) { + if (!pdb_set_username(sam_pass, user_name, PDB_CHANGED)) { slprintf(err_str, err_str_len - 1, "Failed to set username for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; @@ -1051,19 +1050,19 @@ BOOL local_password_change(const char *user_name, int local_flags, /* the 'other' acb bits not being changed here */ other_acb = (pdb_get_acct_ctrl(sam_pass) & (!(ACB_WSTRUST|ACB_DOMTRUST|ACB_SVRTRUST|ACB_NORMAL))); if (local_flags & LOCAL_TRUST_ACCOUNT) { - if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb) ) { + if (!pdb_set_acct_ctrl(sam_pass, ACB_WSTRUST | other_acb, PDB_CHANGED) ) { slprintf(err_str, err_str_len - 1, "Failed to set 'trusted workstation account' flags for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; } } else if (local_flags & LOCAL_INTERDOM_ACCOUNT) { - if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb)) { + if (!pdb_set_acct_ctrl(sam_pass, ACB_DOMTRUST | other_acb, PDB_CHANGED)) { slprintf(err_str, err_str_len - 1, "Failed to set 'domain trust account' flags for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; } } else { - if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb)) { + if (!pdb_set_acct_ctrl(sam_pass, ACB_NORMAL | other_acb, PDB_CHANGED)) { slprintf(err_str, err_str_len - 1, "Failed to set 'normal account' flags for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; @@ -1076,13 +1075,13 @@ BOOL local_password_change(const char *user_name, int local_flags, */ if (local_flags & LOCAL_DISABLE_USER) { - if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED)) { + if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_DISABLED, PDB_CHANGED)) { slprintf(err_str, err_str_len-1, "Failed to set 'disabled' flag for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; } } else if (local_flags & LOCAL_ENABLE_USER) { - if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) { + if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) { slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; @@ -1090,7 +1089,7 @@ BOOL local_password_change(const char *user_name, int local_flags, } if (local_flags & LOCAL_SET_NO_PASSWORD) { - if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ)) { + if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)|ACB_PWNOTREQ, PDB_CHANGED)) { slprintf(err_str, err_str_len-1, "Failed to set 'no password required' flag for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; @@ -1106,13 +1105,13 @@ BOOL local_password_change(const char *user_name, int local_flags, * don't create them disabled). JRA. */ if ((pdb_get_lanman_passwd(sam_pass)==NULL) && (pdb_get_acct_ctrl(sam_pass)&ACB_DISABLED)) { - if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED))) { + if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_DISABLED), PDB_CHANGED)) { slprintf(err_str, err_str_len-1, "Failed to unset 'disabled' flag for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; } } - if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ))) { + if (!pdb_set_acct_ctrl (sam_pass, pdb_get_acct_ctrl(sam_pass)&(~ACB_PWNOTREQ), PDB_CHANGED)) { slprintf(err_str, err_str_len-1, "Failed to unset 'no password required' flag for user %s.\n", user_name); pdb_free_sam(&sam_pass); return False; -- cgit